예제 #1
0
파일: misc.py 프로젝트: nathancheek/freeipa
class plugins(LocalOrRemote):
    __doc__ = _('Show all loaded plugins.')

    msg_summary = ngettext('%(count)d plugin loaded',
                           '%(count)d plugins loaded', 0)

    takes_options = LocalOrRemote.takes_options + (Flag(
        'all',
        cli_name='all',
        doc=_('retrieve and print all attributes from the server. '
              'Affects command output.'),
        exclude='webui',
        flags=['no_option', 'no_output'],
        default=True,
    ), )

    has_output = (
        Output('result', dict, 'Dictionary mapping plugin names to bases'),
        Output(
            'count',
            type=int,
            doc=_('Number of plugins loaded'),
        ),
        summary,
    )

    def execute(self, **options):
        result = {}
        for namespace in self.api:
            for plugin in self.api[namespace]():
                cls = type(plugin)
                key = '{}.{}'.format(cls.__module__, cls.__name__)
                result.setdefault(key, []).append(namespace)

        return dict(result=result, )
예제 #2
0
class plugins(LocalOrRemote):
    __doc__ = _('Show all loaded plugins.')

    msg_summary = ngettext('%(count)d plugin loaded',
                           '%(count)d plugins loaded', 0)

    takes_options = LocalOrRemote.takes_options + (Flag(
        'all',
        cli_name='all',
        doc=
        _('retrieve and print all attributes from the server. Affects command output.'
          ),
        exclude='webui',
        flags=['no_output'],
        default=True,
    ), )

    has_output = (
        Output('result', dict, 'Dictionary mapping plugin names to bases'),
        Output(
            'count',
            type=int,
            doc=_('Number of plugins loaded'),
        ),
        summary,
    )

    def execute(self, **options):
        plugins = sorted(self.api.plugins, key=lambda o: o.plugin)
        return dict(
            result=dict((p.plugin, p.bases) for p in plugins),
            count=len(plugins),
        )
예제 #3
0
 def _iter_output(self):
     if type(self.has_output) is not tuple:
         raise TypeError('%s.has_output: need a %r; got a %r: %r' % (
             self.name, tuple, type(self.has_output), self.has_output)
         )
     for (i, o) in enumerate(self.has_output):
         if isinstance(o, str):
             o = Output(o)
         if not isinstance(o, Output):
             raise TypeError('%s.has_output[%d]: need a %r; got a %r: %r' % (
                 self.name, i, (str, Output), type(o), o)
             )
         yield o
예제 #4
0
    def _create_output(self, api, schema):
        if schema.get('multivalue', False):
            type_type = (tuple, list)
            if not schema.get('required', True):
                type_type = type_type + (type(None), )
        else:
            try:
                type_type = _TYPES[schema['type']]
            except KeyError:
                type_type = None
            else:
                if not schema.get('required', True):
                    type_type = (type_type, type(None))

        kwargs = {}
        kwargs['type'] = type_type

        if 'doc' in schema:
            kwargs['doc'] = schema['doc']

        if schema.get('no_display', False):
            kwargs['flags'] = ('no_display', )

        return Output(str(schema['name']), **kwargs)
예제 #5
0
class batch(Command):
    NO_CLI = True

    takes_args = (
        Any('methods*',
            doc=_('Nested Methods to execute'),
        ),
    )

    take_options = (
        Str('version',
            cli_name='version',
            doc=_('Client version. Used to determine if server will accept request.'),
            exclude='webui',
            flags=['no_option', 'no_output'],
            default=API_VERSION,
            autofill=True,
        ),
    )

    has_output = (
        Output('count', int, doc=''),
        Output('results', (list, tuple), doc='')
    )

    def execute(self, *args, **options):
        results = []
        for arg in args[0]:
            params = dict()
            name = None
            try:
                if 'method' not in arg:
                    raise errors.RequirementError(name='method')
                if 'params' not in arg:
                    raise errors.RequirementError(name='params')
                name = arg['method']
                if name not in self.Command:
                    raise errors.CommandError(name=name)
                a, kw = arg['params']
                newkw = dict((str(k), v) for k, v in kw.items())
                params = api.Command[name].args_options_2_params(*a, **newkw)
                newkw.setdefault('version', options['version'])

                result = api.Command[name](*a, **newkw)
                self.info(
                    '%s: batch: %s(%s): SUCCESS', context.principal, name, ', '.join(api.Command[name]._repr_iter(**params))
                )
                result['error']=None
            except Exception as e:
                if isinstance(e, errors.RequirementError) or \
                    isinstance(e, errors.CommandError):
                    self.info(
                        '%s: batch: %s',
                        context.principal,  # pylint: disable=no-member
                        e.__class__.__name__
                    )
                else:
                    self.info(
                        '%s: batch: %s(%s): %s',
                        context.principal, name,  # pylint: disable=no-member
                        ', '.join(api.Command[name]._repr_iter(**params)),
                        e.__class__.__name__
                    )
                if isinstance(e, errors.PublicError):
                    reported_error = e
                else:
                    reported_error = errors.InternalError()
                result = dict(
                    error=reported_error.strerror,
                    error_code=reported_error.errno,
                    error_name=unicode(type(reported_error).__name__),
                )
            results.append(result)
        return dict(count=len(results) , results=results)
예제 #6
0
class json_metadata(Command):
    __doc__ = _('Export plugin meta-data for the webUI.')
    NO_CLI = True


    takes_args = (
        Str('objname?',
            doc=_('Name of object to export'),
        ),
        Str('methodname?',
            doc=_('Name of method to export'),
        ),
    )

    takes_options = (
        Str('object?',
            doc=_('Name of object to export'),
        ),
        Str('method?',
            doc=_('Name of method to export'),
        ),
        Str('command?',
            doc=_('Name of command to export'),
        ),
    )

    has_output = (
        Output('objects', dict, doc=_('Dict of JSON encoded IPA Objects')),
        Output('methods', dict, doc=_('Dict of JSON encoded IPA Methods')),
        Output('commands', dict, doc=_('Dict of JSON encoded IPA Commands')),
    )

    def execute(self, objname=None, methodname=None, **options):
        objects = dict()
        methods = dict()
        commands = dict()

        empty = True

        try:
            if not objname:
                objname = options['object']
            if objname in self.api.Object:
                o = self.api.Object[objname]
                objects = dict([(o.name, json_serialize(o))])
            elif objname == "all":
                objects = dict(
                    (o.name, json_serialize(o)) for o in self.api.Object()
                    if o is self.api.Object[o.name]
                )
            empty = False
        except KeyError:
            pass

        try:
            if not methodname:
                methodname = options['method']
            if (methodname in self.api.Method and
                    not isinstance(self.api.Method[methodname], Local)):
                m = self.api.Method[methodname]
                methods = dict([(m.name, json_serialize(m))])
            elif methodname == "all":
                methods = dict(
                    (m.name, json_serialize(m)) for m in self.api.Method()
                    if (m is self.api.Method[m.name] and
                        not isinstance(m, Local))
                )
            empty = False
        except KeyError:
            pass

        try:
            cmdname = options['command']
            if (cmdname in self.api.Command and
                    not isinstance(self.api.Command[cmdname], Local)):
                c = self.api.Command[cmdname]
                commands = dict([(c.name, json_serialize(c))])
            elif cmdname == "all":
                commands = dict(
                    (c.name, json_serialize(c)) for c in self.api.Command()
                    if (c is self.api.Command[c.name] and
                        not isinstance(c, Local))
                )
            empty = False
        except KeyError:
            pass

        if empty:
            objects = dict(
                (o.name, json_serialize(o)) for o in self.api.Object()
                if o is self.api.Object[o.name]
            )
            methods = dict(
                (m.name, json_serialize(m)) for m in self.api.Method()
                if (m is self.api.Method[m.name] and
                    not isinstance(m, Local))
            )
            commands = dict(
                (c.name, json_serialize(c)) for c in self.api.Command()
                if (c is self.api.Command[c.name] and
                    not isinstance(c, Local))
            )

        retval = dict([
            ("objects", objects),
            ("methods", methods),
            ("commands", commands),
        ])

        return retval
예제 #7
0
class i18n_messages(Command):
    __doc__ = _('Internationalization messages')
    NO_CLI = True

