websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 4.3.1

Browse Source
This commit is contained in:
Mario Fetka
2021-08-10 02:37:58 +02:00
parent a791de49a2
commit 2f177da8f2
2056 changed files with 421730 additions and 1668138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
install/migration/migration.py
View File

@@ -19,51 +19,45 @@
"""
Password migration script
"""
from __future__ import absolute_import
import cgi
import errno
import logging
import os.path
from wsgiref.util import request_uri
from ipaplatform.paths import paths
from ipapython.ipa_log_manager import root_logger
from ipapython.dn import DN
from ipapython import ipaldap
from ipapython.ipaldap import IPAdmin
from ipalib import errors, create_api
from ipaplatform.paths import paths
logger = logging.getLogger(os.path.basename(__file__))
def bad_request(start_response):
"""
Return a 400 Bad Request error.
"""
status = '400 Bad Request'
response_headers = []
response = b''
start_response(status, response_headers)
return [response]
def wsgi_redirect(start_response, loc):
start_response('302 Found', [('Location', loc)])
return []
def get_ui_url(environ):
full_url = request_uri(environ)
index = full_url.rfind(environ.get('SCRIPT_NAME',''))
if index == -1:
raise ValueError('Cannot strip the script URL from full URL "%s"' % full_url)
return full_url[:index] + "/ipa/ui"
def bind(ldap_uri, base_dn, username, password):
if not base_dn:
logger.error('migration unable to get base dn')
root_logger.error('migration unable to get base dn')
raise IOError(errno.EIO, 'Cannot get Base DN')
bind_dn = DN(('uid', username), ('cn', 'users'), ('cn', 'accounts'), base_dn)
try:
conn = ipaldap.LDAPClient(ldap_uri)
conn.simple_bind(bind_dn, password)
conn = IPAdmin(ldap_uri=ldap_uri)
conn.do_simple_bind(bind_dn, password)
except (errors.ACIError, errors.DatabaseError, errors.NotFound) as e:
logger.error(
'migration invalid credentials for %s: %s', bind_dn, e)
root_logger.error(
'migration invalid credentials for %s: %s' % (bind_dn, e))
raise IOError(
errno.EPERM, 'Invalid LDAP credentials for user %s' % username)
except Exception as e:
logger.error('migration bind failed: %s', e)
root_logger.error('migration bind failed: %s' % e)
raise IOError(errno.EIO, 'Bind error')
finally:
conn.unbind()
@@ -73,32 +67,21 @@ def application(environ, start_response):
if environ.get('REQUEST_METHOD', None) != 'POST':
return wsgi_redirect(start_response, 'index.html')
content_type = environ.get('CONTENT_TYPE', '').lower()
if not content_type.startswith('application/x-www-form-urlencoded'):
return bad_request(start_response)
form_data = cgi.FieldStorage(fp=environ['wsgi.input'], environ=environ)
if 'username' not in form_data or 'password' not in form_data:
return bad_request(start_response)
status = '200 Success'
response_headers = []
result = 'error'
response = b''
return wsgi_redirect(start_response, 'invalid.html')
# API object only for configuration, finalize() not needed
api = create_api(mode=None)
api.bootstrap(context='server', confdir=paths.ETC_IPA, in_server=True)
api.bootstrap(context='server', in_server=True)
try:
bind(api.env.ldap_uri, api.env.basedn,
form_data['username'].value, form_data['password'].value)
except IOError as err:
if err.errno == errno.EPERM:
result = 'invalid-password'
return wsgi_redirect(start_response, 'invalid.html')
if err.errno == errno.EIO:
result = 'migration-error'
else:
result = 'ok'
response_headers.append(('X-IPA-Migrate-Result', result))
start_response(status, response_headers)
return [response]
return wsgi_redirect(start_response, 'error.html')
ui_url = get_ui_url(environ)
return wsgi_redirect(start_response, ui_url)