Permalink
Browse files

Remove "initial" pbkdf2 configuration, now stored in defaults.py.

  • Loading branch information...
1 parent da28f5a commit 7d15c172abe3bbb2b75e98fbdb5ea2cbaef03cf7 @mbr committed Nov 10, 2011
Showing with 32 additions and 31 deletions.
  1. +3 −10 mmctl/__init__.py
  2. +6 −10 mmctl/cfgutil/__init__.py
  3. +7 −5 mmctl/cfgutil/templates/index.html
  4. +6 −6 mmctl/cfgutil/templates/mmctl.conf
  5. +10 −0 mmctl/defaults.py
View
@@ -25,16 +25,9 @@ def create_app(configfile='mmctl.conf'):
app.register_blueprint(cfgutil)
# generate initial salt
-
- # 64 bit recommended, let's do a bit more
- app.initial_salt = '%x' % random.SystemRandom().getrandbits(96)
-
- # the high number of iterations prevents an attacker from trying too
- # many dictionary attacks once he has the hash.
- # unfortunately, this has a bit of an impact on the user experience
- # for now, security trumps convenience
- app.initial_iterations = 2000
- app.initial_keylength = 64
+ if None == app.config['PBKDF2_SALT']:
+ app.config['PBKDF2_SALT'] = \
+ '%x' % random.SystemRandom().getrandbits(96)
else:
# load api/ui blueprint
from mmctlui import mmctlui
@@ -23,15 +23,13 @@ def index():
# save configuration file
conffile = os.path.join(current_app.instance_path, 'mmctl.conf')
try:
+ current_app.config['ICE_STRING'] = form['icestring']
+ current_app.config['SERVER_HOSTNAME'] = form['hostname']
+ current_app.config['MMCTL_PASSWORD_KEY'] = form['pbdk']
+
with open(conffile, 'w') as c:
c.write(render_template('mmctl.conf',
- dt=datetime.datetime.now(),
- ice_string=form['icestring'],
- server_hostname=form['hostname'],
- mmctl_password_key=form['pbdk'],
- pbkdf2_salt=current_app.initial_salt,
- pbkdf2_iterations=current_app.initial_iterations,
- pbkdf2_keylength=current_app.initial_keylength
+ dt=datetime.datetime.now()
))
except IOError:
return render_template('error.html',
@@ -47,9 +45,7 @@ def index():
return render_template('index.html',
version=current_app.version,
form=form,
- initial_salt=current_app.initial_salt,
- initial_iterations=current_app.initial_iterations,
- initial_keylength=current_app.initial_keylength)
+ )
@cfgutil.route('/check-proxy/', methods=('POST',))
@@ -23,9 +23,11 @@
$('#last-error-thrown').text(errorThrown);
}
);
- initialSalt = {{initial_salt|tojson|safe}};
- initialIterations = {{initial_iterations|tojson|safe}};
- initialKeylength = {{initial_keylength|tojson|safe}};
+
+ initialSalt = {{config['PBKDF2_SALT']|tojson|safe}};
+ initialKeylength = {{config['PBKDF2_KEYLENGTH']|tojson|safe}};
+ initialIterations = {{config['PBKDF2_ITERATIONS']|tojson|safe}};
+ minPasswordLength = {{config['MMCTL_MIN_PASSWORD_LENGTH']|tojson|safe}};
/* remove "splash" screen */
$('.javascripterror').hide();
@@ -44,9 +46,9 @@
var pw = $('#password_container input').val();
var pw_confirm = $('#password2_container input').val();
- if (pw.length < 8) {
+ if (pw.length < minPasswordLength) {
$('#password_container').addClass('error');
- $('#password_container span.help-inline').text('Must be at least 8 characters long');
+ $('#password_container span.help-inline').text('Must be at least ' + minPasswordLength + ' characters long');
return false;
}
@@ -3,19 +3,19 @@
# This string is the proxy object that mmctl tries retrieve via ICE
# It should be a Murmur::Meta object.
-ICE_STRING = {{ice_string|repr}}
+ICE_STRING = {{config['ICE_STRING']|repr}}
# The hostname visible from the outside. Required to produce correct
# mumble://my-hostname links.
-SERVER_HOSTNAME = {{server_hostname|repr}}
+SERVER_HOSTNAME = {{config['SERVER_HOSTNAME']|repr}}
# A password key derived from the administration password. The "real"
# administration password is never sent over the wire to protect your
# facebook account when someone sniffs out the cleartext password key!
-MMCTL_PASSWORD_KEY = {{mmctl_password_key|repr}}
+MMCTL_PASSWORD_KEY = {{config['MMCTL_PASSWORD_KEY']|repr}}
# PBKDF2 parameters used to generate MMCTL_PASSWORD_KEY
-PBKDF2_SALT={{pbkdf2_salt|repr}}
-PBKDF2_ITERATIONS={{pbkdf2_iterations|repr}}
-PBKDF2_KEYLENGTH={{pbkdf2_keylength|repr}}
+PBKDF2_SALT={{config['PBKDF2_SALT']|repr}}
+PBKDF2_ITERATIONS={{config['PBKDF2_ITERATIONS']|repr}}
+PBKDF2_KEYLENGTH={{config['PBKDF2_KEYLENGTH']|repr}}
View
@@ -8,3 +8,13 @@
MUMBLE_DEFAULT_PORT = 64738
AUTH_COOKIE_NAME = 'mmctl_auth_cookie'
AUTH_COOKIE_EXPIRY = 365 # days
+
+# a value of None will cause a new one to be generated on app start
+PBKDF2_SALT=None
+
+# the high number of iterations prevents an attacker from trying too
+# many dictionary attacks once he has the hash.
+# unfortunately, this has a bit of an impact on the user experience
+# for now, security trumps convenience
+PBKDF2_ITERATIONS=2000
+PBKDF2_KEYLENGTH=64

0 comments on commit 7d15c17

Please sign in to comment.