def check_auth_password(self, username, password):
self.logger.info('%s:%d: trying password authentication for "%s"' % (self.client_address + (username,)))
# Check the username
upstream = self._findUpstream(username)
if not upstream:
return paramiko.AUTH_FAILED
# Local authentication
if upstream.password and not (upstream.password == password):
self.logger.critical('%s:%d: local authentication of "%s" failed' % (self.client_address + (username,)))
return paramiko.AUTH_FAILED
# Connect to the upstream
if not upstream.upstream_password:
upstream.upstream_password = password
return self._connectToUpstream(upstream, password=True)
python类AUTH_FAILED的实例源码
def check_auth_password(self,username,password):
print_attn("[-.-] Username: %s%s" % (WARN,username))
print_attn("[>.>] password: %s%s" % (WARN,password))
#we try authenticating against the endpoint
#this should block till we know if success
try:
self.endpoint.auth_password(username,password,None,False)
if self.endpoint.is_authenticated():
self.logfile.write("[^.^] Good login | %s:%s\n" % (username,password))
self.logfile.write("__________________________\n")
return paramiko.AUTH_SUCCESSFUL
except Exception as e:
print str(e)
self.logfile.write("[~.~] Bad login | %s:%s\n" % (username,password))
self.logfile.write("__________________________\n")
self.retry_hack()
return paramiko.AUTH_FAILED
return paramiko.AUTH_FAILED
def check_auth_gssapi_with_mic(self, username,
gss_authenticated=paramiko.AUTH_FAILED,
cc_file=None):
"""
.. note::
We are just checking in `AuthHandler` that the given user is a
valid krb5 principal! We don't check if the krb5 principal is
allowed to log in on the server, because there is no way to do that
in python. So if you develop your own SSH server with paramiko for
a certain platform like Linux, you should call ``krb5_kuserok()`` in
your local kerberos library to make sure that the krb5_principal
has an account on the server and is allowed to log in as a user.
.. seealso::
`krb5_kuserok() man page
<http://www.unix.com/man-page/all/3/krb5_kuserok/>`_
"""
if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def check_auth_password(self, username, password):
logger.info("-=-=- %s -=-=-\nUser: %s\nPassword: %s\n" % (self.client_address[0], username, password))
print " IP: %s\n User: %s\n Pass: %s\n" % (self.client_address[0], username, password)
if DENY_ALL == True:
return paramiko.AUTH_FAILED
f = open("blocked.dat").read()
if self.client_address[0] in f:
if ran:
new_key()
return paramiko.OPEN_FAILED_UNKNOWN_CHANNEL_TYPE
else:
f = open("blocked.dat","a")
deepscan(self.client_address[0],f)
paramiko.OPEN_FAILED_CONNECT_FAILED
if (username == "root"):
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def check_auth_password(self, username, password):
logger.info("-=-=- %s -=-=-\nUser: %s\nPassword: %s\n" % (self.client_address[0], username, password))
print " IP: %s\n User: %s\n Pass: %s\n" % (self.client_address[0], username, password)
if DENY_ALL == True:
return paramiko.AUTH_FAILED
f = open("blocked.dat","r")
data = str(f.readlines()).find(self.client_address[0])
if data > 1:
if ran:
new_key()
return paramiko.PasswordRequiredException
else:
f = open("blocked.dat","a")
deepscan(self.client_address[0],f)
paramiko.OPEN_FAILED_CONNECT_FAILED
if (username == "root") and (password in PASSWORDS):
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def check_auth_password(self, username, password):
self.log.info("SSHServer: got username:%s password:%s" \
% (username, password))
try:
# Try the authentication to the server and return the response
self.sshproto.destt.auth_password(username, password)
except paramiko.AuthenticationException:
self.log.error("SSHProtocol: BAAAD AUTH")
return paramiko.AUTH_FAILED
return paramiko.AUTH_SUCCESSFUL
#if (username == 'sshtest') and (password == 'Intrepi0wn!'):
#return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def check_auth_publickey(self, username, key):
