-
Notifications
You must be signed in to change notification settings - Fork 6
/
test.py
85 lines (74 loc) · 3.08 KB
/
test.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# -*- coding: utf-8 -*-
import kerberos_sspi as k
import base64
import sys
if sys.version_info >= (3,0):
def decodestring(stringvalue):
return base64.decodestring(stringvalue.encode("ascii"))
def encodestring(bytesvalue):
return base64.encodestring(bytesvalue).decode("utf-8")
def b(stringvalue):
return stringvalue.encode("ascii")
def u(stringvalue):
return stringvalue
else:
def decodestring(stringvalue):
return base64.decodestring(stringvalue)
def encodestring(bytesvalue):
return base64.encodestring(bytesvalue)
def b(stringvalue):
return stringvalue
def u(stringvalue):
return stringvalue.decode("utf-8")
flags=k.GSS_C_CONF_FLAG|k.GSS_C_INTEG_FLAG|k.GSS_C_MUTUAL_FLAG|k.GSS_C_SEQUENCE_FLAG
errc, client = k.authGSSClientInit("test@vm-win7-kraemer", gssflags=flags)
# to run a kerberos enabled server under my account i set as domain admin:
# setspn -A test/vm-win7-kraemer MYDOMAIN\kraemer
# (might have to wait a few minutes before all DCs in active directory pick it up)
errs, server = k.authGSSServerInit("test@vm-win7-kraemer")
cres = sres= k.AUTH_GSS_CONTINUE
response = ""
round = 0
while sres == k.AUTH_GSS_CONTINUE or cres == k.AUTH_GSS_CONTINUE:
if cres == k.AUTH_GSS_CONTINUE:
cres = k.authGSSClientStep(client, response)
if cres == -1:
print("clientstep error")
break
response = k.authGSSClientResponse(client)
if sres == k.AUTH_GSS_CONTINUE:
sres = k.authGSSServerStep(server, response)
if sres == -1:
print( "serverstep error")
break
response = k.authGSSServerResponse(server)
print( "round:", round)
print( "server status :", sres)
print( "client status :", cres)
round += 1
if sres == k.AUTH_GSS_COMPLETE and cres == k.AUTH_GSS_COMPLETE:
print( "client: my username:", k.authGSSClientUserName(client))
print( "server: who authenticated to me:", k.authGSSServerUserName(server))
print( "server: my spn:", k.authGSSServerTargetName(server))
print( "********* encryption test ***********")
err=k.authGSSClientWrap(client, encodestring(b("Hello")))
if err == 1:
encstring=k.authGSSClientResponse(client)
print( "encstring:", encstring, encodestring(b("Hello")))
decerr=k.authGSSClientUnwrap(server, encstring)
if decerr == 1:
encstring=k.authGSSServerResponse(server)
print( decodestring(encstring))
# user case on wrap
import struct
import logging
logging.basicConfig(level=logging.INFO)
# set max size=1000 and server flags = AUTH_P_NONE|AUTH_P_INTEGRITY|AUTH_P_PRIVACY
err=k.authGSSClientWrap(client, encodestring(b(struct.pack("!L", 1000 | 0x07000000)+"Hello")), user=u("ümay-day"))
if err == 1:
encstring=k.authGSSClientResponse(client)
print( "encstring:", encstring, encodestring(b("Hello")))
decerr=k.authGSSClientUnwrap(server, encstring)
if decerr == 1:
encstring=k.authGSSServerResponse(server)
print( decodestring(encstring))