def process(self, challenge=None):
if challenge is None:
return None
self._fetch_properties('username', 'password')
mac = hmac.HMAC(key=bytes(self.password), digestmod=hashlib.md5)
mac.update(challenge)
return bytes(self.username) + b' ' + bytes(mac.hexdigest())
def process(self, challenge=None):
if challenge is None:
return None
self._fetch_properties('username', 'password')
mac = hmac.HMAC(key=bytes(self.password), digestmod=hashlib.md5)
mac.update(challenge)
return bytes(self.username) + b' ' + bytes(mac.hexdigest())
def __init__(self, sasl, principal=None, **props):
Mechanism.__init__(self, sasl)
self.user = None
self._have_negotiated_details = False
self.host = self.sasl.host
self.service = self.sasl.service
self.principal = principal
self._fetch_properties('host', 'service')
krb_service = b'@'.join((bytes(self.service), bytes(self.host)))
_, self.context = kerberos.authGSSClientInit(
service=krb_service, principal=self.principal)
def __init__(self, sasl, principal=None, **props):
Mechanism.__init__(self, sasl)
self.user = None
self._have_negotiated_details = False
self.host = self.sasl.host
self.service = self.sasl.service
self.principal = principal
self._fetch_properties('host', 'service')
krb_service = b'@'.join((bytes(self.service), bytes(self.host)))
_, self.context = kerberos.authGSSClientInit(service=krb_service,
principal=self.principal)
def response(self):
required_props = ['username']
if not getattr(self, 'key_hash', None):
required_props.append('password')
self._fetch_properties(*required_props)
resp = {}
if 'auth-int' in self.qops:
self.qop = b'auth-int'
resp['qop'] = self.qop
if getattr(self, 'realm', None) is not None:
resp['realm'] = quote(self.realm)
resp['username'] = quote(bytes(self.username))
resp['nonce'] = quote(self.nonce)
if self.nc == 0:
self.cnonce = bytes('%s' % random.random())[2:]
resp['cnonce'] = quote(self.cnonce)
self.nc += 1
resp['nc'] = bytes('%08x' % self.nc)
self._digest_uri = bytes(self.sasl.host) + b'/' + bytes(self.sasl.service)
resp['digest-uri'] = quote(self._digest_uri)
a2 = b'AUTHENTICATE:' + self._digest_uri
if self.qop != b'auth':
a2 += b':00000000000000000000000000000000'
resp['maxbuf'] = b'16777215' # 2**24-1
resp['response'] = self.gen_hash(a2)
return b','.join([bytes(k) + b'=' + bytes(v) for k, v in resp.items()])
def response(self):
required_props = ['username']
if not getattr(self, 'key_hash', None):
required_props.append('password')
self._fetch_properties(*required_props)
resp = {}
if 'auth-int' in self.qops:
self.qop = b'auth-int'
resp['qop'] = self.qop
if getattr(self, 'realm', None) is not None:
resp['realm'] = quote(self.realm)
resp['username'] = quote(bytes(self.username))
resp['nonce'] = quote(self.nonce)
if self.nc == 0:
self.cnonce = bytes('%s' % random.random())[2:]
resp['cnonce'] = quote(self.cnonce)
self.nc += 1
resp['nc'] = bytes('%08x' % self.nc)
self._digest_uri = bytes(self.sasl.host) + b'/' + bytes(
self.sasl.service)
resp['digest-uri'] = quote(self._digest_uri)
a2 = b'AUTHENTICATE:' + self._digest_uri
if self.qop != b'auth':
a2 += b':00000000000000000000000000000000'
resp['maxbuf'] = b'16777215' # 2**24-1
resp['response'] = self.gen_hash(a2)
return b','.join([bytes(k) + b'=' + bytes(v) for k, v in resp.items()])
def __init__(self, sasl, principal=None, **props):
Mechanism.__init__(self, sasl)
self.user = None
self._have_negotiated_details = False
self.host = self.sasl.host
self.service = self.sasl.service
self.principal = principal
self._fetch_properties('host', 'service')
krb_service = b'@'.join((bytes(self.service), bytes(self.host)))
try:
_, self.context = kerberos.authGSSClientInit(
service=krb_service, principal=self.principal)
except TypeError:
if self.principal is not None:
raise StandardError("Error: kerberos library does not support principal.")
