PyKerberos-1.1/0000755000175000017500000000000012235252557011570 5ustar agxagxPyKerberos-1.1/src/0000755000175000017500000000000012235252557012357 5ustar agxagxPyKerberos-1.1/src/kerberospw.h0000644000175000017500000000154312235252557014716 0ustar agxagx/** * Copyright (c) 2008 Guido Guenther * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * **/ #include #include #include #define krb5_get_err_text(context,code) error_message(code) int change_user_krb5pwd(const char *user, const char* oldpswd, const char *newpswd); PyKerberos-1.1/src/base64.c0000644000175000017500000000714512235252557013616 0ustar agxagx/** * Copyright (c) 2006-2013 Apple Inc. All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. **/ #include "base64.h" #include #include // base64 tables static char basis_64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; static signed char index_64[128] = { -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,62, -1,-1,-1,63, 52,53,54,55, 56,57,58,59, 60,61,-1,-1, -1,-1,-1,-1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10, 11,12,13,14, 15,16,17,18, 19,20,21,22, 23,24,25,-1, -1,-1,-1,-1, -1,26,27,28, 29,30,31,32, 33,34,35,36, 37,38,39,40, 41,42,43,44, 45,46,47,48, 49,50,51,-1, -1,-1,-1,-1 }; #define CHAR64(c) (((c) < 0 || (c) > 127) ? -1 : index_64[(c)]) // base64_encode : base64 encode // // value : data to encode // vlen : length of data // (result) : new char[] - c-str of result char *base64_encode(const unsigned char *value, size_t vlen) { char *result = (char *)malloc((vlen * 4) / 3 + 5); char *out = result; while (vlen >= 3) { *out++ = basis_64[value[0] >> 2]; *out++ = basis_64[((value[0] << 4) & 0x30) | (value[1] >> 4)]; *out++ = basis_64[((value[1] << 2) & 0x3C) | (value[2] >> 6)]; *out++ = basis_64[value[2] & 0x3F]; value += 3; vlen -= 3; } if (vlen > 0) { *out++ = basis_64[value[0] >> 2]; unsigned char oval = (value[0] << 4) & 0x30; if (vlen > 1) oval |= value[1] >> 4; *out++ = basis_64[oval]; *out++ = (vlen < 2) ? '=' : basis_64[(value[1] << 2) & 0x3C]; *out++ = '='; } *out = '\0'; return result; } // base64_decode : base64 decode // // value : c-str to decode // rlen : length of decoded result // (result) : new unsigned char[] - decoded result unsigned char *base64_decode(const char *value, size_t *rlen) { *rlen = 0; int c1, c2, c3, c4; size_t vlen = strlen(value); unsigned char *result =(unsigned char *)malloc((vlen * 3) / 4 + 1); unsigned char *out = result; while (1) { if (value[0]==0) return result; c1 = value[0]; if (CHAR64(c1) == -1) goto base64_decode_error;; c2 = value[1]; if (CHAR64(c2) == -1) goto base64_decode_error;; c3 = value[2]; if ((c3 != '=') && (CHAR64(c3) == -1)) goto base64_decode_error;; c4 = value[3]; if ((c4 != '=') && (CHAR64(c4) == -1)) goto base64_decode_error;; value += 4; *out++ = (CHAR64(c1) << 2) | (CHAR64(c2) >> 4); *rlen += 1; if (c3 != '=') { *out++ = ((CHAR64(c2) << 4) & 0xf0) | (CHAR64(c3) >> 2); *rlen += 1; if (c4 != '=') { *out++ = ((CHAR64(c3) << 6) & 0xc0) | CHAR64(c4); *rlen += 1; } } } base64_decode_error: *result = 0; *rlen = 0; return result; } PyKerberos-1.1/src/kerberosgss.c0000644000175000017500000004770312235252557015067 0ustar agxagx/** * Copyright (c) 2006-2013 Apple Inc. All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. **/ #include #include "kerberosgss.h" #include "base64.h" #include #include #include #include static void set_gss_error(OM_uint32 err_maj, OM_uint32 err_min); extern PyObject *GssException_class; extern PyObject *KrbException_class; char* server_principal_details(const char* service, const char* hostname) { char match[1024]; size_t match_len = 0; char* result = NULL; int code; krb5_context kcontext; krb5_keytab kt = NULL; krb5_kt_cursor cursor = NULL; krb5_keytab_entry entry; char* pname = NULL; // Generate the principal prefix we want to match snprintf(match, 1024, "%s/%s@", service, hostname); match_len = strlen(match); code = krb5_init_context(&kcontext); if (code) { PyErr_SetObject(KrbException_class, Py_BuildValue("((s:i))", "Cannot initialize Kerberos5 context", code)); return NULL; } if ((code = krb5_kt_default(kcontext, &kt))) { PyErr_SetObject(KrbException_class, Py_BuildValue("((s:i))", "Cannot get default keytab", code)); goto end; } if ((code = krb5_kt_start_seq_get(kcontext, kt, &cursor))) { PyErr_SetObject(KrbException_class, Py_BuildValue("((s:i))", "Cannot get sequence cursor from keytab", code)); goto end; } while ((code = krb5_kt_next_entry(kcontext, kt, &entry, &cursor)) == 0) { if ((code = krb5_unparse_name(kcontext, entry.principal, &pname))) { PyErr_SetObject(KrbException_class, Py_BuildValue("((s:i))", "Cannot parse principal name from keytab", code)); goto end; } if (strncmp(pname, match, match_len) == 0) { result = malloc(strlen(pname) + 1); strcpy(result, pname); krb5_free_unparsed_name(kcontext, pname); krb5_free_keytab_entry_contents(kcontext, &entry); break; } krb5_free_unparsed_name(kcontext, pname); krb5_free_keytab_entry_contents(kcontext, &entry); } if (result == NULL) { PyErr_SetObject(KrbException_class, Py_BuildValue("((s:i))", "Principal not found in keytab", -1)); } end: if (cursor) krb5_kt_end_seq_get(kcontext, kt, &cursor); if (kt) krb5_kt_close(kcontext, kt); krb5_free_context(kcontext); return result; } int authenticate_gss_client_init(const char* service, const char* principal, long int gss_flags, gss_client_state* state) { OM_uint32 maj_stat; OM_uint32 min_stat; gss_buffer_desc name_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc principal_token = GSS_C_EMPTY_BUFFER; int ret = AUTH_GSS_COMPLETE; state->server_name = GSS_C_NO_NAME; state->context = GSS_C_NO_CONTEXT; state->gss_flags = gss_flags; state->client_creds = GSS_C_NO_CREDENTIAL; state->username = NULL; state->response = NULL; // Import server name first name_token.length = strlen(service); name_token.value = (char *)service; maj_stat = gss_import_name(&min_stat, &name_token, gss_krb5_nt_service_name, &state->server_name); if (GSS_ERROR(maj_stat)) { set_gss_error(maj_stat, min_stat); ret = AUTH_GSS_ERROR; goto end; } // Get credential for principal if (principal && *principal) { gss_name_t name; principal_token.length = strlen(principal); principal_token.value = (char *)principal; maj_stat = gss_import_name(&min_stat, &principal_token, GSS_C_NT_USER_NAME, &name); if (GSS_ERROR(maj_stat)) { set_gss_error(maj_stat, min_stat); ret = AUTH_GSS_ERROR; goto end; } maj_stat = gss_acquire_cred(&min_stat, name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_INITIATE, &state->client_creds, NULL, NULL); if (GSS_ERROR(maj_stat)) { set_gss_error(maj_stat, min_stat); ret = AUTH_GSS_ERROR; goto end; } maj_stat = gss_release_name(&min_stat, &name); if (GSS_ERROR(maj_stat)) { set_gss_error(maj_stat, min_stat); ret = AUTH_GSS_ERROR; goto end; } } end: return ret; } int authenticate_gss_client_clean(gss_client_state *state) { OM_uint32 maj_stat; OM_uint32 min_stat; int ret = AUTH_GSS_COMPLETE; if (state->context != GSS_C_NO_CONTEXT) maj_stat = gss_delete_sec_context(&min_stat, &state->context, GSS_C_NO_BUFFER); if (state->server_name != GSS_C_NO_NAME) maj_stat = gss_release_name(&min_stat, &state->server_name); if (state->client_creds != GSS_C_NO_CREDENTIAL) maj_stat = gss_release_cred(&min_stat, &state->client_creds); if (state->username != NULL) { free(state->username); state->username = NULL; } if (state->response != NULL) { free(state->response); state->response = NULL; } return ret; } int authenticate_gss_client_step(gss_client_state* state, const char* challenge) { OM_uint32 maj_stat; OM_uint32 min_stat; gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; int ret = AUTH_GSS_CONTINUE; // Always clear out the old response if (state->response != NULL) { free(state->response); state->response = NULL; } // If there is a challenge (data from the server) we need to give it to GSS if (challenge && *challenge) { size_t len; input_token.value = base64_decode(challenge, &len); input_token.length = len; } // Do GSSAPI step Py_BEGIN_ALLOW_THREADS maj_stat = gss_init_sec_context(&min_stat, state->client_creds, &state->context, state->server_name, GSS_C_NO_OID, (OM_uint32)state->gss_flags, 0, GSS_C_NO_CHANNEL_BINDINGS, &input_token, NULL, &output_token, NULL, NULL); Py_END_ALLOW_THREADS if ((maj_stat != GSS_S_COMPLETE) && (maj_stat != GSS_S_CONTINUE_NEEDED)) { set_gss_error(maj_stat, min_stat); ret = AUTH_GSS_ERROR; goto end; } ret = (maj_stat == GSS_S_COMPLETE) ? AUTH_GSS_COMPLETE : AUTH_GSS_CONTINUE; // Grab the client response to send back to the server if (output_token.length) { state->response = base64_encode((const unsigned char *)output_token.value, output_token.length);; maj_stat = gss_release_buffer(&min_stat, &output_token); } // Try to get the user name if we have completed all GSS operations if (ret == AUTH_GSS_COMPLETE) { gss_name_t gssuser = GSS_C_NO_NAME; maj_stat = gss_inquire_context(&min_stat, state->context, &gssuser, NULL, NULL, NULL, NULL, NULL, NULL); if (GSS_ERROR(maj_stat)) { set_gss_error(maj_stat, min_stat); ret = AUTH_GSS_ERROR; goto end; } gss_buffer_desc name_token; name_token.length = 0; maj_stat = gss_display_name(&min_stat, gssuser, &name_token, NULL); if (GSS_ERROR(maj_stat)) { if (name_token.value) gss_release_buffer(&min_stat, &name_token); gss_release_name(&min_stat, &gssuser); set_gss_error(maj_stat, min_stat); ret = AUTH_GSS_ERROR; goto end; } else { state->username = (char *)malloc(name_token.length + 1); strncpy(state->username, (char*) name_token.value, name_token.length); state->username[name_token.length] = 0; gss_release_buffer(&min_stat, &name_token); gss_release_name(&min_stat, &gssuser); } } end: if (output_token.value) gss_release_buffer(&min_stat, &output_token); if (input_token.value) free(input_token.value); return ret; } int authenticate_gss_client_unwrap(gss_client_state *state, const char *challenge) { OM_uint32 maj_stat; OM_uint32 min_stat; gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; int ret = AUTH_GSS_CONTINUE; int conf = 0; // Always clear out the old response if (state->response != NULL) { free(state->response); state->response = NULL; state->responseConf = 0; } // If there is a challenge (data from the server) we need to give it to GSS if (challenge && *challenge) { size_t len; input_token.value = base64_decode(challenge, &len); input_token.length = len; } // Do GSSAPI step maj_stat = gss_unwrap(&min_stat, state->context, &input_token, &output_token, &conf, NULL); if (maj_stat != GSS_S_COMPLETE) { set_gss_error(maj_stat, min_stat); ret = AUTH_GSS_ERROR; goto end; } else ret = AUTH_GSS_COMPLETE; // Grab the client response if (output_token.length) { state->response = base64_encode((const unsigned char *)output_token.value, output_token.length); state->responseConf = conf; maj_stat = gss_release_buffer(&min_stat, &output_token); } end: if (output_token.value) gss_release_buffer(&min_stat, &output_token); if (input_token.value) free(input_token.value); return ret; } int authenticate_gss_client_wrap(gss_client_state* state, const char* challenge, const char* user, int protect) { OM_uint32 maj_stat; OM_uint32 min_stat; gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; int ret = AUTH_GSS_CONTINUE; char buf[4096], server_conf_flags; unsigned long buf_size; // Always clear out the old response if (state->response != NULL) { free(state->response); state->response = NULL; } if (challenge && *challenge) { size_t len; input_token.value = base64_decode(challenge, &len); input_token.length = len; } if (user) { // get bufsize server_conf_flags = ((char*) input_token.value)[0]; ((char*) input_token.value)[0] = 0; buf_size = ntohl(*((long *) input_token.value)); free(input_token.value); #ifdef PRINTFS printf("User: %s, %c%c%c\n", user, server_conf_flags & GSS_AUTH_P_NONE ? 'N' : '-', server_conf_flags & GSS_AUTH_P_INTEGRITY ? 'I' : '-', server_conf_flags & GSS_AUTH_P_PRIVACY ? 