Hello community, here is the log from the commit of package python-pure-sasl for openSUSE:Factory checked in at 2018-03-09 10:47:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-pure-sasl (Old) and /work/SRC/openSUSE:Factory/.python-pure-sasl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pure-sasl" Fri Mar 9 10:47:19 2018 rev:2 rq:584603 version:0.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-pure-sasl/python-pure-sasl.changes 2017-12-05 01:29:55.801970061 +0100 +++ /work/SRC/openSUSE:Factory/.python-pure-sasl.new/python-pure-sasl.changes 2018-03-09 10:47:33.880584611 +0100 @@ -1,0 +2,12 @@ +Fri Mar 9 06:19:20 UTC 2018 - [email protected] + +- Update to 0.5.0 + * Added EXTERNAL mechanism + * Fix QOP checks in python3 + * Improved error handling when the kerberos module is not + installed + * Fix python3 bug using auth-conf with GSSAPI + * Add GSSAPI "extra" with kerberos dependency +- Use %license macro + +------------------------------------------------------------------- Old: ---- pure-sasl-0.4.0.tar.gz New: ---- pure-sasl-0.5.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-pure-sasl.spec ++++++ --- /var/tmp/diff_new_pack.L55tPD/_old 2018-03-09 10:47:34.488562711 +0100 +++ /var/tmp/diff_new_pack.L55tPD/_new 2018-03-09 10:47:34.492562567 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-pure-sasl # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,12 +19,12 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %bcond_without test Name: python-pure-sasl -Version: 0.4.0 +Version: 0.5.0 Release: 0 Summary: Pure Python client SASL implementation License: MIT Group: Development/Languages/Python -URL: http://github.com/thobbs/pure-sasl +Url: http://github.com/thobbs/pure-sasl Source: https://files.pythonhosted.org/packages/source/p/pure-sasl/pure-sasl-%{version}.tar.gz BuildRequires: %{python_module devel} BuildRequires: %{python_module setuptools} @@ -51,7 +51,8 @@ %python_expand %fdupes %{buildroot}%{$python_sitelib} %files %{python_files} -%doc LICENSE CHANGES.rst README.rst +%license LICENSE +%doc CHANGES.rst README.rst %{python_sitelib}/* %changelog ++++++ pure-sasl-0.4.0.tar.gz -> pure-sasl-0.5.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-sasl-0.4.0/CHANGES.rst new/pure-sasl-0.5.0/CHANGES.rst --- old/pure-sasl-0.4.0/CHANGES.rst 2017-02-21 19:47:55.000000000 +0100 +++ new/pure-sasl-0.5.0/CHANGES.rst 2018-03-09 06:04:26.000000000 +0100 @@ -1,3 +1,18 @@ +0.5.0 +===== +March 8th, 2018 + +* Added EXTERNAL mechanism + +0.4.1 +===== +March 8th, 2018 + +* Fix QOP checks in python3 (#19) +* Improved error handling when the kerberos module is not installed (#20) +* Fix python3 bug using auth-conf with GSSAPI (#21) +* Add GSSAPI "extra" with kerberos dependency + 0.4.0 ===== February 21st, 2017 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-sasl-0.4.0/PKG-INFO new/pure-sasl-0.5.0/PKG-INFO --- old/pure-sasl-0.4.0/PKG-INFO 2017-02-21 19:48:45.000000000 +0100 +++ new/pure-sasl-0.5.0/PKG-INFO 2018-03-09 06:09:02.000000000 +0100 @@ -1,14 +1,14 @@ Metadata-Version: 1.1 Name: pure-sasl -Version: 0.4.0 +Version: 0.5.0 Summary: Pure Python client SASL implementation Home-page: http://github.com/thobbs/pure-sasl -Author: Tyler Hobbs -Author-email: [email protected] +Author: Alex Shafer +Author-email: [email protected] License: MIT Description: This