check-mk-multisite 1.2.8p16-1ubuntu0.1 / usr / share / check_mk / web / plugins / userdb / htpasswd.py

This file is indexed.

/usr/share/check_mk/web/plugins/userdb/htpasswd.py is in check-mk-multisite 1.2.8p16-1ubuntu0.1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#!/usr/bin/python
# -*- encoding: utf-8; py-indent-offset: 4 -*-
# +------------------------------------------------------------------+
# |             ____ _               _        __  __ _  __           |
# |            / ___| |__   ___  ___| | __   |  \/  | |/ /           |
# |           | |   | '_ \ / _ \/ __| |/ /   | |\/| | ' /            |
# |           | |___| | | |  __/ (__|   <    | |  | | . \            |
# |            \____|_| |_|\___|\___|_|\_\___|_|  |_|_|\_\           |
# |                                                                  |
# | Copyright Mathias Kettner 2014             mk@mathias-kettner.de |
# +------------------------------------------------------------------+
#
# This file is part of Check_MK.
# The official homepage is at http://mathias-kettner.de/check_mk.
#
# check_mk is free software;  you can redistribute it and/or modify it
# under the  terms of the  GNU General Public License  as published by
# the Free Software Foundation in version 2.  check_mk is  distributed
# in the hope that it will be useful, but WITHOUT ANY WARRANTY;  with-
# out even the implied warranty of  MERCHANTABILITY  or  FITNESS FOR A
# PARTICULAR PURPOSE. See the  GNU General Public License for more de-
# tails. You should have  received  a copy of the  GNU  General Public
# License along with GNU Make; see the file  COPYING.  If  not,  write
# to the Free Software Foundation, Inc., 51 Franklin St,  Fifth Floor,
# Boston, MA 02110-1301 USA.

import crypt
import defaults


def encrypt_password(password, salt = None):
    import md5crypt
    if not salt:
        salt = "%06d" % (1000000 * (time.time() % 1.0))
    return md5crypt.md5crypt(password, salt, '$1$')


class HtpasswdUserConnector(UserConnector):
    def __init__(self, config):
        super(HtpasswdUserConnector, self).__init__(config)


    @classmethod
    def type(self):
        return 'htpasswd'


    @classmethod
    def title(self):
        return _('Apache Local Password File (htpasswd)')


    @classmethod
    def short_title(self):
        return _('htpasswd')


    #
    # USERDB API METHODS
    #

    def check_credentials(self, username, password):
        users = self.load_htpasswd()
        if username not in users:
            return None # not existing user, skip over

        if self.password_valid(users[username], password):
            return username
        else:
            return False


    # Loads the contents of a valid htpasswd file into a dictionary
    # and returns the dictionary
    def load_htpasswd(self):
        creds = {}

        for line in open(defaults.htpasswd_file, 'r'):
            if ':' in line:
                username, pwhash = line.split(':', 1)
                creds[username.decode("utf-8")] = pwhash.rstrip('\n')

        return creds


    # Validate hashes taken from the htpasswd file. This method handles
    # crypt() and md5 hashes. This should be the common cases in the
    # used htpasswd files.
    def password_valid(self, pwhash, password):
        if pwhash[:3] == '$1$':
            salt = pwhash.split('$', 3)[2]
            return pwhash == encrypt_password(password, salt)
        else:
            return pwhash == crypt.crypt(password, pwhash[:2])


    def save_users(self, users):
        # Apache htpasswd. We only store passwords here. During
        # loading we created entries for all admin users we know. Other
        # users from htpasswd are lost. If you start managing users with
        # WATO, you should continue to do so or stop doing to for ever...
        # Locked accounts get a '!' before their password. This disable it.
        filename = defaults.htpasswd_file + '.new'
        rename_file = True
        try:
            out = create_user_file(filename, "w")
        except:
            rename_file = False
            out = create_user_file(defaults.htpasswd_file, "w")

        for id, user in users.items():
            # only process users which are handled by htpasswd connector
            if user.get('connector', 'htpasswd') != 'htpasswd':
                continue

            if user.get("password"):
                if user.get("locked", False):
                    locksym = '!'
                else:
                    locksym = ""
                out.write("%s:%s%s\n" % (make_utf8(id), locksym, user["password"]))
        out.close()
        if rename_file:
            os.rename(filename, filename[:-4])


multisite_user_connectors['htpasswd'] = HtpasswdUserConnector

APT Browse - Built by Thomas Orozco.