I tried to implement a simple single-sign-on in my python web server. I have used the python-kerberos package which works nicely. I have tested it from my Linux box (authenticating against active directory) and it was without problem.
However, when I tried to authenticate using Firefox from Windows machine (no special setup, just having the user logged into the domain + added my server into negotiate-auth.trusted-uris), it doesn't work. I have looked at what is sent and it doesn't even resemble the things the Linux machine sends. This Microsoft description of the process pretty much resembles the way my interaction from Linux works, but the Windows machine generally sends a very short string, which doesn't even resemble the things microsoft documentation states, and when base64 decoded, it is something like 12 zero bytes followed by 3 or 4 non-zero bytes (GSS functions then return that it doesn't support such scheme)
Either there is something wrong with the client Firefox settings, or there is some protocol which I am supposed to follow for the Negotiate protocol, but which I cannot find any reference anywhere. Any ideas what's wrong? Do you have any idea what protocol I should by trying to find, as it doesn' look like SPNEGO, at least from MS documentation.
Update: now it seems to at least produce reasonable data (clean installation of firefox on something different than windows7...), however I am getting:
(('Unspecified GSS failure. Minor code may provide more information', 851968), ('', 100004))
The Negotiate data now seems to be OK, so this is some other error. Any idea where can I decode what 100004 means?
On Windows, you also need to make sure that network.auth.use-sspi = true, so that Firefox will use the native Windows Kerberos (SSPI) rather than look for a GSSAPI DLL.
If that's not it, and you want to provide a packet capture of the Kerberos and HTTP traffic, I'm happy to look at it.
Related
Goal
I have made a website using the Flask framework and am fairly comfortable with HTML, CSS, JS, Python. My goal is to connect an arduino to the client's PC's usb port and use serial.write() to send a number to it.
Notes
I have a working example of interfacing with python if arduino was connected to the server.
import serial
ser = serial.Serial('COM4', 9600)
ser.write('5')
Now I want to run these exact 3 lines on the client side.
Is this even doable? I have researched a lot and it seems that this is not doable due to security reasons? (I'm hoping somebody proves me wrong here.) That is why I'm looking for a workaround. But before that I must mention, I don't need any of the data (numbers) to come from the server. Once the webpage is loaded all serial communication that I need is on the client side.
Client side python: I have looked into writing python on the client side and read about skulpt and PyPyjs but am not sure how I could run the mentioned 3 lines with them on client side(neither seems to support pyserial needed for import serial or at least I have not had any luck finding documentation)
I also looked into arduino documentation for interfacing with software but it seems that all the languages mentioned are server side. If you know of any possible direction languages that could help, I'd be happy to know and go learn them. I saw many forums mentioning Node.js but my understanding is that would also only do the job on the server side.
I'd appreciate any help on where else/other topics I should look into. Thanks in advance.
Is this even doable? I have researched a lot and it seems that this is not doable due to security reasons?
You are correct. There is no ability for browsers to access a COM port. It doesn't matter what language or framework you pick, a browser isn't going to give you that access.
You would need to make a standalone desktop application. You can use HTML and JavaScript to access serial ports, just not in a browser. Chrome Apps (which are actually going away) can do it, as well as an App that uses Electron.
I have a device with a built-in USB/Serial adapter (shows up as a Prolific PL2303). The device documentation provides full details on how to communicate with it, and provides a sample Windows app. However, I need to use it on Linux - ideally with Python but I'm not too precious about that.
The device docs state the device runs at 9600, 8N1 with half duplex. The Windows app works fine - device works fine (so I know it's not a device problem). However, I can't communicate with it using Python on Linux. I'm using pySerial, and I've tried a similar (full duplex, also PL2303) device which works fine.
I've tried several combinations of setting xonxoff, rtscts etc. I've also tried RTS toggling using setRTS(True) and checking for CTS and DSR etc - gets all return False. I can successfully open the device using pySerial (I can see activity light flashing - simple but effective test) and pySerial complains if you unplug it during reads/writes.
Doesn't seem to matter what flags/lines I set or what data I send, always get the same result.
>>> s=serial.Serial()
>>> s.port('/dev/ttyUSB1')
>>> s.open()
>>> s
Serial<id=0x7fe94b533b50, open=True>(port='/dev/ttyUSB1', baudrate=9600, bytesize=8, parity='N', stopbits=1, timeout=3, xonxoff=0, rtscts=0, dsrdtr=0)
>>> s.write('\2CMD2292\r')
>>> s.inWaiting()
0
>>> s.setRTS(True)
>>> s.getCTS()
False
(several iterations of above with different flags).
Ignore the data in the write command - that's just a status check command. Doesn't matter what goes there, the device should either respond with an answer or an error.
I've even resorted to closing and re-opening the device in between setting various ctsrts flags etc., and unplugging / replugging it to force resets. As above it continues to work fine using the Windows test app. I can't use Portmon etc. to sniff the Windows port traffic as it's a 64bit Win7 install and I don't currently have time to build an XP machine.
Any thoughts?
UPDATE: I've also tried all of the above using Python on the same Windows box that the demo app works on. It definitely opens the port and communicates, but again no info back regardless of what's written.
