From a9e4e5a1e2da6725521878428452c86b7140e815 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Fri, 21 Dec 2007 12:31:31 -0500
Subject: Finishe removing previous code to fetch keytabs

---
 ipa-server/configure.ac                            |  1 -
 .../ipa-gui/ipagui/subcontrollers/principal.py     | 22 ---------------
 .../ipa-gui/ipagui/templates/principallist.kid     | 11 +-------
 ipa-server/xmlrpc-server/funcs.py                  | 33 ----------------------
 4 files changed, 1 insertion(+), 66 deletions(-)

diff --git a/ipa-server/configure.ac b/ipa-server/configure.ac
index 5f9b452c4..dbcfeacc0 100644
--- a/ipa-server/configure.ac
+++ b/ipa-server/configure.ac
@@ -238,7 +238,6 @@ AC_CONFIG_FILES([
     ipa-slapi-plugins/ipa-pwd-extop/Makefile
     xmlrpc-server/Makefile
     xmlrpc-server/test/Makefile
-    ipa-keytab-util/Makefile
 ])
 
 AC_OUTPUT
diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/principal.py b/ipa-server/ipa-gui/ipagui/subcontrollers/principal.py
index 1b2ad6942..27c4f9d63 100644
--- a/ipa-server/ipa-gui/ipagui/subcontrollers/principal.py
+++ b/ipa-server/ipa-gui/ipagui/subcontrollers/principal.py
@@ -125,28 +125,6 @@ class PrincipalController(IPAController):
 
         return dict(principals=principals, hostname=hostname, fields=ipagui.forms.principal.PrincipalFields())
 
-    @expose()
-    @identity.require(identity.not_anonymous())
-    def show(self, **kw):
-        """Returns the keytab for a given principal"""
-        client = self.get_ipaclient()
-
-        principal = kw.get('principal')
-        if principal != None and len(principal) > 0:
-            try:
-                p = principal.split('@')
-                keytab = client.get_keytab(p[0].encode('utf-8'))
-
-                cherrypy.response.headers['Content-Type'] = "application/x-download"
-                cherrypy.response.headers['Content-Disposition'] = 'attachment; filename=krb5.keytab'
-                cherrypy.response.headers['Content-Length'] = len(keytab)
-                cherrypy.response.body = keytab
-                return cherrypy.response.body
-            except ipaerror.IPAError, e:
-                turbogears.flash("keytab retrieval failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
-                raise turbogears.redirect("/principal/list")
-        raise turbogears.redirect("/principal/list")
-
     @validate(form=principal_new_form)
     @identity.require(identity.not_anonymous())
     def principalcreatevalidate(self, tg_errors=None, **kw):
diff --git a/ipa-server/ipa-gui/ipagui/templates/principallist.kid b/ipa-server/ipa-gui/ipagui/templates/principallist.kid
index d4177d8d7..3db1c1fcf 100644
--- a/ipa-server/ipa-gui/ipagui/templates/principallist.kid
+++ b/ipa-server/ipa-gui/ipagui/templates/principallist.kid
@@ -16,14 +16,6 @@
         <script type="text/javascript">
             document.getElementById("hostname").focus();
         </script>
-        <script type="text/javascript">
-            function confirmDownload() {
-              if (confirm("Are you sure you want to download this principal? It will reset the secret, invalidating any existing keytabs")) {
-                return true;
-              }
-              return false;
-            }
-        </script>
     </div>
     <div py:if='(principals != None) and (len(principals) > 0)'>
         <h2>${len(principals)} results returned:</h2>
@@ -41,8 +33,7 @@
           <tbody>
             <tr py:for="principal in principals">
                 <td>
-                    <a href="${tg.url('/principal/show',principal=principal.krbprincipalname)}" onclick="return confirmDownload();"
-                    >${principal.hostname}</a>
+                    ${principal.hostname}
                 </td>
                 <td>
                     ${principal.service}
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index 2d2bddbb4..2057aa7d0 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -1785,39 +1785,6 @@ class IPAServer:
 
         return entries
 
-    def get_keytab(self, name, opts=None):
-        """Return a keytab for an existing service principal. Note that
-           this increments the secret thus invalidating any older keys."""
-        if not name:
-            raise ipaerror.gen_exception(ipaerror.INPUT_INVALID_PARAMETER)
-
-        princ_name = name + "@" + self.realm
-
-        conn = self.getConnection(opts)
-
-        if conn.principal != "admin@" + self.realm:
-            raise ipaerror.gen_exception(ipaerror.CONNECTION_GSSAPI_CREDENTIALS)
-
-        try:
-            try:
-                princs = conn.getList(self.basedn, self.scope, "krbprincipalname=" + princ_name, None)
-            except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
-                return None
-        finally:
-            self.releaseConnection(conn)
-
-
-        # This is ugly - call out to a C wrapper around kadmin.local
-        p = subprocess.Popen(["/usr/sbin/ipa-keytab-util", princ_name, self.realm],
-                             stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-        stdout,stderr = p.communicate()
-
-        if p.returncode != 0:
-            return None
-
-        return stdout
-        
-        
 
 # Configuration support
     def get_ipa_config(self, opts=None):
-- 
cgit