def test_add_cred(self):
target_name = gb.import_name(TARGET_SERVICE_NAME,
gb.NameType.hostbased_service)
client_ctx_resp = gb.init_sec_context(target_name)
client_token = client_ctx_resp[3]
del client_ctx_resp # free all the things (except the token)!
server_name = gb.import_name(SERVICE_PRINCIPAL,
gb.NameType.kerberos_principal)
server_creds = gb.acquire_cred(server_name, usage='both')[0]
server_ctx_resp = gb.accept_sec_context(client_token,
acceptor_creds=server_creds)
input_creds = gb.Creds()
imp_resp = gb.add_cred(input_creds, server_ctx_resp[1],
gb.MechType.kerberos)
imp_resp.shouldnt_be_none()
new_creds, actual_mechs, output_init_ttl, output_accept_ttl = imp_resp
actual_mechs.shouldnt_be_empty()
actual_mechs.should_include(gb.MechType.kerberos)
output_init_ttl.should_be_a(int)
output_accept_ttl.should_be_a(int)
new_creds.should_be_a(gb.Creds)
def test_store_into_add_from(self):
CCACHE = 'FILE:{tmpdir}/other_ccache'.format(tmpdir=self.realm.tmpdir)
KT = '{tmpdir}/other_keytab'.format(tmpdir=self.realm.tmpdir)
store = {'ccache': CCACHE, 'keytab': KT}
princ_name = 'service/cs@' + self.realm.realm
self.realm.addprinc(princ_name)
self.realm.extract_keytab(princ_name, KT)
self.realm.kinit(princ_name, None, ['-k', '-t', KT])
initial_creds = gsscreds.Credentials(name=None, usage='initiate')
store_res = initial_creds.store(store, overwrite=True)
store_res.mechs.shouldnt_be_none()
store_res.mechs.shouldnt_be_empty()
store_res.usage.should_be('initiate')
name = gssnames.Name(princ_name)
input_creds = gsscreds.Credentials(gb.Creds())
retrieved_creds = input_creds.add(name,
gb.MechType.kerberos,
store=store)
retrieved_creds.shouldnt_be_none()
retrieved_creds.should_be_a(gsscreds.Credentials)
def test_add_with_impersonate(self):
server_name = gssnames.Name(SERVICE_PRINCIPAL,
gb.NameType.kerberos_principal)
password = self.realm.password("user")
self.realm.kinit(self.realm.user_princ,
password=password,
flags=["-f"])
client_ctx = gssctx.SecurityContext(
name=server_name, flags=gb.RequirementFlag.delegate_to_peer)
client_token = client_ctx.step()
self.realm.kinit(SERVICE_PRINCIPAL.decode("utf-8"), flags=["-k"])
server_creds = gsscreds.Credentials(usage="both")
server_ctx = gssctx.SecurityContext(creds=server_creds)
server_ctx.step(client_token)
self.assertTrue(server_ctx.complete)
# use empty creds to test here
input_creds = gsscreds.Credentials(gb.Creds())
new_creds = input_creds.add(server_name,
gb.MechType.kerberos,
impersonator=server_ctx.delegated_creds,
usage='initiate')
self.assertIsInstance(new_creds, gsscreds.Credentials)
def test_add(self):
input_creds = gsscreds.Credentials(gb.Creds())
name = gssnames.Name(SERVICE_PRINCIPAL)
new_creds = input_creds.add(name,
gb.MechType.kerberos,
usage='initiate')
self.assertIsInstance(new_creds, gsscreds.Credentials)
def test_add(self):
input_creds = gsscreds.Credentials(gb.Creds())
name = gssnames.Name(SERVICE_PRINCIPAL)
new_creds = input_creds.add(name,
gb.MechType.kerberos,
usage='initiate')
new_creds.shouldnt_be_none()
new_creds.should_be_a(gsscreds.Credentials)
def test_add_with_impersonate(self):
target_name = gssnames.Name(TARGET_SERVICE_NAME,
gb.NameType.hostbased_service)
client_ctx = gssctx.SecurityContext(name=target_name)
client_token = client_ctx.step()
server_creds = gsscreds.Credentials(usage='both')
server_ctx = gssctx.SecurityContext(creds=server_creds, usage='accept')
server_ctx.step(client_token)
# use empty creds to test here
input_creds = gsscreds.Credentials(gb.Creds())
new_creds = input_creds.add(server_ctx.initiator_name,
gb.MechType.kerberos,
impersonator=server_creds,
usage='initiate')
new_creds.shouldnt_be(None)
new_creds.should_be_a(gsscreds.Credentials)
def test_add_cred_with_password(self):
password = self.realm.password('user')
self.realm.kinit(self.realm.user_princ, password=password)
name = gb.import_name(b'user', gb.NameType.kerberos_principal)
input_creds = gb.Creds()
imp_resp = gb.add_cred_with_password(input_creds, name,
gb.MechType.kerberos,
password.encode('UTF-8'))
imp_resp.shouldnt_be_none()
new_creds, actual_mechs, output_init_ttl, output_accept_ttl = imp_resp
actual_mechs.shouldnt_be_empty()
actual_mechs.should_include(gb.MechType.kerberos)
output_init_ttl.should_be_a(int)
output_accept_ttl.should_be_a(int)
new_creds.should_be_a(gb.Creds)
def test_store_into_add_from(self):
CCACHE = 'FILE:{tmpdir}/other_ccache'.format(tmpdir=self.realm.tmpdir)
KT = '{tmpdir}/other_keytab'.format(tmpdir=self.realm.tmpdir)
store = {'ccache': CCACHE, 'keytab': KT}
princ_name = 'service/cs@' + self.realm.realm
self.realm.addprinc(princ_name)
self.realm.extract_keytab(princ_name, KT)
self.realm.kinit(princ_name, None, ['-k', '-t', KT])
initial_creds = gsscreds.Credentials(name=None, usage='initiate')
store_res = initial_creds.store(store, overwrite=True)
self.assertIsNotNone(store_res.mechs)
self.assertGreater(len(store_res.mechs), 0)
self.assertEqual(store_res.usage, "initiate")
name = gssnames.Name(princ_name)
input_creds = gsscreds.Credentials(gb.Creds())
retrieved_creds = input_creds.add(name,
gb.MechType.kerberos,
store=store)
self.assertIsInstance(retrieved_creds, gsscreds.Credentials)