Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def __init__( self, asasl, mechname ):
sasl.saslmech.__init__( self, asasl, mechname, 3 )
self.hashfn = hash(mechname[7:])
if self.hashfn is None:
raise cancelled(self.sasl, self)
if self.sasl.tls_active() is None:
if not self.sasl.secquery( self, "I have no encryption, however I am using DIGEST-MD5.\nAn attacker listening to the wire could see what you're doing,\nbut would find it difficult to get your password.\nShould I continue?" ):
raise cancelled( self.sasl, self )
self._rspauth_okay = False
self._digest_uri = None
self._a1 = None
self._encbuf = ''
self._enc_key = None
self._enc_seq = 0
self._max_buffer = 65536
self._decbuf = ''
self._dec_key = None
self._dec_seq = 0
self._a1 = None
self._qops = ['auth']
self._qop = 'auth'
def __init__( self, asasl, plainname ):
sasl.saslmech.__init__( self, asasl, plainname, 1 )
if self.sasl.tls_active() is None:
if not self.sasl.secquery( self, "I need to use plaintext authentication,\nbut I have no encryption layer. This is bad, as it is easy\nto obtain your password, and impossible to prevent.\nDo you REALLY want me to continue?" ):
raise cancelled( self.sasl, self )
else:
if not self.sasl.secquery( self, "I have encryption, but I need to use\nplaintext authentication. If the server has been hacked,\nI will give the attacker your password.\nThis is unlikely, but should I continue?" ):
raise cancelled( self.sasl, self )
self.check_vals( ['username','password'] )
def process_two(self, chatter):
self.step = 2
self.soup += "," + chatter + ","
data = self.scram_parse(chatter)
self.nonce = data['r']
self.salt = data['s'].decode('base64')
self.iter = int(data['i'])
if self.nonce[:len(self.cnonce)] != self.cnonce:
raise cancelled(self.sasl, self)
cbdata = self.sasl.tls_active()
c = self.gs2header
if cbdata is not None and cbdata is not True and self.cb:
c += cbdata
r = 'c=' + self.base64(c)
r += ',r=' + self.nonce
self.soup += r
if 'Iterations' in self.vals:
if self.vals['Iterations'] != self.iter:
if 'SaltedPassword' in self.vals:
del self.vals['SaltedPassword']
if 'Salt' in self.vals:
if self.vals['Salt'] != self.salt:
if 'SaltedPassword' in self.vals:
del self.vals['SaltedPassword']
self.vals['Iterations'] = self.iter
def __init__( self, asasl, mechname ):
sasl.saslmech.__init__( self, asasl, mechname, 2 )
self.hash = hash(mechname[5:])
if self.hash is None:
raise cancelled( self.sasl, self )
if self.sasl.tls_active() is None:
if not self.sasl.secquery( self, "CRAM-MD5 is not very strong, and can be broken.\nShould I continue anyway? It is fairly safe to do so." ):
raise cancelled( self.sasl, self )
def __init__(self, sasl, mechname):
sasl.saslmech.__init__(self, sasl, mechname, 0)
self.cb = False
if mechname[-5:] == "-PLUS":
mechname = mechname[:-5]
self.cb = True
self.hashfn = hash(mechname[6:])
if self.hashfn is None:
raise cancelled(self.sasl, self)
if self.sasl.tls_active() is None:
if not self.sasl.secquery( self, "I have no encryption, however I am using SCRAM.\nAn attacker listening to the wire could see what you're doing,\nbut would find it difficult to get your password.\nShould I continue?" ):
raise cancelled( self.sasl, self )
self.step = 0
self.rspauth = False