[Freeipa-devel] [freeipa PR#403][synchronized] Add new ipa passwd-generate command

Thu, 19 Jan 2017 20:08:46 -0800 

   URL: https://github.com/freeipa/freeipa/pull/403
Author: redhatrises
 Title: #403: Add new ipa passwd-generate command
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/403/head:pr403
git checkout pr403

From a7157c8f83ca544664431a05e3db8171fa9fa27e Mon Sep 17 00:00:00 2001
From: Gabe <redhatri...@gmail.com>
Date: Thu, 19 Jan 2017 21:04:57 -0700
Subject: [PATCH] Add new ipa passwd-generate command

Adds new `ipa passwd-generate` command which has the ability to create
complex passwords using the refactored ipa_generate_password function
which is useful for deriving secure passwords for system/service accounts
rather than relying on system administrators to come up with their own
form of password.
---
 API.txt                     | 11 +++++++
 VERSION.m4                  |  4 +--
 ipaserver/plugins/passwd.py | 75 ++++++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 87 insertions(+), 3 deletions(-)

diff --git a/API.txt b/API.txt
index 543cec5..f0ec2ae 100644
--- a/API.txt
+++ b/API.txt
@@ -3461,6 +3461,16 @@ option: Str('version?')
 output: Output('result', type=[<type 'bool'>])
 output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
 output: Output('value', type=[<type 'unicode'>])
+command: passwd_generate/1
+args: 0,7,1
+option: Int('digits?', autofill=True, default=1)
+option: Int('entropy?', autofill=True, default=0)
+option: Int('length?', autofill=True, default=8)
+option: Int('lowercase?', autofill=True, default=1)
+option: Int('special?', autofill=True, default=1)
+option: Int('uppercase?', autofill=True, default=1)
+option: Str('version?')
+output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
 command: permission_add/1
 args: 1,21,3
 arg: Str('cn', cli_name='name')
@@ -6546,6 +6556,7 @@ default: param/1
 default: param_find/1
 default: param_show/1
 default: passwd/1
+default: passwd_generate/1
 default: permission/1
 default: permission_add/1
 default: permission_add_member/1
diff --git a/VERSION.m4 b/VERSION.m4
index 36929ee..c4fd931 100644
--- a/VERSION.m4
+++ b/VERSION.m4
@@ -73,8 +73,8 @@ define(IPA_DATA_VERSION, 20100614120000)
 #                                                      #
 ########################################################
 define(IPA_API_VERSION_MAJOR, 2)
-define(IPA_API_VERSION_MINOR, 217)
-# Last change: Add options to write lightweight CA cert or chain to file
+define(IPA_API_VERSION_MINOR, 218)
+# Last change: Add new command line option to generate a password
 
 
 ########################################################
diff --git a/ipaserver/plugins/passwd.py b/ipaserver/plugins/passwd.py
index 8cac145..35322b8 100644
--- a/ipaserver/plugins/passwd.py
+++ b/ipaserver/plugins/passwd.py
@@ -21,7 +21,7 @@
 
 from ipalib import api, errors, krb_utils
 from ipalib import Command
-from ipalib import Password
+from ipalib import Password, Int
 from ipalib import _
 from ipalib import output
 from ipalib.parameters import Principal
@@ -29,6 +29,7 @@
 from ipalib.request import context
 from ipapython import kerberos
 from ipapython.dn import DN
+from ipapython.ipautil import ipa_generate_password
 from ipaserver.plugins.baseuser import normalize_user_principal
 from ipaserver.plugins.service import validate_realm
 
@@ -147,3 +148,75 @@ def execute(self, principal, password, current_password, **options):
             result=True,
             value=principal,
         )
+
+
+@register()
+class passwd_generate(Command):
+    __doc__ = _("Autogenerate a password.")
+
+    takes_options = (
+        Int('uppercase',
+            label=_('Uppercase'),
+            doc=_('Number of uppercase characters'),
+            default=1,
+            autofill=True,
+            required=False,
+        ),
+        Int('lowercase',
+            label=_('Lowercase'),
+            doc=_('Number of lowercase characters'),
+            default=1,
+            autofill=True,
+            required=False,
+        ),
+        Int('digits',
+            label=_('Digits'),
+            doc=_('Number of digits'),
+            default=1,
+            autofill=True,
+            required=False,
+        ),
+        Int('special',
+            label=_('Special characters'),
+            doc=_('Number of special characters'),
+            default=1,
+            autofill=True,
+            required=False,
+        ),
+        Int('length',
+            label=_('Length'),
+            doc=_('Password Length'),
+            default=8,
+            autofill=True,
+            required=False,
+        ),
+        Int('entropy',
+            label=_('Entropy'),
+            doc=_('Number of entropy bits'),
+            default=0,
+            autofill=True,
+            required=False,
+        ),
+    )
+
+    has_output = (
+        output.summary,
+    )
+
+    def execute(self, *keys, **options):
+        pwd_length = options.get('length')
+        entropy = options.get('entropy')
+        ucase = options.get('uppercase')
+        lcase = options.get('lowercase')
+        numbers = options.get('digits')
+        schar = options.get('special')
+
+        password = ipa_generate_password(entropy_bits=entropy,
+                                         min_len=pwd_length,
+                                         digits=numbers,
+                                         uppercase=ucase,
+                                         lowercase=lcase,
+                                         special=schar)
+        msg_summary = unicode(_('Generated password is: %s' % password))
+
+        return dict(summary=msg_summary)

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to