389-ds-base

Clone
Source Code
GIT

#50730 Ticket 50729 - add support for gssapi tests on suse
Closed 3 years ago by spichugi. Opened 4 years ago by firstyear.
firstyear/389-ds-base 20191118-suse-krb  into  master

file modified
+1 -1 
@@ -97,7 +97,7 @@ 
 

      st.realm.create_principal("doesnotexist")
 

      st.realm.create_keytab("doesnotexist", "/tmp/doesnotexist.keytab")
 

      # Now try to bind.
 

-     subprocess.call(['/usr/bin/kdestroy', '-A'])
 

+     subprocess.call(['kdestroy', '-A'])
 

      os.environ["KRB5_CLIENT_KTNAME"] = "/tmp/doesnotexist.keytab"
 

  

      conn = ldap.initialize(st.toLDAPURL())

file modified
+1 
@@ -294,6 +294,7 @@ 
 

  Requires: openssl-perl
 

  Requires: iproute
 

  Requires: python%{python3_pkgversion}
 

+ Requires: python%{python3_pkgversion}-distro
 

  Requires: python%{python3_pkgversion}-pytest
 

  Requires: python%{python3_pkgversion}-ldap
 

  Requires: python%{python3_pkgversion}-six

file modified
+2 -2 
@@ -240,8 +240,8 @@ 
 

          Bind this account with gssapi credntials (if available)
 

          """
 

          assert self._instance.realm is not None
 

-         # Kill any local ccache.
 

-         subprocess.call(['/usr/bin/kdestroy', '-A'])
 

+         # Kill any local kerberos ccache.
 

+         subprocess.call(['kdestroy', '-A'])
 

  

          # This uses an in memory once off ccache.
 

          os.environ["KRB5_CLIENT_KTNAME"] = self._keytab

file modified
+27 -12 
@@ -20,6 +20,7 @@ 
 

  import string
 

  import random
 

  import subprocess
 

+ import distro
 

  

  from lib389._constants import *
 

  from socket import getfqdn
 
@@ -33,17 +34,31 @@ 
 

      def __init__(self, realm, warnings=False, debug=False):
 

          self.warnings = warnings
 

          self.realm = realm.upper()
 

-         # For the future if we have a non-os krb install.
 

          self.krb_prefix = ""
 

          sep = os.path.sep
 

-         self.kadmin = os.path.join(sep, self.krb_prefix, "usr/sbin/kadmin.local")
 

-         self.kdb5_util = os.path.join(sep, self.krb_prefix, "usr/sbin/kdb5_util")
 

-         self.krb5kdc = os.path.join(sep, self.krb_prefix, "usr/sbin/krb5kdc")
 

-         self.kdcconf = os.path.join(sep, self.krb_prefix, "var/kerberos/krb5kdc/kdc.conf")
 

-         self.kdcpid = os.path.join(sep, self.krb_prefix, "var/run/krb5kdc.pid")
 

-         self.krb5conf = os.path.join(sep, self.krb_prefix, "etc/krb5.conf")
 

-         self.krb5confrealm = os.path.join(sep, self.krb_prefix, "etc/krb5.conf.d",
 

-                                           self.realm.lower().replace('.', '-'))
 

+         # For the future if we have a non-os krb install.
 

+         if 'suse' in distro.like():
 

+             self.kadmin = os.path.join(sep, self.krb_prefix, "usr/lib/mit/sbin/kadmin.local")
 

+             self.kdb5_util = os.path.join(sep, self.krb_prefix, "usr/lib/mit/sbin/kdb5_util")
 

+             self.krb5kdc = os.path.join(sep, self.krb_prefix, "usr/lib/mit/sbin/krb5kdc")
 

+             self.kdcconf = os.path.join(sep, self.krb_prefix, "var/lib/kerberos/krb5kdc/kdc.conf")
 

+             self.kadm5acl = os.path.join(sep, self.krb_prefix, "var/lib/kerberos/krb5kdc/kadm5.acl")
 

+             self.kadm5keytab = os.path.join(sep, self.krb_prefix, "var/lib/kerberos/krb5kdc/kadm5.keytab")
 

+             self.kdcpid = os.path.join(sep, self.krb_prefix, "var/run/krb5kdc.pid")
 

