IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipapython: port p11helper C code to Python

Browse Source 
This replaces the binary _ipap11helper module with cffi-based Python code.

https://fedorahosted.org/freeipa/ticket/5596

Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Jan Cholasta 2016-01-06 13:10:11 +01:00 committed by Martin Basti
parent f5f5c8c603
commit 500ee7e2b1
16 changed files with 1873 additions and 2492 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -73,7 +73,6 @@ freeipa2-dev-doc
/ipapython/setup.py /ipapython/setup.py
/ipapython/version.py /ipapython/version.py
!/ipapython/Makefile !/ipapython/Makefile
!/ipapython/ipap11helper/Makefile
/ipaplatform/__init__.py /ipaplatform/__init__.py
/ipaplatform/setup.py /ipaplatform/setup.py

12
freeipa.spec.in
View File

@ -93,9 +93,7 @@ BuildRequires: systemd
BuildRequires: libunistring-devel BuildRequires: libunistring-devel
BuildRequires: python-lesscpy BuildRequires: python-lesscpy
BuildRequires: python-yubico >= 1.2.3 BuildRequires: python-yubico >= 1.2.3
BuildRequires: softhsm-devel >= 2.0.0rc1-1
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: p11-kit-devel
BuildRequires: pki-base >= 10.2.6 BuildRequires: pki-base >= 10.2.6
BuildRequires: python-pytest-multihost >= 0.5 BuildRequires: python-pytest-multihost >= 0.5
BuildRequires: python-pytest-sourceorder BuildRequires: python-pytest-sourceorder
@ -471,6 +469,7 @@ Requires: dbus-python
Requires: python-setuptools Requires: python-setuptools
Requires: python-six Requires: python-six
Requires: python-jwcrypto Requires: python-jwcrypto
Requires: python-cffi
Conflicts: %{alt_name}-python < %{version} Conflicts: %{alt_name}-python < %{version}
@ -515,6 +514,7 @@ Requires: python3-dbus
Requires: python3-setuptools Requires: python3-setuptools
Requires: python3-six Requires: python3-six
Requires: python3-jwcrypto Requires: python3-jwcrypto
Requires: python3-cffi
%description -n python3-ipalib %description -n python3-ipalib
IPA is an integrated solution to provide centrally managed Identity (users, IPA is an integrated solution to provide centrally managed Identity (users,
@ -639,10 +639,6 @@ cd daemons; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localst
cd install; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd .. cd install; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd ..
%endif # ONLY_CLIENT %endif # ONLY_CLIENT
%if 0%{?with_python3}
(cd ipapython/ipap11helper && make PYTHON=%{__python3} IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} all)
%endif
%if ! %{ONLY_CLIENT} %if ! %{ONLY_CLIENT}
make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} all make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} all
%else %else
@ -1311,12 +1307,10 @@ fi
%{python_sitelib}/ipalib/* %{python_sitelib}/ipalib/*
%dir %{python_sitelib}/ipaplatform %dir %{python_sitelib}/ipaplatform
%{python_sitelib}/ipaplatform/* %{python_sitelib}/ipaplatform/*
%attr(0644,root,root) %{python_sitearch}/_ipap11helper.so
%{python_sitelib}/ipapython-*.egg-info %{python_sitelib}/ipapython-*.egg-info
%{python_sitelib}/ipalib-*.egg-info %{python_sitelib}/ipalib-*.egg-info
%{python_sitelib}/freeipa-*.egg-info %{python_sitelib}/freeipa-*.egg-info
%{python_sitelib}/ipaplatform-*.egg-info %{python_sitelib}/ipaplatform-*.egg-info
%{python_sitearch}/_ipap11helper-*.egg-info
%files common -f %{gettext_domain}.lang %files common -f %{gettext_domain}.lang
@ -1338,8 +1332,6 @@ fi
%{python3_sitelib}/ipapython-*.egg-info %{python3_sitelib}/ipapython-*.egg-info
%{python3_sitelib}/ipalib-*.egg-info %{python3_sitelib}/ipalib-*.egg-info
%{python3_sitelib}/ipaplatform-*.egg-info %{python3_sitelib}/ipaplatform-*.egg-info
%attr(0644,root,root) %{python3_sitearch}/_ipap11helper.cpython-*.so
%{python3_sitearch}/_ipap11helper-*.egg-info
%endif # with_python3 %endif # with_python3

