def __init__(self, username, **kwargs): log("exec.Authenticator(%s, %s)", username, kwargs) self.command = kwargs.pop("command", "") self.timeout = kwargs.pop("timeout", TIMEOUT) self.timer = None self.proc = None self.timeout_event = False if not self.command: #try to find the default auth_dialog executable: from xpra.platform.paths import get_libexec_dir libexec = get_libexec_dir() xpralibexec = os.path.join(libexec, "xpra") log("libexec=%s, xpralibexec=%s", libexec, xpralibexec) if os.path.exists(xpralibexec) and os.path.isdir(xpralibexec): libexec = xpralibexec auth_dialog = os.path.join(libexec, "auth_dialog") if EXECUTABLE_EXTENSION: #ie: add ".exe" on MS Windows auth_dialog += ".%s" % EXECUTABLE_EXTENSION log("auth_dialog=%s", auth_dialog) if os.path.exists(auth_dialog): self.command = auth_dialog assert self.command, "exec authentication module is not configured correctly: no command specified" connection = kwargs.get("connection") log("exec connection info: %s", connection) assert connection, "connection object is missing" self.connection_str = str(connection) SysAuthenticator.__init__(self, username, **kwargs)
def __init__(self, username, **kwargs): self.password_query = kwargs.pop("password_query", "SELECT password FROM users WHERE username=(%s)") self.sessions_query = kwargs.pop("sessions_query", "SELECT uid, gid, displays, env_options, session_options "+ "FROM users WHERE username=(%s) AND password=(%s)") SysAuthenticator.__init__(self, username, **kwargs) self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs): filename = kwargs.pop("filename", 'sqlite.sdb') if filename and not os.path.isabs(filename): exec_cwd = kwargs.get("exec_cwd", os.getcwd()) filename = os.path.join(exec_cwd, filename) self.filename = filename self.password_query = kwargs.pop("password_query", "SELECT password FROM users WHERE username=(?)") self.sessions_query = kwargs.pop("sessions_query", "SELECT uid, gid, displays, env_options, session_options FROM users WHERE username=(?)") SysAuthenticator.__init__(self, username, **kwargs) self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs): filename = kwargs.pop("filename", password_file) if filename and not os.path.isabs(filename): exec_cwd = kwargs.get("exec_cwd", os.getcwd()) filename = os.path.join(exec_cwd, filename) SysAuthenticator.__init__(self, username, **kwargs) self.password_filename = filename self.password_filedata = None self.password_filetime = None self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs): self.app_id = kwargs.pop("app_id", APP_ID) key_hexstring = kwargs.pop("public_key", "") SysAuthenticator.__init__(self, username, **kwargs) self.public_keys = OrderedDict() key_strs = OrderedDict() if key_hexstring: log("u2f_auth: public key from configuration=%s", key_hexstring) key_strs["command-option"] = key_hexstring #try to load public keys from the user conf dir(s): if getuid() == 0 and POSIX: #root: use the uid of the username specified: uid = self.get_uid() else: uid = getuid() conf_dirs = get_user_conf_dirs(uid) log("u2f: will try to load public keys from %s", csv(conf_dirs)) #load public keys: for d in conf_dirs: ed = osexpand(d) if os.path.exists(ed) and os.path.isdir(ed): pub_keyfiles = glob.glob(os.path.join(ed, "u2f*-pub.hex")) log("u2f: keyfiles(%s)=%s", ed, pub_keyfiles) for f in sorted(pub_keyfiles): key_hexstring = load_binary_file(f) if key_hexstring: key_hexstring = key_hexstring.rstrip(b" \n\r") key_strs[f] = key_hexstring log("u2f_auth: loaded public key from file '%s': %s", f, key_hexstring) #parse public key data: from cryptography.hazmat.primitives.serialization import load_der_public_key from cryptography.hazmat.backends import default_backend for origin, key_hexstring in key_strs.items(): try: key = binascii.unhexlify(key_hexstring) except Exception as e: log("unhexlify(%s)", key_hexstring, exc_info=True) log.warn("Warning: failed to parse key '%s'", origin) log.warn(" %s", e) continue log("u2f: trying to load DER public key %s", repr(key)) if not key.startswith(PUB_KEY_DER_PREFIX): key = PUB_KEY_DER_PREFIX + key try: k = load_der_public_key(key, default_backend()) except Exception as e: log("load_der_public_key(%r)", key, exc_info=True) log.warn("Warning: failed to parse key '%s'", origin) log.warn(" %s", e) continue self.public_keys[origin] = k if not self.public_keys: raise Exception( "u2f authenticator requires at least one public key")
