Python pkey_to_value Beispiele

Beispiel #1

Datei: aci.py Projekt: msrb/freeipa

    def execute(self, aciname, aciprefix, **options):
        """
        Execute the aci-delete operation.

        :param aciname: The name of the ACI being deleted.
        :param aciprefix: The ACI prefix.
        """
        ldap = self.api.Backend.ldap2

        entry = ldap.get_entry(self.api.env.basedn, ["aci"])

        acistrs = entry.get("aci", [])
        acis = _convert_strings_to_acis(acistrs)
        aci = _find_aci_by_name(acis, aciprefix, aciname)
        for a in acistrs:
            candidate = ACI(a)
            if aci.isequal(candidate):
                acistrs.remove(a)
                break

        entry["aci"] = acistrs

        ldap.update_entry(entry)

        return dict(result=True, value=pkey_to_value(aciname, options))

Beispiel #2

Datei: krbtpolicy.py Projekt: AvidehST/freeipa

    def execute(self, *keys, **options):
        ldap = self.obj.backend

        dn = self.obj.get_dn(*keys, **options)

        def_values = {}
        # if reseting policy for a user - just his values
        if keys[-1] is not None:
            for a in self.obj.default_attributes:
                def_values[a] = None
        # if reseting global policy - set values to default
        else:
            def_values = _default_values

        entry = ldap.get_entry(dn, def_values.keys())
        entry.update(def_values)
        try:
            ldap.update_entry(entry)
        except errors.EmptyModlist:
            pass

        if keys[-1] is not None:
            # policy for user was deleted, retrieve global policy
            dn = self.obj.get_dn(None)
        entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)

        entry_attrs = entry_to_dict(entry_attrs, **options)

        return dict(result=entry_attrs, value=pkey_to_value(keys[-1], options))

Beispiel #3

Datei: aci.py Projekt: msrb/freeipa

    def execute(self, aciname, **kw):
        """
        Execute the aci-create operation.

        Returns the entry as it will be created in LDAP.

        :param aciname: The name of the ACI being added.
        :param kw: Keyword arguments for the other LDAP attributes.
        """
        assert "aciname" not in kw
        ldap = self.api.Backend.ldap2

        newaci = _make_aci(ldap, None, aciname, kw)

        entry = ldap.get_entry(self.api.env.basedn, ["aci"])

        acis = _convert_strings_to_acis(entry.get("aci", []))
        for a in acis:
            # FIXME: add check for permission_group = permission_group
            if a.isequal(newaci) or newaci.name == a.name:
                raise errors.DuplicateEntry()

        newaci_str = unicode(newaci)
        entry.setdefault("aci", []).append(newaci_str)

        if not kw.get("test", False):
            ldap.update_entry(entry)

        if kw.get("raw", False):
            result = dict(aci=unicode(newaci_str))
        else:
            result = _aci_to_kw(ldap, newaci, kw.get("test", False))
        return dict(result=result, value=pkey_to_value(aciname, kw))

Beispiel #4

Datei: aci.py Projekt: AvidehST/freeipa

    def execute(self, aciname, aciprefix, **options):
        """
        Execute the aci-delete operation.

        :param aciname: The name of the ACI being deleted.
        :param aciprefix: The ACI prefix.
        """
        ldap = self.api.Backend.ldap2

        entry = ldap.get_entry(self.api.env.basedn, ['aci'])

        acistrs = entry.get('aci', [])
        acis = _convert_strings_to_acis(acistrs)
        aci = _find_aci_by_name(acis, aciprefix, aciname)
        for a in acistrs:
            candidate = ACI(a)
            if aci.isequal(candidate):
                acistrs.remove(a)
                break

        entry['aci'] = acistrs

        ldap.update_entry(entry)

        return dict(
            result=True,
            value=pkey_to_value(aciname, options),
        )

Beispiel #5

Datei: automount.py Projekt: icute1349/freeipa

    def execute(self, *keys, **options):
        ldap = self.api.Backend.ldap2
        key = options['automountkey']
        info = options.get('automountinformation', None)
        keys += (self.obj.get_pk(key, info), )

        # handle RDN changes
        if 'rename' in options or 'newautomountinformation' in options:
            new_key = options.get('rename', key)
            new_info = options.get('newautomountinformation', info)

            if new_key == DIRECT_MAP_KEY and not new_info:
                # automountinformation attribute of existing LDAP object needs
                # to be retrieved so that RDN can be generated
                dn = self.obj.get_dn(*keys, **options)
                entry_attrs_ = ldap.get_entry(dn, ['automountinformation'])
                new_info = entry_attrs_.get('automountinformation', [])[0]

            # automounkey attribute cannot be overwritten so that get_dn()
            # still works right
            options['newautomountkey'] = new_key

            new_rdn = self.obj.get_pk(new_key, new_info)
            if new_rdn != keys[-1]:
                options['rename'] = new_rdn

        result = super(automountkey_mod, self).execute(*keys, **options)
        result['value'] = pkey_to_value(options['automountkey'], options)
        return result

Beispiel #6

Datei: selfservice.py Projekt: icute1349/freeipa

 def execute(self, aciname, **kw):
     result = api.Command['aci_show'](aciname, aciprefix=ACI_PREFIX, **kw)['result']
     self.obj.postprocess_result(result)
     return dict(
         result=result,
         value=pkey_to_value(aciname, kw),
     )

Beispiel #7

Datei: aci.py Projekt: AvidehST/freeipa

    def execute(self, aciname, **kw):
        """
        Execute the aci-show operation.