package provides a reasonably high-level SASL client written in pure Python. New mechanisms may be integrated easily, but by default, - support for PLAIN, ANONYMOUS, CRAM-MD5, DIGEST-MD5, and GSSAPI are + support for PLAIN, ANONYMOUS, EXTERNAL, CRAM-MD5, DIGEST-MD5, and GSSAPI are provided. Keywords: sasl Platform: UNKNOWN @@ -21,4 +21,6 @@ Classifier: Programming Language :: Python :: 2.7 Classifier: Programming Language :: Python :: 3.3 Classifier: Programming Language :: Python :: 3.4 +Classifier: Programming Language :: Python :: 3.5 +Classifier: Programming Language :: Python :: 3.6 Classifier: Topic :: Software Development :: Libraries :: Python Modules diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-sasl-0.4.0/README.rst new/pure-sasl-0.5.0/README.rst --- old/pure-sasl-0.4.0/README.rst 2016-09-30 23:50:13.000000000 +0200 +++ new/pure-sasl-0.5.0/README.rst 2018-03-09 06:03:17.000000000 +0100 @@ -6,7 +6,7 @@ pure-sasl is a pure python client-side SASL implementation. -At the moment, it supports the following mechanisms: ANONYMOUS, PLAIN, +At the moment, it supports the following mechanisms: ANONYMOUS, PLAIN, EXTERNAL, CRAM-MD5, DIGEST-MD5, and GSSAPI. Support for other mechanisms may be added in the future. Only GSSAPI supports a QOP higher than auth. Always use TLS! @@ -38,7 +38,7 @@ # begin normal communication encoded = conn.fetch_data() - decoded = sasl.unwrap(decoded) + decoded = sasl.unwrap(encoded) response = process_data(decoded) conn.send_data(sasl.wrap(response)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-sasl-0.4.0/pure_sasl.egg-info/PKG-INFO new/pure-sasl-0.5.0/pure_sasl.egg-info/PKG-INFO --- old/pure-sasl-0.4.0/pure_sasl.egg-info/PKG-INFO 2017-02-21 19:48:45.000000000 +0100 +++ new/pure-sasl-0.5.0/pure_sasl.egg-info/PKG-INFO 2018-03-09 06:09:02.000000000 +0100 @@ -1,14 +1,14 @@ Metadata-Version: 1.1 Name: pure-sasl -Version: 0.4.0 +Version: 0.5.0 Summary: Pure Python client SASL implementation Home-page: http://github.com/thobbs/pure-sasl -Author: Tyler Hobbs -Author-email: [email protected] +Author: Alex Shafer +Author-email: [email protected] License: MIT Description: This package provides a reasonably high-level SASL client written in pure Python. New mechanisms may be integrated easily, but by default, - support for PLAIN, ANONYMOUS, CRAM-MD5, DIGEST-MD5, and GSSAPI are + support for PLAIN, ANONYMOUS, EXTERNAL, CRAM-MD5, DIGEST-MD5, and GSSAPI are provided. Keywords: sasl Platform: UNKNOWN @@ -21,4 +21,6 @@ Classifier: Programming Language :: Python :: 2.7 Classifier: Programming Language :: Python :: 3.3 Classifier: Programming Language :: Python :: 3.4 +Classifier: Programming Language :: Python :: 3.5 +Classifier: Programming Language :: Python :: 3.6 Classifier: Topic :: Software Development :: Libraries :: Python Modules diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-sasl-0.4.0/pure_sasl.egg-info/SOURCES.txt new/pure-sasl-0.5.0/pure_sasl.egg-info/SOURCES.txt --- old/pure-sasl-0.4.0/pure_sasl.egg-info/SOURCES.txt 2017-02-21 19:48:45.000000000 +0100 +++ new/pure-sasl-0.5.0/pure_sasl.egg-info/SOURCES.txt 2018-03-09 06:09:02.000000000 +0100 @@ -7,6 +7,7 @@ pure_sasl.egg-info/PKG-INFO pure_sasl.egg-info/SOURCES.txt pure_sasl.egg-info/dependency_links.txt +pure_sasl.egg-info/requires.txt pure_sasl.egg-info/top_level.txt puresasl/__init__.py puresasl/client.py diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-sasl-0.4.0/pure_sasl.egg-info/requires.txt new/pure-sasl-0.5.0/pure_sasl.egg-info/requires.txt --- old/pure-sasl-0.4.0/pure_sasl.egg-info/requires.