本文整理汇总了Python中kerberos.GSSError方法的典型用法代码示例。如果您正苦于以下问题:Python kerberos.GSSError方法的具体用法?Python kerberos.GSSError怎么用?Python kerberos.GSSError使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类kerberos的用法示例。
在下文中一共展示了kerberos.GSSError方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _gssapi_authenticate
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import GSSError [as 别名]
def _gssapi_authenticate(token):
state = None
ctx = stack.top
try:
return_code, state = kerberos.authGSSServerInit(_KERBEROS_SERVICE.service_name)
if return_code != kerberos.AUTH_GSS_COMPLETE:
return None
return_code = kerberos.authGSSServerStep(state, token)
if return_code == kerberos.AUTH_GSS_COMPLETE:
ctx.kerberos_token = kerberos.authGSSServerResponse(state)
ctx.kerberos_user = kerberos.authGSSServerUserName(state)
return return_code
if return_code == kerberos.AUTH_GSS_CONTINUE:
return kerberos.AUTH_GSS_CONTINUE
return None
except kerberos.GSSError:
return None
finally:
if state:
kerberos.authGSSServerClean(state) 示例2: process
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import GSSError [as 别名]
def process(self, challenge=b''):
b64_challenge = b64encode(challenge)
try:
if self.step == 0:
result = kerberos.authGSSClientStep(self.gss, b64_challenge)
if result != kerberos.AUTH_GSS_CONTINUE:
self.step = 1
elif not challenge:
kerberos.authGSSClientClean(self.gss)
return b''
elif self.step == 1:
username = self.credentials['username']
kerberos.authGSSClientUnwrap(self.gss, b64_challenge)
resp = kerberos.authGSSClientResponse(self.gss)
kerberos.authGSSClientWrap(self.gss, resp, username)
resp = kerberos.authGSSClientResponse(self.gss)
except kerberos.GSSError as e:
raise SASLCancelled('Kerberos error: %s' % e)
if not resp:
return b''
else:
return b64decode(resp) 示例3: refresh_auth
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import GSSError [as 别名]
def refresh_auth(self):
service = "HTTP@" + self.hostname
flags = kerberos.GSS_C_MUTUAL_FLAG | kerberos.GSS_C_SEQUENCE_FLAG
try:
(_, vc) = kerberos.authGSSClientInit(service, flags)
except kerberos.GSSError as e:
LOG.error(_LE("caught kerberos exception %r") % e)
raise IPAAuthError(str(e))
try:
kerberos.authGSSClientStep(vc, "")
except kerberos.GSSError as e:
LOG.error(_LE("caught kerberos exception %r") % e)
raise IPAAuthError(str(e))
self.token = kerberos.authGSSClientResponse(vc) 示例4: authenticate
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import GSSError [as 别名]
def authenticate(self, handler, data):
'''
Performs GSSAPI Negotiate Authentication
@param token: GSSAPI Authentication Token
@type token: str
@returns gssapi return code or None on failure
@rtype: int or None
'''
state = None
try:
rc, state = kerberos.authGSSServerInit(self.service_name)
self.log.info("kerberos.authGSSServerInit")
if rc != kerberos.AUTH_GSS_COMPLETE:
return None
rc = kerberos.authGSSServerStep(state, data)
self.log.info("kerberos.authGSSServerStep")
if rc == kerberos.AUTH_GSS_COMPLETE:
user = kerberos.authGSSServerUserName(state)
self.log.info("Extracted User = " + user)
return "kerberos.AUTH_GSS_COMPLETE:" + user
elif rc == kerberos.AUTH_GSS_CONTINUE:
return "kerberos.AUTH_GSS_CONTINUE"
else:
self.log.info("return None")
return None
except kerberos.GSSError as err:
self.log.info("kerberos.GSSError: {0}".format(err))
return None
finally:
if state:
kerberos.authGSSServerClean(state) 示例5: auth_negotiate
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import GSSError [as 别名]
def auth_negotiate(self, auth_header, callback):
"""
Perform Negotiate (GSSAPI/SSO) authentication via Kerberos.
