diff options
-rw-r--r-- | ipalib/rpc.py | 14 | ||||
-rw-r--r-- | ipapython/ipautil.py | 8 | ||||
-rw-r--r-- | ipapython/nsslib.py | 11 | ||||
-rw-r--r-- | ipaserver/install/installutils.py | 2 | ||||
-rw-r--r-- | ipaserver/install/krbinstance.py | 7 |
5 files changed, 30 insertions, 12 deletions
diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 472e0628..4c2cf94e 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -32,6 +32,7 @@ Also see the `ipaserver.rpcserver` module. from types import NoneType import threading +import sys import os import errno from xmlrpclib import Binary, Fault, dumps, loads, ServerProxy, Transport, ProtocolError @@ -42,7 +43,7 @@ from ipalib import errors from ipalib.request import context from ipapython import ipautil, dnsclient import httplib -from ipapython.nsslib import NSSHTTPS +from ipapython.nsslib import NSSHTTPS, NSSConnection from nss.error import NSPRError from urllib2 import urlparse @@ -192,8 +193,15 @@ class SSLTransport(Transport): """Handles an HTTPS transaction to an XML-RPC server.""" def make_connection(self, host): - host, extra_headers, x509 = self.get_host_info(host) - conn = NSSHTTPS(host, 443, dbdir="/etc/pki/nssdb") + host, self._extra_headers, x509 = self.get_host_info(host) + host, self._extra_headers, x509 = self.get_host_info(host) + # Python 2.7 changed the internal class used in xmlrpclib from + # HTTP to HTTPConnection. We need to use the proper subclass + (major, minor, micro, releaselevel, serial) = sys.version_info + if major == 2 and minor < 7: + conn = NSSHTTPS(host, 443, dbdir="/etc/pki/nssdb") + else: + conn = NSSConnection(host, 443, dbdir="/etc/pki/nssdb") conn.connect() return conn diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 3f8bba90..4d07bb62 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -89,7 +89,7 @@ def write_tmp_file(txt): return fd -def run(args, stdin=None, raiseonerr=True, nolog=()): +def run(args, stdin=None, raiseonerr=True, nolog=(), env=None): """ Execute a command and return stdin, stdout and the process return code. @@ -113,11 +113,13 @@ def run(args, stdin=None, raiseonerr=True, nolog=()): If an value isn't found in the list it is silently ignored. """ + if env is None: + env={"PATH": "/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"} if stdin: - p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True) + p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, env=env) stdout,stderr = p.communicate(stdin) else: - p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True) + p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, env=env) stdout,stderr = p.communicate() # The command and its output may include passwords that we don't want diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py index f7891768..9593dd1c 100644 --- a/ipapython/nsslib.py +++ b/ipapython/nsslib.py @@ -18,6 +18,7 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +import sys import httplib import getpass import logging @@ -161,7 +162,7 @@ class NSSConnection(httplib.HTTPConnection): logging.debug("connect: %s", net_addr) self.sock.connect(net_addr) - def endheaders(self): + def endheaders(self, message=None): """ Explicitly close the connection if an error is returned after the headers are sent. This will likely mean the initial SSL handshake @@ -170,7 +171,13 @@ class NSSConnection(httplib.HTTPConnection): """ try: # FIXME: httplib uses old-style classes so super doesn't work - httplib.HTTPConnection.endheaders(self) + # Python 2.7 changed the API for endheaders. This is an attempt + # to work across versions + (major, minor, micro, releaselevel, serial) = sys.version_info + if major == 2 and minor < 7: + httplib.HTTPConnection.endheaders(self) + else: + httplib.HTTPConnection.endheaders(self, message) except NSPRError, e: self.close() raise e diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 0767f0c8..93d9f79b 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -313,7 +313,7 @@ def get_directive(filename, directive, separator=' '): return None def kadmin(command): - ipautil.run(["/usr/kerberos/sbin/kadmin.local", "-q", command]) + ipautil.run(["kadmin.local", "-q", command]) def kadmin_addprinc(principal): kadmin("addprinc -randkey " + principal) diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 23ed1001..358fdaac 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -111,11 +111,12 @@ class KrbInstance(service.Service): host_dn = "fqdn=%s,cn=computers,cn=accounts,%s" % (self.fqdn, self.suffix) host_entry = ipaldap.Entry(host_dn) host_entry.setValues('objectclass', ['top', 'ipaobject', 'nshost', 'ipahost', 'ipaservice', 'pkiuser', 'krbprincipalaux', 'krbprincipal', 'krbticketpolicyaux']) - host_entry.setValue('krbextradata', service_entry.getValue('krbextradata')) + host_entry.setValues('krbextradata', service_entry.getValues('krbextradata')) host_entry.setValue('krblastpwdchange', service_entry.getValue('krblastpwdchange')) host_entry.setValue('krbpasswordexpiration', service_entry.getValue('krbpasswordexpiration')) host_entry.setValue('krbprincipalname', service_entry.getValue('krbprincipalname')) - host_entry.setValue('krbticketflags', service_entry.getValue('krbticketflags')) + if 'krbticketflags' in service_entry.toDict(): + host_entry.setValue('krbticketflags', service_entry.getValue('krbticketflags')) host_entry.setValue('krbprincipalkey', service_entry.getValue('krbprincipalkey')) host_entry.setValue('serverhostname', self.fqdn.split('.',1)[0]) host_entry.setValue('cn', self.fqdn) @@ -323,7 +324,7 @@ class KrbInstance(service.Service): if not replica: #populate the directory with the realm structure - args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"] + args = ["kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"] try: ipautil.run(args) except ipautil.CalledProcessError, e: |