ipapython 4.9.12__py2.py3-none-any.whl → 4.12.2__py2.py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- ipapython/certdb.py +19 -11
- ipapython/config.py +1 -1
- ipapython/cookie.py +1 -1
- ipapython/directivesetter.py +4 -1
- ipapython/ipaldap.py +31 -8
- ipapython/ipautil.py +42 -29
- ipapython/session_storage.py +19 -19
- ipapython/version.py +23 -4
- {ipapython-4.9.12.dist-info → ipapython-4.12.2.dist-info}/METADATA +7 -7
- {ipapython-4.9.12.dist-info → ipapython-4.12.2.dist-info}/RECORD +13 -13
- {ipapython-4.9.12.dist-info → ipapython-4.12.2.dist-info}/WHEEL +1 -1
- {ipapython-4.9.12.dist-info → ipapython-4.12.2.dist-info}/COPYING +0 -0
- {ipapython-4.9.12.dist-info → ipapython-4.12.2.dist-info}/top_level.txt +0 -0
ipapython/certdb.py
CHANGED
|
@@ -256,7 +256,7 @@ class NSSDatabase:
|
|
|
256
256
|
# BaseCertDB is a class that knows nothing about IPA.
|
|
257
257
|
# Generic NSS DB code should be moved here.
|
|
258
258
|
|
|
259
|
-
def __init__(self, nssdir=None, dbtype='auto'):
|
|
259
|
+
def __init__(self, nssdir=None, dbtype='auto', token=None, pwd_file=None):
|
|
260
260
|
if nssdir is not None:
|
|
261
261
|
self.secdir = nssdir
|
|
262
262
|
self._is_temporary = False
|
|
@@ -273,9 +273,13 @@ class NSSDatabase:
|
|
|
273
273
|
self.secdir = tempfile.mkdtemp()
|
|
274
274
|
self._is_temporary = True
|
|
275
275
|
|
|
276
|
-
|
|
276
|
+
if pwd_file is None:
|
|
277
|
+
self.pwd_file = os.path.join(self.secdir, 'pwdfile.txt')
|
|
278
|
+
else:
|
|
279
|
+
self.pwd_file = pwd_file
|
|
277
280
|
self.dbtype = None
|
|
278
281
|
self.certdb = self.keydb = self.secmod = None
|
|
282
|
+
self.token = token
|
|
279
283
|
# files in actual db
|
|
280
284
|
self.filenames = ()
|
|
281
285
|
# all files that are handled by create_db(backup=True)
|
|
@@ -340,6 +344,8 @@ class NSSDatabase:
|
|
|
340
344
|
"-d", '{}:{}'.format(self.dbtype, self.secdir)
|
|
341
345
|
]
|
|
342
346
|
new_args.extend(args)
|
|
347
|
+
if self.token:
|
|
348
|
+
new_args.extend(["-h", self.token])
|
|
343
349
|
new_args.extend(['-f', self.pwd_file])
|
|
344
350
|
# When certutil makes a request it creates a file in the cwd, make
|
|
345
351
|
# sure we are in a unique place when this happens.
|
|
@@ -505,7 +511,8 @@ class NSSDatabase:
|
|
|
505
511
|
|
|
506
512
|
:return: List of (name, trust_flags) tuples
|
|
507
513
|
"""
|
|
508
|
-
|
|
514
|
+
args = ["-L"]
|
|
515
|
+
result = self.run_certutil(args, capture_output=True)
|
|
509
516
|
certs = result.output.splitlines()
|
|
510
517
|
|
|
511
518
|
# FIXME, this relies on NSS never changing the formatting of certutil
|
|
@@ -937,20 +944,21 @@ class NSSDatabase:
|
|
|
937
944
|
def _verify_cert_validity(self, cert):
|
|
938
945
|
"""Common checks for cert validity
|
|
939
946
|
"""
|
|
940
|
-
utcnow = datetime.datetime.
|
|
941
|
-
if cert.
|
|
947
|
+
utcnow = datetime.datetime.now(tz=datetime.timezone.utc)
|
|
948
|
+
if cert.not_valid_before_utc > utcnow:
|
|
942
949
|
raise ValueError(
|
|
943
|
-
f"not valid before {cert.
|
|
944
|
-
"future."
|
|
950
|
+
f"not valid before {cert.not_valid_before_utc} UTC is in "
|
|
951
|
+
"the future."
|
|
945
952
|
)
|
|
946
|
-
if cert.
|
|
953
|
+
if cert.not_valid_after_utc < utcnow:
|
|
947
954
|
raise ValueError(
|
|
948
|
-
f"has expired {cert.
|
|
955
|
+
f"has expired {cert.not_valid_after_utc} UTC"
|
|
949
956
|
)
|
|
950
957
|
# make sure the cert does not expire during installation
|
|
951
|
-
if cert.
|
|
958
|
+
if cert.not_valid_after_utc + datetime.timedelta(hours=1) < utcnow:
|
|
952
959
|
raise ValueError(
|
|
953
|
-
f"expires in less than one hour ({cert.
|
|
960
|
+
f"expires in less than one hour ({cert.not_valid_after_utc} "
|
|
961
|
+
"UTC)"
|
|
954
962
|
)
|
|
955
963
|
|
|
956
964
|
def verify_server_cert_validity(self, nickname, hostname):
|
ipapython/config.py
CHANGED
|
@@ -23,7 +23,7 @@ from optparse import (
|
|
|
23
23
|
Option, Values, OptionParser, IndentedHelpFormatter, OptionValueError)
|
|
24
24
|
# pylint: enable=deprecated-module
|
|
25
25
|
from copy import copy
|
|
26
|
-
from configparser import SafeConfigParser
|
|
26
|
+
from configparser import ConfigParser as SafeConfigParser
|
|
27
27
|
from urllib.parse import urlsplit
|
|
28
28
|
import functools
|
|
29
29
|
|
ipapython/cookie.py
CHANGED
|
@@ -652,7 +652,7 @@ class Cookie:
|
|
|
652
652
|
|
|
653
653
|
cookie_expiration = self.get_expiration()
|
|
654
654
|
if cookie_expiration is not None:
|
|
655
|
-
now = datetime.datetime.
