From ed6ab17c9c703edb43c92a3205c5536771ce4d4f Mon Sep 17 00:00:00 2001
From: "rcritten@redhat.com" <rcritten@redhat.com>
Date: Tue, 11 Sep 2007 02:48:53 -0400
Subject: Add function to allow user's to set/reset their kerberos password
 Remove some unused calls to retrieve the current realm

---
 ipa-server/ipaserver/ipaldap.py       | 18 ++++++++++++++++++
 ipa-server/xmlrpc-server/funcs.py     | 18 ++++++++++++++++++
 ipa-server/xmlrpc-server/ipaxmlrpc.py |  1 +
 3 files changed, 37 insertions(+)

(limited to 'ipa-server')

diff --git a/ipa-server/ipaserver/ipaldap.py b/ipa-server/ipaserver/ipaldap.py
index c0452b05..27a8903d 100644
--- a/ipa-server/ipaserver/ipaldap.py
+++ b/ipa-server/ipaserver/ipaldap.py
@@ -469,6 +469,24 @@ class IPAdmin(SimpleLDAPObject):
             raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
         return "Success"
 
+    def modifyPassword(self,dn,oldpass,newpass):
+        """Set the user password using RFC 3062, LDAP Password Modify Extended
+           Operation. This ends up calling the IPA password slapi plugin 
+           handler so the Kerberos password gets set properly.
+
+           oldpass is not mandatory
+        """
+
+        sctrl = self.__get_server_controls__()
+
+        try:
+            if sctrl is not None:
+                self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
+            self.passwd_s(dn, oldpass, newpass)
+        except ldap.LDAPError, e:
+            raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
+        return "Success"
+
     def __wrapmethods(self):
         """This wraps all methods of SimpleLDAPObject, so that we can intercept
         the methods that deal with entries.  Instead of using a raw list of tuples
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index 66fabf4b..79dd04d6 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -524,6 +524,24 @@ class IPAServer:
             self.releaseConnection(conn)
         return res
 
+    def modifyPassword (self, uid, oldpass, newpass, opts=None):
+        """Set/Reset a user's password
+
+           uid tells us who's password to change
+           oldpass is the old password (if available)
+           newpass is the new password
+        """
+        user_dn = self.get_user_by_uid(uid, ['dn', 'uid', 'objectclass'], opts)
+        if user_dn is None:
+            raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
+
+        conn = self.getConnection(opts)
+        try:
+            res = conn.modifyPassword(user_dn['dn'], oldpass, newpass)
+        finally:
+            self.releaseConnection(conn)
+        return res
+
 # Group support
 
     def __is_group_unique(self, cn, opts):
diff --git a/ipa-server/xmlrpc-server/ipaxmlrpc.py b/ipa-server/xmlrpc-server/ipaxmlrpc.py
index f2ddd35e..a4ae4e7c 100644
--- a/ipa-server/xmlrpc-server/ipaxmlrpc.py
+++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py
@@ -308,6 +308,7 @@ def handler(req, profiling=False):
             h.register_function(f.update_user)
             h.register_function(f.delete_user)
             h.register_function(f.mark_user_deleted)
+            h.register_function(f.modifyPassword)
             h.register_function(f.get_group_by_cn)
             h.register_function(f.get_group_by_dn)
             h.register_function(f.add_group)
-- 
cgit