deshaw / flask-kerberos Goto Github PK

The kerberos package provided by the ccs-pykerberos project was archived in February and is no longer maintained.

Should this project adopt an alternative library?

Installing collected packages: kerberos, flask-kerberos
Running setup.py install for kerberos ... error
Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-jbd2n90x/kerberos/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-3as0bn5c/install-record.txt --single-version-externally-managed --compile:
running install
running build
running build_ext
building 'kerberos' extension
creating build
creating build/temp.linux-x86_64-3.5
creating build/temp.linux-x86_64-3.5/src
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.5m -c src/base64.c -o build/temp.linux-x86_64-3.5/src/base64.o /bin/sh: 1: krb5-config: not found
x86_64-linux-gnu-gcc: error: /bin/sh:: No such file or directory
x86_64-linux-gnu-gcc: error: 1:: No such file or directory
x86_64-linux-gnu-gcc: error: krb5-config:: No such file or directory
x86_64-linux-gnu-gcc: error: not: No such file or directory
x86_64-linux-gnu-gcc: error: found: No such file or directory
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

----------------------------------------

Command "/usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-jbd2n90x/kerberos/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-3as0bn5c/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-install-jbd2n90x/kerberos/

hello
i had sudo apt-get install gcc, python3-dev, but not success pip3 install flask-kerberos, i used on ubuntu16.10 ,please help

I am trying to run the example provided in https://github.com/deshaw/flask-kerberos/tree/master/example.

Here is the content of my 'example.py' file

from flask import Flask
from flask import render_template
from flask_kerberos import init_kerberos
from flask_kerberos import requires_authentication

from config import Config

app = Flask(__name__)
app.config.from_object(Config)

@app.route("/")
@requires_authentication
def index(user):
    return render_template('index.html', user=user)

if __name__ == '__main__':
    init_kerberos(app)
    app.run()

and here is a 'config.py'

import os
import base64
from dotenv import load_dotenv

basedir = os.path.abspath(os.path.dirname(__file__))
load_dotenv(os.path.join(basedir, '.flaskenv'))

class Config(object):

# Setup Secret Key for Application
SECRET_KEY = os.environ.get('SECRET_KEY') or str(base64.b64encode('you-will-never-guess'.encode("utf-8")))

# Location of the keytab file
KRB5_KTNAME = "K000007.keytab"

When start the Flask via flask run I am getting the following error in CMD:

(venv) Server@Me:~/.../flask_kerberos_example$ flask run
 * Serving Flask app "example.py" (lazy loading)
 * Environment: development
 * Debug mode: on
 * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
 * Restarting with stat
 * Debugger is active!
 * Debugger PIN: 603-674-916
a.b.c.d - - [23/Jun/2021 08:47:51] "GET / HTTP/1.1" 401 -
a.b.c.d - - [23/Jun/2021 08:47:51] "GET / HTTP/1.1" 500 -
Traceback (most recent call last):
  File "/venv/lib/python3.7/site-packages/flask/app.py", line 2464, in __call__
    return self.wsgi_app(environ, start_response)
  File "/venv/lib/python3.7/site-packages/flask/app.py", line 2450, in wsgi_app
    response = self.handle_exception(e)
  File "/venv/lib/python3.7/site-packages/flask/app.py", line 1867, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/venv/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/venv/lib/python3.7/site-packages/flask/app.py", line 2447, in wsgi_app
    response = self.full_dispatch_request()
  File "/venv/lib/python3.7/site-packages/flask/app.py", line 1952, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/venv/lib/python3.7/site-packages/flask/app.py", line 1821, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/venv/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/venv/lib/python3.7/site-packages/flask/app.py", line 1950, in full_dispatch_request
    rv = self.dispatch_request()
  File "/venv/lib/python3.7/site-packages/flask/app.py", line 1936, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/venv/lib/python3.7/site-packages/flask_kerberos.py", line 106, in decorated
    rc = _gssapi_authenticate(token)
  File "/venv/lib/python3.7/site-packages/flask_kerberos.py", line 70, in _gssapi_authenticate
    rc, state = kerberos.authGSSServerInit(_SERVICE_NAME)
TypeError: argument 1 must be str, not None
a.b.c.d - - [23/Jun/2021 08:47:51] "GET /?__debugger__=yes&cmd=resource&f=style.css HTTP/1.1" 200 -
a.b.c.d - - [23/Jun/2021 08:47:51] "GET /?__debugger__=yes&cmd=resource&f=debugger.js HTTP/1.1" 200 -
a.b.c.d - - [23/Jun/2021 08:47:51] "GET /?__debugger__=yes&cmd=resource&f=jquery.js HTTP/1.1" 200 -
a.b.c.d - - [23/Jun/2021 08:47:51] "GET /?__debugger__=yes&cmd=resource&f=console.png HTTP/1.1" 200 -
a.b.c.d - - [23/Jun/2021 08:47:51] "GET /?__debugger__=yes&cmd=resource&f=console.png HTTP/1.1" 200 -

What can actually be a problem? How to resolve this?

Hello,

Flask uses heavy use of python's logging module, probably would be a good idea to also use it in flask-kerberos.

The _gssapi_authenticate call is completely swallowing diagnostic messages. When something is not working, all we're getting is a 401/403, without any traces or what the hack is going on. The kerberos.GSSError exception contains quite a bit of useful information, which is not being used, but swallowed by a None return. Also, when the nit is failing or anything is happening, there should be logging statements all around the place, with ERROR/WARN levels.

Please improve the library with proper error message propagation. Make it sysadmin friendly.

I want to allow specific views only to "Admins" and would like the auth mechanism to be kerberos.

Flask-Kerberos code constructs a service name like this:

flask_kerberos.py:

_SERVICE_NAME = "%s@%s" % (service, hostname)

in flask_kerberos.py. But the code in server_principal_details called from kerberos.getServerPrincipalDetails(service, hostname) which is called from init_kerberos() constructs the service name like this:

kerberos-1.2.5/src/kerberosgss.c:

char* server_principal_details(const char* service, const char* hostname)
{
  // ...
  snprintf(match, 1024, "%s/%s@", service, hostname);

Flask-Kerberos (1.0.4)
kerberos (1.2.5)

I've noticed that kerberos.getServerPrincipalDetails raises a 'Principal not found in keytab' exception if the FQDN is not used for the 'hostname' argument. I think it would be better to use socket.getfqdn as the default value in init_kerberos instead of socket.gethostname.

Hello,

Please switch to using the .format string method, instead of formatting strings with the old % method. Currently the source is not much python3 friendly, and this one seems like a low hanging fruit.

Thanks

See https://github.com/mkomitee/flask-kerberos/blob/master/flask_kerberos.py#L35

The "Exception" class has dropped the "message" attribute at least since Python 3.4. Better to replace it with the "args" method.