|
|
655
|
+
now = datetime.datetime.now(tz=datetime.timezone.utc)
|
|
656
656
|
if cookie_expiration < now:
|
|
657
657
|
raise Cookie.Expired("cookie named '%s'; expired at %s'" % \
|
|
658
658
|
(cookie_name,
|
ipapython/directivesetter.py
CHANGED
|
@@ -182,6 +182,9 @@ def get_directive(filename, directive, separator=' '):
|
|
|
182
182
|
if separator == ' ':
|
|
183
183
|
separator = '[ \t]+'
|
|
184
184
|
|
|
185
|
+
if directive is None:
|
|
186
|
+
return None
|
|
187
|
+
|
|
185
188
|
result = None
|
|
186
189
|
with open(filename, "r") as fd:
|
|
187
190
|
for line in fd:
|
|
@@ -193,7 +196,7 @@ def get_directive(filename, directive, separator=' '):
|
|
|
193
196
|
if match:
|
|
194
197
|
value = match.group(1)
|
|
195
198
|
else:
|
|
196
|
-
|
|
199
|
+
continue
|
|
197
200
|
|
|
198
201
|
result = unquote_directive_value(value.strip(), '"')
|
|
199
202
|
result = result.strip(' ')
|
ipapython/ipaldap.py
CHANGED
|
@@ -23,7 +23,7 @@ import binascii
|
|
|
23
23
|
import errno
|
|
24
24
|
import logging
|
|
25
25
|
import time
|
|
26
|
-
import datetime
|
|
26
|
+
from datetime import datetime
|
|
27
27
|
from decimal import Decimal
|
|
28
28
|
from copy import deepcopy
|
|
29
29
|
import contextlib
|
|
@@ -689,11 +689,12 @@ class LDAPClient:
|
|
|
689
689
|
'1.3.6.1.4.1.1466.115.121.1.10' : bytes, # Certificate Pair
|
|
690
690
|
'1.3.6.1.4.1.1466.115.121.1.12' : DN, # Distinguished Name
|
|
691
691
|
'1.3.6.1.4.1.1466.115.121.1.23' : bytes, # Fax
|
|
692
|
-
'1.3.6.1.4.1.1466.115.121.1.24' : datetime
|
|
692
|
+
'1.3.6.1.4.1.1466.115.121.1.24' : datetime, # GeneralizedTime
|
|
693
693
|
'1.3.6.1.4.1.1466.115.121.1.28' : bytes, # JPEG
|
|
694
694
|
'1.3.6.1.4.1.1466.115.121.1.40' : bytes, # OctetString (same as Binary)
|
|
695
695
|
'1.3.6.1.4.1.1466.115.121.1.49' : bytes, # Supported Algorithm
|
|
696
696
|
'1.3.6.1.4.1.1466.115.121.1.51' : bytes, # Teletext Terminal Identifier
|
|
697
|
+
'1.3.6.1.4.1.5322.21.2.5' : datetime, # krbLastAdminUnlock
|
|
697
698
|
|
|
698
699
|
'2.16.840.1.113730.3.8.3.3' : DN, # enrolledBy
|
|
699
700
|
'2.16.840.1.113730.3.8.3.18' : DN, # managedBy
|
|
@@ -706,16 +707,23 @@ class LDAPClient:
|
|
|
706
707
|
'2.16.840.1.113730.3.8.7.1' : DN, # memberAllowCmd
|
|
707
708
|
'2.16.840.1.113730.3.8.7.2' : DN, # memberDenyCmd
|
|
708
709
|
|
|
710
|
+
'2.16.840.1.113719.1.301.4.6.1' : datetime, # krbPrincipalExpiration
|
|
709
711
|
'2.16.840.1.113719.1.301.4.14.1' : DN, # krbRealmReferences
|
|
710
712
|
'2.16.840.1.113719.1.301.4.17.1' : DN, # krbKdcServers
|
|
711
713
|
'2.16.840.1.113719.1.301.4.18.1' : DN, # krbPwdServers
|
|
712
714
|
'2.16.840.1.113719.1.301.4.26.1' : DN, # krbPrincipalReferences
|
|
713
715
|
'2.16.840.1.113719.1.301.4.29.1' : DN, # krbAdmServers
|
|
714
716
|
'2.16.840.1.113719.1.301.4.36.1' : DN, # krbPwdPolicyReference
|
|
717
|
+
'2.16.840.1.113719.1.301.4.37.1' : datetime, # krbPasswordExpiration
|
|
715
718
|
'2.16.840.1.113719.1.301.4.40.1' : DN, # krbTicketPolicyReference
|
|
716
719
|
'2.16.840.1.113719.1.301.4.41.1' : DN, # krbSubTrees
|
|
720
|
+
'2.16.840.1.113719.1.301.4.45.1' : datetime, # krbLastPwdChange
|
|
721
|
+
'2.16.840.1.113719.1.301.4.48.1' : datetime, # krbLastSuccessfulAuth
|
|
722
|
+
'2.16.840.1.113719.1.301.4.49.1' : datetime, # krbLastFailedAuth
|
|
717
723
|
'2.16.840.1.113719.1.301.4.52.1' : DN, # krbObjectReferences
|
|
718
724
|
'2.16.840.1.113719.1.301.4.53.1' : DN, # krbPrincContainerRef
|
|
725
|
+
'2.16.840.1.113730.3.8.16.1.3' : datetime, # ipatokenNotBefore
|
|
726
|
+
'2.16.840.1.113730.3.8.16.1.4' : datetime, # ipatokenNotAfter
|
|
719
727
|
}
|
|
720
728
|
|
|
721
729
|
# In most cases we lookup the syntax from the schema returned by
|
|
@@ -758,6 +766,8 @@ class LDAPClient:
|
|
|
758
766
|
'nsslapd-enable-upgrade-hash': True,
|
|
759
767
|
'nsslapd-db-locks': True,
|
|
760
768
|
'nsslapd-logging-hr-timestamps-enabled': True,
