[MERGE] GSSAPI authentication support for FTP
jelmer at samba.org
Thu Jul 3 00:11:34 BST 2008
Am Mittwoch, den 02.07.2008, 01:26 -0400 schrieb Martin Pool:
> Martin Pool has voted resubmit.
> Status is now: Resubmit
> + def gssapi_login(self, user):
> + # Try GSSAPI login first
> + resp = self.sendcmd('AUTH GSSAPI')
> + if resp[:3] == '334':
> + rc, self.vc = kerberos.authGSSClientInit("ftp@%s" %
> + if kerberos.authGSSClientStep(self.vc, "") != 1:
> + while resp[:3] in ('334', '335'):
> + authdata = kerberos.authGSSClientResponse(self.vc)
> + resp = self.sendcmd('ADAT ' + authdata)
> + if resp[:9] in ('235 ADAT=', '335 ADAT='):
> + rc = kerberos.authGSSClientStep(self.vc,
> + if not ((resp[:3] == '235' and rc == 1) or
> + (resp[:3] == '335' and rc == 0)):
> + raise AssertionError
> + info("Authenticated as %s" %
> + self.vc))
> + # Monkey patch ftplib
> + self.putcmd = self.mic_putcmd
> + self.getline = self.mic_getline
> + self.sendcmd('USER ' + user)
> + return resp
> When you get something unexpected back it would be nice to raise an
> that contains e.g. resp so that if a user hits it we have some data to
> on - and anyhow the message might help them understand what's going
> Perhaps a generic TransportError would be better than AssertionError.
> What happens if you get a response other than 334? I would guess
> one that means 'not supported' which you should ignore but maybe the
> others should at least give a warning?
I'd rather not warn since I suspect different servers to react quite
differently to this despite the standard. I've added a mutter for now,
since I suspect a warning may be annoying to the majority of users of
the ftp protcol. If it turns out GSSAPI doesn't work unexpectedly for
people, we can always convert it into a warning.
> Other than that it looks pretty good to me.
Thanks. I've attached an updated patch that fixes the issues you
Jelmer Vernooij <jelmer at samba.org> - http://samba.org/~jelmer/
Jabber: jelmer at jabber.fsfe.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 18443 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20080703/a206a5cb/attachment-0001.bin
More information about the bazaar