def __init__(self, service):
__, krb_context = kerberos.authGSSClientInit(service)
try:
kerberos.authGSSClientStep(krb_context, "")
except Exception as ex:
print '{0}'.format(ex)
self._krb_context = krb_context
self.auth_header = ("Negotiate " + kerberos.authGSSClientResponse(krb_context))
def generate_request_header(self, response):
"""
Generates the GSSAPI authentication token with kerberos.
If any GSSAPI step fails, return None.
"""
host = urlparse(response.url).hostname
try:
result, self.context[host] = kerberos.authGSSClientInit(
"{0}@{1}".format(self.service, host))
except kerberos.GSSError:
log.exception("generate_request_header(): authGSSClientInit() failed:")
return None
if result < 1:
log.error("generate_request_header(): authGSSClientInit() failed: "
"{0}".format(result))
return None
try:
result = kerberos.authGSSClientStep(self.context[host],
_negotiate_value(response))
except kerberos.GSSError:
log.exception("generate_request_header(): authGSSClientStep() failed:")
return None
if result < 0:
log.error("generate_request_header(): authGSSClientStep() failed: "
"{0}".format(result))
return None
try:
gss_response = kerberos.authGSSClientResponse(self.context[host])
except kerberos.GSSError:
log.exception("generate_request_header(): authGSSClientResponse() "
"failed:")
return None
return "Negotiate {0}".format(gss_response)
return stringvalue.encode("ascii")
def u(stringvalue):
return stringvalue
else:
def decodestring(stringvalue):
return base64.decodestring(stringvalue)
def encodestring(bytesvalue):
return base64.encodestring(bytesvalue)
def b(stringvalue):
return stringvalue
def u(stringvalue):
return stringvalue.decode("utf-8")
flags=k.GSS_C_CONF_FLAG|k.GSS_C_INTEG_FLAG|k.GSS_C_MUTUAL_FLAG|k.GSS_C_SEQUENCE_FLAG
errc, client = k.authGSSClientInit("test@vm-win7-kraemer", gssflags=flags)
# to run a kerberos enabled server under my account i set as domain admin:
# setspn -A test/vm-win7-kraemer MYDOMAIN\kraemer
# (might have to wait a few minutes before all DCs in active directory pick it up)
errs, server = k.authGSSServerInit("test@vm-win7-kraemer")
cres = sres= k.AUTH_GSS_CONTINUE
response = ""
round = 0
while sres == k.AUTH_GSS_CONTINUE or cres == k.AUTH_GSS_CONTINUE:
if cres == k.AUTH_GSS_CONTINUE:
cres = k.authGSSClientStep(client, response)
if cres == -1:
print("clientstep error")
import sys
# Platform-specific Kerberos requirements
if sys.platform == 'win32':
import kerberos_sspi as kerberos
else:
import kerberos
flags = kerberos.GSS_C_CONF_FLAG | kerberos.GSS_C_INTEG_FLAG | kerberos.GSS_C_MUTUAL_FLAG | kerberos.GSS_C_SEQUENCE_FLAG
client_errors, client = kerberos.authGSSClientInit(
"*****@*****.**", gssflags=flags)
server_errors, server = kerberos.authGSSServerInit(
"*****@*****.**")
client_response = server_response = kerberos.AUTH_GSS_CONTINUE
response = ""
counter = 0
while server_response == kerberos.AUTH_GSS_CONTINUE or client_response == kerberos.AUTH_GSS_CONTINUE:
if client_response == kerberos.AUTH_GSS_CONTINUE:
client_response = kerberos.authGSSClientStep(client, response)
if client_response == -1:
print("Client step error")
break
response = kerberos.authGSSClientResponse(client)
if server_response == kerberos.AUTH_GSS_CONTINUE:
server_response = kerberos.authGSSServerStep(server, response)
if server_response == -1:
def __init__(self, service):
_, krb_context = kerberos.authGSSClientInit(service)
kerberos.authGSSClientStep(krb_context, '')
self._krb_context = krb_context
self.auth_header = ('Negotiate ' + kerberos.authGSSClientResponse(krb_context))
def decodestring(stringvalue):
return base64.decodestring(stringvalue)
def encodestring(bytesvalue):
return base64.encodestring(bytesvalue)
def b(stringvalue):
return stringvalue
def u(stringvalue):
return stringvalue.decode("utf-8")
flags = k.GSS_C_CONF_FLAG | k.GSS_C_INTEG_FLAG | k.GSS_C_MUTUAL_FLAG | k.GSS_C_SEQUENCE_FLAG
errc, client = k.authGSSClientInit("test@vm-win7-kraemer", gssflags=flags)
# to run a kerberos enabled server under my account i set as domain admin:
# setspn -A test/vm-win7-kraemer MYDOMAIN\kraemer
# (might have to wait a few minutes before all DCs in active directory pick it up)
errs, server = k.authGSSServerInit("test@vm-win7-kraemer")
cres = sres = k.AUTH_GSS_CONTINUE
response = ""
round = 0
while sres == k.AUTH_GSS_CONTINUE or cres == k.AUTH_GSS_CONTINUE:
if cres == k.AUTH_GSS_CONTINUE:
cres = k.authGSSClientStep(client, response)
if cres == -1:
print("clientstep error")