[CalendarServer-changes] [15412] PyKerberos/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Wed Jan 6 14:48:34 PST 2016
Revision: 15412
http://trac.calendarserver.org//changeset/15412
Author: wsanchez at apple.com
Date: 2016-01-06 14:48:34 -0800 (Wed, 06 Jan 2016)
Log Message:
-----------
Add mech_oid parameter, per #930.
Modified Paths:
--------------
PyKerberos/trunk/pysrc/kerberos.py
PyKerberos/trunk/src/kerberos.c
PyKerberos/trunk/src/kerberosgss.c
PyKerberos/trunk/src/kerberosgss.h
PyKerberos/trunk/test.py
Modified: PyKerberos/trunk/pysrc/kerberos.py
===================================================================
--- PyKerberos/trunk/pysrc/kerberos.py 2016-01-06 22:26:58 UTC (rev 15411)
+++ PyKerberos/trunk/pysrc/kerberos.py 2016-01-06 22:48:34 UTC (rev 15412)
@@ -158,6 +158,8 @@
@param delegated: Optional server context containing delegated credentials
+ @param mech_oid: Optional GGS mech OID
+
@return: A tuple of (result, context) where result is the result code (see
above) and context is an opaque value that will need to be passed to
subsequent functions.
Modified: PyKerberos/trunk/src/kerberos.c
===================================================================
--- PyKerberos/trunk/src/kerberos.c 2016-01-06 22:26:58 UTC (rev 15411)
+++ PyKerberos/trunk/src/kerberos.c 2016-01-06 22:48:34 UTC (rev 15412)
@@ -57,7 +57,12 @@
ob = Py_InitModule3(name, methods, doc);
#endif
+static char krb5_mech_oid_bytes [] = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02";
+gss_OID_desc krb5_mech_oid = { 9, &krb5_mech_oid_bytes };
+static char spnego_mech_oid_bytes[] = "\x2b\x06\x01\x05\x05\x02";
+gss_OID_desc spnego_mech_oid = { 6, &spnego_mech_oid_bytes };
+
PyObject *KrbException_class;
PyObject *BasicAuthException_class;
PyObject *PwdChangeException_class;
@@ -133,15 +138,17 @@
PyObject *pystate = NULL;
gss_server_state *delegatestate = NULL;
PyObject *pydelegatestate = NULL;
+ gss_OID mech_oid = GSS_C_NO_OID;
+ PyObject *pymech_oid = NULL;
static char *kwlist[] = {
- "service", "principal", "gssflags", "delegated", NULL
+ "service", "principal", "gssflags", "delegated", "mech_oid", NULL
};
long int gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
int result = 0;
if (! PyArg_ParseTupleAndKeywords(
- args, keywds, "s|slO", kwlist,
- &service, &principal, &gss_flags, &pydelegatestate
+ args, keywds, "s|slOO", kwlist,
+ &service, &principal, &gss_flags, &pydelegatestate, &pymech_oid
)) {
return NULL;
}
@@ -158,8 +165,13 @@
delegatestate = PyCObject_AsVoidPtr(pydelegatestate);
}
+ if (pymech_oid != NULL && PyCapsule_CheckExact(pymech_oid)) {
+ const char * mech_oid_name = PyCapsule_GetName(pymech_oid);
+ mech_oid = PyCapsule_GetPointer(pymech_oid, mech_oid_name);
+ }
+
result = authenticate_gss_client_init(
- service, principal, gss_flags, delegatestate, state
+ service, principal, gss_flags, delegatestate, mech_oid, state
);
if (result == AUTH_GSS_ERROR) {
@@ -818,6 +830,12 @@
PyDict_SetItemString(
d, "GSS_C_TRANS_FLAG", PyInt_FromLong(GSS_C_TRANS_FLAG)
);
+ PyDict_SetItemString(
+ d, "GSS_MECH_OID_KRB5", PyCapsule_New(&krb5_mech_oid, "kerberos.GSS_MECH_OID_KRB5", NULL)
+ );
+ PyDict_SetItemString(
+ d, "GSS_MECH_OID_SPNEGO", PyCapsule_New(&spnego_mech_oid, "kerberos.GSS_MECH_OID_SPNEGO", NULL)
+ );
error:
if (PyErr_Occurred()) {
Modified: PyKerberos/trunk/src/kerberosgss.c
===================================================================
--- PyKerberos/trunk/src/kerberosgss.c 2016-01-06 22:26:58 UTC (rev 15411)
+++ PyKerberos/trunk/src/kerberosgss.c 2016-01-06 22:48:34 UTC (rev 15412)
@@ -128,7 +128,7 @@
int authenticate_gss_client_init(
const char* service, const char* principal, long int gss_flags,
- gss_server_state* delegatestate, gss_client_state* state
+ gss_server_state* delegatestate, gss_OID mech_oid, gss_client_state* state
)
{
OM_uint32 maj_stat;
@@ -138,6 +138,7 @@
int ret = AUTH_GSS_COMPLETE;
state->server_name = GSS_C_NO_NAME;
+ state->mech_oid = mech_oid;
state->context = GSS_C_NO_CONTEXT;
state->gss_flags = gss_flags;
state->client_creds = GSS_C_NO_CREDENTIAL;
@@ -265,7 +266,7 @@
state->client_creds,
&state->context,
state->server_name,
- GSS_C_NO_OID,
+ state->mech_oid,
(OM_uint32)state->gss_flags,
0,
GSS_C_NO_CHANNEL_BINDINGS,
Modified: PyKerberos/trunk/src/kerberosgss.h
===================================================================
--- PyKerberos/trunk/src/kerberosgss.h 2016-01-06 22:26:58 UTC (rev 15411)
+++ PyKerberos/trunk/src/kerberosgss.h 2016-01-06 22:48:34 UTC (rev 15412)
@@ -31,6 +31,7 @@
typedef struct {
gss_ctx_id_t context;
gss_name_t server_name;
+ gss_OID mech_oid;
long int gss_flags;
gss_cred_id_t client_creds;
char* username;
@@ -54,7 +55,7 @@
int authenticate_gss_client_init(
const char* service, const char* principal, long int gss_flags,
- gss_server_state* delegatestate, gss_client_state* state
+ gss_server_state* delegatestate, gss_OID mech_oid, gss_client_state* state
);
int authenticate_gss_client_clean(
gss_client_state *state
Modified: PyKerberos/trunk/test.py
===================================================================
--- PyKerberos/trunk/test.py 2016-01-06 22:26:58 UTC (rev 15411)
+++ PyKerberos/trunk/test.py 2016-01-06 22:48:34 UTC (rev 15412)
@@ -54,10 +54,11 @@
host = "host.example.com"
realm = "HOST.EXAMPLE.COM"
port = 8008
+ mech = None
use_ssl = False
allowedActions = ("service", "basic", "gssapi", "server",)
- options, args = getopt.getopt(sys.argv[1:], "u:p:s:h:i:r:x")
+ options, args = getopt.getopt(sys.argv[1:], "u:p:s:h:i:r:m:x")
for option, value in options:
if option == "-u":
@@ -72,6 +73,8 @@
port = value
elif option == "-r":
realm = value
+ elif option == "-m":
+ mech = value
elif option == "-x":
use_ssl = True
@@ -104,7 +107,7 @@
if "server" in actions:
print("\n*** Running HTTP test")
- testHTTP(host, port, use_ssl, service)
+ testHTTP(host, port, use_ssl, service, mech)
print("\n*** Done\n")
@@ -182,7 +185,7 @@
-def testHTTP(host, port, use_ssl, service):
+def testHTTP(host, port, use_ssl, service, mech):
class HTTPSConnectionSSLv3(HTTPSConnection):
"This class allows communication via SSL."
@@ -243,7 +246,13 @@
return
try:
- rc, vc = kerberos.authGSSClientInit(service=service)
+ mech_oid = None
+ if mech and mech.lower() == "krb5":
+ mech_oid = kerberos.GSS_MECH_OID_KRB5
+ elif mech and mech.lower() == "spnego":
+ mech_oid = kerberos.GSS_MECH_OID_SPNEGO
+
+ rc, vc = kerberos.authGSSClientInit(service=service, mech_oid=mech_oid)
except kerberos.GSSError, e:
print("Could not initialize GSSAPI: %s/%s" % (e[0][0], e[1][0]))
return
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20160106/89ea5ce4/attachment-0001.html>
More information about the calendarserver-changes
mailing list