本文整理汇总了Python中kerberos.AUTH_GSS_COMPLETE属性的典型用法代码示例。如果您正苦于以下问题:Python kerberos.AUTH_GSS_COMPLETE属性的具体用法?Python kerberos.AUTH_GSS_COMPLETE怎么用?Python kerberos.AUTH_GSS_COMPLETE使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类kerberos的用法示例。
在下文中一共展示了kerberos.AUTH_GSS_COMPLETE属性的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _gssapi_authenticate
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import AUTH_GSS_COMPLETE [as 别名]
def _gssapi_authenticate(token):
state = None
ctx = stack.top
try:
return_code, state = kerberos.authGSSServerInit(_KERBEROS_SERVICE.service_name)
if return_code != kerberos.AUTH_GSS_COMPLETE:
return None
return_code = kerberos.authGSSServerStep(state, token)
if return_code == kerberos.AUTH_GSS_COMPLETE:
ctx.kerberos_token = kerberos.authGSSServerResponse(state)
ctx.kerberos_user = kerberos.authGSSServerUserName(state)
return return_code
if return_code == kerberos.AUTH_GSS_CONTINUE:
return kerberos.AUTH_GSS_CONTINUE
return None
except kerberos.GSSError:
return None
finally:
if state:
kerberos.authGSSServerClean(state) 示例2: requires_authentication
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import AUTH_GSS_COMPLETE [as 别名]
def requires_authentication(function):
"""Decorator for functions that require authentication with Kerberos"""
@wraps(function)
def decorated(*args, **kwargs):
header = request.headers.get("Authorization")
if header:
ctx = stack.top
token = ''.join(header.split()[1:])
return_code = _gssapi_authenticate(token)
if return_code == kerberos.AUTH_GSS_COMPLETE:
g.user = ctx.kerberos_user
response = function(*args, **kwargs)
response = make_response(response)
if ctx.kerberos_token is not None:
response.headers['WWW-Authenticate'] = ' '.join(['negotiate',
ctx.kerberos_token])
return response
if return_code != kerberos.AUTH_GSS_CONTINUE:
return _forbidden()
return _unauthorized()
return decorated 示例3: _set_username
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import AUTH_GSS_COMPLETE [as 别名]
def _set_username(self, **kwargs):
if self._username is not None:
return
try:
(ret, ctx) = kerberos.authGSSClientInit('krbtgt@REDHAT.COM')
assert (ret == kerberos.AUTH_GSS_COMPLETE)
ret = kerberos.authGSSClientInquireCred(ctx)
assert (ret == kerberos.AUTH_GSS_COMPLETE)
# XXX What if you have >1 ticket?
ret = kerberos.authGSSClientUserName(ctx)
if '@' in ret:
self._username = ret.split('@')[0]
else:
self._username = ret
except AssertionError:
raise ErrataException('Pigeon crap. Did it forget to run kinit?')
