-
Notifications
You must be signed in to change notification settings - Fork 52
Expose mechanisms in the high-level API #126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💪
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
don't put this here, just put it in the method definitions
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use requires-ext to indicate RFC and extension requirements (e.g. https://github.com/cipherboy/python-gssapi/blob/4f91022e61a1e3c948313e4e4618dc92436183d6/gssapi/creds.py#L162)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(done)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
while you're doing updates, remove the "; depends on RFC 5801" -- just the requires-ext tag below is fine.
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpicky: "A GSSAPI Mechanism"
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we definitely should fix this before merging...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
because it's a C-based object, you actually need to override at least __new__ (and then __init__ if you want -- see the other objects in the high-level API).
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
... mech: cls(cpy=mech)...
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We've generally opted to avoid caching unless necessary, so you should add a comment on why the caching is useful.
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
self._saslname.sasl_mech_name
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(don't call the method and then rely on the cache directly -- just use whatever is returned from the method/property)
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
make this a property, and then use it as such.
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cls(m)
387543c to
acc28ca
Compare
Thanks for the detailed review and the help tracking those issues down yesterday. :)
I added inquire_mechs_for_name() support as a missing mechanism-related function.
TODO:
(削除) Python 2/3strhandling. (削除ここまで)(削除) Fallback mech names for pretty printing (削除ここまで)mech_attrs
Hardcoding anything with a standard is fine in principle, but kind of defeats the point of calling into the GSSAPI there at all... I'm not decided on that.
On second thought, I don't know if there is value to this. Both MIT and Heimdal support the RFC 5801 extensions, so mech_name will be available under both. Instead, I'd just make this PR conditional on RFC 5801 landing.
9dc24ac to
afd68bf
Compare
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove this call entirely. I don't think we want to fall back to hard-coded stuff anyway.
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should look like <Mechanism Foo (1.2.3.4)> or just <Mechanism (1.2.3.4)> query_saslname is unavailable
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
redundant call
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
collapse to (cls(mech) for mech in metchs)
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use isinstance
5f46d74 to
44a0071
Compare
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since dotted_form returns a string, this needs to be cast to bytes for python2 compatibility. However, python3 forces two arguments to bytes, one of which is the encoding. Suggestions on how to make this better?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it should be fine as
if isinstance(base, six.text_type): base = base.encode(_utils._get_encoding())
44a0071 to
ac7776e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
comments on the __bytes__ changes, otherwise seems good.
gssapi/raw/oids.pyx
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
err... why is this necessary? Why not just leave it as __bytes__?
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm... I'd just leave __bytes__ as-is. Let in inherit from the low-level API for compatibility with OIDs -- some things might expect OID bytes when calling __bytes__ -- we shouldn't change that part of the API just because you're working Mechanisms.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
then put the "string form as bytes" in a separate private method (like _byte_desc).
e40a67f to
9566a39
Compare
Okie dokie, this is updated as well. In retrospect, not changing the __bytes__ interface was probably a good idea. :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a few more nits.
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it should be fine as
if isinstance(base, six.text_type): base = base.encode(_utils._get_encoding())
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
while you're doing updates, remove the "; depends on RFC 5801" -- just the requires-ext tag below is fine.
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The pattern we generally use here is
if isinstance(name, six.text_type): name = name.encode(_utils._get_encoding())
See the gssapi/names.py (at the bottom) for example
gssapi/tests/test_high_level.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is a fairly fragile line here. I'd just remove it, unless the SASL names are guaranteed to not begin with "<"...
gssapi/tests/test_high_level.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(len(from_desired) + len(from_except)).should_be(c) so we get a good error message like len(from_desired) + len(from_except) should be 37.
gssapi/raw/oids.pyx
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this doesn't seem to be needed any more
When constructing via a the cpy parameter, cpy would maintain ownership; if cpy._free_on_dealloc was set to true, the new object could have memory freed while still maintaining a reference to it. This fixes the issue by having the new object take ownership. To perform a memory copy, use the elements argument to the constructor. Signed-off-by: Alexander Scheel <ascheel@redhat.com>
This introduces a new property, dotted_form, for querying the dotted form of the OID. Signed-off-by: Alexander Scheel <ascheel@redhat.com>
bc994a6 to
c8e80b1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor nits (mostly doc-related) inline, otherwise looks good
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should probably be name_types, to be clearer -- we use the term name_type elsewhere in the high-level API
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can remove depends on RFC 5801, since you have the requires-ext tag.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto for the cases below
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, should've caught those sooner if I were thinking when I updated the PR.
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should document what form an "attribute" takes.
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no need for the explicit signature here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto below
gssapi/mechs.py
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
link to indicate_mechs_by_attrs using the correct documentation tag (IIRC, it's something like :func:).
This creates a new class, Mechanism, for inquiring information about a mechanism. This includes support for RFCs 5587 and 5801. As Mechanism derives from OID, it is compatible with all places that accept a mech by OID. Signed-off-by: Alexander Scheel <ascheel@redhat.com> Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
c8e80b1 to
535e67a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Leaving this open as I'm not sure if this is the desired format.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Per IRC discussion with @DirectXMan12 this appears to be in the correct format.
@DirectXMan12 -- any new feedback would be appreciated. :)
@DirectXMan12 friendly bump. 🐈
/me attempts to page this back into RAM
Looks like my last comments were just around docs, so assuming past me's review was fairly thorough (I recall it being so), I'm going to merge this.
Uh oh!
There was an error while loading. Please reload this page.
This creates a new class, Mechanism, for inquiring
information about a mechanism. This includes support
for RFCs 5587 and 5801. As Mechanism derives from OID,
it is compatible with all places that accept a mech
by OID.
Points of discussion (mechs):
(削除) Fallback inmech_name(): what mechs should we support? We could hard-code the three MIT/KRB5 OIDs (krb5/iakerb/spnego) with respective names for the fallback when RFC5801 is missing, but I'd like thoughts on that. (削除ここまで)(削除) Am I missing functions that significantly depend on a OID? (削除ここまで)init_sec_context?(削除) Revising init() -- I wasn't able to get a call tosuper().__init__to work like was done with creds. Thoughts would be appreciated. (削除ここまで)Regarding mech_attrs, I'm not yet sure how I want to handle that.
display_mech_attris about the only useful function I can see that depends on mech_attrs, and querying for a list of mech_attrs isn't trivial--It'd likely involve a call toindicate_mechs+inquire_attrs_for_mechs. I'm not really seeing a use for having mech_attrs as a class. Thoughts?