'P' : '-'); printf("Maximum GSS token size is %ld\n", buf_size); #endif // agree to terms (hack!) buf_size = htonl(buf_size); // not relevant without integrity/privacy memcpy(buf, &buf_size, 4); buf[0] = GSS_AUTH_P_NONE; // server decides if principal can log in as user strncpy(buf + 4, user, sizeof(buf) - 4); input_token.value = buf; input_token.length = 4 + strlen(user); } // Do GSSAPI wrap maj_stat = gss_wrap(&min_stat, state->context, protect, GSS_C_QOP_DEFAULT, &input_token, NULL, &output_token); if (maj_stat != GSS_S_COMPLETE) { set_gss_error(maj_stat, min_stat); ret = AUTH_GSS_ERROR; goto end; } else ret = AUTH_GSS_COMPLETE; // Grab the client response to send back to the server if (output_token.length) { state->response = base64_encode((const unsigned char *)output_token.value, output_token.length);; maj_stat = gss_release_buffer(&min_stat, &output_token); } end: if (output_token.value) gss_release_buffer(&min_stat, &output_token); return ret; } int authenticate_gss_server_init(const char *service, gss_server_state *state) { OM_uint32 maj_stat; OM_uint32 min_stat; gss_buffer_desc name_token = GSS_C_EMPTY_BUFFER; int ret = AUTH_GSS_COMPLETE; state->context = GSS_C_NO_CONTEXT; state->server_name = GSS_C_NO_NAME; state->client_name = GSS_C_NO_NAME; state->server_creds = GSS_C_NO_CREDENTIAL; state->client_creds = GSS_C_NO_CREDENTIAL; state->username = NULL; state->targetname = NULL; state->response = NULL; // Server name may be empty which means we aren't going to create our own creds size_t service_len = strlen(service); if (service_len != 0) { // Import server name first name_token.length = strlen(service); name_token.value = (char *)service; maj_stat = gss_import_name(&min_stat, &name_token, GSS_C_NT_HOSTBASED_SERVICE, &state->server_name); if (GSS_ERROR(maj_stat)) { set_gss_error(maj_stat, min_stat); ret = AUTH_GSS_ERROR; goto end; } // Get credentials maj_stat = gss_acquire_cred(&min_stat, state->server_name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_ACCEPT, &state->server_creds, NULL, NULL); if (GSS_ERROR(maj_stat)) { set_gss_error(maj_stat, min_stat); ret = AUTH_GSS_ERROR; goto end; } } end: return ret; } int authenticate_gss_server_clean(gss_server_state *state) { OM_uint32 maj_stat; OM_uint32 min_stat; int ret = AUTH_GSS_COMPLETE; if (state->context != GSS_C_NO_CONTEXT) maj_stat = gss_delete_sec_context(&min_stat, &state->context, GSS_C_NO_BUFFER); if (state->server_name != GSS_C_NO_NAME) maj_stat = gss_release_name(&min_stat, &state->server_name); if (state->client_name != GSS_C_NO_NAME) maj_stat = gss_release_name(&min_stat, &state->client_name); if (state->server_creds != GSS_C_NO_CREDENTIAL) maj_stat = gss_release_cred(&min_stat, &state->server_creds); if (state->client_creds != GSS_C_NO_CREDENTIAL) maj_stat = gss_release_cred(&min_stat, &state->client_creds); if (state->username != NULL) { free(state->username); state->username = NULL; } if (state->targetname != NULL) { free(state->targetname); state->targetname = NULL; } if (state->response != NULL) { free(state->response); state->response = NULL; } return ret; } int authenticate_gss_server_step(gss_server_state *state, const char *challenge) { OM_uint32 maj_stat; OM_uint32 min_stat; gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; int ret = AUTH_GSS_CONTINUE; // Always clear out the old response if (state->response != NULL) { free(state->response); state->response = NULL; } // If there is a challenge (data from the server) we need to give it to GSS if (challenge && *challenge) { size_t len; input_token.value = base64_decode(challenge, &len); input_token.length = len; } else { PyErr_SetString(KrbException_class, "No challenge parameter in request from client"); ret = AUTH_GSS_ERROR; goto end; } Py_BEGIN_ALLOW_THREADS maj_stat = gss_accept_sec_context(&min_stat, &state->context, state->server_creds, &input_token, GSS_C_NO_CHANNEL_BINDINGS, &state->client_name, NULL, &output_token, NULL, NULL, &state->client_creds); Py_END_ALLOW_THREADS if (GSS_ERROR(maj_stat)) { set_gss_error(maj_stat, min_stat); ret = AUTH_GSS_ERROR; goto end; } // Grab the server response to send back to the client if (output_token.length) { state->response = base64_encode((const unsigned char *)output_token.value, output_token.length);; maj_stat = gss_release_buffer(&min_stat, &output_token); } // Get the user name maj_stat = gss_display_name(&min_stat, state->client_name, &output_token, NULL); if (GSS_ERROR(maj_stat)) { set_gss_error(maj_stat, min_stat); ret = AUTH_GSS_ERROR; goto end; } state->username = (char *)malloc(output_token.length + 1); strncpy(state->username, (char*) output_token.value, output_token.length); state->username[output_token.length] = 0; // Get the target name if no server creds were supplied if (state->server_creds == GSS_C_NO_CREDENTIAL) { gss_name_t target_name = GSS_C_NO_NAME; maj_stat = gss_inquire_context(&min_stat, state->context, NULL, &target_name, NULL, NULL, NULL, NULL, NULL); if (GSS_ERROR(maj_stat)) { set_gss_error(maj_stat, min_stat); ret = AUTH_GSS_ERROR; goto end; } maj_stat = gss_display_name(&min_stat, target_name, &output_token, NULL); if (GSS_ERROR(maj_stat)) { set_gss_error(maj_stat, min_stat); ret = AUTH_GSS_ERROR; goto end; } state->targetname = (char *)malloc(output_token.length + 1); strncpy(state->targetname, (char*) output_token.value, output_token.length); state->targetname[output_token.length] = 0; } ret = AUTH_GSS_COMPLETE; end: if (output_token.length) gss_release_buffer(&min_stat, &output_token); if (input_token.value) free(input_token.value); return ret; } static void set_gss_error(OM_uint32 err_maj, OM_uint32 err_min) { OM_uint32 maj_stat, min_stat; OM_uint32 msg_ctx = 0; gss_buffer_desc status_string; char buf_maj[512]; char buf_min[512]; do { maj_stat = gss_display_status (&min_stat, err_maj, GSS_C_GSS_CODE, GSS_C_NO_OID, &msg_ctx, &status_string); if (GSS_ERROR(maj_stat)) break; strncpy(buf_maj, (char*) status_string.value, sizeof(buf_maj)); gss_release_buffer(&min_stat, &status_string); maj_stat = gss_display_status (&min_stat, err_min, GSS_C_MECH_CODE, GSS_C_NULL_OID, &msg_ctx, &status_string); if (!GSS_ERROR(maj_stat)) { strncpy(buf_min, (char*) status_string.value, sizeof(buf_min)); gss_release_buffer(&min_stat, &status_string); } } while (!GSS_ERROR(maj_stat) && msg_ctx != 0); PyErr_SetObject(GssException_class, Py_BuildValue("((s:i)(s:i))", buf_maj, err_maj, buf_min, err_min)); } PyKerberos-1.1/src/kerberosbasic.c0000644000175000017500000000757312235252557015355 0ustar agxagx/** * Copyright (c) 2006-2013 Apple Inc. All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. **/ #include #include "kerberosbasic.h" #include #include #include #undef PRINTFS extern PyObject *BasicAuthException_class; static void set_basicauth_error(krb5_context context, krb5_error_code code); static krb5_error_code verify_krb5_user(krb5_context context, krb5_principal principal, const char *password, krb5_principal server); int authenticate_user_krb5pwd(const char *user, const char *pswd, const char *service, const char *default_realm) { krb5_context kcontext = NULL; krb5_error_code code; krb5_principal client = NULL; krb5_principal server = NULL; int ret = 0; char *name = NULL; char *p = NULL; code = krb5_init_context(&kcontext); if (code) { PyErr_SetObject(BasicAuthException_class, Py_BuildValue("((s:i))", "Cannot initialize Kerberos5 context", code)); return 0; } ret = krb5_parse_name (kcontext, service, &server); if (ret) { set_basicauth_error(kcontext, ret); ret = 0; goto end; } code = krb5_unparse_name(kcontext, server, &name); if (code) { set_basicauth_error(kcontext, code); ret = 0; goto end; } #ifdef PRINTFS printf("Using %s as server principal for password verification\n", name); #endif free(name); name = NULL; name = (char *)malloc(256); p = strchr(user, '@'); if (p == NULL) { snprintf(name, 256, "%s@%s", user, default_realm); } else { snprintf(name, 256, "%s", user); } code = krb5_parse_name(kcontext, name, &client); if (code) { set_basicauth_error(kcontext, code); ret = 0; goto end; } code = verify_krb5_user(kcontext, client, pswd, server); if (code) { ret = 0; goto end; } ret = 1; end: #ifdef PRINTFS printf("kerb_authenticate_user_krb5pwd ret=%d user=%s authtype=%s\n", ret, user, "Basic"); #endif if (name) free(name); if (client) krb5_free_principal(kcontext, client); if (server) krb5_free_principal(kcontext, server); krb5_free_context(kcontext); return ret; } /* Inspired by krb5_verify_user from Heimdal */ static krb5_error_code verify_krb5_user(krb5_context context, krb5_principal principal, const char *password, krb5_principal server) { krb5_creds creds; krb5_get_init_creds_opt gic_options; krb5_error_code ret; char *name = NULL; memset(&creds, 0, sizeof(creds)); ret = krb5_unparse_name(context, principal, &name); if (ret == 0) { #ifdef PRINTFS printf("Trying to get TGT for user %s\n", name); #endif free(name); } krb5_get_init_creds_opt_init(&gic_options); ret = krb5_get_init_creds_password(context, &creds, principal, (char *)password, NULL, NULL, 0, NULL, &gic_options); if (ret) { set_basicauth_error(context, ret); goto end; } end: krb5_free_cred_contents(context, &creds); return ret; } static void set_basicauth_error(krb5_context context, krb5_error_code code) { PyErr_SetObject(BasicAuthException_class, Py_BuildValue("(s:i)", krb5_get_err_text(context, code), code)); } PyKerberos-1.1/src/kerberospw.c0000644000175000017500000001047612235252557014716 0ustar agxagx/** * Copyright (c) 2008 Guido Guenther * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. **/ #include #include "kerberospw.h" #include #include #include #undef PRINTFS extern PyObject *PwdChangeException_class; static void set_pwchange_error(krb5_context context, krb5_error_code code) { PyErr_SetObject(PwdChangeException_class, Py_BuildValue("(s:i)", krb5_get_err_text(context, code), code)); } /* Inspired by krb5_verify_user from Heimdal */ static krb5_error_code verify_krb5_user(krb5_context context, krb5_principal principal, const char *password, const char *service, krb5_creds* creds) { krb5_get_init_creds_opt gic_options; krb5_error_code code; int ret = 0; #ifdef PRINTFS { char *name = NULL; code = krb5_unparse_name(context, principal, &name); if (!code) printf("Trying to get TGT for user %s\n", name); free(name); } #endif krb5_get_init_creds_opt_init(&gic_options); krb5_get_init_creds_opt_set_forwardable(&gic_options, 0); krb5_get_init_creds_opt_set_proxiable(&gic_options, 0); krb5_get_init_creds_opt_set_renew_life(&gic_options, 0); memset(creds, 0, sizeof(krb5_creds)); code = krb5_get_init_creds_password(context, creds, principal, (char *)password, NULL, NULL, 0, (char *)service, &gic_options); if (code) { set_pwchange_error(context, code); goto end; } ret = 1; /* success */ end: return ret; } int change_user_krb5pwd(const char *user, const char* oldpswd, const char *newpswd) { krb5_context kcontext = NULL; krb5_error_code code; krb5_principal client = NULL; krb5_creds creds; int ret = 0; char *name = NULL; const char* service = "kadmin/changepw"; int result_code; krb5_data result_code_string, result_string; code = krb5_init_context(&kcontext); if (code) { PyErr_SetObject(PwdChangeException_class, Py_BuildValue("((s:i))", "Cannot initialize Kerberos5 context", code)); return 0; } name = (char *)malloc(256); snprintf(name, 256, "%s", user); code = krb5_parse_name(kcontext, name, &client); if (code) { set_pwchange_error(kcontext, code); goto end; } code = verify_krb5_user(kcontext, client, oldpswd, service, &creds); if (!code) /* exception set by verify_krb5_user */ goto end; code = krb5_change_password(kcontext, &creds, (char*)newpswd, &result_code, &result_code_string, &result_string); if (code) { set_pwchange_error(kcontext, code); goto end; } if (result_code) { char *message = NULL; asprintf(&message, "%.*s: %.*s", (int) result_code_string.length, (char *) result_code_string.data, (int) result_string.length, (char *) result_string.data); PyErr_SetObject(PwdChangeException_class, Py_BuildValue("((s:i))", message, result_code)); free(message); goto end; } ret = 1; /* success */ end: #ifdef PRINTFS printf("%s: ret=%d user=%s\n", __FUNCTION__, ret, name); #endif if (name) free(name); if (client) krb5_free_principal(kcontext, client); krb5_free_context(kcontext); return ret; } PyKerberos-1.1/src/kerberosgss.h0000644000175000017500000000440412235252557015063 0ustar agxagx/** * Copyright (c) 2006-2013 Apple Inc. All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. **/ #include #include #include #define krb5_get_err_text(context,code) error_message(code) #define AUTH_GSS_ERROR -1 #define AUTH_GSS_COMPLETE 1 #define AUTH_GSS_CONTINUE 0 #define GSS_AUTH_P_NONE 1 #define GSS_AUTH_P_INTEGRITY 2 #define GSS_AUTH_P_PRIVACY 4 typedef struct { gss_ctx_id_t context; gss_name_t server_name; long int gss_flags; gss_cred_id_t client_creds; char* username; char* response; int responseConf; } gss_client_state; typedef struct { gss_ctx_id_t context; gss_name_t server_name; gss_name_t client_name; gss_cred_id_t server_creds; gss_cred_id_t client_creds; char* username; char* targetname; char* response; } gss_server_state; char* server_principal_details(const char* service, const char* hostname); int authenticate_gss_client_init(const char* service, const char* principal, long int gss_flags, gss_client_state* state); int authenticate_gss_client_clean(gss_client_state *state); int authenticate_gss_client_step(gss_client_state *state, const char *challenge); int authenticate_gss_client_unwrap(gss_client_state* state, const char* challenge); int authenticate_gss_client_wrap(gss_client_state* state, const char* challenge, const char* user, int protect); int authenticate_gss_server_init(const char* service, gss_server_state* state); int authenticate_gss_server_clean(gss_server_state *state); int authenticate_gss_server_step(gss_server_state *state, const char *challenge); PyKerberos-1.1/src/kerberos.c0000644000175000017500000003446012235252557014346 0ustar agxagx/** * Copyright (c) 2006-2013 Apple Inc. All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. **/ #include #include "kerberosbasic.h" #include "kerberospw.h" #include "kerberosgss.h" PyObject *KrbException_class; PyObject *BasicAuthException_class; PyObject *PwdChangeException_class; PyObject *GssException_class; static PyObject *checkPassword(PyObject *self, PyObject *args) { const char *user = NULL; const char *pswd = NULL; const char *service = NULL; const char *default_realm = NULL; int result = 0; if (!PyArg_ParseTuple(args, "ssss", &user, &pswd, &service, &default_realm)) return