Hello community,
here is the log from the commit of package yast2-adcommon-python for
openSUSE:Factory checked in at 2019-08-23 11:09:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-adcommon-python (Old)
and /work/SRC/openSUSE:Factory/.yast2-adcommon-python.new.7948 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-adcommon-python"
Fri Aug 23 11:09:46 2019 rev:7 rq:725411 version:1.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/yast2-adcommon-python/yast2-adcommon-python.changes
2019-08-14 11:37:44.444692900 +0200
+++
/work/SRC/openSUSE:Factory/.yast2-adcommon-python.new.7948/yast2-adcommon-python.changes
2019-08-23 11:09:47.822457988 +0200
@@ -1,0 +2,7 @@
+Thu Aug 22 15:55:34 UTC 2019 - [email protected]
+
+- AD modules should connect to an AD-DC via the SamDB interface,
+ instead of python-ldap; (bsc#1146898);
+- 1.0
+
+-------------------------------------------------------------------
Old:
----
yast2-adcommon-python-0.8.tar.bz2
New:
----
yast2-adcommon-python-1.0.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-adcommon-python.spec ++++++
--- /var/tmp/diff_new_pack.WUTYH8/_old 2019-08-23 11:09:48.974457846 +0200
+++ /var/tmp/diff_new_pack.WUTYH8/_new 2019-08-23 11:09:48.974457846 +0200
@@ -17,7 +17,7 @@
Name: yast2-adcommon-python
-Version: 0.8
+Version: 1.0
Release: 0
Summary: Common code for the yast python ad modules
License: GPL-3.0-or-later
@@ -27,7 +27,8 @@
BuildArch: noarch
Requires: krb5-client
Requires: python3-keyring
-Requires: python3-ldap
+Requires: python3-ldb
+Requires: samba-ad-dc
Requires: samba-client
Requires: samba-python3
Requires: yast2
++++++ yast2-adcommon-python-0.8.tar.bz2 -> yast2-adcommon-python-1.0.tar.bz2
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-adcommon-python-0.8/adcommon/creds.py
new/yast2-adcommon-python-1.0/adcommon/creds.py
--- old/yast2-adcommon-python-0.8/adcommon/creds.py 2019-08-13
22:08:30.000000000 +0200
+++ new/yast2-adcommon-python-1.0/adcommon/creds.py 2019-08-22
21:51:25.000000000 +0200
@@ -203,6 +203,10 @@
def __validate_kinit(self):
out, _ = Popen(['klist'], stdout=PIPE, stderr=PIPE).communicate()
+ m = re.findall(six.b('Ticket cache:\s*(.*)'), out)
+ if len(m) != 1:
+ return None
+ self.creds.set_named_ccache(m[0].decode())
m = re.findall(six.b('Default principal:\s*(\w+)@([\w\.]+)'), out)
if len(m) == 0:
return None
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-adcommon-python-0.8/adcommon/yldap.py
new/yast2-adcommon-python-1.0/adcommon/yldap.py
--- old/yast2-adcommon-python-0.8/adcommon/yldap.py 2019-08-13
22:08:30.000000000 +0200
+++ new/yast2-adcommon-python-1.0/adcommon/yldap.py 2019-08-22
21:51:25.000000000 +0200
@@ -1,7 +1,6 @@
-import ldap, ldap.modlist, ldap.sasl
-from ldap.modlist import addModlist as addlist
-from ldap.modlist import modifyModlist as modlist
-from ldap import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE
+from samba import samdb
+from samba.auth import system_session
+from samba import ldb
import traceback
from yast import ycpbuiltins, import_module
import_module('UI')
@@ -9,11 +8,24 @@
from samba.credentials import MUST_USE_KERBEROS
from adcommon.creds import kinit_for_gssapi, krb5_temp_conf, pdc_dns_name
from adcommon.strings import strcmp
+from samba.net import Net
import os
import six
import ldapurl
import binascii, struct, re
from datetime import datetime
+SCOPE_BASE = ldb.SCOPE_BASE
+SCOPE_ONELEVEL = ldb.SCOPE_ONELEVEL
+SCOPE_SUBTREE = ldb.SCOPE_SUBTREE
+
+def addlist(attrs):
+ return attrs
+
+def modlist(old_attrs, new_attrs):
+ for key in old_attrs:
+ if key in new_attrs and old_attrs[key] == new_attrs[key]:
+ del new_attrs[key]
+ return new_attrs
def y2error_dialog(msg):
from yast import UI, Opt, HBox, HSpacing, VBox, VSpacing, Label, Right,
PushButton, Id
@@ -67,7 +79,7 @@
else:
return data
-class Ldap:
+class Ldap(samdb.SamDB):
def __init__(self, lp, creds, ldap_url=None):
self.lp = lp
self.creds = creds
@@ -75,6 +87,10 @@
self.realm_dn = ','.join(['DC=%s' % part for part in
self.realm.lower().split('.')])
self.ldap_url = ldapurl.LDAPUrl(ldap_url) if ldap_url else None
self.__ldap_connect()
+ # Ugly Hack: Make the ldap module backwards compatible with modules
that
+ # called functions of l (the python ldap code).
