def connect_google(ip): with requests.Session() as s: s.mount('http://', SourceAddressAdapter(ip)) s.mount('https://', SourceAddressAdapter(ip)) try: resp = s.get(URL) return resp except requests.exceptions.ConnectionError as e: return
def test_logs_different_source_address(self, browser): source = SourceAddressAdapter('127.0.0.42') browser.get_driver().requests_session.mount('http://', source) browser.open('http://localhost:%s/plone' % self.zserver_port) log_entry = self.get_log_entries()[-1] self.assertEqual('127.0.0.42', log_entry['client_ip'])
def test_source_address_adapter_tuple(poolmanager): SourceAddressAdapter(('10.10.10.10', 80)) poolmanager.PoolManager.assert_called_once_with( num_pools=DEFAULT_POOLSIZE, maxsize=DEFAULT_POOLSIZE, block=DEFAULT_POOLBLOCK, source_address=('10.10.10.10', 80))
def _prepare_request(self): with open(_join_config, "r") as config_file: config = json.load(config_file) session = requests.Session() session.mount("https://", SourceAddressAdapter(config["sps_cluster_interface_ip"])) return session
def add_new_iso_version(self, iso_pkg_obj=None): if iso_pkg_obj is None: logger.error('iso cant be None') return False else: iso_obj = iso_pkg_obj logger.info('adding_new_iso_version: %s', iso_obj) pid = self.post_id_map[iso_obj.pkgname] query = 'json=get_nonce&controller=' + self.dist + '&method=handle_request' post_url = 'https://' + self.dist + '.com/?' + query session = requests.Session() session.mount('http://', SourceAddressAdapter( (status.request_from, 0))) session.mount('https://', SourceAddressAdapter( (status.request_from, 0))) session.auth = self.auth try: req = session.get(post_url) req.raise_for_status() logger.info(req.text) req = req.json() logger.info(req) if req.get('nonce', False): nonce = req.get('nonce') query = 'json=' + self.dist + '.handle_request&nonce=' url = 'https://' + self.dist + '.com/?' + query + nonce + '&api_key=' + API_KEY post_url = url req = session.post(post_url, data=dict(pid=pid, url=iso_obj.iso_url, md5=iso_obj.iso_md5, version=iso_obj.pkgver)) req.raise_for_status() logger.info(req.text) self.success = True except Exception as err: self.success = False logger.error(err) return False return True
def handle(self, *args, **options): self.source = DataSource.objects.get(name='Arriva') if not options['terminate']: if self.source.datetime and (timezone.now() - self.source.datetime ) < timedelta(minutes=4): return # received a heartbeat recently, no need to resubscribe now = timezone.localtime() self.session = requests.Session() timestamp = now.isoformat() requestor_ref = 'HAConToBusTimesET' self.session.mount('http://', SourceAddressAdapter('10.16.0.6')) # response = self.session.get('http://icanhazip.com/') # print(response.text) # terminate any previous subscription just in case self.post(f"""<?xml version="1.0" ?> <Siri xmlns="http://www.siri.org.uk/siri" version="1.3"> <TerminateSubscriptionRequest> <RequestTimestamp>{timestamp}</RequestTimestamp> <RequestorRef>{requestor_ref}</RequestorRef> <All></All> </TerminateSubscriptionRequest> </Siri>""") termination_time = (now + timedelta(hours=24)).isoformat() # (re)subscribe if not options['terminate']: self.post(f"""<?xml version="1.0" ?> <Siri xmlns="http://www.siri.org.uk/siri" version="1.3"> <SubscriptionRequest> <RequestTimestamp>{timestamp}</RequestTimestamp> <RequestorRef>{requestor_ref}</RequestorRef> <ConsumerAddress>http://68.183.252.225/siri</ConsumerAddress> <SubscriptionContext> <HeartbeatInterval>PT2M</HeartbeatInterval> </SubscriptionContext> <EstimatedTimetableSubscriptionRequest> <SubscriberRef>{requestor_ref}</SubscriberRef> <SubscriptionIdentifier>{requestor_ref}</SubscriptionIdentifier> <InitialTerminationTime>{termination_time}</InitialTerminationTime> <EstimatedTimetableRequest version="1.3"> <RequestTimestamp>{timestamp}</RequestTimestamp> <PreviewInterval>PT2H</PreviewInterval> </EstimatedTimetableRequest> <ChangeBeforeUpdates>PT1M</ChangeBeforeUpdates> </EstimatedTimetableSubscriptionRequest> </SubscriptionRequest> </Siri>""")
