From 62b7d72f65ab8ac90a62486bb170133755764bc7 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Wed, 22 May 2013 09:40:39 +0200 Subject: [PATCH 1002/1006] Remove pkinit plugin This patch completely removes any signs of pkinit in the IPA package. It should be used only as addition to the first patch attached to the ticket. Rebased patch by Jan Zeleny and Rob Crittenden. https://fedorahosted.org/freeipa/ticket/616 --- API.txt | 5 --- ipalib/plugins/pkinit.py | 101 ----------------------------------------------- 2 files changed, 106 deletions(-) delete mode 100644 ipalib/plugins/pkinit.py diff --git a/API.txt b/API.txt index 5418f31dc8d936ee629155aff08c05577cf9c4ee..ec5b3c9f6459e048c516a64dbab2396306fa6a72 100644 --- a/API.txt +++ b/API.txt @@ -2336,11 +2336,6 @@ command: ping args: 0,1,1 option: Str('version?', exclude='webui') output: Output('summary', (, ), None) -command: pkinit_anonymous -args: 1,1,1 -arg: Str('action') -option: Str('version?', exclude='webui') -output: Output('result', None, None) command: plugins args: 0,3,3 option: Flag('all', autofill=True, cli_name='all', default=True, exclude='webui') diff --git a/ipalib/plugins/pkinit.py b/ipalib/plugins/pkinit.py deleted file mode 100644 index 981e411df520e175fa88f1de02a4eae36d687ede..0000000000000000000000000000000000000000 --- a/ipalib/plugins/pkinit.py +++ /dev/null @@ -1,101 +0,0 @@ -# Authors: -# Simo Sorce -# -# Copyright (C) 2010 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -from ipalib import api, errors -from ipalib import Int, Str -from ipalib import Object, Command -from ipalib import _ -from ipapython.dn import DN - -__doc__ = _(""" -Kerberos pkinit options - -Enable or disable anonymous pkinit using the principal -WELLKNOWN/ANONYMOUS@REALM. The server must have been installed with -pkinit support. - -EXAMPLES: - - Enable anonymous pkinit: - ipa pkinit-anonymous enable - - Disable anonymous pkinit: - ipa pkinit-anonymous disable - -For more information on anonymous pkinit see: - -http://k5wiki.kerberos.org/wiki/Projects/Anonymous_pkinit -""") - -class pkinit(Object): - """ - PKINIT Options - """ - object_name = _('pkinit') - - label=_('PKINIT') - -api.register(pkinit) - -def valid_arg(ugettext, action): - """ - Accepts only Enable/Disable. - """ - a = action.lower() - if a != 'enable' and a != 'disable': - raise errors.ValidationError( - name='action', - error=_('Unknown command %s') % action - ) - -class pkinit_anonymous(Command): - __doc__ = _('Enable or Disable Anonymous PKINIT.') - - princ_name = 'WELLKNOWN/ANONYMOUS@%s' % api.env.realm - default_dn = DN(('krbprincipalname', princ_name), ('cn', api.env.realm), ('cn', 'kerberos'), api.env.basedn) - - takes_args = ( - Str('action', valid_arg), - ) - - def execute(self, action, **options): - ldap = self.api.Backend.ldap2 - set_lock = False - lock = None - - (dn, entry_attrs) = ldap.get_entry(self.default_dn, ['nsaccountlock']) - - if 'nsaccountlock' in entry_attrs: - lock = entry_attrs['nsaccountlock'][0].lower() - - if action.lower() == 'enable': - if lock == 'true': - set_lock = True - lock = None - elif action.lower() == 'disable': - if lock != 'true': - set_lock = True - lock = 'TRUE' - - if set_lock: - ldap.update_entry(dn, {'nsaccountlock':lock}) - - return dict(result=True) - -api.register(pkinit_anonymous) -- 1.8.3.1