Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
.. image:: https://badge.fury.io/gh/pythongssapi%2Fpython-gssapi.svg :target: http://badge.fury.io/gh/pythongssapi%2Fpython-gssapi
.. image:: https://badge.fury.io/py/gssapi.svg :target: http://badge.fury.io/py/gssapi
Python-GSSAPI provides both low-level and high level wrappers around the GSSAPI C libraries. While it focuses on the Kerberos mechanism, it should also be useable with other GSSAPI mechanisms.
Documentation can be found at
https://pythongssapi.github.io/python-gssapi/ <https://pythongssapi.github.io/python-gssapi/>
_.
A working implementation of GSSAPI (such as from MIT Kerberos) which supports delegation and includes header files
a C compiler (such as GCC)
Python 3.8+ (older releases support older versions, but are unsupported)
the decorator
python package
To compile from scratch, you will need Cython >= 3.0.3, < 4.0.0
which is automatically
installed by pip in an isolated build virtual environment.
k5test
packageTo install test dependencies using pip:
::
$ pip install -r test-requirements.txt # Optional, for running test suite
::
$ pip install gssapi
After being sure to install all the requirements,
::
$ git clone https://github.com/pythongssapi/python-gssapi.git
$ pip install .
The tests for for Python-GSSAPI live in gssapi.tests
. In order to
run the tests, you must have an MIT Kerberos installation (including
the KDC). The tests create a self-contained Kerberos setup, so running
the tests will not interfere with any existing Kerberos installations.
Python-GSSAPI is composed of two parts: a low-level C-style API which
thinly wraps the underlying RFC 2744 methods, and a high-level, Pythonic
API (which is itself a wrapper around the low-level API). Examples may
be found in the examples
directory.
The low-level API lives in gssapi.raw
. The methods contained therein
are designed to match closely with the original GSSAPI C methods. All
relevant methods and classes may be imported directly from gssapi.raw
.
Extension methods will only be imported if they are present. The low-level
API follows the given format:
Names match the RFC 2744 specification, with the gssapi_
prefix removed
Parameters which use C int constants as enums have
enum.IntEnum
classes defined, and thus may be passed
either the enum members or integers
In cases where a specific constant is passed in the C API to represent
a default value, None
should be passed instead
In cases where non-integer constants would be used in the API (i.e. OIDs), enum-like objects have been defined containing named references to values specified in RFC 2744.
Major and minor error codes are returned by raising
gssapi.raw.GSSError
. The major error codes have exceptions
defined in in gssapi.raw.exceptions
to make it easier to catch specific
errors or categories of errors.
All other relevant output values are returned via named tuples.
The high-level API lives directly under gssapi
. The classes
contained in each file are designed to provide a more Pythonic, Object-Oriented
view of GSSAPI. The exceptions from the low-level API, plus several additional
exceptions, live in gssapi.exceptions
. The rest of the classes may be
imported directly from gssapi
. Only classes are exported by gssapi
--
all functions are methods of classes in the high-level API.
Please note that QoP is not supported in the high-level API, since it has been deprecated.
In addition to RFC 2743/2744, Python-GSSAPI also has support for:
RFC 4178 (GSS-API Negotiation Mechanism)
RFC 5587 (Extended GSS Mechanism Inquiry APIs)
RFC 5588 (GSS-API Extension for Storing Delegated Credentials)
RFC 5801 (GSS-API SASL Extensions)
(Additional) Credential Store Extension
Services4User
Credentials import-export
RFC 6680 (GSS-API Naming Extensions)
DCE and IOV MIC extensions
acquire_cred_with_password
and add_cred_with_password
GGF Extensions
Kerberos specific extensions
(GitHub usernames in parentheses)
We welcome new contributions in the form of Issues and Pull Requests on
Github. If you would like to join our discussions, you can find us on
libera.chat <https://libera.chat/>
_ IRC, channel #python-gssapi <irc://libera.chat/python-gssapi>
_.
FAQs
Python GSSAPI Wrapper
We found that gssapi demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.