Adding secret (like PMA) to TokenDaemon, protect from Man On the Midd…

…le attack
alienhunter3010 · Jul 15, 2013 · 2af09e9 · 2af09e9
1 parent ea39d3f
commit 2af09e9
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 21 deletions.
diff --git a/GPIO/GPIOClient.py b/GPIO/GPIOClient.py
@@ -10,17 +10,15 @@
 class GPIOClient():
 	config=False
 	authMode=False
-	pma=False
+	secret=False
 	service=False
 
 	def __init__(self):
 		self.config = ConfigParser.ConfigParser()
 		self.config.read([os.path.dirname(os.path.abspath(__file__)) + '/../etc/GPIO.conf'])
 
 		self.authMode=not self.config.get('auth', 'token') in ('0', 'False')
-		if not self.authMode:
-			# Poor Man Authenticathion SECRET
-                        self.pma=self.config.get('auth', 'pma')
+                self.secret=self.config.get('auth', 'secret')
 
 		#create an INET, STREAMing socket
 		self.service = socket.socket(
@@ -46,8 +44,7 @@ def sendCommand(self, command):
 			t = self.getToken()
 			a.update(t)
 			payload.append(t)
-		else:
-			a.update(self.pma)
+		a.update(self.secret)
 		a.update(command)
 		payload.insert(0, a.digest())
 		self.service.send('::'.join(payload))

diff --git a/GPIO/GPIODaemon.py b/GPIO/GPIODaemon.py
@@ -19,7 +19,7 @@
 class GPIODaemon(Daemon.Daemon):
 	config=False
 	tokenMode=True
-	pma=''
+	secret=''
 	setupMap = {}
 	eventsMap = {}
 	pwmMap = {}
@@ -40,9 +40,7 @@ def setup(self):
                 self.config.read([binpath + '/../etc/GPIO.conf'])
 
 		self.tokenMode=not self.config.get('auth', 'token') in ('0', 'False')
-                if not self.tokenMode:
-                        # Poor Man Secret (copy it on your client script, too!)
-                        self.pma=self.config.get('auth', 'pma')
+                self.secret=self.config.get('auth', 'secret')
 
                 if self.serversocket:
                         self.serversocket.shutdown(socket.SHUT_RDWR)
@@ -109,7 +107,7 @@ def run(self):
 				a.update(token)
 			else:
 				(auth, input) = clientsocket.recv(4096).split('::')
-				a.update(self.pma)
+			a.update(self.secret)
 			a.update(input)
 			if (a.digest() != auth):
 				clientsocket.send('-4')

diff --git a/GPIO/GPIOEventsTest.py b/GPIO/GPIOEventsTest.py
@@ -45,18 +45,20 @@ def getToken():
 	debounce=sys.argv[2]
 cmd = 'GPIO.addEvent(' + sys.argv[1] + ',' + str(mnemonic.BOTH) + ',' + debounce + ')'
 a = md5.new()
+sendStr = [cmd]
 if authMode:
 	t = getToken()
 	a.update(t)
-	a.update(cmd)
-	s.send(a.digest() + '::' + cmd + '::' + t)
-else:
+	#a.update(cmd)
+	#s.send(a.digest() + '::' + cmd + '::' + t)
+	sendStr.append(t)
+#else:
 	# Poor Man Authenticathion SECRET
-        pma=config.get('auth', 'pma')
-
-	a.update(pma)
-	a.update(cmd)
-	s.send(a.digest() + '::' + cmd)
+secret=config.get('auth', 'secret')
+a.update(secret)
+a.update(cmd)
+sendStr.insert(0, a.digest())
+s.send('::'.join(sendStr))
 print s.recv(16);
 
 while (1):

diff --git a/etc/GPIO.conf b/etc/GPIO.conf
@@ -7,8 +7,8 @@ host:localhost
 ; token authentication service port
 port:9898
 
-; integrated Poor Man Authentication system
-pma:SomethingThatYouCanCustomizeAsYouLike
+; Security key (keep it secret).
+secret:SomethingThatYouCanCustomizeAsYouLike
 
 [common]
 ; GPIODaemon service port