Port from python-krbV to python-gssapi

python-krbV library is deprecated and doesn't work with python 3. Replacing all it's usages with python-gssapi. - Removed Backend.krb and KRB5_CCache classes They were wrappers around krbV classes that cannot really work without them - Added few utility functions for querying GSSAPI credentials in krb_utils module. They provide replacements for KRB5_CCache. - Merged two kinit_keytab functions - Changed ldap plugin connection defaults to match ipaldap - Unified getting default realm Using api.env.realm instead of krbV call Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
author: Michael Simacek <msimacek@redhat.com> 2015-07-20 16:04:07 +0200
committer: Jan Cholasta <jcholast@redhat.com> 2015-08-26 09:41:36 +0200
commit: aad73fad601f576dd83b758f4448839b4e8e87df (patch)
tree: c99433fc5aade363e7f9f66a7c08fcfd8e3dfc69 /ipa-client
parent: aebb72e1fb144939285380a6a9261c4d4177195e (diff)
download: freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.tar.gz
freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.tar.xz
freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.zip
3 files changed, 10 insertions, 10 deletions
diff --git a/ipa-client/ipa-client.spec.in b/ipa-client/ipa-client.spec.in
index 686259ad2..4413937bb 100644
--- a/ipa-client/ipa-client.spec.in
+++ b/ipa-client/ipa-client.spec.in
@@ -9,7 +9,7 @@ URL:            http://www.freeipa.org
 Source0:        %{name}-%{version}.tgz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-Requires: python python-ldap python-krbV ipa-python cyrus-sasl-gssapi
+Requires: python python-ldap python-gssapi ipa-python cyrus-sasl-gssapi
 
 %{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
 
diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount
index 0739a2e6b..4abc853dc 100755
--- a/ipa-client/ipa-install/ipa-client-automount
+++ b/ipa-client/ipa-install/ipa-client-automount
@@ -26,7 +26,7 @@ import os
 import urlparse
 import time
 import tempfile
-from krbV import Krb5Error
+import gssapi
 
 import SSSDConfig
 
@@ -427,15 +427,14 @@ def main():
     print "Location: %s" % options.location
     root_logger.debug('Using automount location %s' % options.location)
 
-    # Verify that the location is valid
-    (ccache_fd, ccache_name) = tempfile.mkstemp()
-    os.close(ccache_fd)
+    ccache_dir = tempfile.mkdtemp()
+    ccache_name = os.path.join(ccache_dir, 'ccache')
     try:
         try:
             host_princ = str('host/%s@%s' % (api.env.host, api.env.realm))
             ipautil.kinit_keytab(host_princ, paths.KRB5_KEYTAB, ccache_name)
             os.environ['KRB5CCNAME'] = ccache_name
-        except Krb5Error as e:
+        except gssapi.exceptions.GSSError as e:
             sys.exit("Failed to obtain host TGT: %s" % e)
         # Now we have a TGT, connect to IPA
         try:
@@ -457,6 +456,7 @@ def main():
             sys.exit("Cannot connect to the server due to generic error: %s" % str(e))
     finally:
         os.remove(ccache_name)
+        os.rmdir(ccache_dir)
 
     if not options.unattended and not ipautil.user_input("Continue to configure the system with these values?", False):
         sys.exit("Installation aborted")
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index c2131ffb6..9352b0049 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -31,8 +31,8 @@ try:
     from ConfigParser import RawConfigParser
     from optparse import SUPPRESS_HELP, OptionGroup, OptionValueError
     import shutil
-    from krbV import Krb5Error
     import dns
+    import gssapi
 
     import nss.nss as nss
     import SSSDConfig
@@ -2618,7 +2618,7 @@ def install(options, env, fstore, statestore):
                                              ccache_name,
                                              config=krb_name,
                                              attempts=options.kinit_attempts)
-                    except Krb5Error as e:
+                    except gssapi.exceptions.GSSError as e:
                         print_port_conf_info()
                         root_logger.error("Kerberos authentication failed: %s"
                                           % e)
@@ -2698,7 +2698,7 @@ def install(options, env, fstore, statestore):
                                      config=krb_name,
                                      attempts=options.kinit_attempts)
                 env['KRB5CCNAME'] = os.environ['KRB5CCNAME'] = CCACHE_FILE
-            except Krb5Error as e:
+            except gssapi.exceptions.GSSError as e:
                 print_port_conf_info()
                 root_logger.error("Failed to obtain host TGT: %s" % e)
                 # failure to get ticket makes it impossible to login and bind
@@ -2745,7 +2745,7 @@ def install(options, env, fstore, statestore):
                                  CCACHE_FILE,
                                  attempts=options.kinit_attempts)
             os.environ['KRB5CCNAME'] = CCACHE_FILE
-        except Krb5Error as e:
+        except gssapi.exceptions.GSSError as e:
             root_logger.error("Failed to obtain host TGT: %s" % e)
             return CLIENT_INSTALL_ERROR
     else:
author	Michael Simacek <msimacek@redhat.com>	2015-07-20 16:04:07 +0200
committer	Jan Cholasta <jcholast@redhat.com>	2015-08-26 09:41:36 +0200
commit	aad73fad601f576dd83b758f4448839b4e8e87df (patch)
tree	c99433fc5aade363e7f9f66a7c08fcfd8e3dfc69 /ipa-client
parent	aebb72e1fb144939285380a6a9261c4d4177195e (diff)
download	freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.tar.gz freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.tar.xz freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.zip