def listen(self, port): ''' Starts listening on the specified port. ''' portal = Portal(credentials.Realm()) portal.registerChecker(credentials.PasswordChecker(self.__passwd)) reactor.listenTCP(port, ServerProtocolFactory(portal, self.userlist))
def setUp(self): super(RootTests, self).setUp() self.docroot = self.mktemp() os.mkdir(self.docroot) RootResource.CheckSACL = FakeCheckSACL(sacls={"calendar": ["dreid"]}) directory = XMLDirectoryService({"xmlFile" : xmlFile}) augment.AugmentService = augment.AugmentXMLDB( xmlFiles=(augmentsFile.path,) ) principals = DirectoryPrincipalProvisioningResource( "/principals/", directory ) root = RootResource(self.docroot, principalCollections=[principals]) root.putChild("principals", principals) portal = Portal(auth.DavRealm()) portal.registerChecker(directory) self.root = auth.AuthenticationWrapper( root, portal, credentialFactories=(basic.BasicCredentialFactory("Test realm"),), loginInterfaces=(auth.IPrincipal,)) self.site = server.Site(self.root)
def createPortal(self, realmFactory=None): if realmFactory is None: realmFactory = SillyRealm r = realmFactory() p = Portal(r) p.registerChecker(AllowAnonymousAccess(), IAnonymous) return p
def portal(self): portal = Portal(self.realm()) for checker in self.auth_checkers(): portal.registerChecker(checker) if len(self.auth_checkers()) == 0: portal.registerChecker(checkers.AllowAnonymousAccess()) return portal
def makeService(config): components.registerAdapter( GitSession, GitAvatar, session.ISession) with open(config['conf']) as f: conf = yaml.load(f.read()) port = int(conf.get('port', 22)) host_key = conf.get('host_key') driver_key = conf.get('driver', 'example') log.msg('Using driver: \'%s\'' % driver_key) mgr = driver.DriverManager( namespace='gitserver.driver', name=driver_key, invoke_on_load=False ) portal = Portal(GitRealm(mgr)) portal.registerChecker(GitPublicKeyChecker(mgr)) # factory.SSHFactory takes no arguments, so unlike the # websocket server, we will assign portal on the class # rather than through the constructor. # TypeError: this constructor takes no arguments # is raised if we pass portal GitFactory(portal) GitFactory.portal = portal GitSession.driver_key = driver_key return internet.TCPServer(port, GitFactory(host_key=host_key))
def setUp(self): self.realm = Realm() portal = Portal(self.realm) portal.registerChecker(MockChecker()) self.authServer = userauth.SSHUserAuthServer() self.authServer.transport = FakeTransport(portal) self.authServer.serviceStarted()
def test_unencryptedConnectionWithoutPasswords(self): """ If the L{SSHUserAuthServer} is not advertising passwords, then an unencrypted connection should not cause any warnings or exceptions. This is a white box test. """ # create a Portal without password authentication portal = Portal(self.realm) portal.registerChecker(PrivateKeyChecker()) # no encryption clearAuthServer = userauth.SSHUserAuthServer() clearAuthServer.transport = FakeTransport(portal) clearAuthServer.transport.isEncrypted = lambda x: False clearAuthServer.serviceStarted() clearAuthServer.serviceStopped() self.assertEqual(clearAuthServer.supportedAuthentications, ['publickey']) # only encrypt incoming (the direction the password is sent) halfAuthServer = userauth.SSHUserAuthServer() halfAuthServer.transport = FakeTransport(portal) halfAuthServer.transport.isEncrypted = lambda x: x == 'in' halfAuthServer.serviceStarted() halfAuthServer.serviceStopped() self.assertEqual(clearAuthServer.supportedAuthentications, ['publickey'])
def deploy(iface, port, dbLocation, dbType, dbUsername=None, dbPassword=None, ssl=False, sslRedirect=False, sslPrivate=None, sslCert=None, sslPort=None): if dbUsername and dbPassword: searchService = searchServices[dbType]( dbLocation, dbUsername, dbPassword) else: searchService = searchServices[dbType](dbLocation) portal = Portal(PublicHTMLRealm(searchService), [AllowAnonymousAccess()]) portal.registerChecker(QuasselChecker(searchService), IUsernameHashedPassword) portal.registerChecker(SessionChecker(), ISessionCredentials) application = service.Application("Querryl") site = server.Site(BasicWrapper(portal, [])) site.sessionFactory = LongSession if ssl: ctx = DefaultOpenSSLContextFactory(sslPrivate, sslCert) ssl_sv = internet.SSLServer(sslPort, site, ctx, interface=iface) ssl_sv.setServiceParent(application) if sslRedirect: site = server.Site(RedirectFromRequest(port=sslPort)) sv = internet.TCPServer(port, site, interface=iface) sv.setServiceParent(application) return sv
def __init__(self, conf): self._init_keys(conf) config = cwconfig.instance_configuration(conf.get('cubicweb-instance')) repo = Repository(config, TasksManager(), vreg=None) portal = Portal(CubicWebSFTPRealm(repo, conf)) portal.registerChecker(CubicWebCredentialsChecker(repo)) self.portal = portal
def makeService(self, options): class LongSession(Session): sessionTimeout = 3600 if options['steamkey'] is None: raise ValueError('Must specify steam API key.') if options['strport'] is None: raise ValueError('Must specify strport description.') if options['dbdir'] is None: raise ValueError('Must specify database path.') steamAPI = API(key=options['steamkey']) store = Store(options['dbdir']) keyPath = FilePath(options['dbdir']).child('fernet.key') database = Database(store) loginRedirect = '/' portal = Portal(MapListRealm(database, options['bundle-path'], steamAPI, loginRedirect)) portal.registerChecker(PreauthenticatedChecker()) portal.registerChecker(AllowAnonymousAccess()) root = HTTPOpenIDAuthSessionWrapper(portal, [], loginRedirect, keyPath, database) site = Site(root) site.sessionFactory = LongSession return strports.service(options['strport'], site)
def main_ssh2http(): portal = Portal(ExampleRealm()) c_port = 5022 factory = SSH2HTTPConverterFactory(c_port) portal.registerChecker(factory) SSH2HTTPConverterFactory.portal = portal reactor.listenTCP(c_port, factory)
def create_portal(a): """I'm responsible for creating the authenticated portal""" realm = AggregatorRealm(a) portal = Portal(realm) checker = InMemoryUsernamePasswordDatabaseDontUse() checker.addUser(version.apiversion, a.getPassword()) portal.registerChecker(checker) return portal
