debian/0000755000000000000000000000000011773352473007202 5ustar debian/control0000644000000000000000000000163111773352370010602 0ustar Source: python-krbv Section: python Priority: extra Maintainer: Debian FreeIPA Team Uploaders: Timo Aaltonen Build-Depends: debhelper (>= 8.0.0), python-dev (>= 2.6.6-3~), libkrb5-dev, gawk, quilt, dh-autoreconf, Standards-Version: 3.9.3 X-Python-Version: >= 2.7 Homepage: https://fedorahosted.org/python-krbV/ Vcs-Git: git://git.debian.org/pkg-freeipa/python-krbv.git Vcs-Browser: http://git.debian.org/?p=pkg-freeipa/python-krbv.git;a=summary Package: python-krbv Architecture: any Provides: ${python:Provides} Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends} Description: Python extension module for Kerberos 5 python-krbV allows Python programs to use Kerberos 5 authentication and security. . It is designed to be a thin wrapper around the krb5 C API. Familiarity with the C API will be of great help when using this module. debian/source/0000755000000000000000000000000011773352370010476 5ustar debian/source/format0000644000000000000000000000001411773352370011704 0ustar 3.0 (quilt) debian/watch0000644000000000000000000000050711773352370010231 0ustar # Example watch control file for uscan # Rename this file to "watch" and then you can run the "uscan" command # to check for upstream updates and more. # See uscan(1) for format # Compulsory line, this is a version 3 file version=3 https://fedorahosted.org/python-krbV/raw-attachment/wiki/Releases/python-krbV-(.*)\.tar\.bz2 debian/changelog0000644000000000000000000000023611773352370011051 0ustar python-krbv (1.0.90-1) unstable; urgency=low * Initial release (Closes: #644364) -- Timo Aaltonen Fri, 29 Jun 2012 18:16:35 +0200 debian/compat0000644000000000000000000000000211773352370010374 0ustar 8 debian/patches/0000755000000000000000000000000011773352370010625 5ustar debian/patches/pulled-from-master.diff0000644000000000000000000002300111773352370015172 0ustar Description: Upstream changes introduced in version 1.0.90-1 . Upstream changes accidentally merged from git master. Can/should be dropped when pulling a new version. . Author: Timo Aaltonen --- python-krbv-1.0.90.orig/Makefile.am +++ python-krbv-1.0.90/Makefile.am @@ -13,7 +13,7 @@ DEFFILES=$(KRB5_HEADERDIR)/krb5.h krb5defines.h: $(DEFFILES) gendefines.awk awk -f $(srcdir)/gendefines.awk $(DEFFILES) > $@ -EXTRA_DIST=gendefines.awk python-krbV.spec krbV-code-snippets.py +EXTRA_DIST=gendefines.awk python-krbV.spec krbV-code-snippets.py python-krbV-test.py BUILT_SOURCES=krb5defines.h CLEANFILES=krb5defines.h --- /dev/null +++ python-krbv-1.0.90/python-krbV-test.py @@ -0,0 +1,202 @@ +#!/usr/bin/python + +# Simple test script to exercise a few code paths in python-krbV +# Mike Bonnet , 2010-07-12 + +import sys +import optparse +import socket +import select +import krbV + +def handle_tcp(opts, sock): + conn, addr = sock.accept() + ctx = krbV.default_context() + sprinc = krbV.Principal(name=opts.principal, context=ctx) + keytab = krbV.Keytab(name=opts.keytab, context=ctx) + ac, cprinc = ctx.recvauth(conn, '1.0', + options=krbV.AP_OPTS_MUTUAL_REQUIRED, + server=sprinc, keytab=keytab) + print 'Successfully authenticated via tcp: %s' % cprinc.name + ac.flags = krbV.KRB5_AUTH_CONTEXT_DO_SEQUENCE|krbV.KRB5_AUTH_CONTEXT_DO_TIME + ac.genaddrs(conn, + krbV.KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR| + krbV.KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) + msg_enc = conn.recv(4096) + msg = ac.rd_priv(msg_enc) + print ' Received: %s' % msg + resp_enc = ac.mk_priv(msg) + conn.send(resp_enc) + conn.close() + +def handle_udp(opts, sock): + data, addr = sock.recvfrom(4096) + ctx = krbV.default_context() + sprinc = krbV.Principal(name=opts.principal, context=ctx) + keytab = krbV.Keytab(name=opts.keytab, context=ctx) + ac = krbV.AuthContext(context=ctx) + ac.flags = krbV.KRB5_AUTH_CONTEXT_DO_SEQUENCE|krbV.KRB5_AUTH_CONTEXT_DO_TIME + ac, options, sprinc, ccreds = ctx.rd_req(data, server=sprinc, keytab=keytab, + auth_context=ac, + options=krbV.AP_OPTS_MUTUAL_REQUIRED) + cprinc = ccreds[2] + print 'Successfully authenticated via udp: %s' % cprinc.name + rep = ctx.mk_rep(auth_context=ac) + sock.sendto(rep, addr) + msg_enc, addr = sock.recvfrom(4096) + print 'Using addresses: %s' % str((opts.serveraddr[0], opts.serveraddr[1], addr[0], addr[1])) + ac.addrs = (opts.serveraddr[0], opts.serveraddr[1], addr[0], addr[1]) + msg = ac.rd_priv(msg_enc) + print ' Received: %s' % msg + resp_enc = ac.mk_priv(msg) + sock.sendto(resp_enc, addr) + +def handle_connections(opts, socklist): + while True: + try: + rd, wr, ex = select.select(socklist, [], [], 60) + for sock in rd: + if sock.type == socket.SOCK_STREAM: + handle_tcp(opts, sock) + elif sock.type == socket.SOCK_DGRAM: + handle_udp(opts, sock) + else: + raise ValueError, 'unknown socket type: %s' % sock.type + except krbV.Krb5Error, e: + print >> sys.stderr, 'krbV.Krb5Error:', e + except socket.timeout: + pass + except KeyboardInterrupt: + break + +def server(opts): + print 'Binding to: %s' % str(opts.serveraddr) + tcpsock = socket.socket(opts.addr_family, socket.SOCK_STREAM) + tcpsock.settimeout(15) + tcpsock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + tcpsock.bind(opts.serveraddr) + tcpsock.listen(5) + udpsock = socket.socket(opts.addr_family, socket.SOCK_DGRAM) + udpsock.settimeout(15) + udpsock.bind(opts.serveraddr) + + try: + handle_connections(opts, [tcpsock, udpsock]) + finally: + tcpsock.close() + udpsock.close() + +def tcp_client(opts, conn): + ctx = krbV.default_context() + if opts.ccache: + ccache = krbV.CCache(name='FILE:' + opts.ccache, context=ctx) + else: + ccache = ctx.default_ccache() + cprinc = ccache.principal() + sprinc = krbV.Principal(name=opts.principal, context=ctx) + ac = ctx.sendauth(conn, '1.0', + options=krbV.AP_OPTS_MUTUAL_REQUIRED, + server=sprinc, client=cprinc, + ccache=ccache, data='authtest') + print 'Successfully authenticated via tcp to service: %s' % sprinc.name + ac.flags = krbV.KRB5_AUTH_CONTEXT_DO_SEQUENCE|krbV.KRB5_AUTH_CONTEXT_DO_TIME + ac.rcache = ctx.default_rcache() + ac.genaddrs(conn, + krbV.KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR| + krbV.KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) + enc_msg = ac.mk_priv(opts.message) + conn.send(enc_msg) + enc_resp = conn.recv(4096) + resp = ac.rd_priv(enc_resp) + if resp == opts.message: + print ' Exchanging encrypted messages succeeded' + conn.close() + +def gai_error(opts, addrtype, addr, e): + af = 'IPv4' + if opts.addr_family == socket.AF_INET6: + af = 'IPv6' + print >> sys.stderr, 'error: Could not get %s address for %s hostname %s' % (af, addrtype, addr) + print >> sys.stderr, e + sys.exit(1) + +def udp_client(opts, sock, addr): + ctx = krbV.default_context() + if opts.ccache: + ccache = krbV.CCache(name='FILE:' + opts.ccache, context=ctx) + else: + ccache = ctx.default_ccache() + cprinc = ccache.principal() + sprinc = krbV.Principal(name=opts.principal, context=ctx) + ac = krbV.AuthContext(context=ctx) + ac.flags = krbV.KRB5_AUTH_CONTEXT_DO_SEQUENCE|krbV.KRB5_AUTH_CONTEXT_DO_TIME + ac.rcache = ctx.default_rcache() + ac, req = ctx.mk_req(server=sprinc, client=cprinc, + auth_context=ac, ccache=ccache, + options=krbV.AP_OPTS_MUTUAL_REQUIRED) + sock.sendto(req, addr) + rep, saddr = sock.recvfrom(4096) + rep_tup = ctx.rd_rep(rep, auth_context=ac) + print 'Successfully authenticated via udp to service: %s' % sprinc.name + try: + addrinfo = socket.getaddrinfo(socket.gethostname(), sock.getsockname()[1], + opts.addr_family) + localaddr = addrinfo[0][4] + except socket.gaierror, e: + gai_error(opts, 'local', socket.gethostname(), e) + print 'Using addresses: %s' % str((localaddr[0], localaddr[1], addr[0], addr[1])) + ac.addrs = (localaddr[0], localaddr[1], addr[0], addr[1]) + msg_enc = ac.mk_priv(opts.message) + sock.sendto(msg_enc, addr) + resp_enc, saddr = sock.recvfrom(4096) + resp = ac.rd_priv(resp_enc) + if resp == opts.message: + print ' Exchanging encrypted messages succeeded' + +def