Fix session cookies

The CLI was not using session cookies for communication with IPA API. The kernel_keyring code was expecting the keyname to be a string, but in python 2 a unicode was supplied (the key is built using ipa_session_cookie:%principal and principal is a unicode). The patch fixes the assertions, allowing to store and retrieve the cookie. It also adds a test with unicode key name. https://fedorahosted.org/freeipa/ticket/5984 Reviewed-By: Petr Spacek <pspacek@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-07-21 16:54:43 +02:00 · 2016-07-21 16:54:43 +02:00 · bc7eb99a29
commit bc7eb99a29
parent 524719f420
2 changed files with 23 additions and 7 deletions
--- a/ipapython/kernel_keyring.py
+++ b/ipapython/kernel_keyring.py
@ -18,6 +18,7 @@
 #

 import os
+import six

 from ipapython.ipautil import run

@ -45,7 +46,7 @@ def get_real_key(key):
    One cannot request a key based on the description it was created with
    so find the one we're looking for.
    """
-    assert isinstance(key, str)
+    assert isinstance(key, six.string_types)
    result = run(['keyctl', 'search', KEYRING, KEYTYPE, key],
                 raiseonerr=False, capture_output=True)
    if result.returncode:
@ -53,7 +54,7 @@ def get_real_key(key):
    return result.raw_output.rstrip()

 def get_persistent_key(key):
-    assert isinstance(key, str)
+    assert isinstance(key, six.string_types)
    result = run(['keyctl', 'get_persistent', KEYRING, key],
                 raiseonerr=False, capture_output=True)
    if result.returncode:
@ -73,7 +74,7 @@ def has_key(key):
    """
    Returns True/False whether the key exists in the keyring.
    """
-    assert isinstance(key, str)
+    assert isinstance(key, six.string_types)
    try:
        get_real_key(key)
        return True
@ -86,7 +87,7 @@ def read_key(key):

    Use pipe instead of print here to ensure we always get the raw data.
    """
-    assert isinstance(key, str)
+    assert isinstance(key, six.string_types)
    real_key = get_real_key(key)
    result = run(['keyctl', 'pipe', real_key], raiseonerr=False,
                 capture_output=True)
@ -99,7 +100,7 @@ def update_key(key, value):
    """
    Update the keyring data. If they key doesn't exist it is created.
    """
-    assert isinstance(key, str)
+    assert isinstance(key, six.string_types)
    assert isinstance(value, bytes)
    if has_key(key):
        real_key = get_real_key(key)
@ -114,7 +115,7 @@ def add_key(key, value):
    """
    Add a key to the kernel keyring.
    """
-    assert isinstance(key, str)
+    assert isinstance(key, six.string_types)
    assert isinstance(value, bytes)
    if has_key(key):
        raise ValueError('key %s already exists' % key)
@ -127,7 +128,7 @@ def del_key(key):
    """
    Remove a key from the keyring
    """
-    assert isinstance(key, str)
+    assert isinstance(key, six.string_types)
    real_key = get_real_key(key)
    result = run(['keyctl', 'unlink', real_key, KEYRING],
                 raiseonerr=False)
--- a/ipatests/test_ipapython/test_keyring.py
+++ b/ipatests/test_ipapython/test_keyring.py
@ -28,6 +28,7 @@ import pytest
 pytestmark = pytest.mark.tier0

 TEST_KEY = 'ipa_test'
+TEST_UNICODEKEY = u'ipa_unicode'
 TEST_VALUE = b'abc123'
 UPDATE_VALUE = b'123abc'

@ -49,6 +50,10 @@ class test_keyring(object):
            kernel_keyring.del_key(SIZE_256)
        except ValueError:
            pass
+        try:
+            kernel_keyring.del_key(TEST_UNICODEKEY)
+        except ValueError:
+            pass

    def test_01(self):
        """
@ -150,3 +155,13 @@ class test_keyring(object):
        assert(result == SIZE_1024.encode('ascii'))

        kernel_keyring.del_key(TEST_KEY)
+
+    def test_10(self):
+        """
+        Test a unicode key
+        """
+        kernel_keyring.add_key(TEST_UNICODEKEY, TEST_VALUE)
+        result = kernel_keyring.read_key(TEST_UNICODEKEY)
+        assert(result == TEST_VALUE)
+
+        kernel_keyring.del_key(TEST_UNICODEKEY)