diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2014-10-10 09:26:13 +0300 |
---|---|---|
committer | Petr Vobornik <pvoborni@redhat.com> | 2014-10-13 12:08:50 +0200 |
commit | ca42d3469a6f83376d33b08d7bb4b43c2e93d604 (patch) | |
tree | ff2787205fbbf48b58c67dec5217b1f2e04cee9c | |
parent | 63be2ee9f0296e1366c77258929c7ce2dad53154 (diff) | |
download | freeipa-ca42d3469a6f83376d33b08d7bb4b43c2e93d604.tar.gz freeipa-ca42d3469a6f83376d33b08d7bb4b43c2e93d604.tar.xz freeipa-ca42d3469a6f83376d33b08d7bb4b43c2e93d604.zip |
Allow user overrides to specify SSH public keys
Overrides for users can have SSH public keys. This, however, will not enable
SSH public keys from overrides to be actually used until SSSD gets fixed to
pull them in.
SSSD ticket for SSH public keys in overrides:
https://fedorahosted.org/sssd/ticket/2454
Resolves https://fedorahosted.org/freeipa/ticket/4509
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
-rw-r--r-- | API.txt | 6 | ||||
-rw-r--r-- | ipalib/plugins/idviews.py | 44 |
2 files changed, 48 insertions, 2 deletions
@@ -2104,7 +2104,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: PrimaryKey('value', None, None) command: idoverrideuser_add -args: 2,11,3 +args: 2,12,3 arg: Str('idviewcn', cli_name='idview', multivalue=False, primary_key=True, query=True, required=True) arg: Str('ipaanchoruuid', attribute=True, cli_name='anchor', multivalue=False, primary_key=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') @@ -2112,6 +2112,7 @@ option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui option: Str('description', attribute=True, cli_name='desc', multivalue=False, required=False) option: Str('homedirectory', attribute=True, cli_name='homedir', multivalue=False, required=False) option: Str('ipaoriginaluid', attribute=True, cli_name='ipaoriginaluid', multivalue=False, required=False) +option: Str('ipasshpubkey', attribute=True, cli_name='sshpubkey', csv=True, multivalue=True, required=False) option: Str('loginshell', attribute=True, cli_name='shell', multivalue=False, required=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Str('setattr*', cli_name='setattr', exclude='webui') @@ -2152,7 +2153,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('truncated', <type 'bool'>, None) command: idoverrideuser_mod -args: 2,14,3 +args: 2,15,3 arg: Str('idviewcn', cli_name='idview', multivalue=False, primary_key=True, query=True, required=True) arg: Str('ipaanchoruuid', attribute=True, cli_name='anchor', multivalue=False, primary_key=True, query=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') @@ -2161,6 +2162,7 @@ option: Str('delattr*', cli_name='delattr', exclude='webui') option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False) option: Str('homedirectory', attribute=True, autofill=False, cli_name='homedir', multivalue=False, required=False) option: Str('ipaoriginaluid', attribute=True, autofill=False, cli_name='ipaoriginaluid', multivalue=False, required=False) +option: Str('ipasshpubkey', attribute=True, autofill=False, cli_name='sshpubkey', csv=True, multivalue=True, required=False) option: Str('loginshell', attribute=True, autofill=False, cli_name='shell', multivalue=False, required=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Str('rename', cli_name='rename', multivalue=False, primary_key=True, required=False) diff --git a/ipalib/plugins/idviews.py b/ipalib/plugins/idviews.py index afaa6f910..c0b108260 100644 --- a/ipalib/plugins/idviews.py +++ b/ipalib/plugins/idviews.py @@ -25,6 +25,8 @@ from ipalib.plugins.hostgroup import get_complete_hostgroup_member_list from ipalib import api, Str, Int, Flag, _, ngettext, errors, output from ipalib.constants import IPA_ANCHOR_PREFIX, SID_ANCHOR_PREFIX from ipalib.plugable import Registry +from ipalib.util import (normalize_sshpubkey, validate_sshpubkey, + convert_sshpubkey_post) from ipapython.dn import DN @@ -658,6 +660,7 @@ class idoverrideuser(baseidoverride): object_class = baseidoverride.object_class + ['ipaUserOverride'] default_attributes = baseidoverride.default_attributes + [ 'homeDirectory', 'uidNumber', 'uid', 'ipaOriginalUid', 'loginShell', + 'ipaSshPubkey', ] takes_params = baseidoverride.takes_params + ( @@ -686,6 +689,13 @@ class idoverrideuser(baseidoverride): Str('ipaoriginaluid?', flags=['no_option', 'no_output'] ), + Str('ipasshpubkey*', validate_sshpubkey, + cli_name='sshpubkey', + label=_('SSH public key'), + normalizer=normalize_sshpubkey, + csv=True, + flags=['no_search'], + ), ) override_object = 'user' @@ -758,6 +768,13 @@ class idoverrideuser_add(baseidoverride_add): self.obj.update_original_uid_reference(entry_attrs) return dn + def post_callback(self, ldap, dn, entry_attrs, *keys, **options): + dn = super(idoverrideuser_add, self).post_callback(ldap, dn, + entry_attrs, *keys, **options) + convert_sshpubkey_post(ldap, dn, entry_attrs) + return dn + + @register() class idoverrideuser_del(baseidoverride_del): @@ -777,6 +794,20 @@ class idoverrideuser_mod(baseidoverride_mod): # Update the ipaOriginalUid self.obj.set_anchoruuid_from_dn(dn, entry_attrs) self.obj.update_original_uid_reference(entry_attrs) + if 'objectclass' in entry_attrs: + obj_classes = entry_attrs['objectclass'] + else: + _entry_attrs = ldap.get_entry(dn, ['objectclass']) + obj_classes = entry_attrs['objectclass'] = _entry_attrs['objectclass'] + + if 'ipasshpubkey' in entry_attrs and 'ipasshuser' not in obj_classes: + obj_classes.append('ipasshuser') + return dn + + def post_callback(self, ldap, dn, entry_attrs, *keys, **options): + dn = super(idoverrideuser_mod, self).post_callback(ldap, dn, + entry_attrs, *keys, **options) + convert_sshpubkey_post(ldap, dn, entry_attrs) return dn @@ -786,11 +817,24 @@ class idoverrideuser_find(baseidoverride_find): msg_summary = ngettext('%(count)d User ID override matched', '%(count)d User ID overrides matched', 0) + def post_callback(self, ldap, entries, truncated, *args, **options): + truncated = super(idoverrideuser_find, self).post_callback( + ldap, entries, truncated, *args, **options) + for entry in entries: + convert_sshpubkey_post(ldap, entry.dn, entry) + return truncated + @register() class idoverrideuser_show(baseidoverride_show): __doc__ = _('Display information about an User ID override.') + def post_callback(self, ldap, dn, entry_attrs, *keys, **options): + dn = super(idoverrideuser_show, self).post_callback(ldap, dn, + entry_attrs, *keys, **options) + convert_sshpubkey_post(ldap, dn, entry_attrs) + return dn + @register() class idoverridegroup_add(baseidoverride_add): |