IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Allow rpc callers to pass ccache and service names

Browse Source 
This allows code to use multiple ccaches without having to muck with the
process global environment variables (KRB5CCNAME).

https://fedorahosted.org/freeipa/ticket/6543

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Simo Sorce 2017-02-13 08:29:35 -05:00 committed by Jan Cholasta
parent 00a9d2f94d
commit 41c1efc44a
1 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ipalib/rpc.py
View File

@ -422,9 +422,9 @@ class DummyParser(object):
class MultiProtocolTransport(Transport): class MultiProtocolTransport(Transport):
"""Transport that handles both XML-RPC and JSON""" """Transport that handles both XML-RPC and JSON"""
def __init__(self, protocol): def __init__(self, *args, **kwargs):
Transport.__init__(self) Transport.__init__(self)
self.protocol = protocol self.protocol = kwargs.get('protocol', None)
def getparser(self): def getparser(self):
if self.protocol == 'json': if self.protocol == 'json':
@ -529,6 +529,8 @@ class KerbTransport(SSLTransport):
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
SSLTransport.__init__(self, *args, **kwargs) SSLTransport.__init__(self, *args, **kwargs)
self._sec_context = None self._sec_context = None
self.service = kwargs.pop("service", "HTTP")
self.ccache = kwargs.pop("ccache", None)
def _handle_exception(self, e, service=None): def _handle_exception(self, e, service=None):
minor = e.min_code minor = e.min_code
@ -565,11 +567,16 @@ class KerbTransport(SSLTransport):
return (host, extra_headers, x509) return (host, extra_headers, x509)
# Set the remote host principal # Set the remote host principal
service = "HTTP@" + host.split(':')[0] service = self.service + "@" + host.split(':')[0]
try: try:
creds = None
if self.ccache:
creds = gssapi.Credentials(usage='initiate',
store={'ccache': self.ccache})
name = gssapi.Name(service, gssapi.NameType.hostbased_service) name = gssapi.Name(service, gssapi.NameType.hostbased_service)
self._sec_context = gssapi.SecurityContext(name=name, flags=self.flags) self._sec_context = gssapi.SecurityContext(creds=creds, name=name,
flags=self.flags)
response = self._sec_context.step() response = self._sec_context.step()
except gssapi.exceptions.GSSError as e: except gssapi.exceptions.GSSError as e:
self._handle_exception(e, service=service) self._handle_exception(e, service=service)
@ -895,7 +902,7 @@ class RPCClient(Connectible):
nss_dir = self.api.env.nss_dir nss_dir = self.api.env.nss_dir
try: try:
rpc_uri = self.env[self.env_rpc_uri_key] rpc_uri = self.env[self.env_rpc_uri_key]
principal = get_principal() principal = get_principal(ccache_name=ccache)
setattr(context, 'principal', principal) setattr(context, 'principal', principal)
# We have a session cookie, try using the session URI to see if it # We have a session cookie, try using the session URI to see if it
# is still valid # is still valid
@ -917,7 +924,8 @@ class RPCClient(Connectible):
transport_class = KerbTransport transport_class = KerbTransport
else: else:
transport_class = LanguageAwareTransport transport_class = LanguageAwareTransport
kw['transport'] = transport_class(protocol=self.protocol) kw['transport'] = transport_class(protocol=self.protocol,
service='HTTP', ccache=ccache)
self.log.info('trying %s' % url) self.log.info('trying %s' % url)
setattr(context, 'request_url', url) setattr(context, 'request_url', url)
serverproxy = self.server_proxy_class(url, **kw) serverproxy = self.server_proxy_class(url, **kw)