From 46396247bbb37d956c2fb291bee371e9c636ac9c Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Wed, 2 Sep 2020 08:54:29 -0400 Subject: [PATCH] Fix remote passphrase authentication For python 3 platforms, the db hosted hash needed the str changed to bytes explictly. --- confluent_server/confluent/auth.py | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/confluent_server/confluent/auth.py b/confluent_server/confluent/auth.py index f9ab65dc..8bcebac6 100644 --- a/confluent_server/confluent/auth.py +++ b/confluent_server/confluent/auth.py @@ -221,11 +221,11 @@ def check_user_passphrase(name, passphrase, operation=None, element=None, tenant if ucfg is None: eventlet.sleep(0.05) return None + if isinstance(passphrase, bytes): + bpassphrase = passphrase + else: + bpassphrase = passphrase.encode('utf8') if (user, tenant) in _passcache: - if isinstance(passphrase, bytes): - bpassphrase = passphrase - else: - bpassphrase = passphrase.encode('utf8') if hashlib.sha256(bpassphrase).digest() == _passcache[(user, tenant)]: return authorize(user, element, tenant, operation=operation) else: @@ -260,7 +260,7 @@ def check_user_passphrase(name, passphrase, operation=None, element=None, tenant # determine failure because there is a delay, valid response will # delay as well if crypt == crypted: - _passcache[(user, tenant)] = hashlib.sha256(passphrase).digest() + _passcache[(user, tenant)] = hashlib.sha256(bpassphrase).digest() return authorize(user, element, tenant, operation) if pam: pwe = None @@ -291,10 +291,6 @@ def check_user_passphrase(name, passphrase, operation=None, element=None, tenant # user usergood = pam.authenticate(user, passphrase, service=_pamservice) if usergood: - if isinstance(passphrase, bytes): - bpassphrase = passphrase - else: - bpassphrase = passphrase.encode('utf8') _passcache[(user, tenant)] = hashlib.sha256(bpassphrase).digest() return authorize(user, element, tenant, operation, skipuserobj=False) eventlet.sleep(0.05) # stall even on test for existence of a username