B }d@sdZddlZddlZddlZddlZddlZddlmZdZdgZ ye Z Wne k rbdZ YnXGddde Zd d dZd d ZdS) zUtility module to initialise a kerberos ticket for NDS2 connections This module provides a lazy-mans python version of the 'kinit' command-line tool, with internal guesswork using keytabs See the documentation of the `kinit` function for example usage N) OrderedDictz(Duncan Macleod kinitFc@seZdZdZdS) KerberosErrorz%Kerberos (krb5) operation failed N)__name__ __module__ __qualname____doc__r r ]/work/yifan.wang/ringdown/master-ringdown-env/lib/python3.7/site-packages/gwpy/io/kerberos.pyr,srcCs|dkr.tjdd}|dks*tj|s.d}|ry t|}Wntk rRYn^X|dkrtt|dkrt|dd}|tt |dkrtt |d |}||d}nd}t j sts|dks|s|dkrtd|dkrd}|dkrd}td|d }|d |} |s:|dkr:d}tjd | d d }|rP|dd|| g} n|| g} |rhd|i} nd} tj| | tjtjd} |s| |d| | } | rt| jd| |rtd| dS)aInitialise a kerberos ticket using the ``kinit`` command-line tool. This allows authenticated connections to, amongst others, NDS2 services. Parameters ---------- username : `str`, optional name of user, will be prompted for if not given. password : `str`, optional cleartext password of user for given realm, will be prompted for if not given. realm : `str`, optional name of realm to authenticate against, read from keytab if available, defaults to ``'LIGO.ORG'``. exe : `str`, optional path to kinit executable. keytab : `str`, optional path to keytab file. If not given this will be read from the ``KRB5_KTNAME`` environment variable. See notes for more details. krb5ccname : `str`, optional path to Kerberos credentials cache. verbose : `bool`, optional print verbose output (if `True`), or not (`False)`; default is `True` if any user-prompting is needed, otherwise `False`. Notes ----- If a keytab is given, or is read from the ``KRB5_KTNAME`` environment variable, this will be used to guess the username and realm, if it contains only a single credential. Examples -------- Example 1: standard user input, with password prompt:: >>> kinit('albert.einstein') Password for albert.einstein@LIGO.ORG: Kerberos ticket generated for albert.einstein@LIGO.ORG Example 2: extract username and realm from keytab, and use that in authentication:: >>> kinit(keytab='~/.kerberos/ligo.org.keytab', verbose=True) Kerberos ticket generated for albert.einstein@LIGO.ORG NZ KRB5_KTNAMErz~cannot generate kerberos ticket in a non-interactive session, please manually create a ticket, or consider using a keytab filezLIGO.ORGTz Please provide username for the z kerberos realm: @z Password for z: )promptz-kz-tZ KRB5CCNAME)envstdoutstdinzutf-8 zKerberos ticket generated for )osenvirongetpathisfile parse_keytabrlenlistzipindexsysrisatty_IPYTHONinputgetpass subprocessPopenPIPE communicateencodewaitpollCalledProcessError returncodejoinprint)usernamepasswordrealmexekeytabZ krb5ccnameverbose principalsidxidentitycmdZkrbenvZkgetretcoder r r r2sZ=       c Csytjdd|gtjd}Wn@tk r6tdYn&tjk rZtd|dYnXg}x|D]t}t|tr| d}yt d| d d \}}Wnt k rwjYqjX|sqj|t| d t|fqjWtt|S) aRead the contents of a KRB5 keytab file, returning a list of credentials listed within Parameters ---------- keytab : `str` path to keytab file Returns ------- creds : `list` of `tuple` the (unique) list of `(username, realm, kvno)` as read from the keytab file Examples -------- >>> from gwpy.io.kerberos import parse_keytab >>> print(parse_keytab("creds.keytab")) [('albert.einstein', 'LIGO.ORG', 1)] Zklistz-k)stderrz*Failed to locate klist, cannot read keytabzCannot read keytab ''zutf-8z\s+rr r )r! check_outputr#OSErrorrr( splitlines isinstancebytesdecoderesplitstrip ValueErrorisdigitappendtupleintrrfromkeyskeys)r0outr2lineZkvnoZ principalr r r rs&    "r)NNNrNNN)rr rr?r!r collectionsr __author____all__Z __IPYTHON__r NameError RuntimeErrorrrrr r r r s*   {