本文整理汇总了Python中gssapi.Credentials方法的典型用法代码示例。如果您正苦于以下问题:Python gssapi.Credentials方法的具体用法?Python gssapi.Credentials怎么用?Python gssapi.Credentials使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类gssapi的用法示例。
在下文中一共展示了gssapi.Credentials方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_principal_override
# 需要导入模块: import gssapi [as 别名]
# 或者: from gssapi import Credentials [as 别名]
def test_principal_override(self):
with patch.multiple("gssapi.Credentials", __new__=fake_creds), \
patch.multiple("gssapi.SecurityContext", __init__=fake_init,
step=fake_resp):
response = requests.Response()
response.url = "http://www.example.org/"
response.headers = {'www-authenticate': b64_negotiate_token}
host = urlparse(response.url).hostname
auth = requests_gssapi.HTTPKerberosAuth(principal="user@REALM")
auth.generate_request_header(response, host)
fake_creds.assert_called_with(gssapi.creds.Credentials,
usage="initiate",
name=gssapi_name("user@REALM"))
fake_init.assert_called_with(
name=gssapi_name("HTTP@www.example.org"),
usage="initiate", flags=gssflags,
creds=b"fake creds", mech=None) 示例2: test_explicit_creds
# 需要导入模块: import gssapi [as 别名]
# 或者: from gssapi import Credentials [as 别名]
def test_explicit_creds(self):
with patch.multiple("gssapi.Credentials", __new__=fake_creds), \
patch.multiple("gssapi.SecurityContext", __init__=fake_init,
step=fake_resp):
response = requests.Response()
response.url = "http://www.example.org/"
response.headers = {'www-authenticate': b64_negotiate_token}
host = urlparse(response.url).hostname
creds = gssapi.Credentials()
auth = requests_gssapi.HTTPSPNEGOAuth(creds=creds)
auth.generate_request_header(response, host)
fake_init.assert_called_with(
name=gssapi_name("HTTP@www.example.org"),
usage="initiate", flags=gssflags,
creds=b"fake creds", mech=None)
fake_resp.assert_called_with(b"token") 示例3: test_explicit_mech
# 需要导入模块: import gssapi [as 别名]
# 或者: from gssapi import Credentials [as 别名]
def test_explicit_mech(self):
with patch.multiple("gssapi.Credentials", __new__=fake_creds), \
patch.multiple("gssapi.SecurityContext", __init__=fake_init,
step=fake_resp):
response = requests.Response()
response.url = "http://www.example.org/"
response.headers = {'www-authenticate': b64_negotiate_token}
host = urlparse(response.url).hostname
fake_mech = b'fake mech'
auth = requests_gssapi.HTTPSPNEGOAuth(mech=fake_mech)
auth.generate_request_header(response, host)
fake_init.assert_called_with(
name=gssapi_name("HTTP@www.example.org"),
usage="initiate", flags=gssflags,
creds=None, mech=b'fake mech')
fake_resp.assert_called_with(b"token") 示例4: _get_kerberos_principal
# 需要导入模块: import gssapi [as 别名]
# 或者: from gssapi import Credentials [as 别名]
def _get_kerberos_principal():
"""
Use gssapi to get the current kerberos principal.
This will be used as the requester for some tools when creating tickets.
:return: The kerberos principal.
"""
try:
return str(gssapi.Credentials(usage='initiate').name).lower()
except gssapi.raw.misc.GSSError:
return None 示例5: generate_request_header
# 需要导入模块: import gssapi [as 别名]
# 或者: from gssapi import Credentials [as 别名]
def generate_request_header(self, response, host, is_preemptive=False):
