From 0947d0b74a69ee04ad76b28e988197c826b1a027 Mon Sep 17 00:00:00 2001 From: bnewbold Date: Tue, 25 Dec 2012 23:49:10 +0100 Subject: hash secret keys all over the place --- TODO | 1 - exmachina.py | 15 +++++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/TODO b/TODO index 0b9e00d..d4ed123 100644 --- a/TODO +++ b/TODO @@ -1,4 +1,3 @@ - socket overwriting problem; use directory trick? - strengthen default permissions on socket - document per-app socket naming intention -- hash secret key, salted with 'exmachina' diff --git a/exmachina.py b/exmachina.py index 9041766..3ed6a96 100755 --- a/exmachina.py +++ b/exmachina.py @@ -39,6 +39,7 @@ import subprocess import time import base64 import functools +import hashlib import bjsonrpc import bjsonrpc.handlers @@ -150,8 +151,9 @@ class ExMachinaHandler(bjsonrpc.handlers.BaseHandler): if not self.secret_key: log.warn("Unecessary authentication attempt") return - if not secret_key.strip() == self.secret_key.strip(): - # fail hard + if not hashlib.sha256(secret_key.strip()).hexdigest() == \ + hashlib.sha256(self.secret_key.strip()).hexdigest(): + # key doesn't match, fail hard log.error("Authentication failed!") sys.exit() self.secret_key = None @@ -282,6 +284,11 @@ class ExMachinaClient(): def __init__(self, socket_path="/tmp/exmachina.sock", secret_key=None): + + if secret_key: + secret_key = hashlib.sha256(secret_key.strip() + "|exmachina")\ + .hexdigest() + self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) self.sock.connect(socket_path) self.conn = bjsonrpc.connection.Connection(self.sock) @@ -324,6 +331,10 @@ class ExMachinaClient(): def run_server(socket_path, secret_key=None, socket_group=None): + if secret_key: + secret_key = hashlib.sha256(secret_key.strip() + "|exmachina")\ + .hexdigest() + if not 0 == os.geteuid(): log.warn("Expected to be running as root!") -- cgit v1.2.3