NULL; result = authenticate_user_krb5pwd(user, pswd, service, default_realm); if (result) return Py_INCREF(Py_True), Py_True; else return NULL; } static PyObject *changePassword(PyObject *self, PyObject *args) { const char *newpswd = NULL; const char *oldpswd = NULL; const char *user = NULL; int result = 0; if (!PyArg_ParseTuple(args, "sss", &user, &oldpswd, &newpswd)) return NULL; result = change_user_krb5pwd(user, oldpswd, newpswd); if (result) return Py_INCREF(Py_True), Py_True; else return NULL; } static PyObject *getServerPrincipalDetails(PyObject *self, PyObject *args) { const char *service = NULL; const char *hostname = NULL; char* result; if (!PyArg_ParseTuple(args, "ss", &service, &hostname)) return NULL; result = server_principal_details(service, hostname); if (result != NULL) { PyObject* pyresult = Py_BuildValue("s", result); free(result); return pyresult; } else return NULL; } static PyObject* authGSSClientInit(PyObject* self, PyObject* args, PyObject* keywds) { const char *service = NULL; const char *principal = NULL; gss_client_state *state; PyObject *pystate; static char *kwlist[] = {"service", "principal", "gssflags", NULL}; long int gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; int result = 0; if (!PyArg_ParseTupleAndKeywords(args, keywds, "s|zl", kwlist, &service, &principal, &gss_flags)) return NULL; state = (gss_client_state *) malloc(sizeof(gss_client_state)); pystate = PyCObject_FromVoidPtr(state, NULL); result = authenticate_gss_client_init(service, principal, gss_flags, state); if (result == AUTH_GSS_ERROR) return NULL; return Py_BuildValue("(iO)", result, pystate); } static PyObject *authGSSClientClean(PyObject *self, PyObject *args) { gss_client_state *state; PyObject *pystate; int result = 0; if (!PyArg_ParseTuple(args, "O", &pystate)) return NULL; if (!PyCObject_Check(pystate)) { PyErr_SetString(PyExc_TypeError, "Expected a context object"); return NULL; } state = (gss_client_state *)PyCObject_AsVoidPtr(pystate); if (state != NULL) { result = authenticate_gss_client_clean(state); free(state); PyCObject_SetVoidPtr(pystate, NULL); } return Py_BuildValue("i", result); } static PyObject *authGSSClientStep(PyObject *self, PyObject *args) { gss_client_state *state; PyObject *pystate; char *challenge = NULL; int result = 0; if (!PyArg_ParseTuple(args, "Os", &pystate, &challenge)) return NULL; if (!PyCObject_Check(pystate)) { PyErr_SetString(PyExc_TypeError, "Expected a context object"); return NULL; } state = (gss_client_state *)PyCObject_AsVoidPtr(pystate); if (state == NULL) return NULL; result = authenticate_gss_client_step(state, challenge); if (result == AUTH_GSS_ERROR) return NULL; return Py_BuildValue("i", result); } static PyObject *authGSSClientResponseConf(PyObject *self, PyObject *args) { gss_client_state *state; PyObject *pystate; if (!PyArg_ParseTuple(args, "O", &pystate)) return NULL; if (!PyCObject_Check(pystate)) { PyErr_SetString(PyExc_TypeError, "Expected a context object"); return NULL; } state = (gss_client_state *)PyCObject_AsVoidPtr(pystate); if (state == NULL) return NULL; return Py_BuildValue("i", state->responseConf); } static PyObject *authGSSClientResponse(PyObject *self, PyObject *args) { gss_client_state *state; PyObject *pystate; if (!PyArg_ParseTuple(args, "O", &pystate)) return NULL; if (!PyCObject_Check(pystate)) { PyErr_SetString(PyExc_TypeError, "Expected a context object"); return NULL; } state = (gss_client_state *)PyCObject_AsVoidPtr(pystate); if (state == NULL) return NULL; return Py_BuildValue("s", state->response); } static PyObject *authGSSClientUserName(PyObject *self, PyObject *args) { gss_client_state *state; PyObject *pystate; if (!PyArg_ParseTuple(args, "O", &pystate)) return NULL; if (!PyCObject_Check(pystate)) { PyErr_SetString(PyExc_TypeError, "Expected a context object"); return NULL; } state = (gss_client_state *)PyCObject_AsVoidPtr(pystate); if (state == NULL) return NULL; return Py_BuildValue("s", state->username); } static PyObject *authGSSClientUnwrap(PyObject *self, PyObject *args) { gss_client_state *state; PyObject *pystate; char *challenge = NULL; int result = 0; if (!PyArg_ParseTuple(args, "Os", &pystate, &challenge)) return NULL; if (!PyCObject_Check(pystate)) { PyErr_SetString(PyExc_TypeError, "Expected a context object"); return NULL; } state = (gss_client_state *)PyCObject_AsVoidPtr(pystate); if (state == NULL) return NULL; result = authenticate_gss_client_unwrap(state, challenge); if (result == AUTH_GSS_ERROR) return NULL; return Py_BuildValue("i", result); } static PyObject *authGSSClientWrap(PyObject *self, PyObject *args) { gss_client_state *state; PyObject *pystate; char *challenge = NULL; char *user = NULL; int protect = 0; int result = 0; if (!PyArg_ParseTuple(args, "Os|zi", &pystate, &challenge, &user, &protect)) return NULL; if (!PyCObject_Check(pystate)) { PyErr_SetString(PyExc_TypeError, "Expected a context object"); return NULL; } state = (gss_client_state *)PyCObject_AsVoidPtr(pystate); if (state == NULL) return NULL; result = authenticate_gss_client_wrap(state, challenge, user, protect); if (result == AUTH_GSS_ERROR) return NULL; return Py_BuildValue("i", result); } static PyObject *authGSSServerInit(PyObject *self, PyObject *args) { const char *service = NULL; gss_server_state *state; PyObject *pystate; int result = 0; if (!PyArg_ParseTuple(args, "s", &service)) return NULL; state = (gss_server_state *) malloc(sizeof(gss_server_state)); pystate = PyCObject_FromVoidPtr(state, NULL); result = authenticate_gss_server_init(service, state); if (result == AUTH_GSS_ERROR) return NULL; return Py_BuildValue("(iO)", result, pystate); } static PyObject *authGSSServerClean(PyObject *self, PyObject *args) { gss_server_state *state; PyObject *pystate; int result = 0; if (!PyArg_ParseTuple(args, "O", &pystate)) return NULL; if (!PyCObject_Check(pystate)) { PyErr_SetString(PyExc_TypeError, "Expected a context object"); return NULL; } state = (gss_server_state *)PyCObject_AsVoidPtr(pystate); if (state != NULL) { result = authenticate_gss_server_clean(state); free(state); PyCObject_SetVoidPtr(pystate, NULL); } return Py_BuildValue("i", result); } static PyObject *authGSSServerStep(PyObject *self, PyObject *args) { gss_server_state *state; PyObject *pystate; char *challenge = NULL; int result = 0; if (!PyArg_ParseTuple(args, "Os", &pystate, &challenge)) return NULL; if (!PyCObject_Check(pystate)) { PyErr_SetString(PyExc_TypeError, "Expected a context object"); return NULL; } state = (gss_server_state *)PyCObject_AsVoidPtr(pystate); if (state == NULL) return NULL; result = authenticate_gss_server_step(state, challenge); if (result == AUTH_GSS_ERROR) return NULL; return Py_BuildValue("i", result); } static PyObject *authGSSServerResponse(PyObject *self, PyObject *args) { gss_server_state *state; PyObject *pystate; if (!PyArg_ParseTuple(args, "O", &pystate)) return NULL; if (!PyCObject_Check(pystate)) { PyErr_SetString(PyExc_TypeError, "Expected a context object"); return NULL; } state = (gss_server_state *)PyCObject_AsVoidPtr(pystate); if (state == NULL) return NULL; return Py_BuildValue("s", state->response); } static PyObject *authGSSServerUserName(PyObject *self, PyObject *args) { gss_server_state *state; PyObject *pystate; if (!PyArg_ParseTuple(args, "O", &pystate)) return NULL; if (!PyCObject_Check(pystate)) { PyErr_SetString(PyExc_TypeError, "Expected a context object"); return NULL; } state = (gss_server_state *)PyCObject_AsVoidPtr(pystate); if (state == NULL) return NULL; return Py_BuildValue("s", state->username); } static PyObject *authGSSServerTargetName(PyObject *self, PyObject *args) { gss_server_state *state; PyObject *pystate; if (!PyArg_ParseTuple(args, "O", &pystate)) return NULL; if (!PyCObject_Check(pystate)) { PyErr_SetString(PyExc_TypeError, "Expected a context object"); return NULL; } state = (gss_server_state *)PyCObject_AsVoidPtr(pystate); if (state == NULL) return NULL; return Py_BuildValue("s", state->targetname); } static PyMethodDef KerberosMethods[] = { {"checkPassword", checkPassword, METH_VARARGS, "Check the supplied user/password against Kerberos KDC."}, {"changePassword", changePassword, METH_VARARGS, "Change the user password."}, {"getServerPrincipalDetails", getServerPrincipalDetails, METH_VARARGS, "Return the service principal for a given service and hostname."}, {"authGSSClientInit", (PyCFunction)authGSSClientInit, METH_VARARGS | METH_KEYWORDS, "Initialize client-side GSSAPI operations."}, {"authGSSClientClean", authGSSClientClean, METH_VARARGS, "Terminate client-side GSSAPI operations."}, {"authGSSClientStep", authGSSClientStep, METH_VARARGS, "Do a client-side GSSAPI step."}, {"authGSSClientResponse", authGSSClientResponse, METH_VARARGS, "Get the response from the last client-side GSSAPI step."}, {"authGSSClientResponseConf", authGSSClientResponseConf, METH_VARARGS, "return 1 if confidentiality was set in the last unwrapped buffer, 0 otherwise."}, {"authGSSClientUserName", authGSSClientUserName, METH_VARARGS, "Get the user name from the last client-side GSSAPI step."}, {"authGSSServerInit", authGSSServerInit, METH_VARARGS, "Initialize server-side GSSAPI operations."}, {"authGSSClientWrap", authGSSClientWrap, METH_VARARGS, "Do a GSSAPI wrap."}, {"authGSSClientUnwrap", authGSSClientUnwrap, METH_VARARGS, "Do a GSSAPI unwrap."}, {"authGSSServerClean", authGSSServerClean, METH_VARARGS, "Terminate server-side GSSAPI operations."}, {"authGSSServerStep", authGSSServerStep, METH_VARARGS, "Do a server-side GSSAPI step."}, {"authGSSServerResponse", authGSSServerResponse, METH_VARARGS, "Get the response from the last server-side GSSAPI step."}, {"authGSSServerUserName", authGSSServerUserName, METH_VARARGS, "Get the user name from the last server-side GSSAPI step."}, {"authGSSServerTargetName", authGSSServerTargetName, METH_VARARGS, "Get the target name from the last server-side GSSAPI step."}, {NULL, NULL, 0, NULL} /* Sentinel */ }; PyMODINIT_FUNC initkerberos(void) { PyObject *m,*d; m = Py_InitModule("kerberos", KerberosMethods); d = PyModule_GetDict(m); /* create the base exception class */ if (!(KrbException_class = PyErr_NewException("kerberos.KrbError", NULL, NULL))) goto error; PyDict_SetItemString(d, "KrbError", KrbException_class); Py_INCREF(KrbException_class); /* ...and the derived exceptions */ if (!(BasicAuthException_class = PyErr_NewException("kerberos.BasicAuthError", KrbException_class, NULL))) goto error; Py_INCREF(BasicAuthException_class); PyDict_SetItemString(d, "BasicAuthError", BasicAuthException_class); if (!(PwdChangeException_class = PyErr_NewException("kerberos.PwdChangeError", KrbException_class, NULL))) goto error; Py_INCREF(PwdChangeException_class); PyDict_SetItemString(d, "PwdChangeError", PwdChangeException_class); if (!(GssException_class = PyErr_NewException("kerberos.GSSError", KrbException_class, NULL))) goto error; Py_INCREF(GssException_class); PyDict_SetItemString(d, "GSSError", GssException_class); PyDict_SetItemString(d, "AUTH_GSS_COMPLETE", PyInt_FromLong(AUTH_GSS_COMPLETE)); PyDict_SetItemString(d, "AUTH_GSS_CONTINUE", PyInt_FromLong(AUTH_GSS_CONTINUE)); PyDict_SetItemString(d, "GSS_C_DELEG_FLAG", PyInt_FromLong(GSS_C_DELEG_FLAG)); PyDict_SetItemString(d, "GSS_C_MUTUAL_FLAG", PyInt_FromLong(GSS_C_MUTUAL_FLAG)); PyDict_SetItemString(d, "GSS_C_REPLAY_FLAG", PyInt_FromLong(GSS_C_REPLAY_FLAG)); PyDict_SetItemString(d, "GSS_C_SEQUENCE_FLAG", PyInt_FromLong(GSS_C_SEQUENCE_FLAG)); PyDict_SetItemString(d, "GSS_C_CONF_FLAG", PyInt_FromLong(GSS_C_CONF_FLAG)); PyDict_SetItemString(d, "GSS_C_INTEG_FLAG", PyInt_FromLong(GSS_C_INTEG_FLAG)); PyDict_SetItemString(d, "GSS_C_ANON_FLAG", PyInt_FromLong(GSS_C_ANON_FLAG)); PyDict_SetItemString(d, "GSS_C_PROT_READY_FLAG", PyInt_FromLong(GSS_C_PROT_READY_FLAG)); PyDict_SetItemString(d, "GSS_C_TRANS_FLAG", PyInt_FromLong(GSS_C_TRANS_FLAG)); error: if (PyErr_Occurred()) PyErr_SetString(PyExc_ImportError, "kerberos: init failed"); } PyKerberos-1.1/src/base64.h0000644000175000017500000000140412235252557013613 0ustar agxagx/** * Copyright (c) 2006-2013 Apple Inc. All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. **/ #include char *base64_encode(const unsigned char *value, size_t vlen); unsigned char *base64_decode(const char *value, size_t *rlen); PyKerberos-1.1/src/kerberosbasic.h0000644000175000017500000000160212235252557015345 0ustar agxagx/** * Copyright (c) 2006-2013 Apple Inc. All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. **/ #include #include #include #define krb5_get_err_text(context,code) error_message(code) int authenticate_user_krb5pwd(const char *user, const char *pswd, const char *service, const char *default_realm); PyKerberos-1.1/README.txt0000644000175000017500000000473512235252557013277 0ustar agxagx========================================================= PyKerberos Package Copyright (c) 2006-2013 Apple Inc. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ========================================================= This Python package is a high-level wrapper for Kerberos (GSSAPI) operations. The goal is to avoid having to build a module that wraps the entire Kerberos.framework, and instead offer a limited set of functions that do what is needed for client/server Kerberos authentication based on . Much of the C-code here is adapted from Apache's mod_auth_kerb-5.0rc7. ======== CONTENTS ======== src/ : directory in which C source code resides. setup.py : Python distutils extension build script. config/ : directory of useful Kerberos config files. edu.mit.Kerberos : example Kerberos .ini file. README.txt : this file! kerberos.py : Python api documentation/stub implementation. ===== BUILD ===== In this directory, run: python setup.py build ======= TESTING ======= You must have a valid Kerberos setup on the test machine and you should ensure that you have valid Kerberos tickets for any client authentication being done (run 'klist' on the command line). Additionally, for the server: it must have been configured as a valid Kerberos service with the Kerbersos server for its realm - this usually requires running kadmin on the server machine to add the principal and generate a keytab entry for it (run 'sudo klist -k' to see the currently available keytab entries). Make sure that PYTHONPATH includes the appropriate build/lib.xxxx directory. Then run test.py with suitable command line arguments: python test.py -u userid -p password -s service -u : user id for basic authenticate -p : password for basic authenticate -s : service principal for GSSAPI authentication (defaults to 'http@host.example.com') =========== Python APIs =========== See kerberos.py. PyKerberos-1.1/LICENSE0000644000175000017500000002613612235252557012605 0ustar agxagx Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. PyKerberos-1.1/pysrc/0000755000175000017500000000000012235252557012730 5ustar agxagxPyKerberos-1.1/pysrc/kerberos.py0000644000175000017500000002243012235252557015117 0ustar agxagx## # Copyright (c) 2006-2013 Apple Inc. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ## """ PyKerberos Function Description. """ class KrbError(Exception): pass class BasicAuthError(KrbError): pass class GSSError(KrbError): pass def checkPassword(user, pswd, service, default_realm): """ This function provides a simple way to verify that a user name and password match those normally used for Kerberos authentication. It does this by checking that the supplied user name and password can be used to get a ticket for the supplied service. If the user name does not contain a realm, then the default realm supplied is used. NB For this to work properly the Kerberos must be configured properly on this machine. That will likely mean ensuring that the edu.mit.Kerberos preference file has the correct realms and KDCs listed. @param user: a string containing the Kerberos user name. A realm may be included by appending an '@' followed by the realm string to the actual user id. If no realm is supplied, then the realm set in the default_realm argument will be used. @param pswd: a string containing the password for the user. @param service: a string containging the Kerberos service to check access for. This will be of the form 'sss/xx.yy.zz', where 'sss' is the service identifier (e.g., 'http', 'krbtgt'), and 'xx.yy.zz' is the hostname of the server. @param default_realm: a string containing the default realm to use if one is not supplied in the user argument. Note that Kerberos realms are normally all uppercase (e.g., 'EXAMPLE.COM'). @return: True if authentication succeeds, False otherwise. """ def changePassword(user, oldpswd, newpswd): """ This function allows to change the user password on the KDC. @param user: a string containing the Kerberos user name. A realm may be included by appending an '@' followed by the realm string to the actual user id. If no realm is supplied, then the realm set in the default_realm argument will be used. @param oldpswd: a string containing the old (current) password for the user. @param newpswd: a string containging the new password for the user. @return: True if password changing succeeds, False otherwise. """ def getServerPrincipalDetails(service, hostname): """ This function returns the service principal for the server given a service type and hostname. Details are looked up via the /etc/keytab file. @param service: a string containing the Kerberos service type for the server. @param hostname: a string containing the hostname of the server. @return: a string containing the service principal. """ """ GSSAPI Function Result Codes: -1 : Error 0 : GSSAPI step continuation (only returned by 'Step' function) 1 : GSSAPI step complete, or function return OK """ # Some useful result codes AUTH_GSS_CONTINUE = 0 AUTH_GSS_COMPLETE = 1 # Some useful gss flags GSS_C_DELEG_FLAG = 1 GSS_C_MUTUAL_FLAG = 2 GSS_C_REPLAY_FLAG = 4 GSS_C_SEQUENCE_FLAG = 8 GSS_C_CONF_FLAG = 16 GSS_C_INTEG_FLAG = 32 GSS_C_ANON_FLAG = 64 GSS_C_PROT_READY_FLAG = 128 GSS_C_TRANS_FLAG = 256 def authGSSClientInit(service, principal=None, gssflags=GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG): """ Initializes a context for GSSAPI client-side authentication with the given service principal. authGSSClientClean must be called after this function returns an OK result to dispose of the context once all GSSAPI operations are complete. @param service: a string containing the service principal in the form 'type@fqdn' (e.g. 'imap@mail.apple.com'). @param principal: optional string containing the client principal in the form 'user@realm' (e.g. 'jdoe@example.com'). @param gssflags: optional integer used to set GSS flags. (e.g. GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG will allow for forwarding credentials to the remote host) @return: a tuple of (result, context) where result is the result code (see above) and context is an opaque value that will need to be passed to subsequent functions. """ def authGSSClientClean(context): """ Destroys the context for GSSAPI client-side authentication. After this call the context object is invalid and should not be used again. @param context: the context object returned from authGSSClientInit. @return: a result code (see above). """ def authGSSClientStep(context, challenge): """ Processes a single GSSAPI client-side step using the supplied server data. @param context: the context object returned from authGSSClientInit. @param challenge: a string containing the base64-encoded server data (which may be empty for the first step). @return: a result code (see above). """ def authGSSClientResponse(context): """ Get the client response from the last successful GSSAPI client-side step. @param context: the context object returned from authGSSClientInit. @return: a string containing the base64-encoded client data to be sent to the server. """ def authGSSClientResponseConf(context): """ Returns 1 if confidentiality was enabled in the previously unwrapped buffer. 0 otherwise. @param context: the context object returned from authGSSClientInit. @return: an integer representing the confidentiality of the previously unwrapped buffer. """ def authGSSClientUserName(context): """ Get the user name of the principal authenticated via the now complete GSSAPI client-side operations. This method must only be called after authGSSClientStep returns a complete response code. @param context: the context object returned from authGSSClientInit. @return: a string containing the user name. """ def authGSSClientUnwrap(context, challenge): """ Perform the client side GSSAPI unwrap step @param challenge: a string containing the base64-encoded server data. @return: a result code (see above) """ def authGSSClientWrap(context, data, user=None, protect=0): """ Perform the client side GSSAPI wrap step. @param data:the result of the authGSSClientResponse after the authGSSClientUnwrap @param user: the user to authorize @param protect: if 0 then just provide integrity protection, if 1, then provide confidentiality as well. @return: a result code (see above) """ def authGSSServerInit(service): """ Initializes a context for GSSAPI server-side authentication with the given service principal. authGSSServerClean must be called after this function returns an OK result to dispose of the context once all GSSAPI operations are complete. @param service: a string containing the service principal in the form 'type@fqdn' (e.g. 'imap@mail.apple.com'). @return: a tuple of (result, context) where result is the result code (see above) and context is an opaque value that will need to be passed to subsequent functions. """ def authGSSServerClean(context): """ Destroys the context for GSSAPI server-side authentication. After this call the context object is invalid and should not be used again. @param context: the context object returned from authGSSServerInit. @return: a result code (see above). """ def authGSSServerStep(context, challenge): """ Processes a single GSSAPI server-side step using the supplied client data. @param context: the context object returned from authGSSServerInit. @param challenge: a string containing the base64-encoded client data. @return: a result code (see above). """ def authGSSServerResponse(context): """ Get the server response from the last successful GSSAPI server-side step. @param context: the context object returned from authGSSServerInit. @return: a string containing the base64-encoded server data to be sent to the client. """ def authGSSServerUserName(context): """ Get the user name of the principal trying to authenticate to the server. This method must only be called after authGSSServerStep returns a complete or continue response code. @param context: the context object returned from authGSSServerInit. @return: a string containing the user name. """ def authGSSServerTargetName(context): """ Get the target name if the server did not supply its own credentials. This method must only be called after authGSSServerStep returns a complete or continue response code. @param context: the context object returned from authGSSServerInit. @return: a string containing the target name. """ PyKerberos-1.1/support/0000755000175000017500000000000012235252557013304 5ustar agxagxPyKerberos-1.1/support/PyKerberos.xcodeproj/0000755000175000017500000000000012235252557017365 5ustar agxagxPyKerberos-1.1/support/PyKerberos.xcodeproj/project.pbxproj0000644000175000017500000002531712235252557022451 0ustar agxagx// !$*UTF8*$! { archiveVersion = 1; classes = { }; objectVersion = 44; objects = { /* Begin PBXBuildFile section */ 8DD76F650486A84900D96B5E /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = 08FB7796FE84155DC02AAC07 /* main.c */; settings = {ATTRIBUTES = (); }; }; 8DD76F6A0486A84900D96B5E /* PyKerberos.1 in CopyFiles */ = {isa = PBXBuildFile; fileRef = C6859E8B029090EE04C91782 /* PyKerberos.1 */; }; AF88E9500FBA416E00C5AA9C /* kerberospw.c in Sources */ = {isa = PBXBuildFile; fileRef = AF88E94E0FBA416E00C5AA9C /* kerberospw.c */; }; AFDE37FE0BB41E1D008C037E /* base64.c in Sources */ = {isa = PBXBuildFile; fileRef = AFDE37F80BB41E1D008C037E /* base64.c */; }; AFDE37FF0BB41E1D008C037E /* kerberosbasic.c in Sources */ = {isa = PBXBuildFile; fileRef = AFDE37FA0BB41E1D008C037E /* kerberosbasic.c */; }; AFDE38000BB41E1D008C037E /* kerberosgss.c in Sources */ = {isa = PBXBuildFile; fileRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; }; AFDE380C0BB41EB7008C037E /* Python.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = AFDE380B0BB41EB7008C037E /* Python.framework */; }; AFDE38340BB41FCE008C037E /* Kerberos.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = AFDE38330BB41FCE008C037E /* Kerberos.framework */; }; AFDE383B0BB41FFA008C037E /* kerberos.c in Sources */ = {isa = PBXBuildFile; fileRef = AFDE383A0BB41FFA008C037E /* kerberos.c */; }; /* End PBXBuildFile section */ /* Begin PBXCopyFilesBuildPhase section */ 8DD76F690486A84900D96B5E /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 8; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( 8DD76F6A0486A84900D96B5E /* PyKerberos.1 in CopyFiles */, ); runOnlyForDeploymentPostprocessing = 1; }; /* End PBXCopyFilesBuildPhase section */ /* Begin PBXFileReference section */ 08FB7796FE84155DC02AAC07 /* main.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = main.c; sourceTree = ""; }; 8DD76F6C0486A84900D96B5E /* PyKerberos */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = PyKerberos; sourceTree = BUILT_PRODUCTS_DIR; }; AF88E94E0FBA416E00C5AA9C /* kerberospw.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = kerberospw.c; path = ../src/kerberospw.c; sourceTree = SOURCE_ROOT; }; AF88E94F0FBA416E00C5AA9C /* kerberospw.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = kerberospw.h; path = ../src/kerberospw.h; sourceTree = SOURCE_ROOT; }; AFDE37F80BB41E1D008C037E /* base64.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = base64.c; path = ../src/base64.c; sourceTree = SOURCE_ROOT; }; AFDE37F90BB41E1D008C037E /* base64.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = base64.h; path = ../src/base64.h; sourceTree = SOURCE_ROOT; }; AFDE37FA0BB41E1D008C037E /* kerberosbasic.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = kerberosbasic.c; path = ../src/kerberosbasic.c; sourceTree = SOURCE_ROOT; }; AFDE37FB0BB41E1D008C037E /* kerberosbasic.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = kerberosbasic.h; path = ../src/kerberosbasic.h; sourceTree = SOURCE_ROOT; }; AFDE37FC0BB41E1D008C037E /* kerberosgss.