# Shortcut 示例4: authenticate
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import AUTH_GSS_COMPLETE [as 别名]
def authenticate(self, handler, data):
'''
Performs GSSAPI Negotiate Authentication
@param token: GSSAPI Authentication Token
@type token: str
@returns gssapi return code or None on failure
@rtype: int or None
'''
state = None
try:
rc, state = kerberos.authGSSServerInit(self.service_name)
self.log.info("kerberos.authGSSServerInit")
if rc != kerberos.AUTH_GSS_COMPLETE:
return None
rc = kerberos.authGSSServerStep(state, data)
self.log.info("kerberos.authGSSServerStep")
if rc == kerberos.AUTH_GSS_COMPLETE:
user = kerberos.authGSSServerUserName(state)
self.log.info("Extracted User = " + user)
return "kerberos.AUTH_GSS_COMPLETE:" + user
elif rc == kerberos.AUTH_GSS_CONTINUE:
return "kerberos.AUTH_GSS_CONTINUE"
else:
self.log.info("return None")
return None
except kerberos.GSSError as err:
self.log.info("kerberos.GSSError: {0}".format(err))
return None
finally:
if state:
kerberos.authGSSServerClean(state) 示例5: _negotiate_get_svctk
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import AUTH_GSS_COMPLETE [as 别名]
def _negotiate_get_svctk(self, spn, authdata):
if authdata is None:
return None
result, self.context = kerberos.authGSSClientInit(spn)
if result < kerberos.AUTH_GSS_COMPLETE:
return None
result = kerberos.authGSSClientStep(self.context, authdata)
if result < kerberos.AUTH_GSS_CONTINUE:
return None
response = kerberos.authGSSClientResponse(self.context)
return "Negotiate %s" % response 示例6: _validate_response
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import AUTH_GSS_COMPLETE [as 别名]
def _validate_response(self, authdata):
if authdata is None:
return None
result = kerberos.authGSSClientStep(self.context, authdata)
if result == kerberos.AUTH_GSS_COMPLETE:
return True
return None 示例7: get
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import AUTH_GSS_COMPLETE [as 别名]
def get(self):
header = self.request.headers.get("Authorization")
if header:
token = ''.join(header.split()[1:])
result = yield self.authenticator.get_authenticated_user(self, token)
username = None
rc = None
if ":" in result:
rc, username = result.split(':')
elif result != None:
rc = result
if rc.upper() == "KERBEROS.AUTH_GSS_COMPLETE":
self.log.info("kerberos.AUTH_GSS_COMPLETE: Username= " + username)
if username:
userId = username.split("@")[0]
self.log.info("User = " + userId)
user = self.user_from_username(userId)
already_running = False
if user.spawner:
status = yield user.spawner.poll()
already_running = (status == None)
if not already_running and not user.spawner.options_form:
yield self.spawn_single_user(user)
self.set_login_cookie(user)
next_url = self.get_argument('next', default='')
if not next_url.startswith('/'):
next_url = ''
next_url = next_url or self.hub.server.base_url
self.redirect(next_url)
self.log.info("User logged in: %s", username)
else:
self._stop(username)
elif rc.upper() != "KERBEROS.AUTH_GSS_CONTINUE":
self.log.info("Request forbidden")
self._forbidden()
else:
self._unauthorized()
else:
self._unauthorized() 示例8: authenticate
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import AUTH_GSS_COMPLETE [as 别名]
def authenticate(self, request):
import kerberos
auth_header = request.headers.get("Authorization")
if not auth_header:
raise unauthorized("Negotiate")
auth_type, auth_key = auth_header.split(" ", 1)
if auth_type != "Negotiate":
raise unauthorized("Negotiate")
gss_context = None
try:
# Initialize kerberos context
rc, gss_context = kerberos.authGSSServerInit(self.service_name)
# NOTE: Per the pykerberos documentation, the return code should be
# checked after each step. However, after reading the pykerberos
# code no method used here will ever return anything but
# AUTH_GSS_COMPLETE (all other cases will raise an exception). We
# keep these checks in just in case pykerberos changes its behavior
# to match its docs, but they likely never will trigger.
if rc != kerberos.AUTH_GSS_COMPLETE:
self.raise_auth_error("GSS server init failed, return code = %r" % rc)
# Challenge step
rc = kerberos.authGSSServerStep(gss_context, auth_key)
if rc != kerberos.AUTH_GSS_COMPLETE:
self.raise_auth_error("GSS server step failed, return code = %r" % rc)
gss_key = kerberos.authGSSServerResponse(gss_context)
# Retrieve user name
fulluser = kerberos.authGSSServerUserName(gss_context)
user = fulluser.split("@", 1)[0]
except kerberos.GSSError as err:
self.raise_auth_error(err)
finally:
if gss_context is not None:
kerberos.authGSSServerClean(gss_context)
return User(user), gss_key