apple / ccs-pykerberos Goto Github PK
View Code? Open in Web Editor NEWPython Kerberos library used by CalendarServer
Home Page: https://www.calendarserver.org
License: Apache License 2.0
Python Kerberos library used by CalendarServer
Home Page: https://www.calendarserver.org
License: Apache License 2.0
cuidighth@… originally submitted this as ticket:815
PyKerberos (https://svn.calendarserver.org/repository/calendarserver/PyKerberos/trunk/) is not Python 3 compatible. The main code is 100% compatible, but the setup.py uses the long deprecated (since 2.6, which was released in jurassic period or so) commands module which causes problems as it does not exist anymore. Changing the import to subprocess works for 3.x, but the backwards compatibility requires some work (I have no idea what as my Python skills are unfortunately still too feeble).
I would kindly ask someone to work on a version that works for both Python 2.x and 3.x as it is used by large amounts of projects via pypi (see https://pypi.python.org/pypi/kerberos/). Those projects are sadly at this moment unable to upgrade their Python versions due a minor problem in this package. PyKerberos is used because it offers the most convenience API for interfacing with GSSAPI/Kerberos for web based services, and it has been used with basically every major Python based web development framework.
I contacted earlier Roland (mentioned as the maintainer at pypi), and he said he doesn't really maintain the package. Apparently this should be done by that CalendarServer project and/or Apple.
tylerlhobbs@… originally submitted this as ticket:512
The principal argument is supposed to have a default value of None, but the format string for this function uses 's', which does not allow for a None value.
dan@… originally submitted this as ticket:906
FYI, I have submitted patches for py-requests to the FreeBSD project so that PyKerberos will work with either of:
This allows our users to choose from:
I thought you might be interested in the patches, available from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199123
See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199123
rbasch@… originally submitted this as ticket:355
In PyKerberos 1.1, authenticate_gss_client_wrap() (src/kerberosgss.c) miscalculates the length of the username string when wrapping it, by including the terminating null character in the length. This results in authentication failures. I am attaching a patch that seems to fix the problem.
agx@… originally submitted this as ticket:51
Errorhandling in pykerberos is currently very poor - especially in the gssapi case. We can only check for 0 and -1. I see two ways out of this: we modify the functions to also return the output of get_gss_error or (what I'd like better) throw an exception that has the get_gss_error output as textual represenations. Without this, the module is kind of hard to use since there are little ways to diagnose errors. Any thoughs?
@agx originally submitted this as ticket:282
Attached patch makes the above function more generic by not always forcing the username into the return buffer. Mostly based on a patch from Jelmer Vernooij <jelmer@…>
hugh.xie@… originally submitted this as ticket:900
Successfully tested kerberos delegation on trunk (v1.1.2, ticket 862). Please push this version to PyPI. Thanks.
daniel@… originally submitted this as ticket:481
The combination of these allow the creation of e.g. web interfaces that connect to other services on behalf of the user.
The delegation is to allow for services acting on behalf of the user.
Removing the previously forced base64 makes it possible to use as an authenticator in other Python modules, for instance imaplib.IMAP4.
The Pythonic API means a GSSAPI-authenticated IMAP instantiation looks like:
imap = imaplib.IMAP4('mail.example.com', 143)
imap.authenticate('GSSAPI', kerberos.GSSAPIClient('[email protected]', username='username', do_base64=False))
which IMHO looks a lot nicer than what is presently needed.
wsiegrist@… originally submitted this as ticket:435
Here is a patch that adds support to authGSSClientInit (gss_init_sec_context) for using the non-default principal. It adds a "principal" kwarg to authGSSClientInit() which gets stashed in the client state struct and used when gss_init_sec_context is called. The default behavior is unchanged.
pkropf@… originally submitted this as ticket:203
I'm running into a problem building the calendar server. When ./run -s gets to building PyKerberos, here's what happens:
Building PyKerberos...
