IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add Kerberos Ticket Policy management plugin.

Browse Source
This commit is contained in:
Pavel Zuna 2010-01-05 15:07:19 +01:00 committed by Rob Crittenden
parent 0023ffb881
commit a11436113b
2 changed files with 167 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
ipalib/plugins/baseldap.py
View File

@ -21,6 +21,7 @@ Base classes for LDAP plugins.
"""
import re
from ipalib import crud, errors, uuid
from ipalib import Command, Method, Object
from ipalib import Flag, List, Str
@ -51,6 +52,7 @@ def get_attributes(attrs):
return attrlist
class LDAPObject(Object):
"""
Object representing a LDAP entry.
@ -75,9 +77,11 @@ class LDAPObject(Object):
parent_dn = self.api.Object[self.parent_object].get_dn(*keys[:-1])
else:
parent_dn = self.container_dn
return self.backend.make_dn_from_attr(
self.primary_key.name, keys[-1], parent_dn
)
if self.primary_key and keys[-1] is not None:
return self.backend.make_dn_from_attr(
self.primary_key.name, keys[-1], parent_dn
)
return parent_dn
def get_primary_key_from_dn(self, dn):
return dn[len(self.primary_key.name) + 1:dn.find(',')]
@ -109,7 +113,7 @@ class LDAPObject(Object):
textui.print_attribute('dn', entry[0])
textui.print_entry(entry[1], attr_order=self.attribute_order)
else:
if self.primary_key:
if self.primary_key and keys[-1] is not None:
textui.print_attribute(
self.object_name.capitalize(), keys[-1], indent=0
)
@ -192,10 +196,9 @@ class LDAPCreate(crud.Create):
entry_attrs['dn'] = dn
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
return dict(
result=entry_attrs,
value=keys[0],
)
if self.obj.primary_key and keys[-1] is not None:
return dict(result=entry_attrs, value=keys[-1])
return dict(result=entry_attrs, value=u'')
def dont_output_for_cli(self, textui, entry, *keys, **options):
textui.print_name(self.name)
@ -210,7 +213,7 @@ class LDAPCreate(crud.Create):
)
elif len(keys) == 1:
textui.print_dashed(
'Created %s "%s".' % (self.obj.object_name, keys[0])
'Created %s "%s".' % (self.obj.object_name, keys[-1])
)
else:
textui.print_dashed('Created %s.' % self.obj.object_name)
@ -269,11 +272,9 @@ class LDAPRetrieve(LDAPQuery):
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
entry_attrs['dn'] = dn
return dict(
result=entry_attrs,
value=keys[0],
)
if self.obj.primary_key and keys[-1] is not None:
return dict(result=entry_attrs, value=keys[-1])
return dict(result=entry_attrs, value=u'')
def dont_output_for_cli(self, textui, entry, *keys, **options):
textui.print_name(self.name)
@ -355,10 +356,9 @@ class LDAPUpdate(LDAPQuery, crud.Update):
dn = self.post_callback(ldap, dn, entry_attrs, *keys, **options)
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
return dict(
result=entry_attrs,
value=keys[0],
)
if self.obj.primary_key and keys[-1] is not None:
return dict(result=entry_attrs, value=keys[-1])
return dict(result=entry_attrs, value=u'')
def dont_output_for_cli(self, textui, entry, *keys, **options):
textui.print_name(self.name)
@ -373,7 +373,7 @@ class LDAPUpdate(LDAPQuery, crud.Update):
)
elif len(keys) == 1:
textui.print_dashed(
'Modified %s "%s".' % (self.obj.object_name, keys[0])
'Modified %s "%s".' % (self.obj.object_name, keys[-1])
)
else:
textui.print_dashed('Modified %s.' % self.obj.object_name)
@ -416,11 +416,9 @@ class LDAPDelete(LDAPQuery):
result = self.post_callback(ldap, dn, *keys, **options)
return dict(
result=result,
value=keys[0],
)
if self.obj.primary_key and keys[-1] is not None:
return dict(result=result, value=keys[-1])
return dict(result=result, value=u'')
def dont_output_for_cli(self, textui, result, *keys, **options):
textui.print_name(self.name)
@ -434,7 +432,7 @@ class LDAPDelete(LDAPQuery):
)
elif len(keys) == 1:
textui.print_dashed(
'Deleted %s "%s".' % (self.obj.object_name, keys[0])
'Deleted %s "%s".' % (self.obj.object_name, keys[-1])
)
else:
textui.print_dashed('Deleted %s.' % self.obj.object_name)
@ -727,8 +725,6 @@ class LDAPSearch(crud.Search):
truncated=truncated,
)
def dont_output_for_cli(self, textui, result, *args, **options):
(entries, truncated) = result

