From 059ced75270c681144462dba3772812901495054 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Thu, 21 Jul 2016 16:54:43 +0200
Subject: [PATCH] Fix session cookies
The CLI was not using session cookies for communication with IPA API.
The kernel_keyring code was expecting the keyname to be a string, but
in python 2 a unicode was supplied (the key is built using
ipa_session_cookie:%principal and principal is a unicode).
The patch fixes the assertions, allowing to store and retrieve the cookie.
It also adds a test with unicode key name.
https://fedorahosted.org/freeipa/ticket/5984
Reviewed-By: Petr Spacek <pspacek@redhat.com>
---
ipapython/kernel_keyring.py | 15 ++++++++-------
ipatests/test_ipapython/test_keyring.py | 15 +++++++++++++++
2 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/ipapython/kernel_keyring.py b/ipapython/kernel_keyring.py
index ed4868a9d8eaffdae6f717928663296bd20c762e..651fd708667420d1769e3601a8fa0b6c52604a10 100644
--- a/ipapython/kernel_keyring.py
+++ b/ipapython/kernel_keyring.py
@@ -18,6 +18,7 @@
#
import os
+import six
from ipapython.ipautil import run
@@ -45,7 +46,7 @@ def get_real_key(key):
One cannot request a key based on the description it was created with
so find the one we're looking for.
"""
- assert isinstance(key, str)
+ assert isinstance(key, six.string_types)
result = run(['keyctl', 'search', KEYRING, KEYTYPE, key],
raiseonerr=False, capture_output=True)
if result.returncode:
@@ -53,7 +54,7 @@ def get_real_key(key):
return result.raw_output.rstrip()
def get_persistent_key(key):
- assert isinstance(key, str)
+ assert isinstance(key, six.string_types)
result = run(['keyctl', 'get_persistent', KEYRING, key],
raiseonerr=False, capture_output=True)
if result.returncode:
@@ -73,7 +74,7 @@ def has_key(key):
"""
Returns True/False whether the key exists in the keyring.
"""
- assert isinstance(key, str)
+ assert isinstance(key, six.string_types)
try:
get_real_key(key)
return True
@@ -86,7 +87,7 @@ def read_key(key):
Use pipe instead of print here to ensure we always get the raw data.
"""
- assert isinstance(key, str)
+ assert isinstance(key, six.string_types)
real_key = get_real_key(key)
result = run(['keyctl', 'pipe', real_key], raiseonerr=False,
capture_output=True)
@@ -99,7 +100,7 @@ def update_key(key, value):
"""
Update the keyring data. If they key doesn't exist it is created.
"""
- assert isinstance(key, str)
+ assert isinstance(key, six.string_types)
assert isinstance(value, bytes)
if has_key(key):
real_key = get_real_key(key)
@@ -114,7 +115,7 @@ def add_key(key, value):
"""
Add a key to the kernel keyring.
"""
- assert isinstance(key, str)
+ assert isinstance(key, six.string_types)
assert isinstance(value, bytes)
if has_key(key):
raise ValueError('key %s already exists' % key)
@@ -127,7 +128,7 @@ def del_key(key):
"""
Remove a key from the keyring
"""
- assert isinstance(key, str)
+ assert isinstance(key, six.string_types)
real_key = get_real_key(key)
result = run(['keyctl', 'unlink', real_key, KEYRING],
raiseonerr=False)
diff --git a/ipatests/test_ipapython/test_keyring.py b/ipatests/test_ipapython/test_keyring.py
index e22841c8f5d229d17cdd05ab9c4248eeffaab249..c81e6d95f7ebdf585ee37ecf71151c01e0001912 100644
--- a/ipatests/test_ipapython/test_keyring.py
+++ b/ipatests/test_ipapython/test_keyring.py
@@ -28,6 +28,7 @@ import pytest
pytestmark = pytest.mark.tier0
TEST_KEY = 'ipa_test'
+TEST_UNICODEKEY = u'ipa_unicode'
TEST_VALUE = b'abc123'
UPDATE_VALUE = b'123abc'
@@ -49,6 +50,10 @@ class test_keyring(object):
kernel_keyring.del_key(SIZE_256)
except ValueError:
pass
+ try:
+ kernel_keyring.del_key(TEST_UNICODEKEY)
+ except ValueError:
+ pass
def test_01(self):
"""
@@ -150,3 +155,13 @@ class test_keyring(object):
assert(result == SIZE_1024.encode('ascii'))
kernel_keyring.del_key(TEST_KEY)
+
+ def test_10(self):
+ """
+ Test a unicode key
+ """
+ kernel_keyring.add_key(TEST_UNICODEKEY, TEST_VALUE)
+ result = kernel_keyring.read_key(TEST_UNICODEKEY)
+ assert(result == TEST_VALUE)
+
+ kernel_keyring.del_key(TEST_UNICODEKEY)
--
2.7.4