running build
running build_ext
building 'kerberos' extension
creating build
creating build/temp.macosx-10.3-i386-2.4
creating build/temp.macosx-10.3-i386-2.4/src
/usr/bin/gcc-4.0 -fno-strict-aliasing -Wno-long-double -no-cpp-precomp -fno-common -fno-common -dynamic -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -I/opt/local/Library/Frameworks/Python.framework/Versions/2.4/include/python2.4 -c src/kerberos.c -o build/temp.macosx-10.3-i386-2.4/src/kerberos.o -I/opt/local/include
In file included from src/kerberosbasic.h:20,
from src/kerberos.c:21:
/usr/include/gssapi/gssapi_generic.h:46: error: syntax error before ‘extern’
/usr/include/gssapi/gssapi_generic.h:47: error: syntax error before ‘extern’
/usr/include/gssapi/gssapi_generic.h:48: error: syntax error before ‘extern’
/usr/include/gssapi/gssapi_generic.h:50: error: syntax error before ‘extern’
error: command '/usr/bin/gcc-4.0' failed with exit status 1
This is on a Leopard based system.
hugh.xie@… originally submitted this as ticket:862
Hello,
I have enhanced package https://pypi.python.org/pypi/kerberos to support S4U2Proxy. Here are the major changes:
gss_acquire_cred() - 2nd parameter desired_name need to be switched to GSS_C_NO_NAME; 5th parameter cred_usage to GSS_C_BOTH
gss_accept_sec_context() - 9th output parameter ret_flags must be specified instead of NULL; 11th output parameter delegated_cred_handle must be specified instead of NULL.
gss_init_sec_context() - 2nd parameter cred_handle must be passed with delegated_cred_handle from gss_accept_sec_context()
I like to know how to submit this change to the standard build.
P.S. The enhancement for S4U2Proxy can only works with MIT Krb5 lib 1.10 or later (the rest are backward compatible if not using delegation). Here is discussion with MIT team: https://www.mail-archive.com/[email protected]/msg20810.html
@agx originally submitted this as ticket:255
Hi, the C code in pykerberos is a wild mixture of tabs and spaces, the indentation looks weird in general. I even have a hard time to find out what's intended, otherwise I'd send a patch.
roland@… originally submitted this as ticket:439
The version setup.py in py kerberos has 1.0 even though 1.1 was released a long time ago.
ssorce@… originally submitted this as ticket:311
We use PyKerberos in the FreeIPA project. Up to version one we carried a patch to set the delegate flag by default. With version 1.1 of PyKerberos I added a few flags to the init function so that it is easy to control the flags without patching the code. The code is backwards compatible as it adds a default argument to the function that is set to the previous defaults.
It would be nice if you would consider including this patch in the upstream distribution.
glen@… originally submitted this as ticket:915
Changes introduced by #830 to support credential inquiry also introduced a memory leak in the event authGSSClientInquireCred is called multiple times, or when authGSSClientInquireCred is called after authGSSClientStep returns a complete response code. Attached is a patch to fix the memory leak.
The patch also finishes the work of #830 by:
@agx originally submitted this as ticket:275
Hi, we currently have to branches in pykerberos: trunk (with pw changing support) and more-kerberos with basic wrap/unwarp support (enough to to handle imaps, the API is extendable). Can these please be merged since tracking both seems more work then necessary.
-- Guido
glen@… originally submitted this as ticket:914
To give PyKerberos a fighting chance under low memory conditions we should check the value returned by malloc (and by functions that use malloc on our behalf), before attempting to access the memory and causing a possible segfault. Attached is a patch that does this - in the event malloc returns NULL it will generally cause a Python MemoryError to be raise by calling PyErr_NoMemory(), although the exact handling depends on the context.
ikatrina@… originally submitted this as ticket:796
Currently the PyKerberos library only supports integrity protection (signing) with authGSSClientWrap/authGSSClientUnwrap. It would be nice if confidentiality (encryption) were supported as well. And a way for the caller to check whether a buffer was encrypted when calling authGSSClientUnwrap would also be needed. This way, a caller has a way of rejecting a buffer if it was not encrypted.
Whether encryption is done when calling gss_wrap is controlled by a passed in flag. It is the third parameter passed into gss_wrap. 1 means encrypt, 0 means just sign, no encryption.
gss_unwrap will take both encrypted and only integrity protected buffers. It will set a flag indicating whether the buffer was encrypted or just integrity protected. This flag is the fifth parameter to the call. 1 means that the buffer was encrypted and 0 means the buffer was just integrity protected.
