def process(self, challenge=None): if challenge is None: return None self._fetch_properties('username', 'password') mac = hmac.HMAC(key=bytes(self.password), digestmod=hashlib.md5) mac.update(challenge) return bytes(self.username) + b' ' + bytes(mac.hexdigest())
def __init__(self, sasl, principal=None, **props): Mechanism.__init__(self, sasl) self.user = None self._have_negotiated_details = False self.host = self.sasl.host self.service = self.sasl.service self.principal = principal self._fetch_properties('host', 'service') krb_service = b'@'.join((bytes(self.service), bytes(self.host))) _, self.context = kerberos.authGSSClientInit( service=krb_service, principal=self.principal)
def __init__(self, sasl, principal=None, **props): Mechanism.__init__(self, sasl) self.user = None self._have_negotiated_details = False self.host = self.sasl.host self.service = self.sasl.service self.principal = principal self._fetch_properties('host', 'service') krb_service = b'@'.join((bytes(self.service), bytes(self.host))) _, self.context = kerberos.authGSSClientInit(service=krb_service, principal=self.principal)
def response(self): required_props = ['username'] if not getattr(self, 'key_hash', None): required_props.append('password') self._fetch_properties(*required_props) resp = {} if 'auth-int' in self.qops: self.qop = b'auth-int' resp['qop'] = self.qop if getattr(self, 'realm', None) is not None: resp['realm'] = quote(self.realm) resp['username'] = quote(bytes(self.username)) resp['nonce'] = quote(self.nonce) if self.nc == 0: self.cnonce = bytes('%s' % random.random())[2:] resp['cnonce'] = quote(self.cnonce) self.nc += 1 resp['nc'] = bytes('%08x' % self.nc) self._digest_uri = bytes(self.sasl.host) + b'/' + bytes(self.sasl.service) resp['digest-uri'] = quote(self._digest_uri) a2 = b'AUTHENTICATE:' + self._digest_uri if self.qop != b'auth': a2 += b':00000000000000000000000000000000' resp['maxbuf'] = b'16777215' # 2**24-1 resp['response'] = self.gen_hash(a2) return b','.join([bytes(k) + b'=' + bytes(v) for k, v in resp.items()])
def response(self): required_props = ['username'] if not getattr(self, 'key_hash', None): required_props.append('password') self._fetch_properties(*required_props) resp = {} if 'auth-int' in self.qops: self.qop = b'auth-int' resp['qop'] = self.qop if getattr(self, 'realm', None) is not None: resp['realm'] = quote(self.realm) resp['username'] = quote(bytes(self.username)) resp['nonce'] = quote(self.nonce) if self.nc == 0: self.cnonce = bytes('%s' % random.random())[2:] resp['cnonce'] = quote(self.cnonce) self.nc += 1 resp['nc'] = bytes('%08x' % self.nc) self._digest_uri = bytes(self.sasl.host) + b'/' + bytes( self.sasl.service) resp['digest-uri'] = quote(self._digest_uri) a2 = b'AUTHENTICATE:' + self._digest_uri if self.qop != b'auth': a2 += b':00000000000000000000000000000000' resp['maxbuf'] = b'16777215' # 2**24-1 resp['response'] = self.gen_hash(a2) return b','.join([bytes(k) + b'=' + bytes(v) for k, v in resp.items()])
def __init__(self, sasl, principal=None, **props): Mechanism.__init__(self, sasl) self.user = None self._have_negotiated_details = False self.host = self.sasl.host self.service = self.sasl.service self.principal = principal self._fetch_properties('host', 'service') krb_service = b'@'.join((bytes(self.service), bytes(self.host))) try: _, self.context = kerberos.authGSSClientInit( service=krb_service, principal=self.principal) except TypeError: if self.principal is not None: raise StandardError("Error: kerberos library does not support principal.") _, self.context = kerberos.authGSSClientInit( service=krb_service)
def parse_challenge(self, challenge): ret = {} var = b'' val = b'' in_var = True in_quotes = False new = False escaped = False for c in challenge: if sys.version_info >= (3, 0): c = bytes([c]) if in_var: if c.isspace(): continue if c == b'=': in_var = False new = True else: var += c else: if new: if c == b'"': in_quotes = True else: val += c new = False elif in_quotes: if escaped: escaped = False val += c else: if c == b'\\': escaped = True elif c == b'"': in_quotes = False else: val += c else: if c == b',': if var: ret[var] = val var = b'' val = b'' in_var = True else: val += c if var: ret[var] = val return ret
def gen_hash(self, a2): if not getattr(self, 'key_hash', None): key_hash = hashlib.md5() user = bytes(self.username) password = bytes(self.password) realm = bytes(self.realm) kh = user + b':' + realm + b':' + password key_hash.update(kh) self.key_hash = key_hash.digest() a1 = hashlib.md5(self.key_hash) a1h = b':' + self.nonce + b':' + self.cnonce a1.update(a1h) response = hashlib.md5() self._a1 = a1.digest() rv = bytes(a1.hexdigest().lower()) rv += b':' + self.nonce rv += b':' + bytes('%08x' % self.nc) rv += b':' + self.cnonce rv += b':' + self.qop rv += b':' + bytes(hashlib.md5(a2).hexdigest().lower()) response.update(rv) return bytes(response.hexdigest().lower())
def process(self, challenge=None): self._fetch_properties('username', 'password') return b'\x00' + bytes(self.user) + b'\x00' + bytes(self.password)
def process(self, challenge=None): self._fetch_properties('username', 'password') self.complete = True return bytes(self.identity) + b'\x00' + bytes(self.username) + b'\x00' + bytes(self.password)
def process(self, challenge=None): self._fetch_properties('username', 'password') return b'\x00' + bytes(self.username) + b'\x00' + bytes(self.password)