def authenticate(db, client, password):
usr = srp.User(client, password)
uname, A = usr.start_authentication()
s, B = db.authenticate1(uname, A)
M = usr.process_challenge(s, B)
if M is None:
raise TardisDB.AuthenticationFailed()
HAMK = db.authenticate2(M)
usr.verify_session(HAMK)
if not usr.authenticated():
raise TardisDB.AuthenticationFailed()
def setupDataConnection(dataLoc, client, password, keyFile, dbName, dbLoc=None, allow_upgrade=False, retpassword=False):
""" Setup a data connection to a client. Determines the correct way to connect, either via direct filesystem,
or via TardisRemote (http).
Returns a 3-tuple, the TardisDB object, the CacheDir object, and the appropriate crypto object
"""
logger.debug("Connection requested for %s under %s", client, dataLoc)
crypt = None
loc = urllib.parse.urlparse(dataLoc)
if (loc.scheme == 'http') or (loc.scheme == 'https'):
logger.debug("Creating remote connection to %s", dataLoc)
# If no port specified, insert the port
if loc.port is None:
netloc = loc.netloc + ":" + Defaults.getDefault('TARDIS_REMOTE_PORT')
dbLoc = urllib.parse.urlunparse((loc.scheme, netloc, loc.path, loc.params, loc.query, loc.fragment))
else:
dbLoc = dataLoc
# get the RemoteURL object
logger.debug("==> %s %s", dbLoc, client)
tardis = RemoteDB.RemoteDB(dbLoc, client)
cache = tardis
else:
logger.debug("Creating direct connection to %s", dataLoc)
cacheDir = os.path.join(loc.path, client)
cache = CacheDir.CacheDir(cacheDir, create=False)
if not dbLoc:
dbDir = cacheDir
else:
dbDir = os.path.join(dbLoc, client)
dbPath = os.path.join(dbDir, dbName)
tardis = TardisDB.TardisDB(dbPath, allow_upgrade=allow_upgrade)
needsAuth = tardis.needsAuthentication()
if needsAuth and password is None:
password = getPassword(True, None, None, "Password for %s: " % client, allowNone=False)
if needsAuth:
authenticate(tardis, client, password)
elif password:
raise TardisDB.AuthenticationFailed()
# Password specified, so create the crypto unit
#cryptoScheme = tardis.getConfigValue('CryptoScheme', '1')
cryptoScheme = tardis.getCryptoScheme()
crypt = TardisCrypto.getCrypto(cryptoScheme, password, client)
if keyFile:
(f, c) = loadKeys(keyFile, tardis.getConfigValue('ClientID'))
else:
(f, c) = tardis.getKeys()
crypt.setKeys(f, c)
if retpassword:
return (tardis, cache, crypt, password)
else:
return (tardis, cache, crypt)
def setupDataConnection(dataLoc,
client,
password,
keyFile,
dbName,
dbLoc=None,
allow_upgrade=False):
logger.debug("Connection requested for %s under %s", client, dataLoc)
crypt = None
loc = urlparse.urlparse(dataLoc)
if (loc.scheme == 'http') or (loc.scheme == 'https'):
logger.debug("Creating remote connection to %s", dataLoc)
# If no port specified, insert the port
if loc.port is None:
netloc = loc.netloc + ":" + Defaults.getDefault(
'TARDIS_REMOTE_PORT')
dbLoc = urlparse.urlunparse((loc.scheme, netloc, loc.path,
loc.params, loc.query, loc.fragment))
else:
dbLoc = dataLoc
# get the RemoteURL object
logger.debug("==> %s %s", dbLoc, client)
tardis = RemoteDB.RemoteDB(dbLoc, client)
cache = tardis
else:
logger.debug("Creating direct connection to %s", dataLoc)
cacheDir = os.path.join(loc.path, client)
cache = CacheDir.CacheDir(cacheDir, create=False)
if not dbLoc:
dbDir = cacheDir
else:
dbDir = os.path.join(dbLoc, client)
dbPath = os.path.join(dbDir, dbName)
tardis = TardisDB.TardisDB(dbPath, allow_upgrade=allow_upgrade)
needsAuth = tardis.needsAuthentication()
if needsAuth and password is None:
password = getPassword(True, None, None, "Password for %s: " % client)
if password:
if needsAuth:
authenticate(tardis, client, password)
else:
raise TardisDB.AuthenticationFailed()
# Password specified, so create the crypto unit
crypt = TardisCrypto.TardisCrypto(password, client)
if keyFile:
(f, c) = loadKeys(keyFile, tardis.getConfigValue('ClientID'))
else:
(f, c) = tardis.getKeys()
crypt.setKeys(f, c)
return (tardis, cache, crypt)
def authenticate2(self, srpValueM):
postData = {'srpValueM': str(base64.b64encode(srpValueM), 'utf8')}
response = self.session.post(self.baseURL + 'authenticate2',
data=postData)
# Check for "not authenticated", which indicates authentication failed.
if response.status_code == 401:
raise TardisDB.AuthenticationFailed("Bad Password")
# Catch other errors.
response.raise_for_status()
data = response.json()
srpValueH = base64.b64decode(data['srpValueH'])
return srpValueH
def authenticate1(self, uname, srpValueA):
postData = {
'srpUname': base64.b64encode(uname),
'srpValueA': base64.b64encode(srpValueA)
}
response = self.session.post(self.baseURL + 'authenticate1',
data=postData)
# Check for "not authenticated", which indicates authentication failed.
if response.status_code == 401:
raise TardisDB.AuthenticationFailed("Bad Password")
# Catch other errors.
response.raise_for_status()
data = response.json()
srpValueS = base64.b64decode(data['srpValueS'])
srpValueB = base64.b64decode(data['srpValueB'])
return srpValueS, srpValueB