Bases: object
Basic GSS Client
This class implements all functionality needed to initialize a basic GSS connection and send/receive encrypted or signed messages.
Parameters: |
|
---|
Warning
All methods in this class can potentially raise gssapi.base.types.GSSError
The service name to which we are connecting (as a gssapi.type_wrappers.GSSName)
Type: Capsule
The internal GSS context object
Type: bytes
The last returned token from one of the token-manipulation methods
Type: int >= 0
The desired time-to-live for the GSS context object
Type: int > 0
The actual amount of time for which the current GSS context object will be valid
Type: [gssapi.base.types.RequirementFlag]
The flags to use when creating the GSS context
Type: TBD or None
Warning
Not Currently Implemented
Type: Capsule or None
Represents the desired mechanism type to be used (None uses the default type).
See also
Function resolveMechType()
Decrypts a message
This method decrypts a message encrypted by the server.
Parameters: | msg (bytes) – the message to be decrypted |
---|---|
Return type: | str |
Returns: | the decrypted message |
Raises GSSClientError: | |
if encryption was requested but not used, or if the QoP failed to meet our standards |
Encrypts a message
This method encrypts a message according to the current security level
Parameters: | msg (str) – the message to be encrypted |
---|---|
Return type: | bytes |
Returns: | the encrypted form of the message |
Raises GSSClientError: | |
if the requested security level could not be used |
Sets the current mechanims type
This method converts a gssapi.base.types.MechanismType into a capsule object usable by internal methods, and then sets mech_type to the resulting capsule
Parameters: | mt (gssapi.base.types.MechanismType) – the desired mechanism type |
---|
Initializes a default token and security context
This method gets and returns a default token, and initializes the corresponding security context
Return type: | bytes |
---|---|
Returns: | the token created in the process of initializing the security context |
Processes a server token, and updates the security context
This method processes a server token, updates the internal security context, and returns the new resulting token.
Parameters: | server_tok (bytes) – the token sent from the server |
---|---|
Return type: | bytes |
Returns: | the token resulting from updating the security context |
Bases: gssapi.client.BasicGSSClient
A helper for using the SASL GSSAPI mechanism
This class contains helper code to support implementing the SASL GSSAPI mechanism using PyGSSAPI.
All parameters besides username are used as in BasicGSSClient. All relevant attributes are set according to the SASL GSSAPI RFC (http://tools.ietf.org/html/rfc4752).
Parameters: | username (str) – the user name with which to authenticate |
---|
The username to use in the authentication process
Warning
Unlike service_name, this is just a string, not a gssapi.type_wrappers.GSSName
Creates a default token
This method is step 1 in the SASL process, and creates a default token
Return type: | bytes |
---|---|
Returns: | a default token to send to the server |
Processes a server token
This method is step 2 in the SASL process, and processes a server token
Parameters: | server_tok (bytes) – the token returned from the server |
---|---|
Return type: | bytes |
Returns: | a token or empty string to be sent to the server |
Deals with SSF
This method deals with negotiating SSF (the security level) and max message size, setting the max message size appropriately
Parameters: | tok (bytes) – the wrapped message sent from the server |
---|---|
Return type: | bytes |
Returns: | a wrapped message to be sent to the server declaring our security level and max message size |
Bases: exceptions.Exception
GSS Client Error
This Exception represents an error which occured when executing the GSS Client code (as opposed to gssapi.base.types.GSSError, which are errors which occured directly in the GSSAPI C code).
Bases: gssapi.client.GSSClientError
SASL GSS Client Error
This Exception represents an error which occured when executing the SASL GSS Client helper code (as opposed to gssapi.base.types.GSSError, which are errors which occured directly in the GSSAPI C code).
Bases: object
A GSS Name Object
This class represents a GSS name object, conviniently wrapping the underlying Capsule object and automatically freeing the name upon the object’s destruction. Also provides good str and repr values.