1. Dominik Ruf
  2. hgssoauthentication

Commits

henrik  committed ea021ec

If Kerberos fails and NTLM is supported, fall back to NTLM
Support for NTLM over https

  • Participants
  • Parent commits 9d64ab3
  • Branches default

Comments (0)

Files changed (1)

File hgssoauthentication.py

View file
         supported_schemes = [s.strip() for s in headers.get("WWW-Authenticate", "").split(",")]
         
         if('Negotiate' in supported_schemes):
-            ca = ClientAuth("Kerberos", targetspn='HTTP/%s@%s' % (req.host, os.environ['USERDNSDOMAIN']), auth_info=None)
-            out_buf = ca.authorize(None)[1]
-            data = out_buf[0].Buffer
-            auth = encodestring(data).replace("\012", "")
-            req.add_header('Authorization', 'Negotiate' + ' ' + auth)
-            return self.parent.open(req)
+            try:
+                ca = ClientAuth("Kerberos", targetspn='HTTP/%s@%s' % (req.host, os.environ['USERDNSDOMAIN']), auth_info=None)
+                out_buf = ca.authorize(None)[1]
+                data = out_buf[0].Buffer
+                auth = encodestring(data).replace("\012", "")
+                req.add_header('Authorization', 'Negotiate' + ' ' + auth)
+                return self.parent.open(req)
+            except:
+                if('NTLM' not in supported_schemes):
+                    # if we can not fall back to NTLM, report error
+                    raise
 
-        elif('NTLM' in supported_schemes):
+        if('NTLM' in supported_schemes):
             # 1. request
             ca = ClientAuth("NTLM", auth_info=None)
             auth_scheme = ca.pkg_info['Name']
             data = out_buf[0].Buffer
             auth = encodestring(data).replace("\012", "")
             # since urllib2 doesn't support keepalive we create our own new connection
-            h = httplib.HTTPConnection(req.host)
+            if req.get_full_url().lower().startswith("https"):
+            	h = httplib.HTTPSConnection(req.host)
+            else:
+                h = httplib.HTTPConnection(req.host)
             h.putrequest('GET', req._Request__r_host)
             h.putheader('Authorization', auth_scheme + ' ' + auth)
             h.putheader('Content-Length', '0')