def makeService(options): """ Makes a new swftp-ftp service. The only option is the config file location. The config file has the following options: - host - port - auth_url - num_persistent_connections - connection_timeout - welcome_message """ from twisted.protocols.ftp import FTPFactory from twisted.web.client import HTTPConnectionPool from twisted.cred.portal import Portal from swftp.ftp.server import SwiftFTPRealm from swftp.auth import SwiftBasedAuthDB from swftp.utils import print_runtime_info print('Starting SwFTP-ftp %s' % VERSION) c = get_config(options['config_file'], options) ftp_service = service.MultiService() # Add statsd service if c.get('ftp', 'log_statsd_host'): try: from swftp.statsd import makeService as makeStatsdService makeStatsdService( c.get('ftp', 'log_statsd_host'), c.getint('ftp', 'log_statsd_port'), sample_rate=c.getfloat('ftp', 'log_statsd_sample_rate'), prefix=c.get('ftp', 'log_statsd_metric_prefix') ).setServiceParent(ftp_service) except ImportError: log.err('Missing Statsd Module. Requires "txstatsd"') pool = HTTPConnectionPool(reactor, persistent=True) pool.maxPersistentPerHost = c.getint('ftp', 'num_persistent_connections') pool.cachedConnectionTimeout = c.getint('ftp', 'connection_timeout') authdb = SwiftBasedAuthDB(auth_url=c.get('ftp', 'auth_url'), verbose=c.getboolean('ftp', 'verbose')) ftpportal = Portal(SwiftFTPRealm()) ftpportal.registerChecker(authdb) ftpfactory = FTPFactory(ftpportal) ftpfactory.welcomeMessage = c.get('ftp', 'welcome_message') ftpfactory.allowAnonymous = False signal.signal(signal.SIGUSR1, print_runtime_info) signal.signal(signal.SIGUSR2, print_runtime_info) internet.TCPServer( c.getint('ftp', 'port'), ftpfactory, interface=c.get('ftp', 'host')).setServiceParent(ftp_service) return ftp_service
def main(): from twisted.cred.portal import Portal from twisted.cred.checkers import InMemoryUsernamePasswordDatabaseDontUse portal = Portal(SimpleRealm()) checker = InMemoryUsernamePasswordDatabaseDontUse() checker.addUser("benchmark", "benchmark") portal.registerChecker(checker) reactor.listenTCP(8787, pb.PBServerFactory(portal)) reactor.run()
class OpenRukoSSHServer(SSHFactory): def __init__(self, settings): self.settings = settings self.portal = Portal(OpenRukoRealm(settings)) self.portal.registerChecker(OpenRukoCredentialChecker(settings)) self.privateKeys = {'ssh-rsa': Key.fromFile(settings['gitmouth_private_key'])} self.publicKeys = {'ssh-rsa': Key.fromFile(settings['gitmouth_public_key'])}
def adminWrapper(data): """Ties it together""" p = Portal(AdminRealm(data)) p.registerChecker(AllowAnonymousAccess(), IAnonymous) p.registerChecker(data.players, IUsernamePassword) upw = guard.UsernamePasswordWrapper(p, callback=dumbRedirect) r = guard.SessionWrapper(upw) r.sessionLifetime = 12 * 3600 return r
def StartServices(username,password): from md5 import md5 password = md5(password).digest() portal = Portal(SimpleRealm()) checker = InMemoryUsernamePasswordDatabaseDontUse() checker.addUser(username,password) portal.registerChecker(checker) reactor.listenTCP(7001,pb.PBServerFactory(portal))
def createDocumentRoot(self): docroot = self.mktemp() os.mkdir(docroot) userResource = TestDAVPrincipalResource("/principals/users/user01") userResource.writeDeadProperty(TwistedPasswordProperty("user01")) principalCollection = TestPrincipalsCollection( "/principals/", children={"users": TestPrincipalsCollection( "/principals/users/", children={"user01": userResource})}) rootResource = self.resource_class( docroot, principalCollections=(principalCollection,)) portal = Portal(DavRealm()) portal.registerChecker(TwistedPropertyChecker()) credentialFactories = (basic.BasicCredentialFactory(""),) loginInterfaces = (IPrincipal,) self.site = Site(AuthenticationWrapper( rootResource, portal, credentialFactories, credentialFactories, loginInterfaces )) rootResource.setAccessControlList(self.grant(element.All())) for name, acl in ( ("none" , self.grant()), ("read" , self.grant(element.Read())), ("read-write" , self.grant(element.Read(), element.Write())), ("unlock" , self.grant(element.Unlock())), ("all" , self.grant(element.All())), ): filename = os.path.join(docroot, name) if not os.path.isfile(filename): file(filename, "w").close() resource = self.resource_class(filename) resource.setAccessControlList(acl) for name, acl in ( ("nobind" , self.grant()), ("bind" , self.grant(element.Bind())), ("unbind" , self.grant(element.Bind(), element.Unbind())), ): dirname = os.path.join(docroot, name) if not os.path.isdir(dirname): os.mkdir(dirname) resource = self.resource_class(dirname) resource.setAccessControlList(acl) return docroot
def __init__(self, soledad_sessions, *args, **kw): LEAPIMAPServer.__init__(self, *args, **kw) realm = LocalSoledadIMAPRealm(soledad_sessions) portal = Portal(realm) checker = IMAPTokenChecker(soledad_sessions) self.checker = checker self.portal = portal portal.registerChecker(checker)
def StartServices(): #fire up the World Stuff portal = Portal(SimpleRealm()) checker = InMemoryUsernamePasswordDatabaseDontUse() from md5 import md5 password = md5("daemon").digest() for x in range(0,100): checker.addUser(str(x), password) portal.registerChecker(checker) reactor.listenTCP(7000,pb.PBServerFactory(portal))
def startService(self): Plugin.startService(self) if not self._inputs == []: portal = Portal(CollectorRealm(self)) portal.registerChecker(AllowAnonymousAccess()) factory = PBServerFactory(portal) self._listener = reactor.listenTCP(self._port, factory, interface=self._address) logger.info("[%s] listening for remote messages on %s:%i" % (self.name,self._address,self._port)) else: logger.info("[%s] no inputs configured" % self.name)
def __init__(self, account, *args, **kw): LEAPIMAPServer.__init__(self, *args, **kw) realm = TestRealm(account) portal = Portal(realm) checker = TestCredentialsChecker() self.checker = checker self.portal = portal portal.registerChecker(checker)