        Returns the entry

        :param uid: The login name of the user to retrieve.
        :param kw: unused
        """
        ldap = self.api.Backend.ldap2

        dn = kw.get('location', self.api.env.basedn)
        entry = ldap.get_entry(dn, ['aci'])

        acis = _convert_strings_to_acis(entry.get('aci', []))

        aci = _find_aci_by_name(acis, kw['aciprefix'], aciname)
        if kw.get('raw', False):
            result = dict(aci=unicode(aci))
        else:
            result = _aci_to_kw(ldap, aci)
        return dict(
            result=result,
            value=pkey_to_value(aciname, kw),
        )

Beispiel #8

Datei: krbtpolicy.py Projekt: tihlde/tihldeIPA

    def execute(self, *keys, **options):
        ldap = self.obj.backend

        dn = self.obj.get_dn(*keys, **options)

        def_values = {}
        # if reseting policy for a user - just his values
        if keys[-1] is not None:
            for a in self.obj.default_attributes:
                def_values[a] = None
        # if reseting global policy - set values to default
        else:
            def_values = _default_values

        entry = ldap.get_entry(dn, def_values.keys())
        entry.update(def_values)
        try:
            ldap.update_entry(entry)
        except errors.EmptyModlist:
            pass

        if keys[-1] is not None:
            # policy for user was deleted, retrieve global policy
            dn = self.obj.get_dn(None)
        entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)

        entry_attrs = entry_to_dict(entry_attrs, **options)

        return dict(result=entry_attrs, value=pkey_to_value(keys[-1], options))

Beispiel #9

Datei: aci.py Projekt: pspacek/freeipa

    def execute(self, aciname, **kw):
        """
        Execute the aci-show operation.

        Returns the entry

        :param uid: The login name of the user to retrieve.
        :param kw: unused
        """
        ldap = self.api.Backend.ldap2

        dn = kw.get('location', self.api.env.basedn)
        entry = ldap.get_entry(dn, ['aci'])

        acis = _convert_strings_to_acis(entry.get('aci', []))

        aci = _find_aci_by_name(acis, kw['aciprefix'], aciname)
        if kw.get('raw', False):
            result = dict(aci=unicode(aci))
        else:
            result = _aci_to_kw(ldap, aci)
        return dict(
            result=result,
            value=pkey_to_value(aciname, kw),
        )

Beispiel #10

    def execute(self, cn, **options):
        ldap = self.obj.backend

        dn = self.obj.get_dn(cn)

        if not options['ipasudoopt'].strip():
            raise errors.EmptyModlist()
        entry_attrs = ldap.get_entry(dn, ['ipasudoopt'])

        try:
            if options['ipasudoopt'] not in entry_attrs['ipasudoopt']:
                entry_attrs.setdefault('ipasudoopt', []).append(
                    options['ipasudoopt'])
            else:
                raise errors.DuplicateEntry
        except KeyError:
            entry_attrs.setdefault('ipasudoopt', []).append(
                options['ipasudoopt'])
        try:
            ldap.update_entry(entry_attrs)
        except errors.EmptyModlist:
            pass
        except errors.NotFound:
            self.obj.handle_not_found(cn)

        attrs_list = self.obj.default_attributes
        entry_attrs = ldap.get_entry(dn, attrs_list)

        entry_attrs = entry_to_dict(entry_attrs, **options)

        return dict(result=entry_attrs, value=pkey_to_value(cn, options))

Beispiel #11

Datei: sudorule.py Projekt: msrb/freeipa

    def execute(self, cn, **options):
        ldap = self.obj.backend

        dn = self.obj.get_dn(cn)

        if not options['ipasudoopt'].strip():
            raise errors.EmptyModlist()
        entry_attrs = ldap.get_entry(dn, ['ipasudoopt'])

        try:
            if options['ipasudoopt'] not in entry_attrs['ipasudoopt']:
                entry_attrs.setdefault('ipasudoopt', []).append(
                    options['ipasudoopt'])
            else:
                raise errors.DuplicateEntry
        except KeyError:
            entry_attrs.setdefault('ipasudoopt', []).append(
                options['ipasudoopt'])
        try:
            ldap.update_entry(entry_attrs)
        except errors.EmptyModlist:
            pass
        except errors.NotFound:
            self.obj.handle_not_found(cn)

        attrs_list = self.obj.default_attributes
        entry_attrs = ldap.get_entry(dn, attrs_list)

        entry_attrs = entry_to_dict(entry_attrs, **options)

        return dict(result=entry_attrs, value=pkey_to_value(cn, options))

Beispiel #12

Datei: selfservice.py Projekt: AvidehST/freeipa

    def execute(self, aciname, **kw):
        result = api.Command['aci_del'](aciname, aciprefix=ACI_PREFIX)
        self.obj.postprocess_result(result)

        return dict(
            result=True,
            value=pkey_to_value(aciname, kw),
        )

