예제 #1
0
파일: passwd.py 프로젝트: cajunken/freeipa 
def get_current_password(principal):
    """
    If the user is changing their own password then return None so the
    current password is prompted for, otherwise return a fixed value to
    be ignored later.
    """
    current_principal = util.get_current_principal()
    if current_principal == normalize_principal(principal):
        return None
    else:
        return MAGIC_VALUE
예제 #2
0
def get_current_password(principal):
    """
    If the user is changing their own password then return None so the
    current password is prompted for, otherwise return a fixed value to
    be ignored later.
    """
    current_principal = util.get_current_principal()
    if current_principal == normalize_principal(principal):
        return None
    else:
        return MAGIC_VALUE
예제 #3
0
class passwd(Command):
    __doc__ = _("Set a user's password.")

    takes_args = (
        Str(
            'principal',
            validate_principal,
            cli_name='user',
            label=_('User name'),
            primary_key=True,
            autofill=True,
            default_from=lambda: util.get_current_principal(),
            normalizer=lambda value: normalize_principal(value),
        ),
        Password(
            'password',
            label=_('New Password'),
        ),
        Password(
            'current_password',
            label=_('Current Password'),
            confirm=False,
            default_from=lambda principal: get_current_password(principal),
            autofill=True,
            sortorder=-1,
        ),
    )

    has_output = output.standard_value
    msg_summary = _('Changed password for "%(value)s"')

    def execute(self, principal, password, current_password):
        """
        Execute the passwd operation.

        The dn should not be passed as a keyword argument as it is constructed
        by this method.

        Returns the entry

        :param principal: The login name or principal of the user
        :param password: the new password
        :param current_password: the existing password, if applicable
        """
        ldap = self.api.Backend.ldap2

        (dn, entry_attrs) = ldap.find_entry_by_attr(
            'krbprincipalname', principal, 'posixaccount', [''],
            DN(api.env.container_user, api.env.basedn))

        if principal == getattr(context, 'principal') and \
            current_password == MAGIC_VALUE:
            # No cheating
            self.log.warn(
                'User attempted to change password using magic value')
            raise errors.ACIError(info=_('Invalid credentials'))

        if current_password == MAGIC_VALUE:
            ldap.modify_password(dn, password)
        else:
            ldap.modify_password(dn, password, current_password)

        return dict(
            result=True,
            value=principal,
        )