[Freeipa-devel] [PATCH] Port from python-kerberos library to python-gssapi
Christian Heimes
cheimes at redhat.com
Tue Jul 21 12:23:06 UTC 2015
On 2015-07-21 14:02, Michael Simacek wrote:
> Hi,
>
> This is a first part of my effort to port FreeIPA from Python3-incompatible
> Kerberos libraries to python-gssapi. This patch should replace python-kerberos
> with python-gssapi (both use C GSSAPI behind the scenes).
> def _handle_exception(self, e, service=None):
> - (major, minor) = ipautil.get_gsserror(e)
> - if minor[1] == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN:
> + # kerberos library coerced error codes to signed, gssapi uses unsigned
> + minor = e.min_code - (1 << 32)
> + if minor == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN:
The unsigned to sign conversion is not correct. Although it doesn't make
a difference here, please use the technical correct way:
minor = e.min_code
if minor & (1 << 31):
minor -= 1 << 32
or if you prefer hex:
if minor & 0x80000000:
minor -= 0x100000000
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150721/ccf27e14/attachment.sig>
More information about the Freeipa-devel
mailing list