本文整理匯總了Python中kerberos.authGSSServerInit方法的典型用法代碼示例。如果您正苦於以下問題:Python kerberos.authGSSServerInit方法的具體用法?Python kerberos.authGSSServerInit怎麽用?Python kerberos.authGSSServerInit使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類kerberos
的用法示例。
在下文中一共展示了kerberos.authGSSServerInit方法的5個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: _gssapi_authenticate
# 需要導入模塊: import kerberos [as 別名]
# 或者: from kerberos import authGSSServerInit [as 別名]
def _gssapi_authenticate(token):
state = None
ctx = stack.top
try:
return_code, state = kerberos.authGSSServerInit(_KERBEROS_SERVICE.service_name)
if return_code != kerberos.AUTH_GSS_COMPLETE:
return None
return_code = kerberos.authGSSServerStep(state, token)
if return_code == kerberos.AUTH_GSS_COMPLETE:
ctx.kerberos_token = kerberos.authGSSServerResponse(state)
ctx.kerberos_user = kerberos.authGSSServerUserName(state)
return return_code
if return_code == kerberos.AUTH_GSS_CONTINUE:
return kerberos.AUTH_GSS_CONTINUE
return None
except kerberos.GSSError:
return None
finally:
if state:
kerberos.authGSSServerClean(state)
示例2: authenticate
# 需要導入模塊: import kerberos [as 別名]
# 或者: from kerberos import authGSSServerInit [as 別名]
def authenticate(self, handler, data):
'''
Performs GSSAPI Negotiate Authentication
@param token: GSSAPI Authentication Token
@type token: str
@returns gssapi return code or None on failure
@rtype: int or None
'''
state = None
try:
rc, state = kerberos.authGSSServerInit(self.service_name)
self.log.info("kerberos.authGSSServerInit")
if rc != kerberos.AUTH_GSS_COMPLETE:
return None
rc = kerberos.authGSSServerStep(state, data)
self.log.info("kerberos.authGSSServerStep")
if rc == kerberos.AUTH_GSS_COMPLETE:
user = kerberos.authGSSServerUserName(state)
self.log.info("Extracted User = " + user)
return "kerberos.AUTH_GSS_COMPLETE:" + user
elif rc == kerberos.AUTH_GSS_CONTINUE:
return "kerberos.AUTH_GSS_CONTINUE"
else:
self.log.info("return None")
return None
except kerberos.GSSError as err:
self.log.info("kerberos.GSSError: {0}".format(err))
return None
finally:
if state:
kerberos.authGSSServerClean(state)
示例3: auth_negotiate
# 需要導入模塊: import kerberos [as 別名]
# 或者: from kerberos import authGSSServerInit [as 別名]
def auth_negotiate(self, auth_header, callback):
"""
Perform Negotiate (GSSAPI/SSO) authentication via Kerberos.
"""
auth_str = auth_header.split()[1]
# Initialize Kerberos Context
context = None
try:
result, context = kerberos.authGSSServerInit(
self.settings['sso_service'])
if result != 1:
raise tornado.web.HTTPError(500, _("Kerberos Init failed"))
result = kerberos.authGSSServerStep(context, auth_str)
if result == 1:
gssstring = kerberos.authGSSServerResponse(context)
else: # Fall back to Basic auth
self.auth_basic(auth_header, callback)
# NOTE: The user we get from Negotiate is a full UPN (user@REALM)
user = kerberos.authGSSServerUserName(context)
except kerberos.GSSError as e:
logging.error(_("Kerberos Error: %s" % e))
raise tornado.web.HTTPError(500, _("Kerberos Init failed"))
finally:
if context:
kerberos.authGSSServerClean(context)
self.set_header('WWW-Authenticate', "Negotiate %s" % gssstring)
callback(user)
示例4: decode
# 需要導入模塊: import kerberos [as 別名]
# 或者: from kerberos import authGSSServerInit [as 別名]
def decode(self, base64data, request):
# Init GSSAPI first - we won't specify the service now as we need to accept a target
# name that is case-insenstive as some clients will use "http" instead of "HTTP"
try:
_ignore_result, context = kerberos.authGSSServerInit("")
except kerberos.GSSError, ex:
self.log.error("authGSSServerInit: {ex0}({ex1})", ex0=ex[0][0], ex1=ex[1][0])
raise error.LoginFailed('Authentication System Failure: %s(%s)' % (ex[0][0], ex[1][0],))
# Do the GSSAPI step and get response and username
示例5: authenticate
# 需要導入模塊: import kerberos [as 別名]
# 或者: from kerberos import authGSSServerInit [as 別名]
def authenticate(self, request):
import kerberos
auth_header = request.headers.get("Authorization")
if not auth_header:
raise unauthorized("Negotiate")
auth_type, auth_key = auth_header.split(" ", 1)
if auth_type != "Negotiate":
raise unauthorized("Negotiate")
gss_context = None
try:
# Initialize kerberos context
rc, gss_context = kerberos.authGSSServerInit(self.service_name)
# NOTE: Per the pykerberos documentation, the return code should be
# checked after each step. However, after reading the pykerberos
# code no method used here will ever return anything but
# AUTH_GSS_COMPLETE (all other cases will raise an exception). We
# keep these checks in just in case pykerberos changes its behavior
# to match its docs, but they likely never will trigger.
if rc != kerberos.AUTH_GSS_COMPLETE:
self.raise_auth_error("GSS server init failed, return code = %r" % rc)
# Challenge step
rc = kerberos.authGSSServerStep(gss_context, auth_key)
if rc != kerberos.AUTH_GSS_COMPLETE:
self.raise_auth_error("GSS server step failed, return code = %r" % rc)
gss_key = kerberos.authGSSServerResponse(gss_context)
# Retrieve user name
fulluser = kerberos.authGSSServerUserName(gss_context)
user = fulluser.split("@", 1)[0]
except kerberos.GSSError as err:
self.raise_auth_error(err)
finally:
if gss_context is not None:
kerberos.authGSSServerClean(gss_context)
return User(user), gss_key