From ed1c1626a607a5292c08836d13c32464d1b71859 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Mon, 9 Sep 2019 11:02:29 +0300
Subject: [PATCH] adtrust: avoid using timestamp in klist output
When parsing a keytab to copy keys to a different keytab, we don't need
the timestamp, so don't ask klist to output it. In some locales (en_IN,
for example), the timestamp is output in a single field without a space
between date and time. In other locales it can be represented with date
and time separated by a space.
Fixes: https://pagure.io/freeipa/issue/8066
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
---
ipaserver/install/plugins/adtrust.py | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/ipaserver/install/plugins/adtrust.py b/ipaserver/install/plugins/adtrust.py
index 28932e6c52..3b2e49bc05 100644
--- a/ipaserver/install/plugins/adtrust.py
+++ b/ipaserver/install/plugins/adtrust.py
@@ -721,7 +721,7 @@ def execute(self, **options):
KeyEntry = namedtuple('KeyEntry',
- ['kvno', 'date', 'time', 'principal', 'etype', 'key'])
+ ['kvno', 'principal', 'etype', 'key'])
@register()
@@ -741,7 +741,7 @@ class update_host_cifs_keytabs(Updater):
def extract_key_refs(self, keytab):
host_princ = self.host_princ_template.format(
master=self.api.env.host, realm=self.api.env.realm)
- result = ipautil.run([paths.KLIST, "-etK", "-k", keytab],
+ result = ipautil.run([paths.KLIST, "-eK", "-k", keytab],
capture_output=True, raiseonerr=False,
nolog_output=True)
if result.returncode != 0:
@@ -752,8 +752,8 @@ def extract_key_refs(self, keytab):
if (host_princ in l and any(e in l for e in self.valid_etypes)):
els = l.split()
- els[4] = els[4].strip('()')
- els[5] = els[5].strip('()')
+ els[-2] = els[-2].strip('()')
+ els[-1] = els[-1].strip('()')
keys_to_sync.append(KeyEntry._make(els))
return keys_to_sync