def __init__(self, endpoint, auth=None, capath=True):
logger.debug("Initializing service (endpoint: %s, auth: %s", endpoint,
auth)
self._endpoint = endpoint
if auth == 'kerberos':
# This step has been extended to work around issue #942 in the
# kerberos library where the default principal cannot be
# derived without raising an error. An explicit principal has
# to be provided.
#
# This is ignored if PyKerberos is used.
from urllib.parse import urlparse
import kerberos
if 'authGSSClientInquireCred' in dir(kerberos):
parse = urlparse(endpoint)
kerb_spn = "{0}@{1}".format("HTTP", parse.netloc)
_, krb_context = kerberos.authGSSClientInit(kerb_spn)
kerberos.authGSSClientInquireCred(krb_context)
principal = kerberos.authGSSClientUserName(krb_context)
# kerberos.authGSSClientClean(krb_context)
auth = HTTPKerberosAuth(principal=principal)
else:
auth = HTTPKerberosAuth()
self._auth = auth
self._capath = capath
def get_current_principal():
try:
import kerberos
rc, vc = kerberos.authGSSClientInit("notempty")
rc = kerberos.authGSSClientInquireCred(vc)
username = kerberos.authGSSClientUserName(vc)
kerberos.authGSSClientClean(vc)
return unicode(username)
except ImportError:
raise RuntimeError('python-kerberos is not available.')
except kerberos.GSSError, e:
#TODO: do a kinit?
raise errors.CCacheError()
def get_current_principal():
try:
import kerberos
rc, vc = kerberos.authGSSClientInit("notempty")
rc = kerberos.authGSSClientInquireCred(vc)
username = kerberos.authGSSClientUserName(vc)
kerberos.authGSSClientClean(vc)
return unicode(username)
except ImportError:
raise RuntimeError('python-kerberos is not available.')
except kerberos.GSSError, e:
#TODO: do a kinit?
raise errors.CCacheError()
def _set_username(self, **kwargs):
if self._username is not None:
return
try:
(ret, ctx) = kerberos.authGSSClientInit('*****@*****.**')
assert (ret == kerberos.AUTH_GSS_COMPLETE)
ret = kerberos.authGSSClientInquireCred(ctx)
assert (ret == kerberos.AUTH_GSS_COMPLETE)
# XXX What if you have >1 ticket?
ret = kerberos.authGSSClientUserName(ctx)
if '@' in ret:
self._username = ret.split('@')[0]
else:
self._username = ret
except AssertionError:
raise ErrataException('Pigeon crap. Did it forget to run kinit?')
def _set_username(self, **kwargs):
if self._username is not None:
return
try:
(ret, ctx) = kerberos.authGSSClientInit('*****@*****.**')
assert (ret == kerberos.AUTH_GSS_COMPLETE)
ret = kerberos.authGSSClientInquireCred(ctx)
assert (ret == kerberos.AUTH_GSS_COMPLETE)
# XXX What if you have >1 ticket?
ret = kerberos.authGSSClientUserName(ctx)
if '@' in ret:
self._username = ret.split('@')[0]
else:
self._username = ret
except AssertionError:
raise ErrataException('Pigeon crap. Did it forget to run kinit?')