Skip to content
Snippets Groups Projects
Commit 2dddc9a7 authored by Matt Traudt's avatar Matt Traudt
Browse files

Log the client name who authenticated to the server

parent 50f02f29
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
sbws/commands/server.py
+ 7
7
View file @ 2dddc9a7
......@@ -99,13 +99,15 @@ def write_to_client(sock, conf, amount):
return True
def new_thread(args, conf, sock, passwords):
def new_thread(args, conf, sock):
def closure():
if not authenticate_client(sock, passwords, log.info):
client_name = authenticate_client(
sock, conf['server.passwords'], log.info)
if not client_name:
log.info('Client did not provide valid auth')
close_socket(sock)
return
log.debug('Client authed successfully')
log.notice(client_name, 'authenticated on', sock.fileno())
while True:
send_amount = get_send_amount(sock)
if send_amount is None:
......@@ -124,9 +126,7 @@ def main(args, conf, log_):
if not is_initted(args.directory):
fail_hard('Sbws isn\'t initialized. Try sbws init', log=log)
passwords = [conf['server.passwords'][key]
for key in conf['server.passwords']]
if len(passwords) < 1:
if len(conf['server.passwords']) < 1:
fail_hard('Sbws server needs at least one password', log=log)
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
......@@ -146,7 +146,7 @@ def main(args, conf, log_):
while True:
sock, addr = server.accept()
log.info('accepting connection from', addr, 'as', sock.fileno())
t = new_thread(args, conf, sock, passwords)
t = new_thread(args, conf, sock)
t.start()
except KeyboardInterrupt:
pass
......
sbws/util/simpleauth.py
+ 25
19
View file @ 2dddc9a7
......@@ -7,51 +7,52 @@ PW_LEN = 64
WIRE_PROTO_VER = b'1'
def authenticate_client(sock, passwords, log_fn=print):
def authenticate_client(sock, conf_section, log_fn=print):
''' Use this on the server side to read bytes from the client and properly
authenticate them. Return True if the client checks out, otherwise False.
authenticate them. Return the name of the client who has authenticated if
they provided a good password, otherwise None.
'''
assert sock.fileno() > 0
assert isinstance(passwords, list)
assert len(passwords) > 0
assert len(conf_section) > 0
try:
magic = sock.recv(len(MAGIC_BYTES))
except socket.timeout as e:
log_fn(e)
return False
return None
if magic != MAGIC_BYTES:
log_fn('Magic string doesn\'t match')
return False
return None
try:
line = read_line(sock, max_len=4, log_fn=log_fn)
except socket.timeout as e:
log_fn(e)
return False
return None
if line != str(WIRE_PROTO_VER, 'utf-8'):
log_fn('Client gave protocol version {} but we support {}'.format(
line, str(WIRE_PROTO_VER, 'utf-8')))
return False
return None
try:
pw = str(sock.recv(PW_LEN), 'utf-8')
except UnicodeDecodeError:
log_fn('Non-unicode password string received')
return False
return None
except socket.timeout as e:
log_fn(e)
return False
return None
if not _is_valid_password(pw, passwords):
client_name = _is_valid_password(pw, conf_section)
if not client_name:
log_fn('Invalid password')
return False
return None
try:
sock.send(SUCCESS_BYTES)
except (ConnectionResetError, BrokenPipeError) as e:
log_fn(e)
return False
return True
return None
return client_name
def authenticate_to_server(sock, pw, log_fn=print):
......@@ -74,9 +75,14 @@ def authenticate_to_server(sock, pw, log_fn=print):
return True
def _is_valid_password(pw, passwords):
assert isinstance(passwords, list)
assert len(passwords) > 0
if len(pw) == PW_LEN and pw in passwords:
return True
def _is_valid_password(pw, conf_section):
''' Returns the key in the [server.passwords] section of the config for the
password the client provided (AKA: if the client provided a valid
password). Otherwise return None '''
assert len(conf_section) > 0
if len(pw) != PW_LEN:
return None
for key in conf_section.keys():
if pw == conf_section[key]:
return key
return False
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment