[Freeipa-devel] [PATCH] 5 User-add random password support

Thu, 24 Nov 2011 06:55:40 -0800 

https://fedorahosted.org/freeipa/ticket/1979

I've used code from ipalib/plugins/host.py to add support for random
password generation. The '--random' option is now available in
user-add and user-mod commands. If both the 'password' and 'random'
options are used the 'random' option will be ignored.

--
Regards,

Ondrej Hamada
FreeIPA team
jabber: oh...@jabbim.cz
IRC: ohamada


From 5787f847de123f1426080830db138ac88bc83751 Mon Sep 17 00:00:00 2001
From: Ondrej Hamada <oham...@redhat.com>
Date: Thu, 24 Nov 2011 15:39:22 +0100
Subject: [PATCH] User-add random password support

I've used code from ipalib/plugins/host.py to add support for random
password generation. The '--random' option is now available in
user-add and user-mod commands. If both the 'password' and 'random'
options are used - the 'random' option will be ignored.

https://fedorahosted.org/freeipa/ticket/1979
---
 API.txt                |    6 ++++--
 ipalib/plugins/user.py |   29 +++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/API.txt b/API.txt
index 135b07908f08e20fba3391bbd8ad13252ea55b47..ffed0c2452fa01d6daeeafd74212cd2b0af4ad83 100644
--- a/API.txt
+++ b/API.txt
@@ -2741,7 +2741,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 output: Output('value', <type 'unicode'>, None)
 command: user_add
-args: 1,31,3
+args: 1,32,3
 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', pattern_errmsg='may only include letters, numbers, _, -, . and $', primary_key=True, required=True)
 option: Str('givenname', attribute=True, cli_name='first', multivalue=False, required=True)
 option: Str('sn', attribute=True, cli_name='last', multivalue=False, required=True)
@@ -2754,6 +2754,7 @@ option: Str('loginshell', attribute=True, cli_name='shell', default=u'/bin/sh',
 option: Str('krbprincipalname', attribute=True, autofill=True, cli_name='principal', multivalue=False, required=False)
 option: Str('mail', attribute=True, cli_name='email', multivalue=True, required=False)
 option: Password('userpassword', attribute=True, cli_name='password', exclude='webui', multivalue=False, required=False)
+option: Flag('random', attribute=False, autofill=True, cli_name='random', default=False, multivalue=False, required=False)
 option: Int('uidnumber', attribute=True, autofill=True, cli_name='uid', default=999, minvalue=1, multivalue=False, required=False)
 option: Int('gidnumber', attribute=True, cli_name='gidnumber', multivalue=False, required=False)
 option: Str('street', attribute=True, cli_name='street', multivalue=False, required=False)
@@ -2847,7 +2848,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list
 output: Output('count', <type 'int'>, None)
 output: Output('truncated', <type 'bool'>, None)
 command: user_mod
-args: 1,31,3
+args: 1,32,3
 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', pattern_errmsg='may only include letters, numbers, _, -, . and $', primary_key=True, query=True, required=True)
 option: Str('givenname', attribute=True, autofill=False, cli_name='first', multivalue=False, required=False)
 option: Str('sn', attribute=True, autofill=False, cli_name='last', multivalue=False, required=False)
@@ -2859,6 +2860,7 @@ option: Str('gecos', attribute=True, autofill=False, cli_name='gecos', multivalu
 option: Str('loginshell', attribute=True, autofill=False, cli_name='shell', default=u'/bin/sh', multivalue=False, required=False)
 option: Str('mail', attribute=True, autofill=False, cli_name='email', multivalue=True, required=False)
 option: Password('userpassword', attribute=True, autofill=False, cli_name='password', exclude='webui', multivalue=False, required=False)
+option: Flag('random', attribute=False, autofill=True, cli_name='random', default=False, multivalue=False, required=False)
 option: Int('uidnumber', attribute=True, autofill=False, cli_name='uid', default=999, minvalue=1, multivalue=False, required=False)
 option: Int('gidnumber', attribute=True, autofill=False, cli_name='gidnumber', multivalue=False, required=False)
 option: Str('street', attribute=True, autofill=False, cli_name='street', multivalue=False, required=False)
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index d3e63ef9a7bcf98d0bd34396b144134be38c17c3..f719efed1bba4dbb98a7a6289c6039bf21ef4e07 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -25,6 +25,7 @@ from ipalib.request import context
 from time import gmtime, strftime
 import copy
 from ipalib import _, ngettext
+from ipapython.ipautil import ipa_generate_password
 
 __doc__ = _("""
 Users
@@ -237,6 +238,15 @@ class user(LDAPObject):
             # bomb out via the webUI.
             exclude='webui',
         ),
+        Flag('random?',
+            doc=_('Generate a random user password'),
+            flags=('no_search', 'virtual_attribute'),
+            default=False,
+        ),
+        Str('randompassword?',
+            label=_('Random password'),
+            flags=('no_create', 'no_update', 'no_search', 'virtual_attribute'),
+        ),
         Int('uidnumber?',
             cli_name='uid',
             label=_('UID'),
@@ -428,6 +438,11 @@ class user_add(LDAPCreate):
                     raise errors.NotFound(reason=error_msg)
                 entry_attrs['gidnumber'] = group_attrs['gidnumber']
 
+        if 'userpassword' not in entry_attrs and options.get('random'):
+            entry_attrs['userpassword'] = ipa_generate_password()
+            # save the password so it can be displayed in post_callback
+            setattr(context, 'randompassword', entry_attrs['userpassword'])
+
         if 'mail' in entry_attrs:
             entry_attrs['mail'] = self.obj._normalize_email(entry_attrs['mail'], config)
 
@@ -463,6 +478,14 @@ class user_add(LDAPCreate):
                 newentry = wait_for_value(ldap, dn, 'objectclass', 'mepOriginEntry')
                 entry_from_entry(entry_attrs, newentry)
 
+        if options.get('random', False):
+            try:
+                entry_attrs['randompassword'] = unicode(getattr(context, 'randompassword'))
+            except AttributeError:
+                # On the off-chance some other extension deletes this from the
+                # context, don't crash.
+                pass
+
         self.obj.get_password_attributes(ldap, dn, entry_attrs)
         return dn
 
@@ -493,9 +516,15 @@ class user_mod(LDAPUpdate):
         if 'manager' in entry_attrs:
             entry_attrs['manager'] = self.obj._normalize_manager(entry_attrs['manager'])
         validate_nsaccountlock(entry_attrs)
+        if 'userpassword' not in entry_attrs and options.get('random'):
+            entry_attrs['userpassword'] = ipa_generate_password()
+            # save the password so it can be displayed in post_callback
+            setattr(context, 'randompassword', entry_attrs['userpassword'])
         return dn
 
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+        if options.get('random', False):
+                entry_attrs['randompassword'] = unicode(getattr(context, 'randompassword'))
         convert_nsaccountlock(entry_attrs)
         self.obj._convert_manager(entry_attrs, **options)
         self.obj.get_password_attributes(ldap, dn, entry_attrs)
-- 
1.7.6.4


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to