def testOtp(self):
from Exscript.util.crypt import otp
hash = otp('password', 'abc123', 9999)
self.assertEqual('ACTA AMMO CAR WEB BIN YAP', hash)
hash = otp('password', 'abc123', 9998)
self.assertEqual('LESS CLUE LISA MEAT MAGI USER', hash)
hash = otp('pass', 'abc123', 9998)
self.assertEqual('DRAB LEER VOTE RICH NEWS FRAU', hash)
hash = otp('pass', 'abc888', 9998)
self.assertEqual('DEBT BOON ASKS ORAL MEN WEE', hash)
def testOtp(self):
from Exscript.util.crypt import otp
hash = otp('password', 'abc123', 9999)
self.assertEqual('ACTA AMMO CAR WEB BIN YAP', hash)
hash = otp('password', 'abc123', 9998)
self.assertEqual('LESS CLUE LISA MEAT MAGI USER', hash)
hash = otp('pass', 'abc123', 9998)
self.assertEqual('DRAB LEER VOTE RICH NEWS FRAU', hash)
hash = otp('pass', 'abc888', 9998)
self.assertEqual('DEBT BOON ASKS ORAL MEN WEE', hash)
def otp(scope, password, seed, seqs):
"""
Calculates a one-time password hash using the given password, seed, and
sequence number and returns it.
Uses the md4/sixword algorithm as supported by TACACS+ servers.
:type password: string
:param password: A password.
:type seed: string
:param seed: A username.
:type seqs: int
:param seqs: A sequence number, or a list of sequence numbers.
:rtype: string
:return: A hash, or a list of hashes.
"""
return [crypt.otp(password[0], seed[0], int(seq)) for seq in seqs]
def _app_authenticate(self,
account,
password,
flush = True,
bailout = False):
user = account.get_name()
while True:
# Wait for any prompt. Once a match is found, we need to be able
# to find out which type of prompt was matched, so we build a
# structure to allow for mapping the match index back to the
# prompt type.
prompts = (('login-error', self.get_login_error_prompt()),
('username', self.get_username_prompt()),
('skey', [_skey_re]),
('password', self.get_password_prompt()),
('cli', self.get_prompt()))
prompt_map = []
prompt_list = []
for section, sectionprompts in prompts:
for prompt in sectionprompts:
prompt_map.append((section, prompt))
prompt_list.append(prompt)
# Wait for the prompt.
try:
index, match = self._waitfor(prompt_list)
except TimeoutException:
if self.response is None:
self.response = ''
msg = "Buffer: %s" % repr(self.response)
raise TimeoutException(msg)
except DriverReplacedException:
# Driver replaced, retry.
self._dbg(1, 'Protocol.app_authenticate(): driver replaced')
continue
except ExpectCancelledException:
self._dbg(1, 'Protocol.app_authenticate(): expect cancelled')
raise
except EOFError:
self._dbg(1, 'Protocol.app_authenticate(): EOF')
raise
# Login error detected.
section, prompt = prompt_map[index]
if section == 'login-error':
raise LoginFailure("Login failed")
# User name prompt.
elif section == 'username':
self._dbg(1, "Username prompt %s received." % index)
self.expect(prompt) # consume the prompt from the buffer
self.send(user + '\r')
continue
# s/key prompt.
elif section == 'skey':
self._dbg(1, "S/Key prompt received.")
self.expect(prompt) # consume the prompt from the buffer
seq = int(match.group(1))
seed = match.group(2)
self.otp_requested_event(account, seq, seed)
self._dbg(2, "Seq: %s, Seed: %s" % (seq, seed))
phrase = otp(password, seed, seq)
# A password prompt is now required.
self.expect(self.get_password_prompt())
self.send(phrase + '\r')
self._dbg(1, "Password sent.")
if bailout:
break
continue
# Cleartext password prompt.
elif section == 'password':
self._dbg(1, "Cleartext password prompt received.")
self.expect(prompt) # consume the prompt from the buffer
self.send(password + '\r')
if bailout:
break
continue
# Shell prompt.
elif section == 'cli':
self._dbg(1, 'Shell prompt received.')
if flush:
self.expect_prompt()
break
else:
assert False # No such section
def _app_authenticate(self, account, password, flush=True, bailout=False):
user = account.get_name()
while True:
# Wait for any prompt. Once a match is found, we need to be able
# to find out which type of prompt was matched, so we build a
# structure to allow for mapping the match index back to the
# prompt type.
prompts = (('login-error', self.get_login_error_prompt()),
('username', self.get_username_prompt()),
('skey', [_skey_re]), ('password',
self.get_password_prompt()),
('cli', self.get_prompt()))
prompt_map = []
prompt_list = []
for section, sectionprompts in prompts:
for prompt in sectionprompts:
prompt_map.append((section, prompt))
prompt_list.append(prompt)
# Wait for the prompt.
try:
index, match = self._waitfor(prompt_list)
except TimeoutException:
if self.response is None:
self.response = ''
msg = "Buffer: %s" % repr(self.response)
raise TimeoutException(msg)
except DriverReplacedException:
# Driver replaced, retry.
self._dbg(1, 'Protocol.app_authenticate(): driver replaced')
continue
except ExpectCancelledException:
self._dbg(1, 'Protocol.app_authenticate(): expect cancelled')
raise
except EOFError:
self._dbg(1, 'Protocol.app_authenticate(): EOF')
raise
# Login error detected.
section, prompt = prompt_map[index]
if section == 'login-error':
raise LoginFailure("Login failed")
# User name prompt.
elif section == 'username':
self._dbg(1, "Username prompt %s received." % index)
self.expect(prompt) # consume the prompt from the buffer
self.send(user + '\r')
continue
# s/key prompt.
elif section == 'skey':
self._dbg(1, "S/Key prompt received.")
self.expect(prompt) # consume the prompt from the buffer
seq = int(match.group(1))
seed = match.group(2)
self.otp_requested_event(account, seq, seed)
self._dbg(2, "Seq: %s, Seed: %s" % (seq, seed))
phrase = otp(password, seed, seq)
# A password prompt is now required.
self.expect(self.get_password_prompt())
self.send(phrase + '\r')
self._dbg(1, "Password sent.")
if bailout:
break
continue
# Cleartext password prompt.
elif section == 'password':
self._dbg(1, "Cleartext password prompt received.")
self.expect(prompt) # consume the prompt from the buffer
self.send(password + '\r')
if bailout:
break
continue
# Shell prompt.
elif section == 'cli':
self._dbg(1, 'Shell prompt received.')
if flush:
self.expect_prompt()
break
else:
assert False # No such section
