Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement %anaconda kickstart section for pwpolicy
pwpolicy only applies to the installer. This adds an %anaconda section to kickstart to use with installer specific commands. Add pwpolicy command to control UI password settings This command allows the user to specify what policies to apply to the different password entries. eg. pwpolicy root --minlen=10 --minquality=60 --strict --noempty --nochange The policy names are set by anaconda, pykickstart just checks for its presence. The arguments are: --minlen minimum password length --minquality minumum pwquality value --strict/nostrict Whether to allow weak passwords via the double done button method. --empty/notempty Allow empty passwords --changesok/nochanges Allow passwords to be changed if set in kickstart. This also adds %anaconda to interactive-defaults.ks matching the default object values. Users can override by replacing /usr/share/anaconda/interactive-defaults.ks on the installer media or kickstart users can include their own %anaconda section.
- Loading branch information
Showing
8 changed files
with
270 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,140 @@ | ||
# | ||
# Brian C. Lane <bcl@redhat.com> | ||
# | ||
# Copyright 2015 Red Hat, Inc. | ||
# | ||
# This copyrighted material is made available to anyone wishing to use, modify, | ||
# copy, or redistribute it subject to the terms and conditions of the GNU | ||
# General Public License v.2. This program is distributed in the hope that it | ||
# will be useful, but WITHOUT ANY WARRANTY expressed or implied, including the | ||
# implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | ||
# See the GNU General Public License for more details. | ||
# | ||
# You should have received a copy of the GNU General Public License along with | ||
# this program; if not, write to the Free Software Foundation, Inc., 51 | ||
# Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Any Red Hat | ||
# trademarks that are incorporated in the source code or documentation are not | ||
# subject to the GNU General Public License and may only be used or replicated | ||
# with the express permission of Red Hat, Inc. | ||
# | ||
from pykickstart.base import BaseData, KickstartCommand | ||
from pykickstart.errors import KickstartValueError, formatErrorMsg | ||
from pykickstart.options import KSOptionParser | ||
|
||
import warnings | ||
from pyanaconda.i18n import _ | ||
|
||
class F22_PwPolicyData(BaseData): | ||
""" Kickstart Data object to hold information about pwpolicy. """ | ||
removedKeywords = BaseData.removedKeywords | ||
removedAttrs = BaseData.removedAttrs | ||
|
||
def __init__(self, *args, **kwargs): | ||
BaseData.__init__(self, *args, **kwargs) | ||
self.name = kwargs.get("name", "") | ||
self.minlen = kwargs.get("minlen", 8) | ||
self.minquality = kwargs.get("minquality", 50) | ||
self.strict = kwargs.get("strict", True) | ||
self.changesok = kwargs.get("changesok", False) | ||
self.emptyok = kwargs.get("emptyok", True) | ||
|
||
def __eq__(self, y): | ||
if not y: | ||
return False | ||
|
||
return self.name == y.name | ||
|
||
def __ne__(self, y): | ||
return not self == y | ||
|
||
def __str__(self): | ||
retval = BaseData.__str__(self) | ||
|
||
if self.name != "": | ||
retval += "pwpolicy" | ||
retval += self._getArgsAsStr() + "\n" | ||
|
||
return retval | ||
|
||
def _getArgsAsStr(self): | ||
retval = "" | ||
|
||
retval += " %s" % self.name | ||
retval += " --minlen=%d" % self.minlen | ||
retval += " --minquality=%d" % self.minquality | ||
|
||
if self.strict: | ||
retval += " --strict" | ||
else: | ||
retval += " --notstrict" | ||
if self.changesok: | ||
retval += " --changesok" | ||
else: | ||
retval += " --nochanges" | ||
if self.emptyok: | ||
retval += " --emptyok" | ||
else: | ||
retval += " --notempty" | ||
|
||
return retval | ||
|
||
class F22_PwPolicy(KickstartCommand): | ||
""" Kickstart command implementing password policy. """ | ||
removedKeywords = KickstartCommand.removedKeywords | ||
removedAttrs = KickstartCommand.removedAttrs | ||
|
||
