mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
cfac4acf9f
Don't read ipa.conf to get the realm, the kerberos libs do that for you. Use the krbPrincipalName to change passwords Make it possible to specify the principal at user creation. Mail is not a required attribute so far, don't require it.
108 lines
2.9 KiB
Python
108 lines
2.9 KiB
Python
#! /usr/bin/python -E
|
|
# Authors: Rob Crittenden <rcritten@redhat.com>
|
|
#
|
|
# Copyright (C) 2007 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License as
|
|
# published by the Free Software Foundation; version 2 only
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Tempal Place, Suite 330, Boston, MA 02111-1307 USA
|
|
#
|
|
|
|
import sys
|
|
from optparse import OptionParser
|
|
import ipa
|
|
import ipa.ipaclient as ipaclient
|
|
import ipa.config
|
|
|
|
import xmlrpclib
|
|
import kerberos
|
|
import krbV
|
|
import ldap
|
|
import getpass
|
|
|
|
def usage():
|
|
print "ipa-passwd [user]"
|
|
sys.exit(1)
|
|
|
|
def parse_options():
|
|
parser = OptionParser()
|
|
parser.add_option("--usage", action="store_true",
|
|
help="Program usage")
|
|
|
|
args = ipa.config.init_config(sys.argv)
|
|
options, args = parser.parse_args(args)
|
|
|
|
return options, args
|
|
|
|
def get_principal(krbctx):
|
|
try:
|
|
ccache = krbctx.default_ccache()
|
|
cprinc = ccache.principal()
|
|
except krbV.Krb5Error, e:
|
|
#TODO: do a kinit
|
|
print "Unable to get kerberos principal: %s" % e[1]
|
|
return None
|
|
|
|
return cprinc.name
|
|
|
|
def main():
|
|
match = False
|
|
username = None
|
|
principal = None
|
|
|
|
krbctx = krbV.default_context()
|
|
options, args = parse_options()
|
|
|
|
if len(args) == 2:
|
|
username = args[1]
|
|
else:
|
|
principal = get_principal(krbctx)
|
|
if principal is None:
|
|
return 1
|
|
|
|
if not principal:
|
|
u = username.split('@')
|
|
if len(u) > 2 or len(u) == 0:
|
|
print "Invalid user name (%s)" % username
|
|
if len(u) == 1:
|
|
principal = username+"@"+krbctx.default_realm
|
|
else:
|
|
principal = username
|
|
|
|
print "Changing password for %s" % principal
|
|
|
|
while (match != True):
|
|
# No syntax checking of the password is required because that is done
|
|
# on the server side
|
|
password = getpass.getpass(" New Password: ")
|
|
confirm = getpass.getpass(" Confirm Password: ")
|
|
if (password != confirm):
|
|
print "Passwords do not match"
|
|
match = False
|
|
elif (len(password) < 1):
|
|
print "Password cannot be empty"
|
|
match = False
|
|
else:
|
|
match = True
|
|
|
|
try:
|
|
client = ipaclient.IPAClient()
|
|
client.modifyPassword(principal, None, password)
|
|
except ipa.ipaerror.IPAError, e:
|
|
print "%s" % (e.message)
|
|
return 1
|
|
|
|
return 0
|
|
|
|
main()
|