def test_all_digests(self):
for digest in get_digests():
if digest.startswith("hmac"):
m = get_digest_module(digest)
assert m is not None, "digest module not found for '%s'" % digest
salt = get_salt(32)
password = "******"
d = gendigest(digest, password, salt)
assert d is not None
assert not verify_digest(digest, None, salt, d)
assert not verify_digest(digest, password, None, d)
assert not verify_digest(digest, password, salt, None)
assert not verify_digest(digest, password, salt, d[:-1])
assert verify_digest(digest, password, salt, d)
def authenticate_hmac(self, challenge_response, client_salt=None):
log("authenticate_hmac(%r, %r)", challenge_response, client_salt)
self.sessions = None
if not self.salt:
log.error(
"Error: illegal challenge response received - salt cleared or unset"
)
return None
#ensure this salt does not get re-used:
salt = self.get_response_salt(client_salt)
entry = self.get_auth_info()
if entry is None:
log.warn("Warning: authentication failed")
log.warn(" no password for '%s' in '%s'", self.username,
self.password_filename)
return None
log("authenticate: auth-info(%s)=%s", self.username, entry)
fpassword, uid, gid, displays, env_options, session_options = entry
log("multifile authenticate_hmac password='******', hex(salt)=%s",
fpassword, hexstr(salt))
if not verify_digest(self.digest, fpassword, salt, challenge_response):
log.warn("Warning: %s challenge for '%s' does not match",
self.digest, self.username)
return False
self.sessions = uid, gid, displays, env_options, session_options
return True
def authenticate_hmac(self,
challenge_response: str,
client_salt: str = None) -> bool:
log("sys_auth_base.authenticate_hmac(%r, %r)", challenge_response,
client_salt)
if not self.salt:
log.error(
"Error: illegal challenge response received - salt cleared or unset"
)
return None
salt = self.get_response_salt(client_salt)
passwords = self.get_passwords()
if not passwords:
log.warn("Warning: %s authentication failed", self)
log.warn(" no password defined for '%s'", self.username)
return False
log("found %i passwords using %r", len(passwords), self)
for x in passwords:
if verify_digest(self.digest, x, salt, challenge_response):
self.password_used = x
return True
log.warn("Warning: %s challenge for '%s' does not match", self.digest,
self.username)
if len(passwords) > 1:
log.warn(" checked %i passwords", len(passwords))
return False
def authenticate_hmac(self, challenge_response, client_salt=None):
if not self.salt:
log.error("Error: illegal challenge response received - salt cleared or unset")
return None
salt = self.get_response_salt(client_salt)
password = self.get_password()
log("authenticate_hmac() get_password()=%s", obsc(password))
if not password:
log.warn("Warning: authentication failed")
log.warn(" no password for '%s' in '%s'", self.username, self.password_filename)
return False
if not verify_digest(self.digest, password, salt, challenge_response):
log.warn("Warning: %s challenge for '%s' does not match", self.digest, self.username)
return False
return True
