areguera / rpms / ipa

Forked from rpms/ipa 5 years ago
Clone
Blob Blame History Raw
From f7996d16d5a424f136d54a7dc190d4e6c5dad628 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Fri, 5 Sep 2014 11:26:18 +0200
Subject: [PATCH] Remove pkinit plugin

This patch completely removes any signs of pkinit in the IPA package. It
should be used only as addition to the first patch attached to the
ticket.

Rebased patch by Jan Zeleny and Rob Crittenden.

https://fedorahosted.org/freeipa/ticket/616
---
 API.txt                  |   5 ---
 ipalib/plugins/pkinit.py | 105 -----------------------------------------------
 2 files changed, 110 deletions(-)
 delete mode 100644 ipalib/plugins/pkinit.py

diff --git a/API.txt b/API.txt
index 7949c49f9fb9e3cd7eceb64a05dd8e550eb48f8b..e573a2838777dc564fc8ef16f97b36fe17b67590 100644
--- a/API.txt
+++ b/API.txt
@@ -2895,11 +2895,6 @@ command: ping
 args: 0,1,1
 option: Str('version?', exclude='webui')
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
-command: pkinit_anonymous
-args: 1,1,1
-arg: Str('action')
-option: Str('version?', exclude='webui')
-output: Output('result', None, None)
 command: plugins
 args: 0,3,3
 option: Flag('all', autofill=True, cli_name='all', default=True, exclude='webui')
diff --git a/ipalib/plugins/pkinit.py b/ipalib/plugins/pkinit.py
deleted file mode 100644
index 5f00b2b46ff94cca7f98876c0171f455c210d778..0000000000000000000000000000000000000000
--- a/ipalib/plugins/pkinit.py
+++ /dev/null
@@ -1,105 +0,0 @@
-# Authors:
-#   Simo Sorce <ssorce@redhat.com>
-#
-# Copyright (C) 2010  Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-from ipalib import api, errors
-from ipalib import Int, Str
-from ipalib import Object, Command
-from ipalib import _
-from ipalib.plugable import Registry
-from ipapython.dn import DN
-
-__doc__ = _("""
-Kerberos pkinit options
-
-Enable or disable anonymous pkinit using the principal
-WELLKNOWN/ANONYMOUS@REALM. The server must have been installed with
-pkinit support.
-
-EXAMPLES:
-
- Enable anonymous pkinit:
-  ipa pkinit-anonymous enable
-
- Disable anonymous pkinit:
-  ipa pkinit-anonymous disable
-
-For more information on anonymous pkinit see:
-
-http://k5wiki.kerberos.org/wiki/Projects/Anonymous_pkinit
-""")
-
-register = Registry()
-
-@register()
-class pkinit(Object):
-    """
-    PKINIT Options
-    """
-    object_name = _('pkinit')
-
-    label=_('PKINIT')
-
-
-def valid_arg(ugettext, action):
-    """
-    Accepts only Enable/Disable.
-    """
-    a = action.lower()
-    if a != 'enable' and a != 'disable':
-        raise errors.ValidationError(
-            name='action',
-            error=_('Unknown command %s') % action
-        )
-
-@register()
-class pkinit_anonymous(Command):
-    __doc__ = _('Enable or Disable Anonymous PKINIT.')
-
-    princ_name = 'WELLKNOWN/ANONYMOUS@%s' % api.env.realm
-    default_dn = DN(('krbprincipalname', princ_name), ('cn', api.env.realm), ('cn', 'kerberos'), api.env.basedn)
-
-    takes_args = (
-        Str('action', valid_arg),
-    )
-
-    def execute(self, action, **options):
-        ldap = self.api.Backend.ldap2
-        set_lock = False
-        lock = None
-
-        entry_attrs = ldap.get_entry(self.default_dn, ['nsaccountlock'])
-
-        if 'nsaccountlock' in entry_attrs:
-            lock = entry_attrs['nsaccountlock'][0].lower()
-
-        if action.lower() == 'enable':
-            if lock == 'true':
-                set_lock = True
-                lock = None
-        elif action.lower() == 'disable':
-            if lock != 'true':
-                set_lock = True
-                lock = 'TRUE'
-
-        if set_lock:
-            entry_attrs['nsaccountlock'] = lock
-            ldap.update_entry(entry_attrs)
-
-        return dict(result=True)
-
-- 
2.1.0