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = kerberosgss.c; path = ../src/kerberosgss.c; sourceTree = SOURCE_ROOT; }; AFDE37FD0BB41E1D008C037E /* kerberosgss.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = kerberosgss.h; path = ../src/kerberosgss.h; sourceTree = SOURCE_ROOT; }; AFDE380B0BB41EB7008C037E /* Python.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Python.framework; path = /System/Library/Frameworks/Python.framework; sourceTree = ""; }; AFDE38330BB41FCE008C037E /* Kerberos.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Kerberos.framework; path = /System/Library/Frameworks/Kerberos.framework; sourceTree = ""; }; AFDE383A0BB41FFA008C037E /* kerberos.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = kerberos.c; path = ../src/kerberos.c; sourceTree = SOURCE_ROOT; }; C6859E8B029090EE04C91782 /* PyKerberos.1 */ = {isa = PBXFileReference; lastKnownFileType = text.man; path = PyKerberos.1; sourceTree = ""; }; /* End PBXFileReference section */ /* Begin PBXFrameworksBuildPhase section */ 8DD76F660486A84900D96B5E /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( AFDE380C0BB41EB7008C037E /* Python.framework in Frameworks */, AFDE38340BB41FCE008C037E /* Kerberos.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXFrameworksBuildPhase section */ /* Begin PBXGroup section */ 08FB7794FE84155DC02AAC07 /* PyKerberos */ = { isa = PBXGroup; children = ( 08FB7795FE84155DC02AAC07 /* Source */, AFDE38300BB41F71008C037E /* Frameworks */, C6859E8C029090F304C91782 /* Documentation */, 1AB674ADFE9D54B511CA2CBB /* Products */, ); name = PyKerberos; sourceTree = ""; }; 08FB7795FE84155DC02AAC07 /* Source */ = { isa = PBXGroup; children = ( AFDE383A0BB41FFA008C037E /* kerberos.c */, AFDE37F80BB41E1D008C037E /* base64.c */, AFDE37F90BB41E1D008C037E /* base64.h */, AFDE37FA0BB41E1D008C037E /* kerberosbasic.c */, AFDE37FB0BB41E1D008C037E /* kerberosbasic.h */, AFDE37FC0BB41E1D008C037E /* kerberosgss.c */, AFDE37FD0BB41E1D008C037E /* kerberosgss.h */, AF88E94E0FBA416E00C5AA9C /* kerberospw.c */, AF88E94F0FBA416E00C5AA9C /* kerberospw.h */, 08FB7796FE84155DC02AAC07 /* main.c */, ); name = Source; sourceTree = ""; }; 1AB674ADFE9D54B511CA2CBB /* Products */ = { isa = PBXGroup; children = ( 8DD76F6C0486A84900D96B5E /* PyKerberos */, ); name = Products; sourceTree = ""; }; AFDE38300BB41F71008C037E /* Frameworks */ = { isa = PBXGroup; children = ( AFDE38330BB41FCE008C037E /* Kerberos.framework */, AFDE380B0BB41EB7008C037E /* Python.framework */, ); name = Frameworks; sourceTree = ""; }; C6859E8C029090F304C91782 /* Documentation */ = { isa = PBXGroup; children = ( C6859E8B029090EE04C91782 /* PyKerberos.1 */, ); name = Documentation; sourceTree = ""; }; /* End PBXGroup section */ /* Begin PBXNativeTarget section */ 8DD76F620486A84900D96B5E /* PyKerberos */ = { isa = PBXNativeTarget; buildConfigurationList = 1DEB923108733DC60010E9CD /* Build configuration list for PBXNativeTarget "PyKerberos" */; buildPhases = ( 8DD76F640486A84900D96B5E /* Sources */, 8DD76F660486A84900D96B5E /* Frameworks */, 8DD76F690486A84900D96B5E /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); name = PyKerberos; productInstallPath = "$(HOME)/bin"; productName = PyKerberos; productReference = 8DD76F6C0486A84900D96B5E /* PyKerberos */; productType = "com.apple.product-type.tool"; }; /* End PBXNativeTarget section */ /* Begin PBXProject section */ 08FB7793FE84155DC02AAC07 /* Project object */ = { isa = PBXProject; buildConfigurationList = 1DEB923508733DC60010E9CD /* Build configuration list for PBXProject "PyKerberos" */; compatibilityVersion = "Xcode 3.0"; hasScannedForEncodings = 1; mainGroup = 08FB7794FE84155DC02AAC07 /* PyKerberos */; projectDirPath = ""; projectRoot = ""; targets = ( 8DD76F620486A84900D96B5E /* PyKerberos */, ); }; /* End PBXProject section */ /* Begin PBXSourcesBuildPhase section */ 8DD76F640486A84900D96B5E /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 8DD76F650486A84900D96B5E /* main.c in Sources */, AFDE37FE0BB41E1D008C037E /* base64.c in Sources */, AFDE37FF0BB41E1D008C037E /* kerberosbasic.c in Sources */, AFDE38000BB41E1D008C037E /* kerberosgss.c in Sources */, AFDE383B0BB41FFA008C037E /* kerberos.c in Sources */, AF88E9500FBA416E00C5AA9C /* kerberospw.c in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXSourcesBuildPhase section */ /* Begin XCBuildConfiguration section */ 1DEB923208733DC60010E9CD /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { COPY_PHASE_STRIP = NO; GCC_DYNAMIC_NO_PIC = NO; GCC_ENABLE_FIX_AND_CONTINUE = YES; GCC_MODEL_TUNING = G5; GCC_OPTIMIZATION_LEVEL = 0; GCC_PREPROCESSOR_DEFINITIONS = ( "_GLIBCXX_DEBUG=1", "_GLIBCXX_DEBUG_PEDANTIC=1", ); HEADER_SEARCH_PATHS = "/System/Library/Frameworks/Python.framework/Headers/**"; INSTALL_PATH = /usr/local/bin; PRODUCT_NAME = PyKerberos; ZERO_LINK = YES; }; name = Debug; }; 1DEB923308733DC60010E9CD /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ARCHS = ( ppc, i386, ); DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; GCC_MODEL_TUNING = G5; HEADER_SEARCH_PATHS = "/System/Library/Frameworks/Python.framework/Headers/**"; INSTALL_PATH = /usr/local/bin; PRODUCT_NAME = PyKerberos; }; name = Release; }; 1DEB923608733DC60010E9CD /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { GCC_WARN_ABOUT_RETURN_TYPE = YES; GCC_WARN_UNUSED_VARIABLE = YES; PREBINDING = NO; SDKROOT = "$(DEVELOPER_SDK_DIR)/MacOSX10.5.sdk"; }; name = Debug; }; 1DEB923708733DC60010E9CD /* Release */ = { isa = XCBuildConfiguration; buildSettings = { GCC_WARN_ABOUT_RETURN_TYPE = YES; GCC_WARN_UNUSED_VARIABLE = YES; HEADER_SEARCH_PATHS = ""; PREBINDING = NO; SDKROOT = "$(DEVELOPER_SDK_DIR)/MacOSX10.5.sdk"; USER_HEADER_SEARCH_PATHS = ..src; }; name = Release; }; /* End XCBuildConfiguration section */ /* Begin XCConfigurationList section */ 1DEB923108733DC60010E9CD /* Build configuration list for PBXNativeTarget "PyKerberos" */ = { isa = XCConfigurationList; buildConfigurations = ( 1DEB923208733DC60010E9CD /* Debug */, 1DEB923308733DC60010E9CD /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 1DEB923508733DC60010E9CD /* Build configuration list for PBXProject "PyKerberos" */ = { isa = XCConfigurationList; buildConfigurations = ( 1DEB923608733DC60010E9CD /* Debug */, 1DEB923708733DC60010E9CD /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; /* End XCConfigurationList section */ }; rootObject = 08FB7793FE84155DC02AAC07 /* Project object */; } PyKerberos-1.1/support/PyKerberos.xcodeproj/cyrusdaboo.pbxuser0000644000175000017500000005075512235252557023165 0ustar agxagx// !$*UTF8*$! { 08FB7793FE84155DC02AAC07 /* Project object */ = { activeBuildConfigurationName = Debug; activeExecutable = AFDE37EE0BB41DF9008C037E /* PyKerberos */; activeSDKPreference = macosx10.6; activeTarget = 8DD76F620486A84900D96B5E /* PyKerberos */; addToTargets = ( 8DD76F620486A84900D96B5E /* PyKerberos */, ); breakpoints = ( AF4480A50BB4292300408822 /* kerberosbasic.c:35 */, AF4480C10BB42C1E00408822 /* kerberosbasic.c:92 */, AF4480CD0BB42CFF00408822 /* main.c:23 */, AF4480D80BB42D6100408822 /* kerberosgss.c:253 */, ); codeSenseManager = AFDE37F60BB41E00008C037E /* Code sense */; executables = ( AFDE37EE0BB41DF9008C037E /* PyKerberos */, ); perUserDictionary = { PBXConfiguration.PBXFileTableDataSource3.PBXFileTableDataSource = { PBXFileTableDataSourceColumnSortingDirectionKey = "-1"; PBXFileTableDataSourceColumnSortingKey = PBXFileDataSource_Filename_ColumnID; PBXFileTableDataSourceColumnWidthsKey = ( 20, 1384, 20, 48, 43, 43, 20, ); PBXFileTableDataSourceColumnsKey = ( PBXFileDataSource_FiletypeID, PBXFileDataSource_Filename_ColumnID, PBXFileDataSource_Built_ColumnID, PBXFileDataSource_ObjectSize_ColumnID, PBXFileDataSource_Errors_ColumnID, PBXFileDataSource_Warnings_ColumnID, PBXFileDataSource_Target_ColumnID, ); }; PBXPerProjectTemplateStateSaveDate = 263863739; PBXWorkspaceStateSaveDate = 263863739; }; perUserProjectItems = { AF4480AD0BB42BFD00408822 = AF4480AD0BB42BFD00408822 /* PBXTextBookmark */; AF4480AF0BB42BFD00408822 = AF4480AF0BB42BFD00408822 /* PBXTextBookmark */; AF4480B00BB42BFD00408822 = AF4480B00BB42BFD00408822 /* PBXTextBookmark */; AF4480CF0BB42D1700408822 = AF4480CF0BB42D1700408822 /* PBXTextBookmark */; AF4480DF0BB42E3C00408822 = AF4480DF0BB42E3C00408822 /* PBXTextBookmark */; AF88E92D0FBA3EB400C5AA9C /* PBXTextBookmark */ = AF88E92D0FBA3EB400C5AA9C /* PBXTextBookmark */; AF88E92E0FBA3EB400C5AA9C /* PBXTextBookmark */ = AF88E92E0FBA3EB400C5AA9C /* PBXTextBookmark */; AF88E9300FBA3EB400C5AA9C /* PBXTextBookmark */ = AF88E9300FBA3EB400C5AA9C /* PBXTextBookmark */; AF88E9400FBA3FD300C5AA9C /* XCBuildMessageTextBookmark */ = AF88E9400FBA3FD300C5AA9C /* XCBuildMessageTextBookmark */; AF88E9410FBA3FD300C5AA9C /* PBXTextBookmark */ = AF88E9410FBA3FD300C5AA9C /* PBXTextBookmark */; AF88E94C0FBA407500C5AA9C /* PBXTextBookmark */ = AF88E94C0FBA407500C5AA9C /* PBXTextBookmark */; AF88E9560FBA419E00C5AA9C /* PBXTextBookmark */ = AF88E9560FBA419E00C5AA9C /* PBXTextBookmark */; AF88E95C0FBA41D300C5AA9C /* PBXTextBookmark */ = AF88E95C0FBA41D300C5AA9C /* PBXTextBookmark */; AF88E95D0FBA41D300C5AA9C /* PBXTextBookmark */ = AF88E95D0FBA41D300C5AA9C /* PBXTextBookmark */; AF88E95E0FBA41D300C5AA9C /* PBXTextBookmark */ = AF88E95E0FBA41D300C5AA9C /* PBXTextBookmark */; AF88E95F0FBA41D300C5AA9C /* PBXTextBookmark */ = AF88E95F0FBA41D300C5AA9C /* PBXTextBookmark */; AF88E9600FBA41D300C5AA9C /* PBXTextBookmark */ = AF88E9600FBA41D300C5AA9C /* PBXTextBookmark */; AF88E9610FBA41D300C5AA9C /* PBXTextBookmark */ = AF88E9610FBA41D300C5AA9C /* PBXTextBookmark */; AF88E9620FBA41D300C5AA9C /* PBXTextBookmark */ = AF88E9620FBA41D300C5AA9C /* PBXTextBookmark */; AF88E9630FBA41D300C5AA9C /* PBXTextBookmark */ = AF88E9630FBA41D300C5AA9C /* PBXTextBookmark */; AF88E9660FBA435000C5AA9C /* PBXTextBookmark */ = AF88E9660FBA435000C5AA9C /* PBXTextBookmark */; AF88E9670FBA435000C5AA9C /* PBXTextBookmark */ = AF88E9670FBA435000C5AA9C /* PBXTextBookmark */; AF88E9680FBA435000C5AA9C /* PBXTextBookmark */ = AF88E9680FBA435000C5AA9C /* PBXTextBookmark */; AF88E9690FBA435000C5AA9C /* PBXTextBookmark */ = AF88E9690FBA435000C5AA9C /* PBXTextBookmark */; AF88E96A0FBA435000C5AA9C /* PBXTextBookmark */ = AF88E96A0FBA435000C5AA9C /* PBXTextBookmark */; AF88E96B0FBA435000C5AA9C /* PBXTextBookmark */ = AF88E96B0FBA435000C5AA9C /* PBXTextBookmark */; AF88E96C0FBA438E00C5AA9C /* PBXTextBookmark */ = AF88E96C0FBA438E00C5AA9C /* PBXTextBookmark */; AF88E96D0FBA43A100C5AA9C /* PBXTextBookmark */ = AF88E96D0FBA43A100C5AA9C /* PBXTextBookmark */; AF88E96E0FBA43B300C5AA9C /* PBXTextBookmark */ = AF88E96E0FBA43B300C5AA9C /* PBXTextBookmark */; AF88E96F0FBA43D100C5AA9C /* PBXTextBookmark */ = AF88E96F0FBA43D100C5AA9C /* PBXTextBookmark */; AF88E9700FBA441100C5AA9C /* PBXTextBookmark */ = AF88E9700FBA441100C5AA9C /* PBXTextBookmark */; AF88E9710FBA441B00C5AA9C /* PBXTextBookmark */ = AF88E9710FBA441B00C5AA9C /* PBXTextBookmark */; AF88E9720FBA442300C5AA9C /* PBXTextBookmark */ = AF88E9720FBA442300C5AA9C /* PBXTextBookmark */; AF88E9730FBA443200C5AA9C /* PBXTextBookmark */ = AF88E9730FBA443200C5AA9C /* PBXTextBookmark */; AF88E97A0FBA449500C5AA9C /* PBXTextBookmark */ = AF88E97A0FBA449500C5AA9C /* PBXTextBookmark */; AF88E97B0FBA449500C5AA9C /* PBXTextBookmark */ = AF88E97B0FBA449500C5AA9C /* PBXTextBookmark */; AFDE38700BB420B1008C037E = AFDE38700BB420B1008C037E /* PBXTextBookmark */; AFDE38870BB42287008C037E = AFDE38870BB42287008C037E /* PBXTextBookmark */; AFDE388A0BB42287008C037E = AFDE388A0BB42287008C037E /* PBXTextBookmark */; AFDE388E0BB42287008C037E = AFDE388E0BB42287008C037E /* PBXTextBookmark */; }; sourceControlManager = AFDE37F50BB41E00008C037E /* Source Control */; userBuildSettings = { }; }; 08FB7796FE84155DC02AAC07 /* main.c */ = { uiCtxt = { sepNavIntBoundsRect = "{{0, 0}, {1562, 616}}"; sepNavSelRange = "{1055, 0}"; sepNavVisRange = "{0, 1131}"; sepNavVisRect = "{{0, 0}, {984, 308}}"; sepNavWindowFrame = "{{485, -20}, {1395, 1160}}"; }; }; 8DD76F620486A84900D96B5E /* PyKerberos */ = { activeExec = 0; executables = ( AFDE37EE0BB41DF9008C037E /* PyKerberos */, ); }; AF4480A50BB4292300408822 /* kerberosbasic.c:35 */ = { isa = PBXFileBreakpoint; actions = ( ); breakpointStyle = 0; continueAfterActions = 0; countType = 0; delayBeforeContinue = 0; fileReference = AFDE37FA0BB41E1D008C037E /* kerberosbasic.c */; functionName = "authenticate_user_krb5pwd(const char *user, const char *pswd, const char *service, const char *default_realm)"; hitCount = 0; ignoreCount = 0; lineNumber = 35; location = PyKerberos; modificationTime = 263864776.548559; originalNumberOfMultipleMatches = 1; state = 1; }; AF4480AD0BB42BFD00408822 /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 47"; rLen = 0; rLoc = 1293; rType = 0; vrLen = 930; vrLoc = 867; }; AF4480AF0BB42BFD00408822 /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = 08FB7796FE84155DC02AAC07 /* main.c */; name = "main.c: 4"; rLen = 0; rLoc = 45; rType = 0; vrLen = 405; vrLoc = 0; }; AF4480B00BB42BFD00408822 /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 47"; rLen = 0; rLoc = 1293; rType = 0; vrLen = 930; vrLoc = 867; }; AF4480C10BB42C1E00408822 /* kerberosbasic.c:92 */ = { isa = PBXFileBreakpoint; actions = ( ); breakpointStyle = 0; continueAfterActions = 0; countType = 0; delayBeforeContinue = 0; fileReference = AFDE37FA0BB41E1D008C037E /* kerberosbasic.c */; functionName = "authenticate_user_krb5pwd(const char *user, const char *pswd, const char *service, const char *default_realm)"; hitCount = 0; ignoreCount = 0; lineNumber = 92; location = PyKerberos; modificationTime = 263864776.583793; originalNumberOfMultipleMatches = 1; state = 1; }; AF4480CD0BB42CFF00408822 /* main.c:23 */ = { isa = PBXFileBreakpoint; actions = ( ); breakpointStyle = 0; continueAfterActions = 0; countType = 0; delayBeforeContinue = 0; fileReference = 08FB7796FE84155DC02AAC07 /* main.c */; functionName = "main()"; hitCount = 1; ignoreCount = 0; lineNumber = 23; location = PyKerberos; modificationTime = 263864776.766891; originalNumberOfMultipleMatches = 1; state = 1; }; AF4480CF0BB42D1700408822 /* PBXTextBookmark */ = { isa = PBXTextBookmark; comments = "error: syntax error before 'gss_server_state'"; fRef = 08FB7796FE84155DC02AAC07 /* main.c */; rLen = 1; rLoc = 17; rType = 1; }; AF4480D80BB42D6100408822 /* kerberosgss.c:253 */ = { isa = PBXFileBreakpoint; actions = ( ); breakpointStyle = 0; continueAfterActions = 0; countType = 0; delayBeforeContinue = 0; fileReference = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; functionName = "authenticate_gss_server_init(const char* service, gss_server_state *state)"; hitCount = 0; ignoreCount = 0; lineNumber = 253; location = PyKerberos; modificationTime = 263864776.633991; originalNumberOfMultipleMatches = 1; state = 1; }; AF4480DF0BB42E3C00408822 /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = 08FB7796FE84155DC02AAC07 /* main.c */; name = "main.c: 18"; rLen = 0; rLoc = 511; rType = 0; vrLen = 584; vrLoc = 0; }; AF88E92D0FBA3EB400C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 498"; rLen = 0; rLoc = 15211; rType = 0; vrLen = 1613; vrLoc = 12775; }; AF88E92E0FBA3EB400C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AF88E92F0FBA3EB400C5AA9C /* gssapi.h */; rLen = 1; rLoc = 203; rType = 1; }; AF88E92F0FBA3EB400C5AA9C /* gssapi.h */ = { isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = gssapi.h; path = /Developer/SDKs/MacOSX10.5.sdk/usr/include/gssapi/gssapi.h; sourceTree = ""; }; AF88E9300FBA3EB400C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AF88E9310FBA3EB400C5AA9C /* gssapi.h */; name = "gssapi.h: 204"; rLen = 48; rLoc = 5223; rType = 0; vrLen = 1593; vrLoc = 4463; }; AF88E9310FBA3EB400C5AA9C /* gssapi.h */ = { isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = gssapi.h; path = /Developer/SDKs/MacOSX10.5.sdk/usr/include/gssapi/gssapi.h; sourceTree = ""; uiCtxt = { sepNavIntBoundsRect = "{{0, 0}, {1651, 10504}}"; sepNavSelRange = "{18918, 19}"; sepNavVisRange = "{18293, 1476}"; }; }; AF88E9400FBA3FD300C5AA9C /* XCBuildMessageTextBookmark */ = { isa = XCBuildMessageTextBookmark; comments = "Python.h: No such file or directory"; fRef = AFDE37FA0BB41E1D008C037E /* kerberosbasic.c */; rLen = 1; rLoc = 16; rType = 1; }; AF88E9410FBA3FD300C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FA0BB41E1D008C037E /* kerberosbasic.c */; name = "kerberosbasic.c: 17"; rLen = 0; rLoc = 627; rType = 0; vrLen = 450; vrLoc = 300; }; AF88E94C0FBA407500C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FA0BB41E1D008C037E /* kerberosbasic.c */; name = "kerberosbasic.c: 17"; rLen = 0; rLoc = 627; rType = 0; vrLen = 1616; vrLoc = 0; }; AF88E94E0FBA416E00C5AA9C /* kerberospw.c */ = { uiCtxt = { sepNavIntBoundsRect = "{{0, 0}, {1562, 1781}}"; sepNavSelRange = "{0, 0}"; sepNavVisRange = "{0, 1509}"; }; }; AF88E94F0FBA416E00C5AA9C /* kerberospw.h */ = { uiCtxt = { sepNavIntBoundsRect = "{{0, 0}, {1562, 616}}"; sepNavSelRange = "{0, 0}"; sepNavVisRange = "{0, 867}"; }; }; AF88E9560FBA419E00C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FA0BB41E1D008C037E /* kerberosbasic.c */; name = "kerberosbasic.c: 17"; rLen = 0; rLoc = 627; rType = 0; vrLen = 1487; vrLoc = 0; }; AF88E95C0FBA41D300C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 496"; rLen = 22; rLoc = 15065; rType = 0; vrLen = 1715; vrLoc = 14638; }; AF88E95D0FBA41D300C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AF88E9310FBA3EB400C5AA9C /* gssapi.h */; name = "gssapi.h: 585"; rLen = 19; rLoc = 18918; rType = 0; vrLen = 1476; vrLoc = 18293; }; AF88E95E0FBA41D300C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE383A0BB41FFA008C037E /* kerberos.c */; name = "kerberos.c: 39"; rLen = 25; rLoc = 1160; rType = 0; vrLen = 1124; vrLoc = 992; }; AF88E95F0FBA41D300C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FA0BB41E1D008C037E /* kerberosbasic.c */; name = "kerberosbasic.c: 27"; rLen = 63; rLoc = 806; rType = 0; vrLen = 1617; vrLoc = 63; }; AF88E9600FBA41D300C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AF88E94F0FBA416E00C5AA9C /* kerberospw.h */; name = "kerberospw.h: 1"; rLen = 0; rLoc = 0; rType = 0; vrLen = 867; vrLoc = 0; }; AF88E9610FBA41D300C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AF88E94E0FBA416E00C5AA9C /* kerberospw.c */; name = "kerberospw.c: 1"; rLen = 0; rLoc = 0; rType = 0; vrLen = 1509; vrLoc = 0; }; AF88E9620FBA41D300C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = 08FB7796FE84155DC02AAC07 /* main.c */; rLen = 0; rLoc = 22; rType = 1; }; AF88E9630FBA41D300C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = 08FB7796FE84155DC02AAC07 /* main.c */; name = "main.c: 33"; rLen = 0; rLoc = 1055; rType = 0; vrLen = 1131; vrLoc = 0; }; AF88E9660FBA435000C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = 08FB7796FE84155DC02AAC07 /* main.c */; name = "main.c: 33"; rLen = 0; rLoc = 1055; rType = 0; vrLen = 1131; vrLoc = 0; }; AF88E9670FBA435000C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE383A0BB41FFA008C037E /* kerberos.c */; name = "kerberos.c: 415"; rLen = 0; rLoc = 11472; rType = 0; vrLen = 1178; vrLoc = 7396; }; AF88E9680FBA435000C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FB0BB41E1D008C037E /* kerberosbasic.h */; name = "kerberosbasic.h: 1"; rLen = 0; rLoc = 0; rType = 0; vrLen = 898; vrLoc = 0; }; AF88E9690FBA435000C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FD0BB41E1D008C037E /* kerberosgss.h */; name = "kerberosgss.h: 46"; rLen = 0; rLoc = 1419; rType = 0; vrLen = 1615; vrLoc = 587; }; AF88E96A0FBA435000C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 496"; rLen = 22; rLoc = 15065; rType = 0; vrLen = 1710; vrLoc = 14638; }; AF88E96B0FBA435000C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 539"; rLen = 0; rLoc = 17377; rType = 0; vrLen = 1293; vrLoc = 15634; }; AF88E96C0FBA438E00C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 543"; rLen = 19; rLoc = 16673; rType = 0; vrLen = 1714; vrLoc = 15772; }; AF88E96D0FBA43A100C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 543"; rLen = 0; rLoc = 16692; rType = 0; vrLen = 1563; vrLoc = 15772; }; AF88E96E0FBA43B300C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 543"; rLen = 0; rLoc = 16718; rType = 0; vrLen = 1588; vrLoc = 15777; }; AF88E96F0FBA43D100C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 543"; rLen = 0; rLoc = 16726; rType = 0; vrLen = 1594; vrLoc = 15777; }; AF88E9700FBA441100C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 544"; rLen = 0; rLoc = 16738; rType = 0; vrLen = 1483; vrLoc = 16048; }; AF88E9710FBA441B00C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 544"; rLen = 0; rLoc = 16768; rType = 0; vrLen = 1484; vrLoc = 16048; }; AF88E9720FBA442300C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 544"; rLen = 0; rLoc = 16768; rType = 0; vrLen = 1491; vrLoc = 16048; }; AF88E9730FBA443200C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 544"; rLen = 0; rLoc = 16768; rType = 0; vrLen = 1503; vrLoc = 16048; }; AF88E97A0FBA449500C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 529"; rLen = 16; rLoc = 16093; rType = 0; vrLen = 1576; vrLoc = 15766; }; AF88E97B0FBA449500C5AA9C /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 551"; rLen = 0; rLoc = 16985; rType = 0; vrLen = 1596; vrLoc = 16048; }; AFDE37EE0BB41DF9008C037E /* PyKerberos */ = { isa = PBXExecutable; activeArgIndices = ( ); argumentStrings = ( ); autoAttachOnCrash = 1; breakpointsEnabled = 1; configStateDict = { }; customDataFormattersEnabled = 1; dataTipCustomDataFormattersEnabled = 1; dataTipShowTypeColumn = 1; dataTipSortType = 0; debuggerPlugin = GDBDebugging; disassemblyDisplayState = 0; dylibVariantSuffix = ""; enableDebugStr = 1; environmentEntries = ( ); executableSystemSymbolLevel = 0; executableUserSymbolLevel = 0; libgmallocEnabled = 0; name = PyKerberos; savedGlobals = { }; showTypeColumn = 0; sourceDirectories = ( ); variableFormatDictionary = { }; }; AFDE37F50BB41E00008C037E /* Source Control */ = { isa = PBXSourceControlManager; fallbackIsa = XCSourceControlManager; isSCMEnabled = 0; repositoryNamesForRoots = { }; scmConfiguration = { repositoryNamesForRoots = { }; }; }; AFDE37F60BB41E00008C037E /* Code sense */ = { isa = PBXCodeSenseManager; indexTemplatePath = ""; }; AFDE37F80BB41E1D008C037E /* base64.c */ = { uiCtxt = { sepNavIntBoundsRect = "{{0, 0}, {991, 1316}}"; sepNavSelRange = "{0, 0}"; sepNavVisRect = "{{0, 437}, {991, 524}}"; }; }; AFDE37FA0BB41E1D008C037E /* kerberosbasic.c */ = { uiCtxt = { sepNavIntBoundsRect = "{{0, 0}, {1283, 1846}}"; sepNavSelRange = "{627, 0}"; sepNavVisRange = "{0, 1616}"; sepNavVisRect = "{{0, 325}, {984, 316}}"; }; }; AFDE37FB0BB41E1D008C037E /* kerberosbasic.h */ = { uiCtxt = { sepNavIntBoundsRect = "{{0, 0}, {1562, 616}}"; sepNavSelRange = "{0, 0}"; sepNavVisRange = "{0, 898}"; sepNavVisRect = "{{0, 0}, {1336, 1031}}"; sepNavWindowFrame = "{{15, 13}, {1395, 1160}}"; }; }; AFDE37FC0BB41E1D008C037E /* kerberosgss.c */ = { uiCtxt = { sepNavIntBoundsRect = "{{0, 0}, {1562, 7969}}"; sepNavSelRange = "{16985, 0}"; sepNavVisRange = "{16048, 1596}"; sepNavVisRect = "{{0, 2485}, {984, 308}}"; }; }; AFDE37FD0BB41E1D008C037E /* kerberosgss.h */ = { uiCtxt = { sepNavIntBoundsRect = "{{0, 0}, {1562, 793}}"; sepNavSelRange = "{1419, 0}"; sepNavVisRange = "{587, 1615}"; sepNavVisRect = "{{0, 0}, {1336, 1031}}"; sepNavWindowFrame = "{{15, 13}, {1395, 1160}}"; }; }; AFDE383A0BB41FFA008C037E /* kerberos.c */ = { uiCtxt = { sepNavIntBoundsRect = "{{0, 0}, {1562, 5733}}"; sepNavSelRange = "{11472, 0}"; sepNavVisRange = "{7396, 1178}"; sepNavVisRect = "{{0, 0}, {932, 292}}"; }; }; AFDE38700BB420B1008C037E /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = 08FB7796FE84155DC02AAC07 /* main.c */; name = "main.cpp: 9"; rLen = 0; rLoc = 155; rType = 0; vrLen = 249; vrLoc = 0; }; AFDE38720BB420B1008C037E /* iostream */ = { isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; name = iostream; path = "/Developer/SDKs/MacOSX10.5.sdk/usr/include/c++/4.0.0/iostream"; sourceTree = ""; }; AFDE38870BB42287008C037E /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE38720BB420B1008C037E /* iostream */; name = "iostream: 76"; rLen = 0; rLoc = 2873; rType = 0; vrLen = 1307; vrLoc = 1651; }; AFDE388A0BB42287008C037E /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE38720BB420B1008C037E /* iostream */; name = "iostream: 76"; rLen = 0; rLoc = 2873; rType = 0; vrLen = 1307; vrLoc = 1651; }; AFDE388E0BB42287008C037E /* PBXTextBookmark */ = { isa = PBXTextBookmark; fRef = AFDE37FC0BB41E1D008C037E /* kerberosgss.c */; name = "kerberosgss.c: 47"; rLen = 0; rLoc = 1298; rType = 0; vrLen = 1144; vrLoc = 1097; }; } PyKerberos-1.1/support/PyKerberos.xcodeproj/cyrusdaboo.mode1v30000644000175000017500000011755212235252557022752 0ustar agxagx ActivePerspectiveName Project AllowedModules BundleLoadPath MaxInstances n Module PBXSmartGroupTreeModule Name Groups and Files Outline View BundleLoadPath MaxInstances n Module PBXNavigatorGroup Name Editor BundleLoadPath MaxInstances n Module XCTaskListModule Name Task List BundleLoadPath MaxInstances n Module XCDetailModule Name File and Smart Group Detail Viewer BundleLoadPath MaxInstances 1 Module PBXBuildResultsModule Name Detailed Build Results Viewer BundleLoadPath MaxInstances 1 Module PBXProjectFindModule Name Project Batch Find Tool BundleLoadPath MaxInstances n Module XCProjectFormatConflictsModule Name Project Format Conflicts List BundleLoadPath MaxInstances n Module PBXBookmarksModule Name Bookmarks Tool BundleLoadPath MaxInstances n Module PBXClassBrowserModule Name Class Browser BundleLoadPath MaxInstances n Module PBXCVSModule Name Source Code Control Tool BundleLoadPath MaxInstances n Module PBXDebugBreakpointsModule Name Debug Breakpoints Tool BundleLoadPath MaxInstances n Module XCDockableInspector Name Inspector BundleLoadPath MaxInstances n Module PBXOpenQuicklyModule Name Open Quickly Tool BundleLoadPath MaxInstances 1 Module PBXDebugSessionModule Name Debugger BundleLoadPath MaxInstances 1 Module PBXDebugCLIModule Name Debug Console BundleLoadPath MaxInstances n Module XCSnapshotModule Name Snapshots Tool BundlePath /Developer/Library/PrivateFrameworks/DevToolsInterface.framework/Resources Description DefaultDescriptionKey DockingSystemVisible Extension mode1v3 FavBarConfig PBXProjectModuleGUID AF88E9340FBA3EB400C5AA9C XCBarModuleItemNames