URL: https://github.com/freeipa/freeipa/pull/403
Author: redhatrises
Title: #403: Add new ipa passwd-generate command
Action: opened
PR body:
"""
This PR adds a new command line option `ipa passwd-generate` that uses the
refactored `ipa_password_generate()` function. This is useful for generating
secure passwords for service and system accounts or passwords for applications
that may not be able to handle all character types. This could also be useful
in the future for generating a temporary password for any portal efforts.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/403/head:pr403
git checkout pr403
From 4b454ecbf89ad87e46a160412defff881d0b6f26 Mon Sep 17 00:00:00 2001
From: Gabe <redhatri...@gmail.com>
Date: Wed, 18 Jan 2017 20:40:37 -0700
Subject: [PATCH] Add new ipa passwd-generate command
Adds new `ipa passwd-generate` command which has the ability to create
complex passwords using the refactored ipa_generate_password function
which is useful for deriving secure passwords for system/service accounts
rather than relying on system administrators to come up with their own
form of password.
---
API.txt | 11 +++++++
VERSION.m4 | 4 +--
ipaserver/plugins/passwd.py | 78 ++++++++++++++++++++++++++++++++++++++++++++-
3 files changed, 90 insertions(+), 3 deletions(-)
diff --git a/API.txt b/API.txt
index 543cec5..ddf38b3 100644
--- a/API.txt
+++ b/API.txt
@@ -3461,6 +3461,16 @@ option: Str('version?')
output: Output('result', type=[<type 'bool'>])
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: Output('value', type=[<type 'unicode'>])
+command: passwd_generate/1
+args: 0,7,1
+option: Int('digits?')
+option: Int('entropy?')
+option: Int('length?')
+option: Int('lowercase?')
+option: Int('special?')
+option: Int('uppercase?')
+option: Str('version?')
+output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
command: permission_add/1
args: 1,21,3
arg: Str('cn', cli_name='name')
@@ -6546,6 +6556,7 @@ default: param/1
default: param_find/1
default: param_show/1
default: passwd/1
+default: passwd_generate/1
default: permission/1
default: permission_add/1
default: permission_add_member/1
diff --git a/VERSION.m4 b/VERSION.m4
index 36929ee..c4fd931 100644
--- a/VERSION.m4
+++ b/VERSION.m4
@@ -73,8 +73,8 @@ define(IPA_DATA_VERSION, 20100614120000)
# #
########################################################
define(IPA_API_VERSION_MAJOR, 2)
-define(IPA_API_VERSION_MINOR, 217)
-# Last change: Add options to write lightweight CA cert or chain to file
+define(IPA_API_VERSION_MINOR, 218)
+# Last change: Add new command line option to generate a password
########################################################
diff --git a/ipaserver/plugins/passwd.py b/ipaserver/plugins/passwd.py
index 8cac145..a501bcb 100644
--- a/ipaserver/plugins/passwd.py
+++ b/ipaserver/plugins/passwd.py
@@ -21,7 +21,7 @@
from ipalib import api, errors, krb_utils
from ipalib import Command
-from ipalib import Password
+from ipalib import Password, Int
from ipalib import _
from ipalib import output
from ipalib.parameters import Principal
@@ -29,6 +29,7 @@
from ipalib.request import context
from ipapython import kerberos
from ipapython.dn import DN
+from ipapython.ipautil import ipa_generate_password
from ipaserver.plugins.baseuser import normalize_user_principal
from ipaserver.plugins.service import validate_realm
@@ -147,3 +148,78 @@ def execute(self, principal, password, current_password, **options):
result=True,
value=principal,
)
+
+
+@register()
+class passwd_generate(Command):
+ __doc__ = _("Autogenerate a password.")
+
+ takes_options = (
+ Int('uppercase',
+ label=_('Uppercase'),
+ doc=_('Number of uppercase characters'),
+ required=False,
+ ),
+ Int('lowercase',
+ label=_('Lowercase'),
+ doc=_('Number of lowercase characters'),
+ required=False,
+ ),
+ Int('digits',
+ label=_('Digits'),
+ doc=_('Number of digits'),
+ required=False,
+ ),
+ Int('special',
+ label=_('Special characters'),
+ doc=_('Number of special characters'),
+ required=False,
+ ),
+ Int('length',
+ label=_('Length'),
+ doc=_('Password Length'),
+ required=False,
+ ),
+ Int('entropy',
+ label=_('Entropy'),
+ doc=_('Number of entropy bits'),
+ required=False,
+ ),
+ )
+
+ has_output = (
+ output.summary,
+ )
+
+ def execute(self, *keys, **options):
+ pwd_length = options.get('length')
+ entropy = options.get('entropy')
+ ucase = options.get('uppercase')
+ lcase = options.get('lowercase')
+ numbers = options.get('digits')
+ schar = options.get('special')
+
+ if not pwd_length:
+ pwd_length = 8
+ if not entropy:
+ entropy = 0
+ if not numbers:
+ numbers = 1
+ if not ucase:
+ ucase = 1
+ if not lcase:
+ lcase = 1
+ if not numbers:
+ numbers = 1
+ if not schar:
+ schar = 1
+
+ password = ipa_generate_password(entropy_bits=entropy,
+ min_len=pwd_length,
+ digits=numbers,
+ uppercase=ucase,
+ lowercase=lcase,
+ special=schar)
+ msg_summary = unicode(_('Generated password is: %s' % password))
+
+ return dict(summary=msg_summary)
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
