ipaldap: merge external_bind into LDAPClient

* Rename do_external_bind to external_bind * Remove user_name argument in external_bind() and always set it to effective user name https://fedorahosted.org/freeipa/ticket/6461 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Tomas Krizek <tkrizek@redhat.com> 2016-10-06 08:45:43 +0200
committer: Martin Basti <mbasti@redhat.com> 2016-11-07 11:34:03 +0100
commit: 60e38ecc7ff6b983f4f3af0a66c08eb3a3fda22d (patch)
tree: 98b938d57645632d7bd0a66c1a2e31fc11d29c25
parent: de58a5c60596de8b45c8016c3318bac78305477a (diff)
download: freeipa-60e38ecc7ff6b983f4f3af0a66c08eb3a3fda22d.tar.gz
freeipa-60e38ecc7ff6b983f4f3af0a66c08eb3a3fda22d.tar.xz
freeipa-60e38ecc7ff6b983f4f3af0a66c08eb3a3fda22d.zip
10 files changed, 15 insertions, 25 deletions
diff --git a/install/tools/ipactl b/install/tools/ipactl
index 42bd73e74..354209310 100755
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@@ -166,7 +166,7 @@ def get_config(dirsrv):
             (host, port) = lurl.hostport.split(':')
             wait_for_open_ports(host, [int(port)], timeout=api.env.startup_timeout)
         con = IPAdmin(ldap_uri=api.env.ldap_uri)
-        con.do_external_bind()
+        con.external_bind()
         res = con.get_entries(
             base,
             filter=srcfilter,
diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py
index c4f8c7c2e..4016a657d 100644
--- a/ipapython/ipaldap.py
+++ b/ipapython/ipaldap.py
@@ -1084,11 +1084,11 @@ class LDAPClient(object):
             self.conn.simple_bind_s(
                 bind_dn, bind_password, server_controls, client_controls)
 
-    def external_bind(self, user_name, server_controls=None,
-                      client_controls=None):
+    def external_bind(self, server_controls=None, client_controls=None):
         """
         Perform SASL bind operation using the SASL EXTERNAL mechanism.
         """
+        user_name = pwd.getpwuid(os.geteuid()).pw_name
         with self.error_handler():
             auth_tokens = ldap.sasl.external(user_name)
             self._flush_schema()
@@ -1634,9 +1634,6 @@ class IPAdmin(LDAPClient):
     def do_sasl_gssapi_bind(self):
         self.gssapi_bind()
 
-    def do_external_bind(self, user_name=None):
-        self.external_bind(user_name)
-
     def do_bind(self, dm_password="", autobind=AUTOBIND_AUTO):
         if dm_password:
             self.simple_bind(bind_dn=DIRMAN_DN, bind_password=dm_password)
@@ -1644,8 +1641,7 @@ class IPAdmin(LDAPClient):
         if autobind != AUTOBIND_DISABLED and os.getegid() == 0 and self.ldapi:
             try:
                 # autobind
-                pw_name = pwd.getpwuid(os.geteuid()).pw_name
-                self.do_external_bind(pw_name)
+                self.external_bind()
                 return
             except errors.NotFound:
                 if autobind == AUTOBIND_ENABLED:
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index d6827450c..1677d57a6 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -398,7 +398,7 @@ class DogtagInstance(service.Service):
 
         try:
             conn = ipaldap.IPAdmin(self.fqdn, ldapi=True, realm=self.realm)
-            conn.do_external_bind('root')
+            conn.external_bind()
 
             entry_attrs = conn.get_entry(self.admin_dn, ['usercertificate'])
             admin_cert = entry_attrs.get('usercertificate')[0]
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index c18a8f329..7ffc5f6ea 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -169,7 +169,7 @@ def create_ds_user():
 
 def get_domain_level(api=api):
     conn = ipaldap.IPAdmin(ldapi=True, realm=api.env.realm)
-    conn.do_external_bind('root')
+    conn.external_bind()
 
     dn = DN(('cn', 'Domain Level'),
             ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
@@ -417,7 +417,7 @@ class DsInstance(service.Service):
 
         # Always connect to self over ldapi
         conn = ipaldap.IPAdmin(self.fqdn, ldapi=True, realm=self.realm)
-        conn.do_external_bind('root')
+        conn.external_bind()
         repl = replication.ReplicationManager(self.realm,
                                               self.fqdn,
                                               self.dm_password, conn=conn)
@@ -1258,7 +1258,7 @@ class DsInstance(service.Service):
 