def establishConfiguration(self, configFilename, requestsFromSource, proxs): config = configparser.SafeConfigParser(allow_no_value=True) configFilenameLocal = configFilename + ".local" if not (os.path.isfile(configFilename) or os.path.isfile(configFilenameLocal)): print("Configuration file(s) not found. Running with defaults.") return try: print( "Using config files {} and {}".format( configFilename, configFilenameLocal ) ) config.read([configFilename, configFilenameLocal]) except BaseException: print("Configuration file error. Running with defaults.") return def getOrNot(section, field): return config.get(section, field, fallback=None) self.transmissionHostRemote = getOrNot("remote", "host") username = getOrNot("remote", "username") password = getOrNot("remote", "password") self.userpass = "******".format(username, password) self.sourceIP = getOrNot("network", "fetchFromSourceIP") proxs["https"] = getOrNot("network", "proxy") self.dbFilename = getOrNot("files", "db") self.showsFilename = getOrNot("files", "shows") self.speakDownload = config.getboolean( "content", "speakDownload", fallback=False ) resolutions = getOrNot("content", "quality") if resolutions: # Strip 'p' if users entered '720p 1080p' # Convert strings to integers because we compare using math self.downloadQuality = [ int(r) for r in resolutions.replace("p", "").split(" ") ] # Bind specific source interface to https requestor (or not) requestsFromSource.mount("https://", SourceAddressAdapter(self.sourceIP or ""))
def __init__(self, key, account=None, alg=jose.RS256, verify_ssl=True, user_agent='acme-python', timeout=DEFAULT_NETWORK_TIMEOUT, source_address=None): self.key = key self.account = account self.alg = alg self.verify_ssl = verify_ssl self._nonces: Set[Text] = set() self.user_agent = user_agent self.session = requests.Session() self._default_timeout = timeout adapter = HTTPAdapter() if source_address is not None: adapter = SourceAddressAdapter(source_address) self.session.mount("http://", adapter) self.session.mount("https://", adapter)
def arriva(self, terminate): if not terminate and cache.get('Heartbeat:HAConTest'): return # received a heartbeat recently, no need to resubscribe self.source = DataSource.objects.get(name='Arriva') now = timezone.localtime() self.session = requests.Session() timestamp = now.isoformat() requestor_ref = 'HAConToBusTimesET' # Access to the subscription endpoint is restricted to certain IP addresses, # so use a Digital Ocean floating IP address self.session.mount('http://', SourceAddressAdapter('10.16.0.7')) # terminate any previous subscription just in case self.terminate_subscription(timestamp, requestor_ref) # (re)subscribe if not terminate: termination_time = (now + timedelta(hours=24)).isoformat() self.subscribe( timestamp, requestor_ref, f""" <SubscriptionContext> <HeartbeatInterval>PT2M</HeartbeatInterval> </SubscriptionContext> <EstimatedTimetableSubscriptionRequest> <SubscriberRef>{requestor_ref}</SubscriberRef> <SubscriptionIdentifier>{requestor_ref}</SubscriptionIdentifier> <InitialTerminationTime>{termination_time}</InitialTerminationTime> <EstimatedTimetableRequest version="1.3"> <RequestTimestamp>{timestamp}</RequestTimestamp> <PreviewInterval>PT2H</PreviewInterval> </EstimatedTimetableRequest> <ChangeBeforeUpdates>PT1M</ChangeBeforeUpdates> </EstimatedTimetableSubscriptionRequest> """)
