class _BaseMechanismTests(unittest.TestCase):
mechanism_class = AnonymousMechanism
sasl_kwargs = {}
def setUp(self):
self.sasl = SASLClient('localhost', mechanism=self.mechanism_class.name, **self.sasl_kwargs)
self.mechanism = self.sasl._chosen_mech
def test_init_basic(self, *args):
sasl = SASLClient('localhost', mechanism=self.mechanism_class.name, **self.sasl_kwargs)
mech = sasl._chosen_mech
self.assertIs(mech.sasl, sasl)
self.assertIsInstance(mech, self.mechanism_class)
def test_process_basic(self, *args):
self.assertIsInstance(self.sasl.process(six.b('string')), six.binary_type)
self.assertIsInstance(self.sasl.process(six.b('string')), six.binary_type)
def test_dispose_basic(self, *args):
self.sasl.dispose()
def test_wrap_unwrap(self, *args):
self.assertRaises(NotImplementedError, self.sasl.wrap, 'msg')
self.assertRaises(NotImplementedError, self.sasl.unwrap, 'msg')
def test__pick_qop(self, *args):
self.assertRaises(SASLProtocolException, self.sasl._chosen_mech._pick_qop, set())
self.sasl._chosen_mech._pick_qop(set(QOP.all))
class _BaseMechanismTests(unittest.TestCase):
mechanism_class = AnonymousMechanism
sasl_kwargs = {}
def setUp(self):
self.sasl = SASLClient('localhost', mechanism=self.mechanism_class.name, **self.sasl_kwargs)
self.mechanism = self.sasl._chosen_mech
def test_init_basic(self, *args):
sasl = SASLClient('localhost', mechanism=self.mechanism_class.name, **self.sasl_kwargs)
mech = sasl._chosen_mech
self.assertIs(mech.sasl, sasl)
self.assertIsInstance(mech, self.mechanism_class)
def test_process_basic(self, *args):
self.assertIsInstance(self.sasl.process(six.b('string')), six.binary_type)
self.assertIsInstance(self.sasl.process(six.b('string')), six.binary_type)
def test_dispose_basic(self, *args):
self.sasl.dispose()
def test_wrap_unwrap(self, *args):
self.assertRaises(NotImplementedError, self.sasl.wrap, 'msg')
self.assertRaises(NotImplementedError, self.sasl.unwrap, 'msg')
def test__pick_qop(self, *args):
self.assertRaises(SASLProtocolException, self.sasl._chosen_mech._pick_qop, set())
self.sasl._chosen_mech._pick_qop(set(QOP.all))
def test_chosen_mechanism(self):
client = SASLClient('localhost', mechanism=PlainMechanism.name, username='******', password='******')
self.assertTrue(client.process())
self.assertTrue(client.complete)
msg = 'msg'
self.assertEqual(client.wrap(msg), msg)
self.assertEqual(client.unwrap(msg), msg)
client.dispose()
def test_chosen_mechanism(self):
client = SASLClient('localhost', mechanism=PlainMechanism.name, username='******', password='******')
self.assertTrue(client.process())
self.assertTrue(client.complete)
msg = 'msg'
self.assertEqual(client.wrap(msg), msg)
self.assertEqual(client.unwrap(msg), msg)
client.dispose()
class TSaslClientTransport(TTransportBase, CReadableTransport):
"""
SASL transport
"""
START = 1
OK = 2
BAD = 3
ERROR = 4
COMPLETE = 5
def __init__(self, transport, host, service, mechanism='GSSAPI',
**sasl_kwargs):
"""
transport: an underlying transport to use, typically just a TSocket
host: the name of the server, from a SASL perspective
service: the name of the server's service, from a SASL perspective
mechanism: the name of the preferred mechanism to use
All other kwargs will be passed to the puresasl.client.SASLClient
constructor.
"""
from puresasl.client import SASLClient
self.transport = transport
self.sasl = SASLClient(host, service, mechanism, **sasl_kwargs)
self.__wbuf = StringIO()
self.__rbuf = StringIO()
def open(self):
if not self.transport.isOpen():
self.transport.open()
self.send_sasl_msg(self.START, self.sasl.mechanism)
self.send_sasl_msg(self.OK, self.sasl.process())
while True:
status, challenge = self.recv_sasl_msg()
if status == self.OK:
self.send_sasl_msg(self.OK, self.sasl.process(challenge))
elif status == self.COMPLETE:
if not self.sasl.complete:
raise TTransportException("The server erroneously indicated "
"that SASL negotiation was complete")
else:
break
else:
raise TTransportException("Bad SASL negotiation status: %d (%s)"
% (status, challenge))
def send_sasl_msg(self, status, body):
header = pack(">BI", status, len(body))
self.transport.write(header + body)
self.transport.flush()
def recv_sasl_msg(self):
header = self.transport.readAll(5)
status, length = unpack(">BI", header)
if length > 0:
payload = self.transport.readAll(length)
else:
payload = ""
return status, payload
def write(self, data):
self.__wbuf.write(data)
def flush(self):
data = self.__wbuf.getvalue()
encoded = self.sasl.wrap(data)
self.transport.write(''.join((pack("!i", len(encoded)), encoded)))
self.transport.flush()
self.__wbuf = StringIO()
def read(self, sz):
ret = self.__rbuf.read(sz)
if len(ret) != 0:
return ret
self._read_frame()
return self.__rbuf.read(sz)
def _read_frame(self):
header = self.transport.readAll(4)
length, = unpack('!i', header)
encoded = self.transport.readAll(length)
self.__rbuf = StringIO(self.sasl.unwrap(encoded))
def close(self):
self.sasl.dispose()
self.transport.close()
# based on TFramedTransport
@property
def cstringio_buf(self):
return self.__rbuf
def cstringio_refill(self, prefix, reqlen):
# self.__rbuf will already be empty here because fastbinary doesn't
# ask for a refill until the previous buffer is empty. Therefore,
# we can start reading new frames immediately.
while len(prefix) < reqlen:
self._read_frame()
prefix += self.__rbuf.getvalue()
self.__rbuf = StringIO(prefix)
return self.__rbuf
class TSaslClientTransport(TTransportBase, CReadableTransport):
"""
SASL transport
"""
START = 1
OK = 2
BAD = 3
ERROR = 4
COMPLETE = 5
def __init__(self,
transport,
host,
service,
mechanism='GSSAPI',
**sasl_kwargs):
"""
transport: an underlying transport to use, typically just a TSocket
host: the name of the server, from a SASL perspective
service: the name of the server's service, from a SASL perspective
mechanism: the name of the preferred mechanism to use
All other kwargs will be passed to the puresasl.client.SASLClient
constructor.
"""
from puresasl.client import SASLClient
self.transport = transport
self.sasl = SASLClient(host, service, mechanism, **sasl_kwargs)
self.__wbuf = StringIO()
self.__rbuf = StringIO()
def open(self):
if not self.transport.isOpen():
self.transport.open()
self.send_sasl_msg(self.START, self.sasl.mechanism)
self.send_sasl_msg(self.OK, self.sasl.process())
while True:
status, challenge = self.recv_sasl_msg()
if status == self.OK:
self.send_sasl_msg(self.OK, self.sasl.process(challenge))
elif status == self.COMPLETE:
if not self.sasl.complete:
raise TTransportException(
"The server erroneously indicated "
"that SASL negotiation was complete")
else:
break
else:
raise TTransportException(
"Bad SASL negotiation status: %d (%s)" %
(status, challenge))
def send_sasl_msg(self, status, body):
header = pack(">BI", status, len(body))
self.transport.write(header + body)
self.transport.flush()
def recv_sasl_msg(self):
header = self.transport.readAll(5)
status, length = unpack(">BI", header)
if length > 0:
payload = self.transport.readAll(length)
else:
payload = ""
return status, payload
def write(self, data):
self.__wbuf.write(data)
def flush(self):
data = self.__wbuf.getvalue()
encoded = self.sasl.wrap(data)
self.transport.write(''.join((pack("!i", len(encoded)), encoded)))
self.transport.flush()
self.__wbuf = StringIO()
def read(self, sz):
ret = self.__rbuf.read(sz)
if len(ret) != 0:
return ret
self._read_frame()
return self.__rbuf.read(sz)
def _read_frame(self):
header = self.transport.readAll(4)
length, = unpack('!i', header)
encoded = self.transport.readAll(length)
self.__rbuf = StringIO(self.sasl.unwrap(encoded))
def close(self):
self.sasl.dispose()
self.transport.close()
# based on TFramedTransport
@property
def cstringio_buf(self):
return self.__rbuf
def cstringio_refill(self, prefix, reqlen):
# self.__rbuf will already be empty here because fastbinary doesn't
# ask for a refill until the previous buffer is empty. Therefore,
# we can start reading new frames immediately.
while len(prefix) < reqlen:
self._read_frame()
prefix += self.__rbuf.getvalue()
self.__rbuf = StringIO(prefix)
return self.__rbuf
class TSaslClientTransport(TTransportBase, CReadableTransport):
START = 1
OK = 2
BAD = 3
ERROR = 4
COMPLETE = 5
def __init__(self,
transport,
host,
service,
mechanism='GSSAPI',
**sasl_kwargs):
from puresasl.client import SASLClient
self.transport = transport
self.sasl = SASLClient(host, service, mechanism, **sasl_kwargs)
self.__wbuf = BufferIO()
self.__rbuf = BufferIO(b'')
def open(self):
if not self.transport.isOpen():
self.transport.open()
self.send_sasl_msg(self.START, self.sasl.mechanism)
self.send_sasl_msg(self.OK, self.sasl.process())
while True:
status, challenge = self.recv_sasl_msg()
if status == self.OK:
self.send_sasl_msg(self.OK, self.sasl.process(challenge))
elif status == self.COMPLETE:
if not self.sasl.complete:
raise TTransportException(
TTransportException.NOT_OPEN,
"importing server.. this "
"sudah dilakukan")
else:
break
else:
raise TTransportException(
TTransportException.NOT_OPEN,
"statistik: %d (%s)" % (status, challenge))
def send_sasl_msg(self, status, body):
header = pack(">BI", status, len(body))
self.transport.write(header + body)
self.transport.flush()
def recv_sasl_msg(self):
header = self.transport.readAll(5)
status, length = unpack(">BI", header)
if length > 0:
payload = self.transport.readAll(length)
else:
payload = ""
return status, payload
def write(self, data):
self.__wbuf.write(data)
def flush(self):
data = self.__wbuf.getvalue()
encoded = self.sasl.wrap(data)
self.transport.write(''.join((pack("!i", len(encoded)), encoded)))
self.transport.flush()
self.__wbuf = BufferIO()
def read(self, sz):
ret = self.__rbuf.read(sz)
if len(ret) != 0:
return ret
self._read_frame()
return self.__rbuf.read(sz)
def _read_frame(self):
header = self.transport.readAll(4)
length, = unpack('!i', header)
encoded = self.transport.readAll(length)
self.__rbuf = BufferIO(self.sasl.unwrap(encoded))
def close(self):
self.sasl.dispose()
self.transport.close()
@property
def cstringio_buf(self):
return self.__rbuf
def cstringio_refill(self, prefix, reqlen):
while len(prefix) < reqlen:
self._read_frame()
prefix += self.__rbuf.getvalue()
self.__rbuf = BufferIO(prefix)
return self.__rbuf
class TSaslClientTransport(TTransportBase, CReadableTransport):
START = 1
OK = 2
BAD = 3
ERROR = 4
COMPLETE = 5
def __init__(self, transport, host, service,
mechanism='GSSAPI', **sasl_kwargs):
from puresasl.client import SASLClient
self.transport = transport
self.sasl = SASLClient(host, service, mechanism, **sasl_kwargs)
self.__wbuf = StringIO()
self.__rbuf = StringIO()
def open(self):
if not self.transport.isOpen():
self.transport.open()
self.send_sasl_msg(self.START, self.sasl.mechanism)
self.send_sasl_msg(self.OK, self.sasl.process())