def main(): from twisted.internet import reactor from twisted.cred.portal import Portal from twisted.cred.checkers import InMemoryUsernamePasswordDatabaseDontUse portal = Portal(SimpleRealm()) checker = InMemoryUsernamePasswordDatabaseDontUse() checker.addUser("guest", "guest") portal.registerChecker(checker) reactor.listenTCP(pb.portno, pb.PBServerFactory(portal)) reactor.run()
def setup(): from twisted.internet import reactor from twisted.cred.checkers import InMemoryUsernamePasswordDatabaseDontUse portal = Portal(SimpleRealm()) checker = InMemoryUsernamePasswordDatabaseDontUse() checker.addUser("guest", "password") portal.registerChecker(checker) reactor.listenTCP(7777, ConsoleSMTPFactory(portal))
def setServiceParent(self, parent): service.MultiService.setServiceParent(self, parent) portal = Portal(PbRealm(parent)) checker = InMemoryUsernamePasswordDatabaseDontUse() checker.addUser("guest", "guest") portal.registerChecker(checker) s = strports.service("unix:%s" % self.socket, pb.PBServerFactory(portal)) s.setServiceParent(self)
def __init__(self, soledad_sessions, keymanager_sessions, sendmail_opts, encrypted_only=False): realm = LocalSMTPRealm( keymanager_sessions, soledad_sessions, sendmail_opts, encrypted_only) portal = Portal(realm) checker = SMTPTokenChecker(soledad_sessions) self.checker = checker self.portal = portal portal.registerChecker(checker)
class CleanerSite(Site, Loggable): def __init__(self, firewall): self.user = cattivo.config.get("cleaner", "user") self.passwd_file = cattivo.config.get("cleaner", "passwd-file") checker = FilePasswordDB(self.passwd_file) self.realm = CleanerRealm() self.portal = Portal(self.realm) self.portal.registerChecker(checker) self.firewall = firewall Site.__init__(self, CleanerResource(self.portal)) Loggable.__init__(self)
def testUpgrade(self): p = Portal(IRealm(self.store), [ICredentialsChecker(self.store)]) def loggedIn((interface, avatarAspect, logout)): # if we can login, i guess everything is fine self.assertEquals(avatarAspect.garbage, GARBAGE_LEVEL) creds = UsernamePassword('@'.join(CREDENTIALS[:-1]), CREDENTIALS[-1]) d = p.login(creds, None, IGarbage) return d.addCallback(loggedIn)
def testUpgrade(self): p = Portal(IRealm(self.store), [ICredentialsChecker(self.store)]) def loggedIn((ifc, av, lgo)): assert av.garbage == 7 # Bug in cooperator? this triggers an exception. # return svc.stopService() d = p.login( UsernamePassword('*****@*****.**', SECRET), None, IGarbage) return d.addCallback(loggedIn)
class SSHFactory(factory.SSHFactory): def __init__(self, settings): self.settings = settings self.portal = Portal(Realm(settings)) self.portal.registerChecker(Checker(settings)) self.privateKeys = { 'ssh-rsa': Key.fromFile(settings['hadoukngit']['private_key']), } self.publicKeys = { 'ssh-rsa': Key.fromFile(settings['hadoukngit']['public_key']), }
def _getChild(self, branch, request): if not branch: returnValue(self) try: git_branch = yield maybeDeferred(self.github_client.get_branch, self.owner, self.repository, branch) resource = Branch(git_branch) portal = Portal(BranchRealm(resource), [PasswordDB(git_branch.passwd)]) credentialFactory = BasicCredentialFactory(branch) returnValue(HTTPAuthSessionWrapper(portal, [credentialFactory])) except github.BranchNotFound: returnValue(NoResource('Cannot find branch {}'.format(branch))) except github.GitError, e: logger.error(e) returnValue(NoResource(''))
class SSHServer(SSHFactory): 'Simulate an OpenSSH server.' portal = Portal(NoRootUnixSSHRealm()) #portal.registerChecker(DummyChecker()) authorizedKeys = { "eedgar": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApabUX5er6J5dDtalEVaBHvZ8hMAZCeJ7gxnN/9uF6b7aVahPDkRjYxkyLxhQAKdsfqfsNxiFF6C0MulIzpE/xO2CKV2nZd/GJKt6xvEbs3qJcsNPUWujVpsrG/fkBa99IJ3kGW5kmSBwkWnUY21XGa8E/V4rs3C9m/KYMQ3hHuCD2HHaYF/s6UA5AfpoVA8UCF4jCCaiqf+moVuE4xjijUEXPU7apkTDXHsMBX/S8hnkoUUM1aJ4ehboC9aK2HSo6wT1RT4o/6H4tvp5fo2hBUUJGuj92QW386Nx49vr8T/hH4vSdqvWmT4rhydsGdT3Q+VyTyG2W1x226GDdvrT3Q==" } portal.registerChecker(PublicKeyCredentialsChecker(authorizedKeys)) def __init__(self): #pubkey = '.'.join((privkey, 'pub')) self.privateKeys = {'ssh-rsa': Key.fromString(data=privkey)} self.publicKeys = {'ssh-rsa': Key.fromString(data=pubkey)}
def setupProtectedResource(self, resource_obj, checkers): class SimpleRealm(object): """ A realm which gives out L{ChangeHookResource} instances for authenticated users. """ implements(IRealm) def requestAvatar(self, avatarId, mind, *interfaces): if resource.IResource in interfaces: return (resource.IResource, resource_obj, lambda: None) raise NotImplementedError() portal = Portal(SimpleRealm(), checkers) credentialFactory = guard.BasicCredentialFactory('Protected area') wrapper = guard.HTTPAuthSessionWrapper(portal, [credentialFactory]) return wrapper
def start(self): components.registerAdapter(ExampleSession, Avatar, session.ISession) portal = Portal(Realm(self.cli, self.model, self.template_root)) passwdDB = InMemoryUsernamePasswordDatabaseDontUse() for credential in self.model.credentials: passwdDB.addUser(credential.username.encode('utf-8'), credential.password.encode('utf-8')) portal.registerChecker(passwdDB) Factory.portal = portal print("Starting ssh socket on " + self.hostaddress + ":" + str(self.port)) reactor.listenTCP(self.port, Factory()) reactor.run()
def __init__(self, base_path): """ :param FilePath base_path: The path beneath which all of the temporary SSH server-related files will be created. An ``ssh`` directory will be created as a child of this directory to hold the key pair that is generated. An ``sshd`` directory will also be created here to hold the generated host key. A ``home`` directory is also created here and used as the home directory for shell logins to the server. """ self.home = base_path.child(b"home") self.home.makedirs() ssh_path = base_path.child(b"ssh") ssh_path.makedirs() self.key_path = ssh_path.child(b"key") check_call( [b"ssh-keygen", # Specify the path where the generated key is written. b"-f", self.key_path.path, # Specify an empty passphrase. b"-N", b"", # Generate as little output as possible. b"-q"]) key = Key.fromFile(self.key_path.path) sshd_path = base_path.child(b"sshd") sshd_path.makedirs() self.host_key_path = sshd_path.child(b"ssh_host_key") check_call( [b"ssh-keygen", # See above for option explanations. b"-f", self.host_key_path.path, b"-N", b"", b"-q"]) factory = OpenSSHFactory() realm = UnixSSHRealm(self.home) checker = _InMemoryPublicKeyChecker(public_key=key.public()) factory.portal = Portal(realm, [checker]) factory.dataRoot = sshd_path.path factory.moduliRoot = b"/etc/ssh" self._port = reactor.listenTCP(0, factory, interface=b"127.0.0.1") self.ip = IPAddress(self._port.getHost().host) self.port = self._port.getHost().port
