diff options
Diffstat (limited to 'ipa-admintools')
| -rw-r--r-- | ipa-admintools/ipa-adduser | 55 | ||||
| -rw-r--r-- | ipa-admintools/ipa-passwd | 36 |
2 files changed, 47 insertions, 44 deletions
diff --git a/ipa-admintools/ipa-adduser b/ipa-admintools/ipa-adduser index cefb2383..8bca98d7 100644 --- a/ipa-admintools/ipa-adduser +++ b/ipa-admintools/ipa-adduser @@ -28,6 +28,7 @@ import ipa.config import xmlrpclib import kerberos +import krbV import ldap import getpass @@ -51,8 +52,10 @@ def parse_options(): help="Set user's login shell to shell") parser.add_option("-G", "--groups", dest="groups", help="Add account to one or more groups (comma-separated)") + parser.add_option("-k", "--krb-principal", dest="principal", + help="Set user's Kerberos Principal Name") parser.add_option("-M", "--mailAddress", dest="mail", - help="Set uesr's e-mail address") + help="Set user's e-mail address") parser.add_option("--usage", action="store_true", help="Program usage") @@ -66,8 +69,9 @@ def main(): givenname = "" lastname = "" username = "" + principal = "" password = "" - mail = "" + mail = "" gecos = "" directory = "" shell = "" @@ -100,7 +104,7 @@ def main(): cont = False if not options.sn: while (cont != True): - lastname = raw_input(" Last name: ") + lastname = raw_input("Last name: ") if (ipavalidate.plain(lastname, notEmpty=True)): print "Field is required and must be letters or '" else: @@ -140,18 +144,10 @@ def main(): else: password = options.sn - cont = False - if not options.mail: - while (cont != True): - mail = raw_input("E-mail addr: ") - if (ipavalidate.email(mail)): - print "Field is required and must include a user and domain name" - else: - cont = True - else: + if options.mail: mail = options.mail if (ipavalidate.email(mail)): - print "E-mail is required and must include a user and domain name" + print "The email provided seem not a valid email." return 1 # Ask the questions we don't normally force. We don't require answers @@ -168,8 +164,10 @@ def main(): cont = False if not options.directory: while (cont != True): - directory = raw_input("home directory []: ") - if (ipavalidate.path(gecos, notEmpty=False)): + directory = raw_input("home directory [/home/"+username+"]: ") + if directory == "": + directory = "/home/"+username + if (ipavalidate.path(directory, notEmpty=False)): print "Must be letters, numbers, spaces or '" else: cont = True @@ -180,29 +178,26 @@ def main(): if len(shell) < 1: shell = None - cont = True - cont = False - if not options.groups: - while (cont != True): - g = raw_input("Add to group [blank to exit]: ") - - if len(g) < 1: - cont = True - else: - if (ipavalidate.path(g, notEmpty=False)): - print "Must be letters, numbers, spaces or '" - else: - groups = groups + "," + g + cont = True + else: gecos = options.gecos directory = options.directory shell = options.shell groups = options.groups + if options.principal: + principal = options.principal + else: + ctx = krbV.default_context() + principal = username + "@" + ctx.default_realm + user.setValue('givenname', givenname) user.setValue('sn', lastname) user.setValue('uid', username) - user.setValue('mail', mail) + user.setValue('krbprincipalname', principal) + if mail: + user.setValue('mail', mail) if gecos: user.setValue('gecos', gecos) if directory: @@ -231,7 +226,7 @@ def main(): # Set the User's password if password is not None: try: - client.modifyPassword(username, None, password) + client.modifyPassword(principal, None, password) except ipa.ipaerror.IPAError, e: print "User added but setting the password failed." print "%s" % (e.message) diff --git a/ipa-admintools/ipa-passwd b/ipa-admintools/ipa-passwd index 20dea562..4db0838f 100644 --- a/ipa-admintools/ipa-passwd +++ b/ipa-admintools/ipa-passwd @@ -44,12 +44,12 @@ def parse_options(): return options, args -def get_principal(): +def get_principal(krbctx): try: - ctx = krbV.default_context() - ccache = ctx.default_ccache() + ccache = krbctx.default_ccache() cprinc = ccache.principal() except krbV.Krb5Error, e: + #TODO: do a kinit print "Unable to get kerberos principal: %s" % e[1] return None @@ -57,39 +57,47 @@ def get_principal(): def main(): match = False + username = None + principal = None + krbctx = krbV.default_context() options, args = parse_options() if len(args) == 2: username = args[1] else: - username = get_principal() - if username is None: + principal = get_principal(krbctx) + if principal is None: return 1 - u = username.split('@') - if len(u) > 1: - username = u[0] + if not principal: + u = username.split('@') + if len(u) > 2 or len(u) == 0: + print "Invalid user name (%s)" % username + if len(u) == 1: + principal = username+"@"+krbctx.default_realm + else: + principal = username - print "Changing password for %s" % username + print "Changing password for %s" % principal while (match != True): # No syntax checking of the password is required because that is done # on the server side password = getpass.getpass(" New Password: ") - confirm = getpass.getpass(" New Password (again): ") + confirm = getpass.getpass(" Confirm Password: ") if (password != confirm): print "Passwords do not match" match = False + elif (len(password) < 1): + print "Password cannot be empty" + match = False else: match = True - if (len(password) < 1): - print "Password cannot be empty" - match = False try: client = ipaclient.IPAClient() - client.modifyPassword(username, None, password) + client.modifyPassword(principal, None, password) except ipa.ipaerror.IPAError, e: print "%s" % (e.message) return 1 |