Hi, If the code within the private_ccache contextmanager does not set/removes the KRB5CCNAME, the pop method will raise KeyError, which will cause unnecessary termination of the code flow.
Make sure the KRB5CCNAME is popped out of os.environ only if present. Tomas
From 201bc398ec59920f7cd34de69de66cb3489f417d Mon Sep 17 00:00:00 2001 From: Tomas Babej <tba...@redhat.com> Date: Mon, 23 Nov 2015 12:47:56 +0100 Subject: [PATCH] private_ccache: Harden the removal of KRB5CCNAME env variable If the code within the private_ccache contextmanager does not set/removes the KRB5CCNAME, the pop method will raise KeyError, which will cause unnecessary termination of the code flow. Make sure the KRB5CCNAME is popped out of os.environ only if present. --- ipapython/ipautil.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 4acdd1a98818bf311a8fef103e7219cc62a28ec1..ec85786e18928838b51573c35e17986ff38f72d9 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -1367,7 +1367,9 @@ def private_ccache(path=None): if original_value is not None: os.environ['KRB5CCNAME'] = original_value else: - os.environ.pop('KRB5CCNAME') + # No value was set originally, make sure no value is set now + if 'KRB5CCNAME' in os.environ: + os.environ.pop('KRB5CCNAME') if os.path.exists(path): os.remove(path) -- 2.5.0
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code