|
|
769
|
+
'nsslapd-ldapientrysearchbase': True,
|
|
770
|
+
'nsslapd-ldapidnmappingbase': True,
|
|
761
771
|
'nsslapd-sizelimit': True,
|
|
762
772
|
})
|
|
763
773
|
|
|
@@ -988,7 +998,7 @@ class LDAPClient:
|
|
|
988
998
|
# key in dict must be str not bytes
|
|
989
999
|
dct = dict((k, self.encode(v)) for k, v in val.items())
|
|
990
1000
|
return dct
|
|
991
|
-
elif isinstance(val, datetime
|
|
1001
|
+
elif isinstance(val, datetime):
|
|
992
1002
|
return val.strftime(LDAP_GENERALIZED_TIME_FORMAT).encode('utf-8')
|
|
993
1003
|
elif isinstance(val, crypto_x509.Certificate):
|
|
994
1004
|
return val.public_bytes(x509.Encoding.DER)
|
|
@@ -1010,8 +1020,8 @@ class LDAPClient:
|
|
|
1010
1020
|
return val.decode('utf-8')
|
|
1011
1021
|
elif target_type is bool:
|
|
1012
1022
|
return val.decode('utf-8') == 'TRUE'
|
|
1013
|
-
elif target_type is datetime
|
|
1014
|
-
return datetime.
|
|
1023
|
+
elif target_type is datetime:
|
|
1024
|
+
return datetime.strptime(
|
|
1015
1025
|
val.decode('utf-8'), LDAP_GENERALIZED_TIME_FORMAT)
|
|
1016
1026
|
elif target_type is DNSName:
|
|
1017
1027
|
return DNSName.from_text(val.decode('utf-8'))
|
|
@@ -1080,6 +1090,7 @@ class LDAPClient:
|
|
|
1080
1090
|
def error_handler(self, arg_desc=None):
|
|
1081
1091
|
"""Context manager that handles LDAPErrors
|
|
1082
1092
|
"""
|
|
1093
|
+
desc = None
|
|
1083
1094
|
try:
|
|
1084
1095
|
try:
|
|
1085
1096
|
yield
|
|
@@ -1174,14 +1185,23 @@ class LDAPClient:
|
|
|
1174
1185
|
"""schema associated with this LDAP server"""
|
|
1175
1186
|
return self._get_schema()
|
|
1176
1187
|
|
|
1177
|
-
def get_allowed_attributes(self, objectclasses, raise_on_unknown=False
|
|
1188
|
+
def get_allowed_attributes(self, objectclasses, raise_on_unknown=False,
|
|
1189
|
+
attributes="all"):
|
|
1178
1190
|
if self.schema is None:
|
|
1179
1191
|
return None
|
|
1180
1192
|
allowed_attributes = []
|
|
1181
1193
|
for oc in objectclasses:
|
|
1182
1194
|
obj = self.schema.get_obj(ldap.schema.ObjectClass, oc)
|
|
1183
1195
|
if obj is not None:
|
|
1184
|
-
|
|
1196
|
+
if attributes == "must":
|
|
1197
|
+
# Only return required(must) attrs
|
|
1198
|
+
allowed_attributes += obj.must
|
|
1199
|
+
elif attributes == "may":
|
|
1200
|
+
# Only return allowed(may) attrs
|
|
1201
|
+
allowed_attributes += obj.may
|
|
1202
|
+
else:
|
|
1203
|
+
# Return both allowed & required attrs
|
|
1204
|
+
allowed_attributes += obj.must + obj.may
|
|
1185
1205
|
elif raise_on_unknown:
|
|
1186
1206
|
raise errors.NotFound(
|
|
1187
1207
|
reason=_('objectclass %s not found') % oc)
|
|
@@ -1190,7 +1210,6 @@ class LDAPClient:
|
|
|
1190
1210
|
def __enter__(self):
|
|
1191
1211
|
return self
|
|
1192
1212
|
|
|
1193
|
-
|
|
1194
1213
|
def __exit__(self, exc_type, exc_value, traceback):
|
|
1195
1214
|
self.close()
|
|
1196
1215
|
|
|
@@ -1369,6 +1388,10 @@ class LDAPClient:
|
|
|
1369
1388
|
# value[-2:0] is empty string for the initial '\\'
|
|
1370
1389
|
value = u'\\'.join(
|
|
1371
1390
|
value[i:i+2] for i in six.moves.range(-2, len(value), 2))
|
|
1391
|
+
elif isinstance(value, datetime):
|
|
1392
|
+
value = value.strftime(
|
|
1393
|
+
LDAP_GENERALIZED_TIME_FORMAT)
|
|
1394
|
+
value = ldap.filter.escape_filter_chars(value)
|
|
1372
1395
|
else:
|
|
1373
1396
|
value = str(value)
|
|
1374
1397
|
value = ldap.filter.escape_filter_chars(value)
|
ipapython/ipautil.py
CHANGED
|
@@ -48,9 +48,9 @@ import six
|
|
|
48
48
|
from six.moves import input
|
|
49
49
|
|
|
50
50
|
try:
|
|
51
|
-
import
|
|
51
|
+
import ifaddr
|
|
52
52
|
except ImportError:
|
|
53
|
-
|
|
53
|
+
ifaddr = None
|
|
54
54
|
|
|
55
55
|
from ipapython.dn import DN
|
|
56
56
|
from ipaplatform.paths import paths
|
|
@@ -203,42 +203,37 @@ class CheckedIPAddress(UnsafeIPAddress):
|
|
|
203
203
|
:return: InterfaceDetails named tuple or None if no interface has
|
|
204
204
|
this address
|
|
