def __init__(self, pkg_name, spn=None, scflags=None, datarep=sspicon.SECURITY_NETWORK_DREP): self.spn = spn self.datarep = datarep if scflags is None: scflags = (sspicon.ASC_REQ_INTEGRITY | sspicon.ASC_REQ_SEQUENCE_DETECT | sspicon.ASC_REQ_REPLAY_DETECT | sspicon.ASC_REQ_CONFIDENTIALITY) # Should we default to sspicon.KerbAddExtraCredentialsMessage # if pkg_name=='Kerberos'? self.scflags = scflags self.pkg_info = win32security.QuerySecurityPackageInfo(pkg_name) ( self.credentials, self.credentials_expiry, ) = win32security.AcquireCredentialsHandle(spn, self.pkg_info["Name"], sspicon.SECPKG_CRED_INBOUND, None, None) _BaseAuth.__init__(self)
def __init__( self, pkg_name, # Name of the package to used. client_name=None, # User for whom credentials are used. auth_info=None, # or a tuple of (username, domain, password) targetspn=None, # Target security context provider name. scflags=None, # security context flags datarep=sspicon.SECURITY_NETWORK_DREP): if scflags is None: scflags = sspicon.ISC_REQ_INTEGRITY | sspicon.ISC_REQ_SEQUENCE_DETECT | sspicon.ISC_REQ_REPLAY_DETECT | sspicon.ISC_REQ_CONFIDENTIALITY #|sspicon.SEC_WINNT_AUTH_IDENTITY_ANSI self.scflags = scflags self.datarep = datarep self.targetspn = targetspn username = win32api.GetUserName() domain = win32api.GetDomainName() password = None auth_info = username, domain, password self.pkg_info = win32security.QuerySecurityPackageInfo(pkg_name) self.credentials, \ self.credentials_expiry = win32security.AcquireCredentialsHandle( client_name, self.pkg_info['Name'], sspicon.SECPKG_CRED_OUTBOUND, None, auth_info) _BaseAuth.__init__(self)
def __init__( self, pkg_name, # Name of the package to used. client_name=None, # User for whom credentials are used. auth_info=None, # or a tuple of (username, domain, password) targetspn=None, # Target security context provider name. scflags=None, # security context flags datarep=sspicon.SECURITY_NETWORK_DREP, ): if scflags is None: scflags = (sspicon.ISC_REQ_INTEGRITY | sspicon.ISC_REQ_SEQUENCE_DETECT | sspicon.ISC_REQ_REPLAY_DETECT | sspicon.ISC_REQ_CONFIDENTIALITY) self.scflags = scflags self.datarep = datarep self.targetspn = targetspn self.pkg_info = win32security.QuerySecurityPackageInfo(pkg_name) ( self.credentials, self.credentials_expiry, ) = win32security.AcquireCredentialsHandle( client_name, self.pkg_info["Name"], sspicon.SECPKG_CRED_OUTBOUND, None, auth_info, ) _BaseAuth.__init__(self)
def __init__(self, pkg_name, spn=None, flags=None, data_representation=sspicon.SECURITY_NETWORK_DREP): self.spn = spn self.datarep = data_representation if flags is None: flags = sspicon.ASC_REQ_REPLAY_DETECT | sspicon.ASC_REQ_SEQUENCE_DETECT # sspicon.ASC_REQ_INTEGRITY|sspicon.ASC_REQ_SEQUENCE_DETECT|\ #sspicon.ASC_REQ_REPLAY_DETECT|sspicon.ASC_REQ_CONFIDENTIALITY self.scflags = flags self.pkg_info = win32security.QuerySecurityPackageInfo(pkg_name) self.credentials, \ self.credentials_expiry=win32security.AcquireCredentialsHandle(spn, self.pkg_info['Name'], sspicon.SECPKG_CRED_INBOUND, None, None) _BaseAuth.__init__(self)
# we want to use for this example. ssp = "Kerberos" # or "NTLM" or "Negotiate" which enable negotiation between # Kerberos (prefered) and NTLM (if not supported on the other side). flags = ( sspicon.ISC_REQ_MUTUAL_AUTH | # mutual authentication sspicon.ISC_REQ_INTEGRITY | # check for integrity sspicon.ISC_REQ_SEQUENCE_DETECT | # enable out-of-order messages sspicon.ISC_REQ_CONFIDENTIALITY | # request confidentiality sspicon.ISC_REQ_REPLAY_DETECT # request replay detection ) # Get our identity, mandatory for the Kerberos case *for this example* # Kerberos cannot be used if we don't tell it the target we want # to authenticate to. cred_handle, exp = win32security.AcquireCredentialsHandle( None, ssp, sspicon.SECPKG_CRED_INBOUND, None, None) cred = cred_handle.QueryCredentialsAttributes( sspicon.SECPKG_CRED_ATTR_NAMES) print("We are:", cred) # Setup the 2 contexts. In real life, only one is needed: the other one is # created in the process we want to communicate with. sspiclient = ClientAuth(ssp, scflags=flags, targetspn=cred) sspiserver = ServerAuth(ssp, scflags=flags) print("SSP : %s (%s)" % (sspiclient.pkg_info["Name"], sspiclient.pkg_info["Comment"])) # Perform the authentication dance, each loop exchanging more information # on the way to completing authentication. sec_buffer = None