<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[14615] PyKerberos/trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.calendarserver.org//changeset/14615">14615</a></dd>
<dt>Author</dt> <dd>wsanchez@apple.com</dd>
<dt>Date</dt> <dd>2015-03-26 13:32:14 -0700 (Thu, 26 Mar 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>lint</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#PyKerberostrunkpysrckerberospy">PyKerberos/trunk/pysrc/kerberos.py</a></li>
<li><a href="#PyKerberostrunksetuppy">PyKerberos/trunk/setup.py</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="PyKerberostrunkpysrckerberospy"></a>
<div class="modfile"><h4>Modified: PyKerberos/trunk/pysrc/kerberos.py (14614 => 14615)</h4>
<pre class="diff"><span>
<span class="info">--- PyKerberos/trunk/pysrc/kerberos.py 2015-03-26 18:39:13 UTC (rev 14614)
+++ PyKerberos/trunk/pysrc/kerberos.py 2015-03-26 20:32:14 UTC (rev 14615)
</span><span class="lines">@@ -18,70 +18,104 @@
</span><span class="cx"> PyKerberos Function Description.
</span><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> class KrbError(Exception):
</span><span class="cx"> pass
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> class BasicAuthError(KrbError):
</span><span class="cx"> pass
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> class GSSError(KrbError):
</span><span class="cx"> pass
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def checkPassword(user, pswd, service, default_realm):
</span><span class="cx"> """
</span><del>- This function provides a simple way to verify that a user name and password match
- those normally used for Kerberos authentication. It does this by checking that the
- supplied user name and password can be used to get a ticket for the supplied service.
- If the user name does not contain a realm, then the default realm supplied is used.
-
- NB For this to work properly the Kerberos must be configured properly on this machine.
- That will likely mean ensuring that the edu.mit.Kerberos preference file has the correct
- realms and KDCs listed.
-
- IMPORTANT This method is vulnerable to KDC spoofing attacks and it should only used
- for testing. Do not use this in any production system - your security could be
- compromised if you do.
-
- @param user: a string containing the Kerberos user name. A realm may be
- included by appending an '@' followed by the realm string to the actual user id.
- If no realm is supplied, then the realm set in the default_realm argument will
- be used.
- @param pswd: a string containing the password for the user.
- @param service: a string containing the Kerberos service to check access for.
- This will be of the form 'sss/xx.yy.zz', where 'sss' is the service identifier
- (e.g., 'http', 'krbtgt'), and 'xx.yy.zz' is the hostname of the server.
- @param default_realm: a string containing the default realm to use if one is not
- supplied in the user argument. Note that Kerberos realms are normally all
- uppercase (e.g., 'EXAMPLE.COM').
- @return: True if authentication succeeds, False otherwise.
</del><ins>+ This function provides a simple way to verify that a user name and password
+ match those normally used for Kerberos authentication.
+ It does this by checking that the supplied user name and password can be
+ used to get a ticket for the supplied service.
+ If the user name does not contain a realm, then the default realm supplied
+ is used.
+
+ For this to work properly the Kerberos must be configured properly on this
+ machine.
+ That will likely mean ensuring that the edu.mit.Kerberos preference file
+ has the correct realms and KDCs listed.
+
+ IMPORTANT: This method is vulnerable to KDC spoofing attacks and it should
+ only used for testing. Do not use this in any production system - your
+ security could be compromised if you do.
+
+ @param user: A string containing the Kerberos user name.
+ A realm may be included by appending an C{"@"} followed by the realm
+ string to the actual user id.
+ If no realm is supplied, then the realm set in the default_realm
+ argument will be used.
+
+ @param pswd: A string containing the password for the user.
+
+ @param service: A string containing the Kerberos service to check access
+ for.
+ This will be of the form C{"sss/xx.yy.zz"}, where C{"sss"} is the
+ service identifier (e.g., C{"http"}, C{"krbtgt"}), and C{"xx.yy.zz"} is
+ the hostname of the server.
+
+ @param default_realm: A string containing the default realm to use if one
+ is not supplied in the user argument.
+ Note that Kerberos realms are normally all uppercase (e.g.,
+ C{"EXAMPLE.COM"}).
+
+ @return: True if authentication succeeds, false otherwise.
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def changePassword(user, oldpswd, newpswd):
</span><span class="cx"> """
</span><span class="cx"> This function allows to change the user password on the KDC.
</span><span class="cx">
</span><del>- @param user: a string containing the Kerberos user name. A realm may be
- included by appending an '@' followed by the realm string to the actual user id.
- If no realm is supplied, then the realm set in the default_realm argument will
- be used.
- @param oldpswd: a string containing the old (current) password for the user.
- @param newpswd: a string containing the new password for the user.
- @return: True if password changing succeeds, False otherwise.
</del><ins>+ @param user: A string containing the Kerberos user name.
+ A realm may be included by appending a C{"@"} followed by the realm
+ string to the actual user id.
+ If no realm is supplied, then the realm set in the default_realm
+ argument will be used.
+
+ @param oldpswd: A string containing the old (current) password for the
+ user.
+
+ @param newpswd: A string containing the new password for the user.
+
+ @return: True if password changing succeeds, false otherwise.
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def getServerPrincipalDetails(service, hostname):
</span><span class="cx"> """
</span><del>- This function returns the service principal for the server given a service type
- and hostname. Details are looked up via the /etc/keytab file.
-
- @param service: a string containing the Kerberos service type for the server.
- @param hostname: a string containing the hostname of the server.
- @return: a string containing the service principal.
</del><ins>+ This function returns the service principal for the server given a service
+ type and hostname.
+ Details are looked up via the C{/etc/keytab} file.
+
+ @param service: A string containing the Kerberos service type for the
+ server.
+
+ @param hostname: A string containing the hostname of the server.
+
+ @return: A string containing the service principal.
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> """
</span><span class="cx"> GSSAPI Function Result Codes:
</span><del>-
</del><ins>+
</ins><span class="cx"> -1 : Error
</span><span class="cx"> 0 : GSSAPI step continuation (only returned by 'Step' function)
</span><span class="cx"> 1 : GSSAPI step complete, or function return OK
</span><span class="lines">@@ -89,178 +123,252 @@
</span><span class="cx"> """
</span><span class="cx">
</span><span class="cx"> # Some useful result codes
</span><del>-AUTH_GSS_CONTINUE = 0
-AUTH_GSS_COMPLETE = 1
-
-# Some useful gss flags
-GSS_C_DELEG_FLAG = 1
-GSS_C_MUTUAL_FLAG = 2
-GSS_C_REPLAY_FLAG = 4
-GSS_C_SEQUENCE_FLAG = 8
-GSS_C_CONF_FLAG = 16
-GSS_C_INTEG_FLAG = 32
-GSS_C_ANON_FLAG = 64
-GSS_C_PROT_READY_FLAG = 128
-GSS_C_TRANS_FLAG = 256
-
</del><ins>+AUTH_GSS_CONTINUE = 0
+AUTH_GSS_COMPLETE = 1
+
+# Some useful gss flags
+GSS_C_DELEG_FLAG = 1
+GSS_C_MUTUAL_FLAG = 2
+GSS_C_REPLAY_FLAG = 4
+GSS_C_SEQUENCE_FLAG = 8
+GSS_C_CONF_FLAG = 16
+GSS_C_INTEG_FLAG = 32
+GSS_C_ANON_FLAG = 64
+GSS_C_PROT_READY_FLAG = 128
+GSS_C_TRANS_FLAG = 256
+
+
+
</ins><span class="cx"> def authGSSClientInit(service, **kwargs):
</span><span class="cx"> """
</span><del>- Initializes a context for GSSAPI client-side authentication with the given service principal.
- authGSSClientClean must be called after this function returns an OK result to dispose of
- the context once all GSSAPI operations are complete.
</del><ins>+ Initializes a context for GSSAPI client-side authentication with the given
+ service principal.
+ L{authGSSClientClean} must be called after this function returns an OK
+ result to dispose of the context once all GSSAPI operations are complete.
</ins><span class="cx">
</span><del>- @param service: a string containing the service principal in the form 'type@fqdn'
- (e.g. 'imap@mail.apple.com').
- @param principal: optional string containing the client principal in the form 'user@realm'
- (e.g. 'jdoe@example.com').
- @param gssflags: optional integer used to set GSS flags.
- (e.g. GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG will allow
- for forwarding credentials to the remote host)
- @param delegated: optional server context containing delegated credentials
- @return: a tuple of (result, context) where result is the result code (see above) and
- context is an opaque value that will need to be passed to subsequent functions.
</del><ins>+ @param service: A string containing the service principal in the form
+ C{"type@fqdn"}.
+
+ @param principal: Optional string containing the client principal in the
+ form C{"user@realm"}.
+
+ @param gssflags: Optional integer used to set GSS flags.
+ (e.g. C{GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG} will
+ allow for forwarding credentials to the remote host)
+
+ @param delegated: Optional server context containing delegated credentials
+
+ @return: A tuple of (result, context) where result is the result code (see
+ above) and context is an opaque value that will need to be passed to
+ subsequent functions.