UPDATE2: It looks like it might be device-driver related. Some additional background research suggests that some PL2303 chips have functionality to support half-duplex, but this isn't supported by the Linux drivers. The Windows demo app comes with a dedicated device driver and the app doesn't work on a clean test machine using default Windows drivers. This makes me think that while I can connect to it successfully through Python, I can't control the duplex comms (e.g. even in an STX/ETX way) and therefore this might be a hopeless case. sigh.
UPDATE3: Thanks for the comments below. However, I couldn't find any way round this. I tried a USB protocol analyser, and I tried disassembling the driver but it just became rather time-consuming, so in the end I took the device apart and after some tinkering I managed to replace the existing usb-serial adapter with a proper PL2303 part - on the device side, it was just a basic 2-wire serial interface so it didn't care what was talking to it. I can't seem to close this question so I'll leave it as-is.
Try
s.flush()
just after your s.write call
I'm working on a project that allows a user to redirect his browsing through a proxy. The system works like this - a user runs this proxy on a remote PC and then also runs the proxy on his laptop. The user then changes his browser settings on the laptop to use localhost:8080 to make use of that local proxy, which in turn forwards all browser traffic to the proxy running on the remote PC.
This is where I ran into HTTPS. I was able to get normal HTTP requests working fine and dandy, but as soon as I clicked on google.com, Firefox skipped my proxy and connected to https://google.com directly.
My idea was to watch for browser requests the say CONNECT host:443 and then use the python ssl module to wrap that socket. This would give me a secure connection between the outer proxy and the target server. However, when I run wireshark to see how a browser request looks like before ssl kicks in, it's already there, meaning it looks like the browser connects to port 443 directly, which explains why it omitted my local proxy.
I would like to be able to handle to HTTPS as that would make for a complete browsing experience.
I'd really appreciate any tips that could push in the right direction.
Well, after doing a fair amount of reading on proxies, I found out that my understanding of the problem was insufficient.
For anyone else that might end up in the same spot as me, know that there's a pretty big difference between HTTP, HTTPS, and SOCKS proxies.
HTTP proxies usually take a quick look into the HTTP headers to determine where to forward the whole packet. These are quite easy to code on your own with some basic knowledge of sockets.
HTTPS proxies, on the other hand, have to work differently. They should either be able to do the whole SSL magic for the client or they could try to pass the traffic without changes, however if the latter solution is chosen, the users IP will be known. This is a wee bit more demanding when it comes to coding.
SOCKS proxies are a whole different, albeit really cool, beast. They work on the 5th layer of the OSI model and honestly, I have no clue as to where I would even begin creating one. They achieve both security and anonymity. However, I do know that a person may be able to use SSH to start a SOCKS proxy on their machine, just read this http://www.revsys.com/writings/quicktips/ssh-tunnel.html . That link also gave an idea that it should be possible to use SSH from a Python script to make it much more convenient.
Hope this helps anyone with the same question as I had. Good luck!
At work, I have tools that send emails when they fail. I have a blacklist, which I put myself on, so errors I make don't send anything but I recently needed to update this code and in testing it, found that I can't send emails anymore.
Everyone else is able to send emails, just not me. I am able to use my regular email client (outlook) and I'm able to ping the mail server. The IT guys aren't familiar with python and as far as they can tell, my profile settings look fine. Just the simple line of server = smtplib.SMTP(smtpserver) fails with:
# error: [Errno 10061] No connection could be made because the target machine actively refused it #
For info's sake, I'm running Vista with python 2.6, though nearly everyone else is running almost identical machines with no issues. We are all running the same security settings and the same anti-virus software, though disabling them still doesn't work.
Does anyone have any ideas on how to figure out why this is happening? Maybe there is some bizarre setting on my profile in the workgroup? I'm at a loss on how to figure this out. All my searching leads to other people that didn't start their server or something like that but this is not my case.
You might want to use Ethereal to see what's going on. It may give you more information.
I want to write a Python Twisted server that serves text to its clients, and I want the clients to be able to write text back to manipulate the server. I will use Telnet, and the clients will use Putty or some similar terminal...I would also be open to using SSH if it is easier to do this.
My question is, how do I configure the server so that the client can send raw, unbuffered bytes (I don't want the user to have to press enter after a command)? Also, is there a way to change the configuration mid-session so that I can change back and forth to and from buffered/unbuffered bytes?
I think it is Telnet option 34 "Linemode" --- http://www.freesoft.org/CIE/RFC/1700/10.htm
I just don't know how to set up Twisted to use that...
Any help setting this up for Telnet or SSH is appreciated!!!
Thanks!
twisted.conch.telnet.TelnetBootstrapProtocol is a good example of how to do some option negotiation. It also happens to perform some LINEMODE negotiation. Take a look at the implementation for details, but here's a snippet that shows the server asking the client to enable linemode, naws, and sga:
for opt in (LINEMODE, NAWS, SGA):
self.transport.do(opt).addErrback(log.err)
A real server might want to do more error handling than log.err if the negotiation fails, since the client will be left in a state that is presumably not ideal for use with the server.
Also take a look at some of the funky terminal demos that come with Twisted. These do lots of character-at-a-time processing.