1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
# Authors:
# Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2008 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
"""
Frontend plugins for password policy.
"""
from ipalib import frontend
from ipalib import crud
from ipalib.frontend import Param
from ipalib import api
from ipalib import errors
from ipalib import ipa_types
from ipa_server import servercore
from ipa_server import ipaldap
import ldap
class pwpolicy_mod(frontend.Command):
'Edit an existing user.'
# FIXME, switch to more human-readable names at some point
takes_options = (
Param('krbmaxpwdlife?', type=ipa_types.Int(), doc='Max. Password Lifetime (days)'),
Param('krbminpwdlife?', type=ipa_types.Int(), doc='Min. Password Lifetime (hours)'),
Param('krbpwdhistorylength?', type=ipa_types.Int(), doc='Password History Size'),
Param('krbpwdmindiffchars?', type=ipa_types.Int(), doc='Min. Number of Character Classes'),
Param('krbpwdminlength?', type=ipa_types.Int(), doc='Min. Length of Password'),
)
def execute(self, *args, **kw):
# Get the existing policy entry
oldpolicy = servercore.get_entry_by_cn("accounts", None)
# Convert the existing policy into an entry object
dn = oldpolicy.get('dn')
del oldpolicy['dn']
entry = ipaldap.Entry((dn, servercore.convert_scalar_values(oldpolicy)))
# FIXME: if the user passed no options should we return something
# more than No modifications to be performed?
policy = kw
# The LDAP routines want strings, not ints, so convert a few
# things. Otherwise it sees a string -> int conversion as a change.
for k in policy.iterkeys():
if k.startswith("krb", 0, 3):
policy[k] = str(policy[k])
# Convert hours and days to seconds
if policy.get('krbmaxpwdlife'):
policy['krbmaxpwdlife'] = str(int(policy.get('krbmaxpwdlife')) * 86400)
if policy.get('krbminpwdlife'):
policy['krbminpwdlife'] = str(int(policy.get('krbminpwdlife')) * 3600)
# Update the values passed-in
for p in policy:
# Values need to be strings, not integers
entry.setValues(p, str(policy[p]))
result = servercore.update_entry(entry.toDict())
return result
def forward(self, *args, **kw):
result = super(pwpolicy_mod, self).forward(*args, **kw)
if result:
print "Policy modified"
api.register(pwpolicy_mod)
class pwpolicy_show(frontend.Command):
'Retrieve current password policy'
def execute(self, *args, **kw):
policy = servercore.get_entry_by_cn("accounts", None)
# convert some values for display purposes
policy['krbmaxpwdlife'] = str(int(policy.get('krbmaxpwdlife')) / 86400)
policy['krbminpwdlife'] = str(int(policy.get('krbminpwdlife')) / 3600)
return policy
def forward(self, *args, **kw):
result = super(pwpolicy_show, self).forward(*args, **kw)
if not result: return
print result
api.register(pwpolicy_show)
|