def main(config): killer = GracefullKiller() # open config file try: file = open(config) cfg = json.load(file) file.close() except Exception as error: logger.critical(str(error), exc_info=1) return # give meaningful names to each sub config source_cfg = cfg["video_source"] broadcast_cfg = cfg["broadcaster"] pool_cfg = cfg["inferencing_pool"] worker_cfg = cfg["inferencing_worker"] flusher_cfg = cfg["flusher"] gps_cfg = cfg["gps"] gen_cfg = cfg["general"] # bind requests module to use a given network interface try: socket.inet_aton(gen_cfg["bind_ip"]) session.mount("http://", SourceAddressAdapter(gen_cfg["bind_ip"])) logger.info("binding requests module to {} IP".format(gen_cfg["bind_ip"])) except OSError as e: logger.error("bind IP is invalid, resorting to default interface", exc_info=True) # start polling the GPS if gps_cfg["use_gps"]: wport = gps_cfg["write_port"] rport = gps_cfg["read_port"] br = gps_cfg["baudrate"] gps = ReadGPSData(wport, rport, br) gps.start() else: gps = None # workers on a separate process to run inference on the data logger.info("initializing pool w/ " + str(pool_cfg["workers"]) + " workers") output = DistributeFramesAndInfer(pool_cfg, worker_cfg) frames_queue, bc_queue, predicts_queue = output.get_queues() logger.info("initialized worker pool") # a single worker in a separate process to reassemble the data reassembler = BroadcastReassembled(bc_queue, broadcast_cfg, name="BroadcastReassembled") reassembler.start() # a single thread to flush the producing queue # when there are too many frames in the pipe flusher = Flusher(frames_queue, threshold=flusher_cfg["frame_count_threshold"], name="Flusher") flusher.start() # data aggregator to write things to disk def results_writer(): if len(gen_cfg["saved_data"]) > 0: df = pd.DataFrame(columns=["Date", "License Plate", "Coordinates"]) while not killer.kill_now: time.sleep(0.01) try: data = predicts_queue.get_nowait() except queue.Empty: continue predicts = data["predicts"] date = data["date"] for lp in predicts: if len(lp) > 0: lp = " ".join(lp) entry = {"Date": date, "License Plate": lp, "Coordinates": ""} if gps: entry["Coordinates"] = "{}, {}".format( gps.latitude, gps.longitude ).upper() df = df.append(entry, ignore_index=True) logger.info("dumping results to csv file {}".format(gen_cfg["saved_data"])) if os.path.isfile(gen_cfg["saved_data"]): header = False else: header = True with open(gen_cfg["saved_data"], "a") as f: df.to_csv(f, header=header) # data aggregator thread results_thread = td.Thread(target=results_writer) results_thread.start() if source_cfg["type"] == "camera": # import module import picamera # start the pi camera with picamera.PiCamera() as camera: # configure the camera camera.sensor_mode = source_cfg["sensor_mode"] camera.resolution = source_cfg["resolution"] camera.framerate = source_cfg["framerate"] logger.info( "picamera initialized w/ mode={} resolution={} framerate={}".format( camera.sensor_mode, camera.resolution, camera.framerate ) ) # start recording both to disk and to the queue camera.start_recording( output=source_cfg["output_file"], format="h264", splitter_port=0, bitrate=10000000, ) camera.start_recording( output=output, format="mjpeg", splitter_port=1, bitrate=10000000, quality=95, ) logger.info("started recording to file and to queue") # wait until SIGINT is detected while not killer.kill_now: camera.wait_recording(timeout=0.5, splitter_port=0) camera.wait_recording(timeout=0.5, splitter_port=1) logger.info( "frames qsize: {}, broadcast qsize: {}, predicts qsize: {}".format( frames_queue.qsize(), bc_queue.qsize(), predicts_queue.qsize() ) ) # stop recording logger.info("gracefully exiting") camera.stop_recording(splitter_port=0) camera.stop_recording(splitter_port=1) output.stop() elif source_cfg["type"] == "file": # open video file video_reader = cv2.VideoCapture(source_cfg["input"]) video_reader.set(cv2.CAP_PROP_POS_FRAMES, source_cfg["frames_to_skip"]) # get # of frames and determine target width nb_frames = int(video_reader.get(cv2.CAP_PROP_FRAME_COUNT)) frame_h = int(video_reader.get(cv2.CAP_PROP_FRAME_HEIGHT)) frame_w = int(video_reader.get(cv2.CAP_PROP_FRAME_WIDTH)) target_h = int(frame_h * source_cfg["scale_video"]) target_w = int(frame_w * source_cfg["scale_video"]) period = 1.0 / source_cfg["framerate"] logger.info( "file-based video stream initialized w/ resolution={} framerate={} and {} skipped