Exemplo n.º 1
0
    def negotiate_server(self):
        token = self._inner.read()

        self.client_ctx = gensec.Security.start_server(settings=self.settings,
                auth_context=auth.AuthContext(lp_ctx=self.lp_ctx))
        # gssapi.SecurityContext(name=self.server_name, usage='initiate',
                          #                       flags=self.flags)


        creds = Credentials()
        creds.guess(self.lp_ctx)
        creds.set_machine_account(self.lp_ctx)
        self.client_ctx.set_credentials(creds)

        self.client_ctx.start_mech_by_name("spnego")

        # token = b''

        server_finished = False
        while not server_finished:
            log.debug('Doing step')
            server_finished, server_to_client = self.client_ctx.update(token)

            self._inner.write(server_to_client)

            if not server_finished:
                token = self._inner.read()
            else:
                log.debug('GSSAPI Handshake done')
                self._inner.write_handshake_done(server_to_client)
Exemplo n.º 2
0
    def test_max_update_size(self):
        """Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC"""
        """Start up a client and server GENSEC instance to test things with"""

        self.gensec_client = gensec.Security.start_client(self.settings)
        self.gensec_client.set_credentials(self.get_credentials())
        self.gensec_client.want_feature(gensec.FEATURE_SIGN)
        self.gensec_client.set_max_update_size(5)
        self.gensec_client.start_mech_by_name("spnego")

        self.gensec_server = gensec.Security.start_server(
            settings=self.settings,
            auth_context=auth.AuthContext(lp_ctx=self.lp_ctx))
        creds = Credentials()
        creds.guess(self.lp_ctx)
        creds.set_machine_account(self.lp_ctx)
        self.gensec_server.set_credentials(creds)
        self.gensec_server.want_feature(gensec.FEATURE_SIGN)
        self.gensec_server.set_max_update_size(5)
        self.gensec_server.start_mech_by_name("spnego")

        client_finished = False
        server_finished = False
        server_to_client = b""
        """Run the actual call loop"""
        i = 0
        while not client_finished or not server_finished:
            i += 1
            if not client_finished:
                print("running client gensec_update: %d: %r" %
                      (len(server_to_client), server_to_client))
                (client_finished, client_to_server
                 ) = self.gensec_client.update(server_to_client)
            if not server_finished:
                print("running server gensec_update: %d: %r" %
                      (len(client_to_server), client_to_server))
                (server_finished, server_to_client
                 ) = self.gensec_server.update(client_to_server)
        """Here we expect a lot more than the typical 1 or 2 roundtrips"""
        self.assertTrue(i > 10)

        session_info = self.gensec_server.session_info()

        test_bytes = b"Hello Server"
        test_wrapped = self.gensec_client.wrap(test_bytes)
        test_unwrapped = self.gensec_server.unwrap(test_wrapped)
        self.assertEqual(test_bytes, test_unwrapped)
        test_bytes = b"Hello Client"
        test_wrapped = self.gensec_server.wrap(test_bytes)
        test_unwrapped = self.gensec_client.unwrap(test_wrapped)
        self.assertEqual(test_bytes, test_unwrapped)

        client_session_key = self.gensec_client.session_key()
        server_session_key = self.gensec_server.session_key()
        self.assertEqual(client_session_key, server_session_key)
Exemplo n.º 3
0
    def test_update(self):
        """Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC"""
        """Start up a client and server GENSEC instance to test things with"""

        self.gensec_client = gensec.Security.start_client(self.settings)
        self.gensec_client.set_credentials(self.get_credentials())
        self.gensec_client.want_feature(gensec.FEATURE_SEAL)
        self.gensec_client.start_mech_by_sasl_name("GSSAPI")

        self.gensec_server = gensec.Security.start_server(
            settings=self.settings,
            auth_context=auth.AuthContext(lp_ctx=self.lp_ctx))
        creds = Credentials()
        creds.guess(self.lp_ctx)
        creds.set_machine_account(self.lp_ctx)
        self.gensec_server.set_credentials(creds)

        self.gensec_server.want_feature(gensec.FEATURE_SEAL)
        self.gensec_server.start_mech_by_sasl_name("GSSAPI")

