diff options
| -rw-r--r-- | .travis.yml | 2 | ||||
| -rw-r--r-- | sites/www/changelog.rst | 6 | ||||
| -rw-r--r-- | sites/www/installing.rst | 11 | ||||
| -rw-r--r-- | tasks.py | 14 | ||||
| -rw-r--r-- | tests/test_gssapi.py | 40 |
5 files changed, 32 insertions, 41 deletions
diff --git a/.travis.yml b/.travis.yml index 3f6f7331..a9a04c89 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,7 @@ install: - pip install -r dev-requirements.txt script: # Main tests, with coverage! - - invoke coverage + - inv test --coverage # Ensure documentation & invoke pipeline run OK. # Run 'docs' first since its objects.inv is referred to by 'www'. # Also force warnings to be errors since most of them tend to be actual diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 1dab5219..a40338b0 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -6,6 +6,12 @@ Changelog SSPI (e.g. Kerberos) key exchange and authentication support (:ref:`installation docs here <gssapi>`). Mega thanks to Sebastian Deiß, with assist by Torsten Landschoff. + + .. note:: + Unix users should be aware that the ``python-gssapi`` library (a + requirement for using this functionality) only appears to support + Python 2.7 and up at this time. + * :bug:`346 major` Fix an issue in private key files' encryption salts that could cause tracebacks and file corruption if keys were re-encrypted. Credit to Xavier Nunn. diff --git a/sites/www/installing.rst b/sites/www/installing.rst index 5528b28a..a657c3fc 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -109,14 +109,19 @@ installation of Paramiko via ``pypm``:: Optional dependencies for GSS-API / SSPI / Kerberos =================================================== -In order to use Kerberos & related functionality, a couple of additional -dependencies are required (these are not listed in our ``setup.py`` due to -their infrequent utility & non-platform-agnostic requirements): +In order to use GSS-API/Kerberos & related functionality, a couple of +additional dependencies are required (these are not listed in our ``setup.py`` +due to their infrequent utility & non-platform-agnostic requirements): +* It hopefully goes without saying but **all platforms** need **a working + installation of GSS-API itself**, e.g. Heimdal. * **All platforms** need `pyasn1 <https://pypi.python.org/pypi/pyasn1>`_ ``0.1.7`` or better. * **Unix** needs `python-gssapi <https://pypi.python.org/pypi/python-gssapi/>`_ ``0.6.1`` or better. + + .. note:: This library appears to only function on Python 2.7 and up. + * **Windows** needs `pywin32 <https://pypi.python.org/pypi/pywin32>`_ ``2.1.8`` or better. @@ -27,12 +27,12 @@ www = Collection.from_module(_docs, name='www', config={ # Until we move to spec-based testing @task -def test(ctx): - ctx.run("python test.py --verbose", pty=True) - -@task -def coverage(ctx): - ctx.run("coverage run --source=paramiko test.py --verbose") +def test(ctx, coverage=False): + runner = "python" + if coverage: + runner = "coverage run --source=paramiko" + flags = "--verbose" + ctx.run("{0} test.py {1}".format(runner, flags), pty=True) # Until we stop bundling docs w/ releases. Need to discover use cases first. @@ -48,4 +48,4 @@ def release(ctx): publish(ctx, wheel=True) -ns = Collection(test, coverage, release, docs=docs, www=www) +ns = Collection(test, release, docs=docs, www=www) diff --git a/tests/test_gssapi.py b/tests/test_gssapi.py index 0d3df72c..a328dd65 100644 --- a/tests/test_gssapi.py +++ b/tests/test_gssapi.py @@ -72,9 +72,7 @@ class GSSAPITest(unittest.TestCase): gss_flags = (gssapi.C_PROT_READY_FLAG, gssapi.C_INTEG_FLAG, gssapi.C_DELEG_FLAG) - """ - Initialize a GSS-API context. - """ + # Initialize a GSS-API context. ctx = gssapi.Context() ctx.flags = gss_flags krb5_oid = gssapi.OID.mech_from_string(krb5_mech) @@ -87,41 +85,31 @@ class GSSAPITest(unittest.TestCase): c_token = gss_ctxt.step(c_token) gss_ctxt_status = gss_ctxt.established self.assertEquals(False, gss_ctxt_status) - """ - Accept a GSS-API context. - """ + # Accept a GSS-API context. gss_srv_ctxt = gssapi.AcceptContext() s_token = gss_srv_ctxt.step(c_token) gss_ctxt_status = gss_srv_ctxt.established self.assertNotEquals(None, s_token) self.assertEquals(True, gss_ctxt_status) - """ - Establish the client context - """ + # Establish the client context c_token = gss_ctxt.step(s_token) self.assertEquals(None, c_token) else: while not gss_ctxt.established: c_token = gss_ctxt.step(c_token) self.assertNotEquals(None, c_token) - """ - Build MIC - """ + # Build MIC mic_token = gss_ctxt.get_mic(mic_msg) if server_mode: - """ - Check MIC - """ + # Check MIC status = gss_srv_ctxt.verify_mic(mic_msg, mic_token) self.assertEquals(0, status) else: gss_flags = sspicon.ISC_REQ_INTEGRITY |\ sspicon.ISC_REQ_MUTUAL_AUTH |\ sspicon.ISC_REQ_DELEGATE - """ - Initialize a GSS-API context. - """ + # Initialize a GSS-API context. target_name = "host/" + socket.getfqdn(targ_name) gss_ctxt = sspi.ClientAuth("Kerberos", scflags=gss_flags, @@ -130,26 +118,18 @@ class GSSAPITest(unittest.TestCase): error, token = gss_ctxt.authorize(c_token) c_token = token[0].Buffer self.assertEquals(0, error) - """ - Accept a GSS-API context. - """ + # Accept a GSS-API context. gss_srv_ctxt = sspi.ServerAuth("Kerberos", spn=target_name) error, token = gss_srv_ctxt.authorize(c_token) s_token = token[0].Buffer - """ - Establish the context. - """ + # Establish the context. error, token = gss_ctxt.authorize(s_token) c_token = token[0].Buffer self.assertEquals(None, c_token) self.assertEquals(0, error) - """ - Build MIC - """ + # Build MIC mic_token = gss_ctxt.sign(mic_msg) - """ - Check MIC - """ + # Check MIC gss_srv_ctxt.verify(mic_msg, mic_token) else: error, token = gss_ctxt.authorize(c_token) |