diff options
Diffstat (limited to 'ipalib/plugins/host.py')
-rw-r--r-- | ipalib/plugins/host.py | 33 |
1 files changed, 21 insertions, 12 deletions
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 5cd1056ec..6e9efec1a 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -162,9 +162,6 @@ def remove_fwd_ptr(ipaddr, host, domain, recordtype): pass host_output_params = ( - Flag('has_keytab', - label=_('Keytab'), - ), Str('managedby_host', label='Managed by', ), @@ -224,7 +221,7 @@ class host(LDAPObject): default_attributes = [ 'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname', 'nshardwareplatform', 'nsosversion', 'usercertificate', 'memberof', - 'krblastpwdchange', 'managedby', 'memberindirect', 'memberofindirect', + 'managedby', 'memberindirect', 'memberofindirect', ] uuid_attribute = 'ipauniqueid' attribute_members = { @@ -242,6 +239,8 @@ class host(LDAPObject): 'managedby': ('Managed by', 'man_by_', 'not_man_by_'), 'managing': ('Managing', 'man_', 'not_man_'), } + password_attributes = [('userpassword', 'has_password'), + ('krbprincipalkey', 'has_keytab')] label = _('Hosts') label_singular = _('Host') @@ -466,6 +465,11 @@ class host_add(LDAPCreate): if options.get('all', False): entry_attrs['managing'] = self.obj.get_managed_hosts(dn) + self.obj.get_password_attributes(ldap, dn, entry_attrs) + if entry_attrs['has_password']: + # If an OTP is set there is no keytab, at least not one + # fetched anywhere. + entry_attrs['has_keytab'] = False return dn @@ -691,8 +695,13 @@ class host_find(LDAPSearch): def post_callback(self, ldap, entries, truncated, *args, **options): for entry in entries: - entry_attrs = entry[1] + (dn, entry_attrs) = entry set_certificate_attrs(entry_attrs) + self.obj.get_password_attributes(ldap, dn, entry_attrs) + if entry_attrs['has_password']: + # If an OTP is set there is no keytab, at least not one + # fetched anywhere. + entry_attrs['has_keytab'] = False if options.get('all', False): entry_attrs['managing'] = self.obj.get_managed_hosts(entry[0]) @@ -714,11 +723,10 @@ class host_show(LDAPRetrieve): member_attributes = ['managedby'] def post_callback(self, ldap, dn, entry_attrs, *keys, **options): - if 'krblastpwdchange' in entry_attrs: - entry_attrs['has_keytab'] = True - if not options.get('all', False): - del entry_attrs['krblastpwdchange'] - else: + self.obj.get_password_attributes(ldap, dn, entry_attrs) + if entry_attrs['has_password']: + # If an OTP is set there is no keytab, at least not one + # fetched anywhere. entry_attrs['has_keytab'] = False set_certificate_attrs(entry_attrs) @@ -766,7 +774,7 @@ class host_disable(LDAPQuery): dn = self.obj.get_dn(*keys, **options) try: - (dn, entry_attrs) = ldap.get_entry(dn, ['krblastpwdchange', 'usercertificate']) + (dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate']) except errors.NotFound: self.obj.handle_not_found(*keys) @@ -816,7 +824,8 @@ class host_disable(LDAPQuery): ldap.update_entry(dn, {'usercertificate': None}) done_work = True - if 'krblastpwdchange' in entry_attrs: + self.obj.get_password_attributes(ldap, dn, entry_attrs) + if entry_attrs['has_keytab']: ldap.remove_principal_key(dn) done_work = True |