Store session cookie in a ccache option

Instead of using the kernel keyring, store the session cookie within the
ccache. This way kdestroy will really wipe away all credentials.

Ticket: https://pagure.io/freeipa/issue/6661

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>

1 files changed, 37 insertions, 0 deletions

diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py
new file mode 100644
index 000000000..a89fdd97e
--- /dev/null
+++ b/ipatests/test_ipapython/test_session_storage.py
@@ -0,0 +1,37 @@
+#
+# Copyright (C) 2017  FreeIPA Contributors see COPYING for license
+#
+
+"""
+Test the `session_storage.py` module.
+"""
+
+from ipapython import session_storage
+
+
+class test_session_storage(object):
+    """
+    Test the session storage interface
+    """
+
+    def setup(self):
+        # TODO: set up test user and kinit to it
+        # tmpdir = tempfile.mkdtemp(prefix = "tmp-")
+        # os.environ['KRB5CCNAME'] = 'FILE:%s/ccache' % tmpdir
+        self.principal = 'admin'
+        self.key = 'X-IPA-test-session-storage'
+        self.data = 'Test Data'
+
+    def test_01(self):
+        session_storage.store_data(self.principal, self.key, self.data)
+
+    def test_02(self):
+        data = session_storage.get_data(self.principal, self.key)
+        assert(data == self.data)
+
+    def test_03(self):
+        session_storage.remove_data(self.principal, self.key)
+        try:
+            session_storage.get_data(self.principal, self.key)
+        except session_storage.KRB5Error:
+            pass