    messages = {
        "ajax": {
            "401": {
                "message": _("Your session has expired. Please log in again."),
            },
        },
        "actions": {
            "apply": _("Apply"),
            "automember_rebuild": _("Rebuild auto membership"),
            "automember_rebuild_confirm": _("Are you sure you want to rebuild auto membership?"),
            "automember_rebuild_success": _("Automember rebuild membership task completed"),
            "confirm": _("Are you sure you want to proceed with the action?"),
            "delete_confirm": _("Are you sure you want to delete ${object}?"),
            "disable_confirm": _("Are you sure you want to disable ${object}?"),
            "enable_confirm": _("Are you sure you want to enable ${object}?"),
            "title": _("Actions"),
        },
        "association": {
            "add": {
                "ipasudorunas": _("Add RunAs ${other_entity} into ${entity} ${primary_key}"),
                "ipasudorunasgroup": _("Add RunAs Groups into ${entity} ${primary_key}"),
                "managedby": _("Add ${other_entity} Managing ${entity} ${primary_key}"),
                "member": _("Add ${other_entity} into ${entity} ${primary_key}"),
                "memberallowcmd": _("Add Allow ${other_entity} into ${entity} ${primary_key}"),
                "memberdenycmd": _("Add Deny ${other_entity} into ${entity} ${primary_key}"),
                "memberof": _("Add ${entity} ${primary_key} into ${other_entity}"),
            },
            "added": _("${count} item(s) added"),
            "direct_membership": _("Direct Membership"),
            "filter_placeholder": _("Filter available ${other_entity}"),
            "indirect_membership": _("Indirect Membership"),
            "no_entries": _("No entries."),
            "paging": _("Showing ${start} to ${end} of ${total} entries."),
            "remove": {
                "ipasudorunas": _("Remove RunAs ${other_entity} from ${entity} ${primary_key}"),
                "ipasudorunasgroup": _("Remove RunAs Groups from ${entity} ${primary_key}"),
                "managedby": _("Remove ${other_entity} Managing ${entity} ${primary_key}"),
                "member": _("Remove ${other_entity} from ${entity} ${primary_key}"),
                "memberallowcmd": _("Remove Allow ${other_entity} from ${entity} ${primary_key}"),
                "memberdenycmd": _("Remove Deny ${other_entity} from ${entity} ${primary_key}"),
                "memberof": _("Remove ${entity} ${primary_key} from ${other_entity}"),
            },
            "removed": _("${count} item(s) removed"),
            "show_results": _("Show Results"),
        },
        "authtype": {
            "auth_indicators": _("Authentication indicators"),
            "auth_indicator": _("Authentication indicator"),
            "config_tooltip": _("<p>Implicit method (password) will be used if no method is chosen.</p><p><strong>Password + Two-factor:</strong> LDAP and Kerberos allow authentication with either one of the authentication types but Kerberos uses pre-authentication method which requires to use armor ccache.</p><p><strong>RADIUS with another type:</strong> Kerberos always use RADIUS, but LDAP never does. LDAP only recognize the password and two-factor authentication options.</p>"),
            "custom_auth_ind_title": _("Add Custom Authentication Indicator"),
            "otp": _("OTP"),
            "type_otp": _("Two factor authentication (password + OTP)"),
            "type_password": _("Password"),
            "type_radius": _("RADIUS"),
            "type_disabled": _("Disable per-user override"),
            "user_tooltip": _("<p>Per-user setting, overwrites the global setting if any option is checked.</p><p><strong>Password + Two-factor:</strong> LDAP and Kerberos allow authentication with either one of the authentication types but Kerberos uses pre-authentication method which requires to use armor ccache.</p><p><strong>RADIUS with another type:</strong> Kerberos always use RADIUS, but LDAP never does. LDAP only recognize the password and two-factor authentication options.</p>"),
        },
        "buttons": {
            "about": _("About"),
            "activate": _("Activate"),
            "add": _("Add"),
            "add_and_add_another": _("Add and Add Another"),
            "add_and_close": _("Add and Close"),
            "add_and_edit": _("Add and Edit"),
            "add_many": _("Add Many"),
            "apply": _("Apply"),
            "back": _("Back"),
            "cancel": _("Cancel"),
            "clear": _("Clear"),
            "clear_title": _("Clear all fields on the page."),
            "close": _("Close"),
            "disable": _("Disable"),
            "download": _("Download"),
            "download_title": _("Download certificate as PEM formatted file."),
            "edit": _("Edit"),
            "enable": _("Enable"),
            "filter": _("Filter"),
            "find": _("Find"),
            "get": _("Get"),
            "hide": _("Hide"),
            "issue": _("Issue"),
            "match": _("Match"),
            "match_title": _("Match users according to certificate."),
            "ok": _("OK"),
            "refresh": _("Refresh"),
            "refresh_title": _("Reload current settings from the server."),
            "remove": _("Delete"),
            "remove_hold": _("Remove hold"),
            "reset": _("Reset"),
            "reset_password_and_login": _("Reset Password and Login"),
            "restore": _("Restore"),
            "retry": _("Retry"),
            "revert": _("Revert"),
            "revert_title": ("Undo all unsaved changes."),
            "revoke": _("Revoke"),
            "save": _("Save"),
            "set": _("Set"),
            "show": _("Show"),
            "stage": _("Stage"),
            "unapply": ("Un-apply"),
            "update": _("Update"),
            "view": _("View"),
        },
        "customization": {
            "customization": _("Customization"),
            "table_pagination": _("Pagination Size"),
        },
        "details": {
            "collapse_all": _("Collapse All"),
            "expand_all": _("Expand All"),
            "general": _("General"),
            "identity": _("Identity Settings"),
            "settings": _("${entity} ${primary_key} Settings"),
            "to_top": _("Back to Top"),
            "updated": _("${entity} ${primary_key} updated"),
        },
        "dialogs": {
            "add_confirmation": _("${entity} successfully added"),
            "add_custom_value": _("Add custom value"),
            "add_title": _("Add ${entity}"),
            "available": _("Available"),
            "batch_error_message": _("Some operations failed."),
            "batch_error_title": _("Operations Error"),
            "confirmation": _("Confirmation"),
            "custom_value": _("Custom value"),
            "dirty_message": _("This page has unsaved changes. Please save or revert."),
            "dirty_title": _("Unsaved Changes"),
            "edit_title": _("Edit ${entity}"),
            "hide_details": _("Hide details"),
            "about_title": _("About"),
            "about_message": _("${product}, version: ${version}"),
            "prospective": _("Prospective"),
            "redirection": _("Redirection"),
            "remove_empty": _("Select entries to be removed."),
            "remove_title": _("Remove ${entity}"),
            "result": _("Result"),
            "show_details": _("Show details"),
            "success": _("Success"),
            "validation_title": _("Validation error"),
            "validation_message": _("Input form contains invalid or missing values."),
        },
        "error_report": {
            "options": _("Please try the following options:"),
            "problem_persists": _("If the problem persists please contact the system administrator."),
            "refresh": _("Refresh the page."),
            "reload": _("Reload the browser."),
            "main_page": _("Return to the main page and retry the operation"),
            "title": _("An error has occurred (${error})"),
        },
        "errors": {
            "error": _("Error"),
            "http_error": _("HTTP Error"),
            "internal_error": _("Internal Error"),
            "ipa_error": _("IPA Error"),
            "no_response": _("No response"),
            "unknown_error": _("Unknown Error"),
            "url": _("URL"),
        },
        "facet_groups": {
            "managedby": _("${primary_key} is managed by:"),
            "member": _("${primary_key} members:"),
            "memberof": _("${primary_key} is a member of:"),
        },
        "facets": {
            "details": _("Settings"),
            "search": _("Search"),
        },
        "false": _("False"),
        "keytab": {
            "add_create": _("Allow ${other_entity} to create keytab of ${primary_key}"),
            "add_retrive": _("Allow ${other_entity} to retrieve keytab of ${primary_key}"),
            "allowed_to_create": _("Allowed to create keytab"),
            "allowed_to_retrieve": _("Allowed to retrieve keytab"),
            "remove_create": _("Disallow ${other_entity} to create keytab of ${primary_key}"),
            "remove_retrieve": _("Disallow ${other_entity} to retrieve keytab of ${primary_key}"),
        },
        "krbaliases": {
            "adder_title": _("Add Kerberos Principal Alias"),
            "add_krbal_label": _("New kerberos principal alias"),
            "remove_title": _("Remove Kerberos Alias"),
            "remove_message": _("Do you want to remove kerberos alias ${alias}?"),
        },
        "krbauthzdata": {
            "inherited": _("Inherited from server configuration"),
            "mspac": _("MS-PAC"),
            "override": _("Override inherited settings"),
            "pad": _("PAD"),
        },
        "login": {
            "authenticating": _("Authenticating"),
            "form_auth": _(
                "<i class=\"fa fa-info-circle\"></i> To log in with "
                "<strong>username and password</strong>, enter them in the "
                "corresponding fields, then click 'Log in'."),
            "header": _("Logged In As"),
            "krb_auth_msg": _(
                "<i class=\"fa fa-info-circle\"></i> To log in with "
                "<strong>Kerberos</strong>, please make sure you have valid "
                "tickets (obtainable via kinit) and <a href='http://${host}/"
                "ipa/config/ssbrowser.html'>configured</a> the browser "
                "correctly, then click 'Log in'."),
            "loading": _("Loading"),
            "loading_md": _("Loading data"),
            "login": _("Log in"),
            "login_certificate": _("Log In Using Certificate"),
            "login_certificate_desc": _("Log in using personal certificate"),
            "logout": _("Log out"),
            "logout_error": _("Log out error"),
            "password": _("Password"),
            "password_and_otp": _("Password or Password+One-Time-Password"),
            "sync_otp_token": _("Sync OTP Token"),
            "synchronizing": _("Synchronizing"),
            "username": _("Username"),
        },
        "measurement_units": {
            "number_of_passwords": _("number of passwords"),
            "seconds": _("seconds"),
        },
        "objects": {
            "aci": {
                "attribute": _("Attribute"),
            },
            "automember": {
                "add_condition": _("Add Condition into ${pkey}"),
                "add_rule": _("Add Rule"),
                "attribute": _("Attribute"),
                "default_host_group": _("Default host group"),
                "default_user_group": _("Default user group"),
                "exclusive": _("Exclusive"),
                "expression": _("Expression"),
                "hostgrouprule": _("Host group rule"),
                "hostgrouprules": _("Host group rules"),
                "inclusive": _("Inclusive"),
                "usergrouprule": _("User group rule"),
                "usergrouprules": _("User group rules"),
            },
            "automountkey": {
            },
            "automountlocation": {
                "identity": _("Automount Location Settings")
            },
            "automountmap": {
                "map_type": _("Map Type"),
                "direct": _("Direct"),
                "indirect": _("Indirect"),
            },
            "caacl": {
                "all": _("All"),
                "any_ca": _("Any CA"),
                "any_host": _("Any Host"),
                "any_service": _("Any Service"),
                "any_profile": _("Any Profile"),
                "anyone": _("Anyone"),
                "ipaenabledflag": _("Rule status"),
                "no_ca_msg": _("If no CAs are specified, requests to the default CA are allowed."),
                "profile": _("Profiles"),
                "specified_cas": _("Specified CAs"),
                "specified_hosts": _("Specified Hosts and Groups"),
                "specified_profiles": _("Specified Profiles"),
                "specified_services": _("Specified Services and Groups"),
                "specified_users": _("Specified Users and Groups"),
                "who": _("Permitted to have certificates issued"),
            },
            "cert": {
                "aa_compromise": _("AA Compromise"),
                "add_principal": _("Add principal"),
                "affiliation_changed": _("Affiliation Changed"),
                "ca": _("CA"),
                "ca_compromise": _("CA Compromise"),
                "certificate": _("Certificate"),
                "certificates": _("Certificates"),
                "certificate_hold": _("Certificate Hold"),
                "cessation_of_operation": _("Cessation of Operation"),
                "common_name": _("Common Name"),
                "download": _("Download"),
                "delete_cert_end": _("the certificate with serial number "),
                "expires_on": _("Expires On"),
                "find_issuedon_from": _("Issued on from"),
                "find_issuedon_to": _("Issued on to"),
                "find_max_serial_number": _("Maximum serial number"),
                "find_min_serial_number": _("Minimum serial number"),
                "find_revocation_reason": _("Revocation reason"),
                "find_revokedon_from": _("Revoked on from"),
                "find_revokedon_to": _("Revoked on to"),
                "find_subject": _("Subject"),
                "find_validnotafter_from": _("Valid not after from"),
                "find_validnotafter_to": _("Valid not after to"),
                "find_validnotbefore_from": _("Valid not before from"),
                "find_validnotbefore_to": _("Valid not before to"),
