ipaldap: merge external_bind into LDAPClient

* Rename do_external_bind to external_bind
* Remove user_name argument in  external_bind() and always set it
    to effective user name

https://fedorahosted.org/freeipa/ticket/6461

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>

install/tools/ipactl

@@ -166,7 +166,7 @@ def get_config(dirsrv):
             (host, port) = lurl.hostport.split(':')
             wait_for_open_ports(host, [int(port)], timeout=api.env.startup_timeout)
         con = IPAdmin(ldap_uri=api.env.ldap_uri)
-        con.do_external_bind()
+        con.external_bind()
         res = con.get_entries(
             base,
             filter=srcfilter,

ipapython/ipaldap.py

@@ -1084,11 +1084,11 @@ class LDAPClient(object):
             self.conn.simple_bind_s(
                 bind_dn, bind_password, server_controls, client_controls)
 
-    def external_bind(self, user_name, server_controls=None,
+    def external_bind(self, server_controls=None, client_controls=None):
-                      client_controls=None):
         """
         Perform SASL bind operation using the SASL EXTERNAL mechanism.
         """
+        user_name = pwd.getpwuid(os.geteuid()).pw_name
         with self.error_handler():
             auth_tokens = ldap.sasl.external(user_name)
             self._flush_schema()
@@ -1634,9 +1634,6 @@ class IPAdmin(LDAPClient):
     def do_sasl_gssapi_bind(self):
         self.gssapi_bind()
 
-    def do_external_bind(self, user_name=None):
-        self.external_bind(user_name)
-
     def do_bind(self, dm_password="", autobind=AUTOBIND_AUTO):
         if dm_password:
             self.simple_bind(bind_dn=DIRMAN_DN, bind_password=dm_password)
@@ -1644,8 +1641,7 @@ class IPAdmin(LDAPClient):
         if autobind != AUTOBIND_DISABLED and os.getegid() == 0 and self.ldapi:
             try:
                 # autobind
-                pw_name = pwd.getpwuid(os.geteuid()).pw_name
+                self.external_bind()
-                self.do_external_bind(pw_name)
                 return
             except errors.NotFound:
                 if autobind == AUTOBIND_ENABLED:

ipaserver/install/dogtaginstance.py

@@ -398,7 +398,7 @@ class DogtagInstance(service.Service):
 
         try:
             conn = ipaldap.IPAdmin(self.fqdn, ldapi=True, realm=self.realm)
-            conn.do_external_bind('root')
+            conn.external_bind()
 
             entry_attrs = conn.get_entry(self.admin_dn, ['usercertificate'])
             admin_cert = entry_attrs.get('usercertificate')[0]

ipaserver/install/dsinstance.py

@@ -169,7 +169,7 @@ def create_ds_user():
 
 def get_domain_level(api=api):
     conn = ipaldap.IPAdmin(ldapi=True, realm=api.env.realm)
-    conn.do_external_bind('root')
+    conn.external_bind()
 
     dn = DN(('cn', 'Domain Level'),
             ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
@@ -417,7 +417,7 @@ class DsInstance(service.Service):
 
         # Always connect to self over ldapi
         conn = ipaldap.IPAdmin(self.fqdn, ldapi=True, realm=self.realm)
-        conn.do_external_bind('root')
+        conn.external_bind()
         repl = replication.ReplicationManager(self.realm,
                                               self.fqdn,
                                               self.dm_password, conn=conn)
@@ -1258,7 +1258,7 @@ class DsInstance(service.Service):
 
         # Connect to self over ldapi as Directory Manager and configure SSL
         conn = ipaldap.IPAdmin(self.fqdn, ldapi=True, realm=self.realm)
-        conn.do_external_bind('root')
+        conn.external_bind()
 
         mod = [(ldap.MOD_REPLACE, "nsSSLClientAuth", "allowed"),
                (ldap.MOD_REPLACE, "nsSSL3Ciphers", "default"),

ipaserver/install/ipa_backup.py

@@ -362,8 +362,7 @@ class Backup(admintool.AdminTool):
                                     realm=api.env.realm)
 
         try:
-            pw_name = pwd.getpwuid(os.geteuid()).pw_name
+            self._conn.external_bind()
-            self._conn.do_external_bind(pw_name)
         except Exception as e:
             self.log.error("Unable to bind to LDAP server %s: %s" %
                 (self._conn.host, e))

ipaserver/install/ipa_restore.py

@@ -441,8 +441,7 @@ class Restore(admintool.AdminTool):
                                    realm=api.env.realm)
 
         try:
-            pw_name = pwd.getpwuid(os.geteuid()).pw_name
+            self._conn.external_bind()
-            self._conn.do_external_bind(pw_name)
         except Exception as e:
             raise admintool.ScriptError('Unable to bind to LDAP server: %s'
                 % e)

ipaserver/install/ldapupdate.py

@@ -51,7 +51,7 @@ UPDATES_DIR=paths.UPDATES_DIR
 UPDATE_SEARCH_TIME_LIMIT = 30  # seconds
 
 
-def connect(ldapi=False, realm=None, fqdn=None, dm_password=None, pw_name=None):
+def connect(ldapi=False, realm=None, fqdn=None, dm_password=None):
     """Create a connection for updates"""
     if ldapi:
         conn = ipaldap.IPAdmin(ldapi=True, realm=realm, decode_attrs=False)
@@ -64,7 +64,7 @@ def connect(ldapi=False, realm=None, fqdn=None, dm_password=None, pw_name=None):
         elif os.getegid() == 0:
             try:
                 # autobind
-                conn.do_external_bind(pw_name)
+                conn.external_bind()
             except errors.NotFound:
                 # Fall back
                 conn.do_sasl_gssapi_bind()

ipaserver/install/replication.py

@@ -1740,7 +1740,7 @@ class CAReplicationManager(ReplicationManager):
     def __init__(self, realm, hostname):
         # Always connect to self over ldapi
         conn = ipaldap.IPAdmin(hostname, ldapi=True, realm=realm)
-        conn.do_external_bind('root')
+        conn.external_bind()
         super(CAReplicationManager, self).__init__(
             realm, hostname, None, port=DEFAULT_PORT, conn=conn)
         self.db_suffix = DN(('o', 'ipaca'))

ipaserver/install/server/install.py

@@ -6,7 +6,6 @@ from __future__ import print_function
 
 import os
 import pickle
-import pwd
 import random
 import shutil
 import sys
@@ -991,7 +990,7 @@ def uninstall_check(installer):
             ldapi=True,
             realm=api.env.realm
         )
-        conn.do_external_bind(pwd.getpwuid(os.geteuid()).pw_name)
+        conn.external_bind()
         api.Backend.ldap2.connect(autobind=True)
         domain_level = dsinstance.get_domain_level(api)
     except Exception:

ipaserver/plugins/ldap2.py

@@ -28,7 +28,6 @@ Backend plugin for LDAP.
 # everything except the CrudBackend methods, where dn is part of the entry dict.
 
 import os
-import pwd
 
 import ldap as _ldap
 
@@ -181,9 +180,7 @@ class ldap2(CrudBackend, LDAPClient):
                                client_controls=clientctrls)
         elif autobind != AUTOBIND_DISABLED and os.getegid() == 0 and ldapi:
             try:
-                pw_name = pwd.getpwuid(os.geteuid()).pw_name
+                client.external_bind(server_controls=serverctrls,
-                client.external_bind(pw_name,
-                                     server_controls=serverctrls,
                                      client_controls=clientctrls)
             except errors.NotFound:
                 if autobind == AUTOBIND_ENABLED: