def authTokenValidation(self, **kwargs): """Server Side LogIn Validation Receives a token signed by the user and validate it Security: Message from user ciphered with Server Public Key Session Management: Create a Session Key with DiffieHellman """ message = ast.literal_eval(kwargs['message']) tokenSigned = ast.literal_eval(kwargs['token']) # Decipher the Message with Server Private Key receivedData = dm.decryptMessageReceived(message['data'].decode('hex')) receivedToken = dm.decryptMessageReceived( tokenSigned['data'].decode('hex')) """ ----------------- PAM -------------------- """ user = receivedData['userID'] auth = False path = DBmodule.getPubKeyPath() myPam = pam.pam_module(user) token = um.getUserToken(user).encode('base64') signed = receivedToken['token'] if DBmodule.db_getLogIn(receivedData['userID'], receivedData['password']) == 1: match = "Gambiarra" else: match = "Menos Gambiarra" myPam.setItems(path, token, signed, match) try: myPam.auth.authenticate() except PAM.error, resp: print 'Go away! (%s)' % resp
def logInUser(self, **kwargs): """Server Side logIn User User sends his username (Unique Identifier) and his password Security: Message from user ciphered with Server Public Key Session Management: Create a Public Key with DiffieHellman""" # Decipher the Message with Server Private Key receivedData = dm.decryptMessageReceived(kwargs['data'].decode('hex')) print receivedData['userID'] # Verify if the user exists and has finished the regist process if DBmodule.db_registAuthenticate(receivedData['userID']) and \ DBmodule.db_getLogIn(receivedData['userID'], receivedData['password']) == 1: # Create Session print receivedData['userID'] print receivedData['password'] serverSession = DiffieHellman.DiffieHellman() # Create challenge token = os.urandom(20) um.addSession(receivedData['userID'], serverSession, token) # Send to client the Token and the session public key tf = tempfile.NamedTemporaryFile(delete=True) pub_key = DBmodule.db_getUserPubKey( DBmodule.db_getUserID(receivedData['userID'])).decode('hex') security.encrypt_RSA(security.importkey_RSA(pub_key), token, tf) messageToSend = { 'token': tf.read().encode('hex'), 'session': serverSession.publicKey } return json.dumps(messageToSend) elif DBmodule.db_registNotAuthenticate(receivedData['userID']): return "REGIST_AGAIN" else: return "ERROR"