client(opts): + print 'Connecting to: %s' % str(opts.serveraddr) + + tcpsock = socket.socket(opts.addr_family, socket.SOCK_STREAM) + tcpsock.connect(opts.serveraddr) + tcp_client(opts, tcpsock) + + udpsock = socket.socket(opts.addr_family, socket.SOCK_DGRAM) + udpsock.settimeout(15) + udp_client(opts, udpsock, opts.serveraddr) + + +if __name__ == '__main__': + parser = optparse.OptionParser() + parser.add_option('-s', '--server', action='store_true', help='Run in server mode') + parser.add_option('-p', '--port', type='int', default=11234, help='Port to use for running the test. The server will bind to this port, and the client will connect to it.') + parser.add_option('-6', '--ipv6', action='store_true', help='Use IPv6') + parser.add_option('-a', '--address', default='localhost', help='The address to bind the sockets to in server mode, or the host to connect to in client mode') + parser.add_option('-P', '--principal', help='The server principal') + parser.add_option('-k', '--keytab', help='Service keytab') + parser.add_option('-c', '--ccache', help='Location of the credentials cache') + parser.add_option('-m', '--message', help='Message to encrypt and send from the client to the server', default='Kerberos is working') + + opts, args = parser.parse_args() + + if not opts.principal: + parser.error('You must specify the server principal') + + if opts.ipv6: + opts.addr_family = socket.AF_INET6 + else: + opts.addr_family = socket.AF_INET + + try: + addrinfo = socket.getaddrinfo(opts.address, opts.port, opts.addr_family) + opts.serveraddr = addrinfo[0][4] + except socket.gaierror, e: + gai_error(opts, 'server', opts.address, e) + + if opts.server: + if not opts.keytab: + parser.error('You must specify a keytab in server mode') + server(opts) + else: + if opts.keytab: + parser.error('You may only specify a keytab in server mode') + client(opts) --- python-krbv-1.0.90.orig/python-krbV.spec +++ python-krbv-1.0.90/python-krbV.spec @@ -2,7 +2,7 @@ Name: python-krbV Version: 1.0.90 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Python extension module for Kerberos 5 Group: Development/Languages @@ -39,10 +39,13 @@ export CFLAGS="%{optflags} -Wextra" %files %defattr(-,root,root,-) -%doc README COPYING krbV-code-snippets.py +%doc README COPYING krbV-code-snippets.py python-krbV-test.py %{python_sitearch}/krbVmodule.so %changelog +* Mon Jul 12 2010 Mike Bonnet - 1.0.90-2 +- Add test script + * Tue May 18 2010 Mike Bonnet - 1.0.90-1 - return the contents of the AP_REP message from rd_rep() - improved memory handling debian/patches/series0000644000000000000000000000004611773352370012042 0ustar # placeholder pulled-from-master.diff debian/python-krbv.install0000644000000000000000000000007511773352370013053 0ustar usr/python*/site-packages/* usr/lib/python2.7/dist-packages/ debian/rules0000755000000000000000000000117211773352370010257 0ustar #!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 override_dh_auto_install: dh_auto_install --destdir=debian/tmp override_dh_install: find debian/tmp -name '*.la' -delete dh_install %: dh $@ --with quilt,autoreconf,python2 --builddirectory=build/ debian/copyright0000644000000000000000000000331211773352370011130 0ustar Format: http://dep.debian.net/deps/dep5 Upstream-Name: python-krbV Source: https://fedorahosted.org/python-krbV/ Files: * Copyright: 2001-2006 Red Hat Inc. License: LGPL-2.1 This package is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License version 2.1 as published by the Free Software Foundation. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . . On Debian systems, the complete text of the GNU Lesser General Public License can be found in "/usr/share/common-licenses/LGPL-2.1". Files: debian/* Copyright: 2011 Timo Aaltonen License: GPL-2+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . On Debian systems, the complete text of the GNU General Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". debian/docs0000644000000000000000000000002611773352370010047 0ustar krbV-code-snippets.py