def save_principals(self, keytab):
if not keytab:
return False
keytab_file = self.cleaned_data.get("keytab_file")
regex = re.compile(
'^(\d+)\s+([\w-]+(\s+\(\d+\))?)\s+([^\s]+)\s+([\d+\-]+)(\s+)?$'
)
tmpfile = tempfile.mktemp(dir="/tmp")
with open(tmpfile, 'w') as f:
decoded = base64.b64decode(keytab_file)
f.write(decoded)
f.close()
(res, out, err) = run("/usr/sbin/ktutil -vk '%s' list" % tmpfile)
if res != 0:
log.debug("save_principals(): %s", err)
os.unlink(tmpfile)
return False
os.unlink(tmpfile)
ret = False
out = out.splitlines()
if not out:
return False
for line in out:
line = line.strip()
if not line:
continue
m = regex.match(line)
if m:
try:
kp = models.KerberosPrincipal()
kp.principal_keytab = keytab
kp.principal_version = int(m.group(1))
kp.principal_encryption = m.group(2)
kp.principal_name = m.group(4)
kp.principal_timestamp = m.group(5)
kp.save()
ret = True
except Exception as e:
log.debug("save_principals(): %s", e)
ret = False
return ret
def save_principals(self, keytab):
if not keytab:
return False
keytab_file = self.cleaned_data.get("keytab_file")
regex = re.compile(
'^(\d+)\s+([\w-]+(\s+\(\d+\))?)\s+([^\s]+)\s+([\d+\-]+)(\s+)?$'
)
tmpfile = tempfile.mktemp(dir="/tmp")
with open(tmpfile, 'w') as f:
decoded = base64.b64decode(keytab_file)
f.write(decoded)
f.close()
(res, out, err) = run("/usr/sbin/ktutil -vk '%s' list" % tmpfile)
if res != 0:
log.debug("save_principals(): %s", err)
os.unlink(tmpfile)
return False
os.unlink(tmpfile)
ret = False
out = out.splitlines()
if not out:
return False
for line in out:
line = line.strip()
if not line:
continue
m = regex.match(line)
if m:
try:
kp = models.KerberosPrincipal()
kp.principal_keytab = keytab
kp.principal_version = int(m.group(1))
kp.principal_encryption = m.group(2)
kp.principal_name = m.group(4)
kp.principal_timestamp = m.group(5)
kp.save()
ret = True
except Exception as e:
log.debug("save_principals(): %s", e)
ret = False
return ret
def get_kerberos_ticket(self):
res = False
kinit = False
if self.keytab_principal:
krb_principal = self.get_kerberos_principal_from_cache()
if (krb_principal and krb_principal.upper()
== self.keytab_principal.upper()):
return True
args = [
"/usr/bin/kinit", "--renewable", "-k", "-t", self.keytab_file,
self.keytab_principal
]
(returncode, stdout, stderr) = run(' '.join(args),
timeout=self.timeout)
if returncode == 0:
kinit = True
res = True
elif self.krb_realm and self.binddn and self.bindpw:
user = self.get_user_by_DN(self.binddn)
try:
uid = user[1]['uid'][0].decode('utf-8')
except Exception:
uid = user[1]['uid'][0]
try:
bindpw = self.bindpw.encode('utf-8')
except Exception:
bindpw = self.bindpw
krb_principal = self.get_kerberos_principal_from_cache()
principal = "%s@%s" % (uid, self.krb_realm)
if krb_principal and krb_principal.upper() == principal.upper():
return True
(fd, fname) = tempfile.mkstemp(dir="/tmp", text=True)
os.write(fd, bindpw)
os.fchmod(fd, 0o777)
os.close(fd)
args = [
"/usr/bin/kinit", "--renewable",
"--password-file=%s" % fname,
"%s" % principal
]
(returncode, stdout, stderr) = run(' '.join(args),
timeout=self.timeout)
if returncode == 0:
kinit = True
res = True
os.unlink(fname)
if kinit:
i = 0
while i < self.timeout:
if self.kerberos_cache_has_ticket():
res = True
break
time.sleep(1)
i += 1
return res
