Re: [Perlgssapi-developer] Re: Feedback on LWP-Authen-Negotiate-0.02
Brought to you by:
achimgrolms
Menu
▾
▴
Re: [Perlgssapi-developer] Re: Feedback on LWP-Authen-Negotiate-0.02
|
From: Leif J. <le...@it...> - 2006-02-17 10:47:12
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Achim Grolms wrote:
> On Friday 17 February 2006 07:50, Leif Johansson wrote:
>> Dax Kelson wrote:
>>
>> Are you talking about the variable reuse for $status? Imho it is
>> acceptable in this case since they both represent return-status
>> from different functions from the same library.
>
> GSSAPI::Name->import()
>
> can fail. throwing away the return value is not a good idea.
>
> a reason for fail can just be a typo in DNS or /etc/hosts
> (GSSAPI is using DNS for resolution to canonical hostname).
>
> the implementation does not print debugging information,
> that is a problen (just think of expired credentials).
>
>
> This is my implementation:
>
>
>
>
>
>
> package LWP::Authen::Negotiate;
>
> use strict;
> use warnings;
>
> require Exporter;
> use AutoLoader qw(AUTOLOAD);
>
> our @ISA = qw(Exporter);
>
> # Items to export into callers namespace by default. Note: do not export
> # names by default without a very good reason. Use EXPORT_OK instead.
> # Do not simply export all your public functions/methods/constants.
>
> # This allows declaration use LWP::Authen::Negotiate ':all';
> # If you do not need this, moving things directly into @EXPORT or @EXPORT_OK
> # will save memory.
> our %EXPORT_TAGS = ( 'all' => [ qw(
>
> ) ] );
>
> our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
>
> our @EXPORT = qw(
>
> );
>
> our $VERSION = '0.04';
>
>
> use MIME::Base64 "2.12";
> use GSSAPI 0.18;
>
>
> sub authenticate
> {
> LWP::Debug::debug("authenticate() called");
> my ($class,$ua,$proxy,$auth_param,$response,$request,$arg,$size) = @_;
>
> my $uri = URI->new($request->uri);
> my $targethost = $request->uri()->host();
>
> my ($otime,$omech,$otoken,$oflags);
> my $target;
> my $status;
> TRY: {
> $status = GSSAPI::Name->import(
> $target,
> join( '@', 'HTTP', $targethost ),
> GSSAPI::OID::gss_nt_hostbased_service
> );
> last TRY if ( $status->major != GSS_S_COMPLETE );
> my $tname;
> $target->display( $tname );
> LWP::Debug::debug("target hostname $targethost");
> LWP::Debug::debug("GSSAPI servicename $tname");
> my $auth_header = $proxy ? "Proxy-Authorization" : "Authorization";
>
> my $itoken = q{};
> foreach ($response->header('WWW-Authenticate')) {
> last if /^Negotiate (.+)/ && ($itoken=decode_base64($1));
> }
>
> my $ctx = GSSAPI::Context->new();
> my $imech = GSSAPI::OID::gss_mech_krb5;
> #my $iflags = GSS_C_MUTUAL_FLAG;
> my $iflags = GSS_C_REPLAY_FLAG;
> my $bindings = GSS_C_NO_CHANNEL_BINDINGS;
> my $creds = GSS_C_NO_CREDENTIAL;
> my $itime = 0;
> $status = $ctx->init($creds,$target,$imech,$iflags,$itime,$bindings,$itoken,
> $omech,$otoken,$oflags,$otime);
> if ( $status->major == GSS_S_COMPLETE
> or $status->major == GSS_S_CONTINUE_NEEDED ) {
> LWP::Debug::debug( 'successfull $ctx->init()');
> my $referral = $request->clone;
> $referral->header( $auth_header => "Negotiate ".encode_base64
> ($otoken,""));
> return $ua->request( $referral, $arg, $size, $response );
> }
> }
> if ( $status->major != GSS_S_COMPLETE ) {
> LWP::Debug::debug( $status->generic_message());
> LWP::Debug::debug( $status->specific_message() );
> return $response;
> }
> }
>
> 1;
> __END__
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems? Stop! Download the new AJAX search engine that makes
> searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> _______________________________________________
> Perlgssapi-developer mailing list
> Per...@li...
> https://lists.sourceforge.net/lists/listinfo/perlgssapi-developer
Can you send me a patch for that against my 0.03 I just uploaded?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFD9amm8Jx8FtbMZncRAltIAJ0SvyI97ubE6Mv65FfJtlvOxq09/ACggUda
susubIG7RurlKDyGQ5Uc84U=
=8ZU+
-----END PGP SIGNATURE-----
|
