async def login(self, username, password=None, auth_info=None, servers=[]): if self.settings["nex.version"] < 40000: result = await self.login_old(username, auth_info) elif self.settings["nex.version"] < 40400: result = await self.login_switch(username, auth_info) else: result = await self.login_with_param(username, auth_info) secure_station = result.secure_station kerberos_key = result.source_key if not kerberos_key: if password is None: raise ValueError("A password is required for this account") # Derive kerberos key from password kerberos_key = self.key_derivation.derive_key( password.encode(), result.pid) # Decrypt ticket from login response ticket = kerberos.ClientTicket.decrypt(result.ticket, kerberos_key, self.settings) if ticket.target != secure_station["PID"]: # Request ticket for secure server response = await self.auth_proto.request_ticket( result.pid, secure_station["PID"]) # Check for errors and decrypt ticket response.result.raise_if_error() ticket = kerberos.ClientTicket.decrypt(response.ticket, kerberos_key, self.settings) creds = kerberos.Credentials(ticket, result.pid, secure_station["CID"]) # The secure server may reside at the same # address as the authentication server host = secure_station["address"] port = secure_station["port"] if host == "0.0.0.1": host, port = self.auth_host, self.auth_port # Connect to secure server stream_id = secure_station["sid"] context = tls.TLSContext() context.load_default_authorities() async with rmc.connect(self.settings, host, port, stream_id, context, creds, servers) as client: yield client
async def test_credentials(): s = settings.default() async def handler(client): assert client.pid() == 1000 ticket = kerberos.ServerTicket() ticket.timestamp = common.DateTime.now() ticket.source = 1000 ticket.session_key = bytes(32) data = ticket.encrypt(b"server key", s) ticket = kerberos.ClientTicket() ticket.session_key = bytes(32) ticket.target = 1001 ticket.internal = data creds = kerberos.Credentials(ticket, 1000, 2000) async with prudp.serve(handler, s, HOST, 12345, key=b"server key"): async with prudp.connect(s, HOST, 12345, credentials=creds) as client: assert client.pid() == 1000
def test_credentials(): ticket = kerberos.ClientTicket() creds = kerberos.Credentials(ticket, 1000, 2000) assert creds.ticket == ticket assert creds.pid == 1000 assert creds.cid == 2000