From 2fa15ba8e444e90d31461b1cea2968828c7a4703 Mon Sep 17 00:00:00 2001 From: Matěj Cepl Date: Mon, 4 Nov 2013 16:32:09 +0100 Subject: Make urllib2_kerberos module PEP8-compatible. --- urllib2_kerberos.py | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) (limited to 'urllib2_kerberos.py') diff --git a/urllib2_kerberos.py b/urllib2_kerberos.py index da99a03..ecac521 100644 --- a/urllib2_kerberos.py +++ b/urllib2_kerberos.py @@ -24,6 +24,7 @@ import urllib2 as u2 import kerberos as k + def getLogger(): log = logging.getLogger("http_kerberos_auth_handler") handler = logging.StreamHandler() @@ -33,9 +34,12 @@ def getLogger(): return log log = getLogger() +log.setLevel(logging.DEBUG) + class AbstractKerberosAuthHandler: - """auth handler for urllib2 that does Kerberos HTTP Negotiate Authentication + """auth handler for urllib2 that does Kerberos HTTP Negotiate + Authentication """ def negotiate_value(self, headers): @@ -44,7 +48,7 @@ class AbstractKerberosAuthHandler: authreq = headers.get(self.auth_header, None) if authreq: - rx = re.compile('(?:.*,)*\s*Negotiate\s*([^,]*),?', re.I) + rx = re.compile(r'(?:.*,)*\s*Negotiate\s*([^,]*),?', re.I) mo = rx.search(authreq) if mo: return mo.group(1) @@ -68,7 +72,7 @@ class AbstractKerberosAuthHandler: log.debug("req.get_host() returned %s" % host) domain = host.rsplit(':', 1)[0] - + result, self.context = k.authGSSClientInit("HTTP@%s" % domain) if result < 1: @@ -87,7 +91,7 @@ class AbstractKerberosAuthHandler: response = k.authGSSClientResponse(self.context) log.debug("authGSSClientResponse() succeeded") - + return "Negotiate %s" % response def authenticate_server(self, headers): @@ -98,11 +102,12 @@ class AbstractKerberosAuthHandler: result = k.authGSSClientStep(self.context, neg_value) - if result < 1: + if result < 1: # this is a critical security warning # should change to a raise --Tim - log.critical("mutual auth failed: authGSSClientStep returned result %d" % result) - pass + log.critical( + "mutual auth failed: authGSSClientStep returned result %d" % + result) def clean_context(self): if self.context is not None: @@ -111,7 +116,7 @@ class AbstractKerberosAuthHandler: self.context = None def http_error_auth_reqed(self, host, req, headers): - neg_value = self.negotiate_value(headers) #Check for auth_header + neg_value = self.negotiate_value(headers) # Check for auth_header if neg_value is not None: if not self.retried > 0: return self.retry_http_kerberos_auth(req, headers, neg_value) @@ -144,6 +149,7 @@ class AbstractKerberosAuthHandler: self.clean_context() self.retried = 0 + class ProxyKerberosAuthHandler(u2.BaseHandler, AbstractKerberosAuthHandler): """Kerberos Negotiation handler for HTTP proxy auth """ @@ -151,7 +157,7 @@ class ProxyKerberosAuthHandler(u2.BaseHandler, AbstractKerberosAuthHandler): authz_header = 'Proxy-Authorization' auth_header = 'proxy-authenticate' - handler_order = 480 # before Digest auth + handler_order = 480 # before Digest auth def http_error_407(self, req, fp, code, msg, headers): log.debug("inside http_error_407") @@ -160,6 +166,7 @@ class ProxyKerberosAuthHandler(u2.BaseHandler, AbstractKerberosAuthHandler): self.retried = 0 return retry + class HTTPKerberosAuthHandler(u2.BaseHandler, AbstractKerberosAuthHandler): """Kerberos Negotiation handler for HTTP auth """ @@ -167,7 +174,7 @@ class HTTPKerberosAuthHandler(u2.BaseHandler, AbstractKerberosAuthHandler): authz_header = 'Authorization' auth_header = 'www-authenticate' - handler_order = 480 # before Digest auth + handler_order = 480 # before Digest auth def http_error_401(self, req, fp, code, msg, headers): log.debug("inside http_error_401") @@ -176,6 +183,7 @@ class HTTPKerberosAuthHandler(u2.BaseHandler, AbstractKerberosAuthHandler): self.retried = 0 return retry + def test(): log.setLevel(logging.DEBUG) log.info("starting test") @@ -183,8 +191,7 @@ def test(): opener.add_handler(HTTPKerberosAuthHandler()) resp = opener.open(sys.argv[1]) print dir(resp), resp.info(), resp.code - + if __name__ == '__main__': test() - -- cgit From 22dc6010ac98947ae408ff5de820db4cf690bc7b Mon Sep 17 00:00:00 2001 From: Matěj Cepl Date: Mon, 9 Dec 2013 16:55:20 +0100 Subject: Don’t panick in case we succeed. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- urllib2_kerberos.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'urllib2_kerberos.py') diff --git a/urllib2_kerberos.py b/urllib2_kerberos.py index ecac521..84542bd 100644 --- a/urllib2_kerberos.py +++ b/urllib2_kerberos.py @@ -46,6 +46,7 @@ class AbstractKerberosAuthHandler: """checks for "Negotiate" in proper auth header """ authreq = headers.get(self.auth_header, None) + log.debug('authreq = {}'.format(authreq)) if authreq: rx = re.compile(r'(?:.*,)*\s*Negotiate\s*([^,]*),?', re.I) @@ -136,7 +137,8 @@ class AbstractKerberosAuthHandler: req.add_unredirected_header(self.authz_header, neg_hdr) resp = self.parent.open(req) - self.authenticate_server(resp.info()) + if resp.getcode() != 200: + self.authenticate_server(resp.info()) return resp -- cgit