From: Frank Brehm Date: Thu, 19 May 2022 14:16:52 +0000 (+0200) Subject: Reading password from console or from password file, if necessary. X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=e85ed1176b8321f9447f3fac4d366ccc22565510;p=pixelpark%2Fpp-admin-tools.git Reading password from console or from password file, if necessary. --- diff --git a/lib/pp_admintools/ldap_app.py b/lib/pp_admintools/ldap_app.py index d699fb2..fc426be 100644 --- a/lib/pp_admintools/ldap_app.py +++ b/lib/pp_admintools/ldap_app.py @@ -10,6 +10,7 @@ from __future__ import absolute_import # Standard modules import logging import os +import sys try: from pathlib import Path @@ -35,7 +36,7 @@ from .ldap_config import LdapConnectionInfo, LdapConfiguration # rom .ldap_config import DEFAULT_PORT_LDAP, DEFAULT_PORT_LDAPS from .ldap_config import DEFAULT_TIMEOUT -__version__ = '0.2.1' +__version__ = '0.2.2' LOG = logging.getLogger(__name__) _ = XLATOR.gettext @@ -56,6 +57,7 @@ class BaseLdapApplication(FbConfigApplication): use_default_ldap_connection = True show_cmdline_ldap_timeout = True + show_cmdline_ldap_instance = True # ------------------------------------------------------------------------- def __init__( @@ -65,6 +67,7 @@ class BaseLdapApplication(FbConfigApplication): config_dir=DEFAULT_CONFIG_DIR): self._password_file = None + self._ldap_instance = 'default' super(BaseLdapApplication, self).__init__( appname=appname, verbose=verbose, version=version, base_dir=base_dir, @@ -101,6 +104,37 @@ class BaseLdapApplication(FbConfigApplication): self._password_file = path + # ----------------------------------------------------------- + @property + def ldap_instance(self): + """This is the name of the active LDAP instance, found in configuration, + used for LDAP actions, if no other instance is given anyhow. + """ + return self._ldap_instance + + @ldap_instance.setter + def ldap_instance(self, value): + + if value is None: + msg = _("The name of the active LDAP connection must not be None.") + raise TypeError(msg) + + v = str(value).strip() + if value == '': + msg = _("The name of the active LDAP connection must not be empty.") + raise ValueError(msg) + + # Use the new value only, if there is an existent configuration + if hasattr(self, 'cfg') and self.cfg and self.cfg.ldap_connection: + if v in self.cfg.ldap_connection: + self._ldap_instance = v + else: + msg = _("LDAP connection {!r} was not found in configuration.").format(value) + if self.cfg.was_read: + raise LdapAppError(msg) + elif self.verbose > 1: + LOG.debug(msg) + # ------------------------------------------------------------------------- def as_dict(self, short=True): """ @@ -116,7 +150,9 @@ class BaseLdapApplication(FbConfigApplication): res = super(BaseLdapApplication, self).as_dict(short=short) res['password_file'] = self.password_file + res['ldap_instance'] = self.ldap_instance res['show_cmdline_ldap_timeout'] = self.show_cmdline_ldap_timeout + res['show_cmdline_ldap_instance'] = self.show_cmdline_ldap_instance res['use_default_ldap_connection'] = self.use_default_ldap_connection return res @@ -197,6 +233,16 @@ class BaseLdapApplication(FbConfigApplication): help=_("Use contents of PASSWORD_FILE as the password for simple authentication."), ) + if self.show_cmdline_ldap_instance: + + ldap_group.add_argument( + '-I', '--ldap-instance', metavar=_("INSTANCE_NAME"), dest="ldap_instance", + help=_( + "The name of the configured LDAP instance to use for all actions, " + "which should be executed with the default LDAP instance. " + "Default: {!r}").format(self.ldap_instance), + ) + if self.show_cmdline_ldap_timeout: self.arg_parser.add_argument( '-T', '--timeout', metavar=_('SECONDS'), dest="ldap_timeout", @@ -223,6 +269,18 @@ class BaseLdapApplication(FbConfigApplication): super(BaseLdapApplication, self).post_init() + if self.verbose > 1: + LOG.debug(_("{} phase of a LDAP app.").format('Post init')) + + v = getattr(self.args, 'ldap_instance', None) + if v: + try: + self.ldap_instance = v + except LdapAppError as e: + LOG.error(str(e)) + self.arg_parser.print_usage(sys.stderr) + self.exit(1) + if not self.use_default_ldap_connection: return @@ -266,6 +324,37 @@ class BaseLdapApplication(FbConfigApplication): if v: self.cfg.ldap_timeout = v + pw_file = getattr(self.args, 'ldap_pw_file', None) + if pw_file: + self.password_file = pw_file + + # ------------------------------------------------------------------------- + def pre_run(self): + + super(BaseLdapApplication, self).pre_run() + + if self.verbose > 1: + LOG.debug(_("{} phase of a LDAP app.").format('Pre run')) + + ldap_pw_prompt = getattr(self.args, 'ldap_pw_prompt', False) + if ldap_pw_prompt: + ldap_pw = self.get_secret(_('password of default Bind DN'), _("Bind password")) + if ldap_pw: + self.cfg.ldap_connection['default'].bind_pw = ldap_pw + + if self.password_file: + LOG.debug(_("Reading password file {!r} ...").format(str(self.password_file))) + file_content = self.password_file.read_text( + encoding=self.cfg.encoding, errors='surrogateescape') + first_line = file_content.splitlines()[0].rstrip() + if first_line == '': + msg = _("Did not found valid content in password file {!r}.").format( + str(self.password_file)) + LOG.error(msg) + self.arg_parser.print_usage(sys.stderr) + self.exit(1) + self.cfg.ldap_connection['default'].bind_pw = first_line + # ============================================================================= if __name__ == "__main__":