IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge.

Browse Source
This commit is contained in:
Karl MacMillan 0001-01-01 00:00:00 +00:00
commit ad3fcc200c
17 changed files with 125 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ipa-admintools/ipa-addgroup
View File

@ -62,28 +62,28 @@ def main():
if (len(args) != 2):
while (cont != True):
cn = raw_input("Group name: ")
if (ipavalidate.plain(cn, notEmpty=True)):
print "Field is required and must be letters or '."
if (ipavalidate.String(cn, notEmpty=True)):
print "Please enter a value"
else:
cont = True
else:
cn = args[1]
if (ipavalidate.plain(cn, notEmpty=True)):
print "Group name is required and must be letters or '."
if (ipavalidate.ipastsring(cn, notEmpty=True)):
print "Please enter a value"
return 1
cont = False
if not options.desc:
while (cont != True):
desc = raw_input("Description: ")
if (ipavalidate.plain(desc, notEmpty=True)):
print "Field is required and must be letters or '."
if (ipavalidate.String(desc, notEmpty=True)):
print "Please enter a value"
else:
cont = True
else:
desc = options.desc
if (ipavalidate.plain(desc, notEmpty=True)):
print "First name is required and must be letters or '."
if (ipavalidate.String(desc, notEmpty=True)):
print "Please enter a value"
return 1
if options.gid:

34
ipa-admintools/ipa-adduser
View File

@ -92,42 +92,42 @@ def main():
if not options.gn:
while (cont != True):
givenname = raw_input("First name: ")
if (ipavalidate.plain(givenname, notEmpty=True)):
print "Field is required and must be letters or '"
if (ipavalidate.String(givenname, notEmpty=True)):
print "Please enter a value"
else:
cont = True
else:
givenname = options.gn
if (ipavalidate.plain(givenname, notEmpty=True)):
print "First name is required and must be letters or '"
if (ipavalidate.String(givenname, notEmpty=True)):
print "Please enter a value"
return 1
cont = False
if not options.sn:
while (cont != True):
lastname = raw_input("Last name: ")
if (ipavalidate.plain(lastname, notEmpty=True)):
print "Field is required and must be letters or '"
if (ipavalidate.String(lastname, notEmpty=True)):
print "Please enter a value"
else:
cont = True
else:
lastname = options.sn
if (ipavalidate.plain(lastname, notEmpty=True)):
print "Last name is required and must be letters or '"
if (ipavalidate.String(lastname, notEmpty=True)):
print "Please enter a value"
return 1
cont = False
if (len(args) != 2):
while (cont != True):
username = raw_input("Login name: ")
if (ipavalidate.plain(username, notEmpty=True)):
print "Field is required and must be letters or '"
if (ipavalidate.Plain(username, notEmpty=True, allowSpaces=False)):
print "Please enter a value"
else:
cont = True
else:
username = args[1]
if (ipavalidate.plain(username, notEmpty=True)):
print "Username is required and must be letters or '"
if (ipavalidate.Plain(username, notEmpty=True, allowSpaces=False)):
print "Username is required and may only include letters and numbers"
return 1
if not options.password:
@ -147,7 +147,7 @@ def main():
if options.mail:
mail = options.mail
if (ipavalidate.email(mail)):
if (ipavalidate.Email(mail)):
print "The email provided seem not a valid email."
return 1
@ -158,8 +158,8 @@ def main():
if not options.gecos:
while (cont != True):
gecos = raw_input("gecos []: ")
if (ipavalidate.plain(gecos, notEmpty=False)):
print "Must be letters, numbers, spaces or '"
if (ipavalidate.String(gecos, notEmpty=False)):
print "Please enter a value"
else:
cont = True
cont = False
@ -168,8 +168,8 @@ def main():
directory = raw_input("home directory [/home/"+username+"]: ")
if directory == "":
directory = "/home/"+username
if (ipavalidate.path(directory, notEmpty=False)):
print "Must be letters, numbers, spaces or '"
if (ipavalidate.Path(directory, notEmpty=False)):
print "Please enter a value"
else:
cont = True
cont = False

4
ipa-admintools/ipa-deldelegation
View File

@ -65,6 +65,7 @@ def main():
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list]
acistr = None
for aci_str in aci_str_list:
try:
aci = ipa.aci.ACI(aci_str)
@ -76,7 +77,7 @@ def main():
pass
if acistr is None:
print "No delegation %s found." % args[1]
print "No delegation '%s' found." % args[1]
return 2
old_aci_index = aci_str_list.index(acistr)
@ -86,6 +87,7 @@ def main():
aci_entry.setValue('aci', new_aci_str_list)
client.update_entry(aci_entry)
print "Delegation removed."
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."

