diff options
author | Prashanth Pai <ppai@redhat.com> | 2016-08-05 11:25:42 +0530 |
---|---|---|
committer | Thiago da Silva <thiago@redhat.com> | 2016-09-13 07:00:49 -0700 |
commit | 83c50ae4ebd4d72988a781ec4183f1c62f6a63a4 (patch) | |
tree | 468bbedb80a48f3c52dc52487b030a4e9b318b1e /gluster | |
parent | a324c6e5cdfad77e8f91ec9869deb6b78425807e (diff) |
Don't include salt in HMAC computation
Currently, the input to HMAC function is the entire stored credential
in the format '<salt>$<hash>` but it should rather be only the hashed
key/password.
This is a minimal manual backport of this upstream swauth change:
https://review.openstack.org/#/c/292529/
Change-Id: Ib119522d36359f87579ff8e4ada7331643695634
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/15097
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Diffstat (limited to 'gluster')
-rw-r--r-- | gluster/swift/common/middleware/gswauth/swauth/middleware.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/gluster/swift/common/middleware/gswauth/swauth/middleware.py b/gluster/swift/common/middleware/gswauth/swauth/middleware.py index 745c6f1..48f1d71 100644 --- a/gluster/swift/common/middleware/gswauth/swauth/middleware.py +++ b/gluster/swift/common/middleware/gswauth/swauth/middleware.py @@ -318,7 +318,7 @@ class Swauth(object): account_id, 1) detail = json.loads(resp.body) - password = detail['auth'].split(':')[-1] + password_type, password = detail['auth'].split(':') msg = base64.urlsafe_b64decode(unquote(token)) # https://bugs.python.org/issue5285 @@ -327,6 +327,10 @@ class Swauth(object): if isinstance(msg, unicode): msg = msg.encode('utf-8') + if password_type != 'plaintext': + # Password isn't plaintext, contains salt string + password = password.split('$')[-1] + s = base64.encodestring(hmac.new(password, msg, sha1).digest()).strip() if s != sign: |