Add a credential to the Keytab.
(
self,
principal,
mapupn=None,
password=None,
salt=None,
key=None,
etypes=None,
kvno=None,
)
| 736 | ) |
| 737 | |
| 738 | def add_cred( |
| 739 | self, |
| 740 | principal, |
| 741 | mapupn=None, |
| 742 | password=None, |
| 743 | salt=None, |
| 744 | key=None, |
| 745 | etypes=None, |
| 746 | kvno=None, |
| 747 | ): |
| 748 | """ |
| 749 | Add a credential to the Keytab. |
| 750 | """ |
| 751 | if password and key: |
| 752 | raise ValueError("Please provide 'password' OR 'key'.") |
| 753 | elif not password and not key: |
| 754 | try: |
| 755 | from prompt_toolkit import prompt |
| 756 | |
| 757 | password = prompt("Enter password: ", is_password=True) |
| 758 | except ImportError: |
| 759 | password = input("Enter password: ") |
| 760 | |
| 761 | # If we have a mapupn, use it to retrieve the salt. |
| 762 | if salt is None and mapupn is not None: |
| 763 | salt = krb_get_salt(mapupn) |
| 764 | |
| 765 | # Detect if principal is a SPN or UPN and parse realm. |
| 766 | realm = None |
| 767 | component = None |
| 768 | try: |
| 769 | component, realm = _parse_upn(principal) |
| 770 | if salt is None and key is None: |
| 771 | salt = krb_get_salt(principal) |
| 772 | except ValueError: |
| 773 | try: |
| 774 | component, realm = _parse_spn(principal) |
| 775 | except ValueError: |
| 776 | raise ValueError("Invalid principal ! (must be UPN or SPN)") |
| 777 | |
| 778 | if salt is None and key is None: |
| 779 | raise ValueError( |
| 780 | "Salt could not be guessed. Please provide it, or provide 'mapupn' " |
| 781 | "pointing towards the UPN of the user." |
| 782 | ) |
| 783 | |
| 784 | # If password is provided, derive the keys. |
| 785 | if password: |
| 786 | from scapy.libs.rfc3961 import Key, EncryptionType |
| 787 | |
| 788 | if etypes is None: |
| 789 | etypes = [EncryptionType.AES256_CTS_HMAC_SHA1_96] |
| 790 | elif etypes == "all": |
| 791 | etypes = [ |
| 792 | EncryptionType.AES128_CTS_HMAC_SHA1_96, |
| 793 | EncryptionType.AES256_CTS_HMAC_SHA1_96, |
| 794 | EncryptionType.RC4_HMAC, |
| 795 | ] |
no test coverage detected