diff options
author | Ondrej Hamada <ohamada@redhat.com> | 2012-06-26 15:23:55 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-06-27 12:58:46 +0200 |
commit | 8ce7330c5330e45c59c70d984a7fed526e85c58c (patch) | |
tree | 45682411bc847587953b7495c8f163ef809ad535 /ipalib/plugins/host.py | |
parent | 3c36fa8c0da767b0f1309cb96bf85d3149e4dc10 (diff) | |
download | freeipa-8ce7330c5330e45c59c70d984a7fed526e85c58c.tar.gz freeipa-8ce7330c5330e45c59c70d984a7fed526e85c58c.tar.xz freeipa-8ce7330c5330e45c59c70d984a7fed526e85c58c.zip |
Change random passwords behaviour
Improved options checking so that host-mod operation is not changing
password for enrolled host when '--random' option is used.
Unit tests added.
https://fedorahosted.org/freeipa/ticket/2799
Updated set of characters that is used for generating random passwords
for ipa hosts. All characters that might need escaping were removed.
https://fedorahosted.org/freeipa/ticket/2800
Diffstat (limited to 'ipalib/plugins/host.py')
-rw-r--r-- | ipalib/plugins/host.py | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 96b73cc55..9680d7c02 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -24,6 +24,7 @@ import sys from nss.error import NSPRError import nss.nss as nss import netaddr +import string from ipalib import api, errors, util from ipalib import Str, Flag, Bytes @@ -99,6 +100,10 @@ EXAMPLES: ipa host-add-managedby --hosts=test2 test """) +# Characters to be used by random password generator +# The set was chosen to avoid the need for escaping the characters by user +host_pwd_chars=string.digits + string.ascii_letters + '_,.@+-=' + def remove_fwd_ptr(ipaddr, host, domain, recordtype): api.log.debug('deleting ipaddr %s' % ipaddr) try: @@ -404,7 +409,7 @@ class host_add(LDAPCreate): if 'krbprincipal' in entry_attrs['objectclass']: entry_attrs['objectclass'].remove('krbprincipal') if options.get('random'): - entry_attrs['userpassword'] = ipa_generate_password() + entry_attrs['userpassword'] = ipa_generate_password(characters=host_pwd_chars) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) cert = options.get('usercertificate') @@ -596,7 +601,7 @@ class host_mod(LDAPUpdate): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): # Allow an existing OTP to be reset but don't allow a OTP to be # added to an enrolled host. - if 'userpassword' in options: + if options.get('userpassword') or options.get('random'): entry = {} self.obj.get_password_attributes(ldap, dn, entry) if not entry['has_password'] and entry['has_keytab']: @@ -649,7 +654,7 @@ class host_mod(LDAPUpdate): entry_attrs['usercertificate'] = cert if options.get('random'): - entry_attrs['userpassword'] = ipa_generate_password() + entry_attrs['userpassword'] = ipa_generate_password(characters=host_pwd_chars) setattr(context, 'randompassword', entry_attrs['userpassword']) if 'macaddress' in entry_attrs: if 'objectclass' in entry_attrs: |