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/pure-sasl-0.5.0/pure_sasl.egg-info/requires.txt 2018-03-09 06:09:02.000000000 +0100 @@ -0,0 +1,3 @@ + +[GSSAPI] +kerberos>=1.3.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-sasl-0.4.0/puresasl/__init__.py new/pure-sasl-0.5.0/puresasl/__init__.py --- old/pure-sasl-0.4.0/puresasl/__init__.py 2017-02-21 19:47:55.000000000 +0100 +++ new/pure-sasl-0.5.0/puresasl/__init__.py 2018-03-09 06:04:26.000000000 +0100 @@ -1,5 +1,5 @@ -__version__ = '0.4.0' -__version_info__ = (0, 4, 0) +__version__ = '0.5.0' +__version_info__ = (0, 5, 0) class SASLError(Exception): @@ -18,6 +18,13 @@ """ pass + +class SASLWarning(Warning): + """ + Emitted in potentially fatal circumstances. + """ + pass + class QOP(object): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-sasl-0.4.0/puresasl/client.py new/pure-sasl-0.5.0/puresasl/client.py --- old/pure-sasl-0.4.0/puresasl/client.py 2016-09-30 23:50:13.000000000 +0200 +++ new/pure-sasl-0.5.0/puresasl/client.py 2018-03-07 07:26:52.000000000 +0100 @@ -1,7 +1,8 @@ from functools import wraps +from warnings import warn import puresasl.mechanisms as mech_mod -from puresasl import SASLError, QOP +from puresasl import SASLError, QOP, SASLWarning def _require_mech(f): @@ -64,7 +65,7 @@ >>> >>> # begin normal communication >>> encoded = conn.fetch_data() - >>> decoded = sasl.unwrap(decoded) + >>> decoded = sasl.unwrap(encoded) >>> response = process_data(decoded) >>> conn.send_data(sasl.wrap(response)) """ @@ -120,7 +121,15 @@ self._mech_props = mechanism_props if self.mechanism is not None: - mech_class = mech_mod.mechanisms[mechanism] + try: + mech_class = mech_mod.mechanisms[mechanism] + except KeyError: + gssapi = mech_mod.GSSAPIMechanism.name + if mechanism == gssapi and not mech_mod.have_kerberos: + raise SASLError('kerberos module not installed, {0} ' + 'unavailable'.format(gssapi)) + else: + raise SASLError('Unknown mechanism {0}'.format(mechanism)) self._chosen_mech = mech_class(self, **self._mech_props) else: self._chosen_mech = None @@ -201,6 +210,11 @@ If `allow_dictionary` is ``False, mechanisms that are susceptible to passive dictionary attacks will not be considered. """ + gssapi = mech_mod.GSSAPIMechanism.name + if gssapi in mechanism_choices and not mech_mod.have_kerberos: + warn('kerberos module not installed, {0} will be ignored'.format( + gssapi), SASLWarning) + candidates = [mech_mod.mechanisms[choice] for choice in mechanism_choices if choice in mech_mod.mechanisms] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-sasl-0.4.0/puresasl/mechanisms.py new/pure-sasl-0.5.0/puresasl/mechanisms.py --- old/pure-sasl-0.4.0/puresasl/mechanisms.py 2017-02-21 19:47:55.000000000 +0100 +++ new/pure-sasl-0.5.0/puresasl/mechanisms.py 2018-03-09 06:03:17.000000000 +0100 @@ -9,9 +9,9 @@ try: import kerberos - _have_kerberos = True + have_kerberos = True except ImportError: - _have_kerberos = False + have_kerberos = False PY3 = sys.version_info[0] == 3 if PY3: @@ -172,6 +172,25 @@ self.password = None +class ExternalMechanism(Mechanism): + """ + The EXTERNAL mechanism