diff options
author | Michael Simacek <msimacek@redhat.com> | 2015-07-20 16:04:07 +0200 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-08-26 09:41:36 +0200 |
commit | aad73fad601f576dd83b758f4448839b4e8e87df (patch) | |
tree | c99433fc5aade363e7f9f66a7c08fcfd8e3dfc69 /ipatests | |
parent | aebb72e1fb144939285380a6a9261c4d4177195e (diff) | |
download | freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.tar.gz freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.tar.xz freeipa-aad73fad601f576dd83b758f4448839b4e8e87df.zip |
Port from python-krbV to python-gssapi
python-krbV library is deprecated and doesn't work with python 3. Replacing all
it's usages with python-gssapi.
- Removed Backend.krb and KRB5_CCache classes
They were wrappers around krbV classes that cannot really work without them
- Added few utility functions for querying GSSAPI credentials
in krb_utils module. They provide replacements for KRB5_CCache.
- Merged two kinit_keytab functions
- Changed ldap plugin connection defaults to match ipaldap
- Unified getting default realm
Using api.env.realm instead of krbV call
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Diffstat (limited to 'ipatests')
-rw-r--r-- | ipatests/test_cmdline/cmdline.py | 5 | ||||
-rw-r--r-- | ipatests/test_cmdline/test_ipagetkeytab.py | 23 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_dns_plugin.py | 3 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_netgroup_plugin.py | 6 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_permission_plugin.py | 3 |
5 files changed, 14 insertions, 26 deletions
diff --git a/ipatests/test_cmdline/cmdline.py b/ipatests/test_cmdline/cmdline.py index 0ae8cc079..e41b027a3 100644 --- a/ipatests/test_cmdline/cmdline.py +++ b/ipatests/test_cmdline/cmdline.py @@ -22,7 +22,6 @@ Base class for all cmdline tests """ import nose -import krbV import distutils.spawn import os @@ -33,11 +32,9 @@ from ipatests.test_xmlrpc.xmlrpc_test import XMLRPC_test from ipaserver.plugins.ldap2 import ldap2 # See if our LDAP server is up and we can talk to it over GSSAPI -ccache = krbV.default_context().default_ccache() - try: conn = ldap2(api) - conn.connect(ccache=ccache) + conn.connect() conn.disconnect() server_available = True except errors.DatabaseError: diff --git a/ipatests/test_cmdline/test_ipagetkeytab.py b/ipatests/test_cmdline/test_ipagetkeytab.py index 2b99c268e..d9ab0daaa 100644 --- a/ipatests/test_cmdline/test_ipagetkeytab.py +++ b/ipatests/test_cmdline/test_ipagetkeytab.py @@ -26,10 +26,10 @@ from cmdline import cmdline_test from ipalib import api from ipalib import errors import tempfile -from ipapython import ipautil +from ipapython import ipautil, ipaldap import nose import tempfile -import krbV +import gssapi from ipaserver.plugins.ldap2 import ldap2 from ipapython.dn import DN @@ -37,21 +37,18 @@ def use_keytab(principal, keytab): try: tmpdir = tempfile.mkdtemp(prefix = "tmp-") ccache_file = 'FILE:%s/ccache' % tmpdir - krbcontext = krbV.default_context() - principal = str(principal) - keytab = krbV.Keytab(name=keytab, context=krbcontext) - principal = krbV.Principal(name=principal, context=krbcontext) + name = gssapi.Name(principal, gssapi.NameType.kerberos_principal) + store = {'ccache': ccache_file, + 'client_keytab': keytab} os.environ['KRB5CCNAME'] = ccache_file - ccache = krbV.CCache(name=ccache_file, context=krbcontext, primary_principal=principal) - ccache.init(principal) - ccache.init_creds_keytab(keytab=keytab, principal=principal) + gssapi.Credentials(name=name, usage='initiate', store=store) conn = ldap2(api) - conn.connect(ccache=ccache) + conn.connect(autobind=ipaldap.AUTOBIND_DISABLED) conn.disconnect() - except krbV.Krb5Error as e: - raise StandardError('Unable to bind to LDAP. Error initializing principal %s in %s: %s' % (principal.name, keytab, str(e))) + except gssapi.exceptions.GSSError as e: + raise StandardError('Unable to bind to LDAP. Error initializing principal %s in %s: %s' % (principal, keytab, str(e))) finally: - del os.environ['KRB5CCNAME'] + os.environ.pop('KRB5CCNAME', None) if tmpdir: shutil.rmtree(tmpdir) diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py index caad00de3..f0b8edaa1 100644 --- a/ipatests/test_xmlrpc/test_dns_plugin.py +++ b/ipatests/test_xmlrpc/test_dns_plugin.py @@ -34,7 +34,6 @@ try: except ImportError: have_ldap2 = False else: - import krbV have_ldap2 = True _dns_zone_record = DNSName(u'@') @@ -402,7 +401,7 @@ def _get_nameservers_ldap(conn): def get_nameservers(): ldap = ldap2(api) - ldap.connect(ccache=krbV.default_context().default_ccache()) + ldap.connect() nameservers = [normalize_zone(x) for x in _get_nameservers_ldap(ldap)] return nameservers diff --git a/ipatests/test_xmlrpc/test_netgroup_plugin.py b/ipatests/test_xmlrpc/test_netgroup_plugin.py index afe0c617d..10553c21f 100644 --- a/ipatests/test_xmlrpc/test_netgroup_plugin.py +++ b/ipatests/test_xmlrpc/test_netgroup_plugin.py @@ -22,7 +22,6 @@ Test the `ipalib/plugins/netgroup.py` module. """ import nose -import krbV from ipalib import api from ipalib import errors @@ -36,9 +35,6 @@ from ipatests.test_xmlrpc.test_user_plugin import get_user_result # Global so we can save the value between tests netgroup_dn = None -# See if our LDAP server is up and we can talk to it over GSSAPI -ccache = krbV.default_context().default_ccache().name - netgroup1 = u'netgroup1' netgroup2 = u'netgroup2' netgroup_single = u'a' @@ -1298,7 +1294,7 @@ class test_netgroup(Declarative): # # Do an LDAP query to the compat area and verify that the entry # # is correct # conn = ldap2(api) -# conn.connect(ccache=ccache) +# conn.connect() # try: # entries = conn.find_entries('cn=%s' % self.ng_cn, # base_dn='cn=ng,cn=compat,%s' % api.env.basedn) diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index 2d1a7d5e7..971d0e6cb 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -37,7 +37,6 @@ try: except ImportError: have_ldap2 = False else: - import krbV have_ldap2 = True permission1 = u'testperm' @@ -3175,7 +3174,7 @@ class test_managed_permissions(Declarative): def add_managed_permission(self): """Add a managed permission and the corresponding ACI""" ldap = ldap2(api) - ldap.connect(ccache=krbV.default_context().default_ccache()) + ldap.connect() result = api.Command.permission_add(permission1, type=u'user', ipapermright=u'write', |