Currently PyKerberos provides no way to set the flag when calling authGSSClientWrap (it uses the value of 0 - so only integrity protection, no confidentiality) or check the flag when calling authGSSClientUnwrap (the flag is ignored).
tylerlhobbs@… originally submitted this as ticket:513
These operations can take a long time to complete, and they currently hold the GIL, making the library unsuitable for multithreaded use.
@wsanchez originally submitted this as ticket:141
Current GSS client code does not handle the case where multiple realms are defined and in use on the client.
duncan.macleod@… originally submitted this as ticket:908
pip-3.4 install kerberos
fails due to a NameError
in setup.py
:
$ pip-3.4 install kerberos
Collecting kerberos
Using cached kerberos-1.2.2.tar.gz
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "<string>", line 20, in <module>
File "/Users/duncan/tmp/pip-build-z2tgrlen/kerberos/setup.py", line 36, in <module>
long_description = file(joinpath(dirname(__file__), "README.rst")).read()
NameError: name 'file' is not defined
----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /Users/duncan/tmp/pip-build-z2tgrlen/kerberos
The file
builtin was removed in python3, but you can use the open
builtin in both python2 and python3 to achieve the same functionality.
@agx originally submitted this as ticket:256
Hi, attached Patch adds password changing to pykerberos. Some of the code overlaps with kerberosbasic.c but that can easily be cleaned up at later once the formatting issues are solved. Please apply to the more-kerberos branch.
message.adams@… originally submitted this as ticket:847
Important functionality currently missing from PyKerberos, is the ability for a middle tier server to reuse the client's credentials to authenticate against another server (credential delegation).
ticket #481 (submitted by Daniel) kindly added a patch for this, but the patch also contained a number of other changes which may prevent the delegation work from being committed to trunk. This ticket contains just the delegation work submitted by Daniel, which I hope will expedite these changes into trunk - as I feel this is very valuable functionality.
john@… originally submitted this as ticket:924
Environment:
% uname -s -r
FreeBSD 10.2-STABLE
% python --version
Python 2.7.10
% /usr/local/bin/krb5-config --version
Kerberos 5 release 1.13.2
% /usr/local/bin/ktutil
ktutil: rkt example.keytab
ktutil: l -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 2 example/[email protected] (aes256-cts-hmac-sha1-96)
2 2 example/[email protected] (aes128-cts-hmac-sha1-96)
3 2 example/[email protected] (des3-cbc-sha1)
4 2 example/[email protected] (arcfour-hmac)
Passing test with PyKerberos r14485:
% env KRB5_KTNAME=example.keytab \
python -c "import kerberos; result, ctx = kerberos.authGSSServerInit('example'); print(result)"
1
Failing test with PyKerberos r14486:
% env KRB5_KTNAME=example.keytab \
python -c "import kerberos; result, ctx = kerberos.authGSSServerInit('example'); print(result)"
Traceback (most recent call last):
File "<string>", line 1, in <module>
kerberos.GSSError: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('No Kerberos credentials available', -1765328243))
The offending revision per #862 changes the invocation of gss_acquire_cred()
to pass GSS_C_NO_NAME
instead of state->server_name
.
I don't know how to resolve this short of rolling back the change in #862.
tylerlhobbs@… originally submitted this as ticket:791
The attached patch makes it easy to build an RPM package by running 'make -f redhat/makefile'.
j.warburton@… originally submitted this as ticket:849
In some cases, when delegation is disabled but the user attempts to store delegated credentials, the program will crash due to attempting to dereference a null pointer as there is no null pointer check inside gss_krb5_copy_ccache. Attached is a patch to fix this and raise an exception back to python
roland@… originally submitted this as ticket:440
Please release PyKerberos on PyPi. That way it become's easy_install-able.
j.warburton@… originally submitted this as ticket:842
I have added the functions authGSSServerStoreDelegate() and authGSSServerCacheName() to allow kerberos to save and access forwarded tickets so that it can authenticate to other services on behalf of the client.
glen@… originally submitted this as ticket:913
Changes introduced by #847 to support credential delegation also introduced a crash under some circumstances when an uninitialised pointer is accessed. Attached is a patch to initialise the pointer to NULL, and to check for NULL before using the pointer.
Martin.vGagern@… originally submitted this as ticket:404
PyKerberos won't compile against Heimdal 1.3.3 on my Gentoo Linux system.
gssapi/gssapi_generic.h
header filekrb5_context
type is declared in krb5.h
krb5_kt_cursor
isn't a pointer, so you can't assign NULLgss_krb5_nt_service_name
is undefined, GSS_KRB5_NT_PRINCIPAL_NAME
seems to be the heimdal replacementSome of these, like the missing gss_krb5_nt_service_name
, have been mentioned in ticket #37 already, but it seems they never made it into the tree.
I'll attach a patch addressing the errors, but I assume it will break compatibility with MIT Kerberos. Don't know the best approach to cater for both. Maybe we should check some preprocessor macro. Or we could check the presence of certain header files in setup.py, and supply our own preprocessor macro from this information. Or we could investigate the list of libraries that krb5-config generates, as I believe e.g. libroken
to be specific to Heimdal. Not sure, though.
Some functions used by the code are deprecated according to the Heimdal header file:
krb5_xfree
instead of krb5_free_unparsed_name
krb5_get_init_creds_opt_alloc
instead of krb5_get_init_creds_opt_init
krb5_set_password
instead of krb5_change_password
I haven't addressed these in my patch, as they are only warnings, but perhaps you should note them for future reference. And if MIT Kerberos provides the newer functions as well, you should switch as soon as possible.
dcallagh@… originally submitted this as ticket:942
In r13269 the argument parsing for authGSSClientInit was (accidentally?) changed to no longer accept None for the principal argument.
This breaks the requests-kerberos module: requests/requests-kerberos#76
Fix is trivial, change s
back to z
in the argument format string.
rcritten@… originally submitted this as ticket:830
GSSAPI defines the function gss_inquire_cred() to get information about existing GSS credentials. This lets one peek into the credential store without initiating communication with a server.
In the case of Kerberos this would return the principal name of the current TGT.
@agx originally submitted this as ticket:214
needed to establish gssapi to e.g. cyrus or dovecot imapd.
dpejesh@… originally submitted this as ticket:930
This patch allows setting the mech oid to SPNEGO for HTTP authentication.
res@… originally submitted this as ticket:833
The python-kerberos checkPassword() method is badly insecure. It does a kinit (AS-REQ) to ask a KDC for a TGT for the given user principal, and interprets the success or failure of that as indicating whether the password is correct. It does not, however, verify that it actually spoke to a trusted KDC: an attacker may simply reply instead with an AS-REP which matches the password he just gave you.
Imagine you were verifying a password using LDAP authentication rather than Kerberos: you would, of course, use TLS in conjunction with LDAP to make sure you were talking to a real, trusted LDAP server. The same requirement applies here. kinit is not a password-verification service.
The usual way of doing this is to take the TGT you've obtained with the user's password, and then obtain a ticket for a principal for which the verifier has keys (e.g. a web server processing a username/password form login might get a ticket for its own HTTP/host@REALM principal), which it can then verify. Note that this requires that the verifier have its own Kerberos identity, which is mandated by the symmetric nature of Kerberos (whereas in the LDAP case, the use of public-key cryptography allows anonymous verification).
If this is not implemented, the documentation should at least indicate that there is no protection against KDC spoofing attacks here.
@agx originally submitted this as ticket:213
improves the code readability since we don't have to remember which of these is zero and one.
agx@… originally submitted this as ticket:37
Hi, attached is a bunch of patches that adds support for linux/heimdal. They might not be as clean as possible but should show fairly well what to do. Please apply as approprioate. The patch order is:
Cheers,
-- Guido
hugh.xie@… originally submitted this as ticket:901
Please correct 1.1.2 pushed to pypi. All .h files are missing.
building 'kerberos' extension gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -fPIC -I/efs/dist/python/core/2.6.5/exec/include/python2.6 -c src/kerberos.c -o build/temp.linux-x86_64-2.6/src/kerberos.o -I/efs/dist/kerberos/mit/1.11.5-build001/common/include src/kerberos.c:19:27: fatal error: kerberosbasic.h: No such file or directory
#include "kerberosbasic.h"
ls src base64.c kerberosbasic.c kerberos.c kerberosgss.c kerberospw.c
herron@… originally submitted this as ticket:909
When I run the "python setup.py build" command, I get the following compilation errors:
C:\python27\python setup.py build
running build
running build_ext
building 'kerberos' extension
c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\cl.exe /c /nologo /Ox /MD /W3 /GS- /DNDEBUG -IC:\python27\incl
ude -IC:\python27\PC /Tcsrc/base64.c /Fobuild\temp.win32-2.7\Release\src/base64.obj '{' is not recognized as an internal
or external command, operable program or batch file.
