| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
confident the Elixir branch is ready to become mainline. Also, fewer branches
makes for an easier migration to a dvcs.
Don't expect much of the old test suite to work, or even for much of the old
functionality to work. The changes here are disruptive enough to break higher
level parts of Mailman. But that's okay because I am slowly building up a new
and improved test suite, which will lead to a functional system again.
For now, only the doctests in Mailman/docs (and their related test harnesses)
will pass, but they all do pass. Note that Mailman/docs serve as system
documentation first and unit tests second. You should be able to read the
doctest files to understand the underlying data model.
Other changes included in this merge:
- Added the Mailman.ext extension package.
- zope.interfaces uses to describe major components
- SQLAlchemy/Elixir used as the database model
- Top level doinstall target renamed to justinstall
- 3rd-party packages are now installed in pythonlib/lib/python to be more
compliant with distutils standards. This allows us to use just --home
instead of all the --install-* options.
- No longer need to include the email package or pysqlite, as Python 2.5 is
required (and comes with both packages).
- munepy package is included, for Python enums
- IRosterSets are added as a way to manage a collection of IRosters. Roster
sets are named so that we can maintain the indirection between mailing lists
and rosters, where the two are maintained in different storages.
- IMailingListRosters: remove_*_roster() -> delete_*_roster()
- Remove IMember interface.
- Utils.list_names() -> config.list_manager.names
- fqdn_listname() takes an optional hostname argument.
- Added a bunch of new exceptions used throughout the new interfaces.
- Make LockFile a context manager for use with the 'with' statement.
|
| |
|
|
|
| |
Cgi/create.py: password scheme lookup.
|
| |
|
|
|
|
|
| |
Mark Sapiro's patch for 'format' parameter. (Decorate.py, Scrubber.py)
Scrubber.py: More brush up of code ... 'Content-Transfer-Encoding' is not
updated by msg.set_payload(). 'Url:' to 'URL:' normalization.
test_handlers.py: Test codes for Decorate.py and Scrubber.py.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
scheme. Fix mmsitepass and test cases accordingly. Details:
- set_global_password(): Instead of taking a string for 'scheme' argument,
take None and then coerce that into passwords.Schemes.ssha
- Add a base PasswordError and a BadPasswordSchemeError error that derives
from that. For consistency, multiply inherit MMBadPasswordError and
MMPasswordsMustMatch from PasswordError.
- Add a passwords.lookup_scheme() method which turns scheme_names into scheme
enum constants. It returns None if the lookup fails.
- passwords.py: change the internal representation of _SCHEMES_BY_TAG
dictionary to map scheme names to scheme enum values. Change internal uses
of this dictionary to then turn those enum values into hash classes, or
whatever else we need.
- make_secret(): Raise BadPasswordSchemeErrorif the given schema (which should
be an enum value) is invalid.
- TestBase.tearDown(): Clear out any <site> locks that might hang around after
a test case runs.
|
| |
|
|
|
|
|
|
|
|
| |
emum.py:
'cls' is used instead of 'self'
mmsitepass.py:
SCHEMES -> Schemes
passwords.py:
make_secret is called with 'scheme' in string.
decode() of challenge string fails if it is unicode.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
use much nicer identifiers for constants than plain ints or strings. New code
using enumerating constants should use subclasses of enum.Enum.
Along those lines, the passwords.py module has been rewritten to use enum
constants instead of strings. So now e.g. the default password scheme is
Mailman.passwords.Schemes.ssha and there are Scheme.pbkdf2 and Scheme.sha
(etc) schemes as well.
Also, rework the passwords.py implementation to better support unicode
passwords. This elaborates on Tokio's r8160 by recognizing that the hash
algorithms always operate on byte-strings not on unicodes. Thus if the secret
or response are unicodes, encode them to byte-strings via utf-8 before hashing
and comparing.
Unit tests added for both enums and passwords.
|
| | |
|
|
|
First off, there are several password hashing schemes added including SHA,
salted-SHA, and RFC 2989 PBKDF2 (contributed by Bob Fleck). Then we encode
the password using RFC 2307 style syntax. At least I think: specifically
things like the PRF and iteration count for PBKDF2 are encoded the way I
/think/ is intended for RFC 2307 but I could be wrong. Seems darn hard to
find definitive information about that.
In any event, even though CLEARTEXT passwords are supported, they are mostly
deprecated, even for user passwords. It also allows us to easily update all
passwords to a new hashing scheme when the existing schemes get cracked. The
default scheme (specified in Defaults.py.in) is salted-SHA with a 20 byte salt
(the salt length and PBKDF2 iteration counts can only be specified in the
passwords.py file).
These hashed passwords are used for user passwords, list owner and moderator
passwords, and site and list creator passwords.
Of course this means that user password reminders are impossible now. They've
been ripped out of the code for a while, but now we'll need to implement
password resets since user passwords cannot be recovered.
bin/export has had several changes:
- export no longer converts to dollar strings. Were assuming dollar strings
are used by default for all new lists and any imported lists will already be
converted to dollar strings.
- Likewise, rip out the password scheme stuff, since cleartext passwords can
never be exported, so we might as well always include the member's hashed
password.
- Fix exporting to stdout when that stream can only handle ascii by wrapping
stdout in a utf-8 codec writer.
Other changes:
- add a missing import to HTTPRunner.py
- Convert GUIBase.py to use Defaults.* for constants instead of mm_cfg.*
- Remove pre-Python 2.4 compatibility from Utils.py. We've already said
Python 2.4 will be a minimum requirement.
- Change the permissions on the global password file. The default 007 umask
is used and should be good enough.
- bin/newlist adds the ability to specify the password scheme (or list the
available schemes) for the list owner password. It is not possible to set
the scheme on a per-list basis. bin/mmsitepass does the same, but for the
site and list creator passwords.
- Fix a nasty problem with bin/import. The comment in the code says it best:
# XXX Here's what sucks. Some properties need to have
# _setValue() called on the gui component, because those
# methods do some pre-processing on the values before they're
# applied to the MailList instance. But we don't have a good
# way to find a category and sub-category that a particular
# property belongs to. Plus this will probably change. So
# for now, we'll just hard code the extra post-processing
# here. The good news is that not all _setValue() munging
# needs to be done -- for example, we've already converted
# everything to dollar strings.
- Set the 'debug' logger to logging.DEBUG level. It doesn't seem to make much
sense for the debugging log to ignore debug messages.
|
