File: //usr/lib/python3.9/site-packages/ipalib/__pycache__/krb_utils.cpython-39.pyc
a
����}��f_������������������������@���s����d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�m�Z���d�Z�d�Z�d�Z�d�Z�d�Z d�Z
d Z�d
Z�d�Z
d�Z�d
Z�e�e���Z�d�Z�d�Z�e���d���Z�d�d���Z�d�d���Z�d�d���Z�d�d���Z�d�d���Z�d!d�d���Z�d"d�d���Z�d#d�d ��Z�d�S�)$�����N)���errorsl�����:�-��l�����:�-��l�����:�-��l�����:�-��l���� :�-��l�����:�-��l�����:�-��l�����:�-��l�����:�-��l�����:�-��i�� �i,���z�%m/%d/%y %H:%M:%Sz�^((\w+):)?(.+)c��������������������C���sP���t���|���}�|�r@|���d���}�|���d���}�|�d�u�r0d�}�n�|�����}�|�|�f�S�t�d�|�������d�S�)�a����
Given a Kerberos ccache name parse it into it's scheme and
location components. Currently valid values for the scheme
are:
* FILE
* MEMORY
The scheme is always returned as upper case. If the scheme
does not exist it defaults to FILE.
:parameters:
ccache_name
The name of the Kerberos ccache.
:returns:
A two-tuple of (scheme, ccache)
����������N��FILEz�Invalid ccache name = "%s")���ccache_name_re��search��group��upper�
ValueError)���ccache_name��match��scheme��location��r�����4/usr/lib/python3.9/site-packages/ipalib/krb_utils.py��krb5_parse_ccache6���s������
���
�
���������r����c��������������������C���s����d�|�����|�f���S�)�Nz�%s:%s)�r ���)�r
�����namer����r����r������krb5_unparse_ccacheU���s������r����c��������������������C���s����d�|�|�|�f���S�)�a����
Given a Kerberos service principal name, the host where the
service is running and a Kerberos realm return the Kerberos V5
service principal name.
:parameters:
service
Service principal name.
host
The DNS name of the host where the service is located.
realm
The Kerberos realm the service exists in.
:returns:
Kerberos V5 service principal name.
z�%s/%s@%sr����)�Z�service��host��realmr����r����r�����"krb5_format_service_principal_nameY���s������r����c��������������������C���s����t�d�|�|���S�)�z�
Given a Kerberos realm return the Kerberos V5 TGT name.
:parameters:
realm
The Kerberos realm the TGT exists in.
:returns:
Kerberos V5 TGT name.
Z�krbtgt)�r����)�r����r����r����r������krb5_format_tgt_principal_namel���s�����
r����c��������������������C���s����t���t�t���|�����S�)�z�
Given a UNIX timestamp format it into a string in the same
manner the MIT Kerberos library does. Kerberos timestamps are
always in local time.
:parameters:
timestamp
Unix timestamp
:returns:
formated string
)���time��strftime�
krb5_time_fmt� localtime)�Z timestampr����r����r������krb5_format_timex���s������r����c��������������������C���s ���d�}�|�r�d�|�i�}�t�j�d�|�|�d���S�)�a����
Obtains GSSAPI credentials with given principal name from ccache. When no
principal name specified, it retrieves the default one for given
credentials cache.
:parameters:
name
gssapi.Name object specifying principal or None for the default
ccache_name
string specifying Kerberos credentials cache name or None for the
default
:returns:
gssapi.Credentials object
NZ�ccacheZ�initiate)���usager������store)���gssapiZ�Credentials)�r����r����r����r����r����r������get_credentials����s������������r ���c����������������
���C���sT���z�t�|�d���}�t�|�j���W�S���t�j�j�yN��}���z�t�j�t�|���d�����W�Y�d�}�~�n
d�}�~�0�0�d�S�)�aY���
Gets default principal name from given credentials cache.
:parameters:
ccache_name
string specifying Kerberos credentials cache name or None for the
default
:returns:
Default principal name as string
:raises:
errors.CCacheError if the principal cannot be retrieved from given
ccache
)�r����)���messageN)�r �����strr����r�����
exceptions��GSSErrorr����Z�CCacheError)�r������creds��er����r����r�����
get_principal����s
�������
�����r'���c��������������������C���s>���z t�|�|�d���}�|�j�d�k�r�|�W�S�W�n���t�j�j�y8������Y�d�S�0�d�S�)�a!���
Obtains GSSAPI credentials with principal name from ccache. When no
principal name specified, it retrieves the default one for given
credentials cache. When the credentials cannot be retrieved or aren't valid
it returns None.
:parameters:
name
gssapi.Name object specifying principal or None for the default
ccache_name
string specifying Kerberos credentials cache name or None for the
default
:returns:
gssapi.Credentials object or None if valid credentials weren't found
)�r����r����r����N)�r ���Z�lifetimer����r#���r$���)�r����r����r%���r����r����r������get_credentials_if_valid����s����������
�
�����r(���)�NN)�N)�NN)�r������rer����Z�ipalibr����Z�KRB5_CC_NOTFOUNDZ�KRB5_FCC_NOFILEZ�KRB5KDC_ERR_C_PRINCIPAL_UNKNOWNZ�KRB5KDC_ERR_S_PRINCIPAL_UNKNOWNZ�KRB5KRB_AP_ERR_TKT_EXPIREDZ
KRB5_FCC_PERMZ�KRB5_CC_FORMATZ�KRB5_REALM_CANT_RESOLVEZ�KRB5_KDC_UNREACHZ�KRB5KDC_ERR_SVC_UNAVAILABLEZ�GSSPROXY_MAP_ERROR_BASEZ�GSSPROXY_KRB5_FCC_NOFILEZ�krb_ticket_expiration_thresholdr������compiler����r����r����r����r����r����r ���r'���r(���r����r����r����r������<module>����s4���������������������������������������
�����������
%
