summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ipa-server/ipa-gui/ipagui/subcontrollers/principal.py22
-rw-r--r--ipa-server/ipa-gui/ipagui/templates/principallist.kid11
-rw-r--r--ipa-server/xmlrpc-server/funcs.py33
3 files changed, 1 insertions, 65 deletions
diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/principal.py b/ipa-server/ipa-gui/ipagui/subcontrollers/principal.py
index 1b2ad69..27c4f9d 100644
--- a/ipa-server/ipa-gui/ipagui/subcontrollers/principal.py
+++ b/ipa-server/ipa-gui/ipagui/subcontrollers/principal.py
@@ -125,28 +125,6 @@ class PrincipalController(IPAController):
return dict(principals=principals, hostname=hostname, fields=ipagui.forms.principal.PrincipalFields())
- @expose()
- @identity.require(identity.not_anonymous())
- def show(self, **kw):
- """Returns the keytab for a given principal"""
- client = self.get_ipaclient()
-
- principal = kw.get('principal')
- if principal != None and len(principal) > 0:
- try:
- p = principal.split('@')
- keytab = client.get_keytab(p[0].encode('utf-8'))
-
- cherrypy.response.headers['Content-Type'] = "application/x-download"
- cherrypy.response.headers['Content-Disposition'] = 'attachment; filename=krb5.keytab'
- cherrypy.response.headers['Content-Length'] = len(keytab)
- cherrypy.response.body = keytab
- return cherrypy.response.body
- except ipaerror.IPAError, e:
- turbogears.flash("keytab retrieval failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
- raise turbogears.redirect("/principal/list")
- raise turbogears.redirect("/principal/list")
-
@validate(form=principal_new_form)
@identity.require(identity.not_anonymous())
def principalcreatevalidate(self, tg_errors=None, **kw):
diff --git a/ipa-server/ipa-gui/ipagui/templates/principallist.kid b/ipa-server/ipa-gui/ipagui/templates/principallist.kid
index d4177d8..3db1c1f 100644
--- a/ipa-server/ipa-gui/ipagui/templates/principallist.kid
+++ b/ipa-server/ipa-gui/ipagui/templates/principallist.kid
@@ -16,14 +16,6 @@
<script type="text/javascript">
document.getElementById("hostname").focus();
</script>
- <script type="text/javascript">
- function confirmDownload() {
- if (confirm("Are you sure you want to download this principal? It will reset the secret, invalidating any existing keytabs")) {
- return true;
- }
- return false;
- }
- </script>
</div>
<div py:if='(principals != None) and (len(principals) > 0)'>
<h2>${len(principals)} results returned:</h2>
@@ -41,8 +33,7 @@
<tbody>
<tr py:for="principal in principals">
<td>
- <a href="${tg.url('/principal/show',principal=principal.krbprincipalname)}" onclick="return confirmDownload();"
- >${principal.hostname}</a>
+ ${principal.hostname}
</td>
<td>
${principal.service}
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index 2d2bddb..2057aa7 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -1785,39 +1785,6 @@ class IPAServer:
return entries
- def get_keytab(self, name, opts=None):
- """Return a keytab for an existing service principal. Note that
- this increments the secret thus invalidating any older keys."""
- if not name:
- raise ipaerror.gen_exception(ipaerror.INPUT_INVALID_PARAMETER)
-
- princ_name = name + "@" + self.realm
-
- conn = self.getConnection(opts)
-
- if conn.principal != "admin@" + self.realm:
- raise ipaerror.gen_exception(ipaerror.CONNECTION_GSSAPI_CREDENTIALS)
-
- try:
- try:
- princs = conn.getList(self.basedn, self.scope, "krbprincipalname=" + princ_name, None)
- except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
- return None
- finally:
- self.releaseConnection(conn)
-
-
- # This is ugly - call out to a C wrapper around kadmin.local
- p = subprocess.Popen(["/usr/sbin/ipa-keytab-util", princ_name, self.realm],
- stdout=subprocess.PIPE, stderr=subprocess.PIPE)
- stdout,stderr = p.communicate()
-
- if p.returncode != 0:
- return None
-
- return stdout
-
-
# Configuration support
def get_ipa_config(self, opts=None):