XCBarModuleItems FirstTimeWindowDisplayed Identifier com.apple.perspectives.project.mode1v3 MajorVersion 33 MinorVersion 0 Name Default Notifications OpenEditors PerspectiveWidths -1 -1 Perspectives ChosenToolbarItems active-combo-popup action NSToolbarFlexibleSpaceItem buildOrClean build-and-go go servicesModulebuild debugger-enable-breakpoints com.apple.ide.PBXToolbarStopButton toggle-editor get-info NSToolbarFlexibleSpaceItem com.apple.pbx.toolbar.searchfield ControllerClassBaseName IconName WindowOfProjectWithEditor Identifier perspective.project IsVertical Layout ContentConfiguration PBXBottomSmartGroupGIDs 1C37FBAC04509CD000000102 1C37FAAC04509CD000000102 1C37FABC05509CD000000102 1C37FABC05539CD112110102 E2644B35053B69B200211256 1C37FABC04509CD000100104 1CC0EA4004350EF90044410B 1CC0EA4004350EF90041110B PBXProjectModuleGUID 1CE0B1FE06471DED0097A5F4 PBXProjectModuleLabel Files PBXProjectStructureProvided yes PBXSmartGroupTreeModuleColumnData PBXSmartGroupTreeModuleColumnWidthsKey 275 PBXSmartGroupTreeModuleColumnsKey_v4 MainColumn PBXSmartGroupTreeModuleOutlineStateKey_v7 PBXSmartGroupTreeModuleOutlineStateExpansionKey 08FB7794FE84155DC02AAC07 08FB7795FE84155DC02AAC07 AFDE38300BB41F71008C037E 1C37FABC05509CD000000102 PBXSmartGroupTreeModuleOutlineStateSelectionKey 7 1 0 PBXSmartGroupTreeModuleOutlineStateVisibleRectKey {{0, 0}, {275, 1060}} PBXTopSmartGroupGIDs XCIncludePerspectivesSwitch XCSharingToken com.apple.Xcode.GFSharingToken GeometryConfiguration Frame {{0, 0}, {292, 1078}} GroupTreeTableConfiguration MainColumn 275 RubberWindowFrame 0 59 1920 1119 0 0 1920 1178 Module PBXSmartGroupTreeModule Proportion 292pt Dock BecomeActive ContentConfiguration PBXProjectModuleGUID 1CE0B20306471E060097A5F4 PBXProjectModuleLabel kerberosgss.c PBXSplitModuleInNavigatorKey Split0 PBXProjectModuleGUID 1CE0B20406471E060097A5F4 PBXProjectModuleLabel kerberosgss.c _historyCapacity 0 bookmark AF88E97B0FBA449500C5AA9C history AF88E95D0FBA41D300C5AA9C AF88E95F0FBA41D300C5AA9C AF88E9600FBA41D300C5AA9C AF88E9610FBA41D300C5AA9C AF88E9660FBA435000C5AA9C AF88E9670FBA435000C5AA9C AF88E9680FBA435000C5AA9C AF88E9690FBA435000C5AA9C AF88E97A0FBA449500C5AA9C SplitCount 1 StatusBarVisibility GeometryConfiguration Frame {{0, 0}, {1623, 648}} RubberWindowFrame 0 59 1920 1119 0 0 1920 1178 Module PBXNavigatorGroup Proportion 648pt ContentConfiguration PBXProjectModuleGUID 1CE0B20506471E060097A5F4 PBXProjectModuleLabel Detail GeometryConfiguration Frame {{0, 653}, {1623, 425}} RubberWindowFrame 0 59 1920 1119 0 0 1920 1178 Module XCDetailModule Proportion 425pt Proportion 1623pt Name Project ServiceClasses XCModuleDock PBXSmartGroupTreeModule XCModuleDock PBXNavigatorGroup XCDetailModule TableOfContents AF88E9320FBA3EB400C5AA9C 1CE0B1FE06471DED0097A5F4 AF88E9330FBA3EB400C5AA9C 1CE0B20306471E060097A5F4 1CE0B20506471E060097A5F4 ToolbarConfigUserDefaultsMinorVersion 2 ToolbarConfiguration xcode.toolbar.config.defaultV3 ControllerClassBaseName IconName WindowOfProject Identifier perspective.morph IsVertical 0 Layout BecomeActive 1 ContentConfiguration PBXBottomSmartGroupGIDs 1C37FBAC04509CD000000102 1C37FAAC04509CD000000102 1C08E77C0454961000C914BD 1C37FABC05509CD000000102 1C37FABC05539CD112110102 E2644B35053B69B200211256 1C37FABC04509CD000100104 1CC0EA4004350EF90044410B 1CC0EA4004350EF90041110B PBXProjectModuleGUID 11E0B1FE06471DED0097A5F4 PBXProjectModuleLabel Files PBXProjectStructureProvided yes PBXSmartGroupTreeModuleColumnData PBXSmartGroupTreeModuleColumnWidthsKey 186 PBXSmartGroupTreeModuleColumnsKey_v4 MainColumn PBXSmartGroupTreeModuleOutlineStateKey_v7 PBXSmartGroupTreeModuleOutlineStateExpansionKey 29B97314FDCFA39411CA2CEA 1C37FABC05509CD000000102 PBXSmartGroupTreeModuleOutlineStateSelectionKey 0 PBXSmartGroupTreeModuleOutlineStateVisibleRectKey {{0, 0}, {186, 337}} PBXTopSmartGroupGIDs XCIncludePerspectivesSwitch 1 XCSharingToken com.apple.Xcode.GFSharingToken GeometryConfiguration Frame {{0, 0}, {203, 355}} GroupTreeTableConfiguration MainColumn 186 RubberWindowFrame 373 269 690 397 0 0 1440 878 Module PBXSmartGroupTreeModule Proportion 100% Name Morph PreferredWidth 300 ServiceClasses XCModuleDock PBXSmartGroupTreeModule TableOfContents 11E0B1FE06471DED0097A5F4 ToolbarConfiguration xcode.toolbar.config.default.shortV3 PerspectivesBarVisible ShelfIsVisible SourceDescription file at '/Developer/Library/PrivateFrameworks/DevToolsInterface.framework/Resources/XCPerspectivesSpecificationMode1.xcperspec' StatusbarIsVisible TimeStamp 0.0 ToolbarConfigUserDefaultsMinorVersion 2 ToolbarDisplayMode 1 ToolbarIsVisible ToolbarSizeMode 1 Type Perspectives UpdateMessage The Default Workspace in this version of Xcode now includes support to hide and show the detail view (what has been referred to as the "Metro-Morph" feature). You must discard your current Default Workspace settings and update to the latest Default Workspace in order to gain this feature. Do you wish to update to the latest Workspace defaults for project '%@'? WindowJustification 5 WindowOrderList AF88E9640FBA41D300C5AA9C AF88E9650FBA41D300C5AA9C 1C78EAAD065D492600B07095 AF88E9420FBA3FD300C5AA9C 1CD10A99069EF8BA00B06720 /Volumes/Data/Users/cyrusdaboo/Documents/Development/Apple/eclipse/PyKerberos/support/PyKerberos.xcodeproj WindowString 0 59 1920 1119 0 0 1920 1178 WindowToolsV3 FirstTimeWindowDisplayed Identifier windowTool.build IsVertical Layout Dock ContentConfiguration PBXProjectModuleGUID 1CD0528F0623707200166675 PBXProjectModuleLabel kerberosbasic.c StatusBarVisibility GeometryConfiguration Frame {{0, 0}, {1344, 622}} RubberWindowFrame 21 251 1344 904 0 0 1920 1178 Module PBXNavigatorGroup Proportion 622pt BecomeActive ContentConfiguration PBXProjectModuleGUID XCMainBuildResultsModuleGUID PBXProjectModuleLabel Build Results XCBuildResultsTrigger_Collapse 1021 XCBuildResultsTrigger_Open 1011 GeometryConfiguration Frame {{0, 627}, {1344, 236}} RubberWindowFrame 21 251 1344 904 0 0 1920 1178 Module PBXBuildResultsModule Proportion 236pt Proportion 863pt Name Build Results ServiceClasses PBXBuildResultsModule StatusbarIsVisible TableOfContents AF88E9420FBA3FD300C5AA9C AF88E9430FBA3FD300C5AA9C 1CD0528F0623707200166675 XCMainBuildResultsModuleGUID ToolbarConfiguration xcode.toolbar.config.buildV3 WindowString 21 251 1344 904 0 0 1920 1178 WindowToolGUID AF88E9420FBA3FD300C5AA9C WindowToolIsVisible FirstTimeWindowDisplayed Identifier windowTool.debugger IsVertical Layout Dock ContentConfiguration Debugger HorizontalSplitView _collapsingFrameDimension 0.0 _indexOfCollapsedView 0 _percentageOfCollapsedView 0.0 isCollapsed yes sizes {{0, 0}, {733, 484}} {{733, 0}, {877, 484}} VerticalSplitView _collapsingFrameDimension 0.0 _indexOfCollapsedView 0 _percentageOfCollapsedView 0.0 isCollapsed yes sizes {{0, 0}, {1610, 484}} {{0, 484}, {1610, 512}} LauncherConfigVersion 8 PBXProjectModuleGUID 1C162984064C10D400B95A72 PBXProjectModuleLabel Debug - GLUTExamples (Underwater) GeometryConfiguration DebugConsoleVisible None DebugConsoleWindowFrame {{200, 200}, {500, 300}} DebugSTDIOWindowFrame {{200, 200}, {500, 300}} Frame {{0, 0}, {1610, 996}} PBXDebugSessionStackFrameViewKey DebugVariablesTableConfiguration Name 120 Value 85 Summary 647 Frame {{733, 0}, {877, 484}} RubberWindowFrame 21 118 1610 1037 0 0 1920 1178 RubberWindowFrame 21 118 1610 1037 0 0 1920 1178 Module PBXDebugSessionModule Proportion 996pt Proportion 996pt Name Debugger ServiceClasses PBXDebugSessionModule StatusbarIsVisible TableOfContents 1CD10A99069EF8BA00B06720 AF88E9350FBA3EB400C5AA9C 1C162984064C10D400B95A72 AF88E9360FBA3EB400C5AA9C AF88E9370FBA3EB400C5AA9C AF88E9380FBA3EB400C5AA9C AF88E9390FBA3EB400C5AA9C AF88E93A0FBA3EB400C5AA9C ToolbarConfiguration xcode.toolbar.config.debugV3 WindowString 21 118 1610 1037 0 0 1920 1178 WindowToolGUID 1CD10A99069EF8BA00B06720 WindowToolIsVisible Identifier windowTool.find Layout Dock Dock ContentConfiguration PBXProjectModuleGUID 1CDD528C0622207200134675 PBXProjectModuleLabel <No Editor> PBXSplitModuleInNavigatorKey Split0 PBXProjectModuleGUID 1CD0528D0623707200166675 SplitCount 1 StatusBarVisibility 1 GeometryConfiguration Frame {{0, 0}, {781, 167}} RubberWindowFrame 62 385 781 470 0 0 1440 878 Module PBXNavigatorGroup Proportion 781pt Proportion 50% BecomeActive 1 ContentConfiguration PBXProjectModuleGUID 1CD0528E0623707200166675 PBXProjectModuleLabel Project Find GeometryConfiguration Frame {{8, 0}, {773, 254}} RubberWindowFrame 62 385 781 470 0 0 1440 878 Module PBXProjectFindModule Proportion 50% Proportion 428pt Name Project Find ServiceClasses PBXProjectFindModule StatusbarIsVisible 1 TableOfContents 1C530D57069F1CE1000CFCEE 1C530D58069F1CE1000CFCEE 1C530D59069F1CE1000CFCEE 1CDD528C0622207200134675 1C530D5A069F1CE1000CFCEE 1CE0B1FE06471DED0097A5F4 1CD0528E0623707200166675 WindowString 62 385 781 470 0 0 1440 878 WindowToolGUID 1C530D57069F1CE1000CFCEE WindowToolIsVisible 0 Identifier MENUSEPARATOR FirstTimeWindowDisplayed Identifier windowTool.debuggerConsole IsVertical Layout Dock ContentConfiguration PBXProjectModuleGUID 1C78EAAC065D492600B07095 PBXProjectModuleLabel Debugger Console GeometryConfiguration Frame {{0, 0}, {650, 209}} RubberWindowFrame 21 905 650 250 0 0 1920 1178 Module PBXDebugCLIModule Proportion 209pt Proportion 209pt Name Debugger Console ServiceClasses PBXDebugCLIModule StatusbarIsVisible TableOfContents 1C78EAAD065D492600B07095 AF88E9570FBA419E00C5AA9C 1C78EAAC065D492600B07095 ToolbarConfiguration xcode.toolbar.config.consoleV3 WindowString 21 905 650 250 0 0 1920 1178 WindowToolGUID 1C78EAAD065D492600B07095 WindowToolIsVisible Identifier windowTool.snapshots Layout Dock Module XCSnapshotModule Proportion 100% Proportion 100% Name Snapshots ServiceClasses XCSnapshotModule StatusbarIsVisible Yes ToolbarConfiguration xcode.toolbar.config.snapshots WindowString 315 824 300 550 0 0 1440 878 WindowToolIsVisible Yes Identifier windowTool.scm Layout Dock ContentConfiguration PBXProjectModuleGUID 1C78EAB2065D492600B07095 PBXProjectModuleLabel <No Editor> PBXSplitModuleInNavigatorKey Split0 PBXProjectModuleGUID 1C78EAB3065D492600B07095 SplitCount 1 StatusBarVisibility 1 GeometryConfiguration Frame {{0, 0}, {452, 0}} RubberWindowFrame 743 379 452 308 0 0 1280 1002 Module PBXNavigatorGroup Proportion 0pt BecomeActive 1 ContentConfiguration PBXProjectModuleGUID 1CD052920623707200166675 PBXProjectModuleLabel SCM GeometryConfiguration ConsoleFrame {{0, 259}, {452, 0}} Frame {{0, 7}, {452, 259}} RubberWindowFrame 743 379 452 308 0 0 1280 1002 TableConfiguration Status 30 FileName 199 Path 197.0950012207031 TableFrame {{0, 0}, {452, 250}} Module PBXCVSModule Proportion 262pt Proportion 266pt Name SCM ServiceClasses PBXCVSModule StatusbarIsVisible 1 TableOfContents 1C78EAB4065D492600B07095 1C78EAB5065D492600B07095 1C78EAB2065D492600B07095 1CD052920623707200166675 ToolbarConfiguration xcode.toolbar.config.scm WindowString 743 379 452 308 0 0 1280 1002 Identifier windowTool.breakpoints IsVertical 0 Layout Dock BecomeActive 1 ContentConfiguration PBXBottomSmartGroupGIDs 1C77FABC04509CD000000102 PBXProjectModuleGUID 1CE0B1FE06471DED0097A5F4 PBXProjectModuleLabel Files PBXProjectStructureProvided no PBXSmartGroupTreeModuleColumnData PBXSmartGroupTreeModuleColumnWidthsKey 168 PBXSmartGroupTreeModuleColumnsKey_v4 MainColumn PBXSmartGroupTreeModuleOutlineStateKey_v7 PBXSmartGroupTreeModuleOutlineStateExpansionKey 1C77FABC04509CD000000102 PBXSmartGroupTreeModuleOutlineStateSelectionKey 0 PBXSmartGroupTreeModuleOutlineStateVisibleRectKey {{0, 0}, {168, 350}} PBXTopSmartGroupGIDs XCIncludePerspectivesSwitch 0 GeometryConfiguration Frame {{0, 0}, {185, 368}} GroupTreeTableConfiguration MainColumn 168 RubberWindowFrame 315 424 744 409 0 0 1440 878 Module PBXSmartGroupTreeModule Proportion 185pt ContentConfiguration PBXProjectModuleGUID 1CA1AED706398EBD00589147 PBXProjectModuleLabel Detail GeometryConfiguration Frame {{190, 0}, {554, 368}} RubberWindowFrame 315 424 744 409 0 0 1440 878 Module XCDetailModule Proportion 554pt Proportion 368pt MajorVersion 3 MinorVersion 0 Name Breakpoints ServiceClasses PBXSmartGroupTreeModule XCDetailModule StatusbarIsVisible 1 TableOfContents 1CDDB66807F98D9800BB5817 1CDDB66907F98D9800BB5817 1CE0B1FE06471DED0097A5F4 1CA1AED706398EBD00589147 ToolbarConfiguration xcode.toolbar.config.breakpointsV3 WindowString 315 424 744 409 0 0 1440 878 WindowToolGUID 1CDDB66807F98D9800BB5817 WindowToolIsVisible 1 Identifier windowTool.debugAnimator Layout Dock Module PBXNavigatorGroup Proportion 100% Proportion 100% Name Debug Visualizer ServiceClasses PBXNavigatorGroup StatusbarIsVisible 1 ToolbarConfiguration xcode.toolbar.config.debugAnimatorV3 WindowString 100 100 700 500 0 0 1280 1002 Identifier windowTool.bookmarks Layout Dock Module PBXBookmarksModule Proportion 100% Proportion 100% Name Bookmarks ServiceClasses PBXBookmarksModule StatusbarIsVisible 0 WindowString 538 42 401 187 0 0 1280 1002 Identifier windowTool.projectFormatConflicts Layout Dock Module XCProjectFormatConflictsModule Proportion 100% Proportion 100% Name Project Format Conflicts ServiceClasses XCProjectFormatConflictsModule StatusbarIsVisible 0 WindowContentMinSize 450 300 WindowString 50 850 472 307 0 0 1440 877 Identifier