Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

python3 support for SaltCrypt #126

Closed
slieberth opened this issue Mar 19, 2020 · 1 comment
Closed

python3 support for SaltCrypt #126

slieberth opened this issue Mar 19, 2020 · 1 comment

Comments

@slieberth
Copy link
Contributor

Hi Istvan, Hi Christian

when using AVP 'Tunnel-Password' with python3 I get following error:

 File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/pyrad/packet.py", line 254, in _EncodeKeyValues
    return (key, [tag + self._EncodeValue(attr, v) for v in values])
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/pyrad/packet.py", line 254, in <listcomp>
    return (key, [tag + self._EncodeValue(attr, v) for v in values])
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/pyrad/packet.py", line 235, in _EncodeValue
    result = self.SaltCrypt(result)
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/pyrad/packet.py", line 567, in SaltCrypt
    salt = chr(ord(salt[0]) | 1 << 7)+salt[1]
TypeError: ord() expected string of length 1, but int found

this is due to strict.pack behavior in python3, which returns bytes (instead of string in python 2)

potential fix, which I have tested:

    def SaltCrypt(self, value):
        """Salt Encryption

        :param value:    plaintext value
        :type password:  unicode string
        :return:         obfuscated version of the value
        :rtype:          binary string
        """

        if isinstance(value, six.text_type):
            value = value.encode('utf-8')

        if self.authenticator is None:
            # self.authenticator = self.CreateAuthenticator()
            self.authenticator = 16 * six.b('\x00')

        if six.PY3:
            random_value = 32768 + random_generator.randrange(0, 32767)
            salt_raw = struct.pack('!H', random_value )
            salt_str = chr(salt_raw[0]) + chr(salt_raw[0])
            salt = six.b(salt_str)
            result = salt
        else:
            random_value = random_generator.randrange(0, 65535)
            salt = struct.pack('!H', random_value )
            salt = chr(ord(salt[0]) | 1 << 7)+salt[1]
            result = six.b(salt)

        #salt = struct.pack('!H', random_generator.randrange(0, 65535))
        #salt = chr(ord(salt[0]) | 1 << 7)+salt[1]

        length = struct.pack("B", len(value))
        buf = length + value
        if len(buf) % 16 != 0:
            buf += six.b('\x00') * (16 - (len(buf) % 16))

        #result = six.b(salt)

        last = self.authenticator + salt
        while buf:
            hash = md5_constructor(self.secret + last).digest()
            if six.PY3:
                for i in range(16):
                    result += bytes((hash[i] ^ buf[i],))
            else:
                for i in range(16):
                    result += chr(ord(hash[i]) ^ ord(buf[i]))

            last = result[-16:]
            buf = buf[16:]

        return result

regards Stefan
@Istvan91
Copy link
Collaborator

Fixed in #128

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Istvan91 @slieberth