Add MIC Sign/Verify operations

apple · Oct 29, 2019 · 78f1420 · 78f1420
1 parent 430a12b
commit 78f1420
Show file tree

Hide file tree

Showing 4 changed files with 291 additions and 57 deletions.
diff --git a/pysrc/kerberos.py b/pysrc/kerberos.py
@@ -137,6 +137,7 @@ def getServerPrincipalDetails(service, hostname):
 GSS_C_PROT_READY_FLAG = 128
 GSS_C_TRANS_FLAG      = 256
 
+GSS_EXT_HAVE_PASSWORD = True
 
 
 def authGSSClientInit(service, **kwargs):
@@ -181,6 +182,29 @@ def authGSSClientClean(context):
     """
 
 
+def authGSSSign(context, message, qop=0):
+    """
+    Creates MIC (signature) of the message
+
+    @param context: The context object returned from L{authGSSClientInit}.
+
+    @param message: The text message (base64 encoded)
+
+    @return: The MIC of the message (base64 encoded).
+    """
+
+
+def authGSSVerify(context, message, token, qop=0):
+    """
+    Verify MIC (signature) of the message
+
+    @param context: The context object returned from L{authGSSClientInit}.
+
+    @param message: The text message (base64 encoded)
+
+    @param token: The MIC of the message (base64 encoded).
+    """
+
 
 def authGSSClientInquireCred(context):
     """

diff --git a/src/kerberos.c b/src/kerberos.c
@@ -275,6 +275,76 @@ static PyObject *channelBindings(PyObject *self, PyObject *args, PyObject* keywd
     return Py_BuildValue("N", pychan_bindings);
 }
 
+static PyObject *authGSSSign(PyObject *self, PyObject *args, PyObject* keywds)
+{
+    gss_client_state *state = NULL;
+    PyObject *pystate = NULL;
+    PyObject *pytoken = NULL;
+    char *message = NULL;
+    char *token = NULL;
+    static char *kwlist[] = {"context", "message", "qop", NULL};
+    int result = 0;
+    unsigned int qop = 0;
+
+    if (! PyArg_ParseTupleAndKeywords(args, keywds, "Os|I", kwlist, &pystate, &message, &qop)) {
+        return NULL;
+    }
+
+    if (! PyCObject_Check(pystate)) {
+        PyErr_SetString(PyExc_TypeError, "Expected a context object");
+        return NULL;
+    }
+
+    state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
+
+    if (state == NULL) {
+        return NULL;
+    }
+
+    result = authenticate_gss_sign(state, message, qop, &token);
+    if (result == AUTH_GSS_ERROR) {
+        return NULL;
+    }
+
+    pytoken = PyString_FromString(token);
+    free(token);
+
+    return pytoken;
+}
+
+static PyObject *authGSSVerify(PyObject *self, PyObject *args, PyObject* keywds)
+{
+    gss_client_state *state = NULL;
+    PyObject *pystate = NULL;
+    char *message = NULL;
+    char *token = NULL;
+    static char *kwlist[] = {"context", "message", "token", "qop", NULL};
+    int result = 0;
+    unsigned int qop = 0;
+
+    if (! PyArg_ParseTupleAndKeywords(args, keywds, "Oss|I", kwlist, &pystate, &message, &token, &qop)) {
+        return NULL;
+    }
+
+    if (! PyCObject_Check(pystate)) {
+        PyErr_SetString(PyExc_TypeError, "Expected a context object");
+        return NULL;
+    }
+
+    state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
+
+    if (state == NULL) {
+        return NULL;
+    }
+
+    result = authenticate_gss_verify(state, message, token, qop);
+    if (result == AUTH_GSS_ERROR) {
+        return NULL;
+    }
+
+    return Py_BuildValue("i", result);
+}
+
 static PyObject *authGSSClientStep(PyObject *self, PyObject *args, PyObject* keywds)
 {
     gss_client_state *state = NULL;
@@ -725,6 +795,16 @@ static PyMethodDef KerberosMethods[] = {
         getServerPrincipalDetails, METH_VARARGS,
         "Return the service principal for a given service and hostname."
     },
+    {
+        "authGSSSign",
+        (PyCFunction)authGSSSign, METH_VARARGS | METH_KEYWORDS,
+        "Compute MIC of the message",
+    },
+    {
+        "authGSSVerify",
+        (PyCFunction)authGSSVerify, METH_VARARGS | METH_KEYWORDS,
+        "Verify MIC of the message",
+    },
     {
         "authGSSClientInit",
         (PyCFunction)authGSSClientInit, METH_VARARGS | METH_KEYWORDS,