[CalendarServer-changes] [14628] PyKerberos/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Thu Mar 26 16:17:24 PDT 2015
Revision: 14628
http://trac.calendarserver.org//changeset/14628
Author: wsanchez at apple.com
Date: 2015-03-26 16:17:24 -0700 (Thu, 26 Mar 2015)
Log Message:
-----------
add function to inquire on credentials
Contributed by rcritten at redhat.com
Modified Paths:
--------------
PyKerberos/trunk/setup.py
PyKerberos/trunk/src/kerberos.c
PyKerberos/trunk/src/kerberosgss.c
PyKerberos/trunk/src/kerberosgss.h
Modified: PyKerberos/trunk/setup.py
===================================================================
--- PyKerberos/trunk/setup.py 2015-03-26 23:04:41 UTC (rev 14627)
+++ PyKerberos/trunk/setup.py 2015-03-26 23:17:24 UTC (rev 14628)
@@ -29,7 +29,7 @@
project_name = "kerberos"
-version_string = "1.2.1"
+version_string = "1.2.0"
description = "Kerberos high-level interface"
Modified: PyKerberos/trunk/src/kerberos.c
===================================================================
--- PyKerberos/trunk/src/kerberos.c 2015-03-26 23:04:41 UTC (rev 14627)
+++ PyKerberos/trunk/src/kerberos.c 2015-03-26 23:17:24 UTC (rev 14628)
@@ -380,6 +380,33 @@
return Py_BuildValue("i", result);
}
+static PyObject *authGSSClientInquireCred(PyObject *self, PyObject *args)
+{
+ gss_client_state *state;
+ PyObject *pystate;
+ int result = 0;
+ if (!PyArg_ParseTuple(args, "O", &pystate)) {
+ return NULL;
+ }
+
+ if (!PyCObject_Check(pystate)) {
+ PyErr_SetString(PyExc_TypeError, "Expected a context object");
+ return NULL;
+ }
+
+ state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
+ if (state == NULL) {
+ return NULL;
+ }
+
+ result = authenticate_gss_client_inquire_cred(state);
+ if (result == AUTH_GSS_ERROR) {
+ return NULL;
+ }
+
+ return Py_BuildValue("i", result);
+}
+
static PyObject *authGSSServerInit(PyObject *self, PyObject *args)
{
const char *service = NULL;
@@ -620,6 +647,10 @@
"Get the response from the last client-side GSSAPI step."
},
{
+ "authGSSClientInquireCred", authGSSClientInquireCred, METH_VARARGS,
+ "Get the current user name, if any, without a client-side GSSAPI step"
+ },
+ {
"authGSSClientResponseConf",
authGSSClientResponseConf, METH_VARARGS,
"return 1 if confidentiality was set in the last unwrapped buffer, 0 otherwise."
@@ -645,6 +676,10 @@
"Do a GSSAPI unwrap."
},
{
+ "authGSSClientInquireCred", authGSSClientInquireCred, METH_VARARGS,
+ "Get the current user name, if any."
+ },
+ {
"authGSSServerClean",
authGSSServerClean, METH_VARARGS,
"Terminate server-side GSSAPI operations."
Modified: PyKerberos/trunk/src/kerberosgss.c
===================================================================
--- PyKerberos/trunk/src/kerberosgss.c 2015-03-26 23:04:41 UTC (rev 14627)
+++ PyKerberos/trunk/src/kerberosgss.c 2015-03-26 23:17:24 UTC (rev 14628)
@@ -462,6 +462,62 @@
return ret;
}
+int authenticate_gss_client_inquire_cred(gss_client_state* state)
+{
+ OM_uint32 maj_stat;
+ OM_uint32 min_stat;
+ gss_cred_id_t client_creds = GSS_C_NO_CREDENTIAL;
+ gss_buffer_desc name_token = GSS_C_EMPTY_BUFFER;
+ gss_name_t name = GSS_C_NO_NAME;
+ int ret = AUTH_GSS_COMPLETE;
+
+ // Get credentials
+ maj_stat = gss_acquire_cred(
+ &min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+ GSS_C_NO_OID_SET, GSS_C_INITIATE, &client_creds, NULL, NULL
+ );
+
+ if (GSS_ERROR(maj_stat)) {
+ set_gss_error(maj_stat, min_stat);
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
+
+ // Get the name
+ maj_stat = gss_inquire_cred(
+ &min_stat, client_creds, &name, NULL, NULL, NULL);
+ }
+
+ if (GSS_ERROR(maj_stat))
+ {
+ set_gss_error(maj_stat, min_stat);
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
+
+ maj_stat = gss_display_name(&min_stat, name, &name_token, NULL);
+
+ if (GSS_ERROR(maj_stat))
+ {
+ set_gss_error(maj_stat, min_stat);
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
+
+ state->username = strndup(name_token.value, name_token.length);
+ if (!state->username) {
+ set_gss_error(GSS_S_FAILURE, ENOMEM);
+ ret = AUTH_GSS_ERROR;
+ }
+
+end:
+ (void)gss_release_cred(&min_stat, &client_creds);
+ (void)gss_release_buffer(&min_stat, &name_token);
+ (void)gss_release_name(&min_stat, &name);
+
+ return ret;
+}
+
int authenticate_gss_server_init(const char *service, gss_server_state *state)
{
OM_uint32 maj_stat;
Modified: PyKerberos/trunk/src/kerberosgss.h
===================================================================
--- PyKerberos/trunk/src/kerberosgss.h 2015-03-26 23:04:41 UTC (rev 14627)
+++ PyKerberos/trunk/src/kerberosgss.h 2015-03-26 23:17:24 UTC (rev 14628)
@@ -69,6 +69,9 @@
gss_client_state* state, const char* challenge, const char* user,
int protect
);
+int authenticate_gss_client_inquire_cred(
+ gss_client_state* state
+);
int authenticate_gss_server_init(
const char* service, gss_server_state* state
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20150326/d99cde49/attachment.html>
More information about the calendarserver-changes
mailing list