Blob Blame History Raw
diff -uPr python-kerberos-1.1/pysrc/kerberos.py python-kerberos-1.1-gssflags/pysrc/kerberos.py
--- python-kerberos-1.1/pysrc/kerberos.py	2008-09-17 07:17:15.000000000 -0400
+++ python-kerberos-1.1-gssflags/pysrc/kerberos.py	2008-12-15 09:21:42.000000000 -0500
@@ -90,7 +90,18 @@
 AUTH_GSS_CONTINUE=0 
 AUTH_GSS_COMPLETE=1 
      
-def authGSSClientInit(service):
+#Some useful gss flags
+GSS_C_DELEG_FLAG=1
+GSS_C_MUTUAL_FLAG=2
+GSS_C_REPLAY_FLAG=4
+GSS_C_SEQUENCE_FLAG=8
+GSS_C_CONF_FLAG=16
+GSS_C_INTEG_FLAG=32
+GSS_C_ANON_FLAG=64
+GSS_C_PROT_READY_FLAG=128
+GSS_C_TRANS_FLAG=256
+
+def authGSSClientInit(service, gssflags=GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG):
     """
     Initializes a context for GSSAPI client-side authentication with the given service principal.
     authGSSClientClean must be called after this function returns an OK result to dispose of
@@ -98,6 +109,9 @@
 
     @param service: a string containing the service principal in the form 'type@fqdn'
         (e.g. 'imap@mail.apple.com').
+    @param gssflags: optional integer used to set GSS flags.
+        (e.g.  GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG will allow
+         to forward credentials to the remote host)
     @return:        a tuple of (result, context) where result is the result code (see above) and
         context is an opaque value that will need to be passed to subsequent functions.
     """
diff -uPr python-kerberos-1.1/src/kerberos.c python-kerberos-1.1-gssflags/src/kerberos.c
--- python-kerberos-1.1/src/kerberos.c	2008-09-17 05:38:55.000000000 -0400
+++ python-kerberos-1.1-gssflags/src/kerberos.c	2008-12-15 09:26:39.000000000 -0500
@@ -84,20 +84,22 @@
         return NULL;
 }
 
-static PyObject* authGSSClientInit(PyObject* self, PyObject* args)
+static PyObject* authGSSClientInit(PyObject* self, PyObject* args, PyObject* keywds)
 {
     const char *service;
     gss_client_state *state;
     PyObject *pystate;
+    static char *kwlist[] = {"service", "gssflags", NULL};
+    long int gss_flags = GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG;
     int result = 0;
     
-    if (!PyArg_ParseTuple(args, "s", &service))
+    if (!PyArg_ParseTupleAndKeywords(args, keywds, "s|l", kwlist, &service, &gss_flags))
         return NULL;
     
     state = (gss_client_state *) malloc(sizeof(gss_client_state));
     pystate = PyCObject_FromVoidPtr(state, NULL);
     
-    result = authenticate_gss_client_init(service, state);
+    result = authenticate_gss_client_init(service, gss_flags, state);
     if (result == AUTH_GSS_ERROR)
         return NULL;
     
@@ -367,7 +369,7 @@
      "Change the user password."},
     {"getServerPrincipalDetails",  getServerPrincipalDetails, METH_VARARGS,
      "Return the service principal for a given service and hostname."},
-    {"authGSSClientInit",  authGSSClientInit, METH_VARARGS,
+    {"authGSSClientInit",  (PyCFunction)authGSSClientInit, METH_VARARGS|METH_KEYWORDS,
      "Initialize client-side GSSAPI operations."},
     {"authGSSClientClean",  authGSSClientClean, METH_VARARGS,
      "Terminate client-side GSSAPI operations."},
@@ -427,6 +429,15 @@
     PyDict_SetItemString(d, "AUTH_GSS_COMPLETE", PyInt_FromLong(AUTH_GSS_COMPLETE)); 
     PyDict_SetItemString(d, "AUTH_GSS_CONTINUE", PyInt_FromLong(AUTH_GSS_CONTINUE)); 
 
