Commit 2572d5d

committed

Low-level Documentation Updates

This commit updates the low-level documentation, introducing method signatures as well as fixing typos.

1 parent c758fd4 commit 2572d5dCopy full SHA for 2572d5d

File tree

17 files changed

+225

-99

lines changed

docs/source
- gssapi.raw.rst
gssapi/raw

17 files changed

+225

-99

lines changed

`‎docs/source/gssapi.raw.rst`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,12 @@ Core RFC 2744`
`19`	`19`	`Names`
`20`	`20`	`~~~~~`
`21`	`21`
	`22`	`+.. note::`
	`23`	`+ Some functions in the following section will refer to`
	`24`	`+ "mechanism names". These are not names of mechanisms.`
	`25`	`+ Instead, they are a special form of name specific to`
	`26`	`+ a given mechanism.`
	`27`	`+`
`22`	`28`	`.. automodule:: gssapi.raw.names`
`23`	`29`	`:members:`
`24`	`30`	`:undoc-members:`

`‎gssapi/raw/creds.pyx`

Lines changed: 19 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -82,6 +82,7 @@ cdef class Creds:`
`82`	`82`
`83`	`83`	`def acquire_cred(Name name=None, lifetime=None, mechs=None, usage='both'):`
`84`	`84`	`"""`
	`85`	`+ acquire_cred(name=None, lifetime=None, mechs=None, usage='both')`
`85`	`86`	`Get GSSAPI credentials for the given name and mechanisms.`
`86`	`87`
`87`	`88`	`This method gets GSSAPI credentials corresponding to the given name`
`@@ -159,10 +160,15 @@ def acquire_cred(Name name=None, lifetime=None, mechs=None, usage='both'):`
`159`	`160`
`160`	`161`	`def release_cred(Creds creds not None):`
`161`	`162`	`"""`
	`163`	`+ release_cred(creds)`
`162`	`164`	`Release GSSAPI Credentials.`
`163`	`165`
`164`	`166`	`This method releases GSSAPI credentials.`
`165`	`167`
	`168`	`+ Warning:`
	`169`	`+ This method is deprecated. Credentials are`
	`170`	`+ automatically freed by Python.`
	`171`	`+`
`166`	`172`	`Args:`
`167`	`173`	`creds (Creds): the credentials in question`
`168`	`174`
`@@ -180,7 +186,10 @@ def release_cred(Creds creds not None):`
`180`	`186`	`def add_cred(Creds input_cred, Name name not None, OID mech not None,`
`181`	`187`	`usage='initiate', init_lifetime=None,`
`182`	`188`	`accept_lifetime=None, mutate_input=False):`
`183`		`- """Add a credential element to a credential.`
	`189`	`+ """`
	`190`	`+ add_cred(input_cred, name, mech, usage='initiate', init_lifetime=None, \`
	`191`	`+accept_lifetime=None, mutate_input=False)`
	`192`	`+ Add a credential element to a credential.`
`184`	`193`
`185`	`194`	`This method can be used to either compose two credentials (i.e., original`
`186`	`195`	`and new credential), or to add a new element to an existing credential.`
`@@ -264,7 +273,9 @@ def add_cred(Creds input_cred, Name name not None, OID mech not None,`
`264`	`273`
`265`	`274`	`def inquire_cred(Creds creds not None, name=True, lifetime=True, usage=True,`
`266`	`275`	`mechs=True):`
`267`		`- """Inspect credentials for information`
	`276`	`+ """`
	`277`	`+ inquire_cred(creds, name=True, lifetime=True, usage=True, mechs=True)`
	`278`	`+ Inspect credentials for information.`
`268`	`279`
`269`	`280`	This method inspects a :class:`Creds` object for information.
`270`	`281`
`@@ -343,10 +354,14 @@ def inquire_cred(Creds creds not None, name=True, lifetime=True, usage=True,`
`343`	`354`	`def inquire_cred_by_mech(Creds creds not None, OID mech not None,`
`344`	`355`	`name=True, init_lifetime=True,`
`345`	`356`	`accept_lifetime=True, usage=True):`
`346`		`- """Inspect credentials for mechanism-specific`
	`357`	`+ """`
	`358`	`+ inquire_cred_by_mech(creds, mech, name=True, init_lifetime=True, \`
	`359`	`+accept_lifetime=True, usage=True)`
	`360`	`+ Inspect credentials for mechanism-specific information.`
`347`	`361`
`348`	`362`	This method inspects a :class:`Creds` object for information
`349`		`- specific to a particular mechanism.`
	`363`	`+ specific to a particular mechanism. It functions similarly`
	`364`	+ to :func:`inquire_cred`.
`350`	`365`
`351`	`366`	`Args:`
`352`	`367`	`creds (Creds): the credentials to inspect`

