[Git][NTPsec/ntpsec][master] Mode 6 authentication now properly handles hex keys.
Ian Bruene
gitlab at mg.gitlab.com
Wed Jan 17 17:33:58 UTC 2018
Ian Bruene pushed to branch master at NTPsec / ntpsec
Commits:
e1cfa527 by Ian Bruene at 2018-01-17T11:33:02-06:00
Mode 6 authentication now properly handles hex keys.
- - - - -
4 changed files:
- docs/includes/ntpq-body.txt
- pylib/packet.py
- tests/pylib/jigs.py
- tests/pylib/test_packet.py
Changes:
=====================================
docs/includes/ntpq-body.txt
=====================================
--- a/docs/includes/ntpq-body.txt
+++ b/docs/includes/ntpq-body.txt
@@ -185,7 +185,6 @@ following.
This command prompts for a password to authenticate requests. The
password must match what the server is expecting. Passwords longer
than 20 bytes are assumed to be hex encoding.
-FIXME: Actually fix the code.
+quit+::
Exit +ntpq+.
=====================================
pylib/packet.py
=====================================
--- a/pylib/packet.py
+++ b/pylib/packet.py
@@ -918,11 +918,16 @@ class ControlSession:
if self.passwd is None:
try:
- passwd = self.auth[self.keyid][1]
+ self.keytype, passwd = self.auth[self.keyid]
except (IndexError, TypeError):
passwd = getpass.getpass("%s Password: " % self.keytype)
if passwd is None:
raise ControlException(SERR_INVPASS)
+ # If the password is longer then 20 chars we assume it is
+ # hex encoded binary string. This assumption exists across all
+ # of NTP.
+ if len(passwd) > 20:
+ passwd = ntp.util.hexstr2octets(passwd)
self.passwd = passwd
def sendpkt(self, xdata):
@@ -1686,6 +1691,8 @@ class Authenticator:
(keytype, passwd) = self.passwords[keyid]
if passwd is None:
raise ValueError
+ if len(passwd) > 20:
+ passwd = ntp.util.hexstr2octets(passwd)
return (keyid, keytype, passwd)
else:
raise ValueError
=====================================
tests/pylib/jigs.py
=====================================
--- a/tests/pylib/jigs.py
+++ b/tests/pylib/jigs.py
@@ -243,10 +243,11 @@ class SocketModuleJig:
class GetpassModuleJig:
def __init__(self):
self.getpass_calls = []
+ self.getpass_returns = []
def getpass(self, prompt, stream=None):
self.getpass_calls.append((prompt, stream))
- return "xyzzy"
+ return self.getpass_returns.pop(0)
class HashlibModuleJig:
=====================================
tests/pylib/test_packet.py
=====================================
--- a/tests/pylib/test_packet.py
+++ b/tests/pylib/test_packet.py
@@ -972,13 +972,26 @@ class TestControlSession(unittest.TestCase):
self.assertEqual(cls.keyid, 23)
self.assertEqual(cls.keytype, "keytype")
self.assertEqual(cls.passwd, "miranda")
- # Test with all but password
+ # Test with all but password, normal password
cls.passwd = None
cls.auth.fail_getitem = True
+ fakegetpmod.getpass_returns = ["xyzzy"]
cls.password()
self.assertEqual(fakegetpmod.getpass_calls,
[("keytype Password: ", None)])
self.assertEqual(cls.passwd, "xyzzy")
+ # Test with all but password, hex password
+ fakegetpmod.getpass_calls = []
+ cls.passwd = None
+ cls.auth.fail_getitem = True
+ fakegetpmod.getpass_returns = ["0102030405060708090A"
+ "0B0C0D0E0F1011121314"] # 40 char
+ cls.password()
+ self.assertEqual(fakegetpmod.getpass_calls,
+ [("keytype Password: ", None)])
+ self.assertEqual(cls.passwd,
+ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A"
+ "\x0B\x0C\x0D\x0E\x0F\x10\x11\x12\x13\x14")
finally:
ntpp.Authenticator = tempauth
ntpp.getpass = getpass
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/e1cfa5278ea0f0f101104f781506c397c684a2b5
---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/e1cfa5278ea0f0f101104f781506c397c684a2b5
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20180117/b88222b0/attachment.html>
More information about the vc
mailing list