本文整理汇总了Python中kerberos.authGSSClientStep方法的典型用法代码示例。如果您正苦于以下问题:Python kerberos.authGSSClientStep方法的具体用法?Python kerberos.authGSSClientStep怎么用?Python kerberos.authGSSClientStep使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类kerberos
的用法示例。
在下文中一共展示了kerberos.authGSSClientStep方法的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: challenge
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSClientStep [as 别名]
def challenge(self, challenge):
if self.step == 0:
ret = kerberos.authGSSClientStep(self._gss,
base64.b64encode(challenge))
if ret != kerberos.AUTH_GSS_CONTINUE:
self.step = 1
elif self.step == 1:
ret = kerberos.authGSSClientUnwrap(self._gss,
base64.b64encode(challenge))
response = kerberos.authGSSClientResponse(self._gss)
ret = kerberos.authGSSClientWrap(self._gss, response, self.username)
response = kerberos.authGSSClientResponse(self._gss)
if response is None:
return Response("")
else:
return Response(base64.b64decode(response))
示例2: process
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSClientStep [as 别名]
def process(self, challenge=b''):
b64_challenge = b64encode(challenge)
try:
if self.step == 0:
result = kerberos.authGSSClientStep(self.gss, b64_challenge)
if result != kerberos.AUTH_GSS_CONTINUE:
self.step = 1
elif not challenge:
kerberos.authGSSClientClean(self.gss)
return b''
elif self.step == 1:
username = self.credentials['username']
kerberos.authGSSClientUnwrap(self.gss, b64_challenge)
resp = kerberos.authGSSClientResponse(self.gss)
kerberos.authGSSClientWrap(self.gss, resp, username)
resp = kerberos.authGSSClientResponse(self.gss)
except kerberos.GSSError as e:
raise SASLCancelled('Kerberos error: %s' % e)
if not resp:
return b''
else:
return b64decode(resp)
示例3: refresh_auth
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSClientStep [as 别名]
def refresh_auth(self):
service = "HTTP@" + self.hostname
flags = kerberos.GSS_C_MUTUAL_FLAG | kerberos.GSS_C_SEQUENCE_FLAG
try:
(_, vc) = kerberos.authGSSClientInit(service, flags)
except kerberos.GSSError as e:
LOG.error(_LE("caught kerberos exception %r") % e)
raise IPAAuthError(str(e))
try:
kerberos.authGSSClientStep(vc, "")
except kerberos.GSSError as e:
LOG.error(_LE("caught kerberos exception %r") % e)
raise IPAAuthError(str(e))
self.token = kerberos.authGSSClientResponse(vc)
示例4: get_auth_header
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSClientStep [as 别名]
def get_auth_header(self):
if self.ctx:
raise RuntimeError("Context has already been initialized")
__, self.ctx = kerberos.authGSSClientInit(self.service, principal = self.principal)
kerberos.authGSSClientStep(self.ctx, "")
token = kerberos.authGSSClientResponse(self.ctx)
return {"Authorization": "Negotiate " + token}
示例5: check_auth_header
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSClientStep [as 别名]
def check_auth_header(self, auth_header):
if not self.ctx:
raise RuntimeError("Invalid context: " + self.ctx)
if not auth_header:
raise RuntimeError("www-authenticate header is not valid: " + auth_header)
auth_val = auth_header.split(" ", 1)
if len(auth_val) != 2 or auth_val[0].lower() != "negotiate":
raise RuntimeError("www-authenticate header is not valid: " + auth_header)
kerberos.authGSSClientStep(self.ctx, auth_val[1])
kerberos.authGSSClientClean(self.ctx)
self.ctx = None
示例6: gssclient_token
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSClientStep [as 别名]
def gssclient_token(self):
os.environ['KRB5_CLIENT_KTNAME'] = self.IQUOTA_KEYTAB
service = "HTTP@" + self.IQUOTA_API_HOST
try:
(_, vc) = kerberos.authGSSClientInit(service)
kerberos.authGSSClientStep(vc, "")
return kerberos.authGSSClientResponse(vc)
except kerberos.GSSError as e:
raise KerberosError('error initializing GSS client')
示例7: _create_kerberos_session
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSClientStep [as 别名]
def _create_kerberos_session(self, kerberos_service):
try:
import kerberos as kerb
except ImportError as e:
log.debug(e)
try:
import kerberos_sspi as kerb
except ImportError:
raise ImportError("No kerberos implementation available")
__, krb_context = kerb.authGSSClientInit(kerberos_service)
kerb.authGSSClientStep(krb_context, "")
auth_header = ("Negotiate " + kerb.authGSSClientResponse(krb_context))
self._update_header("Authorization", auth_header)
response = self._session.get(self.url, verify=self.verify_ssl)
response.raise_for_status()
示例8: _negotiate_get_svctk
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSClientStep [as 别名]
def _negotiate_get_svctk(self, spn, authdata):
if authdata is None:
return None
result, self.context = kerberos.authGSSClientInit(spn)
if result < kerberos.AUTH_GSS_COMPLETE:
return None
result = kerberos.authGSSClientStep(self.context, authdata)
if result < kerberos.AUTH_GSS_CONTINUE:
return None
response = kerberos.authGSSClientResponse(self.context)
return "Negotiate %s" % response
示例9: _validate_response
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSClientStep [as 别名]
def _validate_response(self, authdata):
if authdata is None:
return None
result = kerberos.authGSSClientStep(self.context, authdata)
if result == kerberos.AUTH_GSS_COMPLETE:
return True
return None
示例10: pre_request
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSClientStep [as 别名]
def pre_request(self, resp):
# TODO: convert errors to some common error class
import kerberos
_, context = kerberos.authGSSClientInit(
"HTTP@%s" % resp.url.host,
gssflags=kerberos.GSS_C_MUTUAL_FLAG | kerberos.GSS_C_SEQUENCE_FLAG,
)
kerberos.authGSSClientStep(context, "")
response = kerberos.authGSSClientResponse(context)
headers = {"Authorization": "Negotiate " + response}
return headers, context
示例11: post_response
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSClientStep [as 别名]
def post_response(self, resp, context):
import kerberos
www_auth = resp.headers.get("www-authenticate", None)
token = None
if www_auth:
match = self.auth_regex.search(www_auth)
if match:
token = match.group(1)
if not token:
raise Exception("Kerberos negotiation failed")
kerberos.authGSSClientStep(context, token)
示例12: _get_bearer_saml_assertion_lin
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSClientStep [as 别名]
def _get_bearer_saml_assertion_lin(self,
request_duration=60,
token_duration=600,
delegatable=False,
renewable=False):
'''
Extracts the assertion from the Bearer Token received from the Security
Token Service using kerberos.
@type request_duration: C{long}
@param request_duration: The duration for which the request is valid. If
the STS receives this request after this
duration, it is assumed to have expired. The
duration is in seconds and the default is 60s.
@type token_duration: C{long}
@param token_duration: The duration for which the SAML token is issued
for. The duration is specified in seconds and
the default is 600s.
@type delegatable: C{boolean}
@param delegatable: Whether the generated token is delegatable or not
The default value is False
@type renewable: C{boolean}
@param renewable: Whether the generated token is renewable or not
The default value is False
@rtype: C{str}
@return: The SAML assertion in Unicode.
'''
import kerberos
import platform
service = 'host@%s' % platform.node()
_, context = kerberos.authGSSClientInit(service, 0)
challenge = ''
# The following will keep running unless we receive a saml token or an error
while True:
# Call GSS step
result = kerberos.authGSSClientStep(context, challenge)
if result < 0:
break
sectoken = kerberos.authGSSClientResponse(context)
soap_response = self._get_gss_soap_response(sectoken,
request_duration, token_duration, delegatable,
renewable)
et = etree.fromstring(soap_response)
try:
# Check if we have received a challenge token from the server
element = _extract_element(et,
'BinaryExchange',
{'ns': "http://docs.oasis-open.org/ws-sx/ws-trust/200512"})
negotiate_token = element.text
challenge = negotiate_token
except KeyError:
# Response does not contain the negotiate token.
# It should contain SAML token then.
saml_token = etree.tostring(
_extract_element(
et,
'Assertion',
{'saml2': "urn:oasis:names:tc:SAML:2.0:assertion"}),
pretty_print=False).decode(UTF_8)
break
return saml_token