         # Connect to self over ldapi as Directory Manager and configure SSL
         conn = ipaldap.IPAdmin(self.fqdn, ldapi=True, realm=self.realm)
-        conn.do_external_bind('root')
+        conn.external_bind()
 
         mod = [(ldap.MOD_REPLACE, "nsSSLClientAuth", "allowed"),
                (ldap.MOD_REPLACE, "nsSSL3Ciphers", "default"),
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index 0ebcc3553..def5e5856 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -362,8 +362,7 @@ class Backup(admintool.AdminTool):
                                     realm=api.env.realm)
 
         try:
-            pw_name = pwd.getpwuid(os.geteuid()).pw_name
-            self._conn.do_external_bind(pw_name)
+            self._conn.external_bind()
         except Exception as e:
             self.log.error("Unable to bind to LDAP server %s: %s" %
                 (self._conn.host, e))
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index ae0b28fa8..ea69cc713 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -441,8 +441,7 @@ class Restore(admintool.AdminTool):
                                    realm=api.env.realm)
 
         try:
-            pw_name = pwd.getpwuid(os.geteuid()).pw_name
-            self._conn.do_external_bind(pw_name)
+            self._conn.external_bind()
         except Exception as e:
             raise admintool.ScriptError('Unable to bind to LDAP server: %s'
                 % e)
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index 5f8eb79c9..759341b3d 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -51,7 +51,7 @@ UPDATES_DIR=paths.UPDATES_DIR
 UPDATE_SEARCH_TIME_LIMIT = 30  # seconds
 
 
-def connect(ldapi=False, realm=None, fqdn=None, dm_password=None, pw_name=None):
+def connect(ldapi=False, realm=None, fqdn=None, dm_password=None):
     """Create a connection for updates"""
     if ldapi:
         conn = ipaldap.IPAdmin(ldapi=True, realm=realm, decode_attrs=False)
@@ -64,7 +64,7 @@ def connect(ldapi=False, realm=None, fqdn=None, dm_password=None, pw_name=None):
         elif os.getegid() == 0:
             try:
                 # autobind
-                conn.do_external_bind(pw_name)
+                conn.external_bind()
             except errors.NotFound:
                 # Fall back
                 conn.do_sasl_gssapi_bind()
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 5e1b11366..1a0deb460 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -1740,7 +1740,7 @@ class CAReplicationManager(ReplicationManager):
     def __init__(self, realm, hostname):
         # Always connect to self over ldapi
         conn = ipaldap.IPAdmin(hostname, ldapi=True, realm=realm)
-        conn.do_external_bind('root')
+        conn.external_bind()
         super(CAReplicationManager, self).__init__(
             realm, hostname, None, port=DEFAULT_PORT, conn=conn)
         self.db_suffix = DN(('o', 'ipaca'))
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 0015a8cb7..68af0a307 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -6,7 +6,6 @@ from __future__ import print_function
 
 import os
 import pickle
-import pwd
 import random
 import shutil
 import sys
@@ -991,7 +990,7 @@ def uninstall_check(installer):
             ldapi=True,
             realm=api.env.realm
         )
-        conn.do_external_bind(pwd.getpwuid(os.geteuid()).pw_name)
+        conn.external_bind()
         api.Backend.ldap2.connect(autobind=True)
         domain_level = dsinstance.get_domain_level(api)
     except Exception:
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 1b9057385..9d7c8ccdd 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -28,7 +28,6 @@ Backend plugin for LDAP.
 # everything except the CrudBackend methods, where dn is part of the entry dict.
 
 import os
-import pwd
 
 import ldap as _ldap
 
@@ -181,9 +180,7 @@ class ldap2(CrudBackend, LDAPClient):
                                client_controls=clientctrls)
         elif autobind != AUTOBIND_DISABLED and os.getegid() == 0 and ldapi:
             try:
-                pw_name = pwd.getpwuid(os.geteuid()).pw_name
-                client.external_bind(pw_name,
-                                     server_controls=serverctrls,
+                client.external_bind(server_controls=serverctrls,
                                      client_controls=clientctrls)
             except errors.NotFound:
                 if autobind == AUTOBIND_ENABLED:
author	Tomas Krizek <tkrizek@redhat.com>	2016-10-06 08:45:43 +0200
committer	Martin Basti <mbasti@redhat.com>	2016-11-07 11:34:03 +0100
commit	60e38ecc7ff6b983f4f3af0a66c08eb3a3fda22d (patch)
tree	98b938d57645632d7bd0a66c1a2e31fc11d29c25
parent	de58a5c60596de8b45c8016c3318bac78305477a (diff)
download	freeipa-60e38ecc7ff6b983f4f3af0a66c08eb3a3fda22d.tar.gz freeipa-60e38ecc7ff6b983f4f3af0a66c08eb3a3fda22d.tar.xz freeipa-60e38ecc7ff6b983f4f3af0a66c08eb3a3fda22d.zip