/usr/share/check_mk/web/plugins/userdb/htpasswd.py is in check-mk-multisite 1.2.8p16-1ubuntu0.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 | #!/usr/bin/python
# -*- encoding: utf-8; py-indent-offset: 4 -*-
# +------------------------------------------------------------------+
# | ____ _ _ __ __ _ __ |
# | / ___| |__ ___ ___| | __ | \/ | |/ / |
# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
# | | |___| | | | __/ (__| < | | | | . \ |
# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
# | |
# | Copyright Mathias Kettner 2014 mk@mathias-kettner.de |
# +------------------------------------------------------------------+
#
# This file is part of Check_MK.
# The official homepage is at http://mathias-kettner.de/check_mk.
#
# check_mk is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation in version 2. check_mk is distributed
# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU General Public License for more de-
# tails. You should have received a copy of the GNU General Public
# License along with GNU Make; see the file COPYING. If not, write
# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
# Boston, MA 02110-1301 USA.
import crypt
import defaults
def encrypt_password(password, salt = None):
import md5crypt
if not salt:
salt = "%06d" % (1000000 * (time.time() % 1.0))
return md5crypt.md5crypt(password, salt, '$1$')
class HtpasswdUserConnector(UserConnector):
def __init__(self, config):
super(HtpasswdUserConnector, self).__init__(config)
@classmethod
def type(self):
return 'htpasswd'
@classmethod
def title(self):
return _('Apache Local Password File (htpasswd)')
@classmethod
def short_title(self):
return _('htpasswd')
#
# USERDB API METHODS
#
def check_credentials(self, username, password):
users = self.load_htpasswd()
if username not in users:
return None # not existing user, skip over
if self.password_valid(users[username], password):
return username
else:
return False
# Loads the contents of a valid htpasswd file into a dictionary
# and returns the dictionary
def load_htpasswd(self):
creds = {}
for line in open(defaults.htpasswd_file, 'r'):
if ':' in line:
username, pwhash = line.split(':', 1)
creds[username.decode("utf-8")] = pwhash.rstrip('\n')
return creds
# Validate hashes taken from the htpasswd file. This method handles
# crypt() and md5 hashes. This should be the common cases in the
# used htpasswd files.
def password_valid(self, pwhash, password):
if pwhash[:3] == '$1$':
salt = pwhash.split('$', 3)[2]
return pwhash == encrypt_password(password, salt)
else:
return pwhash == crypt.crypt(password, pwhash[:2])
def save_users(self, users):
# Apache htpasswd. We only store passwords here. During
# loading we created entries for all admin users we know. Other
# users from htpasswd are lost. If you start managing users with
# WATO, you should continue to do so or stop doing to for ever...
# Locked accounts get a '!' before their password. This disable it.
filename = defaults.htpasswd_file + '.new'
rename_file = True
try:
out = create_user_file(filename, "w")
except:
rename_file = False
out = create_user_file(defaults.htpasswd_file, "w")
for id, user in users.items():
# only process users which are handled by htpasswd connector
if user.get('connector', 'htpasswd') != 'htpasswd':
continue
if user.get("password"):
if user.get("locked", False):
locksym = '!'
else:
locksym = ""
out.write("%s:%s%s\n" % (make_utf8(id), locksym, user["password"]))
out.close()
if rename_file:
os.rename(filename, filename[:-4])
multisite_user_connectors['htpasswd'] = HtpasswdUserConnector
|