[Freeipa-devel] [PATCH] 800 rpc-client: add forms based auth support
Milan Kubik
mkubik at redhat.com
Wed May 6 14:25:47 UTC 2015
On 02/19/2015 03:51 PM, Petr Vobornik wrote:
> This patch is a prerequisite for patch 801 which will follow. It was
> developed to enable to use ipalib RPC client in Web UI tests. Plus it
> will enable to significantly speed up Web UI tests suite (if
> preparation of data is transformed to use this method).
>
> Partly related https://fedorahosted.org/freeipa/ticket/4772 and
> https://fedorahosted.org/freeipa/ticket/4307
>
>
> Leverage session support to enable forms-based authenticate in rpc
> client.
>
> In order to do that session support in KerbTransport was moved to new
> SessionTransport. RPCClient.create_connection is then modified to
> force forms-based auth if new optional options - user and password are
> specified. For this case SessionTransport is used and user is
> authenticated by calling
> 'https://ipa.server/ipa/session/login_password'. Session cookie is
> stored and used in subsequent calls.
>
> This feature is usable for use cases where one wants to call the API
> without being on ipa client. Non-being on ipa client also means that
> IPA's NSS database and configuration is not available. Therefore one
> has to define "~/.ipa/default.conf" in a similar way as ipa client
> does and prepare a NSS database with IPA CA cert.
>
> Usage:
>
> api.Backend.rpcclient.connect(
> nss_dir=my_nss_dir_path,
> user=user,
> password=password
> )
>
> It's possible to switch users with:
>
> api.Backend.rpcclient.disconnect()
>
> api.Backend.rpcclient.connect(
> nss_dir=my_nss_dir_path,
> user=other_user,
> password=other_password
> )
>
> Or check connection with:
>
> api.Backend.rpcclient.isconnected()
>
> Example: download a CA cert and add it to a new temporary NSS database:
> from urllib2 import urlparse
> from ipaplatform.paths import paths
> from ipapython import certdb, ipautil
> from ipapython.ipautil import run
> from ipalib import x509
>
> # create new NSSDatabase
> tmp_db = certdb.NSSDatabase()
> pwd_file = ipautil.write_tmp_file(ipautil.ipa_generate_password())
> tmp_db.create_db(pwd_file.name)
>
> # download and add cert
> url = urlparse.urlunparse(('http', ipautil.format_netloc(ipa_server),
> '/ipa/config/ca.crt', '', '', ''))
> stdout, stderr, rc = run([paths.BIN_WGET, "-O", "-", url])
> certs = x509.load_certificate_list(stdout, tmp_db.secdir)
> ca_certs = [cert.der_data for cert in certs]
> for i, cert in enumerate(ca_certs):
> tmp_db.add_cert(cert, 'CA certificate %d' % (i + 1), 'C,,')
>
> my_nss_dir_path = tmp_db.secdir
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Hi,
thanks for the patch. Please, fix the pep8 complaints.
Can someone else look at the code as well, please?
Thanks,
Milan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150506/52933969/attachment.htm>
More information about the Freeipa-devel
mailing list