def __init__(self, username, **kwargs): password_files = [kwargs.pop("filename", None)]+list(password_file or []) log("FileAuthenticatorBase password_files=%s", password_files) filename = None for filename in password_files: if not filename: continue if not os.path.isabs(filename): exec_cwd = kwargs.get("exec_cwd", os.getcwd()) filename = os.path.join(exec_cwd, filename) if os.path.exists(filename): break log("FileAuthenticatorBase filename=%s", filename) SysAuthenticator.__init__(self, username, **kwargs) self.password_filename = filename self.password_filedata = None self.password_filetime = None self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs): log("hosts.Authenticator(%s, %s)", username, kwargs) if not POSIX: log.warn("Warning: hosts authentication is not supported on %s", os.name) return connection = kwargs.get("connection", None) try: from xpra.net.bytestreams import SocketConnection if not connection and isinstance(connection, SocketConnection): raise Exception( "hosts: invalid connection '%s' (not a socket connection)" % connection) info = connection.get_info() log("hosts.Authenticator(..) connection info=%s", info) host = info.get("remote")[0] peername = info.get("endpoint")[0] except Exception as e: log.error("Error: cannot get host from connection") log.error(" %s", e) raise self.peername = peername self.host = host SysAuthenticator.__init__(self, username, **kwargs)
def __init__(self, username, **kwargs): log("peercred.Authenticator(%s, %s)", username, kwargs) if not POSIX: log.warn("Warning: peercred authentication is not supported on %s", os.name) return self.uid = -1 self.gid = -1 self.peercred_check = False connection = kwargs.get("connection", None) uids = kwargs.pop("uid", None) gids = kwargs.pop("gid", None) allow_uids = None allow_gids = None if uids: allow_uids = [] for x in uids.split(","): x = osexpand(x.strip()) try: allow_uids.append(int(x)) except ValueError: import pwd try: pw = pwd.getpwnam(x) uids.append(pw.pw_uid) except KeyError: log.warn("Warning: unknown username '%s'", x) log("peercred: allow_uids(%s)=%s", uids, allow_uids) if gids: allow_gids = [] for x in gids.split(","): x = osexpand(x.strip()) try: allow_gids.append(int(x)) except ValueError: gid = get_group_id(x) if gid >= 0: allow_gids.append(gid) else: log.warn("Warning: unknown group '%s'", x) log("peercred: allow_gids(%s)=%s", gids, allow_gids) try: from xpra.net.bytestreams import SocketConnection if connection and isinstance(connection, SocketConnection): sock = connection._socket peercred = get_peercred(sock) log("get_peercred(%s)=%s", sock, peercred) if not peercred: log.warn("Warning: failed to get peer credentials on %s", sock) return _, uid, gid = peercred if allow_uids is not None and uid not in allow_uids: log.warn("Warning: peercred access denied,") log.warn(" uid %i is not in the whitelist: %s", uid, csv(allow_uids)) elif allow_gids is not None and gid not in allow_gids: log.warn("Warning: peercred access denied,") log.warn(" gid %i is not in the whitelist: %s", gid, csv(allow_gids)) else: self.peercred_check = True self.uid = uid self.gid = gid else: log( "peercred: invalid connection '%s' (not a socket connection)", connection) except Exception as e: log.error("Error: cannot get peer uid") log.error(" %s", e) SysAuthenticator.__init__(self, username, **kwargs)
def __init__(self, username, **kwargs): self.service = kwargs.pop("service", PAM_AUTH_SERVICE) SysAuthenticator.__init__(self, username, **kwargs)
def get_challenge(self): return SysAuthenticator.get_challenge(self, mac="hmac")
def __init__(self, username, **kwargs): print("kwargs=%s" % (kwargs, )) SysAuthenticator.__init__(self, username) self.value = kwargs.get("value") self.authenticate = self.authenticate_hmac
def get_challenge(self, digests): if "xor" not in digests: raise Exception( "pam authenticator requires the 'xor' digest, not %s" % csv(digests)) return SysAuthenticator.get_challenge(self, ["xor"])
def __init__(self, username, **kwargs): self.value = kwargs.pop("value", None) SysAuthenticator.__init__(self, username, **kwargs) self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs): self.service = kwargs.pop("service", PAM_AUTH_SERVICE) self.check_account = parse_bool("check-account", kwargs.pop("check-account", PAM_CHECK_ACCOUNT), False) SysAuthenticator.__init__(self, username, **kwargs)
def get_challenge(self, digests): if "xor" not in digests: log.error("Error: pam authentication requires the 'xor' digest") return None return SysAuthenticator.get_challenge(self, ["xor"])
def get_challenge(self, digests): if "xor" not in digests: raise Exception("win32 authenticator requires the 'xor' digest") return SysAuthenticator.get_challenge(self, ["xor"])
def __init__(self, username, **kwargs): SysAuthenticator.__init__(self, username) self.password_filename = kwargs.get("filename", password_file) self.password_filedata = None self.password_filetime = None self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs): SysAuthenticator.__init__(self, username) self.value = kwargs.get("value") self.authenticate = self.authenticate_hmac
def __init__(self, username, **kwargs): SysAuthenticator.__init__(self, username, **kwargs) self.salt = None self.pw = None self.username = get_username()
def __init__(self, username, **kwargs): SysAuthenticator.__init__(self, username) self.var_name = kwargs.get("name", "XPRA_PASSWORD") self.authenticate = self.authenticate_hmac