+    PyDict_SetItemString(d, "GSS_C_DELEG_FLAG", PyInt_FromLong(GSS_C_DELEG_FLAG)); 
+    PyDict_SetItemString(d, "GSS_C_MUTUAL_FLAG", PyInt_FromLong(GSS_C_MUTUAL_FLAG)); 
+    PyDict_SetItemString(d, "GSS_C_REPLAY_FLAG", PyInt_FromLong(GSS_C_REPLAY_FLAG)); 
+    PyDict_SetItemString(d, "GSS_C_SEQUENCE_FLAG", PyInt_FromLong(GSS_C_SEQUENCE_FLAG)); 
+    PyDict_SetItemString(d, "GSS_C_CONF_FLAG", PyInt_FromLong(GSS_C_CONF_FLAG)); 
+    PyDict_SetItemString(d, "GSS_C_INTEG_FLAG", PyInt_FromLong(GSS_C_INTEG_FLAG)); 
+    PyDict_SetItemString(d, "GSS_C_ANON_FLAG", PyInt_FromLong(GSS_C_ANON_FLAG)); 
+    PyDict_SetItemString(d, "GSS_C_PROT_READY_FLAG", PyInt_FromLong(GSS_C_PROT_READY_FLAG)); 
+    PyDict_SetItemString(d, "GSS_C_TRANS_FLAG", PyInt_FromLong(GSS_C_TRANS_FLAG)); 
 error:
     if (PyErr_Occurred())
         PyErr_SetString(PyExc_ImportError, "kerberos: init failed");
diff -uPr python-kerberos-1.1/src/kerberosgss.c python-kerberos-1.1-gssflags/src/kerberosgss.c
--- python-kerberos-1.1/src/kerberosgss.c	2008-09-17 06:35:15.000000000 -0400
+++ python-kerberos-1.1-gssflags/src/kerberosgss.c	2008-12-15 09:21:42.000000000 -0500
@@ -108,7 +108,7 @@
     return result;
 }
 
-int authenticate_gss_client_init(const char* service, gss_client_state* state)
+int authenticate_gss_client_init(const char* service, long int gss_flags, gss_client_state* state)
 {
     OM_uint32 maj_stat;
     OM_uint32 min_stat;
@@ -119,6 +119,7 @@
     state->context = GSS_C_NO_CONTEXT;
     state->username = NULL;
     state->response = NULL;
+    state->gss_flags = gss_flags;
     
     // Import server name first
     name_token.length = strlen(service);
@@ -190,7 +191,7 @@
 				    &state->context,
 				    state->server_name,
 				    GSS_C_NO_OID,
-				    GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
+				    (OM_uint32)state->gss_flags,
 				    0,
 				    GSS_C_NO_CHANNEL_BINDINGS,
 				    &input_token,
diff -uPr python-kerberos-1.1/src/kerberosgss.h python-kerberos-1.1-gssflags/src/kerberosgss.h
--- python-kerberos-1.1/src/kerberosgss.h	2008-05-23 12:40:38.000000000 -0400
+++ python-kerberos-1.1-gssflags/src/kerberosgss.h	2008-12-15 09:21:42.000000000 -0500
@@ -33,6 +33,7 @@
 typedef struct {
     gss_ctx_id_t     context;
     gss_name_t       server_name;
+    long int         gss_flags;
     char*            username;
     char*            response;
 } gss_client_state;
@@ -49,7 +50,7 @@
 
 char* server_principal_details(const char* service, const char* hostname);
 
-int authenticate_gss_client_init(const char* service, gss_client_state* state);
+int authenticate_gss_client_init(const char* service, long int gss_flags, gss_client_state* state);
 int authenticate_gss_client_clean(gss_client_state *state);
 int authenticate_gss_client_step(gss_client_state *state, const char *challenge);
 int authenticate_gss_client_unwrap(gss_client_state* state, const char* challenge);