def test_acquire_creds_impersonate_name(self): target_name = gb.importName(TARGET_SERVICE_NAME) client_ctx_resp = gb.initSecContext(target_name) client_token = client_ctx_resp[3] del client_ctx_resp # free all the things (except the token)! server_name = gb.importName(SERVICE_PRINCIPAL, gb.NameType.principal) server_creds = gb.acquireCred(server_name, cred_usage='both')[0] server_ctx_resp = gb.acceptSecContext(client_token, acceptor_cred=server_creds) imp_resp = gb.acquireCredImpersonateName(server_creds, server_ctx_resp[1]) imp_resp.shouldnt_be_none() imp_creds, actual_mechs, output_ttl = imp_resp imp_creds.shouldnt_be_none() imp_creds.should_be_a(gb.Creds) actual_mechs.shouldnt_be_empty() actual_mechs.should_include(gb.MechType.kerberos) output_ttl.should_be_a(int)
def test_inquire_context(self): target_name = gb.importName(TARGET_SERVICE_NAME) ctx_resp = gb.initSecContext(target_name) client_token1 = ctx_resp[3] client_ctx = ctx_resp[0] str_server_name = (TARGET_SERVICE_NAME + b'/' + socket.getfqdn().encode('utf-8')) server_name = gb.importName(str_server_name, gb.NameType.principal) server_creds = gb.acquireCred(server_name)[0] server_resp = gb.acceptSecContext(client_token1, acceptor_cred=server_creds) server_tok = server_resp[3] client_resp2 = gb.initSecContext(target_name, context=client_ctx, input_token=server_tok) ctx = client_resp2[0] inq_resp = gb.inquireContext(ctx) inq_resp.shouldnt_be_none() (src_name, target_name, ttl, mech_type, flags, local_est, is_open) = inq_resp src_name.shouldnt_be_none() src_name.should_be_a(gb.Name) target_name.shouldnt_be_none() target_name.should_be_a(gb.Name) ttl.should_be_an_integer() mech_type.shouldnt_be_none() mech_type.should_be(gb.MechType.kerberos) flags.shouldnt_be_none() flags.should_be_a(list) flags.shouldnt_be_empty() local_est.should_be_a(bool) local_est.should_be_true() is_open.should_be_a(bool) is_open.should_be_true()
def test_inquire_context(self): target_name = gb.importName(TARGET_SERVICE_NAME) ctx_resp = gb.initSecContext(target_name) client_token1 = ctx_resp[3] client_ctx = ctx_resp[0] str_server_name = (TARGET_SERVICE_NAME + b'/' + socket.getfqdn().encode('utf-8')) server_name = gb.importName(str_server_name, gb.NameType.principal) server_creds = gb.acquireCred(server_name)[0] server_resp = gb.acceptSecContext(client_token1, acceptor_cred=server_creds) server_tok = server_resp[3] client_resp2 = gb.initSecContext(target_name, context=client_ctx, input_token=server_tok) ctx = client_resp2[0] inq_resp = gb.inquireContext(ctx) inq_resp.shouldnt_be_none() (src_name, target_name, ttl, mech_type, flags, local_est, is_open) = inq_resp src_name.shouldnt_be_none() src_name.should_be_a(gb.Name) target_name.shouldnt_be_none() target_name.should_be_a(gb.Name) ttl.should_be_an_integer() mech_type.shouldnt_be_none() mech_type.should_be(gb.MechType.kerberos) flags.shouldnt_be_none() flags.should_be_a(list) flags.shouldnt_be_empty() local_est.should_be_a(bool) local_est.should_be_true() is_open.should_be_a(bool) is_open.should_be_true()
def setUp(self): self.target_name = gb.importName(TARGET_SERVICE_NAME) ctx_resp = gb.initSecContext(self.target_name) self.client_token1 = ctx_resp[3] self.client_ctx = ctx_resp[0] self.server_name = gb.importName(SERVICE_PRINCIPAL, gb.NameType.principal) self.server_creds = gb.acquireCred(self.server_name)[0] server_resp = gb.acceptSecContext(self.client_token1, acceptor_cred=self.server_creds) self.server_ctx = server_resp[0] self.server_tok = server_resp[3] client_resp2 = gb.initSecContext(self.target_name, context=self.client_ctx, input_token=self.server_tok) self.client_token2 = client_resp2[3] self.client_ctx = client_resp2[0]
