diff --git a/src/python/sso/__init__.py b/src/python/sso/__init__.py
index 2e9d58e68c26789616bb88cd91a6b3a6571f0014..9015c1f85b9c91968b4381fd822714bee949d3a6 100644
--- a/src/python/sso/__init__.py
+++ b/src/python/sso/__init__.py
@@ -6,12 +6,11 @@ Error = error
# Ticket is just a simple container for ticket attributes.
class Ticket(object):
- def __init__(self, user, service, domain, nonce=None, session_id=None, groups=None, ttl=3600, expires=None):
+ def __init__(self, user, service, domain, nonce=None, groups=None, ttl=3600, expires=None):
self._user = user
self._service = service
self._domain = domain
self._nonce = nonce
- self._session_id = session_id
self._groups = groups
# 'expires' has precedence over 'ttl'.
if expires is None:
@@ -40,9 +39,6 @@ class Ticket(object):
def nonce(self):
return self._nonce
- def session_id(self):
- return self._session_id
-
def groups(self):
return self._groups
@@ -65,7 +61,6 @@ class Signer(object):
t.service(),
t.domain(),
t.nonce(),
- t.session_id(),
t.groups(),
t.ttl(),
)
diff --git a/src/python/sso/sso_python.c b/src/python/sso/sso_python.c
index 7938ee7bccdef394476b4ac9ce5562b52d5be39d..ec647f328a01dd558818a63cf83703987e343c56 100644
--- a/src/python/sso/sso_python.c
+++ b/src/python/sso/sso_python.c
@@ -64,14 +64,11 @@ static PyObject *pysso_create_and_sign_ticket(PyObject *self, PyObject *args,
const char *service = NULL;
const char *domain = NULL;
const char *nonce = NULL;
- const char *session_id = NULL;
PyObject *groups_obj = NULL;
const char **groups = NULL;
int ttl = 3600;
- static char *kwlist[] = {
- "private_key", "user", "service", "domain",
- "nonce", "session_id", "groups", "ttl", NULL
- };
+ static char *kwlist[] = {"private_key", "user", "service", "domain",
+ "nonce", "groups", "ttl", NULL};
PyObject *result_obj = NULL;
sso_ticket_t ticket = NULL;
@@ -80,13 +77,13 @@ static PyObject *pysso_create_and_sign_ticket(PyObject *self, PyObject *args,
if (!PyArg_ParseTupleAndKeywords(args, kwargs,
#if IS_PY3
- "y#sss|zzOi:create_and_sign_ticket",
+ "y#sss|zOi:create_and_sign_ticket",
#else
- "s#sss|zzOi:create_and_sign_ticket",
+ "s#sss|zOi:create_and_sign_ticket",
#endif
kwlist, &priv_key, &priv_key_size, &user,
- &service, &domain, &nonce, &session_id,
- &groups_obj, &ttl)) {
+ &service, &domain, &nonce, &groups_obj,
+ &ttl)) {
return NULL;
}
@@ -99,7 +96,7 @@ static PyObject *pysso_create_and_sign_ticket(PyObject *self, PyObject *args,
groups = parse_groups(groups_obj);
}
- ticket = sso_ticket_new(user, service, domain, nonce, session_id, groups, ttl);
+ ticket = sso_ticket_new(user, service, domain, nonce, groups, ttl);
if (!ticket) {
PyErr_SetString(PyExc_ValueError, "Invalid ticket parameters");
goto fail;
diff --git a/src/sso/sso.c b/src/sso/sso.c
index 8eefd8bea1a0ed71a21bba0fa8b6ac0a8451182d..905e5d9d974ba7e422d58eaddd4d6fc23af42774 100644
--- a/src/sso/sso.c
+++ b/src/sso/sso.c
@@ -62,14 +62,12 @@ static char *strdup_or_null(const char *s) {
sso_ticket_t sso_ticket_new(const char *user, const char *service,
const char *domain, const char *nonce,