                "fingerprints": _("Fingerprints"),
                "get_certificate": _("Get Certificate"),
                "hold_removed": _("Certificate Hold Removed"),
                "issue_certificate": _("Issue New Certificate for ${entity} ${primary_key}"),
                "issue_certificate_generic": _("Issue New Certificate"),
                "issued_by": _("Issued By"),
                "issued_on": _("Issued On"),
                "issued_to": _("Issued To"),
                "key_compromise": _("Key Compromise"),
                "missing": _("No Valid Certificate"),
                "new_certificate": _("New Certificate"),
                "new_cert_format": _("Certificate in base64 or PEM format"),
                "note": _("Note"),
                "organization": _("Organization"),
                "organizational_unit": _("Organizational Unit"),
                "present": _("${count} certificate(s) present"),
                "privilege_withdrawn": _("Privilege Withdrawn"),
                "reason": _("Reason for Revocation"),
                "remove_hold": _("Remove Hold"),
                "remove_certificate_hold": _("Remove Certificate Hold for ${entity} ${primary_key}"),
                "remove_certificate_hold_simple": _("Remove Certificate Hold"),
                "remove_certificate_hold_confirmation": _("Do you want to remove the certificate hold?"),
                "remove_from_crl": _("Remove from CRL"),
                "request_message": _("<ol> <li>Create a certificate database or use an existing one. To create a new database:<br/> <code># certutil -N -d &lt;database path&gt;</code> </li> <li>Create a CSR with subject <em>CN=&lt;${cn_name}&gt;,O=&lt;realm&gt;</em>, for example:<br/> <code># certutil -R -d &lt;database path&gt; -a -g &lt;key size&gt; -s 'CN=${cn},O=${realm}'${san}</code> </li> <li> Copy and paste the CSR (from <em>-----BEGIN NEW CERTIFICATE REQUEST-----</em> to <em>-----END NEW CERTIFICATE REQUEST-----</em>) into the text area below: </li> </ol>"),
                "request_message_san": _(" -8 '${cn}'"),
                "requested": _("Certificate requested"),
                "revocation_reason": _("Revocation reason"),
                "revoke_certificate": _("Revoke Certificate for ${entity} ${primary_key}"),
                "revoke_certificate_simple": _("Revoke Certificate"),
                "revoke_confirmation": _("Do you want to revoke this certificate? Select a reason from the pull-down list."),
                "revoked": _("Certificate Revoked"),
                "revoked_status": _("REVOKED"),
                "serial_number": _("Serial Number"),
                "serial_number_hex": _("Serial Number (hex)"),
                "sha1_fingerprint": _("SHA1 Fingerprint"),
                "sha256_fingerprint": _("SHA256 Fingerprint"),
                "status": _("Status"),
                "superseded": _("Superseded"),
                "unspecified": _("Unspecified"),
                "valid": _("Valid Certificate Present"),
                "valid_from": _("Valid from"),
                "valid_to": _("Valid to"),
                "validity": _("Validity"),
                "view_certificate": _("Certificate for ${entity} ${primary_key}"),
                "view_certificate_btn": _("View Certificate"),
            },
            "certmap_match": {
                "cert_data": _("Certificate Data"),
                "cert_for_match": _("Certificate For Match"),
                "facet_label": _("Certificate Mapping Match"),
                "domain": _("Domain"),
                "matched_users": _("Matched Users"),
                "userlogin": _("User Login"),
            },
            "certmap": {
                "adder_title": _("Add Certificate Mapping Data"),
                "data_label": _("Certificate mapping data"),
                "certificate": _("Certificate"),
                "conf_str": _("Configuration string"),
                "deleter_content": _("Do you want to remove certificate mapping data ${data}?"),
                "deleter_title": _("Remove Certificate Mapping Data"),
                "issuer": _("Issuer"),
                "issuer_subject": _("Issuer and subject"),
                "subject": _("Subject"),
                "version": _("Version"),
            },
            "config": {
                "group": _("Group Options"),
                "search": _("Search Options"),
                "selinux": _("SELinux Options"),
                "service": _("Service Options"),
                "user": _("User Options"),
            },
            "delegation": {
            },
            "dnsconfig": {
                "forward_first": _("Forward first"),
                "forward_none": _("Forwarding disabled"),
                "forward_only": _("Forward only"),
                "options": _("Options"),
                "update_dns": _("Update System DNS Records"),
                "update_dns_dialog_msg": _("Do you want to update system DNS records?"),
                "updated_dns": _("System DNS records updated"),
            },
            "dnsrecord": {
                "data": _("Data"),
                "deleted_no_data": _("DNS record was deleted because it contained no data."),
                "other": _("Other Record Types"),
                "ptr_redir_address_err": _("Address not valid, can't redirect"),
                "ptr_redir_create": _("Create dns record"),
                "ptr_redir_creating": _("Creating record."),
                "ptr_redir_creating_err": _("Record creation failed."),
                "ptr_redir_record": _("Checking if record exists."),
                "ptr_redir_record_err": _("Record not found."),
                "ptr_redir_title": _("Redirection to PTR record"),
                "ptr_redir_zone": _("Zone found: ${zone}"),
                "ptr_redir_zone_err": _("Target reverse zone not found."),
                "ptr_redir_zones": _("Fetching DNS zones."),
                "ptr_redir_zones_err": _("An error occurred while fetching dns zones."),
                "redirection_dnszone": _("You will be redirected to DNS Zone."),
                "standard": _("Standard Record Types"),
                "title": _("Records for DNS Zone"),
                "type": _("Record Type"),
            },
            "dnszone": {
                "identity": _("DNS Zone Settings"),
                "add_permission":_("Add Permission"),
                "add_permission_confirm":_("Are you sure you want to add permission for DNS Zone ${object}?"),
                "remove_permission": _("Remove Permission"),
                "remove_permission_confirm": _("Are you sure you want to remove permission for DNS Zone ${object}?"),
                "skip_dns_check": _("Skip DNS check"),
                "skip_overlap_check": _("Skip overlap check"),
                "soamname_change_message": _("Do you want to check if new authoritative nameserver address is in DNS"),
                "soamname_change_title": _("Authoritative nameserver change"),
            },
            "domainlevel": {
                "label": _("Domain Level"),
                "label_singular": _("Domain Level"),
                "ipadomainlevel": _("Level"),
                "set": _("Set Domain Level"),
            },
            "group": {
                "details": _("Group Settings"),
                "external": _("External"),
                "groups": _("Groups"),
                "group_categories": _("Group categories"),
                "make_external": _("Change to external group"),
                "make_posix": _("Change to POSIX group"),
                "nonposix": _("Non-POSIX"),
                "posix": _("POSIX"),
                "type": _("Group Type"),
                "user_groups": _("User Groups"),
            },
            "hbacrule": {
                "any_host": _("Any Host"),
                "any_service": _("Any Service"),
                "anyone": _("Anyone"),
                "host": _("Accessing"),
                "ipaenabledflag": _("Rule status"),
                "service": _("Via Service"),
                "specified_hosts": _("Specified Hosts and Groups"),
                "specified_services": _("Specified Services and Groups"),
                "specified_users": _("Specified Users and Groups"),
                "user": _("Who"),
            },
            "hbacsvc": {
            },
            "hbacsvcgroup": {
                "services": _("Services"),
            },
            "hbactest": {
                "access_denied": _("Access Denied"),
                "access_granted": _("Access Granted"),
                "include_disabled": _("Include Disabled"),
                "include_enabled": _("Include Enabled"),
                "label": _("HBAC Test"),
                "matched": _("Matched"),
                "missing_values": _("Missing values: "),
                "new_test": _("New Test"),
                "rules": _("Rules"),
                "run_test": _("Run Test"),
                "specify_external": _("Specify external ${entity}"),
                "unmatched": _("Unmatched"),
            },
            "host": {
                "certificate": _("Host Certificate"),
                "cn": _("Host Name"),
                "delete_key_unprovision": _("Delete Key, Unprovision"),
                "details": _("Host Settings"),
                "enrolled": _("Enrolled"),
                "enrollment": _("Enrollment"),
                "fqdn": _("Fully Qualified Host Name"),
                "generate_otp": _("Generate OTP"),
                "generated_otp": _("Generated OTP"),
                "keytab": _("Kerberos Key"),
                "keytab_missing": _("Kerberos Key Not Present"),
                "keytab_present": _("Kerberos Key Present, Host Provisioned"),
                "password": _("One-Time-Password"),
                "password_missing": _("One-Time-Password Not Present"),
                "password_present": _("One-Time-Password Present"),
                "password_reset_button": _("Reset OTP"),
                "password_reset_title": _("Reset One-Time-Password"),
                "password_set_button": _("Set OTP"),
                "password_set_success": _("OTP set"),
                "password_set_title": _("Set One-Time-Password"),
                "status": _("Status"),
                "unprovision": _("Unprovision"),
                "unprovision_confirmation": _("Are you sure you want to unprovision this host?"),
                "unprovision_title": _("Unprovisioning ${entity}"),
                "unprovisioned": _("Host unprovisioned"),
            },
            "hostgroup": {
                "host_group": _("Host Groups"),
                "identity": _("Host Group Settings"),
            },
            "idoverrideuser": {
                "anchor_label": _("User to override"),
                "anchor_tooltip": _("Enter trusted or IPA user login. Note: search doesn't list users from trusted domains."),
                "anchor_tooltip_ad": _("Enter trusted user login."),
                "profile": _("Profile"),
            },
            "idoverridegroup": {
                "anchor_label": _("Group to override"),
                "anchor_tooltip": _("Enter trusted or IPA group name. Note: search doesn't list groups from trusted domains."),
                "anchor_tooltip_ad": _("Enter trusted group name."),
            },
            "idview": {
                "appliesto_tab": _("${primary_key} applies to:"),
                "appliedtohosts": _("Applied to hosts"),
                "appliedtohosts_title": _("Applied to hosts"),
                "apply_hostgroups": _("Apply to host groups"),
                "apply_hostgroups_title": _("Apply ID View ${primary_key} on hosts of ${entity}"),
                "apply_hosts": _("Apply to hosts"),
                "apply_hosts_title": _("Apply ID view ${primary_key} on ${entity}"),
                "ipaassignedidview": _("Assigned ID View"),
                "overrides_tab": _("${primary_key} overrides:"),
                "unapply_hostgroups": _("Un-apply from host groups"),
                "unapply_hostgroups_all_title": _("Un-apply ID Views from hosts of hostgroups"),
                "unapply_hostgroups_title": _("Un-apply ID View ${primary_key} from hosts of ${entity}"),
                "unapply_hosts": _("Un-apply"),
                "unapply_hosts_all": _("Un-apply from hosts"),
                "unapply_hosts_all_title": _("Un-apply ID Views from hosts"),
                "unapply_hosts_confirm": _("Are you sure you want to un-apply ID view from selected entries?"),
                "unapply_hosts_title": _("Un-apply ID View ${primary_key} from hosts"),
            },
            "krbtpolicy": {
                "identity": _("Kerberos Ticket Policy"),
            },
            "netgroup": {
                "any_host": _("Any Host"),
                "anyone": _("Anyone"),
                "external": _("External"),
                "host": _("Host"),
                "hostgroups": _("Host Groups"),
                "hosts": _("Hosts"),
                "identity": _("Netgroup Settings"),
                "netgroups": _("Netgroups"),
                "specified_hosts": _("Specified Hosts and Groups"),
                "specified_users": _("Specified Users and Groups"),
                "user": _("User"),
                "usergroups": _("User Groups"),
                "users": _("Users"),
            },
            "otptoken": {
                "add_token": _("Add OTP Token"),
                "app_link": _("You can use <a href=\"${link}\" target=\"_blank\">FreeOTP<a/> as a software OTP token application."),
                "config_title": _("Configure your token"),
                "config_instructions": _("Configure your token by scanning the QR code below. Click on the QR code if you see this on the device you want to configure."),
                "details": _("OTP Token Settings"),
                "disable": _("Disable token"),
                "enable": _("Enable token"),
                "show_qr": _("Show QR code"),
                "show_uri": _("Show configuration uri"),
                "type_hotp": _("Counter-based (HOTP)"),
                "type_totp": _("Time-based (TOTP)"),
            },
            "permission": {
                "add_custom_attr": _("Add Custom Attribute"),
                "attribute": _("Attribute"),
                "filter": _("Filter"),
                "identity": _("Permission settings"),
                "managed": _("Attribute breakdown"),
                "target": _("Target"),
            },
            "privilege": {
                "identity": _("Privilege Settings"),
            },
            "publickey": {
                "set_dialog_help": _("Public key:"),
                "set_dialog_title": _("Set public key"),
