How to use the gssapi.NameType function in gssapi

To help you get started, we’ve selected a few gssapi examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github cannatag / ldap3 / ldap3 / protocol / sasl / kerberos.py View on Github external
- A string containing the hostname
    
    The optional second element is what authorization ID to request.
    
    - If omitted or None, the authentication ID is used as the authorization ID
    - If a string, the authorization ID to use. Should start with "dn:" or "user:".
    """
    target_name = None
    authz_id = b""
    if connection.sasl_credentials:
        if len(connection.sasl_credentials) >= 1 and connection.sasl_credentials[0]:
            if connection.sasl_credentials[0] is True:
                hostname = socket.gethostbyaddr(connection.socket.getpeername()[0])[0]
                target_name = gssapi.Name('ldap@' + hostname, gssapi.NameType.hostbased_service)
            else:
                target_name = gssapi.Name('ldap@' + connection.sasl_credentials[0], gssapi.NameType.hostbased_service)
        if len(connection.sasl_credentials) >= 2 and connection.sasl_credentials[1]:
            authz_id = connection.sasl_credentials[1].encode("utf-8")
    if target_name is None:
        target_name = gssapi.Name('ldap@' + connection.server.host, gssapi.NameType.hostbased_service)
    creds = gssapi.Credentials(name=gssapi.Name(connection.user), usage='initiate') if connection.user else None
    ctx = gssapi.SecurityContext(name=target_name, mech=gssapi.MechType.kerberos, creds=creds)
    in_token = None
    try:
        while True:
            out_token = ctx.step(in_token)
            if out_token is None:
                out_token = ''
            result = send_sasl_negotiation(connection, controls, out_token)
            in_token = result['saslCreds']
            try:
                # This raised an exception in gssapi<1.1.2 if the context was
github jborean93 / pypsrp / pypsrp / spnego.py View on Github external
# while kerb auth might be available, if we require wrapping and the
        # extension is not available then we can't use it
        if encryption_required and not HAS_GSSAPI_ENCRYPTION:
            available_mechs.pop(0)

        ntlm_oid = GSSAPIContext._AUTH_PROVIDERS['ntlm']
        ntlm_mech = gssapi.OID.from_int_seq(ntlm_oid)
        # GSS_NTLMSSP_RESET_CRYPTO_OID_LENGTH
        # github.com/simo5/gss-ntlmssp/blob/master/src/gssapi_ntlmssp.h#L68
        reset_mech = gssapi.OID.from_int_seq("1.3.6.1.4.1.7165.655.1.3")

        try:
            # we don't actually care about the account used here so just use
            # a random username and password
            ntlm_context = GSSAPIContext._get_security_context(
                gssapi.NameType.user,
                ntlm_mech,
                "http@server",
                "username",
                "password",
                False,
                encryption_required
            )
            ntlm_context.step()
            gssapi.raw.set_sec_context_option(reset_mech, context=ntlm_context,
                                              value=b"\x00" * 4)

            # gss-ntlmssp is available which in turn means we can use native
            # SPNEGO or NTLM with the GSSAPI
            available_mechs.extend(["auto", "ntlm"])
        except gssapi.exceptions.GSSError as exc:
            # failed to init NTLM and verify gss-ntlmssp is available, this
github jborean93 / requests-credssp / requests_credssp / spnego.py View on Github external
for SPNEGO and NTLM to work properly.

        :return: list - A list of supported mechs available in the installed
            version of GSSAPI
        """
        ntlm_oid = GSSAPIContext._AUTH_MECHANISMS['ntlm']
        ntlm_mech = gssapi.OID.from_int_seq(ntlm_oid)
        # GSS_NTLMSSP_RESET_CRYPTO_OID_LENGTH
        # github.com/simo5/gss-ntlmssp/blob/master/src/gssapi_ntlmssp.h#L68
        reset_mech = gssapi.OID.from_int_seq("1.3.6.1.4.1.7165.655.1.3")

        try:
            # we don't actually care about the account used here so just use
            # a random username and password
            ntlm_context = GSSAPIContext._get_security_context(
                gssapi.NameType.user,
                ntlm_mech,
                "http@server",
                "username",
                "password"
            )
            ntlm_context.step()
            set_sec_context_option(reset_mech, context=ntlm_context,
                                   value=b"\x00" * 4)
        except gssapi.exceptions.GSSError as exc:
            # failed to init NTLM and verify gss-ntlmssp is available, this
            # means NTLM is either not available or won't work
            # (not gss-ntlmssp) so we return kerberos as the only available
            # mechanism for the GSSAPI Context
            log.debug("Failed to init test NTLM context with GSSAPI: %s"
                      % str(exc))
            return ['kerberos']