[tahoe-dev] sftp with hashed passwords (patch fragment)

[Wolfgang Strobl]

Hi. Last week I asked whether the sftp client is supposed to support hashed passwords in private/ftp.accounts. My current need is solved by the patch below (it needs an additional "import crypt" somewhere at the beginning).

With that modification applied to frontends/auth.py, encrypted passwords (and only those) are supported by the sftp frontend.

Usage: create a hash by using htpasswd/htpasswd2 from Apache (or google
for htpasswd.py), replace the cleartext password in ftp.accounts by that hash.

Adding ".. or cleartext == cryptedpasswd" to the "if crypt.crypt(..." line
would be necessary for backward compatibility (i.e. still supporting
cleartext passwords), but there's no need for that, in my case.

-    def requestAvatarId(self, credentials):
-        if credentials.username in self.passwords:
-            d = defer.maybeDeferred(credentials.checkPassword,
-                                    self.passwords[credentials.username])
-            d.addCallback(self._cbPasswordMatch, str(credentials.username))
-            return d
-        return defer.fail(error.UnauthorizedLogin())
-
+    def requestAvatarId(self, c):
+        username=str(c.username)
+        if username in self.passwords:
+            cryptedpasswd=self.passwords[username]
+            up = credentials.IUsernamePassword(c, None)
+            cleartext=up.password
+            if crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd:
+                d = defer.succeed(username)
+                d.addCallback(self._cbPasswordMatch, username)
+                return d
+            else:
+                return defer.fail(error.UnauthorizedLogin())
+

-- 
Wolfgang Strobl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 1361 bytes
Desc: ?ffentlicher PGP-Schl?ssel
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20120327/5656e096/attachment.key>