205
205
|
"""
|
|
206
|
-
if
|
|
207
|
-
raise ImportError("
|
|
206
|
+
if ifaddr is None:
|
|
207
|
+
raise ImportError("ifaddr")
|
|
208
208
|
logger.debug("Searching for an interface of IP address: %s", self)
|
|
209
|
+
|
|
209
210
|
if self.version == 4:
|
|
210
|
-
|
|
211
|
+
family_ips = (
|
|
212
|
+
(ip.ip, ip.network_prefix, ip.nice_name)
|
|
213
|
+
for ips in [a.ips for a in ifaddr.get_adapters()]
|
|
214
|
+
for ip in ips if not isinstance(ip.ip, tuple)
|
|
215
|
+
)
|
|
211
216
|
elif self.version == 6:
|
|
212
|
-
|
|
217
|
+
family_ips = (
|
|
218
|
+
(ip.ip[0], ip.network_prefix, ip.nice_name)
|
|
219
|
+
for ips in [a.ips for a in ifaddr.get_adapters()]
|
|
220
|
+
for ip in ips if isinstance(ip.ip, tuple)
|
|
221
|
+
)
|
|
213
222
|
else:
|
|
214
223
|
raise ValueError(
|
|
215
224
|
"Unsupported address family ({})".format(self.version)
|
|
216
225
|
)
|
|
217
226
|
|
|
218
|
-
for
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
# newer versions of netifaces provide IPv6 netmask in format
|
|
226
|
-
# 'ffff:ffff:ffff:ffff::/64'. We have to split and use prefix
|
|
227
|
-
# or the netmask with older versions
|
|
228
|
-
ifmask = ifdata['netmask'].split(u'/')[-1]
|
|
229
|
-
|
|
230
|
-
ifaddrmask = '{addr}/{netmask}'.format(
|
|
231
|
-
addr=ifaddr,
|
|
232
|
-
netmask=ifmask
|
|
233
|
-
)
|
|
234
|
-
logger.debug(
|
|
235
|
-
"Testing local IP address: %s (interface: %s)",
|
|
236
|
-
ifaddrmask, interface)
|
|
227
|
+
for ip, prefix, ifname in family_ips:
|
|
228
|
+
ifaddrmask = "{ip}/{prefix}".format(ip=ip, prefix=prefix)
|
|
229
|
+
logger.debug(
|
|
230
|
+
"Testing local IP address: %s (interface: %s)",
|
|
231
|
+
ifaddrmask, ifname)
|
|
232
|
+
ifnet = netaddr.IPNetwork(ifaddrmask)
|
|
237
233
|
|
|
238
|
-
|
|
234
|
+
if ifnet.ip == self:
|
|
235
|
+
return InterfaceDetails(ifname, ifnet)
|
|
239
236
|
|
|
240
|
-
if ifnet.ip == self:
|
|
241
|
-
return InterfaceDetails(interface, ifnet)
|
|
242
237
|
return None
|
|
243
238
|
|
|
244
239
|
def set_ip_net(self, ifnet):
|
|
@@ -692,9 +687,11 @@ class CIDict(dict):
|
|
|
692
687
|
self.update(dict(new))
|
|
693
688
|
else:
|
|
694
689
|
for key in keys():
|
|
690
|
+
# pylint: disable=unnecessary-dunder-call
|
|
695
691
|
self.__setitem__(key, new[key], seen)
|
|
696
692
|
seen = set()
|
|
697
693
|
for key, value in kwargs.items():
|
|
694
|
+
# pylint: disable=unnecessary-dunder-call
|
|
698
695
|
self.__setitem__(key, value, seen)
|
|
699
696
|
|
|
700
697
|
def __contains__(self, key):
|
|
@@ -1661,9 +1658,16 @@ def remove_ccache(ccache_path=None, run_as=None):
|
|
|
1661
1658
|
"Failed to clear Kerberos credentials cache: %s", e)
|
|
1662
1659
|
|
|
1663
1660
|
|
|
1664
|
-
def remove_file(filename):
|
|
1661
|
+
def remove_file(filename, only_if_empty=False):
|
|
1665
1662
|
"""Remove a file and log any exceptions raised.
|
|
1663
|
+
|
|
1664
|
+
:only_if_empty: only remove the file if empty. Default False.
|
|
1666
1665
|
"""
|
|
1666
|
+
if only_if_empty and os.path.exists(filename):
|
|
1667
|
+
file_stat = os.stat(filename)
|
|
1668
|
+
if file_stat.st_size > 0:
|
|
1669
|
+
logger.debug('%s is not empty.', filename)
|
|
1670
|
+
return
|
|
1667
1671
|
try:
|
|
1668
1672
|
os.unlink(filename)
|
|
1669
1673
|
except Exception as e:
|
|
@@ -1672,6 +1676,15 @@ def remove_file(filename):
|
|
|
1672
1676
|
logger.error('Error removing %s: %s', filename, str(e))
|
|
1673
1677
|
|
|
1674
1678
|
|
|
1679
|
+
def remove_directory(dir):
|
|
1680
|
+
"""Remove an empty directory."""
|
|
1681
|
+
try:
|
|
1682
|
+
os.rmdir(dir)
|
|
1683
|
+
except OSError as e:
|
|
1684
|
+
if e.errno not in {errno.ENOENT, errno.ENOTEMPTY}:
|
|
1685
|
+
logger.error("Failed to remove directory %s", dir)
|
|
1686
|
+
|
|
1687
|
+
|
|
1675
1688
|
def rmtree(path):
|
|
1676
1689
|
"""
|
|
1677
1690
|
Remove a directory structure and log any exceptions raised.