frames".format( (target_w, target_h), source_cfg["framerate"], source_cfg["frames_to_skip"], ) ) # serve each frame to the workers iteratively last_log = time.time() for i in range(nb_frames): start = time.time() try: # write frame to queue _, frame = video_reader.read() if target_w != frame_w: frame = resize_image(frame, target_w) jpeg = image_to_jpeg_bytes(frame) output.write(jpeg) except Exception as error: logger.error("unexpected error occurred", exc_info=True) break end = time.time() spent = end - start left = period - spent if left > 0: # maintain framerate time.sleep(period) # check if SIGINT has been sent if killer.kill_now: break # do logs every second current = time.time() if current - last_log >= 1.0: logger.info( "frames qsize: {}, broadcast qsize: {}, predicts qsize: {}".format( frames_queue.qsize(), bc_queue.qsize(), predicts_queue.qsize() ) ) last_log = current logger.info("gracefully exiting") video_reader.release() output.stop() if gps_cfg["use_gps"]: gps.stop() reassembler.stop() flusher.stop()
def test_source_address_adapter_type_error(poolmanager): with pytest.raises(TypeError): SourceAddressAdapter({'10.10.10.10': 80}) assert not poolmanager.PoolManager.called
import requests from requests_toolbelt.adapters.source import SourceAddressAdapter r = requests.get("https://api.ipify.org?format=json") print("expecting: 54.178.187.42, got: {}".format(r.json()["ip"])) s = requests.Session() s.mount("http://", SourceAddressAdapter("172.31.3.12")) s.mount("https://", SourceAddressAdapter("172.31.3.12")) r = s.get("https://api.ipify.org?format=json") print("expecting: 13.113.144.139, got: {}".format(r.json()["ip"])) s = requests.Session() s.mount("http://", SourceAddressAdapter("172.31.9.144")) s.mount("https://", SourceAddressAdapter("172.31.9.144")) r = s.get("https://api.ipify.org?format=json") print("expecting: 18.179.235.142, got: {}".format(r.json()["ip"]))
def https(q, where, timeout=None, port=443, af=None, source=None, source_port=0, one_rr_per_rrset=False, ignore_trailing=False, session=None, path='/dns-query', post=True, bootstrap_address=None, verify=True): """Return the response obtained after sending a query via DNS-over-HTTPS. *q*, a ``dns.message.Message``, the query to send. *where*, a ``str``, the nameserver IP address or the full URL. If an IP address is given, the URL will be constructed using the following schema: https://<IP-address>:<port>/<path>. *timeout*, a ``float`` or ``None``, the number of seconds to wait before the query times out. If ``None``, the default, wait forever. *port*, a ``int``, the port to send the query to. The default is 443. *af*, an ``int``, the address family to use. The default is ``None``, which causes the address family to use to be inferred from the form of *where*, or uses the system default. Setting this to AF_INET or AF_INET6 currently has no effect. *source*, a ``str`` containing an IPv4 or IPv6 address, specifying the source address. The default is the wildcard address. *source_port*, an ``int``, the port from which to send the message. The default is 0. *one_rr_per_rrset*, a ``bool``. If ``True``, put each RR into its own RRset. *ignore_trailing*, a ``bool``. If ``True``, ignore trailing junk at end of the received message. *session*, a ``requests.session.Session``. If provided, the session to use to send the queries. *path*, a ``str``. If *where* is an IP address, then *path* will be used to construct the URL to send the DNS query to. *post*, a ``bool``. If ``True``, the default, POST method will be used. *bootstrap_address*, a ``str``, the IP address to use to bypass the system's DNS resolver. *verify*, a ``str`, containing a path to a certificate file or directory. Returns a ``dns.message.Message``. """ wire = q.to_wire() (af, destination, source) = _destination_and_source(af, where, port, source, source_port, False) transport_adapter = None headers = {"accept": "application/dns-message"} try: _ = ipaddress.ip_address(where) url = 