def __call__(self, environ, start_response): logger.debug('KerberosWSGIExecutioner.__call__:') user_ccache=environ.get('KRB5CCNAME') object.__setattr__( self, 'headers', [('Content-Type', '%s; charset=utf-8' % self.content_type)] ) if user_ccache is None: status = HTTP_STATUS_SERVER_ERROR logger.error( '%s: %s', status, 'KerberosWSGIExecutioner.__call__: ' 'KRB5CCNAME not defined in HTTP request environment') return self.marshal(None, CCacheError()) try: self.create_context(ccache=user_ccache) response = super(KerberosWSGIExecutioner, self).__call__( environ, start_response) except PublicError as e: status = HTTP_STATUS_SUCCESS response = status.encode('utf-8') start_response(status, self.headers) return [self.marshal(None, e)] finally: destroy_context() return response
def __call__(self, environ, start_response): self.debug('KerberosWSGIExecutioner.__call__:') user_ccache=environ.get('KRB5CCNAME') headers = [('Content-Type', '%s; charset=utf-8' % self.content_type)] if user_ccache is None: status = HTTP_STATUS_SERVER_ERROR self.log.error( '%s: %s', status, 'KerberosWSGIExecutioner.__call__: ' 'KRB5CCNAME not defined in HTTP request environment') return self.marshal(None, CCacheError()) try: self.create_context(ccache=user_ccache) response = super(KerberosWSGIExecutioner, self).__call__( environ, start_response) session_data = getattr(context, 'session_data', None) if (session_data is None and self.env.context != 'lite'): self.finalize_kerberos_acquisition( 'xmlserver', user_ccache, environ, start_response, headers) except PublicError as e: status = HTTP_STATUS_SUCCESS response = status start_response(status, headers) return self.marshal(None, e) finally: destroy_context() return response
def __call__(self, environ, start_response): ''' ''' self.debug('WSGI xmlserver.__call__:') user_ccache = environ.get('KRB5CCNAME') headers = [('Content-Type', 'text/xml; charset=utf-8')] if user_ccache is None: self.internal_error( environ, start_response, 'xmlserver.__call__: KRB5CCNAME not defined in HTTP request environment' ) return self.marshal(None, CCacheError()) try: self.create_context(ccache=user_ccache) response = super(xmlserver, self).__call__(environ, start_response) if getattr(context, 'session_data', None) is None and \ self.env.context != 'lite': self.finalize_kerberos_acquisition('xmlserver', user_ccache, environ, start_response, headers) except PublicError, e: status = HTTP_STATUS_SUCCESS response = status start_response(status, headers) return self.marshal(None, e)
def __call__(self, environ, start_response): self.debug('KerberosWSGIExecutioner.__call__:') user_ccache = environ.get('KRB5CCNAME') self.headers = [('Content-Type', '%s; charset=utf-8' % self.content_type)] if user_ccache is None: status = HTTP_STATUS_SERVER_ERROR self.log.error( '%s: %s', status, 'KerberosWSGIExecutioner.__call__: ' 'KRB5CCNAME not defined in HTTP request environment') return self.marshal(None, CCacheError()) logout_cookie = getattr(context, 'logout_cookie', None) if logout_cookie: self.headers.append(('IPASESSION', logout_cookie)) try: self.create_context(ccache=user_ccache) response = super(KerberosWSGIExecutioner, self).__call__(environ, start_response) except PublicError as e: status = HTTP_STATUS_SUCCESS response = status.encode('utf-8') start_response(status, self.headers) return self.marshal(None, e) finally: destroy_context() return response
def kinit(self, user, realm, password, ccache_name): # get http service ccache as an armor for FAST to enable OTP authentication armor_principal = str( krb5_format_service_principal_name('HTTP', self.api.env.host, realm)) keytab = paths.IPA_KEYTAB armor_name = "%sA_%s" % (krbccache_prefix, user) armor_path = os.path.join(krbccache_dir, armor_name) self.debug('Obtaining armor ccache: principal=%s keytab=%s ccache=%s', armor_principal, keytab, armor_path) try: ipautil.kinit_keytab(armor_principal, paths.IPA_KEYTAB, armor_path) except gssapi.exceptions.GSSError as e: raise CCacheError(message=unicode(e)) # Format the user as a kerberos principal principal = krb5_format_principal_name(user, realm) try: ipautil.kinit_password(principal, password, ccache_name, armor_ccache_name=armor_path) self.debug('Cleanup the armor ccache') ipautil.run([paths.KDESTROY, '-A', '-c', armor_path], env={'KRB5CCNAME': armor_path}, raiseonerr=False) except RuntimeError as e: if ('kinit: Cannot read password while ' 'getting initial credentials') in str(e): raise PasswordExpired(principal=principal, message=unicode(e)) elif ('kinit: Client\'s entry in database' ' has expired while getting initial credentials') in str(e): raise KrbPrincipalExpired(principal=principal, message=unicode(e)) elif ('kinit: Clients credentials have been revoked ' 'while getting initial credentials') in str(e): raise UserLocked(principal=principal, message=unicode(e)) raise InvalidSessionPassword(principal=principal, message=unicode(e))
def __call__(self, environ, start_response): ''' ''' self.debug('WSGI jsonserver_kerb.__call__:') user_ccache = environ.get('KRB5CCNAME') if user_ccache is None: self.internal_error( environ, start_response, 'jsonserver_kerb.__call__: KRB5CCNAME not defined in HTTP request environment' ) return self.marshal(None, CCacheError()) self.create_context(ccache=user_ccache) try: response = super(jsonserver_kerb, self).__call__(environ, start_response) finally: destroy_context() return response