allows a client to request the server to use + credentials established by means external to the mechanism to + authenticate the client. + """ + name = 'EXTERNAL' + score = 10 + + def wrap(self, outgoing): + return outgoing + + def unwrap(self, incoming): + return incoming + + def process(self, challenge=None): + return b'' + + class CramMD5Mechanism(PlainMechanism): name = "CRAM-MD5" score = 20 @@ -295,7 +314,7 @@ resp['digest-uri'] = quote(self._digest_uri) a2 = b'AUTHENTICATE:' + self._digest_uri - if self.qop != b'auth': + if self.qop != QOP.AUTH: a2 += b':00000000000000000000000000000000' resp['maxbuf'] = b'16777215' # 2**24-1 resp['response'] = self.gen_hash(a2) @@ -377,7 +396,7 @@ # untested def authenticate_server(self, cmp_hash): a2 = b':' + self._digest_uri - if self.qop != b'auth': + if self.qop != QOP.AUTH: a2 += b':00000000000000000000000000000000' if self.gen_hash(a2) == cmp_hash: self._rspauth_okay = True @@ -500,9 +519,9 @@ return base64.b64decode(response) def wrap(self, outgoing): - if self.qop != 'auth': + if self.qop != QOP.AUTH: outgoing = base64.b64encode(outgoing) - if self.qop == 'auth-conf': + if self.qop == QOP.AUTH_CONF: protect = 1 else: protect = 0 @@ -512,11 +531,11 @@ return outgoing def unwrap(self, incoming): - if self.qop != 'auth': - incoming = base64.b64encode(incoming) + if self.qop != QOP.AUTH: + incoming = base64.b64encode(incoming).decode('ascii') kerberos.authGSSClientUnwrap(self.context, incoming) conf = kerberos.authGSSClientResponseConf(self.context) - if 0 == conf and self.qop == 'auth-conf': + if 0 == conf and self.qop == QOP.AUTH_CONF: raise Exception("Error: confidentiality requested, but not honored by the server.") return base64.b64decode(kerberos.authGSSClientResponse(self.context)) else: @@ -530,8 +549,9 @@ mechanisms = dict((m.name, m) for m in ( AnonymousMechanism, PlainMechanism, + ExternalMechanism, CramMD5Mechanism, DigestMD5Mechanism)) -if _have_kerberos: +if have_kerberos: mechanisms[GSSAPIMechanism.name] = GSSAPIMechanism diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pure-sasl-0.4.0/setup.py new/pure-sasl-0.5.0/setup.py --- old/pure-sasl-0.4.0/setup.py 2016-09-30 23:54:43.000000000 +0200 +++ new/pure-sasl-0.5.0/setup.py 2018-03-09 06:03:17.000000000 +0100 @@ -9,16 +9,21 @@ version=puresasl.__version__, author='Tyler Hobbs', author_email='[email protected]', + maintainer='Alex Shafer', + maintainer_email='[email protected]', description='Pure Python client SASL implementation', long_description= """This package provides a reasonably high-level SASL client written in pure Python. New mechanisms may be integrated easily, but by default, -support for PLAIN, ANONYMOUS, CRAM-MD5, DIGEST-MD5, and GSSAPI are +support for PLAIN, ANONYMOUS, EXTERNAL, CRAM-MD5, DIGEST-MD5, and GSSAPI are provided.""", license='MIT', url='http://github.com/thobbs/pure-sasl', keywords='sasl', packages=['puresasl'], + extras_require={ + 'GSSAPI': ['kerberos>=1.3.0'] + }, classifiers=[ 'Development Status :: 4 - Beta', 'Intended Audience :: Developers', @@ -29,6 +34,8 @@ 'Programming Language :: Python :: 2.7', 'Programming Language :: Python :: 3.3', 'Programming Language :: Python :: 3.4', + 'Programming Language :: Python :: 3.5', + 'Programming Language :: Python :: 3.6', 'Topic :: Software Development :: Libraries :: Python Modules' ] )
