1+ """
2+ GGF Extensions
3+
4+ GGF provides extended credential and security context inquiry that allows
5+ application to retrieve more information about the client's credentials and
6+ security context. One common use case is to use gss_inquire_sec_context_by_oid
7+ to retrieve the "session" key that is required by the SMB protocol for signing
8+ and encrypting a message. These calls are provided as a part of the raw
9+ interface and are not exposed in the high-level interface.
10+
11+ Draft IETF document for these extensions can be found at
12+ https://tools.ietf.org/html/draft-engert-ggf-gss-extensions-00
13+ """
114GSSAPI= " BASE" # This ensures that a full module is generated by Cython
215
316from gssapi.raw.cython_types cimport *
@@ -21,20 +34,21 @@ cdef extern from "python_gssapi_ext.h":
2134 gss_buffer_set_t * data_set) nogil
2235
2336
24- def inquire_cred_by_oid (Creds cred_handle not None , OID mech not None ):
37+ def inquire_cred_by_oid (Creds cred_handle not None ,
38+ OID desired_aspect not None ):
2539 """
26- inquire_cred_by_oid(cred_handle, mech )
40+ inquire_cred_by_oid(cred_handle, desired_aspect )
2741
2842 This method inspects a :class:`Creds` object for information
29- specific to a particular mechanism .
43+ specific to a particular desired aspect as an OID .
3044
3145 Args:
32- cred_handle (Creds): the security context to query
33- mech (OID): the desired mechanism
46+ cred_handle (Creds): the Credentials to query
47+ desired_aspect (OID): the desired aspect of the Credentials to inquire
48+ about.
3449
3550 Returns:
36- list: A list of zero or more pieces of data corresponding to the
37- OID set
51+ list: A list of zero or more pieces of data (as bytes objects)
3852
3953 Raises:
4054 GSS_ERROR
@@ -48,7 +62,7 @@ def inquire_cred_by_oid(Creds cred_handle not None, OID mech not None):
4862
4963 with nogil:
5064 maj_stat = gss_inquire_cred_by_oid(& min_stat, cred_handle.raw_creds,
51- & mech .raw_oid, data_set_ptr)
65+ & desired_aspect .raw_oid, data_set_ptr)
5266
5367 if maj_stat == GSS_S_COMPLETE:
5468 py_tokens = []
@@ -66,24 +80,24 @@ def inquire_cred_by_oid(Creds cred_handle not None, OID mech not None):
6680
6781
6882def inquire_sec_context_by_oid (SecurityContext context not None ,
69- OID mech not None ):
83+ OID desired_aspect not None ):
7084 """
71- inquire_sec_context_by_oid(context, mech )
85+ inquire_sec_context_by_oid(context, desired_aspect )
7286
7387 This method inspects a :class:`SecurityContext` object for information
74- specific to a particular mechanism .
88+ specific to a particular desired aspect as an OID .
7589
7690 This method can be used with the GSS_KRB5_INQ_SSPI_SESSION_KEY_OID OID to
7791 retrieve the required key that is used to derive the SMB/SAMBA signing and
7892 encryption keys.
7993
8094 Args:
81- context (SecurityContext): the security context to query
82- mech (OID): the desired mechanism
95+ context (SecurityContext): the Security Context to query
96+ desired_aspect (OID): the desired aspected of the Security Context to
97+ inquire about.
8398
8499 Returns:
85- list: A list of zero or more pieces of data corresponding to the
86- OID set
100+ list: A list of zero or more pieces of data (as bytes objects)
87101
88102 Raises:
89103 GSS_ERROR
@@ -97,7 +111,8 @@ def inquire_sec_context_by_oid(SecurityContext context not None,
97111
98112 with nogil:
99113 maj_stat = gss_inquire_sec_context_by_oid(& min_stat, context.raw_ctx,
100- & mech.raw_oid, data_set_ptr)
114+ & desired_aspect.raw_oid,
115+ data_set_ptr)
101116
102117 if maj_stat == GSS_S_COMPLETE:
103118 py_tokens = []
0 commit comments