- const char *session_id, const char **groups,
- int validity_seconds) {
+ const char **groups, int validity_seconds) {
sso_ticket_t t = (sso_ticket_t)malloc(sizeof(struct sso_ticket));
t->user = strdup_or_null(user);
t->service = strdup_or_null(service);
t->domain = strdup_or_null(domain);
t->nonce = strdup_or_null(nonce);
- t->session_id = strdup_or_null(session_id);
t->groups = group_list_dup(groups);
t->expires = time(NULL) + validity_seconds;
return t;
@@ -88,9 +86,6 @@ void sso_ticket_free(sso_ticket_t t) {
if (t->nonce != NULL) {
free(t->nonce);
}
- if (t->session_id != NULL) {
- free(t->session_id);
- }
if (t->groups != NULL) {
group_list_free(t->groups);
}
@@ -170,7 +165,6 @@ static char *sso_ticket_serialize(sso_ticket_t t) {
r += accum_add_field(&acc, t->service);
r += accum_add_field(&acc, t->domain);
r += accum_add_field(&acc, t->nonce);
- r += accum_add_field(&acc, t->session_id);
r += accum_add_time(&acc, t->expires);
r += accum_add_groups(&acc, t->groups);
if (r < 0) {
@@ -214,8 +208,7 @@ static int sso_ticket_deserialize(sso_ticket_t *t, const char *s, int sz) {
*user = NULL,
*service = NULL,
*domain = NULL,
- *nonce = NULL,
- *session_id = NULL;
+ *nonce = NULL;
char **groups = NULL;
time_t expires = 0;
int err = SSO_OK;
@@ -255,13 +248,10 @@ static int sso_ticket_deserialize(sso_ticket_t *t, const char *s, int sz) {
nonce = token;
break;
case 5:
- session_id = token;
- break;
- case 6:
expires = (time_t)strtol(token, NULL, 10);
free(token);
break;
- case 7:
+ case 6:
groups = group_list_parse(token);
free(token);
break;
@@ -280,12 +270,12 @@ static int sso_ticket_deserialize(sso_ticket_t *t, const char *s, int sz) {
goto fail;
}
- if (field < 7 || field > 8) {
+ if (field < 6 || field > 7) {
err = SSO_ERR_DESERIALIZATION;
goto fail;
}
- *t = sso_ticket_new(user, service, domain, nonce, session_id, (const char **)groups, expires);
+ *t = sso_ticket_new(user, service, domain, nonce, (const char **)groups, expires);
fail:
if (version != NULL)
@@ -298,8 +288,6 @@ static int sso_ticket_deserialize(sso_ticket_t *t, const char *s, int sz) {
free(domain);
if (nonce != NULL)
free(nonce);
- if (session_id != NULL)
- free(session_id);
if (groups != NULL)
group_list_free(groups);
return err;
diff --git a/src/sso/sso.h b/src/sso/sso.h
index 05b3979ebea9fdf45ef7300d8ec068b8fdf17cf6..2794556d98cb43b6a03fd30322712b94952cc88d 100644
--- a/src/sso/sso.h
+++ b/src/sso/sso.h
@@ -7,7 +7,7 @@ extern "C" {
#include <time.h>
-#define SSO_TICKET_VERSION "5"
+#define SSO_TICKET_VERSION "4"
#define SSO_OK 0
#define SSO_ERR_SERIALIZATION -1
@@ -33,7 +33,6 @@ struct sso_ticket {
char *service;
char *domain;
char *nonce;
- char *session_id;
char **groups;
time_t expires;
};
@@ -56,8 +55,7 @@ typedef struct sso_ticket *sso_ticket_t;
*/
sso_ticket_t sso_ticket_new(const char *user, const char *service,
const char *domain, const char *nonce,
- const char *session_id, const char **groups,
- int validity_seconds);
+ const char **groups, int validity_seconds);
/** Free the memory used by a sso_ticket.
