def uid(self, auth_plugin_list, wire_crypt):
def pack_cnct_param(k, v):
if k != CNCT_specific_data:
return bs([k] + [len(v)]) + v
# specific_data split per 254 bytes
b = b''
i = 0
while len(v) > 254:
b += bs([k, 255, i]) + v[:254]
v = v[254:]
i += 1
b += bs([k, len(v)+1, i]) + v
return b
if sys.platform == 'win32':
user = os.environ['USERNAME']
hostname = os.environ['COMPUTERNAME']
else:
user = os.environ.get('USER', '')
hostname = socket.gethostname()
r = b''
if auth_plugin_list:
specific_data = None
if auth_plugin_list[0] == 'Srp':
self.client_public_key, self.client_private_key = \
srp.client_seed()
specific_data = bytes_to_hex(
srp.long2bytes(self.client_public_key))
elif auth_plugin_list[0] == 'Legacy_Auth':
enc_pass = get_crypt(self.password)
if enc_pass:
specific_data = self.str_to_bytes(enc_pass)
else:
if not isinstance(auth_plugin_list, tuple):
raise OperationalError("Auth plugin list need tuple.")
else:
raise OperationalError(
"Unknown auth plugin name '%s'" % (auth_plugin_list[0]))
auth_plugin_list = [s.encode('utf-8') for s in auth_plugin_list]
self.plugin_name = auth_plugin_list[0]
self.plugin_list = b','.join(auth_plugin_list)
if wire_crypt:
client_crypt = int_to_bytes(1, 4)
else:
client_crypt = int_to_bytes(0, 4)
if auth_plugin_list:
r += pack_cnct_param(CNCT_login,
self.str_to_bytes(self.user.upper()))
r += pack_cnct_param(CNCT_plugin_name, self.plugin_name)
r += pack_cnct_param(CNCT_plugin_list, self.plugin_list)
if specific_data:
r += pack_cnct_param(CNCT_specific_data, specific_data)
r += pack_cnct_param(CNCT_client_crypt, client_crypt)
r += pack_cnct_param(CNCT_user, self.str_to_bytes(user))
r += pack_cnct_param(CNCT_host, self.str_to_bytes(hostname))
r += pack_cnct_param(CNCT_user_verification, b'')
return r
def uid(self, auth_plugin_name, wire_crypt):
def pack_cnct_param(k, v):
if k != CNCT_specific_data:
return bs([k] + [len(v)]) + v
# specific_data split per 254 bytes
b = b''
i = 0
while len(v) > 254:
b += bs([k, 255, i]) + v[:254]
v = v[254:]
i += 1
b += bs([k, len(v) + 1, i]) + v
return b
auth_plugin_list = ('Srp256', 'Srp', 'Legacy_Auth')
# get and calculate CNCT_xxxx values
if sys.platform == 'win32':
user = os.environ['USERNAME']
hostname = os.environ['COMPUTERNAME']
else:
user = os.environ.get('USER', '')
hostname = socket.gethostname()
if auth_plugin_name in ('Srp256', 'Srp'):
self.client_public_key, self.client_private_key = srp.client_seed()
specific_data = bytes_to_hex(srp.long2bytes(
self.client_public_key))
elif auth_plugin_name == 'Legacy_Auth':
assert crypt, "Legacy_Auth needs crypt module"
specific_data = self.str_to_bytes(get_crypt(self.password))
else:
raise OperationalError("Unknown auth plugin name '%s'" %
(auth_plugin_name, ))
self.plugin_name = auth_plugin_name
self.plugin_list = b','.join(
[s.encode('utf-8') for s in auth_plugin_list])
client_crypt = b'\x01\x00\x00\x00' if wire_crypt else b'\x00\x00\x00\x00'
# set CNCT_xxxx values
r = b''
r += pack_cnct_param(CNCT_login, self.str_to_bytes(self.user))
r += pack_cnct_param(CNCT_plugin_name,
self.str_to_bytes(self.plugin_name))
r += pack_cnct_param(CNCT_plugin_list, self.plugin_list)
r += pack_cnct_param(CNCT_specific_data, specific_data)
r += pack_cnct_param(CNCT_client_crypt, client_crypt)
r += pack_cnct_param(CNCT_user, self.str_to_bytes(user))
r += pack_cnct_param(CNCT_host, self.str_to_bytes(hostname))
r += pack_cnct_param(CNCT_user_verification, b'')
return r
def uid(self, auth_plugin_name, wire_crypt):
def pack_cnct_param(k, v):
if k != CNCT_specific_data:
return bs([k] + [len(v)]) + v
# specific_data split per 254 bytes
b = b''
i = 0
while len(v) > 254:
b += bs([k, 255, i]) + v[:254]
v = v[254:]
i += 1
b += bs([k, len(v)+1, i]) + v
return b
