def _testKey(self, pubData, privData, keyType): privKey = keys.getPrivateKeyObject(data = privData) pubStr = keys.getPublicKeyString(data = pubData) pubKey = keys.getPublicKeyObject(pubStr) self._testKeySignVerify(privKey, pubKey) self._testKeyFromString(privKey, pubKey, privData, pubData) self._testGenerateKey(privKey, pubKey, privData, pubData, keyType)
def _cbRequestAvatarId(self, validKey, credentials): if not validKey: return failure.Failure(UnauthorizedLogin()) if not credentials.signature: return failure.Failure(error.ValidPublicKey()) else: try: if conch.version.major < 10: pubKey = keys.getPublicKeyObject(data=credentials.blob) if keys.verifySignature(pubKey, credentials.signature, credentials.sigData): return credentials.username else: pubKey = keys.Key.fromString(credentials.blob) if pubKey.verify(credentials.signature, credentials.sigData): return credentials.username except: # any error should be treated as a failed login f = failure.Failure() log.warning('manhole', 'error checking signature on creds %r: %r', credentials, log.getFailureMessage(f)) return f return failure.Failure(UnauthorizedLogin())
def _testKey(self, pubData, privData, keyType): privKey = keys.getPrivateKeyObject(data=privData) pubStr = keys.getPublicKeyString(data=pubData) pubKey = keys.getPublicKeyObject(pubStr) self._testKeySignVerify(privKey, pubKey) self._testKeyFromString(privKey, pubKey, privData, pubData) self._testGenerateKey(privKey, pubKey, privData, pubData, keyType)
def _testKeyFromString(self, privKey, pubKey, privData, pubData): keyType = keys.objectType(privKey) privFS = keys.getPrivateKeyObject(data = privData) pubFS = keys.getPublicKeyObject(keys.getPublicKeyString(data=pubData)) for k in privFS.keydata: if getattr(privFS, k) != getattr(privKey, k): self.fail('getting %s private key from string failed' % keyType) for k in pubFS.keydata: if hasattr(pubFS, k): if getattr(pubFS, k) != getattr(pubKey, k): self.fail('getting %s public key from string failed' % keyType)
def _testKeyFromString(self, privKey, pubKey, privData, pubData): keyType = keys.objectType(privKey) privFS = keys.getPrivateKeyObject(data=privData) pubFS = keys.getPublicKeyObject(keys.getPublicKeyString(data=pubData)) for k in privFS.keydata: if getattr(privFS, k) != getattr(privKey, k): self.fail('getting %s private key from string failed' % keyType) for k in pubFS.keydata: if hasattr(pubFS, k): if getattr(pubFS, k) != getattr(pubKey, k): self.fail('getting %s public key from string failed' % keyType)
def requestAvatarId(self, credentials): if not self.checkKey(credentials): return defer.fail(UnauthorizedLogin()) if not credentials.signature: return defer.fail(error.ValidPublicKey()) else: try: pubKey = keys.getPublicKeyObject(data = credentials.blob) if keys.verifySignature(pubKey, credentials.signature, credentials.sigData): return defer.succeed(credentials.username) except: pass return defer.fail(UnauthorizedLogin())
def _cbRequestAvatarId(self, validKey, credentials): if not validKey: return failure.Failure(UnauthorizedLogin()) if not credentials.signature: return failure.Failure(error.ValidPublicKey()) else: try: pubKey = keys.getPublicKeyObject(data=credentials.blob) if keys.verifySignature(pubKey, credentials.signature, credentials.sigData): return credentials.username except: # any error should be treated as a failed login f = failure.Failure() log.err() return f return failure.Failure(UnauthorizedLogin())
def printFingerprint(options): if not options['filename']: filename = os.path.expanduser('~/.ssh/id_rsa') options['filename'] = raw_input('Enter file in which the key is (%s): ' % filename) if os.path.exists(options['filename']+'.pub'): options['filename'] += '.pub' try: string = keys.getPublicKeyString(options['filename']) obj = keys.getPublicKeyObject(string) print '%s %s %s' % ( obj.size()+1, ':'.join(['%02x' % ord(x) for x in md5.new(string).digest()]), os.path.basename(options['filename'])) except: sys.exit('bad key')
def requestAvatarId(self, credentials): try: userKey = AuthKeys[Name(credentials.username)].key except KeyError: raise error.ConchError("No such user") else: if not credentials.blob == base64.decodestring(userKey): raise error.ConchError("I don't recognize that key") if not credentials.signature: return error.ValidPublicKey( ) pubKey = keys.getPublicKeyObject(data=credentials.blob) if keys.verifySignature(pubKey, credentials.signature, credentials.sigData): return credentials.username else: return error.ConchError("Incorrect signature")
def requestAvatarId(self, credentials): if self.authorizedKeys.has_key(credentials.username): userKey = self.authorizedKeys[credentials.username] if not credentials.blob == base64.decodestring(userKey): raise failure.failure( error.ConchError("I don't recognize that key")) if not credentials.signature: return failure.Failure(error.ValidPublicKey()) pubKey = keys.getPublicKeyObject(data=credentials.blob) if keys.verifySignature(pubKey, credentials.signature, credentials.sigData): return credentials.username else: return failure.Failure(error.ConchError("Incorrect signature")) else: return failure.Failure(error.ConchError("No such user"))
def auth_publickey(self, packet): hasSig = ord(packet[0]) algName, blob, rest = getNS(packet[1:], 2) pubKey = keys.getPublicKeyObject(data = blob) signature = hasSig and getNS(rest)[0] or None if hasSig: b = NS(self.transport.sessionID) + chr(MSG_USERAUTH_REQUEST) + \ NS(self.user) + NS(self.nextService) + NS('publickey') + \ chr(hasSig) + NS(keys.objectType(pubKey)) + NS(blob) c = credentials.SSHPrivateKey(self.user, algName, blob, b, signature) return self.portal.login(c, None, interfaces.IConchUser) else: c = credentials.SSHPrivateKey(self.user, algName, blob, None, None) return self.portal.login(c, None, interfaces.IConchUser).addErrback( self._ebCheckKey, packet[1:])