diff options
| -rw-r--r-- | install/share/default-aci.ldif | 8 | ||||
| -rw-r--r-- | install/updates/20-aci.update | 4 | ||||
| -rw-r--r-- | ipalib/plugins/baseldap.py | 26 | ||||
| -rw-r--r-- | ipalib/plugins/host.py | 33 | ||||
| -rw-r--r-- | ipalib/plugins/service.py | 27 | ||||
| -rw-r--r-- | ipalib/plugins/user.py | 6 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_attr.py | 16 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_group_plugin.py | 4 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_host_plugin.py | 22 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_hostgroup_plugin.py | 2 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_krbtpolicy.py | 2 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_nesting.py | 11 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_netgroup_plugin.py | 6 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_replace.py | 14 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_service_plugin.py | 8 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_user_plugin.py | 30 |
16 files changed, 185 insertions, 34 deletions
diff --git a/install/share/default-aci.ldif b/install/share/default-aci.ldif index 88269d282..586ec61fc 100644 --- a/install/share/default-aci.ldif +++ b/install/share/default-aci.ldif @@ -79,3 +79,11 @@ dn: cn=sudo,$SUFFIX changetype: modify add: aci aci: (targetattr = "*")(version 3.0; acl "No anonymous access to sudo"; deny (read,search,compare) userdn != "ldap:///all";) + +# This is used for the host/service one-time passwordn and keytab indirectors. +# We can do a query on a DN to see if an attribute exists. +dn: cn=accounts,$SUFFIX +changetype: modify +add: aci +aci: (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) + diff --git a/install/updates/20-aci.update b/install/updates/20-aci.update index 42f1e9fe6..41d35da35 100644 --- a/install/updates/20-aci.update +++ b/install/updates/20-aci.update @@ -2,3 +2,7 @@ dn: cn=ng,cn=alt,$SUFFIX add:aci: '(targetfilter = "(objectClass=mepManagedEntry)")(targetattr = "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny (write) userdn = "ldap:///all";)' +# This is used for the host/service one-time passwordn and keytab indirectors. +# We can do a query on a DN to see if an attribute exists. +dn: cn=accounts,$SUFFIX +add:aci: (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 1ff7a2a6d..94f57388d 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -36,6 +36,12 @@ from ipalib.util import json_serialize from ipalib.dn import * global_output_params = ( + Flag('has_keytab', + label=_('Keytab'), + ), + Flag('has_password', + label=_('Password'), + ), Str('member', label=_('Failed members'), ), @@ -319,6 +325,7 @@ class LDAPObject(Object): uuid_attribute = '' attribute_members = {} rdnattr = None + password_attributes = [] # Can bind as this entry (has userPassword or krbPrincipalKey) bindable = False relationships = { @@ -407,6 +414,25 @@ class LDAPObject(Object): ) del entry_attrs[attr] + def get_password_attributes(self, ldap, dn, entry_attrs): + """ + Search on the entry to determine if it has a password or + keytab set. + + A tuple is used to determine which attribute is set + in entry_attrs. The value is set to True/False whether a + given password type is set. + """ + for (pwattr, attr) in self.password_attributes: + search_filter = '(%s=*)' % pwattr + try: + (entries, truncated) = ldap.find_entries( + search_filter, [pwattr], dn, ldap.SCOPE_BASE + ) + entry_attrs[attr] = True + except errors.NotFound: + entry_attrs[attr] = False + def handle_not_found(self, *keys): pkey = '' if self.primary_key: diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 5cd1056ec..6e9efec1a 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -162,9 +162,6 @@ def remove_fwd_ptr(ipaddr, host, domain, recordtype): pass host_output_params = ( - Flag('has_keytab', - label=_('Keytab'), - ), Str('managedby_host', label='Managed by', ), @@ -224,7 +221,7 @@ class host(LDAPObject): default_attributes = [ 'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname', 'nshardwareplatform', 'nsosversion', 'usercertificate', 'memberof', - 'krblastpwdchange', 'managedby', 'memberindirect', 'memberofindirect', + 'managedby', 'memberindirect', 'memberofindirect', ] uuid_attribute = 'ipauniqueid' attribute_members = { @@ -242,6 +239,8 @@ class host(LDAPObject): 'managedby': ('Managed by', 'man_by_', 'not_man_by_'), 'managing': ('Managing', 'man_', 'not_man_'), } + password_attributes = [('userpassword', 'has_password'), + ('krbprincipalkey', 'has_keytab')] label = _('Hosts') label_singular = _('Host') @@ -466,6 +465,11 @@ class host_add(LDAPCreate): if options.get('all', False): entry_attrs['managing'] = self.obj.get_managed_hosts(dn) + self.obj.get_password_attributes(ldap, dn, entry_attrs) + if entry_attrs['has_password']: + # If an OTP is set there is no keytab, at least not one + # fetched anywhere. + entry_attrs['has_keytab'] = False return dn @@ -691,8 +695,13 @@ class host_find(LDAPSearch): def post_callback(self, ldap, entries, truncated, *args, **options): for entry in entries: - entry_attrs = entry[1] + (dn, entry_attrs) = entry set_certificate_attrs(entry_attrs) + self.obj.get_password_attributes(ldap, dn, entry_attrs) + if entry_attrs['has_password']: + # If an OTP is set there is no keytab, at least not one + # fetched anywhere. + entry_attrs['has_keytab'] = False if options.get('all', False): entry_attrs['managing'] = self.obj.get_managed_hosts(entry[0]) @@ -714,11 +723,10 @@ class host_show(LDAPRetrieve): member_attributes = ['managedby'] def post_callback(self, ldap, dn, entry_attrs, *keys, **options): - if 'krblastpwdchange' in entry_attrs: - entry_attrs['has_keytab'] = True - if not options.get('all', False): - del entry_attrs['krblastpwdchange'] - else: + self.obj.get_password_attributes(ldap, dn, entry_attrs) + if entry_attrs['has_password']: + # If an OTP is set there is no keytab, at least not one + # fetched anywhere. entry_attrs['has_keytab'] = False set_certificate_attrs(entry_attrs) @@ -766,7 +774,7 @@ class host_disable(LDAPQuery): dn = self.obj.get_dn(*keys, **options) try: - (dn, entry_attrs) = ldap.get_entry(dn, ['krblastpwdchange', 'usercertificate']) + (dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate']) except errors.NotFound: self.obj.handle_not_found(*keys) @@ -816,7 +824,8 @@ class host_disable(LDAPQuery): ldap.update_entry(dn, {'usercertificate': None}) done_work = True - if 'krblastpwdchange' in entry_attrs: + self.obj.get_password_attributes(ldap, dn, entry_attrs) + if entry_attrs['has_keytab']: ldap.remove_principal_key(dn) done_work = True diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 11970f401..bcaa76afb 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -83,9 +83,6 @@ from ipapython.ipautil import file_exists output_params = ( - Flag('has_keytab', - label=_('Keytab'), - ), Str('managedby_host', label='Managed by', ), @@ -207,7 +204,7 @@ class service(LDAPObject): 'ipaservice', 'pkiuser' ] search_attributes = ['krbprincipalname', 'managedby'] - default_attributes = ['krbprincipalname', 'usercertificate', 'managedby', 'krblastpwdchange'] + default_attributes = ['krbprincipalname', 'usercertificate', 'managedby'] uuid_attribute = 'ipauniqueid' attribute_members = { 'managedby': ['host'], @@ -216,6 +213,7 @@ class service(LDAPObject): relationships = { 'managedby': ('Managed by', 'man_by_', 'not_man_by_'), } + password_attributes = [('krbprincipalkey', 'has_keytab')] label = _('Services') label_singular = _('Service') @@ -379,13 +377,8 @@ class service_find(LDAPSearch): def post_callback(self, ldap, entries, truncated, *args, **options): for entry in entries: - entry_attrs = entry[1] - if 'krblastpwdchange' in entry_attrs: - entry_attrs['has_keytab'] = True - if not options.get('all', False): - del entry_attrs['krblastpwdchange'] - else: - entry_attrs['has_keytab'] = False + (dn, entry_attrs) = entry + self.obj.get_password_attributes(ldap, dn, entry_attrs) set_certificate_attrs(entry_attrs) api.register(service_find) @@ -403,12 +396,7 @@ class service_show(LDAPRetrieve): ) def post_callback(self, ldap, dn, entry_attrs, *keys, **options): - if 'krblastpwdchange' in entry_attrs: - entry_attrs['has_keytab'] = True - if not options.get('all', False): - del entry_attrs['krblastpwdchange'] - else: - entry_attrs['has_keytab'] = False + self.obj.get_password_attributes(ldap, dn, entry_attrs) set_certificate_attrs(entry_attrs) @@ -461,7 +449,7 @@ class service_disable(LDAPQuery): ldap = self.obj.backend dn = self.obj.get_dn(*keys, **options) - (dn, entry_attrs) = ldap.get_entry(dn, ['krblastpwdchange', 'usercertificate']) + (dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate']) # See if we do any work at all here and if not raise an exception done_work = False @@ -493,7 +481,8 @@ class service_disable(LDAPQuery): ldap.update_entry(dn, {'usercertificate': None}) done_work = True - if 'krblastpwdchange' in entry_attrs: + self.obj.get_password_attributes(ldap, dn, entry_attrs) + if entry_attrs['has_keytab']: ldap.remove_principal_key(dn) done_work = True diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 3068c6291..2112c03d0 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -113,6 +113,8 @@ class user(LDAPObject): } rdnattr = 'uid' bindable = True + password_attributes = [('userpassword', 'has_password'), + ('krbprincipalkey', 'has_keytab')] label = _('Users') label_singular = _('User') @@ -407,6 +409,7 @@ class user_add(LDAPCreate): newentry = wait_for_value(ldap, dn, 'objectclass', 'mepOriginEntry') entry_from_entry(entry_attrs, newentry) + self.obj.get_password_attributes(ldap, dn, entry_attrs) return dn api.register(user_add) @@ -443,6 +446,7 @@ class user_mod(LDAPUpdate): def post_callback(self, ldap, dn, entry_attrs, *keys, **options): convert_nsaccountlock(entry_attrs) self.obj._convert_manager(entry_attrs, **options) + self.obj.get_password_attributes(ldap, dn, entry_attrs) return dn api.register(user_mod) @@ -472,6 +476,7 @@ class user_find(LDAPSearch): for entry in entries: (dn, attrs) = entry self.obj._convert_manager(attrs, **options) + self.obj.get_password_attributes(ldap, dn, attrs) convert_nsaccountlock(attrs) msg_summary = ngettext( @@ -488,6 +493,7 @@ class user_show(LDAPRetrieve): def post_callback(self, ldap, dn, entry_attrs, *keys, **options): convert_nsaccountlock(entry_attrs) self.obj._convert_manager(entry_attrs, **options) + self.obj.get_password_attributes(ldap, dn, entry_attrs) return dn api.register(user_show) diff --git a/tests/test_xmlrpc/test_attr.py b/tests/test_xmlrpc/test_attr.py index 3f78a678d..11aaa01e3 100644 --- a/tests/test_xmlrpc/test_attr.py +++ b/tests/test_xmlrpc/test_attr.py @@ -69,6 +69,8 @@ class test_attr(Declarative): dn=lambda x: DN(x) == \ DN(('uid','tuser1'),('cn','users'),('cn','accounts'), api.env.basedn), + has_keytab=False, + has_password=False, ), ), ), @@ -91,6 +93,8 @@ class test_attr(Declarative): mail=[u'test@example.com'], memberof_group=[u'ipausers'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "tuser1"', value=user1, @@ -115,6 +119,8 @@ class test_attr(Declarative): mail=[u'test@example.com', u'test2@example.com'], memberof_group=[u'ipausers'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "tuser1"', value=user1, @@ -140,6 +146,8 @@ class test_attr(Declarative): memberof_group=[u'ipausers'], telephonenumber=[u'410-555-1212', u'301-555-1212'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "tuser1"', value=user1, @@ -165,6 +173,8 @@ class test_attr(Declarative): memberof_group=[u'ipausers'], telephonenumber=[u'301-555-1212'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "tuser1"', value=user1, @@ -190,6 +200,8 @@ class test_attr(Declarative): memberof_group=[u'ipausers'], telephonenumber=[u'301-555-1212', u'202-888-9833', u'703-555-1212'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "tuser1"', value=user1, @@ -233,6 +245,8 @@ class test_attr(Declarative): memberof_group=[u'ipausers'], telephonenumber=[u'301-555-1212', u'202-888-9833', u'703-555-1212'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "tuser1"', value=user1, @@ -258,6 +272,8 @@ class test_attr(Declarative): memberof_group=[u'ipausers'], telephonenumber=[u'301-555-1212', u'202-888-9833', u'703-555-1212'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "tuser1"', value=user1, diff --git a/tests/test_xmlrpc/test_group_plugin.py b/tests/test_xmlrpc/test_group_plugin.py index 096bab2de..6403251e6 100644 --- a/tests/test_xmlrpc/test_group_plugin.py +++ b/tests/test_xmlrpc/test_group_plugin.py @@ -637,6 +637,8 @@ class test_group(Declarative): dn=lambda x: DN(x) == \ DN(('uid',user1),('cn','users'),('cn','accounts'), api.env.basedn), + has_keytab=False, + has_password=False, ), ), ), @@ -753,6 +755,8 @@ class test_group(Declarative): dn=lambda x: DN(x) == \ DN(('uid','tuser1'),('cn','users'),('cn','accounts'), api.env.basedn), + has_keytab=False, + has_password=False, ), ), ), diff --git a/tests/test_xmlrpc/test_host_plugin.py b/tests/test_xmlrpc/test_host_plugin.py index 87eb93768..f7746407b 100644 --- a/tests/test_xmlrpc/test_host_plugin.py +++ b/tests/test_xmlrpc/test_host_plugin.py @@ -109,6 +109,8 @@ class test_host(Declarative): objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[fqdn1], + has_keytab=False, + has_password=False, ), ), ), @@ -140,6 +142,7 @@ class test_host(Declarative): l=[u'Undisclosed location 1'], krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)], has_keytab=False, + has_password=False, managedby_host=[fqdn1], ), ), @@ -168,7 +171,8 @@ class test_host(Declarative): managedby_host=[fqdn1], managing_host=[fqdn1], ipauniqueid=[fuzzy_uuid], - has_keytab=False + has_keytab=False, + has_password=False, ), ), ), @@ -189,6 +193,8 @@ class test_host(Declarative): l=[u'Undisclosed location 1'], krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)], managedby_host=[u'%s' % fqdn1], + has_keytab=False, + has_password=False, ), ], ), @@ -219,6 +225,8 @@ class test_host(Declarative): ipauniqueid=[fuzzy_uuid], managedby_host=[u'%s' % fqdn1], managing_host=[u'%s' % fqdn1], + has_keytab=False, + has_password=False, ), ], ), @@ -265,6 +273,7 @@ class test_host(Declarative): l=[u'Undisclosed location 1'], krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)], has_keytab=False, + has_password=False, managedby_host=[u'%s' % fqdn1], usercertificate=[base64.b64decode(servercert)], valid_not_before=fuzzy_date, @@ -300,6 +309,8 @@ class