                "show_set_key": _("Show/Set key"),
                "status_mod_ns": _("Modified: key not set"),
                "status_mod_s": _("Modified"),
                "status_new_ns": _("New: key not set"),
                "status_new_s": _("New: key set"),
            },
            "pwpolicy": {
                "identity": _("Password Policy"),
            },
            "idrange": {
                "details": _("Range Settings"),
                "ipabaseid": _("Base ID"),
                "ipabaserid": _("Primary RID base"),
                "ipaidrangesize": _("Range size"),
                "ipanttrusteddomainsid": _("Domain SID"),
                "ipasecondarybaserid": _("Secondary RID base"),
                "type": _("Range type"),
                "type_ad": _("Active Directory domain"),
                "type_ad_posix": _("Active Directory domain with POSIX attributes"),
                "type_detect": _("Detect"),
                "type_local": _("Local domain"),
                "type_ipa": _("IPA trust"),
                "type_winsync": _("Active Directory winsync"),
            },
            "radiusproxy": {
                "details": _("RADIUS Proxy Server Settings"),
            },
            "realmdomains": {
                "identity": _("Realm Domains"),
                "check_dns": _("Check DNS"),
                "check_dns_confirmation": _("Do you also want to perform DNS check?"),
                "force_update": _("Force Update"),
            },
            "role": {
                "identity": _("Role Settings"),
            },
            "selfservice": {
            },
            "selinuxusermap": {
                "any_host": _("Any Host"),
                "anyone": _("Anyone"),
                "host": _("Host"),
                "specified_hosts": _("Specified Hosts and Groups"),
                "specified_users": _("Specified Users and Groups"),
                "user": _("User"),
            },
            "server_role": {
                "label": _("Server Roles"),
                "label_singular": _("Server Role"),
            },
            "servers": {
                "svc_warning_title": _("Warning: Consider service replication"),
                "svc_warning_message": _("It is strongly recommended to keep the following services installed on more than one server:"),
                "remove_server": _("Delete Server"),
                "remove_server_msg": _("Deleting a server removes it permanently from the topology. Note that this is a non-reversible action.")
            },
            "service": {
                "certificate": _("Service Certificate"),
                "delete_key_unprovision": _("Delete Key, Unprovision"),
                "details": _("Service Settings"),
                "host": _("Host Name"),
                "missing": _("Kerberos Key Not Present"),
                "provisioning": _("Provisioning"),
                "service": _("Service"),
                "status": _("Status"),
                "unprovision": _("Unprovision"),
                "unprovision_confirmation": _("Are you sure you want to unprovision this service?"),
                "unprovision_title": _("Unprovisioning ${entity}"),
                "unprovisioned": _("Service unprovisioned"),
                "valid": _("Kerberos Key Present, Service Provisioned"),
            },
            "sshkeystore": {
                "keys": _("SSH public keys"),
                "set_dialog_help": _("SSH public key:"),
                "set_dialog_title": _("Set SSH key"),
                "show_set_key": _("Show/Set key"),
                "status_mod_ns": _("Modified: key not set"),
                "status_mod_s": _("Modified"),
                "status_new_ns": _("New: key not set"),
                "status_new_s": _("New: key set"),
            },
            "stageuser": {
                "activate_confirm": _("Are you sure you want to activate selected users?"),
                "activate_one_confirm": _("Are you sure you want to activate ${object}?"),
                "activate_success": _("${count} user(s) activated"),
                "label": _("Stage users"),
                "preserved_label": _("Preserved users"),
                "stage_confirm": _("Are you sure you want to stage selected users?"),
                "stage_success": _("${count} users(s) staged"),
                "stage_one_confirm": _("Are you sure you want to stage ${object}?"),
                "undel_confirm": _("Are you sure you want to restore selected users?"),
                "undel_one_confirm": _("Are you sure you want to restore ${object}?"),
                "undel_success": _("${count} user(s) restored"),
                "user_categories": _("User categories"),
            },
            "sudocmd": {
                "groups": _("Groups"),
            },
            "sudocmdgroup": {
                "commands": _("Commands"),
            },
            "sudorule": {
                "allow": _("Allow"),
                "any_command": _("Any Command"),
                "any_group": _("Any Group"),
                "any_host": _("Any Host"),
                "anyone": _("Anyone"),
                "command": _("Run Commands"),
                "deny": _("Deny"),
                "external": _("External"),
                "host": _("Access this host"),
                "ipaenabledflag": _("Rule status"),
                "option_added": _("Option added"),
                "option_removed": _("${count} option(s) removed"),
                "options": _("Options"),
                "runas": _("As Whom"),
                "specified_commands": _("Specified Commands and Groups"),
                "specified_groups": _("Specified Groups"),
                "specified_hosts": _("Specified Hosts and Groups"),
                "specified_users": _("Specified Users and Groups"),
                "user": _("Who"),
            },
            "topology": {
                "autogenerated": _("Autogenerated"),
                "segment_details": _("Segment details"),
                "replication_config": _("Replication configuration"),
                "insufficient_domain_level" : _("Managed topology requires minimal domain level ${domainlevel}"),
            },
            "trust": {
                "account": _("Account"),
                "admin_account": _("Administrative account"),
                "blacklists": _("SID blacklists"),
                "details": _("Trust Settings"),
                "domain": _("Domain"),
                "establish_using": _("Establish using"),
                "fetch_domains": _("Fetch domains"),
                "ipantflatname": _("Domain NetBIOS name"),
                "ipanttrusteddomainsid": _("Domain Security Identifier"),
                "preshared_password": _("Pre-shared password"),
                "trustdirection": _("Trust direction"),
                "truststatus": _("Trust status"),
                "trusttype": _("Trust type"),
                "ipantadditionalsuffixes": _("Alternative UPN suffixes"),
            },
            "trustconfig": {
                "options": _("Options"),
            },
            "user": {
                "account": _("Account Settings"),
                "account_status": _("Account Status"),
                "activeuser_label": _("Active users"),
                "contact": _("Contact Settings"),
                "delete_mode": _("Delete mode"),
                "employee": _("Employee Information"),
                "error_changing_status": _("Error changing account status"),
                "krbpasswordexpiration": _("Password expiration"),
                "mailing": _("Mailing Address"),
                "misc": _("Misc. Information"),
                "mode_delete": _("delete"),
                "mode_preserve": _("preserve"),
                "noprivate": _("No private group"),
                "status_confirmation": _("Are you sure you want to ${action} the user?<br/>The change will take effect immediately."),
                "status_link": _("Click to ${action}"),
                "unlock": _("Unlock"),
                "unlock_confirm": _("Are you sure you want to unlock user ${object}?"),
            },
            "vault": {
                "add_warn_arch_ret": _(
                    "Secrets can be added/retrieved to vault only by using "
                    "vault-archive and vault-retrieve from CLI."
                    ),
                "add_warn_standard": _(
                    "Content of 'standard' vaults can be seen by users with "
                    "higher privileges (admins)."
                    ),
                "asymmetric_type": _("Asymmetric"),
                "config_title": _("Vaults Config"),
                "group": _("Group"),
                "members": _("Members"),
                "my_vaults_title": _("My User Vaults"),
                "owners": _("Owners"),
                "service": _("Service"),
                "service_vaults_title": _("Service Vaults"),
                "shared": _("Shared"),
                "shared_vaults_title": _("Shared Vaults"),
                "standard_type": _("Standard"),
                "symmetric_type": _("Symmetric"),
                "type": _("Vault Type"),
                "type_tooltip": _(
                    "Only standard vaults can be created in WebUI, use CLI "
                    "for other types of vaults."
                    ),
                "user": _("User"),
                "user_vaults_title": _("User Vaults"),
            },
        },
        "password": {
            "current_password": _("Current Password"),
            "current_password_required": _("Current password is required"),
            "expires_in": _("Your password expires in ${days} days."),
            "first_otp": _("First OTP"),
            "invalid_password": _("The password or username you entered is incorrect."),
            "new_password": _("New Password"),
            "new_password_required": _("New password is required"),
            "otp": _("OTP"),
            "otp_info": _("<i class=\"fa fa-info-circle\"></i> <strong>One-Time-Password(OTP):</strong> Generate new OTP code for each OTP field."),
            "otp_long": _("One-Time-Password"),
            "otp_sync_fail": _("Token synchronization failed"),
            "otp_sync_invalid": _("The username, password or token codes are not correct"),
            "otp_sync_success":_("Token was synchronized"),
            "password": _("Password"),
            "password_and_otp": _("Password or Password+One-Time-Password"),
            "password_change_complete": _("Password change complete"),
            "password_must_match": _("Passwords must match"),
            "reset_failure": _("Password reset was not successful."),
            "reset_password": _("Reset Password"),
            "reset_password_sentence": _("Reset your password."),
            "second_otp": _("Second OTP"),
            "token_id": _("Token ID"),
            "verify_password": _("Verify Password"),
        },
        "profile-menu": {
            "about": _("About"),
            "configuration": _("Customization"),
            "logout": _("Log out"),
            "password_reset": _("Change password"),
            "profile": _("Profile"),
        },
        "search": {
            "delete_confirm": _("Are you sure you want to delete selected entries?"),
            "deleted": _("${count} item(s) deleted"),
            "disable_confirm": _("Are you sure you want to disable selected entries?"),
            "disabled": _("${count} item(s) disabled"),
            "enable_confirm": _("Are you sure you want to enable selected entries?"),
            "enabled": _("${count} item(s) enabled"),
            "partial_delete": _("Some entries were not deleted"),
            "placeholder": _("Search"),
            "placeholder_filter": _("Filter"),
            "quick_links": _("Quick Links"),
            "select_all": _("Select All"),
            "truncated": _("Query returned more results than the configured size limit. Displaying the first ${counter} results."),
            "unselect_all": _("Unselect All"),
        },
        "status": {
            "disable": _("Disable"),
            "disabled": _("Disabled"),
            "enable": _("Enable"),
            "enabled": _("Enabled"),
            "label": _("Status"),
            "working": _("Working"),
        },
        "tabs": {
            "audit": _("Audit"),
            "authentication": _("Authentication"),
            "automember": _("Automember"),
            "automount": _("Automount"),
            "cert": _("Certificates"),
            "dns": _("DNS"),
            "hbac": _("Host-Based Access Control"),
            "identity": _("Identity"),
            "ipaserver": _("IPA Server"),
            "network_services": _("Network Services"),
            "policy": _("Policy"),
            "role": _("Role-Based Access Control"),
            "sudo": _("Sudo"),
            "topology": _("Topology"),
            "trust": _("Trusts"),
        },
        "true": _("True"),
        "widget": {
            "api_browser": _("API Browser"),
            "first": _("First"),
            "last": _("Last"),
            "next": _("Next"),
            "page": _("Page"),
            "prev": _("Prev"),
            "undo": _("Undo"),
            "undo_title": _("Undo this change."),
            "undo_all": _("Undo All"),
            "undo_all_title": _("Undo all changes in this field."),
            "validation": {
                "error": _("Text does not match field pattern"),
                "datetime": _("Must be an UTC date/time value (e.g., \"2014-01-20 17:58:01Z\")"),
                "decimal": _("Must be a decimal number"),
                "format": _("Format error"),
                "integer": _("Must be an integer"),
                "ip_address": _('Not a valid IP address'),
                "ip_v4_address": _('Not a valid IPv4 address'),
                "ip_v6_address": _('Not a valid IPv6 address'),
                "max_value": _("Maximum value is ${value}"),
                "min_value": _("Minimum value is ${value}"),
                "net_address": _("Not a valid network address (examples: 2001:db8::/64, 192.0.2.0/24)"),
                "parse": _("Parse error"),
                "positive_number": _("Must be a positive number"),
                "port": _("'${port}' is not a valid port"),
                "required": _("Required field"),
                "unsupported": _("Unsupported value"),
            },
        },
    }
    has_output = (
        Output('texts', dict, doc=_('Dict of I18N messages')),
    )
    def execute(self, **options):
        return dict(texts=json_serialize(self.messages))
예제 #8
0
class env(LocalOrRemote):
    __doc__ = _('Show environment variables.')

