Store session cookie in a ccache option #546
Conversation
ipapython/ccache_storage.py
Outdated
| pass | ||
|
|
||
|
|
||
| PY3 = sys.version_info[0] == 3 |
There was a problem hiding this comment.
Please use six.PY3 instead to be consistent with other parts
ipapython/ccache_storage.py
Outdated
| value = self.value | ||
| if value is None: | ||
| return None | ||
| elif not isinstance(value, str): |
There was a problem hiding this comment.
probably
elif isinstance(value, bytes):
might be better to handle Py2/Py3. Otherwise you must check Unicode too
ipapython/ccache_storage.py
Outdated
|
|
||
| class _krb5_context(ctypes.Structure): # noqa | ||
| """krb5/krb5.h struct _krb5_context""" | ||
| __slots__ = () |
There was a problem hiding this comment.
Why __slots__ are defined? Is it performance improvement?
There was a problem hiding this comment.
it's defined empty, but I'll remove them altogether
ipapython/ccache_storage.py
Outdated
| def from_param(cls, value): | ||
| if value is None: | ||
| return None | ||
| if PY3 and isinstance(value, str): |
There was a problem hiding this comment.
Can be this replaced with:
if not isinstance(value, bytes):
return value.encode('utf-8')
?
There was a problem hiding this comment.
turns out I am not actually using c_text_p anywhere in the end, so I'm removing all of this
ipapython/ccache_storage.py
Outdated
| krb5_cc_get_config.retval = krb5_error | ||
| krb5_cc_get_config.errcheck = krb5_errcheck | ||
|
|
||
| class session_store: |
There was a problem hiding this comment.
Should be class session_store(object):
ipapython/ccache_storage.py
Outdated
| krb5_free_context(self.__context) | ||
| self.__context = None | ||
|
|
||
| def __del__(self): |
There was a problem hiding this comment.
Don't define __del__ method in python unless you have bulletproof evidence that it will work in your case.
https://docs.python.org/2/reference/datamodel.html#object.__del__
In python, if you want safely do cleanup, it must be done by contextmanager (what you have already implemented), don't use del method
ipapython/ccache_storage.py
Outdated
| krb5_cc_get_config(self.__context, ccache, principal, | ||
| self._hidden_cred_name, ctypes.byref(data)) | ||
|
|
||
| return str(data.data) |
There was a problem hiding this comment.
What is data.data type? If bytes this will return unexpected string in py3. .decode() should be used in case of bytes
There was a problem hiding this comment.
it is decalred as c_char_p
ipapython/ccache_storage.py
Outdated
| try: | ||
| LIBKRB5 = ctypes.CDLL('libkrb5.so.3') | ||
| except OSError as e: # pragma: no cover | ||
| LIBKRB5 = e |
There was a problem hiding this comment.
Shouldn't we rather fail early and raise ImportError ?
|
Pylint failed and I have a few inline comments |
|
Should this patch not also remove the keyring code? Unit tests should be provided. |
|
@rcritten the keyring stuff is still used for detection of keyring in other places, so I did not touch it as those uses are still vaild |
|
Not sure how to provide unit tests, these functions work only if you have a valid ccache in the name of the principal you are trying to store a session cookie for. |
|
Ok removed a bunch of code and made sure pylint passes. |
|
I also renamed the module and the class, makes more sense to me this way around. |
ipapython/session_storage.py
Outdated
|
|
||
| class ccache_store(object): | ||
| def __init__(self, name='X-IPA-Session-Cookie'): | ||
| self.__context = None |
There was a problem hiding this comment.
Please use single underscore here. Double underscore lead to name mangling, which makes debugging harder.
ipapython/session_storage.py
Outdated
| self._hidden_cred_name = name | ||
|
|
||
| def __enter__(self): | ||
| return self |
There was a problem hiding this comment.
context should be initialized in __enter__, not in __init__
There was a problem hiding this comment.
Actually ccache_store is not used together with with statement, what is your goal @simo5?
There was a problem hiding this comment.
I just copied example code from krbproxy, I do not have any special goal.
I could even not carry a global context but crate and destroy contexts at each call
Whatever is preferred.
|
Ok I decide to do away with the whole class stuff, given we never really keep a round the class object for more than one operation at a time in actual use. |
simo5
dismissed
MartinBasti’s stale review
All requested changes have been applied
| Test the `session_storage.py` module. | ||
| """ | ||
|
|
||
| from nose.tools import raises # pylint: disable=E0611 |
There was a problem hiding this comment.
it is unused and instead of nose.raises please use pytest raises
|
Instead of using the kernel keyring, store the session cookie within the ccache. This way kdestroy will really wipe away all credentials. Ticket: https://pagure.io/freeipa/issue/6661 Signed-off-by: Simo Sorce <simo@redhat.com>
|
Oops sorry, forgot to run make pylint on my last iteration, should be all fixed now |
| self.key = 'X-IPA-test-session-storage' | ||
| self.data = 'Test Data' | ||
|
|
||
| def test_01(self): |
There was a problem hiding this comment.
Tests has no description
There was a problem hiding this comment.
but they are somehow selfexplanatory
|
master:
|
Instead of using the kernel keyring, store the session cookie within the
ccache. This way kdestroy will really wipe away all crededntials.
Ticket: https://pagure.io/freeipa/issue/6661