Hi Moin users, about a month ago I did ask for some hints how to get the xmlrpc access working under the following circumstances:
- moin version 1.9.3 - IIS with windows authentication SSPI(NTLM) - moin authentication is auth = [GivenAuth(strip_windomain=True,autocreate=1)] This means that the xmlrpc calls are only forwarded to the wiki after a successful ntlm authentication by the IIS webserver. The wiki then uses the REMOTE_USER variable to create or run the request under a specific account (this is explained here http://moinmo.in/HelpOnAuthentication) When I run the following script: import sys import xmlrpclib wikiurl = "http://nb-it-lt-ms/testwiki"; homewiki = xmlrpclib.ServerProxy(wikiurl + "?action=xmlrpc2",allow_none=True) mc=xmlrpclib.MultiCall(homewiki) mc.getRPCVersionSupported() mc.getPage("StartPage") try: auth_token = homewiki.getAuthToken("mscheufe", "blah") if not auth_token: print "auth_token is empty" for i in mc(): print i except xmlrpclib.Fault as err: print str(err) I get the following error message: Traceback (most recent call last): File "test.py", line 15, in <module> auth_token = homewiki.getAuthToken("mscheufe", "blah") File "c:\python26\lib\xmlrpclib.py", line 1199, in __call__ return self.__send(self.__name, args) File "c:\python26\lib\xmlrpclib.py", line 1489, in __request verbose=self.__verbose File "c:\python26\lib\xmlrpclib.py", line 1243, in request headers xmlrpclib.ProtocolError: <ProtocolError for nb-it-lt-ms/testwiki?action=xmlrpc2: 401 Unauthorized> I managed to get the ntlm authentication against the webserver to work by writing my own xmlrpc.Transport object. (code see below). Now the ntlm authentication is working and my xmlrpc requests are forwarded to the wiki. But my calls are still not properly authenticated against the wiki by the xmlrpc interface. Have a look at this sample: import sys sys.path.append("c:/Temp/MoinXmlRPC") import xmlrpclib from ntlmTransport import * wikiurl = "http://nb-it-lt-ms/testwiki"; p=ntlmTransport() homewiki = xmlrpclib.ServerProxy(wikiurl + "?action=xmlrpc2",allow_none=True,transport=p) mc=xmlrpclib.MultiCall(homewiki) mc.getRPCVersionSupported() mc.getPage("StartPage") try: auth_token = homewiki.getAuthToken("mscheufe", "blah") if not auth_token: print "auth_token is empty" for i in mc(): print i except xmlrpclib.Fault as err: print str(err) The output of the script is: auth_token is empty 2 <Fault 1: 'You are not allowed to read this page.'> As one can see the xmlrpc calls are forwarded to the wiki but as the getAuthToken() method does not return a token I cannot authenticate against the wiki. At the minute I am stuck here. I really would be interested to get the xmlrpc interface working with GivenAuth. It would be great if someone could point me into the right direction how this problem could be solved. Many thanks in advance, mark ################################### # ntlm xmlrpclib.Transport object # ################################### import xmlrpclib,sys,httplib,base64 from types import * #code for WindoewNtlmMessageGenerator orignates from http://stackoverflow.com/questions/2969481/ntlm-authentication-in-python class WindoewNtlmMessageGenerator: def __init__(self,user=None): import win32api,sspi if not user: user = win32api.GetUserName() self.sspi_client = sspi.ClientAuth("NTLM",user) def create_auth_req(self): import pywintypes output_buffer = None error_msg = None try: error_msg, output_buffer = self.sspi_client.authorize(None) except pywintypes.error: return None auth_req = output_buffer[0].Buffer auth_req = base64.b64encode(auth_req) return auth_req def create_challenge_response(self,challenge): import pywintypes output_buffer = None input_buffer = challenge error_msg = None try: error_msg, output_buffer = self.sspi_client.authorize(input_buffer) except pywintypes.error: return None response_msg = output_buffer[0].Buffer response_msg = base64.b64encode(response_msg) return response_msg class ntlmTransport(xmlrpclib.Transport): def __init__(self,use_datetime=0): xmlrpclib.Transport.__init__(self,use_datetime) def request(self, host, handler, request_body, verbose=0): # issue XML-RPC request h = self.make_connection(host) if verbose: h.set_debuglevel(1) #run the ntlm handshake to get an auth token extra_headers=self.get_ntlm_header(h,handler,request_body) self.send_request(h, handler, request_body) self.send_host(h,host,extra_headers) self.send_user_agent(h) self.send_content(h, request_body) errcode, errmsg, headers = h.getreply() if errcode != 200: raise ProtocolError( host + handler, errcode, errmsg, headers ) self.verbose = verbose try: sock = h._conn.sock except AttributeError: sock = None return self._parse_response(h.getfile(), sock) def get_ntlm_header(self,connection,handler,request_body): ntlm_gen = WindoewNtlmMessageGenerator() auth_req_msg = ntlm_gen.create_auth_req() extra_headers=[('Connection','Keep-Alive')] self.send_request(connection,handler,request_body) connection.putheader("Content-length","0") connection.putheader("Connection","Keep-Alive") connection.putheader('Authorization','NTLM'+' '+auth_req_msg) connection.endheaders() resp = connection._conn.getresponse() #always read from response otherwise the subsequent call with the current http connection handle won't work resp.read() #generate the NTLM auth_token challenge = resp.msg.get('WWW-Authenticate') challenge_dec = base64.b64decode(challenge.split()[1]) auth_token = ntlm_gen.create_challenge_response(challenge_dec) extra_headers.append(('Authorization','NTLM'+' '+auth_token)) return extra_headers def send_host(self,connection,host,extra_headers): host, not_used_headers, x509 = self.get_host_info(host) for key, value in extra_headers: connection.putheader(key, value) _______________________________________________________________________________________ Dialog Semiconductor GmbH Neue Str. 95 D-73230 Kirchheim Managing Director: Dr. Jalal Bagherli Chairman of the Supervisory Board: Gregorio Reyes Commercial register: Amtsgericht Stuttgart: HRB 231181 UST-ID-Nr. DE 811121668 Legal Disclaimer: This e-mail communication (and any attachment/s) is confidential and contains proprietary information, some or all of which may be legally privileged. It is intended solely for the use of the individual or entity to which it is addressed. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. ------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d _______________________________________________ Moin-user mailing list Moin-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/moin-user