    msg_summary = _('%(count)d variables')

    takes_args = ('variables*', )

    takes_options = LocalOrRemote.takes_options + (Flag(
        'all',
        cli_name='all',
        doc=
        _('retrieve and print all attributes from the server. Affects command output.'
          ),
        exclude='webui',
        flags=['no_output'],
        default=True,
    ), )

    has_output = (
        Output(
            'result',
            type=dict,
            doc=_('Dictionary mapping variable name to value'),
        ),
        Output(
            'total',
            type=int,
            doc=_('Total number of variables env (>= count)'),
            flags=['no_display'],
        ),
        Output(
            'count',
            type=int,
            doc=_('Number of variables returned (<= total)'),
            flags=['no_display'],
        ),
        summary,
    )

    def __find_keys(self, variables):
        keys = set()
        for query in variables:
            if '*' in query:
                pat = re.compile(query.replace('*', '.*') + '$')
                for key in self.env:
                    if pat.match(key):
                        keys.add(key)
            elif query in self.env:
                keys.add(query)
        return keys

    def execute(self, variables, **options):
        if variables is None:
            keys = self.env
        else:
            keys = self.__find_keys(variables)
        ret = dict(
            result=dict((key, self.env[key]) for key in keys),
            count=len(keys),
            total=len(self.env),
        )
        if len(keys) > 1:
            ret['summary'] = self.msg_summary % ret
        else:
            ret['summary'] = None
        return ret
예제 #9
0
파일: batch.py 프로젝트: yangmulang/freeipa
class batch(Command):
    NO_CLI = True

    takes_args = (Dict(
        'methods*',
        doc=_('Nested Methods to execute'),
    ), )

    take_options = (Str(
        'version',
        cli_name='version',
        doc=_(
            'Client version. Used to determine if server will accept request.'
        ),
        exclude='webui',
        flags=['no_option', 'no_output'],
        default=API_VERSION,
        autofill=True,
    ), )

    has_output = (Output('count', int,
                         doc=''), Output('results', (list, tuple), doc=''))

    def execute(self, methods=None, **options):
        results = []
        for arg in (methods or []):
            params = dict()
            name = None
            try:
                if 'method' not in arg:
                    raise errors.RequirementError(name='method')
                if 'params' not in arg:
                    raise errors.RequirementError(name='params')
                name = arg['method']
                if (name not in self.api.Command
                        or isinstance(self.api.Command[name], Local)):
                    raise errors.CommandError(name=name)

                # If params are not formated as a tuple(list, dict)
                # the following lines will raise an exception
                # that triggers an internal server error
                # Raise a ConversionError instead to report the issue
                # to the client
                try:
                    a, kw = arg['params']
                    newkw = dict((str(k), v) for k, v in kw.items())
                    params = api.Command[name].args_options_2_params(
                        *a, **newkw)
                except (AttributeError, ValueError, TypeError):
                    raise errors.ConversionError(
                        name='params',
                        error=_(u'must contain a tuple (list, dict)'))
                newkw.setdefault('version', options['version'])

                result = api.Command[name](*a, **newkw)
                self.info('%s: batch: %s(%s): SUCCESS',
                          getattr(context, 'principal', 'UNKNOWN'), name,
                          ', '.join(api.Command[name]._repr_iter(**params)))
                result['error'] = None
            except Exception as e:
                if isinstance(e, errors.RequirementError) or \
                    isinstance(e, errors.CommandError):
                    self.info(
                        '%s: batch: %s',
                        context.principal,  # pylint: disable=no-member
                        e.__class__.__name__)
                else:
                    self.info(
                        '%s: batch: %s(%s): %s',
                        context.principal,
                        name,  # pylint: disable=no-member
                        ', '.join(api.Command[name]._repr_iter(**params)),
                        e.__class__.__name__)
                if isinstance(e, errors.PublicError):
                    reported_error = e
                else:
                    reported_error = errors.InternalError()
                result = dict(
                    error=reported_error.strerror,
                    error_code=reported_error.errno,
                    error_name=unicode(type(reported_error).__name__),
                    error_kw=reported_error.kw,
                )
            results.append(result)
        return dict(count=len(results), results=results)
예제 #10
0
class cert_request(VirtualCommand):
    __doc__ = _('Submit a certificate signing request.')

    takes_args = (File(
        'csr',
        validate_csr,
        label=_('CSR'),
        cli_name='csr_file',
        normalizer=normalize_csr,
    ), )
    operation = "request certificate"

    takes_options = (
        Str(
            'principal',
            label=_('Principal'),
            doc=
            _('Service principal for this certificate (e.g. HTTP/test.example.com)'
              ),
        ),
        Str(
            'request_type',
            default=u'pkcs10',
            autofill=True,
        ),
        Flag('add',
             doc=_("automatically add the principal if it doesn't exist"),
             default=False,
             autofill=True),
    )

    has_output_params = (
        Str(
            'certificate',
            label=_('Certificate'),
        ),
        Str(
            'subject',
            label=_('Subject'),
        ),
        Str(
            'issuer',
            label=_('Issuer'),
        ),
        Str(
            'valid_not_before',
            label=_('Not Before'),
        ),
        Str(
            'valid_not_after',
            label=_('Not After'),
        ),
        Str(
            'md5_fingerprint',
            label=_('Fingerprint (MD5)'),
        ),
        Str(
            'sha1_fingerprint',
            label=_('Fingerprint (SHA1)'),
        ),
        Str(
            'serial_number',
            label=_('Serial number'),
        ),
        Str(
            'serial_number_hex',
            label=_('Serial number (hex)'),
        ),
    )

    has_output = (Output(
        'result',
        type=dict,
        doc=_('Dictionary mapping variable name to value'),
    ), )

    def execute(self, csr, **kw):
        ldap = self.api.Backend.ldap2
        principal = kw.get('principal')
        add = kw.get('add')
        del kw['principal']
        del kw['add']
        service = None
        """
        Access control is partially handled by the ACI titled
        'Hosts can modify service userCertificate'. This is for the case
        where a machine binds using a host/ prinicpal. It can only do the
        request if the target hostname is in the managedBy attribute which
        is managed using the add/del member commands.