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def authGSSClientClean(context):
</span><span class="cx"> """
</span><del>- Destroys the context for GSSAPI client-side authentication. After this call the context
- object is invalid and should not be used again.
</del><ins>+ Destroys the context for GSSAPI client-side authentication. After this call
+ the context object is invalid and should not be used again.
</ins><span class="cx">
</span><del>- @param context: the context object returned from authGSSClientInit.
- @return: a result code (see above).
</del><ins>+ @param context: The context object returned from L{authGSSClientInit}.
+
+ @return: A result code (see above).
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def authGSSClientStep(context, challenge):
</span><span class="cx"> """
</span><span class="cx"> Processes a single GSSAPI client-side step using the supplied server data.
</span><span class="cx">
</span><del>- @param context: the context object returned from authGSSClientInit.
- @param challenge: a string containing the base64-encoded server data (which may be empty
- for the first step).
- @return: a result code (see above).
</del><ins>+ @param context: The context object returned from L{authGSSClientInit}.
+
+ @param challenge: A string containing the base64-encoded server data (which
+ may be empty for the first step).
+
+ @return: A result code (see above).
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def authGSSClientResponse(context):
</span><span class="cx"> """
</span><span class="cx"> Get the client response from the last successful GSSAPI client-side step.
</span><span class="cx">
</span><del>- @param context: the context object returned from authGSSClientInit.
- @return: a string containing the base64-encoded client data to be sent to the server.
</del><ins>+ @param context: The context object returned from L{authGSSClientInit}.
+
+ @return: A string containing the base64-encoded client data to be sent to
+ the server.
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def authGSSClientResponseConf(context):
</span><span class="cx"> """
</span><del>- Returns 1 if confidentiality was enabled in the previously unwrapped buffer. 0 otherwise.
</del><ins>+ Determine whether confidentiality was enabled in the previously unwrapped
+ buffer.
</ins><span class="cx">
</span><del>- @param context: the context object returned from authGSSClientInit.
- @return: an integer representing the confidentiality of the previously unwrapped buffer.
</del><ins>+ @param context: The context object returned from L{authGSSClientInit}.
+
+ @return: C{1} if confidentiality was enabled in the previously unwrapped
+ buffer, C{0} otherwise.
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def authGSSClientUserName(context):
</span><span class="cx"> """
</span><del>- Get the user name of the principal authenticated via the now complete GSSAPI client-side operations.
- This method must only be called after authGSSClientStep returns a complete response code.
</del><ins>+ Get the user name of the principal authenticated via the now complete
+ GSSAPI client-side operations.
+ This method must only be called after authGSSClientStep returns a complete
+ response code.
</ins><span class="cx">
</span><del>- @param context: the context object returned from authGSSClientInit.
- @return: a string containing the user name.
</del><ins>+ @param context: The context object returned from L{authGSSClientInit}.
+
+ @return: A string containing the user name.
</ins><span class="cx"> """
</span><span class="cx">
</span><del>-def authGSSClientUnwrap(context, challenge):
- """
- Perform the client side GSSAPI unwrap step
-
- @param challenge: a string containing the base64-encoded server data.
- @return: a result code (see above)
- """
</del><span class="cx">
</span><del>-def authGSSClientWrap(context, data, user=None, protect=0):
- """
- Perform the client side GSSAPI wrap step.
-
- @param data:the result of the authGSSClientResponse after the authGSSClientUnwrap
- @param user: the user to authorize
- @param protect: if 0 then just provide integrity protection, if 1, then provide confidentiality as well.
- @return: a result code (see above)
- """
</del><span class="cx">
</span><ins>+def authGSSClientUnwrap(context, challenge):
+ """
+ Perform the client side GSSAPI unwrap step.
+
+ @param challenge: A string containing the base64-encoded server data.
+
+ @return: A result code (see above)
+ """
+
+
+
+def authGSSClientWrap(context, data, user=None, protect=0):
+ """
+ Perform the client side GSSAPI wrap step.
+
+ @param data: The result of the L{authGSSClientResponse} after the
+ L{authGSSClientUnwrap}.
+
+ @param user: The user to authorize.
+
+ @param protect: If C{0}, then just provide integrity protection.
+ If C{1}, then provide confidentiality as well.
+
+ @return: A result code (see above)
+ """
+
+
+
</ins><span class="cx"> def authGSSServerInit(service):
</span><span class="cx"> """
</span><del>- Initializes a context for GSSAPI server-side authentication with the given service principal.
