Exemple #1
0
 def authenticate_hmac(self, challenge_response, client_salt=None):
     log("authenticate_hmac(%r, %r)", challenge_response, client_salt)
     self.sessions = None
     if not self.salt:
         log.error(
             "Error: illegal challenge response received - salt cleared or unset"
         )
         return None
     #ensure this salt does not get re-used:
     salt = self.get_response_salt(client_salt)
     entry = self.get_auth_info()
     if entry is None:
         log.warn("Warning: authentication failed")
         log.warn(" no password for '%s' in '%s'", self.username,
                  self.password_filename)
         return None
     log("authenticate: auth-info(%s)=%s", self.username, entry)
     fpassword, uid, gid, displays, env_options, session_options = entry
     log("multifile authenticate_hmac password='******', hex(salt)=%s",
         fpassword, hexstr(salt))
     if not verify_digest(self.digest, fpassword, salt, challenge_response):
         log.warn("Warning: %s challenge for '%s' does not match",
                  self.digest, self.username)
         return False
     self.sessions = uid, gid, displays, env_options, session_options
     return True
Exemple #2
0
def getuid(v):
    try:
        return int(v)
    except:
        log("uid '%s' is not an int", v)
    if os.name=="posix":
        try:
            import pwd
            return pwd.getpwnam(v or "nobody").pw_uid
        except Exception as e:
            log.error("Error: cannot find uid of '%s': %s", v, e)
        return os.getuid()
    return -1
Exemple #3
0
def getgid(v):
    try:
        return int(v)
    except:
        log("gid '%s' is not an int", v)
    if os.name=="posix":
        try:
            import grp          #@UnresolvedImport
            return grp.getgrnam(v or "nobody").gr_gid
        except Exception as e:
            log.error("Error: cannot find gid of '%s': %s", v, e)
        return os.getgid()
    return -1
Exemple #4
0
def getgid(v):
    try:
        return int(v)
    except:
        log("gid '%s' is not an int", v)
    if os.name == "posix":
        try:
            import grp  #@UnresolvedImport
            return grp.getgrnam(v or "nobody").gr_gid
        except Exception as e:
            log.error("Error: cannot find gid of '%s': %s", v, e)
        return os.getgid()
    return -1
Exemple #5
0
def getuid(v):
    try:
        return int(v)
    except:
        log("uid '%s' is not an int", v)
    if os.name == "posix":
        try:
            import pwd
            return pwd.getpwnam(v or "nobody").pw_uid
        except Exception as e:
            log.error("Error: cannot find uid of '%s': %s", v, e)
        return os.getuid()
    return -1
Exemple #6
0
 def parse_filedata(self, data):
     if not data:
         return {}
     auth_data = {}
     i = 0
     for line in data.splitlines():
         i += 1
         line = line.strip()
         log("line %s: %s", i, line)
         if not line or line.startswith(b"#"):
             continue
         try:
             v = parse_auth_line(line)
             if v:
                 username, password, uid, gid, displays, env_options, session_options = v
                 if username in auth_data:
                     log.error("Error: duplicate entry for username '%s' in '%s'", username, self.password_filename)
                 else:
                     auth_data[username] = password, uid, gid, displays, env_options, session_options
         except Exception as e:
             log("parsing error", exc_info=True)
             log.error("Error parsing password file '%s' at line %i:", self.password_filename, i)
             log.error(" '%s'", bytestostr(line))
             log.error(" %s", e)
             continue
     log("parsed auth data from file %s: %s", self.password_filename, auth_data)
     return auth_data
Exemple #7
0
 def authenticate_hmac(self, challenge_response, client_salt):
     log("authenticate_hmac(%s, %s)", challenge_response, client_salt)
     self.sessions = None
     if not self.salt:
         log.error(
             "Error: illegal challenge response received - salt cleared or unset"
         )
         return None
     #ensure this salt does not get re-used:
     salt = self.get_response_salt(client_salt)
     entry = self.get_auth_info()
     if entry is None:
         log.error("Error: authentication failed")
         log.error(" no password for '%s' in '%s'", self.username,
                   self.password_filename)
         return None
     log("authenticate: auth-info(%s)=%s", self.username, entry)
     fpassword, uid, gid, displays, env_options, session_options = entry
     digestmod = get_digest_module(self.digest)
     verify = hmac.HMAC(strtobytes(fpassword),
                        strtobytes(salt),
                        digestmod=digestmod).hexdigest()
     log(
         "multifile authenticate_hmac(%s) password='******', hex(salt)=%s, hash=%s",
         challenge_response, fpassword, binascii.hexlify(strtobytes(salt)),
         verify)
     if not hmac.compare_digest(verify, challenge_response):
         log("expected '%s' but got '%s'", verify, challenge_response)
         log.error("Error: hmac password challenge for '%s' does not match",