def secure_resource(self, api_resource): """ Wrap the provide API resource with an HTTP Authentication Session Wrapper :param api_resource: API resource to wrap :return: Resource, wrapped as requested """ checkers = [self._checker] realm = Realm(api_resource, self._checker.users) portal = Portal(realm, checkers) # TODO: support auth realm credentials_factory = BasicCredentialFactory(self._auth_realm) # credentials_factory = BasicCredentialFactory('auth') resource = HTTPAuthSessionWrapper(portal, [credentials_factory]) return resource
def getAuthResource(in_resource, sname, config, password_checker=AnchorePasswordChecker()): if not password_checker: # explicitly passed in null password checker obj return(in_resource) if sname in config['services']: localconfig = config['services'][sname] else: # no auth required return(in_resource) do_auth = True if localconfig and 'require_auth' in localconfig and not localconfig['require_auth']: do_auth = False if do_auth: #if localconfig and 'require_auth' in localconfig and localconfig['require_auth']: #if 'require_auth_file' not in localconfig or not os.path.exists(localconfig['require_auth_file']): # raise Exception("require_auth is set for service, but require_auth_file is not set/invalid") realm = HTTPAuthRealm(resource=in_resource) portal = Portal(realm, [password_checker]) #portal = Portal(realm, [FilePasswordDB(localconfig['require_auth_file'])]) #portal = Portal(realm, [FilePasswordDB(localconfig['require_auth_file'], hash=hellothere)]) # # for route-based auth, need anon and auth # #from twisted.cred.checkers import AllowAnonymousAccess #portal = Portal( # realm, [ # FilePasswordDB('./configs/server-auth.db'), # AllowAnonymousAccess(), # ], #) credential_factory = BasicCredentialFactory('Authentication required') #credential_factory = DigestCredentialFactory('md5', 'anchore') resource = HTTPAuthSessionWrapper(portal, [credential_factory]) else: resource = in_resource return (resource)
def main(keys_path, port): with open(keys_path + '/id_rsa') as privateBlobFile: privateBlob = privateBlobFile.read() privateKey = Key.fromString(data=privateBlob) with open(keys_path + '/id_rsa.pub') as publicBlobFile: publicBlob = publicBlobFile.read() publicKey = Key.fromString(data=publicBlob) factory = SSHFactory() factory.privateKeys = {'ssh-rsa': privateKey} factory.publicKeys = {'ssh-rsa': publicKey} factory.portal = Portal(KeyRealm()) factory.portal.registerChecker(KeyChecker()) factory.portal.registerChecker(PasswordChecker()) reactor.listenTCP(port, factory) reactor.run()
def create_wrapped_resource(webcls, config, app): username = config.get('username', '') password = config.get('password', '') if ':' in username: sys.exit("The `username` option contains illegal character ':', " "check and update the configuration file of Scrapyd") resource = webcls(config, app) if username and password: log.msg("Basic authentication enabled") portal = Portal(PublicHTMLRealm(resource), [StringCredentialsChecker(username, password)]) credential_factory = BasicCredentialFactory("Auth") return HTTPAuthSessionWrapper(portal, [credential_factory]) else: log.msg( "Basic authentication disabled as either `username` or `password` is unset" ) return resource
def main(): # log log.startLogging(sys.stdout) # checkers = [InMemoryUsernamePasswordDatabaseDontUse(joe='blow')] checkers = [FilePasswordDB('httpd.password')] portal = Portal(SimpleRealm(), checkers) credFactory = [guard.DigestCredentialFactory('md5', 'example.com')] wrapper = guard.HTTPAuthSessionWrapper(portal, credFactory) factory = server.Site(resource=wrapper) reactor.listenTCP(8889, factory) reactor.run()
def setup_Q2Q(self, path, q2qPortnum=q2q.port, inboundTCPPortnum=q2q.port+1, publicIP=None ): """Set up a Q2Q service. """ store = DirectoryCertificateAndUserStore(path) # store.addPrivateCertificate("kazekage") # store.addUser("kazekage", "username", "password1234") self.attach(q2q.Q2QService( protocolFactoryFactory=IdentityAdminFactory(store).examineRequest, certificateStorage=store, portal=Portal(store, checkers=[store]), q2qPortnum=q2qPortnum, inboundTCPPortnum=inboundTCPPortnum, publicIP=publicIP, ))
def makeFactory(configdict): """ Creates the ssh server factory. """ pubkeyfile = "ssh-public.key" privkeyfile = "ssh-private.key" def chainProtocolFactory(username=None): return insults.ServerProtocol( configdict['protocolFactory'], *configdict.get('protocolConfigdict', (username, )), **configdict.get('protocolKwArgs', {})) rlm = PassAvatarIdTerminalRealm() rlm.transportFactory = TerminalSessionTransport_getPeer rlm.chainedProtocolFactory = chainProtocolFactory factory = ConchFactory(Portal(rlm)) factory.sessionhandler = configdict['sessions'] try: # create/get RSA keypair publicKey, privateKey = getKeyPair(pubkeyfile, privkeyfile) factory.publicKeys = {'ssh-rsa': publicKey} factory.privateKeys = {'ssh-rsa': privateKey} except Exception as e: print( " getKeyPair error: %(e)s\n WARNING: Evennia could not auto-generate SSH keypair. Using conch default keys instead." % {'e': e}) print( " If this error persists, create game/%(pub)s and game/%(priv)s yourself using third-party tools." % { 'pub': pubkeyfile, 'priv': privkeyfile }) factory.services = factory.services.copy() factory.services['ssh-userauth'] = ExtraInfoAuthServer factory.portal.registerChecker(PlayerDBPasswordChecker(factory)) return factory
