Changes to fix compatibility with Fedora 14

Fedora 14 introduced the following incompatiblities: - the kerberos binaries moved from /usr/kerberos/[s]/bin to /usr/[s]bin - the xmlrpclib in Python 2.7 is not fully backwards compatible to 2.6 Also, when moving the installed host service principals: - don't assume that krbticketflags is set - allow multiple values for krbextradata ticket 155
2025-02-25 18:55:28 -06:00 · 2010-08-31 16:59:27 -04:00 · 2010-08-31 16:59:27 -04:00 · d0ea0bb638
commit d0ea0bb638
parent e05400dad8
5 changed files with 30 additions and 12 deletions
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@ -32,6 +32,7 @@ Also see the `ipaserver.rpcserver` module.

 from types import NoneType
 import threading
+import sys
 import os
 import errno
 from xmlrpclib import Binary, Fault, dumps, loads, ServerProxy, Transport, ProtocolError
@ -42,7 +43,7 @@ from ipalib import errors
 from ipalib.request import context
 from ipapython import ipautil, dnsclient
 import httplib
-from ipapython.nsslib import NSSHTTPS
+from ipapython.nsslib import NSSHTTPS, NSSConnection
 from nss.error import NSPRError
 from urllib2 import urlparse

@ -192,8 +193,15 @@ class SSLTransport(Transport):
    """Handles an HTTPS transaction to an XML-RPC server."""

    def make_connection(self, host):
-        host, extra_headers, x509 = self.get_host_info(host)
-        conn = NSSHTTPS(host, 443, dbdir="/etc/pki/nssdb")
+        host, self._extra_headers, x509 = self.get_host_info(host)
+        host, self._extra_headers, x509 = self.get_host_info(host)
+        # Python 2.7 changed the internal class used in xmlrpclib from
+        # HTTP to HTTPConnection. We need to use the proper subclass
+        (major, minor, micro, releaselevel, serial) = sys.version_info
+        if major == 2 and minor < 7:
+            conn = NSSHTTPS(host, 443, dbdir="/etc/pki/nssdb")
+        else:
+            conn = NSSConnection(host, 443, dbdir="/etc/pki/nssdb")
        conn.connect()
        return conn

--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@ -89,7 +89,7 @@ def write_tmp_file(txt):

    return fd

-def run(args, stdin=None, raiseonerr=True, nolog=()):
+def run(args, stdin=None, raiseonerr=True, nolog=(), env=None):
    """
    Execute a command and return stdin, stdout and the process return code.

@ -113,11 +113,13 @@ def run(args, stdin=None, raiseonerr=True, nolog=()):

    If an value isn't found in the list it is silently ignored.
    """
+    if env is None:
+        env={"PATH": "/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"}
    if stdin:
-        p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
+        p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, env=env)
        stdout,stderr = p.communicate(stdin)
    else:
-        p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
+        p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, env=env)
        stdout,stderr = p.communicate()

    # The command and its output may include passwords that we don't want
--- a/ipapython/nsslib.py
+++ b/ipapython/nsslib.py
@ -18,6 +18,7 @@
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 #

+import sys
 import httplib
 import getpass
 import logging
@ -161,7 +162,7 @@ class NSSConnection(httplib.HTTPConnection):
        logging.debug("connect: %s", net_addr)
        self.sock.connect(net_addr)

-    def endheaders(self):
+    def endheaders(self, message=None):
        """
        Explicitly close the connection if an error is returned after the
        headers are sent. This will likely mean the initial SSL handshake
@ -170,7 +171,13 @@ class NSSConnection(httplib.HTTPConnection):
        """
        try:
            # FIXME: httplib uses old-style classes so super doesn't work
-            httplib.HTTPConnection.endheaders(self)
+            # Python 2.7 changed the API for endheaders. This is an attempt
+            # to work across versions
+            (major, minor, micro, releaselevel, serial) = sys.version_info
+            if major == 2 and minor < 7:
+                httplib.HTTPConnection.endheaders(self)
+            else:
+                httplib.HTTPConnection.endheaders(self, message)
        except NSPRError, e:
            self.close()
            raise e
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@ -313,7 +313,7 @@ def get_directive(filename, directive, separator=' '):
    return None

 def kadmin(command):
-    ipautil.run(["/usr/kerberos/sbin/kadmin.local", "-q", command])
+    ipautil.run(["kadmin.local", "-q", command])

 def kadmin_addprinc(principal):
    kadmin("addprinc -randkey " + principal)
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@ -111,11 +111,12 @@ class KrbInstance(service.Service):
        host_dn = "fqdn=%s,cn=computers,cn=accounts,%s" % (self.fqdn, self.suffix)
        host_entry = ipaldap.Entry(host_dn)
        host_entry.setValues('objectclass', ['top', 'ipaobject', 'nshost', 'ipahost', 'ipaservice', 'pkiuser', 'krbprincipalaux', 'krbprincipal', 'krbticketpolicyaux'])
-        host_entry.setValue('krbextradata', service_entry.getValue('krbextradata'))
+        host_entry.setValues('krbextradata', service_entry.getValues('krbextradata'))
        host_entry.setValue('krblastpwdchange', service_entry.getValue('krblastpwdchange'))
        host_entry.setValue('krbpasswordexpiration', service_entry.getValue('krbpasswordexpiration'))
        host_entry.setValue('krbprincipalname', service_entry.getValue('krbprincipalname'))
-        host_entry.setValue('krbticketflags', service_entry.getValue('krbticketflags'))
+        if 'krbticketflags' in service_entry.toDict():
+            host_entry.setValue('krbticketflags', service_entry.getValue('krbticketflags'))
        host_entry.setValue('krbprincipalkey', service_entry.getValue('krbprincipalkey'))
        host_entry.setValue('serverhostname', self.fqdn.split('.',1)[0])
        host_entry.setValue('cn', self.fqdn)
@ -323,7 +324,7 @@ class KrbInstance(service.Service):

        if not replica:
            #populate the directory with the realm structure
-            args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]
+            args = ["kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]
            try:
                ipautil.run(args)
            except ipautil.CalledProcessError, e: