def uid(self, auth_plugin_list, wire_crypt): def pack_cnct_param(k, v): if k != CNCT_specific_data: return bs([k] + [len(v)]) + v # specific_data split per 254 bytes b = b'' i = 0 while len(v) > 254: b += bs([k, 255, i]) + v[:254] v = v[254:] i += 1 b += bs([k, len(v)+1, i]) + v return b if sys.platform == 'win32': user = os.environ['USERNAME'] hostname = os.environ['COMPUTERNAME'] else: user = os.environ.get('USER', '') hostname = socket.gethostname() r = b'' if auth_plugin_list: specific_data = None if auth_plugin_list[0] == 'Srp': self.client_public_key, self.client_private_key = \ srp.client_seed() specific_data = bytes_to_hex( srp.long2bytes(self.client_public_key)) elif auth_plugin_list[0] == 'Legacy_Auth': enc_pass = get_crypt(self.password) if enc_pass: specific_data = self.str_to_bytes(enc_pass) else: if not isinstance(auth_plugin_list, tuple): raise OperationalError("Auth plugin list need tuple.") else: raise OperationalError( "Unknown auth plugin name '%s'" % (auth_plugin_list[0])) auth_plugin_list = [s.encode('utf-8') for s in auth_plugin_list] self.plugin_name = auth_plugin_list[0] self.plugin_list = b','.join(auth_plugin_list) if wire_crypt: client_crypt = int_to_bytes(1, 4) else: client_crypt = int_to_bytes(0, 4) if auth_plugin_list: r += pack_cnct_param(CNCT_login, self.str_to_bytes(self.user.upper())) r += pack_cnct_param(CNCT_plugin_name, self.plugin_name) r += pack_cnct_param(CNCT_plugin_list, self.plugin_list) if specific_data: r += pack_cnct_param(CNCT_specific_data, specific_data) r += pack_cnct_param(CNCT_client_crypt, client_crypt) r += pack_cnct_param(CNCT_user, self.str_to_bytes(user)) r += pack_cnct_param(CNCT_host, self.str_to_bytes(hostname)) r += pack_cnct_param(CNCT_user_verification, b'') return r
def uid(self, auth_plugin_name, wire_crypt): def pack_cnct_param(k, v): if k != CNCT_specific_data: return bs([k] + [len(v)]) + v # specific_data split per 254 bytes b = b'' i = 0 while len(v) > 254: b += bs([k, 255, i]) + v[:254] v = v[254:] i += 1 b += bs([k, len(v) + 1, i]) + v return b auth_plugin_list = ('Srp256', 'Srp', 'Legacy_Auth') # get and calculate CNCT_xxxx values if sys.platform == 'win32': user = os.environ['USERNAME'] hostname = os.environ['COMPUTERNAME'] else: user = os.environ.get('USER', '') hostname = socket.gethostname() if auth_plugin_name in ('Srp256', 'Srp'): self.client_public_key, self.client_private_key = srp.client_seed() specific_data = bytes_to_hex(srp.long2bytes( self.client_public_key)) elif auth_plugin_name == 'Legacy_Auth': assert crypt, "Legacy_Auth needs crypt module" specific_data = self.str_to_bytes(get_crypt(self.password)) else: raise OperationalError("Unknown auth plugin name '%s'" % (auth_plugin_name, )) self.plugin_name = auth_plugin_name self.plugin_list = b','.join( [s.encode('utf-8') for s in auth_plugin_list]) client_crypt = b'\x01\x00\x00\x00' if wire_crypt else b'\x00\x00\x00\x00' # set CNCT_xxxx values r = b'' r += pack_cnct_param(CNCT_login, self.str_to_bytes(self.user)) r += pack_cnct_param(CNCT_plugin_name, self.str_to_bytes(self.plugin_name)) r += pack_cnct_param(CNCT_plugin_list, self.plugin_list) r += pack_cnct_param(CNCT_specific_data, specific_data) r += pack_cnct_param(CNCT_client_crypt, client_crypt) r += pack_cnct_param(CNCT_user, self.str_to_bytes(user)) r += pack_cnct_param(CNCT_host, self.str_to_bytes(hostname)) r += pack_cnct_param(CNCT_user_verification, b'') return r
