-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
All sub-modules import __version__ from main module ldap
- Loading branch information
stroeder
committed
Jul 26, 2009
1 parent
434b5d4
commit 45dd1fc
Showing
2 changed files
with
123 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,111 @@ | ||
| """ | ||
| sasl.py - support for SASL mechanism | ||
| See http://www.python-ldap.org/ for details. | ||
| \$Id: sasl.py,v 1.15 2009/07/26 11:09:58 stroeder Exp $ | ||
| Description: | ||
| The ldap.sasl module provides SASL authentication classes. | ||
| Each class provides support for one SASL mechanism. This is done by | ||
| implementing a callback() - method, which will be called by the | ||
| LDAPObject's sasl_bind_s() method | ||
| Implementing support for new sasl mechanism is very easy --- see | ||
| the examples of digest_md5 and gssapi. | ||
| Compability: | ||
| - Tested with Python 2.0+ but should work with Python 1.5.x | ||
| """ | ||
|
|
||
| from ldap import __version__ | ||
|
|
||
| if __debug__: | ||
| # Tracing is only supported in debugging mode | ||
| import traceback | ||
| from ldap import _trace_level,_trace_file,_trace_stack_limit | ||
|
|
||
| # These are the SASL callback id's , as defined in sasl.h | ||
| CB_USER = 0x4001 | ||
| CB_AUTHNAME = 0x4002 | ||
| CB_LANGUAGE = 0x4003 | ||
| CB_PASS = 0x4004 | ||
| CB_ECHOPROMPT = 0x4005 | ||
| CB_NOECHOPROMPT= 0x4006 | ||
| CB_GETREALM = 0x4007 | ||
|
|
||
| class sasl: | ||
| """This class handles SASL interactions for authentication. | ||
| If an instance of this class is passed to ldap's sasl_bind_s() | ||
| method, the library will call its callback() method. For | ||
| specific SASL authentication mechanisms, this method can be | ||
| overridden""" | ||
|
|
||
| def __init__(self,cb_value_dict,mech): | ||
| """ The (generic) base class takes a cb_value_dictionary of | ||
| question-answer pairs. Questions are specified by the respective | ||
| SASL callback id's. The mech argument is a string that specifies | ||
| the SASL mechaninsm to be uesd.""" | ||
| self.cb_value_dict = cb_value_dict or {} | ||
| self.mech = mech | ||
|
|
||
| def callback(self,cb_id,challenge,prompt,defresult): | ||
| """ The callback method will be called by the sasl_bind_s() | ||
| method several times. Each time it will provide the id, which | ||
| tells us what kind of information is requested (the CB_ ... | ||
| constants above). The challenge might be a short (english) text | ||
| or some binary string, from which the return value is calculated. | ||
| The prompt argument is always a human-readable description string; | ||
| The defresult is a default value provided by the sasl library | ||
| Currently, we do not use the challenge and prompt information, and | ||
| return only information which is stored in the self.cb_value_dict | ||
| cb_value_dictionary. Note that the current callback interface is not very | ||
| useful for writing generic sasl GUIs, which would need to know all | ||
| the questions to ask, before the answers are returned to the sasl | ||
| lib (in contrast to one question at a time).""" | ||
|
|
||
| # The following print command might be useful for debugging | ||
| # new sasl mechanisms. So it is left here | ||
| cb_result = self.cb_value_dict.get(cb_id,defresult) or '' | ||
| if __debug__: | ||
| if _trace_level>=1: | ||
| _trace_file.write("*** id=%d, challenge=%s, prompt=%s, defresult=%s\n-> %s\n" % ( | ||
| cb_id, challenge, prompt, repr(defresult), repr(self.cb_value_dict.get(cb_result)) | ||
| )) | ||
| return cb_result | ||
|
|
||
|
|
||
| class cram_md5(sasl): | ||
| """This class handles SASL CRAM-MD5 authentication.""" | ||
|
|
||
| def __init__(self,authc_id, password, authz_id=""): | ||
| auth_dict = {CB_AUTHNAME:authc_id, CB_PASS:password, | ||
| CB_USER:authz_id} | ||
| sasl.__init__(self,auth_dict,"CRAM-MD5") | ||
|
|
||
|
|
||
| class digest_md5(sasl): | ||
| """This class handles SASL DIGEST-MD5 authentication.""" | ||
|
|
||
| def __init__(self,authc_id, password, authz_id=""): | ||
| auth_dict = {CB_AUTHNAME:authc_id, CB_PASS:password, | ||
| CB_USER:authz_id} | ||
| sasl.__init__(self,auth_dict,"DIGEST-MD5") | ||
|
|
||
|
|
||
| class gssapi(sasl): | ||
| """This class handles SASL GSSAPI (i.e. Kerberos V) | ||
| authentication.""" | ||
|
|
||
| def __init__(self,authz_id=""): | ||
| sasl.__init__(self, {CB_USER:authz_id},"GSSAPI") | ||
|
|
||
|
|
||
| class external(sasl): | ||
| """This class handles SASL EXTERNAL authentication | ||
| (i.e. X.509 client certificate)""" | ||
|
|
||
| def __init__(self,authz_id=""): | ||
| sasl.__init__(self, {CB_USER:authz_id},"EXTERNAL") | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| """ | ||
| ldap.schema - LDAPv3 schema handling | ||
| See http://www.python-ldap.org/ for details. | ||
| \$Id: __init__.py,v 1.7 2009/07/26 11:09:58 stroeder Exp $ | ||
| """ | ||
|
|
||
| from ldap import __version__ | ||
|
|
||
| from ldap.schema.subentry import SubSchema,SCHEMA_ATTRS,SCHEMA_CLASS_MAPPING,SCHEMA_ATTR_MAPPING,urlfetch | ||
| from ldap.schema.models import * |