[CalendarServer-changes] [14628] PyKerberos/trunk

source_changes at macosforge.org source_changes at macosforge.org
Thu Mar 26 16:17:24 PDT 2015


Revision: 14628
          http://trac.calendarserver.org//changeset/14628
Author:   wsanchez at apple.com
Date:     2015-03-26 16:17:24 -0700 (Thu, 26 Mar 2015)
Log Message:
-----------
add function to inquire on credentials
Contributed by rcritten at redhat.com

Modified Paths:
--------------
    PyKerberos/trunk/setup.py
    PyKerberos/trunk/src/kerberos.c
    PyKerberos/trunk/src/kerberosgss.c
    PyKerberos/trunk/src/kerberosgss.h

Modified: PyKerberos/trunk/setup.py
===================================================================
--- PyKerberos/trunk/setup.py	2015-03-26 23:04:41 UTC (rev 14627)
+++ PyKerberos/trunk/setup.py	2015-03-26 23:17:24 UTC (rev 14628)
@@ -29,7 +29,7 @@
 
 project_name = "kerberos"
 
-version_string = "1.2.1"
+version_string = "1.2.0"
 
 description = "Kerberos high-level interface"
 

Modified: PyKerberos/trunk/src/kerberos.c
===================================================================
--- PyKerberos/trunk/src/kerberos.c	2015-03-26 23:04:41 UTC (rev 14627)
+++ PyKerberos/trunk/src/kerberos.c	2015-03-26 23:17:24 UTC (rev 14628)
@@ -380,6 +380,33 @@
 	return Py_BuildValue("i", result);
 }
 
+static PyObject *authGSSClientInquireCred(PyObject *self, PyObject *args)
+{
+    gss_client_state *state;
+    PyObject *pystate;
+    int result = 0;
+    if (!PyArg_ParseTuple(args, "O", &pystate)) {
+        return NULL;
+    }
+
+    if (!PyCObject_Check(pystate)) {
+        PyErr_SetString(PyExc_TypeError, "Expected a context object");
+        return NULL;
+    }
+
+    state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
+    if (state == NULL) {
+        return NULL;
+    }
+
+    result = authenticate_gss_client_inquire_cred(state);
+    if (result == AUTH_GSS_ERROR) {
+        return NULL;
+    }
+
+    return Py_BuildValue("i", result);
+}
+
 static PyObject *authGSSServerInit(PyObject *self, PyObject *args)
 {
     const char *service = NULL;
@@ -620,6 +647,10 @@
         "Get the response from the last client-side GSSAPI step."
     },
     {
+        "authGSSClientInquireCred",  authGSSClientInquireCred, METH_VARARGS,
+        "Get the current user name, if any, without a client-side GSSAPI step"
+    },
+    {
         "authGSSClientResponseConf",
         authGSSClientResponseConf, METH_VARARGS,
         "return 1 if confidentiality was set in the last unwrapped buffer, 0 otherwise."
@@ -645,6 +676,10 @@
         "Do a GSSAPI unwrap."
     },
     {
+        "authGSSClientInquireCred", authGSSClientInquireCred, METH_VARARGS,
+        "Get the current user name, if any."
+    },
+    {
         "authGSSServerClean",
         authGSSServerClean, METH_VARARGS,
         "Terminate server-side GSSAPI operations."

Modified: PyKerberos/trunk/src/kerberosgss.c
===================================================================
--- PyKerberos/trunk/src/kerberosgss.c	2015-03-26 23:04:41 UTC (rev 14627)
+++ PyKerberos/trunk/src/kerberosgss.c	2015-03-26 23:17:24 UTC (rev 14628)
@@ -462,6 +462,62 @@
 	return ret;
 }
 
+int authenticate_gss_client_inquire_cred(gss_client_state* state)
+{
+    OM_uint32 maj_stat;
+    OM_uint32 min_stat;
+    gss_cred_id_t client_creds = GSS_C_NO_CREDENTIAL;
+    gss_buffer_desc name_token = GSS_C_EMPTY_BUFFER;
+    gss_name_t name = GSS_C_NO_NAME;
+    int ret = AUTH_GSS_COMPLETE;
+
+    // Get credentials
+    maj_stat = gss_acquire_cred(
+        &min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+        GSS_C_NO_OID_SET, GSS_C_INITIATE, &client_creds, NULL, NULL
+    );
+
+    if (GSS_ERROR(maj_stat)) {
+        set_gss_error(maj_stat, min_stat);
+        ret = AUTH_GSS_ERROR;
+        goto end;
+    }
+
+    // Get the name
+    maj_stat = gss_inquire_cred(
+        &min_stat, client_creds, &name, NULL, NULL, NULL);
+    }
+
+    if (GSS_ERROR(maj_stat))
+    {
+        set_gss_error(maj_stat, min_stat);
+        ret = AUTH_GSS_ERROR;
+        goto end;
+    }
+
+    maj_stat = gss_display_name(&min_stat, name, &name_token, NULL);
+
+    if (GSS_ERROR(maj_stat))
+    {
+        set_gss_error(maj_stat, min_stat);
+        ret = AUTH_GSS_ERROR;
+        goto end;
+    }
+
+    state->username = strndup(name_token.value, name_token.length);
+    if (!state->username) {
+        set_gss_error(GSS_S_FAILURE, ENOMEM);
+        ret = AUTH_GSS_ERROR;
+    }
+
+end:
+    (void)gss_release_cred(&min_stat, &client_creds);
+    (void)gss_release_buffer(&min_stat, &name_token);
+    (void)gss_release_name(&min_stat, &name);
+
+    return ret;
+}
+
 int authenticate_gss_server_init(const char *service, gss_server_state *state)
 {
     OM_uint32 maj_stat;

Modified: PyKerberos/trunk/src/kerberosgss.h
===================================================================
--- PyKerberos/trunk/src/kerberosgss.h	2015-03-26 23:04:41 UTC (rev 14627)
+++ PyKerberos/trunk/src/kerberosgss.h	2015-03-26 23:17:24 UTC (rev 14628)
@@ -69,6 +69,9 @@
     gss_client_state* state, const char* challenge, const char* user,
     int protect
 );
+int authenticate_gss_client_inquire_cred(
+    gss_client_state* state
+);
 
 int authenticate_gss_server_init(
     const char* service, gss_server_state* state
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20150326/d99cde49/attachment.html>


More information about the calendarserver-changes mailing list