diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2008-10-16 23:33:44 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2008-10-16 23:33:44 -0400 |
| commit | b045f220692e016a105f03af025d49f9a9cddc74 (patch) | |
| tree | 011c660fab363d82b5dccb9ded62c01855951cfa /ipalib | |
| parent | f777f72de6a7c1d3ef29088fbf89722c1148f246 (diff) | |
| download | freeipa-b045f220692e016a105f03af025d49f9a9cddc74.tar.gz freeipa-b045f220692e016a105f03af025d49f9a9cddc74.tar.xz freeipa-b045f220692e016a105f03af025d49f9a9cddc74.zip | |
Add mod_python-based XML-RPC server.
Use -e kerberos on the command-line to use the mod_python server, otherwise
it defaults to use the simple-server URL.
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/errors.py | 2 | ||||
| -rw-r--r-- | ipalib/plugins/b_xmlrpc.py | 47 |
2 files changed, 45 insertions, 4 deletions
diff --git a/ipalib/errors.py b/ipalib/errors.py index f1c9e26e8..36df0690e 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -23,6 +23,8 @@ All custom errors raised by `ipalib` package. Also includes a few utility functions for raising exceptions. """ +IPA_ERROR_BASE = 1000 + TYPE_FORMAT = '%s: need a %r; got %r' def raise_TypeError(value, type_, name): diff --git a/ipalib/plugins/b_xmlrpc.py b/ipalib/plugins/b_xmlrpc.py index db2af1abd..9fe5b133a 100644 --- a/ipalib/plugins/b_xmlrpc.py +++ b/ipalib/plugins/b_xmlrpc.py @@ -1,5 +1,6 @@ # Authors: # Jason Gerard DeRose <jderose@redhat.com> +# Rob Crittenden <rcritten@redhat.com> # # Copyright (C) 2008 Red Hat # see file 'COPYING' for use and warranty information @@ -26,6 +27,8 @@ This provides a lightwieght XML-RPC client using Python standard library import xmlrpclib import socket +import httplib +import kerberos from ipalib.backend import Backend from ipalib.util import xmlrpc_marshal from ipalib import api @@ -38,7 +41,12 @@ class xmlrpc(Backend): def get_client(self, verbose=False): # FIXME: The server uri should come from self.api.env.server_uri - return xmlrpclib.ServerProxy('http://localhost:8888', verbose=verbose) + if api.env.get('kerberos'): + server = api.env.server.next() + if verbose: print "Connecting to %s" % server + return xmlrpclib.ServerProxy('https://%s/ipa/xml' % server, transport=KerbTransport(), verbose=verbose) + else: + return xmlrpclib.ServerProxy('http://localhost:8888', verbose=verbose) def forward_call(self, name, *args, **kw): """ @@ -54,10 +62,41 @@ class xmlrpc(Backend): except xmlrpclib.Fault, e: err = errors.convertFault(e) code = getattr(err,'faultCode',None) - if code: - print "%s: %s" % (code, getattr(err,'__doc__','')) - else: + faultString = getattr(err,'faultString',None) + if not code: raise err + if code < errors.IPA_ERROR_BASE: + print "%s: %s" % (code, faultString) + else: + print "%s: %s" % (code, getattr(err,'__doc__','')) return {} api.register(xmlrpc) + +class KerbTransport(xmlrpclib.SafeTransport): + """Handles Kerberos Negotiation authentication to an XML-RPC server.""" + + def get_host_info(self, host): + + host, extra_headers, x509 = xmlrpclib.Transport.get_host_info(self, host) + + # Set the remote host principal + h = host + hostinfo = h.split(':') + service = "HTTP@" + hostinfo[0] + + try: + rc, vc = kerberos.authGSSClientInit(service); + except kerberos.GSSError, e: + raise kerberos.GSSError(e) + + try: + kerberos.authGSSClientStep(vc, ""); + except kerberos.GSSError, e: + raise kerberos.GSSError(e) + + extra_headers = [ + ("Authorization", "negotiate %s" % kerberos.authGSSClientResponse(vc) ) + ] + + return host, extra_headers, x509 |