本文整理匯總了Python中kerberos.authGSSClientResponse方法的典型用法代碼示例。如果您正苦於以下問題:Python kerberos.authGSSClientResponse方法的具體用法?Python kerberos.authGSSClientResponse怎麽用?Python kerberos.authGSSClientResponse使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類kerberos的用法示例。
在下文中一共展示了kerberos.authGSSClientResponse方法的9個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: challenge
# 需要導入模塊: import kerberos [as 別名]
# 或者: from kerberos import authGSSClientResponse [as 別名]
def challenge(self, challenge):
if self.step == 0:
ret = kerberos.authGSSClientStep(self._gss,
base64.b64encode(challenge))
if ret != kerberos.AUTH_GSS_CONTINUE:
self.step = 1
elif self.step == 1:
ret = kerberos.authGSSClientUnwrap(self._gss,
base64.b64encode(challenge))
response = kerberos.authGSSClientResponse(self._gss)
ret = kerberos.authGSSClientWrap(self._gss, response, self.username)
response = kerberos.authGSSClientResponse(self._gss)
if response is None:
return Response("")
else:
return Response(base64.b64decode(response)) 示例2: process
# 需要導入模塊: import kerberos [as 別名]
# 或者: from kerberos import authGSSClientResponse [as 別名]
def process(self, challenge=b''):
b64_challenge = b64encode(challenge)
try:
if self.step == 0:
result = kerberos.authGSSClientStep(self.gss, b64_challenge)
if result != kerberos.AUTH_GSS_CONTINUE:
self.step = 1
elif not challenge:
kerberos.authGSSClientClean(self.gss)
return b''
elif self.step == 1:
username = self.credentials['username']
kerberos.authGSSClientUnwrap(self.gss, b64_challenge)
resp = kerberos.authGSSClientResponse(self.gss)
kerberos.authGSSClientWrap(self.gss, resp, username)
resp = kerberos.authGSSClientResponse(self.gss)
except kerberos.GSSError as e:
raise SASLCancelled('Kerberos error: %s' % e)
if not resp:
return b''
else:
return b64decode(resp) 示例3: refresh_auth
# 需要導入模塊: import kerberos [as 別名]
# 或者: from kerberos import authGSSClientResponse [as 別名]
def refresh_auth(self):
service = "HTTP@" + self.hostname
flags = kerberos.GSS_C_MUTUAL_FLAG | kerberos.GSS_C_SEQUENCE_FLAG
try:
(_, vc) = kerberos.authGSSClientInit(service, flags)
except kerberos.GSSError as e:
LOG.error(_LE("caught kerberos exception %r") % e)
raise IPAAuthError(str(e))
try:
kerberos.authGSSClientStep(vc, "")
except kerberos.GSSError as e:
LOG.error(_LE("caught kerberos exception %r") % e)
raise IPAAuthError(str(e))
self.token = kerberos.authGSSClientResponse(vc) 示例4: get_auth_header
# 需要導入模塊: import kerberos [as 別名]
# 或者: from kerberos import authGSSClientResponse [as 別名]
def get_auth_header(self):
if self.ctx:
raise RuntimeError("Context has already been initialized")
__, self.ctx = kerberos.authGSSClientInit(self.service, principal = self.principal)
kerberos.authGSSClientStep(self.ctx, "")
token = kerberos.authGSSClientResponse(self.ctx)
return {"Authorization": "Negotiate " + token} 示例5: gssclient_token
# 需要導入模塊: import kerberos [as 別名]
# 或者: from kerberos import authGSSClientResponse [as 別名]
def gssclient_token(self):
os.environ['KRB5_CLIENT_KTNAME'] = self.IQUOTA_KEYTAB
service = "HTTP@" + self.IQUOTA_API_HOST
try:
(_, vc) = kerberos.authGSSClientInit(service)
kerberos.authGSSClientStep(vc, "")
return kerberos.authGSSClientResponse(vc)
except kerberos.GSSError as e:
raise KerberosError('error initializing GSS client') 示例6: _create_kerberos_session
# 需要導入模塊: import kerberos [as 別名]
# 或者: from kerberos import authGSSClientResponse [as 別名]
def _create_kerberos_session(self, kerberos_service):
try:
import kerberos as kerb
except ImportError as e:
log.debug(e)
try:
import kerberos_sspi as kerb
except ImportError:
raise ImportError("No kerberos implementation available")
__, krb_context = kerb.authGSSClientInit(kerberos_service)
kerb.authGSSClientStep(krb_context, "")
auth_header = ("Negotiate " + kerb.authGSSClientResponse(krb_context))
self._update_header("Authorization", auth_header)
response = self._session.get(self.url, verify=self.verify_ssl)
response.raise_for_status() 示例7: _negotiate_get_svctk
# 需要導入模塊: import kerberos [as 別名]
# 或者: from kerberos import authGSSClientResponse [as 別名]
def _negotiate_get_svctk(self, spn, authdata):
if authdata is None:
return None
result, self.context = kerberos.authGSSClientInit(spn)
if result < kerberos.AUTH_GSS_COMPLETE:
return None
result = kerberos.authGSSClientStep(self.context, authdata)
if result < kerberos.AUTH_GSS_CONTINUE:
return None
response = kerberos.authGSSClientResponse(self.context)
return "Negotiate %s" % response 示例8: pre_request
# 需要導入模塊: import kerberos [as 別名]
# 或者: from kerberos import authGSSClientResponse [as 別名]
def pre_request(self, resp):
# TODO: convert errors to some common error class
import kerberos
_, context = kerberos.authGSSClientInit(
"HTTP@%s" % resp.url.host,
gssflags=kerberos.GSS_C_MUTUAL_FLAG | kerberos.GSS_C_SEQUENCE_FLAG,
)
kerberos.authGSSClientStep(context, "")
response = kerberos.authGSSClientResponse(context)
headers = {"Authorization": "Negotiate " + response}
return headers, context 示例9: _get_bearer_saml_assertion_lin
# 需要導入模塊: import kerberos [as 別名]
# 或者: from kerberos import authGSSClientResponse [as 別名]
def _get_bearer_saml_assertion_lin(self,
request_duration=60,
token_duration=600,
delegatable=False,
renewable=False):
'''
Extracts the assertion from the Bearer Token received from the Security
Token Service using kerberos.
@type request_duration: C{long}
@param request_duration: The duration for which the request is valid. If
the STS receives this request after this
duration, it is assumed to have expired. The
duration is in seconds and the default is 60s.
@type token_duration: C{long}
@param token_duration: The duration for which the SAML token is issued
for. The duration is specified in seconds and
the default is 600s.
@type delegatable: C{boolean}
@param delegatable: Whether the generated token is delegatable or not
The default value is False
@type renewable: C{boolean}
@param renewable: Whether the generated token is renewable or not
The default value is False
@rtype: C{str}
@return: The SAML assertion in Unicode.
'''
import kerberos
import platform
service = 'host@%s' % platform.node()
_, context = kerberos.authGSSClientInit(service, 0)
challenge = ''
# The following will keep running unless we receive a saml token or an error
while True:
# Call GSS step
result = kerberos.authGSSClientStep(context, challenge)
if result < 0:
break
sectoken = kerberos.authGSSClientResponse(context)
soap_response = self._get_gss_soap_response(sectoken,
request_duration, token_duration, delegatable,
renewable)
et = etree.fromstring(soap_response)
try:
# Check if we have received a challenge token from the server
element = _extract_element(et,
'BinaryExchange',
{'ns': "http://docs.oasis-open.org/ws-sx/ws-trust/200512"})
negotiate_token = element.text
challenge = negotiate_token
except KeyError:
# Response does not contain the negotiate token.
# It should contain SAML token then.
saml_token = etree.tostring(
_extract_element(
et,
'Assertion',
{'saml2': "urn:oasis:names:tc:SAML:2.0:assertion"}),
pretty_print=False).decode(UTF_8)
break
return saml_token