mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-22 15:13:50 -06:00
ipapython: Propagate KRB5Error exceptions on iterating ccache
`ipapython.session_storage.get_data` iterates over credentials in a credential cache till `krb5_cc_next_cred` returns an error. This function doesn't expect any error on calling other kerberos foreign functions during iteration. But that can actually happen and KRB5Error exceptions stop an iteration while they should be propagated. With this change iteration will exactly stop on `krb5_cc_next_cred` error as it was supposed to be. Fixes: https://pagure.io/freeipa/issue/9519 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
6cd04875de
commit
9802e852cb
@ -312,8 +312,12 @@ def get_data(princ_name, key):
|
||||
checkcreds = krb5_creds()
|
||||
# the next function will throw an error and break out of the
|
||||
# while loop when we try to access past the last cred
|
||||
krb5_cc_next_cred(context, ccache, ctypes.byref(cursor),
|
||||
ctypes.byref(checkcreds))
|
||||
try:
|
||||
krb5_cc_next_cred(context, ccache, ctypes.byref(cursor),
|
||||
ctypes.byref(checkcreds))
|
||||
except KRB5Error:
|
||||
break
|
||||
|
||||
if (krb5_principal_compare(context, principal,
|
||||
checkcreds.client) == 1 and
|
||||
krb5_principal_compare(context, srv_princ,
|
||||
@ -328,8 +332,6 @@ def get_data(princ_name, key):
|
||||
else:
|
||||
krb5_free_cred_contents(context,
|
||||
ctypes.byref(checkcreds))
|
||||
except KRB5Error:
|
||||
pass
|
||||
finally:
|
||||
krb5_cc_end_seq_get(context, ccache, ctypes.byref(cursor))
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user