                   self.username)
         return False
     self.sessions = uid, gid, displays, env_options, session_options
     return True
Exemple #8
0
 def parse_filedata(self, data):
     global socket_dir, socket_dirs
     if not data:
         return {}
     auth_data = {}
     i = 0
     for line in data.splitlines():
         i += 1
         line = line.strip()
         log("line %s: %s", i, line)
         if len(line)==0 or line.startswith(b"#"):
             continue
         try:
             v = parse_auth_line(line)
             if v:
                 username, password, uid, gid, displays, env_options, session_options = v
                 if username in auth_data:
                     log.error("Error: duplicate entry for username '%s' in '%s'", username, self.password_filename)
                 else:
                     auth_data[username] = password, uid, gid, displays, env_options, session_options
         except Exception as e:
             log("parsing error", exc_info=True)
             log.error("Error parsing password file '%s' at line %i:", self.password_filename, i)
             log.error(" '%s'", line)
             log.error(" %s", e)
             continue
     log("parsed auth data from file %s: %s", self.password_filename, auth_data)
     return auth_data
Exemple #9
0
 def authenticate_hmac(self, challenge_response, client_salt):
     self.sessions = None
     if not self.salt:
         log.error("Error: illegal challenge response received - salt cleared or unset")
         return None
     #ensure this salt does not get re-used:
     if client_salt is None:
         salt = self.salt
     else:
         salt = xor(self.salt, client_salt)
     self.salt = None
     entry = self.get_auth_info()
     log("authenticate(%s) auth-info=%s", self.username, entry)
     if entry is None:
         log.error("Error: authentication failed")
         log.error(" no password for '%s' in '%s'", self.username, self.password_filename)
         return None
     fpassword, uid, gid, displays, env_options, session_options = entry
     verify = hmac.HMAC(strtobytes(fpassword), strtobytes(salt), digestmod=hashlib.md5).hexdigest()
     log("authenticate(%s) password='******', hex(salt)=%s, hash=%s", challenge_response, fpassword, binascii.hexlify(strtobytes(salt)), verify)
     if not hmac.compare_digest(verify, challenge_response):
         log("expected '%s' but got '%s'", verify, challenge_response)
         log.error("Error: hmac password challenge for '%s' does not match", self.username)
         return False
     self.sessions = uid, gid, displays, env_options, session_options
     return True
Exemple #10
0
 def authenticate(self, challenge_response, client_salt):
     if not self.salt:
         log.error("Error: illegal challenge response received - salt cleared or unset")
         return None
     #ensure this salt does not get re-used:
     if client_salt is None:
         salt = self.salt
     else:
         salt = xor(self.salt, client_salt)
     self.salt = None
     password = self.get_password()
     if not password:
         log.error("Error: authentication failed")
         log.error(" no password for '%s' in '%s'", self.username, self.password_filename)
         return False
     verify = hmac.HMAC(strtobytes(password), strtobytes(salt), digestmod=hashlib.md5).hexdigest()
     log("authenticate(%s) password='******', hex(salt)=%s, hash=%s", challenge_response, nonl(password), binascii.hexlify(strtobytes(salt)), verify)
     if hasattr(hmac, "compare_digest"):
         eq = hmac.compare_digest(verify, challenge_response)
     else:
         eq = verify==challenge_response
     if not eq:
         log("expected '%s' but got '%s'", verify, challenge_response)
         log.error("Error: hmac password challenge for '%s' does not match", self.username)
         return False
     return True
Exemple #11
0
 def authenticate_hmac(self, challenge_response, client_salt=None):
     if not self.salt:
         log.error("Error: illegal challenge response received - salt cleared or unset")
         return None
     salt = self.get_response_salt(client_salt)
     password = self.get_password()
     log("authenticate_hmac() get_password()=%s", obsc(password))
     if not password:
         log.warn("Warning: authentication failed")
         log.warn(" no password for '%s' in '%s'", self.username, self.password_filename)
         return False
     if not verify_digest(self.digest, password, salt, challenge_response):
         log.warn("Warning: %s challenge for '%s' does not match", self.digest, self.username)
         return False
     return True
Exemple #12
0
 def authenticate(self, challenge_response, client_salt):
     if not self.salt:
         log.error(
             "Error: illegal challenge response received - salt cleared or unset"
         )
         return None
     salt = self.get_response_salt(client_salt)
     password = self.get_password()
     if not password:
         log.error("Error: authentication failed")
         log.error(" no password for '%s' in '%s'", self.username,
                   self.password_filename)
         return False
     if not self.verify_hmac_md5(password, salt):
