Exemple #1
0
        def _login(self, params):
            valid = False

            if params.get("username") and params.get("password"):
                for entry in (config.USERS or []):
                    entry = re.sub(r"\s", "", entry)
                    username, stored_hash, uid, netfilter = entry.split(':')
                    hash_parts = stored_hash.split('$')
                    if username == params.get("username"):
                        try:
                            if (pbkdf2(params.get("password"), hash_parts[1].decode("hex"), int(hash_parts[2])).encode("hex") == hash_parts[3]):
                                valid = True
                                break
                        except (IndexError, ValueError), ex:
                            pass
Exemple #2
0
        def _login(self, params):
            valid = False

            if params.get("username") and params.get("password"):
                for entry in (config.USERS or []):
                    entry = re.sub(r"\s", "", entry)
                    username, stored_hash, uid, netfilter = entry.split(':')
                    hash_parts = stored_hash.split('$')
                    if username == params.get("username"):
                        try:
                            if (pbkdf2(params.get("password"), hash_parts[1].decode("hex"), int(hash_parts[2])).encode("hex") == hash_parts[3]):
                                valid = True
                                break
                        except:
                            if config.SHOW_DEBUG:
                                traceback.print_exc()

            if valid:
                session_id = os.urandom(SESSION_ID_LENGTH).encode("hex")
                expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS

                self.send_response(httplib.OK)
                self.send_header("Connection", "close")
                self.send_header("Set-Cookie", "session=%s; expires=%s; path=/; HttpOnly" % (session_id, time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration))))

                if netfilter in ("", "0.0.0.0/0"):
                    netfilters = None
                else:
                    addresses = set()
                    netmasks = set()

                    for item in set(re.split(r"[;,]", netfilter)):
                        item = item.strip()
                        if '/' in item:
                            _ = item.split('/')[-1]
                            if _.isdigit() and int(_) >= 16:
                                lower = addr_to_int(item.split('/')[0])
                                mask = make_mask(int(_))
                                upper = lower | (0xffffffff ^ mask)
                                while lower <= upper:
                                    addresses.add(int_to_addr(lower))
                                    lower += 1
                            else:
                                netmasks.add(item)
                        elif '-' in item:
                            _ = item.split('-')
                            lower, upper = addr_to_int(_[0]), addr_to_int(_[1])
                            while lower <= upper:
                                addresses.add(int_to_addr(lower))
                                lower += 1
                        elif re.search(r"\d+\.\d+\.\d+\.\d+", item):
                            addresses.add(item)

                    netfilters = netmasks
                    if addresses:
                        netfilters.add(get_regex(addresses))

                SESSIONS[session_id] = AttribDict({"username": username, "uid": uid, "netfilters": netfilters, "expiration": expiration})
            else:
                time.sleep(UNAUTHORIZED_SLEEP_TIME)
                self.send_response(httplib.UNAUTHORIZED)
                self.send_header("Connection", "close")

            self.send_header("Content-Type", "text/plain")
            content = "Login %s" % ("success" if valid else "failed")

            try:
                subprocess.check_output("logger -p auth.info -t \"%s[%d]\" \"%s password for %s from %s port %s\"" % (NAME.lower(), os.getpid(), "Accepted" if valid else "Failed", params.get("username"), self.client_address[0], self.client_address[1]), stderr=subprocess.STDOUT, shell=True)
            except Exception:
                if config.SHOW_DEBUG:
                    traceback.print_exc()

            return content
Exemple #3
0
        def _login(self, params):
            valid = False

            if params.get("username") and params.get("password"):
                for entry in (config.USERS or []):
                    entry = re.sub(r"\s", "", entry)
                    username, stored_hash, uid, netfilter = entry.split(':')
                    hash_parts = stored_hash.split('$')
                    if username == params.get("username"):
                        try:
                            if (pbkdf2(params.get("password"),
                                       hash_parts[1].decode("hex"),
                                       int(hash_parts[2])).encode("hex") ==
                                    hash_parts[3]):
                                valid = True
                                break
                        except:
                            if DEBUG:
                                traceback.print_exc()

            if valid:
                session_id = os.urandom(SESSION_ID_LENGTH).encode("hex")
                expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS

                self.send_response(httplib.OK)
                self.send_header("Connection", "close")
                self.send_header(
                    "Set-Cookie", "session=%s; expires=%s; path=/; HttpOnly" %
                    (session_id,
                     time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration))))

                if netfilter in ("", "0.0.0.0/0"):
                    netfilters = None
                else:
                    netfilters = set(re.split(r"[;,]", netfilter))
                    for netfilter in set(netfilters):
                        netfilter = netfilter.strip()
                        if '/' in netfilter:
                            _ = netfilter.split('/')[-1]
                            if _.isdigit() and int(_) >= 20:
                                lower = addr_to_int(netfilter.split('/')[0])
                                mask = make_mask(int(_))
                                upper = lower | (0xffffffff ^ mask)
                                while lower <= upper:
                                    netfilters.add(int_to_addr(lower))
                                    lower += 1
                                netfilters.remove(netfilter)
                        elif '-' in netfilter:
                            _ = netfilter.split('-')
                            lower, upper = addr_to_int(_[0]), addr_to_int(_[1])
                            while lower <= upper:
                                netfilters.add(int_to_addr(lower))
                                lower += 1
                            netfilters.remove(netfilter)
                        elif not netfilter:
                            netfilters.remove(netfilter)