2
ipa-admintools/ipa-findgroup
View File

@ -67,7 +67,7 @@ def main():
return 2
elif counter == -1:
print "These results are truncated."
print "Please revine your search and try again."
print "Please refine your search and try again."
for ent in groups:
try:

2
ipa-admintools/ipa-finduser
View File

@ -92,7 +92,7 @@ def main():
return 2
elif counter == -1:
print "These results are truncated."
print "Please revine your search and try again."
print "Please refine your search and try again."
for ent in users:
attr = ent.attrList()

30
ipa-admintools/ipa-usermod
View File

@ -124,8 +124,8 @@ def main():
if not options.gn:
while (cont != True):
givenname = raw_input("First name: [%s] " % user.getValue('givenname'))
if (ipavalidate.plain(givenname, notEmpty=False)):
print "Must be letters or '"
if (ipavalidate.String(givenname, notEmpty=False)):
print "Please enter a value"
else:
cont = True
if len(givenname) < 1:
@ -133,16 +133,16 @@ def main():
cont = True
else:
givenname = options.gn
if (ipavalidate.plain(givenname, notEmpty=True)):
print "First name must be letters or '"
if (ipavalidate.String(givenname, notEmpty=True)):
print "Please enter a value"
return 1
cont = False
if not options.sn:
while (cont != True):
lastname = raw_input(" Last name: [%s] " % user.getValue('sn'))
if (ipavalidate.plain(lastname, notEmpty=False)):
print "Must be letters or '"
if (ipavalidate.String(lastname, notEmpty=False)):
print "Please enter a value"
else:
cont = True
if len(lastname) < 1:
@ -150,21 +150,21 @@ def main():
cont = True
else:
lastname = options.sn
if (ipavalidate.plain(lastname, notEmpty=True)):
print "Last name must be letters or '"
if (ipavalidate.String(lastname, notEmpty=True)):
print "Please enter a value"
return 1
cont = False
if not options.mail:
while (cont != True):
mail = raw_input("E-mail addr: [%s]" % user.getValue('mail'))
if (ipavalidate.email(mail, notEmpty=False)):
print "Must include a user and domain name"
if (ipavalidate.Email(mail, notEmpty=False)):
print "E-mail must include a user and domain name"
else:
cont = True
else:
mail = options.mail
if (ipavalidate.email(mail)):
if (ipavalidate.Email(mail)):
print "E-mail must include a user and domain name"
return 1
@ -174,8 +174,8 @@ def main():
if not options.gecos:
while (cont != True):
gecos = raw_input("gecos: [%s] " % user.getValue('gecos'))
if (ipavalidate.plain(gecos, notEmpty=False)):
print "Must be letters, numbers, spaces or '"
if (ipavalidate.String(gecos, notEmpty=False)):
print "Please enter a value"
else:
cont = True
@ -183,8 +183,8 @@ def main():
if not options.directory:
while (cont != True):
directory = raw_input("home directory: [%s] " % user.getValue('homeDirectory'))
if (ipavalidate.path(gecos, notEmpty=False)):
print "Must be letters, numbers, spaces or '"
if (ipavalidate.Path(gecos, notEmpty=False)):
print "Valid path is required"
else:
cont = True
cont = False

1
ipa-client/ipaclient/Makefile.am
View File

@ -3,7 +3,6 @@ NULL =
appdir = $(IPA_DATA_DIR)/ipaclient
app_PYTHON = \
__init__.py \
dnsclient.py \
ipachangeconf.py \
ipadiscovery.py \
ntpconf.py \

2
ipa-client/ipaclient/__init__.py
View File

@ -18,5 +18,5 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
__all__ = ["ipadiscovery", "ipachangeconf", "dnsclient"]
__all__ = ["ipadiscovery", "ipachangeconf"]