def initiate_new(cls, name, cred=None, context=None, mech_type=None, flags=None, ttl=0, channel_bindings=None, input_token=None): resp = gss.initSecContext(name, input_token=input_token, mech_type=mech_type, flags=flags, ttl=ttl, channel_bindings=channel_bindings, context=context) return GSSContext(resp[0], mech_type=resp[1], flags=resp[2], token=resp[3], ttl=resp[4], continue_needed=resp[5])
def setUp(self): self.target_name = gb.importName(TARGET_SERVICE_NAME) ctx_resp = gb.initSecContext(self.target_name) self.client_token1 = ctx_resp[3] self.client_ctx = ctx_resp[0] str_server_name = (TARGET_SERVICE_NAME + b'/' + socket.getfqdn().encode('utf-8')) self.server_name = gb.importName(str_server_name, gb.NameType.principal) self.server_creds = gb.acquireCred(self.server_name)[0] server_resp = gb.acceptSecContext(self.client_token1, acceptor_cred=self.server_creds) self.server_ctx = server_resp[0] self.server_tok = server_resp[3] client_resp2 = gb.initSecContext(self.target_name, context=self.client_ctx, input_token=self.server_tok) self.client_token2 = client_resp2[3] self.client_ctx = client_resp2[0]
def setUp(self): self.target_name = gb.importName(TARGET_SERVICE_NAME) ctx_resp = gb.initSecContext(self.target_name) self.client_token1 = ctx_resp[3] self.client_ctx = ctx_resp[0] str_server_name = (TARGET_SERVICE_NAME + b'/' + socket.getfqdn().encode('utf-8')) self.server_name = gb.importName(str_server_name, gb.NameType.principal) self.server_creds = gb.acquireCred(self.server_name)[0] server_resp = gb.acceptSecContext(self.client_token1, acceptor_cred=self.server_creds) self.server_ctx = server_resp[0] self.server_tok = server_resp[3] client_resp2 = gb.initSecContext(self.target_name, context=self.client_ctx, input_token=self.server_tok) self.client_token2 = client_resp2[3] self.client_ctx = client_resp2[0]
def setUp(self): self.target_name = gb.importName(TARGET_SERVICE_NAME) ctx_resp = gb.initSecContext(self.target_name) self.client_token = ctx_resp[3] self.client_ctx = ctx_resp[0] self.client_ctx.shouldnt_be_none() self.server_name = gb.importName(SERVICE_PRINCIPAL, gb.NameType.principal) self.server_creds = gb.acquireCred(self.server_name)[0] self.server_ctx = None
def test_context_time(self): target_name = gb.importName(TARGET_SERVICE_NAME) ctx_resp = gb.initSecContext(target_name) client_token1 = ctx_resp[3] client_ctx = ctx_resp[0] server_name = gb.importName(SERVICE_PRINCIPAL, gb.NameType.principal) server_creds = gb.acquireCred(server_name)[0] server_resp = gb.acceptSecContext(client_token1, acceptor_cred=server_creds) server_tok = server_resp[3] client_resp2 = gb.initSecContext(target_name, context=client_ctx, input_token=server_tok) ctx = client_resp2[0] ttl = gb.contextTime(ctx) ttl.should_be_an_integer() ttl.should_be_greater_than(0)
def test_context_time(self): target_name = gb.importName(TARGET_SERVICE_NAME) ctx_resp = gb.initSecContext(target_name) client_token1 = ctx_resp[3] client_ctx = ctx_resp[0] str_server_name = (TARGET_SERVICE_NAME + b'/' + socket.getfqdn().encode('utf-8')) server_name = gb.importName(str_server_name, gb.NameType.principal) server_creds = gb.acquireCred(server_name)[0] server_resp = gb.acceptSecContext(client_token1, acceptor_cred=server_creds) server_tok = server_resp[3] client_resp2 = gb.initSecContext(target_name, context=client_ctx, input_token=server_tok) ctx = client_resp2[0] ttl = gb.contextTime(ctx) ttl.should_be_an_integer() ttl.should_be_greater_than(0)
def setUp(self): self.target_name = gb.importName(TARGET_SERVICE_NAME) ctx_resp = gb.initSecContext(self.target_name) self.client_token = ctx_resp[3] self.client_ctx = ctx_resp[0] self.client_ctx.shouldnt_be_none() str_server_name = (TARGET_SERVICE_NAME + b'/' + socket.getfqdn().encode('utf-8')) self.server_name = gb.importName(str_server_name, gb.NameType.principal) self.server_creds = gb.acquireCred(self.server_name)[0] self.server_ctx = None