         log("expected '%s' but got '%s'", verify, challenge_response)
         log.error("Error: hmac password challenge for '%s' does not match",
                   self.username)
         return False
     return True
Exemple #13
0
 def authenticate(self, challenge_response, client_salt):
     if not self.salt:
         log.error("Error: illegal challenge response received - salt cleared or unset")
         return None
     #ensure this salt does not get re-used:
     if client_salt is None:
         salt = self.salt
     else:
         salt = xor(self.salt, client_salt)
     self.salt = None
     password = self.get_password()
     if not password:
         log.error("Error: authentication failed")
         log.error(" no password for '%s' in '%s'", self.username, self.password_filename)
         return False
     verify = hmac.HMAC(strtobytes(password), strtobytes(salt), digestmod=hashlib.md5).hexdigest()
     log("authenticate(%s) password='******', hex(salt)=%s, hash=%s", challenge_response, nonl(password), binascii.hexlify(strtobytes(salt)), verify)
     if not hmac.compare_digest(verify, challenge_response):
         log("expected '%s' but got '%s'", verify, challenge_response)
         log.error("Error: hmac password challenge for '%s' does not match", self.username)
         return False
     return True
Exemple #14
0
 def authenticate_hmac(self, challenge_response, client_salt):
     self.sessions = None
     if not self.salt:
         log.error(
             "Error: illegal challenge response received - salt cleared or unset"
         )
         return None
     #ensure this salt does not get re-used:
     if client_salt is None:
         salt = self.salt
     else:
         salt = xor(self.salt, client_salt)
     self.salt = None
     entry = self.get_auth_info()
     log("authenticate(%s) auth-info=%s", self.username, entry)
     if entry is None:
         log.error("Error: authentication failed")
         log.error(" no password for '%s' in '%s'", self.username,
                   self.password_filename)
         return None
     fpassword, uid, gid, displays, env_options, session_options = entry
     verify = hmac.HMAC(strtobytes(fpassword),
                        strtobytes(salt),
                        digestmod=hashlib.md5).hexdigest()
     log("authenticate(%s) password='******', hex(salt)=%s, hash=%s",
         challenge_response, fpassword, binascii.hexlify(strtobytes(salt)),
         verify)
     if hasattr(hmac, "compare_digest"):
         eq = hmac.compare_digest(verify, challenge_response)
     else:
         eq = verify == challenge_response
     if not eq:
         log("expected '%s' but got '%s'", verify, challenge_response)
         log.error("Error: hmac password challenge for '%s' does not match",
                   self.username)
         return False
     self.sessions = uid, gid, displays, env_options, session_options
     return True
Exemple #15
0
 def authenticate_hmac(self, challenge_response, client_salt):
     self.sessions = None
     if not self.salt:
         log.error(
             "Error: illegal challenge response received - salt cleared or unset"
         )
         return None
     #ensure this salt does not get re-used:
     salt = self.get_response_salt(client_salt)
     entry = self.get_auth_info()
     log("authenticate(%s) auth-info=%s", self.username, entry)
     if entry is None:
         log.error("Error: authentication failed")
         log.error(" no password for '%s' in '%s'", self.username,
                   self.password_filename)
         return None
     fpassword, uid, gid, displays, env_options, session_options = entry
     if not self.verify_hmac_md5(password, salt):
         log("expected '%s' but got '%s'", verify, challenge_response)
         log.error("Error: hmac password challenge for '%s' does not match",
                   self.username)
         return False
     self.sessions = uid, gid, displays, env_options, session_options
     return True
Exemple #16
0
 def authenticate_hmac(self, challenge_response, client_salt):
     if not self.salt:
         log.error("Error: illegal challenge response received - salt cleared or unset")
         return None
     salt = self.get_response_salt(client_salt)
     password = self.get_password()
     if not password:
         log.error("Error: authentication failed")
         log.error(" no password for '%s' in '%s'", self.username, self.password_filename)
         return False
     digestmod = get_digest_module(self.digest)
     if not digestmod:
         log.error("Error: %s authentication failed", self)
         log.error(" digest module '%s' is invalid", self.digest)
         return False
     verify = hmac.HMAC(strtobytes(password), strtobytes(salt), digestmod=digestmod).hexdigest()
     log("file authenticate(%s) password='******', salt=%s, hash=%s", nonl(challenge_response), nonl(password), binascii.hexlify(strtobytes(salt)), verify)
     if not hmac.compare_digest(verify, challenge_response):
         log("expected '%s' but got '%s'", verify, challenge_response)
         log.error("Error: hmac password challenge for '%s' does not match", self.username)
         return False
     return True