From fc9f057792cf91a2a2536719ac7f1eb836b1c4a1 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 13 Oct 2008 15:01:08 -0400 Subject: Initial implementation of password policy --- ipalib/plugins/f_pwpolicy.py | 100 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 ipalib/plugins/f_pwpolicy.py (limited to 'ipalib/plugins/f_pwpolicy.py') diff --git a/ipalib/plugins/f_pwpolicy.py b/ipalib/plugins/f_pwpolicy.py new file mode 100644 index 00000000..9e5aa3d0 --- /dev/null +++ b/ipalib/plugins/f_pwpolicy.py @@ -0,0 +1,100 @@ +# Authors: +# Rob Crittenden +# +# Copyright (C) 2008 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +""" +Frontend plugins for password policy. +""" + +from ipalib import frontend +from ipalib import crud +from ipalib.frontend import Param +from ipalib import api +from ipalib import errors +from ipalib import ipa_types +from ipa_server import servercore +from ipa_server import ipaldap +import ldap + + +class pwpolicy_mod(frontend.Command): + 'Edit an existing user.' + # FIXME, switch to more human-readable names at some point + takes_options = ( + Param('krbmaxpwdlife?', type=ipa_types.Int(), doc='Max. Password Lifetime (days)'), + Param('krbminpwdlife?', type=ipa_types.Int(), doc='Min. Password Lifetime (hours)'), + Param('krbpwdhistorylength?', type=ipa_types.Int(), doc='Password History Size'), + Param('krbpwdmindiffchars?', type=ipa_types.Int(), doc='Min. Number of Character Classes'), + Param('krbpwdminlength?', type=ipa_types.Int(), doc='Min. Length of Password'), + ) + def execute(self, *args, **kw): + # Get the existing policy entry + oldpolicy = servercore.get_entry_by_cn("accounts", None) + + # Convert the existing policy into an entry object + dn = oldpolicy.get('dn') + del oldpolicy['dn'] + entry = ipaldap.Entry((dn, servercore.convert_scalar_values(oldpolicy))) + + # FIXME: if the user passed no options should we return something + # more than No modifications to be performed? + + policy = kw + + # The LDAP routines want strings, not ints, so convert a few + # things. Otherwise it sees a string -> int conversion as a change. + for k in policy.iterkeys(): + if k.startswith("krb", 0, 3): + policy[k] = str(policy[k]) + + # Convert hours and days to seconds + if policy.get('krbmaxpwdlife'): + policy['krbmaxpwdlife'] = str(int(policy.get('krbmaxpwdlife')) * 86400) + if policy.get('krbminpwdlife'): + policy['krbminpwdlife'] = str(int(policy.get('krbminpwdlife')) * 3600) + # Update the values passed-in + for p in policy: + # Values need to be strings, not integers + entry.setValues(p, str(policy[p])) + + result = servercore.update_entry(entry.toDict()) + + return result + def forward(self, *args, **kw): + result = super(pwpolicy_mod, self).forward(*args, **kw) + if result: + print "Policy modified" +api.register(pwpolicy_mod) + + +class pwpolicy_show(frontend.Command): + 'Retrieve current password policy' + def execute(self, *args, **kw): + policy = servercore.get_entry_by_cn("accounts", None) + + # convert some values for display purposes + policy['krbmaxpwdlife'] = str(int(policy.get('krbmaxpwdlife')) / 86400) + policy['krbminpwdlife'] = str(int(policy.get('krbminpwdlife')) / 3600) + + return policy + + def forward(self, *args, **kw): + result = super(pwpolicy_show, self).forward(*args, **kw) + if not result: return + print result +api.register(pwpolicy_show) -- cgit From 19465318cebed2a2ae844d33e69728c1eb9fd7d6 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 13 Oct 2008 15:17:31 -0400 Subject: Fix up a comment --- ipalib/plugins/f_pwpolicy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ipalib/plugins/f_pwpolicy.py') diff --git a/ipalib/plugins/f_pwpolicy.py b/ipalib/plugins/f_pwpolicy.py index 9e5aa3d0..36e232dc 100644 --- a/ipalib/plugins/f_pwpolicy.py +++ b/ipalib/plugins/f_pwpolicy.py @@ -33,7 +33,7 @@ import ldap class pwpolicy_mod(frontend.Command): - 'Edit an existing user.' + 'Edit existing password policy.' # FIXME, switch to more human-readable names at some point takes_options = ( Param('krbmaxpwdlife?', type=ipa_types.Int(), doc='Max. Password Lifetime (days)'), -- cgit From d615e4dafb9c4f3d737143f826ed20be918317fe Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 20 Oct 2008 16:12:19 -0400 Subject: Port pwpolicy plugin to use b_ldap Add basic output_for_cli() function to user-show --- ipalib/plugins/f_pwpolicy.py | 117 +++++++++++++++++++++++++++---------------- 