"""
auth_str = auth_header.split()[1]
# Initialize Kerberos Context
context = None
try:
result, context = kerberos.authGSSServerInit(
self.settings['sso_service'])
if result != 1:
raise tornado.web.HTTPError(500, _("Kerberos Init failed"))
result = kerberos.authGSSServerStep(context, auth_str)
if result == 1:
gssstring = kerberos.authGSSServerResponse(context)
else: # Fall back to Basic auth
self.auth_basic(auth_header, callback)
# NOTE: The user we get from Negotiate is a full UPN (user@REALM)
user = kerberos.authGSSServerUserName(context)
except kerberos.GSSError as e:
logging.error(_("Kerberos Error: %s" % e))
raise tornado.web.HTTPError(500, _("Kerberos Init failed"))
finally:
if context:
kerberos.authGSSServerClean(context)
self.set_header('WWW-Authenticate', "Negotiate %s" % gssstring)
callback(user) 示例6: gssclient_token
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import GSSError [as 别名]
def gssclient_token(self):
os.environ['KRB5_CLIENT_KTNAME'] = self.IQUOTA_KEYTAB
service = "HTTP@" + self.IQUOTA_API_HOST
try:
(_, vc) = kerberos.authGSSClientInit(service)
kerberos.authGSSClientStep(vc, "")
return kerberos.authGSSClientResponse(vc)
except kerberos.GSSError as e:
raise KerberosError('error initializing GSS client') 示例7: decode
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import GSSError [as 别名]
def decode(self, base64data, request):
# Init GSSAPI first - we won't specify the service now as we need to accept a target
# name that is case-insenstive as some clients will use "http" instead of "HTTP"
try:
_ignore_result, context = kerberos.authGSSServerInit("")
except kerberos.GSSError, ex:
self.log.error("authGSSServerInit: {ex0}({ex1})", ex0=ex[0][0], ex1=ex[1][0])
raise error.LoginFailed('Authentication System Failure: %s(%s)' % (ex[0][0], ex[1][0],))
# Do the GSSAPI step and get response and username 示例8: http_error_auth_reqed
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import GSSError [as 别名]
def http_error_auth_reqed(self, auth_header, host, req, headers):
try:
spn = "HTTP@%s" % host
authdata = self._negotiate_get_authdata(auth_header, headers)
if self.retried > 3:
raise urllib.request.HTTPError(req.get_full_url(), 401,
"Negotiate auth failed", headers, None)
else:
self.retried += 1
neghdr = self._negotiate_get_svctk(spn, authdata)
if neghdr is None:
return None
req.add_unredirected_header('Authorization', neghdr)
response = self.parent.open(req)
srvauth = self._negotiate_get_authdata(auth_header, response.info())
if self._validate_response(srvauth):
return response
except kerberos.GSSError:
return None
except Exception:
self.reset_retry_count()
raise
finally:
self._clean_context() 示例9: authenticate
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import GSSError [as 别名]
def authenticate(self, request):
import kerberos
auth_header = request.headers.get("Authorization")
if not auth_header:
raise unauthorized("Negotiate")
auth_type, auth_key = auth_header.split(" ", 1)
if auth_type != "Negotiate":
raise unauthorized("Negotiate")
gss_context = None
try:
# Initialize kerberos context
rc, gss_context = kerberos.authGSSServerInit(self.service_name)
# NOTE: Per the pykerberos documentation, the return code should be
# checked after each step. However, after reading the pykerberos
# code no method used here will ever return anything but
# AUTH_GSS_COMPLETE (all other cases will raise an exception). We
# keep these checks in just in case pykerberos changes its behavior
# to match its docs, but they likely never will trigger.
if rc != kerberos.AUTH_GSS_COMPLETE:
self.raise_auth_error("GSS server init failed, return code = %r" % rc)
# Challenge step
rc = kerberos.authGSSServerStep(gss_context, auth_key)
if rc != kerberos.AUTH_GSS_COMPLETE:
self.raise_auth_error("GSS server step failed, return code = %r" % rc)
gss_key = kerberos.authGSSServerResponse(gss_context)
# Retrieve user name
fulluser = kerberos.authGSSServerUserName(gss_context)
user = fulluser.split("@", 1)[0]
except kerberos.GSSError as err:
self.raise_auth_error(err)
finally:
if gss_context is not None:
kerberos.authGSSServerClean(gss_context)
return User(user), gss_key