Test token

lei_xiao · November 30, 2015, 1:33pm

When I do test token, there will be the following tips?
What’s going on?

https://lh3.googleusercontent.com/-Ckg-KoidPsI/VlxPq8-385I/AAAAAAAAAAo/YBreHm8D8Cg/s1600/360%E6%88%AA%E5%9B%BE20151130211609472.jpg
’ascii’ codec can’t decode byte 0xd4 in position 3: ordinal not in
range(128)

I view the log

[2015-11-30
05:30:44,256][1214][139635295258368][ERROR][privacyidea.app:1423] Exception
on /validate/check [POST]
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817, in
wsgi_app
response = self.full_dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477, in
full_dispatch_request
rv = self.handle_user_exception(e)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1381, in
handle_user_exception
reraise(exc_type, exc_value, tb)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1475, in
full_dispatch_request
rv = self.dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1461, in
dispatch_request
return self.view_functionsrule.endpoint
File
"/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line
96, in policy_wrapper
response = wrapped_function(*args, **kwds)
File
"/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line
96, in policy_wrapper
response = wrapped_function(*args, **kwds)
File
"/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line
96, in policy_wrapper
response = wrapped_function(*args, **kwds)
File
"/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line
96, in policy_wrapper
response = wrapped_function(*args, **kwds)
File
"/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line
96, in policy_wrapper
response = wrapped_function(*args, **kwds)
File
"/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line
96, in policy_wrapper
response = wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 90, in policy_wrapper
return wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 90, in policy_wrapper
return wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/decorators.py”,
line 89, in check_user_or_serial_in_request_wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 90, in policy_wrapper
return wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/validate.py”, line
184, in check
result, details = check_serial_pass(serial, password, options=options)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 125,
in log_wrapper
f_result = func(*args, **kwds)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py",
line 81, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py",
line 360, in auth_lastauth
res, reply_dict = wrapped_function(user_or_serial, passw, options)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/token.py”, line
1766, in check_serial_pass
options=options)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 125,
in log_wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/token.py”, line
1861, in check_token_list
options=options)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/decorators.py”,
line 45, in token_locked_wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/tokenclass.py”,
line 388, in authenticate
otp_counter = self.check_otp(otpval, options=options)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/decorators.py”,
line 45, in token_locked_wrapper
f_result = func(*args, **kwds)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/totptoken.py",
line 326, in check_otp
symetric=True)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 125,
in log_wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/HMAC.py”,
line 147, in checkOtp
otpval = self.generate©
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/HMAC.py”,
line 122, in generate
hmac = self.hmac(counter=counter, key=key)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/HMAC.py”,
line 82, in hmac
dig = str(self.secretObj.hmac_digest(data_input, self.hashfunc))
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/crypto.py”, line
106, in hmac_digest
self.setupKey()
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/crypto.py”, line
138, in setupKey
akey = decrypt(self.val, self.iv)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 125,
in log_wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/crypto.py”, line
342, in decrypt
ret = hsm.decrypt(input, iv, id)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/security/default.py",
line 397, in decrypt
eof = output.rfind(u"\x01\x02")
UnicodeDecodeError: ‘ascii’ codec can’t decode byte 0xd4 in position 3:
ordinal not in range(128)

cornelinux · November 30, 2015, 2:39pm

The error is thrown in the decrypt method.
So probably you have a problem with your encryption key, which does not
fit the encrypted material.

This is all I can guess from this amount of information.

Kind regards
CorneliusAm Montag, den 30.11.2015, 05:33 -0800 schrieb lei xiao:

When I do test token, there will be the following tips?
What’s going on?

‘ascii’ codec can’t decode byte 0xd4 in position 3: ordinal not in
range(128)

I view the log

[2015-11-30
05:30:44,256][1214][139635295258368][ERROR][privacyidea.app:1423]
Exception on /validate/check [POST]
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817, in
wsgi_app
response = self.full_dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477, in
full_dispatch_request
rv = self.handle_user_exception(e)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1381, in
handle_user_exception
reraise(exc_type, exc_value, tb)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1475, in
full_dispatch_request
rv = self.dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1461, in
dispatch_request
return self.view_functionsrule.endpoint
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”,
line 96, in policy_wrapper
response = wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”,
line 96, in policy_wrapper
response = wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”,
line 96, in policy_wrapper
response = wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”,
line 96, in policy_wrapper
response = wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”,
line 96, in policy_wrapper
response = wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”,
line 96, in policy_wrapper
response = wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 90, in policy_wrapper
return wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 90, in policy_wrapper
return wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/decorators.py”, line
89, in check_user_or_serial_in_request_wrapper
f_result = func(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 90, in policy_wrapper
return wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/validate.py”,
line 184, in check
result, details = check_serial_pass(serial, password,
options=options)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line
125, in log_wrapper
f_result = func(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py”, line 81, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py”, line 360, in auth_lastauth
res, reply_dict = wrapped_function(user_or_serial, passw, options)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/token.py”,
line 1766, in check_serial_pass
options=options)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line
125, in log_wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/token.py”,
line 1861, in check_token_list
options=options)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/decorators.py”, line
45, in token_locked_wrapper
f_result = func(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/tokenclass.py”, line
388, in authenticate
otp_counter = self.check_otp(otpval, options=options)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/decorators.py”, line
45, in token_locked_wrapper
f_result = func(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/totptoken.py”, line 326, in check_otp
symetric=True)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line
125, in log_wrapper
f_result = func(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/HMAC.py”,
line 147, in checkOtp
otpval = self.generate(c)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/HMAC.py”,
line 122, in generate
hmac = self.hmac(counter=counter, key=key)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/HMAC.py”,
line 82, in hmac
dig = str(self.secretObj.hmac_digest(data_input, self.hashfunc))
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/crypto.py”,
line 106, in hmac_digest
self.setupKey()
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/crypto.py”,
line 138, in setupKey
akey = decrypt(self.val, self.iv)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line
125, in log_wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/crypto.py”,
line 342, in decrypt
ret = hsm.decrypt(input, iv, id)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/security/default.py”, line 397, in decrypt
eof = output.rfind(u"\x01\x02")
UnicodeDecodeError: ‘ascii’ codec can’t decode byte 0xd4 in position
3: ordinal not in range(128)