Beispiel #13

Datei: selfservice.py Projekt: AvidehST/freeipa

 def execute(self, aciname, **kw):
     result = api.Command['aci_show'](aciname, aciprefix=ACI_PREFIX,
                                      **kw)['result']
     self.obj.postprocess_result(result)
     return dict(
         result=result,
         value=pkey_to_value(aciname, kw),
     )

Beispiel #14

Datei: selfservice.py Projekt: icute1349/freeipa

    def execute(self, aciname, **kw):
        result = api.Command['aci_del'](aciname, aciprefix=ACI_PREFIX)
        self.obj.postprocess_result(result)

        return dict(
            result=True,
            value=pkey_to_value(aciname, kw),
        )

Beispiel #15

Datei: automount.py Projekt: icute1349/freeipa

 def execute(self, *keys, **options):
     key = options['automountkey']
     info = options.get('automountinformation', None)
     options[self.obj.primary_key.name] = self.obj.get_pk(key, info)
     options['add_operation'] = True
     result = super(automountkey_add, self).execute(*keys, **options)
     result['value'] = pkey_to_value(options['automountkey'], options)
     return result

Beispiel #16

Datei: automount.py Projekt: icute1349/freeipa

 def execute(self, *keys, **options):
     keys += (self.obj.get_pk(options['automountkey'],
                              options.get('automountinformation', None)),)
     options[self.obj.primary_key.name] = self.obj.get_pk(
                                         options['automountkey'],
                                         options.get('automountinformation', None))
     result = super(automountkey_del, self).execute(*keys, **options)
     result['value'] = pkey_to_value([options['automountkey']], options)
     return result

Beispiel #17

Datei: user.py Projekt: mrogers950/freeipa

    def execute(self, *keys, **options):
        ldap = self.obj.backend

        dn = self.obj.get_either_dn(*keys, **options)

        ldap.activate_entry(dn)

        return dict(
            result=True,
            value=pkey_to_value(keys[0], options),
        )

Beispiel #18

    def execute(self, *keys, **options):
        dn = self.obj.get_dn(*keys, **options)
        entry = self.obj.backend.get_entry(dn, ['objectclass', '*'])

        lsm = LdapSyncManager(self, dn, None, entry)
        lsm.update_local()

        return dict(
            result=True,
            value=pkey_to_value(keys[0], options),
        )

Beispiel #19

Datei: delegation.py Projekt: icute1349/freeipa

    def execute(self, aciname, **kw):
        if not 'permissions' in kw:
            kw['permissions'] = (u'write',)
        kw['aciprefix'] = ACI_PREFIX
        result = api.Command['aci_add'](aciname, **kw)['result']
        self.obj.postprocess_result(result)

        return dict(
            result=result,
            value=pkey_to_value(aciname, kw),
        )

Beispiel #20

Datei: delegation.py Projekt: AvidehST/freeipa

    def execute(self, aciname, **kw):
        if not 'permissions' in kw:
            kw['permissions'] = (u'write', )
        kw['aciprefix'] = ACI_PREFIX
        result = api.Command['aci_add'](aciname, **kw)['result']
        self.obj.postprocess_result(result)

        return dict(
            result=result,
            value=pkey_to_value(aciname, kw),
        )

Beispiel #21

Datei: user.py Projekt: mrogers950/freeipa

    def execute(self, *keys, **options):
        staged = []
        failed = []

        for key in keys[-1]:
            single_keys = keys[:-1] + (key,)
            multi_keys = keys[:-1] + ((key,),)

            user = self.api.Command.user_show(*single_keys, all=True)['result']
            new_options = {}
            for param in self.api.Command.stageuser_add.options():
                try:
                    value = user[param.name]
                except KeyError:
                    continue
                if param.multivalue and not isinstance(value, (list, tuple)):
                    value = [value]
                elif not param.multivalue and isinstance(value, (list, tuple)):
                    value = value[0]
                new_options[param.name] = value

            try:
                self.api.Command.stageuser_add(*single_keys, **new_options)
                try:
                    self.api.Command.user_del(*multi_keys, preserve=False)
                except errors.ExecutionError:
                    self.api.Command.stageuser_del(*multi_keys)
                    raise
            except errors.ExecutionError:
                if not options['continue']:
                    raise
                failed.append(key)
            else:
                staged.append(key)

        return dict(
            result=dict(
                failed=pkey_to_value(failed, options),
            ),
            value=pkey_to_value(staged, options),
        )

Beispiel #22

Datei: user.py Projekt: mrogers950/freeipa

    def execute(self, *keys, **options):
        ldap = self.obj.backend

        check_protected_member(keys[-1])

        dn = self.obj.get_either_dn(*keys, **options)
        ldap.deactivate_entry(dn)

        return dict(
            result=True,
            value=pkey_to_value(keys[0], options),
        )

Beispiel #23

Datei: vault.py Projekt: hroncok/freeipa

 def execute(self, *args, **options):
     base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
                  self.api.env.basedn)
     filter = '(&(objectClass=ipaConfigObject)(cn=KRA))'
     try:
         self.api.Backend.ldap2.find_entries(
             base_dn=base_dn, filter=filter, attrs_list=[])
     except errors.NotFound:
         result = False
     else:
         result = True
     return dict(result=result, value=pkey_to_value(None, options))

