split out credentials to credentials.py

2025-07-01 18:07:27 -04:00 · 2015-08-28 11:48:36 +00:00
parent 5dd463e8ef
commit a572c4fd15
3 changed files with 88 additions and 35 deletions
--- a/cowrie/core/auth.py
+++ b/cowrie/core/auth.py
@ -10,8 +10,7 @@ from random import randint
 from zope.interface import implementer
 from twisted.cred.checkers import ICredentialsChecker
-from twisted.cred.credentials import IUsernamePassword, ISSHPrivateKey, \
+from twisted.cred.credentials import ISSHPrivateKey
    ICredentials
 from twisted.cred.error import UnauthorizedLogin, UnhandledCredentials
 from twisted.internet import defer
@ -19,6 +18,8 @@ from twisted.python import log, failure
 from twisted.conch import error
 from twisted.conch.ssh import keys
 import credentials
 # by Walter de Jong <walter@sara.nl>
 class UserDB(object):
@ -257,38 +258,13 @@ class HoneypotPublicKeyChecker:
                fingerprint=_pubKey.fingerprint())
        return failure.Failure(error.ConchError('Incorrect signature'))
 class IUsername(ICredentials):
    """
    Encapsulate username only
    @type username: C{str}
    @ivar username: The username associated with these credentials.
    """
@implementer(IUsername)
 class Username:
    def __init__(self, username):
        self.username = username
 # This credential interface also provides an IP address
@implementer(IUsernamePassword)
 class UsernamePasswordIP:
    def __init__(self, username, password, ip):
        self.username = username
        self.password = password
        self.ip = ip
@implementer(ICredentialsChecker)
 class HoneypotNoneChecker:
    """
    Checker that does no authentication check
    """
-    credentialInterfaces = (IUsername,)
+    credentialInterfaces = (credentials.IUsername,)
    def __init__(self):
        pass
@ -302,7 +278,7 @@ class HoneypotPasswordChecker:
    Checker that accepts "keyboard-interactive" and "password"
    """
-    credentialInterfaces = (IUsernamePassword,)
+    credentialInterfaces = (credentials.IUsernamePasswordIP,)
    def __init__(self, cfg):
        self.cfg = cfg
--- a/cowrie/core/credentials.py
+++ b/cowrie/core/credentials.py
@ -0,0 +1,75 @@
 # Copyright (c) 2015 Michel Oosterhof <michel@oosterhof.net>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
 # are met:
 #
 # 1. Redistributions of source code must retain the above copyright
 #    notice, this list of conditions and the following disclaimer.
 # 2. Redistributions in binary form must reproduce the above copyright
 #    notice, this list of conditions and the following disclaimer in the
 #    documentation and/or other materials provided with the distribution.
 # 3. The names of the author(s) may not be used to endorse or promote
 #    products derived from this software without specific prior written
 #    permission.
 #
 # THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
 # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 # IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
 # AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 from zope.interface import implementer
 from twisted.cred.credentials import IUsernamePassword, \
    ICredentials
 class IUsername(ICredentials):
    """
    Encapsulate username only
    @type username: C{str}
    @ivar username: The username associated with these credentials.
    """
 class IUsernamePasswordIP(IUsernamePassword):
    """
    I encapsulate a username, a plaintext password and a source IP
    @type username: C{str}
    @ivar username: The username associated with these credentials.
    @type password: C{str}
    @ivar password: The password associated with these credentials.
    @type ip: C{str}
    @ivar ip: The source ip address associated with these credentials.
    """
@implementer(IUsername)
 class Username:
    """
    """
    def __init__(self, username):
        self.username = username
 # This credential interface also provides an IP address
@implementer(IUsernamePasswordIP)
 class UsernamePasswordIP:
    """
    """
    def __init__(self, username, password, ip):
        self.username = username
        self.password = password
        self.ip = ip
 # vim: set sw=4 et:
--- a/cowrie/core/ssh.py
+++ b/cowrie/core/ssh.py
@ -20,6 +20,7 @@ from twisted.internet import defer
 import ConfigParser
 import credentials
 import fs
 import auth
 import connection
@ -29,7 +30,8 @@ import protocol
 class HoneyPotSSHUserAuthServer(userauth.SSHUserAuthServer):
    def serviceStarted(self):
-        self.interfaceToMethod[auth.IUsername] = 'none'
+        self.interfaceToMethod[credentials.IUsername] = 'none'
        self.interfaceToMethod[credentials.IUsernamePasswordIP] = 'password'
        userauth.SSHUserAuthServer.serviceStarted(self)
        self.bannerSent = False
@ -54,18 +56,18 @@ class HoneyPotSSHUserAuthServer(userauth.SSHUserAuthServer):
        return userauth.SSHUserAuthServer.ssh_USERAUTH_REQUEST(self, packet)
    def auth_none(self, packet):
-        c = auth.Username(self.user)
+        c = credentials.Username(self.user)
        return self.portal.login(c, None, conchinterfaces.IConchUser)
-    # Overridden to pass src_ip to auth.UsernamePasswordIP
+    # Overridden to pass src_ip to credentials.UsernamePasswordIP
    def auth_password(self, packet):
        password = getNS(packet[1:])[0]
        src_ip = self.transport.transport.getPeer().host
-        c = auth.UsernamePasswordIP(self.user, password, src_ip)
+        c = credentials.UsernamePasswordIP(self.user, password, src_ip)
        return self.portal.login(c, None,
            conchinterfaces.IConchUser).addErrback(self._ebPassword)
-    # Overridden to pass src_ip to auth.PluggableAuthenticationModulesIP
+    # Overridden to pass src_ip to credentials.PluggableAuthenticationModulesIP
    def auth_keyboard_interactive(self, packet):
        if self._pamDeferred is not None:
            self.transport.sendDisconnect(
@ -73,7 +75,7 @@ class HoneyPotSSHUserAuthServer(userauth.SSHUserAuthServer):
                    "only one keyboard interactive attempt at a time")
            return defer.fail(error.IgnoreAuthentication())
        src_ip = self.transport.transport.getPeer().host
-        c = auth.PluggableAuthenticationModulesIP(self.user, self._pamConv, src_ip)
+        c = credentials.PluggableAuthenticationModulesIP(self.user, self._pamConv, src_ip)
        return self.portal.login(c, None,
            conchinterfaces.IConchUser).addErrback(self._ebPassword)