def _testKey(self, pubData, privData, keyType):
privKey = keys.getPrivateKeyObject(data = privData)
pubStr = keys.getPublicKeyString(data = pubData)
pubKey = keys.getPublicKeyObject(pubStr)
self._testKeySignVerify(privKey, pubKey)
self._testKeyFromString(privKey, pubKey, privData, pubData)
self._testGenerateKey(privKey, pubKey, privData, pubData, keyType)
def _cbRequestAvatarId(self, validKey, credentials):
if not validKey:
return failure.Failure(UnauthorizedLogin())
if not credentials.signature:
return failure.Failure(error.ValidPublicKey())
else:
try:
if conch.version.major < 10:
pubKey = keys.getPublicKeyObject(data=credentials.blob)
if keys.verifySignature(pubKey, credentials.signature,
credentials.sigData):
return credentials.username
else:
pubKey = keys.Key.fromString(credentials.blob)
if pubKey.verify(credentials.signature,
credentials.sigData):
return credentials.username
except: # any error should be treated as a failed login
f = failure.Failure()
log.warning('manhole',
'error checking signature on creds %r: %r',
credentials, log.getFailureMessage(f))
return f
return failure.Failure(UnauthorizedLogin())
def _cbRequestAvatarId(self, validKey, credentials):
if not validKey:
return failure.Failure(UnauthorizedLogin())
if not credentials.signature:
return failure.Failure(error.ValidPublicKey())
else:
try:
if conch.version.major < 10:
pubKey = keys.getPublicKeyObject(data=credentials.blob)
if keys.verifySignature(pubKey, credentials.signature,
credentials.sigData):
return credentials.username
else:
pubKey = keys.Key.fromString(credentials.blob)
if pubKey.verify(credentials.signature,
credentials.sigData):
return credentials.username
except: # any error should be treated as a failed login
f = failure.Failure()
log.warning('manhole',
'error checking signature on creds %r: %r',
credentials, log.getFailureMessage(f))
return f
return failure.Failure(UnauthorizedLogin())
def _testKey(self, pubData, privData, keyType):
privKey = keys.getPrivateKeyObject(data=privData)
pubStr = keys.getPublicKeyString(data=pubData)
pubKey = keys.getPublicKeyObject(pubStr)
self._testKeySignVerify(privKey, pubKey)
self._testKeyFromString(privKey, pubKey, privData, pubData)
self._testGenerateKey(privKey, pubKey, privData, pubData, keyType)
def _testKeyFromString(self, privKey, pubKey, privData, pubData):
keyType = keys.objectType(privKey)
privFS = keys.getPrivateKeyObject(data = privData)
pubFS = keys.getPublicKeyObject(keys.getPublicKeyString(data=pubData))
for k in privFS.keydata:
if getattr(privFS, k) != getattr(privKey, k):
self.fail('getting %s private key from string failed' % keyType)
for k in pubFS.keydata:
if hasattr(pubFS, k):
if getattr(pubFS, k) != getattr(pubKey, k):
self.fail('getting %s public key from string failed' % keyType)
def _testKeyFromString(self, privKey, pubKey, privData, pubData):
keyType = keys.objectType(privKey)
privFS = keys.getPrivateKeyObject(data=privData)
pubFS = keys.getPublicKeyObject(keys.getPublicKeyString(data=pubData))
for k in privFS.keydata:
if getattr(privFS, k) != getattr(privKey, k):
self.fail('getting %s private key from string failed' %
keyType)
for k in pubFS.keydata:
if hasattr(pubFS, k):
if getattr(pubFS, k) != getattr(pubKey, k):
self.fail('getting %s public key from string failed' %
keyType)
def requestAvatarId(self, credentials):
if not self.checkKey(credentials):
return defer.fail(UnauthorizedLogin())
if not credentials.signature:
return defer.fail(error.ValidPublicKey())
else:
try:
pubKey = keys.getPublicKeyObject(data = credentials.blob)
