FilesExpand file tree

 python37

/

config.py

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

225 lines (166 loc) · 6.23 KB

 python37

/

config.py

Top

File metadata and controls

• Code
• Blame

225 lines (166 loc) · 6.23 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

from __future__ import print_function

import shutil

from io import BytesIO, TextIOWrapper

import logging

import os

from os.path import exists

import struct

import sys

from configobj import ConfigObj, ConfigObjError

from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes

from cryptography.hazmat.backends import default_backend

try:

basestring

except NameError:

basestring = str

logger = logging.getLogger(__name__)

def log(logger, level, message):

"""Logs message to stderr if logging isn't initialized."""

if logger.parent.name != 'root':

logger.log(level, message)

else:

print(message, file=sys.stderr)

def read_config_file(f):

"""Read a config file."""

if isinstance(f, basestring):

f = os.path.expanduser(f)

try:

config = ConfigObj(f, interpolation=False, encoding='utf8')

except ConfigObjError as e:

log(logger, logging.ERROR, "Unable to parse line {0} of config file "

"'{1}'.".format(e.line_number, f))

log(logger, logging.ERROR, "Using successfully parsed config values.")

return e.config

except (IOError, OSError) as e:

log(logger, logging.WARNING, "You don't have permission to read "

"config file '{0}'.".format(e.filename))

return None

return config

def read_config_files(files):

"""Read and merge a list of config files."""

config = ConfigObj()

for _file in files:

_config = read_config_file(_file)

if bool(_config) is True:

config.merge(_config)

config.filename = _config.filename

return config

def write_default_config(source, destination, overwrite=False):

destination = os.path.expanduser(destination)

if not overwrite and exists(destination):

return

shutil.copyfile(source, destination)

def get_mylogin_cnf_path():

"""Return the path to the login path file or None if it doesn't exist."""

mylogin_cnf_path = os.getenv('MYSQL_TEST_LOGIN_FILE')

if mylogin_cnf_path is None:

app_data = os.getenv('APPDATA')

default_dir = os.path.join(app_data, 'MySQL') if app_data else '~'

mylogin_cnf_path = os.path.join(default_dir, '.mylogin.cnf')

mylogin_cnf_path = os.path.expanduser(mylogin_cnf_path)

if exists(mylogin_cnf_path):

logger.debug("Found login path file at '{0}'".format(mylogin_cnf_path))

return mylogin_cnf_path

return None

def open_mylogin_cnf(name):

"""Open a readable version of .mylogin.cnf.

Returns the file contents as a TextIOWrapper object.

:param str name: The pathname of the file to be opened.

:return: the login path file or None

"""

try:

with open(name, 'rb') as f:

plaintext = read_and_decrypt_mylogin_cnf(f)

except (OSError, IOError, ValueError):

logger.error('Unable to open login path file.')

return None

if not isinstance(plaintext, BytesIO):

logger.error('Unable to read login path file.')

return None

return TextIOWrapper(plaintext)

def read_and_decrypt_mylogin_cnf(f):

"""Read and decrypt the contents of .mylogin.cnf.

This decryption algorithm mimics the code in MySQL's

mysql_config_editor.cc.

The login key is 20-bytes of random non-printable ASCII.

It is written to the actual login path file. It is used

to generate the real key used in the AES cipher.

:param f: an I/O object opened in binary mode

:return: the decrypted login path file

:rtype: io.BytesIO or None

"""

# Number of bytes used to store the length of ciphertext.

MAX_CIPHER_STORE_LEN = 4

LOGIN_KEY_LEN = 20

# Move past the unused buffer.

buf = f.read(4)

if not buf or len(buf) != 4:

logger.error('Login path file is blank or incomplete.')

return None

# Read the login key.

key = f.read(LOGIN_KEY_LEN)

# Generate the real key.

rkey = [0] * 16

for i in range(LOGIN_KEY_LEN):

try:

rkey[i % 16] ^= ord(key[i:i+1])

except TypeError:

# ord() was unable to get the value of the byte.

logger.error('Unable to generate login path AES key.')

return None

rkey = struct.pack('16B', *rkey)

# Create a decryptor object using the key.

decryptor = _get_decryptor(rkey)

# Create a bytes buffer to hold the plaintext.

plaintext = BytesIO()

while True:

# Read the length of the ciphertext.

len_buf = f.read(MAX_CIPHER_STORE_LEN)

if len(len_buf) < MAX_CIPHER_STORE_LEN:

break

cipher_len, = struct.unpack("<i", len_buf)

# Read cipher_len bytes from the file and decrypt.

cipher = f.read(cipher_len)

plain = _remove_pad(decryptor.update(cipher))

if plain is False:

continue

plaintext.write(plain)

if plaintext.tell() == 0:

logger.error('No data successfully decrypted from login path file.')

return None

plaintext.seek(0)

return plaintext

def str_to_bool(s):

"""Convert a string value to its corresponding boolean value."""

if isinstance(s, bool):

return s

elif not isinstance(s, basestring):

raise TypeError('argument must be a string')

true_values = ('true', 'on', '1')

false_values = ('false', 'off', '0')

if s.lower() in true_values:

return True

elif s.lower() in false_values:

return False

else:

raise ValueError('not a recognized boolean value: %s'.format(s))

def _get_decryptor(key):

"""Get the AES decryptor."""

c = Cipher(algorithms.AES(key), modes.ECB(), backend=default_backend())

return c.decryptor()

def _remove_pad(line):

"""Remove the pad from the *line*."""

pad_length = ord(line[-1:])

try:

# Determine pad length.

pad_length = ord(line[-1:])

except TypeError:

# ord() was unable to get the value of the byte.

logger.warning('Unable to remove pad.')

return False

if pad_length > len(line) or len(set(line[-pad_length:])) != 1:

# Pad length should be less than or equal to the length of the

# plaintext. The pad should have a single unqiue byte.

logger.warning('Invalid pad found in login path file.')

return False

return line[:-pad_length]