while True:
status, challenge = self.recv_sasl_msg()
if status == self.OK:
self.send_sasl_msg(self.OK, self.sasl.process(challenge))
elif status == self.COMPLETE:
if not self.sasl.complete:
raise TTransportException("The server erroneously indicated "
"that SASL negotiation was complete")
else:
break
else:
raise TTransportException("Bad SASL negotiation status: %d (%s)"
% (status, challenge))
def send_sasl_msg(self, status, body):
header = struct.pack(">BI", status, len(body))
self.transport.write(header + body)
self.transport.flush()
def recv_sasl_msg(self):
header = self.transport.readAll(5)
status, length = struct.unpack(">BI", header)
if length > 0:
payload = self.transport.readAll(length)
else:
payload = ""
return status, payload
def write(self, data):
self.__wbuf.write(data)
def flush(self):
data = self.__wbuf.getvalue()
encoded = self.sasl.wrap(data)
# Note stolen from TFramedTransport:
# N.B.: Doing this string concatenation is WAY cheaper than making
# two separate calls to the underlying socket object. Socket writes in
# Python turn out to be REALLY expensive, but it seems to do a pretty
# good job of managing string buffer operations without excessive copies
self.transport.write(''.join((struct.pack("!i", len(encoded)), encoded)))
self.transport.flush()
self.__wbuf = StringIO()
def read(self, sz):
ret = self.__rbuf.read(sz)
if len(ret) != 0:
return ret
self._read_frame()
return self.__rbuf.read(sz)
def _read_frame(self):
header = self.transport.readAll(4)
length, = struct.unpack('!i', header)
encoded = self.transport.readAll(length)
self.__rbuf = StringIO(self.sasl.unwrap(encoded))
def close(self):
self.sasl.dispose()
self.transport.close()
# Implement the CReadableTransport interface.
# Stolen shamelessly from TFramedTransport
@property
def cstringio_buf(self):
return self.__rbuf
def cstringio_refill(self, prefix, reqlen):
# self.__rbuf will already be empty here because fastbinary doesn't
# ask for a refill until the previous buffer is empty. Therefore,
# we can start reading new frames immediately.
while len(prefix) < reqlen:
self._read_frame()
prefix += self.__rbuf.getvalue()
self.__rbuf = StringIO(prefix)
return self.__rbuf
class TSaslClientTransport(TTransportBase, CReadableTransport):
"""
A SASL transport based on the pure-sasl library:
https://github.com/thobbs/pure-sasl
"""
START = 1
OK = 2
BAD = 3
ERROR = 4
COMPLETE = 5
def __init__(self, transport, host, service, mechanism="GSSAPI", **sasl_kwargs):
"""
transport: an underlying transport to use, typically just a TSocket
host: the name of the server, from a SASL perspective
service: the name of the server's service, from a SASL perspective
mechanism: the name of the preferred mechanism to use
All other kwargs will be passed to the puresasl.client.SASLClient
constructor.
"""
self.transport = transport
self.sasl = SASLClient(host, service, mechanism, **sasl_kwargs)
self.__wbuf = StringIO()
self.__rbuf = StringIO()
# extremely awful hack, but you've got to do what you've got to do.
# essentially "wrap" and "unwrap" are defined for the base Mechanism class and raise a NotImplementedError by
# default, and PlainMechanism doesn't implement its own versions (lol).
# self.sasl._chosen_mech.wrap = lambda x: x
# self.sasl._chosen_mech.unwrap = lambda x: x
def open(self):
if not self.transport.isOpen():
self.transport.open()
self.send_sasl_msg(self.START, self.sasl.mechanism)
self.send_sasl_msg(self.OK, self.sasl.process() or "")
while True:
status, challenge = self.recv_sasl_msg()
if status == self.OK:
self.send_sasl_msg(self.OK, self.sasl.process(challenge) or "")
elif status == self.COMPLETE:
# self.sasl.complete is not set for PLAIN authentication (trollface.jpg) so we have to skip this check
# break
if not self.sasl.complete:
raise TTransportException("The server erroneously indicated " "that SASL negotiation was complete")
else:
break
else:
raise TTransportException("Bad SASL negotiation status: %d (%s)" % (status, challenge))
def send_sasl_msg(self, status, body):
if body is None:
body = ""
header = pack(">BI", status, len(body))
body = body if isinstance(body, bytes) else body.encode("utf-8")
self.transport.write(header + body)
self.transport.flush()
def recv_sasl_msg(self):
header = self.transport.readAll(5)
status, length = unpack(">BI", header)
if length > 0:
payload = self.transport.readAll(length)
else:
payload = ""
return status, payload
def write(self, data):
self.__wbuf.write(data)
def flush(self):
data = self.__wbuf.getvalue()
encoded = self.sasl.wrap(data)
self.transport.write("".join((pack("!i", len(encoded)), encoded)))
self.transport.flush()
self.__wbuf = StringIO()
def read(self, sz):
ret = self.__rbuf.read(sz)
if len(ret) != 0:
return ret
self._read_frame()
return self.__rbuf.read(sz)
def _read_frame(self):
header = self.transport.readAll(4)
length, = unpack("!i", header)
encoded = self.transport.readAll(length)
self.__rbuf = StringIO(self.sasl.unwrap(encoded))
def close(self):
self.sasl.dispose()
self.transport.close()
# based on TFramedTransport
@property
def cstringio_buf(self):
return self.__rbuf
def cstringio_refill(self, prefix, reqlen):
# self.__rbuf will already be empty here because fastbinary doesn't
# ask for a refill until the previous buffer is empty. Therefore,
# we can start reading new frames immediately.
while len(prefix) < reqlen:
self._read_frame()
prefix += self.__rbuf.getvalue()
self.__rbuf = StringIO(prefix)
return self.__rbuf
class TSaslClientTransport(TTransportBase):
"""
SASL transport
"""
START = 1
OK = 2
BAD = 3
ERROR = 4
COMPLETE = 5
def __init__(self,
transport,
host,
service,
mechanism=six.u('GSSAPI'),
generate_tickets=False,
using_keytab=False,
principal=None,
keytab_file=None,
ccache_file=None,
password=None,
**sasl_kwargs):
"""
transport: an underlying transport to use, typically just a TSocket
host: the name of the server, from a SASL perspective
service: the name of the server's service, from a SASL perspective
mechanism: the name of the preferred mechanism to use
All other kwargs will be passed to the puresasl.client.SASLClient
constructor.
"""
self.transport = transport
if six.PY3:
self._patch_pure_sasl()
self.sasl = SASLClient(host, service, mechanism, **sasl_kwargs)
self.__wbuf = BytesIO()
self.__rbuf = BytesIO()
self.generate_tickets = generate_tickets
if self.generate_tickets:
self.krb_context = krbContext(using_keytab, principal, keytab_file,
ccache_file, password)
self.krb_context.init_with_keytab()
def _patch_pure_sasl(self):
''' we need to patch pure_sasl to support python 3 '''
puresasl.mechanisms.mechanisms['GSSAPI'] = CustomGSSAPIMechanism
def is_open(self):
return self.transport.is_open() and bool(self.sasl)
@with_ticket
def open(self):
if not self.transport.is_open():
self.transport.open()
self.send_sasl_msg(self.START, self.sasl.mechanism.encode('utf8'))
self.send_sasl_msg(self.OK, self.sasl.process())
while True:
status, challenge = self.recv_sasl_msg()
if status == self.OK:
self.send_sasl_msg(self.OK, self.sasl.process(challenge))
elif status == self.COMPLETE:
if not self.sasl.complete:
raise TTransportException(
TTransportException.NOT_OPEN,
"The server erroneously indicated "
"that SASL negotiation was complete")
else:
break
else:
raise TTransportException(
TTransportException.NOT_OPEN,
"Bad SASL negotiation status: %d (%s)" %
(status, challenge))
def send_sasl_msg(self, status, body):
'''
body:bytes
'''
header = pack(">BI", status, len(body))
self.transport.write(header + body)
self.transport.flush()
def recv_sasl_msg(self):
header = readall(self.transport.read, 5)
status, length = unpack(">BI", header)
if length > 0:
payload = readall(self.transport.read, length)
else:
payload = ""
return status, payload
@with_ticket
def write(self, data):
self.__wbuf.write(data)
@with_ticket
def flush(self):
data = self.__wbuf.getvalue()
encoded = self.sasl.wrap(data)
if six.PY2:
self.transport.write(''.join([pack("!i", len(encoded)), encoded]))
else:
self.transport.write(b''.join((pack("!i", len(encoded)), encoded)))
self.transport.flush()
self.__wbuf = BytesIO()
def read(self, sz):
ret = self.__rbuf.read(sz)
if len(ret) != 0 or sz == 0:
return ret
self._read_frame()
return self.__rbuf.read(sz)
def _read_frame(self):
header = readall(self.transport.read, 4)
length, = unpack('!i', header)
encoded = readall(self.transport.read, length)
self.__rbuf = BytesIO(self.sasl.unwrap(encoded))
def close(self):
self.sasl.dispose()
self.transport.close()
class TSaslClientTransport(TTransportBase, CReadableTransport):
START = 1
OK = 2
BAD = 3
ERROR = 4
COMPLETE = 5
def __init__(self, transport, host, service,
mechanism='GSSAPI', **sasl_kwargs):
from puresasl.client import SASLClient
self.transport = transport
self.sasl = SASLClient(host, service, mechanism, **sasl_kwargs)
self.__wbuf = StringIO()
self.__rbuf = StringIO()
def open(self):
if not self.transport.isOpen():
self.transport.open()
self.send_sasl_msg(self.START, self.sasl.mechanism)
self.send_sasl_msg(self.OK, self.sasl.process())
while True:
status, challenge = self.recv_sasl_msg()
if status == self.OK:
self.send_sasl_msg(self.OK, self.sasl.process(challenge))
elif status == self.COMPLETE:
if not self.sasl.complete:
raise TTransportException("The server erroneously indicated "
"that SASL negotiation was complete")
else:
break
else:
raise TTransportException("Bad SASL negotiation status: %d (%s)"
% (status, challenge))
def send_sasl_msg(self, status, body):
header = struct.pack(">BI", status, len(body))
self.transport.write(header + body)
self.transport.flush()
def recv_sasl_msg(self):
header = self.transport.readAll(5)
status, length = struct.unpack(">BI", header)
if length > 0:
payload = self.transport.readAll(length)
else:
payload = ""
return status, payload
def write(self, data):
self.__wbuf.write(data)
def flush(self):
data = self.__wbuf.getvalue()
encoded = self.sasl.wrap(data)
# Note stolen from TFramedTransport:
# N.B.: Doing this string concatenation is WAY cheaper than making
# two separate calls to the underlying socket object. Socket writes in
# Python turn out to be REALLY expensive, but it seems to do a pretty
# good job of managing string buffer operations without excessive copies
self.transport.write(''.join((struct.pack("!i", len(encoded)), encoded)))
self.transport.flush()
self.__wbuf = StringIO()
def read(self, sz):
ret = self.__rbuf.read(sz)
if len(ret) != 0:
return ret
self._read_frame()
return self.__rbuf.read(sz)
def _read_frame(self):
header = self.transport.readAll(4)
length, = struct.unpack('!i', header)
encoded = self.transport.readAll(length)
self.__rbuf = StringIO(self.sasl.unwrap(encoded))
def close(self):
self.sasl.dispose()
self.transport.close()
# Implement the CReadableTransport interface.
# Stolen shamelessly from TFramedTransport
@property
def cstringio_buf(self):
return self.__rbuf
def cstringio_refill(self, prefix, reqlen):
# self.__rbuf will already be empty here because fastbinary doesn't
# ask for a refill until the previous buffer is empty. Therefore,
# we can start reading new frames immediately.
while len(prefix) < reqlen:
self._read_frame()
prefix += self.__rbuf.getvalue()
self.__rbuf = StringIO(prefix)
return self.__rbuf