'https://{}:{}{}'.format(where, port, path) except ValueError: if bootstrap_address is not None: split_url = urllib.parse.urlsplit(where) headers['Host'] = split_url.hostname url = where.replace(split_url.hostname, bootstrap_address) transport_adapter = HostHeaderSSLAdapter() else: url = where if source is not None: # set source port and source address transport_adapter = SourceAddressAdapter(source) if session: close_session = False else: session = requests.sessions.Session() close_session = True try: if transport_adapter: session.mount(url, transport_adapter) # see https://tools.ietf.org/html/rfc8484#section-4.1.1 for DoH # GET and POST examples if post: headers.update({ "content-type": "application/dns-message", "content-length": str(len(wire)) }) response = session.post(url, headers=headers, data=wire, stream=True, timeout=timeout, verify=verify) else: wire = base64.urlsafe_b64encode(wire).decode('utf-8').strip("=") url += "?dns={}".format(wire) response = session.get(url, headers=headers, stream=True, timeout=timeout, verify=verify) finally: if close_session: session.close() # see https://tools.ietf.org/html/rfc8484#section-4.2.1 for info about DoH # status codes if response.status_code < 200 or response.status_code > 299: raise ValueError('{} responded with status code {}' '\nResponse body: {}'.format(where, response.status_code, response.content)) r = dns.message.from_wire(response.content, keyring=q.keyring, request_mac=q.request_mac, one_rr_per_rrset=one_rr_per_rrset, ignore_trailing=ignore_trailing) r.time = response.elapsed if not q.is_response(r): raise BadResponse return r
def https(q, where, timeout=None, port=443, source=None, source_port=0, one_rr_per_rrset=False, ignore_trailing=False, session=None, path='/dns-query', post=True, bootstrap_address=None, verify=True): """Return the response obtained after sending a query via DNS-over-HTTPS. *q*, a ``dns.message.Message``, the query to send. *where*, a ``str``, the nameserver IP address or the full URL. If an IP address is given, the URL will be constructed using the following schema: https://<IP-address>:<port>/<path>. *timeout*, a ``float`` or ``None``, the number of seconds to wait before the query times out. If ``None``, the default, wait forever. *port*, a ``int``, the port to send the query to. The default is 443. *source*, a ``str`` containing an IPv4 or IPv6 address, specifying the source address. The default is the wildcard address. *source_port*, an ``int``, the port from which to send the message. The default is 0. *one_rr_per_rrset*, a ``bool``. If ``True``, put each RR into its own RRset. *ignore_trailing*, a ``bool``. If ``True``, ignore trailing junk at end of the received message. *session*, an ``httpx.Client`` or ``requests.session.Session``. If provided, the client/session to use to send the queries. *path*, a ``str``. If *where* is an IP address, then *path* will be used to construct the URL to send the DNS query to. *post*, a ``bool``. If ``True``, the default, POST method will be used. *bootstrap_address*, a ``str``, the IP address to use to bypass the system's DNS resolver. *verify*, a ``str``, containing a path to a certificate file or directory. Returns a ``dns.message.Message``. """ if not have_doh: raise NoDOH('Neither httpx nor requests is available.') # pragma: no cover _httpx_ok = _have_httpx wire = q.to_wire() (af, _, source) = _destination_and_source(where, port, source, source_port, False) transport_adapter = None transport = None headers = { "accept": "application/dns-message" } if af is not None: if af == socket.AF_INET: url = 'https://{}:{}{}'.format(where, port, path) elif af == socket.AF_INET6: url = 'https://[{}]:{}{}'.format(where, port, path) elif bootstrap_address is not None: _httpx_ok = False split_url = urllib.parse.urlsplit(where) headers['Host'] = split_url.hostname url = where.replace(split_url.hostname, bootstrap_address) if _have_requests: transport_adapter = HostHeaderSSLAdapter() else: url = where if source is not None: # set source port and source address if _have_httpx: if source_port == 0: transport = httpx.HTTPTransport(local_address=source[0]) else: _httpx_ok = False if _have_requests: transport_adapter = SourceAddressAdapter(source) if session: if _have_httpx: _is_httpx = isinstance(session, httpx.Client) else: _is_httpx = False if _is_httpx and not _httpx_ok: raise NoDOH('Session is httpx, but httpx cannot be used for ' 'the requested operation.') else: _is_httpx = _httpx_ok if not _httpx_ok and not _have_requests: raise NoDOH('Cannot use httpx for this operation, and ' 'requests is not available.') with contextlib.ExitStack() as stack: if not session: if _is_httpx: session = stack.enter_context(httpx.Client(http1=True, http2=_have_http2, verify=verify, transport=transport)) else: session = stack.enter_context(requests.sessions.Session()) if transport_adapter: session.mount(url, transport_adapter) # see https://tools.ietf.org/html/rfc8484#section-4.1.1 for DoH # GET and POST examples if post: headers.update({ "content-type": "application/dns-message", "content-length": str(len(wire)) }) if _is_httpx: response = session.post(url, headers=headers, content=wire, timeout=timeout) else: response = session.post(url, headers=headers, data=wire, timeout=timeout, verify=verify) else: wire = base64.urlsafe_b64encode(wire).rstrip(b"=") if _is_httpx: wire = wire.decode() # httpx does a repr() if we give it bytes response = session.get(url, headers=headers, timeout=timeout, params={"dns": wire}) else: response = session.get(url, headers=headers, timeout=timeout, verify=verify, params={"dns": wire}) # see https://tools.ietf.org/html/rfc8484#section-4.2.1 for info about DoH # status codes if response.status_code < 200 or response.status_code > 299: raise ValueError('{} responded with status code {}' '\nResponse body: {}'.format(where, response.status_code, response.content)) r = dns.message.from_wire(response.content, keyring=q.keyring, request_mac=q.request_mac, one_rr_per_rrset=one_rr_per_rrset, ignore_trailing=ignore_trailing) r.time = response.elapsed if not q.is_response(r): raise BadResponse return r
str(ip_buf)) ip_pub_list = [] for ip in ip_list: if re.match( r'^1(((0|27)(.(([1-9]?|1[0-9])[0-9]|2([0-4][0-9]|5[0-5])))|(72.(1[6-9]|2[0-9]|3[01])|92.168))(.(([1-9]?|1[0-9])[0-9]|2([0-4][0-9]|5[0-5]))){2})$', ip): continue ip_pub_list.append(ip) return ip_pub_list ip_list = get_ip_list_from_locale() print len(ip_list) for ip in ip_list: s = requests.Session() s.mount('http://', SourceAddressAdapter((ip, 0))) s.mount('https://', SourceAddressAdapter((ip, 0))) headers = {'User-Agent': USERAGENT} errmsg = '' try: r = s.get(URL_STR, headers=headers, allow_redirects=False) if r.status_code == 200: if r.text.find('13506537597') > 0: print '[SUCCEED] %s len=%d' % (ip, len(r.text)) continue except Exception, e: errmsg = str(e) print '[FAILED] %s code=%d errmsg=%s' % (ip, r.status_code, errmsg)
similarityHeaders3['Pragma'] = 'no-cache' similarityHeaders3['Cache-Control'] = 'no-cache' similarityHeaders3[ 'Accept'] = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' similarityHeaders3['Upgrade-Insecure-Requests'] = '1' #similarityHeaders3['User-Agent'] = 'WireXBot' similarityHeaders3['User-Agent'] = 'yada' similarityHeaders3['Referer'] = 'https://10.0.2.1/none.htm' similarityHeaders3['Accept-Encoding'] = 'gzip, deflate' similarityHeaders3['Accept-Language'] = 'en-US' session1 = requests.Session() session2 = requests.Session() session3 = requests.Session() session1.mount('https://', SourceAddressAdapter((srcIp1))) session2.mount('https://', SourceAddressAdapter((srcIp2))) session3.mount('https://', SourceAddressAdapter((srcIp3))) async def make_requests(): futures = [ loop.run_in_executor( executor, session1.get(url='https://webgoat.f5.demo', headers=similarityHeaders1, verify=False), httpHost) for _ in range(numOfRequests) ] futures = [ loop.run_in_executor(
