pymunge.raw - low-level API¶

This module contains declarations of raw libmunge C functions and constants.

Importing this module causes the libmunge shared library to be loaded.

Note that most function prototypes differ slightly from their C counterparts, as follows:

For all C functions that originally return an error code (munge_err_t), the corresponding Python wrapper instead checks the return value and raises a MungeError if the wrapped function returns anything other than EMUNGE_SUCCESS.
Some functions originally return multiple values via pointer-based output arguments (e.g. uid and gid in munge_decode). The Python wrapper does not take these arguments and instead returns the multiple values as a tuple.

pymunge.raw.uid_t¶

The uid_t POSIX type. Specifies a numeric user ID.

alias of c_uint

pymunge.raw.gid_t¶

The gid_t POSIX type. Specifies a numeric group ID.

alias of c_uint

pymunge.raw.time_t¶

The time_t C type. Specifies a timestamp.

alias of c_long

pymunge.raw.munge_ctx_t¶

The munge_ctx_t C type, an opaque handle to a MUNGE context. The low-level version of MungeContext.

alias of c_void_p

pymunge.raw.munge_err_t¶

The munge_err_t C enumeration type. Specifies a MUNGE error code. The low-level version of MungeErrorCode.

alias of c_int

pymunge.raw.munge_opt_t¶

The munge_opt_t C enumeration type. Specifies a MUNGE context option.

alias of c_int

pymunge.raw.munge_enum_t¶

The munge_enum_t C enumeration type. Specifies a MUNGE enumeration.

alias of c_int

pymunge.raw.munge_encode(ctx, buf, len)¶

C prototype: munge_err_t munge_encode(char **cred, munge_ctx_t ctx, const void *buf, int len);

Note: when called from Python, returns cred instead of the munge_err_t.

Creates a credential contained in a base64 string. A payload specified by a buffer buf (a byte string) of length len can be encapsulated in as well. If the munge context ctx is None, the default context will be used. Returns the credential cred if the credential is successfully created; otherwise, raises a MungeError containing the error code and message. The error message may be more detailed if a ctx was specified.

pymunge.raw.munge_decode(cred, ctx)¶

C prototype: munge_err_t munge_decode(const char *cred, munge_ctx_t ctx, void **buf, int *len, uid_t *uid, gid_t *gid);

Note: when called from Python, returns (payload, uid, gid) instead of the munge_err_t, where payload is the contents of buf of length len. Example usage:

>>> payload, uid, gid = munge_decode(cred, ctx)

Validates the credential cred. If the munge context ctx is not None, it will be set to that used to encode the credential. If the credential is valid, returns the encapsulated payload byte string payload as well as the numeric UID uid and GID gid of the process that created the credential. If the credential is not valid, raises a MungeError containing the error code and message. The error message may be more detailed if a ctx was specified. For certain errors (ie, EMUNGE_CRED_EXPIRED, EMUNGE_CRED_REWOUND, EMUNGE_CRED_REPLAYED), the raised MungeError will contain the result (payload, uid, gid) which would have been returned if the credential were still valid.

pymunge.raw.munge_strerror(e)¶

C prototype: const char * munge_strerror(munge_err_t e);

Returns a descriptive string describing the munge errno e.

pymunge.raw.munge_ctx_create()¶

C prototype: munge_ctx_t munge_ctx_create(void);

Creates and returns a new munge context or None on error. Abandoning a context without calling munge_ctx_destroy() will result in a memory leak.

pymunge.raw.munge_ctx_copy(ctx)¶

C prototype: munge_ctx_t munge_ctx_copy(munge_ctx_t ctx);

Copies the context ctx, returning a new munge context or None on error. Abandoning a context without calling munge_ctx_destroy() will result in a memory leak.

pymunge.raw.munge_ctx_destroy(ctx)¶

C prototype: void munge_ctx_destroy(munge_ctx_t ctx);

Destroys the context ctx.

pymunge.raw.munge_ctx_strerror(ctx)¶

C prototype: const char * munge_ctx_strerror(munge_ctx_t ctx);

Returns a descriptive text string describing the munge error number according to the context ctx, or None if no error condition exists. This message may be more detailed than that returned by munge_strerror().

pymunge.raw.munge_ctx_get(ctx, opt, ptr)[source]¶

C prototype: munge_err_t munge_ctx_get(munge_ctx_t ctx, munge_opt_t opt, ...);

Note: when called from Python, returns nothing.

Gets the value for the option opt associated with the munge context ctx, storing the result in the subsequent pointer argument. Refer to the munge_opt_t enum comments for argument types. If the result is a string, that string should not be freed or modified by the caller. Raises a MungeError upon failure.

pymunge.raw.munge_ctx_set(ctx, opt, val)[source]¶

C prototype: munge_err_t munge_ctx_set(munge_ctx_t ctx, munge_opt_t opt, ...);

Note: when called from Python, returns nothing.

Sets the value for the option opt associated with the munge context ctx, using the value of the subsequent argument. Refer to the munge_opt_t enum comments for argument types. Raises a MungeError upon failure.

pymunge.raw.munge_enum_is_valid(type, val)¶

C prototype: int munge_enum_is_valid(munge_enum_t type, int val);

Note: when called from Python, the returned int is converted to a boolean.

Returns True if the given value val is a valid enumeration of the specified type type in the software configuration as currently compiled; otherwise returns False. Some enumerations correspond to options that can only be enabled at compile-time.

pymunge.raw.munge_enum_int_to_str(type, val)¶

C prototype: const char * munge_enum_int_to_str(munge_enum_t type, int val);

Converts the munge enumeration val of the specified type type into a text string. Returns the text string, or None on error.

pymunge.raw.munge_enum_str_to_int(type, str)¶

C prototype: int munge_enum_str_to_int(munge_enum_t type, const char *str);

Converts the case-insensitive byte string str into the corresponding munge enumeration of the specified type type. Returns a munge enumeration on success (>= 0), or -1 on error.

pymunge.raw.libmunge_filename = None¶: Name of the libmunge shared object.

pymunge.raw.libmunge = None¶: Handle to the loaded libmunge shared object (a ctypes.CDLL object).

pymunge.raw.MUNGE_OPT_CIPHER_TYPE = 0¶: symmetric cipher type (int)

pymunge.raw.MUNGE_OPT_MAC_TYPE = 1¶: message auth code type (int)

pymunge.raw.MUNGE_OPT_ZIP_TYPE = 2¶: compression type (int)

pymunge.raw.MUNGE_OPT_REALM = 3¶: security realm (str)

pymunge.raw.MUNGE_OPT_TTL = 4¶: time-to-live (int)

pymunge.raw.MUNGE_OPT_ADDR4 = 5¶: src IPv4 addr (struct in_addr)

pymunge.raw.MUNGE_OPT_ENCODE_TIME = 6¶: time when cred encoded (time_t)

pymunge.raw.MUNGE_OPT_DECODE_TIME = 7¶: time when cred decoded (time_t)

pymunge.raw.MUNGE_OPT_SOCKET = 8¶: socket for comm w/ daemon (str)

pymunge.raw.MUNGE_OPT_UID_RESTRICTION = 9¶: UID able to decode cred (uid_t)

pymunge.raw.MUNGE_OPT_GID_RESTRICTION = 10¶: GID able to decode cred (gid_t)

pymunge.raw.MUNGE_ENUM_CIPHER = 0¶: cipher enum type

pymunge.raw.MUNGE_ENUM_MAC = 1¶: mac enum type

pymunge.raw.MUNGE_ENUM_ZIP = 2¶: zip enum type