def render(self, request):
if not self.name:
return "Invalid name: %s" % self.name
elif not self.password:
return "Your password consists only of 'bad' characters."
session = request.getSession()
passfile = IMainSetup(100).passwordfile
passDB = FilePasswordDB(passfile)
try:
passDB.getUser(self.name)
log.msg("Already taken: %s" % self.name)
return "Sorry, the name %r is already taken." % self.name
except KeyError:
session.name = self.name
with open(passfile, 'a') as f:
f.write("%s:%s\n" % (self.name, self.password))
log.msg("Registered: %s:%s" % (self.name, self.password))
return 'Registered! %s - %s<br><a href="/">Back to main.</a>' % (session.name, self.password)
def render(self, request):
if not self.name:
return "Invalid name: %s" % self.name
elif not self.password:
return "Your password consists only of 'bad' characters."
session = request.getSession()
passfile = IMainSetup(100).passwordfile
passDB = FilePasswordDB(passfile)
try:
passDB.getUser(self.name)
log.msg("Already taken: %s" % self.name)
return "Sorry, the name %r is already taken." % self.name
except KeyError:
session.name = self.name
with open(passfile, 'a') as f:
f.write("%s:%s\n" % (self.name, self.password))
log.msg("Registered: %s:%s" % (self.name, self.password))
return 'Registered! %s - %s<br><a href="/">Back to main.</a>' % (
session.name, self.password)
def read_user(user):
checker = FilePasswordDB('http.password',
delim=b'=',
hash=check_hashed_password)
return checker.getUser(user.encode())
class HoneytokenDatabase():
"""
Honeytoken Database.
Credchecker used by all Services.
"""
delimiter = '\t'
credentialInterfaces = (credentials.IUsernamePassword,
credentials.IUsernameHashedPassword)
def __init__(self, servicename):
"""
@type servicename: str
@param servicename: The name of the service which is using this database instance.
"""
self.servicename = servicename
self.filepath = str(Config.honeytoken.database_folder / "database-{}.txt".format(servicename))
self.token_db = FilePasswordDB(self.filepath, delim=self.delimiter, cache=True)
self.session_db = SessionDatabase()
self.strategy = Config.honeytoken.strategy
# FIXME: This should be moved to SSHService
def try_decode_key(self, raw_key):
key_str = raw_key.decode(errors='ignore')
# These keys are unsupported by twisted and Key.fromString fails if we call it, so return None
if "ed25519" in key_str or "ecdsa" in key_str:
return None
return keys.Key.fromString(data=raw_key).toString("OPENSSH").decode()
def add_token(user, secret):
pass
def try_get_token(self, user, secret):
if isinstance(secret, bytes):
# login via password (which might be bytes)
secret = secret.decode()
try:
u, s = self.token_db.getUser(user)
return (u, s)
except KeyError:
return None
def hash_accept(self, username, password, randomAcceptProbability):
if (Config.honeytoken.username_min <= len(username) <= Config.honeytoken.username_max
and Config.honeytoken.password_min <= len(password) <= Config.honeytoken.password_max
and ":" not in username and ":" not in password):
if Config.honeytoken.accept_via_hash:
# Need to encode to be able to hash it via hashlib
hashbau = (username + Config.honeytoken.hash_seed + password).encode()
hash1 = hashlib.sha1(hashbau).hexdigest()
i = 0
for x in range(0, 39):
i = i + int(hash1[x], 16)
if (i % 10 <= randomAcceptProbability * 10 - 1):
return True
else:
return False
elif random.random() <= randomAcceptProbability:
return True
else:
return False
else:
return False
def strategy_hash(self, creds):
randomAcceptProbability = 0
if self.servicename in Config.honeytoken.probabilities.keys():
randomAcceptProbability = Config.honeytoken.probabilities[self.servicename]
if hasattr(creds, 'password') and self.hash_accept(creds.username, creds.password, randomAcceptProbability):
if self.servicename in Config.honeytoken.generating.keys():
# FIXME: Do we need to know the IP here?
self.add_token(creds.username, creds.password)
return defer.succeed(creds.username)
# Keys should not reach the database, as we abort before this, but better make sure
return defer.fail(error.UnauthorizedLogin("Invalid Password or Public Key"))
def on_login(self, c):
# Always suceed for now
print("HoneytokenDatabase.requestAvatarId: returning succeed for {}".format(c))
session_result = None
if isinstance(c, Credential):
session_result = self.session_db.on_login(c)
return defer.succeed(c.username)
if session_result:
pass
try:
# Does this credential match a honeytoken?
user, secret = self.try_get_token(c.username)
return defer.maybeDeferred(c.checkPassword, secret).addCallback(self.password_match, user)
except KeyError:
# If not, react according to self.strategy
if self.strategy == 'hash':
return self.strategy_hash(c)
elif self.strategy == 'v1':
pass
# Rebind methods for twisted
requestAvatarId = on_login
