summaryrefslogtreecommitdiffstats
path: root/ipalib
diff options
context:
space:
mode:
authorJason Gerard DeRose <jderose@redhat.com>2008-11-18 13:43:43 -0700
committerJason Gerard DeRose <jderose@redhat.com>2008-11-18 13:43:43 -0700
commit4afee15d4b523a641552bee9993882bb1ae6e2cc (patch)
tree907887251011a9979c65b7c7ab5b0e7c2e2fddef /ipalib
parent0a60a6bcc4c8eaa7d42dc25fa6fc69d837e3e816 (diff)
downloadfreeipa-4afee15d4b523a641552bee9993882bb1ae6e2cc.tar.gz
freeipa-4afee15d4b523a641552bee9993882bb1ae6e2cc.tar.xz
freeipa-4afee15d4b523a641552bee9993882bb1ae6e2cc.zip
Calling 'passwd' command now prompts for password using textui.prompt_password()
Diffstat (limited to 'ipalib')
-rw-r--r--ipalib/cli.py27
-rw-r--r--ipalib/frontend.py7
-rw-r--r--ipalib/plugins/f_passwd.py26
3 files changed, 40 insertions, 20 deletions
diff --git a/ipalib/cli.py b/ipalib/cli.py
index 7cbf6e4bb..b3aa10994 100644
--- a/ipalib/cli.py
+++ b/ipalib/cli.py
@@ -658,12 +658,28 @@ class CLI(object):
def run_cmd(self, cmd):
kw = self.parse(cmd)
if self.options.interactive:
- kw = self.prompt_interactively(cmd, kw)
+ self.prompt_interactively(cmd, kw)
+ self.prompt_for_passwords(cmd, kw)
result = cmd(**kw)
if callable(cmd.output_for_cli):
+ for param in cmd.params():
+ if param.ispassword():
+ del kw[param.name]
(args, options) = cmd.params_2_args_options(kw)
cmd.output_for_cli(self.api.Backend.textui, result, *args, **options)
+ def prompt_for_passwords(self, cmd, kw):
+ for param in cmd.params():
+ if 'password' not in param.flags:
+ continue
+ if kw.get(param.name, False) is True or param.name in cmd.args:
+ kw[param.name] = self.textui.prompt_password(
+ param.cli_name
+ )
+ else:
+ kw.pop(param.name, None)
+ return kw
+
def prompt_interactively(self, cmd, kw):
"""
Interactively prompt for missing or invalid values.
@@ -676,12 +692,7 @@ class CLI(object):
"""
for param in cmd.params():
if 'password' in param.flags:
- if kw.get(param.name, False) is True:
- kw[param.name] = self.textui.prompt_password(
- param.cli_name
- )
- else:
- kw.pop(param.name, None)
+ continue
elif param.name not in kw:
if not (param.required or self.options.prompt_all):
continue
@@ -760,6 +771,8 @@ class CLI(object):
def get_usage_iter(self, cmd):
yield 'Usage: %%prog [global-options] %s' % to_cli(cmd.name)
for arg in cmd.args():
+ if 'password' in arg.flags:
+ continue
name = to_cli(arg.cli_name).upper()
if arg.multivalue:
name = '%s...' % name
diff --git a/ipalib/frontend.py b/ipalib/frontend.py
index 61cba513b..db399ba58 100644
--- a/ipalib/frontend.py
+++ b/ipalib/frontend.py
@@ -261,6 +261,13 @@ class Param(plugable.ReadOnly):
self.primary_key = self.__check_type(bool, 'primary_key')
lock(self)
+ def ispassword(self):
+ """
+ Return ``True`` is this Param is a password.
+ """
+ # FIXME: add unit test
+ return 'password' in self.flags
+
def __clone__(self, **override):
"""
Return a new `Param` instance similar to this one.
diff --git a/ipalib/plugins/f_passwd.py b/ipalib/plugins/f_passwd.py
index 7b424a3bc..edc13b633 100644
--- a/ipalib/plugins/f_passwd.py
+++ b/ipalib/plugins/f_passwd.py
@@ -30,14 +30,17 @@ from ipalib import util
class passwd(frontend.Command):
'Edit existing password policy.'
+
takes_args = (
Param('principal',
cli_name='user',
primary_key=True,
default_from=util.get_current_principal,
),
+ Param('password', flags=['password']),
)
- def execute(self, principal, **kw):
+
+ def execute(self, principal, password):
"""
Execute the passwd operation.
@@ -49,8 +52,6 @@ class passwd(frontend.Command):
:param param uid: The login name of the user being updated.
:param kw: Not used.
"""
- ldap = self.api.Backend.ldap
-
if principal.find('@') < 0:
u = principal.split('@')
if len(u) > 2 or len(u) == 0:
@@ -59,16 +60,15 @@ class passwd(frontend.Command):
principal = principal+"@"+self.api.env.realm
else:
principal = principal
+ dn = self.Backend.ldap.find_entry_dn(
+ "krbprincipalname",
+ principal,
+ "posixAccount"
+ )
+ return self.Backend.ldap.modify_password(dn, newpass=password)
- dn = ldap.find_entry_dn("krbprincipalname", principal, "posixAccount")
-
- # FIXME: we need a way to prompt for passwords using getpass
- kw['newpass'] = "password"
-
- return ldap.modify_password(dn, **kw)
-
- def output_for_cli(self, ret):
- if ret:
- print "Password change successful"
+ def output_for_cli(self, textui, result, principal, password):
+ assert password is None
+ textui.print_plain('Changed password for "%s"' % principal)
api.register(passwd)