auth_plugin_list = ('Srp', 'Legacy_Auth')
# get and calculate CNCT_xxxx values
if sys.platform == 'win32':
user = os.environ['USERNAME']
hostname = os.environ['COMPUTERNAME']
else:
user = os.environ.get('USER', '')
hostname = socket.gethostname()
if auth_plugin_name == 'Srp':
self.client_public_key, self.client_private_key = srp.client_seed()
specific_data = bytes_to_hex(srp.long2bytes(self.client_public_key))
elif auth_plugin_name == 'Legacy_Auth':
assert crypt, "Legacy_Auth needs crypt module"
specific_data = self.str_to_bytes(get_crypt(self.password))
else:
raise OperationalError("Unknown auth plugin name '%s'" % (auth_plugin_name,))
self.plugin_name = auth_plugin_name
self.plugin_list = b','.join([s.encode('utf-8') for s in auth_plugin_list])
client_crypt = b'\x01\x00\x00\x00' if wire_crypt else b'\x00\x00\x00\x00'
# set CNCT_xxxx values
r = b''
r += pack_cnct_param(CNCT_login, self.str_to_bytes(self.user.upper()))
r += pack_cnct_param(CNCT_plugin_name, self.str_to_bytes(self.plugin_name))
r += pack_cnct_param(CNCT_plugin_list, self.plugin_list)
r += pack_cnct_param(CNCT_specific_data, specific_data)
r += pack_cnct_param(CNCT_client_crypt, client_crypt)
r += pack_cnct_param(CNCT_user, self.str_to_bytes(user))
r += pack_cnct_param(CNCT_host, self.str_to_bytes(hostname))
r += pack_cnct_param(CNCT_user_verification, b'')
return r
def _parse_connect_response(self):
# want and treat op_accept or op_cond_accept or op_accept_data
b = self.recv_channel(4)
while bytes_to_bint(b) == self.op_dummy:
b = self.recv_channel(4)
if bytes_to_bint(b) == self.op_reject:
raise OperationalError('Connection is rejected')
op_code = bytes_to_bint(b)
if op_code == self.op_response:
return self._parse_op_response() # error occured
b = self.recv_channel(12)
self.accept_version = byte_to_int(b[3])
self.accept_architecture = bytes_to_bint(b[4:8])
self.accept_type = bytes_to_bint(b[8:])
self.lazy_response_count = 0
if op_code == self.op_cond_accept or op_code == self.op_accept_data:
ln = bytes_to_bint(self.recv_channel(4))
data = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_bint(self.recv_channel(4))
self.accept_plugin_name = self.recv_channel(ln,
word_alignment=True)
is_authenticated = bytes_to_bint(self.recv_channel(4))
ln = bytes_to_bint(self.recv_channel(4))
self.recv_channel(ln, word_alignment=True) # keys
if is_authenticated == 0:
if self.accept_plugin_name in (b'Srp256', b'Srp'):
hash_algo = {
b'Srp256': hashlib.sha256,
b'Srp': hashlib.sha1,
}[self.accept_plugin_name]
user = self.user
if len(user) > 2 and user[0] == user[-1] == '"':
user = user[1:-1]
user = user.replace('""', '"')
else:
user = user.upper()
if len(data) == 0:
# send op_cont_auth
self._op_cont_auth(
srp.long2bytes(self.client_public_key),
self.accept_plugin_name, self.plugin_list, b'')
# parse op_cont_auth
b = self.recv_channel(4)
assert bytes_to_bint(b) == self.op_cont_auth
ln = bytes_to_bint(self.recv_channel(4))
data = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_bint(self.recv_channel(4))
plugin_name = self.recv_channel(ln,
word_alignment=True)
ln = bytes_to_bint(self.recv_channel(4))
plugin_list = self.recv_channel(ln,
word_alignment=True)
ln = bytes_to_bint(self.recv_channel(4))
keys = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_int(data[:2])
server_salt = data[2:ln + 2]
server_public_key = srp.bytes2long(
hex_to_bytes(data[4 + ln:]))
auth_data, session_key = srp.client_proof(
self.str_to_bytes(user),
self.str_to_bytes(self.password), server_salt,
self.client_public_key, server_public_key,
self.client_private_key, hash_algo)
elif self.accept_plugin_name == b'Legacy_Auth':
auth_data = self.str_to_bytes(get_crypt(self.password))
session_key = b''
else:
