forked from public/pyceo
Simplify sasl code
This commit is contained in:
parent
d1da12d13f
commit
07d4a428f9
|
@ -24,7 +24,7 @@ def configure():
|
|||
'club_group', 'admin_shell', 'admin_home', 'admin_desc',
|
||||
'admin_group', 'group_desc', 'username_regex', 'groupname_regex',
|
||||
'shells_file', 'server_url', 'users_base', 'groups_base',
|
||||
'sasl_mech', 'sasl_realm', 'admin_bind_keytab', 'admin_bind_dn',
|
||||
'sasl_mech', 'sasl_realm', 'admin_bind_keytab',
|
||||
'admin_bind_userid', 'realm', 'admin_principal', 'admin_keytab' ]
|
||||
numeric_fields = [ 'member_min_id', 'member_max_id', 'club_min_id',
|
||||
'club_max_id', 'admin_min_id', 'admin_max_id', 'group_min_id',
|
||||
|
@ -92,8 +92,8 @@ def connect():
|
|||
configure()
|
||||
|
||||
# connect to the LDAP server
|
||||
ldap_connection.connect_sasl(cfg['server_url'], cfg['admin_bind_dn'],
|
||||
cfg['sasl_mech'], cfg['sasl_realm'], cfg['admin_bind_userid'],
|
||||
ldap_connection.connect_sasl(cfg['server_url'], cfg['sasl_mech'],
|
||||
cfg['sasl_realm'], cfg['admin_bind_userid'],
|
||||
('keytab', cfg['admin_bind_keytab']), cfg['users_base'],
|
||||
cfg['groups_base'])
|
||||
|
||||
|
|
|
@ -26,8 +26,8 @@ def load_configuration():
|
|||
"""Load Members Configuration"""
|
||||
|
||||
string_fields = [ 'realname_regex', 'server_url', 'users_base',
|
||||
'groups_base', 'sasl_mech', 'sasl_realm', 'admin_bind_dn',
|
||||
'admin_bind_keytab', 'admin_bind_userid' ]
|
||||
'groups_base', 'sasl_mech', 'sasl_realm', 'admin_bind_keytab',
|
||||
'admin_bind_userid' ]
|
||||
|
||||
# read configuration file
|
||||
cfg_tmp = conf.read(CONFIG_FILE)
|
||||
|
@ -79,8 +79,8 @@ def connect():
|
|||
"""Connect to LDAP."""
|
||||
|
||||
load_configuration()
|
||||
ldap_connection.connect_sasl(cfg['server_url'], cfg['admin_bind_dn'],
|
||||
cfg['sasl_mech'], cfg['sasl_realm'], cfg['admin_bind_userid'],
|
||||
ldap_connection.connect_sasl(cfg['server_url'], cfg['sasl_mech'],
|
||||
cfg['sasl_realm'], cfg['admin_bind_userid'],
|
||||
('keytab', cfg['admin_bind_keytab']), cfg['users_base'],
|
||||
cfg['groups_base'])
|
||||
|
||||
|
|
|
@ -67,14 +67,14 @@ class LDAPConnection(object):
|
|||
self.user_base = user_base
|
||||
self.group_base = group_base
|
||||
|
||||
def connect_sasl(self, uri, bind_dn, mech, realm, userid, password, user_base, group_base):
|
||||
def connect_sasl(self, uri, mech, realm, userid, password, user_base, group_base):
|
||||
|
||||
# open the connection
|
||||
self.ldap = ldap.initialize(uri)
|
||||
|
||||
# authenticate
|
||||
sasl = Sasl(mech, realm, userid, password)
|
||||
self.ldap.sasl_interactive_bind_s(bind_dn, sasl)
|
||||
self.ldap.sasl_interactive_bind_s('', sasl)
|
||||
|
||||
self.user_base = user_base
|
||||
self.group_base = group_base
|
||||
|
@ -665,13 +665,8 @@ class LDAPConnection(object):
|
|||
|
||||
class Sasl:
|
||||
|
||||
CB_USER = 0x4001
|
||||
bind_dn = 'dn:uid=%s,cn=%s,cn=%s,cn=auth'
|
||||
|
||||
def __init__(self, mech, realm, userid, password):
|
||||
self.mech = mech
|
||||
self.bind_dn = self.bind_dn % (userid, realm, mech)
|
||||
|
||||
if mech == 'GSSAPI':
|
||||
type, arg = password
|
||||
kinit_args = [ '/usr/bin/kinit', '%s@%s' % (userid, realm) ]
|
||||
|
@ -682,10 +677,7 @@ class Sasl:
|
|||
kinit.wait()
|
||||
|
||||
def callback(self, id, challenge, prompt, defresult):
|
||||
if id == self.CB_USER:
|
||||
return self.bind_dn
|
||||
else:
|
||||
return None
|
||||
return ''
|
||||
|
||||
|
||||
### Tests ###
|
||||
|
|
Loading…
Reference in New Issue