Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# This file is part of Xpra. 

2# Copyright (C) 2019 Antoine Martin <antoine@xpra.org> 

3# Xpra is released under the terms of the GNU GPL v2, or, at your option, any 

4# later version. See the file COPYING for details. 

5 

6import os 

7 

8from xpra.util import csv 

9from xpra.os_util import bytestostr, OSX 

10from xpra.log import Logger 

11 

12log = Logger("auth") 

13 

14 

15class Handler: 

16 

17 def __init__(self, client, **_kwargs): 

18 self.client = client 

19 self.services = os.environ.get("XPRA_GSS_SERVICES", "*").split(",") 

20 

21 def __repr__(self): 

22 return "gss" 

23 

24 def get_digest(self) -> str: 

25 return "gss" 

26 

27 def handle(self, packet) -> bool: 

28 digest = bytestostr(packet[3]) 

29 if not digest.startswith("gss:"): 

30 #not a gss challenge 

31 log("%s is not a gss challenge", digest) 

32 return False 

33 try: 

34 import gssapi #@UnresolvedImport 

35 self.gssapi = gssapi 

36 if OSX and False: 

37 from gssapi.raw import (cython_converters, cython_types, oids) # @UnresolvedImport 

38 assert cython_converters and cython_types and oids 

39 except ImportError as e: 

40 log.warn("Warning: cannot use gss authentication handler") 

41 log.warn(" %s", e) 

42 return False 

43 service = bytestostr(digest.split(b":", 1)[1]) 

44 if service not in self.services and "*" not in self.services: 

45 log.warn("Warning: invalid GSS request for service '%s'", service) 

46 log.warn(" services supported: %s", csv(self.services)) 

47 return False 

48 log("gss service=%s", service) 

49 service_name = self.gssapi.Name(service) 

50 try: 

51 ctx = self.gssapi.SecurityContext(name=service_name, usage="initiate") 

52 token = ctx.step() 

53 except Exception as e: 

54 log("gssapi failure", exc_info=True) 

55 log.error("Error: gssapi client authentication failure:") 

56 try: 

57 for x in str(e).split(":", 2): 

58 log.error(" %s", x.lstrip(" ")) 

59 except Exception: 

60 log.error(" %s", e) 

61 return False 

62 log("gss token=%s", repr(token)) 

63 self.client.send_challenge_reply(packet, token) 

64 return True