From the error message, and what I've learned about base64, my best

guess about the transient errors (ie, some people get them, some people do not) is that sometimes the base64 encoding can cause \n's to get in the string, which the mime stuff will treat as a newline. So I replace \n w/ @ before putting it in the cookie, and do the reverse before checking the cookie. Hopefully we won't hear about this problem again.
author: viega 1998-06-14 18:01:14 +0000
committer: viega 1998-06-14 18:01:14 +0000
commit: 7db9c87dca513d5662e36465994bf460c2cef17c (patch)
tree: d486385ae051dba4d5a94576e2f303ac020020c6
parent: 2b3256843447fa2d17cb47fa1aa67462d9f45dd8 (diff)
download: mailman-7db9c87dca513d5662e36465994bf460c2cef17c.tar.gz
mailman-7db9c87dca513d5662e36465994bf460c2cef17c.tar.zst
mailman-7db9c87dca513d5662e36465994bf460c2cef17c.zip
4 files changed, 12 insertions, 16 deletions
diff --git a/Mailman/Cgi/admin.py b/Mailman/Cgi/admin.py
index c9155c87e..e8e9a1d08 100644
--- a/Mailman/Cgi/admin.py
+++ b/Mailman/Cgi/admin.py
@@ -21,7 +21,7 @@
 To run stand-alone for debugging, set env var PATH_INFO to name of list
 and, optionally, options category."""
 
-__version__ = "$Revision: 734 $"
+__version__ = "$Revision: 741 $"
 
 import sys
 import os, cgi, string, crypt, types, time
@@ -102,7 +102,7 @@ def isAuthenticated(list, password=None, SECRET="SECRET"):
 
         token = md5.new(SECRET + list_name + SECRET).digest()
         token = base64.encodestring(token)
-        token = string.strip(token)
+        token = string.replace(token, "\n", "@")
         c = Cookie.Cookie()
         cookie_key = list_name + "-admin"
         c[cookie_key] = token
@@ -113,11 +113,9 @@ def isAuthenticated(list, password=None, SECRET="SECRET"):
         c = Cookie.Cookie( os.environ['HTTP_COOKIE'] )
         if c.has_key(list_name + "-admin"):
 	    try:
-               inp = base64.decodestring(c[list_name + "-admin"].value)
+               inp = base64.decodestring(string.replace(
+	              c[list_name + "-admin"].value, "@", "\n"))
                check = md5.new(SECRET+list_name+SECRET).digest()
-            except Error:  # the decodestring may return incorrect padding?
-               raise 'Decode failed'
-               return 0
             if inp == check:
                 return 1
             else:
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index 4a06a7270..eb1352ded 100644
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -110,7 +110,7 @@ def isAuthenticated(list_name):
 	if c.has_key(list_name):
 	    # The user has a token like 'c++-sig=AE23446AB...'; verify 
 	    # that it's correct.
-	    token = c[list_name].value
+	    token = string.replace(c[list_name].value,"@","\n")
 	    import base64, md5
 	    if base64.decodestring(token) != md5.new(SECRET
 						     + list_name
@@ -152,7 +152,7 @@ def isAuthenticated(list_name):
     import base64, md5
     token = md5.new(SECRET + list_name + SECRET).digest()
     token = base64.encodestring(token)
-    token = string.strip(token)
+    token = string.replace(token, "\n", "@")
     c = Cookie.Cookie()
     c[list_name] = token
     print c				# Output the cookie
diff --git a/modules/Cgi/admin.py b/modules/Cgi/admin.py
index c9155c87e..e8e9a1d08 100755
--- a/modules/Cgi/admin.py
+++ b/modules/Cgi/admin.py
@@ -21,7 +21,7 @@
 To run stand-alone for debugging, set env var PATH_INFO to name of list
 and, optionally, options category."""
 
-__version__ = "$Revision: 734 $"
+__version__ = "$Revision: 741 $"
 
 import sys
 import os, cgi, string, crypt, types, time
@@ -102,7 +102,7 @@ def isAuthenticated(list, password=None, SECRET="SECRET"):
 
         token = md5.new(SECRET + list_name + SECRET).digest()
         token = base64.encodestring(token)
-        token = string.strip(token)
+        token = string.replace(token, "\n", "@")
         c = Cookie.Cookie()
         cookie_key = list_name + "-admin"
         c[cookie_key] = token
@@ -113,11 +113,9 @@ def isAuthenticated(list, password=None, SECRET="SECRET"):
         c = Cookie.Cookie( os.environ['HTTP_COOKIE'] )
         if c.has_key(list_name + "-admin"):
 	    try:
-               inp = base64.decodestring(c[list_name + "-admin"].value)
+               inp = base64.decodestring(string.replace(
+	              c[list_name + "-admin"].value, "@", "\n"))
                check = md5.new(SECRET+list_name+SECRET).digest()
-            except Error:  # the decodestring may return incorrect padding?
-               raise 'Decode failed'
-               return 0
             if inp == check:
                 return 1
             else:
diff --git a/modules/Cgi/private.py b/modules/Cgi/private.py
index 4a06a7270..eb1352ded 100755
--- a/modules/Cgi/private.py
+++ b/modules/Cgi/private.py
@@ -110,7 +110,7 @@ def isAuthenticated(list_name):
 	if c.has_key(list_name):
 	    # The user has a token like 'c++-sig=AE23446AB...'; verify 
 	    # that it's correct.
-	    token = c[list_name].value
+	    token = string.replace(c[list_name].value,"@","\n")
 	    import base64, md5
 	    if base64.decodestring(token) != md5.new(SECRET
 						     + list_name
@@ -152,7 +152,7 @@ def isAuthenticated(list_name):
     import base64, md5
     token = md5.new(SECRET + list_name + SECRET).digest()
     token = base64.encodestring(token)
-    token = string.strip(token)
+    token = string.replace(token, "\n", "@")
     c = Cookie.Cookie()
     c[list_name] = token
     print c				# Output the cookie
author	viega	1998-06-14 18:01:14 +0000
committer	viega	1998-06-14 18:01:14 +0000
commit	7db9c87dca513d5662e36465994bf460c2cef17c (patch)
tree	d486385ae051dba4d5a94576e2f303ac020020c6
parent	2b3256843447fa2d17cb47fa1aa67462d9f45dd8 (diff)
download	mailman-7db9c87dca513d5662e36465994bf460c2cef17c.tar.gz mailman-7db9c87dca513d5662e36465994bf460c2cef17c.tar.zst mailman-7db9c87dca513d5662e36465994bf460c2cef17c.zip