|
ipapython/session_storage.py
CHANGED
|
@@ -111,7 +111,7 @@ class KRB5Error(Exception):
|
|
|
111
111
|
|
|
112
112
|
|
|
113
113
|
def krb5_errcheck(result, func, arguments):
|
|
114
|
-
"""Error checker for
|
|
114
|
+
"""Error checker for krb5_error_code return value"""
|
|
115
115
|
if result != 0:
|
|
116
116
|
raise KRB5Error(result, func.__name__, arguments)
|
|
117
117
|
|
|
@@ -119,14 +119,13 @@ def krb5_errcheck(result, func, arguments):
|
|
|
119
119
|
krb5_context = ctypes.POINTER(_krb5_context)
|
|
120
120
|
krb5_ccache = ctypes.POINTER(_krb5_ccache)
|
|
121
121
|
krb5_data_p = ctypes.POINTER(_krb5_data)
|
|
122
|
-
krb5_error = ctypes.c_int32
|
|
123
122
|
krb5_creds = _krb5_creds
|
|
124
123
|
krb5_pointer = ctypes.c_void_p
|
|
125
124
|
krb5_cc_cursor = krb5_pointer
|
|
126
125
|
|
|
127
126
|
krb5_init_context = LIBKRB5.krb5_init_context
|
|
128
127
|
krb5_init_context.argtypes = (ctypes.POINTER(krb5_context), )
|
|
129
|
-
krb5_init_context.restype =
|
|
128
|
+
krb5_init_context.restype = krb5_error_code
|
|
130
129
|
krb5_init_context.errcheck = krb5_errcheck
|
|
131
130
|
|
|
132
131
|
krb5_free_context = LIBKRB5.krb5_free_context
|
|
@@ -143,30 +142,30 @@ krb5_free_data_contents.restype = None
|
|
|
143
142
|
|
|
144
143
|
krb5_cc_default = LIBKRB5.krb5_cc_default
|
|
145
144
|
krb5_cc_default.argtypes = (krb5_context, ctypes.POINTER(krb5_ccache), )
|
|
146
|
-
krb5_cc_default.restype =
|
|
145
|
+
krb5_cc_default.restype = krb5_error_code
|
|
147
146
|
krb5_cc_default.errcheck = krb5_errcheck
|
|
148
147
|
|
|
149
148
|
krb5_cc_close = LIBKRB5.krb5_cc_close
|
|
150
149
|
krb5_cc_close.argtypes = (krb5_context, krb5_ccache, )
|
|
151
|
-
krb5_cc_close.restype =
|
|
150
|
+
krb5_cc_close.restype = krb5_error_code
|
|
152
151
|
krb5_cc_close.errcheck = krb5_errcheck
|
|
153
152
|
|
|
154
153
|
krb5_parse_name = LIBKRB5.krb5_parse_name
|
|
155
154
|
krb5_parse_name.argtypes = (krb5_context, ctypes.c_char_p,
|
|
156
155
|
ctypes.POINTER(krb5_principal), )
|
|
157
|
-
krb5_parse_name.restype =
|
|
156
|
+
krb5_parse_name.restype = krb5_error_code
|
|
158
157
|
krb5_parse_name.errcheck = krb5_errcheck
|
|
159
158
|
|
|
160
159
|
krb5_cc_set_config = LIBKRB5.krb5_cc_set_config
|
|
161
160
|
krb5_cc_set_config.argtypes = (krb5_context, krb5_ccache, krb5_principal,
|
|
162
161
|
ctypes.c_char_p, krb5_data_p, )
|
|
163
|
-
krb5_cc_set_config.restype =
|
|
162
|
+
krb5_cc_set_config.restype = krb5_error_code
|
|
164
163
|
krb5_cc_set_config.errcheck = krb5_errcheck
|
|
165
164
|
|
|
166
165
|
krb5_cc_get_principal = LIBKRB5.krb5_cc_get_principal
|
|
167
166
|
krb5_cc_get_principal.argtypes = (krb5_context, krb5_ccache,
|
|
168
167
|
ctypes.POINTER(krb5_principal), )
|
|
169
|
-
krb5_cc_get_principal.restype =
|
|
168
|
+
krb5_cc_get_principal.restype = krb5_error_code
|
|
170
169
|
krb5_cc_get_principal.errcheck = krb5_errcheck
|
|
171
170
|
|
|
172
171
|
# krb5_build_principal is a variadic function but that can't be expressed
|
|
@@ -177,32 +176,31 @@ krb5_build_principal.argtypes = (krb5_context, ctypes.POINTER(krb5_principal),
|
|
|
177
176
|
ctypes.c_uint, ctypes.c_char_p,
|
|
178
177
|
ctypes.c_char_p, ctypes.c_char_p,
|
|
179
178
|
ctypes.c_char_p, ctypes.c_char_p, )
|
|
180
|
-
krb5_build_principal.restype =
|
|
179
|
+
krb5_build_principal.restype = krb5_error_code
|
|
181
180
|
krb5_build_principal.errcheck = krb5_errcheck
|
|
182
181
|
|
|
183
182
|
krb5_cc_start_seq_get = LIBKRB5.krb5_cc_start_seq_get
|
|
184
183
|
krb5_cc_start_seq_get.argtypes = (krb5_context, krb5_ccache,
|
|
185
184
|
ctypes.POINTER(krb5_cc_cursor), )
|
|
186
|
-
krb5_cc_start_seq_get.restype =
|
|
185
|
+