        Binding with a user principal one needs to be in the request_certs
        taskgroup (directly or indirectly via role membership).
        """

        bind_principal = getattr(context, 'principal')
        # Can this user request certs?
        if not bind_principal.startswith('host/'):
            self.check_access()

        # FIXME: add support for subject alt name

        # Ensure that the hostname in the CSR matches the principal
        subject_host = get_csr_hostname(csr)
        (servicename, hostname, realm) = split_principal(principal)
        if subject_host.lower() != hostname.lower():
            raise errors.ACIError(
                info=_("hostname in subject of request '%(subject_host)s' "
                       "does not match principal hostname '%(hostname)s'") %
                dict(subject_host=subject_host, hostname=hostname))

        dn = None
        service = None
        # See if the service exists and punt if it doesn't and we aren't
        # going to add it
        try:
            if not principal.startswith('host/'):
                service = api.Command['service_show'](principal,
                                                      all=True,
                                                      raw=True)['result']
                dn = service['dn']
            else:
                hostname = get_host_from_principal(principal)
                service = api.Command['host_show'](hostname,
                                                   all=True,
                                                   raw=True)['result']
                dn = service['dn']
        except errors.NotFound, e:
            if not add:
                raise errors.NotFound(reason=_("The service principal for "
                                               "this request doesn't exist."))
            try:
                service = api.Command['service_add'](principal, **{
                    'force': True
                })['result']
                dn = service['dn']
            except errors.ACIError:
                raise errors.ACIError(
                    info=_('You need to be a member of '
                           'the serviceadmin role to add services'))

        # We got this far so the service entry exists, can we write it?
        if not ldap.can_write(dn, "usercertificate"):
            raise errors.ACIError(
                info=_("Insufficient 'write' privilege "
                       "to the 'userCertificate' attribute of entry '%s'.") %
                dn)

        # Validate the subject alt name, if any
        request = pkcs10.load_certificate_request(csr)
        subjectaltname = pkcs10.get_subjectaltname(request)
        if subjectaltname is not None:
            for name in subjectaltname:
                name = unicode(name)
                try:
                    hostentry = api.Command['host_show'](name,
                                                         all=True,
                                                         raw=True)['result']
                    hostdn = hostentry['dn']
                except errors.NotFound:
                    # We don't want to issue any certificates referencing
                    # machines we don't know about. Nothing is stored in this
                    # host record related to this certificate.
                    raise errors.NotFound(reason=_(
                        'no host record for '
                        'subject alt name %s in certificate request') % name)
                authprincipal = getattr(context, 'principal')
                if authprincipal.startswith("host/"):
                    if not hostdn in service.get('managedby', []):
                        raise errors.ACIError(info=_(
                            "Insufficient privilege to create a certificate "
                            "with subject alt name '%s'.") % name)

        if 'usercertificate' in service:
            serial = x509.get_serial_number(service['usercertificate'][0],
                                            datatype=x509.DER)
            # revoke the certificate and remove it from the service
            # entry before proceeding. First we retrieve the certificate to
            # see if it is already revoked, if not then we revoke it.
            try:
                result = api.Command['cert_show'](unicode(serial))['result']
                if 'revocation_reason' not in result:
                    try:
                        api.Command['cert_revoke'](unicode(serial),
                                                   revocation_reason=4)
                    except errors.NotImplementedError:
                        # some CA's might not implement revoke
                        pass
            except errors.NotImplementedError:
                # some CA's might not implement get
                pass
            if not principal.startswith('host/'):
                api.Command['service_mod'](principal, usercertificate=None)
            else:
                hostname = get_host_from_principal(principal)
                api.Command['host_mod'](hostname, usercertificate=None)

        # Request the certificate
        result = self.Backend.ra.request_certificate(csr, **kw)
        cert = x509.load_certificate(result['certificate'])
        result['issuer'] = unicode(cert.issuer)
        result['valid_not_before'] = unicode(cert.valid_not_before_str)
        result['valid_not_after'] = unicode(cert.valid_not_after_str)
        result['md5_fingerprint'] = unicode(
            nss.data_to_hex(nss.md5_digest(cert.der_data), 64)[0])
        result['sha1_fingerprint'] = unicode(
            nss.data_to_hex(nss.sha1_digest(cert.der_data), 64)[0])

        # Success? Then add it to the service entry.
        if 'certificate' in result:
            if not principal.startswith('host/'):
                skw = {"usercertificate": str(result.get('certificate'))}
                api.Command['service_mod'](principal, **skw)
            else:
                hostname = get_host_from_principal(principal)
                skw = {"usercertificate": str(result.get('certificate'))}
                api.Command['host_mod'](hostname, **skw)

        return dict(result=result)
예제 #11
0
class json_metadata(Command):
    """
    Export plugin meta-data for the webUI.
    """
    NO_CLI = True

    takes_args = (
        Str(
            'objname?',
            doc=_('Name of object to export'),
        ),
        Str(
            'methodname?',
            doc=_('Name of method to export'),
        ),
    )

    takes_options = (
        Str(
            'object?',
            doc=_('Name of object to export'),
        ),
        Str(
            'method?',
            doc=_('Name of method to export'),
        ),
        Str(
            'command?',
            doc=_('Name of command to export'),
        ),
    )

    has_output = (
        Output('objects', dict, doc=_('Dict of JSON encoded IPA Objects')),
        Output('methods', dict, doc=_('Dict of JSON encoded IPA Methods')),
        Output('commands', dict, doc=_('Dict of JSON encoded IPA Commands')),
    )

    def execute(self, objname, methodname, **options):
        objects = dict()
        methods = dict()
        commands = dict()

        empty = True

        try:
            if not objname:
                objname = options['object']
            if objname in self.api.Object:
                o = self.api.Object[objname]
                objects = dict([(o.name, json_serialize(o))])
            elif objname == "all":
                objects = dict(
                    (o.name, json_serialize(o)) for o in self.api.Object())
            empty = False
        except KeyError:
            pass

        try:
            if not methodname:
                methodname = options['method']
            if methodname in self.api.Method:
                m = self.api.Method[methodname]
                methods = dict([(m.name, json_serialize(m))])
            elif methodname == "all":
                methods = dict(
                    (m.name, json_serialize(m)) for m in self.api.Method())
            empty = False
        except KeyError:
            pass

        try:
            cmdname = options['command']
            if cmdname in self.api.Command:
                c = self.api.Command[cmdname]
                commands = dict([(c.name, json_serialize(c))])
            elif cmdname == "all":
                commands = dict(
                    (c.name, json_serialize(c)) for c in self.api.Command())
            empty = False
        except KeyError:
            pass

        if empty:
            objects = dict(
                (o.name, json_serialize(o)) for o in self.api.Object())
            methods = dict(
                (m.name, json_serialize(m)) for m in self.api.Method())
            commands = dict(
                (c.name, json_serialize(c)) for c in self.api.Command())

        retval = dict([
            ("objects", objects),
            ("methods", methods),
            ("commands", commands),
        ])

        return retval

    def output_for_cli(self, textui, result, *args, **options):
        print(json.dumps(result, default=json_serialize))
예제 #12
0
class i18n_messages(Command):
    NO_CLI = True

