class DefaultInitCredentialTest(unittest.TestCase):
def setUp(self):
try:
self.cred = Credential(usage=C_INITIATE)
self.cred.name
except (NoCredential, CredentialsExpired):
self.skipTest("No default init credential available, try running with a Kerberos ticket.")
self.is_heimdal_mac = False
if platform.system() == 'Darwin':
mac_ver = platform.mac_ver()[0].split('.')
if int(mac_ver[0]) >= 10 and int(mac_ver[1]) >= 7:
self.is_heimdal_mac = True
def test_lifetime(self):
first_lifetime = self.cred.lifetime
self.assertGreaterEqual(first_lifetime, 0)
second_lifetime = self.cred.lifetime
self.assertGreaterEqual(second_lifetime, 0)
self.assertLessEqual(second_lifetime, first_lifetime)
def test_usage(self):
self.assertEqual(C_INITIATE, self.cred.usage)
def test_name(self):
self.assertGreater(len(str(self.cred.name)), 0)
def test_export(self):
if self.is_heimdal_mac:
self.skipTest("gss_export_cred is bugged on Mac OS X 10.7+")
if not hasattr(bindings.C, 'gss_export_cred'):
self.skipTest("No support for gss_export_cred")
else:
self.assertGreater(len(str(self.cred.export())), 0)
def test_export_import(self):
if self.is_heimdal_mac:
self.skipTest("gss_export_cred is bugged on Mac OS X 10.7+")
if not hasattr(bindings.C, 'gss_export_cred'):
self.skipTest("No support for gss_export_cred")
else:
orig_name = self.cred.name
exported_token = self.cred.export()
imported_cred = Credential.imprt(exported_token)
self.assertEqual(orig_name, imported_cred.name)
def test_export_import_raises(self):
if self.is_heimdal_mac:
self.skipTest("gss_export_cred is bugged on Mac OS X 10.7+")
if not hasattr(bindings.C, 'gss_export_cred'):
self.skipTest("No support for gss_export_cred")
else:
exported_token = self.cred.export()
with self.assertRaises(GSSException):
# Cutting off characters should make token invalid
Credential.imprt(exported_token[4:])
class DefaultInitCredentialTest(unittest.TestCase):
def setUp(self):
try:
self.cred = Credential(usage=C_INITIATE)
self.cred.name
except (NoCredential, CredentialsExpired):
self.skipTest(
"No default init credential available, try running with a Kerberos ticket."
)
self.is_heimdal_mac = False
if platform.system() == 'Darwin':
mac_ver = platform.mac_ver()[0].split('.')
if int(mac_ver[0]) >= 10 and int(mac_ver[1]) >= 7:
self.is_heimdal_mac = True
def test_lifetime(self):
first_lifetime = self.cred.lifetime
self.assertGreaterEqual(first_lifetime, 0)
second_lifetime = self.cred.lifetime
self.assertGreaterEqual(second_lifetime, 0)
self.assertLessEqual(second_lifetime, first_lifetime)
def test_usage(self):
self.assertEqual(C_INITIATE, self.cred.usage)
def test_name(self):
self.assertGreater(len(str(self.cred.name)), 0)
def test_export(self):
if self.is_heimdal_mac:
self.skipTest("gss_export_cred is bugged on Mac OS X 10.7+")
if not hasattr(bindings.C, 'gss_export_cred'):
self.skipTest("No support for gss_export_cred")
else:
self.assertGreater(len(str(self.cred.export())), 0)
def test_export_import(self):
if self.is_heimdal_mac:
self.skipTest("gss_export_cred is bugged on Mac OS X 10.7+")
if not hasattr(bindings.C, 'gss_export_cred'):
self.skipTest("No support for gss_export_cred")
else:
orig_name = self.cred.name
exported_token = self.cred.export()
imported_cred = Credential.imprt(exported_token)
self.assertEqual(orig_name, imported_cred.name)
def test_export_import_raises(self):
if self.is_heimdal_mac:
self.skipTest("gss_export_cred is bugged on Mac OS X 10.7+")
if not hasattr(bindings.C, 'gss_export_cred'):
self.skipTest("No support for gss_export_cred")
else:
exported_token = self.cred.export()
with self.assertRaises(GSSException):
# Cutting off characters should make token invalid
Credential.imprt(exported_token[4:])
def test_export_import_raises(self):
if self.is_heimdal_mac:
self.skipTest("gss_export_cred is bugged on Mac OS X 10.7+")
if not hasattr(bindings.C, 'gss_export_cred'):
self.skipTest("No support for gss_export_cred")
else:
exported_token = self.cred.export()
with self.assertRaises(GSSException):
# Cutting off characters should make token invalid
Credential.imprt(exported_token[4:])
def test_export_import_raises(self):
if self.is_heimdal_mac:
self.skipTest("gss_export_cred is bugged on Mac OS X 10.7+")
if not hasattr(bindings.C, 'gss_export_cred'):
self.skipTest("No support for gss_export_cred")
else:
exported_token = self.cred.export()
with self.assertRaises(GSSException):
# Cutting off characters should make token invalid
Credential.imprt(exported_token[4:])
def setUp(self):
try:
self.cred = Credential(usage=C_INITIATE)
self.cred.name
except (NoCredential, CredentialsExpired):
self.skipTest(
"No default init credential available, try running with a Kerberos ticket."