cl : Command line warning D9024 : unrecognized source file type ''{'', object file assumed
cl : Command line warning D9027 : source file ''{'' ignored
cl : Command line warning D9024 : unrecognized source file type 'is', object file assumed
cl : Command line warning D9027 : source file 'is' ignored
cl : Command line warning D9024 : unrecognized source file type 'not', object file assumed
cl : Command line warning D9027 : source file 'not' ignored
cl : Command line warning D9024 : unrecognized source file type 'recognized', object file assumed
cl : Command line warning D9027 : source file 'recognized' ignored
cl : Command line warning D9024 : unrecognized source file type 'as', object file assumed
cl : Command line warning D9027 : source file 'as' ignored
cl : Command line warning D9024 : unrecognized source file type 'an', object file assumed
cl : Command line warning D9027 : source file 'an' ignored
cl : Command line warning D9024 : unrecognized source file type 'internal', object file assumed
cl : Command line warning D9027 : source file 'internal' ignored
cl : Command line warning D9024 : unrecognized source file type 'or', object file assumed
cl : Command line warning D9027 : source file 'or' ignored
cl : Command line warning D9024 : unrecognized source file type 'external', object file assumed
cl : Command line warning D9027 : source file 'external' ignored
cl : Command line warning D9024 : unrecognized source file type 'command,', object file assumed
cl : Command line warning D9027 : source file 'command,' ignored
cl : Command line warning D9024 : unrecognized source file type 'operable', object file assumed
cl : Command line warning D9027 : source file 'operable' ignored
cl : Command line warning D9024 : unrecognized source file type 'program', object file assumed
cl : Command line warning D9027 : source file 'program' ignored
cl : Command line warning D9024 : unrecognized source file type 'or', object file assumed
cl : Command line warning D9027 : source file 'or' ignored
cl : Command line warning D9024 : unrecognized source file type 'batch', object file assumed
cl : Command line warning D9027 : source file 'batch' ignored
cl : Command line warning D9024 : unrecognized source file type 'file.', object file assumed
cl : Command line warning D9027 : source file 'file.' ignored
base64.c
src/base64.c(59) : error C2143: syntax error : missing ';' before 'type'
src/base64.c(60) : error C2065: 'oval' : undeclared identifier
src/base64.c(61) : error C2065: 'oval' : undeclared identifier
src/base64.c(78) : error C2143: syntax error : missing ';' before 'type'
src/base64.c(80) : error C2275: 'size_t' : illegal use of this type as an expression
c:\program files (x86)\microsoft visual studio 9.0\vc\include\codeanalysis\sourceannotations.h(19) : see declara
tion of 'size_t'
src/base64.c(80) : error C2146: syntax error : missing ';' before identifier 'vlen'
src/base64.c(80) : error C2065: 'vlen' : undeclared identifier
src/base64.c(81) : error C2143: syntax error : missing ';' before 'type'
src/base64.c(82) : error C2143: syntax error : missing ';' before 'type'
src/base64.c(86) : error C2065: 'result' : undeclared identifier
src/base64.c(86) : warning C4047: 'return' : 'unsigned char *' differs in levels of indirection from 'int'
src/base64.c(88) : error C2065: 'c1' : undeclared identifier
src/base64.c(89) : error C2065: 'c1' : undeclared identifier
src/base64.c(89) : error C2065: 'c1' : undeclared identifier
src/base64.c(89) : error C2065: 'c1' : undeclared identifier
src/base64.c(92) : error C2065: 'c2' : undeclared identifier
src/base64.c(93) : error C2065: 'c2' : undeclared identifier
src/base64.c(93) : error C2065: 'c2' : undeclared identifier
src/base64.c(93) : error C2065: 'c2' : undeclared identifier
src/base64.c(96) : error C2065: 'c3' : undeclared identifier
src/base64.c(97) : error C2065: 'c3' : undeclared identifier
src/base64.c(97) : error C2065: 'c3' : undeclared identifier
src/base64.c(97) : error C2065: 'c3' : undeclared identifier
src/base64.c(97) : error C2065: 'c3' : undeclared identifier