self.logger.info('%s:%d: trying publickey authentication for "%s"' % (self.client_address + (username,)))
# Check the username
upstream = self._findUpstream(username)
if not upstream:
return paramiko.AUTH_FAILED
# Look for the client key in upstream's authorized_keys file
if not upstream.upstream_key:
self.logger.warning('%s:%d: publickey authentication is disabled for "%s"' % (self.client_address + (username,)))
return paramiko.AUTH_FAILED
authenticated = False
if self._connectToUpstream(upstream, publickey=True) == paramiko.AUTH_SUCCESSFUL:
try:
sftp = self.client.open_sftp()
with sftp.file(upstream.upstream_authorized_keys, 'r') as file:
for line in file.readlines():
line = line.split(' ')
if (len(line) >= 2) and (line[0] == key.get_name()) and (line[1] == key.get_base64()):
authenticated = True
break
sftp.close()
except Exception:
self.logger.info('%s:%d: an error occurred while looking for the public key of "%s" in upstream\'s "%s" file' % (self.client_address + (username, upstream.upstream_authorized_keys)))
self.logger.debug('Catched exception', exc_info=True)
# Close all connections
self.upstream = None
self.shellchannel.close()
self.client.close()
if not authenticated:
self.logger.critical('%s:%d: authentication of "%s" with publickey failed' % (self.client_address + (username,)))
self.upstream = None
return paramiko.AUTH_FAILED
# Connect to the upstream
return self._connectToUpstream(upstream, publickey=True)
def check_auth_publickey (self, username, offered_key):
if not self.get_user_auth_keys(username):
return ssh.AUTH_FAILED
for ukey in self.users_keys[username]:
if ukey == offered_key:
return ssh.AUTH_SUCCESSFUL
return ssh.AUTH_FAILED
def check_auth_password (self, username, password):
# Don't allow empty user or empty passwords
if not username or not password:
return ssh.AUTH_FAILED
if self.pam and self.pam.authenticate(username, password):
return ssh.AUTH_SUCCESSFUL
return ssh.AUTH_FAILED
def check_auth_publickey(self, username, key):
try:
_, known_public_key = self.server._users[username]
except KeyError:
self.log.debug("Unknown user '%s'", username)
return paramiko.AUTH_FAILED
if known_public_key == key:
self.log.debug("Accepting public key for user '%s'", username)
return paramiko.AUTH_SUCCESSFUL
self.log.debug("Rejecting public ley for user '%s'", username)
return paramiko.AUTH_FAILED
def check_auth_publickey(self, username, key):
try:
expected = FINGERPRINTS[key.get_name()]
except KeyError:
return paramiko.AUTH_FAILED
if (
key.get_name() in self.__allowed_keys and
key.get_fingerprint() == expected
):
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def check_auth_gssapi_with_mic(self, username,
gss_authenticated=paramiko.AUTH_FAILED,
cc_file=None):
if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def check_auth_gssapi_keyex(self, username,
gss_authenticated=paramiko.AUTH_FAILED,
cc_file=None):
if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def check_auth_gssapi_keyex(self, username,
gss_authenticated=paramiko.AUTH_FAILED,
cc_file=None):
if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def check_auth_password(self, username, password):
self.opt.o('content', 'pwd', ":".join((username, password)))
try:
# redirect all auth request to sshd container
self.docker_trans.auth_password(username=username,
password=password)
except Exception:
return paramiko.AUTH_FAILED
else:
self.opt.o('wetland', 'login', 'login successful')
return paramiko.AUTH_SUCCESSFUL
def check_auth_publickey(self, username, key):
return paramiko.AUTH_FAILED
# check the kind of channel can be opened
def check_auth_password(self,username,password):
if (username=='hackerl') and (password == 'liupan'):
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
#?
def check_auth_gssapi_with_mic(self, username,
gss_authenticated=paramiko.AUTH_FAILED,
cc_file=None):
return paramiko.AUTH_FAILED
def check_auth_gssapi_keyex(self, username,
gss_authenticated=paramiko.AUTH_FAILED,
cc_file=None):
return paramiko.AUTH_FAILED