def __init__(self, writePriority=0, *args, **kwargs): | ||
KickstartCommand.__init__(self, writePriority, *args, **kwargs) | ||
self.op = self._getParser() | ||
|
||
self.policyList = kwargs.get("policyList", []) | ||
|
||
def __str__(self): | ||
retval = "" | ||
for policy in self.policyList: | ||
retval += policy.__str__() | ||
|
||
return retval | ||
|
||
def _getParser(self): | ||
op = KSOptionParser() | ||
op.add_option("--minlen", type="int") | ||
op.add_option("--minquality", type="int") | ||
op.add_option("--strict", action="store_true") | ||
op.add_option("--notstrict", dest="strict", action="store_false") | ||
op.add_option("--changesok", action="store_true") | ||
op.add_option("--nochanges", dest="changesok", action="store_false") | ||
op.add_option("--emptyok", action="store_true") | ||
op.add_option("--notempty", dest="emptyok", action="store_false") | ||
return op | ||
|
||
def parse(self, args): | ||
(opts, extra) = self.op.parse_args(args=args, lineno=self.lineno) | ||
if len(extra) != 1: | ||
raise KickstartValueError(formatErrorMsg(self.lineno, msg=_("policy name required for %s") % "pwpolicy")) | ||
|
||
pd = self.handler.PwPolicyData() | ||
self._setToObj(self.op, opts, pd) | ||
pd.lineno = self.lineno | ||
pd.name = extra[0] | ||
|
||
# Check for duplicates in the data list. | ||
if pd in self.dataList(): | ||
warnings.warn(_("A %s with the name %s has already been defined.") % ("pwpolicy", pd.name)) | ||
|
||
return pd | ||
|
||
def dataList(self): | ||
return self.policyList | ||
|
||
def get_policy(self, name): | ||
""" Get the policy by name | ||
:param str name: Name of the policy to return. | ||
""" | ||
policy = [p for p in self.policyList if p.name == name] | ||
if policy: | ||
return policy[0] | ||
else: | ||
return None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
# | ||
# Brian C. Lane <bcl@redhat.com> | ||
# | ||
# Copyright 2015 Red Hat, Inc. | ||
# | ||
# This copyrighted material is made available to anyone wishing to use, modify, | ||
# copy, or redistribute it subject to the terms and conditions of the GNU | ||
# General Public License v.2. This program is distributed in the hope that it | ||
# will be useful, but WITHOUT ANY WARRANTY expressed or implied, including the | ||
# implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | ||
# See the GNU General Public License for more details. | ||
# | ||
# You should have received a copy of the GNU General Public License along with | ||
# this program; if not, write to the Free Software Foundation, Inc., 51 | ||
# Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Any Red Hat | ||
# trademarks that are incorporated in the source code or documentation are not | ||
# subject to the GNU General Public License and may only be used or replicated | ||
# with the express permission of Red Hat, Inc. | ||
# | ||
from mock import Mock | ||
import unittest | ||
|
||
class BaseTestCase(unittest.TestCase): | ||
def setUp(self): | ||
import sys | ||
|
||
sys.modules["anaconda_log"] = Mock() | ||
sys.modules["block"] = Mock() | ||
|
||
from pyanaconda import kickstart | ||
self.kickstart = kickstart | ||
self.handler = kickstart.AnacondaKSHandler() | ||
self.ksparser = kickstart.AnacondaKSParser(self.handler) | ||
|
||
class PwPolicyTestCase(BaseTestCase): | ||
ks = """ | ||
%anaconda | ||
pwpolicy root --strict --minlen=8 --minquality=50 --nochanges --emptyok | ||
pwpolicy user --strict --minlen=8 --minquality=50 --nochanges --emptyok | ||
pwpolicy luks --strict --minlen=8 --minquality=50 --nochanges --emptyok | ||
%end | ||
""" | ||
def pwpolicy_test(self): | ||
self.ksparser.readKickstartFromString(self.ks) | ||
|
||
self.assertIsInstance(self.handler, self.kickstart.AnacondaKSHandler) | ||
self.assertIsInstance(self.handler.anaconda, self.kickstart.AnacondaSectionHandler) | ||
|
||
eq_template = "pwpolicy %s --minlen=8 --minquality=50 --strict --nochanges --emptyok\n" | ||
for name in ["root", "user", "luks"]: | ||
self.assertEqual(str(self.handler.anaconda.pwpolicy.get_policy(name)), eq_template % name) # pylint: disable=no-member |