def challenge(self, challenge): in_params = dict([part.split('=') for part in challenge.split('&')]) out_params = {'nonce': in_params['nonce']} out_params = self._fb_client._add_session_args(out_params) out_params = self._fb_client._build_post_args(in_params['method'], out_params) import urllib return Response(urllib.urlencode(out_params))
def challenge(self, challenge): in_params = dict([part.split('=') for part in challenge.split('&')]) out_params = {'nonce': in_params['nonce']} out_params = add_session_args(out_params, self._fb_client.session_key) out_params = build_post_args(in_params['method'], out_params, self._fb_client.secret) return Response(urllib.urlencode(out_params))
def challenge(self, challenge): if self.step == 0: rc = kerberos.authGSSClientStep(self._gss, base64.b64encode(challenge)) if rc != kerberos.AUTH_GSS_CONTINUE: self.step = 1 elif self.step == 1: rc = kerberos.authGSSClientUnwrap(self._gss, base64.b64encode(challenge)) response = kerberos.authGSSClientResponse(self._gss) rc = kerberos.authGSSClientWrap(self._gss, response, self.username) response = kerberos.authGSSClientResponse(self._gss) if response is None: return Response("") else: return Response(base64.b64decode(response))
def start(self, username, authzid): self.username = username self.authzid = authzid # TODO: This isn't very XEP-0178'ish. # XEP-0178 says "=" should be sent when only one id-on-xmppAddr is # in the cert, but we don't know that. Still, this conforms to the # standard and works. return Response(self.authzid, encode=True)
def challenge(self, challenge): """Process the challenge and return the response. :Parameters: - `challenge`: the challenge. :Types: - `challenge`: `str` :return: the response or a failure indicator. :returntype: `sasl.Response` or `sasl.Failure`""" _unused = challenge if self.finished: self.__logger.debug("Already authenticated") return Failure("extra-challenge") self.finished=1 if self.password is None: self.password,pformat=self.password_manager.get_password(self.username) if not self.password or pformat!="plain": self.__logger.debug("Couldn't retrieve plain password") return Failure("password-unavailable") return Response("%s\000%s\000%s" % ( to_utf8(self.authzid), to_utf8(self.username), to_utf8(self.password)))
def _final_challenge(self, challenge): """Process the second challenge from the server and return the response. :Parameters: - `challenge`: the challenge from server. :Types: - `challenge`: `str` :return: the response or a failure indicator. :returntype: `sasl.Response` or `sasl.Failure`""" if self.rspauth_checked: return Failure("extra-challenge") challenge = challenge.split('\x00')[0] rspauth = None while challenge: m = _param_re.match(challenge) if not m: self.__logger.debug("Challenge syntax error: %r" % (challenge, )) return Failure("bad-challenge") challenge = m.group("rest") var = m.group("var") val = m.group("val") self.__logger.debug("%r: %r" % (var, val)) if var == "rspauth": rspauth = val if not rspauth: self.__logger.debug("Final challenge without rspauth") return Failure("bad-success") if rspauth == self.response_auth: self.rspauth_checked = 1 return Response("") else: self.__logger.debug("Wrong rspauth value - peer is cheating?") self.__logger.debug("my rspauth: %r" % (self.response_auth, )) return Failure("bad-success")
def start(self, username, authzid): """Start the authentication process initializing client state. :Parameters: - `username`: username (authentication id). - `authzid`: authorization id. :Types: - `username`: `unicode` - `authzid`: `unicode` :return: the (empty) initial response :returntype: `sasl.Response` or `sasl.Failure`""" self.username = from_utf8(username) if authzid: self.authzid = from_utf8(authzid) else: self.authzid = "" self.password = None self.pformat = None self.nonce_count = 0 self.response_auth = None self.rspauth_checked = 0 self.realm = None return Response()
def start(self, ignored_username, ignored_authzid): return Response()
def _make_response(self, charset, realms, nonce): """Make a response for the first challenge from the server. :Parameters: - `charset`: charset name from the challenge. - `realms`: realms list from the challenge. - `nonce`: nonce value from the challenge. :Types: - `charset`: `str` - `realms`: `str` - `nonce`: `str` :return: the response or a failure indicator. :returntype: `sasl.Response` or `sasl.Failure`""" params = [] realm = self._get_realm(realms, charset) if isinstance(realm, Failure): return realm elif realm: realm = _quote(realm) params.append('realm="%s"' % (realm, )) try: username = self.username.encode(charset) except UnicodeError: self.__logger.debug("Couldn't encode username to %r" % (charset, )) return Failure("incompatible-charset") username = _quote(username) params.append('username="******"' % (username, )) cnonce = self.password_manager.generate_nonce() cnonce = _quote(cnonce) params.append('cnonce="%s"' % (cnonce, )) params.append('nonce="%s"' % (_quote(nonce), )) self.nonce_count += 1 nonce_count = "%08x" % (self.nonce_count, ) params.append('nc=%s' % (nonce_count, )) params.append('qop=auth') serv_type = self.password_manager.get_serv_type().encode("us-ascii") host = self.password_manager.get_serv_host().encode("idna") serv_name = self.password_manager.get_serv_name().encode("utf-8") if serv_name and serv_name != host: digest_uri = "%s/%s/%s" % (serv_type, host, serv_name) else: digest_uri = "%s/%s" % (serv_type, host) digest_uri = _quote(digest_uri) params.append('digest-uri="%s"' % (digest_uri, )) if self.authzid: try: authzid = self.authzid.encode(charset) except UnicodeError: self.__logger.debug("Couldn't encode authzid to %r" % (charset, )) return Failure("incompatible-charset") authzid = _quote(authzid) else: authzid = "" if self.pformat == "md5:user:realm:pass": urp_hash = self.password else: urp_hash = _make_urp_hash(username, realm, self.password) response = _compute_response(urp_hash, nonce, cnonce, nonce_count, authzid, digest_uri) self.response_auth = _compute_response_auth(urp_hash, nonce, cnonce, nonce_count, authzid, digest_uri) params.append('response=%s' % (response, )) if authzid: params.append('authzid="%s"' % (authzid, )) return Response(",".join(params))
def challenge(self, challenge): in_params = WebFormData.parse(challenge, utf8=True) out_params = {'nonce': in_params['nonce'].encode('utf-8')} out_params = self.api.prepare_call(in_params['method'].encode('utf-8'), **out_params) return Response(out_params)
def challenge(self, challenge): if self.password is None: self.password, pformat = self.password_manager.get_password( self.username) if not self.password or pformat != "plain": self.__logger.debug("Couldn't retrieve plain password") return Failure("password-unavailable") if self.step == 0: self.step = 1 return Response(''.join( pstrIlist([to_utf8(self.authzid), to_utf8(self.username)]))) elif self.step == 1: self.step = 2 srv_rsa_key = None self.__logger.critical("loading server certificate") try: srv_cert = M2Crypto.X509.load_cert_string(challenge) if srv_cert is not None: self.__logger.critical("retrieving server pubkey") srv_key = srv_cert.get_pubkey() if srv_key is not None: self.__logger.critical("retrieving server RSA pubkey") srv_rsa_key = srv_key.get_rsa() except Exception: traceback.print_exc() if srv_rsa_key is None: return Failure("bad-server-cert") if not srv_cert.verify(ROOT_CERT.get_pubkey()): return Failure("bad-server-cert") self.srv_rsa_key = srv_rsa_key self.__logger.critical("generating Nonce") from M2Crypto import m2 nonce = m2.rand_bytes(16) self.__logger.critical("encrypting Nonce") enonce = digsbyrsa.DIGSBY_RSA_public_encrypt( nonce, srv_rsa_key, M2Crypto.RSA.pkcs1_oaep_padding) self.__logger.critical("loading key") try: self.key = _get_client_key_pem(self.username, self.password) except Exception: self.key = None if self.key is None: self.__logger.critical("generating new key") self.key = M2Crypto.RSA.gen_key(2048, 0x10001) self.__logger.critical("saving new key") if not self.key.check_key(): raise ValueError("failed to generate key") try: _save_client_key_pem(self.key, self.username, self.password) except Exception: traceback.print_exc() self.__logger.critical("creating buffer") buff = M2Crypto.BIO.MemoryBuffer() self.__logger.critical("serializing client public key to buffer") self.key.save_pub_key_bio(buff) self.__logger.critical_s("Nonce: %r", nonce) genkey = buff.getvalue() self.__logger.critical_s("Key: %r", genkey) eKey = pstrAES(nonce, genkey) self.__logger.critical("returning response") return Response(''.join(pstrIlist([enonce, eKey]))) elif self.step == 2: self.step = 3 package_nonce_C_userpub, package_C_AES_C_serverpriv = unpackpstrlist( challenge) package_nonce = digsbyrsa.DIGSBY_RSA_private_decrypt( package_nonce_C_userpub, self.key, M2Crypto.RSA.pkcs1_oaep_padding) package_C_serverpriv = util.cryptography.decrypt( package_nonce, package_C_AES_C_serverpriv, padchar=None, mode=util.cryptography.Mode.CBC) nonce = digsbyrsa.DIGSBY_RSA_public_decrypt( package_C_serverpriv, self.srv_rsa_key, M2Crypto.RSA.pkcs1_padding) return Response(pstrAES(nonce, self.password)) else: return Failure("extra-challenge")