Beispiel #24

Datei: selfservice.py Projekt: AvidehST/freeipa

    def execute(self, aciname, **kw):
        if 'attrs' in kw and kw['attrs'] is None:
            raise errors.RequirementError(name='attrs')

        kw['aciprefix'] = ACI_PREFIX
        result = api.Command['aci_mod'](aciname, **kw)['result']
        self.obj.postprocess_result(result)

        return dict(
            result=result,
            value=pkey_to_value(aciname, kw),
        )

Beispiel #25

Datei: selfservice.py Projekt: icute1349/freeipa

    def execute(self, aciname, **kw):
        if 'attrs' in kw and kw['attrs'] is None:
            raise errors.RequirementError(name='attrs')

        kw['aciprefix'] = ACI_PREFIX
        result = api.Command['aci_mod'](aciname, **kw)['result']
        self.obj.postprocess_result(result)

        return dict(
            result=result,
            value=pkey_to_value(aciname, kw),
        )

Beispiel #26

Datei: automember.py Projekt: icute1349/freeipa

 def execute(self, *keys, **options):
     __doc__ = _("""
     Override this so we can set completed and failed.
     """)
     try:
         result = super(automember_remove_condition, self).execute(*keys, **options)
     except errors.EmptyModlist:
         result =  {'result': getattr(context, 'entry_attrs'), 'value': keys[-1]}
     result['failed'] = getattr(context, 'failed')
     result['completed'] = getattr(context, 'completed')
     result['value'] = pkey_to_value(keys[-1], options)
     return result

Beispiel #27

 def execute(self, *args, **options):
     base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
                  self.api.env.basedn)
     filter = '(&(objectClass=ipaConfigObject)(cn=CA))'
     try:
         self.api.Backend.ldap2.find_entries(base_dn=base_dn,
                                             filter=filter,
                                             attrs_list=[])
     except errors.NotFound:
         result = False
     else:
         result = True
     return dict(result=result, value=pkey_to_value(None, options))

Beispiel #28

Datei: user.py Projekt: mrogers950/freeipa

    def execute(self, *keys, **options):

        # We are going to permanent delete or the user is already in the delete container.
        delete_container = DN(self.obj.delete_container_dn, self.api.env.basedn)

        # The user to delete is active and there is no 'no_preserve' option
        if options.get('preserve', False):
            failed = []
            preserved = []
            for pkey in keys[-1]:
                try:
                    self._preserve_user(pkey, delete_container, **options)
                    preserved.append(pkey_to_value(pkey, options))
                except:
                    if not options.get('continue', False):
                        raise
                    failed.append(pkey_to_value(pkey, options))

            val = dict(result=dict(failed=failed), value=preserved)
            return val
        else:
            return super(user_del, self).execute(*keys, **options)

Beispiel #29

Datei: eduperson.py Projekt: cluck/ipalib-eduperson

    def execute(self, *keys, **options):
        dn = self.obj.get_dn(*keys, **options)
        entry = self.obj.backend.get_entry(dn, ['objectclass'])

        if 'eduPerson' not in entry['objectclass']:
            entry['objectclass'].append('eduPerson')

        self.obj.backend.update_entry(entry)

        return dict(
            result=True,
            value=pkey_to_value(keys[0], options),
        )

Beispiel #30

Datei: user.py Projekt: mrogers950/freeipa

    def execute(self, *keys, **options):
        dn = self.obj.get_either_dn(*keys, **options)
        entry = self.obj.backend.get_entry(
            dn, ['krbLastAdminUnlock', 'krbLoginFailedCount'])

        entry['krbLastAdminUnlock'] = [strftime("%Y%m%d%H%M%SZ", gmtime())]
        entry['krbLoginFailedCount'] = ['0']

        self.obj.backend.update_entry(entry)

        return dict(
            result=True,
            value=pkey_to_value(keys[0], options),
        )

Beispiel #31

Datei: aci.py Projekt: pspacek/freeipa

    def execute(self, aciname, **kw):
        aciprefix = kw['aciprefix']
        ldap = self.api.Backend.ldap2

        entry = ldap.get_entry(self.api.env.basedn, ['aci'])

        acis = _convert_strings_to_acis(entry.get('aci', []))
        aci = _find_aci_by_name(acis, aciprefix, aciname)

        # The strategy here is to convert the ACI we're updating back into
        # a series of keywords. Then we replace any keywords that have been
        # updated and convert that back into an ACI and write it out.
        oldkw = _aci_to_kw(ldap, aci)
        newkw = deepcopy(oldkw)
        if newkw.get('selfaci', False):
            # selfaci is set in aci_to_kw to True only if the target is self
            kw['selfaci'] = True
        newkw.update(kw)
        for acikw in (oldkw, newkw):
            acikw.pop('aciname', None)

        # _make_aci is what is run in aci_add and validates the input.
        # Do this before we delete the existing ACI.
        newaci = _make_aci(ldap, None, aciname, newkw)
        if aci.isequal(newaci):
            raise errors.EmptyModlist()

        self.api.Command['aci_del'](aciname, aciprefix=aciprefix)

        try:
            result = self.api.Command['aci_add'](aciname, **newkw)['result']
        except Exception as e:
            # ACI could not be added, try to restore the old deleted ACI and
            # report the ADD error back to user
            try:
                self.api.Command['aci_add'](aciname, **oldkw)
            except Exception:
                pass
            raise e

        if kw.get('raw', False):
            result = dict(aci=unicode(newaci))
        else:
            result = _aci_to_kw(ldap, newaci)
        return dict(
            result=result,
            value=pkey_to_value(aciname, kw),
        )

Beispiel #32

Datei: aci.py Projekt: miradam/python-ipalib

    def execute(self, aciname, **kw):
        aciprefix = kw['aciprefix']
        ldap = self.api.Backend.ldap2

        entry = ldap.get_entry(self.api.env.basedn, ['aci'])

        acis = _convert_strings_to_acis(entry.get('aci', []))
        aci = _find_aci_by_name(acis, aciprefix, aciname)

        # The strategy here is to convert the ACI we're updating back into
        # a series of keywords. Then we replace any keywords that have been
        # updated and convert that back into an ACI and write it out.
        oldkw = _aci_to_kw(ldap, aci)
        newkw = deepcopy(oldkw)
        if newkw.get('selfaci', False):
            # selfaci is set in aci_to_kw to True only if the target is self
            kw['selfaci'] = True
        newkw.update(kw)
        for acikw in (oldkw, newkw):
            acikw.pop('aciname', None)

        # _make_aci is what is run in aci_add and validates the input.
        # Do this before we delete the existing ACI.
        newaci = _make_aci(ldap, None, aciname, newkw)
        if aci.isequal(newaci):
            raise errors.EmptyModlist()

        self.api.Command['aci_del'](aciname, aciprefix=aciprefix)

        try:
            result = self.api.Command['aci_add'](aciname, **newkw)['result']
        except Exception as e:
            # ACI could not be added, try to restore the old deleted ACI and
            # report the ADD error back to user
            try:
                self.api.Command['aci_add'](aciname, **oldkw)
            except Exception:
                pass
            raise e

        if kw.get('raw', False):
            result = dict(aci=unicode(newaci))
        else:
            result = _aci_to_kw(ldap, newaci)
        return dict(
            result=result,
            value=pkey_to_value(aciname, kw),
        )

Beispiel #33

Datei: caacl.py Projekt: rkuska/freeipa

    def execute(self, cn, **options):
        ldap = self.obj.backend

        dn = self.obj.get_dn(cn)
        try:
            entry_attrs = ldap.get_entry(dn, ["ipaenabledflag"])
        except errors.NotFound:
            self.obj.handle_not_found(cn)

        entry_attrs["ipaenabledflag"] = ["FALSE"]

        try:
            ldap.update_entry(entry_attrs)
        except errors.EmptyModlist:
            pass

        return dict(result=True, value=pkey_to_value(cn, options))

Beispiel #34

Datei: rfiddoorcontrol.py Projekt: cluck/ipalib-rfiddoorcontrol

    def execute(self, *keys, **options):
        dn = self.obj.get_dn(*keys, **options)
        entry = self.obj.backend.get_entry(dn, ['objectclass', 'rfidKey', 'rfidDoorAccess'])

        while 'rfidDoorControl' in entry['objectclass']:
            entry['objectclass'].remove('rfidDoorControl')

        for att in ('rfidKey', 'rfidDoorAccess'):
            try:
                del entry[att]
            except KeyError:
                pass

        self.obj.backend.update_entry(entry)

        return dict(
            result=True,
            value=pkey_to_value(keys[0], options),
        )

Beispiel #35

Datei: eduperson.py Projekt: cluck/ipalib-eduperson

    def execute(self, *keys, **options):
        dn = self.obj.get_dn(*keys, **options)
        entry = self.obj.backend.get_entry(dn, ['objectclass'] + ATTRIBUTES)

        while 'eduPerson' in entry['objectclass']:
            entry['objectclass'].remove('eduPerson')

        for att in ATTRIBUTES:
            try:
                del entry[att]
            except KeyError:
                pass

        self.obj.backend.update_entry(entry)

        return dict(
            result=True,
            value=pkey_to_value(keys[0], options),
        )

Beispiel #36

    def execute(self, cn, **options):
        ldap = self.obj.backend

        dn = self.obj.get_dn(cn)
        try:
            entry_attrs = ldap.get_entry(dn, ['ipaenabledflag'])
        except errors.NotFound:
            self.obj.handle_not_found(cn)

        entry_attrs['ipaenabledflag'] = ['FALSE']

        try:
            ldap.update_entry(entry_attrs)
        except errors.EmptyModlist:
            pass

        return dict(
            result=True,
            value=pkey_to_value(cn, options),
        )

