ipaldap: merge external_bind into LDAPClient

* Rename do_external_bind to external_bind * Remove user_name argument in external_bind() and always set it to effective user name https://fedorahosted.org/freeipa/ticket/6461 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-10-06 08:45:43 +02:00 · 2016-10-06 08:45:43 +02:00 · 60e38ecc7f
commit 60e38ecc7f
parent de58a5c605
10 changed files with 15 additions and 25 deletions
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@ -166,7 +166,7 @@ def get_config(dirsrv):
            (host, port) = lurl.hostport.split(':')
            wait_for_open_ports(host, [int(port)], timeout=api.env.startup_timeout)
        con = IPAdmin(ldap_uri=api.env.ldap_uri)
-        con.do_external_bind()
+        con.external_bind()
        res = con.get_entries(
            base,
            filter=srcfilter,
--- a/ipapython/ipaldap.py
+++ b/ipapython/ipaldap.py
@ -1084,11 +1084,11 @@ class LDAPClient(object):
            self.conn.simple_bind_s(
                bind_dn, bind_password, server_controls, client_controls)

-    def external_bind(self, user_name, server_controls=None,
-                      client_controls=None):
+    def external_bind(self, server_controls=None, client_controls=None):
        """
        Perform SASL bind operation using the SASL EXTERNAL mechanism.
        """
+        user_name = pwd.getpwuid(os.geteuid()).pw_name
        with self.error_handler():
            auth_tokens = ldap.sasl.external(user_name)
            self._flush_schema()
@ -1634,9 +1634,6 @@ class IPAdmin(LDAPClient):
    def do_sasl_gssapi_bind(self):
        self.gssapi_bind()

-    def do_external_bind(self, user_name=None):
-        self.external_bind(user_name)
-
    def do_bind(self, dm_password="", autobind=AUTOBIND_AUTO):
        if dm_password:
            self.simple_bind(bind_dn=DIRMAN_DN, bind_password=dm_password)
@ -1644,8 +1641,7 @@ class IPAdmin(LDAPClient):
        if autobind != AUTOBIND_DISABLED and os.getegid() == 0 and self.ldapi:
            try:
                # autobind
-                pw_name = pwd.getpwuid(os.geteuid()).pw_name
-                self.do_external_bind(pw_name)
+                self.external_bind()
                return
            except errors.NotFound:
                if autobind == AUTOBIND_ENABLED:
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@ -398,7 +398,7 @@ class DogtagInstance(service.Service):

        try:
            conn = ipaldap.IPAdmin(self.fqdn, ldapi=True, realm=self.realm)
-            conn.do_external_bind('root')
+            conn.external_bind()

            entry_attrs = conn.get_entry(self.admin_dn, ['usercertificate'])
            admin_cert = entry_attrs.get('usercertificate')[0]
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@ -169,7 +169,7 @@ def create_ds_user():

 def get_domain_level(api=api):
    conn = ipaldap.IPAdmin(ldapi=True, realm=api.env.realm)
-    conn.do_external_bind('root')
+    conn.external_bind()

    dn = DN(('cn', 'Domain Level'),
            ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
@ -417,7 +417,7 @@ class DsInstance(service.Service):

        # Always connect to self over ldapi
        conn = ipaldap.IPAdmin(self.fqdn, ldapi=True, realm=self.realm)
-        conn.do_external_bind('root')
+        conn.external_bind()
        repl = replication.ReplicationManager(self.realm,
                                              self.fqdn,
                                              self.dm_password, conn=conn)
@ -1258,7 +1258,7 @@ class DsInstance(service.Service):

        # Connect to self over ldapi as Directory Manager and configure SSL
        conn = ipaldap.IPAdmin(self.fqdn, ldapi=True, realm=self.realm)
-        conn.do_external_bind('root')
+        conn.external_bind()

        mod = [(ldap.MOD_REPLACE, "nsSSLClientAuth", "allowed"),
               (ldap.MOD_REPLACE, "nsSSL3Ciphers", "default"),
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@ -362,8 +362,7 @@ class Backup(admintool.AdminTool):
                                    realm=api.env.realm)

        try:
-            pw_name = pwd.getpwuid(os.geteuid()).pw_name
-            self._conn.do_external_bind(pw_name)
+            self._conn.external_bind()
        except Exception as e:
            self.log.error("Unable to bind to LDAP server %s: %s" %
                (self._conn.host, e))
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@ -441,8 +441,7 @@ class Restore(admintool.AdminTool):
                                   realm=api.env.realm)

        try:
-            pw_name = pwd.getpwuid(os.geteuid()).pw_name
-            self._conn.do_external_bind(pw_name)
+            self._conn.external_bind()
        except Exception as e:
            raise admintool.ScriptError('Unable to bind to LDAP server: %s'
                % e)
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@ -51,7 +51,7 @@ UPDATES_DIR=paths.UPDATES_DIR
 UPDATE_SEARCH_TIME_LIMIT = 30  # seconds


-def connect(ldapi=False, realm=None, fqdn=None, dm_password=None, pw_name=None):
+def connect(ldapi=False, realm=None, fqdn=None, dm_password=None):
    """Create a connection for updates"""
    if ldapi:
        conn = ipaldap.IPAdmin(ldapi=True, realm=realm, decode_attrs=False)
@ -64,7 +64,7 @@ def connect(ldapi=False, realm=None, fqdn=None, dm_password=None, pw_name=None):
        elif os.getegid() == 0:
            try:
                # autobind
-                conn.do_external_bind(pw_name)
+                conn.external_bind()
            except errors.NotFound:
                # Fall back
                conn.do_sasl_gssapi_bind()
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@ -1740,7 +1740,7 @@ class CAReplicationManager(ReplicationManager):
    def __init__(self, realm, hostname):
        # Always connect to self over ldapi
        conn = ipaldap.IPAdmin(hostname, ldapi=True, realm=realm)
-        conn.do_external_bind('root')
+        conn.external_bind()
        super(CAReplicationManager, self).__init__(
            realm, hostname, None, port=DEFAULT_PORT, conn=conn)
        self.db_suffix = DN(('o', 'ipaca'))
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@ -6,7 +6,6 @@ from __future__ import print_function

 import os
 import pickle
-import pwd
 import random
 import shutil
 import sys
@ -991,7 +990,7 @@ def uninstall_check(installer):
            ldapi=True,
            realm=api.env.realm
        )
-        conn.do_external_bind(pwd.getpwuid(os.geteuid()).pw_name)
+        conn.external_bind()
        api.Backend.ldap2.connect(autobind=True)
        domain_level = dsinstance.get_domain_level(api)
    except Exception:
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@ -28,7 +28,6 @@ Backend plugin for LDAP.
 # everything except the CrudBackend methods, where dn is part of the entry dict.

 import os
-import pwd

 import ldap as _ldap

@ -181,9 +180,7 @@ class ldap2(CrudBackend, LDAPClient):
                               client_controls=clientctrls)
        elif autobind != AUTOBIND_DISABLED and os.getegid() == 0 and ldapi:
            try:
-                pw_name = pwd.getpwuid(os.geteuid()).pw_name
-                client.external_bind(pw_name,
-                                     server_controls=serverctrls,
+                client.external_bind(server_controls=serverctrls,
                                     client_controls=clientctrls)
            except errors.NotFound:
                if autobind == AUTOBIND_ENABLED: