rpms / did

Clone
Source Code
GIT

Files

  1.   083b8bc67df28f2b09433f323705256c15f8e2c6
  2.   Port-to-python-gssapi.patch
Blob Blame History Raw 
From 776ae1d92d28d2c291f4cd42471eb87441f29fe5 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 19 Feb 2018 16:47:44 -0500
Subject: [PATCH] Port to python-gssapi

As part of this, migrate any urllib2_kerberos code to urllib-gssapi.
---
 .travis.yml         |  2 +-
 Makefile            |  2 +-
 did.spec            |  7 +++++--
 did/cli.py          |  8 ++++----
 did/plugins/jira.py |  4 ++--
 did/plugins/rt.py   | 18 ++++++++++--------
 docs/conf.py        |  2 +-
 examples/dockerfile |  2 +-
 setup.py            |  6 +++---
 9 files changed, 28 insertions(+), 23 deletions(-)

diff --git a/Makefile b/Makefile
index cd0514b..2c1ac9b 100644
--- a/Makefile
+++ b/Makefile
@@ -79,7 +79,7 @@ clean:
 run_docker: build_docker
 	@echo
 	@echo "Please note: this is a first cut at doing a container version as a result; known issues:"
-	@echo "* kerberos auth may not be working correctly"
+	@echo "* GSSAPI auth may not be working correctly"
 	@echo "* container runs as privileged to access the conf file"
 	@echo "* output directory may not be quite right"
 	@echo
diff --git a/did/cli.py b/did/cli.py
index 623f3e4..8ea5c52 100644
--- a/did/cli.py
+++ b/did/cli.py
@@ -12,7 +12,7 @@ from __future__ import unicode_literals, absolute_import
 import re
 import sys
 import argparse
-import kerberos
+import gssapi
 from dateutil.relativedelta import relativedelta as delta
 
 import did.base
@@ -205,7 +205,7 @@ def main(arguments=None):
             did.base.Config.path(), did.base.Config.example().strip()))
         raise
 
-    except kerberos.GSSError as error:
-        log.debug(error)
+    except gssapi.exceptions.GSSError as error:
+        log.debug(error.gen_msg())
         raise did.base.ConfigError(
-            "Kerberos authentication failed. Try kinit.")
+            "GSSAPI authentication failed. Try kinit.")
diff --git a/did/plugins/jira.py b/did/plugins/jira.py
index 874b21f..9c62a1d 100644
--- a/did/plugins/jira.py
+++ b/did/plugins/jira.py
@@ -39,7 +39,7 @@ import urllib
 import urllib2
 import cookielib
 import dateutil.parser
-import urllib2_kerberos
+import urllib_gssapi
 
 from did.utils import log, pretty, listed
 from did.base import Config, ReportError
@@ -254,7 +254,7 @@ class JiraStats(StatsGroup):
                 urllib2.HTTPSHandler(debuglevel=0),
                 urllib2.HTTPRedirectHandler,
                 urllib2.HTTPCookieProcessor(cookie),
-                urllib2_kerberos.HTTPKerberosAuthHandler)
+                urllib_gssapi.HTTPSPNEGOAuthHandler)
 
             log.debug("Connecting to {0}".format(self.auth_url))
             if self.auth_type == 'basic':
diff --git a/did/plugins/rt.py b/did/plugins/rt.py
index a6f470b..f75f700 100644
--- a/did/plugins/rt.py
+++ b/did/plugins/rt.py
@@ -15,7 +15,9 @@ from __future__ import absolute_import, unicode_literals
 import httplib
 import urllib
 import urlparse
-import kerberos
+import gssapi
+
+from base64 import b64encode, b64decode
 
 from did.utils import log, pretty
 from did.base import ReportError, Config
@@ -36,18 +38,18 @@ class RequestTracker(object):
         self.url_string = parent.url
 
     def get(self, path):
-        """ Perform a GET request with Kerberos authentication """
-        # Prepare Kerberos ticket granting ticket """
-        _, ctx = kerberos.authGSSClientInit(
-            'HTTP@{0}'.format(self.url.netloc))
-        kerberos.authGSSClientStep(ctx, "")
-        tgt = kerberos.authGSSClientResponse(ctx)
+        """ Perform a GET request with GSSAPI authentication """
+        # Generate token
+        service_name = gssapi.Name('HTTP@{0}'.format(self.url.netloc),
+                                   gssapi.NameType.hostbased_service)
+        ctx = gssapi.SecurityContext(usage="initiate", name=service_name)
+        data = b64encode(ctx.step()).decode()
 
         # Make the connection
         connection = httplib.HTTPSConnection(self.url.netloc, 443)
         log.debug("GET {0}".format(path))
         connection.putrequest("GET", path)
-        connection.putheader("Authorization", "Negotiate {0}".format(tgt))
+        connection.putheader("Authorization", "Negotiate {0}".format(data))
         connection.putheader("Referer", self.url_string)
         connection.endheaders()
 
diff --git a/examples/dockerfile b/examples/dockerfile
index e289169..92a2f6e 100644
--- a/examples/dockerfile
+++ b/examples/dockerfile
@@ -1,7 +1,7 @@
 FROM fedora
 MAINTAINER langdon <langdon@fedoraproject.org>
 RUN yum clean all && yum -y update
-RUN yum -y install python python-pip make gcc krb5-devel python-devel python-setuptools python-kerberos python-nitrate python-dateutil python-urllib2_kerberos
+RUN yum -y install python python-pip make gcc krb5-devel python-devel python-setuptools python-gssapi python-nitrate python-dateutil python-urllib-gssapi
 RUN yum clean all
 
 COPY . /opt/did
-- 
2.16.1
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.