def _op_accept(self):
b = self.recv_channel(4)
while bytes_to_bint(b) == self.op_dummy:
b = self.recv_channel(4)
if bytes_to_bint(b) == self.op_reject:
raise OperationalError('Connection is rejected')
op_code = bytes_to_bint(b)
if op_code == self.op_response:
return self._parse_op_response() # error occured
b = self.recv_channel(12)
self.accept_version = byte_to_int(b[3])
self.accept_architecture = bytes_to_bint(b[4:8])
self.accept_type = bytes_to_bint(b[8:])
self.lazy_response_count = 0
if op_code == self.op_cond_accept or op_code == self.op_accept_data:
read_length = 0
ln = bytes_to_bint(self.recv_channel(4))
data = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_bint(self.recv_channel(4))
self.accept_plugin_name = self.recv_channel(ln, word_alignment=True)
is_authenticated = bytes_to_bint(self.recv_channel(4))
read_length += 4
ln = bytes_to_bint(self.recv_channel(4))
self.recv_channel(ln, word_alignment=True) # keys
if is_authenticated == 0:
if self.accept_plugin_name == b'Srp':
ln = bytes_to_int(data[:2])
server_salt = data[2:ln+2]
server_public_key = srp.bytes2long(
hex_to_bytes(data[4+ln:]))
auth_data, session_key = srp.client_proof(
self.str_to_bytes(self.user.upper()),
self.str_to_bytes(self.password),
server_salt,
self.client_public_key,
server_public_key,
self.client_private_key)
elif self.accept_plugin_name == b'Legacy_Auth':
auth_data = get_crypt(self.password)
else:
raise OperationalError('Unauthorized')
if self.wire_crypt:
# send op_cont_auth
p = xdrlib.Packer()
p.pack_int(self.op_cont_auth)
p.pack_string(bytes_to_hex(auth_data))
p.pack_bytes(self.accept_plugin_name)
p.pack_bytes(self.plugin_list)
p.pack_bytes(b'')
self.sock.send(p.get_buffer())
(h, oid, buf) = self._op_response()
# op_crypt: plugin[Arc4] key[Symmetric]
p = xdrlib.Packer()
p.pack_int(self.op_crypt)
p.pack_string(b'Arc4')
p.pack_string(b'Symmetric')
self.sock.send(p.get_buffer())
self.sock.set_translator(
ARC4.new(session_key), ARC4.new(session_key))
(h, oid, buf) = self._op_response()
else: # use later _op_attach() and _op_create()
self.auth_data = auth_data
else:
assert op_code == self.op_accept
def _op_accept(self):
b = self.recv_channel(4)
while bytes_to_bint(b) == self.op_dummy:
b = self.recv_channel(4)
if bytes_to_bint(b) == self.op_reject:
raise OperationalError('Connection is rejected')
op_code = bytes_to_bint(b)
if op_code == self.op_response:
return self._parse_op_response() # error occured
b = self.recv_channel(12)
self.accept_version = byte_to_int(b[3])
self.accept_architecture = bytes_to_bint(b[4:8])
self.accept_type = bytes_to_bint(b[8:])
if op_code == self.op_cond_accept or op_code == self.op_accept_data:
read_length = 0
ln = bytes_to_bint(self.recv_channel(4))
data = self.recv_channel(ln)
read_length += 4 + ln
if read_length % 4:
self.recv_channel(4 - read_length % 4) # padding
read_length += 4 - read_length % 4
ln = bytes_to_bint(self.recv_channel(4))
self.plugin_name = self.recv_channel(ln)
read_length += 4 + ln
if read_length % 4:
self.recv_channel(4 - read_length % 4) # padding
read_length += 4 - read_length % 4
is_authenticated = bytes_to_bint(self.recv_channel(4))
read_length += 4
ln = bytes_to_bint(self.recv_channel(4))
keys = self.recv_channel(ln)
read_length += 4 + ln
if read_length % 4:
self.recv_channel(4 - read_length % 4) # padding
read_length += 4 - read_length % 4
if self.plugin_name == b'Legacy_Auth' and is_authenticated == 0:
raise OperationalError('Unauthorized')
if self.plugin_name == b'Srp':
ln = bytes_to_int(data[:2])
server_salt = data[2:ln+2]
server_public_key = srp.bytes2long(
hex_to_bytes(data[4+ln:]))
client_proof, auth_key = srp.client_proof(
self.str_to_bytes(self.user.upper()),
self.str_to_bytes(self.password),
server_salt,
self.client_public_key,
server_public_key,
self.client_private_key)
# send op_cont_auth
p = xdrlib.Packer()
p.pack_int(self.op_cont_auth)
p.pack_string(bytes_to_hex(client_proof))
p.pack_bytes(self.plugin_name)
p.pack_bytes(self.plugin_list)
p.pack_bytes(b'')
self.sock.send(p.get_buffer())
(h, oid, buf) = self._op_response()
