1111
1212
1313class Credentials (rcreds .Creds ):
14+ """GSSAPI Credentials
15+
16+ This class represents a set of GSSAPI credentials which may
17+ be used with and/or returned by other GSSAPI methods.
18+
19+ It inherits from the low-level GSSAPI :class:`~gssapi.raw.creds.Creds`
20+ class, and thus may used with both low-level and high-level API methods.
21+
22+ If your implementation of GSSAPI supports the credentials import-export
23+ extension, you may pickle and unpickle this object.
24+ """
25+
1426 __slots__ = ()
1527
1628 def __new__ (cls , base = None , token = None ,
1729 desired_name = None , lifetime = None ,
1830 desired_mechs = None , usage = 'both' ,
1931 store = None ):
32+ """Acquire or import a set of credentials.
33+
34+ The constructor either acquires or imports a set of GSSAPI
35+ credentials.
36+
37+ If the `base` argument is used, an existing
38+ :class:`~gssapi.raw.creds.Cred` object from the low-level API is
39+ converted into a high-level object.
40+
41+ If the :python:`token` argument is used, the credentials
42+ are imported using the token, if the credentials import-export
43+ extension is supported.
44+
45+ Otherwise, the credentials are acquired as per the
46+ :meth:`acquire` method.
47+ """
48+
2049 # TODO(directxman12): this is missing support for password
2150 # (non-RFC method)
2251 if base is not None :
@@ -37,27 +66,63 @@ def __new__(cls, base=None, token=None,
3766
3867 @property
3968 def name (self ):
69+ """Get the name associated with the credentials"""
4070 return self .inquire (name = True , lifetime = False ,
4171 usage = False , mechs = False ).name
4272
4373 @property
4474 def lifetime (self ):
75+ """Get the remaining lifetime of the credentials"""
4576 return self .inquire (name = False , lifetime = True ,
4677 usage = False , mechs = False ).lifetime
4778
4879 @property
4980 def mechs (self ):
81+ """Get the mechanisms for the current credentials"""
5082 return self .inquire (name = False , lifetime = False ,
5183 usage = False , mechs = True ).mechs
5284
5385 @property
5486 def usage (self ):
87+ """Get the usage (initiate, accept, or both) of the credentials"""
5588 return self .inquire (name = False , lifetime = False ,
5689 usage = True , mechs = False ).usage
5790
5891 @classmethod
5992 def acquire (cls , desired_name = None , lifetime = None ,
6093 desired_mechs = None , usage = 'both' , store = None ):
94+ """Acquire GSSAPI credentials
95+
96+ This method acquires credentials. If the `store` argument is
97+ used, the credentials will be acquired from the given
98+ credential store (if supported). Otherwise, the credentials are
99+ acquired from the default store.
100+
101+ The credential store information is a dictionary containing
102+ mechanisms-specific keys and values pointing to a credential store
103+ or stores.
104+
105+ Using a non-default store requires support for the credentials store
106+ extension.
107+
108+ Args:
109+ desired_name (Name): the name associated with the credentials,
110+ or None for the default name
111+ lifetime (int): the desired lifetime of the credentials, or None
112+ for indefinite
113+ desired_mechs (list): the desired mechanisms to be used with these
114+ credentials, or None for the default set
115+ usage (str): the usage for these credentials -- either 'both',
116+ 'initiate', or 'accept'
117+ store (dict): the credential store information pointing to the
118+ credential store from which to acquire the credentials,
119+ or None for the default store
120+
121+ Returns:
122+ AcquireCredResult: the acquired credentials and information about
123+ them
124+ """
125+
61126 if store is None :
62127 res = rcreds .acquire_cred (desired_name , lifetime ,
63128 desired_mechs , usage )
@@ -78,6 +143,28 @@ def acquire(cls, desired_name=None, lifetime=None,
78143
79144 def store (self , store = None , usage = 'both' , mech = None ,
80145 overwrite = False , set_default = False ):
146+ """Store credentials to the given store
147+
148+ This method stores the current credentials into the specified
149+ credentials store. If the default store is used, support for
150+ RFC 5588 is required. Otherwise, support for the credentials
151+ store extension is required.
152+
153+ Args:
154+ store (dict): the store into which to store the credentials,
155+ or None for the default store.
156+ usage (str): the usage to store the credentials with -- either
157+ 'both', 'initiate', or 'accept'
158+ mech (OID): the mechansim to associate with the stored credentials
159+ overwrite (bool): whether or not to overwrite existing credentials
160+ stored with the same name, etc
161+ set_default (bool): whether or not to set these credentials as
162+ the default credentials for the given store.
163+
164+ Returns:
165+ StoreCredResult: the results of the credential storing operation
166+ """
167+
81168 if store is None :
82169 if rcred_rfc5588 is None :
83170 raise AttributeError ("Your GSSAPI implementation does not "
@@ -98,6 +185,26 @@ def store(self, store=None, usage='both', mech=None,
98185
99186 def impersonate (self , desired_name = None , lifetime = None ,
100187 desired_mechs = None , usage = 'initiate' ):
188+ """Impersonate a name using the current credentials
189+
190+ This method acquires credentials by impersonating another
191+ name using the current credentials. This requires the
192+ Services4User extension.
