URL: https://github.com/freeipa/freeipa/pull/403 Author: redhatrises Title: #403: Add new ipa passwd-generate command Action: opened
PR body: """ This PR adds a new command line option `ipa passwd-generate` that uses the refactored `ipa_password_generate()` function. This is useful for generating secure passwords for service and system accounts or passwords for applications that may not be able to handle all character types. This could also be useful in the future for generating a temporary password for any portal efforts. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/403/head:pr403 git checkout pr403
From 4b454ecbf89ad87e46a160412defff881d0b6f26 Mon Sep 17 00:00:00 2001 From: Gabe <redhatri...@gmail.com> Date: Wed, 18 Jan 2017 20:40:37 -0700 Subject: [PATCH] Add new ipa passwd-generate command Adds new `ipa passwd-generate` command which has the ability to create complex passwords using the refactored ipa_generate_password function which is useful for deriving secure passwords for system/service accounts rather than relying on system administrators to come up with their own form of password. --- API.txt | 11 +++++++ VERSION.m4 | 4 +-- ipaserver/plugins/passwd.py | 78 ++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 90 insertions(+), 3 deletions(-) diff --git a/API.txt b/API.txt index 543cec5..ddf38b3 100644 --- a/API.txt +++ b/API.txt @@ -3461,6 +3461,16 @@ option: Str('version?') output: Output('result', type=[<type 'bool'>]) output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: Output('value', type=[<type 'unicode'>]) +command: passwd_generate/1 +args: 0,7,1 +option: Int('digits?') +option: Int('entropy?') +option: Int('length?') +option: Int('lowercase?') +option: Int('special?') +option: Int('uppercase?') +option: Str('version?') +output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) command: permission_add/1 args: 1,21,3 arg: Str('cn', cli_name='name') @@ -6546,6 +6556,7 @@ default: param/1 default: param_find/1 default: param_show/1 default: passwd/1 +default: passwd_generate/1 default: permission/1 default: permission_add/1 default: permission_add_member/1 diff --git a/VERSION.m4 b/VERSION.m4 index 36929ee..c4fd931 100644 --- a/VERSION.m4 +++ b/VERSION.m4 @@ -73,8 +73,8 @@ define(IPA_DATA_VERSION, 20100614120000) # # ######################################################## define(IPA_API_VERSION_MAJOR, 2) -define(IPA_API_VERSION_MINOR, 217) -# Last change: Add options to write lightweight CA cert or chain to file +define(IPA_API_VERSION_MINOR, 218) +# Last change: Add new command line option to generate a password ######################################################## diff --git a/ipaserver/plugins/passwd.py b/ipaserver/plugins/passwd.py index 8cac145..a501bcb 100644 --- a/ipaserver/plugins/passwd.py +++ b/ipaserver/plugins/passwd.py @@ -21,7 +21,7 @@ from ipalib import api, errors, krb_utils from ipalib import Command -from ipalib import Password +from ipalib import Password, Int from ipalib import _ from ipalib import output from ipalib.parameters import Principal @@ -29,6 +29,7 @@ from ipalib.request import context from ipapython import kerberos from ipapython.dn import DN +from ipapython.ipautil import ipa_generate_password from ipaserver.plugins.baseuser import normalize_user_principal from ipaserver.plugins.service import validate_realm @@ -147,3 +148,78 @@ def execute(self, principal, password, current_password, **options): result=True, value=principal, ) + + +@register() +class passwd_generate(Command): + __doc__ = _("Autogenerate a password.") + + takes_options = ( + Int('uppercase', + label=_('Uppercase'), + doc=_('Number of uppercase characters'), + required=False, + ), + Int('lowercase', + label=_('Lowercase'), + doc=_('Number of lowercase characters'), + required=False, + ), + Int('digits', + label=_('Digits'), + doc=_('Number of digits'), + required=False, + ), + Int('special', + label=_('Special characters'), + doc=_('Number of special characters'), + required=False, + ), + Int('length', + label=_('Length'), + doc=_('Password Length'), + required=False, + ), + Int('entropy', + label=_('Entropy'), + doc=_('Number of entropy bits'), + required=False, + ), + ) + + has_output = ( + output.summary, + ) + + def execute(self, *keys, **options): + pwd_length = options.get('length') + entropy = options.get('entropy') + ucase = options.get('uppercase') + lcase = options.get('lowercase') + numbers = options.get('digits') + schar = options.get('special') + + if not pwd_length: + pwd_length = 8 + if not entropy: + entropy = 0 + if not numbers: + numbers = 1 + if not ucase: + ucase = 1 + if not lcase: + lcase = 1 + if not numbers: + numbers = 1 + if not schar: + schar = 1 + + password = ipa_generate_password(entropy_bits=entropy, + min_len=pwd_length, + digits=numbers, + uppercase=ucase, + lowercase=lcase, + special=schar) + msg_summary = unicode(_('Generated password is: %s' % password)) + + return dict(summary=msg_summary)
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code