Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# This file is part of Xpra. 

2# Copyright (C) 2019 Antoine Martin <antoine@xpra.org> 

3# Xpra is released under the terms of the GNU GPL v2, or, at your option, any 

4# later version. See the file COPYING for details. 

5 

6import os 

7 

8from xpra.util import csv 

9from xpra.os_util import bytestostr, WIN32 

10from xpra.log import Logger 

11 

12log = Logger("auth") 

13 

14 

15def log_kerberos_exception(e): 

16 try: 

17 for x in e.args: 

18 if isinstance(x, (list, tuple)): 

19 try: 

20 log.error(" %s", csv(x)) 

21 continue 

22 except Exception: 

23 pass 

24 log.error(" %s", x) 

25 except Exception: 

26 log.error(" %s", e) 

27 

28class Handler: 

29 

30 def __init__(self, client, **_kwargs): 

31 self.client = client 

32 self.services = os.environ.get("XPRA_KERBEROS_SERVICES", "*").split(",") 

33 

34 def __repr__(self): 

35 return "kerberos" 

36 

37 def get_digest(self) -> str: 

38 return "kerberos" 

39 

40 def handle(self, packet) -> bool: 

41 digest = bytestostr(packet[3]) 

42 if not digest.startswith("kerberos:"): 

43 log("%s is not a kerberos challenge", digest) 

44 #not a kerberos challenge 

45 return False 

46 try: 

47 if WIN32: 

48 import winkerberos as kerberos 

49 else: 

50 import kerberos #@UnresolvedImport 

51 except ImportError as e: 

52 log.warn("Warning: cannot use kerberos authentication handler") 

53 log.warn(" %s", e) 

54 return False 

55 service = digest.split(":", 1)[1] 

56 if service not in self.services and "*" not in self.services: 

57 log.warn("Warning: invalid kerberos request for service '%s'", service) 

58 log.warn(" services supported: %s", csv(self.services)) 

59 return False 

60 log("kerberos service=%s", service) 

61 try: 

62 r, ctx = kerberos.authGSSClientInit(service) 

63 assert r==1, "return code %s" % r 

64 except Exception as e: 

65 log("kerberos.authGSSClientInit(%s)", service, exc_info=True) 

66 log.error("Error: cannot initialize kerberos client:") 

67 log_kerberos_exception(e) 

68 return False 

69 try: 

70 kerberos.authGSSClientStep(ctx, "") 

71 except Exception as e: 

72 log("kerberos.authGSSClientStep", exc_info=True) 

73 log.error("Error: kerberos client authentication failure:") 

74 log_kerberos_exception(e) 

75 return False 

76 token = kerberos.authGSSClientResponse(ctx) 

77 log("kerberos token=%s", token) 

78 self.client.send_challenge_reply(packet, token) 

79 return True