1
1
import re
2
2
import logging
3
- from typing import Generator , Optional
3
+ from typing import Generator , Optional , List
4
4
5
5
from base64 import b64encode , b64decode
6
6
@@ -189,29 +189,9 @@ def generate_request_header(self,
189
189
If any GSSAPI step fails, raise SPNEGOExchangeError
190
190
with failure detail.
191
191
"""
192
- gssflags = [gssapi .RequirementFlag .out_of_sequence_detection ]
193
- if self .delegate :
194
- gssflags .append (gssapi .RequirementFlag .delegate_to_peer )
195
- if self .mutual_authentication != DISABLED :
196
- gssflags .append (gssapi .RequirementFlag .mutual_authentication )
197
-
198
192
gss_stage = "initiating context"
199
193
try :
200
- if type (self .target_name ) != gssapi .Name :
201
- if '@' not in self .target_name :
202
- self .target_name = f"{ self .target_name } @{ host } "
203
-
204
- self .target_name = gssapi .Name (
205
- self .target_name ,
206
- gssapi .NameType .hostbased_service ,
207
- )
208
- self .context [host ] = gssapi .SecurityContext (
209
- usage = "initiate" ,
210
- flags = gssflags ,
211
- name = self .target_name ,
212
- creds = self .creds ,
213
- mech = self .mech ,
214
- )
194
+ self .context [host ] = self ._make_context (host )
215
195
216
196
gss_stage = "stepping context"
217
197
token = _negotiate_value (response ) if response else None
@@ -235,7 +215,7 @@ def authenticate_user(self, response: Response) -> Request:
235
215
236
216
return response .request
237
217
238
- def authenticate_server (self , response : Response ):
218
+ def authenticate_server (self , response : Response ) -> bool :
239
219
"""
240
220
Uses GSSAPI to authenticate the server.
241
221
@@ -256,3 +236,35 @@ def authenticate_server(self, response: Response):
256
236
257
237
log .debug ("authenticate_server(): authentication successful" )
258
238
return True
239
+
240
+ def _make_context (self , host : str ) -> gssapi .SecurityContext :
241
+ """
242
+ Create a GSSAPI security context for handling the authentication.
243
+
244
+ :param host:
245
+ Hostname to create context for. Only used if it isn't included
246
+ in :py:attr:`target_name`
247
+ """
248
+ name = self .target_name
249
+ if type (name ) != gssapi .Name : # type(name) is str
250
+ if '@' not in name :
251
+ name += f"@{ host } "
252
+ name = gssapi .Name (name , gssapi .NameType .hostbased_service )
253
+
254
+ return gssapi .SecurityContext (
255
+ usage = "initiate" ,
256
+ flags = self ._gssflags ,
257
+ name = name ,
258
+ creds = self .creds ,
259
+ mech = self .mech ,
260
+ )
261
+
262
+ @property
263
+ def _gssflags (self ) -> List [gssapi .RequirementFlag ]:
264
+ """List of configured GSSAPI requirement flags."""
265
+ flags = [gssapi .RequirementFlag .out_of_sequence_detection ]
266
+ if self .delegate :
267
+ flags .append (gssapi .RequirementFlag .delegate_to_peer )
268
+ if self .mutual_authentication != DISABLED :
269
+ flags .append (gssapi .RequirementFlag .mutual_authentication )
270
+ return flags
0 commit comments