1 files changed, 61 insertions, 24 deletions

diff --git a/demos/demo_server.py b/demos/demo_server.py
index 915b0c67..c4af9b10 100644
--- a/demos/demo_server.py
+++ b/demos/demo_server.py
@@ -27,6 +27,7 @@ import threading
 import traceback
 
 import paramiko
+from paramiko.py3compat import b, u, decodebytes
 
 
 # setup logging
@@ -35,17 +36,17 @@ paramiko.util.log_to_file('demo_server.log')
 host_key = paramiko.RSAKey(filename='test_rsa.key')
 #host_key = paramiko.DSSKey(filename='test_dss.key')
 
-print 'Read key: ' + hexlify(host_key.get_fingerprint())
+print('Read key: ' + u(hexlify(host_key.get_fingerprint())))
 
 
 class Server (paramiko.ServerInterface):
     # 'data' is the output of base64.encodestring(str(key))
     # (using the "user_rsa_key" files)
-    data = 'AAAAB3NzaC1yc2EAAAABIwAAAIEAyO4it3fHlmGZWJaGrfeHOVY7RWO3P9M7hp' + \
-           'fAu7jJ2d7eothvfeuoRFtJwhUmZDluRdFyhFY/hFAh76PJKGAusIqIQKlkJxMC' + \
-           'KDqIexkgHAfID/6mqvmnSJf0b5W8v5h2pI/stOSwTQ+pxVhwJ9ctYDhRSlF0iT' + \
-           'UWT10hcuO4Ks8='
-    good_pub_key = paramiko.RSAKey(data=base64.decodestring(data))
+    data = (b'AAAAB3NzaC1yc2EAAAABIwAAAIEAyO4it3fHlmGZWJaGrfeHOVY7RWO3P9M7hp'
+            b'fAu7jJ2d7eothvfeuoRFtJwhUmZDluRdFyhFY/hFAh76PJKGAusIqIQKlkJxMC'
+            b'KDqIexkgHAfID/6mqvmnSJf0b5W8v5h2pI/stOSwTQ+pxVhwJ9ctYDhRSlF0iT'
+            b'UWT10hcuO4Ks8=')
+    good_pub_key = paramiko.RSAKey(data=decodebytes(data))
 
     def __init__(self):
         self.event = threading.Event()
@@ -61,13 +62,46 @@ class Server (paramiko.ServerInterface):
         return paramiko.AUTH_FAILED
 
     def check_auth_publickey(self, username, key):
-        print 'Auth attempt with key: ' + hexlify(key.get_fingerprint())
+        print('Auth attempt with key: ' + u(hexlify(key.get_fingerprint())))
         if (username == 'robey') and (key == self.good_pub_key):
             return paramiko.AUTH_SUCCESSFUL
         return paramiko.AUTH_FAILED
+    
+    def check_auth_gssapi_with_mic(self, username,
+                                   gss_authenticated=paramiko.AUTH_FAILED,
+                                   cc_file=None):
+        """
+        .. note::
+            We are just checking in `AuthHandler` that the given user is a
+            valid krb5 principal! We don't check if the krb5 principal is
+            allowed to log in on the server, because there is no way to do that
+            in python. So if you develop your own SSH server with paramiko for
+            a certain platform like Linux, you should call ``krb5_kuserok()`` in
+            your local kerberos library to make sure that the krb5_principal
+            has an account on the server and is allowed to log in as a user.
+
+        .. seealso::
+            `krb5_kuserok() man page
+            <http://www.unix.com/man-page/all/3/krb5_kuserok/>`_
+        """
+        if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
+            return paramiko.AUTH_SUCCESSFUL
+        return paramiko.AUTH_FAILED
+
+    def check_auth_gssapi_keyex(self, username,
+                                gss_authenticated=paramiko.AUTH_FAILED,
+                                cc_file=None):
+        if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
+            return paramiko.AUTH_SUCCESSFUL
+        return paramiko.AUTH_FAILED
+
+    def enable_auth_gssapi(self):
+        UseGSSAPI = True
+        GSSAPICleanupCredentials = False
+        return UseGSSAPI
 
     def get_allowed_auths(self, username):
-        return 'password,publickey'
+        return 'gssapi-keyex,gssapi-with-mic,password,publickey'
 
     def check_channel_shell_request(self, channel):
         self.event.set()
@@ -78,52 +112,55 @@ class Server (paramiko.ServerInterface):
         return True
 
 
+DoGSSAPIKeyExchange = True
+
 # now connect
 try:
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
     sock.bind(('', 2200))
-except Exception, e:
-    print '*** Bind failed: ' + str(e)
+except Exception as e:
+    print('*** Bind failed: ' + str(e))
     traceback.print_exc()
     sys.exit(1)
 
 try:
     sock.listen(100)
-    print 'Listening for connection ...'
+    print('Listening for connection ...')
     client, addr = sock.accept()
-except Exception, e:
-    print '*** Listen/accept failed: ' + str(e)
+except Exception as e:
+    print('*** Listen/accept failed: ' + str(e))
     traceback.print_exc()
     sys.exit(1)
 
-print 'Got a connection!'
+print('Got a connection!')
 
 try:
-    t = paramiko.Transport(client)
+    t = paramiko.Transport(client, gss_kex=DoGSSAPIKeyExchange)
+    t.set_gss_host(socket.getfqdn(""))
     try:
         t.load_server_moduli()
     except:
-        print '(Failed to load moduli -- gex will be unsupported.)'
+        print('(Failed to load moduli -- gex will be unsupported.)')
         raise
     t.add_server_key(host_key)
     server = Server()
     try:
         t.start_server(server=server)
-    except paramiko.SSHException, x:
-        print '*** SSH negotiation failed.'
+    except paramiko.SSHException:
+        print('*** SSH negotiation failed.')
         sys.exit(1)
 
     # wait for auth
     chan = t.accept(20)
     if chan is None:
-        print '*** No channel.'
+        print('*** No channel.')
         sys.exit(1)
-    print 'Authenticated!'
+    print('Authenticated!')
 
     server.event.wait(10)
-    if not server.event.isSet():
-        print '*** Client never asked for a shell.'
+    if not server.event.is_set():
+        print('*** Client never asked for a shell.')
         sys.exit(1)
 
     chan.send('\r\n\r\nWelcome to my dorky little BBS!\r\n\r\n')
@@ -135,8 +172,8 @@ try:
     chan.send('\r\nI don\'t like you, ' + username + '.\r\n')
     chan.close()
 
-except Exception, e:
-    print '*** Caught exception: ' + str(e.__class__) + ': ' + str(e)
+except Exception as e:
+    print('*** Caught exception: ' + str(e.__class__) + ': ' + str(e))
     traceback.print_exc()
     try:
         t.close()