1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
#!/usr/bin/env python3
# Copyright (C) 2020 - mod_auth_gssapi contributors, see COPYING for license.
import os
import subprocess
import sys
import gssapi
import requests
from requests_gssapi import HTTPSPNEGOAuth
def use_requests(auth):
sess = requests.Session()
url = 'http://%s/gss_localname/' % os.environ['NSS_WRAPPER_HOSTNAME']
r = sess.get(url, auth=auth)
if r.status_code != 200:
raise ValueError('Localname failed')
if r.text.rstrip() != os.environ['MAG_REMOTE_USER']:
raise ValueError('Localname, REMOTE_USER check failed')
def use_curl():
url = 'http://%s/gss_localname/' % os.environ['NSS_WRAPPER_HOSTNAME']
curl = subprocess.Popen(["curl", "--negotiate", "-u:", url],
stdout=subprocess.PIPE)
curl.wait()
if curl.returncode != 0:
raise ValueError('Localname failed')
line = curl.stdout.read().strip(b' \t\n\r').decode('utf-8')
if line != os.environ['MAG_REMOTE_USER']:
raise ValueError('Localname, REMOTE_USER check failed (%s != %s)' % (
line, os.environ['MAG_REMOTE_USER']))
if __name__ == '__main__':
mech_name = None
if len(sys.argv) > 1:
mech_name = sys.argv[1]
mech = None
if mech_name is not None:
mech = gssapi.mechs.Mechanism.from_sasl_name(mech_name)
try:
auth = HTTPSPNEGOAuth(mech=mech)
use_requests(auth)
except TypeError:
# odler version of requests that does not support mechs
if mech_name == 'SPNEGO':
use_curl()
elif mech_name == 'GS2-KRB5':
# older request versions use krb5 as the mech by default
auth = HTTPSPNEGOAuth()
use_requests(auth)
else:
sys.exit(42) # SKIP
|
