Merge pull request #260 from guardicore/feature/add-island-password-auth
Add option for password authentication with island
This commit is contained in:
commit
6c17767130
|
@ -1,6 +1,6 @@
|
|||
enum34
|
||||
impacket
|
||||
PyCrypto
|
||||
pycryptodome
|
||||
pyasn1
|
||||
cffi
|
||||
twisted
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
enum34
|
||||
impacket
|
||||
PyCrypto
|
||||
pycryptodome
|
||||
pyasn1
|
||||
cffi
|
||||
twisted
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
import abc
|
||||
from datetime import timedelta
|
||||
import os
|
||||
from Crypto.Hash import SHA3_512
|
||||
|
||||
__author__ = 'itay.mizeretz'
|
||||
|
||||
|
@ -13,6 +14,12 @@ class Environment(object):
|
|||
_DEBUG_SERVER = False
|
||||
_AUTH_EXPIRATION_TIME = timedelta(hours=1)
|
||||
|
||||
def __init__(self):
|
||||
self.config = None
|
||||
|
||||
def set_config(self, config):
|
||||
self.config = config
|
||||
|
||||
def get_island_port(self):
|
||||
return self._ISLAND_PORT
|
||||
|
||||
|
@ -25,6 +32,11 @@ class Environment(object):
|
|||
def get_auth_expiration_time(self):
|
||||
return self._AUTH_EXPIRATION_TIME
|
||||
|
||||
def hash_secret(self, secret):
|
||||
h = SHA3_512.new()
|
||||
h.update(secret)
|
||||
return h.hexdigest()
|
||||
|
||||
@abc.abstractmethod
|
||||
def is_auth_enabled(self):
|
||||
return
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import cc.auth
|
||||
from cc.environment import Environment
|
||||
from common.cloud.aws import AWS
|
||||
|
||||
from Crypto.Hash import SHA3_512
|
||||
__author__ = 'itay.mizeretz'
|
||||
|
||||
|
||||
|
@ -23,5 +23,5 @@ class AwsEnvironment(Environment):
|
|||
|
||||
def get_auth_users(self):
|
||||
return [
|
||||
cc.auth.User(1, 'monkey', self._instance_id)
|
||||
cc.auth.User(1, 'monkey', self.hash_secret(self._instance_id))
|
||||
]
|
||||
|
|
|
@ -1,16 +1,22 @@
|
|||
import json
|
||||
import logging
|
||||
import standard
|
||||
import aws
|
||||
|
||||
from cc.environment import standard
|
||||
from cc.environment import aws
|
||||
from cc.environment import password
|
||||
|
||||
__author__ = 'itay.mizeretz'
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
AWS = 'aws'
|
||||
STANDARD = 'standard'
|
||||
PASSWORD = 'password'
|
||||
|
||||
ENV_DICT = {
|
||||
'standard': standard.StandardEnvironment,
|
||||
'aws': aws.AwsEnvironment
|
||||
STANDARD: standard.StandardEnvironment,
|
||||
AWS: aws.AwsEnvironment,
|
||||
PASSWORD: password.PasswordEnvironment,
|
||||
}
|
||||
|
||||
|
||||
|
@ -25,8 +31,10 @@ def load_env_from_file():
|
|||
return config_json['server_config']
|
||||
|
||||
try:
|
||||
__env_type = load_env_from_file()
|
||||
config_json = load_server_configuration_from_file()
|
||||
__env_type = config_json['server_config']
|
||||
env = ENV_DICT[__env_type]()
|
||||
env.set_config(config_json)
|
||||
logger.info('Monkey\'s env is: {0}'.format(env.__class__.__name__))
|
||||
except Exception:
|
||||
logger.error('Failed initializing environment', exc_info=True)
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
from cc.environment import Environment
|
||||
import cc.auth
|
||||
|
||||
__author__ = 'itay.mizeretz'
|
||||
|
||||
|
||||
class PasswordEnvironment(Environment):
|
||||
|
||||
def is_auth_enabled(self):
|
||||
return True
|
||||
|
||||
def get_auth_users(self):
|
||||
return [
|
||||
cc.auth.User(1, self.config['user'], self.config['hash'])
|
||||
]
|
File diff suppressed because it is too large
Load Diff
|
@ -90,6 +90,7 @@
|
|||
"react-router-dom": "^4.3.1",
|
||||
"react-table": "^6.8.6",
|
||||
"react-toggle": "^4.0.1",
|
||||
"redux": "^4.0.0"
|
||||
"redux": "^4.0.0",
|
||||
"sha3": "^2.0.0"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
import BaseConfig from './BaseConfig';
|
||||
|
||||
class PasswordConfig extends BaseConfig{
|
||||
isAuthEnabled() {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
export default PasswordConfig;
|
|
@ -1,12 +1,14 @@
|
|||
import StandardConfig from './StandardConfig';
|
||||
import AwsConfig from './AwsConfig';
|
||||
import PasswordConfig from "./PasswordConfig";
|
||||
|
||||
const SERVER_CONFIG_JSON = require('../../../server_config.json');
|
||||
|
||||
const CONFIG_DICT =
|
||||
{
|
||||
'standard': StandardConfig,
|
||||
'aws': AwsConfig
|
||||
'aws': AwsConfig,
|
||||
'password': PasswordConfig
|
||||
};
|
||||
|
||||
export const SERVER_CONFIG = new CONFIG_DICT[SERVER_CONFIG_JSON['server_config']]();
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
import { SHA3 } from 'sha3';
|
||||
import decode from 'jwt-decode';
|
||||
import {SERVER_CONFIG} from '../server_config/ServerConfig';
|
||||
|
||||
|
@ -6,7 +7,7 @@ export default class AuthService {
|
|||
|
||||
login = (username, password) => {
|
||||
if (this.AUTH_ENABLED) {
|
||||
return this._login(username, password);
|
||||
return this._login(username, this.hashSha3(password));
|
||||
} else {
|
||||
return {result: true};
|
||||
}
|
||||
|
@ -20,6 +21,12 @@ export default class AuthService {
|
|||
}
|
||||
};
|
||||
|
||||
hashSha3(text) {
|
||||
let hash = new SHA3(512);
|
||||
hash.update(text);
|
||||
return this._toHexStr(hash.digest());
|
||||
}
|
||||
|
||||
_login = (username, password) => {
|
||||
return this._authFetch('/api/auth', {
|
||||
method: 'POST',
|
||||
|
@ -103,4 +110,9 @@ export default class AuthService {
|
|||
return localStorage.getItem('jwt')
|
||||
}
|
||||
|
||||
_toHexStr(byteArr) {
|
||||
return byteArr.reduce((acc, x) => (acc + ('0' + x.toString(0x10)).slice(-2)), '');
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -13,7 +13,7 @@ jsonschema
|
|||
netifaces
|
||||
ipaddress
|
||||
enum34
|
||||
PyCrypto
|
||||
pycryptodome
|
||||
boto3
|
||||
awscli
|
||||
virtualenv
|
|
@ -13,6 +13,6 @@ jsonschema
|
|||
netifaces
|
||||
ipaddress
|
||||
enum34
|
||||
PyCrypto
|
||||
pycryptodome
|
||||
boto3
|
||||
awscli
|
Loading…
Reference in New Issue