diff options
| author | Michael Simacek <msimacek@redhat.com> | 2015-07-20 16:04:07 +0200 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-08-26 09:41:36 +0200 |
| commit | aad73fad601f576dd83b758f4448839b4e8e87df (patch) | |
| tree | c99433fc5aade363e7f9f66a7c08fcfd8e3dfc69 /ipalib/rpc.py | |
| parent | aebb72e1fb144939285380a6a9261c4d4177195e (diff) | |
| download | freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.tar.gz freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.tar.xz freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.zip | |
Port from python-krbV to python-gssapi
python-krbV library is deprecated and doesn't work with python 3. Replacing all
it's usages with python-gssapi.
- Removed Backend.krb and KRB5_CCache classes
They were wrappers around krbV classes that cannot really work without them
- Added few utility functions for querying GSSAPI credentials
in krb_utils module. They provide replacements for KRB5_CCache.
- Merged two kinit_keytab functions
- Changed ldap plugin connection defaults to match ipaldap
- Unified getting default realm
Using api.env.realm instead of krbV call
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Diffstat (limited to 'ipalib/rpc.py')
| -rw-r--r-- | ipalib/rpc.py | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 04b8d01d9..9d0fc8f7b 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -55,7 +55,6 @@ from ipalib.errors import (public_errors, UnknownError, NetworkError, KerberosError, XMLRPCMarshallError, JSONError, ConversionError) from ipalib import errors, capabilities from ipalib.request import context, Connection -from ipalib.util import get_current_principal from ipapython.ipa_log_manager import root_logger from ipapython import ipautil from ipapython import kernel_keyring @@ -66,7 +65,8 @@ from ipalib.text import _ import ipapython.nsslib from ipapython.nsslib import NSSHTTPS, NSSConnection from ipalib.krb_utils import KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, KRB5KRB_AP_ERR_TKT_EXPIRED, \ - KRB5_FCC_PERM, KRB5_FCC_NOFILE, KRB5_CC_FORMAT, KRB5_REALM_CANT_RESOLVE + KRB5_FCC_PERM, KRB5_FCC_NOFILE, KRB5_CC_FORMAT, \ + KRB5_REALM_CANT_RESOLVE, get_principal from ipapython.dn import DN from ipalib.capabilities import VERSION_WITHOUT_CAPABILITIES from ipalib import api @@ -518,10 +518,7 @@ class KerbTransport(SSLTransport): self._sec_context = None def _handle_exception(self, e, service=None): - # kerberos library coerced error codes to signed, gssapi uses unsigned minor = e.min_code - if minor & (1 << 31): - minor -= 1 << 32 if minor == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: raise errors.ServiceError(service=service) elif minor == KRB5_FCC_NOFILE: @@ -835,7 +832,7 @@ class RPCClient(Connectible): delegate=False, nss_dir=None): try: rpc_uri = self.env[self.env_rpc_uri_key] - principal = get_current_principal() + principal = get_principal() setattr(context, 'principal', principal) # We have a session cookie, try using the session URI to see if it # is still valid |