*
diff --git a/src/sso/ssotool.c b/src/sso/ssotool.c
index 843d3e045ebccab7a887cb4f1e97276978f08e9c..98607a8c81ef16e3e971f06c1600527dc6bcc43a 100644
--- a/src/sso/ssotool.c
+++ b/src/sso/ssotool.c
@@ -95,7 +95,7 @@ void ssotool_sign(const char *secret_key_file, const char *user,
exit(2);
}
- tkt = sso_ticket_new(user, service, domain, nonce, NULL, NULL, 9600);
+ tkt = sso_ticket_new(user, service, domain, nonce, NULL, 9600);
CHECK_OK(sso_ticket_sign(tkt, secret_key, out, sizeof(out) - 1));
printf("%s\n", out);
}
diff --git a/src/sso/test/sso_unittest.cc b/src/sso/test/sso_unittest.cc
index 93df26ba8dcdedbd7b2e643222d37b204aab34db..4c668574fe31c5c41e6d8051f63495c6c4a6edda 100644
--- a/src/sso/test/sso_unittest.cc
+++ b/src/sso/test/sso_unittest.cc
@@ -139,25 +139,25 @@ struct sign_testdata {
TEST_F(SSO, Sign) {
struct sign_testdata td[] = {
- {sso_ticket_new("user", "service/", "domain", NULL, NULL, NULL, 7200), 0},
+ {sso_ticket_new("user", "service/", "domain", NULL, NULL, 7200), 0},
- {sso_ticket_new(NULL, NULL, NULL, NULL, NULL, NULL, 7200),
+ {sso_ticket_new(NULL, NULL, NULL, NULL, NULL, 7200),
SSO_ERR_MISSING_REQUIRED_FIELD},
- {sso_ticket_new(NULL, "service", "domain", NULL, NULL, NULL, 7200),
+ {sso_ticket_new(NULL, "service", "domain", NULL, NULL, 7200),
SSO_ERR_MISSING_REQUIRED_FIELD},
- {sso_ticket_new("user", NULL, "domain", NULL, NULL, NULL, 7200),
+ {sso_ticket_new("user", NULL, "domain", NULL, NULL, 7200),
SSO_ERR_MISSING_REQUIRED_FIELD},
- {sso_ticket_new("user", "service", NULL, NULL, NULL, NULL, 7200),
+ {sso_ticket_new("user", "service", NULL, NULL, NULL, 7200),
SSO_ERR_MISSING_REQUIRED_FIELD},
- {sso_ticket_new("u|ser", "service/", "domain", NULL, NULL, NULL, 7200),
+ {sso_ticket_new("u|ser", "service/", "domain", NULL, NULL, 7200),
SSO_ERR_INVALID_FIELD},
- {sso_ticket_new("user", "s|ervice/", "domain", NULL, NULL, NULL, 7200),
+ {sso_ticket_new("user", "s|ervice/", "domain", NULL, NULL, 7200),
SSO_ERR_INVALID_FIELD},
- {sso_ticket_new("user", "service/", "d|omain", NULL, NULL, NULL, 7200),
+ {sso_ticket_new("user", "service/", "d|omain", NULL, NULL, 7200),
SSO_ERR_INVALID_FIELD},
- {NULL, 0},
+ {NULL, 0},
};
char buf[1024];
@@ -177,18 +177,21 @@ struct open_testdata {
TEST_F(SSO, Open) {
const char *groups[] = {"users", "wheel", "daemon", NULL};
struct open_testdata td[] = {
- {sign_ticket(sso_ticket_new("user", "service/", "domain", NULL, NULL, NULL, 7200)),
+ {sign_ticket(
+ sso_ticket_new("user", "service/", "domain", NULL, NULL, 7200)),
0},
- {sign_ticket(sso_ticket_new("user", "service/", "domain", NULL, NULL, groups, 7200)),
+ {sign_ticket(
+ sso_ticket_new("user", "service/", "domain", NULL, groups, 7200)),
0},
- {sign_ticket(sso_ticket_new("user", "", "", NULL, NULL, NULL, 7200)), 0},
+ {sign_ticket(sso_ticket_new("user", "", "", NULL, NULL, 7200)), 0},
- {sign_string("42|user|service/|domain|1414402999|"),
+ {sign_string("5|user|service/|domain|1414402999|"),
SSO_ERR_UNSUPPORTED_VERSION},
- {sign_string(SSO_TICKET_VERSION "|definitely not a ticket"), SSO_ERR_DESERIALIZATION},
- {sign_string(SSO_TICKET_VERSION "||||||"), 0},
+ {sign_string("4|definitely not a ticket"), SSO_ERR_DESERIALIZATION},
+ {sign_string("4||||||"), 0},
- {sign_ticket_with_random_key(sso_ticket_new("user", "service/", "domain", NULL, NULL, NULL, 7200)),
+ {sign_ticket_with_random_key(
+ sso_ticket_new("user", "service/", "domain", NULL, NULL, 7200)),
SSO_ERR_BAD_SIGNATURE},
{strdup("not a base64-encoded string"), SSO_ERR_DECODE64},
@@ -232,7 +235,7 @@ TEST_F(SSO, InternalSerializationBufferFull) {
// Ticket with a very big field that should exceed the size of the
// internal serialization buffer.