        client_finished = False
        server_finished = False
        server_to_client = b""
        """Run the actual call loop"""
        while not client_finished and not server_finished:
            if not client_finished:
                print("running client gensec_update")
                (client_finished, client_to_server
                 ) = self.gensec_client.update(server_to_client)
            if not server_finished:
                print("running server gensec_update")
                (server_finished, server_to_client
                 ) = self.gensec_server.update(client_to_server)
        session_info = self.gensec_server.session_info()

        test_bytes = b"Hello Server"
        test_wrapped = self.gensec_client.wrap(test_bytes)
        test_unwrapped = self.gensec_server.unwrap(test_wrapped)
        self.assertEqual(test_bytes, test_unwrapped)
        test_bytes = b"Hello Client"
        test_wrapped = self.gensec_server.wrap(test_bytes)
        test_unwrapped = self.gensec_client.unwrap(test_wrapped)
        self.assertEqual(test_bytes, test_unwrapped)

        client_session_key = self.gensec_client.session_key()
        server_session_key = self.gensec_server.session_key()
        self.assertEqual(client_session_key, server_session_key)
Exemplo n.º 4
0
 def test_auth_context_gensec_start_server(self):
     a = auth.AuthContext(ldb=42, methods=['sam'])
     # there is no failure yet because the ldb is not actually
     # dereferenced.
     g = gensec.Security.start_server(auth_context=a)
Exemplo n.º 5
0
    def _test_update(self, mech, client_mech=None, client_only_opt=None):
        """Test GENSEC by doing an exchange with ourselves using GSSAPI against a KDC"""
        """Start up a client and server GENSEC instance to test things with"""

        if client_only_opt:
            orig_client_opt = self.lp_ctx.get(client_only_opt)
            if not orig_client_opt:
                orig_client_opt = ''
            self.lp_ctx.set(client_only_opt, "yes")

        self.gensec_client = gensec.Security.start_client(self.settings)
        self.gensec_client.set_credentials(self.get_credentials())
        self.gensec_client.want_feature(gensec.FEATURE_SEAL)
        if client_mech is not None:
            self.gensec_client.start_mech_by_name(client_mech)
        else:
            self.gensec_client.start_mech_by_sasl_name(mech)

        if client_only_opt:
            self.lp_ctx.set(client_only_opt, "no")

        self.gensec_server = gensec.Security.start_server(
            settings=self.settings,
            auth_context=auth.AuthContext(lp_ctx=self.lp_ctx))
        creds = Credentials()
        creds.guess(self.lp_ctx)
        creds.set_machine_account(self.lp_ctx)
        self.gensec_server.set_credentials(creds)

        self.gensec_server.want_feature(gensec.FEATURE_SEAL)
        self.gensec_server.start_mech_by_sasl_name(mech)

        client_finished = False
        server_finished = False
        server_to_client = b""
        client_to_server = b""
        """Run the actual call loop"""
        while True:
            if not client_finished:
                if client_only_opt:
                    self.lp_ctx.set(client_only_opt, "yes")
                print("running client gensec_update")
                try:
                    (client_finished, client_to_server
                     ) = self.gensec_client.update(server_to_client)
                except samba.NTSTATUSError as nt:
                    raise AssertionError(nt)
                if client_only_opt:
                    self.lp_ctx.set(client_only_opt, "no")
            if not server_finished:
                print("running server gensec_update")
                try:
                    (server_finished, server_to_client
                     ) = self.gensec_server.update(client_to_server)
                except samba.NTSTATUSError as nt:
                    raise AssertionError(nt)

            if client_finished and server_finished:
                break

        if client_only_opt:
            self.lp_ctx.set(client_only_opt, orig_client_opt)

        self.assertTrue(server_finished)
        self.assertTrue(client_finished)

        session_info = self.gensec_server.session_info()

        test_bytes = b"Hello Server"
        try:
            test_wrapped = self.gensec_client.wrap(test_bytes)
            test_unwrapped = self.gensec_server.unwrap(test_wrapped)
        except samba.NTSTATUSError as e:
            self.fail(str(e))

        self.assertEqual(test_bytes, test_unwrapped)
        test_bytes = b"Hello Client"
        test_wrapped = self.gensec_server.wrap(test_bytes)
        test_unwrapped = self.gensec_client.unwrap(test_wrapped)
        self.assertEqual(test_bytes, test_unwrapped)

        client_session_key = self.gensec_client.session_key()
        server_session_key = self.gensec_server.session_key()
        self.assertEqual(client_session_key, server_session_key)