Skip to content

Commit

Permalink
Raise exception on unknown usage
Browse files Browse the repository at this point in the history 
Previously, we defaulted to conservatively assuming BOTH for usage type
when it wasn't obviously INITIATE or ACCEPT.  In most simple cases, this
will cause invalid values to behave as the user intended.  However, it
may cause mysterious failures in more complex cases.  Err on the side of
caution and raise ValueError when we can't determine the intented usage.

Resolves: #202
  • Loading branch information
@frozencemetery
frozencemetery committed Apr 28, 2020
1 parent 2d40e2b commit 21e2da6
Show file tree
Hide file tree
Showing 6 changed files with 40 additions and 10 deletions.
10 changes: 8 additions & 2 deletions gssapi/raw/creds.pyx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,8 +131,11 @@ def acquire_cred(Name name=None, lifetime=None, mechs=None, usage='both'):
c_usage = GSS_C_INITIATE
elif usage == 'accept':
c_usage = GSS_C_ACCEPT
else:
elif usage == 'both':
c_usage = GSS_C_BOTH
else:
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
'"initiate", "accept", and "both"')

cdef gss_cred_id_t creds
cdef gss_OID_set actual_mechs
Expand Down Expand Up @@ -227,8 +230,11 @@ accept_lifetime=None, mutate_input=False)
c_usage = GSS_C_INITIATE
elif usage == 'accept':
c_usage = GSS_C_ACCEPT
else: # usage == 'both'
elif usage == 'both':
c_usage = GSS_C_BOTH
else:
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
'"initiate", "accept", and "both"')

cdef gss_cred_id_t raw_input_cred
if input_cred is not None:
Expand Down
15 changes: 12 additions & 3 deletions gssapi/raw/ext_cred_store.pyx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,8 +147,11 @@ usage='both')
c_usage = GSS_C_INITIATE
elif usage == 'accept':
c_usage = GSS_C_ACCEPT
else:
elif usage == 'both':
c_usage = GSS_C_BOTH
else:
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
'"initiate", "accept", and "both"')

cdef gss_key_value_set_desc *c_store
if store is not None:
Expand Down Expand Up @@ -232,8 +235,11 @@ init_lifetime=None, accept_lifetime=None)
c_usage = GSS_C_INITIATE
elif usage == 'accept':
c_usage = GSS_C_ACCEPT
else:
elif usage == 'both':
c_usage = GSS_C_BOTH
else:
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
'"initiate", "accept", and "both"')

cdef gss_name_t c_name = name.raw_name
cdef gss_OID c_mech = &mech.raw_oid
Expand Down Expand Up @@ -325,8 +331,11 @@ set_default=False)
c_usage = GSS_C_INITIATE
elif usage == 'accept':
c_usage = GSS_C_ACCEPT
else:
elif usage == 'both':
c_usage = GSS_C_BOTH
else:
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
'"initiate", "accept", and "both"')

cdef gss_key_value_set_desc *c_store
if store is not None:
Expand Down
5 changes: 4 additions & 1 deletion gssapi/raw/ext_password.pyx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,11 @@ usage="initiate")
c_usage = GSS_C_INITIATE
elif usage == "accept":
c_usage = GSS_C_ACCEPT
else:
elif usage == 'both':
c_usage = GSS_C_BOTH
else:
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
'"initiate", "accept", and "both"')

cdef gss_cred_id_t creds
cdef gss_OID_set actual_mechs
Expand Down
5 changes: 4 additions & 1 deletion gssapi/raw/ext_password_add.pyx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,8 +78,11 @@ usage='initiate', init_lifetime=None, accept_lifetime=None)
c_usage = GSS_C_INITIATE
elif usage == "accept":
c_usage = GSS_C_ACCEPT
else:
elif usage == 'both':
c_usage = GSS_C_BOTH
else:
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
'"initiate", "accept", and "both"')

cdef OM_uint32 input_initiator_ttl = c_py_ttl_to_c(init_lifetime)
cdef OM_uint32 input_acceptor_ttl = c_py_ttl_to_c(accept_lifetime)
Expand Down
5 changes: 4 additions & 1 deletion gssapi/raw/ext_rfc5588.pyx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,8 +63,11 @@ set_default=False)
c_usage = GSS_C_INITIATE
elif usage == 'accept':
c_usage = GSS_C_ACCEPT
else:
elif usage == 'both':
c_usage = GSS_C_BOTH
else:
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
'"initiate", "accept", and "both"')

cdef gss_cred_id_t c_creds = creds.raw_creds

Expand Down
10 changes: 8 additions & 2 deletions gssapi/raw/ext_s4u.pyx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,11 @@ mechs=None, usage='initiate')
c_usage = GSS_C_INITIATE
elif usage == 'accept':
c_usage = GSS_C_ACCEPT
else:
elif usage == 'both':
c_usage = GSS_C_BOTH
else:
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
'"initiate", "accept", and "both"')

cdef gss_cred_id_t creds
cdef gss_OID_set actual_mechs
Expand Down Expand Up @@ -162,8 +165,11 @@ usage='initiate', init_lifetime=None, accept_lifetime=None)
c_usage = GSS_C_INITIATE
elif usage == 'accept':
c_usage = GSS_C_ACCEPT
else:
elif usage == 'both':
c_usage = GSS_C_BOTH
else:
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
'"initiate", "accept", and "both"')

cdef gss_cred_id_t raw_input_cred
if input_cred is not None:
Expand Down

0 comments on commit 21e2da6

Please sign in to comment.