diff options
author | Petr Viktorin <pviktori@redhat.com> | 2013-01-29 12:01:36 -0500 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-03-01 16:59:46 +0100 |
commit | 1ee66ffe03a0616c65215bc751a7ef6e674780ef (patch) | |
tree | 8f9dc76aff6ef848dcc89b3a04b10d8dcdfb7ea2 | |
parent | f9f6cd6e3a907f3bb205f5121727f4f94acfeaef (diff) | |
download | freeipa-1ee66ffe03a0616c65215bc751a7ef6e674780ef.tar.gz freeipa-1ee66ffe03a0616c65215bc751a7ef6e674780ef.tar.xz freeipa-1ee66ffe03a0616c65215bc751a7ef6e674780ef.zip |
Remove IPAdmin.sasl_interactive_bind_s
Also, rename remaining uses of SASL_AUTH to SASL_GSSAPI to better
reflect what it is.
Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
-rw-r--r-- | ipaserver/dcerpc.py | 5 | ||||
-rw-r--r-- | ipaserver/ipaldap.py | 10 | ||||
-rw-r--r-- | ipaserver/plugins/ldap2.py | 4 |
3 files changed, 6 insertions, 13 deletions
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 140e26f7..a0c6e691 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -441,15 +441,12 @@ class DomainValidator(object): if auth: (ccache_name, principal) = self.__kinit_as_trusted_account(info, auth) if ccache_name: - cb_info = dict() - # pass empty dict, SASL GSSAPI is able to get all from the ccache - sasl_auth = _ldap.sasl.sasl(cb_info,'GSSAPI') old_ccache = os.environ.get('KRB5CCNAME') os.environ["KRB5CCNAME"] = ccache_name # OPT_X_SASL_NOCANON is used to avoid hard requirement for PTR # records pointing back to the same host name conn.set_option(_ldap.OPT_X_SASL_NOCANON, _ldap.OPT_ON) - conn.sasl_interactive_bind_s(None, sasl_auth) + conn.do_sasl_gssapi_bind() if basedn is None: # Use domain root base DN basedn = DN(*map(lambda p: ('dc', p), info['dns_domain'].split('.'))) diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index 5fed6f3a..7010ee5e 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -41,7 +41,7 @@ from ipapython.ipa_log_manager import log_mgr from ipapython.dn import DN, RDN # Global variable to define SASL auth -SASL_AUTH = ldap.sasl.sasl({}, 'GSSAPI') +SASL_GSSAPI = ldap.sasl.sasl({}, 'GSSAPI') DEFAULT_TIMEOUT = 10 DN_SYNTAX_OID = '1.3.6.1.4.1.1466.115.121.1.12' @@ -1617,12 +1617,12 @@ class IPAdmin(LDAPClient): def do_sasl_gssapi_bind(self, timeout=DEFAULT_TIMEOUT): self.__bind_with_wait( - self.sasl_interactive_bind_s, timeout, None, SASL_AUTH) + self.conn.sasl_interactive_bind_s, timeout, None, SASL_GSSAPI) def do_external_bind(self, user_name=None, timeout=DEFAULT_TIMEOUT): auth_tokens = ldap.sasl.external(user_name) self.__bind_with_wait( - self.sasl_interactive_bind_s, timeout, None, auth_tokens) + self.conn.sasl_interactive_bind_s, timeout, None, auth_tokens) def updateEntry(self,dn,oldentry,newentry): # FIXME: for backwards compatibility only @@ -1712,10 +1712,6 @@ class IPAdmin(LDAPClient): # FIXME: for backwards compatibility only return self.conn.set_option(*args, **kwargs) - def sasl_interactive_bind_s(self, *args, **kwargs): - # FIXME: for backwards compatibility only - return self.conn.sasl_interactive_bind_s(*args, **kwargs) - def encode(self, *args, **kwargs): # FIXME: for backwards compatibility only return self.conn.encode(*args, **kwargs) diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index c095dc62..619e9a07 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -36,7 +36,7 @@ import krbV import ldap as _ldap from ipapython.dn import DN -from ipaserver.ipaldap import SASL_AUTH, IPASimpleLDAPObject, LDAPClient +from ipaserver.ipaldap import SASL_GSSAPI, IPASimpleLDAPObject, LDAPClient try: @@ -156,7 +156,7 @@ class ldap2(LDAPClient, CrudBackend): context=krbV.default_context()).principal().name os.environ['KRB5CCNAME'] = ccache - conn.sasl_interactive_bind_s(None, SASL_AUTH) + conn.sasl_interactive_bind_s(None, SASL_GSSAPI) setattr(context, 'principal', principal) else: # no kerberos ccache, use simple bind or external sasl |