Hi Jelmer,
On Thu, Jun 12, 2008 at 11:04:46PM +0200, Jelmer Vernooij wrote:
> Makes sense; I've attached a patch that does this. Does this look ok?
I'd rater avoid introducing another function. Does the attached patch
work for you too? This way we avoid duplicating the rest of the function
by simply checking if user != NULL. Once we have a nicer API to set the
encrytion/integrity flags we can then simpli deprecate the 3rd
parameter.
>
> > [..snip..]
> > > > I'd be interested to know what kind of respone buffer you pass in in
> > > > that case.
> > > I'm implementing RFC2228 (GSSAPI Authentication + Encryption for FTP).
> > > The attached script extends ftplib.FTP to support GSSAPI logins and
> > > provides a very simple command-line FTP client that supports GSSAPI
> > > logins. It needs the patch I attached earlier. Feel free to include it
> > > in pykerberos as example; I can provide it under a different license if
> > > necessary.
> > This would make a great example indeed!
> Updated version attached as well, with license changed to apache
> license.
Thanks! I've attached the script to trac so hopefully somebody with SVN
commit access will add it soon.
Cheers,
-- Guido
[PATCH] make the user parameter optional
this allows for much wider usage of gsswrap
---
src/kerberos.c | 4 ++--
src/kerberosgss.c | 38 ++++++++++++++++++++------------------
2 files changed, 22 insertions(+), 20 deletions(-)
diff --git a/src/kerberos.c b/src/kerberos.c
index 590bfb5..9c5ed49 100644
--- a/src/kerberos.c
+++ b/src/kerberos.c
@@ -201,10 +201,10 @@ static PyObject *authGSSClientWrap(PyObject *self, PyObject *args)
{
gss_client_state *state;
PyObject *pystate;
- char *challenge, *user;
+ char *challenge, *user = NULL;
int result = 0;
- if (!PyArg_ParseTuple(args, "Oss", &pystate, &challenge, &user) || !PyCObject_Check(pystate))
+ if (!PyArg_ParseTuple(args, "Os|z", &pystate, &challenge, &user) || !PyCObject_Check(pystate))
return NULL;
state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
diff --git a/src/kerberosgss.c b/src/kerberosgss.c
index e0b15b5..086cc78 100644
--- a/src/kerberosgss.c
+++ b/src/kerberosgss.c
@@ -333,27 +333,29 @@ int authenticate_gss_client_wrap(gss_client_state* state, const char* challenge,
input_token.length = len;
}
- // get bufsize
- server_conf_flags = ((char*) input_token.value)[0];
- ((char*) input_token.value)[0] = 0;
- buf_size = ntohl(*((long *) input_token.value));
- free(input_token.value);
+ if (user) {
+ // get bufsize
+ server_conf_flags = ((char*) input_token.value)[0];
+ ((char*) input_token.value)[0] = 0;
+ buf_size = ntohl(*((long *) input_token.value));
+ free(input_token.value);
#ifdef PRINTFS
- printf("User: %s, %c%c%c\n", user,
- server_conf_flags & GSS_AUTH_P_NONE ? 'N' : '-',
- server_conf_flags & GSS_AUTH_P_INTEGRITY ? 'I' : '-',
- server_conf_flags & GSS_AUTH_P_PRIVACY ? 'P' : '-');
- printf("Maximum GSS token size is %ld\n", buf_size);
+ printf("User: %s, %c%c%c\n", user,
+ server_conf_flags & GSS_AUTH_P_NONE ? 'N' : '-',
+ server_conf_flags & GSS_AUTH_P_INTEGRITY ? 'I' : '-',
+ server_conf_flags & GSS_AUTH_P_PRIVACY ? 'P' : '-');
+ printf("Maximum GSS token size is %ld\n", buf_size);
#endif
- // agree to terms (hack!)
- buf_size = htonl(buf_size); // not relevant without integrity/privacy
- memcpy(buf, &buf_size, 4);
- buf[0] = GSS_AUTH_P_NONE;
- // server decides if principal can log in as user
- strncpy(buf + 4, user, sizeof(buf) - 4);
- input_token.value = buf;
- input_token.length = 4 + strlen(user) + 1;
+ // agree to terms (hack!)
+ buf_size = htonl(buf_size); // not relevant without integrity/privacy
+ memcpy(buf, &buf_size, 4);
+ buf[0] = GSS_AUTH_P_NONE;
+ // server decides if principal can log in as user
+ strncpy(buf + 4, user, sizeof(buf) - 4);
+ input_token.value = buf;
+ input_token.length = 4 + strlen(user) + 1;
+ }
// Do GSSAPI wrap
maj_stat = gss_wrap(&min_stat,
--
1.5.5.3
_______________________________________________
calendarserver-dev mailing list
[email protected]
http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-dev