# op_crypt: plugin[Arc4] key[Symmetric]
p = xdrlib.Packer()
p.pack_int(self.op_crypt)
p.pack_string(b'Arc4')
p.pack_string(b'Symmetric')
self.sock.send(p.get_buffer())
self.sock.set_translator(Arc4(auth_key), Arc4(auth_key))
(h, oid, buf) = self._op_response()
else:
assert op_code == self.op_accept
def _op_accept(self):
b = self.recv_channel(4)
while bytes_to_bint(b) == self.op_dummy:
b = self.recv_channel(4)
if bytes_to_bint(b) == self.op_reject:
raise OperationalError('Connection is rejected')
op_code = bytes_to_bint(b)
if op_code == self.op_response:
return self._parse_op_response() # error occured
b = self.recv_channel(12)
self.accept_version = byte_to_int(b[3])
self.accept_architecture = bytes_to_bint(b[4:8])
self.accept_type = bytes_to_bint(b[8:])
self.lazy_response_count = 0
if op_code == self.op_cond_accept or op_code == self.op_accept_data:
read_length = 0
ln = bytes_to_bint(self.recv_channel(4))
data = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_bint(self.recv_channel(4))
self.accept_plugin_name = self.recv_channel(ln,
word_alignment=True)
is_authenticated = bytes_to_bint(self.recv_channel(4))
read_length += 4
ln = bytes_to_bint(self.recv_channel(4))
self.recv_channel(ln, word_alignment=True) # keys
if is_authenticated == 0:
if self.accept_plugin_name == b'Srp':
ln = bytes_to_int(data[:2])
server_salt = data[2:ln + 2]
server_public_key = srp.bytes2long(
hex_to_bytes(data[4 + ln:]))
auth_data, session_key = srp.client_proof(
self.str_to_bytes(self.user.upper()),
self.str_to_bytes(self.password), server_salt,
self.client_public_key, server_public_key,
self.client_private_key)
elif self.accept_plugin_name == b'Legacy_Auth':
auth_data = get_crypt(self.password)
else:
raise OperationalError('Unauthorized')
if self.wire_crypt:
# send op_cont_auth
p = xdrlib.Packer()
p.pack_int(self.op_cont_auth)
p.pack_string(bytes_to_hex(auth_data))
p.pack_bytes(self.accept_plugin_name)
p.pack_bytes(self.plugin_list)
p.pack_bytes(b'')
self.sock.send(p.get_buffer())
(h, oid, buf) = self._op_response()
# op_crypt: plugin[Arc4] key[Symmetric]
p = xdrlib.Packer()
p.pack_int(self.op_crypt)
p.pack_string(b'Arc4')
p.pack_string(b'Symmetric')
self.sock.send(p.get_buffer())
self.sock.set_translator(ARC4.new(session_key),
ARC4.new(session_key))
(h, oid, buf) = self._op_response()
else: # use later _op_attach() and _op_create()
self.auth_data = auth_data
else:
assert op_code == self.op_accept
def _parse_connect_response(self):
# want and treat op_accept or op_cond_accept or op_accept_data
b = self.recv_channel(4)
while bytes_to_bint(b) == self.op_dummy:
b = self.recv_channel(4)
if bytes_to_bint(b) == self.op_reject:
raise OperationalError('Connection is rejected')
op_code = bytes_to_bint(b)
if op_code == self.op_response:
return self._parse_op_response() # error occured
b = self.recv_channel(12)
self.accept_version = byte_to_int(b[3])
self.accept_architecture = bytes_to_bint(b[4:8])
self.accept_type = bytes_to_bint(b[8:])
self.lazy_response_count = 0
if op_code == self.op_cond_accept or op_code == self.op_accept_data:
ln = bytes_to_bint(self.recv_channel(4))
data = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_bint(self.recv_channel(4))
self.accept_plugin_name = self.recv_channel(ln,
word_alignment=True)
is_authenticated = bytes_to_bint(self.recv_channel(4))
ln = bytes_to_bint(self.recv_channel(4))
self.recv_channel(ln, word_alignment=True) # keys
if is_authenticated == 0:
if self.accept_plugin_name in (b'Srp256', b'Srp'):
if self.accept_plugin_name == b'Srp256':
hash_algo = hashlib.sha256
elif self.accept_plugin_name == b'Srp':
hash_algo = hashlib.sha1
else:
raise OperationalError('Unknown auth plugin %s' %
(self.accept_plugin_name))
user = self.user
if len(user) > 2 and user[0] == user[-1] == '"':
user = user[1:-1]
user = user.replace('""', '"')
else:
user = user.upper()
if len(data) == 0:
raise OperationalError('Unauthorized')
ln = bytes_to_int(data[:2])
server_salt = data[2:ln + 2]
server_public_key = srp.bytes2long(
hex_to_bytes(data[4 + ln:]))