2
ipapython/Makefile
View File

@ -1,8 +1,6 @@
PYTHON ?= /usr/bin/python2 PYTHON ?= /usr/bin/python2
PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib())") PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib())")
SUBDIRS = ipap11helper
all: all:
@for subdir in $(SUBDIRS); do \ @for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \ (cd $$subdir && $(MAKE) $@) || exit 1; \

2
ipapython/dnssec/abshsm.py
View File

@ -2,7 +2,7 @@
# Copyright (C) 2014 FreeIPA Contributors see COPYING for license # Copyright (C) 2014 FreeIPA Contributors see COPYING for license
# #
import _ipap11helper from ipapython import p11helper as _ipap11helper
attrs_id2name = { attrs_id2name = {
#_ipap11helper.CKA_ALLOWED_MECHANISMS: 'ipk11allowedmechanisms', #_ipap11helper.CKA_ALLOWED_MECHANISMS: 'ipk11allowedmechanisms',

2
ipapython/dnssec/ldapkeydb.py
View File

@ -18,7 +18,7 @@ from ipapython.dnssec.abshsm import (
AbstractHSM, AbstractHSM,
bool_attr_names, bool_attr_names,
populate_pkcs11_metadata) populate_pkcs11_metadata)
import _ipap11helper from ipapython import p11helper as _ipap11helper
import uuid import uuid
def uri_escape(val): def uri_escape(val):

4
ipapython/dnssec/localhsm.py
View File

@ -13,7 +13,7 @@ from pprint import pprint
from ipaplatform.paths import paths from ipaplatform.paths import paths
import _ipap11helper from ipapython import p11helper as _ipap11helper
from ipapython.dnssec.abshsm import (attrs_name2id, attrs_id2name, AbstractHSM, from ipapython.dnssec.abshsm import (attrs_name2id, attrs_id2name, AbstractHSM,
keytype_id2name, keytype_name2id, keytype_id2name, keytype_name2id,
ldap2p11helper_api_params) ldap2p11helper_api_params)
@ -65,7 +65,7 @@ class Key(collections.MutableMapping):
return self.p11.set_attribute(self.handle, attrs_name2id[key], value) return self.p11.set_attribute(self.handle, attrs_name2id[key], value)
def __delitem__(self, key): def __delitem__(self, key):
raise _ipap11helper.Exception('__delitem__ is not supported') raise _ipap11helper.P11HelperException('__delitem__ is not supported')
def __iter__(self): def __iter__(self):
"""generates list of ipa names of all attributes present in the object""" """generates list of ipa names of all attributes present in the object"""

19
ipapython/ipap11helper/Makefile
View File

@ -1,19 +0,0 @@
PYTHON ?= /usr/bin/python2
PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib())")
all:
$(PYTHON) setup.py build
install:
if [ "$(DESTDIR)" = "" ]; then \
$(PYTHON) setup.py install; \
else \
$(PYTHON) setup.py install --root $(DESTDIR); \
fi
clean:
rm -rf build
distclean: clean
maintainer-clean: distclean

87
ipapython/ipap11helper/library.c
View File

@ -1,87 +0,0 @@
/*
* Copyright (C) 2014 FreeIPA Contributors see COPYING for license
*
* This code is based on PKCS#11 code from SoftHSM project:
* https://github.com/opendnssec/SoftHSMv2/
* Original license follows:
*/
/*
* Copyright (c) 2010 .SE (The Internet Infrastructure Foundation)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*****************************************************************************
library.c
Support function for handling PKCS#11 libraries
*****************************************************************************/
#include "library.h"
#include <stdio.h>
#include <stdlib.h>
#include <dlfcn.h>
// Load the PKCS#11 library
CK_C_GetFunctionList loadLibrary(const char* module, void** moduleHandle)
{
CK_C_GetFunctionList pGetFunctionList = NULL;
void* pDynLib = NULL;
// Load PKCS #11 library
if (module)
{
pDynLib = dlopen(module, RTLD_NOW | RTLD_LOCAL);
} else {
return NULL;
}
if (pDynLib == NULL)
{
// Failed to load the PKCS #11 library
return NULL;
}
// Retrieve the entry point for C_GetFunctionList
pGetFunctionList = (CK_C_GetFunctionList) dlsym(pDynLib, "C_GetFunctionList");
if (pGetFunctionList == NULL)
{
dlclose(pDynLib);
return NULL;
}
// Store the handle so we can dlclose it later
*moduleHandle = pDynLib;
return pGetFunctionList;
}
void unloadLibrary(void* moduleHandle)
{
if (moduleHandle)
{
dlclose(moduleHandle);
}
}