)
self.is_heimdal_mac = False
if platform.system() == 'Darwin':
mac_ver = platform.mac_ver()[0].split('.')
if int(mac_ver[0]) >= 10 and int(mac_ver[1]) >= 7:
self.is_heimdal_mac = True
def test_store_deleg_cred(self):
cred = Credential(usage=C_INITIATE)
ctx = InitContext(Name("*****@*****.**",
C_NT_HOSTBASED_SERVICE),
cred,
req_flags=(C_DELEG_FLAG, ))
self._handshake(self.sockfile, ctx)
self._writeline(b'!DELEGSTORE')
self.assertEqual(self.sockfile.readline().strip(), b'!OK')
def test_export_import(self):
if self.is_heimdal_mac:
self.skipTest("gss_export_cred is bugged on Mac OS X 10.7+")
if not hasattr(bindings.C, 'gss_export_cred'):
self.skipTest("No support for gss_export_cred")
else:
orig_name = self.cred.name
exported_token = self.cred.export()
imported_cred = Credential.imprt(exported_token)
self.assertEqual(orig_name, imported_cred.name)
def test_export_import(self):
if self.is_heimdal_mac:
self.skipTest("gss_export_cred is bugged on Mac OS X 10.7+")
if not hasattr(bindings.C, 'gss_export_cred'):
self.skipTest("No support for gss_export_cred")
else:
orig_name = self.cred.name
exported_token = self.cred.export()
imported_cred = Credential.imprt(exported_token)
self.assertEqual(orig_name, imported_cred.name)
def setUp(self):
try:
self.cred = Credential(usage=C_INITIATE)
self.cred.name
except (NoCredential, CredentialsExpired):
self.skipTest("No default init credential available, try running with a Kerberos ticket.")
self.is_heimdal_mac = False
if platform.system() == 'Darwin':
mac_ver = platform.mac_ver()[0].split('.')
if int(mac_ver[0]) >= 10 and int(mac_ver[1]) >= 7:
self.is_heimdal_mac = True
def test_cred_with_password(self):
cred = Credential(Name('*****@*****.**'),
usage=C_INITIATE,
password=b'userpassword')
ctx = InitContext(
Name("*****@*****.**", C_NT_HOSTBASED_SERVICE),
cred)
self._handshake(self.sockfile, ctx)
self._writeline(b'!MYNAME')
self.assertEqual(self.sockfile.readline().strip(),
b'*****@*****.**')
def test_deleg_cred(self):
cred = Credential(usage=C_INITIATE)
ctx = InitContext(Name("*****@*****.**",
C_NT_HOSTBASED_SERVICE),
cred,
req_flags=(C_DELEG_FLAG, ))
self._handshake(self.sockfile, ctx)
self._writeline(b'!DELEGTEST')
self.assertEqual(self.sockfile.readline().strip(), b'!OK')
self.assertEqual(self.sockfile.readline().strip(),
b'*****@*****.**')
self.assertLess(
abs(int(self.sockfile.readline().strip()) - cred.lifetime), 10)
def setUp(self):
try:
self.cred = Credential(usage=C_ACCEPT)
self.cred.name
except GSSCException as exc:
if (exc.maj_status == S_NO_CRED
or 'Permission denied' in exc.message
or 'keytab is nonexistent or empty' in exc.message):
self.skipTest("No default accept credential available, "
"try running with a Kerberos keytab readable.")
else:
raise
self.is_heimdal_mac = False
if platform.system() == 'Darwin':
mac_ver = platform.mac_ver()[0].split('.')
if int(mac_ver[0]) >= 10 and int(mac_ver[1]) >= 7:
self.is_heimdal_mac = True
def _delegated_cred_store_test(self, ctx):
if ctx.delegated_cred:
# Create the default ccache as a side-effect
str(
Credential(usage=C_INITIATE,
cred_store={
'client_keytab': '/etc/krb5.keytab'
}).name)
# Store delegated cred in default ccache
ctx.delegated_cred.store(default=True, overwrite=True)
# Store again, in non-default ccache
ctx.delegated_cred.store(
default=True,
overwrite=True,
cred_store={'ccache': 'FILE:{0}'.format(tempfile.mktemp())})
self._writeline(b'!OK')
else:
self._writeline(b'!NOCRED')
