Remove IPAdmin.sasl_interactive_bind_s

Also, rename remaining uses of SASL_AUTH to SASL_GSSAPI to better reflect what it is. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
2025-02-25 18:55:28 -06:00 · 2013-01-29 12:01:36 -05:00 · 2013-01-29 12:01:36 -05:00 · 1ee66ffe03
commit 1ee66ffe03
parent f9f6cd6e3a
3 changed files with 6 additions and 13 deletions
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@ -441,15 +441,12 @@ class DomainValidator(object):
        if auth:
            (ccache_name, principal) = self.__kinit_as_trusted_account(info, auth)
            if ccache_name:
-                cb_info = dict()
-                # pass empty dict, SASL GSSAPI is able to get all from the ccache
-                sasl_auth = _ldap.sasl.sasl(cb_info,'GSSAPI')
                old_ccache = os.environ.get('KRB5CCNAME')
                os.environ["KRB5CCNAME"] = ccache_name
                # OPT_X_SASL_NOCANON is used to avoid hard requirement for PTR
                # records pointing back to the same host name
                conn.set_option(_ldap.OPT_X_SASL_NOCANON, _ldap.OPT_ON)
-                conn.sasl_interactive_bind_s(None, sasl_auth)
+                conn.do_sasl_gssapi_bind()
                if basedn is None:
                    # Use domain root base DN
                    basedn = DN(*map(lambda p: ('dc', p), info['dns_domain'].split('.')))
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@ -41,7 +41,7 @@ from ipapython.ipa_log_manager import log_mgr
 from ipapython.dn import DN, RDN

 # Global variable to define SASL auth
-SASL_AUTH = ldap.sasl.sasl({}, 'GSSAPI')
+SASL_GSSAPI = ldap.sasl.sasl({}, 'GSSAPI')

 DEFAULT_TIMEOUT = 10
 DN_SYNTAX_OID = '1.3.6.1.4.1.1466.115.121.1.12'
@ -1617,12 +1617,12 @@ class IPAdmin(LDAPClient):

    def do_sasl_gssapi_bind(self, timeout=DEFAULT_TIMEOUT):
        self.__bind_with_wait(
-            self.sasl_interactive_bind_s, timeout, None, SASL_AUTH)
+            self.conn.sasl_interactive_bind_s, timeout, None, SASL_GSSAPI)

    def do_external_bind(self, user_name=None, timeout=DEFAULT_TIMEOUT):
        auth_tokens = ldap.sasl.external(user_name)
        self.__bind_with_wait(
-            self.sasl_interactive_bind_s, timeout, None, auth_tokens)
+            self.conn.sasl_interactive_bind_s, timeout, None, auth_tokens)

    def updateEntry(self,dn,oldentry,newentry):
        # FIXME: for backwards compatibility only
@ -1712,10 +1712,6 @@ class IPAdmin(LDAPClient):
        # FIXME: for backwards compatibility only
        return self.conn.set_option(*args, **kwargs)

-    def sasl_interactive_bind_s(self, *args, **kwargs):
-        # FIXME: for backwards compatibility only
-        return self.conn.sasl_interactive_bind_s(*args, **kwargs)
-
    def encode(self, *args, **kwargs):
        # FIXME: for backwards compatibility only
        return self.conn.encode(*args, **kwargs)
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@ -36,7 +36,7 @@ import krbV
 import ldap as _ldap

 from ipapython.dn import DN
-from ipaserver.ipaldap import SASL_AUTH, IPASimpleLDAPObject, LDAPClient
+from ipaserver.ipaldap import SASL_GSSAPI, IPASimpleLDAPObject, LDAPClient


 try:
@ -156,7 +156,7 @@ class ldap2(LDAPClient, CrudBackend):
                        context=krbV.default_context()).principal().name

                os.environ['KRB5CCNAME'] = ccache
-                conn.sasl_interactive_bind_s(None, SASL_AUTH)
+                conn.sasl_interactive_bind_s(None, SASL_GSSAPI)
                setattr(context, 'principal', principal)
            else:
                # no kerberos ccache, use simple bind or external sasl