Add support for managing user auth types

https://fedorahosted.org/freeipa/ticket/3368
This commit is contained in:
Nathaniel McCallum 2013-09-18 15:48:23 -04:00 committed by Petr Viktorin
parent df5f4ee81d
commit 3f85f09a83
5 changed files with 32 additions and 10 deletions

12
API.txt
View File

@ -495,7 +495,7 @@ args: 0,1,1
option: Str('version?', exclude='webui')
output: Output('result', None, None)
command: config_mod
args: 0,24,3
args: 0,25,3
option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('delattr*', cli_name='delattr', exclude='webui')
@ -514,6 +514,7 @@ option: Int('ipasearchrecordslimit', attribute=True, autofill=False, cli_name='s
option: Int('ipasearchtimelimit', attribute=True, autofill=False, cli_name='searchtimelimit', minvalue=-1, multivalue=False, required=False)
option: Str('ipaselinuxusermapdefault', attribute=True, autofill=False, cli_name='ipaselinuxusermapdefault', multivalue=False, required=False)
option: Str('ipaselinuxusermaporder', attribute=True, autofill=False, cli_name='ipaselinuxusermaporder', multivalue=False, required=False)
option: StrEnum('ipauserauthtype', attribute=True, autofill=False, cli_name='user_auth_type', csv=True, multivalue=True, required=False, values=(u'password',))
option: Str('ipauserobjectclasses', attribute=True, autofill=False, cli_name='userobjectclasses', csv=True, multivalue=True, required=False)
option: IA5Str('ipausersearchfields', attribute=True, autofill=False, cli_name='usersearch', multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
@ -3586,7 +3587,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: Output('value', <type 'unicode'>, None)
command: user_add
args: 1,35,3
args: 1,36,3
arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, required=True)
option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
@ -3600,6 +3601,7 @@ option: Str('givenname', attribute=True, cli_name='first', multivalue=False, req
option: Str('homedirectory', attribute=True, cli_name='homedir', multivalue=False, required=False)
option: Str('initials', attribute=True, autofill=True, cli_name='initials', multivalue=False, required=False)
option: Str('ipasshpubkey', attribute=True, cli_name='sshpubkey', csv=True, multivalue=True, required=False)
option: StrEnum('ipauserauthtype', attribute=True, cli_name='user_auth_type', csv=True, multivalue=True, required=False, values=(u'password',))
option: Str('krbprincipalname', attribute=True, autofill=True, cli_name='principal', multivalue=False, required=False)
option: Str('l', attribute=True, cli_name='city', multivalue=False, required=False)
option: Str('loginshell', attribute=True, cli_name='shell', multivalue=False, required=False)
@ -3649,7 +3651,7 @@ output: Output('result', <type 'bool'>, None)
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: Output('value', <type 'unicode'>, None)
command: user_find
args: 1,45,4
args: 1,46,4
arg: Str('criteria?', noextrawhitespace=False)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('carlicense', attribute=True, autofill=False, cli_name='carlicense', multivalue=False, query=True, required=False)
@ -3666,6 +3668,7 @@ option: Str('in_netgroup*', cli_name='in_netgroups', csv=True)
option: Str('in_role*', cli_name='in_roles', csv=True)
option: Str('in_sudorule*', cli_name='in_sudorules', csv=True)
option: Str('initials', attribute=True, autofill=False, cli_name='initials', multivalue=False, query=True, required=False)
option: StrEnum('ipauserauthtype', attribute=True, autofill=False, cli_name='user_auth_type', csv=True, multivalue=True, query=True, required=False, values=(u'password',))
option: Str('krbprincipalname', attribute=True, autofill=False, cli_name='principal', multivalue=False, query=True, required=False)
option: Str('l', attribute=True, autofill=False, cli_name='city', multivalue=False, query=True, required=False)
option: Str('loginshell', attribute=True, autofill=False, cli_name='shell', multivalue=False, query=True, required=False)
@ -3701,7 +3704,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: Output('truncated', <type 'bool'>, None)
command: user_mod
args: 1,36,3
args: 1,37,3
arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True)
option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
@ -3716,6 +3719,7 @@ option: Str('givenname', attribute=True, autofill=False, cli_name='first', multi
option: Str('homedirectory', attribute=True, autofill=False, cli_name='homedir', multivalue=False, required=False)
option: Str('initials', attribute=True, autofill=False, cli_name='initials', multivalue=False, required=False)
option: Str('ipasshpubkey', attribute=True, autofill=False, cli_name='sshpubkey', csv=True, multivalue=True, required=False)
option: StrEnum('ipauserauthtype', attribute=True, autofill=False, cli_name='user_auth_type', csv=True, multivalue=True, required=False, values=(u'password',))
option: Str('l', attribute=True, autofill=False, cli_name='city', multivalue=False, required=False)
option: Str('loginshell', attribute=True, autofill=False, cli_name='shell', multivalue=False, required=False)
option: Str('mail', attribute=True, autofill=False, cli_name='email', multivalue=True, required=False)

View File

@ -89,4 +89,4 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=65
IPA_API_VERSION_MINOR=66

View File

@ -3,3 +3,4 @@ add:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0
add:ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023
add:ipaUserObjectClasses: ipasshuser
remove:ipaConfigString:AllowLMhash
add:objectClass: ipaUserAuthTypeClass

View File

@ -92,6 +92,7 @@ class config(LDAPObject):
'ipamigrationenabled', 'ipacertificatesubjectbase',
'ipapwdexpadvnotify', 'ipaselinuxusermaporder',
'ipaselinuxusermapdefault', 'ipaconfigstring', 'ipakrbauthzdata',
'ipauserauthtype'
]
label = _('Configuration')
@ -197,6 +198,13 @@ class config(LDAPObject):
values=(u'MS-PAC', u'PAD', u'nfs:NONE'),
csv=True,
),
StrEnum('ipauserauthtype*',
cli_name='user_auth_type',
label=_('Default user authentication types'),
doc=_('Default types of supported user authentication'),
values=(u'password',),
csv=True,
),
)
def get_dn(self, *keys, **kwargs):

View File

@ -24,7 +24,7 @@ import posixpath
import os
from ipalib import api, errors
from ipalib import Flag, Int, Password, Str, Bool
from ipalib import Flag, Int, Password, Str, Bool, StrEnum
from ipalib.plugins.baseldap import *
from ipalib.plugins import baseldap
from ipalib.request import context
@ -198,14 +198,14 @@ class user(LDAPObject):
object_name_plural = _('users')
object_class = ['posixaccount']
object_class_config = 'ipauserobjectclasses'
possible_objectclasses = ['meporiginentry']
possible_objectclasses = ['meporiginentry', 'ipauserauthtypeclass']
disallow_object_classes = ['krbticketpolicyaux']
search_attributes_config = 'ipausersearchfields'
default_attributes = [
'uid', 'givenname', 'sn', 'homedirectory', 'loginshell',
'uidnumber', 'gidnumber', 'mail', 'ou',
'telephonenumber', 'title', 'memberof', 'nsaccountlock',
'memberofindirect',
'memberofindirect', 'ipauserauthtype'
]
search_display_attributes = [
'uid', 'givenname', 'sn', 'homedirectory', 'loginshell',
@ -365,6 +365,13 @@ class user(LDAPObject):
csv=True,
flags=['no_search'],
),
StrEnum('ipauserauthtype*',
cli_name='user_auth_type',
label=_('User authentication types'),
doc=_('Types of supported user authentication'),
values=(u'password',),
csv=True,
),
)
def _normalize_and_validate_email(self, email, config=None):
@ -633,14 +640,16 @@ class user_mod(LDAPUpdate):
entry_attrs['userpassword'] = ipa_generate_password(user_pwdchars)
# save the password so it can be displayed in post_callback
setattr(context, 'randompassword', entry_attrs['userpassword'])
if 'ipasshpubkey' in entry_attrs:
if 'ipasshpubkey' in entry_attrs or 'ipauserauthtype' in entry_attrs:
if 'objectclass' in entry_attrs:
obj_classes = entry_attrs['objectclass']
else:
(_dn, _entry_attrs) = ldap.get_entry(dn, ['objectclass'])
obj_classes = entry_attrs['objectclass'] = _entry_attrs['objectclass']
if 'ipasshuser' not in obj_classes:
if 'ipasshpubkey' in entry_attrs and 'ipasshuser' not in obj_classes:
obj_classes.append('ipasshuser')
if 'ipauserauthtype' in entry_attrs and 'ipauserauthtype' not in obj_classes:
obj_classes.append('ipauserauthtypeclass')
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):