_, self.context = kerberos.authGSSClientInit(
service=krb_service)
def parse_challenge(self, challenge):
ret = {}
var = b''
val = b''
in_var = True
in_quotes = False
new = False
escaped = False
for c in challenge:
if sys.version_info >= (3, 0):
c = bytes([c])
if in_var:
if c.isspace():
continue
if c == b'=':
in_var = False
new = True
else:
var += c
else:
if new:
if c == b'"':
in_quotes = True
else:
val += c
new = False
elif in_quotes:
if escaped:
escaped = False
val += c
else:
if c == b'\\':
escaped = True
elif c == b'"':
in_quotes = False
else:
val += c
else:
if c == b',':
if var:
ret[var] = val
var = b''
val = b''
in_var = True
else:
val += c
if var:
ret[var] = val
return ret
def parse_challenge(self, challenge):
ret = {}
var = b''
val = b''
in_var = True
in_quotes = False
new = False
escaped = False
for c in challenge:
if sys.version_info >= (3, 0):
c = bytes([c])
if in_var:
if c.isspace():
continue
if c == b'=':
in_var = False
new = True
else:
var += c
else:
if new:
if c == b'"':
in_quotes = True
else:
val += c
new = False
elif in_quotes:
if escaped:
escaped = False
val += c
else:
if c == b'\\':
escaped = True
elif c == b'"':
in_quotes = False
else:
val += c
else:
if c == b',':
if var:
ret[var] = val
var = b''
val = b''
in_var = True
else:
val += c
if var:
ret[var] = val
return ret
def gen_hash(self, a2):
if not getattr(self, 'key_hash', None):
key_hash = hashlib.md5()
user = bytes(self.username)
password = bytes(self.password)
realm = bytes(self.realm)
kh = user + b':' + realm + b':' + password
key_hash.update(kh)
self.key_hash = key_hash.digest()
a1 = hashlib.md5(self.key_hash)
a1h = b':' + self.nonce + b':' + self.cnonce
a1.update(a1h)
response = hashlib.md5()
self._a1 = a1.digest()
rv = bytes(a1.hexdigest().lower())
rv += b':' + self.nonce
rv += b':' + bytes('%08x' % self.nc)
rv += b':' + self.cnonce
rv += b':' + self.qop
rv += b':' + bytes(hashlib.md5(a2).hexdigest().lower())
response.update(rv)
return bytes(response.hexdigest().lower())
def gen_hash(self, a2):
if not getattr(self, 'key_hash', None):
key_hash = hashlib.md5()
user = bytes(self.username)
password = bytes(self.password)
realm = bytes(self.realm)
kh = user + b':' + realm + b':' + password
key_hash.update(kh)
self.key_hash = key_hash.digest()
a1 = hashlib.md5(self.key_hash)
a1h = b':' + self.nonce + b':' + self.cnonce
a1.update(a1h)
response = hashlib.md5()
self._a1 = a1.digest()
rv = bytes(a1.hexdigest().lower())
rv += b':' + self.nonce
rv += b':' + bytes('%08x' % self.nc)
rv += b':' + self.cnonce
rv += b':' + self.qop
rv += b':' + bytes(hashlib.md5(a2).hexdigest().lower())
response.update(rv)
return bytes(response.hexdigest().lower())
def process(self, challenge=None):
self._fetch_properties('username', 'password')
return b'\x00' + bytes(self.user) + b'\x00' + bytes(self.password)
def process(self, challenge=None):
self._fetch_properties('username', 'password')
self.complete = True
return bytes(self.identity) + b'\x00' + bytes(self.username) + b'\x00' + bytes(self.password)
def process(self, challenge=None):
self._fetch_properties('username', 'password')
return b'\x00' + bytes(self.username) + b'\x00' + bytes(self.password)
