Re: [Freevo-users] WWW Authentication in SVN version

2006-12-28 Thread Duncan Webb 
Ryan Roth wrote:
 Has the way you set the WWW users changed in the SVN version?  I seem to 
 be having trouble getting a username and password to work.

WWW_USERS = { 'freevo' : 'freevo' } still works.

Duncan


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Freevo-users mailing list
Freevo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freevo-users

Re: [Freevo-users] WWW Authentication in SVN version

2006-12-28 Thread Ryan Roth 
Can we change to this?

http://sourceforge.net/tracker/index.php?func=detailaid=1623854group_id=46652atid=446898


Duncan Webb wrote:
 Ryan Roth wrote:
   
 Has the way you set the WWW users changed in the SVN version?  I seem to 
 be having trouble getting a username and password to work.
 

 WWW_USERS = { 'freevo' : 'freevo' } still works.

 Duncan


 -
 Take Surveys. Earn Cash. Influence the Future of IT
 Join SourceForge.net's Techsay panel and you'll get the chance to share your
 opinions on IT  business topics through brief surveys - and earn cash
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
 ___
 Freevo-users mailing list
 Freevo-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/freevo-users

   

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Freevo-users mailing list
Freevo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freevo-users

Re: [Freevo-users] WWW Authentication in SVN version

2006-12-28 Thread Duncan Webb 
Ryan Roth wrote:
 Can we change to this?
 
 http://sourceforge.net/tracker/index.php?func=detailaid=1623854group_id=46652atid=446898

I must admit I'm a bit dubious about security on a freevo box, I guess
it all comes down to how people use freevo.

If your unhappy with the current method you can always use stunnel and
certificates, this would prevent plain text password going over the
network.

A better solution for the password is to keep the same method as we have
but replace the 'freevo' password with: { 'freevo' : ('md5',
'c30e34fbaa8de764a6376eb1b10a7307') },
{ 'freevo' : ('crypt', ('bba2MX1hDX8JQ', 'bb')) } or
{ 'freevo' : 'freevo' }

(New in python 2.5 is hashlib, better hashes)

This would minimise the changes and still keep it easy for people who
don't need secure passwords. I don't see much difference between using
local_conf.py and a separate file for passwords. You don't have to have
local_conf.py as world readable.

If you want to do a patch for this, then I would be more than happy to
apply it.

Duncan

 Duncan Webb wrote:
 Ryan Roth wrote:
   
 Has the way you set the WWW users changed in the SVN version?  I seem to 
 be having trouble getting a username and password to work.
 
 WWW_USERS = { 'freevo' : 'freevo' } still works.

 Duncan


 -
 Take Surveys. Earn Cash. Influence the Future of IT
 Join SourceForge.net's Techsay panel and you'll get the chance to share your
 opinions on IT  business topics through brief surveys - and earn cash
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
 ___
 Freevo-users mailing list
 Freevo-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/freevo-users

   
 
 -
 Take Surveys. Earn Cash. Influence the Future of IT
 Join SourceForge.net's Techsay panel and you'll get the chance to share your
 opinions on IT  business topics through brief surveys - and earn cash
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
 ___
 Freevo-users mailing list
 Freevo-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/freevo-users
 



-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Freevo-users mailing list
Freevo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freevo-users

Re: [Freevo-users] WWW Authentication in SVN version

2006-12-28 Thread Ryan Roth 
If people are interested in it I will make a patch for it.

Duncan Webb wrote:
 Ryan Roth wrote:
   
 Can we change to this?

 http://sourceforge.net/tracker/index.php?func=detailaid=1623854group_id=46652atid=446898
 

 I must admit I'm a bit dubious about security on a freevo box, I guess
 it all comes down to how people use freevo.

 If your unhappy with the current method you can always use stunnel and
 certificates, this would prevent plain text password going over the
 network.

 A better solution for the password is to keep the same method as we have
 but replace the 'freevo' password with: { 'freevo' : ('md5',
 'c30e34fbaa8de764a6376eb1b10a7307') },
 { 'freevo' : ('crypt', ('bba2MX1hDX8JQ', 'bb')) } or
 { 'freevo' : 'freevo' }

 (New in python 2.5 is hashlib, better hashes)

 This would minimise the changes and still keep it easy for people who
 don't need secure passwords. I don't see much difference between using
 local_conf.py and a separate file for passwords. You don't have to have
 local_conf.py as world readable.

 If you want to do a patch for this, then I would be more than happy to
 apply it.

 Duncan

   
 Duncan Webb wrote:
 
 Ryan Roth wrote:
   
   
 Has the way you set the WWW users changed in the SVN version?  I seem to 
 be having trouble getting a username and password to work.
 
 
 WWW_USERS = { 'freevo' : 'freevo' } still works.