144
ipalib/plugins/krbtpolicy.py Normal file
View File

@ -0,0 +1,144 @@
# Authors:
# Pavel Zuna <pzuna@redhat.com>
#
# Copyright (C) 2010 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
"""
Kerberos ticket policy
"""
from ipalib import api
from ipalib import Int, Str
from ipalib.plugins.baseldap import *
# FIXME: load this from a config file?
_default_values = {
'krbmaxticketlife': 86400,
'krbmaxrenewableage': 604800,
}
class krbtpolicy(LDAPObject):
"""
Kerberos Ticket Policy object
"""
container_dn = 'cn=%s,cn=kerberos' % api.env.realm
object_name = 'kerberos ticket policy settings'
default_attributes = ['krbmaxticketlife', 'krbmaxrenewableage']
attribute_names = {
'krbmaxticketlife': 'maximum life',
'krbmaxrenewableage': 'maximum renewable age',
}
takes_params = (
Str('uid?',
cli_name='user',
doc='manage ticket policy for specific user',
primary_key=True,
),
Int('krbmaxticketlife?',
cli_name='maxlife',
doc='maximum ticket life',
),
Int('krbmaxrenewableage?',
cli_name='maxrenew',
doc='maximum renewable age',
),
)
def get_dn(self, *keys, **kwargs):
if keys[-1] is not None:
return self.api.Object.user.get_dn(*keys, **kwargs)
return self.container_dn
api.register(krbtpolicy)
class krbtpolicy_mod(LDAPUpdate):
"""
Modify kerberos ticket policy.
"""
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
# disable all flag
# ticket policies are attached to objects with unrelated attributes
if options.get('all'):
options['all'] = False
return dn
api.register(krbtpolicy_mod)
class krbtpolicy_show(LDAPRetrieve):
"""
Display kerberos ticket policy.
"""
def pre_callback(self, ldap, dn, attrs_list, *keys, **options):
# disable all flag
# ticket policies are attached to objects with unrelated attributes
if options.get('all'):
options['all'] = False
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
if keys[-1] is not None:
# if policy for a specific user isn't set, display global values
if 'krbmaxticketlife' not in entry_attrs or \
'krbmaxrenewableage' not in entry_attrs:
res = self.api.Command.krbtpolicy_show()
for a in self.obj.default_attributes:
entry_attrs.setdefault(a, res['result'][a])
return dn
api.register(krbtpolicy_show)
class krbtpolicy_reset(LDAPQuery):
"""
Reset kerberos ticket policy to default.
"""
has_output = output.standard_entry
def execute(self, *keys, **options):
ldap = self.obj.backend
dn = self.obj.get_dn(*keys, **options)
def_values = {}
# if reseting policy for a user - just his values
if keys[-1] is not None:
for a in self.obj.default_attributes:
def_values[a] = None
# if reseting global policy - set values to default
else:
def_values = _default_values
try:
ldap.update_entry(dn, def_values)
except errors.EmptyModlist:
pass
if keys[-1] is not None:
# policy for user was deleted, retrieve global policy
dn = self.obj.get_dn(None)
(dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
if keys[-1] is not None:
return dict(result=entry_attrs, value=keys[-1])
return dict(result=entry_attrs, value=u'')
api.register(krbtpolicy_reset)