delta/python-packages/paste.git, branch stringio bitbucket.org: Obsolete (use python-packages/paste-git) Import StringIO so it can be used. 2013-01-28T16:32:18+00:00 matt matt@xcolour.net 2013-01-28T16:32:18+00:00 56379c9c08f1e28fc42055deb7b162cb942a4c46 






Merged in mitchellrj/paste/double_slash_at_start_of_path_fix (pull request #10)
2012-08-17T21:05:35+00:00

Ian Bicking
ianb@colorstudy.com

2012-08-17T21:05:35+00:00

7b0218607dc97af6d03f5397dbf17b5910fae82e












Fixed parsing of URL paths starting with multiple slashes.
2012-08-02T10:28:01+00:00

Richard Mitchell
richard.j.mitchell@gmail.com

2012-08-02T10:28:01+00:00

9fae57022f1164ea72196dd8e91f73a0463427d8












New branch for double-slash fix.
2012-08-02T10:26:24+00:00

Richard Mitchell
richard.j.mitchell@gmail.com

2012-08-02T10:26:24+00:00

2a8717eb4d63f48c5d5c802d7572744828c4890e












auth/auth_tkt.py: enable overriding digest algorithms
2012-03-05T20:14:08+00:00

Jan Pokorn?
jpokorny@redhat.com

2012-03-05T20:14:08+00:00

663ec52ddd568148e000f1e7d2ea65d2ec284dd5

Currently, mod_auth_tkt supports also SHA256 and SHA 512 [1],
not just plain MD5.  Quoting:

----v----
The default is MD5, which is faster, but has now been shown to be
vulnerable to collision attacks. Such attacks are not directly applicable
to mod_auth_tkt, which primarily relies on the security of the shared
secret rather than the strength of the hashing scheme. More paranoid users
will probably prefer to use one of the SHA digest types, however.

The default is likely to change in a future version, so setting the digest
type explicitly is encouraged.
----^----

Thus, enable it also in this implementation so one can optionally switch
to a stronger secure hash.

Backward compatibility should be untouched as ``md5`` is being passed
as a default kwarg.  The only change affecting external world is
a new parameter required at ``calculate_digest`` (specifying the
digest to use), but as it has probably no use outside the module,
this is a non-issue.  Alternatively: another optional kwarg.


Update (based Ian's comments):
The algorithm can also be specified as a string referring to the
algorithm known to hashlib (otherwise AttributeError will be raised).


Example session I used to check it works as expected (longish):

>>> import sys; sys.path.append('../..')
>>> from hashlib import sha256, sha512
>>> execfile('auth_tkt.py')
>>> AuthTicket('secret', 'me', '0.0.0.0').cookie_value()
'39fecb1395af5285232be390eba0eed34f5518c8me!'
>>> AuthTicket('secret', 'me', '0.0.0.0', "md5").cookie_value()
'c3b8eacbbbf76a9c993c7dcb99975d504f5518cfme!m,d,5!'
>>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo="md5") \
... .cookie_value()
'db3b04de3c44b5bd0e2b47019e903c064f5518dbme!'
>>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo="sha1") \
... .cookie_value()
'dddaadc2be960b6e89263ae7fb8c39591554103d4f5518edme!'
>>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha256) \
... .cookie_value()
'bf5c9a32e49920f2ca517ec19a9d55e10a83849e5d532e8997891b8ccdbf0e634f551902me!'
>>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo="sha256") \
... .cookie_value()
'9cb12df90fd86b868c98353115df4da3b8f9fa83bebecdf0b7918fea5d06b0744f551908me!'
>>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo='foo') \
... .cookie_value()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "auth_tkt.py", line 107, in __init__
    self.digest_algo = getattr(hashlib, digest_algo)
AttributeError: 'module' object has no attribute 'foo'
>>>
>>> parse_ticket('secret', \
...     AuthTicket('secret', 'me', '0.0.0.0').cookie_value(),'0.0.0.0')
(1330977060, 'me', [''], '')
>>> parse_ticket('secret', \
...     AuthTicket('secret', 'me', '0.0.0.0', digest_algo='md5') \
... .cookie_value(),'0.0.0.0', digest_algo='md5')
(1330977096, 'me', [''], '')
>>> parse_ticket('secret', \
...     AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha256) \
... .cookie_value(),'0.0.0.0', digest_algo=sha256)
(1330977115, 'me', [''], '')
>>> parse_ticket('secret', \
...     AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha512) \
... .cookie_value(),'0.0.0.0', digest_algo=sha512)
(1330977125, 'me', [''], '')
>>> parse_ticket('secret', \
...     AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha512) \
... .cookie_value(),'0.0.0.0')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "auth_tkt.py", line 179, in parse_ticket
    expected=(expected, digest))
__main__.BadTicket: Digest signature is not correct


[1] http://linux.die.net/man/3/mod_auth_tkt





Currently, mod_auth_tkt supports also SHA256 and SHA 512 [1],
not just plain MD5.  Quoting:

----v----
The default is MD5, which is faster, but has now been shown to be
vulnerable to collision attacks. Such attacks are not directly applicable
to mod_auth_tkt, which primarily relies on the security of the shared
secret rather than the strength of the hashing scheme. More paranoid users
will probably prefer to use one of the SHA digest types, however.

The default is likely to change in a future version, so setting the digest
type explicitly is encouraged.
----^----

Thus, enable it also in this implementation so one can optionally switch
to a stronger secure hash.

Backward compatibility should be untouched as ``md5`` is being passed
as a default kwarg.  The only change affecting external world is
a new parameter required at ``calculate_digest`` (specifying the
digest to use), but as it has probably no use outside the module,
this is a non-issue.  Alternatively: another optional kwarg.


