1.2.3. aaa
¶
This module provides the functionality authentication authorization and access to the server application.
1.2.3.1. Classes¶
-
class
AuthenticatedSession
(user)[source]¶ Bases:
object
A container to store information associated with an authenticated session.
-
event_socket
[source]¶ An optional
EventSocket
associated with the client. If the client has not opened an event socket, this is None.
-
classmethod
from_db_authenticated_session
(stored_session)[source]¶ Load an instance from a record stored in the database.
Parameters: stored_session – The authenticated session from the database to load. Returns: A new AuthenticatedSession
instance.
-
-
class
AuthenticatedSessionManager
(timeout='30m')[source]¶ Bases:
object
A container for managing authenticated sessions.
-
__init__
(timeout='30m')[source]¶ Parameters: timeout (int, str) – The length of time in seconds for which sessions are valid.
-
get
(session_id, update_timestamp=True)[source]¶ Look up an
AuthenticatedSession
instance from it’s unique identifier and optionally update the last seen timestamp. If the session is not found or has expired, None will be returned.Parameters: Returns: The session if it exists and is active.
Return type:
-
put
(user)[source]¶ Create and store a new
AuthenticatedSession
object for the specified user id. Any previously existing sessions for the specified user are removed from the manager.Parameters: user ( User
) – The user object of the authenticated user.Returns: The unique identifier for this session. Return type: str
-
-
class
CachedPassword
(pw_hash)[source]¶ Bases:
object
A cached in-memory password. Cleartext passwords are salted with data generated at runtime and hashed before being stored for future comparisons.
-
class
ForkedAuthenticator
(cache_timeout='10m', required_group=None, pam_service='sshd')[source]¶ Bases:
object
This provides authentication services to the King Phisher server through PAM. It is initialized while the server is running as root and forks into the background before the privileges are dropped. The child continues to run as root and forwards requests to PAM on behalf of the parent process which is then free to drop privileges. The pipes use JSON to encode the request data as a string before sending it and using a newline character as the terminator. Requests from the parent process to the child process include a sequence number which must be included in the response.
-
authenticate
(username, password)[source]¶ Check if a username and password are valid. If they are, the password will be salted, hashed with SHA-512 and stored so the next call with the same values will not require sending a request to the forked child.
Parameters: Returns: Whether the credentials are valid or not.
Return type:
-
cache
= None[source]¶ The credential cache dictionary. Keys are usernames and values are tuples of password hashes and ages.
-
child_routine
()[source]¶ The main routine that is executed by the child after the object forks. This loop does not exit unless a stop request is made.
-