def verifyMsChapV2(self, userpwd): ms_chap_response = self['MS-CHAP2-Response'][0] authenticator_challenge = self['MS-CHAP-Challenge'][0] if len(ms_chap_response) != 50: raise Exception("Invalid MSCHAPV2-Response attribute length") # if isinstance(userpwd, six.text_type): # userpwd = userpwd.strip().encode('utf-8') nt_response = ms_chap_response[26:50] peer_challenge = ms_chap_response[2:18] _user_name = self.get(1)[0] nt_resp = mschap.generate_nt_response_mschap2( authenticator_challenge, peer_challenge, _user_name, userpwd, ) if nt_resp == nt_response: auth_resp = mschap.generate_authenticator_response( userpwd, nt_response, peer_challenge, authenticator_challenge, _user_name) self.ext_attrs['MS-CHAP2-Success'] = auth_resp self.ext_attrs['MS-MPPE-Encryption-Policy'] = '\x00\x00\x00\x01' self.ext_attrs['MS-MPPE-Encryption-Type'] = '\x00\x00\x00\x06' nt_pwd_hash = mschap.nt_password_hash(userpwd) mppeSendKey, mppeRecvKey = mppe.mppe_chap2_gen_keys( userpwd, peer_challenge) self.ext_attrs['MS-MPPE-Send-Key'] = mppeSendKey self.ext_attrs['MS-MPPE-Recv-Key'] = mppeRecvKey return True else: return False
def verifyMsChapV2(self,userpwd): ms_chap_response = self['MS-CHAP2-Response'][0] authenticator_challenge = self['MS-CHAP-Challenge'][0] if len(ms_chap_response)!=50: raise Exception("Invalid MSCHAPV2-Response attribute length") # if isinstance(userpwd, six.text_type): # userpwd = userpwd.strip().encode('utf-8') nt_response = ms_chap_response[26:50] peer_challenge = ms_chap_response[2:18] _user_name = self.get(1)[0] nt_resp = mschap.generate_nt_response_mschap2( authenticator_challenge, peer_challenge, _user_name, userpwd, ) if nt_resp == nt_response: auth_resp = mschap.generate_authenticator_response( userpwd, nt_response, peer_challenge, authenticator_challenge, _user_name ) self.ext_attrs['MS-CHAP2-Success'] = auth_resp self.ext_attrs['MS-MPPE-Encryption-Policy'] = '\x00\x00\x00\x01' self.ext_attrs['MS-MPPE-Encryption-Type'] = '\x00\x00\x00\x06' nt_pwd_hash = mschap.nt_password_hash(userpwd) mppeSendKey,mppeRecvKey = mppe.mppe_chap2_gen_keys(userpwd,peer_challenge) self.ext_attrs['MS-MPPE-Send-Key'] = mppeSendKey self.ext_attrs['MS-MPPE-Recv-Key'] = mppeRecvKey return True else: return False
def verifyMsChapV2(self,userpwd): ms_chap_response = self['MS-CHAP2-Response'][0] authenticator_challenge = self['MS-CHAP-Challenge'][0] if len(ms_chap_response)!=50: raise Exception("Invalid MSCHAPV2-Response attribute length") # if isinstance(userpwd, six.text_type): # userpwd = userpwd.strip().encode('utf-8') nt_response = ms_chap_response[26:50] peer_challenge = ms_chap_response[2:18] _user_name = self.get(1)[0] nt_resp = mschap.generate_nt_response_mschap2( authenticator_challenge, peer_challenge, _user_name, userpwd, ) print 'username',_user_name print 'passwd',userpwd print 'authenticator_challenge',mschap.convert_to_hex_string(authenticator_challenge),len( authenticator_challenge) print 'peer_challenge',mschap.convert_to_hex_string(peer_challenge),len(peer_challenge) print 'nt_response', mschap.convert_to_hex_string(nt_response),len(nt_response) print 'my_nt_resp', mschap.convert_to_hex_string(nt_resp), len(nt_resp) if nt_resp == nt_response: auth_resp = mschap.generate_authenticator_response( userpwd, nt_response, peer_challenge, authenticator_challenge, _user_name ) self.ext_attrs['MS-CHAP2-Success'] = auth_resp self.ext_attrs['MS-MPPE-Encryption-Policy'] = '\x00\x00\x00\x01' self.ext_attrs['MS-MPPE-Encryption-Type'] = '\x00\x00\x00\x06' mppeSendKey,mppeRecvKey = mppe.mppe_chap2_gen_keys(userpwd,peer_challenge) send_salt, recv_salt = mppe.create_salts() send_key = mppe.radius_encrypt_keys( mppe.create_plain_text(mppeSendKey), self.secret, self.authenticator, send_salt ) recv_key = mppe.radius_encrypt_keys( mppe.create_plain_text(mppeRecvKey), self.secret, self.authenticator, recv_salt ) print 'send_key',mschap.convert_to_hex_string(send_key),len(send_key) print 'recv_key',mschap.convert_to_hex_string(recv_key),len(recv_key) self.ext_attrs['MS-MPPE-Send-Key'] = send_key self.ext_attrs['MS-MPPE-Recv-Key'] = recv_key return True else: self.ext_attrs['Reply-Message'] = "E=691 R=1 C=%s V=3 M=<password error>" % ('\0' * 32) return False
def verifyMsChapV2(self,userpwd): ms_chap_response = self['MS-CHAP2-Response'][0] authenticator_challenge = self['MS-CHAP-Challenge'][0] if len(ms_chap_response)!=50: raise Exception("Invalid MSCHAPV2-Response attribute length") # if isinstance(userpwd, six.text_type): # userpwd = userpwd.strip().encode('utf-8') nt_response = ms_chap_response[26:50] peer_challenge = ms_chap_response[2:18] _user_name = self.get(1)[0] nt_resp = mschap.generate_nt_response_mschap2( authenticator_challenge, peer_challenge, _user_name, userpwd, ) if nt_resp == nt_response: auth_resp = mschap.generate_authenticator_response( userpwd, nt_response, peer_challenge, authenticator_challenge, _user_name ) self.ext_attrs['MS-CHAP2-Success'] = auth_resp self.ext_attrs['MS-MPPE-Encryption-Policy'] = '\x00\x00\x00\x01' self.ext_attrs['MS-MPPE-Encryption-Type'] = '\x00\x00\x00\x06' mppeSendKey,mppeRecvKey = mppe.mppe_chap2_gen_keys(userpwd,peer_challenge) send_key, recv_key = mppe.gen_radius_encrypt_keys(mppeSendKey,mppeRecvKey,self.secret,self.authenticator) self.ext_attrs['MS-MPPE-Send-Key'] = send_key self.ext_attrs['MS-MPPE-Recv-Key'] = recv_key return True else: self.ext_attrs['Reply-Message'] = "E=691 R=1 C=%s V=3 M=<password error>" % ('\0' * 32) return False