def test_PLAIN_bad_pass_no_authzid(self):
if "PLAIN" not in gsasl_server_mechanisms:
raise unittest.SkipTest( "GSASL has no PLAIN support")
authenticator = sasl.client_authenticator_factory("PLAIN")
auth_prop = {
"username": "******",
"password": "******",
}
ok, props = self.try_with_gsasl("PLAIN", authenticator, auth_prop)
self.assertFalse(ok)
self.assertFalse(props.get("authzid"))
def test_SCRAM_SHA_1_bad_pass_no_authzid(self):
if "SCRAM-SHA-1" not in gsasl_server_mechanisms:
raise unittest.SkipTest( "GSASL has no SCRAM-SHA-1 support")
authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1")
auth_prop = {
"username": "******",
"password": "******",
}
ok, dummy = self.try_with_gsasl("SCRAM-SHA-1", authenticator, auth_prop,
["--no-cb"])
self.assertFalse(ok)
def test_SCRAM_SHA_1_bad_pass_no_authzid(self):
if "SCRAM-SHA-1" not in gsasl_server_mechanisms:
raise unittest.SkipTest("GSASL has no SCRAM-SHA-1 support")
authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1")
auth_prop = {
"username": u"username",
"password": u"bad",
}
ok, dummy = self.try_with_gsasl("SCRAM-SHA-1", authenticator,
auth_prop, ["--no-cb"])
self.assertFalse(ok)
def test_PLAIN_bad_pass_no_authzid(self):
if "PLAIN" not in gsasl_server_mechanisms:
raise unittest.SkipTest("GSASL has no PLAIN support")
authenticator = sasl.client_authenticator_factory("PLAIN")
auth_prop = {
"username": u"username",
"password": u"bad",
}
ok, props = self.try_with_gsasl("PLAIN", authenticator, auth_prop)
self.assertFalse(ok)
self.assertFalse(props.get("authzid"))
def test_SCRAM_SHA_1_quoting(self):
if "SCRAM-SHA-1" not in gsasl_server_mechanisms:
raise unittest.SkipTest( "GSASL has no SCRAM-SHA-1 support")
authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1")
auth_prop = {
"username": "******",
"password": "******",
"authzid": "e=2,72",
}
ok, props = self.try_with_gsasl("SCRAM-SHA-1", authenticator, auth_prop,
["--no-cb"], username = "******")
self.assertTrue(ok)
self.assertEqual(props.get("authzid"), "e=2,72")
def test_SCRAM_SHA_1_good_pass_authzid(self):
if "SCRAM-SHA-1" not in gsasl_server_mechanisms:
raise unittest.SkipTest("GSASL has no SCRAM-SHA-1 support")
authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1")
auth_prop = {
"username": u"username",
"password": u"good",
"authzid": u"zid",
}
ok, props = self.try_with_gsasl("SCRAM-SHA-1", authenticator,
auth_prop, ["--no-cb"])
self.assertTrue(ok)
self.assertEqual(props.get("authzid"), "zid")
def test_SCRAM_SHA_1_good_pass_downgrade(self):
# Check protection from channel-binding downgrade.
if "SCRAM-SHA-1-PLUS" not in gsasl_server_mechanisms:
raise unittest.SkipTest( "GSASL has no SCRAM-SHA-1 support")
authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1")
auth_prop = {
"enabled_mechanisms": ["SCRAM-SHA-1",
"SCRAM-SHA-1-PLUS"],
"username": "******",
"password": "******",
}
cb_data = b"0123456789ab"
ok, dummy = self.try_with_gsasl("SCRAM-SHA-1",
authenticator, auth_prop,
extra_data = standard_b64encode(cb_data))
self.assertFalse(ok)
def test_DIGEST_MD5_bad_pass_no_authzid(self):
if "DIGEST-MD5" not in gsasl_server_mechanisms:
raise unittest.SkipTest( "GSASL has no DIGEST-MD5 support")
authenticator = sasl.client_authenticator_factory("DIGEST-MD5")
auth_prop = {
"username": "******",
"password": "******",
"service-type": "xmpp",
"service-domain": "pyxmpp.jajcus.net",
"service-hostname": "test.pyxmpp.jajcus.net",
}
ok, dummy = self.try_with_gsasl("DIGEST-MD5", authenticator, auth_prop,
["--service=xmpp", "--realm=jajcus.net",
"--host=test.pyxmpp.jajcus.net",
"--service-name=pyxmpp.jajcus.net"])
self.assertFalse(ok)
def test_SCRAM_SHA_1_good_pass_downgrade(self):
