Commits

Dominik Ruf committed 3cb0e65

use Negotiate if possible

  • Participants
  • Parent commits 293490c

Comments (0)

Files changed (1)

hgssoauthentication.py

     def http_error_401(self, req, fp, code, msg, headers):
         supported_schemes = [s.strip() for s in headers.get("WWW-Authenticate", "").split(",")]
         
-        if('NTLM' in supported_schemes):
+        if('Negotiate' in supported_schemes):
+            ca = ClientAuth("Kerberos", targetspn='HTTP/%s@%s' % (req.host, os.environ['USERDNSDOMAIN']), auth_info=None)
+            out_buf = ca.authorize(None)[1]
+            data = out_buf[0].Buffer
+            auth = encodestring(data).replace("\012", "")
+            req.add_header('Authorization', 'Negotiate' + ' ' + auth)
+            return self.parent.open(req)
+            
+        elif('NTLM' in supported_schemes):
             # 1. request
             ca = ClientAuth("NTLM", auth_info=None)
             auth_scheme = ca.pkg_info['Name']
             fp.headers = resp.msg
             fp.read = resp.read
             return fp
-        
-        elif('Negotiate' in supported_schemes):
-            ca = ClientAuth("Kerberos", targetspn='HTTP/%s@%s' % (req.host, os.environ['USERDNSDOMAIN']), auth_info=None)
-            out_buf = ca.authorize(None)[1]
-            data = out_buf[0].Buffer
-            auth = encodestring(data).replace("\012", "")
-            req.add_header('Authorization', 'Negotiate' + ' ' + auth)
-            return self.parent.open(req)
 
 class KerberosAuthHandler(urllib2.BaseHandler):
     """auth handler for urllib2 that does Kerberos HTTP Negotiate Authentication