diff options
author | bnewbold <bnewbold@robocracy.org> | 2012-12-25 23:49:10 +0100 |
---|---|---|
committer | bnewbold <bnewbold@robocracy.org> | 2012-12-25 23:49:10 +0100 |
commit | 0947d0b74a69ee04ad76b28e988197c826b1a027 (patch) | |
tree | fadd4c5c7fe48e3110c1fa1fa0a7dc2740950ac7 | |
parent | 4d06ad21f284cd2687573ff9960fb87aa44be19a (diff) | |
download | exmachina-0947d0b74a69ee04ad76b28e988197c826b1a027.tar.gz exmachina-0947d0b74a69ee04ad76b28e988197c826b1a027.zip |
hash secret keys all over the place
-rw-r--r-- | TODO | 1 | ||||
-rwxr-xr-x | exmachina.py | 15 |
2 files changed, 13 insertions, 3 deletions
@@ -1,4 +1,3 @@ - socket overwriting problem; use directory trick? - strengthen default permissions on socket - document per-app socket naming intention -- hash secret key, salted with 'exmachina' diff --git a/exmachina.py b/exmachina.py index 9041766..3ed6a96 100755 --- a/exmachina.py +++ b/exmachina.py @@ -39,6 +39,7 @@ import subprocess import time import base64 import functools +import hashlib import bjsonrpc import bjsonrpc.handlers @@ -150,8 +151,9 @@ class ExMachinaHandler(bjsonrpc.handlers.BaseHandler): if not self.secret_key: log.warn("Unecessary authentication attempt") return - if not secret_key.strip() == self.secret_key.strip(): - # fail hard + if not hashlib.sha256(secret_key.strip()).hexdigest() == \ + hashlib.sha256(self.secret_key.strip()).hexdigest(): + # key doesn't match, fail hard log.error("Authentication failed!") sys.exit() self.secret_key = None @@ -282,6 +284,11 @@ class ExMachinaClient(): def __init__(self, socket_path="/tmp/exmachina.sock", secret_key=None): + + if secret_key: + secret_key = hashlib.sha256(secret_key.strip() + "|exmachina")\ + .hexdigest() + self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) self.sock.connect(socket_path) self.conn = bjsonrpc.connection.Connection(self.sock) @@ -324,6 +331,10 @@ class ExMachinaClient(): def run_server(socket_path, secret_key=None, socket_group=None): + if secret_key: + secret_key = hashlib.sha256(secret_key.strip() + "|exmachina")\ + .hexdigest() + if not 0 == os.geteuid(): log.warn("Expected to be running as root!") |