src/base64.c(100) : error C2065: 'c4' : undeclared identifier
src/base64.c(101) : error C2065: 'c4' : undeclared identifier
src/base64.c(101) : error C2065: 'c4' : undeclared identifier
src/base64.c(101) : error C2065: 'c4' : undeclared identifier
src/base64.c(101) : error C2065: 'c4' : undeclared identifier
src/base64.c(106) : error C2065: 'out' : undeclared identifier
src/base64.c(106) : error C2100: illegal indirection
src/base64.c(106) : error C2065: 'c1' : undeclared identifier
src/base64.c(106) : error C2065: 'c1' : undeclared identifier
src/base64.c(106) : error C2065: 'c1' : undeclared identifier
src/base64.c(106) : error C2065: 'c2' : undeclared identifier
src/base64.c(106) : error C2065: 'c2' : undeclared identifier
src/base64.c(106) : error C2065: 'c2' : undeclared identifier
src/base64.c(106) : error C2106: '=' : left operand must be l-value
src/base64.c(109) : error C2065: 'c3' : undeclared identifier
src/base64.c(110) : error C2065: 'out' : undeclared identifier
src/base64.c(110) : error C2100: illegal indirection
src/base64.c(110) : error C2065: 'c2' : undeclared identifier
src/base64.c(110) : error C2065: 'c2' : undeclared identifier
src/base64.c(110) : error C2065: 'c2' : undeclared identifier
src/base64.c(110) : error C2065: 'c3' : undeclared identifier
src/base64.c(110) : error C2065: 'c3' : undeclared identifier
src/base64.c(110) : error C2065: 'c3' : undeclared identifier
src/base64.c(110) : error C2106: '=' : left operand must be l-value
src/base64.c(113) : error C2065: 'c4' : undeclared identifier
src/base64.c(114) : error C2065: 'out' : undeclared identifier
src/base64.c(114) : error C2100: illegal indirection
src/base64.c(114) : error C2065: 'c3' : undeclared identifier
src/base64.c(114) : error C2065: 'c3' : undeclared identifier
src/base64.c(114) : error C2065: 'c3' : undeclared identifier
src/base64.c(114) : error C2065: 'c4' : undeclared identifier
src/base64.c(114) : error C2065: 'c4' : undeclared identifier
src/base64.c(114) : error C2065: 'c4' : undeclared identifier
src/base64.c(114) : error C2106: '=' : left operand must be l-value
src/base64.c(121) : error C2065: 'result' : undeclared identifier
src/base64.c(121) : error C2100: illegal indirection
src/base64.c(124) : error C2065: 'result' : undeclared identifier
src/base64.c(124) : warning C4047: 'return' : 'unsigned char *' differs in levels of indirection from 'int'
error: command '"c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\cl.exe"' failed with exit status 2
bland@… originally submitted this as ticket:288
There is a missed keytab entry celanup here: http://trac.calendarserver.org/browser/PyKerberos/trunk/src/kerberosgss.c#L86 Expected krb5_free_keytab_entry_contents(kcontext, &entry); bellow this line.
hugh.xie@… originally submitted this as ticket:904
Missing base64.h and base64.c ther is a strange base64.csrc subdir in src:
tar tzvf kerberos-1.2.0.tar.gz
drwxr-xr-x wsanchez/staff 0 2015-03-26 14:38 kerberos-1.2.0/
-rw-r--r-- wsanchez/staff 837 2015-03-26 14:38 kerberos-1.2.0/PKG-INFO
-rw-r--r-- wsanchez/staff 2018 2015-03-26 14:31 kerberos-1.2.0/README.txt
-rw-r--r-- wsanchez/staff 2094 2015-03-26 14:36 kerberos-1.2.0/setup.py
drwxr-xr-x wsanchez/staff 0 2015-03-26 14:38 kerberos-1.2.0/src/
drwxr-xr-x wsanchez/staff 0 2015-03-26 14:38 kerberos-1.2.0/src/base64.csrc/
-rw-r--r-- wsanchez/staff 16930 2015-03-26 14:31 kerberos-1.2.0/src/kerberos.c
-rw-r--r-- wsanchez/staff 3963 2015-03-26 14:31 kerberos-1.2.0/src/kerberosbasic.c
-rw-r--r-- wsanchez/staff 898 2015-03-26 14:31 kerberos-1.2.0/src/kerberosbasic.h
-rw-r--r-- wsanchez/staff 24173 2015-03-26 14:31 kerberos-1.2.0/src/kerberosgss.c
-rw-r--r-- wsanchez/staff 2507 2015-03-26 14:31 kerberos-1.2.0/src/kerberosgss.h
-rw-r--r-- wsanchez/staff 4414 2015-03-26 14:31 kerberos-1.2.0/src/kerberospw.c
-rw-r--r-- wsanchez/staff 867 2015-03-26 14:31 kerberos-1.2.0/src/kerberospw.h
@cyrusdaboo originally submitted this as ticket:39
The Kerberos/krb_err.h header file is no longer included in the Kerberos.framework on 10.5. Its not needed anyhow as it releates to Kerberos IV - but we just use Kerberos V.
