-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathgsstoken
executable file
·69 lines (51 loc) · 2.12 KB
/
gsstoken
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#!/usr/bin/env python3
# gsstoken -- print a GSSAPI authentication token for a service
import argparse
import base64
import sys
def b64encode(buf):
return base64.b64encode(buf).decode()
def get_token_gssapi(service_name):
import gssapi
service_name = gssapi.Name(args.service_name,
gssapi.NameType.hostbased_service)
context = gssapi.SecurityContext(usage="initiate",
name=service_name)
return context.step()
# SSPI/GSSAPI interoperability notes:
# https://learn.microsoft.com/en-us/windows/win32/secauthn/sspi-kerberos-interoperability-with-gssapi
def get_token_sspi(service_name):
import sspi
if "/" not in service_name:
# Convert the name to a Kerberos principal, as Windows SSPI does not
# support HOSTBASED_SERVICE names. (It also doesn't canonicalize host
# names -- the SPN is passed to the KDC as-is).
service_name = args.service_name.replace("@", "/")
context = sspi.ClientAuth("Kerberos",
targetspn=service_name)
err, buffers = context.authorize(None)
return buffers[0].Buffer
def get_token_pyspnego(service_name):
import spnego
service, _, hostname = service_name.partition("@")
context = spnego.client(hostname=hostname,
service=service,
protocol="kerberos")
return context.step(None)
parser = argparse.ArgumentParser()
parser.description = "Generates Kerberos authentication tokens using GSSAPI."
parser.add_argument("-s", "--spnego", action="store_true",
help="use pyspnego instead of direct sspi/gssapi")
parser.add_argument("service_name",
help="target GSS name (service@host)")
args = parser.parse_args()
if args.spnego:
out_token = get_token_pyspnego(args.service_name)
elif sys.platform == "win32":
try:
out_token = get_token_sspi(args.service_name)
except ModuleNotFoundError:
exit("error: The 'pywin32' package is not installed.")
else:
out_token = get_token_gssapi(args.service_name)
print(b64encode(out_token))