Implement support for GSSAPI extension RFC 5587 #121
Conversation
cipherboy
force-pushed
the
rfc5587
branch
2 times, most recently
from
6569bce
to
8871dc8
Compare
gssapi/tests/test_raw.py
Outdated
| mechs.shouldnt_be_empty() | ||
| mechs.should_be_a(set) | ||
|
|
||
| last_mech = None |
There was a problem hiding this comment.
Can you just use mechs[-1] instead of repeatedly updating a variable for this?
There was a problem hiding this comment.
mechs is a set; sets don't support indexing.
There was a problem hiding this comment.
So it is. Please move the update call to the top of the loop in that case.
gssapi/tests/test_raw.py
Outdated
|
|
||
| last_mech = mech | ||
|
|
||
| last_mech.shouldnt_be_none |
There was a problem hiding this comment.
Isn't this check redundant with the one in the loop?
gssapi/tests/test_raw.py
Outdated
| last_attr = None | ||
|
|
||
| for mech in mechs: | ||
| mech.shouldnt_be_none |
There was a problem hiding this comment.
You need to call your functions, in this line and elsewhere
gssapi/tests/test_raw.py
Outdated
| last_mech = mech | ||
|
|
||
| last_mech.shouldnt_be_none | ||
| last_attr.shouldnt_be_none |
There was a problem hiding this comment.
Similarly, why is this checked here?
cipherboy
force-pushed
the
rfc5587
branch
2 times, most recently
from
f7c51b5
to
0b53bc2
Compare
|
@frozencemetery Updated! |
|
😢 please put a full description on the PR body and commit message. For example: |
gssapi/raw/ext_rfc5587.pyx
Outdated
| if mech is not None: | ||
| m = &mech.raw_oid | ||
|
|
||
| maj_stat = gss_inquire_attrs_for_mech(&min_stat, m, &mech_attrs, |
There was a problem hiding this comment.
calls to the GSSAPI functions themselves should generally drop the GIL while being called with nogil:.
There was a problem hiding this comment.
Ah that annotation makes sense now. :) I notice that e.g., rfc5588 has a "nogil" on the cdef -- do you want that as well?
There was a problem hiding this comment.
yeah, you'd need to add that
gssapi/raw/ext_rfc5587.pyx
Outdated
| &long_desc) | ||
|
|
||
| if maj_stat == GSS_S_COMPLETE: | ||
| out_name = name.value[:name.length].decode("UTF-8") |
There was a problem hiding this comment.
we don't decode in the low-level API -- we just return bytes.
| mech_attr.should_be_a(gb.OID) | ||
|
|
||
| display_out = gb.display_mech_attr(mech_attr) | ||
| display_out.name.shouldnt_be_none() |
There was a problem hiding this comment.
can we test a specific attr to make sure that's right, too?
There was a problem hiding this comment.
Done -- see here.
cipherboy
force-pushed
the
rfc5587
branch
2 times, most recently
from
590d016
to
11180ad
Compare
|
Ok, last thing: you should have doc strings on the functions. Otherwise, LGTM. |
cipherboy
force-pushed
the
rfc5587
branch
3 times, most recently
from
f726863
to
9e60f3d
Compare
|
Thanks @DirectXMan12! :) |
gssapi/raw/ext_rfc5587.pyx
Outdated
|
|
||
| def inquire_attrs_for_mech(OID mech): | ||
| """ | ||
| inquire_attrs_for_mech(OID mech) |
There was a problem hiding this comment.
now I'm nitpicking, but the method signature in the docstring should look like normal Python (so no types in the docstring signature)
There was a problem hiding this comment.
Nitpicking welcome :)
gssapi/raw/ext_rfc5587.pyx
Outdated
|
|
||
| def display_mech_attr(OID attr): | ||
| """ | ||
| display_mech_attrs(OID attr) |
|
Are we looking for higher level changes at this time to include mechs / mech_attrs as a class of their own? It seems like they'd be a storage class with only a few helper functions, so I'm not sure there's a need. |
RFC 5587 provides extended mech inquiry calls to GSSAPI. This adds the ability to indicate mechs by their mech attrs, along with determining the attrs supported by a mech. These calls are provided as a part of the raw interface and are not exposed in the high-level interface due to not having objects for mechs or attrs. Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
I've added comments to the tests and added RFC 5587 support to the README. |
|
LGTM. We may have to revisit the exact message checking test in the future, but I'm fine to merge now. |
RFC 5587 provides extended mech inquiry calls to GSSAPI.
This adds the ability to indicate mechs by their
mech attrs, along with determining the attrs supported
by a mech. These calls are provided as a part of
the raw interface and are not exposed in the high-level
interface due to not having objects for mechs or attrs.
Thanks!