|
|
ef5b63 |
diff -rupN python-kerberos-1.1.orig/src/kerberos.c python-kerberos-1.1/src/kerberos.c
|
|
|
ef5b63 |
--- python-kerberos-1.1.orig/src/kerberos.c 2014-01-16 20:52:24.684000000 -0700
|
|
|
ef5b63 |
+++ python-kerberos-1.1/src/kerberos.c 2014-01-16 20:53:14.182000000 -0700
|
|
|
ef5b63 |
@@ -250,6 +250,30 @@ static PyObject *authGSSClientWrap(PyObj
|
|
|
ef5b63 |
return Py_BuildValue("i", result);
|
|
|
ef5b63 |
}
|
|
|
ef5b63 |
|
|
|
ef5b63 |
+static PyObject *authGSSClientInquireCred(PyObject *self, PyObject *args)
|
|
|
ef5b63 |
+{
|
|
|
ef5b63 |
+ gss_client_state *state;
|
|
|
ef5b63 |
+ PyObject *pystate;
|
|
|
ef5b63 |
+ int result = 0;
|
|
|
ef5b63 |
+ if (!PyArg_ParseTuple(args, "O", &pystate))
|
|
|
ef5b63 |
+ return NULL;
|
|
|
ef5b63 |
+
|
|
|
ef5b63 |
+ if (!PyCObject_Check(pystate)) {
|
|
|
ef5b63 |
+ PyErr_SetString(PyExc_TypeError, "Expected a context object");
|
|
|
ef5b63 |
+ return NULL;
|
|
|
ef5b63 |
+ }
|
|
|
ef5b63 |
+
|
|
|
ef5b63 |
+ state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
|
|
|
ef5b63 |
+ if (state == NULL)
|
|
|
ef5b63 |
+ return NULL;
|
|
|
ef5b63 |
+
|
|
|
ef5b63 |
+ result = authenticate_gss_client_inquire_cred(state);
|
|
|
ef5b63 |
+ if (result == AUTH_GSS_ERROR)
|
|
|
ef5b63 |
+ return NULL;
|
|
|
ef5b63 |
+
|
|
|
ef5b63 |
+ return Py_BuildValue("i", result);
|
|
|
ef5b63 |
+}
|
|
|
ef5b63 |
+
|
|
|
ef5b63 |
static PyObject *authGSSServerInit(PyObject *self, PyObject *args)
|
|
|
ef5b63 |
{
|
|
|
ef5b63 |
const char *service;
|
|
|
ef5b63 |
@@ -379,12 +403,16 @@ static PyMethodDef KerberosMethods[] = {
|
|
|
ef5b63 |
"Get the response from the last client-side GSSAPI step."},
|
|
|
ef5b63 |
{"authGSSClientUserName", authGSSClientUserName, METH_VARARGS,
|
|
|
ef5b63 |
"Get the user name from the last client-side GSSAPI step."},
|
|
|
ef5b63 |
+ {"authGSSClientInquireCred", authGSSClientInquireCred, METH_VARARGS,
|
|
|
ef5b63 |
+ "Get the current user name, if any, without a client-side GSSAPI step"},
|
|
|
ef5b63 |
{"authGSSServerInit", authGSSServerInit, METH_VARARGS,
|
|
|
ef5b63 |
"Initialize server-side GSSAPI operations."},
|
|
|
ef5b63 |
{"authGSSClientWrap", authGSSClientWrap, METH_VARARGS,
|
|
|
ef5b63 |
"Do a GSSAPI wrap."},
|
|
|
ef5b63 |
{"authGSSClientUnwrap", authGSSClientUnwrap, METH_VARARGS,
|
|
|
ef5b63 |
"Do a GSSAPI unwrap."},
|
|
|
ef5b63 |
+ {"authGSSClientInquireCred", authGSSClientInquireCred, METH_VARARGS,
|
|
|
ef5b63 |
+ "Get the current user name, if any."},
|
|
|
ef5b63 |
{"authGSSServerClean", authGSSServerClean, METH_VARARGS,
|
|
|
ef5b63 |
"Terminate server-side GSSAPI operations."},
|
|
|
ef5b63 |
{"authGSSServerStep", authGSSServerStep, METH_VARARGS,
|
|
|
ef5b63 |
diff -rupN python-kerberos-1.1.orig/src/kerberosgss.c python-kerberos-1.1/src/kerberosgss.c
|
|
|
ef5b63 |
--- python-kerberos-1.1.orig/src/kerberosgss.c 2014-01-16 20:52:24.739000000 -0700
|
|
|
ef5b63 |
+++ python-kerberos-1.1/src/kerberosgss.c 2014-01-16 20:53:14.183000000 -0700
|
|
|
ef5b63 |
@@ -388,6 +388,60 @@ end:
|
|
|
ef5b63 |
return ret;
|
|
|
ef5b63 |
}
|
|
|
ef5b63 |
|
|
|
ef5b63 |
+int authenticate_gss_client_inquire_cred(gss_client_state* state)
|
|
|
ef5b63 |
+{
|
|
|
ef5b63 |
+ OM_uint32 maj_stat;
|
|
|
ef5b63 |
+ OM_uint32 min_stat;
|
|
|
ef5b63 |
+ gss_cred_id_t client_creds = GSS_C_NO_CREDENTIAL;
|
|
|
ef5b63 |
+ gss_buffer_desc name_token = GSS_C_EMPTY_BUFFER;
|
|
|
ef5b63 |
+ gss_name_t name = GSS_C_NO_NAME;
|
|
|
ef5b63 |
+ int ret = AUTH_GSS_COMPLETE;
|
|
|
ef5b63 |
+
|
|
|
ef5b63 |
+ // Get credentials
|
|
|
ef5b63 |
+ maj_stat = gss_acquire_cred(&min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE,
|
|
|
ef5b63 |
+ GSS_C_NO_OID_SET, GSS_C_INITIATE, &client_creds, NULL, NULL);
|
|
|
ef5b63 |
+
|
|
|
ef5b63 |
+ if (GSS_ERROR(maj_stat))
|
|
|
ef5b63 |
+ {
|
|
|
ef5b63 |
+ set_gss_error(maj_stat, min_stat);
|
|
|
ef5b63 |
+ ret = AUTH_GSS_ERROR;
|
|
|
ef5b63 |
+ goto end;
|
|
|
ef5b63 |
+ }
|
|
|
ef5b63 |
+
|
|
|
ef5b63 |
+ // Get the name
|
|
|
ef5b63 |
+ maj_stat = gss_inquire_cred(&min_stat, client_creds, &name,
|
|
|
ef5b63 |
+ NULL, NULL, NULL);
|
|
|
ef5b63 |
+
|
|
|
ef5b63 |
+ if (GSS_ERROR(maj_stat))
|
|
|
ef5b63 |
+ {
|
|
|
ef5b63 |
+ set_gss_error(maj_stat, min_stat);
|
|
|
ef5b63 |
+ ret = AUTH_GSS_ERROR;
|
|
|
ef5b63 |
+ goto end;
|
|
|
ef5b63 |
+ }
|
|
|
ef5b63 |
+
|
|
|
ef5b63 |
+ maj_stat = gss_display_name(&min_stat, name, &name_token, NULL);
|
|
|
ef5b63 |
+
|
|
|
ef5b63 |
+ if (GSS_ERROR(maj_stat))
|
|
|
ef5b63 |
+ {
|
|
|
ef5b63 |
+ set_gss_error(maj_stat, min_stat);
|
|
|
ef5b63 |
+ ret = AUTH_GSS_ERROR;
|
|
|
ef5b63 |
+ goto end;
|
|
|
ef5b63 |
+ }
|
|
|
ef5b63 |
+
|
|
|
ef5b63 |
+ state->username = strndup(name_token.value, name_token.length);
|
|
|
ef5b63 |
+ if (!state->username) {
|
|
|
ef5b63 |
+ set_gss_error(GSS_S_FAILURE, ENOMEM);
|
|
|
ef5b63 |
+ ret = AUTH_GSS_ERROR;
|
|
|
ef5b63 |
+ }
|
|
|
ef5b63 |
+
|
|
|
ef5b63 |
+end:
|
|
|
ef5b63 |
+ (void)gss_release_cred(&min_stat, &client_creds);
|
|
|
ef5b63 |
+ (void)gss_release_buffer(&min_stat, &name_token);
|
|
|
ef5b63 |
+ (void)gss_release_name(&min_stat, &name);
|
|
|
ef5b63 |
+
|
|
|
ef5b63 |
+ return ret;
|
|
|
ef5b63 |
+}
|
|
|
ef5b63 |
+
|
|
|
ef5b63 |
int authenticate_gss_server_init(const char *service, gss_server_state *state)
|
|
|
ef5b63 |
{
|
|
|
ef5b63 |
OM_uint32 maj_stat;
|
|
|
ef5b63 |
diff -rupN python-kerberos-1.1.orig/src/kerberosgss.h python-kerberos-1.1/src/kerberosgss.h
|
|
|
ef5b63 |
--- python-kerberos-1.1.orig/src/kerberosgss.h 2014-01-16 20:52:24.759000000 -0700
|
|
|
ef5b63 |
+++ python-kerberos-1.1/src/kerberosgss.h 2014-01-16 20:53:37.505000000 -0700
|
|
|
ef5b63 |
@@ -55,6 +55,7 @@ int authenticate_gss_client_clean(gss_cl
|
|
|
ef5b63 |
int authenticate_gss_client_step(gss_client_state *state, const char *challenge);
|
|
|
ef5b63 |
int authenticate_gss_client_unwrap(gss_client_state* state, const char* challenge);
|
|
|
ef5b63 |
int authenticate_gss_client_wrap(gss_client_state* state, const char* challenge, const char* user);
|
|
|
ef5b63 |
+int authenticate_gss_client_inquire_cred(gss_client_state* state);
|
|
|
ef5b63 |
|
|
|
ef5b63 |
int authenticate_gss_server_init(const char* service, gss_server_state* state);
|
|
|
ef5b63 |
int authenticate_gss_server_clean(gss_server_state *state);
|