diff options
author | Michael Simacek <msimacek@redhat.com> | 2015-07-20 16:04:07 +0200 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-08-26 09:41:36 +0200 |
commit | aad73fad601f576dd83b758f4448839b4e8e87df (patch) | |
tree | c99433fc5aade363e7f9f66a7c08fcfd8e3dfc69 /ipaserver/install | |
parent | aebb72e1fb144939285380a6a9261c4d4177195e (diff) | |
download | freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.tar.gz freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.tar.xz freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.zip |
Port from python-krbV to python-gssapi
python-krbV library is deprecated and doesn't work with python 3. Replacing all
it's usages with python-gssapi.
- Removed Backend.krb and KRB5_CCache classes
They were wrappers around krbV classes that cannot really work without them
- Added few utility functions for querying GSSAPI credentials
in krb_utils module. They provide replacements for KRB5_CCache.
- Merged two kinit_keytab functions
- Changed ldap plugin connection defaults to match ipaldap
- Unified getting default realm
Using api.env.realm instead of krbV call
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Diffstat (limited to 'ipaserver/install')
-rw-r--r-- | ipaserver/install/ipa_cacert_manage.py | 7 | ||||
-rw-r--r-- | ipaserver/install/ipa_ldap_updater.py | 4 | ||||
-rw-r--r-- | ipaserver/install/ipa_otptoken_import.py | 7 | ||||
-rw-r--r-- | ipaserver/install/ipa_winsync_migrate.py | 10 | ||||
-rw-r--r-- | ipaserver/install/ldapupdate.py | 10 | ||||
-rw-r--r-- | ipaserver/install/schemaupdate.py | 4 | ||||
-rw-r--r-- | ipaserver/install/server/upgrade.py | 3 |
7 files changed, 16 insertions, 29 deletions
diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py index 34a931d1a..c991cafa1 100644 --- a/ipaserver/install/ipa_cacert_manage.py +++ b/ipaserver/install/ipa_cacert_manage.py @@ -23,7 +23,7 @@ from optparse import OptionGroup import base64 from nss import nss from nss.error import NSPRError -import krbV +import gssapi from ipapython import admintool, certmonger, ipautil from ipapython.dn import DN @@ -126,9 +126,8 @@ class CACertManage(admintool.AdminTool): password = self.options.password if not password: try: - ccache = krbV.default_context().default_ccache() - conn.connect(ccache=ccache) - except (krbV.Krb5Error, errors.ACIError): + conn.connect() + except (gssapi.exceptions.GSSError, errors.ACIError): pass else: return conn diff --git a/ipaserver/install/ipa_ldap_updater.py b/ipaserver/install/ipa_ldap_updater.py index 2c4f28af4..8321c20a3 100644 --- a/ipaserver/install/ipa_ldap_updater.py +++ b/ipaserver/install/ipa_ldap_updater.py @@ -26,8 +26,6 @@ import os import sys -import krbV - from ipalib import api from ipapython import ipautil, admintool from ipaplatform.paths import paths @@ -100,7 +98,7 @@ class LDAPUpdater_Upgrade(LDAPUpdater): super(LDAPUpdater_Upgrade, self).run() options = self.options - realm = krbV.default_context().default_realm + realm = api.env.realm upgrade = IPAUpgrade(realm, self.files, schema_files=options.schema_files) diff --git a/ipaserver/install/ipa_otptoken_import.py b/ipaserver/install/ipa_otptoken_import.py index 386ca4273..ae89f7e07 100644 --- a/ipaserver/install/ipa_otptoken_import.py +++ b/ipaserver/install/ipa_otptoken_import.py @@ -30,7 +30,7 @@ from lxml import etree import dateutil.parser import dateutil.tz import nss.nss as nss -import krbV +import gssapi from ipapython import admintool from ipalib import api, errors @@ -509,9 +509,8 @@ class OTPTokenImport(admintool.AdminTool): conn = ldap2(api) try: - ccache = krbV.default_context().default_ccache() - conn.connect(ccache=ccache) - except (krbV.Krb5Error, errors.ACIError): + conn.connect() + except (gssapi.exceptions.GSSError, errors.ACIError): raise admintool.ScriptError("Unable to connect to LDAP! Did you kinit?") try: diff --git a/ipaserver/install/ipa_winsync_migrate.py b/ipaserver/install/ipa_winsync_migrate.py index 097b8c806..75d1dbe31 100644 --- a/ipaserver/install/ipa_winsync_migrate.py +++ b/ipaserver/install/ipa_winsync_migrate.py @@ -17,7 +17,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # -import krbV +import gssapi import sys from ipalib import api @@ -321,12 +321,10 @@ class WinsyncMigrate(admintool.AdminTool): # Setup LDAP connection try: - ctx = krbV.default_context() - ccache = ctx.default_ccache() - api.Backend.ldap2.connect(ccache) + api.Backend.ldap2.connect() cls.ldap = api.Backend.ldap2 - except krbV.Krb5Error as e: - sys.exit("Must have Kerberos credentials to migrate Winsync users.") + except gssapi.exceptions.GSSError as e: + sys.exit("Must have Kerberos credentials to migrate Winsync users. Error: %s" % e) except errors.ACIError as e: sys.exit("Outdated Kerberos credentials. Use kdestroy and kinit to update your ticket.") except errors.DatabaseError as e: diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index 1f3aca542..0444327aa 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -32,7 +32,6 @@ import pwd import fnmatch import re -import krbV import ldap from ipaserver.install import installutils @@ -272,13 +271,8 @@ class LDAPUpdate: if sub_dict.get("REALM"): self.realm = sub_dict["REALM"] else: - krbctx = krbV.default_context() - try: - self.realm = krbctx.default_realm - suffix = ipautil.realm_to_suffix(self.realm) - except krbV.Krb5Error: - self.realm = None - suffix = None + self.realm = api.env.realm + suffix = ipautil.realm_to_suffix(self.realm) if self.realm else None if suffix is not None: assert isinstance(suffix, DN) diff --git a/ipaserver/install/schemaupdate.py b/ipaserver/install/schemaupdate.py index 03edb6307..f98d0e949 100644 --- a/ipaserver/install/schemaupdate.py +++ b/ipaserver/install/schemaupdate.py @@ -20,9 +20,9 @@ import pprint import ldap.schema -import krbV import ipapython.version +from ipalib import api from ipapython.ipa_log_manager import log_mgr from ipapython.dn import DN from ipaserver.install.ldapupdate import connect @@ -106,7 +106,7 @@ def update_schema(schema_files, ldapi=False, dm_password=None,): SCHEMA_ELEMENT_CLASSES_KEYS = [x[0] for x in SCHEMA_ELEMENT_CLASSES] conn = connect(ldapi=ldapi, dm_password=dm_password, - realm=krbV.default_context().default_realm, + realm=api.env.realm, fqdn=installutils.get_fqdn()) old_schema = conn.schema diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index f8a4ff282..cb92250e4 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -9,7 +9,6 @@ import pwd import fileinput import ConfigParser import sys -import krbV from ipalib import api import SSSDConfig @@ -1567,7 +1566,7 @@ def upgrade_check(options): def upgrade(): - realm = krbV.default_context().default_realm + realm = api.env.realm schema_files = [os.path.join(ipautil.SHARE_DIR, f) for f in dsinstance.ALL_SCHEMA_FILES] data_upgrade = IPAUpgrade(realm, schema_files=schema_files) |