[CalendarServer-changes] [15411] PyKerberos/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Wed Jan 6 14:26:58 PST 2016
Revision: 15411
http://trac.calendarserver.org//changeset/15411
Author: wsanchez at apple.com
Date: 2016-01-06 14:26:58 -0800 (Wed, 06 Jan 2016)
Log Message:
-----------
Fix authGSSServerInit per #924.
Modified Paths:
--------------
PyKerberos/trunk/pysrc/kerberos.py
PyKerberos/trunk/setup.py
PyKerberos/trunk/src/kerberosgss.c
Modified: PyKerberos/trunk/pysrc/kerberos.py
===================================================================
--- PyKerberos/trunk/pysrc/kerberos.py 2016-01-04 17:07:32 UTC (rev 15410)
+++ PyKerberos/trunk/pysrc/kerberos.py 2016-01-06 22:26:58 UTC (rev 15411)
@@ -1,5 +1,5 @@
##
-# Copyright (c) 2006-2015 Apple Inc. All rights reserved.
+# Copyright (c) 2006-2016 Apple Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -266,7 +266,8 @@
to dispose of the context once all GSSAPI operations are complete.
@param service: A string containing the service principal in the form
- C{"type at fqdn"}.
+ C{"type at fqdn"}. To initialize the context for the purpose of accepting
+ delegated credentials, pass the literal string C{"DELEGATE"}.
@return: A tuple of (result, context) where result is the result code (see
above) and context is an opaque value that will need to be passed to
Modified: PyKerberos/trunk/setup.py
===================================================================
--- PyKerberos/trunk/setup.py 2016-01-04 17:07:32 UTC (rev 15410)
+++ PyKerberos/trunk/setup.py 2016-01-06 22:26:58 UTC (rev 15411)
@@ -1,5 +1,5 @@
##
-# Copyright (c) 2006-2015 Apple Inc. All rights reserved.
+# Copyright (c) 2006-2016 Apple Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -29,7 +29,7 @@
project_name = "kerberos"
-version_string = "1.2.2"
+version_string = "1.2.3"
description = "Kerberos high-level interface"
Modified: PyKerberos/trunk/src/kerberosgss.c
===================================================================
--- PyKerberos/trunk/src/kerberosgss.c 2016-01-04 17:07:32 UTC (rev 15410)
+++ PyKerberos/trunk/src/kerberosgss.c 2016-01-06 22:26:58 UTC (rev 15411)
@@ -1,5 +1,5 @@
/**
- * Copyright (c) 2006-2015 Apple Inc. All rights reserved.
+ * Copyright (c) 2006-2016 Apple Inc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -93,8 +93,7 @@
if (strncmp(pname, match, match_len) == 0) {
result = malloc(strlen(pname) + 1);
- if (result == NULL)
- {
+ if (result == NULL) {
PyErr_NoMemory();
goto end;
}
@@ -288,8 +287,7 @@
// Grab the client response to send back to the server
if (output_token.length) {
state->response = base64_encode((const unsigned char *)output_token.value, output_token.length);
- if (state->response == NULL)
- {
+ if (state->response == NULL) {
PyErr_NoMemory();
ret = AUTH_GSS_ERROR;
goto end;
@@ -311,8 +309,9 @@
name_token.length = 0;
maj_stat = gss_display_name(&min_stat, gssuser, &name_token, NULL);
if (GSS_ERROR(maj_stat)) {
- if (name_token.value)
+ if (name_token.value) {
gss_release_buffer(&min_stat, &name_token);
+ }
gss_release_name(&min_stat, &gssuser);
set_gss_error(maj_stat, min_stat);
@@ -320,8 +319,7 @@
goto end;
} else {
state->username = (char *)malloc(name_token.length + 1);
- if (state->username == NULL)
- {
+ if (state->username == NULL) {
PyErr_NoMemory();
ret = AUTH_GSS_ERROR;
goto end;
@@ -577,29 +575,35 @@
state->targetname = NULL;
state->response = NULL;
state->ccname = NULL;
+ int cred_usage = GSS_C_ACCEPT;
// Server name may be empty which means we aren't going to create our own creds
size_t service_len = strlen(service);
if (service_len != 0) {
// Import server name first
- name_token.length = strlen(service);
- name_token.value = (char *)service;
+ if (strcmp(service, "DELEGATE") == 0) {
+ cred_usage = GSS_C_BOTH;
+ }
+ else {
+ name_token.length = strlen(service);
+ name_token.value = (char *)service;
- maj_stat = gss_import_name(
- &min_stat, &name_token, GSS_C_NT_HOSTBASED_SERVICE,
- &state->server_name
- );
+ maj_stat = gss_import_name(
+ &min_stat, &name_token, GSS_C_NT_HOSTBASED_SERVICE,
+ &state->server_name
+ );
- if (GSS_ERROR(maj_stat)) {
- set_gss_error(maj_stat, min_stat);
- ret = AUTH_GSS_ERROR;
- goto end;
- }
+ if (GSS_ERROR(maj_stat)) {
+ set_gss_error(maj_stat, min_stat);
+ ret = AUTH_GSS_ERROR;
+ goto end;
+ }
+ }
// Get credentials
maj_stat = gss_acquire_cred(
- &min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
- GSS_C_BOTH, &state->server_creds, NULL, NULL
+ &min_stat, state->server_name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
+ cred_usage, &state->server_creds, NULL, NULL
);
if (GSS_ERROR(maj_stat)) {
@@ -975,8 +979,7 @@
}
state->ccname = (char *)malloc(32*sizeof(char));
- if (state->ccname == NULL)
- {
+ if (state->ccname == NULL) {
PyErr_NoMemory();
return 1;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20160106/1cf1623b/attachment.html>
More information about the calendarserver-changes
mailing list