`‎gssapi/raw/ext_cred_imp_exp.pyx`

Lines changed: 7 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -22,9 +22,11 @@ cdef extern from "python_gssapi_ext.h":`
`22`	`22`
`23`	`23`
`24`	`24`	`def export_cred(Creds creds not None):`
`25`		`- """Export GSSAPI credentials object`
	`25`	`+ """`
	`26`	`+ export_cred(creds)`
	`27`	`+ Export GSSAPI credentials.`
`26`	`28`
`27`		`- This method exports a GSSSAPI credentials object into a token`
	`29`	`+ This method exports GSSSAPI credentials into a token`
`28`	`30`	`which may be transmitted between different processes.`
`29`	`31`
`30`	`32`	`Args:`
`@@ -54,7 +56,9 @@ def export_cred(Creds creds not None):`
`54`	`56`
`55`	`57`
`56`	`58`	`def import_cred(token not None):`
`57`		`- """Import GSSAPI credentials from a token`
	`59`	`+ """`
	`60`	`+ import_cred(token)`
	`61`	`+ Import GSSAPI credentials from a token.`
`58`	`62`
`59`	`63`	`This method imports a credentials object from a token`
`60`	`64`	previously exported by :func:`export_cred`.

`‎gssapi/raw/ext_cred_store.pyx`

Lines changed: 13 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -95,7 +95,10 @@ cdef void c_free_key_value_set(gss_key_value_set_desc *kvset):`
`95`	`95`
`96`	`96`	`def acquire_cred_from(dict store=None, Name name=None, lifetime=None,`
`97`	`97`	`mechs=None, usage='both'):`
`98`		`- """Acquire credentials from the given store`
	`98`	`+ """`
	`99`	`+ acquire_cred_from(store=None, name=None, lifetime=None, mechs=None, \`
	`100`	`+usage='both')`
	`101`	`+ Acquire credentials from the given store.`
`99`	`102`
`100`	`103`	`This method acquires credentials from the store specified by the`
`101`	`104`	`given credential store information.`
`@@ -183,12 +186,15 @@ def add_cred_from(dict store, Creds input_creds,`
`183`	`186`	`Name name not None, OID mech not None,`
`184`	`187`	`usage='both', init_lifetime=None,`
`185`	`188`	`accept_lifetime=None):`
`186`		`- """Acquire credentials to add to the current set from the given store`
	`189`	`+ """`
	`190`	`+ add_cred_from(store, input_creds, name, mech, usage='both', \`
	`191`	`+init_lifetime=None, accept_lifetime=None)`
	`192`	`+ Acquire credentials to add to the current set from the given store.`
`187`	`193`
`188`	`194`	This method works like :func:`acquire_cred_from`, except that it
`189`	`195`	`adds the acquired credentials for a single mechanism to a copy of`
`190`	`196`	`the current set, instead of creating a new set for multiple mechanisms.`
`191`		- Unlike :meth:`acquire`, you cannot pass None desired name or
	`197`	+ Unlike :func:`acquire_cred`, you cannot pass None for the desired name or
`192`	`198`	`mechanism.`
`193`	`199`
`194`	`200`	`The credential store information is a dictionary containing`
`@@ -273,7 +279,10 @@ def add_cred_from(dict store, Creds input_creds,`
`273`	`279`	`def store_cred_into(dict store, Creds creds not None,`
`274`	`280`	`usage='both', OID mech=None, bint overwrite=False,`
`275`	`281`	`bint set_default=False):`
`276`		`- """Store credentials to the given store`
	`282`	`+ """`
	`283`	`+ store_cred_into(store, creds, usage='both', mech=None, overwrite=False, \`
	`284`	`+set_default=False)`
	`285`	`+ Store credentials into the given store.`
`277`	`286`
`278`	`287`	`This method stores the given credentials into the store specified`
`279`	`288`	`by the given store information. They may then be retrieved later using`

