Hi!
I'm using the pykerberos bindings that are developed as part of
calendarserver to implement support for authenticating GSSAPI using
FTP connections (RFC2228).
However, at the moment, pykerberos appears to be making assumptions
about the way Kerberos is used and forces some changes to the buffer
passed into gss_wrap(). I need the attached patch to get it to work.
How should I go about allowing more generic use? Would it be ok to
break the existing API? Should I add a new call?
Cheers,
Jelmer
--
=== modified file 'src/kerberosgss.c'
--- src/kerberosgss.c 2008-05-23 16:40:38 +0000
+++ src/kerberosgss.c 2008-06-11 20:43:48 +0000
@@ -333,28 +333,6 @@
input_token.length = len;
}
- // get bufsize
- server_conf_flags = ((char*) input_token.value)[0];
- ((char*) input_token.value)[0] = 0;
- buf_size = ntohl(*((long *) input_token.value));
- free(input_token.value);
-#ifdef PRINTFS
- printf("User: %s, %c%c%c\n", user,
- server_conf_flags & GSS_AUTH_P_NONE ? 'N' : '-',
- server_conf_flags & GSS_AUTH_P_INTEGRITY ? 'I' : '-',
- server_conf_flags & GSS_AUTH_P_PRIVACY ? 'P' : '-');
- printf("Maximum GSS token size is %ld\n", buf_size);
-#endif
-
- // agree to terms (hack!)
- buf_size = htonl(buf_size); // not relevant without integrity/privacy
- memcpy(buf, &buf_size, 4);
- buf[0] = GSS_AUTH_P_NONE;
- // server decides if principal can log in as user
- strncpy(buf + 4, user, sizeof(buf) - 4);
- input_token.value = buf;
- input_token.length = 4 + strlen(user) + 1;
-
// Do GSSAPI wrap
maj_stat = gss_wrap(&min_stat,
state->context,
_______________________________________________
calendarserver-dev mailing list
calendarserver-dev@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-dev
