From abd5779068f3b979fc79dec7a68549999c58092d Mon Sep 17 00:00:00 2001 From: Mark Washenberger Date: Fri, 4 Mar 2011 01:36:29 -0500 Subject: remove ensure_b64_encoding --- nova/utils.py | 12 ------------ 1 file changed, 12 deletions(-) (limited to 'nova/utils.py') diff --git a/nova/utils.py b/nova/utils.py index 0cf91e0cc..02b71900c 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -491,18 +491,6 @@ def loads(s): return json.loads(s) -def ensure_b64_encoding(val): - """Safety method to ensure that values expected to be base64-encoded - actually are. If they are, the value is returned unchanged. Otherwise, - the encoded value is returned. - """ - try: - dummy = base64.decode(val) - return val - except TypeError: - return base64.b64encode(val) - - def get_from_path(items, path): """ Returns a list of items matching the specified path. Takes an XPath-like expression e.g. prop1/prop2/prop3, and for each item in items, -- cgit From da605eb84f7d5de741225ff936447db01690a04f Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Mon, 14 Mar 2011 20:48:33 -0700 Subject: Don't generate insecure passwords where it's easy to use urandom instead --- nova/utils.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'nova/utils.py') diff --git a/nova/utils.py b/nova/utils.py index 87e726394..9c8b27d56 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -263,12 +263,17 @@ def generate_mac(): def generate_password(length=20): - """Generate a random sequence of letters and digits - to be used as a password. Note that this is not intended - to represent the ultimate in security. + """Generate a random alphanumeric password, avoiding 'confusing' O,0,I,1. + + Believed to be reasonably secure (with a reasonable password length!) """ - chrs = string.letters + string.digits - return "".join([random.choice(chrs) for i in xrange(length)]) + # 26 letters, 10 digits = 36 + # Remove O, 0, I, 1 => 32 digits + # 32 digits means we're just using the low 5 bit of each byte + chrs = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789" + + random_bytes = os.urandom(length) + return "".join([chrs[ord(random_bytes[i]) % 32] for i in xrange(length)]) def last_octet(address): -- cgit From 3d0cde272e3227978c5875c811c93e1e3df692ed Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Mon, 14 Mar 2011 21:01:48 -0700 Subject: Clarify the logic in using 32 symbols --- nova/utils.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'nova/utils.py') diff --git a/nova/utils.py b/nova/utils.py index 9c8b27d56..0510c3cbe 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -267,9 +267,10 @@ def generate_password(length=20): Believed to be reasonably secure (with a reasonable password length!) """ - # 26 letters, 10 digits = 36 - # Remove O, 0, I, 1 => 32 digits - # 32 digits means we're just using the low 5 bit of each byte + # 26 letters, 10 digits = 36 choices + # Remove O, 0, I, 1 => 32 choices + # 32 choices means we're just using the low 5 bit of each byte, + # so there's no bias introduced by using a modulo chrs = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789" random_bytes = os.urandom(length) -- cgit From 22aad6700124411aceed0b2bd3953cbbc48b6130 Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Tue, 15 Mar 2011 11:24:07 -0700 Subject: Use random.SystemRandom for easy secure randoms, configurable symbol set by default including mixed-case --- nova/utils.py | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) (limited to 'nova/utils.py') diff --git a/nova/utils.py b/nova/utils.py index 0510c3cbe..199ee8701 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -262,19 +262,25 @@ def generate_mac(): return ':'.join(map(lambda x: "%02x" % x, mac)) -def generate_password(length=20): - """Generate a random alphanumeric password, avoiding 'confusing' O,0,I,1. +# Default symbols to use for passwords. Avoids visually confusing characters. +# ~6 bits per symbol +DEFAULT_PASSWORD_SYMBOLS = ("23456789" # Removed: 0,1 + "ABCDEFGHJKLMNPQRSTUVWXYZ" # Removed: I, O + "abcdefghijkmnopqrstuvwxyz") # Removed: l + + +# ~5 bits per symbol +EASIER_PASSWORD_SYMBOLS = ("23456789" # Removed: 0, 1 + "ABCDEFGHJKLMNPQRSTUVWXYZ") # Removed: I, O + + +def generate_password(length=20, symbols=DEFAULT_PASSWORD_SYMBOLS): + """Generate a random password from the supplied symbols. Believed to be reasonably secure (with a reasonable password length!) """ - # 26 letters, 10 digits = 36 choices - # Remove O, 0, I, 1 => 32 choices - # 32 choices means we're just using the low 5 bit of each byte, - # so there's no bias introduced by using a modulo - chrs = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789" - - random_bytes = os.urandom(length) - return "".join([chrs[ord(random_bytes[i]) % 32] for i in xrange(length)]) + r = random.SystemRandom() + return "".join([r.choice(symbols) for _i in xrange(length)]) def last_octet(address): -- cgit From 0eaf02efd5fef3f77fced9c1a71c32a6f14f293f Mon Sep 17 00:00:00 2001 From: Josh Kearney Date: Tue, 15 Mar 2011 16:21:22 -0500 Subject: Add logging to lock check --- nova/utils.py | 3 +++ 1 file changed, 3 insertions(+) (limited to 'nova/utils.py') diff --git a/nova/utils.py b/nova/utils.py index 87e726394..d6f9ba829 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -518,6 +518,9 @@ def synchronized(name): def wrap(f): @functools.wraps(f) def inner(*args, **kwargs): + LOG.debug(_("Attempting to grab %(lock)s for method " + "%(method)s..." % {"lock": name, + "method": f.__name__})) lock = lockfile.FileLock(os.path.join(FLAGS.lock_path, 'nova-%s.lock' % name)) with lock: -- cgit