`‎gssapi/raw/ext_dce.pyx`

Lines changed: 35 additions & 19 deletions

Original file line number	Diff line number	Diff line change
`@@ -91,6 +91,7 @@ IOVBuffer = namedtuple('IOVBuffer', ['type', 'allocate', 'value'])`
`91`	`91`
`92`	`92`
`93`	`93`	`cdef class IOV:`
	`94`	`+ """A GSSAPI IOV"""`
`94`	`95`	`# defined in ext_dce.pxd`
`95`	`96`
`96`	`97`	`# cdef int iov_len`
`@@ -304,24 +305,28 @@ cdef class IOV:`
`304`	`305`	`def wrap_iov(SecurityContext context not None, IOV message not None,`
`305`	`306`	`confidential=True, qop=None):`
`306`	`307`	`"""`
`307`		`- Wrap/Encrypt an IOV message`
	`308`	`+ wrap_iov(context, message, confidential=True, qop=None)`
	`309`	`+ Wrap/Encrypt an IOV message.`
`308`	`310`
`309`	`311`	`This method wraps or encrypts an IOV message. The allocate`
`310`		- parameter of the :class:`IOVBuffer` indicates whether or
`311`		`- not that particular buffer should be automatically allocated`
`312`		`- (for use with padding, header, and trailer buffers).`
	`312`	+ parameter of the :class:`IOVBuffer` objects in the :class:`IOV`
	`313`	`+ indicates whether or not that particular buffer should be`
	`314`	`+ automatically allocated (for use with padding, header, and`
	`315`	`+ trailer buffers).`
	`316`	`+`
	`317`	`+ Warning:`
	`318`	+ This modifies the input :class:`IOV`.
`313`	`319`
`314`	`320`	`Args:`
`315`	`321`	`context (SecurityContext): the current security context`
`316`		- message (list): a list of :class:`IOVBuffer` objects
	`322`	+ message (IOV): an :class:`IOV` containing the message
`317`	`323`	`confidential (bool): whether or not to encrypt the message (True),`
`318`	`324`	`or just wrap it with a MIC (False)`
`319`	`325`	`qop (int): the desired Quality of Protection`
`320`	`326`	`(or None for the default QoP)`
`321`	`327`
`322`	`328`	`Returns:`
`323`		`- WrapResult: the wrapped/encrypted message (IOV list), and`
`324`		`- whether or not encryption was actually used`
	`329`	`+ bool: whether or not confidentiality was actually used`
`325`	`330`
`326`	`331`	`Raises:`
`327`	`332`	`GSSError`
`@@ -348,26 +353,31 @@ def wrap_iov(SecurityContext context not None, IOV message not None,`
`348`	`353`
`349`	`354`	`def unwrap_iov(SecurityContext context not None, IOV message not None):`
`350`	`355`	`"""`
`351`		`- Unwrap/Decrypt an IOV message`
	`356`	`+ unwrap_iov(context, message)`
	`357`	`+ Unwrap/Decrypt an IOV message.`
`352`	`358`
`353`		`- This method unwraps or decrypts an IOV message. The allocate`
`354`		- parameter of the :class:`IOVBuffer` indicates whether or
`355`		`- not that particular buffer should be automatically allocated`
`356`		`- (for use with padding, header, and trailer buffers).`
	`359`	`+ This method uwraps or decrypts an IOV message. The allocate`
	`360`	+ parameter of the :class:`IOVBuffer` objects in the :class:`IOV`
	`361`	`+ indicates whether or not that particular buffer should be`
	`362`	`+ automatically allocated (for use with padding, header, and`
	`363`	`+ trailer buffers).`
`357`	`364`
`358`	`365`	`As a special case, you may pass an entire IOV message`
`359`	`366`	`as a single 'stream'. In this case, pass a buffer type`
`360`	`367`	of :attr:`IOVBufferType.stream` followed by a buffer type of
`361`	`368`	:attr:`IOVBufferType.data`. The former should contain the
`362`	`369`	`entire IOV message, while the latter should be empty.`
`363`	`370`
	`371`	`+ Warning:`
	`372`	+ This modifies the input :class:`IOV`.
	`373`	`+`
`364`	`374`	`Args:`
`365`	`375`	`context (SecurityContext): the current security context`
`366`		- message (list): a list of :class:`IOVBuffer` objects
	`376`	+ message (IOV): an :class:`IOV` containing the message
`367`	`377`
`368`	`378`	`Returns:`
`369`		`- UnwrapResult: the unwrapped/decrypted message, whether or not`
`370`		`- encryption was used, and the QoP used`
	`379`	`+ IOVUnwrapResult: whether or not confidentiality was used,`
	`380`	`+ and the QoP used.`
`371`	`381`
`372`	`382`	`Raises:`
`373`	`383`	`GSSError`
`@@ -393,7 +403,8 @@ def unwrap_iov(SecurityContext context not None, IOV message not None):`
`393`	`403`	`def wrap_iov_length(SecurityContext context not None, IOV message not None,`
`394`	`404`	`confidential=True, qop=None):`
`395`	`405`	`"""`
`396`		`- Appropriately size padding, trailer, and header IOV buffers`
	`406`	`+ wrap_iov_length(context, message, confidential=True, qop=None)`
	`407`	`+ Appropriately size padding, trailer, and header IOV buffers.`
`397`	`408`
`398`	`409`	`This method sets the length values on the IOV buffers. You`
`399`	`410`	`should already have data provided for the data (and sign-only)`
`@@ -402,9 +413,12 @@ def wrap_iov_length(SecurityContext context not None, IOV message not None,`
`402`	`413`	`In Python terms, this will result in an appropriately sized`
`403`	`414`	`bytes` object consisting of all zeros.
`404`	`415`
	`416`	`+ Warning:`
	`417`	+ This modifies the input :class:`IOV`.
	`418`	`+`
`405`	`419`	`Args:`
`406`	`420`	`context (SecurityContext): the current security context`
`407`		- message (list): a list of :class:`IOVBuffer` objects
	`421`	+ message (IOV): an :class:`IOV` containing the message
`408`	`422`
`409`	`423`	`Returns:`
`410`	`424`	WrapResult: a list of :class:IOVBuffer` objects, and whether or not
`@@ -437,7 +451,8 @@ def wrap_iov_length(SecurityContext context not None, IOV message not None,`
`437`	`451`	`def wrap_aead(SecurityContext context not None, bytes message not None,`
`438`	`452`	`bytes associated=None, confidential=True, qop=None):`
`439`	`453`	`"""`
`440`		`- Wrap/Encrypt an AEAD Message`
	`454`	`+ wrap_aead(context, message, associated=None, confidential=True, qop=None)`
	`455`	`+ Wrap/Encrypt an AEAD message.`
`441`	`456`
`442`	`457`	`This method takes an input message and associated data,`
`443`	`458`	`and outputs and AEAD message.`
`@@ -492,7 +507,8 @@ def wrap_aead(SecurityContext context not None, bytes message not None,`
`492`	`507`	`def unwrap_aead(SecurityContext context not None, bytes message not None,`
`493`	`508`	`bytes associated=None):`
`494`	`509`	`"""`
`495`		`- Unwrap/Decrypt an AEAD Message`
	`510`	`+ unwrap_aead(context, message, associated=None)`
	`511`	`+ Unwrap/Decrypt an AEAD message.`
`496`	`512`
`497`	`513`	`This method takes an encrpyted/wrapped AEAD message and some associated`
`498`	`514`	`data, and returns an unwrapped/decrypted message.`

