示例#1
0
def test_authenticate_ascii(fake_socket, packets):
    """
    client -> AUTHSTART (username)
              STATUS_GETPASS           <- server
    client -> AUTHCONTINUE (password)
              STATUS_PASS              <- server
    """
    client = TACACSClient('127.0.0.1', 49, None, session_id=12345)
    client._sock = fake_socket
    reply = client.authenticate('username', 'pass')
    assert reply.valid

    fake_socket.buff.seek(0)
    first_header = TACACSHeader.unpacked(fake_socket.buff.read(12))
    assert (first_header.version_max, first_header.version_min) == (12, 0)
    first_body = fake_socket.buff.read(first_header.length)
    assert TACACSAuthenticationStart(
        'username', TAC_PLUS_AUTHEN_TYPE_ASCII).packed == first_body

    second_header = TACACSHeader.unpacked(fake_socket.buff.read(12))
    assert (first_header.version_max, first_header.version_min) == (12, 0)
    assert second_header.seq_no > first_header.seq_no

    second_body = fake_socket.buff.read()
    assert TACACSAuthenticationContinue('pass').packed == second_body
示例#2
0
def tacacs_header():
    return TACACSHeader(
        192,  # version
        TAC_PLUS_AUTHEN,
        12345,  # session_id,
        0,  # body len
        1,  # seq_no
    )
示例#3
0
def test_header_pack(tacacs_header):
    packed = tacacs_header.packed
    unpacked = TACACSHeader.unpacked(packed)
    assert unpacked.version == 192
    assert unpacked.type == TAC_PLUS_AUTHEN
    assert unpacked.session_id == 12345
    assert unpacked.length == 0
    assert unpacked.seq_no == 1
    assert unpacked.flags == 0
示例#4
0
def test_client_socket_send(fake_socket, packets, state):
    body = TACACSAuthenticationStart('user123', TAC_PLUS_AUTHEN_TYPE_ASCII)
    client = TACACSClient('127.0.0.1', 49, None, session_id=12345)
    client._sock = fake_socket
    packet = client.send(body, TAC_PLUS_AUTHEN)
    assert isinstance(packet, TACACSPacket)
    reply = TACACSAuthenticationReply.unpacked(packet.body)
    assert getattr(reply, state) is True

    # the first 12 bytes of the packet represent the header
    fake_socket.buff.seek(0)
    sent_header, sent_body = (fake_socket.buff.read(12),
                              fake_socket.buff.read())

    body_length = TACACSHeader.unpacked(sent_header).length
    assert len(sent_body) == body_length
    assert body.packed == sent_body
示例#5
0
def test_authorize_ascii(fake_socket, packets):
    client = TACACSClient('127.0.0.1', 49, None, session_id=12345)
    client._sock = fake_socket
    reply = client.authorize(
        'username',
        arguments=[b"service=shell", b"cmd=show", b"cmdargs=version"])
    assert reply.valid

    fake_socket.buff.seek(0)
    first_header = TACACSHeader.unpacked(fake_socket.buff.read(12))
    assert (first_header.version_max, first_header.version_min) == (12, 0)
    first_body = fake_socket.buff.read(first_header.length)
    assert TACACSAuthorizationStart(
        'username',
        TAC_PLUS_AUTHEN_METH_TACACSPLUS,
        TAC_PLUS_PRIV_LVL_MIN,
        TAC_PLUS_AUTHEN_TYPE_ASCII,
        [b"service=shell", b"cmd=show", b"cmdargs=version"],
    ).packed == first_body
示例#6
0
def test_authenticate_pap(fake_socket, packets):
    """
    client -> AUTHSTART (user+pass)
              STATUS_PASS              <- server
    """
    client = TACACSClient('127.0.0.1', 49, None, session_id=12345)
    client._sock = fake_socket
    reply = client.authenticate('username',
                                'pass',
                                authen_type=TAC_PLUS_AUTHEN_TYPE_PAP)
    assert reply.valid

    fake_socket.buff.seek(0)
    first_header = TACACSHeader.unpacked(fake_socket.buff.read(12))
    assert (first_header.version_max, first_header.version_min) == (12, 1)
    first_body = fake_socket.buff.read(first_header.length)
    assert TACACSAuthenticationStart('username',
                                     TAC_PLUS_AUTHEN_TYPE_PAP,
                                     data=six.b('pass')).packed == first_body
示例#7
0
def test_authenticate_chap(fake_socket, packets):
    """
    client -> AUTHSTART user+md5challenge(pass)
              STATUS_PASS                         <- server
    """
    client = TACACSClient('127.0.0.1', 49, None, session_id=12345)
    client._sock = fake_socket
    reply = client.authenticate('username',
                                'pass',
                                authen_type=TAC_PLUS_AUTHEN_TYPE_CHAP,
                                chap_ppp_id='A',
                                chap_challenge='challenge')
    assert reply.valid

    fake_socket.buff.seek(0)
    first_header = TACACSHeader.unpacked(fake_socket.buff.read(12))
    assert (first_header.version_max, first_header.version_min) == (12, 1)
    first_body = fake_socket.buff.read(first_header.length)
    assert TACACSAuthenticationStart(
        'username',
        TAC_PLUS_AUTHEN_TYPE_CHAP,
        data=(six.b('A') + six.b('challenge') +
              md5(six.b('Apasschallenge')).digest())).packed == first_body