From 12d8767920c07845fc2746cb9bf377e531ab3a4a Mon Sep 17 00:00:00 2001
From: William Brown <firstyear@redhat.com>
Date: Tue, 31 May 2016 13:04:29 +1000
Subject: [PATCH 2/2] Ticket 48857 - Remove python-krbV from lib389

Bug Description:  python-krbV is no longer supported and not compatible with
python3.

Fix Description:  Remove krbV module, and use gssapi functions instead

https://fedorahosted.org/389/ticket/48857

Author: wibrown

Review by: ???
---
 lib389/mit_krb5.py               | 36 +++++++++++-------------------------
 lib389/tests/krb5_create_test.py | 26 ++++++++++++++++++++------
 2 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/lib389/mit_krb5.py b/lib389/mit_krb5.py
index dc28fcd..6b5308c 100644
--- a/lib389/mit_krb5.py
+++ b/lib389/mit_krb5.py
@@ -14,11 +14,11 @@ integration with 389ds.
 """
 # In the future we might add support for an ldap-backed krb realm
 from subprocess import Popen, PIPE
-import krbV
 import os
 import signal
 import string
 import random
+import subprocess
 
 from lib389._constants import *
 from socket import getfqdn
@@ -214,28 +214,14 @@ class MitKrb5(object):
                   (keytab, principal, self.realm)])
         assert(p.wait() == 0)
 
-
 class KrbClient(object):
-    def __init__(self, principal, keytab, cache_file=None):
-        self.context = krbV.default_context()
-        self.principal = principal
-        self.keytab = keytab
-        self._keytab = krbV.Keytab(name=self.keytab, context=self.context)
-        self._principal = krbV.Principal(name=self.principal,
-                                         context=self.context)
-        if cache_file:
-            self.ccache = krbV.CCache(name="FILE:" + cache_file,
-                                      context=self.context,
-                                      primary_principal=self._principal)
-        else:
-            self.ccache = self.context.default_ccache(
-                primary_principal=self._principal)
-        if self._keytab:
-            self.reinit()
-
-    def reinit(self):
-        assert self._keytab
-        assert self._principal
-        self.ccache.init(self._principal)
-        self.ccache.init_creds_keytab(keytab=self._keytab,
-                                      principal=self._principal)
+    def __init__(self, principal, keytab, ccache=None):
+        self.krb_prefix = ""
+        self.kdestroy = "/usr/bin/kdestroy"
+        if ccache is not None:
+            os.environ["KRB5CCNAME"] = ccache
+        # Destroy the previous cache if any.
+        subprocess.call(self.kdestroy)
+        # Gssapi has magic that automatically creates things by env vars
+        os.environ["KRB5_CLIENT_KTNAME"] = keytab
+
diff --git a/lib389/tests/krb5_create_test.py b/lib389/tests/krb5_create_test.py
index b1218d8..06b832a 100644
--- a/lib389/tests/krb5_create_test.py
+++ b/lib389/tests/krb5_create_test.py
@@ -13,6 +13,7 @@ from lib389 import DirSrv, Entry
 import pytest
 import logging
 import socket
+import subprocess
 
 import ldap
 import ldap.sasl
@@ -25,6 +26,8 @@ INSTANCE_SERVERID = 'gssapi'
 REALM = "EXAMPLE.COM"
 TEST_USER = 'uid=test,%s' % DEFAULT_SUFFIX
 
+KEYTAB = "/tmp/test.keytab"
+CCACHE = "FILE:/tmp/test.ccache"
 
 class TopologyInstance(object):
     def __init__(self, instance):
@@ -39,8 +42,8 @@ def topology(request):
     instance = DirSrv(verbose=False)
     instance.log.debug("Instance allocated")
     ## WARNING: If this test fails it's like a hostname issue!!!
-    # args = {SER_HOST: socket.gethostname(),
-    args = {SER_HOST: LOCALHOST,
+    args = {SER_HOST: socket.gethostname(),
+    #args = {SER_HOST: LOCALHOST,
             SER_PORT: INSTANCE_PORT,
             SER_REALM: REALM,
             SER_SERVERID_PROP: INSTANCE_SERVERID}
@@ -48,6 +51,9 @@ def topology(request):
     if instance.exists():
         instance.delete()
     # Its likely our realm exists too
+    # Remove the old keytab
+    if os.path.exists(KEYTAB):
+        os.remove(KEYTAB)
     if krb.check_realm():
         krb.destroy_realm()
     # This will automatically create the krb entries
@@ -56,11 +62,14 @@ def topology(request):
     instance.open()
 
     def fin():
-        return
         if instance.exists():
             instance.delete()
         if krb.check_realm():
             krb.destroy_realm()
+        if os.path.exists(KEYTAB):
+            os.remove(KEYTAB)
+        if os.path.exists(CCACHE):
+            os.remove(CCACHE)
     request.addfinalizer(fin)
 
     return TopologyInstance(instance)
@@ -90,14 +99,19 @@ def test_gssapi(topology, add_user):
     the principal to our test user object.
     """
     # Init our local ccache
-    kclient = KrbClient("test@%s" % REALM, "/tmp/test.keytab")
+    kclient = KrbClient("test@%s" % REALM, KEYTAB, CCACHE)
     # Probably need to change this to NOT be raw python ldap
-    conn = ldap.initialize("ldap://%s:%s" % (LOCALHOST, INSTANCE_PORT))
-    # conn = ldap.initialize("ldap://%s:%s" % (socket.gethostname(), INSTANCE_PORT))
+    # conn = ldap.initialize("ldap://%s:%s" % (LOCALHOST, INSTANCE_PORT))
+    conn = ldap.initialize("ldap://%s:%s" % (socket.gethostname(), INSTANCE_PORT))
     sasl = ldap.sasl.gssapi("test@%s" % REALM)
     try:
         conn.sasl_interactive_bind_s('', sasl)
     except Exception as e:
+        try:
+            print("%s" % subprocess.check_output(['klist']))
+        except Exception as ex:
+            print("%s" % ex)
+        print("%s" % os.environ)
         print("IF THIS TEST FAILS ITS LIKELY A HOSTNAME ISSUE")
         raise e
     assert(conn.whoami_s() == "dn: uid=test,dc=example,dc=com")
-- 
2.5.5