                SESSIONS[session_id] = AttribDict({
                    "username": username,
                    "uid": uid,
                    "netfilters": netfilters,
                    "expiration": expiration
                })
            else:
                time.sleep(UNAUTHORIZED_SLEEP_TIME)
                self.send_response(httplib.UNAUTHORIZED)
                self.send_header("Connection", "close")

            self.send_header("Content-Type", "text/plain")
            content = "Login %s" % ("success" if valid else "failed")

            return content
Exemple #4
0
        def _login(self, params):
            valid = False

            if params.get("username") and params.get("password"):
                for entry in (config.USERS or []):
                    entry = re.sub(r"\s", "", entry)
                    username, stored_hash, uid, netfilter = entry.split(':')
                    hash_parts = stored_hash.split('$')
                    if username == params.get("username"):
                        try:
                            if (pbkdf2(params.get("password"), hash_parts[1].decode("hex"), int(hash_parts[2])).encode("hex") == hash_parts[3]):
                                valid = True
                                break
                        except:
                            if DEBUG:
                                traceback.print_exc()

            if valid:
                session_id = os.urandom(SESSION_ID_LENGTH).encode("hex")
                expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS

                self.send_response(httplib.OK)
                self.send_header("Connection", "close")
                self.send_header("Set-Cookie", "session=%s; expires=%s; path=/; HttpOnly" % (session_id, time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration))))

                if netfilter in ("", "0.0.0.0/0"):
                    netfilters = None
                else:
                    netfilters = set(re.split(r"[;,]", netfilter))
                    for netfilter in set(netfilters):
                        netfilter = netfilter.strip()
                        if '/' in netfilter:
                            _ = netfilter.split('/')[-1]
                            if _.isdigit() and int(_) >= 20:
                                lower = addr_to_int(netfilter.split('/')[0])
                                mask = make_mask(int(_))
                                upper = lower | (0xffffffff ^ mask)
                                while lower <= upper:
                                    netfilters.add(int_to_addr(lower))
                                    lower += 1
                                netfilters.remove(netfilter)
                        elif '-' in netfilter:
                            _ = netfilter.split('-')
                            lower, upper = addr_to_int(_[0]), addr_to_int(_[1])
                            while lower <= upper:
                                netfilters.add(int_to_addr(lower))
                                lower += 1
                            netfilters.remove(netfilter)
                        elif not netfilter:
                            netfilters.remove(netfilter)

                SESSIONS[session_id] = AttribDict({"username": username, "uid": uid, "netfilters": netfilters, "expiration": expiration})
            else:
                time.sleep(UNAUTHORIZED_SLEEP_TIME)
                self.send_response(httplib.UNAUTHORIZED)
                self.send_header("Connection", "close")

            self.send_header("Content-Type", "text/plain")
            content = "Login %s" % ("success" if valid else "failed")

            return content
Exemple #5
0
        def _login(self, params):
            valid = False

            if params.get("username") and params.get("password"):
                for entry in (config.USERS or []):
                    entry = re.sub(r"\s", "", entry)
                    username, stored_hash, uid, netfilter = entry.split(':')
                    hash_parts = stored_hash.split('$')
                    if username == params.get("username"):
                        try:
                            if (pbkdf2(params.get("password"),
                                       hash_parts[1].decode("hex"),
                                       int(hash_parts[2])).encode("hex") ==
                                    hash_parts[3]):
                                valid = True
                                break
                        except:
                            if config.SHOW_DEBUG:
                                traceback.print_exc()

            if valid:
                session_id = os.urandom(SESSION_ID_LENGTH).encode("hex")
                expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS

                self.send_response(httplib.OK)
                self.send_header("Connection", "close")
                self.send_header(
                    "Set-Cookie", "%s=%s; expires=%s; path=/; HttpOnly" %
                    (SESSION_COOKIE_NAME, session_id,
                     time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration))))

                if netfilter in ("", "0.0.0.0/0"):
                    netfilters = None
                else:
                    addresses = set()
                    netmasks = set()

                    for item in set(re.split(r"[;,]", netfilter)):
                        item = item.strip()
                        if '/' in item:
                            _ = item.split('/')[-1]
                            if _.isdigit() and int(_) >= 16:
                                lower = addr_to_int(item.split('/')[0])
                                mask = make_mask(int(_))
                                upper = lower | (0xffffffff ^ mask)
                                while lower <= upper:
                                    addresses.add(int_to_addr(lower))
                                    lower += 1
                            else:
                                netmasks.add(item)
                        elif '-' in item:
                            _ = item.split('-')
                            lower, upper = addr_to_int(_[0]), addr_to_int(_[1])
                            while lower <= upper:
                                addresses.add(int_to_addr(lower))
                                lower += 1
                        elif re.search(r"\d+\.\d+\.\d+\.\d+", item):
                            addresses.add(item)

                    netfilters = netmasks
                    if addresses:
                        netfilters.add(get_regex(addresses))

                SESSIONS[session_id] = AttribDict({
                    "username": username,
                    "uid": uid,
                    "netfilters": netfilters,
                    "expiration": expiration
                })
            else:
                time.sleep(UNAUTHORIZED_SLEEP_TIME)
                self.send_response(httplib.UNAUTHORIZED)
                self.send_header("Connection", "close")

            self.send_header("Content-Type", "text/plain")
            content = "Login %s" % ("success" if valid else "failed")

            if not subprocess.mswindows:
                try:
                    subprocess.check_output(
                        "logger -p auth.info -t \"%s[%d]\" \"%s password for %s from %s port %s\""
                        % (NAME.lower(), os.getpid(), "Accepted"
                           if valid else "Failed", params.get("username"),
                           self.client_address[0], self.client_address[1]),
                        stderr=subprocess.STDOUT,
                        shell=True)
                except Exception:
                    if config.SHOW_DEBUG:
                        traceback.print_exc()

            return content