diff options
author | Jeremy T. Bouse <Jeremy.Bouse@UnderGrid.net> | 2015-10-25 22:29:44 -0400 |
---|---|---|
committer | Jeremy T. Bouse <Jeremy.Bouse@UnderGrid.net> | 2015-10-25 22:29:44 -0400 |
commit | ad30777fe9b9b34797ba7487056966d27d890974 (patch) | |
tree | fd14ac1ad24a701986483860e1218e7cdc09c732 /paramiko/ssh_gss.py | |
parent | 767153f789ed210fe00509f591b013320fc0f3fa (diff) | |
parent | bf855e6da326dba0c46f005eedc9f390c6c3b206 (diff) | |
download | python-paramiko-ad30777fe9b9b34797ba7487056966d27d890974.tar python-paramiko-ad30777fe9b9b34797ba7487056966d27d890974.tar.gz |
Merge tag 'upstream/1.15.3'
Upstream version 1.15.3
Diffstat (limited to 'paramiko/ssh_gss.py')
-rw-r--r-- | paramiko/ssh_gss.py | 33 |
1 files changed, 12 insertions, 21 deletions
diff --git a/paramiko/ssh_gss.py b/paramiko/ssh_gss.py index ebf2cc8..e9b13a6 100644 --- a/paramiko/ssh_gss.py +++ b/paramiko/ssh_gss.py @@ -20,7 +20,7 @@ """ -This module provides GSS-API / SSPI authentication as defined in RFC 4462. +This module provides GSS-API / SSPI authentication as defined in :rfc:`4462`. .. note:: Credential delegation is not supported in server mode. @@ -360,8 +360,8 @@ class _SSH_GSSAPI(_SSH_GSSAuth): :param str mic_token: The MIC token received from the client :param str session_id: The SSH session ID :param str username: The name of the user who attempts to login - :return: 0 if the MIC check was successful and 1 if it fails - :rtype: int + :return: None if the MIC check was successful + :raises gssapi.GSSException: if the MIC check failed """ self._session_id = session_id self._username = username @@ -371,11 +371,7 @@ class _SSH_GSSAPI(_SSH_GSSAuth): self._username, self._service, self._auth_method) - try: - self._gss_srv_ctxt.verify_mic(mic_field, - mic_token) - except gssapi.BadSignature: - raise Exception("GSS-API MIC check failed.") + self._gss_srv_ctxt.verify_mic(mic_field, mic_token) else: # for key exchange with gssapi-keyex # client mode @@ -534,31 +530,26 @@ class _SSH_SSPI(_SSH_GSSAuth): :param str mic_token: The MIC token received from the client :param str session_id: The SSH session ID :param str username: The name of the user who attempts to login - :return: 0 if the MIC check was successful - :rtype: int + :return: None if the MIC check was successful + :raises sspi.error: if the MIC check failed """ self._session_id = session_id self._username = username - mic_status = 1 if username is not None: # server mode mic_field = self._ssh_build_mic(self._session_id, self._username, self._service, self._auth_method) - mic_status = self._gss_srv_ctxt.verify(mic_field, - mic_token) + # Verifies data and its signature. If verification fails, an + # sspi.error will be raised. + self._gss_srv_ctxt.verify(mic_field, mic_token) else: # for key exchange with gssapi-keyex # client mode - mic_status = self._gss_ctxt.verify(self._session_id, - mic_token) - """ - The SSPI method C{verify} has no return value, so if no SSPI error - is returned, set C{mic_status} to 0. - """ - mic_status = 0 - return mic_status + # Verifies data and its signature. If verification fails, an + # sspi.error will be raised. + self._gss_ctxt.verify(self._session_id, mic_token) @property def credentials_delegated(self): |