48
ipapython/ipap11helper/library.h
View File

@ -1,48 +0,0 @@
/*
* Copyright (C) 2014 FreeIPA Contributors see COPYING for license
*
* This code is based on PKCS#11 code from SoftHSM project:
* https://github.com/opendnssec/SoftHSMv2/
* Original license follows:
*/
/*
* Copyright (c) 2010 .SE (The Internet Infrastructure Foundation)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*****************************************************************************
library.h
Support function for handling PKCS#11 libraries
*****************************************************************************/
#ifndef _SOFTHSM_V2_BIN_LIBRARY_H
#define _SOFTHSM_V2_BIN_LIBRARY_H
#include <p11-kit/pkcs11.h>
CK_C_GetFunctionList loadLibrary(const char* module, void** moduleHandle);
void unloadLibrary(void* moduleHandle);
#endif // !_SOFTHSM_V2_BIN_LIBRARY_H

2268
ipapython/ipap11helper/p11helper.c
View File

File diff suppressed because it is too large Load Diff

43
ipapython/ipap11helper/setup.py
View File

@ -1,43 +0,0 @@
#!/usr/bin/python2
#
# Copyright (C) 2014 FreeIPA Contributors see COPYING for license
#
from distutils.core import setup, Extension
from distutils.sysconfig import get_python_inc
import sys
import os
python_header = os.path.join(get_python_inc(plat_specific=0), 'Python.h')
if not os.path.exists(python_header):
sys.exit("Cannot find Python development packages that provide Python.h")
module = Extension('_ipap11helper',
define_macros = [],
include_dirs = [],
libraries = ['dl', 'crypto', 'p11-kit'],
library_dirs = [],
extra_compile_args = [
'-std=c99',
'-I/usr/include/p11-kit-1',
'-ggdb3',
'-O2',
'-W',
'-Wall',
'-Wno-unused-parameter',
'-Wbad-function-cast',
'-Wextra',
],
sources = ['p11helper.c', 'library.c'])
setup(name='_ipap11helper',
version='0.1',
description='FreeIPA pkcs11 helper',
author='Martin Basti, Petr Spacek',
author_email='mbasti@redhat.com, pspacek@redhat.com',
license='GPLv2+',
url='http://www.freeipa.org',
long_description="""
FreeIPA pkcs11 key manipulation utils.
""",
ext_modules = [module])

1870
ipapython/p11helper.py
View File

File diff suppressed because it is too large Load Diff

2
ipaserver/install/dnskeysyncinstance.py
View File

@ -13,7 +13,7 @@ import stat
import ldap import ldap
import _ipap11helper from ipapython import p11helper as _ipap11helper
from ipapython.dnsutil import DNSName from ipapython.dnsutil import DNSName
from ipaserver.install import service from ipaserver.install import service
from ipaserver.install import installutils from ipaserver.install import installutils

2
ipaserver/install/opendnssecinstance.py
View File

@ -9,7 +9,7 @@ import stat
import shutil import shutil
from subprocess import CalledProcessError from subprocess import CalledProcessError
import _ipap11helper from ipapython import p11helper as _ipap11helper
from ipaserver.install import service from ipaserver.install import service
from ipaserver.install import installutils from ipaserver.install import installutils
from ipapython.ipa_log_manager import root_logger from ipapython.ipa_log_manager import root_logger

1
ipatests/pytest.ini
View File

@ -21,7 +21,6 @@ addopts = --doctest-modules
--ignore=doc/examples/python-api.py --ignore=doc/examples/python-api.py
--ignore=install/share/copy-schema-to-ca.py --ignore=install/share/copy-schema-to-ca.py
--ignore=install/share/wsgi.py --ignore=install/share/wsgi.py
--ignore=ipapython/ipap11helper/setup.py
markers = markers =
tier0: basic unit tests and critical functionality tier0: basic unit tests and critical functionality
tier1: functional API tests tier1: functional API tests

2
ipatests/test_ipapython/test_ipap11helper.py
View File

@ -17,7 +17,7 @@ import tempfile
import pytest import pytest
from ipaplatform.paths import paths from ipaplatform.paths import paths
import _ipap11helper from ipapython import p11helper as _ipap11helper
pytestmark = pytest.mark.tier0 pytestmark = pytest.mark.tier0