def _login(self):
# authenticate
auth_req = iRODSMessage(type='RODS_API_REQ', int_info=703)
self.send(auth_req)
# challenge
challenge_msg = self.recv()
logger.debug(challenge_msg.msg)
challenge = challenge_msg.get_main_message(AuthChallenge).challenge
padded_pwd = struct.pack("%ds" % MAX_PASSWORD_LENGTH,
self.account.password)
m = hashlib.md5()
m.update(challenge)
m.update(padded_pwd)
encoded_pwd = m.digest()
encoded_pwd = encoded_pwd.replace('\x00', '\x01')
pwd_msg = AuthResponse(response=encoded_pwd,
username=self.account.proxy_user)
pwd_request = iRODSMessage(type='RODS_API_REQ',
int_info=704,
msg=pwd_msg)
self.send(pwd_request)
auth_response = self.recv()
def _login_password(self):
# authenticate
auth_req = iRODSMessage(msg_type='RODS_API_REQ', int_info=703)
self.send(auth_req)
# challenge
challenge_msg = self.recv()
logger.debug(challenge_msg.msg)
challenge = challenge_msg.get_main_message(AuthChallenge).challenge
if six.PY3:
challenge = challenge.encode('utf-8').strip()
padded_pwd = struct.pack(
"%ds" % MAX_PASSWORD_LENGTH, self.account.password.encode(
'utf-8').strip())
else:
padded_pwd = struct.pack(
"%ds" % MAX_PASSWORD_LENGTH, self.account.password)
m = hashlib.md5()
m.update(challenge)
m.update(padded_pwd)
encoded_pwd = m.digest()
if six.PY2:
encoded_pwd = encoded_pwd.replace('\x00', '\x01')
elif b'\x00' in encoded_pwd:
encoded_pwd_array = bytearray(encoded_pwd)
encoded_pwd = bytes(encoded_pwd_array.replace(b'\x00', b'\x01'))
pwd_msg = AuthResponse(
response=encoded_pwd, username=self.account.proxy_user)
pwd_request = iRODSMessage(
msg_type='RODS_API_REQ', int_info=704, msg=pwd_msg)
self.send(pwd_request)
auth_response = self.recv()
def test_auth_response(self):
ar = AuthResponse()
ar.response = "hello"
ar.username = "******"
expected = "<authResponseInp_PI>\
<response>aGVsbG8=</response>\
<username>rods</username>\
</authResponseInp_PI>"
self.assertEqual(ar.pack(), expected)
ar2 = AuthResponse()
ar2.unpack(ET.fromstring(expected))
self.assertEqual(ar2.response, "hello")
self.assertEqual(ar2.username, "rods")
def _login_native(self, password=None):
# Default case, PAM login will send a new password
if password is None:
password = self.account.password or ''
# authenticate
auth_req = iRODSMessage(msg_type='RODS_API_REQ', int_info=703)
self.send(auth_req)
# challenge
challenge_msg = self.recv()
logger.debug(challenge_msg.msg)
challenge = challenge_msg.get_main_message(AuthChallenge).challenge
# one "session" signature per connection
# see https://github.com/irods/irods/blob/4.2.1/plugins/auth/native/libnative.cpp#L137
# and https://github.com/irods/irods/blob/4.2.1/lib/core/src/clientLogin.cpp#L38-L60
if six.PY2:
self._client_signature = "".join("{:02x}".format(ord(c))
for c in challenge[:16])
else:
self._client_signature = "".join("{:02x}".format(c)
for c in challenge[:16])
if six.PY3:
challenge = challenge.strip()
padded_pwd = struct.pack("%ds" % MAX_PASSWORD_LENGTH,
password.encode('utf-8').strip())
else:
padded_pwd = struct.pack("%ds" % MAX_PASSWORD_LENGTH, password)
m = hashlib.md5()
m.update(challenge)
m.update(padded_pwd)
encoded_pwd = m.digest()
if six.PY2:
encoded_pwd = encoded_pwd.replace('\x00', '\x01')
elif b'\x00' in encoded_pwd:
encoded_pwd_array = bytearray(encoded_pwd)
encoded_pwd = bytes(encoded_pwd_array.replace(b'\x00', b'\x01'))
pwd_msg = AuthResponse(response=encoded_pwd,
username=self.account.proxy_user)
pwd_request = iRODSMessage(msg_type='RODS_API_REQ',
int_info=api_number['AUTH_RESPONSE_AN'],
msg=pwd_msg)
self.send(pwd_request)
self.recv()
def gsi_client_auth_response(self):
message = '%s=%s' % (AUTH_SCHEME_KEY, GSI_AUTH_SCHEME)
# IMPORTANT! padding
len_diff = RESPONSE_LEN - len(message)
message += "\0" * len_diff
# mimic gsi_auth_client_response
gsi_msg = AuthResponse(response=message,
username=self.account.proxy_user + '#' +
self.account.proxy_zone)
gsi_request = iRODSMessage(msg_type='RODS_API_REQ',
int_info=api_number['AUTH_RESPONSE_AN'],
msg=gsi_msg)
self.send(gsi_request)
self.recv()
def test_auth_response(self):
ar = AuthResponse()
ar.response = b"hello"
ar.username = "******"
expected = "<authResponseInp_PI>\
<response>aGVsbG8=</response>\
<username>rods</username>\
</authResponseInp_PI>"
self.assertEqual(ar.pack(), expected)
ar2 = AuthResponse()
ar2.unpack(ET.fromstring(expected))
self.assertEqual(ar2.response, b"hello")
self.assertEqual(ar2.username, "rods")