forked from DirectXMan12/python-gssapi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME.txt
169 lines (117 loc) · 4.38 KB
/
README.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
========
PyGSSAPI
========
.. role:: python(code)
:language: python
.. role:: bash(code)
:language: bash
PyGSSAPI provides both low-level and high level wrappers around the GSSAPI
C libraries. While it focuses on the Kerberos mechanism, it should also be
useable with other GSSAPI mechanisms that do not rely on mechanism-specific
C values that cannot easily be translated into Python.
Requirements
============
* A working implementation of GSSAPI (such as from MIT Kerberos)
which includes header files
* a C compiler (such as GCC)
* Cython (*NEW*, to compile from scratch)
* the `flufl.enum` Python package
* the `nose` package (for tests)
* the `shouldbe` package (for tests)
Installation
============
Easy Way
--------
.. code-block:: bash
$ pip install pygssapi
From the Git Repo
-----------------
.. code-block:: bash
$ git clone https://github.com/DirectXMan12/python-gssapi.git
$ python setup.py build
$ python setup.py install
Tests
=====
I have written some tests of PyGSSAPI; they live in the `gssapi.tests`
directory. Currently the basic :python:`gssapi.base` commands and
:python:`gssapi.client.BasicGSSClient` have been tested. Before running
the tests, a valid 'host/[FQDN]' (e.g. 'host/some.domain') must have been
:bash:`kinit`-ed. If you run :bash:`tox`, it will do this for you (you will
likely need to run :bash:`tox` with :bash:`sudo`).
.. code-block:: bash
$ sudo tox
or
.. code-block:: bash
$ sudo kinit host/some.domain -k
$ sudo setup.py nosetests
Structure
=========
PyGSSAPI is composed of two parts: the low-level, C-style wrapper and the
high-level, Python-style wrapper (which is a wrapper around the low-level
API). Modules written in C are denoted by '(C)', whereas those written
in Python are denoted '(Py)'
Low-Level API
-------------
The low-level API lives in `gssapi.base`. The methods contained therein
are designed to match closely with the original GSSAPI C methods. They
follow the given format:
* Names are camelCased versions of the C method names, with the
:python:`gssapi_` prefix removed
* Parameters which use C int constants as enums have
:python:`flufl.enum.IntEnum` classes defined, and thus may be passed
either the enum members or integers
* In cases where a specific constant is passed in the C API to represent
a default value, :python:`None` should be passed instead
* In cases where non-integer C constants are passed, `flufl.enum.Enum`
classes are defined for common values
* Major and minor error codes are returned via :python:`gssapi.base.GSSError`
* All other relevant output values are returned in a tuple in the return
value of the method (in cases where a non-error major status code may
be returned, an additional member of the tuple is provided)
Structure
~~~~~~~~~
gssapi : /
base : /
*includes all sub-packages automatically*
impl : (C)
core C-API methods
status_utils : (C)
utilities for dealing with status codes
types : (Py)
Enumerations and Exception Types
Examples
~~~~~~~~
.. code-block:: python
import gssapi.base as gb
TODO(sross): provide more examples
High-Level API
--------------
The high-level API lives directly under :python:`gssapi`. The classes
contained in each file are designed to provide a more Python, Object-Oriented
view of GSSAPI. Currently, they are designed for the basic GSSAPI tasks, but
will be expanded upon in the future.
Structure
~~~~~~~~~
gssapi : /
client : (Py)
*basic clients*
BasicGSSClient
a client capable of performing basic GSS negotiation/encryption
BasicSASLGSSClient
a helper class to simplify working with SASL GSSAPI
type_wrappers : (Py)
provides useful wrappers around some Python capsule objects
Examples
~~~~~~~~
.. code-block:: python
import gssapi.client as gss
client = gss.BasicGSSClient('[email protected]', security_type='encrypted')
init_token = client.setupBaseSecurityContext()
# send to server, get response back...
next_token = client.updateSecurityContext(server_resp)
# encrypt a message
msg_enc = client.encrypt('WARNING: this is secret')
# send the message, get response back...
msg_unenc = client.decrypt(server_encrypted_message)
# freeing of resources (such as deleting the security context and releasing
# the names) is handled automatically