gssapi Package

client Module

class gssapi.client.BasicGSSClient(target, security_type='encrypted', max_msg_size=None)[source]

Bases: object

Basic GSS Client

This class implements all functionality needed to initialize a basic GSS connection and send/receive encrypted or signed messages.

Parameters:
  • target (str) –

    the service name to which to connect (automatically converted to a

    should be a host-based service name

  • dbg (function(title, message)) – a method for printing debug messages (not currently used)
  • security_type (str containing enc(crypted)/conf(idential), integ(rity) or any, or just None) – the level of security to use
  • max_msg_size (int > 0 or None (for default)) – the maximum message size for encryption/decryption

Warning

All methods in this class can potentially raise gssapi.base.types.GSSError

service_name

The service name to which we are connecting (as a gssapi.type_wrappers.GSSName)

ctx

Type: Capsule

The internal GSS context object

token

Type: bytes

The last returned token from one of the token-manipulation methods

ttl

Type: int >= 0

The desired time-to-live for the GSS context object

last_ttl

Type: int > 0

The actual amount of time for which the current GSS context object will be valid

flags

Type: [gssapi.base.types.RequirementFlag]

The flags to use when creating the GSS context

channel_bindings

Type: TBD or None

Warning

Not Currently Implemented

mech_type

Type: Capsule or None

Represents the desired mechanism type to be used (None uses the default type).

See also

Function resolveMechType()

decrypt(msg)[source]

Decrypts a message

This method decrypts a message encrypted by the server.

Parameters:msg (bytes) – the message to be decrypted
Return type:str
Returns:the decrypted message
Raises GSSClientError:
 if encryption was requested but not used, or if the QoP failed to meet our standards
encrypt(msg)[source]

Encrypts a message

This method encrypts a message according to the current security level

Parameters:msg (str) – the message to be encrypted
Return type:bytes
Returns:the encrypted form of the message
Raises GSSClientError:
 if the requested security level could not be used
resolveMechType(mt)[source]

Sets the current mechanims type

This method converts a gssapi.base.types.MechanismType into a capsule object usable by internal methods, and then sets mech_type to the resulting capsule

Parameters:mt (gssapi.base.types.MechanismType) – the desired mechanism type
setupBaseSecurityContext()

Initializes a default token and security context

This method gets and returns a default token, and initializes the corresponding security context

Return type:bytes
Returns:the token created in the process of initializing the security context
updateSecurityContext(server_tok)

Processes a server token, and updates the security context

This method processes a server token, updates the internal security context, and returns the new resulting token.

Parameters:server_tok (bytes) – the token sent from the server
Return type:bytes
Returns:the token resulting from updating the security context
class gssapi.client.BasicSASLGSSClient(username, target, max_msg_size=None, *args, **kwargs)[source]

Bases: gssapi.client.BasicGSSClient

A helper for using the SASL GSSAPI mechanism

This class contains helper code to support implementing the SASL GSSAPI mechanism using PyGSSAPI.

All parameters besides username are used as in BasicGSSClient. All relevant attributes are set according to the SASL GSSAPI RFC (http://tools.ietf.org/html/rfc4752).

Parameters:username (str) – the user name with which to authenticate
user_name

The username to use in the authentication process

Warning

Unlike service_name, this is just a string, not a gssapi.type_wrappers.GSSName

INV_SEC_LAYER_MASKS = None
SEC_LAYER_MASKS = {0: 1, 4: 4, 5: 2}
step1()[source]

Creates a default token

This method is step 1 in the SASL process, and creates a default token

Return type:bytes
Returns:a default token to send to the server
step2(server_tok)[source]

Processes a server token

This method is step 2 in the SASL process, and processes a server token

Parameters:server_tok (bytes) – the token returned from the server
Return type:bytes
Returns:a token or empty string to be sent to the server
step3(tok)[source]

Deals with SSF

This method deals with negotiating SSF (the security level) and max message size, setting the max message size appropriately

Parameters:tok (bytes) – the wrapped message sent from the server
Return type:bytes
Returns:a wrapped message to be sent to the server declaring our security level and max message size
exception gssapi.client.GSSClientError[source]

Bases: exceptions.Exception

GSS Client Error

This Exception represents an error which occured when executing the GSS Client code (as opposed to gssapi.base.types.GSSError, which are errors which occured directly in the GSSAPI C code).

exception gssapi.client.SASLGSSClientError[source]

Bases: gssapi.client.GSSClientError

SASL GSS Client Error

This Exception represents an error which occured when executing the SASL GSS Client helper code (as opposed to gssapi.base.types.GSSError, which are errors which occured directly in the GSSAPI C code).

gssapi.client.debug(p, v)[source]

type_wrappers Module

class gssapi.type_wrappers.GSSName(name, name_type=<EnumValue: NameType.hostbased_service [value=0]>, create_cap=True)[source]

Bases: object

A GSS Name Object

This class represents a GSS name object, conviniently wrapping the underlying Capsule object and automatically freeing the name upon the object’s destruction. Also provides good str and repr values.

Table Of Contents

Previous topic

Welcome to PyGSSAPI’s documentation!

Next topic

base Package

This Page