From 776ae1d92d28d2c291f4cd42471eb87441f29fe5 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 19 Feb 2018 16:47:44 -0500
Subject: [PATCH] Port to python-gssapi
As part of this, migrate any urllib2_kerberos code to urllib-gssapi.
---
.travis.yml | 2 +-
Makefile | 2 +-
did.spec | 7 +++++--
did/cli.py | 8 ++++----
did/plugins/jira.py | 4 ++--
did/plugins/rt.py | 18 ++++++++++--------
docs/conf.py | 2 +-
examples/dockerfile | 2 +-
setup.py | 6 +++---
9 files changed, 28 insertions(+), 23 deletions(-)
diff --git a/Makefile b/Makefile
index cd0514b..2c1ac9b 100644
--- a/Makefile
+++ b/Makefile
@@ -79,7 +79,7 @@ clean:
run_docker: build_docker
@echo
@echo "Please note: this is a first cut at doing a container version as a result; known issues:"
- @echo "* kerberos auth may not be working correctly"
+ @echo "* GSSAPI auth may not be working correctly"
@echo "* container runs as privileged to access the conf file"
@echo "* output directory may not be quite right"
@echo
diff --git a/did/cli.py b/did/cli.py
index 623f3e4..8ea5c52 100644
--- a/did/cli.py
+++ b/did/cli.py
@@ -12,7 +12,7 @@ from __future__ import unicode_literals, absolute_import
import re
import sys
import argparse
-import kerberos
+import gssapi
from dateutil.relativedelta import relativedelta as delta
import did.base
@@ -205,7 +205,7 @@ def main(arguments=None):
did.base.Config.path(), did.base.Config.example().strip()))
raise
- except kerberos.GSSError as error:
- log.debug(error)
+ except gssapi.exceptions.GSSError as error:
+ log.debug(error.gen_msg())
raise did.base.ConfigError(
- "Kerberos authentication failed. Try kinit.")
+ "GSSAPI authentication failed. Try kinit.")
diff --git a/did/plugins/jira.py b/did/plugins/jira.py
index 874b21f..9c62a1d 100644
--- a/did/plugins/jira.py
+++ b/did/plugins/jira.py
@@ -39,7 +39,7 @@ import urllib
import urllib2
import cookielib
import dateutil.parser
-import urllib2_kerberos
+import urllib_gssapi
from did.utils import log, pretty, listed
from did.base import Config, ReportError
@@ -254,7 +254,7 @@ class JiraStats(StatsGroup):
urllib2.HTTPSHandler(debuglevel=0),
urllib2.HTTPRedirectHandler,
urllib2.HTTPCookieProcessor(cookie),
- urllib2_kerberos.HTTPKerberosAuthHandler)
+ urllib_gssapi.HTTPSPNEGOAuthHandler)
log.debug("Connecting to {0}".format(self.auth_url))
if self.auth_type == 'basic':
diff --git a/did/plugins/rt.py b/did/plugins/rt.py
index a6f470b..f75f700 100644
--- a/did/plugins/rt.py
+++ b/did/plugins/rt.py
@@ -15,7 +15,9 @@ from __future__ import absolute_import, unicode_literals
import httplib
import urllib
import urlparse
-import kerberos
+import gssapi
+
+from base64 import b64encode, b64decode
from did.utils import log, pretty
from did.base import ReportError, Config
@@ -36,18 +38,18 @@ class RequestTracker(object):
self.url_string = parent.url
def get(self, path):
- """ Perform a GET request with Kerberos authentication """
- # Prepare Kerberos ticket granting ticket """
- _, ctx = kerberos.authGSSClientInit(
- 'HTTP@{0}'.format(self.url.netloc))
- kerberos.authGSSClientStep(ctx, "")
- tgt = kerberos.authGSSClientResponse(ctx)
+ """ Perform a GET request with GSSAPI authentication """
+ # Generate token
+ service_name = gssapi.Name('HTTP@{0}'.format(self.url.netloc),
+ gssapi.NameType.hostbased_service)
+ ctx = gssapi.SecurityContext(usage="initiate", name=service_name)
+ data = b64encode(ctx.step()).decode()
# Make the connection
connection = httplib.HTTPSConnection(self.url.netloc, 443)
log.debug("GET {0}".format(path))
connection.putrequest("GET", path)
- connection.putheader("Authorization", "Negotiate {0}".format(tgt))
+ connection.putheader("Authorization", "Negotiate {0}".format(data))
connection.putheader("Referer", self.url_string)
connection.endheaders()
diff --git a/examples/dockerfile b/examples/dockerfile
index e289169..92a2f6e 100644
--- a/examples/dockerfile
+++ b/examples/dockerfile
@@ -1,7 +1,7 @@
FROM fedora
MAINTAINER langdon <langdon@fedoraproject.org>
RUN yum clean all && yum -y update
-RUN yum -y install python python-pip make gcc krb5-devel python-devel python-setuptools python-kerberos python-nitrate python-dateutil python-urllib2_kerberos
+RUN yum -y install python python-pip make gcc krb5-devel python-devel python-setuptools python-gssapi python-nitrate python-dateutil python-urllib-gssapi
RUN yum clean all
COPY . /opt/did
--
2.16.1