def negotiate_server(self): token = self._inner.read() self.client_ctx = gensec.Security.start_server(settings=self.settings, auth_context=auth.AuthContext(lp_ctx=self.lp_ctx)) # gssapi.SecurityContext(name=self.server_name, usage='initiate', # flags=self.flags) creds = Credentials() creds.guess(self.lp_ctx) creds.set_machine_account(self.lp_ctx) self.client_ctx.set_credentials(creds) self.client_ctx.start_mech_by_name("spnego") # token = b'' server_finished = False while not server_finished: log.debug('Doing step') server_finished, server_to_client = self.client_ctx.update(token) self._inner.write(server_to_client) if not server_finished: token = self._inner.read() else: log.debug('GSSAPI Handshake done') self._inner.write_handshake_done(server_to_client)
def test_max_update_size(self): """Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC""" """Start up a client and server GENSEC instance to test things with""" self.gensec_client = gensec.Security.start_client(self.settings) self.gensec_client.set_credentials(self.get_credentials()) self.gensec_client.want_feature(gensec.FEATURE_SIGN) self.gensec_client.set_max_update_size(5) self.gensec_client.start_mech_by_name("spnego") self.gensec_server = gensec.Security.start_server( settings=self.settings, auth_context=auth.AuthContext(lp_ctx=self.lp_ctx)) creds = Credentials() creds.guess(self.lp_ctx) creds.set_machine_account(self.lp_ctx) self.gensec_server.set_credentials(creds) self.gensec_server.want_feature(gensec.FEATURE_SIGN) self.gensec_server.set_max_update_size(5) self.gensec_server.start_mech_by_name("spnego") client_finished = False server_finished = False server_to_client = b"" """Run the actual call loop""" i = 0 while not client_finished or not server_finished: i += 1 if not client_finished: print("running client gensec_update: %d: %r" % (len(server_to_client), server_to_client)) (client_finished, client_to_server ) = self.gensec_client.update(server_to_client) if not server_finished: print("running server gensec_update: %d: %r" % (len(client_to_server), client_to_server)) (server_finished, server_to_client ) = self.gensec_server.update(client_to_server) """Here we expect a lot more than the typical 1 or 2 roundtrips""" self.assertTrue(i > 10) session_info = self.gensec_server.session_info() test_bytes = b"Hello Server" test_wrapped = self.gensec_client.wrap(test_bytes) test_unwrapped = self.gensec_server.unwrap(test_wrapped) self.assertEqual(test_bytes, test_unwrapped) test_bytes = b"Hello Client" test_wrapped = self.gensec_server.wrap(test_bytes) test_unwrapped = self.gensec_client.unwrap(test_wrapped) self.assertEqual(test_bytes, test_unwrapped) client_session_key = self.gensec_client.session_key() server_session_key = self.gensec_server.session_key() self.assertEqual(client_session_key, server_session_key)
def test_update(self): """Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC""" """Start up a client and server GENSEC instance to test things with""" self.gensec_client = gensec.Security.start_client(self.settings) self.gensec_client.set_credentials(self.get_credentials()) self.gensec_client.want_feature(gensec.FEATURE_SEAL) self.gensec_client.start_mech_by_sasl_name("GSSAPI") self.gensec_server = gensec.Security.start_server( settings=self.settings, auth_context=auth.AuthContext(lp_ctx=self.lp_ctx)) creds = Credentials() creds.guess(self.lp_ctx) creds.set_machine_account(self.lp_ctx) self.gensec_server.set_credentials(creds) self.gensec_server.want_feature(gensec.FEATURE_SEAL) self.gensec_server.start_mech_by_sasl_name("GSSAPI") client_finished = False server_finished = False server_to_client = b"" """Run the actual call loop""" while not client_finished and not server_finished: if not client_finished: print("running client gensec_update") (client_finished, client_to_server ) = self.gensec_client.update(server_to_client) if not server_finished: print("running server gensec_update") (server_finished, server_to_client ) = self.gensec_server.update(client_to_server) session_info = self.gensec_server.session_info() test_bytes = b"Hello Server" test_wrapped = self.gensec_client.wrap(test_bytes) test_unwrapped = self.gensec_server.unwrap(test_wrapped) self.assertEqual(test_bytes, test_unwrapped) test_bytes = b"Hello Client" test_wrapped = self.gensec_server.wrap(test_bytes) test_unwrapped = self.gensec_client.unwrap(test_wrapped) self.assertEqual(test_bytes, test_unwrapped) client_session_key = self.gensec_client.session_key() server_session_key = self.gensec_server.session_key() self.assertEqual(client_session_key, server_session_key)
def test_auth_context_gensec_start_server(self): a = auth.AuthContext(ldb=42, methods=['sam']) # there is no failure yet because the ldb is not actually # dereferenced. g = gensec.Security.start_server(auth_context=a)
def _test_update(self, mech, client_mech=None, client_only_opt=None): """Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC""" """Start up a client and server GENSEC instance to test things with""" if client_only_opt: orig_client_opt = self.lp_ctx.get(client_only_opt) if not orig_client_opt: orig_client_opt = '' self.lp_ctx.set(client_only_opt, "yes") self.gensec_client = gensec.Security.start_client(self.settings) self.gensec_client.set_credentials(self.get_credentials()) self.gensec_client.want_feature(gensec.FEATURE_SEAL) if client_mech is not None: self.gensec_client.start_mech_by_name(client_mech) else: self.gensec_client.start_mech_by_sasl_name(mech) if client_only_opt: self.lp_ctx.set(client_only_opt, "no") self.gensec_server = gensec.Security.start_server( settings=self.settings, auth_context=auth.AuthContext(lp_ctx=self.lp_ctx)) creds = Credentials() creds.guess(self.lp_ctx) creds.set_machine_account(self.lp_ctx) self.gensec_server.set_credentials(creds) self.gensec_server.want_feature(gensec.FEATURE_SEAL) self.gensec_server.start_mech_by_sasl_name(mech) client_finished = False server_finished = False server_to_client = b"" client_to_server = b"" """Run the actual call loop""" while True: if not client_finished: if client_only_opt: self.lp_ctx.set(client_only_opt, "yes") print("running client gensec_update") try: (client_finished, client_to_server ) = self.gensec_client.update(server_to_client) except samba.NTSTATUSError as nt: raise AssertionError(nt) if client_only_opt: self.lp_ctx.set(client_only_opt, "no") if not server_finished: print("running server gensec_update") try: (server_finished, server_to_client ) = self.gensec_server.update(client_to_server) except samba.NTSTATUSError as nt: raise AssertionError(nt) if client_finished and server_finished: break if client_only_opt: self.lp_ctx.set(client_only_opt, orig_client_opt) self.assertTrue(server_finished) self.assertTrue(client_finished) session_info = self.gensec_server.session_info() test_bytes = b"Hello Server" try: test_wrapped = self.gensec_client.wrap(test_bytes) test_unwrapped = self.gensec_server.unwrap(test_wrapped) except samba.NTSTATUSError as e: self.fail(str(e)) self.assertEqual(test_bytes, test_unwrapped) test_bytes = b"Hello Client" test_wrapped = self.gensec_server.wrap(test_bytes) test_unwrapped = self.gensec_client.unwrap(test_wrapped) self.assertEqual(test_bytes, test_unwrapped) client_session_key = self.gensec_client.session_key() server_session_key = self.gensec_server.session_key() self.assertEqual(client_session_key, server_session_key)