def build_session(self): session = requests.Session() if self.bind_to: # SourceAddressAdapter() allows to send requests from selected IP # address. session.mount('http://', SourceAddressAdapter(self.bind_to)) session.mount('https://', SourceAddressAdapter(self.bind_to)) # allow some settings to be merged from env session.trust_env = True settings = session.merge_environment_settings(url=self.endpoint, proxies={}, stream=None, verify=None, cert=None) # get proxy settings from env # FUTURE: allow proxy to be passed in directly to supersede this value session.proxies = settings['proxies'] # specified validation mode takes precedence session.verify = self.server_cert_validation == 'validate' # patch in CA path override if one was specified in init or env if session.verify and (self.ca_trust_path is not None or settings['verify'] is not None): # session.verify can be either a bool or path to a CA store; prefer passed-in value over env if both are present session.verify = self.ca_trust_path or settings['verify'] encryption_available = False if self.auth_method == 'kerberos': if not HAVE_KERBEROS: raise WinRMError( "requested auth method is kerberos, but requests_kerberos is not installed" ) man_args = dict(mutual_authentication=REQUIRED, ) opt_args = dict(delegate=self.kerberos_delegation, force_preemptive=True, principal=self.username, hostname_override=self.kerberos_hostname_override, sanitize_mutual_error_response=False, service=self.service, send_cbt=self.send_cbt) kerb_args = self._get_args(man_args, opt_args, HTTPKerberosAuth.__init__) session.auth = HTTPKerberosAuth(**kerb_args) encryption_available = hasattr( session.auth, 'winrm_encryption_available' ) and session.auth.winrm_encryption_available elif self.auth_method in ['certificate', 'ssl']: if self.auth_method == 'ssl' and not self.cert_pem and not self.cert_key_pem: # 'ssl' was overloaded for HTTPS with optional certificate auth, # fall back to basic auth if no cert specified session.auth = requests.auth.HTTPBasicAuth( username=self.username, password=self.password) else: session.cert = (self.cert_pem, self.cert_key_pem) session.headers['Authorization'] = \ "http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/https/mutual" elif self.auth_method == 'ntlm': if not HAVE_NTLM: raise WinRMError( "requested auth method is ntlm, but requests_ntlm is not installed" ) man_args = dict(username=self.username, password=self.password) opt_args = dict(send_cbt=self.send_cbt) ntlm_args = self._get_args(man_args, opt_args, HttpNtlmAuth.__init__) session.auth = HttpNtlmAuth(**ntlm_args) # check if requests_ntlm has the session_security attribute available for encryption encryption_available = hasattr(session.auth, 'session_security') # TODO: ssl is not exactly right here- should really be client_cert elif self.auth_method in ['basic', 'plaintext']: session.auth = requests.auth.HTTPBasicAuth(username=self.username, password=self.password) elif self.auth_method == 'credssp': if not HAVE_CREDSSP: raise WinRMError( "requests auth method is credssp, but requests-credssp is not installed" ) session.auth = HttpCredSSPAuth( username=self.username, password=self.password, disable_tlsv1_2=self.credssp_disable_tlsv1_2) encryption_available = hasattr(session.auth, 'wrap') and hasattr( session.auth, 'unwrap') else: raise WinRMError("unsupported auth method: %s" % self.auth_method) session.headers.update(self.default_headers) self.session = session # Will check the current config and see if we need to setup message encryption if self.message_encryption == 'always' and not encryption_available: raise WinRMError( "message encryption is set to 'always' but the selected auth method %s does not support it" % self.auth_method) elif encryption_available: if self.message_encryption == 'always': self.setup_encryption() elif self.message_encryption == 'auto' and not self.endpoint.lower( ).startswith('https'): self.setup_encryption()