- authGSSServerClean must be called after this function returns an OK result to dispose of
- the context once all GSSAPI operations are complete.
</del><ins>+ Initializes a context for GSSAPI server-side authentication with the given
+ service principal.
+ authGSSServerClean must be called after this function returns an OK result
+ to dispose of the context once all GSSAPI operations are complete.
</ins><span class="cx">
</span><del>- @param service: a string containing the service principal in the form 'type@fqdn'
- (e.g. 'imap@mail.apple.com').
- @return: a tuple of (result, context) where result is the result code (see above) and
- context is an opaque value that will need to be passed to subsequent functions.
</del><ins>+ @param service: A string containing the service principal in the form
+ C{"type@fqdn"}.
+
+ @return: A tuple of (result, context) where result is the result code (see
+ above) and context is an opaque value that will need to be passed to
+ subsequent functions.
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def authGSSServerClean(context):
</span><span class="cx"> """
</span><del>- Destroys the context for GSSAPI server-side authentication. After this call the context
- object is invalid and should not be used again.
</del><ins>+ Destroys the context for GSSAPI server-side authentication.
+ After this call the context object is invalid and should not be used again.
</ins><span class="cx">
</span><del>- @param context: the context object returned from authGSSServerInit.
- @return: a result code (see above).
</del><ins>+ @param context: The context object returned from L{authGSSClientInit}.
+
+ @return: A result code (see above).
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def authGSSServerStep(context, challenge):
</span><span class="cx"> """
</span><span class="cx"> Processes a single GSSAPI server-side step using the supplied client data.
</span><span class="cx">
</span><del>- @param context: the context object returned from authGSSServerInit.
- @param challenge: a string containing the base64-encoded client data.
- @return: a result code (see above).
</del><ins>+ @param context: The context object returned from L{authGSSClientInit}.
+
+ @param challenge: A string containing the base64-encoded client data.
+
+ @return: A result code (see above).
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def authGSSServerResponse(context):
</span><span class="cx"> """
</span><span class="cx"> Get the server response from the last successful GSSAPI server-side step.
</span><span class="cx">
</span><del>- @param context: the context object returned from authGSSServerInit.
- @return: a string containing the base64-encoded server data to be sent to the client.
</del><ins>+ @param context: The context object returned from L{authGSSClientInit}.
+
+ @return: A string containing the base64-encoded server data to be sent to
+ the client.
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def authGSSServerHasDelegated(context):
</span><span class="cx"> """
</span><span class="cx"> Checks whether a server context has delegated credentials.
</span><span class="cx">
</span><del>- @param context: the context object returned from authGSSServerInit.
- @return: a bool saying whether delegated credentials are available.
</del><ins>+ @param context: The context object returned from L{authGSSClientInit}.
+
+ @return: A bool saying whether delegated credentials are available.
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def authGSSServerUserName(context):
</span><span class="cx"> """
</span><span class="cx"> Get the user name of the principal trying to authenticate to the server.
</span><del>- This method must only be called after authGSSServerStep returns a complete or continue response code.
</del><ins>+ This method must only be called after L{authGSSServerStep} returns a
+ complete or continue response code.
</ins><span class="cx">
</span><del>- @param context: the context object returned from authGSSServerInit.
- @return: a string containing the user name.
</del><ins>+ @param context: The context object returned from L{authGSSClientInit}.
+
+ @return: A string containing the user name.
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def authGSSServerTargetName(context):
</span><span class="cx"> """
</span><span class="cx"> Get the target name if the server did not supply its own credentials.
</span><del>- This method must only be called after authGSSServerStep returns a complete or continue response code.
</del><ins>+ This method must only be called after L{authGSSServerStep} returns a
+ complete or continue response code.
</ins><span class="cx">
</span><del>- @param context: the context object returned from authGSSServerInit.
- @return: a string containing the target name.
</del><ins>+ @param context: The context object returned from L{authGSSClientInit}.
+
+ @return: A string containing the target name.
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def authGSSServerStoreDelegate(context):
</span><span class="cx"> """
</span><del>- Save the ticket sent to the server in the file /tmp/krb5_pyserv_XXXXXX
- his method must only be called after authGSSServerStep returns a complete or continue response code.
</del><ins>+ Save the ticket sent to the server in the file C{/tmp/krb5_pyserv_XXXXXX}.
+ This method must only be called after L{authGSSServerStep} returns a
+ complete or continue response code.
</ins><span class="cx">
</span><del>- @param context: the context object returned from authGSSServerInit.
