How to use the sasl.sasl.saslmech function in sasl

To help you get started, we’ve selected a few sasl examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github dwd / Suelta / sasl.py View on Github external
if self._rspauth_okay and self._qop == 'auth-int':
			self._enc_key = self.hashfn( self._a1 + self.enc_magic ).digest()
			self._dec_key = self.hashfn( self._a1 + self.dec_magic ).digest()
			self.encoding = True
		return self._rspauth_okay

	def prep( self ):
		if 'password' in self.vals:
			del self.vals['password']
		self.vals['cnonce'] = self.cnonce

	def getuser( self ):
		return self.vals['username']
register_mech('DIGEST-', 30, _digest_md5)

class _plain(sasl.saslmech):
	def __init__( self, asasl, plainname ):
		sasl.saslmech.__init__( self, asasl, plainname, 1 )
		if self.sasl.tls_active() is None:
			if not self.sasl.secquery( self, "I need to use plaintext authentication,\nbut I have no encryption layer. This is bad, as it is easy\nto obtain your password, and impossible to prevent.\nDo you REALLY want me to continue?" ):
				raise cancelled( self.sasl, self )
		else:
			if not self.sasl.secquery( self, "I have encryption, but I need to use\nplaintext authentication. If the server has been hacked,\nI will give the attacker your password.\nThis is unlikely, but should I continue?" ):
				raise cancelled( self.sasl, self )
		self.check_vals( ['username','password'] )

	def process( self, chatter=None ):
		return '\0%s\0%s' % ( self.vals['username'], self.vals['password'] )

	def getuser( self ):
		return self.vals['username']
github dwd / Suelta / sasl.py View on Github external
return True

		def prep( self ):
			if 'savepass' not in self.vals:
				if self.sasl.secquery( self, "Can I save this password in the clear?" ):
					self.vals['savepass'] = True
			if 'savepass' not in self.vals:
				del self.vals['password']
			return True
		
		def getuser( self ):
			return self.vals['username']
	
	register_mech('CRAM-', 20, _cram_md5)
	
	class _scram_hmac(sasl.saslmech):
		def __init__(self, sasl, mechname):
			sasl.saslmech.__init__(self, sasl, mechname, 0)
			self.cb = False
			if mechname[-5:] == "-PLUS":
				mechname = mechname[:-5]
				self.cb = True
			self.hashfn = hash(mechname[6:])
			if self.hashfn is None:
				raise cancelled(self.sasl, self)
			if self.sasl.tls_active() is None:
				if not self.sasl.secquery( self, "I have no encryption, however I am using SCRAM.\nAn attacker listening to the wire could see what you're doing,\nbut would find it difficult to get your password.\nShould I continue?" ):
					raise cancelled( self.sasl, self )
			self.step = 0
			self.rspauth = False
		
		def scram_parse(self, chatter):
github dwd / Suelta / sasl.py View on Github external
return self.rspauth
		
		def prep( self ):
			if 'password' in self.vals:
				del self.vals['password']
		
		def getuser( self ):
			return self.vals['username']
			
	register_mech('SCRAM-', 60, _scram_hmac)
	register_mech('SCRAM-', 70, _scram_hmac, '-PLUS')

except ImportError:
	pass

class _anonymous(sasl.saslmech):
	def __init__( self, sasl, mechname ):
		sasl.saslmech.__init__( self, sasl, mechname, 0 )

	def getvals( self ):
		return {}

	def process( self, chatter ):
		return "Anonymous, Suelta"

	def okay( self ):
		return True

	def getuser( self ):
		return "anonymous"

mech['ANONYMOUS'] = _anonymous
github dwd / Suelta / sasl.py View on Github external
break
					tmp[x] = None
			return tmp

		def have_vals( self, keys ):
			return 0==len(self.thing_vals(keys))

		def check_vals( self, keys ):
			tmp = self.thing_vals(keys)
			if len(tmp):
				self.sasl.cb( self, tmp )

try:
	import hmac

	class _cram_md5( sasl.saslmech ):
		def __init__( self, asasl, mechname ):
			sasl.saslmech.__init__( self, asasl, mechname, 2 )
			self.hash = hash(mechname[5:])
			if self.hash is None:
				raise cancelled( self.sasl, self )
			if self.sasl.tls_active() is None:
				if not self.sasl.secquery( self, "CRAM-MD5 is not very strong, and can be broken.\nShould I continue anyway? It is fairly safe to do so." ):
					raise cancelled( self.sasl, self )
	
		def process( self, chatter ):
			if chatter == None:
				return None
			self.check_vals( ['username','password'] )
			h = hmac.HMAC( key=self.vals["password"], digestmod=self.hash )
			h.update( chatter )
			tmp = self.vals["username"] + " " + h.hexdigest()
github dwd / Suelta / sasl.py View on Github external
def getvals( self ):
		return {}

	def process( self, chatter ):
		return "Anonymous, Suelta"

	def okay( self ):
		return True

	def getuser( self ):
		return "anonymous"

mech['ANONYMOUS'] = _anonymous
mechmap['ANONYMOUS'] = 0

class _digest_md5(sasl.saslmech):
	enc_magic = "Digest session key to client-to-server signing key magic constant"
	dec_magic = "Digest session key to server-to-client signing key magic constant"
	def __init__( self, asasl, mechname ):
		sasl.saslmech.__init__( self, asasl, mechname, 3 )
		self.hashfn = hash(mechname[7:])
		if self.hashfn is None:
			raise cancelled(self.sasl, self)
		if self.sasl.tls_active() is None:
			if not self.sasl.secquery( self, "I have no encryption, however I am using DIGEST-MD5.\nAn attacker listening to the wire could see what you're doing,\nbut would find it difficult to get your password.\nShould I continue?" ):
				raise cancelled( self.sasl, self )
		self._rspauth_okay = False
		self._digest_uri = None
		self._a1 = None
		self._encbuf = ''
		self._enc_key = None
		self._enc_seq = 0