    messages = {
        "ajax": {
            "401": {
                "message": _("Your session has expired. Please re-login."),
            },
        },
        "actions": {
            "apply": _("Apply"),
            "confirm": _("Are you sure you want to proceed with the action."),
            "delete_confirm": _("Are you sure you want to delete ${object}"),
            "disable_confirm": _("Are you sure you want to disable ${object}"),
            "enable_confirm": _("Are you sure you want to enable ${object}"),
            "title": _("Actions"),
        },
        "association": {
            "add": {
                "ipasudorunas":
                _("Add RunAs ${other_entity} into ${entity} ${primary_key}"),
                "ipasudorunasgroup":
                _("Add RunAs Groups into ${entity} ${primary_key}"),
                "managedby":
                _("Add ${other_entity} Managing ${entity} ${primary_key}"),
                "member":
                _("Add ${other_entity} into ${entity} ${primary_key}"),
                "memberallowcmd":
                _("Add Allow ${other_entity} into ${entity} ${primary_key}"),
                "memberdenycmd":
                _("Add Deny ${other_entity} into ${entity} ${primary_key}"),
                "memberof":
                _("Add ${entity} ${primary_key} into ${other_entity}"),
            },
            "added": _("Items added"),
            "direct_membership": _("Direct Membership"),
            "indirect_membership": _("Indirect Membership"),
            "no_entries": _("No entries."),
            "paging": _("Showing ${start} to ${end} of ${total} entries."),
            "remove": {
                "ipasudorunas":
                _("Remove RunAs ${other_entity} from ${entity} ${primary_key}"
                  ),
                "ipasudorunasgroup":
                _("Remove RunAs Groups from ${entity} ${primary_key}"),
                "managedby":
                _("Remove ${other_entity} Managing ${entity} ${primary_key}"),
                "member":
                _("Remove ${other_entity} from ${entity} ${primary_key}"),
                "memberallowcmd":
                _("Remove Allow ${other_entity} from ${entity} ${primary_key}"
                  ),
                "memberdenycmd":
                _("Remove Deny ${other_entity} from ${entity} ${primary_key}"),
                "memberof":
                _("Remove ${entity} ${primary_key} from ${other_entity}"),
            },
            "removed": _("Items removed"),
            "show_results": _("Show Results"),
        },
        "buttons": {
            "add": _("Add"),
            "add_and_add_another": _("Add and Add Another"),
            "add_and_close": _("Add and Close"),
            "add_and_edit": _("Add and Edit"),
            "add_many": _("Add Many"),
            "back": _("Back"),
            "cancel": _("Cancel"),
            "close": _("Close"),
            "disable": _("Disable"),
            "edit": _("Edit"),
            "enable": _("Enable"),
            "find": _("Find"),
            "get": _("Get"),
            "issue": _("Issue"),
            "ok": _("OK"),
            "refresh": _("Refresh"),
            "remove": _("Delete"),
            "reset": _("Reset"),
            "reset_password_and_login": _("Reset Password and Login"),
            "restore": _("Restore"),
            "retry": _("Retry"),
            "revoke": _("Revoke"),
            "set": _("Set"),
            "update": _("Update"),
            "view": _("View"),
        },
        "details": {
            "collapse_all": _("Collapse All"),
            "expand_all": _("Expand All"),
            "general": _("General"),
            "identity": _("Identity Settings"),
            "settings": _("${entity} ${primary_key} Settings"),
            "to_top": _("Back to Top"),
            "updated": _("${entity} ${primary_key} updated"),
        },
        "dialogs": {
            "add_confirmation":
            _("${entity} successfully added"),
            "add_title":
            _("Add ${entity}"),
            "available":
            _("Available"),
            "batch_error_message":
            _("Some operations failed."),
            "batch_error_title":
            _("Operations Error"),
            "confirmation":
            _("Confirmation"),
            "dirty_message":
            _("This page has unsaved changes. Please save or revert."),
            "dirty_title":
            _("Unsaved Changes"),
            "edit_title":
            _("Edit ${entity}"),
            "hide_details":
            _("Hide details"),
            "prospective":
            _("Prospective"),
            "redirection":
            _("Redirection"),
            "remove_empty":
            _("Select entries to be removed."),
            "remove_title":
            _("Remove ${entity}"),
            "show_details":
            _("Show details"),
            "validation_title":
            _("Validation error"),
            "validation_message":
            _("Input form contains invalid or missing values."),
        },
        "error_report": {
            "options":
            _("Please try the following options:"),
            "problem_persists":
            _("If the problem persists please contact the system administrator."
              ),
            "refresh":
            _("Refresh the page."),
            "reload":
            _("Reload the browser."),
            "main_page":
            _("Return to the main page and retry the operation"),
            "title":
            _("An error has occurred (${error})"),
        },
        "errors": {
            "error": _("Error"),
            "http_error": _("HTTP Error"),
            "internal_error": _("Internal Error"),
            "ipa_error": _("IPA Error"),
            "no_response": _("No response"),
            "unknown_error": _("Unknown Error"),
            "url": _("URL"),
        },
        "facet_groups": {
            "managedby": _("${primary_key} is managed by:"),
            "member": _("${primary_key} members:"),
            "memberof": _("${primary_key} is a member of:"),
        },
        "facets": {
            "details": _("Settings"),
            "search": _("Search"),
        },
        "false": _("False"),
        "login": {
            "form_auth":
            _("To login with username and password, enter them in the fields below then click Login."
              ),
            "header":
            _("Logged In As"),
            "krb_auth_msg":
            _("To login with Kerberos, please make sure you have valid tickets (obtainable via kinit) and <a href='http://${host}/ipa/config/unauthorized.html'>configured</a> the browser correctly, then click Login."
              ),
            "login":
            _("Login"),
            "logout":
            _("Logout"),
            "logout_error":
            _("Logout error"),
            "password":
            _("Password"),
            "username":
            _("Username"),
        },
        "measurement_units": {
            "number_of_passwords": _("number of passwords"),
            "seconds": _("seconds"),
        },
        "objects": {
            "aci": {
                "attribute": _("Attribute"),
            },
            "automember": {
                "add_condition": _("Add Condition into ${pkey}"),
                "add_rule": _("Add Rule"),
                "attribute": _("Attribute"),
                "default_host_group": _("Default host group"),
                "default_user_group": _("Default user group"),
                "exclusive": _("Exclusive"),
                "expression": _("Expression"),
                "hostgrouprule": _("Host group rule"),
                "hostgrouprules": _("Host group rules"),
                "inclusive": _("Inclusive"),
                "usergrouprule": _("User group rule"),
                "usergrouprules": _("User group rules"),
            },
            "automountkey": {},
            "automountlocation": {
                "identity": _("Automount Location Settings")
            },
            "automountmap": {
                "map_type": _("Map Type"),
                "direct": _("Direct"),
                "indirect": _("Indirect"),
            },
            "cert": {
                "aa_compromise":
                _("AA Compromise"),
                "affiliation_changed":
                _("Affiliation Changed"),
                "ca_compromise":
                _("CA Compromise"),
                "certificate_hold":
                _("Certificate Hold"),
                "cessation_of_operation":
                _("Cessation of Operation"),
                "common_name":
                _("Common Name"),
                "expires_on":
                _("Expires On"),
                "fingerprints":
                _("Fingerprints"),
                "issue_certificate":
                _("Issue New Certificate for ${entity} ${primary_key}"),
                "issued_by":
                _("Issued By"),
                "issued_on":
                _("Issued On"),
                "issued_to":
                _("Issued To"),
                "key_compromise":
                _("Key Compromise"),
                "md5_fingerprint":
                _("MD5 Fingerprint"),
                "missing":
                _("No Valid Certificate"),
                "new_certificate":
                _("New Certificate"),
                "note":
                _("Note"),
                "organization":
                _("Organization"),
                "organizational_unit":
                _("Organizational Unit"),
                "privilege_withdrawn":
                _("Privilege Withdrawn"),
                "reason":
                _("Reason for Revocation"),
                "remove_from_crl":
                _("Remove from CRL"),
                "request_message":
                _("<ol> <li>Create a certificate database or use an existing one. To create a new database:<br/> <code># certutil -N -d &lt;database path&gt;</code> </li> <li>Create a CSR with subject <em>CN=&lt;hostname&gt;,O=&lt;realm&gt;</em>, for example:<br/> <code># certutil -R -d &lt;database path&gt; -a -g &lt;key size&gt; -s 'CN=${hostname},O=${realm}'</code> </li> <li> Copy and paste the CSR (from <em>-----BEGIN NEW CERTIFICATE REQUEST-----</em> to <em>-----END NEW CERTIFICATE REQUEST-----</em>) into the text area below: </li> </ol>"
                  ),
                "requested":
                _("Certificate requested"),
                "restore_certificate":
                _("Restore Certificate for ${entity} ${primary_key}"),
                "restore_confirmation":
                _("To confirm your intention to restore this certificate, click the \"Restore\" button."
                  ),
                "restored":
                _("Certificate restored"),
                "revoke_certificate":
                _("Revoke Certificate for ${entity} ${primary_key}"),
                "revoke_confirmation":
                _("To confirm your intention to revoke this certificate, select a reason from the pull-down list, and click the \"Revoke\" button."
                  ),
                "revoked":
                _("Certificate Revoked"),
                "serial_number":
                _("Serial Number"),
                "serial_number_hex":
                _("Serial Number (hex)"),
                "sha1_fingerprint":
                _("SHA1 Fingerprint"),
                "superseded":
                _("Superseded"),
                "unspecified":
                _("Unspecified"),
                "valid":
                _("Valid Certificate Present"),
                "validity":
                _("Validity"),
                "view_certificate":
                _("Certificate for ${entity} ${primary_key}"),
            },
            "config": {
                "group": _("Group Options"),
                "search": _("Search Options"),
                "selinux": _("SELinux Options"),
                "service": _("Service Options"),
                "user": _("User Options"),
            },
            "delegation": {},
            "dnsconfig": {
                "forward_first": _("Forward first"),
                "forward_none": _("Forwarding disabled"),
                "forward_only": _("Forward only"),
                "options": _("Options"),
            },
            "dnsrecord": {
                "data":
                _("Data"),
                "deleted_no_data":
                _("DNS record was deleted because it contained no data."),
                "other":
                _("Other Record Types"),
                "ptr_redir_address_err":
                _("Address not valid, can't redirect"),
                "ptr_redir_create":
                _("Create dns record"),
                "ptr_redir_creating":
                _("Creating record."),
                "ptr_redir_creating_err":
                _("Record creation failed."),
                "ptr_redir_record":
                _("Checking if record exists."),
                "ptr_redir_record_err":
                _("Record not found."),
                "ptr_redir_title":
                _("Redirection to PTR record"),
                "ptr_redir_zone":
                _("Zone found: ${zone}"),
                "ptr_redir_zone_err":
                _("Target reverse zone not found."),
                "ptr_redir_zones":
                _("Fetching DNS zones."),
                "ptr_redir_zones_err":
                _("An error occurred while fetching dns zones."),
                "redirection_dnszone":
                _("You will be redirected to DNS Zone."),
                "standard":
                _("Standard Record Types"),
                "title":
                _("Records for DNS Zone"),
                "type":
                _("Record Type"),
            },
            "dnszone": {
                "identity": _("DNS Zone Settings"),
                "add_permission": _("Add Permission"),
                "remove_permission": _("Remove Permission"),
            },
            "group": {
                "details": _("Group Settings"),
                "external": _("External"),
                "make_external": _("Change to external group"),
                "make_posix": _("Change to POSIX group"),
                "normal": _("Normal"),
                "posix": _("POSIX"),
                "type": _("Group Type"),
            },
            "hbacrule": {
                "any_host": _("Any Host"),
                "any_service": _("Any Service"),
                "anyone": _("Anyone"),
                "host": _("Accessing"),
                "ipaenabledflag": _("Rule status"),
                "service": _("Via Service"),
                "specified_hosts": _("Specified Hosts and Groups"),
                "specified_services": _("Specified Services and Groups"),
                "specified_users": _("Specified Users and Groups"),
                "user": _("Who"),
            },
            "hbacsvc": {},
            "hbacsvcgroup": {
                "services": _("Services"),
            },
            "hbactest": {
                "access_denied": _("Access Denied"),
                "access_granted": _("Access Granted"),
                "include_disabled": _("Include Disabled"),
                "include_enabled": _("Include Enabled"),
                "label": _("HBAC Test"),
                "matched": _("Matched"),
                "missing_values": _("Missing values: "),
                "new_test": _("New Test"),
                "rules": _("Rules"),
                "run_test": _("Run Test"),
                "specify_external": _("Specify external ${entity}"),
                "unmatched": _("Unmatched"),
            },
            "host": {
                "certificate":
                _("Host Certificate"),
                "cn":
                _("Host Name"),
                "delete_key_unprovision":
                _("Delete Key, Unprovision"),
                "details":
                _("Host Settings"),
                "enrolled":
                _("Enrolled"),
                "enrollment":
                _("Enrollment"),
                "fqdn":
                _("Fully Qualified Host Name"),
                "keytab":
                _("Kerberos Key"),
                "keytab_missing":
                _("Kerberos Key Not Present"),
                "keytab_present":
                _("Kerberos Key Present, Host Provisioned"),
                "password":
                _("One-Time-Password"),
                "password_missing":
                _("One-Time-Password Not Present"),
                "password_present":
                _("One-Time-Password Present"),
                "password_reset_button":
                _("Reset OTP"),
                "password_reset_title":
                _("Reset One-Time-Password"),
                "password_set_button":
                _("Set OTP"),
                "password_set_success":
                _("OTP set"),
                "password_set_title":
                _("Set One-Time-Password"),
                "status":
                _("Status"),
                "unprovision":
                _("Unprovision"),
                "unprovision_confirmation":
                _("Are you sure you want to unprovision this host?"),
                "unprovision_title":
                _("Unprovisioning ${entity}"),
                "unprovisioned":
                _("Host unprovisioned"),
            },
            "hostgroup": {
                "identity": _("Host Group Settings"),
            },
            "krbtpolicy": {
                "identity": _("Kerberos Ticket Policy"),
            },
            "netgroup": {
                "any_host": _("Any Host"),
                "anyone": _("Anyone"),
                "external": _("External"),
                "host": _("Host"),
                "hostgroups": _("Host Groups"),
                "hosts": _("Hosts"),
                "identity": _("Netgroup Settings"),
                "specified_hosts": _("Specified Hosts and Groups"),
                "specified_users": _("Specified Users and Groups"),
                "user": _("User"),
                "usergroups": _("User Groups"),
                "users": _("Users"),
            },
            "permission": {
                "identity": _("Identity"),
                "invalid_target":
                _("Permission with invalid target specification"),
                "rights": _("Rights"),
                "target": _("Target"),
            },
            "privilege": {
                "identity": _("Privilege Settings"),
            },
            "pwpolicy": {
                "identity": _("Password Policy"),
            },
            "idrange": {
                "details": _("Range Settings"),
                "ipabaseid": _("Base ID"),
                "ipabaserid": _("Primary RID base"),
                "ipaidrangesize": _("Range size"),
                "ipanttrusteddomainsid": _("Domain SID"),
                "ipasecondarybaserid": _("Secondary RID base"),
                "type": _("Range type"),
                "type_ad": _("Active Directory domain"),
                "type_local": _("Local domain"),
            },
            "role": {
                "identity": _("Role Settings"),
            },
            "selfservice": {},
            "selinuxusermap": {
                "any_host": _("Any Host"),
                "anyone": _("Anyone"),
                "host": _("Host"),
                "specified_hosts": _("Specified Hosts and Groups"),
                "specified_users": _("Specified Users and Groups"),
                "user": _("User"),
            },
            "service": {
                "certificate":
                _("Service Certificate"),
                "delete_key_unprovision":
                _("Delete Key, Unprovision"),
                "details":
                _("Service Settings"),
                "host":
                _("Host Name"),
                "missing":
                _("Kerberos Key Not Present"),
                "provisioning":
                _("Provisioning"),
                "service":
                _("Service"),
                "status":
                _("Status"),
                "unprovision":
                _("Unprovision"),
                "unprovision_confirmation":
                _("Are you sure you want to unprovision this service?"),
                "unprovision_title":
                _("Unprovisioning ${entity}"),
                "unprovisioned":
                _("Service unprovisioned"),
                "valid":
                _("Kerberos Key Present, Service Provisioned"),
            },
            "sshkeystore": {
                "keys": _("SSH public keys"),
                "set_dialog_help": _("SSH public key:"),
                "set_dialog_title": _("Set SSH key"),
                "show_set_key": _("Show/Set key"),
                "status_mod_ns": _("Modified: key not set"),
                "status_mod_s": _("Modified"),
                "status_new_ns": _("New: key not set"),
                "status_new_s": _("New: key set"),
            },
            "sudocmd": {
                "groups": _("Groups"),
            },
            "sudocmdgroup": {
                "commands": _("Commands"),
            },
            "sudorule": {
                "allow": _("Allow"),
                "any_command": _("Any Command"),
                "any_group": _("Any Group"),
                "any_host": _("Any Host"),
                "anyone": _("Anyone"),
                "command": _("Run Commands"),
                "deny": _("Deny"),
                "external": _("External"),
                "host": _("Access this host"),
                "ipaenabledflag": _("Rule status"),
                "option_added": _("Option added"),
                "option_removed": _("Option(s) removed"),
                "options": _("Options"),
                "runas": _("As Whom"),
                "specified_commands": _("Specified Commands and Groups"),
                "specified_groups": _("Specified Groups"),
                "specified_hosts": _("Specified Hosts and Groups"),
                "specified_users": _("Specified Users and Groups"),
                "user": _("Who"),
            },
            "trust": {
                "account": _("Account"),
                "admin_account": _("Administrative account"),
                "details": _("Trust Settings"),
                "domain": _("Domain"),
                "establish_using": _("Establish using"),
                "ipantflatname": _("Domain NetBIOS name"),
                "ipanttrusteddomainsid": _("Domain Security Identifier"),
                "preshared_password": _("Pre-shared password"),
                "trustdirection": _("Trust direction"),
                "truststatus": _("Trust status"),
                "trusttype": _("Trust type"),
            },
            "user": {
                "account":
                _("Account Settings"),
                "account_status":
                _("Account Status"),
                "contact":
                _("Contact Settings"),
                "employee":
                _("Employee Information"),
                "error_changing_status":
                _("Error changing account status"),
                "krbpasswordexpiration":
                _("Password expiration"),
                "mailing":
                _("Mailing Address"),
                "misc":
                _("Misc. Information"),
                "status_confirmation":
                _("Are you sure you want to ${action} the user?<br/>The change will take effect immediately."
                  ),
                "status_link":
                _("Click to ${action}"),
            },
        },
        "password": {
            "current_password":
            _("Current Password"),
            "current_password_required":
            _("Current password is required"),
            "expires_in":
            _("Your password expires in ${days} days."),
            "invalid_password":
            _("The password or username you entered is incorrect."),
            "new_password":
            _("New Password"),
            "new_password_required":
            _("New password is required"),
            "password":
            _("Password"),
            "password_change_complete":
            _("Password change complete"),
            "password_must_match":
            _("Passwords must match"),
            "reset_failure":
            _("Password reset was not successful."),
            "reset_password":
            _("Reset Password"),
            "reset_password_sentence":
            _("Reset your password."),
            "verify_password":
            _("Verify Password"),
        },
        "search": {
            "delete_confirm":
            _("Are you sure you want to delete selected entries?"),
            "deleted":
            _("Selected entries were deleted."),
            "disable_confirm":
            _("Are you sure you want to disable selected entries?"),
            "disabled":
            _("${count} items were disabled"),
            "enable_confirm":
            _("Are you sure you want to enable selected entries?"),
            "enabled":
            _("${count} items were enabled"),
            "partial_delete":
            _("Some entries were not deleted"),
            "quick_links":
            _("Quick Links"),
            "select_all":
            _("Select All"),
            "truncated":
            _("Query returned more results than the configured size limit. Displaying the first ${counter} results."
              ),
            "unselect_all":
            _("Unselect All"),
        },
        "status": {
            "disable": _("Disable"),
            "disabled": _("Disabled"),
            "enable": _("Enable"),
            "enabled": _("Enabled"),
            "label": _("Status"),
        },
        "tabs": {
            "audit": _("Audit"),
            "automember": _("Automember"),
            "automount": _("Automount"),
            "dns": _("DNS"),
            "hbac": _("Host Based Access Control"),
            "identity": _("Identity"),
            "ipaserver": _("IPA Server"),
            "policy": _("Policy"),
            "role": _("Role Based Access Control"),
            "sudo": _("Sudo"),
        },
        "true": _("True"),
        "widget": {
            "next": _("Next"),
            "page": _("Page"),
            "prev": _("Prev"),
            "undo": _("undo"),
            "undo_all": _("undo all"),
            "validation": {
                "error": _("Text does not match field pattern"),
                "decimal": _("Must be a decimal number"),
                "integer": _("Must be an integer"),
                "ip_address": _('Not a valid IP address'),
                "ip_v4_address": _('Not a valid IPv4 address'),
                "ip_v6_address": _('Not a valid IPv6 address'),
                "max_value": _("Maximum value is ${value}"),
                "min_value": _("Minimum value is ${value}"),
                "net_address": _("Not a valid network address"),
                "port": _("'${port}' is not a valid port"),
                "required": _("Required field"),
                "unsupported": _("Unsupported value"),
            },
        },
    }
    has_output = (Output('messages', dict, doc=_('Dict of I18N messages')), )