test_host(Declarative): objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[u'%s' % fqdn3], + has_keytab=False, + has_password=False, ), ), ), @@ -326,6 +337,8 @@ class test_host(Declarative): objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[u'%s' % fqdn4], + has_keytab=False, + has_password=False, ), ), ), @@ -369,6 +382,7 @@ class test_host(Declarative): l=[u'Undisclosed location 2'], krbprincipalname=[u'host/%s@%s' % (fqdn3, api.env.realm)], has_keytab=False, + has_password=False, managedby_host=[u'%s' % fqdn3, u'%s' % fqdn1], ), ), @@ -468,6 +482,8 @@ class test_host(Declarative): objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[u'%s' % fqdn1], + has_keytab=False, + has_password=False, ), ), ), @@ -479,7 +495,7 @@ class test_host(Declarative): value=service1, summary=u'Added service "%s"' % service1, result=dict( - dn=service1dn, + dn=lambda x: DN(x) == service1dn, krbprincipalname=[service1], objectclass=objectclasses.service, managedby_host=[fqdn1], @@ -539,6 +555,8 @@ class test_host(Declarative): objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[u'%s' % fqdn2], + has_keytab=False, + has_password=False, ), ), ), diff --git a/tests/test_xmlrpc/test_hostgroup_plugin.py b/tests/test_xmlrpc/test_hostgroup_plugin.py index 1bfbae43e..e0d115854 100644 --- a/tests/test_xmlrpc/test_hostgroup_plugin.py +++ b/tests/test_xmlrpc/test_hostgroup_plugin.py @@ -121,6 +121,8 @@ class test_hostgroup(Declarative): objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[fqdn1], + has_keytab=False, + has_password=False, ), ), ), diff --git a/tests/test_xmlrpc/test_krbtpolicy.py b/tests/test_xmlrpc/test_krbtpolicy.py index 3db743d51..3ef603b3a 100644 --- a/tests/test_xmlrpc/test_krbtpolicy.py +++ b/tests/test_xmlrpc/test_krbtpolicy.py @@ -116,6 +116,8 @@ class test_krbtpolicy(Declarative): [DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], + has_keytab=False, + has_password=False, dn=lambda x: DN(x) == \ DN(('uid',user1),('cn','users'),('cn','accounts'), api.env.basedn) diff --git a/tests/test_xmlrpc/test_nesting.py b/tests/test_xmlrpc/test_nesting.py index f28d47935..cb2d1d0b2 100644 --- a/tests/test_xmlrpc/test_nesting.py +++ b/tests/test_xmlrpc/test_nesting.py @@ -186,6 +186,8 @@ class test_nesting(Declarative): [DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], + has_keytab=False, + has_password=False, dn=lambda x: DN(x) == \ DN(('uid',user1),('cn','users'),('cn','accounts'), api.env.basedn) @@ -224,6 +226,8 @@ class test_nesting(Declarative): [DN(('cn',user2),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], + has_keytab=False, + has_password=False, dn=lambda x: DN(x) == \ DN(('uid',user2),('cn','users'),('cn','accounts'), api.env.basedn) @@ -262,6 +266,8 @@ class test_nesting(Declarative): [DN(('cn',user3),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], + has_keytab=False, + has_password=False, dn=lambda x: DN(x) == \ DN(('uid',user3),('cn','users'),('cn','accounts'), api.env.basedn) @@ -300,6 +306,8 @@ class test_nesting(Declarative): [DN(('cn',user4),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], + has_keytab=False, + has_password=False, dn=lambda x: DN(x) == \ DN(('uid',user4),('cn','users'),('cn','accounts'), api.env.basedn) @@ -676,6 +684,8 @@ class test_nesting(Declarative): objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[fqdn1], + has_keytab=False, + has_password=False, ), ), ), @@ -801,6 +811,7 @@ class test_nesting(Declarative): l=[u'Undisclosed location 1'], krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)], has_keytab=False, + has_password=False, managedby_host=[fqdn1], memberof_hostgroup = [u'testhostgroup2'], memberofindirect_hostgroup = [u'testhostgroup1'], diff --git a/tests/test_xmlrpc/test_netgroup_plugin.py b/tests/test_xmlrpc/test_netgroup_plugin.py index fc3bb5456..9194b5492 100644 --- a/tests/test_xmlrpc/test_netgroup_plugin.py +++ b/tests/test_xmlrpc/test_netgroup_plugin.py @@ -168,6 +168,8 @@ class test_netgroup(Declarative): objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[host1], + has_keytab=False, + has_password=False, ), ), ), @@ -225,6 +227,8 @@ class test_netgroup(Declarative): [DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], + has_keytab=False, + has_password=False, dn=lambda x: DN(x) == \ DN(('uid',user1),('cn','users'),('cn','accounts'), api.env.basedn), @@ -262,6 +266,8 @@ class test_netgroup(Declarative): [DN(('cn',user2),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], + has_keytab=False, + has_password=False, dn=lambda x: DN(x) == \ DN(('uid',user2),('cn','users'),('cn','accounts'), api.env.basedn), diff --git a/tests/test_xmlrpc/test_replace.py b/tests/test_xmlrpc/test_replace.py index a1fd5d280..f5203607c 100644 --- a/tests/test_xmlrpc/test_replace.py +++ b/tests/test_xmlrpc/test_replace.py @@ -73,6 +73,8 @@ class test_replace(Declarative): [DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], + has_keytab=False, + has_password=False, dn=lambda x: DN(x) == \ DN(('uid','tuser1'),('cn','users'),('cn','accounts'), api.env.basedn), @@ -98,6 +100,8 @@ class test_replace(Declarative): mail=[u'test1@example.com', u'test3@example.com'], memberof_group=[u'ipausers'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "tuser1"', value=user1, @@ -122,6 +126,8 @@ class test_replace(Declarative): mail=[u'test4@example.com'], memberof_group=[u'ipausers'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "tuser1"', value=user1, @@ -146,6 +152,8 @@ class test_replace(Declarative): mail=[u'test6@example.com', u'test7@example.com', u'test5@example.com'], memberof_group=[u'ipausers'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "tuser1"', value=user1, @@ -169,6 +177,8 @@ class test_replace(Declarative): gidnumber=[fuzzy_digits], memberof_group=[u'ipausers'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "tuser1"', value=user1, @@ -193,6 +203,8 @@ class test_replace(Declarative): initials=[u'ABC'], memberof_group=[u'ipausers'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "tuser1"', value=user1, @@ -216,6 +228,8 @@ class test_replace(Declarative): gidnumber=[fuzzy_digits], memberof_group=[u'ipausers'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "tuser1"', value=user1, diff --git a/tests/test_xmlrpc/test_service_plugin.py b/tests/test_xmlrpc/test_service_plugin.py index d424eeedd..d36dac984 100644 --- a/tests/test_xmlrpc/test_service_plugin.py +++ b/tests/test_xmlrpc/test_service_plugin.py @@ -47,7 +47,7 @@ fd.close() badservercert = 'MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXDuqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHYd+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pekiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgUgMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0WyDGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv' -class test_host(Declarative): +class test_service(Declarative): cleanup_commands = [ ('host_del', [fqdn1], {}), @@ -99,6 +99,8 @@ class test_host(Declarative): objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[u'%s' % fqdn1], + has_keytab=False, + has_password=False, ), ), ), @@ -125,6 +127,8 @@ class test_host(Declarative): objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[u'%s' % fqdn2], + has_keytab=False, + has_password=False, ), ), ), @@ -151,6 +155,8 @@ class