Python sspi.ClientAuth() Examples
The following are 8
code examples of sspi.ClientAuth().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
sspi
, or try the search function
.
Example #1
Source File: session.py From smbprotocol with MIT License | 6 votes |
def __init__(self, username, password, server): log.info("Setting up SSPI Security Context for Windows auth") self._call_counter = 0 flags = sspicon.ISC_REQ_INTEGRITY | \ sspicon.ISC_REQ_CONFIDENTIALITY | \ sspicon.ISC_REQ_REPLAY_DETECT | \ sspicon.ISC_REQ_SEQUENCE_DETECT | \ sspicon.ISC_REQ_MUTUAL_AUTH domain, username = _split_username_and_domain(username) # We could use the MECH to derive the package name but we are just # better off using Negotiate and lettings Windows do all the heavy # lifting. self._context = sspi.ClientAuth( pkg_name='Negotiate', auth_info=(username, domain, password), targetspn="cifs/%s" % server, scflags=flags )
Example #2
Source File: socket_server.py From ironpython2 with Apache License 2.0 | 6 votes |
def sspi_client(): c = httplib.HTTPConnection("localhost", options.port) c.connect() # Do the auth dance. ca = sspi.ClientAuth(options.package, targetspn=options.target_spn) data = None while 1: err, out_buf = ca.authorize(data) _send_msg(c.sock, out_buf[0].Buffer) if err==0: break data = _get_msg(c.sock) print "Auth dance complete - sending a few encryted messages" # Assume out data is sensitive - encrypt the message. for data in "Hello from the client".split(): blob, key = ca.encrypt(data) _send_msg(c.sock, blob) _send_msg(c.sock, key) c.sock.close() print "Client completed."
Example #3
Source File: validate_password.py From ironpython2 with Apache License 2.0 | 5 votes |
def validate(username, password, domain = ""): auth_info = username, domain, password ca = ClientAuth("NTLM", auth_info = auth_info) sa = ServerAuth("NTLM") data = err = None while err != 0: err, data = ca.authorize(data) err, data = sa.authorize(data) # If we get here without exception, we worked!
Example #4
Source File: test_sspi.py From ironpython2 with Apache License 2.0 | 5 votes |
def _doAuth(self, pkg_name): sspiclient=sspi.ClientAuth(pkg_name,targetspn=win32api.GetUserName()) sspiserver=sspi.ServerAuth(pkg_name) sec_buffer=None err = 1 while err != 0: err, sec_buffer = sspiclient.authorize(sec_buffer) err, sec_buffer = sspiserver.authorize(sec_buffer) return sspiclient, sspiserver
Example #5
Source File: spnego.py From pypsrp with MIT License | 5 votes |
def init_context(self): flags = sspicon.ISC_REQ_INTEGRITY | \ sspicon.ISC_REQ_CONFIDENTIALITY | \ sspicon.ISC_REQ_REPLAY_DETECT | \ sspicon.ISC_REQ_SEQUENCE_DETECT | \ sspicon.ISC_REQ_MUTUAL_AUTH if self._delegate: flags |= sspicon.ISC_REQ_DELEGATE self._context = sspi.ClientAuth( pkg_name=self.auth_provider, auth_info=(self.username, self.domain, self.password), targetspn=self._target_spn, scflags=flags )
Example #6
Source File: px.py From px with MIT License | 4 votes |
def __init__(self, proxy_type, proxy_server_address): pwd = "" if State.username: key = State.username if State.domain != "": key = State.domain + "\\" + State.username pwd = keyring.get_password("Px", key) if proxy_type == "NTLM": if not pwd: self.ctx = sspi.ClientAuth("NTLM", os.environ.get("USERNAME"), scflags=0) self.get_response = self.get_response_sspi else: self.ctx = ntlm_auth.ntlm.NtlmContext( State.username, pwd, State.domain, "", ntlm_compatibility=3) self.get_response = self.get_response_ntlm elif proxy_type == "BASIC": if not State.username: dprint("No username configured for Basic authentication") elif not pwd: dprint("No password configured for Basic authentication") else: # Colons are forbidden in usernames and passwords for basic auth # but since this can happen very easily, we make a special check # just for colons so people immediately understand that and don't # have to look up other resources. if ":" in State.username or ":" in pwd: dprint("Credentials contain invalid colon character") else: # Additionally check for invalid control characters as per # RFC5234 Appendix B.1 (section CTL) illegal_control_characters = "".join( chr(i) for i in range(0x20)) + "\u007F" if