async def login(self, client, username):
assert username == "username"
pid = 1001
stick = kerberos.ServerTicket()
stick.timestamp = common.DateTime.now()
stick.source = pid
stick.session_key = bytes(32)
ctick = kerberos.ClientTicket()
ctick.session_key = bytes(32)
ctick.target = 100
ctick.internal = stick.encrypt(b"testkey", self.settings)
kerb = kerberos.KeyDerivationOld(65000, 1024)
key = kerb.derive_key(b"password", pid)
connection_data = authentication.RVConnectionData()
connection_data.main_station = common.StationURL(address=HOST,
port=12346,
PID=100,
sid=1)
connection_data.special_protocols = []
connection_data.special_station = common.StationURL()
connection_data.server_time = common.DateTime.now()
response = rmc.RMCResponse()
response.result = common.Result.success()
response.pid = pid
response.ticket = ctick.encrypt(key, self.settings)
response.connection_data = connection_data
response.server_name = "server build name"
return response
def generate_ticket(self, user_pid, server_pid, user_key, server_key):
session_key = secrets.token_bytes(32)
internal = kerberos.ServerTicket()
internal.timestamp = common.DateTime.now()
internal.source = user_pid
internal.session_key = session_key
ticket = kerberos.ClientTicket()
ticket.session_key = session_key
ticket.target = server_pid
ticket.internal = internal.encrypt(server_key, self.settings)
return ticket.encrypt(user_key, self.settings)
def test_client_ticket():
ticket = kerberos.ClientTicket()
ticket.session_key = bytes(range(32))
ticket.internal = b"internal buffer"
ticket.target = 123456
s = settings.default()
data = ticket.encrypt(b"key", s)
ticket = kerberos.ClientTicket.decrypt(data, b"key", s)
assert ticket.session_key == bytes(range(32))
assert ticket.internal == b"internal buffer"
assert ticket.target == 123456
def generate_ticket(self, source, target):
settings = self.settings
user_key = derive_key(source)
server_key = derive_key(target)
session_key = secrets.token_bytes(settings.get("kerberos.key_size"))
internal = kerberos.ServerTicket()
internal.expiration = common.DateTime.fromtimestamp(time.time() + 120)
internal.source_pid = source.pid
internal.session_key = session_key
ticket = kerberos.ClientTicket()
ticket.session_key = session_key
ticket.target_pid = target.pid
ticket.internal = internal.encrypt(server_key, settings)
return ticket.encrypt(user_key, settings)
def generate_ticket(self, source, target):
settings = self.settings
user_key = derive_key(source)
server_key = derive_key(target)
session_key = secrets.token_bytes(settings["kerberos.key_size"])
internal = kerberos.ServerTicket()
internal.timestamp = common.DateTime.now()
internal.source = source.pid
internal.session_key = session_key
ticket = kerberos.ClientTicket()
ticket.session_key = session_key
ticket.target = target.pid
ticket.internal = internal.encrypt(server_key, settings)
return ticket.encrypt(user_key, settings)
async def test_credentials():
s = settings.default()
async def handler(client):
assert client.pid() == 1000
ticket = kerberos.ServerTicket()
ticket.timestamp = common.DateTime.now()
ticket.source = 1000
ticket.session_key = bytes(32)
data = ticket.encrypt(b"server key", s)
ticket = kerberos.ClientTicket()
ticket.session_key = bytes(32)
ticket.target = 1001
ticket.internal = data
creds = kerberos.Credentials(ticket, 1000, 2000)
async with prudp.serve(handler, s, HOST, 12345, key=b"server key"):
async with prudp.connect(s, HOST, 12345, credentials=creds) as client:
assert client.pid() == 1000
def login(self, username, password, auth_info=None, login_data=None):
# Call login method on authentication protocol
if auth_info:
response = self.auth_proto.login_ex(username, auth_info)
else:
response = self.auth_proto.login(username)
# Check for errors
response.result.raise_if_error()
self.my_pid = response.pid
secure_station = response.connection_data.main_station
# Derive kerberos key from password
kerberos_key = self.key_derivation.derive_key(password.encode("ascii"),