14
ipa-client/ipaclient/ipadiscovery.py
View File

@ -20,7 +20,7 @@
import socket
import logging
import dnsclient
import ipa.dnsclient
import ldap
from ldap import LDAPError
@ -191,10 +191,10 @@ class IPADiscovery:
# terminate the name
if not qname.endswith("."):
qname += "."
results = dnsclient.query(qname, dnsclient.DNS_C_IN, dnsclient.DNS_T_SRV)
results = ipa.dnsclient.query(qname, ipa.dnsclient.DNS_C_IN, ipa.dnsclient.DNS_T_SRV)
for result in results:
if result.dns_type == dnsclient.DNS_T_SRV:
if result.dns_type == ipa.dnsclient.DNS_T_SRV:
rserver = result.rdata.server.rstrip(".")
if result.rdata.port and result.rdata.port != 389:
rserver += ":" + str(result.rdata.port)
@ -214,10 +214,10 @@ class IPADiscovery:
# terminate the name
if not qname.endswith("."):
qname += "."
results = dnsclient.query(qname, dnsclient.DNS_C_IN, dnsclient.DNS_T_TXT)
results = ipa.dnsclient.query(qname, ipa.dnsclient.DNS_C_IN, ipa.dnsclient.DNS_T_TXT)
for result in results:
if result.dns_type == dnsclient.DNS_T_TXT:
if result.dns_type == ipa.dnsclient.DNS_T_TXT:
realm = result.rdata.data
if realm:
break
@ -228,9 +228,9 @@ class IPADiscovery:
# terminate the name
if not qname.endswith("."):
qname += "."
results = dnsclient.query(qname, dnsclient.DNS_C_IN, dnsclient.DNS_T_SRV)
results = ipa.dnsclient.query(qname, ipa.dnsclient.DNS_C_IN, ipa.dnsclient.DNS_T_SRV)
for result in results:
if result.dns_type == dnsclient.DNS_T_SRV:
if result.dns_type == ipa.dnsclient.DNS_T_SRV:
qname = result.rdata.server.rstrip(".")
if result.rdata.port and result.rdata.port != 88:
qname += ":" + str(result.rdata.port)

2
ipa-python/MANIFEST.in
View File

@ -1,3 +1,3 @@
include *.conf
include freeipa-python.spec*
include ipa-python.spec*

0
ipa-client/ipaclient/dnsclient.py → ipa-python/dnsclient.py
View File

28
ipa-python/ipavalidate.py
View File

@ -19,7 +19,7 @@
import re
def email(mail, notEmpty=True):
def Email(mail, notEmpty=True):
"""Do some basic validation of an e-mail address.
Return 0 if ok
Return 1 if not
@ -49,7 +49,7 @@ def email(mail, notEmpty=True):
return 0
def plain(text, notEmpty=False):
def Plain(text, notEmpty=False, allowSpaces=True):
"""Do some basic validation of a plain text field
Return 0 if ok
Return 1 if not
@ -57,23 +57,33 @@ def plain(text, notEmpty=False):
If notEmpty is True the this will return an error if the field
is "" or None.
"""
textRE = re.compile(r"^[a-zA-Z_\-0-9\'\ ]*$")
if not text and notEmpty is True:
return 1
if text is None:
if (text is None) or (not text.strip()):
if notEmpty is True:
return 1
else:
return 0
if allowSpaces:
textRE = re.compile(r"^[a-zA-Z_\-0-9\'\ ]*$")
else:
textRE = re.compile(r"^[a-zA-Z_\-0-9\']*$")
if not textRE.search(text):
return 1
return 0
def path(text, notEmpty=False):
def String(text, notEmpty=False):
"""A string type. This is much looser in what it allows than plain"""
if text is None or not text.strip():
if notEmpty is True:
return 1
else:
return 0
return 0
def Path(text, notEmpty=False):
"""Do some basic validation of a path
Return 0 if ok
Return 1 if not

