duplicity-team team mailing list archive

[Filip Pytloun <filip@xxxxxxxxxx>]

Filip Pytloun has proposed merging lp:~fpytloun/duplicity/webdav-gssapi into lp:duplicity.

Requested reviews:
  duplicity-team (duplicity-team)

For more details, see:
https://code.launchpad.net/~fpytloun/duplicity/webdav-gssapi/+merge/284223
-- 
Your team duplicity-team is requested to review the proposed merge of lp:~fpytloun/duplicity/webdav-gssapi into lp:duplicity.

=== modified file 'duplicity/backends/webdavbackend.py'
--- duplicity/backends/webdavbackend.py	2016-01-25 16:21:48 +0000
+++ duplicity/backends/webdavbackend.py	2016-01-28 08:12:24 +0000
@@ -28,6 +28,7 @@
 import urllib
 import urllib2
 import urlparse
+import kerberos
 import xml.dom.minidom
 
 import duplicity.backend
@@ -232,7 +233,13 @@
             token, challenge = auth_hdr.split(' ', 1)
         except ValueError:
             return None
-        if token.lower() == 'basic':
+        if token.split(',')[0].lower() == 'negotiate':
+            try:
+                return self.get_kerberos_authorization()
+            except kerberos.GSSError:
+                # Fallback to basic auth
+                return self.get_basic_authorization()
+        elif token.lower() == 'basic':
             return self.get_basic_authorization()
         else:
             self.digest_challenge = self.parse_digest_challenge(challenge)
@@ -241,6 +248,12 @@
     def parse_digest_challenge(self, challenge_string):
         return urllib2.parse_keqv_list(urllib2.parse_http_list(challenge_string))
 
+    def get_kerberos_authorization(self):
+        _, ctx = kerberos.authGSSClientInit("HTTP@%s" % self.conn.host)
+        kerberos.authGSSClientStep(ctx, "")
+        tgt = kerberos.authGSSClientResponse(ctx)
+        return 'Negotiate %s' % tgt
+
     def get_basic_authorization(self):
         """
         Returns the basic auth header