本文整理汇总了Python中kerberos.authGSSServerStep方法的典型用法代码示例。如果您正苦于以下问题:Python kerberos.authGSSServerStep方法的具体用法?Python kerberos.authGSSServerStep怎么用?Python kerberos.authGSSServerStep使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类kerberos
的用法示例。
在下文中一共展示了kerberos.authGSSServerStep方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _gssapi_authenticate
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSServerStep [as 别名]
def _gssapi_authenticate(token):
state = None
ctx = stack.top
try:
return_code, state = kerberos.authGSSServerInit(_KERBEROS_SERVICE.service_name)
if return_code != kerberos.AUTH_GSS_COMPLETE:
return None
return_code = kerberos.authGSSServerStep(state, token)
if return_code == kerberos.AUTH_GSS_COMPLETE:
ctx.kerberos_token = kerberos.authGSSServerResponse(state)
ctx.kerberos_user = kerberos.authGSSServerUserName(state)
return return_code
if return_code == kerberos.AUTH_GSS_CONTINUE:
return kerberos.AUTH_GSS_CONTINUE
return None
except kerberos.GSSError:
return None
finally:
if state:
kerberos.authGSSServerClean(state)
示例2: authenticate
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSServerStep [as 别名]
def authenticate(self, handler, data):
'''
Performs GSSAPI Negotiate Authentication
@param token: GSSAPI Authentication Token
@type token: str
@returns gssapi return code or None on failure
@rtype: int or None
'''
state = None
try:
rc, state = kerberos.authGSSServerInit(self.service_name)
self.log.info("kerberos.authGSSServerInit")
if rc != kerberos.AUTH_GSS_COMPLETE:
return None
rc = kerberos.authGSSServerStep(state, data)
self.log.info("kerberos.authGSSServerStep")
if rc == kerberos.AUTH_GSS_COMPLETE:
user = kerberos.authGSSServerUserName(state)
self.log.info("Extracted User = " + user)
return "kerberos.AUTH_GSS_COMPLETE:" + user
elif rc == kerberos.AUTH_GSS_CONTINUE:
return "kerberos.AUTH_GSS_CONTINUE"
else:
self.log.info("return None")
return None
except kerberos.GSSError as err:
self.log.info("kerberos.GSSError: {0}".format(err))
return None
finally:
if state:
kerberos.authGSSServerClean(state)
示例3: auth_negotiate
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSServerStep [as 别名]
def auth_negotiate(self, auth_header, callback):
"""
Perform Negotiate (GSSAPI/SSO) authentication via Kerberos.
"""
auth_str = auth_header.split()[1]
# Initialize Kerberos Context
context = None
try:
result, context = kerberos.authGSSServerInit(
self.settings['sso_service'])
if result != 1:
raise tornado.web.HTTPError(500, _("Kerberos Init failed"))
result = kerberos.authGSSServerStep(context, auth_str)
if result == 1:
gssstring = kerberos.authGSSServerResponse(context)
else: # Fall back to Basic auth
self.auth_basic(auth_header, callback)
# NOTE: The user we get from Negotiate is a full UPN (user@REALM)
user = kerberos.authGSSServerUserName(context)
except kerberos.GSSError as e:
logging.error(_("Kerberos Error: %s" % e))
raise tornado.web.HTTPError(500, _("Kerberos Init failed"))
finally:
if context:
kerberos.authGSSServerClean(context)
self.set_header('WWW-Authenticate', "Negotiate %s" % gssstring)
callback(user)
示例4: authenticate
# 需要导入模块: import kerberos [as 别名]
# 或者: from kerberos import authGSSServerStep [as 别名]
def authenticate(self, request):
import kerberos
auth_header = request.headers.get("Authorization")
if not auth_header:
raise unauthorized("Negotiate")
auth_type, auth_key = auth_header.split(" ", 1)
if auth_type != "Negotiate":
raise unauthorized("Negotiate")
gss_context = None
try:
# Initialize kerberos context
rc, gss_context = kerberos.authGSSServerInit(self.service_name)
# NOTE: Per the pykerberos documentation, the return code should be
# checked after each step. However, after reading the pykerberos
# code no method used here will ever return anything but
# AUTH_GSS_COMPLETE (all other cases will raise an exception). We
# keep these checks in just in case pykerberos changes its behavior
# to match its docs, but they likely never will trigger.
if rc != kerberos.AUTH_GSS_COMPLETE:
self.raise_auth_error("GSS server init failed, return code = %r" % rc)
# Challenge step
rc = kerberos.authGSSServerStep(gss_context, auth_key)
if rc != kerberos.AUTH_GSS_COMPLETE:
self.raise_auth_error("GSS server step failed, return code = %r" % rc)
gss_key = kerberos.authGSSServerResponse(gss_context)
# Retrieve user name
fulluser = kerberos.authGSSServerUserName(gss_context)
user = fulluser.split("@", 1)[0]
except kerberos.GSSError as err:
self.raise_auth_error(err)
finally:
if gss_context is not None:
kerberos.authGSSServerClean(gss_context)
return User(user), gss_key