def test_add_with_impersonate(self): server_name = gssnames.Name(SERVICE_PRINCIPAL, gb.NameType.kerberos_principal) password = self.realm.password("user") self.realm.kinit(self.realm.user_princ, password=password, flags=["-f"]) client_ctx = gssctx.SecurityContext( name=server_name, flags=gb.RequirementFlag.delegate_to_peer) client_token = client_ctx.step() self.realm.kinit(SERVICE_PRINCIPAL.decode("utf-8"), flags=["-k"]) server_creds = gsscreds.Credentials(usage="both") server_ctx = gssctx.SecurityContext(creds=server_creds) server_ctx.step(client_token) self.assertTrue(server_ctx.complete) # use empty creds to test here input_creds = gsscreds.Credentials(gb.Creds()) new_creds = input_creds.add(server_name, gb.MechType.kerberos, impersonator=server_ctx.delegated_creds, usage='initiate') self.assertIsInstance(new_creds, gsscreds.Credentials)
def test_add(self): input_creds = gsscreds.Credentials(gb.Creds()) name = gssnames.Name(SERVICE_PRINCIPAL) new_creds = input_creds.add(name, gb.MechType.kerberos, usage='initiate') self.assertIsInstance(new_creds, gsscreds.Credentials)
def inquire_by_mech(self, mech, name=True, init_lifetime=True, accept_lifetime=True, usage=True): """Inspect these credentials for per-mechanism information This method inspects these credentials for per-mechanism information about them. Args: mech (OID): the mechanism for which to retrive the information name (bool): get the name associated with the credentials init_lifetime (bool): get the remaining initiate lifetime for the credentials accept_lifetime (bool): get the remaining accept lifetime for the credentials usage (bool): get the usage for the credentials Returns: InquireCredByMechResult: the information about the credentials, with None used when the corresponding argument was False """ res = rcreds.inquire_cred_by_mech(self, mech, name, init_lifetime, accept_lifetime, usage) if res.name is not None: res_name = names.Name(res.name) else: res_name = None return tuples.InquireCredByMechResult(res_name, res.init_lifetime, res.accept_lifetime, res.usage)
def inquire(self, name=True, lifetime=True, usage=True, mechs=True): """Inspect these credentials for information This method inspects these credentials for information about them. Args: name (bool): get the name associated with the credentials lifetime (bool): get the remaining lifetime for the credentials usage (bool): get the usage for the credentials mechs (bool): get the mechanisms associated with the credentials Returns: InquireCredResult: the information about the credentials, with None used when the corresponding argument was False Raises: MissingCredentialsError InvalidCredentialsError ExpiredCredentialsError """ res = rcreds.inquire_cred(self, name, lifetime, usage, mechs) if res.name is not None: res_name = names.Name(res.name) else: res_name = None return tuples.InquireCredResult(res_name, res.lifetime, res.usage, res.mechs)
def test_store_into_acquire_from(self): CCACHE = 'FILE:{tmpdir}/other_ccache'.format(tmpdir=self.realm.tmpdir) KT = '{tmpdir}/other_keytab'.format(tmpdir=self.realm.tmpdir) store = {'ccache': CCACHE, 'keytab': KT} princ_name = 'service/cs@' + self.realm.realm self.realm.addprinc(princ_name) self.realm.extract_keytab(princ_name, KT) self.realm.kinit(princ_name, None, ['-k', '-t', KT]) initial_creds = gsscreds.Credentials(name=None, usage='initiate') store_res = initial_creds.store(store, overwrite=True) self.assertIsNotNone(store_res.mechs) self.assertGreater(len(store_res.mechs), 0) self.assertEqual(store_res.usage, "initiate") name = gssnames.Name(princ_name) retrieved_creds = gsscreds.Credentials(name=name, store=store) self.assertIsNotNone(retrieved_creds)