# Check protection from channel-binding downgrade.
if "SCRAM-SHA-1-PLUS" not in gsasl_server_mechanisms:
raise unittest.SkipTest("GSASL has no SCRAM-SHA-1 support")
authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1")
auth_prop = {
"enabled_mechanisms": ["SCRAM-SHA-1", "SCRAM-SHA-1-PLUS"],
"username": u"username",
"password": u"good",
}
cb_data = b"0123456789ab"
ok, dummy = self.try_with_gsasl("SCRAM-SHA-1",
authenticator,
auth_prop,
extra_data=standard_b64encode(cb_data))
self.assertFalse(ok)
def test_SCRAM_SHA_1_PLUS_bad_pw_good_cb(self):
if "SCRAM-SHA-1-PLUS" not in gsasl_server_mechanisms:
raise unittest.SkipTest( "GSASL has no SCRAM-SHA-1-PLUS support")
authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1-PLUS")
cb_data = b"0123456789ab"
auth_prop = {
"username": "******",
"password": "******",
"channel-binding": {
"tls-unique": cb_data,
},
}
ok, dummy = self.try_with_gsasl("SCRAM-SHA-1-PLUS",
authenticator,
auth_prop,
extra_data = standard_b64encode(cb_data))
self.assertFalse(ok)
def test_SCRAM_SHA_1_PLUS_bad_pw_good_cb(self):
if "SCRAM-SHA-1-PLUS" not in gsasl_server_mechanisms:
raise unittest.SkipTest("GSASL has no SCRAM-SHA-1-PLUS support")
authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1-PLUS")
cb_data = b"0123456789ab"
auth_prop = {
"username": u"username",
"password": u"bad",
"channel-binding": {
"tls-unique": cb_data,
},
}
ok, dummy = self.try_with_gsasl("SCRAM-SHA-1-PLUS",
authenticator,
auth_prop,
extra_data=standard_b64encode(cb_data))
self.assertFalse(ok)
def test_DIGEST_MD5_good_pass_authzid(self):
if "DIGEST-MD5" not in gsasl_server_mechanisms:
raise unittest.SkipTest( "GSASL has no DIGEST-MD5 support")
authenticator = sasl.client_authenticator_factory("DIGEST-MD5")
auth_prop = {
"username": u"username",
"password": u"good",
"service-type": u"xmpp",
"service-domain": u"pyxmpp.jajcus.net",
"service-hostname": u"test.pyxmpp.jajcus.net",
"authzid": u"zid",
}
ok, props = self.try_with_gsasl("DIGEST-MD5", authenticator, auth_prop,
["--service=xmpp", "--realm=jajcus.net",
"--host=test.pyxmpp.jajcus.net",
"--service-name=pyxmpp.jajcus.net"])
self.assertTrue(ok)
self.assertEqual(props.get("authzid"), u"zid")
def test_DIGEST_MD5_bad_pass_no_authzid(self):
if "DIGEST-MD5" not in gsasl_server_mechanisms:
raise unittest.SkipTest("GSASL has no DIGEST-MD5 support")
authenticator = sasl.client_authenticator_factory("DIGEST-MD5")
auth_prop = {
"username": u"username",
"password": u"bad",
"service-type": u"xmpp",
"service-domain": u"pyxmpp.jajcus.net",
"service-hostname": u"test.pyxmpp.jajcus.net",
}
ok, dummy = self.try_with_gsasl(
"DIGEST-MD5", authenticator, auth_prop, [
"--service=xmpp", "--realm=jajcus.net",
"--host=test.pyxmpp.jajcus.net",
"--service-name=pyxmpp.jajcus.net"
])
self.assertFalse(ok)