Beispiel #37

Datei: selinuxusermap.py Projekt: icute1349/freeipa

    def execute(self, cn, **options):
        ldap = self.obj.backend

        dn = self.obj.get_dn(cn)
        try:
            entry_attrs = ldap.get_entry(dn, ['ipaenabledflag'])
        except errors.NotFound:
            self.obj.handle_not_found(cn)

        entry_attrs['ipaenabledflag'] = ['FALSE']

        try:
            ldap.update_entry(entry_attrs)
        except errors.EmptyModlist:
            raise errors.AlreadyInactive()

        return dict(
            result=True,
            value=pkey_to_value(cn, options),
        )

Beispiel #38

Datei: aci.py Projekt: pspacek/freeipa

    def execute(self, aciname, **kw):
        ldap = self.api.Backend.ldap2

        entry = ldap.get_entry(self.api.env.basedn, ['aci'])

        acis = _convert_strings_to_acis(entry.get('aci', []))
        aci = _find_aci_by_name(acis, kw['aciprefix'], aciname)

        for a in acis:
            prefix, name = _parse_aci_name(a.name)
            if _make_aci_name(prefix, kw['newname']) == a.name:
                raise errors.DuplicateEntry()

        # The strategy here is to convert the ACI we're updating back into
        # a series of keywords. Then we replace any keywords that have been
        # updated and convert that back into an ACI and write it out.
        newkw =  _aci_to_kw(ldap, aci)
        if 'selfaci' in newkw and newkw['selfaci'] == True:
            # selfaci is set in aci_to_kw to True only if the target is self
            kw['selfaci'] = True
        if 'aciname' in newkw:
            del newkw['aciname']

        # _make_aci is what is run in aci_add and validates the input.
        # Do this before we delete the existing ACI.
        newaci = _make_aci(ldap, None, kw['newname'], newkw)

        self.api.Command['aci_del'](aciname, aciprefix=kw['aciprefix'])

        result = self.api.Command['aci_add'](kw['newname'], **newkw)['result']

        if kw.get('raw', False):
            result = dict(aci=unicode(newaci))
        else:
            result = _aci_to_kw(ldap, newaci)
        return dict(
            result=result,
            value=pkey_to_value(kw['newname'], kw),
        )

Beispiel #39

Datei: aci.py Projekt: AvidehST/freeipa

    def execute(self, aciname, **kw):
        ldap = self.api.Backend.ldap2

        entry = ldap.get_entry(self.api.env.basedn, ['aci'])

        acis = _convert_strings_to_acis(entry.get('aci', []))
        aci = _find_aci_by_name(acis, kw['aciprefix'], aciname)

        for a in acis:
            prefix, name = _parse_aci_name(a.name)
            if _make_aci_name(prefix, kw['newname']) == a.name:
                raise errors.DuplicateEntry()

        # The strategy here is to convert the ACI we're updating back into
        # a series of keywords. Then we replace any keywords that have been
        # updated and convert that back into an ACI and write it out.
        newkw = _aci_to_kw(ldap, aci)
        if 'selfaci' in newkw and newkw['selfaci'] == True:
            # selfaci is set in aci_to_kw to True only if the target is self
            kw['selfaci'] = True
        if 'aciname' in newkw:
            del newkw['aciname']

        # _make_aci is what is run in aci_add and validates the input.
        # Do this before we delete the existing ACI.
        newaci = _make_aci(ldap, None, kw['newname'], newkw)

        self.api.Command['aci_del'](aciname, aciprefix=kw['aciprefix'])

        result = self.api.Command['aci_add'](kw['newname'], **newkw)['result']

        if kw.get('raw', False):
            result = dict(aci=unicode(newaci))
        else:
            result = _aci_to_kw(ldap, newaci)
        return dict(
            result=result,
            value=pkey_to_value(kw['newname'], kw),
        )

Beispiel #40

Datei: user.py Projekt: mrogers950/freeipa

    def execute(self, *keys, **options):
        ldap = self.obj.backend

        # First check that the user exists and is a delete one
        delete_dn = self.obj.get_either_dn(*keys, **options)
        try:
            entry_attrs = self._exc_wrapper(keys, options, ldap.get_entry)(delete_dn)
        except errors.NotFound:
            self.obj.handle_not_found(*keys)
        if delete_dn.endswith(DN(self.obj.active_container_dn,
                                 api.env.basedn)):
            raise errors.InvocationError(
                message=_('user "%s" is already active') % keys[-1])

        active_dn = DN(delete_dn[0], self.obj.active_container_dn, api.env.basedn)

        # start to move the entry to the Active container
        self._exc_wrapper(keys, options, ldap.move_entry)(delete_dn, active_dn, del_old=True)

        # add the user we just undelete into the default primary group
        config = ldap.get_ipa_config()
        def_primary_group = config.get('ipadefaultprimarygroup')
        group_dn = self.api.Object['group'].get_dn(def_primary_group)

        # if the user is already a member of default primary group,
        # do not raise error
        # this can happen if automember rule or default group is set
        try:
            ldap.add_entry_to_group(active_dn, group_dn)
        except errors.AlreadyGroupMember:
            pass

        return dict(
            result=True,
            value=pkey_to_value(keys[0], options),
        )

Beispiel #41

Datei: aci.py Projekt: AvidehST/freeipa

    def execute(self, aciname, **kw):
        """
        Execute the aci-create operation.

        Returns the entry as it will be created in LDAP.

