Hi. Last week I asked whether the sftp client is supposed to support hashed passwords in 
private/ftp.accounts. My current need is solved by the patch below (it needs an 
additional "import crypt" somewhere at the beginning).

With that modification applied to frontends/auth.py, encrypted passwords (and 
only those) are supported by the sftp frontend.

Usage: create a hash by using htpasswd/htpasswd2 from Apache (or google
for htpasswd.py), replace the cleartext password in ftp.accounts by that hash.

Adding ".. or cleartext == cryptedpasswd" to the "if crypt.crypt(..." line
would be necessary for backward compatibility (i.e. still supporting
cleartext passwords), but there's no need for that, in my case.

-    def requestAvatarId(self, credentials):
-        if credentials.username in self.passwords:
-            d = defer.maybeDeferred(credentials.checkPassword,
-                                    self.passwords[credentials.username])
-            d.addCallback(self._cbPasswordMatch, str(credentials.username))
-            return d
-        return defer.fail(error.UnauthorizedLogin())
-
+    def requestAvatarId(self, c):
+        username=str(c.username)
+        if username in self.passwords:
+            cryptedpasswd=self.passwords[username]
+            up = credentials.IUsernamePassword(c, None)
+            cleartext=up.password
+            if crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd:
+                d = defer.succeed(username)
+                d.addCallback(self._cbPasswordMatch, username)
+                return d
+            else:
+                return defer.fail(error.UnauthorizedLogin())
+

--
Wolfgang Strobl

Attachment: binOOsfs2k3tS.bin
Description: Öffentlicher PGP-Schlüssel

_______________________________________________
tahoe-dev mailing list
[email protected]
http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev

Reply via email to