PR#4: Rewrite has_creds - cccolutils

cccolutils

#4 Rewrite has_creds

Merged 8 years ago by puiterwijk. Opened 8 years ago by cqi.

cqi/cccolutils rewrite-has_creds into master

Chenxiong Qi • 8 years ago

c5e3c6a

.gitignore

file modified

		`@@ -1,1 +1,8 @@`
		`/MANIFEST`
		`+ *.swp`
		`+ *.so`
		`+ *.pyc`
		`+`
		`+ .env/`
		`+ *.egg-info/`
		`+ build/`

cccolutils.c

file modified

+39 -11

		`@@ -70,21 +70,49 @@`
		`static PyObject *`
		`has_creds(PyObject self, PyObject args)`
		`{`
		`+ krb5_ccache cache;`
		`+ krb5_cccol_cursor cursor;`
		`+ krb5_cc_cursor cache_cursor;`
		`+ krb5_creds creds;`
		`krb5_error_code code;`
		`- code = krb5_cccol_have_content(kcontext);`
		`- if (code == 0)`
		`- {`
		`- Py_RETURN_TRUE;`
		`- }`
		`- else if (code == KRB5_CC_NOTFOUND)`
		`- {`
		`+ int found = FALSE;`
		`+`
		`+ if (krb5_cccol_cursor_new(kcontext, &cursor))`
		`Py_RETURN_FALSE;`
		`- }`
		`- else`
		`+`
		`+ while (!(code = krb5_cccol_cursor_next(kcontext, cursor, &cache)) &&`
		`+ cache != NULL)`
		`{`
		`- PyErr_SetString(PyExc_RuntimeError, "Error checking content of credential cache.");`
		`- return NULL;`
		`+ code = krb5_cc_start_seq_get(kcontext, cache, &cache_cursor);`
		`+ if (code)`
		`+ break;`
		`+`
		`+ while (0 == krb5_cc_next_cred(kcontext, cache, &cache_cursor, &creds))`
		`+ {`
		`+ if (!krb5_is_config_principal(kcontext, creds.server))`
		`+ {`
		`+ found = TRUE;`
		`+ krb5_free_cred_contents(kcontext, &creds);`
		`+ break;`
		`+ }`
		`+ }`
		`+`
		`+ krb5_cc_end_seq_get(kcontext, cache, &cache_cursor);`
		`+ krb5_cc_close(kcontext, cache);`
		`+`
		`+ if (found)`
		`+ /* If a credential is already found in this current`
		`+ * credential cache, no need to iterate next credential`
		`+ * cache and terminate now. */`
		`+ break;`
		`}`
		`+`
		`+ krb5_cccol_cursor_free(kcontext, &cursor);`
		`+`
		`+ if (found)`
		`+ Py_RETURN_TRUE;`
		`+ else`
		`+ Py_RETURN_FALSE;`
		`}`

		`static PyMethodDef CCColUtilsMethods[] = {`

cqi commented 8 years ago

Original has_creds calls krb5_cccol_have_content that is only available since
version 1.11 of krb5 library, but in EL6, e.g. the CentOS and RHEL6, just an
old version in the repository. Rewriting has_creds aims to make cccolutils be
usable in all Fedora dist and both EL6 and EL7.

Signed-off-by: Chenxiong Qi cqi@redhat.com

cqi commented 8 years ago

This fixes https://bodhi.fedoraproject.org/updates/python-cccolutils-1.4-1.el6#comment-528802

cqi commented 8 years ago

@puiterwijk Hi, could you review? The new release requires this patch so that python-cccolutils is workable in EL6.

Edited 8 years ago by cqi

lsedlar commented 8 years ago

The package with this patch builds fine (ugly scratch build). It allows cccolutils to be imported correctly on EL6 and has_creds correctly detects that I have no credentials in the docker container I used for testing.