raubvogel@… originally submitted this as ticket:477
Since in ubuntu apache is run as its own user (www-data), I have a separate keytab, in /etc/apache2/krb5.keytab, which contains the HTTP principal. How can I specify the location of the keytab in pyKerberos?
bernie.hackett@… originally submitted this as ticket:936
Both authGSSClientClean and authGSSServerClean call PyCObject_SetVoidPtr(pystate, NULL). When built for python 3.x PyCObject_SetVoidPtr is aliased as PyCapsule_SetPointer. According to The C API docs, the second parameter to PyCapsule_SetPointer cannot be NULL:
https://docs.python.org/3.1/c-api/capsule.html#PyCapsule_SetPointer
Reproduction:
Python 3.4.3 (v3.4.3:9b73f1c3e601, Feb 23 2015, 02:52:03) [GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin Type "help", "copyright", "credits" or "license" for more information.
import kerberos res, ctx = kerberos.authGSSClientInit("someservice@somehost") kerberos.authGSSClientClean(ctx)
1
res, ctx = kerberos.authGSSClientInit("someservice@somehost")
ValueError: PyCapsule_SetPointer called with null pointer
This makes PyKerberos unusable under python 3.
tylerlhobbs@… originally submitted this as ticket:792
The attached patch adds debian package metadata. To build a package, simply run 'dpkg-buildpackage'.
@agx originally submitted this as ticket:281
without this we see:
SystemError: error return without exception set
which is not very helpful
@agx originally submitted this as ticket:283
Attached patch makes the above function more generic by not always forcing the username into the return buffer. Mostly based on a patch from Jelmer Vernooij <jelmer@…>
alex@… originally submitted this as ticket:798
This patch introduces Python 3 support, while maintaining support for Python 2.6. I've attempted to do this in a low-impact way where possible.
./src/kerberos.c is altered with preprocessor statements to substitute or translate the existing API calls to their Python 3 equivalents when required. When building against Python 2, the code should be effectively the same.
./setup.py is altered to import the getoutput function from the version specific library. Also, the Python 3 classifier is added to the classifiers list.
./test.py is altered to import HTTPSConnection and HTTPConnection from the version specific library. Print statements are altered to be Python 3 and Python 2.6 compatible. Additionally, the as keyword replaces the comma in exception handling (this is also Python 2.6 compatible).
To build the package against Python 3 call:
python3 setup.py build
i.e. use the regular build command, but substitute python3 for python (or python3 for python2 depending on the platform).
I've tested test.py's "basic" mode with Python 3.3 and Python 2.7, and it appears to work normally.
The patch is signed with the key alex <at> szc.ca - 4096R/645DAFC3
dan@… originally submitted this as ticket:905
We are using https://github.com/requests/requests-kerberos which uses http://trac.calendarserver.org/wiki/PyKerberos
I raised an issue with requests-kerberos earlier today.
When trying to authenticate, we get an error:
015-03-31 11:08:00,166 kerberos_.py - ERROR - generate_request_header(): authGSSClientStep() failed:
Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/requests_kerberos/kerberos_.py", line 113, in generate_request_header
_negotiate_value(response))
GSSError: ((' Miscellaneous failure (see text)', 851968), ('Server (krbtgt/[email protected]) unknown', -1765328377))
I suspect we do not want to use krbtgt, as shown in the "Server ... unknown" above, but rather, we want HTTP, and I do not know how to adjust that.
Ideas please?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.