windowTool.classBrowser Layout Dock BecomeActive 1 ContentConfiguration OptionsSetName Hierarchy, all classes PBXProjectModuleGUID 1CA6456E063B45B4001379D8 PBXProjectModuleLabel Class Browser - NSObject GeometryConfiguration ClassesFrame {{0, 0}, {374, 96}} ClassesTreeTableConfiguration PBXClassNameColumnIdentifier 208 PBXClassBookColumnIdentifier 22 Frame {{0, 0}, {630, 331}} MembersFrame {{0, 105}, {374, 395}} MembersTreeTableConfiguration PBXMemberTypeIconColumnIdentifier 22 PBXMemberNameColumnIdentifier 216 PBXMemberTypeColumnIdentifier 97 PBXMemberBookColumnIdentifier 22 PBXModuleWindowStatusBarHidden2 1 RubberWindowFrame 385 179 630 352 0 0 1440 878 Module PBXClassBrowserModule Proportion 332pt Proportion 332pt Name Class Browser ServiceClasses PBXClassBrowserModule StatusbarIsVisible 0 TableOfContents 1C0AD2AF069F1E9B00FABCE6 1C0AD2B0069F1E9B00FABCE6 1CA6456E063B45B4001379D8 ToolbarConfiguration xcode.toolbar.config.classbrowser WindowString 385 179 630 352 0 0 1440 878 WindowToolGUID 1C0AD2AF069F1E9B00FABCE6 WindowToolIsVisible 0 Identifier windowTool.refactoring IncludeInToolsMenu 0 Layout Dock BecomeActive 1 GeometryConfiguration Frame {0, 0}, {500, 335} RubberWindowFrame {0, 0}, {500, 335} Module XCRefactoringModule Proportion 100% Proportion 100% Name Refactoring ServiceClasses XCRefactoringModule WindowString 200 200 500 356 0 0 1920 1200 PyKerberos-1.1/support/main.c0000644000175000017500000000215312235252557014375 0ustar agxagx/** * Copyright (c) 2006-2013 Apple Inc. All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. **/ #include "kerberosgss.h" #include "stdio.h" int main (int argc, char * const argv[]) { int code = 0; char* service = 0L; gss_server_state state; service = server_principal_details("http", "caldav.local"); //printf("Got service principal: %s\n", result); //code = authenticate_user_krb5pwd("x", "x", "http/caldav.corp.apple.com@CALDAV.CORP.APPLE.COM", "CALDAV.CORP.APPLE.COM"); code = authenticate_gss_server_init("", &state); code = authenticate_gss_server_clean(&state); return 0; } PyKerberos-1.1/setup.py0000644000175000017500000000363212235252557013306 0ustar agxagx## # Copyright (c) 2006-2013 Apple Inc. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ## from distutils.core import setup, Extension import sys import commands long_description = """ This Python package is a high-level wrapper for Kerberos (GSSAPI) operations. The goal is to avoid having to build a module that wraps the entire Kerberos.framework, and instead offer a limited set of functions that do what is needed for client/server Kerberos authentication based on . """ setup ( name = "kerberos", version = "1.1.1", description = "Kerberos high-level interface", long_description=long_description, classifiers = [ "License :: OSI Approved :: Apache Software License", "Programming Language :: Python :: 2", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: System :: Systems Administration :: Authentication/Directory" ], ext_modules = [ Extension( "kerberos", extra_link_args = commands.getoutput("krb5-config --libs gssapi").split(), extra_compile_args = commands.getoutput("krb5-config --cflags gssapi").split(), sources = [ "src/kerberos.c", "src/kerberosbasic.c", "src/kerberosgss.c", "src/kerberospw.c", "src/base64.c" ], ), ], ) PyKerberos-1.1/config/0000755000175000017500000000000012235252557013035 5ustar agxagxPyKerberos-1.1/config/edu.mit.Kerberos0000644000175000017500000000041712235252557016102 0ustar agxagx[libdefaults] default_realm = EXAMPLE.COM dns_fallback = NO default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc [realms] EXAMPLE.COM = { kdc = kdc.example.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM PyKerberos-1.1/bin/0000755000175000017500000000000012235252557012340 5ustar agxagxPyKerberos-1.1/bin/ftp-gss0000755000175000017500000001027212235252557013653 0ustar agxagx#!/usr/bin/env python ## # Copyright (c) 2008 Jelmer Vernooij # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """Support for secure authentication using GSSAPI over FTP. See RFC2228 for details. """ from ftplib import * import base64, ftplib, getpass, kerberos, socket, sys class SecureFtp(FTP): """Extended version of ftplib.FTP that can authenticate using GSSAPI.""" def mic_putcmd(self, line): rc = kerberos.authGSSClientWrap(self.vc, base64.b64encode(line)) wrapped = kerberos.authGSSClientResponse(self.vc) FTP.putcmd(self, "MIC " + wrapped) def mic_getline(self): resp = FTP.getline(self) assert resp[:4] == '631 ' rc = kerberos.authGSSClientUnwrap(self.vc, resp[4:].strip("\r\n")) response = base64.b64decode(kerberos.authGSSClientResponse(self.vc)) return response def gssapi_login(self, user): # Try GSSAPI login first resp = self.sendcmd('AUTH GSSAPI') if resp[:3] == '334': rc, self.vc = kerberos.authGSSClientInit("ftp@%s" % self.host) if kerberos.authGSSClientStep(self.vc, "") != 1: while resp[:3] in ('334', '335'): authdata = kerberos.authGSSClientResponse(self.vc) resp = self.sendcmd('ADAT ' + authdata) if resp[:9] in ('235 ADAT=', '335 ADAT='): rc = kerberos.authGSSClientStep(self.vc, resp[9:]) assert ((resp[:3] == '235' and rc == 1) or (resp[:3] == '335' and rc == 0)) print "Authenticated as %s" % kerberos.authGSSClientUserName(self.vc) # Monkey patch ftplib self.putcmd = self.mic_putcmd self.getline = self.mic_getline self.sendcmd('USER ' + user) return resp def test(): '''Test program. Usage: ftp [-d] [-u[user]] [-r[file]] host [-l[dir]] [-d[dir]] [-p] [file] ... -d dir -l list -u user ''' from getopt import getopt if len(sys.argv) < 2: print test.__doc__ sys.exit(0) (opts, args) = getopt(sys.argv[1:], "d:u:r:") debugging = 0 rcfile = None userid = None for (k, v) in opts: if k == "-d": debugging += 1 elif k == "-u": userid = v elif k == "-r": rcfile = v host = args[0] ftp = SecureFtp(host) ftp.set_debuglevel(debugging) passwd = acct = '' try: netrc = Netrc(rcfile) except IOError: if rcfile is not None and userid is None: sys.stderr.write("Could not open account file" " -- using anonymous login.") userid = '' else: if userid is None: try: userid, passwd, acct = netrc.get_account(host) except KeyError: # no account for host sys.stderr.write( "No account -- using anonymous login.") userid = '' try: if userid: ftp.gssapi_login(userid) else: ftp.login(userid, passwd, acct) except ftplib.error_perm, e: # Fall back to regular authentication ftp.login(userid, passwd, acct) for file in args[1:]: if file[:2] == '-l': ftp.dir(file[2:]) elif file[:2] == '-d': cmd = 'CWD' if file[2:]: cmd = cmd + ' ' + file[2:] resp = ftp.sendcmd(cmd) elif file == '-p': ftp.set_pasv(not ftp.passiveserver) else: ftp.retrbinary('RETR ' + file, \ sys.stdout.write, 1024) ftp.quit() if __name__ == '__main__': test() PyKerberos-1.1/test.py0000644000175000017500000002025512235252557013125 0ustar agxagx#!/usr/bin/env python ## # Copyright (c) 2006-2013 Apple Inc. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ## import kerberos import getopt import sys import httplib import socket import ssl """ Examples: sudo ./test.py -s HTTP@example.com service sudo ./test.py -u user01 -p user01 -s HTTP@example.com -r EXAMPLE.COM basic sudo ./test.py -s HTTP@example.com -r EXAMPLE.COM gssapi ./test.py -s HTTP@example.com -h calendar.example.com -p 8008 server For the gssapi and server tests you will need to kinit a principal on the server first. """ def main(): # Extract arguments user = "" pswd = "" service = "HTTP@EXAMPLE.COM" host = "host.example.com" realm ="HOST.EXAMPLE.COM" port = 8008 use_ssl = False allowedActions = ("service", "basic", "gssapi", "server",) options, args = getopt.getopt(sys.argv[1:], "u:p:s:h:i:r:x") for option, value in options: if option == "-u": user = value elif option == "-p": pswd = value elif option == "-s": service = value elif option == "-h": host = value elif option == "-i": port = value elif option == "-r": realm = value elif option == "-x": use_ssl = True actions = set() for arg in args: if arg in allowedActions: actions.add(arg) else: print "Action not allowed: %s" % (arg,) sys.exit(1) # Get service principal if "service" in actions: print "\n*** Running Service Principal test" s, h = service.split("@") testServicePrincipal(s, h); # GSS Basic test if "basic" in actions: if (len(user) != 0) and (len(pswd) != 0): print "\n*** Running basic test" testCheckpassword(user, pswd, service, realm) else: print "\n*** Skipping basic test: no user or password specified" # Full GSSAPI test if "gssapi" in actions: print "\n*** Running GSSAPI test" testGSSAPI(service) if "server" in actions: print "\n*** Running HTTP test" testHTTP(host, port, use_ssl, service) print "\n*** Done\n" def testServicePrincipal(service, hostname): try: result = kerberos.getServerPrincipalDetails(service, hostname) except kerberos.KrbError, e: print "Kerberos service principal for %s/%s failed: %s" % (service, hostname, e[0]) else: print "Kerberos service principal for %s/%s succeeded: %s" % (service, hostname, result) def testCheckpassword(user, pswd, service, realm): try: kerberos.checkPassword(user, pswd, service, realm) except kerberos.BasicAuthError, e: print "Kerberos authentication for %s failed: %s" % (user, e[0]) else: print "Kerberos authentication for %s succeeded" % user def testGSSAPI(service): def statusText(r): if r == 1: return "Complete" elif r == 0: return "Continue" else: return "Error" rc, vc = kerberos.authGSSClientInit(service); print "Status for authGSSClientInit = %s" % statusText(rc); if rc != 1: return rs, vs = kerberos.authGSSServerInit(service); print "Status for authGSSServerInit = %s" % statusText(rs); if rs != 1: return rc = kerberos.authGSSClientStep(vc, ""); print "Status for authGSSClientStep = %s" % statusText(rc); if rc != 0: return rs = kerberos.authGSSServerStep(vs, kerberos.authGSSClientResponse(vc)); print "Status for authGSSServerStep = %s" % statusText(rs); if rs == -1: return rc = kerberos.authGSSClientStep(vc, kerberos.authGSSServerResponse(vs)); print "Status for authGSSClientStep = %s" % statusText(rc); if rc == -1: return print "Server user name: %s" % kerberos.authGSSServerUserName(vs); print "Server target name: %s" % kerberos.authGSSServerTargetName(vs); print "Client user name: %s" % kerberos.authGSSClientUserName(vc); rc = kerberos.authGSSClientClean(vc); print "Status for authGSSClientClean = %s" % statusText(rc); rs = kerberos.authGSSServerClean(vs); print "Status for authGSSServerClean = %s" % statusText(rs); def testHTTP(host, port, use_ssl, service): class HTTPSConnection_SSLv3(httplib.HTTPSConnection): "This class allows communication via SSL." def connect(self): "Connect to a host on a given (SSL) port." sock = socket.create_connection((self.host, self.port), self.timeout) self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=ssl.PROTOCOL_SSLv3) def sendRequest(host, port, ssl, method, uri, headers): response = None if use_ssl: http = HTTPSConnection_SSLv3(host, port) else: http = httplib.HTTPConnection(host, port) try: http.request(method, uri, "", headers) response = http.getresponse() finally: http.close() return response # Initial request without auth header uri = "/principals/" response = sendRequest(host, port, use_ssl, "OPTIONS", uri, {}) if response is None: print "Initial HTTP request to server failed" return if response.status != 401: print "Initial HTTP request did not result in a 401 response" return hdrs = response.msg.getheaders("www-authenticate") if (hdrs is None) or (len(hdrs) == 0): print "No www-authenticate header in initial HTTP response." for hdr in hdrs: hdr = hdr.strip() splits = hdr.split(' ', 1) if (len(splits) != 1) or (splits[0].lower() != "negotiate"): continue else: break else: print "No www-authenticate header with negotiate in initial HTTP response." return try: rc, vc = kerberos.authGSSClientInit(service=service); except kerberos.GSSError, e: print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[1][0]) return try: kerberos.authGSSClientStep(vc, ""); except kerberos.GSSError, e: print "Could not do GSSAPI step with continue: %s/%s" % (e[0][0], e[1][0]) return hdrs = {} hdrs["Authorization"] = "negotiate %s" % kerberos.authGSSClientResponse(vc) # Second request with auth header response = sendRequest(host, port, use_ssl, "OPTIONS", uri, hdrs) if response is None: print "Second HTTP request to server failed" return if response.status/100 != 2: print "Second HTTP request did not result in a 2xx response: %d" % (response.status,) return hdrs = response.msg.getheaders("www-authenticate") if (hdrs is None) or (len(hdrs) == 0): print "No www-authenticate header in second HTTP response." return for hdr in hdrs: hdr = hdr.strip() splits = hdr.split(' ', 1) if (len(splits) != 2) or (splits[0].lower() != "negotiate"): continue else: break else: print "No www-authenticate header with negotiate in second HTTP response." return try: kerberos.authGSSClientStep(vc, splits[1]) except kerberos.GSSError, e: print "Could not verify server www-authenticate header in second HTTP response: %s/%s" % (e[0][0], e[1][0]) return try: rc = kerberos.authGSSClientClean(vc); except kerberos.GSSError, e: print "Could not clean-up GSSAPI: %s/%s" % (e[0][0], e[1][0]) return print "Authenticated successfully" return if __name__=='__main__': main()