[checkmk-commits] Moved get_random_string() from lib to utils

Module: check_mk Branch: master Commit: da4e27637bc58c3934eec08268b71dbcda2a5aa0 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=da4e27637bc58c… Author: Lars Michelsen &lt;lm(a)mathias-kettner.de&gt; Date: Mon Feb 19 09:05:45 2018 +0100 Moved get_random_string() from lib to utils Change-Id: I6955b8432c42c65f1fceb20221764bdb63dd3fbc --- web/htdocs/lib.py | 14 -------------- web/htdocs/login.py | 3 ++- web/htdocs/utils.py | 15 +++++++++++++++ web/htdocs/watolib.py | 3 ++- 4 files changed, 19 insertions(+), 16 deletions(-) diff --git a/web/htdocs/lib.py b/web/htdocs/lib.py index c264eee..1c0a2ff 100644 --- a/web/htdocs/lib.py +++ b/web/htdocs/lib.py @@ -30,20 +30,6 @@ from cmk.regex import regex import cmk.store as store import cmk.paths -# We should use /dev/random here for cryptographic safety. But -# that involves the great problem that the system might hang -# because of loss of entropy. So we hope /dev/urandom is enough. -# Furthermore we filter out non-printable characters. The byte -# 0x00 for example does not make it through HTTP and the URL. -def get_random_string(size, from_ascii=48, to_ascii=90): - secret = "" - urandom = file("/dev/urandom") - while len(secret) < size: - c = urandom.read(1) - if ord(c) >= from_ascii and ord(c) <= to_ascii: - secret += c - return secret - # Generates a unique id def gen_id(): try: diff --git a/web/htdocs/login.py b/web/htdocs/login.py index 7c4c323..383002e 100644 --- a/web/htdocs/login.py +++ b/web/htdocs/login.py @@ -26,6 +26,7 @@ import config import userdb +import utils from lib import * from log import logger from html_mod_python import FinalizeRequest @@ -105,7 +106,7 @@ def load_secret(): return secret def generate_secret(): - return get_random_string(256) + return utils.get_random_string(256) # Load the password serial of the user. This serial identifies the current config # state of the user account. If either the password is changed or the account gets diff --git a/web/htdocs/utils.py b/web/htdocs/utils.py index 40c3119..4eda962 100644 --- a/web/htdocs/utils.py +++ b/web/htdocs/utils.py @@ -94,3 +94,18 @@ def saveint(x): return int(x) except: return 0 + + +# We should use /dev/random here for cryptographic safety. But +# that involves the great problem that the system might hang +# because of loss of entropy. So we hope /dev/urandom is enough. +# Furthermore we filter out non-printable characters. The byte +# 0x00 for example does not make it through HTTP and the URL. +def get_random_string(size, from_ascii=48, to_ascii=90): + secret = "" + urandom = file("/dev/urandom") + while len(secret) < size: + c = urandom.read(1) + if ord(c) >= from_ascii and ord(c) <= to_ascii: + secret += c + return secret diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py index 528fed8..3ea27e9 100644 --- a/web/htdocs/watolib.py +++ b/web/htdocs/watolib.py @@ -42,6 +42,7 @@ # | Doing this that must be done when the module WATO is loaded. | # '----------------------------------------------------------------------' +import utils import os, shutil, subprocess, base64, pickle, pwd import glob import traceback @@ -4068,7 +4069,7 @@ def get_login_secret(create_on_demand = False): if not create_on_demand: return None - secret = get_random_string(32) + secret = utils.get_random_string(32) store.save_data_to_file(path, secret) return secret