    def execute(self):
        return dict([("messages", json_serialize(self.messages))])

    def output_for_cli(self, textui, result, *args, **options):
        print json.dumps(result, default=json_serialize)
예제 #13
0
class batch(Command):
    __doc__ = _('Make multiple ipa calls via one remote procedure call')
    NO_CLI = True

    takes_args = (Dict(
        'methods*',
        doc=_('Nested Methods to execute'),
    ), )

    take_options = (Str(
        'version',
        cli_name='version',
        doc=_(
            'Client version. Used to determine if server will accept request.'
        ),
        exclude='webui',
        flags=['no_option', 'no_output'],
        default=API_VERSION,
        autofill=True,
    ), )

    has_output = (Output('count', int,
                         doc=''), Output('results', (list, tuple), doc=''))

    def _validate_request(self, request):
        """
        Check that an individual request in a batch is parseable and the
        commands exists.
        """
        if 'method' not in request:
            raise errors.RequirementError(name='method')
        if 'params' not in request:
            raise errors.RequirementError(name='params')
        name = request['method']
        if (name not in self.api.Command
                or isinstance(self.api.Command[name], Local)):
            raise errors.CommandError(name=name)

        # If params are not formated as a tuple(list, dict)
        # the following lines will raise an exception
        # that triggers an internal server error
        # Raise a ConversionError instead to report the issue
        # to the client
        try:
            a, kw = request['params']
            newkw = dict((str(k), v) for k, v in kw.items())
            api.Command[name].args_options_2_params(*a, **newkw)
        except (AttributeError, ValueError, TypeError):
            raise errors.ConversionError(
                name='params', error=_(u'must contain a tuple (list, dict)'))
        except Exception as e:
            raise errors.ConversionError(name='params', error=str(e))

    def _repr_iter(self, **params):
        """
        Iterate through the request and use the Command _repr_intr so
        that sensitive information (passwords) is not exposed.

        In case of a malformatted request redact the entire thing.
        """
        exceptions = False
        for arg in (params.get('methods', [])):
            try:
                self._validate_request(arg)
            except Exception:
                # redact the whole request since we don't know what's in it
                exceptions = True
                yield u'********'
                continue

            name = arg['method']
            a, kw = arg['params']
            newkw = dict((str(k), v) for k, v in kw.items())
            param = api.Command[name].args_options_2_params(*a, **newkw)

            yield '{}({})'.format(
                api.Command[name].name,
                ', '.join(api.Command[name]._repr_iter(**param)))

        if exceptions:
            logger.debug('batch: %s',
                         ', '.join(super(batch, self)._repr_iter(**params)))

    def execute(self, methods=None, **options):
        results = []
        for arg in (methods or []):
            params = dict()
            name = None
            try:
                self._validate_request(arg)
                name = arg['method']
                a, kw = arg['params']
                newkw = dict((str(k), v) for k, v in kw.items())
                params = api.Command[name].args_options_2_params(*a, **newkw)
                newkw.setdefault('version', options['version'])

                result = api.Command[name](*a, **newkw)
                logger.info('%s: batch: %s(%s): SUCCESS',
                            getattr(context, 'principal', 'UNKNOWN'), name,
                            ', '.join(api.Command[name]._repr_iter(**params)))
                result['error'] = None
            except Exception as e:
                if (isinstance(e, errors.RequirementError)
                        or isinstance(e, errors.CommandError)
                        or isinstance(e, errors.ConversionError)):
                    logger.info(
                        '%s: batch: %s',
                        context.principal,  # pylint: disable=no-member
                        e.__class__.__name__)
                else:
                    logger.info(
                        '%s: batch: %s(%s): %s',
                        context.principal,
                        name,  # pylint: disable=no-member
                        ', '.join(api.Command[name]._repr_iter(**params)),
                        e.__class__.__name__)
                if isinstance(e, errors.PublicError):
                    reported_error = e
                else:
                    reported_error = errors.InternalError()
                result = dict(
                    error=reported_error.strerror,
                    error_code=reported_error.errno,
                    error_name=unicode(type(reported_error).__name__),
                    error_kw=reported_error.kw,
                )
            results.append(result)
        return dict(count=len(results), results=results)