Skip to content

Commit 21e2da6

Browse files
frozencemeteryfrozencemetery
committed
Raise exception on unknown usage
Previously, we defaulted to conservatively assuming BOTH for usage type when it wasn't obviously INITIATE or ACCEPT. In most simple cases, this will cause invalid values to behave as the user intended. However, it may cause mysterious failures in more complex cases. Err on the side of caution and raise ValueError when we can't determine the intented usage. Resolves: #202
1 parent 2d40e2b commit 21e2da6

File tree

6 files changed

+40
-10
lines changed

6 files changed

+40
-10
lines changed

gssapi/raw/creds.pyx

+8-2
Original file line numberDiff line numberDiff line change
@@ -131,8 +131,11 @@ def acquire_cred(Name name=None, lifetime=None, mechs=None, usage='both'):
131131
c_usage = GSS_C_INITIATE
132132
elif usage == 'accept':
133133
c_usage = GSS_C_ACCEPT
134-
else:
134+
elif usage == 'both':
135135
c_usage = GSS_C_BOTH
136+
else:
137+
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
138+
'"initiate", "accept", and "both"')
136139

137140
cdef gss_cred_id_t creds
138141
cdef gss_OID_set actual_mechs
@@ -227,8 +230,11 @@ accept_lifetime=None, mutate_input=False)
227230
c_usage = GSS_C_INITIATE
228231
elif usage == 'accept':
229232
c_usage = GSS_C_ACCEPT
230-
else: # usage == 'both'
233+
elif usage == 'both':
231234
c_usage = GSS_C_BOTH
235+
else:
236+
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
237+
'"initiate", "accept", and "both"')
232238

233239
cdef gss_cred_id_t raw_input_cred
234240
if input_cred is not None:

gssapi/raw/ext_cred_store.pyx

+12-3
Original file line numberDiff line numberDiff line change
@@ -147,8 +147,11 @@ usage='both')
147147
c_usage = GSS_C_INITIATE
148148
elif usage == 'accept':
149149
c_usage = GSS_C_ACCEPT
150-
else:
150+
elif usage == 'both':
151151
c_usage = GSS_C_BOTH
152+
else:
153+
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
154+
'"initiate", "accept", and "both"')
152155

153156
cdef gss_key_value_set_desc *c_store
154157
if store is not None:
@@ -232,8 +235,11 @@ init_lifetime=None, accept_lifetime=None)
232235
c_usage = GSS_C_INITIATE
233236
elif usage == 'accept':
234237
c_usage = GSS_C_ACCEPT
235-
else:
238+
elif usage == 'both':
236239
c_usage = GSS_C_BOTH
240+
else:
241+
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
242+
'"initiate", "accept", and "both"')
237243

238244
cdef gss_name_t c_name = name.raw_name
239245
cdef gss_OID c_mech = &mech.raw_oid
@@ -325,8 +331,11 @@ set_default=False)
325331
c_usage = GSS_C_INITIATE
326332
elif usage == 'accept':
327333
c_usage = GSS_C_ACCEPT
328-
else:
334+
elif usage == 'both':
329335
c_usage = GSS_C_BOTH
336+
else:
337+
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
338+
'"initiate", "accept", and "both"')
330339

331340
cdef gss_key_value_set_desc *c_store
332341
if store is not None:

gssapi/raw/ext_password.pyx

+4-1
Original file line numberDiff line numberDiff line change
@@ -74,8 +74,11 @@ usage="initiate")
7474
c_usage = GSS_C_INITIATE
7575
elif usage == "accept":
7676
c_usage = GSS_C_ACCEPT
77-
else:
77+
elif usage == 'both':
7878
c_usage = GSS_C_BOTH
79+
else:
80+
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
81+
'"initiate", "accept", and "both"')
7982

8083
cdef gss_cred_id_t creds
8184
cdef gss_OID_set actual_mechs

gssapi/raw/ext_password_add.pyx

+4-1
Original file line numberDiff line numberDiff line change
@@ -78,8 +78,11 @@ usage='initiate', init_lifetime=None, accept_lifetime=None)
7878
c_usage = GSS_C_INITIATE
7979
elif usage == "accept":
8080
c_usage = GSS_C_ACCEPT
81-
else:
81+
elif usage == 'both':
8282
c_usage = GSS_C_BOTH
83+
else:
84+
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
85+
'"initiate", "accept", and "both"')
8386

8487
cdef OM_uint32 input_initiator_ttl = c_py_ttl_to_c(init_lifetime)
8588
cdef OM_uint32 input_acceptor_ttl = c_py_ttl_to_c(accept_lifetime)

gssapi/raw/ext_rfc5588.pyx

+4-1
Original file line numberDiff line numberDiff line change
@@ -63,8 +63,11 @@ set_default=False)
6363
c_usage = GSS_C_INITIATE
6464
elif usage == 'accept':
6565
c_usage = GSS_C_ACCEPT
66-
else:
66+
elif usage == 'both':
6767
c_usage = GSS_C_BOTH
68+
else:
69+
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
70+
'"initiate", "accept", and "both"')
6871

6972
cdef gss_cred_id_t c_creds = creds.raw_creds
7073

gssapi/raw/ext_s4u.pyx

+8-2
Original file line numberDiff line numberDiff line change
@@ -84,8 +84,11 @@ mechs=None, usage='initiate')
8484
c_usage = GSS_C_INITIATE
8585
elif usage == 'accept':
8686
c_usage = GSS_C_ACCEPT
87-
else:
87+
elif usage == 'both':
8888
c_usage = GSS_C_BOTH
89+
else:
90+
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
91+
'"initiate", "accept", and "both"')
8992

9093
cdef gss_cred_id_t creds
9194
cdef gss_OID_set actual_mechs
@@ -162,8 +165,11 @@ usage='initiate', init_lifetime=None, accept_lifetime=None)
162165
c_usage = GSS_C_INITIATE
163166
elif usage == 'accept':
164167
c_usage = GSS_C_ACCEPT
165-
else:
168+
elif usage == 'both':
166169
c_usage = GSS_C_BOTH
170+
else:
171+
raise ValueError(f'Invalid usage "{usage}" - permitted values are '
172+
'"initiate", "accept", and "both"')
167173

168174
cdef gss_cred_id_t raw_input_cred
169175
if input_cred is not None:

0 commit comments

Comments
 (0)