def test_bad_create_args(self):
# We need a non-namespaced client for this test
client = self._get_nonchroot_client()
try:
client.connect()
self.assertRaises(ValueError, client.create, "1/2", "val1")
finally:
client.stop()
def request_tickets_from(host, port, appname, tkt_spool_dir, expected=None):
"""Request tickets from given locker endpoint."""
service = 'host@%s' % host
_LOGGER.info('connecting: %s:%s, %s', host, port, service)
client = gssapiprotocol.GSSAPILineClient(host, int(port), service)
if expected is None:
expected = set()
try:
if client.connect():
_LOGGER.debug('connected to: %s:%s, %s', host, port, service)
client.write(appname.encode())
_LOGGER.debug('sent: %r', appname)
while True:
line = client.read()
if not line:
_LOGGER.debug('Got empty response.')
break
princ, encoded = line.split(b':', 1)
princ = princ.decode()
ticket_data = base64.standard_b64decode(encoded)
if ticket_data:
_LOGGER.info('got ticket %s:%s', princ,
hashlib.sha1(encoded).hexdigest())
tkt = Ticket(princ, ticket_data)
if store_ticket(tkt, tkt_spool_dir):
expected.discard(princ)
else:
_LOGGER.info('got ticket %s:None', princ)
else:
_LOGGER.warning('Cannot connect to %s:%s, %s', host, port, service)
finally:
client.disconnect()
def request_tickets(zkclient, appname, tkt_spool_dir, principals):
"""Request tickets from the locker for the given app.
"""
# Too many nested blocks.
#
# pylint: disable=R0101
lockers = zkutils.with_retry(zkclient.get_children, z.TICKET_LOCKER)
random.shuffle(lockers)
expected = set(principals)
for locker in lockers:
if not expected:
_LOGGER.info('Done: all tickets retrieved.')
return
host, port = locker.split(':')
service = 'host@%s' % host
_LOGGER.info('connecting: %s:%s, %s', host, port, service)
client = gssapiprotocol.GSSAPILineClient(host, int(port), service)
try:
if client.connect():
_LOGGER.debug('connected to: %s:%s, %s', host, port, service)
client.write(appname.encode())
_LOGGER.debug('sent: %r', appname)
while True:
line = client.read()
if not line:
_LOGGER.debug('Got empty response.')
break
princ, encoded = line.split(b':', 1)
princ = princ.decode()
ticket_data = base64.standard_b64decode(encoded)
if ticket_data:
_LOGGER.info('got ticket %s:%s', princ,
hashlib.sha1(encoded).hexdigest())
store_ticket(Ticket(princ, ticket_data), tkt_spool_dir)
expected.discard(princ)
else:
_LOGGER.info('got ticket %s:None', princ)
else:
_LOGGER.warning('Cannot connect to %s:%s, %s', host, port,
service)
finally:
client.disconnect()
def request_tickets(zkclient, appname):
"""Request tickets from the locker for the given app.
"""
# Too many nested blocks.
#
# pylint: disable=R0101
lockers = zkutils.with_retry(zkclient.get_children, z.TICKET_LOCKER)
random.shuffle(lockers)
tickets = []
for locker in lockers:
host, port = locker.split(':')
service = 'host@%s' % host
_LOGGER.info('connecting: %s:%s, %s', host, port, service)
client = gssapiprotocol.GSSAPILineClient(host, int(port), service)
try:
if client.connect():
_LOGGER.debug('connected to: %s:%s, %s', host, port, service)
client.write(appname)
_LOGGER.debug('sent: %s', appname)
while True:
line = client.read()
if not line:
_LOGGER.debug('Got empty response.')
break
princ, encoded = line.split(':')
if encoded:
_LOGGER.info(
'got ticket %s:%s', princ,
hashlib.sha1(encoded.encode()).hexdigest())
ticket = Ticket(princ,
base64.urlsafe_b64decode(encoded))
tickets.append(ticket)
else:
_LOGGER.info('got ticket %s:None', princ)
tickets.append(Ticket(princ, None))
break
else:
_LOGGER.warn('Cannot connect to %s:%s, %s', host, port,
service)
except Exception:
_LOGGER.exception('Exception processing tickets.')
raise
finally:
client.disconnect()
return tickets
def forward(host, port, tktfile=None):
"""Forward tickets to the ticket acceptor."""
service = 'host@%s' % host
_LOGGER.debug('connecting: %s:%s, %s', host, port, service)
if tktfile is None:
krb5ccname = os.environ.get('KRB5CCNAME',
'FILE:/tmp/krb5cc_{}'.format(os.getuid()))
if krb5ccname.startswith('KEYRING'):
raise Exception('Keyring is not supported yet.')
if krb5ccname.startswith('FILE:'):
tktfile = krb5ccname[len('FILE:'):]
else:
tktfile = krb5ccname
_LOGGER.debug('Using KRB5CCNAME: %s', tktfile)
with io.open(tktfile, 'rb') as f:
tkt = f.read()
_LOGGER.debug('Ticket checksum: %s', hashlib.sha1(tkt).hexdigest())
# encoded = base64.urlsafe_b64encode(tkt)
client = gssapiprotocol.GSSAPILineClient(host, int(port), service)
try:
if client.connect():
client.write(tkt)
line = client.read()
_LOGGER.debug('Got reply: %s', line.decode())
except Exception as err: # pylint: disable=broad-except
_LOGGER.warning('Failed to forward tickets: %s:%s, %s', host, port,
err)
return False
finally:
client.disconnect()
return True