mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Changes to fix compatibility with Fedora 14
Fedora 14 introduced the following incompatiblities: - the kerberos binaries moved from /usr/kerberos/[s]/bin to /usr/[s]bin - the xmlrpclib in Python 2.7 is not fully backwards compatible to 2.6 Also, when moving the installed host service principals: - don't assume that krbticketflags is set - allow multiple values for krbextradata ticket 155
This commit is contained in:
@@ -32,6 +32,7 @@ Also see the `ipaserver.rpcserver` module.
|
||||
|
||||
from types import NoneType
|
||||
import threading
|
||||
import sys
|
||||
import os
|
||||
import errno
|
||||
from xmlrpclib import Binary, Fault, dumps, loads, ServerProxy, Transport, ProtocolError
|
||||
@@ -42,7 +43,7 @@ from ipalib import errors
|
||||
from ipalib.request import context
|
||||
from ipapython import ipautil, dnsclient
|
||||
import httplib
|
||||
from ipapython.nsslib import NSSHTTPS
|
||||
from ipapython.nsslib import NSSHTTPS, NSSConnection
|
||||
from nss.error import NSPRError
|
||||
from urllib2 import urlparse
|
||||
|
||||
@@ -192,8 +193,15 @@ class SSLTransport(Transport):
|
||||
"""Handles an HTTPS transaction to an XML-RPC server."""
|
||||
|
||||
def make_connection(self, host):
|
||||
host, extra_headers, x509 = self.get_host_info(host)
|
||||
conn = NSSHTTPS(host, 443, dbdir="/etc/pki/nssdb")
|
||||
host, self._extra_headers, x509 = self.get_host_info(host)
|
||||
host, self._extra_headers, x509 = self.get_host_info(host)
|
||||
# Python 2.7 changed the internal class used in xmlrpclib from
|
||||
# HTTP to HTTPConnection. We need to use the proper subclass
|
||||
(major, minor, micro, releaselevel, serial) = sys.version_info
|
||||
if major == 2 and minor < 7:
|
||||
conn = NSSHTTPS(host, 443, dbdir="/etc/pki/nssdb")
|
||||
else:
|
||||
conn = NSSConnection(host, 443, dbdir="/etc/pki/nssdb")
|
||||
conn.connect()
|
||||
return conn
|
||||
|
||||
|
@@ -89,7 +89,7 @@ def write_tmp_file(txt):
|
||||
|
||||
return fd
|
||||
|
||||
def run(args, stdin=None, raiseonerr=True, nolog=()):
|
||||
def run(args, stdin=None, raiseonerr=True, nolog=(), env=None):
|
||||
"""
|
||||
Execute a command and return stdin, stdout and the process return code.
|
||||
|
||||
@@ -113,11 +113,13 @@ def run(args, stdin=None, raiseonerr=True, nolog=()):
|
||||
|
||||
If an value isn't found in the list it is silently ignored.
|
||||
"""
|
||||
if env is None:
|
||||
env={"PATH": "/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"}
|
||||
if stdin:
|
||||
p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
|
||||
p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, env=env)
|
||||
stdout,stderr = p.communicate(stdin)
|
||||
else:
|
||||
p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
|
||||
p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, env=env)
|
||||
stdout,stderr = p.communicate()
|
||||
|
||||
# The command and its output may include passwords that we don't want
|
||||
|
@@ -18,6 +18,7 @@
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
|
||||
import sys
|
||||
import httplib
|
||||
import getpass
|
||||
import logging
|
||||
@@ -161,7 +162,7 @@ class NSSConnection(httplib.HTTPConnection):
|
||||
logging.debug("connect: %s", net_addr)
|
||||
self.sock.connect(net_addr)
|
||||
|
||||
def endheaders(self):
|
||||
def endheaders(self, message=None):
|
||||
"""
|
||||
Explicitly close the connection if an error is returned after the
|
||||
headers are sent. This will likely mean the initial SSL handshake
|
||||
@@ -170,7 +171,13 @@ class NSSConnection(httplib.HTTPConnection):
|
||||
"""
|
||||
try:
|
||||
# FIXME: httplib uses old-style classes so super doesn't work
|
||||
httplib.HTTPConnection.endheaders(self)
|
||||
# Python 2.7 changed the API for endheaders. This is an attempt
|
||||
# to work across versions
|
||||
(major, minor, micro, releaselevel, serial) = sys.version_info
|
||||
if major == 2 and minor < 7:
|
||||
httplib.HTTPConnection.endheaders(self)
|
||||
else:
|
||||
httplib.HTTPConnection.endheaders(self, message)
|
||||
except NSPRError, e:
|
||||
self.close()
|
||||
raise e
|
||||
|
@@ -313,7 +313,7 @@ def get_directive(filename, directive, separator=' '):
|
||||
return None
|
||||
|
||||
def kadmin(command):
|
||||
ipautil.run(["/usr/kerberos/sbin/kadmin.local", "-q", command])
|
||||
ipautil.run(["kadmin.local", "-q", command])
|
||||
|
||||
def kadmin_addprinc(principal):
|
||||
kadmin("addprinc -randkey " + principal)
|
||||
|
@@ -111,11 +111,12 @@ class KrbInstance(service.Service):
|
||||
host_dn = "fqdn=%s,cn=computers,cn=accounts,%s" % (self.fqdn, self.suffix)
|
||||
host_entry = ipaldap.Entry(host_dn)
|
||||
host_entry.setValues('objectclass', ['top', 'ipaobject', 'nshost', 'ipahost', 'ipaservice', 'pkiuser', 'krbprincipalaux', 'krbprincipal', 'krbticketpolicyaux'])
|
||||
host_entry.setValue('krbextradata', service_entry.getValue('krbextradata'))
|
||||
host_entry.setValues('krbextradata', service_entry.getValues('krbextradata'))
|
||||
host_entry.setValue('krblastpwdchange', service_entry.getValue('krblastpwdchange'))
|
||||
host_entry.setValue('krbpasswordexpiration', service_entry.getValue('krbpasswordexpiration'))
|
||||
host_entry.setValue('krbprincipalname', service_entry.getValue('krbprincipalname'))
|
||||
host_entry.setValue('krbticketflags', service_entry.getValue('krbticketflags'))
|
||||
if 'krbticketflags' in service_entry.toDict():
|
||||
host_entry.setValue('krbticketflags', service_entry.getValue('krbticketflags'))
|
||||
host_entry.setValue('krbprincipalkey', service_entry.getValue('krbprincipalkey'))
|
||||
host_entry.setValue('serverhostname', self.fqdn.split('.',1)[0])
|
||||
host_entry.setValue('cn', self.fqdn)
|
||||
@@ -323,7 +324,7 @@ class KrbInstance(service.Service):
|
||||
|
||||
if not replica:
|
||||
#populate the directory with the realm structure
|
||||
args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]
|
||||
args = ["kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]
|
||||
try:
|
||||
ipautil.run(args)
|
||||
except ipautil.CalledProcessError, e:
|
||||
|
Reference in New Issue
Block a user