restructuring and cleanup

.gitignore

@@ -0,0 +1,66 @@
+kippo.cfg
+kippo.pid
+data/lastlog.txt
+data/ssh_host_dsa_key
+data/ssh_host_dsa_key.pub
+data/ssh_host_rsa_key
+data/ssh_host_rsa_key.pub
+dl/*
+log/kippo.log
+log/tty/*
+private.key
+public.key
+
+# Created by .gitignore support plugin (hsz.mobi)
+
+### Python template
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.cache
+nosetests.xml
+coverage.xml
+
+# Translations
+*.mo
+*.pot
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/

kippo.tac

@@ -22,15 +22,18 @@ if not os.path.exists('kippo.cfg'):
     print 'ERROR: kippo.cfg is missing!'
     sys.exit(1)
 
-from kippo.core import honeypot
 from kippo.core.config import config
+import kippo.core.auth
+import kippo.core.honeypot
+import kippo.core.ssh
+from kippo import core
 
-factory = honeypot.HoneyPotSSHFactory()
-factory.portal = portal.Portal(honeypot.HoneyPotRealm())
+factory = core.ssh.HoneyPotSSHFactory()
+factory.portal = portal.Portal(core.ssh.HoneyPotRealm())
 
-rsa_pubKeyString, rsa_privKeyString = honeypot.getRSAKeys()
-dsa_pubKeyString, dsa_privKeyString = honeypot.getDSAKeys()
-factory.portal.registerChecker(honeypot.HoneypotPasswordChecker())
+rsa_pubKeyString, rsa_privKeyString = core.ssh.getRSAKeys()
+dsa_pubKeyString, dsa_privKeyString = core.ssh.getDSAKeys()
+factory.portal.registerChecker(core.auth.HoneypotPasswordChecker())
 factory.publicKeys = {'ssh-rsa': keys.Key.fromString(data=rsa_pubKeyString),
                       'ssh-dss': keys.Key.fromString(data=dsa_pubKeyString)}
 factory.privateKeys = {'ssh-rsa': keys.Key.fromString(data=rsa_privKeyString),

kippo/commands/base.py

@@ -5,7 +5,7 @@
 from kippo.core.honeypot import HoneyPotCommand
 from twisted.internet import reactor
 from kippo.core.config import config
-from kippo.core.userdb import UserDB
+from kippo.core.auth import UserDB
 from kippo.core import utils
 
 commands = {}

kippo/core/userdb.py → kippo/core/auth.py

@@ -1,15 +1,18 @@
-#
-# userdb.py for kippo
-# by  Walter de Jong <[email protected]>
-#
-# adopted and further modified by Upi Tamminen <[email protected]>
-#
+# Copyright (c) 2009-2014 Upi Tamminen <[email protected]>
+# See the COPYRIGHT file for more information
 
-from kippo.core.config import config
-import os
 import string
 
-class UserDB:
+import twisted
+from twisted.cred import checkers, credentials, error
+from twisted.internet import defer
+from zope.interface import implements
+
+from kippo.core.config import config
+
+# by Walter de Jong <[email protected]>
+class UserDB(object):
+
     def __init__(self):
         self.userdb = []
         self.load()
@@ -96,4 +99,39 @@ def adduser(self, login, uid, passwd):
         self.userdb.append((login, uid, passwd))
         self.save()
 
+class HoneypotPasswordChecker:
+    implements(checkers.ICredentialsChecker)
+
+    credentialInterfaces = (credentials.IUsernamePassword,
+        credentials.IPluggableAuthenticationModules)
+
+    def requestAvatarId(self, credentials):
+        if hasattr(credentials, 'password'):
+            if self.checkUserPass(credentials.username, credentials.password):
+                return defer.succeed(credentials.username)
+            else:
+                return defer.fail(error.UnauthorizedLogin())
+        elif hasattr(credentials, 'pamConversion'):
+            return self.checkPamUser(credentials.username,
+                credentials.pamConversion)
+        return defer.fail(error.UnhandledCredentials())
+
+    def checkPamUser(self, username, pamConversion):
+        r = pamConversion((('Password:', 1),))
+        return r.addCallback(self.cbCheckPamUser, username)
+
+    def cbCheckPamUser(self, responses, username):
+        for response, zero in responses:
+            if self.checkUserPass(username, response):
+                return defer.succeed(username)
+        return defer.fail(error.UnauthorizedLogin())
+
+    def checkUserPass(self, username, password):
+        if UserDB().checklogin(username, password):
+            print 'login attempt [%s/%s] succeeded' % (username, password)
+            return True
+        else:
+            print 'login attempt [%s/%s] failed' % (username, password)
+            return False
+
 # vim: set sw=4 et:

kippo/core/config.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2009 Upi Tamminen <[email protected]>
+# Copyright (c) 2009-2014 Upi Tamminen <[email protected]>
 # See the COPYRIGHT file for more information
 
 import ConfigParser, os

kippo/core/dblog.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2009 Upi Tamminen <[email protected]>
+# Copyright (c) 2009-2014 Upi Tamminen <[email protected]>
 # See the COPYRIGHT file for more information
 
 import re, time, socket

kippo/core/exceptions.py

@@ -1,3 +1,8 @@
+# Copyright (c) 2009-2014 Upi Tamminen <[email protected]>
+# See the COPYRIGHT file for more information
+
 class NotEnabledException(Exception):
     """ Feature not enabled
     """
+
+# vim: set sw=4 et:

kippo/core/fs.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2009 Upi Tamminen <[email protected]>
+# Copyright (c) 2009-2014 Upi Tamminen <[email protected]>
 # See the COPYRIGHT file for more information
 
 import os, time, fnmatch