1 file changed, 75 insertions(+), 42 deletions(-) (limited to 'ipalib/plugins/f_pwpolicy.py') diff --git a/ipalib/plugins/f_pwpolicy.py b/ipalib/plugins/f_pwpolicy.py index 36e232dc..ce52e467 100644 --- a/ipalib/plugins/f_pwpolicy.py +++ b/ipalib/plugins/f_pwpolicy.py @@ -27,65 +27,92 @@ from ipalib.frontend import Param from ipalib import api from ipalib import errors from ipalib import ipa_types -from ipa_server import servercore -from ipa_server import ipaldap -import ldap class pwpolicy_mod(frontend.Command): 'Edit existing password policy.' - # FIXME, switch to more human-readable names at some point takes_options = ( - Param('krbmaxpwdlife?', type=ipa_types.Int(), doc='Max. Password Lifetime (days)'), - Param('krbminpwdlife?', type=ipa_types.Int(), doc='Min. Password Lifetime (hours)'), - Param('krbpwdhistorylength?', type=ipa_types.Int(), doc='Password History Size'), - Param('krbpwdmindiffchars?', type=ipa_types.Int(), doc='Min. Number of Character Classes'), - Param('krbpwdminlength?', type=ipa_types.Int(), doc='Min. Length of Password'), + Param('krbmaxpwdlife?', + cli_name='maxlife', + type=ipa_types.Int(), + doc='Max. Password Lifetime (days)' + ), + Param('krbminpwdlife?', + cli_name='minlife', + type=ipa_types.Int(), + doc='Min. Password Lifetime (hours)' + ), + Param('krbpwdhistorylength?', + cli_name='history', + type=ipa_types.Int(), + doc='Password History Size' + ), + Param('krbpwdmindiffchars?', + cli_name='minclasses', + type=ipa_types.Int(), + doc='Min. Number of Character Classes' + ), + Param('krbpwdminlength?', + cli_name='minlength', + type=ipa_types.Int(), + doc='Min. Length of Password' + ), ) def execute(self, *args, **kw): - # Get the existing policy entry - oldpolicy = servercore.get_entry_by_cn("accounts", None) + """ + Execute the pwpolicy-mod operation. - # Convert the existing policy into an entry object - dn = oldpolicy.get('dn') - del oldpolicy['dn'] - entry = ipaldap.Entry((dn, servercore.convert_scalar_values(oldpolicy))) + The dn should not be passed as a keyword argument as it is constructed + by this method. - # FIXME: if the user passed no options should we return something - # more than No modifications to be performed? + Returns the entry - policy = kw + :param args: This function takes no positional arguments + :param kw: Keyword arguments for the other LDAP attributes. + """ + assert 'dn' not in kw + ldap = self.api.Backend.ldap + dn = ldap.find_entry_dn("cn", "accounts", "krbPwdPolicy") # The LDAP routines want strings, not ints, so convert a few # things. Otherwise it sees a string -> int conversion as a change. - for k in policy.iterkeys(): + for k in kw.iterkeys(): if k.startswith("krb", 0, 3): - policy[k] = str(policy[k]) - - # Convert hours and days to seconds - if policy.get('krbmaxpwdlife'): - policy['krbmaxpwdlife'] = str(int(policy.get('krbmaxpwdlife')) * 86400) - if policy.get('krbminpwdlife'): - policy['krbminpwdlife'] = str(int(policy.get('krbminpwdlife')) * 3600) - # Update the values passed-in - for p in policy: - # Values need to be strings, not integers - entry.setValues(p, str(policy[p])) - - result = servercore.update_entry(entry.toDict()) - - return result - def forward(self, *args, **kw): - result = super(pwpolicy_mod, self).forward(*args, **kw) - if result: + kw[k] = str(kw[k]) + + # Convert hours and days to seconds + if kw.get('krbmaxpwdlife'): + kw['krbmaxpwdlife'] = str(int(kw.get('krbmaxpwdlife')) * 86400) + if kw.get('krbminpwdlife'): + kw['krbminpwdlife'] = str(int(kw.get('krbminpwdlife')) * 3600) + + return ldap.update(dn, **kw) + + def output_for_cli(self, ret): + if ret: print "Policy modified" + api.register(pwpolicy_mod) class pwpolicy_show(frontend.Command): 'Retrieve current password policy' def execute(self, *args, **kw): - policy = servercore.get_entry_by_cn("accounts", None) + """ + Execute the pwpolicy-show operation. + + The dn should not be passed as a keyword argument as it is constructed + by this method. + + Returns the entry + + :param args: Not used. + :param kw: Not used. + """ + ldap = self.api.Backend.ldap + dn = ldap.find_entry_dn("cn", "accounts", "krbPwdPolicy") + + policy = ldap.retrieve(dn) # convert some values for display purposes policy['krbmaxpwdlife'] = str(int(policy.get('krbmaxpwdlife')) / 86400) @@ -93,8 +120,14 @@ class pwpolicy_show(frontend.Command): return policy - def forward(self, *args, **kw): - result = super(pwpolicy_show, self).forward(*args, **kw) - if not result: return - print result + def output_for_cli(self, policy): + if not policy: return + + print "Password Policy" + print "Min. Password Lifetime (hours): %s" % policy.get('krbminpwdlife') + print "Max. Password Lifetime (days): %s" % policy.get('krbmaxpwdlife') + print "Min. Number of Character Classes: %s" % policy.get('krbpwdmindiffchars') + print "Min. Length of Password: %s" % policy.get('krbpwdminlength') + print "Password History Size: %s" % policy.get('krbpwdhistorylength') + api.register(pwpolicy_show) -- cgit From af7b5645af001352aff626f46ec39031b2e9b10a Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 10 Dec 2008 16:42:45 -0500 Subject: Convert to new output_for_cli() function --- ipalib/plugins/f_pwpolicy.py | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) (limited to 'ipalib/plugins/f_pwpolicy.py') diff --git a/ipalib/plugins/f_pwpolicy.py b/ipalib/plugins/f_pwpolicy.py index ce52e467..87a7d8fa 100644 --- a/ipalib/plugins/f_pwpolicy.py +++ b/ipalib/plugins/f_pwpolicy.py @@ -88,9 +88,8 @@ class pwpolicy_mod(frontend.Command): return ldap.update(dn, **kw) - def output_for_cli(self, ret): - if ret: - print "Policy modified" + def output_for_cli(self, textui, result, *args, **options): + textui.print_plain("Policy modified") api.register(pwpolicy_mod) @@ -120,14 +119,12 @@ class pwpolicy_show(frontend.Command): return policy - def output_for_cli(self, policy): - if not policy: return - - print "Password Policy" - print "Min. Password Lifetime (hours): %s" % policy.get('krbminpwdlife') - print "Max. Password Lifetime (days): %s" % policy.get('krbmaxpwdlife') - print "Min. Number of Character Classes: %s" % policy.get('krbpwdmindiffchars') - print "Min. Length of Password: %s" % policy.get('krbpwdminlength') - print "Password History Size: %s" % policy.get('krbpwdhistorylength') + def output_for_cli(self, textui, result, *args, **options): + textui.print_plain("Password Policy") + textui.print_plain("Min. Password Lifetime (hours): %s" % result.get('krbminpwdlife')) + textui.print_plain("Max. Password Lifetime (days): %s" % result.get('krbmaxpwdlife')) + textui.print_plain("Min. Number of Character Classes: %s" % result.get('krbpwdmindiffchars')) + textui.print_plain("Min. Length of Password: %s" % result.get('krbpwdminlength')) + textui.print_plain("Password History Size: %s" % result.get('krbpwdhistorylength')) api.register(pwpolicy_show) -- cgit From a41a7f406f5e5192ed7a8c1b05c76de1826f0d7b Mon Sep 17 00:00:00 2001 From: Jason Gerard DeRose Date: Wed, 14 Jan 2009 22:25:45 -0700 Subject: Updated pwpolicy plugins module to where it can at least be imported --- ipalib/plugins/f_pwpolicy.py | 26 +++++++++----------------- 1 file changed, 9 insertions(+), 17 deletions(-) (limited to 'ipalib/plugins/f_pwpolicy.py') diff --git a/ipalib/plugins/f_pwpolicy.py b/ipalib/plugins/f_pwpolicy.py index 87a7d8fa..d914ce72 100644 --- a/ipalib/plugins/f_pwpolicy.py +++ b/ipalib/plugins/f_pwpolicy.py @@ -21,40 +21,32 @@ Frontend plugins for password policy. """ -from ipalib import frontend -from ipalib import crud -from ipalib.frontend import Param from ipalib import api -from ipalib import errors -from ipalib import ipa_types +from ipalib import Command # Plugin base classes +from ipalib import Int # Parameter types -class pwpolicy_mod(frontend.Command): +class pwpolicy_mod(Command): 'Edit existing password policy.' takes_options = ( - Param('krbmaxpwdlife?', + Int('krbmaxpwdlife?', cli_name='maxlife', - type=ipa_types.Int(), doc='Max. Password Lifetime (days)' ), - Param('krbminpwdlife?', + Int('krbminpwdlife?', cli_name='minlife', - type=ipa_types.Int(), doc='Min. Password Lifetime (hours)' ), - Param('krbpwdhistorylength?', + Int('krbpwdhistorylength?', cli_name='history', - type=ipa_types.Int(), doc='Password History Size' ), - Param('krbpwdmindiffchars?', + Int('krbpwdmindiffchars?', cli_name='minclasses', - type=ipa_types.Int(), doc='Min. Number of Character Classes' ), - Param('krbpwdminlength?', + Int('krbpwdminlength?', cli_name='minlength', - type=ipa_types.Int(), doc='Min. Length of Password' ), ) @@ -94,7 +86,7 @@ class pwpolicy_mod(frontend.Command): api.register(pwpolicy_mod) -class pwpolicy_show(frontend.Command): +class pwpolicy_show(Command): 'Retrieve current password policy' def execute(self, *args, **kw): """ -- cgit