def initiate(self, *args, **kwargs): """ Initiate updates to a security context. Like GSSContext.initiate_new, but updates the current context in-place. """ res = gss.initSecContext(*args, context=self, **kwargs) self.mech = res[1], self.flags = res[2] self.token = res[3] self.ttl = res[4] self.continue_needed = res[5] return self
def setUp(self): self.target_name = gb.importName(TARGET_SERVICE_NAME) ctx_resp = gb.initSecContext(self.target_name) self.client_token = ctx_resp[3] self.client_ctx = ctx_resp[0] self.client_ctx.shouldnt_be_none() str_server_name = (TARGET_SERVICE_NAME + b'/' + socket.getfqdn().encode('utf-8')) self.server_name = gb.importName(str_server_name, gb.NameType.principal) self.server_creds = gb.acquireCred(self.server_name)[0] self.server_ctx = None
def setupBaseSecurityContext(self): """ Initializes a default token and security context This method gets and returns a default token, and initializes the corresponding security context :rtype: bytes :returns: the token created in the process of initializing the security context """ resp = gss.initSecContext(self.service_name, flags=self.flags, mech_type=self.mech_type, ttl=self.ttl) (self.ctx, _, _, self.token, self.last_ttl, _) = resp return self.token
def setupBaseSecurityContext(self): """ Initializes a default token and security context This method gets and returns a default token, and initializes the corresponding security context :rtype: bytes :returns: the token created in the process of initializing the security context """ resp = gss.initSecContext(self.service_name, flags=self.flags, mech_type=self.mech_type, ttl=self.ttl) (self.ctx, _, _, self.token, self.last_ttl, _) = resp return self.token
def updateSecurityContext(self, server_tok): """ Processes a server token, and updates the security context This method processes a server token, updates the internal security context, and returns the new resulting token. :param bytes server_tok: the token sent from the server :rtype: bytes :returns: the token resulting from updating the security context """ resp = gss.initSecContext(self.service_name, context=self.ctx, input_token=server_tok, flags=self.flags, mech_type=self.mech_type, ttl=self.ttl) (self.ctx, _, _, self.token, self.last_ttl, _) = resp return self.token
def updateSecurityContext(self, server_tok): """ Processes a server token, and updates the security context This method processes a server token, updates the internal security context, and returns the new resulting token. :param bytes server_tok: the token sent from the server :rtype: bytes :returns: the token resulting from updating the security context """ resp = gss.initSecContext(self.service_name, context=self.ctx, input_token=server_tok, flags=self.flags, mech_type=self.mech_type, ttl=self.ttl) (self.ctx, _, _, self.token, self.last_ttl, _) = resp return self.token
def test_basic_init_default_ctx(self): ctx_resp = gb.initSecContext(self.target_name) ctx_resp.shouldnt_be_none() (ctx, out_mech_type, out_req_flags, out_token, out_ttl, cont_needed) = ctx_resp ctx.shouldnt_be_none() ctx.should_be_a(gb.SecurityContext) out_mech_type.should_be(gb.MechType.kerberos) out_req_flags.should_be_a(list) out_req_flags.should_be_at_least_length(2) out_token.shouldnt_be_empty() out_ttl.should_be_greater_than(0) cont_needed.should_be_a(bool) gb.deleteSecContext(ctx)
def test_basic_init_default_ctx(self): ctx_resp = gb.initSecContext(self.target_name) ctx_resp.shouldnt_be_none() (ctx, out_mech_type, out_req_flags, out_token, out_ttl, cont_needed) = ctx_resp ctx.shouldnt_be_none() ctx.should_be_a(gb.SecurityContext) out_mech_type.should_be(gb.MechType.kerberos) out_req_flags.should_be_a(list) out_req_flags.should_be_at_least_length(2) out_token.shouldnt_be_empty() out_ttl.should_be_greater_than(0) cont_needed.should_be_a(bool) gb.deleteSecContext(ctx)