diff options
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/cli.py | 6 | ||||
| -rw-r--r-- | ipalib/frontend.py | 2 | ||||
| -rw-r--r-- | ipalib/parameters.py | 1 | ||||
| -rw-r--r-- | ipalib/plugins/passwd.py | 40 |
4 files changed, 44 insertions, 5 deletions
diff --git a/ipalib/cli.py b/ipalib/cli.py index 0a7d1a4cf..86365e7ca 100644 --- a/ipalib/cli.py +++ b/ipalib/cli.py @@ -1048,12 +1048,14 @@ class cli(backend.Executioner): for param in cmd.params(): if (param.required and param.name not in kw) or \ (param.alwaysask and honor_alwaysask) or self.env.prompt_all: + if param.autofill: + kw[param.name] = param.get_default(**kw) + if param.name in kw and kw[param.name] is not None: + continue if param.password: kw[param.name] = self.Backend.textui.prompt_password( param.label, param.confirm ) - elif param.autofill: - kw[param.name] = param.get_default(**kw) else: default = param.get_default(**kw) error = None diff --git a/ipalib/frontend.py b/ipalib/frontend.py index c2ae4e744..61e7f493f 100644 --- a/ipalib/frontend.py +++ b/ipalib/frontend.py @@ -777,6 +777,8 @@ class Command(HasParam): self._create_param_namespace('options') def get_key(p): if p.required: + if p.sortorder < 0: + return p.sortorder if p.default_from is None: return 0 return 1 diff --git a/ipalib/parameters.py b/ipalib/parameters.py index e7e75782a..f9e171b0e 100644 --- a/ipalib/parameters.py +++ b/ipalib/parameters.py @@ -317,6 +317,7 @@ class Param(ReadOnly): ('flags', frozenset, frozenset()), ('hint', (str, Gettext), None), ('alwaysask', bool, False), + ('sortorder', int, 2), # see finalize() # The 'default' kwarg gets appended in Param.__init__(): # ('default', self.type, None), diff --git a/ipalib/plugins/passwd.py b/ipalib/plugins/passwd.py index b7d82f355..b26f7e9fd 100644 --- a/ipalib/plugins/passwd.py +++ b/ipalib/plugins/passwd.py @@ -23,6 +23,7 @@ from ipalib import Str, Password from ipalib import _ from ipalib import output from ipalib.plugins.user import split_principal, validate_principal, normalize_principal +from ipalib.request import context __doc__ = _(""" Set a user's password @@ -43,6 +44,22 @@ EXAMPLES: ipa passwd tuser1 """) +# We only need to prompt for the current password when changing a password +# for yourself, but the parameter is still required +MAGIC_VALUE = u'CHANGING_PASSWORD_FOR_ANOTHER_USER' + +def get_current_password(principal): + """ + If the user is changing their own password then return None so the + current password is prompted for, otherwise return a fixed value to + be ignored later. + """ + current_principal = util.get_current_principal() + if current_principal == normalize_principal(principal): + return None + else: + return MAGIC_VALUE + class passwd(Command): __doc__ = _("Set a user's password.") @@ -56,14 +73,21 @@ class passwd(Command): normalizer=lambda value: normalize_principal(value), ), Password('password', - label=_('Password'), + label=_('New Password'), + ), + Password('current_password', + label=_('Current Password'), + confirm=False, + default_from=lambda principal: get_current_password(principal), + autofill=True, + sortorder=-1, ), ) has_output = output.standard_value msg_summary = _('Changed password for "%(value)s"') - def execute(self, principal, password): + def execute(self, principal, password, current_password): """ Execute the passwd operation. @@ -74,6 +98,7 @@ class passwd(Command): :param principal: The login name or principal of the user :param password: the new password + :param current_password: the existing password, if applicable """ ldap = self.api.Backend.ldap2 @@ -82,7 +107,16 @@ class passwd(Command): ",".join([api.env.container_user, api.env.basedn]) ) - ldap.modify_password(dn, password) + if principal == getattr(context, 'principal') and \ + current_password == MAGIC_VALUE: + # No cheating + self.log.warn('User attempted to change password using magic value') + raise errors.ACIError(info='Invalid credentials') + + if current_password == MAGIC_VALUE: + ldap.modify_password(dn, password) + else: + ldap.modify_password(dn, password, current_password) return dict( result=True, |