        :param aciname: The name of the ACI being added.
        :param kw: Keyword arguments for the other LDAP attributes.
        """
        assert 'aciname' not in kw
        ldap = self.api.Backend.ldap2

        newaci = _make_aci(ldap, None, aciname, kw)

        entry = ldap.get_entry(self.api.env.basedn, ['aci'])

        acis = _convert_strings_to_acis(entry.get('aci', []))
        for a in acis:
            # FIXME: add check for permission_group = permission_group
            if a.isequal(newaci) or newaci.name == a.name:
                raise errors.DuplicateEntry()

        newaci_str = unicode(newaci)
        entry.setdefault('aci', []).append(newaci_str)

        if not kw.get('test', False):
            ldap.update_entry(entry)

        if kw.get('raw', False):
            result = dict(aci=unicode(newaci_str))
        else:
            result = _aci_to_kw(ldap, newaci, kw.get('test', False))
        return dict(
            result=result,
            value=pkey_to_value(aciname, kw),
        )

Beispiel #42

    def execute(self, *keys, **options):
        ldap = self.obj.backend

        # If we aren't given a fqdn, find it
        if _hostname_validator(None, keys[-1]) is not None:
            hostentry = api.Command['host_show'](keys[-1])['result']
            fqdn = hostentry['fqdn'][0]
        else:
            fqdn = keys[-1]

        host_is_master(ldap, fqdn)

        # See if we actually do anthing here, and if not raise an exception
        done_work = False

        truncated = True
        while truncated:
            try:
                ret = api.Command['service_find'](fqdn)
                truncated = ret['truncated']
                services = ret['result']
            except errors.NotFound:
                break
            else:
                for entry_attrs in services:
                    principal = entry_attrs['krbprincipalname'][0]
                    (service, hostname, realm) = split_principal(principal)
                    if hostname.lower() == fqdn:
                        try:
                            api.Command['service_disable'](principal)
                            done_work = True
                        except errors.AlreadyInactive:
                            pass

        dn = self.obj.get_dn(*keys, **options)
        try:
            entry_attrs = ldap.get_entry(dn, ['usercertificate'])
        except errors.NotFound:
            self.obj.handle_not_found(*keys)
        if self.api.Command.ca_is_enabled()['result']:
            certs = entry_attrs.get('usercertificate', [])

            if certs:
                revoke_certs(certs, self.log)
                # Remove the usercertificate altogether
                entry_attrs['usercertificate'] = None
                ldap.update_entry(entry_attrs)
                done_work = True

        self.obj.get_password_attributes(ldap, dn, entry_attrs)
        if entry_attrs['has_keytab']:
            ldap.remove_principal_key(dn)
            done_work = True

        if not done_work:
            raise errors.AlreadyInactive()

        return dict(
            result=True,
            value=pkey_to_value(keys[0], options),
        )

Beispiel #43

Datei: host.py Projekt: rkuska/freeipa

    def execute(self, *keys, **options):
        ldap = self.obj.backend

        # If we aren't given a fqdn, find it
        if _hostname_validator(None, keys[-1]) is not None:
            hostentry = api.Command['host_show'](keys[-1])['result']
            fqdn = hostentry['fqdn'][0]
        else:
            fqdn = keys[-1]

        host_is_master(ldap, fqdn)

        # See if we actually do anthing here, and if not raise an exception
        done_work = False

        truncated = True
        while truncated:
            try:
                ret = api.Command['service_find'](fqdn)
                truncated = ret['truncated']
                services = ret['result']
            except errors.NotFound:
                break
            else:
                for entry_attrs in services:
                    principal = entry_attrs['krbprincipalname'][0]
                    (service, hostname, realm) = split_principal(principal)
                    if hostname.lower() == fqdn:
                        try:
                            api.Command['service_disable'](principal)
                            done_work = True
                        except errors.AlreadyInactive:
                            pass

        dn = self.obj.get_dn(*keys, **options)
        try:
            entry_attrs = ldap.get_entry(dn, ['usercertificate'])
        except errors.NotFound:
            self.obj.handle_not_found(*keys)
        if self.api.Command.ca_is_enabled()['result']:
            certs = entry_attrs.get('usercertificate', [])

            if certs:
                revoke_certs(certs, self.log)
                # Remove the usercertificate altogether
                entry_attrs['usercertificate'] = None
                ldap.update_entry(entry_attrs)
                done_work = True

        self.obj.get_password_attributes(ldap, dn, entry_attrs)
        if entry_attrs['has_keytab']:
            ldap.remove_principal_key(dn)
            done_work = True

        if not done_work:
            raise errors.AlreadyInactive()

        return dict(
            result=True,
            value=pkey_to_value(keys[0], options),
        )