193+
194+ Args:
195+ desired_name (Name): the name to impersonate
196+ lifetime (int): the desired lifetime of the new credentials,
197+ or None for indefinite
198+ desired_mechs (list): the desired mechanisms for the new
199+ credentials
200+ usage (str): the desired usage for the new credentials -- either
201+ 'both', 'initiate', or 'accept'. Note that some mechanisms
202+ may only support 'initiate'.
203+
204+ Returns:
205+ Credentials: the new credentials impersonating the given name
206+ """
207+
101208 if rcred_s4u is None :
102209 raise AttributeError ("Your GSSAPI implementation does not "
103210 "have support for S4U" )
@@ -109,6 +216,21 @@ def impersonate(self, desired_name=None, lifetime=None,
109216 return type (self )(base = res .creds )
110217
111218 def inquire (self , name = True , lifetime = True , usage = True , mechs = True ):
219+ """Inspect the credentials for information
220+
221+ This method inspects the credentials for information about them.
222+
223+ Args:
224+ name (bool): get the name associated with the credentials
225+ lifetime (bool): get the remaining lifetime for the credentials
226+ usage (bool): get the usage for the credentials
227+ mechs (bool): get the mechanisms associated with the credentials
228+
229+ Returns:
230+ InquireCredResult: the information about the credentials,
231+ with None used when the corresponding argument was False
232+ """
233+
112234 res = rcreds .inquire_cred (self , name , lifetime , usage , mechs )
113235
114236 if res .name is not None :
@@ -121,6 +243,25 @@ def inquire(self, name=True, lifetime=True, usage=True, mechs=True):
121243
122244 def inquire_by_mech (self , mech , name = True , init_lifetime = True ,
123245 accept_lifetime = True , usage = True ):
246+ """Inspect the credentials for per-mechanism information
247+
248+ This method inspects the credentials for per-mechanism information
249+ about them
250+
251+ Args:
252+ mech (OID): the mechanism for which to retrive the information
253+ name (bool): get the name associated with the credentials
254+ init_lifetime (bool): get the remaining initiate lifetime for
255+ the credentials
256+ accept_lifetime (bool): get the remaining accept lifetime for
257+ the credentials
258+ usage (bool): get the usage for the credentials
259+
260+ Returns:
261+ InquireCredByMechResult: the information about the credentials,
262+ with None used when the corresponding argument was False
263+ """
264+
124265 res = rcreds .inquire_cred_by_mech (self , mech , name , init_lifetime ,
125266 accept_lifetime , usage )
126267
@@ -136,6 +277,37 @@ def inquire_by_mech(self, mech, name=True, init_lifetime=True,
136277
137278 def add (self , desired_name , desired_mech , usage = 'both' ,
138279 init_lifetime = None , accept_lifetime = None , impersonator = None ):
280+ """Acquire more credentials to add to the current set
281+
282+ This method works like :meth:`acquire`, except that it adds the
283+ acquired credentials for a single mechanism to a copy of the current
284+ set, instead of creating a new set for multiple mechanisms.
285+ Unlike :meth:`acquire`, you cannot pass None desired name or
286+ mechanism.
287+
288+ If the `impersonator` argument is used, the credentials will
289+ impersonate the given name using the impersonator credentials.
290+ This requires the Services4User extension.
291+
292+ Args:
293+ desired_name (Name): the name associated with the
294+ credentials
295+ desired_mech (OID): the desired mechanism to be used with these
296+ credentials
297+ usage (str): the usage for these credentials -- either 'both',
298+ 'initiate', or 'accept'
299+ init_lifetime (int): the desired initiate lifetime of the
300+ credentials, or None for indefinite
301+ accept_lifetime (int): the desired accept lifetime of the
302+ credentials, or None for indefinite
303+ impersonator (Credentials): the credentials to use to impersonate
304+ the given name, or None to not acquire normally
305+
306+ Returns:
307+ Credentials: the credentials set containing the current credentials
308+ and the newly acquired ones.
309+ """
310+
139311 if impersonator is not None :
140312 if rcred_s4u is None :
141313 raise AttributeError ("Your GSSAPI implementation does not "
@@ -152,6 +324,17 @@ def add(self, desired_name, desired_mech, usage='both',
152324 return Credentials (res .creds )
153325
154326 def export (self ):
327+ """Export the credentials to a token
328+
329+ This method exports the current credentials to a token that can
330+ then be imported by passing the `token` argument to the constructor.
331+
332+ This is often used to pass credentials between processes.
333+
334+ Returns:
335+ bytes: the exported credentials in token form
336+ """
337+
155338 if rcred_imp_exp is None :
156339 raise AttributeError ("Your GSSAPI implementation does not "
157340 "have support for importing and exporting "
0 commit comments