diff options
author | Michael Simacek <msimacek@redhat.com> | 2015-07-20 16:04:07 +0200 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-08-26 09:41:36 +0200 |
commit | aad73fad601f576dd83b758f4448839b4e8e87df (patch) | |
tree | c99433fc5aade363e7f9f66a7c08fcfd8e3dfc69 /ipa-client | |
parent | aebb72e1fb144939285380a6a9261c4d4177195e (diff) | |
download | freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.tar.gz freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.tar.xz freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.zip |
Port from python-krbV to python-gssapi
python-krbV library is deprecated and doesn't work with python 3. Replacing all
it's usages with python-gssapi.
- Removed Backend.krb and KRB5_CCache classes
They were wrappers around krbV classes that cannot really work without them
- Added few utility functions for querying GSSAPI credentials
in krb_utils module. They provide replacements for KRB5_CCache.
- Merged two kinit_keytab functions
- Changed ldap plugin connection defaults to match ipaldap
- Unified getting default realm
Using api.env.realm instead of krbV call
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Diffstat (limited to 'ipa-client')
-rw-r--r-- | ipa-client/ipa-client.spec.in | 2 | ||||
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-automount | 10 | ||||
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 8 |
3 files changed, 10 insertions, 10 deletions
diff --git a/ipa-client/ipa-client.spec.in b/ipa-client/ipa-client.spec.in index 686259ad2..4413937bb 100644 --- a/ipa-client/ipa-client.spec.in +++ b/ipa-client/ipa-client.spec.in @@ -9,7 +9,7 @@ URL: http://www.freeipa.org Source0: %{name}-%{version}.tgz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Requires: python python-ldap python-krbV ipa-python cyrus-sasl-gssapi +Requires: python python-ldap python-gssapi ipa-python cyrus-sasl-gssapi %{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount index 0739a2e6b..4abc853dc 100755 --- a/ipa-client/ipa-install/ipa-client-automount +++ b/ipa-client/ipa-install/ipa-client-automount @@ -26,7 +26,7 @@ import os import urlparse import time import tempfile -from krbV import Krb5Error +import gssapi import SSSDConfig @@ -427,15 +427,14 @@ def main(): print "Location: %s" % options.location root_logger.debug('Using automount location %s' % options.location) - # Verify that the location is valid - (ccache_fd, ccache_name) = tempfile.mkstemp() - os.close(ccache_fd) + ccache_dir = tempfile.mkdtemp() + ccache_name = os.path.join(ccache_dir, 'ccache') try: try: host_princ = str('host/%s@%s' % (api.env.host, api.env.realm)) ipautil.kinit_keytab(host_princ, paths.KRB5_KEYTAB, ccache_name) os.environ['KRB5CCNAME'] = ccache_name - except Krb5Error as e: + except gssapi.exceptions.GSSError as e: sys.exit("Failed to obtain host TGT: %s" % e) # Now we have a TGT, connect to IPA try: @@ -457,6 +456,7 @@ def main(): sys.exit("Cannot connect to the server due to generic error: %s" % str(e)) finally: os.remove(ccache_name) + os.rmdir(ccache_dir) if not options.unattended and not ipautil.user_input("Continue to configure the system with these values?", False): sys.exit("Installation aborted") diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index c2131ffb6..9352b0049 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -31,8 +31,8 @@ try: from ConfigParser import RawConfigParser from optparse import SUPPRESS_HELP, OptionGroup, OptionValueError import shutil - from krbV import Krb5Error import dns + import gssapi import nss.nss as nss import SSSDConfig @@ -2618,7 +2618,7 @@ def install(options, env, fstore, statestore): ccache_name, config=krb_name, attempts=options.kinit_attempts) - except Krb5Error as e: + except gssapi.exceptions.GSSError as e: print_port_conf_info() root_logger.error("Kerberos authentication failed: %s" % e) @@ -2698,7 +2698,7 @@ def install(options, env, fstore, statestore): config=krb_name, attempts=options.kinit_attempts) env['KRB5CCNAME'] = os.environ['KRB5CCNAME'] = CCACHE_FILE - except Krb5Error as e: + except gssapi.exceptions.GSSError as e: print_port_conf_info() root_logger.error("Failed to obtain host TGT: %s" % e) # failure to get ticket makes it impossible to login and bind @@ -2745,7 +2745,7 @@ def install(options, env, fstore, statestore): CCACHE_FILE, attempts=options.kinit_attempts) os.environ['KRB5CCNAME'] = CCACHE_FILE - except Krb5Error as e: + except gssapi.exceptions.GSSError as e: root_logger.error("Failed to obtain host TGT: %s" % e) return CLIENT_INSTALL_ERROR else: |