From 8c54f730c0a156543f23ca90b6220ddd89d76dcc Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 20 Oct 2008 22:41:53 -0400 Subject: Framework for doing password changes Need mechanism to prompt for new password twice and verify they are the same --- ipalib/plugins/f_passwd.py | 82 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 ipalib/plugins/f_passwd.py (limited to 'ipalib/plugins/f_passwd.py') diff --git a/ipalib/plugins/f_passwd.py b/ipalib/plugins/f_passwd.py new file mode 100644 index 00000000..b1f90732 --- /dev/null +++ b/ipalib/plugins/f_passwd.py @@ -0,0 +1,82 @@ +# Authors: +# Rob Crittenden +# +# Copyright (C) 2008 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +""" +Frontend plugins for password changes. +""" + +from ipalib import frontend +from ipalib.frontend import Param +from ipalib import api +from ipalib import errors +from ipalib import ipa_types +import krbV + +def get_current_principal(): + try: + return krbV.default_context().default_ccache().principal().name + except krbV.Krb5Error: + #TODO: do a kinit + print "Unable to get kerberos principal" + return None + +class passwd(frontend.Command): + 'Edit existing password policy.' + takes_args = ( + Param('principal', + cli_name='user', + primary_key=True, + default_from=get_current_principal, + ), + ) + def execute(self, principal, **kw): + """ + Execute the passwd operation. + + The dn should not be passed as a keyword argument as it is constructed + by this method. + + Returns the entry + + :param param uid: The login name of the user being updated. + :param kw: Not used. + """ + ldap = self.api.Backend.ldap + + if principal.find('@') < 0: + u = principal.split('@') + if len(u) > 2 or len(u) == 0: + print "Invalid user name (%s)" % principal + if len(u) == 1: + principal = principal+"@"+self.api.env.realm + else: + principal = principal + + dn = ldap.find_entry_dn("krbprincipalname", principal, "person") + + # FIXME: we need a way to prompt for passwords using getpass + kw['newpass'] = "password" + + return ldap.modify_password(dn, **kw) + + def output_for_cli(self, ret): + if ret: + print "Password change successful" + +api.register(passwd) -- cgit From 1daf319a19f902d7c7bef37af065cac81be9189e Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 22 Oct 2008 17:54:04 -0400 Subject: Implement the host commands In order for this to work against a v1 database the update host.update needs to be applied --- ipalib/plugins/f_passwd.py | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'ipalib/plugins/f_passwd.py') diff --git a/ipalib/plugins/f_passwd.py b/ipalib/plugins/f_passwd.py index b1f90732..f70eacac 100644 --- a/ipalib/plugins/f_passwd.py +++ b/ipalib/plugins/f_passwd.py @@ -26,15 +26,7 @@ from ipalib.frontend import Param from ipalib import api from ipalib import errors from ipalib import ipa_types -import krbV - -def get_current_principal(): - try: - return krbV.default_context().default_ccache().principal().name - except krbV.Krb5Error: - #TODO: do a kinit - print "Unable to get kerberos principal" - return None +from ipalib import util class passwd(frontend.Command): 'Edit existing password policy.' @@ -42,7 +34,7 @@ class passwd(frontend.Command): Param('principal', cli_name='user', primary_key=True, - default_from=get_current_principal, + default_from=util.get_current_principal, ), ) def execute(self, principal, **kw): -- cgit From 8788afe18403e7585e4fc2b6a52a352a035fee0b Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 24 Oct 2008 11:40:47 -0400 Subject: Use posixAccount instead of person to identify users Add output_for_cli to service-find --- ipalib/plugins/f_passwd.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ipalib/plugins/f_passwd.py') diff --git a/ipalib/plugins/f_passwd.py b/ipalib/plugins/f_passwd.py index f70eacac..7b424a3b 100644 --- a/ipalib/plugins/f_passwd.py +++ b/ipalib/plugins/f_passwd.py @@ -60,7 +60,7 @@ class passwd(frontend.Command): else: principal = principal - dn = ldap.find_entry_dn("krbprincipalname", principal, "person") + dn = ldap.find_entry_dn("krbprincipalname", principal, "posixAccount") # FIXME: we need a way to prompt for passwords using getpass kw['newpass'] = "password" -- cgit From 4afee15d4b523a641552bee9993882bb1ae6e2cc Mon Sep 17 00:00:00 2001 From: Jason Gerard DeRose Date: Tue, 18 Nov 2008 13:43:43 -0700 Subject: Calling 'passwd' command now prompts for password using textui.prompt_password() --- ipalib/plugins/f_passwd.py | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'ipalib/plugins/f_passwd.py') diff --git a/ipalib/plugins/f_passwd.py b/ipalib/plugins/f_passwd.py index 7b424a3b..edc13b63 100644 --- a/ipalib/plugins/f_passwd.py +++ b/ipalib/plugins/f_passwd.py @@ -30,14 +30,17 @@ from ipalib import util class passwd(frontend.Command): 'Edit existing password policy.' + takes_args = ( Param('principal', cli_name='user', primary_key=True, default_from=util.get_current_principal, ), + Param('password', flags=['password']), ) - def execute(self, principal, **kw): + + def execute(self, principal, password): """ Execute the passwd operation. @@ -49,8 +52,6 @@ class passwd(frontend.Command): :param param uid: The login name of the user being updated. :param kw: Not used. """ - ldap = self.api.Backend.ldap - if principal.find('@') < 0: u = principal.split('@') if len(u) > 2 or len(u) == 0: @@ -59,16 +60,15 @@ class passwd(frontend.Command): principal = principal+"@"+self.api.env.realm else: principal = principal + dn = self.Backend.ldap.find_entry_dn( + "krbprincipalname", + principal, + "posixAccount" + ) + return self.Backend.ldap.modify_password(dn, newpass=password) - dn = ldap.find_entry_dn("krbprincipalname", principal, "posixAccount") - - # FIXME: we need a way to prompt for passwords using getpass - kw['newpass'] = "password" - - return ldap.modify_password(dn, **kw) - - def output_for_cli(self, ret): - if ret: - print "Password change successful" + def output_for_cli(self, textui, result, principal, password): + assert password is None + textui.print_plain('Changed password for "%s"' % principal) api.register(passwd) -- cgit From e41fcf19fe82c41fe024b261d94814e092e6abaf Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 11 Dec 2008 10:31:27 -0500 Subject: Raise an error on bad principals instead of printing one when changing passwords Fix logic in determining what to do with an incoming principal --- ipalib/plugins/f_passwd.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'ipalib/plugins/f_passwd.py') diff --git a/ipalib/plugins/f_passwd.py b/ipalib/plugins/f_passwd.py index edc13b63..c82cd455 100644 --- a/ipalib/plugins/f_passwd.py +++ b/ipalib/plugins/f_passwd.py @@ -52,14 +52,14 @@ class passwd(frontend.Command): :param param uid: The login name of the user being updated. :param kw: Not used. """ - if principal.find('@') < 0: + import pdb + pdb.set_trace() + if principal.find('@') > 0: u = principal.split('@') - if len(u) > 2 or len(u) == 0: - print "Invalid user name (%s)" % principal - if len(u) == 1: - principal = principal+"@"+self.api.env.realm - else: - principal = principal + if len(u) > 2: + raise errors.InvalidUserPrincipal, principal + else: + principal = principal+"@"+self.api.env.realm dn = self.Backend.ldap.find_entry_dn( "krbprincipalname", principal, -- cgit From c025ed6404e147f19b71b398e920fd1b3a05452a Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 11 Dec 2008 16:06:26 -0500 Subject: Remove some debugging statements --- ipalib/plugins/f_passwd.py | 2 -- 1 file changed, 2 deletions(-) (limited to 'ipalib/plugins/f_passwd.py') diff --git a/ipalib/plugins/f_passwd.py b/ipalib/plugins/f_passwd.py index c82cd455..1e0dfc1c 100644 --- a/ipalib/plugins/f_passwd.py +++ b/ipalib/plugins/f_passwd.py @@ -52,8 +52,6 @@ class passwd(frontend.Command): :param param uid: The login name of the user being updated. :param kw: Not used. """ - import pdb - pdb.set_trace() if principal.find('@') > 0: u = principal.split('@') if len(u) > 2: -- cgit From ec86208a9007ec9febca620c777b80b20e9c360d Mon Sep 17 00:00:00 2001 From: Jason Gerard DeRose Date: Wed, 14 Jan 2009 22:19:31 -0700 Subject: Updated passwd plugins module to where it can at least be imported --- ipalib/plugins/f_passwd.py | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'ipalib/plugins/f_passwd.py') diff --git a/ipalib/plugins/f_passwd.py b/ipalib/plugins/f_passwd.py index 1e0dfc1c..ea78c4c1 100644 --- a/ipalib/plugins/f_passwd.py +++ b/ipalib/plugins/f_passwd.py @@ -21,23 +21,21 @@ Frontend plugins for password changes. """ -from ipalib import frontend -from ipalib.frontend import Param -from ipalib import api -from ipalib import errors -from ipalib import ipa_types -from ipalib import util +from ipalib import api, errors, util +from ipalib import Command # Plugin base classes +from ipalib import Str, Password # Parameter types -class passwd(frontend.Command): + +class passwd(Command): 'Edit existing password policy.' takes_args = ( - Param('principal', + Str('principal', cli_name='user', primary_key=True, default_from=util.get_current_principal, ), - Param('password', flags=['password']), + Password('password'), ) def execute(self, principal, password): -- cgit