Source Code for Module caldavclientlibrary.protocol.http.authentication.gssapi

  1  # Copyright (c) 2006-2016 Apple Inc. All rights reserved. 
  2  # Copyright (c) 2008 Lime Nest LLC 
  3  # Copyright (c) 2008 Lime Spot LLC 
  4  # Copyright (c) 2009 Ramon Ziai 
  5  # 
  6  # Licensed under the Apache License, Version 2.0 (the "License"); 
  7  # you may not use this file except in compliance with the License. 
  8  # You may obtain a copy of the License at 
  9  # 
 10  # http://www.apache.org/licenses/LICENSE-2.0 
 11  # 
 12  # Unless required by applicable law or agreed to in writing, software 
 13  # distributed under the License is distributed on an "AS IS" BASIS, 
 14  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
 15  # See the License for the specific language governing permissions and 
 16  # limitations under the License. 
 17  ## 
 18   
 19  ''' 
 20  Parts of the following are inspired by urllib2_kerberos, 
 21  which is also under the Apache 2.0 License, 
 22  see http://limedav.com/hg/urllib2_kerberos 
 23  ''' 
 24   
 25  from caldavclientlibrary.protocol.http.authentication.authenticator import Authenticator 
 26  from caldavclientlibrary.protocol.http.definitions import headers 
 27  import re 
 28  import kerberos 
 29   
 30 -class Kerberos(Authenticator): 
 31   
 32 -    def __init__(self, user): 
 33          self.user = user 
 34          self.context = None 
 35   
 36 -    def addHeaders(self, hdrs, request): 
 37          neg_value = self.negotiate_value(hdrs) 
 38          header = self.generate_request_header(request, hdrs, neg_value) 
 39           
 40          # Generate header 
 41          hdrs.append((headers.Authorization, header)) 
 42          self.clean_context() 
 43           
 44 -    def negotiate_value(self, headers): 
 45          """checks for "Negotiate" in proper auth header 
 46          taken from urllib2_kerberos, see http://limedav.com/hg/urllib2_kerberos 
 47          """ 
 48          authreq = None 
 49          for hdr in headers: 
 50              if hdr[0].lower == "www-authenticate" and "Negotiate" in hdr[1]: 
 51                  authreq = hdr[1] 
 52   
 53          if authreq: 
 54              rx = re.compile('(?:.*,)*\s*Negotiate\s*([^,]*),?', re.I) 
 55              mo = rx.search(authreq) 
 56              if mo: 
 57                  return mo.group(1) 
 58              else: 
 59                  # regex failed 
 60                  pass 
 61   
 62          else: 
 63              pass 
 64              # header not found 
 65   
 66          return None 
 67       
 68 -    def generate_request_header(self, req, headers, neg_value): 
 69          """ 
 70          taken from urllib2_kerberos, see http://limedav.com/hg/urllib2_kerberos 
 71          """ 
 72   
 73          host = None 
 74          # assuming that "Host" is one of the headers, which is usually the case 
 75          for hdr in headers: 
 76              if hdr[0] == "Host": 
 77                  host = hdr[1] 
 78   
 79          tail, _ignore_sep, head = host.rpartition(':') 
 80          domain = tail if tail else head 
 81   
 82          # do GSS init 
 83          result, self.context = kerberos.authGSSClientInit("http@%s" % domain) 
 84   
 85          if result < 1: 
 86              # authGSSClientInit returned negative result 
 87              return None 
 88   
 89          # authGSSClientInit() succeeded 
 90          data = "" 
 91          if neg_value != None: 
 92              data = neg_value 
 93          result = kerberos.authGSSClientStep(self.context, data) 
 94   
 95          if result < 0: 
 96              # authGSSClientStep returned bad result 
 97              return None 
 98   
 99          # authGSSClientStep() succeeded 
100   
101          response = kerberos.authGSSClientResponse(self.context) 
102          # authGSSClientResponse() succeeded 
103           
104          return "Negotiate %s" % response 
105       
106 -    def clean_context(self): 
107          """ 
108          taken from urllib2_kerberos, see http://limedav.com/hg/urllib2_kerberos 
109          """ 
110          if self.context is not None: 
111              kerberos.authGSSClientClean(self.context) 
112              self.context = None 
113