71
ipa-python/test/test_ipavalidate.py
View File

@ -31,39 +31,54 @@ class TestValidate(unittest.TestCase):
def tearDown(self):
pass
def test_validemail(self):
self.assertEqual(0, ipavalidate.email("test@freeipa.org"))
self.assertEqual(0, ipavalidate.email("", notEmpty=False))
def test_validEmail(self):
self.assertEqual(0, ipavalidate.Email("test@freeipa.org"))
self.assertEqual(0, ipavalidate.Email("", notEmpty=False))
def test_invalidemail(self):
self.assertEqual(1, ipavalidate.email("test"))
self.assertEqual(1, ipavalidate.email("test@freeipa"))
self.assertEqual(1, ipavalidate.email("test@.com"))
self.assertEqual(1, ipavalidate.email(""))
self.assertEqual(1, ipavalidate.email(None))
def test_invalidEmail(self):
self.assertEqual(1, ipavalidate.Email("test"))
self.assertEqual(1, ipavalidate.Email("test@freeipa"))
self.assertEqual(1, ipavalidate.Email("test@.com"))
self.assertEqual(1, ipavalidate.Email(""))
self.assertEqual(1, ipavalidate.Email(None))
def test_validplain(self):
self.assertEqual(0, ipavalidate.plain("Joe User"))
self.assertEqual(0, ipavalidate.plain("Joe O'Malley"))
self.assertEqual(0, ipavalidate.plain("", notEmpty=False))
self.assertEqual(0, ipavalidate.plain(None, notEmpty=False))
def test_validPlain(self):
self.assertEqual(0, ipavalidate.Plain("Joe User"))
self.assertEqual(0, ipavalidate.Plain("Joe O'Malley"))
self.assertEqual(0, ipavalidate.Plain("", notEmpty=False))
self.assertEqual(0, ipavalidate.Plain(None, notEmpty=False))
self.assertEqual(0, ipavalidate.Plain("JoeUser", allowSpaces=False))
self.assertEqual(0, ipavalidate.Plain("JoeUser", allowSpaces=True))
def test_invalidplain(self):
self.assertEqual(1, ipavalidate.plain("Joe (User)"))
self.assertEqual(1, ipavalidate.plain("", notEmpty=True))
self.assertEqual(1, ipavalidate.plain(None, notEmpty=True))
def test_invalidPlain(self):
self.assertEqual(1, ipavalidate.Plain("Joe (User)"))
self.assertEqual(1, ipavalidate.Plain("Joe C. User"))
self.assertEqual(1, ipavalidate.Plain("", notEmpty=True))
self.assertEqual(1, ipavalidate.Plain(None, notEmpty=True))
self.assertEqual(1, ipavalidate.Plain("Joe User", allowSpaces=False))
def test_validpath(self):
self.assertEqual(0, ipavalidate.path("/"))
self.assertEqual(0, ipavalidate.path("/home/user"))
self.assertEqual(0, ipavalidate.path("../home/user"))
self.assertEqual(0, ipavalidate.path("", notEmpty=False))
self.assertEqual(0, ipavalidate.path(None, notEmpty=False))
def test_validString(self):
self.assertEqual(0, ipavalidate.String("Joe User"))
self.assertEqual(0, ipavalidate.String("Joe O'Malley"))
self.assertEqual(1, ipavalidate.Plain("Joe C. User"))
self.assertEqual(0, ipavalidate.String("", notEmpty=False))
self.assertEqual(0, ipavalidate.String(None, notEmpty=False))
def test_invalidpath(self):
self.assertEqual(1, ipavalidate.path("(foo)"))
self.assertEqual(1, ipavalidate.path("", notEmpty=True))
self.assertEqual(1, ipavalidate.path(None, notEmpty=True))
def test_invalidString(self):
self.assertEqual(1, ipavalidate.String("", notEmpty=True))
self.assertEqual(1, ipavalidate.String(None, notEmpty=True))
def test_validPath(self):
self.assertEqual(0, ipavalidate.Path("/"))
self.assertEqual(0, ipavalidate.Path("/home/user"))
self.assertEqual(0, ipavalidate.Path("../home/user"))
self.assertEqual(0, ipavalidate.Path("", notEmpty=False))
self.assertEqual(0, ipavalidate.Path(None, notEmpty=False))
def test_invalidPath(self):
self.assertEqual(1, ipavalidate.Path("(foo)"))
self.assertEqual(1, ipavalidate.Path("", notEmpty=True))
self.assertEqual(1, ipavalidate.Path(None, notEmpty=True))
if __name__ == '__main__':
unittest.main()