test_host(Declarative): objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[u'%s' % fqdn3.lower()], + has_keytab=False, + has_password=False, ), ), ), diff --git a/tests/test_xmlrpc/test_user_plugin.py b/tests/test_xmlrpc/test_user_plugin.py index 12aec153c..9392742e9 100644 --- a/tests/test_xmlrpc/test_user_plugin.py +++ b/tests/test_xmlrpc/test_user_plugin.py @@ -104,6 +104,8 @@ class test_user(Declarative): [DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], + has_keytab=False, + has_password=False, dn=lambda x: DN(x) == \ DN(('uid','tuser1'),('cn','users'),('cn','accounts'), api.env.basedn), @@ -140,6 +142,8 @@ class test_user(Declarative): gidnumber=[fuzzy_digits], memberof_group=[u'ipausers'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), value=user1, summary=None, @@ -178,6 +182,8 @@ class test_user(Declarative): [DN(('cn','global_policy'),('cn',api.env.realm), ('cn','kerberos'),api.env.basedn)], 'nsaccountlock': False, + 'has_keytab': False, + 'has_password': False, 'displayname': [u'Test User1'], 'cn': [u'Test User1'], 'initials': [u'TU'], @@ -206,6 +212,8 @@ class test_user(Declarative): sn=[u'User1'], uid=[user1], nsaccountlock=False, + has_keytab=False, + has_password=False, uidnumber=[fuzzy_digits], gidnumber=[fuzzy_digits], ), @@ -233,6 +241,8 @@ class test_user(Declarative): sn=[u'Administrator'], uid=[u'admin'], nsaccountlock=False, + has_keytab=True, + has_password=True, uidnumber=[fuzzy_digits], gidnumber=[fuzzy_digits], ), @@ -246,6 +256,8 @@ class test_user(Declarative): sn=[u'User1'], uid=[user1], nsaccountlock=False, + has_keytab=False, + has_password=False, uidnumber=[fuzzy_digits], gidnumber=[fuzzy_digits], ), @@ -273,6 +285,8 @@ class test_user(Declarative): sn=[u'Administrator'], uid=[u'admin'], nsaccountlock=False, + has_keytab=True, + has_password=True, uidnumber=[fuzzy_digits], gidnumber=[fuzzy_digits], ), @@ -326,6 +340,8 @@ class test_user(Declarative): gidnumber=[fuzzy_digits], memberof_group=[u'ipausers'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "tuser1"', value=user1, @@ -359,6 +375,8 @@ class test_user(Declarative): gidnumber=[fuzzy_digits], memberof_group=[u'ipausers'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=None, value=user1, @@ -381,6 +399,8 @@ class test_user(Declarative): gidnumber=[fuzzy_digits], memberof_group=[u'ipausers'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "%s"' % user1, value=user1, @@ -409,6 +429,8 @@ class test_user(Declarative): gidnumber=[fuzzy_digits], memberof_group=[u'ipausers'], nsaccountlock=False, + has_keytab=False, + has_password=False, ), summary=u'Modified user "%s"' % renameduser1, value=renameduser1, @@ -475,6 +497,8 @@ class test_user(Declarative): [DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], + has_keytab=False, + has_password=False, dn=lambda x: DN(x) == \ DN(('uid','tuser1'),('cn','users'),('cn','accounts'), api.env.basedn), @@ -513,6 +537,8 @@ class test_user(Declarative): [DN(('cn',user2),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], + has_keytab=False, + has_password=False, dn=lambda x: DN(x) == \ DN(('uid','tuser2'),('cn','users'),('cn','accounts'), api.env.basedn), @@ -542,6 +568,8 @@ class test_user(Declarative): gidnumber=[fuzzy_digits], memberof_group=[u'ipausers'], nsaccountlock=False, + has_keytab=False, + has_password=False, manager=[user1], ), summary=u'Modified user "%s"' % user2, @@ -655,6 +683,8 @@ class test_user(Declarative): [DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], + has_keytab=False, + has_password=False, dn=lambda x: DN(x) == \ DN(('uid','tuser1'),('cn','users'),('cn','accounts'), api.env.basedn), |