Beispiel #44

Datei: automember.py Projekt: icute1349/freeipa

    def execute(self, *keys, **options):
        ldap = self.api.Backend.ldap2
        cn = str(uuid.uuid4())

        gtype = options.get('type')
        if not gtype:
            gtype = 'group' if options.get('users') else 'hostgroup'

        types = {
            'group': (
                'user',
                'users',
                DN(api.env.container_user, api.env.basedn)
            ),
            'hostgroup': (
                'host',
                'hosts',
                DN(api.env.container_host, api.env.basedn)
            ),
        }

        obj_name, opt_name, basedn = types[gtype]
        obj = self.api.Object[obj_name]

        names = options.get(opt_name)
        if names:
            for name in names:
                try:
                    obj.get_dn_if_exists(name)
                except errors.NotFound:
                    obj.handle_not_found(name)
            search_filter = ldap.make_filter_from_attr(
                obj.primary_key.name,
                names,
                rules=ldap.MATCH_ANY
            )
        else:
            search_filter = '(%s=*)' % obj.primary_key.name

        task_dn = DN(('cn', cn), REBUILD_TASK_CONTAINER)

        entry = ldap.make_entry(
            task_dn,
            objectclass=['top', 'extensibleObject'],
            cn=[cn],
            basedn=[basedn],
            filter=[search_filter],
            scope=['sub'],
            ttl=[3600])
        ldap.add_entry(entry)

        summary = _('Automember rebuild membership task started')
        result = {'dn': task_dn}

        if not options.get('no_wait'):
            summary = _('Automember rebuild membership task completed')
            result = {}
            start_time = time.time()

            while True:
                try:
                    task = ldap.get_entry(task_dn)
                except errors.NotFound:
                    break

                if 'nstaskexitcode' in task:
                    if str(task.single_value['nstaskexitcode']) == '0':
                        summary=task.single_value['nstaskstatus']
                        break
                    else:
                        raise errors.DatabaseError(
                            desc=task.single_value['nstaskstatus'],
                            info=_("Task DN = '%s'" % task_dn))
                time.sleep(1)
                if time.time() > (start_time + 60):
                   raise errors.TaskTimeout(task=_('Automember'), task_dn=task_dn)

        return dict(
            result=result,
            summary=unicode(summary),
            value=pkey_to_value(None, options))

Beispiel #45

Datei: stageuser.py Projekt: rkuska/freeipa

    def execute(self, *args, **options):

        ldap = self.obj.backend

        staging_dn = self.obj.get_dn(*args, **options)
        assert isinstance(staging_dn, DN)

        # retrieve the current entry
        try:
            entry_attrs = self._exc_wrapper(args, options, ldap.get_entry)(
                staging_dn, ['*']
            )
        except errors.NotFound:
            self.obj.handle_not_found(*args)
        entry_attrs = dict((k.lower(), v) for (k, v) in entry_attrs.iteritems())

        # Check it does not exist an active entry with the same RDN
        active_dn = DN(staging_dn[0], api.env.container_user, api.env.basedn)
        try:
            test_entry_attrs = self._exc_wrapper(args, options, ldap.get_entry)(
                active_dn, ['dn']
            )
            assert isinstance(staging_dn, DN)
            raise errors.DuplicateEntry(
                message=_('active user with name "%(user)s" already exists') %
                dict(user=args[-1]))
        except errors.NotFound:
            pass

        # Check the original entry is valid
        self._check_validy(staging_dn, entry_attrs)

        # Time to build the new entry
        result_entry = {'dn' : active_dn}
        new_entry_attrs = self.__dict_new_entry()
        for (attr, values) in entry_attrs.iteritems():
            self.__merge_values(args, options, entry_attrs, new_entry_attrs, attr)
            result_entry[attr] = values

        # Allow Managed entry plugin to do its work
        if 'description' in new_entry_attrs and NO_UPG_MAGIC in new_entry_attrs['description']:
            new_entry_attrs['description'].remove(NO_UPG_MAGIC)
            if result_entry['description'] == NO_UPG_MAGIC:
                del result_entry['description']

        for (k,v) in new_entry_attrs.iteritems():
            self.log.debug("new entry: k=%r and v=%r)"  % (k, v))

        self._build_new_entry(ldap, staging_dn, entry_attrs, new_entry_attrs)

        # Add the Active entry
        entry = ldap.make_entry(active_dn, new_entry_attrs)
        self._exc_wrapper(args, options, ldap.add_entry)(entry)

        # Now delete the Staging entry
        try:
            self._exc_wrapper(args, options, ldap.delete_entry)(staging_dn)
        except:
            try:
                self.log.error("Fail to delete the Staging user after activating it %s " % (staging_dn))
                self._exc_wrapper(args, options, ldap.delete_entry)(active_dn)
            except:
                self.log.error("Fail to cleanup activation. The user remains active %s" % (active_dn))
                pass
            raise

        # add the user we just created into the default primary group
        config = ldap.get_ipa_config()
        def_primary_group = config.get('ipadefaultprimarygroup')
        group_dn = self.api.Object['group'].get_dn(def_primary_group)

        # if the user is already a member of default primary group,
        # do not raise error
        # this can happen if automember rule or default group is set
        try:
            ldap.add_entry_to_group(active_dn, group_dn)
        except errors.AlreadyGroupMember:
            pass

        # Now retrieve the activated entry
        result_entry = self._exc_wrapper(args, options, ldap.get_entry)(active_dn)
        result_entry = entry_to_dict(result_entry, **options)
        result_entry['dn'] = active_dn

        return dict(result=result_entry,
                    summary=unicode(_('Stage user %s activated' % staging_dn[0].value)),
                    value=pkey_to_value(args[-1], options))