Python AcquireCredentialsHandle Examples

Example #1

    def __init__(self,
                 pkg_name,
                 spn=None,
                 scflags=None,
                 datarep=sspicon.SECURITY_NETWORK_DREP):
        self.spn = spn
        self.datarep = datarep

        if scflags is None:
            scflags = (sspicon.ASC_REQ_INTEGRITY
                       | sspicon.ASC_REQ_SEQUENCE_DETECT
                       | sspicon.ASC_REQ_REPLAY_DETECT
                       | sspicon.ASC_REQ_CONFIDENTIALITY)
        # Should we default to sspicon.KerbAddExtraCredentialsMessage
        # if pkg_name=='Kerberos'?
        self.scflags = scflags

        self.pkg_info = win32security.QuerySecurityPackageInfo(pkg_name)

        (
            self.credentials,
            self.credentials_expiry,
        ) = win32security.AcquireCredentialsHandle(spn, self.pkg_info["Name"],
                                                   sspicon.SECPKG_CRED_INBOUND,
                                                   None, None)
        _BaseAuth.__init__(self)

Example #2

    def __init__(
            self,
            pkg_name,  # Name of the package to used.
            client_name=None,  # User for whom credentials are used.
            auth_info=None,  # or a tuple of (username, domain, password)
            targetspn=None,  # Target security context provider name.
            scflags=None,  # security context flags
            datarep=sspicon.SECURITY_NETWORK_DREP):

        if scflags is None:
            scflags = sspicon.ISC_REQ_INTEGRITY | sspicon.ISC_REQ_SEQUENCE_DETECT | sspicon.ISC_REQ_REPLAY_DETECT | sspicon.ISC_REQ_CONFIDENTIALITY  #|sspicon.SEC_WINNT_AUTH_IDENTITY_ANSI

        self.scflags = scflags
        self.datarep = datarep
        self.targetspn = targetspn

        username = win32api.GetUserName()
        domain = win32api.GetDomainName()
        password = None

        auth_info = username, domain, password

        self.pkg_info = win32security.QuerySecurityPackageInfo(pkg_name)
        self.credentials, \
        self.credentials_expiry = win32security.AcquireCredentialsHandle(
            client_name, self.pkg_info['Name'],
            sspicon.SECPKG_CRED_OUTBOUND,
            None, auth_info)
        _BaseAuth.__init__(self)

Example #3

 def __init__(
     self,
     pkg_name,  # Name of the package to used.
     client_name=None,  # User for whom credentials are used.
     auth_info=None,  # or a tuple of (username, domain, password)
     targetspn=None,  # Target security context provider name.
     scflags=None,  # security context flags
     datarep=sspicon.SECURITY_NETWORK_DREP,
 ):
     if scflags is None:
         scflags = (sspicon.ISC_REQ_INTEGRITY
                    | sspicon.ISC_REQ_SEQUENCE_DETECT
                    | sspicon.ISC_REQ_REPLAY_DETECT
                    | sspicon.ISC_REQ_CONFIDENTIALITY)
     self.scflags = scflags
     self.datarep = datarep
     self.targetspn = targetspn
     self.pkg_info = win32security.QuerySecurityPackageInfo(pkg_name)
     (
         self.credentials,
         self.credentials_expiry,
     ) = win32security.AcquireCredentialsHandle(
         client_name,
         self.pkg_info["Name"],
         sspicon.SECPKG_CRED_OUTBOUND,
         None,
         auth_info,
     )
     _BaseAuth.__init__(self)

Example #4

File: integration_sspi.py Project: zjw88282740/ntlmlib

    def __init__(self,
                 pkg_name,
                 spn=None,
                 flags=None,
                 data_representation=sspicon.SECURITY_NETWORK_DREP):
        self.spn = spn
        self.datarep = data_representation

        if flags is None:
            flags = sspicon.ASC_REQ_REPLAY_DETECT | sspicon.ASC_REQ_SEQUENCE_DETECT
            # sspicon.ASC_REQ_INTEGRITY|sspicon.ASC_REQ_SEQUENCE_DETECT|\
            #sspicon.ASC_REQ_REPLAY_DETECT|sspicon.ASC_REQ_CONFIDENTIALITY

        self.scflags = flags
        self.pkg_info = win32security.QuerySecurityPackageInfo(pkg_name)
        self.credentials, \
        self.credentials_expiry=win32security.AcquireCredentialsHandle(spn,
                self.pkg_info['Name'], sspicon.SECPKG_CRED_INBOUND, None, None)
        _BaseAuth.__init__(self)

Example #5

File: sspi.py Project: dshelt10/ITSC3155_spring2021_dshelt10

    # we want to use for this example.
    ssp = "Kerberos"  # or "NTLM" or "Negotiate" which enable negotiation between
    # Kerberos (prefered) and NTLM (if not supported on the other side).

    flags = (
        sspicon.ISC_REQ_MUTUAL_AUTH |  # mutual authentication
        sspicon.ISC_REQ_INTEGRITY |  # check for integrity
        sspicon.ISC_REQ_SEQUENCE_DETECT |  # enable out-of-order messages
        sspicon.ISC_REQ_CONFIDENTIALITY |  # request confidentiality
        sspicon.ISC_REQ_REPLAY_DETECT  # request replay detection
    )

    # Get our identity, mandatory for the Kerberos case *for this example*
    # Kerberos cannot be used if we don't tell it the target we want
    # to authenticate to.
    cred_handle, exp = win32security.AcquireCredentialsHandle(
        None, ssp, sspicon.SECPKG_CRED_INBOUND, None, None)
    cred = cred_handle.QueryCredentialsAttributes(
        sspicon.SECPKG_CRED_ATTR_NAMES)
    print("We are:", cred)

    # Setup the 2 contexts. In real life, only one is needed: the other one is
    # created in the process we want to communicate with.
    sspiclient = ClientAuth(ssp, scflags=flags, targetspn=cred)
    sspiserver = ServerAuth(ssp, scflags=flags)

    print("SSP : %s (%s)" %
          (sspiclient.pkg_info["Name"], sspiclient.pkg_info["Comment"]))

    # Perform the authentication dance, each loop exchanging more information
    # on the way to completing authentication.
    sec_buffer = None