+             self.krb5conf = os.path.join(sep, self.krb_prefix, "etc/krb5.conf")
 

+             self.krb5confrealm = os.path.join(sep, self.krb_prefix, "etc/krb5.conf.d",
 

+                                               self.realm.lower().replace('.', '-'))
 

+         else:
 

+             self.kadmin = os.path.join(sep, self.krb_prefix, "usr/sbin/kadmin.local")
 

+             self.kdb5_util = os.path.join(sep, self.krb_prefix, "usr/sbin/kdb5_util")
 

+             self.krb5kdc = os.path.join(sep, self.krb_prefix, "usr/sbin/krb5kdc")
 

+             self.kdcconf = os.path.join(sep, self.krb_prefix, "var/kerberos/krb5kdc/kdc.conf")
 

+             self.kadm5acl = os.path.join(sep, self.krb_prefix, "var/kerberos/krb5kdc/kadm5.acl")
 

+             self.kadm5keytab = os.path.join(sep, self.krb_prefix, "var/kerberos/krb5kdc/kadm5.keytab")
 

+             self.kdcpid = os.path.join(sep, self.krb_prefix, "var/run/krb5kdc.pid")
 

+             self.krb5conf = os.path.join(sep, self.krb_prefix, "etc/krb5.conf")
 

+             self.krb5confrealm = os.path.join(sep, self.krb_prefix, "etc/krb5.conf.d",
 

+                                               self.realm.lower().replace('.', '-'))
 

  

          self.krb_master_password = password_generate()
 

  
@@ -133,14 +148,14 @@ 
 

  

  [realms]
 

   {REALM} = {{
 

-   acl_file = {PREFIX}/var/kerberos/krb5kdc/kadm5.acl
 

+   acl_file = {KADM5ACL}
 

    dict_file = /usr/share/dict/words
 

-   admin_keytab = {PREFIX}/var/kerberos/krb5kdc/kadm5.keytab
 

+   admin_keytab = {KADM5KEYTAB}
 

    # Just use strong enctypes
 

    # supported_enctypes = aes256-cts:normal aes128-cts:normal
 

   }}
 

  

- """.format(REALM=self.realm, PREFIX=self.krb_prefix))
 

+ """.format(REALM=self.realm, PREFIX=self.krb_prefix, KADM5ACL=self.kadm5acl, KADM5KEYTAB=self.kadm5keytab))
 

          # Invoke kdb5_util
 

          # Can this use -P
 

          p = Popen([self.kdb5_util, 'create', '-r', self.realm, '-s', '-P',

file modified
+1 
@@ -7,3 +7,4 @@ 
 

  argparse-manpage
 

  python-ldap
 

  setuptools
 

+ distro

file modified
+1 
@@ -83,6 +83,7 @@ 
 

          'argparse-manpage',
 

          'python-ldap',
 

          'setuptools',
 

+         'distro',
 

          ],
 

  

      cmdclass={

Bug Description: suse has different paths for it's krb
tools.

Fix Description: Allow supporting different paths based
on distro detection.

https://pagure.io/389-ds-base/issue/50729

Author: William Brown william@blackhats.net.au

Review by: ???

Please note this adds a requires on "distro" as a python module. It's worth cheking I did this correcctly with requirements.txt

Please also add Requires: python%{python3_pkgversion}-distro to 389-ds-base.spec.in for lib389 and add distro to lib389/setup.py

Thanks @vashirov :) I'll update this now.

rebased onto e7e5d31a53391f558220bb57a79191e86ae23dea
4 years ago

ack

rebased onto 7ccf591
4 years ago

Pull-Request has been merged by firstyear
4 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/3785

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi
3 years ago
Metadata
None
No Tags
Changes Summary 6
+1 -1
file changed
dirsrvtests/tests/suites/gssapi/simple_gssapi_test.py
+1 -0
file changed
rpm/389-ds-base.spec.in
+2 -2
file changed
src/lib389/lib389/idm/account.py
+27 -12
file changed
src/lib389/lib389/mit_krb5.py
+1 -0
file changed
src/lib389/requirements.txt
+1 -0
file changed
src/lib389/setup.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.