any(char in State.username or char in pwd for char in illegal_control_characters): dprint("Credentials contain invalid characters: %s" % ", ".join("0x" + "%x" % ord(char) for char in illegal_control_characters)) else: # Remove newline appended by base64 function self.ctx = b64encode( "%s:%s" % (State.username, pwd))[:-1].decode() self.get_response = self.get_response_basic else: principal = None if pwd: if State.domain: principal = (urlparse.quote(State.username) + "@" + urlparse.quote(State.domain) + ":" + urlparse.quote(pwd)) else: principal = (urlparse.quote(State.username) + ":" + urlparse.quote(pwd)) _, self.ctx = winkerberos.authGSSClientInit("HTTP@" + proxy_server_address, principal=principal, gssflags=0, mech_oid=winkerberos.GSS_MECH_OID_SPNEGO) self.get_response = self.get_response_wkb
Example #7
Source File: checksums.py From peach with Mozilla Public License 2.0 | 4 votes |
def fixup(self): try: fullName = self.context.getFullname() xml = self.getXml() firstFullName = str(xml.xpath(self.firstSend)[0].get("fullName")) firstFullName = firstFullName[firstFullName.index('.') + 1:] if fullName.find(firstFullName) > -1 and SspiAuthenticationFixup._firstObj != self.context: #scflags = sspicon.ISC_REQ_INTEGRITY|sspicon.ISC_REQ_SEQUENCE_DETECT|\ # sspicon.ISC_REQ_REPLAY_DETECT|sspicon.ISC_REQ_CONFIDENTIALITY scflags = sspicon.ISC_REQ_INTEGRITY | sspicon.ISC_REQ_SEQUENCE_DETECT | \ sspicon.ISC_REQ_REPLAY_DETECT SspiAuthenticationFixup._firstObj = self.context SspiAuthenticationFixup._sspi = sspi.ClientAuth( "Negotiate", "", # client_name (self.username, self.workgroup, self.password), # auth_info None, # targetsn (target security context provider) scflags, #scflags # None, # security context flags ) (done, data) = SspiAuthenticationFixup._sspi.authorize(None) data = data[0].Buffer SspiAuthenticationFixup._data = data return data if fullName.find(firstFullName) > -1: return SspiAuthenticationFixup._data secondFullName = str(xml.xpath(self.secondSend)[0].get("fullName")) secondFullName = secondFullName[secondFullName.index('.') + 1:] if fullName.find(secondFullName) > -1 and SspiAuthenticationFixup._secondObj != self.context: inputData = self.context.getInternalValue() if len(inputData) < 5: return None (done, data) = SspiAuthenticationFixup._sspi.authorize(inputData) data = data[0].Buffer SspiAuthenticationFixup._secondObj = self.context SspiAuthenticationFixup._data = data return data if fullName.find(secondFullName) > -1: return SspiAuthenticationFixup._data except: print("!!! EXCEPTION !!!") print(repr(sys.exc_info())) pass
Example #8
Source File: ssh_gss.py From imoocc with GNU General Public License v2.0 | 4 votes |
def ssh_init_sec_context(self, target, desired_mech=None, username=None, recv_token=None): """ Initialize a SSPI context. :param str username: The name of the user who attempts to login :param str target: The FQDN of the target to connect to :param str desired_mech: The negotiated SSPI mechanism ("pseudo negotiated" mechanism, because we support just the krb5 mechanism :-)) :param recv_token: The SSPI token received from the Server :raise SSHException: Is raised if the desired mechanism of the client is not supported :return: A ``String`` if the SSPI has returned a token or ``None`` if no token was returned :rtype: String or None """ self._username = username self._gss_host = target error = 0 targ_name = "host/" + self._gss_host if desired_mech is not None: mech, __ = decoder.decode(desired_mech) if mech.__str__() != self._krb5_mech: raise SSHException("Unsupported mechanism OID.") try: if recv_token is None: self._gss_ctxt = sspi.ClientAuth("Kerberos", scflags=self._gss_flags, targetspn=targ_name) error, token = self._gss_ctxt.authorize(recv_token) token = token[0].Buffer except: raise Exception("{0}, Target: {1}".format(sys.exc_info()[1], self._gss_host)) if error == 0: """ if the status is GSS_COMPLETE (error = 0) the context is fully established an we can set _gss_ctxt_status to True. """ self._gss_ctxt_status = True token = None """ You won't get another token if the context is fully established, so i set token to None instead of "" """ return token