5 files changed, 30 insertions, 12 deletions

diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index 472e0628b..4c2cf94e8 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -32,6 +32,7 @@ Also see the `ipaserver.rpcserver` module.
 
 from types import NoneType
 import threading
+import sys
 import os
 import errno
 from xmlrpclib import Binary, Fault, dumps, loads, ServerProxy, Transport, ProtocolError
@@ -42,7 +43,7 @@ from ipalib import errors
 from ipalib.request import context
 from ipapython import ipautil, dnsclient
 import httplib
-from ipapython.nsslib import NSSHTTPS
+from ipapython.nsslib import NSSHTTPS, NSSConnection
 from nss.error import NSPRError
 from urllib2 import urlparse
 
@@ -192,8 +193,15 @@ class SSLTransport(Transport):
     """Handles an HTTPS transaction to an XML-RPC server."""
 
     def make_connection(self, host):
-        host, extra_headers, x509 = self.get_host_info(host)
-        conn = NSSHTTPS(host, 443, dbdir="/etc/pki/nssdb")
+        host, self._extra_headers, x509 = self.get_host_info(host)
+        host, self._extra_headers, x509 = self.get_host_info(host)
+        # Python 2.7 changed the internal class used in xmlrpclib from
+        # HTTP to HTTPConnection. We need to use the proper subclass
+        (major, minor, micro, releaselevel, serial) = sys.version_info
+        if major == 2 and minor < 7:
+            conn = NSSHTTPS(host, 443, dbdir="/etc/pki/nssdb")
+        else:
+            conn = NSSConnection(host, 443, dbdir="/etc/pki/nssdb")
         conn.connect()
         return conn
 
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 3f8bba902..4d07bb626 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -89,7 +89,7 @@ def write_tmp_file(txt):
 
     return fd
 
-def run(args, stdin=None, raiseonerr=True, nolog=()):
+def run(args, stdin=None, raiseonerr=True, nolog=(), env=None):
     """
     Execute a command and return stdin, stdout and the process return code.
 
@@ -113,11 +113,13 @@ def run(args, stdin=None, raiseonerr=True, nolog=()):
 
     If an value isn't found in the list it is silently ignored.
     """
+    if env is None:
+        env={"PATH": "/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"}
     if stdin:
-        p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
+        p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, env=env)
         stdout,stderr = p.communicate(stdin)
     else:
-        p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
+        p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, env=env)
         stdout,stderr = p.communicate()
 
     # The command and its output may include passwords that we don't want
diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py
index f7891768f..9593dd1c4 100644
--- a/ipapython/nsslib.py
+++ b/ipapython/nsslib.py
@@ -18,6 +18,7 @@
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 #
 
+import sys
 import httplib
 import getpass
 import logging
@@ -161,7 +162,7 @@ class NSSConnection(httplib.HTTPConnection):
         logging.debug("connect: %s", net_addr)
         self.sock.connect(net_addr)
 
-    def endheaders(self):
+    def endheaders(self, message=None):
         """
         Explicitly close the connection if an error is returned after the
         headers are sent. This will likely mean the initial SSL handshake
@@ -170,7 +171,13 @@ class NSSConnection(httplib.HTTPConnection):
         """
         try:
             # FIXME: httplib uses old-style classes so super doesn't work
-            httplib.HTTPConnection.endheaders(self)
+            # Python 2.7 changed the API for endheaders. This is an attempt
+            # to work across versions
+            (major, minor, micro, releaselevel, serial) = sys.version_info
+            if major == 2 and minor < 7:
+                httplib.HTTPConnection.endheaders(self)
+            else:
+                httplib.HTTPConnection.endheaders(self, message)
         except NSPRError, e:
             self.close()
             raise e
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 0767f0c85..93d9f79b4 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -313,7 +313,7 @@ def get_directive(filename, directive, separator=' '):
     return None
 
 def kadmin(command):
-    ipautil.run(["/usr/kerberos/sbin/kadmin.local", "-q", command])
+    ipautil.run(["kadmin.local", "-q", command])
 
 def kadmin_addprinc(principal):
     kadmin("addprinc -randkey " + principal)
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 23ed10015..358fdaac1 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -111,11 +111,12 @@ class KrbInstance(service.Service):
         host_dn = "fqdn=%s,cn=computers,cn=accounts,%s" % (self.fqdn, self.suffix)
         host_entry = ipaldap.Entry(host_dn)
         host_entry.setValues('objectclass', ['top', 'ipaobject', 'nshost', 'ipahost', 'ipaservice', 'pkiuser', 'krbprincipalaux', 'krbprincipal', 'krbticketpolicyaux'])
-        host_entry.setValue('krbextradata', service_entry.getValue('krbextradata'))
+        host_entry.setValues('krbextradata', service_entry.getValues('krbextradata'))
         host_entry.setValue('krblastpwdchange', service_entry.getValue('krblastpwdchange'))
         host_entry.setValue('krbpasswordexpiration', service_entry.getValue('krbpasswordexpiration'))
         host_entry.setValue('krbprincipalname', service_entry.getValue('krbprincipalname'))
-        host_entry.setValue('krbticketflags', service_entry.getValue('krbticketflags'))
+        if 'krbticketflags' in service_entry.toDict():
+            host_entry.setValue('krbticketflags', service_entry.getValue('krbticketflags'))
         host_entry.setValue('krbprincipalkey', service_entry.getValue('krbprincipalkey'))
         host_entry.setValue('serverhostname', self.fqdn.split('.',1)[0])
         host_entry.setValue('cn', self.fqdn)
@@ -323,7 +324,7 @@ class KrbInstance(service.Service):
 
         if not replica:
             #populate the directory with the realm structure
-            args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]
+            args = ["kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]
             try:
                 ipautil.run(args)
             except ipautil.CalledProcessError, e: