|
|
9a9a373 |
--- a/urllib2_kerberos.py
|
|
|
9a9a373 |
+++ b/urllib2_kerberos.py
|
|
|
9ddb6a3 |
@@ -42,6 +42,7 @@ class AbstractKerberosAuthHandler:
|
|
|
9a9a373 |
"""checks for "Negotiate" in proper auth header
|
|
|
9a9a373 |
"""
|
|
|
9a9a373 |
authreqs = headers.getheaders(self.auth_header)
|
|
|
b1f79cc |
+ log.debug('authreqs = %s', authreqs)
|
|
|
b1f79cc |
|
|
|
9a9a373 |
if authreqs:
|
|
|
b1f79cc |
|
|
|
9ddb6a3 |
@@ -51,10 +52,10 @@ class AbstractKerberosAuthHandler:
|
|
|
b1f79cc |
if mo:
|
|
|
b1f79cc |
return mo.group(1)
|
|
|
b1f79cc |
else:
|
|
|
b1f79cc |
- log.debug("regex failed on: %s" % authreq)
|
|
|
b1f79cc |
+ log.debug("regex failed on: %s", authreq)
|
|
|
b1f79cc |
|
|
|
b1f79cc |
else:
|
|
|
b1f79cc |
- log.debug("%s header not found" % self.auth_header)
|
|
|
b1f79cc |
+ log.debug("%s header not found", self.auth_header)
|
|
|
b1f79cc |
|
|
|
b1f79cc |
return None
|
|
|
b1f79cc |
|
|
|
9ddb6a3 |
@@ -64,10 +65,10 @@ class AbstractKerberosAuthHandler:
|
|
|
b1f79cc |
|
|
|
b1f79cc |
def generate_request_header(self, req, headers, neg_value):
|
|
|
b1f79cc |
self.retried += 1
|
|
|
b1f79cc |
- log.debug("retry count: %d" % self.retried)
|
|
|
b1f79cc |
+ log.debug("retry count: %d", self.retried)
|
|
|
b1f79cc |
|
|
|
b1f79cc |
host = req.get_host()
|
|
|
b1f79cc |
- log.debug("req.get_host() returned %s" % host)
|
|
|
b1f79cc |
+ log.debug("req.get_host() returned %s", host)
|
|
|
b1f79cc |
|
|
|
b1f79cc |
tail, sep, head = host.rpartition(':')
|
|
|
b1f79cc |
domain = tail if tail else head
|
|
|
9ddb6a3 |
@@ -75,7 +76,7 @@ class AbstractKerberosAuthHandler:
|
|
|
b1f79cc |
result, self.context = k.authGSSClientInit("HTTP@%s" % domain)
|
|
|
b1f79cc |
|
|
|
b1f79cc |
if result < 1:
|
|
|
b1f79cc |
- log.warning("authGSSClientInit returned result %d" % result)
|
|
|
b1f79cc |
+ log.warning("authGSSClientInit returned result %d", result)
|
|
|
b1f79cc |
return None
|
|
|
b1f79cc |
|
|
|
b1f79cc |
log.debug("authGSSClientInit() succeeded")
|
|
|
9ddb6a3 |
@@ -83,7 +84,7 @@ class AbstractKerberosAuthHandler:
|
|
|
b1f79cc |
result = k.authGSSClientStep(self.context, neg_value)
|
|
|
b1f79cc |
|
|
|
b1f79cc |
if result < 0:
|
|
|
b1f79cc |
- log.warning("authGSSClientStep returned result %d" % result)
|
|
|
b1f79cc |
+ log.warning("authGSSClientStep returned result %d", result)
|
|
|
b1f79cc |
return None
|
|
|
b1f79cc |
|
|
|
b1f79cc |
log.debug("authGSSClientStep() succeeded")
|
|
|
9ddb6a3 |
@@ -104,7 +105,7 @@ class AbstractKerberosAuthHandler:
|
|
|
b1f79cc |
if result < 1:
|
|
|
b1f79cc |
# this is a critical security warning
|
|
|
b1f79cc |
# should change to a raise --Tim
|
|
|
b1f79cc |
- log.critical("mutual auth failed: authGSSClientStep returned result %d" % result)
|
|
|
b1f79cc |
+ log.critical("mutual auth failed: authGSSClientStep returned result %d", result)
|
|
|
b1f79cc |
pass
|
|
|
b1f79cc |
|
|
|
b1f79cc |
def clean_context(self):
|
|
|
9ddb6a3 |
@@ -134,12 +135,13 @@ class AbstractKerberosAuthHandler:
|
|
|
9a9a373 |
req.add_unredirected_header(self.authz_header, neg_hdr)
|
|
|
9a9a373 |
resp = self.parent.open(req)
|
|
|
b1f79cc |
|
|
|
9a9a373 |
- self.authenticate_server(resp.info())
|
|
|
9a9a373 |
+ if resp.getcode() != 200:
|
|
|
9a9a373 |
+ self.authenticate_server(resp.info())
|
|
|
b1f79cc |
|
|
|
9a9a373 |
return resp
|
|
|
b1f79cc |
|
|
|
b1f79cc |
except k.GSSError, e:
|
|
|
b1f79cc |
- log.critical("GSSAPI Error: %s/%s" % (e[0][0], e[1][0]))
|
|
|
b1f79cc |
+ log.critical("GSSAPI Error: %s/%s", (e[0][0], e[1][0]))
|
|
|
b1f79cc |
return None
|
|
|
b1f79cc |
|
|
|
b1f79cc |
finally:
|