/usr/lib/python2.7/dist-packages/ipaserver/plugins/whoami.py is in python-ipaserver 4.7.0~pre1+git20180411-2ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 | #
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
#
import six
from ipalib import api, Command, errors, output, Str
from ipalib import _
from ipapython.dn import DN
from ipalib.plugable import Registry
from .idviews import DEFAULT_TRUST_VIEW_NAME
if six.PY3:
unicode = str
__doc__ = _("""
Return information about currently authenticated identity
Who am I command returns information on how to get
more details about the identity authenticated for this
request. The information includes:
* type of object
* command to retrieve details of the object
* arguments and options to pass to the command
The information is returned as a dictionary. Examples below use
'key: value' output for illustrative purposes.
EXAMPLES:
Look up as IPA user:
kinit admin
ipa console
>> api.Command.whoami()
------------------------------------------
object: user
command: user_show/1
arguments: admin
------------------------------------------
Look up as a user from a trusted domain:
kinit user@AD.DOMAIN
ipa console
>> api.Command.whoami()
------------------------------------------
object: idoverrideuser
command: idoverrideuser_show/1
arguments: ('default trust view', 'user@ad.domain')
------------------------------------------
Look up as a host:
kinit -k
ipa console
>> api.Command.whoami()
------------------------------------------
object: host
command: host_show/1
arguments: ipa.example.com
------------------------------------------
Look up as a Kerberos service:
kinit -k -t /path/to/keytab HTTP/ipa.example.com
ipa console
>> api.Command.whoami()
------------------------------------------
object: service
command: service_show/1
arguments: HTTP/ipa.example.com
------------------------------------------
""")
register = Registry()
@register()
class whoami(Command):
__doc__ = _('Describe currently authenticated identity.')
NO_CLI = True
output_params = (
Str('object', label=_('Object class name')),
Str('command', label= _('Function to get details')),
Str('arguments*', label=_('Arguments to details function')),
)
has_output = (
output.Output('object', unicode, _('Object class name')),
output.Output('command', unicode, _('Function to get details')),
output.Output('arguments', (list, tuple),
_('Arguments to details function')),
)
def execute(self, **options):
"""
Retrieve the DN we are authenticated as to LDAP and find bindable IPA
object that handles the container where this DN belongs to. Then report
details about this object.
"""
exceptions = {
'idoverrideuser': (DN("cn={0}".format(DEFAULT_TRUST_VIEW_NAME)),
DEFAULT_TRUST_VIEW_NAME, 'ipaOriginalUid'),
}
ldap = api.Backend.ldap2
# whoami_s() call returns a string 'dn: <actual DN value>'
# We also reject ldapi-as-root connections as DM is a virtual object
dn = DN(ldap.conn.whoami_s()[4:])
if dn == DN('cn=Directory Manager'):
raise errors.NotFound(
reason=_('Cannot query Directory Manager with API'))
entry = ldap.get_entry(dn)
o_name = None
o_func = None
o_args = []
for o in api.Object():
if not getattr(o, 'bindable', None):
continue
container = getattr(o, 'container_dn', None)
if container is None:
continue
# Adjust container for exception two-level objects
if o.name in exceptions:
container = exceptions[o.name][0] + container
if dn.find(container + api.env.basedn) == 1:
# We found exact container this DN belongs to
o_name = unicode(o.name)
o_args = [unicode(entry.single_value.get(o.primary_key.name))]
o_func = unicode(o.methods.show.full_name)
if o.name in exceptions:
o_args = [unicode(exceptions[o.name][1]),
unicode(entry.single_value.get(
exceptions[o.name][2]))]
break
return {'object': o_name, 'command': o_func, 'arguments': o_args}
|