krb5_cc_start_seq_get.restype = krb5_error_code
|
|
187
186
|
krb5_cc_start_seq_get.errcheck = krb5_errcheck
|
|
188
187
|
|
|
189
188
|
krb5_cc_next_cred = LIBKRB5.krb5_cc_next_cred
|
|
190
189
|
krb5_cc_next_cred.argtypes = (krb5_context, krb5_ccache,
|
|
191
190
|
ctypes.POINTER(krb5_cc_cursor),
|
|
192
191
|
ctypes.POINTER(krb5_creds), )
|
|
193
|
-
krb5_cc_next_cred.restype =
|
|
192
|
+
krb5_cc_next_cred.restype = krb5_error_code
|
|
194
193
|
krb5_cc_next_cred.errcheck = krb5_errcheck
|
|
195
194
|
|
|
196
195
|
krb5_cc_end_seq_get = LIBKRB5.krb5_cc_end_seq_get
|
|
197
196
|
krb5_cc_end_seq_get.argtypes = (krb5_context, krb5_ccache,
|
|
198
197
|
ctypes.POINTER(krb5_cc_cursor), )
|
|
199
|
-
krb5_cc_end_seq_get.restype =
|
|
198
|
+
krb5_cc_end_seq_get.restype = krb5_error_code
|
|
200
199
|
krb5_cc_end_seq_get.errcheck = krb5_errcheck
|
|
201
200
|
|
|
202
201
|
krb5_free_cred_contents = LIBKRB5.krb5_free_cred_contents
|
|
203
202
|
krb5_free_cred_contents.argtypes = (krb5_context, ctypes.POINTER(krb5_creds))
|
|
204
|
-
krb5_free_cred_contents.restype =
|
|
205
|
-
krb5_free_cred_contents.errcheck = krb5_errcheck
|
|
203
|
+
krb5_free_cred_contents.restype = None
|
|
206
204
|
|
|
207
205
|
krb5_principal_compare = LIBKRB5.krb5_principal_compare
|
|
208
206
|
krb5_principal_compare.argtypes = (krb5_context, krb5_principal,
|
|
@@ -212,7 +210,7 @@ krb5_principal_compare.restype = krb5_boolean
|
|
|
212
210
|
krb5_unparse_name = LIBKRB5.krb5_unparse_name
|
|
213
211
|
krb5_unparse_name.argtypes = (krb5_context, krb5_principal,
|
|
214
212
|
ctypes.POINTER(ctypes.c_char_p), )
|
|
215
|
-
krb5_unparse_name.restype =
|
|
213
|
+
krb5_unparse_name.restype = krb5_error_code
|
|
216
214
|
krb5_unparse_name.errcheck = krb5_errcheck
|
|
217
215
|
|
|
218
216
|
krb5_free_unparsed_name = LIBKRB5.krb5_free_unparsed_name
|
|
@@ -314,8 +312,12 @@ def get_data(princ_name, key):
|
|
|
314
312
|
checkcreds = krb5_creds()
|
|
315
313
|
# the next function will throw an error and break out of the
|
|
316
314
|
# while loop when we try to access past the last cred
|
|
317
|
-
|
|
318
|
-
|
|
315
|
+
try:
|
|
316
|
+
krb5_cc_next_cred(context, ccache, ctypes.byref(cursor),
|
|
317
|
+
ctypes.byref(checkcreds))
|
|
318
|
+
except KRB5Error:
|
|
319
|
+
break
|
|
320
|
+
|
|
319
321
|
if (krb5_principal_compare(context, principal,
|
|
320
322
|
checkcreds.client) == 1 and
|
|
321
323
|
krb5_principal_compare(context, srv_princ,
|
|
@@ -330,8 +332,6 @@ def get_data(princ_name, key):
|
|
|
330
332
|
else:
|
|
331
333
|
krb5_free_cred_contents(context,
|
|
332
334
|
ctypes.byref(checkcreds))
|
|
333
|
-
except KRB5Error:
|
|
334
|
-
pass
|
|
335
335
|
finally:
|
|
336
336
|
krb5_cc_end_seq_get(context, ccache, ctypes.byref(cursor))
|
|
337
337
|
|
ipapython/version.py
CHANGED
|
@@ -17,11 +17,13 @@
|
|
|
17
17
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
18
18
|
#
|
|
19
19
|
|
|
20
|
+
from pkg_resources import parse_version
|
|
21
|
+
|
|
20
22
|
# The full version including strings
|
|
21
|
-
VERSION = "4.
|
|
23
|
+
VERSION = "4.12.2"
|
|
22
24
|
|
|
23
25
|
# A fuller version including the vendor tag (e.g. 3.3.3-34.fc20)
|
|
24
|
-
VENDOR_VERSION = "4.
|
|
26
|
+
VENDOR_VERSION = "4.12.2"
|
|
25
27
|
|
|
26
28
|
|
|
27
29
|
# Just the numeric portion of the version so one can do direct numeric
|
|
@@ -41,11 +43,11 @@ VENDOR_VERSION = "4.9.12"
|
|
|
41
43
|
# IPA 3.2.1: NUM_VERSION=30201
|
|
42
44
|
# IPA 3.2.99: NUM_VERSION=30299 (development version)
|
|
43
45
|
# IPA 3.3.0: NUM_VERSION=30300
|
|
44
|
-
NUM_VERSION =
|
|
46
|
+
NUM_VERSION = 41202
|
|
45
47
|
|
|
46
48
|
|
|
47
49
|
# The version of the API.
|
|
48
|
-
API_VERSION = "2.
