def verifyMsChapV2(self, userpwd):
ms_chap_response = self['MS-CHAP2-Response'][0]
authenticator_challenge = self['MS-CHAP-Challenge'][0]
if len(ms_chap_response) != 50:
raise Exception("Invalid MSCHAPV2-Response attribute length")
# if isinstance(userpwd, six.text_type):
# userpwd = userpwd.strip().encode('utf-8')
nt_response = ms_chap_response[26:50]
peer_challenge = ms_chap_response[2:18]
_user_name = self.get(1)[0]
nt_resp = mschap.generate_nt_response_mschap2(
authenticator_challenge,
peer_challenge,
_user_name,
userpwd,
)
if nt_resp == nt_response:
auth_resp = mschap.generate_authenticator_response(
userpwd, nt_response, peer_challenge, authenticator_challenge,
_user_name)
self.ext_attrs['MS-CHAP2-Success'] = auth_resp
self.ext_attrs['MS-MPPE-Encryption-Policy'] = '\x00\x00\x00\x01'
self.ext_attrs['MS-MPPE-Encryption-Type'] = '\x00\x00\x00\x06'
nt_pwd_hash = mschap.nt_password_hash(userpwd)
mppeSendKey, mppeRecvKey = mppe.mppe_chap2_gen_keys(
userpwd, peer_challenge)
self.ext_attrs['MS-MPPE-Send-Key'] = mppeSendKey
self.ext_attrs['MS-MPPE-Recv-Key'] = mppeRecvKey
return True
else:
return False
def verifyMsChapV2(self,userpwd):
ms_chap_response = self['MS-CHAP2-Response'][0]
authenticator_challenge = self['MS-CHAP-Challenge'][0]
if len(ms_chap_response)!=50:
raise Exception("Invalid MSCHAPV2-Response attribute length")
# if isinstance(userpwd, six.text_type):
# userpwd = userpwd.strip().encode('utf-8')
nt_response = ms_chap_response[26:50]
peer_challenge = ms_chap_response[2:18]
_user_name = self.get(1)[0]
nt_resp = mschap.generate_nt_response_mschap2(
authenticator_challenge,
peer_challenge,
_user_name,
userpwd,
)
if nt_resp == nt_response:
auth_resp = mschap.generate_authenticator_response(
userpwd,
nt_response,
peer_challenge,
authenticator_challenge,
_user_name
)
self.ext_attrs['MS-CHAP2-Success'] = auth_resp
self.ext_attrs['MS-MPPE-Encryption-Policy'] = '\x00\x00\x00\x01'
self.ext_attrs['MS-MPPE-Encryption-Type'] = '\x00\x00\x00\x06'
nt_pwd_hash = mschap.nt_password_hash(userpwd)
mppeSendKey,mppeRecvKey = mppe.mppe_chap2_gen_keys(userpwd,peer_challenge)
self.ext_attrs['MS-MPPE-Send-Key'] = mppeSendKey
self.ext_attrs['MS-MPPE-Recv-Key'] = mppeRecvKey
return True
else:
return False
def verifyMsChapV2(self,userpwd):
ms_chap_response = self['MS-CHAP2-Response'][0]
authenticator_challenge = self['MS-CHAP-Challenge'][0]
if len(ms_chap_response)!=50:
raise Exception("Invalid MSCHAPV2-Response attribute length")
# if isinstance(userpwd, six.text_type):
# userpwd = userpwd.strip().encode('utf-8')
nt_response = ms_chap_response[26:50]
peer_challenge = ms_chap_response[2:18]
_user_name = self.get(1)[0]
nt_resp = mschap.generate_nt_response_mschap2(
authenticator_challenge,
peer_challenge,
_user_name,
userpwd,
)
print 'username',_user_name
print 'passwd',userpwd
print 'authenticator_challenge',mschap.convert_to_hex_string(authenticator_challenge),len(
authenticator_challenge)
print 'peer_challenge',mschap.convert_to_hex_string(peer_challenge),len(peer_challenge)
print 'nt_response', mschap.convert_to_hex_string(nt_response),len(nt_response)
print 'my_nt_resp', mschap.convert_to_hex_string(nt_resp), len(nt_resp)
if nt_resp == nt_response:
auth_resp = mschap.generate_authenticator_response(
userpwd,
nt_response,
peer_challenge,
authenticator_challenge,
_user_name
)
self.ext_attrs['MS-CHAP2-Success'] = auth_resp
self.ext_attrs['MS-MPPE-Encryption-Policy'] = '\x00\x00\x00\x01'
self.ext_attrs['MS-MPPE-Encryption-Type'] = '\x00\x00\x00\x06'
mppeSendKey,mppeRecvKey = mppe.mppe_chap2_gen_keys(userpwd,peer_challenge)
send_salt, recv_salt = mppe.create_salts()
send_key = mppe.radius_encrypt_keys(
mppe.create_plain_text(mppeSendKey),
self.secret,
self.authenticator,
send_salt
)
recv_key = mppe.radius_encrypt_keys(
mppe.create_plain_text(mppeRecvKey),
self.secret,
self.authenticator,
recv_salt
)
print 'send_key',mschap.convert_to_hex_string(send_key),len(send_key)
print 'recv_key',mschap.convert_to_hex_string(recv_key),len(recv_key)
self.ext_attrs['MS-MPPE-Send-Key'] = send_key
self.ext_attrs['MS-MPPE-Recv-Key'] = recv_key
return True
else:
self.ext_attrs['Reply-Message'] = "E=691 R=1 C=%s V=3 M=<password error>" % ('\0' * 32)
return False
def verifyMsChapV2(self,userpwd):
ms_chap_response = self['MS-CHAP2-Response'][0]
authenticator_challenge = self['MS-CHAP-Challenge'][0]
if len(ms_chap_response)!=50:
raise Exception("Invalid MSCHAPV2-Response attribute length")
# if isinstance(userpwd, six.text_type):
# userpwd = userpwd.strip().encode('utf-8')
nt_response = ms_chap_response[26:50]
peer_challenge = ms_chap_response[2:18]
_user_name = self.get(1)[0]
nt_resp = mschap.generate_nt_response_mschap2(
authenticator_challenge,
peer_challenge,
_user_name,
userpwd,
)
if nt_resp == nt_response:
auth_resp = mschap.generate_authenticator_response(
userpwd,
nt_response,
peer_challenge,
authenticator_challenge,
_user_name
)
self.ext_attrs['MS-CHAP2-Success'] = auth_resp
self.ext_attrs['MS-MPPE-Encryption-Policy'] = '\x00\x00\x00\x01'
self.ext_attrs['MS-MPPE-Encryption-Type'] = '\x00\x00\x00\x06'
mppeSendKey,mppeRecvKey = mppe.mppe_chap2_gen_keys(userpwd,peer_challenge)
send_key, recv_key = mppe.gen_radius_encrypt_keys(mppeSendKey,mppeRecvKey,self.secret,self.authenticator)
self.ext_attrs['MS-MPPE-Send-Key'] = send_key
self.ext_attrs['MS-MPPE-Recv-Key'] = recv_key
return True
else:
self.ext_attrs['Reply-Message'] = "E=691 R=1 C=%s V=3 M=<password error>" % ('\0' * 32)
return False