Add password= keyword to authGSSClientInit

pysrc/kerberos.py

@@ -137,6 +137,7 @@ def getServerPrincipalDetails(service, hostname):
 GSS_C_PROT_READY_FLAG = 128
 GSS_C_TRANS_FLAG      = 256
 
+GSS_EXT_HAVE_PASSWORD = True
 
 
 def authGSSClientInit(service, **kwargs):
@@ -160,6 +161,8 @@ def authGSSClientInit(service, **kwargs):
 
     @param mech_oid: Optional GGS mech OID
 
+    @param password: Optional string containing the service principal's password
+
     @return: A tuple of (result, context) where result is the result code (see
         above) and context is an opaque value that will need to be passed to
         subsequent functions.
@@ -179,6 +182,29 @@ def authGSSClientClean(context):
     """
 
 
+def authGSSSign(context, message, qop=0):
+    """
+    Creates MIC (signature) of the message
+
+    @param context: The context object returned from L{authGSSClientInit}.
+
+    @param message: The text message (base64 encoded)
+
+    @return: The MIC of the message (base64 encoded).
+    """
+
+
+def authGSSVerify(context, message, token, qop=0):
+    """
+    Verify MIC (signature) of the message
+
+    @param context: The context object returned from L{authGSSClientInit}.
+
+    @param message: The text message (base64 encoded)
+
+    @param token: The MIC of the message (base64 encoded).
+    """
+
 
 def authGSSClientInquireCred(context):
     """

src/kerberos.c

@@ -31,6 +31,7 @@
     // Basic renames (function parameters are the same)
     // No more int objects
     #define PyInt_FromLong PyLong_FromLong
+    #define PyString_FromString PyUnicode_FromString
 #endif
 
 #if PY_VERSION_HEX >= 0x03020000
@@ -154,21 +155,22 @@ static PyObject* authGSSClientInit(PyObject* self, PyObject* args, PyObject* key
 {
     const char *service = NULL;
     const char *principal = NULL;
+    const char *password = NULL;
     gss_client_state *state = NULL;
     PyObject *pystate = NULL;
     gss_server_state *delegatestate = NULL;
     PyObject *pydelegatestate = NULL;
     gss_OID mech_oid = GSS_C_NO_OID;
     PyObject *pymech_oid = NULL;
     static char *kwlist[] = {
-        "service", "principal", "gssflags", "delegated", "mech_oid", NULL
+        "service", "principal", "gssflags", "delegated", "mech_oid", "password", NULL
     };
     long int gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
     int result = 0;
 
     if (! PyArg_ParseTupleAndKeywords(
-        args, keywds, "s|zlOO", kwlist,
-        &service, &principal, &gss_flags, &pydelegatestate, &pymech_oid
+        args, keywds, "s|zlOOz", kwlist,
+        &service, &principal, &gss_flags, &pydelegatestate, &pymech_oid, &password
     )) {
         return NULL;
     }
@@ -194,7 +196,7 @@ static PyObject* authGSSClientInit(PyObject* self, PyObject* args, PyObject* key
     }
 
     result = authenticate_gss_client_init(
-        service, principal, gss_flags, delegatestate, mech_oid, state
+        service, principal, gss_flags, delegatestate, mech_oid, state, password
     );
 
     if (result == AUTH_GSS_ERROR) {
@@ -277,6 +279,76 @@ static PyObject *channelBindings(PyObject *self, PyObject *args, PyObject* keywd
     return Py_BuildValue("N", pychan_bindings);
 }
 
+static PyObject *authGSSSign(PyObject *self, PyObject *args, PyObject* keywds)
+{
+    gss_client_state *state = NULL;
+    PyObject *pystate = NULL;
+    PyObject *pytoken = NULL;
+    char *message = NULL;
+    char *token = NULL;
+    static char *kwlist[] = {"context", "message", "qop", NULL};
+    int result = 0;
+    unsigned int qop = 0;
+
+    if (! PyArg_ParseTupleAndKeywords(args, keywds, "Os|I", kwlist, &pystate, &message, &qop)) {
+        return NULL;
+    }
+
+    if (! PyCObject_Check(pystate)) {
+        PyErr_SetString(PyExc_TypeError, "Expected a context object");
+        return NULL;
+    }
+
+    state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
+
+    if (state == NULL) {
+        return NULL;
+    }
+
+    result = authenticate_gss_sign(state, message, qop, &token);
+    if (result == AUTH_GSS_ERROR) {
+        return NULL;
+    }
+
+    pytoken = PyString_FromString(token);
+    free(token);
+
+    return pytoken;
+}
+
+static PyObject *authGSSVerify(PyObject *self, PyObject *args, PyObject* keywds)
+{
+    gss_client_state *state = NULL;
+    PyObject *pystate = NULL;
+    char *message = NULL;
+    char *token = NULL;
+    static char *kwlist[] = {"context", "message", "token", "qop", NULL};
+    int result = 0;
+    unsigned int qop = 0;
+
+    if (! PyArg_ParseTupleAndKeywords(args, keywds, "Oss|I", kwlist, &pystate, &message, &token, &qop)) {
+        return NULL;
+    }
+
+    if (! PyCObject_Check(pystate)) {
+        PyErr_SetString(PyExc_TypeError, "Expected a context object");
+        return NULL;
+    }
+
+    state = (gss_client_state *)PyCObject_AsVoidPtr(pystate);
+
+    if (state == NULL) {
+        return NULL;
+    }
+
+    result = authenticate_gss_verify(state, message, token, qop);
+    if (result == AUTH_GSS_ERROR) {
+        return NULL;
+    }
+
+    return Py_BuildValue("i", result);
+}
+
 static PyObject *authGSSClientStep(PyObject *self, PyObject *args, PyObject* keywds)
 {
     gss_client_state *state = NULL;
@@ -727,6 +799,16 @@ static PyMethodDef KerberosMethods[] = {
         getServerPrincipalDetails, METH_VARARGS,
         "Return the service principal for a given service and hostname."
     },
+    {
+        "authGSSSign",
+        (PyCFunction)authGSSSign, METH_VARARGS | METH_KEYWORDS,
+        "Compute MIC of the message",
+    },
+    {
+        "authGSSVerify",
+        (PyCFunction)authGSSVerify, METH_VARARGS | METH_KEYWORDS,
+        "Verify MIC of the message",
+    },
     {
         "authGSSClientInit",
         (PyCFunction)authGSSClientInit, METH_VARARGS | METH_KEYWORDS,