def setMain(opt): """Create a MainServer class based on `opt` options""" instanceName = opt['-n'] if not instanceName: instanceName = '' print 'setMain', opt # Determine logfile path into datadir log_filename = params.log_filename if not opt.has_key( '-d') else os.path.join(opt['-d'], 'log', 'misura.log') params.log_filename = log_filename # Start the object sharing process share.init(connect=False, log_filename=log_filename) # Instantiate mainserver class main = MainServer(instanceName=instanceName, port=opt['-p'], confdir=opt['-c'], datadir=opt['-d'], plug=opt['-e'], manager=share.manager) xmlrpc.addIntrospection(main) mimetypes = {'.h5': 'application/x-hdf;subtype=bag'} static.File.contentTypes.update(mimetypes) web = static.File(params.webdir) web.putChild('RPC', main) web.putChild('data', static.File(params.datadir)) web.putChild('conf', static.File(params.confdir)) # StreamServer mdir = MisuraDirectory(main) web.putChild('stream', mdir) # Further reading about auth stuff: # http://www.tsheffler.com/blog/?p=502 realm = MisuraRealm() realm.resource = web # TODO: use also for FTP! checker = UsersChecker(main.users) portal = Portal(realm, [checker]) cred_methods = (DigestCredentialFactory("md5", "MISURA"), BasicCredentialFactory('MISURA')) wrapper = HTTPAuthSessionWrapper(portal, cred_methods) site = server.Site(wrapper) return main, web, site
def makeAgentService(store): """ Returns a service which will process GatewayAMPCommands, using a socket file descripter acquired by launchd @param store: an already opened store @returns: service """ from twisted.internet import reactor sockets = launchActivateSocket("AgentSocket") fd = sockets[0] family = socket.AF_INET endpoint = AdoptedStreamServerEndpoint(reactor, fd, family) directory = store.directoryService() def becameInactive(): log.warn("Agent inactive; shutting down") reactor.stop() from twistedcaldav.config import config inactivityDetector = InactivityDetector( reactor, config.AgentInactivityTimeoutSeconds, becameInactive) root = Resource() root.putChild("gateway", AgentGatewayResource(store, directory, inactivityDetector)) # We need this service to be able to return com.apple.calendarserver, # so tell it not to suppress system accounts. directory = OpenDirectoryDirectoryService("/Local/Default", suppressSystemRecords=False) portal = Portal(AgentRealm(root, [u"com.apple.calendarserver"]), [HTTPDigestCredentialChecker(directory)]) credentialFactory = NoQOPDigestCredentialFactory("md5", "/Local/Default") wrapper = HTTPAuthSessionWrapper(portal, [credentialFactory]) site = Site(wrapper) return StreamServerEndpointService(endpoint, site)
def setupProtectedResource(self, resource_obj): class SimpleRealm(object): """ A realm which gives out L{ChangeHookResource} instances for authenticated users. """ implements(IRealm) def requestAvatar(self, avatarId, mind, *interfaces): if resource.IResource in interfaces: return (resource.IResource, resource_obj, lambda: None) raise NotImplementedError() login, password = self.change_hook_auth checker = InMemoryUsernamePasswordDatabaseDontUse() checker.addUser(login, password) portal = Portal(SimpleRealm(), [checker]) credentialFactory = guard.BasicCredentialFactory('Protected area') wrapper = guard.HTTPAuthSessionWrapper(portal, [credentialFactory]) return wrapper
def init(ftp_port=None): global _FTPServer lg.out(4, 'ftp_server.init') if _FTPServer: lg.warn('already started') return if not ftp_port: ftp_port = settings.getFTPServerPort() if not os.path.isfile(settings.FTPServerCredentialsFile()): bpio.WriteTextFile(settings.FTPServerCredentialsFile(), 'bitdust:bitdust') # TODO: add protection: accept connections only from local host: 127.0.0.1 _FTPServer = reactor.listenTCP( ftp_port, BitDustFTPFactory( Portal(FTPRealm('./'), [ AllowAnonymousAccess(), FilePasswordDB(settings.FTPServerCredentialsFile()), ]), )) lg.out(4, ' started on port %d' % ftp_port)
def makeService(cls, config): """ Create the txsftp service. """ if (conf.get('suppress-deprecation-warnings')): warnings.filterwarnings('ignore', r'.*', DeprecationWarning) get_key = lambda path: Key.fromString(data=open(path).read()) ssh_public_key = get_key(conf.get('ssh-public-key')) ssh_private_key = get_key(conf.get('ssh-private-key')) factory = SSHFactory() factory.privateKeys = {'ssh-rsa': ssh_private_key} factory.publicKeys = {'ssh-rsa': ssh_public_key} db = dbapi.connect(conf.get('db-url')) factory.portal = Portal(auth.VirtualizedSSHRealm(db)) factory.portal.registerChecker(auth.UsernamePasswordChecker(db)) factory.portal.registerChecker(auth.SSHKeyChecker(db)) return internet.TCPServer(conf.get('sftp-port'), factory)
def test_portalRejectedSenderAddress(self): """ Test that a C{MAIL FROM} command with an address rejected by an L{smtp.SMTP} instance's portal is responded to with the correct error code. """ class DisallowAnonymousAccess(object): """ Checker for L{IAnonymous} which rejects authentication attempts. """ implements(ICredentialsChecker) credentialInterfaces = (IAnonymous,) def requestAvatarId(self, credentials): return defer.fail(UnauthorizedLogin()) realm = SingletonRealm(smtp.IMessageDelivery, NotImplementedDelivery()) portal = Portal(realm, [DisallowAnonymousAccess()]) proto = smtp.SMTP() proto.portal = portal trans = StringTransport() proto.makeConnection(trans) # Deal with the necessary preliminaries proto.dataReceived('HELO example.com\r\n') trans.clear() # Try to specify our sender address proto.dataReceived('MAIL FROM:<*****@*****.**>\r\n') # Clean up the protocol before doing anything that might raise an # exception. proto.connectionLost(error.ConnectionLost()) # Make sure that we received exactly the correct response self.assertEqual( trans.value(), '550 Cannot receive from specified address ' '<*****@*****.**>: Sender not acceptable\r\n')
def __init__(self): portal = Portal(authentication.XCAPAuthRealm()) if AuthenticationConfig.cleartext_passwords: http_checker = ServerConfig.backend.PlainPasswordChecker() else: http_checker = ServerConfig.backend.HashPasswordChecker() portal.registerChecker(http_checker) trusted_peers = AuthenticationConfig.trusted_peers portal.registerChecker(authentication.TrustedPeerChecker(trusted_peers)) portal.registerChecker(authentication.PublicGetApplicationChecker()) auth_type = AuthenticationConfig.type if auth_type == 'basic': credential_factory = basic.BasicCredentialFactory(auth_type) elif auth_type == 'digest': credential_factory = tweak_DigestCredentialFactory('MD5', auth_type) else: raise ValueError("Invalid authentication type: '%s'. Please check the configuration." % auth_type) root = authentication.XCAPAuthResource(XCAPRoot(), (credential_factory,), portal, (authentication.IAuthUser,)) self.site = XCAPSite(root)
