From 0ccdd42ff4a4cf8f774689ce88439821da7d14f7 Mon Sep 17 00:00:00 2001 From: Sam Chudnick Date: Sun, 11 Jun 2023 08:15:38 -0400 Subject: Removed some debug statements and better error handling --- server/mfad.py | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) (limited to 'server') diff --git a/server/mfad.py b/server/mfad.py index cc5073b..169e186 100755 --- a/server/mfad.py +++ b/server/mfad.py @@ -72,9 +72,6 @@ def read_config(config): def eval_mfa(db, client_key, mfa_methods, client_response): - print("response: " + client_response) - print("length: " + str(len(client_response))) - print("methods: " + str(mfa_methods)) # Evaluates MFA and decides if authenticated or denied # Returns 0 for authenticated on 1 for denied if "push" in mfa_methods and client_response == "allow": @@ -97,8 +94,6 @@ def validate_totp(db, client_key, client_response): client = c.fetchone() secret = client[CLIENT_SECRET_INDEX] totp = pyotp.TOTP(secret) - print("Client Response: " + str(client_response)) - print("Valid TOTP: " + str(totp.now())) if totp.verify(client_response): return AUTHED else: @@ -112,8 +107,6 @@ def validate_totp(db, client_key, client_response): # connection for identification # Client key is used to identify client throughout communication process -# //TODO RSA public/private key pairs for proper authentication - def get_client_key(db, username,hostname,service): # Correlates a PAM request to a registered client # This is done by checking the PAM request against a preconfigured @@ -127,9 +120,8 @@ def get_client_key(db, username,hostname,service): c.execute("""SELECT * FROM applications WHERE username=? AND hostname=? AND service=?""",(username,hostname,service)) application = c.fetchone() - # Return None if no results found if application == None: - return application + return (None,None) alias = application[DB_ALIAS_INDEX] c.execute("SELECT * FROM clients WHERE alias=?",(alias,)) @@ -142,6 +134,7 @@ def get_client_key(db, username,hostname,service): def prompt_client(client_key, user, host, service, methods, timeout=10): + print(client_connections.keys()) # Prompts client for MFA timer = 0 while timer < timeout: @@ -210,6 +203,10 @@ def handle_client(db, conn, addr): conn.send(ACK_MESSAGE.encode(FORMAT)) client_connections[key] = (conn,addr) print("client connected with key " + key) + poll_time = 5 + while True: + # Poll client + time.sleep(poll_time) def parse_pam_data(data): @@ -229,15 +226,17 @@ def handle_pam(db, conn, addr): # Correlate request to client client_key,mfa_methods = get_client_key(db, user,host,service) - mfa_methods = mfa_methods.split(' ') if client_key == None: - print("No applications found for user="+user+" host="+host+" service="+service) conn.send(str(DENIED).encode(FORMAT)) - return + die("No applications found for user="+user+" host="+host+" service="+service) + mfa_methods = mfa_methods.split(' ') # Prompt client response = prompt_client(client_key,user,host,service,mfa_methods) - + if response == 0: + conn.send(str(DENIED).encode(FORMAT)) + die("Did not receive response from client") + # Evaluate Response decision = eval_mfa(db, client_key, mfa_methods, response) -- cgit v1.2.3