Improved options checking so that host-mod operation is not changing
password for enrolled host when '--random' option is used.
https://fedorahosted.org/freeipa/ticket/2799
Updated set of characters that is used for generating random passwords
for ipa hosts. Following characters were removed from the set: '"`\$<>
https://fedorahosted.org/freeipa/ticket/2800
<https://fedorahosted.org/freeipa/ticket/2800>
--
Regards,
Ondrej Hamada
FreeIPA team
jabber: oh...@jabbim.cz
IRC: ohamada
From a6e41564225b9b9efe7fd2ae3e21ae90288680b2 Mon Sep 17 00:00:00 2001
From: Ondrej Hamada <oham...@redhat.com>
Date: Wed, 13 Jun 2012 16:27:51 +0200
Subject: [PATCH] Change random passwords behaviour
Improved options checking so that host-mod operation is not changing
password for enrolled host when '--random' option is used.
https://fedorahosted.org/freeipa/ticket/2799
Updated set of characters that is used for generating random passwords
for ipa hosts. Following characters were removed from the set: '"`\$<>
https://fedorahosted.org/freeipa/ticket/2800
---
ipalib/plugins/host.py | 10 +++++++---
1 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 96b73cc5594335ad02dd43f87e7e011ab84157a1..4a3330f5ae4214a65aa56983c983e86cc4423b48 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -24,6 +24,7 @@ import sys
from nss.error import NSPRError
import nss.nss as nss
import netaddr
+import string
from ipalib import api, errors, util
from ipalib import Str, Flag, Bytes
@@ -99,6 +100,9 @@ EXAMPLES:
ipa host-add-managedby --hosts=test2 test
""")
+# characters to be used by random password generator
+host_pwd_chars=string.digits + string.ascii_letters + '~!@#%^&*()-_=+{}[]:;|,.?/ '
+
def remove_fwd_ptr(ipaddr, host, domain, recordtype):
api.log.debug('deleting ipaddr %s' % ipaddr)
try:
@@ -404,7 +408,7 @@ class host_add(LDAPCreate):
if 'krbprincipal' in entry_attrs['objectclass']:
entry_attrs['objectclass'].remove('krbprincipal')
if options.get('random'):
- entry_attrs['userpassword'] = ipa_generate_password()
+ entry_attrs['userpassword'] = ipa_generate_password(characters=host_pwd_chars)
# save the password so it can be displayed in post_callback
setattr(context, 'randompassword', entry_attrs['userpassword'])
cert = options.get('usercertificate')
@@ -596,7 +600,7 @@ class host_mod(LDAPUpdate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
# Allow an existing OTP to be reset but don't allow a OTP to be
# added to an enrolled host.
- if 'userpassword' in options:
+ if options.get('userpassword') or options.get('random'):
entry = {}
self.obj.get_password_attributes(ldap, dn, entry)
if not entry['has_password'] and entry['has_keytab']:
@@ -649,7 +653,7 @@ class host_mod(LDAPUpdate):
entry_attrs['usercertificate'] = cert
if options.get('random'):
- entry_attrs['userpassword'] = ipa_generate_password()
+ entry_attrs['userpassword'] = ipa_generate_password(characters=host_pwd_chars)
setattr(context, 'randompassword', entry_attrs['userpassword'])
if 'macaddress' in entry_attrs:
if 'objectclass' in entry_attrs:
--
1.7.6.5
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