auth_data, session_key = srp.client_proof(
self.str_to_bytes(user),
self.str_to_bytes(self.password), server_salt,
self.client_public_key, server_public_key,
self.client_private_key, hash_algo)
elif self.accept_plugin_name == b'Legacy_Auth':
auth_data = self.str_to_bytes(get_crypt(self.password))
else:
raise OperationalError('Unauthorized')
if self.wire_crypt:
# send op_cont_auth
p = xdrlib.Packer()
p.pack_int(self.op_cont_auth)
p.pack_string(bytes_to_hex(auth_data))
p.pack_bytes(self.accept_plugin_name)
p.pack_bytes(self.plugin_list)
p.pack_bytes(b'')
self.sock.send(p.get_buffer())
(h, oid, buf) = self._op_response()
# op_crypt: plugin[Arc4] key[Symmetric]
p = xdrlib.Packer()
p.pack_int(self.op_crypt)
p.pack_string(b'Arc4')
p.pack_string(b'Symmetric')
self.sock.send(p.get_buffer())
self.sock.set_translator(ARC4.new(session_key),
ARC4.new(session_key))
(h, oid, buf) = self._op_response()
else: # use later _op_attach() and _op_create()
self.auth_data = auth_data
else:
assert op_code == self.op_accept
def _parse_connect_response(self):
# want and treat op_accept or op_cond_accept or op_accept_data
b = self.recv_channel(4)
while bytes_to_bint(b) == self.op_dummy:
b = self.recv_channel(4)
if bytes_to_bint(b) == self.op_reject:
raise OperationalError('Connection is rejected')
op_code = bytes_to_bint(b)
if op_code == self.op_response:
return self._parse_op_response() # error occured
b = self.recv_channel(12)
self.accept_version = byte_to_int(b[3])
self.accept_architecture = bytes_to_bint(b[4:8])
self.accept_type = bytes_to_bint(b[8:])
self.lazy_response_count = 0
if op_code == self.op_cond_accept or op_code == self.op_accept_data:
ln = bytes_to_bint(self.recv_channel(4))
data = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_bint(self.recv_channel(4))
self.accept_plugin_name = self.recv_channel(ln, word_alignment=True)
is_authenticated = bytes_to_bint(self.recv_channel(4))
ln = bytes_to_bint(self.recv_channel(4))
self.recv_channel(ln, word_alignment=True) # keys
if is_authenticated == 0:
if self.accept_plugin_name in (b'Srp256', b'Srp'):
hash_algo = {
b'Srp256': hashlib.sha256,
b'Srp': hashlib.sha1,
}[self.accept_plugin_name]
user = self.user
if len(user) > 2 and user[0] == user[-1] == '"':
user = user[1:-1]
user = user.replace('""','"')
else:
user = user.upper()
if len(data) == 0:
# send op_cont_auth
self._op_cont_auth(
srp.long2bytes(self.client_public_key),
self.accept_plugin_name,
self.plugin_list,
b''
)
# parse op_cont_auth
b = self.recv_channel(4)
assert bytes_to_bint(b) == self.op_cont_auth
ln = bytes_to_bint(self.recv_channel(4))
data = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_bint(self.recv_channel(4))
plugin_name = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_bint(self.recv_channel(4))
plugin_list = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_bint(self.recv_channel(4))
keys = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_int(data[:2])
server_salt = data[2:ln+2]
server_public_key = srp.bytes2long(
hex_to_bytes(data[4+ln:]))
auth_data, session_key = srp.client_proof(
self.str_to_bytes(user),
self.str_to_bytes(self.password),
server_salt,
self.client_public_key,
server_public_key,
self.client_private_key,
hash_algo)
elif self.accept_plugin_name == b'Legacy_Auth':
auth_data = self.str_to_bytes(get_crypt(self.password))
session_key = b''
else:
raise OperationalError(
'Unknown auth plugin %s' % (self.accept_plugin_name)
)
else:
auth_data = b''
session_key = b''
if op_code == self.op_cond_accept:
self._op_cont_auth(
auth_data,
self.accept_plugin_name,
self.plugin_list,
b''
)
(h, oid, buf) = self._op_response()
if self.wire_crypt and session_key:
# op_crypt: plugin[Arc4] key[Symmetric]
p = xdrlib.Packer()
p.pack_int(self.op_crypt)
p.pack_string(b'Arc4')
p.pack_string(b'Symmetric')
self.sock.send(p.get_buffer())
self.sock.set_translator(
ARC4.new(session_key), ARC4.new(session_key))
(h, oid, buf) = self._op_response()
else: # use later _op_attach() and _op_create()
self.auth_data = auth_data
else:
assert op_code == self.op_accept