char *big = big_string();
- sso_ticket_t t = sso_ticket_new(big, "service", "domain", NULL, NULL, NULL, 7200);
+ sso_ticket_t t = sso_ticket_new(big, "service", "domain", NULL, NULL, 7200);
free(big);
EXPECT_EQ(SSO_ERR_SERIALIZATION,
sso_ticket_sign(t, secret_key, buf, sizeof(buf)));
@@ -244,14 +247,14 @@ TEST_F(SSO, InternalSerializationBufferFull) {
for (int i = 0; i < ng; i++)
groups[i] = "aaaaaaaaaaaaaaaa";
groups[ng] = NULL;
- t = sso_ticket_new("user", "service/", "domain", NULL, NULL, groups, 7200);
+ t = sso_ticket_new("user", "service/", "domain", NULL, groups, 7200);
EXPECT_EQ(SSO_ERR_SERIALIZATION,
sso_ticket_sign(t, secret_key, buf, sizeof(buf)));
sso_ticket_free(t);
}
TEST_F(SSO, SerializationOutputBufferFull) {
- sso_ticket_t t = sso_ticket_new("user", "service/", "domain", NULL, NULL, NULL, 7200);
+ sso_ticket_t t = sso_ticket_new("user", "service/", "domain", NULL, NULL, 7200);
// Create a buffer with guard bytes to detect overflow.
char buf[1024];
@@ -297,27 +300,27 @@ TEST_F(SSO, Validation) {
struct validate_testdata td[] = {
{"ticket_with_groups, validate_groups",
- sso_ticket_new("user", "service/", "domain", NULL, NULL, groups_ok, 7200), &with_groups, 0},
+ sso_ticket_new("user", "service/", "domain", NULL, groups_ok, 7200), &with_groups, 0},
{"ticket_with_groups, validate_no_groups",
- sso_ticket_new("user", "service/", "domain", NULL, NULL, groups_ok, 7200), &without_groups, 0},
+ sso_ticket_new("user", "service/", "domain", NULL, groups_ok, 7200), &without_groups, 0},
{"ticket_without_groups, validate_groups",
- sso_ticket_new("user", "service/", "domain", NULL, NULL, NULL, 7200), &with_groups, SSO_ERR_NO_MATCHING_GROUPS},
+ sso_ticket_new("user", "service/", "domain", NULL, NULL, 7200), &with_groups, SSO_ERR_NO_MATCHING_GROUPS},
{"ticket_without_groups, validate_no_groups",
- sso_ticket_new("user", "service/", "domain", NULL, NULL, NULL, 7200), &without_groups, 0},
+ sso_ticket_new("user", "service/", "domain", NULL, NULL, 7200), &without_groups, 0},
{"ticket_with_bad_groups",
- sso_ticket_new("user", "service/", "domain", NULL, NULL, groups_fail, 7200), &with_groups, SSO_ERR_NO_MATCHING_GROUPS},
+ sso_ticket_new("user", "service/", "domain", NULL, groups_fail, 7200), &with_groups, SSO_ERR_NO_MATCHING_GROUPS},
{"bad_domain",
- sso_ticket_new("user", "service/", "other", NULL, NULL, groups_ok, 7200), &with_groups, SSO_ERR_BAD_DOMAIN},
+ sso_ticket_new("user", "service/", "other", NULL, groups_ok, 7200), &with_groups, SSO_ERR_BAD_DOMAIN},
{"bad_service",
- sso_ticket_new("user", "other/", "domain", NULL, NULL, groups_ok, 7200), &with_groups, SSO_ERR_BAD_SERVICE},
+ sso_ticket_new("user", "other/", "domain", NULL, groups_ok, 7200), &with_groups, SSO_ERR_BAD_SERVICE},
{"expired",
- sso_ticket_new("user", "service/", "domain", NULL, NULL, NULL, -1000), &without_groups, SSO_ERR_EXPIRED},
+ sso_ticket_new("user", "service/", "domain", NULL, NULL, -1000), &without_groups, SSO_ERR_EXPIRED},
{"good_nonce",
- sso_ticket_new("user", "service/", "domain", "testnonce", NULL, NULL, 7200), &with_nonce, 0},
+ sso_ticket_new("user", "service/", "domain", "testnonce", NULL, 7200), &with_nonce, 0},
{"bad_nonce",
- sso_ticket_new("user", "service/", "domain", "badnonce", NULL, NULL, 7200), &with_nonce, SSO_ERR_BAD_NONCE},
+ sso_ticket_new("user", "service/", "domain", "badnonce", NULL, 7200), &with_nonce, SSO_ERR_BAD_NONCE},
{"missing_Nonce",
- sso_ticket_new("user", "service/", "domain", NULL, NULL, NULL, 7200), &with_nonce, SSO_ERR_BAD_NONCE},
+ sso_ticket_new("user", "service/", "domain", NULL, NULL, 7200), &with_nonce, SSO_ERR_BAD_NONCE},
{NULL, NULL, NULL, 0},
};