Common Values for Credentials Store Extensions documentation is wrong

[michael-o]

What went wrong?

Common Values for Credentials Store Extensions documentation says that keys and values are strings, but I get an exception that it expects bytes because the underlying C struct requires char (byte) and not strings.

How do we reproduce?

$ python3
Python 3.7.10 (default, Apr  3 2021, 22:19:39)
[Clang 10.0.1 (git@github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611a on freebsd12
Type "help", "copyright", "credits" or "license" for more information.
>>> import gssapi.raw
>>> gssapi.raw.acquire_cred_from(store={"ccache":"/tmp/mycache"})
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "gssapi/raw/ext_cred_store.pyx", line 158, in gssapi.raw.ext_cred_store.acquire_cred_from
  File "gssapi/raw/ext_cred_store.pyx", line 85, in gssapi.raw.ext_cred_store.c_create_key_value_set
TypeError: expected bytes, str found
>>> gssapi.raw.acquire_cred_from(store={"ccache":b"/tmp/mycache"})
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "gssapi/raw/ext_cred_store.pyx", line 158, in gssapi.raw.ext_cred_store.acquire_cred_from
  File "gssapi/raw/ext_cred_store.pyx", line 85, in gssapi.raw.ext_cred_store.c_create_key_value_set
TypeError: expected bytes, str found
>>> gssapi.raw.acquire_cred_from(store={b"ccache":b"/tmp/mycache"})
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "gssapi/raw/ext_cred_store.pyx", line 186, in gssapi.raw.ext_cred_store.acquire_cred_from
gssapi.raw.exceptions.MissingCredentialsError: Major (458752): Es wurden keine Anmeldedaten übergeben oder die Anmeldedaten waren nicht verfügbar bzw. ein Zugriff darauf nicht möglich., Minor (2529639093): Schlüsseltabelle FILE:/etc/krb5.keytab existiert nicht oder ist leer
>>>

Note: the final exception is irrevelant because the calling convention was satisfied.
I would expect that the Python code would internally peform an encode() with the encoding from the current locale.

Component versions (python-gssapi, Kerberos, OS / distro, etc.)

$ pip3 list |grep gssapi
WARNING: pip is being invoked by an old script wrapper. This will fail in a future version of pip.
Please see https://github.com/pypa/pip/issues/5599 for advice on fixing the underlying issue.
To avoid this problem you can invoke Python with '-m pip' instead of running pip directly.
gssapi                        1.6.12
requests-gssapi               1.2.3
$ python3 -V
Python 3.7.10
$ uname -a
FreeBSD 12.2-STABLE FreeBSD 12.2-STABLE #2 r369441
$ klist -V
Kerberos 5 Version 1.19.1

[frozencemetery]

The documentation is currently incorrect - it's always needed to be a bytes object there. However, we could also perform the appropriate encoding dance as you suggest.

In either case, a pull request will get your issue resolved faster - otherwise you're waiting until I have time to work on this.

[michael-o]

This is what I currently do:

        store[b"client_keytab"] = keytab_location.encode(sys.getdefaultencoding())
        store[b"ccache"] = ("/tmp/krb5cc_%d_%s" % (os.getpid(), threading.get_ident())).encode(sys.getdefaultencoding())

Are you OK to use sys.getdefaultencoding() internally? I will happily provide a PR next week for this.

[jborean93]

Another options is to accept both a text string (default in py3) and a byte string where the text str is internally encoded using utf-8 and the byte string is just accepted as is based on whatever is best as determined by the caller. This could be the sys.getdefaultencoding() or something else relevant to your environment but important bit is it's handled by the caller. Basically a sane default encoding of utf-8 and a way to be explicit as needed.

[frozencemetery]

Are you OK to use sys.getdefaultencoding() internally? I will happily provide a PR next week for this.

Our convention is to use UTF-8 internally (see _utils.py), but this is the kind of discussion I'd really rather have on a pull request :)