diff -uPr python-kerberos-1.1/pysrc/kerberos.py python-kerberos-1.1-gssflags/pysrc/kerberos.py --- python-kerberos-1.1/pysrc/kerberos.py 2008-09-17 07:17:15.000000000 -0400 +++ python-kerberos-1.1-gssflags/pysrc/kerberos.py 2008-12-15 09:21:42.000000000 -0500 @@ -90,7 +90,18 @@ AUTH_GSS_CONTINUE=0 AUTH_GSS_COMPLETE=1 -def authGSSClientInit(service): +#Some useful gss flags +GSS_C_DELEG_FLAG=1 +GSS_C_MUTUAL_FLAG=2 +GSS_C_REPLAY_FLAG=4 +GSS_C_SEQUENCE_FLAG=8 +GSS_C_CONF_FLAG=16 +GSS_C_INTEG_FLAG=32 +GSS_C_ANON_FLAG=64 +GSS_C_PROT_READY_FLAG=128 +GSS_C_TRANS_FLAG=256 + +def authGSSClientInit(service, gssflags=GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG): """ Initializes a context for GSSAPI client-side authentication with the given service principal. authGSSClientClean must be called after this function returns an OK result to dispose of @@ -98,6 +109,9 @@ @param service: a string containing the service principal in the form 'type@fqdn' (e.g. 'imap@mail.apple.com'). + @param gssflags: optional integer used to set GSS flags. + (e.g. GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG will allow + to forward credentials to the remote host) @return: a tuple of (result, context) where result is the result code (see above) and context is an opaque value that will need to be passed to subsequent functions. """ diff -uPr python-kerberos-1.1/src/kerberos.c python-kerberos-1.1-gssflags/src/kerberos.c --- python-kerberos-1.1/src/kerberos.c 2008-09-17 05:38:55.000000000 -0400 +++ python-kerberos-1.1-gssflags/src/kerberos.c 2008-12-15 09:26:39.000000000 -0500 @@ -84,20 +84,22 @@ return NULL; } -static PyObject* authGSSClientInit(PyObject* self, PyObject* args) +static PyObject* authGSSClientInit(PyObject* self, PyObject* args, PyObject* keywds) { const char *service; gss_client_state *state; PyObject *pystate; + static char *kwlist[] = {"service", "gssflags", NULL}; + long int gss_flags = GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG; int result = 0; - if (!PyArg_ParseTuple(args, "s", &service)) + if (!PyArg_ParseTupleAndKeywords(args, keywds, "s|l", kwlist, &service, &gss_flags)) return NULL; state = (gss_client_state *) malloc(sizeof(gss_client_state)); pystate = PyCObject_FromVoidPtr(state, NULL); - result = authenticate_gss_client_init(service, state); + result = authenticate_gss_client_init(service, gss_flags, state); if (result == AUTH_GSS_ERROR) return NULL; @@ -367,7 +369,7 @@ "Change the user password."}, {"getServerPrincipalDetails", getServerPrincipalDetails, METH_VARARGS, "Return the service principal for a given service and hostname."}, - {"authGSSClientInit", authGSSClientInit, METH_VARARGS, + {"authGSSClientInit", (PyCFunction)authGSSClientInit, METH_VARARGS|METH_KEYWORDS, "Initialize client-side GSSAPI operations."}, {"authGSSClientClean", authGSSClientClean, METH_VARARGS, "Terminate client-side GSSAPI operations."}, @@ -427,6 +429,15 @@ PyDict_SetItemString(d, "AUTH_GSS_COMPLETE", PyInt_FromLong(AUTH_GSS_COMPLETE)); PyDict_SetItemString(d, "AUTH_GSS_CONTINUE", PyInt_FromLong(AUTH_GSS_CONTINUE)); + PyDict_SetItemString(d, "GSS_C_DELEG_FLAG", PyInt_FromLong(GSS_C_DELEG_FLAG)); + PyDict_SetItemString(d, "GSS_C_MUTUAL_FLAG", PyInt_FromLong(GSS_C_MUTUAL_FLAG)); + PyDict_SetItemString(d, "GSS_C_REPLAY_FLAG", PyInt_FromLong(GSS_C_REPLAY_FLAG)); + PyDict_SetItemString(d, "GSS_C_SEQUENCE_FLAG", PyInt_FromLong(GSS_C_SEQUENCE_FLAG)); + PyDict_SetItemString(d, "GSS_C_CONF_FLAG", PyInt_FromLong(GSS_C_CONF_FLAG)); + PyDict_SetItemString(d, "GSS_C_INTEG_FLAG", PyInt_FromLong(GSS_C_INTEG_FLAG)); + PyDict_SetItemString(d, "GSS_C_ANON_FLAG", PyInt_FromLong(GSS_C_ANON_FLAG)); + PyDict_SetItemString(d, "GSS_C_PROT_READY_FLAG", PyInt_FromLong(GSS_C_PROT_READY_FLAG)); + PyDict_SetItemString(d, "GSS_C_TRANS_FLAG", PyInt_FromLong(GSS_C_TRANS_FLAG)); error: if (PyErr_Occurred()) PyErr_SetString(PyExc_ImportError, "kerberos: init failed"); diff -uPr python-kerberos-1.1/src/kerberosgss.c python-kerberos-1.1-gssflags/src/kerberosgss.c --- python-kerberos-1.1/src/kerberosgss.c 2008-09-17 06:35:15.000000000 -0400 +++ python-kerberos-1.1-gssflags/src/kerberosgss.c 2008-12-15 09:21:42.000000000 -0500 @@ -108,7 +108,7 @@ return result; } -int authenticate_gss_client_init(const char* service, gss_client_state* state) +int authenticate_gss_client_init(const char* service, long int gss_flags, gss_client_state* state) { OM_uint32 maj_stat; OM_uint32 min_stat; @@ -119,6 +119,7 @@ state->context = GSS_C_NO_CONTEXT; state->username = NULL; state->response = NULL; + state->gss_flags = gss_flags; // Import server name first name_token.length = strlen(service); @@ -190,7 +191,7 @@ &state->context, state->server_name, GSS_C_NO_OID, - GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG, + (OM_uint32)state->gss_flags, 0, GSS_C_NO_CHANNEL_BINDINGS, &input_token, diff -uPr python-kerberos-1.1/src/kerberosgss.h python-kerberos-1.1-gssflags/src/kerberosgss.h --- python-kerberos-1.1/src/kerberosgss.h 2008-05-23 12:40:38.000000000 -0400 +++ python-kerberos-1.1-gssflags/src/kerberosgss.h 2008-12-15 09:21:42.000000000 -0500 @@ -33,6 +33,7 @@ typedef struct { gss_ctx_id_t context; gss_name_t server_name; + long int gss_flags; char* username; char* response; } gss_client_state; @@ -49,7 +50,7 @@ char* server_principal_details(const char* service, const char* hostname); -int authenticate_gss_client_init(const char* service, gss_client_state* state); +int authenticate_gss_client_init(const char* service, long int gss_flags, gss_client_state* state); int authenticate_gss_client_clean(gss_client_state *state); int authenticate_gss_client_step(gss_client_state *state, const char *challenge); int authenticate_gss_client_unwrap(gss_client_state* state, const char* challenge);