rpc: allow overriding NSS DB directory in API config

Add new `nss_dir` API config option to allow rpcclient to use a non-default NSS DB for the connection. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2016-05-25 12:24:12 +0200
committer: Jan Cholasta <jcholast@redhat.com> 2016-06-03 09:00:34 +0200
commit: e056b8dea208ccde8e06b199809ce038ccd0531e (patch)
tree: 0ff9866b1e83a803176f936814404b0446f76248
parent: 43dc424041e6766dbadd46f6f3982d85e69049cc (diff)
download: freeipa-e056b8dea208ccde8e06b199809ce038ccd0531e.tar.gz
freeipa-e056b8dea208ccde8e06b199809ce038ccd0531e.tar.xz
freeipa-e056b8dea208ccde8e06b199809ce038ccd0531e.zip
2 files changed, 6 insertions, 5 deletions
diff --git a/ipalib/constants.py b/ipalib/constants.py
index 021f18cd3..58f9b94eb 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -129,6 +129,8 @@ DEFAULT_CONFIG = (
 
     ('rpc_protocol', 'jsonrpc'),
 
+    ('nss_dir', paths.IPA_NSSDB_DIR),
+
     # Define an inclusive range of SSL/TLS version support
     ('tls_version_min', 'tls1.0'),
     ('tls_version_max', 'tls1.2'),
diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index 120b28501..bb03964db 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -57,7 +57,6 @@ from ipalib.request import context, Connection
 from ipapython.ipa_log_manager import root_logger
 from ipapython import ipautil
 from ipapython import kernel_keyring
-from ipaplatform.paths import paths
 from ipapython.cookie import Cookie
 from ipapython.dnsutil import DNSName
 from ipalib.text import _
@@ -489,7 +488,7 @@ class SSLTransport(LanguageAwareTransport):
         if self._connection and host == self._connection[0]:
             return self._connection[1]
 
-        dbdir = getattr(context, 'nss_dir', paths.IPA_NSSDB_DIR)
+        dbdir = context.nss_dir
         connection_dbdir = self.get_connection_dbdir()
 
         if connection_dbdir:
@@ -869,6 +868,8 @@ class RPCClient(Connectible):
             fallback = self.api.env.fallback
         if delegate is None:
             delegate = self.api.env.delegate
+        if nss_dir is None:
+            nss_dir = self.api.env.nss_dir
         try:
             rpc_uri = self.env[self.env_rpc_uri_key]
             principal = get_principal()
@@ -880,9 +881,7 @@ class RPCClient(Connectible):
         except (errors.CCacheError, ValueError):
             # No session key, do full Kerberos auth
             pass
-        # This might be dangerous. Use at your own risk!
-        if nss_dir:
-            context.nss_dir = nss_dir
+        context.nss_dir = nss_dir
         urls = self.get_url_list(rpc_uri)
         serverproxy = None
         for url in urls:
author	Jan Cholasta <jcholast@redhat.com>	2016-05-25 12:24:12 +0200
committer	Jan Cholasta <jcholast@redhat.com>	2016-06-03 09:00:34 +0200
commit	e056b8dea208ccde8e06b199809ce038ccd0531e (patch)
tree	0ff9866b1e83a803176f936814404b0446f76248
parent	43dc424041e6766dbadd46f6f3982d85e69049cc (diff)
download	freeipa-e056b8dea208ccde8e06b199809ce038ccd0531e.tar.gz freeipa-e056b8dea208ccde8e06b199809ce038ccd0531e.tar.xz freeipa-e056b8dea208ccde8e06b199809ce038ccd0531e.zip