def test_PLAIN_bad_pass_no_authzid(self): if "PLAIN" not in gsasl_server_mechanisms: raise unittest.SkipTest( "GSASL has no PLAIN support") authenticator = sasl.client_authenticator_factory("PLAIN") auth_prop = { "username": "******", "password": "******", } ok, props = self.try_with_gsasl("PLAIN", authenticator, auth_prop) self.assertFalse(ok) self.assertFalse(props.get("authzid"))
def test_SCRAM_SHA_1_bad_pass_no_authzid(self): if "SCRAM-SHA-1" not in gsasl_server_mechanisms: raise unittest.SkipTest( "GSASL has no SCRAM-SHA-1 support") authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1") auth_prop = { "username": "******", "password": "******", } ok, dummy = self.try_with_gsasl("SCRAM-SHA-1", authenticator, auth_prop, ["--no-cb"]) self.assertFalse(ok)
def test_SCRAM_SHA_1_bad_pass_no_authzid(self): if "SCRAM-SHA-1" not in gsasl_server_mechanisms: raise unittest.SkipTest("GSASL has no SCRAM-SHA-1 support") authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1") auth_prop = { "username": u"username", "password": u"bad", } ok, dummy = self.try_with_gsasl("SCRAM-SHA-1", authenticator, auth_prop, ["--no-cb"]) self.assertFalse(ok)
def test_PLAIN_bad_pass_no_authzid(self): if "PLAIN" not in gsasl_server_mechanisms: raise unittest.SkipTest("GSASL has no PLAIN support") authenticator = sasl.client_authenticator_factory("PLAIN") auth_prop = { "username": u"username", "password": u"bad", } ok, props = self.try_with_gsasl("PLAIN", authenticator, auth_prop) self.assertFalse(ok) self.assertFalse(props.get("authzid"))
def test_SCRAM_SHA_1_quoting(self): if "SCRAM-SHA-1" not in gsasl_server_mechanisms: raise unittest.SkipTest( "GSASL has no SCRAM-SHA-1 support") authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1") auth_prop = { "username": "******", "password": "******", "authzid": "e=2,72", } ok, props = self.try_with_gsasl("SCRAM-SHA-1", authenticator, auth_prop, ["--no-cb"], username = "******") self.assertTrue(ok) self.assertEqual(props.get("authzid"), "e=2,72")
def test_SCRAM_SHA_1_good_pass_authzid(self): if "SCRAM-SHA-1" not in gsasl_server_mechanisms: raise unittest.SkipTest("GSASL has no SCRAM-SHA-1 support") authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1") auth_prop = { "username": u"username", "password": u"good", "authzid": u"zid", } ok, props = self.try_with_gsasl("SCRAM-SHA-1", authenticator, auth_prop, ["--no-cb"]) self.assertTrue(ok) self.assertEqual(props.get("authzid"), "zid")
def test_SCRAM_SHA_1_good_pass_downgrade(self): # Check protection from channel-binding downgrade. if "SCRAM-SHA-1-PLUS" not in gsasl_server_mechanisms: raise unittest.SkipTest( "GSASL has no SCRAM-SHA-1 support") authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1") auth_prop = { "enabled_mechanisms": ["SCRAM-SHA-1", "SCRAM-SHA-1-PLUS"], "username": "******", "password": "******", } cb_data = b"0123456789ab" ok, dummy = self.try_with_gsasl("SCRAM-SHA-1", authenticator, auth_prop, extra_data = standard_b64encode(cb_data)) self.assertFalse(ok)
def test_DIGEST_MD5_bad_pass_no_authzid(self): if "DIGEST-MD5" not in gsasl_server_mechanisms: raise unittest.SkipTest( "GSASL has no DIGEST-MD5 support") authenticator = sasl.client_authenticator_factory("DIGEST-MD5") auth_prop = { "username": "******", "password": "******", "service-type": "xmpp", "service-domain": "pyxmpp.jajcus.net", "service-hostname": "test.pyxmpp.jajcus.net", } ok, dummy = self.try_with_gsasl("DIGEST-MD5", authenticator, auth_prop, ["--service=xmpp", "--realm=jajcus.net", "--host=test.pyxmpp.jajcus.net", "--service-name=pyxmpp.jajcus.net"]) self.assertFalse(ok)
def test_SCRAM_SHA_1_good_pass_downgrade(self): # Check protection from channel-binding downgrade. if "SCRAM-SHA-1-PLUS" not in gsasl_server_mechanisms: raise unittest.SkipTest("GSASL has no SCRAM-SHA-1 support") authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1") auth_prop = { "enabled_mechanisms": ["SCRAM-SHA-1", "SCRAM-SHA-1-PLUS"], "username": u"username", "password": u"good", } cb_data = b"0123456789ab" ok, dummy = self.try_with_gsasl("SCRAM-SHA-1", authenticator, auth_prop, extra_data=standard_b64encode(cb_data)) self.assertFalse(ok)
def test_SCRAM_SHA_1_PLUS_bad_pw_good_cb(self): if "SCRAM-SHA-1-PLUS" not in gsasl_server_mechanisms: raise unittest.SkipTest( "GSASL has no SCRAM-SHA-1-PLUS support") authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1-PLUS") cb_data = b"0123456789ab" auth_prop = { "username": "******", "password": "******", "channel-binding": { "tls-unique": cb_data, }, } ok, dummy = self.try_with_gsasl("SCRAM-SHA-1-PLUS", authenticator, auth_prop, extra_data = standard_b64encode(cb_data)) self.assertFalse(ok)
def test_SCRAM_SHA_1_PLUS_bad_pw_good_cb(self): if "SCRAM-SHA-1-PLUS" not in gsasl_server_mechanisms: raise unittest.SkipTest("GSASL has no SCRAM-SHA-1-PLUS support") authenticator = sasl.client_authenticator_factory("SCRAM-SHA-1-PLUS") cb_data = b"0123456789ab" auth_prop = { "username": u"username", "password": u"bad", "channel-binding": { "tls-unique": cb_data, }, } ok, dummy = self.try_with_gsasl("SCRAM-SHA-1-PLUS", authenticator, auth_prop, extra_data=standard_b64encode(cb_data)) self.assertFalse(ok)
def test_DIGEST_MD5_good_pass_authzid(self): if "DIGEST-MD5" not in gsasl_server_mechanisms: raise unittest.SkipTest( "GSASL has no DIGEST-MD5 support") authenticator = sasl.client_authenticator_factory("DIGEST-MD5") auth_prop = { "username": u"username", "password": u"good", "service-type": u"xmpp", "service-domain": u"pyxmpp.jajcus.net", "service-hostname": u"test.pyxmpp.jajcus.net", "authzid": u"zid", } ok, props = self.try_with_gsasl("DIGEST-MD5", authenticator, auth_prop, ["--service=xmpp", "--realm=jajcus.net", "--host=test.pyxmpp.jajcus.net", "--service-name=pyxmpp.jajcus.net"]) self.assertTrue(ok) self.assertEqual(props.get("authzid"), u"zid")
def test_DIGEST_MD5_bad_pass_no_authzid(self): if "DIGEST-MD5" not in gsasl_server_mechanisms: raise unittest.SkipTest("GSASL has no DIGEST-MD5 support") authenticator = sasl.client_authenticator_factory("DIGEST-MD5") auth_prop = { "username": u"username", "password": u"bad", "service-type": u"xmpp", "service-domain": u"pyxmpp.jajcus.net", "service-hostname": u"test.pyxmpp.jajcus.net", } ok, dummy = self.try_with_gsasl( "DIGEST-MD5", authenticator, auth_prop, [ "--service=xmpp", "--realm=jajcus.net", "--host=test.pyxmpp.jajcus.net", "--service-name=pyxmpp.jajcus.net" ]) self.assertFalse(ok)