#!/usr/bin/env python2 import uuid import hashlib from xmlrpc.server import SimpleXMLRPCServer from xmlrpc.server import SimpleXMLRPCRequestHandler # Restrict to a particular path. class RequestHandler(SimpleXMLRPCRequestHandler): rpc_paths = ('/RPC2',) # Create server server = SimpleXMLRPCServer(("localhost", 8000), requestHandler=RequestHandler) server.register_introspection_functions() # Register an instance; all the methods of the instance are # published as XML-RPC methods class CHAP: test_password = 'Test123' # initializes class-instance and instance variables def __init__( self ): self.keys = {} self.authenticated = {} # tells the server to start the autentification process # and send the generated random salt def init( self ): session = str( uuid.uuid4() ) key = str( uuid.uuid4() ) while session in self.keys: session = str( uuid.uuid4() ) self.keys[ session ] = key return [ session, key ] # checks if send hash is same as internally generated to validate if the correct # password was used def auth( self, session, password_hash ): if session in self.keys: combined = CHAP.test_password + self.keys[ session ] passhash = hashlib.sha256( combined.encode( 'utf-8' ) ).hexdigest() self.authenticated[ session ] = passhash == password_hash return self.authenticated[ session ] == True else: return False # adds functionality for users to log them selfes off, but also need the # the password_hash to ensure, that nobody else logs you off def logout( self, session, password_hash ): if self.auth( session, password_hash ): del self.authenticated[ session ] del self.keys[ session ] return self.authenticated.get( session ) != True # a little method that refuses to say hi, if you # are not authenticated def hello( self, session ): if ( self.authenticated.get( session ) == True ): return 'Hi, you are authenticated' else: return 'Sorry, please authenticate first' server.register_instance(CHAP()) # Run the server's main loop server.serve_forever()