def setUp(self): self.avatar_content = b"avatar content" self.child_content = b"child content" self.grandchild_content = b"grandchild content" grandchild = Data(self.grandchild_content, b"text/plain") child = Data(self.child_content, b"text/plain") child.putChild(b"grandchild", grandchild) self.avatar = Data(self.avatar_content, b"text/plain") self.avatar.putChild(b"child", child) self.realm = OneIResourceAvatarRealm(self.avatar) self.portal = Portal( self.realm, [AllowAnonymousAccess()], ) self.guard = HTTPAuthSessionWrapper( self.portal, [BasicCredentialFactory("example.com")], )
def start_ssh_server(port, username, password, namespace): """ Start an SSH server on the given port, exposing a Python prompt with the given namespace. """ # This is a lot of boilerplate, see http://tm.tl/6429 for a ticket to # provide a utility function that simplifies this. from twisted.internet import reactor from twisted.conch.insults import insults from twisted.conch import manhole, manhole_ssh from twisted.cred.checkers import ( InMemoryUsernamePasswordDatabaseDontUse as MemoryDB) from twisted.cred.portal import Portal sshRealm = manhole_ssh.TerminalRealm() def chainedProtocolFactory(): return insults.ServerProtocol(manhole.Manhole, namespace) sshRealm.chainedProtocolFactory = chainedProtocolFactory sshPortal = Portal(sshRealm, [MemoryDB(**{username: password})]) reactor.listenTCP(port, manhole_ssh.ConchFactory(sshPortal), interface="127.0.0.1")
def makeFactory(configdict): """ Creates the ssh server factory. """ pubkeyfile = os.path.join(_GAME_DIR, "server", "ssh-public.key") privkeyfile = os.path.join(_GAME_DIR, "server", "ssh-private.key") def chainProtocolFactory(username=None): return insults.ServerProtocol( configdict['protocolFactory'], *configdict.get('protocolConfigdict', (username, )), **configdict.get('protocolKwArgs', {})) rlm = PassAvatarIdTerminalRealm() rlm.transportFactory = TerminalSessionTransport_getPeer rlm.chainedProtocolFactory = chainProtocolFactory factory = ConchFactory(Portal(rlm)) factory.sessionhandler = configdict['sessions'] try: # create/get RSA keypair publicKey, privateKey = getKeyPair(pubkeyfile, privkeyfile) factory.publicKeys = {'ssh-rsa': publicKey} factory.privateKeys = {'ssh-rsa': privateKey} except Exception as err: print ( "getKeyPair error: {err}\n WARNING: Evennia could not " \ "auto-generate SSH keypair. Using conch default keys instead.\n" \ "If this error persists, create {pub} and " \ "{priv} yourself using third-party tools.".format( err=err, pub=pubkeyfile, priv=privkeyfile)) factory.services = factory.services.copy() factory.services['ssh-userauth'] = ExtraInfoAuthServer factory.portal.registerChecker(PlayerDBPasswordChecker(factory)) return factory
def main(): """ Create a PB server using MyRealm and run it on port 8800. """ startLogging(stdout) p = Portal(MyRealm()) # Here the username/password checker is registered. c1 = InMemoryUsernamePasswordDatabaseDontUse(user1="pass1", user2="pass2") p.registerChecker(c1) # Here the anonymous checker is registered. c2 = AllowAnonymousAccess() p.registerChecker(c2) reactor.listenTCP(8800, PBServerFactory(p)) reactor.run()
def test_deliveryRejectedSenderAddress(self): """ Test that a C{MAIL FROM} command with an address rejected by a L{smtp.IMessageDelivery} instance is responded to with the correct error code. """ class RejectionDelivery(NotImplementedDelivery): """ Delivery object which rejects all senders as invalid. """ def validateFrom(self, helo, origin): raise smtp.SMTPBadSender(origin) realm = SingletonRealm(smtp.IMessageDelivery, RejectionDelivery()) portal = Portal(realm, [AllowAnonymousAccess()]) proto = smtp.SMTP() proto.portal = portal trans = StringTransport() proto.makeConnection(trans) # Deal with the necessary preliminaries proto.dataReceived('HELO example.com\r\n') trans.clear() # Try to specify our sender address proto.dataReceived('MAIL FROM:<*****@*****.**>\r\n') # Clean up the protocol before doing anything that might raise an # exception. proto.connectionLost(error.ConnectionLost()) # Make sure that we received exactly the correct response self.assertEqual( trans.value(), '550 Cannot receive from specified address ' '<*****@*****.**>: Sender not acceptable\r\n')
def create_factory(authnz, git_configuration, git_viewer=None): if git_viewer is None: git_viewer = NoResource() elif not IResource.providedBy(git_viewer): raise ValueError("git_viewer should implement IResource") credentialFactories = [BasicCredentialFactory('Git Repositories')] gitportal = Portal( GitHTTPRealm(authnz, git_configuration, credentialFactories, git_viewer)) if hasattr(authnz, 'check_password'): log.msg("Registering PasswordChecker") gitportal.registerChecker(PasswordChecker(authnz.check_password)) gitportal.registerChecker(AllowAnonymousAccess()) resource = HTTPAuthSessionWrapper(gitportal, credentialFactories) site = Site(resource) return site
def createDocumentRoot(self): docroot = self.mktemp() os.mkdir(docroot) userResource = TestDAVPrincipalResource("/principals/users/user01") userResource.writeDeadProperty(TwistedPasswordProperty("user01")) principalCollection = TestPrincipalsCollection( "/principals/", children={ "users": TestPrincipalsCollection( "/principals/users/", children={"user01": userResource} ) } ) rootResource = self.resource_class( docroot, principalCollections=(principalCollection,)) portal = Portal(DavRealm()) portal.registerChecker(TwistedPropertyChecker()) credentialFactories = (basic.BasicCredentialFactory(""),) loginInterfaces = (IPrincipal,) self.site = Site(AuthenticationWrapper( rootResource, portal, credentialFactories, credentialFactories, loginInterfaces )) rootResource.setAccessControlList(self.grant(element.All())) for name, acl in ( ("none" , self.grant()), ("read" , self.grant(element.Read())), ("read-write" , self.grant(element.Read(), element.Write())), ("unlock" , self.grant(element.Unlock())), ("all" , self.grant(element.All())), ): filename = os.path.join(docroot, name) if not os.path.isfile(filename): file(filename, "w").close() resource = self.resource_class(filename) resource.setAccessControlList(acl) for name, acl in ( ("nobind" , self.grant()), ("bind" , self.grant(element.Bind())), ("unbind" , self.grant(element.Bind(), element.Unbind())), ): dirname = os.path.join(docroot, name) if not os.path.isdir(dirname): os.mkdir(dirname) resource = self.resource_class(dirname) resource.setAccessControlList(acl) return docroot
