Add option for password authentication with island

Replace PyCrypto with Cryptodome
This commit is contained in:
Itay Mizeretz 2019-02-06 18:40:16 +02:00
parent e415880f85
commit 49cf693197
13 changed files with 3142 additions and 3081 deletions

View File

@ -1,6 +1,6 @@
enum34
impacket
PyCrypto
pycryptodome
pyasn1
cffi
twisted

View File

@ -1,6 +1,6 @@
enum34
impacket
PyCrypto
pycryptodome
pyasn1
cffi
twisted

View File

@ -1,6 +1,7 @@
import abc
from datetime import timedelta
import os
from Crypto.Hash import SHA3_512
__author__ = 'itay.mizeretz'
@ -13,6 +14,12 @@ class Environment(object):
_DEBUG_SERVER = False
_AUTH_EXPIRATION_TIME = timedelta(hours=1)
def __init__(self):
self.config = None
def set_config(self, config):
self.config = config
def get_island_port(self):
return self._ISLAND_PORT
@ -25,6 +32,11 @@ class Environment(object):
def get_auth_expiration_time(self):
return self._AUTH_EXPIRATION_TIME
def hash_secret(self, secret):
h = SHA3_512.new()
h.update(secret)
return h.hexdigest()
@abc.abstractmethod
def is_auth_enabled(self):
return

View File

@ -1,7 +1,7 @@
import cc.auth
from cc.environment import Environment
from common.cloud.aws import AWS
from Crypto.Hash import SHA3_512
__author__ = 'itay.mizeretz'
@ -23,5 +23,5 @@ class AwsEnvironment(Environment):
def get_auth_users(self):
return [
cc.auth.User(1, 'monkey', self._instance_id)
cc.auth.User(1, 'monkey', self.hash_secret(self._instance_id))
]

View File

@ -1,16 +1,22 @@
import json
import logging
import standard
import aws
from cc.environment import standard
from cc.environment import aws
from cc.environment import password
__author__ = 'itay.mizeretz'
logger = logging.getLogger(__name__)
AWS = 'aws'
STANDARD = 'standard'
PASSWORD = 'password'
ENV_DICT = {
'standard': standard.StandardEnvironment,
'aws': aws.AwsEnvironment
STANDARD: standard.StandardEnvironment,
AWS: aws.AwsEnvironment,
PASSWORD: password.PasswordEnvironment,
}
@ -25,8 +31,10 @@ def load_env_from_file():
return config_json['server_config']
try:
__env_type = load_env_from_file()
config_json = load_server_configuration_from_file()
__env_type = config_json['server_config']
env = ENV_DICT[__env_type]()
env.set_config(config_json)
logger.info('Monkey\'s env is: {0}'.format(env.__class__.__name__))
except Exception:
logger.error('Failed initializing environment', exc_info=True)

View File

@ -0,0 +1,15 @@
from cc.environment import Environment
import cc.auth
__author__ = 'itay.mizeretz'
class PasswordEnvironment(Environment):
def is_auth_enabled(self):
return True
def get_auth_users(self):
return [
cc.auth.User(1, self.config['user'], self.config['hash'])
]

File diff suppressed because it is too large Load Diff

View File

@ -90,6 +90,7 @@
"react-router-dom": "^4.3.1",
"react-table": "^6.8.6",
"react-toggle": "^4.0.1",
"redux": "^4.0.0"
"redux": "^4.0.0",
"sha3": "^2.0.0"
}
}

View File

@ -0,0 +1,9 @@
import BaseConfig from './BaseConfig';
class PasswordConfig extends BaseConfig{
isAuthEnabled() {
return true;
}
}
export default PasswordConfig;

View File

@ -1,12 +1,14 @@
import StandardConfig from './StandardConfig';
import AwsConfig from './AwsConfig';
import PasswordConfig from "./PasswordConfig";
const SERVER_CONFIG_JSON = require('../../../server_config.json');
const CONFIG_DICT =
{
'standard': StandardConfig,
'aws': AwsConfig
'aws': AwsConfig,
'password': PasswordConfig
};
export const SERVER_CONFIG = new CONFIG_DICT[SERVER_CONFIG_JSON['server_config']]();

View File

@ -1,3 +1,4 @@
import { SHA3 } from 'sha3';
import decode from 'jwt-decode';
import {SERVER_CONFIG} from '../server_config/ServerConfig';
@ -6,7 +7,7 @@ export default class AuthService {
login = (username, password) => {
if (this.AUTH_ENABLED) {
return this._login(username, password);
return this._login(username, this.hashSha3(password));
} else {
return {result: true};
}
@ -20,6 +21,12 @@ export default class AuthService {
}
};
hashSha3(text) {
let hash = new SHA3(512);
hash.update(text);
return this._toHexStr(hash.digest());
}
_login = (username, password) => {
return this._authFetch('/api/auth', {
method: 'POST',
@ -103,4 +110,9 @@ export default class AuthService {
return localStorage.getItem('jwt')
}
_toHexStr(byteArr) {
return byteArr.reduce((acc, x) => (acc + ('0' + x.toString(0x10)).slice(-2)), '');
}
}

View File

@ -13,7 +13,7 @@ jsonschema
netifaces
ipaddress
enum34
PyCrypto
pycryptodome
boto3
awscli
virtualenv

View File

@ -13,6 +13,6 @@ jsonschema
netifaces
ipaddress
enum34
PyCrypto
pycryptodome
boto3
awscli