if keys.verifySignature(pubKey, credentials.signature,
credentials.sigData):
return defer.succeed(credentials.username)
except:
pass
return defer.fail(UnauthorizedLogin())
def _cbRequestAvatarId(self, validKey, credentials):
if not validKey:
return failure.Failure(UnauthorizedLogin())
if not credentials.signature:
return failure.Failure(error.ValidPublicKey())
else:
try:
pubKey = keys.getPublicKeyObject(data=credentials.blob)
if keys.verifySignature(pubKey, credentials.signature, credentials.sigData):
return credentials.username
except: # any error should be treated as a failed login
f = failure.Failure()
log.err()
return f
return failure.Failure(UnauthorizedLogin())
def printFingerprint(options):
if not options['filename']:
filename = os.path.expanduser('~/.ssh/id_rsa')
options['filename'] = raw_input('Enter file in which the key is (%s): ' % filename)
if os.path.exists(options['filename']+'.pub'):
options['filename'] += '.pub'
try:
string = keys.getPublicKeyString(options['filename'])
obj = keys.getPublicKeyObject(string)
print '%s %s %s' % (
obj.size()+1,
':'.join(['%02x' % ord(x) for x in md5.new(string).digest()]),
os.path.basename(options['filename']))
except:
sys.exit('bad key')
def requestAvatarId(self, credentials):
try:
userKey = AuthKeys[Name(credentials.username)].key
except KeyError:
raise error.ConchError("No such user")
else:
if not credentials.blob == base64.decodestring(userKey):
raise error.ConchError("I don't recognize that key")
if not credentials.signature:
return error.ValidPublicKey( )
pubKey = keys.getPublicKeyObject(data=credentials.blob)
if keys.verifySignature(pubKey, credentials.signature, credentials.sigData):
return credentials.username
else:
return error.ConchError("Incorrect signature")
def _cbRequestAvatarId(self, validKey, credentials):
if not validKey:
return failure.Failure(UnauthorizedLogin())
if not credentials.signature:
return failure.Failure(error.ValidPublicKey())
else:
try:
pubKey = keys.getPublicKeyObject(data=credentials.blob)
if keys.verifySignature(pubKey, credentials.signature,
credentials.sigData):
return credentials.username
except: # any error should be treated as a failed login
f = failure.Failure()
log.err()
return f
return failure.Failure(UnauthorizedLogin())
def requestAvatarId(self, credentials):
if self.authorizedKeys.has_key(credentials.username):
userKey = self.authorizedKeys[credentials.username]
if not credentials.blob == base64.decodestring(userKey):
raise failure.failure(
error.ConchError("I don't recognize that key"))
if not credentials.signature:
return failure.Failure(error.ValidPublicKey())
pubKey = keys.getPublicKeyObject(data=credentials.blob)
if keys.verifySignature(pubKey, credentials.signature,
credentials.sigData):
return credentials.username
else:
return failure.Failure(error.ConchError("Incorrect signature"))
else:
return failure.Failure(error.ConchError("No such user"))
def auth_publickey(self, packet):
hasSig = ord(packet[0])
algName, blob, rest = getNS(packet[1:], 2)
pubKey = keys.getPublicKeyObject(data = blob)
signature = hasSig and getNS(rest)[0] or None
if hasSig:
b = NS(self.transport.sessionID) + chr(MSG_USERAUTH_REQUEST) + \
NS(self.user) + NS(self.nextService) + NS('publickey') + \
chr(hasSig) + NS(keys.objectType(pubKey)) + NS(blob)
c = credentials.SSHPrivateKey(self.user, algName, blob, b, signature)
return self.portal.login(c, None, interfaces.IConchUser)
else:
c = credentials.SSHPrivateKey(self.user, algName, blob, None, None)
return self.portal.login(c, None, interfaces.IConchUser).addErrback(
self._ebCheckKey,
packet[1:])
