def __init__(self, username, **kwargs):
log("exec.Authenticator(%s, %s)", username, kwargs)
self.command = kwargs.pop("command", "")
self.timeout = kwargs.pop("timeout", TIMEOUT)
self.timer = None
self.proc = None
self.timeout_event = False
if not self.command:
#try to find the default auth_dialog executable:
from xpra.platform.paths import get_libexec_dir
libexec = get_libexec_dir()
xpralibexec = os.path.join(libexec, "xpra")
log("libexec=%s, xpralibexec=%s", libexec, xpralibexec)
if os.path.exists(xpralibexec) and os.path.isdir(xpralibexec):
libexec = xpralibexec
auth_dialog = os.path.join(libexec, "auth_dialog")
if EXECUTABLE_EXTENSION:
#ie: add ".exe" on MS Windows
auth_dialog += ".%s" % EXECUTABLE_EXTENSION
log("auth_dialog=%s", auth_dialog)
if os.path.exists(auth_dialog):
self.command = auth_dialog
assert self.command, "exec authentication module is not configured correctly: no command specified"
connection = kwargs.get("connection")
log("exec connection info: %s", connection)
assert connection, "connection object is missing"
self.connection_str = str(connection)
SysAuthenticator.__init__(self, username, **kwargs)
def __init__(self, username, **kwargs):
self.password_query = kwargs.pop("password_query", "SELECT password FROM users WHERE username=(%s)")
self.sessions_query = kwargs.pop("sessions_query",
"SELECT uid, gid, displays, env_options, session_options "+
"FROM users WHERE username=(%s) AND password=(%s)")
SysAuthenticator.__init__(self, username, **kwargs)
self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs):
filename = kwargs.pop("filename", 'sqlite.sdb')
if filename and not os.path.isabs(filename):
exec_cwd = kwargs.get("exec_cwd", os.getcwd())
filename = os.path.join(exec_cwd, filename)
self.filename = filename
self.password_query = kwargs.pop("password_query", "SELECT password FROM users WHERE username=(?)")
self.sessions_query = kwargs.pop("sessions_query", "SELECT uid, gid, displays, env_options, session_options FROM users WHERE username=(?)")
SysAuthenticator.__init__(self, username, **kwargs)
self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs):
filename = kwargs.pop("filename", password_file)
if filename and not os.path.isabs(filename):
exec_cwd = kwargs.get("exec_cwd", os.getcwd())
filename = os.path.join(exec_cwd, filename)
SysAuthenticator.__init__(self, username, **kwargs)
self.password_filename = filename
self.password_filedata = None
self.password_filetime = None
self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs):
self.app_id = kwargs.pop("app_id", APP_ID)
key_hexstring = kwargs.pop("public_key", "")
SysAuthenticator.__init__(self, username, **kwargs)
self.public_keys = OrderedDict()
key_strs = OrderedDict()
if key_hexstring:
log("u2f_auth: public key from configuration=%s", key_hexstring)
key_strs["command-option"] = key_hexstring
#try to load public keys from the user conf dir(s):
if getuid() == 0 and POSIX:
#root: use the uid of the username specified:
uid = self.get_uid()
else:
uid = getuid()
conf_dirs = get_user_conf_dirs(uid)
log("u2f: will try to load public keys from %s", csv(conf_dirs))
#load public keys:
for d in conf_dirs:
ed = osexpand(d)
if os.path.exists(ed) and os.path.isdir(ed):
pub_keyfiles = glob.glob(os.path.join(ed, "u2f*-pub.hex"))
log("u2f: keyfiles(%s)=%s", ed, pub_keyfiles)
for f in sorted(pub_keyfiles):
key_hexstring = load_binary_file(f)
if key_hexstring:
key_hexstring = key_hexstring.rstrip(b" \n\r")
key_strs[f] = key_hexstring
log("u2f_auth: loaded public key from file '%s': %s",
f, key_hexstring)
#parse public key data:
from cryptography.hazmat.primitives.serialization import load_der_public_key
from cryptography.hazmat.backends import default_backend
for origin, key_hexstring in key_strs.items():
try:
key = binascii.unhexlify(key_hexstring)
except Exception as e:
log("unhexlify(%s)", key_hexstring, exc_info=True)
log.warn("Warning: failed to parse key '%s'", origin)
log.warn(" %s", e)
continue
log("u2f: trying to load DER public key %s", repr(key))
if not key.startswith(PUB_KEY_DER_PREFIX):
key = PUB_KEY_DER_PREFIX + key
try:
k = load_der_public_key(key, default_backend())
except Exception as e:
log("load_der_public_key(%r)", key, exc_info=True)
log.warn("Warning: failed to parse key '%s'", origin)
log.warn(" %s", e)
continue
self.public_keys[origin] = k
if not self.public_keys:
raise Exception(
"u2f authenticator requires at least one public key")
def __init__(self, username, **kwargs):
password_files = [kwargs.pop("filename", None)]+list(password_file or [])
log("FileAuthenticatorBase password_files=%s", password_files)
filename = None
for filename in password_files:
if not filename:
continue
if not os.path.isabs(filename):
exec_cwd = kwargs.get("exec_cwd", os.getcwd())
filename = os.path.join(exec_cwd, filename)
if os.path.exists(filename):
break
log("FileAuthenticatorBase filename=%s", filename)
SysAuthenticator.__init__(self, username, **kwargs)
self.password_filename = filename
self.password_filedata = None
self.password_filetime = None
self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs):
