Store session cookie in a ccache option

Instead of using the kernel keyring, store the session cookie within the ccache. This way kdestroy will really wipe away all credentials. Ticket: https://pagure.io/freeipa/issue/6661 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-03-06 18:47:56 -05:00
parent 2e5cc369fd
commit 7cab959555
3 changed files with 239 additions and 22 deletions
--- a/ipatests/test_ipapython/test_session_storage.py
+++ b/ipatests/test_ipapython/test_session_storage.py
@@ -0,0 +1,37 @@
+#
+# Copyright (C) 2017  FreeIPA Contributors see COPYING for license
+#
+
+"""
+Test the `session_storage.py` module.
+"""
+
+from ipapython import session_storage
+
+
+class test_session_storage(object):
+    """
+    Test the session storage interface
+    """
+
+    def setup(self):
+        # TODO: set up test user and kinit to it
+        # tmpdir = tempfile.mkdtemp(prefix = "tmp-")
+        # os.environ['KRB5CCNAME'] = 'FILE:%s/ccache' % tmpdir
+        self.principal = 'admin'
+        self.key = 'X-IPA-test-session-storage'
+        self.data = 'Test Data'
+
+    def test_01(self):
+        session_storage.store_data(self.principal, self.key, self.data)
+
+    def test_02(self):
+        data = session_storage.get_data(self.principal, self.key)
+        assert(data == self.data)
+
+    def test_03(self):
+        session_storage.remove_data(self.principal, self.key)
+        try:
+            session_storage.get_data(self.principal, self.key)
+        except session_storage.KRB5Error:
+            pass