class SSHUserAuthServerTests(unittest.TestCase): """ Tests for SSHUserAuthServer. """ if keys is None: skip = "cannot run without cryptography" def setUp(self): self.realm = Realm() self.portal = Portal(self.realm) self.portal.registerChecker(PasswordChecker()) self.portal.registerChecker(PrivateKeyChecker()) self.authServer = userauth.SSHUserAuthServer() self.authServer.transport = FakeTransport(self.portal) self.authServer.serviceStarted() self.authServer.supportedAuthentications.sort() # give a consistent # order def tearDown(self): self.authServer.serviceStopped() self.authServer = None def _checkFailed(self, ignored): """ Check that the authentication has failed. """ self.assertEqual(self.authServer.transport.packets[-1], (userauth.MSG_USERAUTH_FAILURE, NS(b'password,publickey') + b'\x00')) def test_noneAuthentication(self): """ A client may request a list of authentication 'method name' values that may continue by using the "none" authentication 'method name'. See RFC 4252 Section 5.2. """ d = self.authServer.ssh_USERAUTH_REQUEST( NS(b'foo') + NS(b'service') + NS(b'none')) return d.addCallback(self._checkFailed) def test_successfulPasswordAuthentication(self): """ When provided with correct password authentication information, the server should respond by sending a MSG_USERAUTH_SUCCESS message with no other data. See RFC 4252, Section 5.1. """ packet = b''.join( [NS(b'foo'), NS(b'none'), NS(b'password'), chr(0), NS(b'foo')]) d = self.authServer.ssh_USERAUTH_REQUEST(packet) def check(ignored): self.assertEqual(self.authServer.transport.packets, [(userauth.MSG_USERAUTH_SUCCESS, b'')]) return d.addCallback(check) def test_failedPasswordAuthentication(self): """ When provided with invalid authentication details, the server should respond by sending a MSG_USERAUTH_FAILURE message which states whether the authentication was partially successful, and provides other, open options for authentication. See RFC 4252, Section 5.1. """ # packet = username, next_service, authentication type, FALSE, password packet = b''.join( [NS(b'foo'), NS(b'none'), NS(b'password'), chr(0), NS(b'bar')]) self.authServer.clock = task.Clock() d = self.authServer.ssh_USERAUTH_REQUEST(packet) self.assertEqual(self.authServer.transport.packets, []) self.authServer.clock.advance(2) return d.addCallback(self._checkFailed) def test_successfulPrivateKeyAuthentication(self): """ Test that private key authentication completes successfully, """ blob = keys.Key.fromString(keydata.publicRSA_openssh).blob() obj = keys.Key.fromString(keydata.privateRSA_openssh) packet = (NS(b'foo') + NS(b'none') + NS(b'publickey') + b'\xff' + NS(obj.sshType()) + NS(blob)) self.authServer.transport.sessionID = b'test' signature = obj.sign( NS(b'test') + chr(userauth.MSG_USERAUTH_REQUEST) + packet) packet += NS(signature) d = self.authServer.ssh_USERAUTH_REQUEST(packet) def check(ignored): self.assertEqual(self.authServer.transport.packets, [(userauth.MSG_USERAUTH_SUCCESS, b'')]) return d.addCallback(check) def test_requestRaisesConchError(self): """ ssh_USERAUTH_REQUEST should raise a ConchError if tryAuth returns None. Added to catch a bug noticed by pyflakes. """ d = defer.Deferred() def mockCbFinishedAuth(self, ignored): self.fail('request should have raised ConochError') def mockTryAuth(kind, user, data): return None def mockEbBadAuth(reason): d.errback(reason.value) self.patch(self.authServer, 'tryAuth', mockTryAuth) self.patch(self.authServer, '_cbFinishedAuth', mockCbFinishedAuth) self.patch(self.authServer, '_ebBadAuth', mockEbBadAuth) packet = NS(b'user') + NS(b'none') + NS(b'public-key') + NS(b'data') # If an error other than ConchError is raised, this will trigger an # exception. self.authServer.ssh_USERAUTH_REQUEST(packet) return self.assertFailure(d, ConchError) def test_verifyValidPrivateKey(self): """ Test that verifying a valid private key works. """ blob = keys.Key.fromString(keydata.publicRSA_openssh).blob() packet = (NS(b'foo') + NS(b'none') + NS(b'publickey') + b'\x00' + NS(b'ssh-rsa') + NS(blob)) d = self.authServer.ssh_USERAUTH_REQUEST(packet) def check(ignored): self.assertEqual( self.authServer.transport.packets, [(userauth.MSG_USERAUTH_PK_OK, NS(b'ssh-rsa') + NS(blob))]) return d.addCallback(check) def test_failedPrivateKeyAuthenticationWithoutSignature(self): """ Test that private key authentication fails when the public key is invalid. """ blob = keys.Key.fromString(keydata.publicDSA_openssh).blob() packet = (NS(b'foo') + NS(b'none') + NS(b'publickey') + b'\x00' + NS(b'ssh-dsa') + NS(blob)) d = self.authServer.ssh_USERAUTH_REQUEST(packet) return d.addCallback(self._checkFailed) def test_failedPrivateKeyAuthenticationWithSignature(self): """ Test that private key authentication fails when the public key is invalid. """ blob = keys.Key.fromString(keydata.publicRSA_openssh).blob() obj = keys.Key.fromString(keydata.privateRSA_openssh) packet = (NS(b'foo') + NS(b'none') + NS(b'publickey') + b'\xff' + NS(b'ssh-rsa') + NS(blob) + NS(obj.sign(blob))) self.authServer.transport.sessionID = b'test' d = self.authServer.ssh_USERAUTH_REQUEST(packet) return d.addCallback(self._checkFailed) def test_ignoreUnknownCredInterfaces(self): """ L{SSHUserAuthServer} sets up C{SSHUserAuthServer.supportedAuthentications} by checking the portal's credentials interfaces and mapping them to SSH authentication