- @return: a result code (see above).
</del><ins>+ @param context: The context object returned from L{authGSSClientInit}.
+
+ @return: A result code (see above).
</ins><span class="cx"> """
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> def authGSSServerCacheName(context):
</span><span class="cx"> """
</span><del>- Get the name of the credential cache created with authGSSServerStoreDelegate.
- This method must only be called after authGSSServerStoreDelegate.
</del><ins>+ Get the name of the credential cache created with
+ L{authGSSServerStoreDelegate}.
+ This method must only be called after L{authGSSServerStoreDelegate}.
</ins><span class="cx">
</span><del>- @param context: the context object returned from authGSSServerInit.
- @return: a string containing the cache name.
</del><ins>+ @param context: The context object returned from L{authGSSClientInit}.
+
+ @return: A string containing the cache name.
</ins><span class="cx"> """
</span></span></pre></div>
<a id="PyKerberostrunksetuppy"></a>
<div class="modfile"><h4>Modified: PyKerberos/trunk/setup.py (14614 => 14615)</h4>
<pre class="diff"><span>
<span class="info">--- PyKerberos/trunk/setup.py 2015-03-26 18:39:13 UTC (rev 14614)
+++ PyKerberos/trunk/setup.py 2015-03-26 20:32:14 UTC (rev 14615)
</span><span class="lines">@@ -15,43 +15,48 @@
</span><span class="cx"> ##
</span><span class="cx">
</span><span class="cx"> from distutils.core import setup, Extension
</span><del>-import sys
-import commands
</del><ins>+from commands import getoutput
</ins><span class="cx">
</span><ins>+
</ins><span class="cx"> long_description = """
</span><span class="cx"> This Python package is a high-level wrapper for Kerberos (GSSAPI) operations.
</span><del>-The goal is to avoid having to build a module that wraps the entire Kerberos.framework,
-and instead offer a limited set of functions that do what is needed for client/server
-Kerberos authentication based on <http://www.ietf.org/rfc/rfc4559.txt>.
-
</del><ins>+The goal is to avoid having to build a module that wraps the entire
+Kerberos.framework, and instead offer a limited set of functions that do what
+is needed for client/server Kerberos authentication based on
+<http://www.ietf.org/rfc/rfc4559.txt>.
</ins><span class="cx"> """
</span><span class="cx">
</span><del>-setup (
- name = "kerberos",
- version = "1.2.0",
- description = "Kerberos high-level interface",
</del><ins>+extra_link_args = getoutput("krb5-config --libs gssapi").split()
+extra_compile_args = getoutput("krb5-config --cflags gssapi").split()
+
+
+setup(
+ name="kerberos",
+ version="1.2.0",
+ description="Kerberos high-level interface",
</ins><span class="cx"> long_description=long_description,
</span><del>- classifiers = [
</del><ins>+ classifiers=[
</ins><span class="cx"> "License :: OSI Approved :: Apache Software License",
</span><span class="cx"> "Programming Language :: Python :: 2",
</span><ins>+ "Programming Language :: Python :: 3",
</ins><span class="cx"> "Topic :: Software Development :: Libraries :: Python Modules",
</span><span class="cx"> "Topic :: System :: Systems Administration :: Authentication/Directory"
</span><del>- ],
- ext_modules = [
</del><ins>+ ],
+ ext_modules=[
</ins><span class="cx"> Extension(
</span><span class="cx"> "kerberos",
</span><del>- extra_link_args = commands.getoutput("krb5-config --libs gssapi").split(),
- extra_compile_args = commands.getoutput("krb5-config --cflags gssapi").split(),
- sources = [
</del><ins>+ extra_link_args=extra_link_args,
+ extra_compile_args=extra_compile_args,
+ sources=[
</ins><span class="cx"> "src/base64.c"
</span><del>- "src/base64.h",
</del><ins>+ "src/base64.h",
</ins><span class="cx"> "src/kerberos.c",
</span><span class="cx"> "src/kerberosbasic.c",
</span><del>- "src/kerberosbasic.h",
</del><ins>+ "src/kerberosbasic.h",
</ins><span class="cx"> "src/kerberosgss.c",
</span><del>- "src/kerberosgss.h",
</del><ins>+ "src/kerberosgss.h",
</ins><span class="cx"> "src/kerberospw.c",
</span><del>- "src/kerberospw.h",
</del><ins>+ "src/kerberospw.h",
</ins><span class="cx"> ],
</span><span class="cx"> ),
</span><span class="cx"> ],
</span></span></pre>
</div>
</div>
</body>
</html>