Fix session cookies

The CLI was not using session cookies for communication with IPA API.
The kernel_keyring code was expecting the keyname to be a string, but
in python 2 a unicode was supplied (the key is built using
ipa_session_cookie:%principal and principal is a unicode).

The patch fixes the assertions, allowing to store and retrieve the cookie.
It also adds a test with unicode key name.

https://fedorahosted.org/freeipa/ticket/5984

Reviewed-By: Petr Spacek <pspacek@redhat.com>

2 files changed, 23 insertions, 7 deletions

diff --git a/ipapython/kernel_keyring.py b/ipapython/kernel_keyring.py
index ed4868a9d..651fd7086 100644
--- a/ipapython/kernel_keyring.py
+++ b/ipapython/kernel_keyring.py
@@ -18,6 +18,7 @@
 #
 
 import os
+import six
 
 from ipapython.ipautil import run
 
@@ -45,7 +46,7 @@ def get_real_key(key):
     One cannot request a key based on the description it was created with
     so find the one we're looking for.
     """
-    assert isinstance(key, str)
+    assert isinstance(key, six.string_types)
     result = run(['keyctl', 'search', KEYRING, KEYTYPE, key],
                  raiseonerr=False, capture_output=True)
     if result.returncode:
@@ -53,7 +54,7 @@ def get_real_key(key):
     return result.raw_output.rstrip()
 
 def get_persistent_key(key):
-    assert isinstance(key, str)
+    assert isinstance(key, six.string_types)
     result = run(['keyctl', 'get_persistent', KEYRING, key],
                  raiseonerr=False, capture_output=True)
     if result.returncode:
@@ -73,7 +74,7 @@ def has_key(key):
     """
     Returns True/False whether the key exists in the keyring.
     """
-    assert isinstance(key, str)
+    assert isinstance(key, six.string_types)
     try:
         get_real_key(key)
         return True
@@ -86,7 +87,7 @@ def read_key(key):
 
     Use pipe instead of print here to ensure we always get the raw data.
     """
-    assert isinstance(key, str)
+    assert isinstance(key, six.string_types)
     real_key = get_real_key(key)
     result = run(['keyctl', 'pipe', real_key], raiseonerr=False,
                  capture_output=True)
@@ -99,7 +100,7 @@ def update_key(key, value):
     """
     Update the keyring data. If they key doesn't exist it is created.
     """
-    assert isinstance(key, str)
+    assert isinstance(key, six.string_types)
     assert isinstance(value, bytes)
     if has_key(key):
         real_key = get_real_key(key)
@@ -114,7 +115,7 @@ def add_key(key, value):
     """
     Add a key to the kernel keyring.
     """
-    assert isinstance(key, str)
+    assert isinstance(key, six.string_types)
     assert isinstance(value, bytes)
     if has_key(key):
         raise ValueError('key %s already exists' % key)
@@ -127,7 +128,7 @@ def del_key(key):
     """
     Remove a key from the keyring
     """
-    assert isinstance(key, str)
+    assert isinstance(key, six.string_types)
     real_key = get_real_key(key)
     result = run(['keyctl', 'unlink', real_key, KEYRING],
                  raiseonerr=False)
diff --git a/ipatests/test_ipapython/test_keyring.py b/ipatests/test_ipapython/test_keyring.py
index e22841c8f..c81e6d95f 100644
--- a/ipatests/test_ipapython/test_keyring.py
+++ b/ipatests/test_ipapython/test_keyring.py
@@ -28,6 +28,7 @@ import pytest
 pytestmark = pytest.mark.tier0
 
 TEST_KEY = 'ipa_test'
+TEST_UNICODEKEY = u'ipa_unicode'
 TEST_VALUE = b'abc123'
 UPDATE_VALUE = b'123abc'
 
@@ -49,6 +50,10 @@ class test_keyring(object):
             kernel_keyring.del_key(SIZE_256)
         except ValueError:
             pass
+        try:
+            kernel_keyring.del_key(TEST_UNICODEKEY)
+        except ValueError:
+            pass
 
     def test_01(self):
         """
@@ -150,3 +155,13 @@ class test_keyring(object):
         assert(result == SIZE_1024.encode('ascii'))
 
         kernel_keyring.del_key(TEST_KEY)
+
+    def test_10(self):
+        """
+        Test a unicode key
+        """
+        kernel_keyring.add_key(TEST_UNICODEKEY, TEST_VALUE)
+        result = kernel_keyring.read_key(TEST_UNICODEKEY)
+        assert(result == TEST_VALUE)
+
+        kernel_keyring.del_key(TEST_UNICODEKEY)