Closed nmariz closed 2 years ago
The MIT Windows build does not expose gss_add_cred_with_password
in it's symbols so when the sdist is built it is done without this optional extension.
C:\Program Files\Microsoft Visual Studio\2022\Community>dumpbin.exe /EXPORTS "C:\Program Files\MIT\Kerberos\bin\gssapi64.dll"
Microsoft (R) COFF/PE Dumper Version 14.31.31105.0
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file C:\Program Files\MIT\Kerberos\bin\gssapi64.dll
File Type: DLL
Section contains the following exports for gssapi64.dll
00000000 characteristics
57683943 time date stamp Mon Jun 20 18:43:15 2016
0.00 version
1 ordinal base
148 number of functions
148 number of names
ordinal hint RVA name
56 0 00061C40 GSS_C_ATTR_LOCAL_LOGIN_USER
107 1 00060B20 GSS_C_INQ_SSPI_SESSION_KEY
108 2 00060B70 GSS_C_MA_AUTH_INIT
109 3 00060B90 GSS_C_MA_AUTH_INIT_ANON
110 4 00060B80 GSS_C_MA_AUTH_INIT_INIT
111 5 00060B78 GSS_C_MA_AUTH_TARG
112 6 00060B98 GSS_C_MA_AUTH_TARG_ANON
113 7 00060B88 GSS_C_MA_AUTH_TARG_INIT
114 8 00060BE0 GSS_C_MA_CBINDINGS
115 9 00060BF0 GSS_C_MA_COMPRESS
116 A 00060BB0 GSS_C_MA_CONF_PROT
117 B 00060BF8 GSS_C_MA_CTX_TRANS
118 C 00060BA0 GSS_C_MA_DELEG_CRED
119 D 00060B58 GSS_C_MA_DEPRECATED
120 E 00060BA8 GSS_C_MA_INTEG_PROT
121 F 00060B68 GSS_C_MA_ITOK_FRAMED
122 10 00060B38 GSS_C_MA_MECH_COMPOSITE
123 11 00060B28 GSS_C_MA_MECH_CONCRETE
124 12 00060B48 GSS_C_MA_MECH_GLUE
125 13 00060B40 GSS_C_MA_MECH_NEGO
126 14 00060B30 GSS_C_MA_MECH_PSEUDO
127 15 00060BB8 GSS_C_MA_MIC
128 16 00060B60 GSS_C_MA_NOT_DFLT_MECH
129 17 00060B50 GSS_C_MA_NOT_MECH
130 18 00060BD8 GSS_C_MA_OOS_DET
131 19 00060BE8 GSS_C_MA_PFS
132 1A 00060BC8 GSS_C_MA_PROT_READY
133 1B 00060BD0 GSS_C_MA_REPLAY_DET
134 1C 00060BC0 GSS_C_MA_WRAP
1 1D 00060B00 GSS_C_NT_ANONYMOUS
147 1E 00060B18 GSS_C_NT_COMPOSITE_EXPORT
2 1F 00060B08 GSS_C_NT_EXPORT_NAME
3 20 00060AF0 GSS_C_NT_HOSTBASED_SERVICE
4 21 00060AE0 GSS_C_NT_HOSTBASED_SERVICE_X
5 22 00060AC0 GSS_C_NT_MACHINE_UID_NAME
6 23 00060AD0 GSS_C_NT_STRING_UID_NAME
7 24 00060AB0 GSS_C_NT_USER_NAME
8 25 00048A00 GSS_KRB5_NT_PRINCIPAL_NAME
9 26 0001D974 gss_accept_sec_context
10 27 00013B74 gss_acquire_cred
139 28 00013BF4 gss_acquire_cred_from
70 29 000167CC gss_acquire_cred_impersonate_name
71 2A 00020A70 gss_acquire_cred_with_password
72 2B 0001ED7C gss_add_buffer_set_member
11 2C 00014114 gss_add_cred
140 2D 000141B4 gss_add_cred_from
73 2E 00016D1C gss_add_cred_impersonate_name
12 2F 0001EA8C gss_add_oid_set_member
13 30 00020150 gss_canonicalize_name
14 31 0001C358 gss_compare_name
74 32 00017690 gss_complete_auth_token
15 33 0001D62C gss_context_time
75 34 0001ED4C gss_create_empty_buffer_set
16 35 0001EA3C gss_create_empty_oid_set
76 36 00015F34 gss_delete_name_attribute
17 37 0001D70C gss_delete_sec_context
77 38 000151A8 gss_display_mech_attr
18 39 0001C0EC gss_display_name
78 3A 000164B4 gss_display_name_ext
19 3B 0001C7F8 gss_display_status
20 3C 000194D0 gss_duplicate_name
142 3D 000130B0 gss_export_cred
21 3E 000197C8 gss_export_name
79 3F 00015E40 gss_export_name_composite
22 40 0001B2B8 gss_export_sec_context
23 41 0001D45C gss_get_mic
144 42 00017A28 gss_get_mic_iov
145 43 00017B38 gss_get_mic_iov_length
80 44 00016114 gss_get_name_attribute
143 45 00012AA8 gss_import_cred
24 46 0001B764 gss_import_name
25 47 0001AEDC gss_import_sec_context
26 48 00001628 gss_indicate_mechs
81 49 00014C48 gss_indicate_mechs_by_attrs
27 4A 0001E358 gss_init_sec_context
82 4B 00014FF8 gss_inquire_attrs_for_mech
28 4C 0001A274 gss_inquire_context
29 4D 0001A9A8 gss_inquire_cred
30 4E 0001ACE8 gss_inquire_cred_by_mech
83 4F 00019168 gss_inquire_cred_by_oid
84 50 000157D8 gss_inquire_mech_for_saslname
31 51 0001A708 gss_inquire_mechs_for_name