# This method needs to be shimmed because `host` isn't exposed to
# __init__() and we need to derive things from it. Also, __init__()
# can't fail, in the strictest compatability sense.
try:
if self.principal is not None:
gss_stage = "acquiring credentials"
name = gssapi.Name(
self.principal, gssapi.NameType.hostbased_service)
self.creds = gssapi.Credentials(name=name, usage="initiate")
# contexts still need to be stored by host, but hostname_override
# allows use of an arbitrary hostname for the GSSAPI exchange (eg,
# in cases of aliased hosts, internal vs external, CNAMEs w/
# name-based HTTP hosting)
if self.service is not None:
gss_stage = "initiating context"
kerb_host = host
if self.hostname_override:
kerb_host = self.hostname_override
kerb_spn = "{0}@{1}".format(self.service, kerb_host)
self.target_name = gssapi.Name(
kerb_spn, gssapi.NameType.hostbased_service)
return HTTPSPNEGOAuth.generate_request_header(self, response,
host, is_preemptive)
except gssapi.exceptions.GSSError as error:
msg = error.gen_message()
log.exception(
"generate_request_header(): {0} failed:".format(gss_stage))
log.exception(msg)
raise SPNEGOExchangeError("%s failed: %s" % (gss_stage, msg)) 示例6: _acquire_creds
# 需要导入模块: import gssapi [as 别名]
# 或者: from gssapi import Credentials [as 别名]
def _acquire_creds(self, username, password):
# 3 use cases with Kerberos Auth
# 1. Both the user and pass is supplied so we want to create a new
# ticket with the pass
# 2. Only the user is supplied so we will attempt to get the cred
# from the existing store
# 3. The user is not supplied so we will attempt to get the default
# cred from the existing store
log.info("GSSAPI: Acquiring credentials handle")
if username and password:
log.debug("GSSAPI: Acquiring credentials handle for user %s with "
"password" % username)
user = gssapi.Name(base=username,
name_type=gssapi.NameType.user)
bpass = password.encode('utf-8')
try:
creds = gssapi.raw.acquire_cred_with_password(user, bpass,
usage='initiate')
except AttributeError:
raise SMBAuthenticationError("Cannot get GSSAPI credential "
"with password as the necessary "
"GSSAPI extensions are not "
"available")
except gssapi.exceptions.GSSError as er:
raise SMBAuthenticationError("Failed to acquire GSSAPI "
"credential with password: %s"
% str(er))
# acquire_cred_with_password returns a wrapper, we want the creds
# object inside this wrapper
creds = creds.creds
elif username:
log.debug("GSSAPI: Acquiring credentials handle for user %s from "
"existing cache" % username)
user = gssapi.Name(base=username,
name_type=gssapi.NameType.user)
try:
creds = gssapi.Credentials(name=user, usage='initiate')
except gssapi.exceptions.MissingCredentialsError as er:
raise SMBAuthenticationError("Failed to acquire GSSAPI "
"credential for user %s from the "
"exisiting cache: %s"
% (str(user), str(er)))
else:
log.debug("GSSAPI: Acquiring credentials handle for default user "
"in cache")
try:
creds = gssapi.Credentials(name=None, usage='initiate')
except gssapi.exceptions.GSSError as er:
raise SMBAuthenticationError("Failed to acquire default "
"GSSAPI credential from the "
"existing cache: %s" % str(er))
user = creds.name
log.info("GSSAPI: Acquired credentials for user %s" % str(user))
return creds 示例7: _get_security_context
# 需要导入模块: import gssapi [as 别名]
# 或者: from gssapi import Credentials [as 别名]
def _get_security_context(name_type, mech, spn, username, password,
delegate, wrap_required, channel_bindings=None):
if username is not None:
username = gssapi.Name(base=username, name_type=name_type)
server_name = gssapi.Name(spn,
name_type=gssapi.NameType.hostbased_service)
# first try and get the cred from the existing cache, if that fails
# then get a new ticket with the password (if specified). The cache
# can only be used for Kerberos, NTLM/SPNEGO must have acquire the
# cred with a pass
cred = None
kerb_oid = GSSAPIContext._AUTH_PROVIDERS['kerberos']
kerb_mech = gssapi.OID.from_int_seq(kerb_oid)
if mech == kerb_mech:
try:
cred = gssapi.Credentials(name=username, usage='initiate',
mechs=[mech])
# raises ExpiredCredentialsError if it has expired
cred.lifetime
except gssapi.raw.GSSError:
# we can't acquire the cred if no password was supplied
if password is None:
raise
cred = None
elif username is None or password is None:
raise ValueError("Can only use implicit credentials with kerberos "
"authentication")
if cred is None:
# error when trying to access the existing cache, get our own
# credentials with the password specified
b_password = to_bytes(password)
cred = gssapi.raw.acquire_cred_with_password(username, b_password,
usage='initiate',
mechs=[mech])
cred = cred.creds
flags = gssapi.RequirementFlag.mutual_authentication | \
gssapi.RequirementFlag.out_of_sequence_detection
if delegate:
flags |= gssapi.RequirementFlag.delegate_to_peer
if wrap_required:
flags |= gssapi.RequirementFlag.confidentiality
context = gssapi.SecurityContext(name=server_name,
creds=cred,
usage='initiate',
mech=mech,
flags=flags,
channel_bindings=channel_bindings)
return context