Re: [Perlgssapi-developer] Re: Feedback on LWP-Authen-Negotiate-0.02

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Friday 17 February 2006 07:50, Leif Johansson wrote:
> Dax Kelson wrote:
>
> Are you talking about the variable reuse for $status? Imho it is
> acceptable in this case since they both represent return-status
> from different functions from the same library.

GSSAPI::Name->import()

can fail. throwing away the return value is not a good idea.

a reason for fail can just be a typo in DNS or /etc/hosts
(GSSAPI is using DNS for resolution to canonical hostname).

the implementation does not print debugging information,
that is a problen (just think of expired credentials).

This is my implementation:

package LWP::Authen::Negotiate;

use strict;
use warnings;

require Exporter;
use AutoLoader qw(AUTOLOAD);

our @ISA = qw(Exporter);

# Items to export into callers namespace by default. Note: do not export
# names by default without a very good reason. Use EXPORT_OK instead.
# Do not simply export all your public functions/methods/constants.

# This allows declaration use LWP::Authen::Negotiate ':all';
# If you do not need this, moving things directly into @EXPORT or @EXPORT_OK
# will save memory.
our %EXPORT_TAGS = ( 'all' => [ qw(

) ] );

our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );

our @EXPORT = qw(

);

our $VERSION = '0.04';

use MIME::Base64 "2.12";
use GSSAPI 0.18;

sub authenticate
  {
    LWP::Debug::debug("authenticate() called");
    my ($class,$ua,$proxy,$auth_param,$response,$request,$arg,$size) = @_;

    my $uri = URI->new($request->uri);
    my $targethost = $request->uri()->host();

    my ($otime,$omech,$otoken,$oflags);
    my $target;
    my $status;
    TRY: {
        $status  = GSSAPI::Name->import(
                      $target,
                      join( '@', 'HTTP', $targethost ),
        GSSAPI::OID::gss_nt_hostbased_service
   );
        last TRY if  ( $status->major != GSS_S_COMPLETE );
        my $tname;
        $target->display( $tname );
        LWP::Debug::debug("target hostname $targethost");
        LWP::Debug::debug("GSSAPI servicename $tname");
        my $auth_header = $proxy ? "Proxy-Authorization" : "Authorization";

        my $itoken = q{};
        foreach ($response->header('WWW-Authenticate')) {
          last if /^Negotiate (.+)/ && ($itoken=decode_base64($1));
        }

        my $ctx = GSSAPI::Context->new();
        my $imech = GSSAPI::OID::gss_mech_krb5;
        #my $iflags = GSS_C_MUTUAL_FLAG;
        my $iflags = GSS_C_REPLAY_FLAG;
        my $bindings = GSS_C_NO_CHANNEL_BINDINGS;
        my $creds = GSS_C_NO_CREDENTIAL;
        my $itime = 0;
 $status = $ctx->init($creds,$target,$imech,$iflags,$itime,$bindings,$itoken,
                      $omech,$otoken,$oflags,$otime);
        if  (    $status->major == GSS_S_COMPLETE
       or $status->major == GSS_S_CONTINUE_NEEDED   ) {
            LWP::Debug::debug( 'successfull $ctx->init()');
     my $referral = $request->clone;
     $referral->header( $auth_header => "Negotiate ".encode_base64
($otoken,""));
     return $ua->request( $referral, $arg, $size, $response );
 }
    }
    if ( $status->major != GSS_S_COMPLETE  ) {
       LWP::Debug::debug( $status->generic_message());
       LWP::Debug::debug( $status->specific_message() );
       return $response;
    }
}

1;
__END__