 Duncan


 -
 Take Surveys. Earn Cash. Influence the Future of IT
 Join SourceForge.net's Techsay panel and you'll get the chance to share your
 opinions on IT  business topics through brief surveys - and earn cash
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
 ___
 Freevo-users mailing list
 Freevo-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/freevo-users

   
   
 -
 Take Surveys. Earn Cash. Influence the Future of IT
 Join SourceForge.net's Techsay panel and you'll get the chance to share your
 opinions on IT  business topics through brief surveys - and earn cash
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
 ___
 Freevo-users mailing list
 Freevo-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/freevo-users

 



 -
 Take Surveys. Earn Cash. Influence the Future of IT
 Join SourceForge.net's Techsay panel and you'll get the chance to share your
 opinions on IT  business topics through brief surveys - and earn cash
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
 ___
 Freevo-users mailing list
 Freevo-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/freevo-users

   

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Freevo-users mailing list
Freevo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freevo-users

Re: [Freevo-users] WWW Authentication in SVN version

2006-12-28 Thread Ryan Roth 
All right here is a new version.  All encrypted user names and password 
start with 'crypt-' in the local_conf.py

It works with encrypted, unencrypted, or even a mix of the two.

The helper 'passwd' will parse the local_conf and add encrypted users to 
the existing list.
Index: src/www/web_types.py
===
--- src/www/web_types.py(revision 8853)
+++ src/www/web_types.py(working copy)
@@ -27,8 +27,8 @@
 # 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 #
 # ---
+import crypt
 
-
 import os, sys, time
 
 import config
@@ -78,8 +78,10 @@
 def auth_user(self, username, password):
 print 'auth_user(self, username=\%s\, password=\%s\)' % (username, 
password)
 realpass = config.WWW_USERS.get(username)
-if password == realpass:
+if realpass == password:
 return TRUE
+elif 'crypt-' + crypt.crypt(password, username) == 
config.WWW_USERS.get('crypt-' + crypt.crypt(username, password)):
+return TRUE
 else:
 return FALSE
 
Index: src/helpers/passwd.py
===
--- src/helpers/passwd.py   (revision 0)
+++ src/helpers/passwd.py   (revision 0)
@@ -0,0 +1,56 @@
+import crypt
+import config
+import string
+import os
+
+if not hasattr(config, 'WWW_USERS'):
+print 'WWW_USERS is missing from local_conf.py\nYou must at least have 
WWW_USERS = {}'
+else:
+username_in = raw_input('Enter username:')
+password_in = raw_input('Enter password:')
+password = crypt.crypt(password_in, username_in)
+username = crypt.crypt(username_in, password_in)
+curuser = str(config.WWW_USERS)
+curuser = string.rstrip(string.lstrip(curuser,'{ ) ,'} )
+if curuser.find(',')  0:
+curuser = string.split(curuser,',')
+for eachuser in curuser:
+eachuser = string.split(eachuser,':')
+curuser = string.rstrip(string.lstrip(eachuser[0],' ) ,' )
+else:
+curuser = string.rstrip(string.lstrip(curuser,' ) ,' )
+if curuser == username_in:
+print 'User already exisits in plain text form'
+else:
+curuser = str(config.WWW_USERS)
+if curuser == '{0: 0}':
+curuser = { 'crypt- + username + ' : 'crypt- + password + ' }
+else:
+curuser = string.rstrip(curuser, '}')
+curuser = curuser + ', ' + 'crypt- + username + ' : 'crypt- + 
password + ' }
+print curuser
+infile = open('/etc/freevo/local_conf.py','r')
+outfile = open('/etc/freevo/local_conf.py.new','w')
+www_user_written = 0
+for line in infile:
+ if line.find('WWW_USERS')  -1:
+ outfile.write('WWW_USERS = ' + curuser + '\n')
+ www_user_written = 1
+ else:
+ outfile.write(line)
+if www_user_written == 0:
+outfile.write('WWW_USERS = ' + curuser + '\n') 
+infile.close
+outfile.close
+try:
+os.rename('/etc/freevo/local_conf.py', 
'/etc/freevo/local_conf.py.backup')
+os.rename('/etc/freevo/local_conf.py.new', 
'/etc/freevo/local_conf.py')
+except:
+try:
+os.remove('/etc/freevo/local_conf.py.backup_1')
+except:
+print 'Remove redundant local_conf.py backups'
+os.rename('/etc/freevo/local_conf.py.backup', 
'/etc/freevo/local_conf.py.backup_1')
+os.rename('/etc/freevo/local_conf.py', 
'/etc/freevo/local_conf.py.backup')
+os.rename('/etc/freevo/local_conf.py.new', 
'/etc/freevo/local_conf.py')
+
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___
Freevo-users mailing list
Freevo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freevo-users

Re: [Freevo-users] WWW Authentication in SVN version

2006-12-28 Thread Ryan Roth 
The reason I wanted this is start making the web interface more secure.  
I wanted to take with people and see what they though about changing the 
web server to a secure server.  This would be nice for those of us who 
forward web traffic from our public IP to our Freevo box.

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Freevo-users mailing list
Freevo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freevo-users