85 52 000162F4 gss_inquire_name
32 53 0001A5F8 gss_inquire_names_for_mech
86 54 000151E8 gss_inquire_saslname_for_mech
87 55 00019400 gss_inquire_sec_context_by_oid
33 56 000473E8 gss_krb5_ccache_name
34 57 000470D8 gss_krb5_copy_ccache
35 58 000471E8 gss_krb5_export_lucid_sec_context
36 59 00047458 gss_krb5_free_lucid_sec_context
37 5A 00047008 gss_krb5_get_tkt_flags
90 5B 00047148 gss_krb5_import_cred
38 5C 00047378 gss_krb5_set_allowable_enctypes
91 5D 000476A8 gss_krb5_set_cred_rcache
138 5E 00019878 gss_localname
92 5F 00015D1C gss_map_name_to_any
135 60 000489E8 gss_mech_iakerb
39 61 000489D0 gss_mech_krb5
40 62 000489D8 gss_mech_krb5_old
41 63 000489E0 gss_mech_krb5_wrong
42 64 00048A08 gss_mech_set_krb5
43 65 00048A58 gss_mech_set_krb5_both
44 66 00048A50 gss_mech_set_krb5_old
136 67 00060B10 gss_nt_exported_name
45 68 000489F0 gss_nt_krb5_name
46 69 000489F8 gss_nt_krb5_principal
47 6A 00060AC8 gss_nt_machine_uid_name
48 6B 00060AF8 gss_nt_service_name
137 6C 00060AE8 gss_nt_service_name_v2
49 6D 00060AD8 gss_nt_string_uid_name
50 6E 00060AB8 gss_nt_user_name
51 6F 0001EB2C gss_oid_to_str
52 70 0001D86C gss_process_context_token
93 71 00015AD8 gss_pseudo_random
94 72 00015C08 gss_release_any_name_mapping
53 73 0001ECA0 gss_release_buffer
95 74 0001EDBC gss_release_buffer_set
54 75 0001E884 gss_release_cred
96 76 00017C48 gss_release_iov_buffer
55 77 0001B5E8 gss_release_name
148 78 00001328 gss_release_oid
57 79 00012988 gss_release_oid_set
58 7A 00019ECC gss_seal
97 7B 000206C8 gss_set_cred_option
98 7C 00016018 gss_set_name_attribute
99 7D 0001599C gss_set_neg_mechs
100 7E 00018F78 gss_set_sec_context_option
59 7F 0001D5EC gss_sign
101 80 000134B4 gss_store_cred
141 81 00013534 gss_store_cred_into
60 82 0001EB8C gss_str_to_oid
61 83 0001EAEC gss_test_oid_set_member
62 84 0001D2B0 gss_unseal
63 85 0001D0B0 gss_unwrap
102 86 00018384 gss_unwrap_aead
103 87 00017D20 gss_unwrap_iov
64 88 0001D41C gss_verify
65 89 0001D2FC gss_verify_mic
146 8A 00017E90 gss_verify_mic_iov
66 8B 00019C5C gss_wrap
104 8C 00018D0C gss_wrap_aead
105 8D 00017748 gss_wrap_iov
106 8E 000178E8 gss_wrap_iov_length
67 8F 00019F2C gss_wrap_size_limit
88 90 00047708 gsskrb5_extract_authtime_from_sec_context
89 91 00047528 gsskrb5_extract_authz_data_from_sec_context
68 92 00048950 krb5_gss_oid_array
69 93 000474B8 krb5_gss_register_acceptor_identity
I tested this against the latest version of MIT Kerberos for Windows (4.1) and it explains why this functionality is not available there. The docs state MIT Kerberos for Windows 4.1 is based on MIT krb5 1.13
The KfW 4.1 series of releases is based on the MIT krb5 1.13 series of releases, modernizing the support relative to the KfW 4.0 series, which was based on the MIT krb5 1.10 series.
The gss_add_cred_with_password
function was introduced in an earlier version (1.12 I think) but there was a bug where it wasn't publicly exported. This was fixed with https://github.com/krb5/krb5/commit/266cce14ee39f6d11b186ee988cffd0c2a119f3d but based on the tags is only present in krb5-1.14 and kfw-4.2 (which kfw has no release at this version yet).
There's nothing this project can do about this. You either need to ask the maintainers for MIT kfw to push a new version with this fix present or use another Windows Kerberos library which is untested by this Python module.
What went wrong?
gssapi.raw.add_cred_with_password()
is missing on Windows platform.How do we reproduce?
It will raise:
You can also notice notice the existence of
ext_password_add.pyi
but not ofext_password_add.cp310-win_amd64.pyd
.Component versions (python-gssapi, Kerberos, OS / distro, etc.)
The installation made using
pip install gssapi
.