-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use USER_NAME instead of HOSTBASED_SERVICE for user principals
Probably this was me making an assumption based on seeing "name" in the start of a connection and assuming it was the server name. Bad naming - there's "name" and "target_name" around.
- Loading branch information
1 parent
65690d1
commit 6aa78d6
Showing
2 changed files
with
21 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -39,10 +39,14 @@ | |
b64_negotiate_server = "negotiate " + b64encode(b"servertoken").decode() | ||
|
||
|
||
def gssapi_name(s): | ||
def gssapi_sname(s): | ||
return gssapi.Name(s, gssapi.NameType.hostbased_service) | ||
|
||
|
||
def gssapi_uname(s): | ||
return gssapi.Name(s, gssapi.NameType.user) | ||
|
||
|
||
class GSSAPITestCase(unittest.TestCase): | ||
def setUp(self): | ||
"""Setup.""" | ||
|
@@ -105,7 +109,7 @@ def test_generate_request_header(self): | |
auth.generate_request_header(response, host), | ||
b64_negotiate_response) | ||
fake_init.assert_called_with( | ||
name=gssapi_name("[email protected]"), | ||
name=gssapi_sname("[email protected]"), | ||
creds=None, mech=None, flags=gssflags, usage="initiate") | ||
fake_resp.assert_called_with(b"token") | ||
|
||
|
@@ -120,7 +124,7 @@ def test_generate_request_header_init_error(self): | |
self.assertRaises(requests_gssapi.exceptions.SPNEGOExchangeError, | ||
auth.generate_request_header, response, host) | ||
fake_init.assert_called_with( | ||
name=gssapi_name("[email protected]"), | ||
name=gssapi_sname("[email protected]"), | ||
usage="initiate", flags=gssflags, creds=None, mech=None) | ||
|
||
def test_generate_request_header_step_error(self): | ||
|
@@ -134,7 +138,7 @@ def test_generate_request_header_step_error(self): | |
self.assertRaises(requests_gssapi.exceptions.SPNEGOExchangeError, | ||
auth.generate_request_header, response, host) | ||
fake_init.assert_called_with( | ||
name=gssapi_name("[email protected]"), | ||
name=gssapi_sname("[email protected]"), | ||
usage="initiate", flags=gssflags, creds=None, mech=None) | ||
fail_resp.assert_called_with(b"token") | ||
|
||
|
@@ -171,7 +175,7 @@ def test_authenticate_user(self): | |
connection.send.assert_called_with(request) | ||
raw.release_conn.assert_called_with() | ||
fake_init.assert_called_with( | ||
name=gssapi_name("[email protected]"), | ||
name=gssapi_sname("[email protected]"), | ||
flags=gssflags, usage="initiate", creds=None, mech=None) | ||
fake_resp.assert_called_with(b"token") | ||
|
||
|
@@ -208,7 +212,7 @@ def test_handle_401(self): | |
connection.send.assert_called_with(request) | ||
raw.release_conn.assert_called_with() | ||
fake_init.assert_called_with( | ||
name=gssapi_name("[email protected]"), | ||
name=gssapi_sname("[email protected]"), | ||
creds=None, mech=None, flags=gssflags, usage="initiate") | ||
fake_resp.assert_called_with(b"token") | ||
|
||
|
@@ -447,7 +451,7 @@ def test_handle_response_401(self): | |
connection.send.assert_called_with(request) | ||
raw.release_conn.assert_called_with() | ||
fake_init.assert_called_with( | ||
name=gssapi_name("[email protected]"), | ||
name=gssapi_sname("[email protected]"), | ||
usage="initiate", flags=gssflags, creds=None, mech=None) | ||
fake_resp.assert_called_with(b"token") | ||
|
||
|
@@ -490,7 +494,7 @@ def connection_send(self, *args, **kwargs): | |
connection.send.assert_called_with(request) | ||
raw.release_conn.assert_called_with() | ||
fake_init.assert_called_with( | ||
name=gssapi_name("[email protected]"), | ||
name=gssapi_sname("[email protected]"), | ||
usage="initiate", flags=gssflags, creds=None, mech=None) | ||
fake_resp.assert_called_with(b"token") | ||
|
||
|
@@ -504,7 +508,7 @@ def test_generate_request_header_custom_service(self): | |
auth = requests_gssapi.HTTPKerberosAuth(service="barfoo") | ||
auth.generate_request_header(response, host), | ||
fake_init.assert_called_with( | ||
name=gssapi_name("[email protected]"), | ||
name=gssapi_sname("[email protected]"), | ||
usage="initiate", flags=gssflags, creds=None, mech=None) | ||
fake_resp.assert_called_with(b"token") | ||
|
||
|
@@ -542,7 +546,7 @@ def test_delegation(self): | |
connection.send.assert_called_with(request) | ||
raw.release_conn.assert_called_with() | ||
fake_init.assert_called_with( | ||
name=gssapi_name("[email protected]"), | ||
name=gssapi_sname("[email protected]"), | ||
usage="initiate", flags=gssdelegflags, creds=None, mech=None) | ||
fake_resp.assert_called_with(b"token") | ||
|
||
|
@@ -558,9 +562,9 @@ def test_principal_override(self): | |
auth.generate_request_header(response, host) | ||
fake_creds.assert_called_with(gssapi.creds.Credentials, | ||
usage="initiate", | ||
name=gssapi_name("user@REALM")) | ||
name=gssapi_uname("user@REALM", )) | ||
fake_init.assert_called_with( | ||
name=gssapi_name("[email protected]"), | ||
name=gssapi_sname("[email protected]"), | ||
usage="initiate", flags=gssflags, | ||
creds=b"fake creds", mech=None) | ||
|
||
|
@@ -575,7 +579,7 @@ def test_realm_override(self): | |
hostname_override="otherhost.otherdomain.org") | ||
auth.generate_request_header(response, host) | ||
fake_init.assert_called_with( | ||
name=gssapi_name("[email protected]"), | ||
name=gssapi_sname("[email protected]"), | ||
usage="initiate", flags=gssflags, creds=None, mech=None) | ||
fake_resp.assert_called_with(b"token") | ||
|
||
|
@@ -604,7 +608,7 @@ def test_explicit_creds(self): | |
auth = requests_gssapi.HTTPSPNEGOAuth(creds=creds) | ||
auth.generate_request_header(response, host) | ||
fake_init.assert_called_with( | ||
name=gssapi_name("[email protected]"), | ||
name=gssapi_sname("[email protected]"), | ||
usage="initiate", flags=gssflags, | ||
creds=b"fake creds", mech=None) | ||
fake_resp.assert_called_with(b"token") | ||
|
@@ -621,7 +625,7 @@ def test_explicit_mech(self): | |
auth = requests_gssapi.HTTPSPNEGOAuth(mech=fake_mech) | ||
auth.generate_request_header(response, host) | ||
fake_init.assert_called_with( | ||
name=gssapi_name("[email protected]"), | ||
name=gssapi_sname("[email protected]"), | ||
usage="initiate", flags=gssflags, | ||
creds=None, mech=b'fake mech') | ||
fake_resp.assert_called_with(b"token") | ||
|
@@ -637,7 +641,7 @@ def test_target_name(self): | |
target_name="[email protected]") | ||
auth.generate_request_header(response, host) | ||
fake_init.assert_called_with( | ||
name=gssapi_name("[email protected]"), | ||
name=gssapi_sname("[email protected]"), | ||
usage="initiate", flags=gssflags, creds=None, mech=None) | ||
fake_resp.assert_called_with(b"token") | ||
|
||
|