response.pid)
# Decrypt ticket from login response
ticket = kerberos.ClientTicket(response.ticket)
ticket.decrypt(kerberos_key, self.settings)
if ticket.target_pid != secure_station["PID"]:
# Request ticket for secure server
response = self.auth_proto.request_ticket(self.my_pid,
secure_station["PID"])
# Check for errors and decrypt ticket
response.result.raise_if_error()
ticket = kerberos.ClientTicket(response.ticket)
ticket.decrypt(kerberos_key, self.settings)
ticket.source_pid = self.my_pid
ticket.target_cid = secure_station["CID"]
# The secure server may reside at the same
# address as the authentication server
host = secure_station["address"]
port = secure_station["port"]
if host == "0.0.0.1":
host, port = self.auth_client.remote_address()
# Connect to secure server
server_sid = secure_station["sid"]
if not self.secure_client.connect(host, port, server_sid, ticket):
raise ConnectionError("Couldn't connect to secure server")
# Create a stationurl for our local client address
client_addr = self.secure_client.local_address()
self.local_station = common.StationUrl(
address=client_addr[0],
port=client_addr[1],
sid=self.secure_client.stream_id(),
natm=0,
natf=0,
upnp=0,
pmp=0)
# Register urls on secure server
if login_data:
response = self.secure_proto.register_ex([self.local_station],
login_data)
else:
response = self.secure_proto.register([self.local_station])
# Check for errors and update urls
response.result.raise_if_error()
self.public_station = response.public_station
self.public_station["RVCID"] = response.connection_id
self.local_station["RVCID"] = response.connection_id
def login(self, username, password=None, auth_info=None, login_data=None):
if self.settings.get("nex.version") < 40500:
result = self.login_normal(username, auth_info)
else:
result = self.login_with_param(username, auth_info)
self.pid = result.pid
secure_station = result.secure_station
kerberos_key = result.ticket_key
if not kerberos_key:
if not password:
raise ValueError("A password is required for this account")
# Derive kerberos key from password
kerberos_key = self.key_derivation.derive_key(
password.encode(), self.pid)
# Decrypt ticket from login response
ticket = kerberos.ClientTicket()
ticket.decrypt(result.ticket, kerberos_key, self.settings)
if ticket.target_pid != secure_station["PID"]:
# Request ticket for secure server
response = self.auth_proto.request_ticket(self.pid,
secure_station["PID"])
# Check for errors and decrypt ticket
response.result.raise_if_error()
ticket = kerberos.ClientTicket()
ticket.decrypt(response.ticket, kerberos_key, self.settings)
ticket.source_pid = self.pid
ticket.target_cid = secure_station["CID"]
# The secure server may reside at the same
# address as the authentication server
host = secure_station["address"]
port = secure_station["port"]
if host == "0.0.0.1":
host, port = self.auth_client.remote_address()
# Connect to secure server
server_sid = secure_station["sid"]
if not self.secure_client.connect(host, port, server_sid, ticket):
raise ConnectionError("Couldn't connect to secure server")
# Create a stationurl for our local client address
client_addr = self.secure_client.local_address()
self.local_station = common.StationURL(
address=client_addr[0],
port=client_addr[1],
sid=self.secure_client.stream_id(),
natm=0,
natf=0,
upnp=0,
pmp=0)
# Register urls on secure server
if login_data:
response = self.secure_proto.register_ex([self.local_station],
login_data)
else:
response = self.secure_proto.register([self.local_station])
# Check for errors and update urls
response.result.raise_if_error()
self.public_station = response.public_station
self.public_station["RVCID"] = response.connection_id
self.local_station["RVCID"] = response.connection_id
def test_credentials():
ticket = kerberos.ClientTicket()
creds = kerberos.Credentials(ticket, 1000, 2000)
assert creds.ticket == ticket
assert creds.pid == 1000
assert creds.cid == 2000