|
|
50
|
+
API_VERSION = "2.254"
|
|
49
51
|
|
|
50
52
|
|
|
51
53
|
DEFAULT_PLUGINS = frozenset(l.strip() for l in """
|
|
@@ -288,17 +290,21 @@ hbactest/1
|
|
|
288
290
|
host/1
|
|
289
291
|
host_add/1
|
|
290
292
|
host_add_cert/1
|
|
293
|
+
host_add_delegation/1
|
|
291
294
|
host_add_managedby/1
|
|
292
295
|
host_add_principal/1
|
|
296
|
+
host_allow_add_delegation/1
|
|
293
297
|
host_allow_create_keytab/1
|
|
294
298
|
host_allow_retrieve_keytab/1
|
|
295
299
|
host_del/1
|
|
296
300
|
host_disable/1
|
|
301
|
+
host_disallow_add_delegation/1
|
|
297
302
|
host_disallow_create_keytab/1
|
|
298
303
|
host_disallow_retrieve_keytab/1
|
|
299
304
|
host_find/1
|
|
300
305
|
host_mod/1
|
|
301
306
|
host_remove_cert/1
|
|
307
|
+
host_remove_delegation/1
|
|
302
308
|
host_remove_managedby/1
|
|
303
309
|
host_remove_principal/1
|
|
304
310
|
host_show/1
|
|
@@ -387,6 +393,9 @@ output_show/1
|
|
|
387
393
|
param/1
|
|
388
394
|
param_find/1
|
|
389
395
|
param_show/1
|
|
396
|
+
passkeyconfig/1
|
|
397
|
+
passkeyconfig_mod/1
|
|
398
|
+
passkeyconfig_show/1
|
|
390
399
|
passwd/1
|
|
391
400
|
permission/1
|
|
392
401
|
permission_add/1
|
|
@@ -468,18 +477,22 @@ server_state/1
|
|
|
468
477
|
service/1
|
|
469
478
|
service_add/1
|
|
470
479
|
service_add_cert/1
|
|
480
|
+
service_add_delegation/1
|
|
471
481
|
service_add_host/1
|
|
472
482
|
service_add_principal/1
|
|
473
483
|
service_add_smb/1
|
|
484
|
+
service_allow_add_delegation/1
|
|
474
485
|
service_allow_create_keytab/1
|
|
475
486
|
service_allow_retrieve_keytab/1
|
|
476
487
|
service_del/1
|
|
477
488
|
service_disable/1
|
|
489
|
+
service_disallow_add_delegation/1
|
|
478
490
|
service_disallow_create_keytab/1
|
|
479
491
|
service_disallow_retrieve_keytab/1
|
|
480
492
|
service_find/1
|
|
481
493
|
service_mod/1
|
|
482
494
|
service_remove_cert/1
|
|
495
|
+
service_remove_delegation/1
|
|
483
496
|
service_remove_host/1
|
|
484
497
|
service_remove_principal/1
|
|
485
498
|
service_show/1
|
|
@@ -508,6 +521,7 @@ stageuser_add/1
|
|
|
508
521
|
stageuser_add_cert/1
|
|
509
522
|
stageuser_add_certmapdata/1
|
|
510
523
|
stageuser_add_manager/1
|
|
524
|
+
stageuser_add_passkey/1
|
|
511
525
|
stageuser_add_principal/1
|
|
512
526
|
stageuser_del/1
|
|
513
527
|
stageuser_find/1
|
|
@@ -515,6 +529,7 @@ stageuser_mod/1
|
|
|
515
529
|
stageuser_remove_cert/1
|
|
516
530
|
stageuser_remove_certmapdata/1
|
|
517
531
|
stageuser_remove_manager/1
|
|
532
|
+
stageuser_remove_passkey/1
|
|
518
533
|
stageuser_remove_principal/1
|
|
519
534
|
stageuser_show/1
|
|
520
535
|
subid/1
|
|
@@ -603,6 +618,7 @@ user_add/1
|
|
|
603
618
|
user_add_cert/1
|
|
604
619
|
user_add_certmapdata/1
|
|
605
620
|
user_add_manager/1
|
|
621
|
+
user_add_passkey/1
|
|
606
622
|
user_add_principal/1
|
|
607
623
|
user_del/1
|
|
608
624
|
user_disable/1
|
|
@@ -612,6 +628,7 @@ user_mod/1
|
|
|
612
628
|
user_remove_cert/1
|
|
613
629
|
user_remove_certmapdata/1
|
|
614
630
|
user_remove_manager/1
|
|
631
|
+
user_remove_passkey/1
|
|
615
632
|
user_remove_principal/1
|
|
616
633
|
user_show/1
|
|
617
634
|
user_stage/1
|
|
@@ -640,3 +657,5 @@ vaultcontainer_remove_owner/1
|
|
|
640
657
|
vaultcontainer_show/1
|
|
641
658
|
whoami/1
|
|
642
659
|
""".strip().splitlines())
|
|
660
|
+
|
|
661
|
+
KRB5_BUILD_VERSION = parse_version("1.21.3")
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: ipapython
|
|
3
|
-
Version: 4.
