def test_add_cred(self): target_name = gb.import_name(TARGET_SERVICE_NAME, gb.NameType.hostbased_service) client_ctx_resp = gb.init_sec_context(target_name) client_token = client_ctx_resp[3] del client_ctx_resp # free all the things (except the token)! server_name = gb.import_name(SERVICE_PRINCIPAL, gb.NameType.kerberos_principal) server_creds = gb.acquire_cred(server_name, usage='both')[0] server_ctx_resp = gb.accept_sec_context(client_token, acceptor_creds=server_creds) input_creds = gb.Creds() imp_resp = gb.add_cred(input_creds, server_ctx_resp[1], gb.MechType.kerberos) imp_resp.shouldnt_be_none() new_creds, actual_mechs, output_init_ttl, output_accept_ttl = imp_resp actual_mechs.shouldnt_be_empty() actual_mechs.should_include(gb.MechType.kerberos) output_init_ttl.should_be_a(int) output_accept_ttl.should_be_a(int) new_creds.should_be_a(gb.Creds)
def test_store_into_add_from(self): CCACHE = 'FILE:{tmpdir}/other_ccache'.format(tmpdir=self.realm.tmpdir) KT = '{tmpdir}/other_keytab'.format(tmpdir=self.realm.tmpdir) store = {'ccache': CCACHE, 'keytab': KT} princ_name = 'service/cs@' + self.realm.realm self.realm.addprinc(princ_name) self.realm.extract_keytab(princ_name, KT) self.realm.kinit(princ_name, None, ['-k', '-t', KT]) initial_creds = gsscreds.Credentials(name=None, usage='initiate') store_res = initial_creds.store(store, overwrite=True) store_res.mechs.shouldnt_be_none() store_res.mechs.shouldnt_be_empty() store_res.usage.should_be('initiate') name = gssnames.Name(princ_name) input_creds = gsscreds.Credentials(gb.Creds()) retrieved_creds = input_creds.add(name, gb.MechType.kerberos, store=store) retrieved_creds.shouldnt_be_none() retrieved_creds.should_be_a(gsscreds.Credentials)
def test_add_with_impersonate(self): server_name = gssnames.Name(SERVICE_PRINCIPAL, gb.NameType.kerberos_principal) password = self.realm.password("user") self.realm.kinit(self.realm.user_princ, password=password, flags=["-f"]) client_ctx = gssctx.SecurityContext( name=server_name, flags=gb.RequirementFlag.delegate_to_peer) client_token = client_ctx.step() self.realm.kinit(SERVICE_PRINCIPAL.decode("utf-8"), flags=["-k"]) server_creds = gsscreds.Credentials(usage="both") server_ctx = gssctx.SecurityContext(creds=server_creds) server_ctx.step(client_token) self.assertTrue(server_ctx.complete) # use empty creds to test here input_creds = gsscreds.Credentials(gb.Creds()) new_creds = input_creds.add(server_name, gb.MechType.kerberos, impersonator=server_ctx.delegated_creds, usage='initiate') self.assertIsInstance(new_creds, gsscreds.Credentials)
def test_add(self): input_creds = gsscreds.Credentials(gb.Creds()) name = gssnames.Name(SERVICE_PRINCIPAL) new_creds = input_creds.add(name, gb.MechType.kerberos, usage='initiate') self.assertIsInstance(new_creds, gsscreds.Credentials)
def test_add(self): input_creds = gsscreds.Credentials(gb.Creds()) name = gssnames.Name(SERVICE_PRINCIPAL) new_creds = input_creds.add(name, gb.MechType.kerberos, usage='initiate') new_creds.shouldnt_be_none() new_creds.should_be_a(gsscreds.Credentials)
def test_add_with_impersonate(self): target_name = gssnames.Name(TARGET_SERVICE_NAME, gb.NameType.hostbased_service) client_ctx = gssctx.SecurityContext(name=target_name) client_token = client_ctx.step() server_creds = gsscreds.Credentials(usage='both') server_ctx = gssctx.SecurityContext(creds=server_creds, usage='accept') server_ctx.step(client_token) # use empty creds to test here input_creds = gsscreds.Credentials(gb.Creds()) new_creds = input_creds.add(server_ctx.initiator_name, gb.MechType.kerberos, impersonator=server_creds, usage='initiate') new_creds.shouldnt_be(None) new_creds.should_be_a(gsscreds.Credentials)
def test_add_cred_with_password(self): password = self.realm.password('user') self.realm.kinit(self.realm.user_princ, password=password) name = gb.import_name(b'user', gb.NameType.kerberos_principal) input_creds = gb.Creds() imp_resp = gb.add_cred_with_password(input_creds, name, gb.MechType.kerberos, password.encode('UTF-8')) imp_resp.shouldnt_be_none() new_creds, actual_mechs, output_init_ttl, output_accept_ttl = imp_resp actual_mechs.shouldnt_be_empty() actual_mechs.should_include(gb.MechType.kerberos) output_init_ttl.should_be_a(int) output_accept_ttl.should_be_a(int) new_creds.should_be_a(gb.Creds)
def test_store_into_add_from(self): CCACHE = 'FILE:{tmpdir}/other_ccache'.format(tmpdir=self.realm.tmpdir) KT = '{tmpdir}/other_keytab'.format(tmpdir=self.realm.tmpdir) store = {'ccache': CCACHE, 'keytab': KT} princ_name = 'service/cs@' + self.realm.realm self.realm.addprinc(princ_name) self.realm.extract_keytab(princ_name, KT) self.realm.kinit(princ_name, None, ['-k', '-t', KT]) initial_creds = gsscreds.Credentials(name=None, usage='initiate') store_res = initial_creds.store(store, overwrite=True) self.assertIsNotNone(store_res.mechs) self.assertGreater(len(store_res.mechs), 0) self.assertEqual(store_res.usage, "initiate") name = gssnames.Name(princ_name) input_creds = gsscreds.Credentials(gb.Creds()) retrieved_creds = input_creds.add(name, gb.MechType.kerberos, store=store) self.assertIsInstance(retrieved_creds, gsscreds.Credentials)