Migrate to kerberos module
parent
a097e314a0
commit
ee8ca0e1e6
|
|
@ -6,8 +6,7 @@ Flask-WTF==0.13.1
|
|||
itsdangerous==0.24
|
||||
Jinja2==2.8
|
||||
MarkupSafe==0.23
|
||||
python-kadmin==0.1.2
|
||||
python-kadmin-local==0.1.2
|
||||
kerberos==1.3.0
|
||||
python-ldap==2.4.28
|
||||
pytz==2016.10
|
||||
Werkzeug==0.11.11
|
||||
|
|
|
|||
|
|
@ -2,12 +2,8 @@
|
|||
{% block content %}
|
||||
<form action="" method="POST" class="form-signin">
|
||||
<h2>Password Change</h2>
|
||||
{% if need_current %}
|
||||
<label for="current" class="sr-only">Current password</label>
|
||||
<input type="password" name="current" class="form-control" placeholder="Current password" required>
|
||||
{% else %}
|
||||
<input type="hidden" name="current" value="hidden">
|
||||
{% endif %}
|
||||
<label for="new" class="sr-only">New password</label>
|
||||
<input type="password" name="new" class="form-control" placeholder="New password" required>
|
||||
<label for="confirm" class="sr-only">Confirm password</label>
|
||||
|
|
|
|||
|
|
@ -1,16 +1,17 @@
|
|||
#!/usr/bin/env python2
|
||||
# -*- coding: utf-8 -*-
|
||||
import logging
|
||||
import urllib
|
||||
import functools
|
||||
|
||||
import ldap
|
||||
import kerberos
|
||||
|
||||
import flask
|
||||
import flask_wtf
|
||||
|
||||
from webapp import app, context, config, validation
|
||||
|
||||
if config.kadmin_passwd:
|
||||
import kadmin
|
||||
|
||||
lpk_templates = {
|
||||
'add': 'keys/upload_key.html',
|
||||
|
|
@ -140,23 +141,20 @@ def _passwd_ldap(current, new):
|
|||
def _passwd_kadmin(current, new):
|
||||
username = flask.session.get('username')
|
||||
try:
|
||||
kadm = kadmin.init_with_keytab(config.kadmin_principal, config.kadmin_keytab)
|
||||
principal_name = config.kadmin_principal_map.format(username)
|
||||
principal = kadm.get_principal(principal_name)
|
||||
principal.change_password(new)
|
||||
return True
|
||||
return kerberos.changePassword(principal_name, current, new)
|
||||
except Exception as e:
|
||||
print e
|
||||
logging.exception('kpasswd failed')
|
||||
return False
|
||||
|
||||
@app.route('/passwd', methods=["POST"])
|
||||
@login_required
|
||||
def passwd_action():
|
||||
need_current = not config.kadmin_passwd
|
||||
current, new, confirm = (flask.request.form[n] for n in ('current', 'new', 'confirm'))
|
||||
if new != confirm:
|
||||
flask.flash(u"New passwords don't match", category='danger')
|
||||
return flask.render_template('passwd.html', need_current=need_current)
|
||||
return flask.render_template('passwd.html')
|
||||
|
||||
result = False
|
||||
if config.kadmin_passwd:
|
||||
|
|
@ -168,7 +166,7 @@ def passwd_action():
|
|||
flask.flash(u'Password changed', category='info')
|
||||
else:
|
||||
flask.flash(u'Wrong password', category='danger')
|
||||
return flask.render_template('passwd.html', need_current=need_current)
|
||||
return flask.render_template('passwd.html')
|
||||
|
||||
@app.route('/keys')
|
||||
@login_required
|
||||
|
|
|
|||
Loading…
Reference in New Issue