+ self.l = self
+ self.net = Net(creds=self.creds, lp=self.lp)
self.schema = {}
self.__load_schema()
@@ -96,72 +112,46 @@
def __ldap_connect(self):
self.dc_hostname = pdc_dns_name(self.realm)
- os.environ['KRB5_CONFIG'] = krb5_temp_conf(self.realm)
if not self.ldap_url:
self.ldap_url = ldapurl.LDAPUrl('ldap://%s' % self.dc_hostname)
- self.l = ldap.initialize(self.ldap_url.initializeUrl())
- if self.creds.get_kerberos_state() == MUST_USE_KERBEROS or
kinit_for_gssapi(self.creds, self.realm):
- auth_tokens = ldap.sasl.gssapi('')
- self.l.sasl_interactive_bind_s('', auth_tokens)
- os.unlink(os.environ['KRB5_CONFIG'])
- else:
- os.unlink(os.environ['KRB5_CONFIG'])
+ if self.creds.get_kerberos_state() != MUST_USE_KERBEROS:
+ kinit_for_gssapi(self.creds, self.realm)
+ try:
+ super(Ldap, self).__init__(url=self.ldap_url.initializeUrl(),
lp=self.lp,
+ credentials=self.creds,
session_info=system_session())
+ except ldb.LdbError:
ycpbuiltins.y2error('Failed to initialize ldap connection')
raise Exception('Failed to initialize ldap connection')
def ldap_search_s(self, *args):
+ return self.ldap_search(*args)
+
+ def ldap_search(self, base=None, scope=None, expression=None, attrs=None,
controls=None):
try:
- try:
- return self.l.search_s(*args)
- except ldap.SERVER_DOWN:
- self.__ldap_connect()
- return self.l.search_s(*args)
- except ldap.LDAPError as e:
+ attrs = [a.decode() if type(a) is six.binary_type else a for a in
attrs]
+ return [(str(m.get('dn')), {k: [bytes(v) for v in m.get(k)] for k
in m.keys() if k != 'dn'}) for m in self.search(base, scope, expression, attrs,
controls)]
+ except ldb.LdbError as e:
y2error_dialog(self.__ldap_exc_msg(e))
except Exception as e:
ycpbuiltins.y2error(traceback.format_exc())
ycpbuiltins.y2error('ldap.search_s: %s\n' % self.__ldap_exc_msg(e))
- def ldap_search(self, *args):
- result = []
+ def ldap_add(self, dn, attrs):
try:
- try:
- res_id = self.l.search(*args)
- except ldap.SERVER_DOWN:
- self.__ldap_connect()
- res_id = self.l.search(*args)
- while 1:
- t, d = self.l.result(res_id, 0)
- if d == []:
- break
- else:
- if t == ldap.RES_SEARCH_ENTRY:
- result.append(d[0])
- except ldap.LDAPError:
- pass
- except Exception as e:
- ycpbuiltins.y2error(traceback.format_exc())
- ycpbuiltins.y2error('ldap.search: %s\n' % self.__ldap_exc_msg(e))
- return result
-
- def ldap_add(self, *args):
- try:
- try:
- return self.l.add_s(*args)
- except ldap.SERVER_DOWN:
- self.__ldap_connect()
- return self.l.add_s(*args)
+ attrs['dn'] = dn
+ return self.add(attrs)
except Exception as e:
raise LdapException(self.__ldap_exc_msg(e),
self.__ldap_exc_info(e))
- def ldap_modify(self, *args):
+ def ldap_modify(self, dn, attrs):
+ # Check to see if it's an ldap message instead of key/value pairs
+ if type(attrs) != dict:
+ # Convert the ldap message into key/value pair strings, ignoring
old values
+ attrs = {m[1].decode() if type(m[1]) is six.binary_type else m[1]:
m[2].decode() if type(m[2]) is six.binary_type else str(m[2]) for m in attrs if
m[0] == 0}
try:
- try:
- return self.l.modify(*args)
- except ldap.SERVER_DOWN:
- self.__ldap_connect()
- return self.l.modify(*args)
- except ldap.LDAPError as e:
+ attrs['dn'] = dn
+ return self.modify(ldb.Message.from_dict(self, attrs))
+ except ldb.LdbError as e:
y2error_dialog(self.__ldap_exc_msg(e))
except Exception as e:
ycpbuiltins.y2error(traceback.format_exc())
@@ -169,25 +159,24 @@
def ldap_delete(self, *args):
try:
- try:
- return self.l.delete_s(*args)