`‎gssapi/raw/ext_iov_mic.pyx`

Lines changed: 15 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -34,15 +34,19 @@ IOV.AUTO_ALLOC_BUFFERS.add(IOVBufferType.mic_token)`
`34`	`34`	`def get_mic_iov(SecurityContext context not None, IOV message not None,`
`35`	`35`	`qop=None):`
`36`	`36`	`"""`
`37`		`- Generate MIC tokens for the given IOV message`
	`37`	`+ get_mic_iov(context, message, qop=None)`
	`38`	`+ Generate MIC tokens for the given IOV message.`
`38`	`39`
`39`	`40`	`This method generates a MIC token for the given IOV message, and places it`
`40`	`41`	in the :attr:`IOVBufferType.mic_token` buffer in the IOV. This method
`41`	`42`	`operates entirely in-place, and returns nothing.`
`42`	`43`
	`44`	`+ Warning:`
	`45`	+ This modifies the input :class:`IOV`.
	`46`	`+`
`43`	`47`	`Args:`
`44`	`48`	`context (SecurityContext): the current security context`
`45`		- message (list): a list of :class:`IOVBuffer` objects
	`49`	+ message (IOV): the :class:`IOV` containing the message
`46`	`50`	`qop (int): the desired Quality of Protection`
`47`	`51`	`(or None for the default QoP)`
`48`	`52`
`@@ -70,14 +74,18 @@ def get_mic_iov(SecurityContext context not None, IOV message not None,`
`70`	`74`	`def get_mic_iov_length(SecurityContext context not None, IOV message not None,`
`71`	`75`	`qop=None):`
`72`	`76`	`"""`
`73`		`- Allocate space for the MIC buffer in the given IOV message`
	`77`	`+ get_mic_iov_length(context, message, qop=None)`
	`78`	`+ Allocate space for the MIC buffer in the given IOV message.`
`74`	`79`
`75`	`80`	`This method allocates space for the MIC token buffer`
`76`	`81`	(:attr:`IOVBufferType.mic_token`) in the given IOV message.
`77`	`82`
	`83`	`+ Warning:`
	`84`	+ This modifies the input :class:`IOV`.
	`85`	`+`
`78`	`86`	`Args:`
`79`	`87`	`context (SecurityContext): the current security context`
`80`		- message (list): a list of :class:`IOVBuffer` objects
	`88`	+ message (IOV): the :class:`IOV` containing the message
`81`	`89`	`qop (int): the desired Quality of Protection`
`82`	`90`	`(or None for the default QoP)`
`83`	`91`
`@@ -105,15 +113,16 @@ def get_mic_iov_length(SecurityContext context not None, IOV message not None,`
`105`	`113`	`def verify_mic_iov(SecurityContext context not None, IOV message not None,`
`106`	`114`	`qop=None):`
`107`	`115`	`"""`
`108`		`- Verify that the MIC matches the data in the given IOV message`
	`116`	`+ verify_mic_iov(context, message, qop=None)`
	`117`	`+ Verify that the MIC matches the data in the given IOV message.`
`109`	`118`
`110`	`119`	`This method verifies that the MIC token in the MIC buffer`
`111`	`120`	(:attr:`IOVBufferType.mic_token`) match the data buffer(s)
`112`	`121`	`in the given IOV method.`
`113`	`122`
`114`	`123`	`Args:`
`115`	`124`	`context (SecurityContext): the current security context`
`116`		- message (list): a list of :class:`IOVBuffer` objects
	`125`	+ message (IOV): the :class:`IOV` containing the message
`117`	`126`
`118`	`127`	`Returns:`
`119`	`128`	`int: the QoP used to generate the MIC token`