raise OperationalError('Unknown auth plugin %s' %
(self.accept_plugin_name))
else:
auth_data = b''
session_key = b''
if op_code == self.op_cond_accept:
self._op_cont_auth(auth_data, self.accept_plugin_name,
self.plugin_list, b'')
(h, oid, buf) = self._op_response()
if self.wire_crypt and session_key:
# op_crypt: plugin[Arc4] key[Symmetric]
p = xdrlib.Packer()
p.pack_int(self.op_crypt)
p.pack_bytes(b'Arc4')
p.pack_bytes(b'Symmetric')
self.sock.send(p.get_buffer())
self.sock.set_translator(ARC4.new(session_key),
ARC4.new(session_key))
(h, oid, buf) = self._op_response()
else: # use later _op_attach() and _op_create()
self.auth_data = auth_data
else:
assert op_code == self.op_accept
def _parse_connect_response(self):
# want and treat op_accept or op_cond_accept or op_accept_data
b = self.recv_channel(4)
while bytes_to_bint(b) == self.op_dummy:
b = self.recv_channel(4)
if bytes_to_bint(b) == self.op_reject:
raise OperationalError('Connection is rejected')
op_code = bytes_to_bint(b)
if op_code == self.op_response:
return self._parse_op_response() # error occured
b = self.recv_channel(12)
self.accept_version = byte_to_int(b[3])
self.accept_architecture = bytes_to_bint(b[4:8])
self.accept_type = bytes_to_bint(b[8:])
self.lazy_response_count = 0
if op_code == self.op_cond_accept or op_code == self.op_accept_data:
ln = bytes_to_bint(self.recv_channel(4))
data = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_bint(self.recv_channel(4))
self.accept_plugin_name = self.recv_channel(ln, word_alignment=True)
is_authenticated = bytes_to_bint(self.recv_channel(4))
ln = bytes_to_bint(self.recv_channel(4))
self.recv_channel(ln, word_alignment=True) # keys
if is_authenticated == 0:
if self.accept_plugin_name in (b'Srp256', b'Srp'):
hash_algo = {
b'Srp256': hashlib.sha256,
b'Srp': hashlib.sha1,
}[self.accept_plugin_name]
user = self.user
if len(user) > 2 and user[0] == user[-1] == '"':
user = user[1:-1]
user = user.replace('""','"')
else:
user = user.upper()
if len(data) == 0:
# send op_cont_auth
self._op_cont_auth(
srp.long2bytes(self.client_public_key),
self.accept_plugin_name,
self.plugin_list,
b''
)
# parse op_cont_auth
b = self.recv_channel(4)
assert bytes_to_bint(b) == self.op_cont_auth
ln = bytes_to_bint(self.recv_channel(4))
data = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_bint(self.recv_channel(4))
plugin_name = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_bint(self.recv_channel(4))
plugin_list = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_bint(self.recv_channel(4))
keys = self.recv_channel(ln, word_alignment=True)
ln = bytes_to_int(data[:2])
server_salt = data[2:ln+2]
server_public_key = srp.bytes2long(
hex_to_bytes(data[4+ln:]))
auth_data, session_key = srp.client_proof(
self.str_to_bytes(user),
self.str_to_bytes(self.password),
server_salt,
self.client_public_key,
server_public_key,
self.client_private_key,
hash_algo)
elif self.accept_plugin_name == b'Legacy_Auth':
auth_data = self.str_to_bytes(get_crypt(self.password))
session_key = b''
else:
raise OperationalError(
'Unknown auth plugin %s' % (self.accept_plugin_name)
)
else:
auth_data = b''
session_key = b''
if op_code == self.op_cond_accept:
self._op_cont_auth(
auth_data,
self.accept_plugin_name,
self.plugin_list,
b''
)
(h, oid, buf) = self._op_response()
if self.wire_crypt and session_key:
# op_crypt: plugin[Arc4] key[Symmetric]
p = xdrlib.Packer()
p.pack_int(self.op_crypt)
p.pack_string(b'Arc4')
p.pack_string(b'Symmetric')
self.sock.send(p.get_buffer())
self.sock.set_translator(
ARC4.new(session_key), ARC4.new(session_key))
(h, oid, buf) = self._op_response()
else: # use later _op_attach() and _op_create()
self.auth_data = auth_data
else:
assert op_code == self.op_accept
