#!/usr/bin/env python2 import uuid import hashlib from xmlrpc.server import SimpleXMLRPCServer from xmlrpc.server import SimpleXMLRPCRequestHandler # Restrict to a particular path. class RequestHandler(SimpleXMLRPCRequestHandler): rpc_paths = ('/RPC2',) # Create server server = SimpleXMLRPCServer(("localhost", 8000), requestHandler=RequestHandler) server.register_introspection_functions() # Register an instance; all the methods of the instance are # published as XML-RPC methods class CHAP: test_password = 'Test123' # initializes class-instance and instance variables def __init__( self ): self.keys = {} self.authenticated = {} # tells the server to start the autentification process # and send the generated random salt def init( self ): session = str( uuid.uuid4() ) key = str( uuid.uuid4() ) while session in self.keys: session = str( uuid.uuid4() ) self.keys[ session ] = key return [ session, key ] # checks if send hash is same as internally generated to validate if the correct # password was used def auth( self, password_hash ): combined = CHAP.test_password + self.key passhash = hashlib.sha256( combined.encode( 'utf-8' ) ).hexdigest() self.authenticated = passhash == password_hash return self.authenticated # adds functionality for users to log them selfes off, but also need the # the password_hash to ensure, that nobody else logs you off def logout( self, session, password_hash ): if session in self.authenticated: if self.auth( password_hash ): self.authenticated[ session ] = False return self.authenticated.get( session ) # a little method that refuses to say hi, if you # are not authenticated def hello( self ): if ( self.authenticated ): return 'Hi, you are authenticated' else: return 'Sorry, please authenticate first' server.register_instance(CHAP()) # Run the server's main loop server.serve_forever()