|
|
3
|
+
Version: 4.12.2
|
|
4
4
|
Summary: FreeIPA python support library
|
|
5
5
|
Home-page: https://www.freeipa.org/
|
|
6
6
|
Download-URL: https://www.freeipa.org/page/Downloads
|
|
@@ -27,15 +27,15 @@ Classifier: Topic :: System :: Systems Administration :: Authentication/Director
|
|
|
27
27
|
Requires-Python: >=3.6.0
|
|
28
28
|
License-File: ../COPYING
|
|
29
29
|
Requires-Dist: cffi
|
|
30
|
-
Requires-Dist: cryptography
|
|
31
|
-
Requires-Dist: dnspython
|
|
32
|
-
Requires-Dist: gssapi
|
|
33
|
-
Requires-Dist: ipaplatform
|
|
30
|
+
Requires-Dist: cryptography >=1.6
|
|
31
|
+
Requires-Dist: dnspython >=1.15
|
|
32
|
+
Requires-Dist: gssapi >=1.2.0
|
|
33
|
+
Requires-Dist: ipaplatform ==4.12.2
|
|
34
34
|
Requires-Dist: netaddr
|
|
35
35
|
Requires-Dist: six
|
|
36
|
+
Provides-Extra: ifaddr
|
|
37
|
+
Requires-Dist: ifaddr ; extra == 'ifaddr'
|
|
36
38
|
Provides-Extra: ldap
|
|
37
39
|
Requires-Dist: python-ldap ; extra == 'ldap'
|
|
38
|
-
Provides-Extra: netifaces
|
|
39
|
-
Requires-Dist: netifaces ; extra == 'netifaces'
|
|
40
40
|
|
|
41
41
|
FreeIPA python support library
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
ipapython/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
2
|
ipapython/admintool.py,sha256=0TG9COpf9AQd1RLcQ-uttksESd0Kb4Dk-9sS-aGCXd0,12258
|
|
3
|
-
ipapython/certdb.py,sha256=
|
|
4
|
-
ipapython/config.py,sha256=
|
|
5
|
-
ipapython/cookie.py,sha256
|
|
6
|
-
ipapython/directivesetter.py,sha256=
|
|
3
|
+
ipapython/certdb.py,sha256=1G6cIXTmoNQo_k4YGXeVeIbwbEmrqMq1xcvi-_7dP04,38021
|
|
4
|
+
ipapython/config.py,sha256=3pjybgxq42rrUmvzm4gLdboi-TmbEB5PgQ_wD9iyn-I,9406
|
|
5
|
+
ipapython/cookie.py,sha256=-X_UojEtLPw6vx1XxBEGX17i3aLyCylFPXDQWMBN0V4,24920
|
|
6
|
+
ipapython/directivesetter.py,sha256=O1t8BtQ_sUt5ac7BQffHmLwIQczU3al-WN0Z2hXNEdg,7673
|
|
7
7
|
ipapython/dn.py,sha256=zTMMW-8XpudF_6QjeU84leH2tM3vPD7Xar6jBeCjAAc,49450
|
|
8
8
|
ipapython/dn_ctypes.py,sha256=ZJ5Q8ZhA8HnM5Xu4j-K62Q33amZfcTcPQY6i2rpu8CI,3905
|
|
9
9
|
ipapython/dnsutil.py,sha256=nxvtyaYuARFSj9Vj5GPL1HNaN2-DISf4y1zs-Bn5L3I,22125
|
|
@@ -13,17 +13,17 @@ ipapython/fqdn.py,sha256=P6OoSODkn6hQLSN3sMpLz1U7uwzpGb97l5DaI6-azCc,1220
|
|
|
13
13
|
ipapython/graph.py,sha256=tgf5gZtKSlQNKDA9vX5HlQMn57zjibtDONRx8nqwUCQ,2490
|
|
14
14
|
ipapython/ipa_log_manager.py,sha256=GNZV1HuTRrYSsNdgyw2oZVjZOESJpH91Jb9rsvhzj0E,3881
|
|
15
15
|
ipapython/ipachangeconf.py,sha256=JT5QKYgvpbVrLAR49so6XtpLoxsNDt7FEvqjmP7xcdM,20086
|
|
16
|
-
ipapython/ipaldap.py,sha256=
|
|
17
|
-
ipapython/ipautil.py,sha256=
|
|
16
|
+
ipapython/ipaldap.py,sha256=n3g9rI2x76OsgGwk0NuORaUpF5J6mMTOa9fOHOCANIo,73826
|
|
17
|
+
ipapython/ipautil.py,sha256=g-evdsEQYsVG6TVyc8rlAdZ3Uzm6lU_6yj3_oykRIUY,60574
|
|
18
18
|
ipapython/ipavalidate.py,sha256=EqKFgw4Bz3lTuT7hjRRH7_YkoGRIG1GQ-TB4oOHLKVs,3633
|
|
19
19
|
ipapython/kerberos.py,sha256=5JJ_4dqJAgVhY0Gi7OHDLM3-vG6owRFm-NVQsZKVcgg,6300
|
|
20
20
|
ipapython/kernel_keyring.py,sha256=vInQCwrH-Njknfh3U5nUkeqFdHG4ZRIUK8h0-ODu_nU,4903
|
|
21
21
|
ipapython/nsslib.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
22
|
-
ipapython/session_storage.py,sha256=
|
|
22
|
+
ipapython/session_storage.py,sha256=t7eMnPx6OAHTCajSEsMfDKFySvvllFIDwsG1HuxzYPg,13247
|
|
23
23
|
ipapython/ssh.py,sha256=aEGqBooQi4osOi5rJfdAcUZs-9V-oNJf0pci5ZchKIE,6713
|
|
24
|
-
ipapython/version.py,sha256=
|
|
25
|
-
ipapython-4.
|
|
26
|
-
ipapython-4.
|
|
27
|
-
ipapython-4.
|
|
28
|
-
ipapython-4.
|
|
29
|
-
ipapython-4.
|
|
24
|
+
ipapython/version.py,sha256=fXXQrlA-Uhafij8EQl3tCvx1mNhVVzjsw867yS1bzKA,12942
|
|
25
|
+
ipapython-4.12.2.dist-info/COPYING,sha256=jOtLnuWt7d5Hsx6XXB2QxzrSe2sWWh3NgMfFRetluQM,35147
|
|
26
|
+
ipapython-4.12.2.dist-info/METADATA,sha256=yy12Nahc5ZmB3zKGCtE8PrA2dwh2EMSQGmNrLCE7kDI,1513
|
|
27
|
+
ipapython-4.12.2.dist-info/WHEEL,sha256=iYlv5fX357PQyRT2o6tw1bN-YcKFFHKqB_LwHO5wP-g,110
|
|
28
|
+
ipapython-4.12.2.dist-info/top_level.txt,sha256=ND3uLjnGYtcHS21Gj-Lk9jrodr1Vzxz9ebTopaAS9WI,10
|
|
29
|
+
ipapython-4.12.2.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|