def uid(self, auth_plugin_name, wire_crypt): def pack_cnct_param(k, v): if k != CNCT_specific_data: return bs([k] + [len(v)]) + v # specific_data split per 254 bytes b = b'' i = 0 while len(v) > 254: b += bs([k, 255, i]) + v[:254] v = v[254:] i += 1 b += bs([k, len(v)+1, i]) + v return b auth_plugin_list = ('Srp', 'Legacy_Auth') # get and calculate CNCT_xxxx values if sys.platform == 'win32': user = os.environ['USERNAME'] hostname = os.environ['COMPUTERNAME'] else: user = os.environ.get('USER', '') hostname = socket.gethostname() if auth_plugin_name == 'Srp': self.client_public_key, self.client_private_key = srp.client_seed() specific_data = bytes_to_hex(srp.long2bytes(self.client_public_key)) elif auth_plugin_name == 'Legacy_Auth': assert crypt, "Legacy_Auth needs crypt module" specific_data = self.str_to_bytes(get_crypt(self.password)) else: raise OperationalError("Unknown auth plugin name '%s'" % (auth_plugin_name,)) self.plugin_name = auth_plugin_name self.plugin_list = b','.join([s.encode('utf-8') for s in auth_plugin_list]) client_crypt = b'\x01\x00\x00\x00' if wire_crypt else b'\x00\x00\x00\x00' # set CNCT_xxxx values r = b'' r += pack_cnct_param(CNCT_login, self.str_to_bytes(self.user.upper())) r += pack_cnct_param(CNCT_plugin_name, self.str_to_bytes(self.plugin_name)) r += pack_cnct_param(CNCT_plugin_list, self.plugin_list) r += pack_cnct_param(CNCT_specific_data, specific_data) r += pack_cnct_param(CNCT_client_crypt, client_crypt) r += pack_cnct_param(CNCT_user, self.str_to_bytes(user)) r += pack_cnct_param(CNCT_host, self.str_to_bytes(hostname)) r += pack_cnct_param(CNCT_user_verification, b'') return r
def _parse_connect_response(self): # want and treat op_accept or op_cond_accept or op_accept_data b = self.recv_channel(4) while bytes_to_bint(b) == self.op_dummy: b = self.recv_channel(4) if bytes_to_bint(b) == self.op_reject: raise OperationalError('Connection is rejected') op_code = bytes_to_bint(b) if op_code == self.op_response: return self._parse_op_response() # error occured b = self.recv_channel(12) self.accept_version = byte_to_int(b[3]) self.accept_architecture = bytes_to_bint(b[4:8]) self.accept_type = bytes_to_bint(b[8:]) self.lazy_response_count = 0 if op_code == self.op_cond_accept or op_code == self.op_accept_data: ln = bytes_to_bint(self.recv_channel(4)) data = self.recv_channel(ln, word_alignment=True) ln = bytes_to_bint(self.recv_channel(4)) self.accept_plugin_name = self.recv_channel(ln, word_alignment=True) is_authenticated = bytes_to_bint(self.recv_channel(4)) ln = bytes_to_bint(self.recv_channel(4)) self.recv_channel(ln, word_alignment=True) # keys if is_authenticated == 0: if self.accept_plugin_name in (b'Srp256', b'Srp'): hash_algo = { b'Srp256': hashlib.sha256, b'Srp': hashlib.sha1, }[self.accept_plugin_name] user = self.user if len(user) > 2 and user[0] == user[-1] == '"': user = user[1:-1] user = user.replace('""', '"') else: user = user.upper() if len(data) == 0: # send op_cont_auth self._op_cont_auth( srp.long2bytes(self.client_public_key), self.accept_plugin_name, self.plugin_list, b'') # parse op_cont_auth b = self.recv_channel(4) assert bytes_to_bint(b) == self.op_cont_auth ln = bytes_to_bint(self.recv_channel(4)) data = self.recv_channel(ln, word_alignment=True) ln = bytes_to_bint(self.recv_channel(4)) plugin_name = self.recv_channel(ln, word_alignment=True) ln = bytes_to_bint(self.recv_channel(4)) plugin_list = self.recv_channel(ln, word_alignment=True) ln = bytes_to_bint(self.recv_channel(4)) keys = self.recv_channel(ln, word_alignment=True) ln = bytes_to_int(data[:2]) server_salt = data[2:ln + 2] server_public_key = srp.bytes2long( hex_to_bytes(data[4 + ln:])) auth_data, session_key = srp.client_proof( self.str_to_bytes(user), self.str_to_bytes(self.password), server_salt, self.client_public_key, server_public_key, self.client_private_key, hash_algo) elif self.accept_plugin_name == b'Legacy_Auth': auth_data = self.str_to_bytes(get_crypt(self.password)) session_key = b'' else: raise OperationalError('Unknown auth plugin %s' % (self.accept_plugin_name)) else: auth_data = b'' session_key = b'' if op_code == self.op_cond_accept: self._op_cont_auth(auth_data, self.accept_plugin_name, self.plugin_list, b'') (h, oid, buf) = self._op_response() if self.wire_crypt and session_key: # op_crypt: plugin[Arc4] key[Symmetric] p = xdrlib.Packer() p.pack_int(self.op_crypt) p.pack_bytes(b'Arc4') p.pack_bytes(b'Symmetric') self.sock.send(p.get_buffer()) self.sock.set_translator(ARC4.new(session_key), ARC4.new(session_key)) (h, oid, buf) = self._op_response() else: # use later _op_attach() and _op_create() self.auth_data = auth_data else: assert op_code == self.op_accept
def _parse_connect_response(self): # want and treat op_accept or op_cond_accept or op_accept_data b = self.recv_channel(4) while bytes_to_bint(b) == self.op_dummy: b = self.recv_channel(4) if bytes_to_bint(b) == self.op_reject: raise OperationalError('Connection is rejected') op_code = bytes_to_bint(b) if op_code == self.op_response: return self._parse_op_response() # error occured b = self.recv_channel(12) self.accept_version = byte_to_int(b[3]) self.accept_architecture = bytes_to_bint(b[4:8]) self.accept_type = bytes_to_bint(b[8:]) self.lazy_response_count = 0 if op_code == self.op_cond_accept or op_code == self.op_accept_data: ln = bytes_to_bint(self.recv_channel(4)) data = self.recv_channel(ln, word_alignment=True) ln = bytes_to_bint(self.recv_channel(4)) self.accept_plugin_name = self.recv_channel(ln, word_alignment=True) is_authenticated = bytes_to_bint(self.recv_channel(4)) ln = bytes_to_bint(self.recv_channel(4)) self.recv_channel(ln, word_alignment=True) # keys if is_authenticated == 0: if self.accept_plugin_name in (b'Srp256', b'Srp'): hash_algo = { b'Srp256': hashlib.sha256, b'Srp': hashlib.sha1, }[self.accept_plugin_name] user = self.user if len(user) > 2 and user[0] == user[-1] == '"': user = user[1:-1] user = user.replace('""','"') else: user = user.upper() if len(data) == 0: # send op_cont_auth self._op_cont_auth( srp.long2bytes(self.client_public_key), self.accept_plugin_name, self.plugin_list, b'' ) # parse op_cont_auth b = self.recv_channel(4) assert bytes_to_bint(b) == self.op_cont_auth ln = bytes_to_bint(self.recv_channel(4)) data = self.recv_channel(ln, word_alignment=True) ln = bytes_to_bint(self.recv_channel(4)) plugin_name = self.recv_channel(ln, word_alignment=True) ln = bytes_to_bint(self.recv_channel(4)) plugin_list = self.recv_channel(ln, word_alignment=True) ln = bytes_to_bint(self.recv_channel(4)) keys = self.recv_channel(ln, word_alignment=True) ln = bytes_to_int(data[:2]) server_salt = data[2:ln+2] server_public_key = srp.bytes2long( hex_to_bytes(data[4+ln:])) auth_data, session_key = srp.client_proof( self.str_to_bytes(user), self.str_to_bytes(self.password), server_salt, self.client_public_key, server_public_key, self.client_private_key, hash_algo) elif self.accept_plugin_name == b'Legacy_Auth': auth_data = self.str_to_bytes(get_crypt(self.password)) session_key = b'' else: raise OperationalError( 'Unknown auth plugin %s' % (self.accept_plugin_name) ) else: auth_data = b'' session_key = b'' if op_code == self.op_cond_accept: self._op_cont_auth( auth_data, self.accept_plugin_name, self.plugin_list, b'' ) (h, oid, buf) = self._op_response() if self.wire_crypt and session_key: # op_crypt: plugin[Arc4] key[Symmetric] p = xdrlib.Packer() p.pack_int(self.op_crypt) p.pack_string(b'Arc4') p.pack_string(b'Symmetric') self.sock.send(p.get_buffer()) self.sock.set_translator( ARC4.new(session_key), ARC4.new(session_key)) (h, oid, buf) = self._op_response() else: # use later _op_attach() and _op_create() self.auth_data = auth_data else: assert op_code == self.op_accept