def lockAccountPassword(self, user, object_dn): """ Locks the account password for the given DN """ # Do we have read permissions for the requested attribute env = Environment.getInstance() topic = "%s.objects.%s.attributes.%s" % (env.domain, "User", "userPassword") aclresolver = PluginRegistry.getInstance("ACLResolver") if not aclresolver.check(user, topic, "w", base=object_dn): self.__log.debug( "user '%s' has insufficient permissions to write %s on %s, required is %s:%s" % (user, "isLocked", object_dn, topic, "w") ) raise ACLException(C.make_error("PERMISSION_ACCESS", topic, target=object_dn)) # Get the object for the given dn user = ObjectProxy(object_dn) # Check if there is a userPasswort available and set if not "userPassword" in user.get_attributes(): raise PasswordException(C.make_error("PASSWORD_NO_ATTRIBUTE")) if not user.userPassword: raise PasswordException(C.make_error("PASSWORD_NOT_AVAILABLE")) # Try to detect the responsible password method-class pwd_o = self.detect_method_by_hash(user.userPassword) if not pwd_o: raise PasswordException(C.make_error("PASSWORD_METHOD_UNKNOWN")) # Lock the hash and save it user.userPassword = pwd_o.lock_account(user.userPassword) user.commit()
def setUserPassword(self, user, object_dn, password): """ Set a new password for a user """ # Do we have read permissions for the requested attribute env = Environment.getInstance() topic = "%s.objects.%s.attributes.%s" % (env.domain, "User", "userPassword") aclresolver = PluginRegistry.getInstance("ACLResolver") if not aclresolver.check(user, topic, "w", base=object_dn): self.__log.debug( "user '%s' has insufficient permissions to write %s on %s, required is %s:%s" % (user, "isLocked", object_dn, topic, "w") ) raise ACLException(C.make_error("PERMISSION_ACCESS", topic, target=object_dn)) user = ObjectProxy(object_dn) method = user.passwordMethod # Try to detect the responsible password method-class pwd_o = self.get_method_by_method_type(method) if not pwd_o: raise PasswordException(C.make_error("PASSWORD_UNKNOWN_HASH", type=method)) # Generate the new password hash usind the detected method pwd_str = pwd_o.generate_password_hash(password, method) # Set the password and commit the changes user.userPassword = pwd_str user.commit()