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/89a062d1-97e4-4bf9-a35b-2aec9e8741ea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

cornelinux · December 1, 2015, 5:30pm

Hello Lei,

I do not quite get your point.
This error at this position usually indicates that the encryption key
(defined in pi.cfg, usually the file /etc/privacyidea/enckey) has
changed.

So the question is, what you have done, that leads to this error?

Kind regards
CorneliusAm Montag, den 30.11.2015, 18:15 -0800 schrieb lei xiao:

I could not read the complete code, which should be given encryption
and decryption problem. When generating token, it will use sha1
hashing, if only token hash should not have this problem, a simple
affirmation of where the hash value is the same. Unless the HMAC hash
this way. So the problem here? (A + token) hashing, then a is the
number?

在 2015年11月30日星期一 UTC+8下午9:33:34，lei xiao写道：
When I do test token, there will be the following tips?
What’s going on?

    'ascii' codec can't decode byte 0xd4 in position 3: ordinal
    not in range(128)
    
    
    
    I view the log
    
    
    
    
    
    [2015-11-30
    05:30:44,256][1214][139635295258368][ERROR][privacyidea.app:1423] Exception on /validate/check [POST]
    Traceback (most recent call last):
      File "/usr/lib/python2.7/dist-packages/flask/app.py", line
    1817, in wsgi_app
        response = self.full_dispatch_request()
      File "/usr/lib/python2.7/dist-packages/flask/app.py", line
    1477, in full_dispatch_request
        rv = self.handle_user_exception(e)
      File "/usr/lib/python2.7/dist-packages/flask/app.py", line
    1381, in handle_user_exception
        reraise(exc_type, exc_value, tb)
      File "/usr/lib/python2.7/dist-packages/flask/app.py", line
    1475, in full_dispatch_request
        rv = self.dispatch_request()
      File "/usr/lib/python2.7/dist-packages/flask/app.py", line
    1461, in dispatch_request
        return self.view_functions[rule.endpoint](**req.view_args)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line 96, in policy_wrapper
        response = wrapped_function(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line 96, in policy_wrapper
        response = wrapped_function(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line 96, in policy_wrapper
        response = wrapped_function(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line 96, in policy_wrapper
        response = wrapped_function(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line 96, in policy_wrapper
        response = wrapped_function(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line 96, in policy_wrapper
        response = wrapped_function(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py", line 90, in policy_wrapper
        return wrapped_function(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py", line 90, in policy_wrapper
        return wrapped_function(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/decorators.py", line 89, in check_user_or_serial_in_request_wrapper
        f_result = func(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py", line 90, in policy_wrapper
        return wrapped_function(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/api/validate.py", line 184, in check
        result, details = check_serial_pass(serial, password,
    options=options)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py",
    line 125, in log_wrapper
        f_result = func(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 81, in policy_wrapper
        return self.decorator_function(wrapped_function, *args,
    **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 360, in auth_lastauth
        res, reply_dict = wrapped_function(user_or_serial, passw,
    options)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/token.py",
    line 1766, in check_serial_pass
        options=options)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py",
    line 125, in log_wrapper
        f_result = func(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/token.py",
    line 1861, in check_token_list
        options=options)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/decorators.py", line 45, in token_locked_wrapper
        f_result = func(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/tokenclass.py", line 388, in authenticate
        otp_counter = self.check_otp(otpval, options=options)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/decorators.py", line 45, in token_locked_wrapper
        f_result = func(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/totptoken.py", line 326, in check_otp
        symetric=True)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py",
    line 125, in log_wrapper
        f_result = func(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/HMAC.py", line 147, in checkOtp
        otpval = self.generate(c)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/HMAC.py", line 122, in generate
        hmac = self.hmac(counter=counter, key=key)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/HMAC.py", line 82, in hmac
        dig = str(self.secretObj.hmac_digest(data_input,
    self.hashfunc))
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/crypto.py",
    line 106, in hmac_digest
        self._setupKey_()
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/crypto.py",
    line 138, in _setupKey_
        akey = decrypt(self.val, self.iv)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py",
    line 125, in log_wrapper
        f_result = func(*args, **kwds)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/crypto.py",
    line 342, in decrypt
        ret = hsm.decrypt(input, iv, id)
      File
    "/usr/lib/python2.7/dist-packages/privacyidea/lib/security/default.py", line 397, in decrypt
        eof = output.rfind(u"\x01\x02")
    UnicodeDecodeError: 'ascii' codec can't decode byte 0xd4 in
    position 3: ordinal not in range(128)

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/e5996db2-dd10-44e1-872a-1e2450b738da%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)