`‎gssapi/raw/ext_password.pyx`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -30,11 +30,15 @@ cdef extern from "python_gssapi_ext.h":`
`30`	`30`	`def acquire_cred_with_password(Name name not None, password not None,`
`31`	`31`	`lifetime=None, mechs=None, usage="initiate"):`
`32`	`32`	`"""`
	`33`	`+ acquire_cred_with_password(name, password, lifetime=None, mechs=None, \`
	`34`	`+usage="initiate")`
`33`	`35`	`Acquire credentials through provided password.`
`34`	`36`
`35`	`37`	`This function is originally from Solaris and is not documented by either`
`36`	`38`	`MIT or Heimdal.`
`37`	`39`
	`40`	+ In general, it functions similarly to :func:`acquire_cred`.
	`41`	`+`
`38`	`42`	`Args:`
`39`	`43`	`name (Name): the name to acquire credentials for`
`40`	`44`	`password (bytes): the password used to acquire credentialss with`

`‎gssapi/raw/ext_password_add.pyx`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -37,11 +37,15 @@ def add_cred_with_password(Creds input_cred not None, Name name not None,`
`37`	`37`	`accept_lifetime=None):`
`38`	`38`
`39`	`39`	`"""`
	`40`	`+ add_cred_with_password(input_cred, name, mech, password, \`
	`41`	`+usage='initiate', init_lifetime=None, accept_lifetime=None)`
`40`	`42`	`Add a credential-element to a credential using provided password.`
`41`	`43`
`42`	`44`	`This function is originally from Solaris and is not documented by either`
`43`	`45`	`MIT or Heimdal.`
`44`	`46`
	`47`	+ In general, it functions similarly to :func:`add_cred`.
	`48`	`+`
`45`	`49`	`Args:`
`46`	`50`	`input_cred (Creds): the credentials to add to`
`47`	`51`	`name (Name): the name to acquire credentials for`

`‎gssapi/raw/ext_rfc5588.pyx`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,10 @@ cdef extern from "python_gssapi.h":`
`24`	`24`
`25`	`25`	`def store_cred(Creds creds not None, usage='both', OID mech=None,`
`26`	`26`	`bint overwrite=False, bint set_default=False):`
`27`		`- """Store credentials to the default store`
	`27`	`+ """`
	`28`	`+ store_cred(creds, usage='both', mech=None, overwrite=False, \`
	`29`	`+set_default=False)`
	`30`	`+ Store credentials into the default store.`
`28`	`31`
`29`	`32`	`This method stores the given credentials into the default store.`
`30`	`33`	They may then be retrieved later using :func:`acquire_cred`.

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 2572d5d

File tree

17 files changed

17 files changed

`‎docs/source/gssapi.raw.rst`

`‎gssapi/raw/creds.pyx`

`‎gssapi/raw/ext_cred_imp_exp.pyx`

`‎gssapi/raw/ext_cred_store.pyx`

`‎gssapi/raw/ext_dce.pyx`

`‎gssapi/raw/ext_iov_mic.pyx`

`‎gssapi/raw/ext_password.pyx`

`‎gssapi/raw/ext_password_add.pyx`

`‎gssapi/raw/ext_rfc5588.pyx`

0 commit comments