Skip to content

Commit

Permalink
Move password hash module
Browse files Browse the repository at this point in the history 
Remove unused slack logger. Fix import error during tests.
  • Loading branch information
@np5
np5 committed May 14, 2020
1 parent 2e57fac commit 4805ecc
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 54 deletions.
2 changes: 1 addition & 1 deletion server/realms/backends/ldap/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
from django.urls import reverse
import ldap
from realms.backends.base import BaseBackend
from utils.password_hash import build_password_hash_dict
from realms.utils import build_password_hash_dict


logger = logging.getLogger("zentral.realms.backends.ldap")
Expand Down
33 changes: 33 additions & 0 deletions server/realms/utils.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,20 @@
import base64
import hashlib
import logging
import random
from django.conf import settings
from django.contrib.auth import authenticate, login


logger = logging.getLogger("zentral.realms.utils")


try:
random = random.SystemRandom()
except NotImplementedError:
logger.warning('No secure pseudo random number generator available.')


def login_callback(request, realm_user, next_url=None):
"""
Realm authorization session callback used to log realm users in,
Expand All @@ -14,3 +27,23 @@ def login_callback(request, realm_user, next_url=None):
request.session.set_expiry(0)
login(request, user)
return next_url or settings.LOGIN_REDIRECT_URL


def build_password_hash_dict(password):
# see https://developer.apple.com/documentation/devicemanagement/setautoadminpasswordcommand/command
# for the compatibility
password = password.encode("utf-8")
salt = bytearray(random.getrandbits(8) for i in range(32))
iterations = 39999
# see https://github.com/micromdm/micromdm/blob/master/pkg/crypto/password/password.go macKeyLen !!!
# Danke github.com/groob !!!
dklen = 128

dk = hashlib.pbkdf2_hmac("sha512", password, salt, iterations, dklen=dklen)
return {
"SALTED-SHA512-PBKDF2": {
"entropy": base64.b64encode(dk).decode("ascii").strip(),
"salt": base64.b64encode(salt).decode("ascii").strip(),
"iterations": iterations
}
}
33 changes: 0 additions & 33 deletions server/utils/password_hash.py
View file

This file was deleted.

19 changes: 0 additions & 19 deletions server/utils/slack_logging_handler.py
View file

This file was deleted.

2 changes: 1 addition & 1 deletion zentral/contrib/mdm/forms.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import plistlib
from django import forms
from django.db import connection
from utils.password_hash import build_password_hash_dict
from realms.utils import build_password_hash_dict
from zentral.contrib.inventory.models import MetaMachine
from .dep import decrypt_dep_token
from .dep_client import DEPClient
Expand Down

0 comments on commit 4805ecc

Please sign in to comment.