Source code for gssapi.base.impl
from gssapi.base.types import NameType
[docs]def importName(name, name_type=NameType.hostbased_service):
"""
Gets a GSSAPI Name
This method converts a string name and type into a 'name'
string usable in future calls to GSSAPI.
NOTE: This name needs to have its name released when finished
:param str name: the plain 'name' to obtain
:param name_type: the type of the name we are passing in
:type name_type: :class:`NameType`
:rtype: bytes
:returns: the GSSAPI name string for use in other GSSAPI methods
:except GSSError:
"""
[docs]def releaseName(name_obj):
"""
Releases a GSSAPI Name
This method releases a GSSAPI name that was allocated with importName
:param name_obj: the name object to be released
:returns: None
"""
[docs]def deleteSecContext(context, output_needed=False):
"""
Releases a security context
This method releases a security context, potentially providing an
output buffer as the result
:param context: the context to be released
:param bool output_needed: is an output_buffer desired?
:rtype: bytes or None
:returns: an output token, if requested (otherwise None)
"""
# TODO(sross): implement acquireCred to use with cred
# TODO(sross): add support for non-default mechanisms
# TODO(sross): add support for channel bindings
[docs]def initSecContext(target_name, cred=None, context=None, mech_type=None, services=[], time=0, channel_bindings=None, input_token=None):
"""
Initializes a GSS Security Context
This method initializes a GSSAPI security context
with the given parameters.
:param target_name: the name of the target (commonly the server name, retrieved using importName)
:param cred: The handle for credentials claimed (returned from acquireCred), or None to use the default initiator principal
:param context: The current context, or None if this is the first call
:param mech_type: the mechanism type (None for default, otherwise a capsule from :func:`getMechanismType`)
:param services: the requested services
:type services: [:class:`RequirementFlag`]
:param int time: the requested TTL for this context (0 uses the default TTL)
:param channel_bindings: the requested input channel bindings (currently only None is supported)
:param bytes input_token: the input token (use None for the first call)
:returns: a tuple containing the (potentially modified) context, the actual mechanism type used, the output token, the actual services provided, the actual TTL for this context, and whether or not a continue is needed (i.e. (context, MechType (NCI), [RequirementFlag] (NCI), bytes, TTL, continue_needed))
:except GSSError:
"""
[docs]def getMechanismType(mech_type):
"""
Converts a value from the MechType enum into a gss_OID
This method converts a value from the MechType enum into a gss_OID,
which can be used in GSSAPI methods such as initSecContext
:param MechType mech_type: the mechanism type
:returns: a gss_OID capsule representing the selected mechanism type
"""
[docs]def wrap(context, message, confidential=True, qop=None):
"""
Wraps a message
This method wraps a message with a MIC and potentially encrypts the message
using the requested QoP
:param bytes context: the context of the current connection
:param message: the message to encrypt
:type message: (unicode) str or bytes
:param bool confidential: whether or not to use confidentiality
:param qop: specifies the quality of protection required (use None for the default)
:type qop: int or None
:rtype: (bytes, bool)
:returns: a tuple containing the output message and whether confidentiality was used
:except GSSError:
"""
[docs]def unwrap(context, message):
"""
Unwraps a wrapped message
This method unwraps a message that was previously wrapped by the other party
:param bytes context: the context of the current connection
:param bytes message: the input message
:rtype: (bytes, bool, int)
:returns: a tuple containing the decrypted message, whether confidentiality was used, and the QoP
:except GSSError:
"""
# TODO(sross): implement inquireContext
# TODO(sross): implement inquireCred (w/ support for by_mech)
# TODO(sross): implement getDisplayName
# TODO(sross): SERVER SIDE: implement acceptSecContext
# TODO(sross): implement importCred and exportCred
# Other Methods To Wrap (eventually):
# * add_cred
# * release_cred
# * process_context_token
# * context_time
# * wrap_size_limit
# * import/export _sec_context
# * get_mic
# * verify_mis
# * compare_name
# * inquire_names_for_mech / inquire_mechs_for_name
# * cannonicalize_name
# * export_name
# * duplicate_name
# * add_oid_set_member
# * inidcate_mechs
# * release_oid_set
# * release_buffer
# * create_empty_oid_set
# * test_oid_set_member