- except ldap.SERVER_DOWN:
- self.__ldap_connect()
- return self.l.delete_s(*args)
- except ldap.LDAPError as e:
+ return self.delete(*args)
+ except ldb.LdbError as e:
y2error_dialog(self.__ldap_exc_msg(e))
except Exception as e:
ycpbuiltins.y2error(traceback.format_exc())
ycpbuiltins.y2error('ldap.delete_s: %s\n' % self.__ldap_exc_msg(e))
+ def rename_s(self, dn, newrdn, newsuperior):
+ super(Ldap, self).rename(dn, '%s,%s' % (newrdn, newsuperior))
+
def __find_inferior_classes(self, name):
- dn = 'CN=Schema,CN=Configuration,%s' % self.realm_dn
+ dn = self.get_schema_basedn()
search = '(|(possSuperiors=%s)(systemPossSuperiors=%s))' % (name, name)
return [item[-1]['lDAPDisplayName'][-1] for item in
self.ldap_search_s(dn, SCOPE_SUBTREE, search, ['lDAPDisplayName'])]
def __load_schema(self):
- dn = self.l.search_subschemasubentry_s()
- results = self.l.read_subschemasubentry_s(dn)
+ dn = str(self.search('', SCOPE_BASE, '(objectclass=*)',
['subschemaSubentry'])[0]['subschemaSubentry'])
+ results = self.search(dn, SCOPE_BASE, '(objectclass=*)',
['attributeTypes', 'dITStructureRules', 'objectClasses', 'nameForms',
'dITContentRules', 'matchingRules', 'ldapSyntaxes', 'matchingRuleUse'])[0]
self.schema['attributeTypes'] = {}
self.schema['constructedAttributes'] = self.__constructed_attributes()
@@ -242,7 +231,7 @@
# ADSI Hides constructed attributes, since they can't be modified.
# 1.2.840.113556.1.4.803 is the OID for LDAP_MATCHING_RULE_BIT_AND
(we're and'ing 4 on systemFlags)
search =
'(&(systemFlags:1.2.840.113556.1.4.803:=4)(ObjectClass=attributeSchema))'
- container = 'CN=Schema,CN=Configuration,%s' % self.realm_dn
+ container = self.get_schema_basedn()
ret = self.ldap_search(container, SCOPE_ONELEVEL, search,
['lDAPDisplayName'])
return [a[-1]['lDAPDisplayName'][-1] for a in ret]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-adcommon-python-0.8/package/yast2-adcommon-python.changes
new/yast2-adcommon-python-1.0/package/yast2-adcommon-python.changes
--- old/yast2-adcommon-python-0.8/package/yast2-adcommon-python.changes
2019-08-13 22:08:30.000000000 +0200
+++ new/yast2-adcommon-python-1.0/package/yast2-adcommon-python.changes
2019-08-22 21:51:25.000000000 +0200
@@ -1,4 +1,11 @@
-------------------------------------------------------------------
+Thu Aug 22 15:55:34 UTC 2019 - [email protected]
+
+- AD modules should connect to an AD-DC via the SamDB interface,
+ instead of python-ldap; (bsc#1146898);
+- 1.0
+
+-------------------------------------------------------------------
Tue Aug 13 19:57:54 UTC 2019 - [email protected]
- Fix incorrectly placed domain in change domain dialog; (bsc#1145508);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-adcommon-python-0.8/package/yast2-adcommon-python.spec
new/yast2-adcommon-python-1.0/package/yast2-adcommon-python.spec
--- old/yast2-adcommon-python-0.8/package/yast2-adcommon-python.spec
2019-08-13 22:08:30.000000000 +0200
+++ new/yast2-adcommon-python-1.0/package/yast2-adcommon-python.spec
2019-08-22 21:51:25.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-adcommon-python
-Version: 0.8
+Version: 1.0
Release: 0
Summary: Common code for the yast python ad modules
License: GPL-3.0+
@@ -28,9 +28,10 @@
Requires: krb5-client
Requires: samba-client
Requires: samba-python3
+Requires: samba-ad-dc
Requires: yast2
Requires: yast2-python3-bindings >= 4.0.0
-Requires: python3-ldap
+Requires: python3-ldb
Requires: python3-keyring
BuildRequires: python3
BuildRequires: python3-setuptools
