… | |
… | |
101 | |
101 | |
102 | use AnyEvent (); |
102 | use AnyEvent (); |
103 | use AnyEvent::Handle (); |
103 | use AnyEvent::Handle (); |
104 | |
104 | |
105 | use MIME::Base64 (); |
105 | use MIME::Base64 (); |
106 | use Digest::HMAC_MD6 (); |
|
|
107 | use JSON (); |
106 | use JSON (); |
108 | |
107 | |
109 | our $VERSION = '1.01'; |
108 | our $VERSION = 1.02; |
110 | |
109 | |
111 | sub call { |
110 | sub call { |
112 | my ($self, $type, @args) = @_; |
111 | my ($self, $type, @args) = @_; |
113 | |
112 | |
114 | $self->{$type} |
113 | $self->{$type} |
… | |
… | |
118 | : () |
117 | : () |
119 | } |
118 | } |
120 | |
119 | |
121 | =item $api = new AnyEvent::Porttracker [key => value...] |
120 | =item $api = new AnyEvent::Porttracker [key => value...] |
122 | |
121 | |
123 | Creates a new porttracker API connection object and tries to connect to |
122 | Creates a new porttracker API connection object and tries to connect |
124 | the specified host (see below). After the connection has been established, |
123 | to the specified host (see below). After the connection has been |
125 | the TLS handshake (if requested) will take place, followed by a login |
124 | established, the TLS handshake (if requested) will take place, followed |
126 | attempt using either the C<none>, C<login_cram_md6> or C<login> methods, |
125 | by a login attempt using either the C<none>, C<login_cram_sha3>, |
127 | in this order of preference (typically, C<login_cram_md6> is used, which |
126 | C<login_cram_md6> or C<login> methods, in this order of preference |
|
|
127 | (typically, C<login_cram_sha3> is used, which shields against some |
128 | shields against some man-in-the-middle attacks and avoids transferring the |
128 | man-in-the-middle attacks and avoids transferring the password). |
129 | password). |
|
|
130 | |
129 | |
131 | It is permissible to send requests immediately after creating the object - |
130 | It is permissible to send requests immediately after creating the object - |
132 | they will be queued until after successful login. |
131 | they will be queued until after successful login. |
133 | |
132 | |
134 | Possible key-value pairs are: |
133 | Possible key-value pairs are: |
… | |
… | |
408 | |
407 | |
409 | sub _login { |
408 | sub _login { |
410 | my ($self) = @_; |
409 | my ($self) = @_; |
411 | |
410 | |
412 | my ($auths, $nonce) = @{ delete $self->{hello} or return }; |
411 | my ($auths, $nonce) = @{ delete $self->{hello} or return }; |
|
|
412 | use Data::Dump; ddx $auths;#d# |
413 | |
413 | |
414 | if (grep $_ eq "none", @$auths) { |
414 | if (grep $_ eq "none", @$auths) { |
415 | $self->_login_success ("none"); |
415 | $self->_login_success ("none"); |
|
|
416 | } elsif (grep $_ eq "login_cram_sha3", @$auths) { |
|
|
417 | my $cc = join "", map chr 256 * rand, 0..63; |
416 | |
418 | |
|
|
419 | require Digest::SHA3; |
|
|
420 | require Digest::HMAC; |
|
|
421 | |
|
|
422 | my $hmac_sha3 = sub ($$){ # $key, $text |
|
|
423 | Digest::HMAC::hmac ($_[1], $_[0], \&Digest::SHA3::sha3_512, 72) |
|
|
424 | }; |
|
|
425 | |
|
|
426 | my $key = $hmac_sha3->($self->{pass}, $self->{user}); |
|
|
427 | my $cr = $hmac_sha3->($key, "$cc$nonce"); |
|
|
428 | my $sr = $hmac_sha3->($key, "$nonce$cc"); |
|
|
429 | |
|
|
430 | $cc = MIME::Base64::encode_base64 $cc; |
|
|
431 | $cr = MIME::Base64::encode_base64 $cr; |
|
|
432 | |
|
|
433 | $self->_req (login_cram_sha3 => $self->{user}, $cr, $cc, sub { |
|
|
434 | my ($self, $ok, $msg) = @_; |
|
|
435 | |
|
|
436 | $ok |
|
|
437 | or return call $self, on_login_failure => $msg; |
|
|
438 | |
|
|
439 | (MIME::Base64::decode_base64 $msg) eq $sr |
|
|
440 | or return call $self, on_login_failure => "sr and cr mismatch, possible man in the middle attack"; |
|
|
441 | |
|
|
442 | $self->_login_success ("login_cram_sha3"); |
|
|
443 | }); |
417 | } elsif (grep $_ eq "login_cram_md6", @$auths) { |
444 | } elsif (grep $_ eq "login_cram_md6", @$auths) { |
418 | my $cc = join "", map chr 256 * rand, 0..63; |
445 | my $cc = join "", map chr 256 * rand, 0..63; |
419 | |
446 | |
|
|
447 | require Digest::HMAC_MD6; |
|
|
448 | |
420 | my $key = Digest::HMAC_MD6::hmac_md6 $self->{pass}, $self->{user}, 64, 256; |
449 | my $key = Digest::HMAC_MD6::hmac_md6 ($self->{pass}, $self->{user}, 64, 256); |
421 | my $cr = Digest::HMAC_MD6::hmac_md6_base64 $key, "$cc$nonce", 64, 256; |
450 | my $cr = Digest::HMAC_MD6::hmac_md6 ($key, "$cc$nonce", 64, 256); |
422 | my $sr = Digest::HMAC_MD6::hmac_md6_base64 $key, "$nonce$cc", 64, 256; |
451 | my $sr = Digest::HMAC_MD6::hmac_md6 ($key, "$nonce$cc", 64, 256); |
423 | |
452 | |
424 | $cc = MIME::Base64::encode_base64 $cc; |
453 | $cc = MIME::Base64::encode_base64 $cc; |
|
|
454 | $cr = MIME::Base64::encode_base64 $cr; |
425 | |
455 | |
426 | $self->_req (login_cram_md6 => $self->{user}, $cr, $cc, sub { |
456 | $self->_req (login_cram_md6 => $self->{user}, $cr, $cc, sub { |
427 | my ($self, $ok, $msg) = @_; |
457 | my ($self, $ok, $msg) = @_; |
428 | |
458 | |
429 | $ok |
459 | $ok |
430 | or return call $self, on_login_failure => $msg; |
460 | or return call $self, on_login_failure => $msg; |
431 | |
461 | |
432 | $msg eq $sr |
462 | (MIME::Base64::decode_base64 $msg) eq $sr |
433 | or return call $self, on_login_failure => "sr and cr mismatch, possible man in the middle attack"; |
463 | or return call $self, on_login_failure => "sr and cr mismatch, possible man in the middle attack"; |
434 | |
464 | |
435 | $self->_login_success ("login_cram_md6"); |
465 | $self->_login_success ("login_cram_md6"); |
436 | }); |
466 | }); |
437 | } elsif (grep $_ eq "login", @$auths) { |
467 | } elsif (grep $_ eq "login", @$auths) { |