log("hosts.Authenticator(%s, %s)", username, kwargs)
if not POSIX:
log.warn("Warning: hosts authentication is not supported on %s",
os.name)
return
connection = kwargs.get("connection", None)
try:
from xpra.net.bytestreams import SocketConnection
if not connection and isinstance(connection, SocketConnection):
raise Exception(
"hosts: invalid connection '%s' (not a socket connection)"
% connection)
info = connection.get_info()
log("hosts.Authenticator(..) connection info=%s", info)
host = info.get("remote")[0]
peername = info.get("endpoint")[0]
except Exception as e:
log.error("Error: cannot get host from connection")
log.error(" %s", e)
raise
self.peername = peername
self.host = host
SysAuthenticator.__init__(self, username, **kwargs)
def __init__(self, username, **kwargs):
log("peercred.Authenticator(%s, %s)", username, kwargs)
if not POSIX:
log.warn("Warning: peercred authentication is not supported on %s",
os.name)
return
self.uid = -1
self.gid = -1
self.peercred_check = False
connection = kwargs.get("connection", None)
uids = kwargs.pop("uid", None)
gids = kwargs.pop("gid", None)
allow_uids = None
allow_gids = None
if uids:
allow_uids = []
for x in uids.split(","):
x = osexpand(x.strip())
try:
allow_uids.append(int(x))
except ValueError:
import pwd
try:
pw = pwd.getpwnam(x)
uids.append(pw.pw_uid)
except KeyError:
log.warn("Warning: unknown username '%s'", x)
log("peercred: allow_uids(%s)=%s", uids, allow_uids)
if gids:
allow_gids = []
for x in gids.split(","):
x = osexpand(x.strip())
try:
allow_gids.append(int(x))
except ValueError:
gid = get_group_id(x)
if gid >= 0:
allow_gids.append(gid)
else:
log.warn("Warning: unknown group '%s'", x)
log("peercred: allow_gids(%s)=%s", gids, allow_gids)
try:
from xpra.net.bytestreams import SocketConnection
if connection and isinstance(connection, SocketConnection):
sock = connection._socket
peercred = get_peercred(sock)
log("get_peercred(%s)=%s", sock, peercred)
if not peercred:
log.warn("Warning: failed to get peer credentials on %s",
sock)
return
_, uid, gid = peercred
if allow_uids is not None and uid not in allow_uids:
log.warn("Warning: peercred access denied,")
log.warn(" uid %i is not in the whitelist: %s", uid,
csv(allow_uids))
elif allow_gids is not None and gid not in allow_gids:
log.warn("Warning: peercred access denied,")
log.warn(" gid %i is not in the whitelist: %s", gid,
csv(allow_gids))
else:
self.peercred_check = True
self.uid = uid
self.gid = gid
else:
log(
"peercred: invalid connection '%s' (not a socket connection)",
connection)
except Exception as e:
log.error("Error: cannot get peer uid")
log.error(" %s", e)
SysAuthenticator.__init__(self, username, **kwargs)
def __init__(self, username, **kwargs):
self.service = kwargs.pop("service", PAM_AUTH_SERVICE)
SysAuthenticator.__init__(self, username, **kwargs)
def get_challenge(self):
return SysAuthenticator.get_challenge(self, mac="hmac")
def get_challenge(self):
return SysAuthenticator.get_challenge(self, mac="hmac")
def __init__(self, username, **kwargs):
print("kwargs=%s" % (kwargs, ))
SysAuthenticator.__init__(self, username)
self.value = kwargs.get("value")
self.authenticate = self.authenticate_hmac
def get_challenge(self, digests):
if "xor" not in digests:
raise Exception(
"pam authenticator requires the 'xor' digest, not %s" %
csv(digests))
return SysAuthenticator.get_challenge(self, ["xor"])
def __init__(self, username, **kwargs):
self.value = kwargs.pop("value", None)
SysAuthenticator.__init__(self, username, **kwargs)
self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs):
self.service = kwargs.pop("service", PAM_AUTH_SERVICE)
self.check_account = parse_bool("check-account", kwargs.pop("check-account", PAM_CHECK_ACCOUNT), False)
SysAuthenticator.__init__(self, username, **kwargs)
def get_challenge(self, digests):
if "xor" not in digests:
log.error("Error: pam authentication requires the 'xor' digest")
return None
return SysAuthenticator.get_challenge(self, ["xor"])
def get_challenge(self, digests):
if "xor" not in digests:
raise Exception("win32 authenticator requires the 'xor' digest")
return SysAuthenticator.get_challenge(self, ["xor"])
def __init__(self, username, **kwargs):
SysAuthenticator.__init__(self, username)
self.password_filename = kwargs.get("filename", password_file)
self.password_filedata = None
self.password_filetime = None
self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs):
SysAuthenticator.__init__(self, username)
self.value = kwargs.get("value")
self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs):
SysAuthenticator.__init__(self, username, **kwargs)
self.salt = None
self.pw = None
self.username = get_username()
def __init__(self, username, **kwargs):
SysAuthenticator.__init__(self, username)
self.var_name = kwargs.get("name", "XPRA_PASSWORD")
self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs):
SysAuthenticator.__init__(self, username)
self.var_name = kwargs.get("name", "XPRA_PASSWORD")
self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs):
SysAuthenticator.__init__(self, username)
self.value = kwargs.get("value")
self.authenticate = self.authenticate_hmac