Update (based Ian's comments):
The algorithm can also be specified as a string referring to the
algorithm known to hashlib (otherwise AttributeError will be raised).


Example session I used to check it works as expected (longish):

>>> import sys; sys.path.append('../..')
>>> from hashlib import sha256, sha512
>>> execfile('auth_tkt.py')
>>> AuthTicket('secret', 'me', '0.0.0.0').cookie_value()
'39fecb1395af5285232be390eba0eed34f5518c8me!'
>>> AuthTicket('secret', 'me', '0.0.0.0', "md5").cookie_value()
'c3b8eacbbbf76a9c993c7dcb99975d504f5518cfme!m,d,5!'
>>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo="md5") \
... .cookie_value()
'db3b04de3c44b5bd0e2b47019e903c064f5518dbme!'
>>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo="sha1") \
... .cookie_value()
'dddaadc2be960b6e89263ae7fb8c39591554103d4f5518edme!'
>>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha256) \
... .cookie_value()
'bf5c9a32e49920f2ca517ec19a9d55e10a83849e5d532e8997891b8ccdbf0e634f551902me!'
>>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo="sha256") \
... .cookie_value()
'9cb12df90fd86b868c98353115df4da3b8f9fa83bebecdf0b7918fea5d06b0744f551908me!'
>>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo='foo') \
... .cookie_value()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "auth_tkt.py", line 107, in __init__
    self.digest_algo = getattr(hashlib, digest_algo)
AttributeError: 'module' object has no attribute 'foo'
>>>
>>> parse_ticket('secret', \
...     AuthTicket('secret', 'me', '0.0.0.0').cookie_value(),'0.0.0.0')
(1330977060, 'me', [''], '')
>>> parse_ticket('secret', \
...     AuthTicket('secret', 'me', '0.0.0.0', digest_algo='md5') \
... .cookie_value(),'0.0.0.0', digest_algo='md5')
(1330977096, 'me', [''], '')
>>> parse_ticket('secret', \
...     AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha256) \
... .cookie_value(),'0.0.0.0', digest_algo=sha256)
(1330977115, 'me', [''], '')
>>> parse_ticket('secret', \
...     AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha512) \
... .cookie_value(),'0.0.0.0', digest_algo=sha512)
(1330977125, 'me', [''], '')
>>> parse_ticket('secret', \
...     AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha512) \
... .cookie_value(),'0.0.0.0')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "auth_tkt.py", line 179, in parse_ticket
    expected=(expected, digest))
__main__.BadTicket: Digest signature is not correct


[1] http://linux.die.net/man/3/mod_auth_tkt







auth/auth_tkt.py: enable overriding digest algorithms
2012-02-29T23:56:41+00:00

Jan Pokorn?
jpokorny@redhat.com

2012-02-29T23:56:41+00:00

531c568bd89a2e34ca3077314587e421c5867091

Currently, mod_auth_tkt supports also SHA256 and SHA 512 [1],
not just plain MD5.  Quoting:

----v----
The default is MD5, which is faster, but has now been shown to be vulnerable
to collision attacks. Such attacks are not directly applicable to
mod_auth_tkt, which primarily relies on the security of the shared secret
rather than the strength of the hashing scheme. More paranoid users will
probably prefer to use one of the SHA digest types, however.

The default is likely to change in a future version, so setting the digest
type explicitly is encouraged.
----^----

Thus, enable it also in this implementation so one can optionally switch
to a stronger secure hash.

Backward compatibility should be untouched as ``md`` is being passed
as a default kwarg.  The only change affecting external world is
a new parameter required at ``calculate digest`` (specifying the
digest to use), but as it has probably no use outside the module,
this is a non-issue.  Alternatively: another optional kwarg.

[1] http://linux.die.net/man/3/mod_auth_tkt





Currently, mod_auth_tkt supports also SHA256 and SHA 512 [1],
not just plain MD5.  Quoting:

----v----
The default is MD5, which is faster, but has now been shown to be vulnerable
to collision attacks. Such attacks are not directly applicable to
mod_auth_tkt, which primarily relies on the security of the shared secret
rather than the strength of the hashing scheme. More paranoid users will
probably prefer to use one of the SHA digest types, however.

The default is likely to change in a future version, so setting the digest
type explicitly is encouraged.
----^----

Thus, enable it also in this implementation so one can optionally switch
to a stronger secure hash.

Backward compatibility should be untouched as ``md`` is being passed
as a default kwarg.  The only change affecting external world is
a new parameter required at ``calculate digest`` (specifying the
digest to use), but as it has probably no use outside the module,
this is a non-issue.  Alternatively: another optional kwarg.

[1] http://linux.die.net/man/3/mod_auth_tkt







Fix digest authentication (it was picking up commas inside of the digest auth values)
2011-12-22T00:08:56+00:00

Toshio Kuratomi
toshio@fedoraproject.org

2011-12-22T00:08:56+00:00

1b75bb83f7e4a4f1ffd7d51e1b2a58469373de0d












Add files that should be included in the tarball
2011-12-21T17:00:48+00:00

Toshio Kuratomi
toshio@fedoraproject.org

2011-12-21T17:00:48+00:00

4c15cd466e97abc034ddf4c8ed4eb34ceb325cf8












add news for last commit
2011-08-17T20:52:53+00:00

Ian Bicking
ianb@colorstudy.com

2011-08-17T20:52:53+00:00

700ac21dbf6d04de914eb5c891371cd533afada8












Automated merge with ssh://bitbucket.org/ianb/paste
2011-08-17T20:40:02+00:00

Ian Bicking
ianb@colorstudy.com

2011-08-17T20:40:02+00:00

9c058efcd048445e5e5565f216727e2e32693526