Imported Debian patch 4.0.5-6~numeezy

2016-02-17 15:07:45 +01:00
parent c44de33144
commit 10dfc9587b
1203 changed files with 53869 additions and 241462 deletions
--- a/ipaserver/install/ipa_otptoken_import.py
+++ b/ipaserver/install/ipa_otptoken_import.py
@@ -30,17 +30,11 @@ from lxml import etree
 import dateutil.parser
 import dateutil.tz
 import nss.nss as nss
-import gssapi
-import six
-from six.moves import xrange
+import krbV

 from ipapython import admintool
 from ipalib import api, errors
-from ipaserver.plugins.ldap2 import ldap2, AUTOBIND_DISABLED
-
-if six.PY3:
-    unicode = str
-    long = int
+from ipaserver.plugins.ldap2 import ldap2


 class ValidationError(Exception):
@@ -48,12 +42,12 @@ class ValidationError(Exception):


 def fetchAll(element, xpath, conv=lambda x: x):
-    return [conv(e) for e in element.xpath(xpath, namespaces={
+    return map(conv, element.xpath(xpath, namespaces={
        "pskc": "urn:ietf:params:xml:ns:keyprov:pskc",
        "xenc11": "http://www.w3.org/2009/xmlenc11#",
        "xenc": "http://www.w3.org/2001/04/xmlenc#",
        "ds": "http://www.w3.org/2000/09/xmldsig#",
-    })]
+    }))


 def fetch(element, xpath, conv=lambda x: x, default=None):
@@ -66,7 +60,6 @@ def convertDate(value):

    dt = dateutil.parser.parse(value)

-    # pylint: disable=E1101
    if dt.tzinfo is None:
        dt = datetime.datetime(*dt.timetuple()[0:6],
                               tzinfo=dateutil.tz.tzlocal())
@@ -152,8 +145,10 @@ def convertEncrypted(value, decryptor=None, pconv=base64.b64decode, econv=lambda
    return None


-class XMLKeyDerivation(six.with_metaclass(abc.ABCMeta, object)):
+class XMLKeyDerivation(object):
    "Interface for XML Encryption 1.1 key derivation."
+    __metaclass__ = abc.ABCMeta
+
    @abc.abstractmethod
    def __init__(self, enckey):
        "Sets up key derivation parameters from the parent XML entity."
@@ -194,7 +189,7 @@ class PBKDF2KeyDerivation(XMLKeyDerivation):

        # Loop through each block adding it to the derived key.
        dk = []
-        for i in range(1, blocks + 1):
+        for i in xrange(1, blocks + 1):
            # Set initial values.
            last = self.salt + struct.pack('>I', i)
            hash = [0] * mac.digest_size
@@ -206,7 +201,7 @@ class PBKDF2KeyDerivation(XMLKeyDerivation):
                last = tmp.digest()

                # XOR the previous hash with the new hash.
-                for k in range(mac.digest_size):
+                for k in xrange(mac.digest_size):
                    hash[k] ^= ord(last[k])

            # Add block to derived key.
@@ -246,9 +241,9 @@ class XMLDecryptor(object):
        # Decrypt the data.
        slot = nss.get_best_slot(mech)
        key = nss.import_sym_key(slot, mech, nss.PK11_OriginUnwrap, nss.CKA_ENCRYPT, self.__key)
-        iv = nss.param_from_iv(mech, nss.SecItem(data[0:ivlen//8]))
+        iv = nss.param_from_iv(mech, nss.SecItem(data[0:ivlen/8]))
        ctx = nss.create_context_by_sym_key(mech, nss.CKA_DECRYPT, key, iv)
-        out = ctx.cipher_op(data[ivlen // 8:])
+        out = ctx.cipher_op(data[ivlen / 8:])
        out += ctx.digest_final()
        return out

@@ -407,7 +402,7 @@ class PSKCKeyPackage(object):

    def __dates(self, out, data, key, reducer):
        dates = (data.get(key + '.sw', None), data.get(key + '.hw', None))
-        dates = [x for x in dates if x is not None]
+        dates = filter(lambda x: x is not None, dates)
        if dates:
            out['ipatoken' + key] = unicode(reducer(dates).strftime("%Y%m%d%H%M%SZ"))

@@ -500,36 +495,36 @@ class OTPTokenImport(admintool.AdminTool):

        # Verify a key is provided if one is needed.
        if self.doc.keyname is not None:
-            if self.safe_options.keyfile is None:  # pylint: disable=no-member
+            if self.safe_options.keyfile is None:
                raise admintool.ScriptError("Encryption key required: %s!" % self.doc.keyname)

            # Load the keyfile.
-            keyfile = self.safe_options.keyfile  # pylint: disable=no-member
-            with open(keyfile) as f:
+            with open(self.safe_options.keyfile) as f:
                self.doc.setKey(f.read())

    def run(self):
        api.bootstrap(in_server=True)
        api.finalize()

+        conn = ldap2()
        try:
-            api.Backend.ldap2.connect(ccache=os.environ.get('KRB5CCNAME'),
-                                      autobind=AUTOBIND_DISABLED)
-        except (gssapi.exceptions.GSSError, errors.ACIError):
+            ccache = krbV.default_context().default_ccache()
+            conn.connect(ccache=ccache)
+        except (krbV.Krb5Error, errors.ACIError):
            raise admintool.ScriptError("Unable to connect to LDAP! Did you kinit?")

        try:
            # Parse tokens
            for keypkg in self.doc.getKeyPackages():
                try:
-                    api.Command.otptoken_add(keypkg.id, no_qrcode=True, **keypkg.options)
+                    api.Command.otptoken_add(keypkg.id, **keypkg.options)
                except Exception as e:
                    self.log.warn("Error adding token: %s", e)
                else:
                    self.log.info("Added token: %s", keypkg.id)
                    keypkg.remove()
        finally:
-            api.Backend.ldap2.disconnect()
+            conn.disconnect()

        # Write out the XML file without the tokens that succeeded.
        self.doc.save(self.output)