method strings. If the Portal advertises an interface that L{SSHUserAuthServer} can't map, it should be ignored. This is a white box test. """ server = userauth.SSHUserAuthServer() server.transport = FakeTransport(self.portal) self.portal.registerChecker(AnonymousChecker()) server.serviceStarted() server.serviceStopped() server.supportedAuthentications.sort() # give a consistent order self.assertEqual(server.supportedAuthentications, [b'password', b'publickey']) def test_removePasswordIfUnencrypted(self): """ Test that the userauth service does not advertise password authentication if the password would be send in cleartext. """ self.assertIn(b'password', self.authServer.supportedAuthentications) # no encryption clearAuthServer = userauth.SSHUserAuthServer() clearAuthServer.transport = FakeTransport(self.portal) clearAuthServer.transport.isEncrypted = lambda x: False clearAuthServer.serviceStarted() clearAuthServer.serviceStopped() self.assertNotIn(b'password', clearAuthServer.supportedAuthentications) # only encrypt incoming (the direction the password is sent) halfAuthServer = userauth.SSHUserAuthServer() halfAuthServer.transport = FakeTransport(self.portal) halfAuthServer.transport.isEncrypted = lambda x: x == 'in' halfAuthServer.serviceStarted() halfAuthServer.serviceStopped() self.assertIn(b'password', halfAuthServer.supportedAuthentications) def test_unencryptedConnectionWithoutPasswords(self): """ If the L{SSHUserAuthServer} is not advertising passwords, then an unencrypted connection should not cause any warnings or exceptions. This is a white box test. """ # create a Portal without password authentication portal = Portal(self.realm) portal.registerChecker(PrivateKeyChecker()) # no encryption clearAuthServer = userauth.SSHUserAuthServer() clearAuthServer.transport = FakeTransport(portal) clearAuthServer.transport.isEncrypted = lambda x: False clearAuthServer.serviceStarted() clearAuthServer.serviceStopped() self.assertEqual(clearAuthServer.supportedAuthentications, [b'publickey']) # only encrypt incoming (the direction the password is sent) halfAuthServer = userauth.SSHUserAuthServer() halfAuthServer.transport = FakeTransport(portal) halfAuthServer.transport.isEncrypted = lambda x: x == 'in' halfAuthServer.serviceStarted() halfAuthServer.serviceStopped() self.assertEqual(clearAuthServer.supportedAuthentications, [b'publickey']) def test_loginTimeout(self): """ Test that the login times out. """ timeoutAuthServer = userauth.SSHUserAuthServer() timeoutAuthServer.clock = task.Clock() timeoutAuthServer.transport = FakeTransport(self.portal) timeoutAuthServer.serviceStarted() timeoutAuthServer.clock.advance(11 * 60 * 60) timeoutAuthServer.serviceStopped() self.assertEqual( timeoutAuthServer.transport.packets, [(transport.MSG_DISCONNECT, b'\x00' * 3 + chr(transport.DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE) + NS(b"you took too long") + NS(b''))]) self.assertTrue(timeoutAuthServer.transport.lostConnection) def test_cancelLoginTimeout(self): """ Test that stopping the service also stops the login timeout. """ timeoutAuthServer = userauth.SSHUserAuthServer() timeoutAuthServer.clock = task.Clock() timeoutAuthServer.transport = FakeTransport(self.portal) timeoutAuthServer.serviceStarted() timeoutAuthServer.serviceStopped() timeoutAuthServer.clock.advance(11 * 60 * 60) self.assertEqual(timeoutAuthServer.transport.packets, []) self.assertFalse(timeoutAuthServer.transport.lostConnection) def test_tooManyAttempts(self): """ Test that the server disconnects if the client fails authentication too many times. """ packet = b''.join( [NS(b'foo'), NS(b'none'), NS(b'password'), chr(0), NS(b'bar')]) self.authServer.clock = task.Clock() for i in range(21): d = self.authServer.ssh_USERAUTH_REQUEST(packet) self.authServer.clock.advance(2) def check(ignored): self.assertEqual( self.authServer.transport.packets[-1], (transport.MSG_DISCONNECT, b'\x00' * 3 + chr(transport.DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE) + NS(b"too many bad auths") + NS(b''))) return d.addCallback(check) def test_failIfUnknownService(self): """ If the user requests a service that we don't support, the authentication should fail. """ packet = NS(b'foo') + NS(b'') + NS(b'password') + chr(0) + NS(b'foo') self.authServer.clock = task.Clock() d = self.authServer.ssh_USERAUTH_REQUEST(packet) return d.addCallback(self._checkFailed) def test_tryAuthEdgeCases(self): """ tryAuth() has two edge cases that are difficult to reach. 1) an authentication method auth_* returns None instead of a Deferred. 2) an authentication type that is defined does not have a matching auth_* method. Both these cases should return a Deferred which fails with a ConchError. """ def mockAuth(packet): return None self.patch(self.authServer, 'auth_publickey', mockAuth) # first case self.patch(self.authServer, 'auth_password', None) # second case def secondTest(ignored): d2 = self.authServer.tryAuth(b'password', None, None) return self.assertFailure(d2, ConchError) d1 = self.authServer.tryAuth(b'publickey', None, None) return self.assertFailure(d1, ConchError).addCallback(secondTest)
def makePortal(pool): realm = ChatRealm(pool) portal = Portal(realm) checker = TokenChecker(pool) portal.registerChecker(checker) return portal
def getLoginResource(self): return HTTPAuthSessionWrapper( Portal(AuthRealm(self.master, self), self.checkers), self.credentialFactories)
def ftp_MKD(self, path): FTP.sendLine(self, '257 Folder created') def ftp_RMD(self, path): FTP.sendLine(self, '250 Requested File Action Completed OK') # END HACKS def logIt(self, command, successful): f = open('/root/ftp.log', 'a') data = { 'timestamp': int(time.time()), 'sourceIPv4Address': str(self.transport.getPeer().host), 'command': command, 'success': successful, 'session': self.session } f.write(json.dumps(data) + ',\n') f.close() try: factory = FTPFactory(Portal('pub/'), [FilePasswordDB('/passwd')]) factory.protocol = SimpleFtpProtocol reactor.listenTCP(21, factory) print('Server listening on Port %s (Plain) and on %s (SSL).' % (21, 990)) reactor.run() except Exception as e: print(e)