=== modified file 'pysrc/kerberos.py' --- pysrc/kerberos.py 2008-05-23 16:41:18 +0000 +++ pysrc/kerberos.py 2008-06-12 20:58:46 +0000 @@ -146,12 +146,12 @@ @return: a result code (see above) """ -def authGSSClientWrap(context, data, user): +def authGSSClientWrap(context, data, user=None): """ Perform the client side GSSAPI wrap step. @param data:the result of the authGSSClientResponse after the authGSSClientUnwrap - @param user: the user to authorize + @param user: the user to authorize (optional) @return: a result code (see above) """ === modified file 'src/kerberos.c' --- src/kerberos.c 2008-05-23 16:40:38 +0000 +++ src/kerberos.c 2008-06-12 20:59:04 +0000 @@ -201,19 +201,25 @@ { gss_client_state *state; PyObject *pystate; - char *challenge, *user; + char *challenge, *user = NULL; int result = 0; - if (!PyArg_ParseTuple(args, "Oss", &pystate, &challenge, &user) || !PyCObject_Check(pystate)) + if (!PyArg_ParseTuple(args, "Os|z", &pystate, &challenge, &user) || !PyCObject_Check(pystate)) return NULL; state = (gss_client_state *)PyCObject_AsVoidPtr(pystate); if (state == NULL) return NULL; - result = authenticate_gss_client_wrap(state, challenge, user); - if (result == AUTH_GSS_ERROR) - return NULL; + if (user == NULL) { + result = authenticate_gss_client_wrap(state, challenge); + if (result == AUTH_GSS_ERROR) + return NULL; + } else { + result = authenticate_gss_client_wrap_username(state, challenge, user); + if (result == AUTH_GSS_ERROR) + return NULL; + } return Py_BuildValue("i", result); } === modified file 'src/kerberosgss.c' --- src/kerberosgss.c 2008-05-23 16:40:38 +0000 +++ src/kerberosgss.c 2008-06-12 20:53:54 +0000 @@ -309,7 +309,58 @@ return ret; } -int authenticate_gss_client_wrap(gss_client_state* state, const char* challenge, const char* user) +int authenticate_gss_client_wrap(gss_client_state* state, const char* data) +{ + OM_uint32 maj_stat; + OM_uint32 min_stat; + gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; + gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; + int ret = AUTH_GSS_CONTINUE; + + // Always clear out the old response + if (state->response != NULL) + { + free(state->response); + state->response = NULL; + } + + if (data && *data) + { + int len; + input_token.value = base64_decode(data, &len); + input_token.length = len; + } + + // Do GSSAPI wrap + maj_stat = gss_wrap(&min_stat, + state->context, + 0, + GSS_C_QOP_DEFAULT, + &input_token, + NULL, + &output_token); + + if (maj_stat != GSS_S_COMPLETE) + { + set_gss_error(maj_stat, min_stat); + ret = AUTH_GSS_ERROR; + goto end; + } + else + ret = AUTH_GSS_COMPLETE; + // Grab the client response to send back to the server + if (output_token.length) + { + state->response = base64_encode((const unsigned char *)output_token.value, output_token.length);; + maj_stat = gss_release_buffer(&min_stat, &output_token); + } +end: + if (output_token.value) + gss_release_buffer(&min_stat, &output_token); + return ret; +} + +int authenticate_gss_client_wrap_username(gss_client_state* state, const char* challenge, const char* user) { OM_uint32 maj_stat; OM_uint32 min_stat; === modified file 'src/kerberosgss.h' --- src/kerberosgss.h 2008-05-23 16:40:38 +0000 +++ src/kerberosgss.h 2008-06-12 20:51:42 +0000 @@ -53,7 +53,8 @@ int authenticate_gss_client_clean(gss_client_state *state); int authenticate_gss_client_step(gss_client_state *state, const char *challenge); int authenticate_gss_client_unwrap(gss_client_state* state, const char* challenge); -int authenticate_gss_client_wrap(gss_client_state* state, const char* challenge, const char* user); +int authenticate_gss_client_wrap(gss_client_state* state, const char* challenge); +int authenticate_gss_client_wrap_username(gss_client_state* state, const char* challenge, const char* user); int authenticate_gss_server_init(const char* service, gss_server_state* state); int authenticate_gss_server_clean(gss_server_state *state);