tessl/pypi-gssapi
Python GSSAPI wrapper providing both low-level C-style and high-level Pythonic interfaces for Kerberos and other authentication mechanisms
—
Pending
names.mddocs/
Names and Name Management
GSSAPI names represent principals (users, services, or entities) in the authentication system. The Name class provides both creation and manipulation of names, with support for various name types and RFC 6680 naming extensions.
Capabilities
Name Creation and Import
Create names from strings, tokens, or existing name objects with support for different name types and composite names.
class Name(gssapi.raw.names.Name):
def __new__(cls, base=None, name_type=None, token=None, composite=False):
"""
Create a new Name object.
Parameters:
- base: str, bytes, or existing Name object
- name_type: OID specifying the name type (default: hostbased_service)
- token: bytes, exported name token for import
- composite: bool, whether to import as composite name (requires RFC 6680)
Returns:
Name object
"""Usage example:
import gssapi
# Create from string (hostbased service)
name = gssapi.Name('service@hostname.example.com')
# Create with specific name type
name = gssapi.Name('user@REALM.EXAMPLE.COM', name_type=gssapi.NameType.user_name)
# Import from exported token
exported_token = b'...' # from previous export_name() call
name = gssapi.Name(token=exported_token)
# Create composite name (RFC 6680)
name = gssapi.Name(token=composite_token, composite=True)Name Display and String Conversion
Convert names to human-readable strings with proper encoding handling.
def __str__(self):
"""Get string representation of the name."""
def __bytes__(self):
"""Get bytes representation of the name."""
def __unicode__(self):
"""Get unicode representation of the name."""Name Canonicalization
Canonicalize names to their standard form for a specific mechanism.
def canonicalize(self, mech):
"""
Canonicalize the name for a specific mechanism.
Parameters:
- mech: OID of the mechanism
Returns:
Name: Canonicalized name
"""Usage example:
import gssapi
name = gssapi.Name('service@hostname')
canonical_name = name.canonicalize(gssapi.MechType.kerberos)Name Display and Type Conversion
Display names using different name type syntaxes and access name properties.
def display_as(self, name_type):
"""
Display the name using a specific name type syntax.
Parameters:
- name_type: OID of the name type to use for display
Returns:
str: Name displayed in the requested syntax
Requires RFC 6680 extension.
Warning: May segfault with MIT krb5 < 1.13.3 in certain conditions.
"""
@property
def name_type(self):
"""The name type (OID) of this name."""
@property
def is_mech_name(self):
"""True if this is a mechanism name (requires RFC 6680)."""
@property
def mech(self):
"""The mechanism associated with this name (requires RFC 6680)."""Name Comparison and Operations
Compare names for equality and perform various name operations.
def __eq__(self, other):
"""Compare names for equality."""
def __ne__(self, other):
"""Compare names for inequality."""
def __hash__(self):
"""Get hash value for the name."""Name Export
Export names to tokens for transport or storage.
def export(self, composite=False):
"""
Export the name to a token.
Parameters:
- composite: bool, export as composite name (requires RFC 6680)
Returns:
bytes: Exported name token
"""Name Duplication
Create copies of name objects.
def duplicate(self):
"""
Create a duplicate of the name.
Returns:
Name: Duplicated name object
"""RFC 6680 Name Attributes (Extension)
Access and manipulate name attributes when RFC 6680 support is available.
@property
def attributes(self):
"""Get list of available name attributes (requires RFC 6680)."""
def get_attribute(self, attr):
"""
Get values for a specific name attribute.
Parameters:
- attr: str or bytes, attribute name
Returns:
GetNameAttributeResult: Attribute values and metadata
Requires RFC 6680 extension.
"""
def set_attribute(self, attr, values, complete=True):
"""
Set values for a name attribute.
Parameters:
- attr: str or bytes, attribute name
- values: list of str/bytes, attribute values
- complete: bool, whether the attribute value is complete
Requires RFC 6680 extension.
"""
def delete_attribute(self, attr):
"""
Delete a name attribute.
Parameters:
- attr: str or bytes, attribute name to delete
Requires RFC 6680 extension.
"""Usage example for RFC 6680 extensions:
import gssapi
name = gssapi.Name('user@REALM.EXAMPLE.COM')
# Get all available attributes
attrs = name.attributes
# Get specific attribute values
if b'mail' in attrs:
mail_info = name.get_attribute('mail')
email_addresses = mail_info.values
# Set attribute values
name.set_attribute('department', ['Engineering', 'Security'])
# Delete an attribute
name.delete_attribute('temporary_role')Low-Level Raw API Functions
Direct access to the underlying C-style GSSAPI name functions.
# From gssapi.raw.names module
def import_name(name_buffer, name_type=None):
"""Import a name from a buffer."""
def display_name(name, name_type=False):
"""Display a name in human-readable form."""
def compare_name(name1, name2):
"""Compare two names for equality."""
def canonicalize_name(input_name, mech_type):
"""Canonicalize a name for a mechanism."""
def export_name(name):
"""Export a name to a token."""
def duplicate_name(name):
"""Duplicate a name."""Name Types
from gssapi.raw.types import NameType
class NameType:
hostbased_service: OID # service@hostname format
user: OID # user@realm format (user_name)
machine_uid: OID # machine UID (machine_uid_name)
string_uid: OID # string UID (string_uid_name)
anonymous: OID # anonymous name
export: OID # exported name format
composite_export: OID # composite exported name (RFC 6680)
kerberos_principal: OID # Kerberos-specific principal nameUsage example:
import gssapi
# Different name types
service_name = gssapi.Name('http@web.example.com', name_type=gssapi.NameType.hostbased_service)
user_name = gssapi.Name('alice@EXAMPLE.COM', name_type=gssapi.NameType.user)
anon_name = gssapi.Name('', name_type=gssapi.NameType.anonymous)Install with Tessl CLI
npx tessl i tessl/pypi-gssapi