Improve Exception handling

If an GSS-API / SSPI error occurs you get a status code and an error message, but you may also want the name of the remote host. That's what this patch adds.
author: Sebastian Deiss <s.deiss@science-computing.de> 2014-02-18 11:47:33 +0100
committer: Sebastian Deiss <s.deiss@science-computing.de> 2014-02-18 11:47:33 +0100
commit: 7c3e505d92d804c7cd5f376cab297bf3552f5aa3 (patch)
tree: f77c17c4fb39a620e8470e8b7640fc05c3e49624 /paramiko/ssh_gss.py
parent: 604980e9dfeb671da27178c5261ae39dfb5e2f32 (diff)
download: paramiko-7c3e505d92d804c7cd5f376cab297bf3552f5aa3.tar.gz
1 files changed, 23 insertions, 13 deletions
diff --git a/paramiko/ssh_gss.py b/paramiko/ssh_gss.py
index 72beeaae..417dab6e 100644
--- a/paramiko/ssh_gss.py
+++ b/paramiko/ssh_gss.py
@@ -44,6 +44,7 @@ Created on 07.11.2013
 
 import struct
 import os
+import sys
 try:
     from pyasn1.type.univ import ObjectIdentifier
     from pyasn1.codec.der import encoder, decoder
@@ -310,13 +311,17 @@ class _SSH_GSSAPI(_SSH_GSSAuth):
             else:
                 krb5_mech = gssapi.OID.mech_from_string(self._krb5_mech)
         token = None
-        if recv_token is None:
-            self._gss_ctxt = gssapi.InitContext(peer_name=targ_name,
-                                                mech_type=krb5_mech,
-                                                req_flags=ctx.flags)
-            token = self._gss_ctxt.step(token)
-        else:
-            token = self._gss_ctxt.step(recv_token)
+        try:
+            if recv_token is None:
+                self._gss_ctxt = gssapi.InitContext(peer_name=targ_name,
+                                                    mech_type=krb5_mech,
+                                                    req_flags=ctx.flags)
+                token = self._gss_ctxt.step(token)
+            else:
+                token = self._gss_ctxt.step(recv_token)
+        except gssapi.GSSException:
+            raise gssapi.GSSException("{0} Target: {1}".format(sys.exc_info()[1],
+                                                               self._gss_host))
         self._gss_ctxt_status = self._gss_ctxt.established
         return token
 
@@ -476,17 +481,22 @@ class _SSH_SSPI(_SSH_GSSAuth):
         """
         self._username = username
         self._gss_host = target
+        error = 0
         targ_name = "host/" + self._gss_host
         if desired_mech is not None:
             mech, __ = decoder.decode(desired_mech)
             if mech.__str__() != self._krb5_mech:
                 raise SSHException("Unsupported mechanism OID.")
-        if recv_token is None:
-            self._gss_ctxt = sspi.ClientAuth("Kerberos",
-                                             scflags=self._gss_flags,
-                                             targetspn=targ_name)
-        error, token = self._gss_ctxt.authorize(recv_token)
-        token = token[0].Buffer
+        try:
+            if recv_token is None:
+                self._gss_ctxt = sspi.ClientAuth("Kerberos",
+                                                 scflags=self._gss_flags,
+                                                 targetspn=targ_name)
+            error, token = self._gss_ctxt.authorize(recv_token)
+            token = token[0].Buffer
+        except:
+            raise Exception("{0}, Target: {1}".format(sys.exc_info()[1],
+                                                      self._gss_host))
         if error == 0:
             """
             if the status is GSS_COMPLETE (error = 0) the context is fully
author	Sebastian Deiss <s.deiss@science-computing.de>	2014-02-18 11:47:33 +0100
committer	Sebastian Deiss <s.deiss@science-computing.de>	2014-02-18 11:47:33 +0100
commit	7c3e505d92d804c7cd5f376cab297bf3552f5aa3 (patch)
tree	f77c17c4fb39a620e8470e8b7640fc05c3e49624 /paramiko/ssh_gss.py
parent	604980e9dfeb671da27178c5261ae39dfb5e2f32 (diff)
download	paramiko-7c3e505d92d804c7cd5f376cab297bf3552f5aa3.tar.gz