10
ipa-server/ipa-gui/ipagui/forms/ipapolicy.py
View File

@ -9,8 +9,8 @@ class IPAPolicyFields(object):
ipasearchtimelimit = widgets.TextField(name="ipasearchtimelimit", label="Search Time Limit (sec.)", attrs=dict(size=6,maxlength=6))
ipasearchrecordslimit = widgets.TextField(name="ipasearchrecordslimit", label="Search Records Limit", attrs=dict(size=6,maxlength=6))
ipahomesrootdir = widgets.TextField(name="ipahomesrootdir", label="Root for Home Directories")
ipadefaultloginshell = widgets.TextField(name="ipadefaultloginshell", label="Default shell")
ipadefaultprimarygroup = widgets.TextField(name="ipadefaultprimarygroup", label="Default Users group")
ipadefaultloginshell = widgets.TextField(name="ipadefaultloginshell", label="Default Shell")
ipadefaultprimarygroup = widgets.TextField(name="ipadefaultprimarygroup", label="Default User Group")
ipamaxusernamelength = widgets.TextField(name="ipamaxusernamelength", label="Max. Username Length", attrs=dict(size=3,maxlength=3))
ipapwdexpadvnotify = widgets.TextField(name="ipapwdexpadvnotify", label="Password Expiration Notification (days)", attrs=dict(size=3,maxlength=3))
ipauserobjectclasses = widgets.TextField(name="ipauserobjectclasses", label="Default User Object Classes", attrs=dict(size=50))
@ -24,9 +24,9 @@ class IPAPolicyFields(object):
# From cn=accounts
krbmaxpwdlife = widgets.TextField(name="krbmaxpwdlife", label="Max. Password Lifetime (days)", attrs=dict(size=3,maxlength=3))
krbminpwdlife = widgets.TextField(name="krbminpwdlife", label="Min. Password Lifetime (hours)", attrs=dict(size=3,maxlength=3))
krbpwdmindiffchars = widgets.TextField(name="krbpwdmindiffchars", label="Min. number of character classes", attrs=dict(size=3,maxlength=3))
krbpwdminlength = widgets.TextField(name="krbpwdminlength", label="Min. Length of password", attrs=dict(size=3,maxlength=3))
krbpwdhistorylength = widgets.TextField(name="krbpwdhistorylength", label="Password History size", attrs=dict(size=3,maxlength=3))
krbpwdmindiffchars = widgets.TextField(name="krbpwdmindiffchars", label="Min. Number of Character Classes", attrs=dict(size=3,maxlength=3))
krbpwdminlength = widgets.TextField(name="krbpwdminlength", label="Min. Length of Password", attrs=dict(size=3,maxlength=3))
krbpwdhistorylength = widgets.TextField(name="krbpwdhistorylength", label="Password History Size", attrs=dict(size=3,maxlength=3))
password_orig = widgets.HiddenField(name="password_orig")

4
ipa-server/ipa-gui/ipagui/static/css/style.css
View File

@ -395,9 +395,9 @@ ul.checkboxlist li input {
.sortcol {
cursor: pointer;
padding-right: 20px !important;
padding-left: 10px !important;
background-repeat: no-repeat !important;
background-position: right center !important;
background-position: left center !important;
text-decoration: underline;
}
.sortasc {

2
ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py
View File

@ -71,7 +71,7 @@ class DelegationController(IPAController):
new_aci.source_group = kw.get('source_group_dn')
new_aci.dest_group = kw.get('dest_group_dn')
new_aci.attrs = kw.get('attrs')
if (new_aci.attrs, str):
if isinstance(new_aci.attrs, str):
new_aci.attrs = [new_aci.attrs]
# Look for an existing ACI of the same name

1
ipa-server/ipa-install/share/default-aci.ldif
View File

@ -23,6 +23,7 @@ dn: cn=accounts,$SUFFIX
changetype: modify
add: aci
aci: (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";)
aci: (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";)
dn: cn=services,cn=accounts,$SUFFIX
changetype: modify