https://fedorahosted.org/freeipa/ticket/1979
I've used code from ipalib/plugins/host.py to add support for random password generation. The '--random' option is now available in user-add and user-mod commands. If both the 'password' and 'random' options are used the 'random' option will be ignored. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada
From 5787f847de123f1426080830db138ac88bc83751 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada <oham...@redhat.com> Date: Thu, 24 Nov 2011 15:39:22 +0100 Subject: [PATCH] User-add random password support I've used code from ipalib/plugins/host.py to add support for random password generation. The '--random' option is now available in user-add and user-mod commands. If both the 'password' and 'random' options are used - the 'random' option will be ignored. https://fedorahosted.org/freeipa/ticket/1979 --- API.txt | 6 ++++-- ipalib/plugins/user.py | 29 +++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/API.txt b/API.txt index 135b07908f08e20fba3391bbd8ad13252ea55b47..ffed0c2452fa01d6daeeafd74212cd2b0af4ad83 100644 --- a/API.txt +++ b/API.txt @@ -2741,7 +2741,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('value', <type 'unicode'>, None) command: user_add -args: 1,31,3 +args: 1,32,3 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', pattern_errmsg='may only include letters, numbers, _, -, . and $', primary_key=True, required=True) option: Str('givenname', attribute=True, cli_name='first', multivalue=False, required=True) option: Str('sn', attribute=True, cli_name='last', multivalue=False, required=True) @@ -2754,6 +2754,7 @@ option: Str('loginshell', attribute=True, cli_name='shell', default=u'/bin/sh', option: Str('krbprincipalname', attribute=True, autofill=True, cli_name='principal', multivalue=False, required=False) option: Str('mail', attribute=True, cli_name='email', multivalue=True, required=False) option: Password('userpassword', attribute=True, cli_name='password', exclude='webui', multivalue=False, required=False) +option: Flag('random', attribute=False, autofill=True, cli_name='random', default=False, multivalue=False, required=False) option: Int('uidnumber', attribute=True, autofill=True, cli_name='uid', default=999, minvalue=1, multivalue=False, required=False) option: Int('gidnumber', attribute=True, cli_name='gidnumber', multivalue=False, required=False) option: Str('street', attribute=True, cli_name='street', multivalue=False, required=False) @@ -2847,7 +2848,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list output: Output('count', <type 'int'>, None) output: Output('truncated', <type 'bool'>, None) command: user_mod -args: 1,31,3 +args: 1,32,3 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', pattern_errmsg='may only include letters, numbers, _, -, . and $', primary_key=True, query=True, required=True) option: Str('givenname', attribute=True, autofill=False, cli_name='first', multivalue=False, required=False) option: Str('sn', attribute=True, autofill=False, cli_name='last', multivalue=False, required=False) @@ -2859,6 +2860,7 @@ option: Str('gecos', attribute=True, autofill=False, cli_name='gecos', multivalu option: Str('loginshell', attribute=True, autofill=False, cli_name='shell', default=u'/bin/sh', multivalue=False, required=False) option: Str('mail', attribute=True, autofill=False, cli_name='email', multivalue=True, required=False) option: Password('userpassword', attribute=True, autofill=False, cli_name='password', exclude='webui', multivalue=False, required=False) +option: Flag('random', attribute=False, autofill=True, cli_name='random', default=False, multivalue=False, required=False) option: Int('uidnumber', attribute=True, autofill=False, cli_name='uid', default=999, minvalue=1, multivalue=False, required=False) option: Int('gidnumber', attribute=True, autofill=False, cli_name='gidnumber', multivalue=False, required=False) option: Str('street', attribute=True, autofill=False, cli_name='street', multivalue=False, required=False) diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index d3e63ef9a7bcf98d0bd34396b144134be38c17c3..f719efed1bba4dbb98a7a6289c6039bf21ef4e07 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -25,6 +25,7 @@ from ipalib.request import context from time import gmtime, strftime import copy from ipalib import _, ngettext +from ipapython.ipautil import ipa_generate_password __doc__ = _(""" Users @@ -237,6 +238,15 @@ class user(LDAPObject): # bomb out via the webUI. exclude='webui', ), + Flag('random?', + doc=_('Generate a random user password'), + flags=('no_search', 'virtual_attribute'), + default=False, + ), + Str('randompassword?', + label=_('Random password'), + flags=('no_create', 'no_update', 'no_search', 'virtual_attribute'), + ), Int('uidnumber?', cli_name='uid', label=_('UID'), @@ -428,6 +438,11 @@ class user_add(LDAPCreate): raise errors.NotFound(reason=error_msg) entry_attrs['gidnumber'] = group_attrs['gidnumber'] + if 'userpassword' not in entry_attrs and options.get('random'): + entry_attrs['userpassword'] = ipa_generate_password() + # save the password so it can be displayed in post_callback + setattr(context, 'randompassword', entry_attrs['userpassword']) + if 'mail' in entry_attrs: entry_attrs['mail'] = self.obj._normalize_email(entry_attrs['mail'], config) @@ -463,6 +478,14 @@ class user_add(LDAPCreate): newentry = wait_for_value(ldap, dn, 'objectclass', 'mepOriginEntry') entry_from_entry(entry_attrs, newentry) + if options.get('random', False): + try: + entry_attrs['randompassword'] = unicode(getattr(context, 'randompassword')) + except AttributeError: + # On the off-chance some other extension deletes this from the + # context, don't crash. + pass + self.obj.get_password_attributes(ldap, dn, entry_attrs) return dn @@ -493,9 +516,15 @@ class user_mod(LDAPUpdate): if 'manager' in entry_attrs: entry_attrs['manager'] = self.obj._normalize_manager(entry_attrs['manager']) validate_nsaccountlock(entry_attrs) + if 'userpassword' not in entry_attrs and options.get('random'): + entry_attrs['userpassword'] = ipa_generate_password() + # save the password so it can be displayed in post_callback + setattr(context, 'randompassword', entry_attrs['userpassword']) return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): + if options.get('random', False): + entry_attrs['randompassword'] = unicode(getattr(context, 'randompassword')) convert_nsaccountlock(entry_attrs) self.obj._convert_manager(entry_attrs, **options) self.obj.get_password_attributes(ldap, dn, entry_attrs) -- 1.7.6.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel