diff options
| author | John Dennis <jdennis@redhat.com> | 2007-11-26 11:12:58 -0500 |
|---|---|---|
| committer | John Dennis <jdennis@redhat.com> | 2007-11-26 11:12:58 -0500 |
| commit | 4f33d674188268432b3d8ef0921be0de3e6c5ef7 (patch) | |
| tree | 33b12899754006b63821952815272ef156c4f39c /ipa-python/radius_util.py | |
| parent | 2c2069d3ec48aa4a2c32ac580726b5759ebef553 (diff) | |
| download | freeipa-4f33d674188268432b3d8ef0921be0de3e6c5ef7.tar.gz freeipa-4f33d674188268432b3d8ef0921be0de3e6c5ef7.tar.xz freeipa-4f33d674188268432b3d8ef0921be0de3e6c5ef7.zip | |
remove radius_client.py, move contents to radius_util.py
Diffstat (limited to 'ipa-python/radius_util.py')
| -rw-r--r-- | ipa-python/radius_util.py | 148 |
1 files changed, 147 insertions, 1 deletions
diff --git a/ipa-python/radius_util.py b/ipa-python/radius_util.py index caa72e3a0..24eb949ab 100644 --- a/ipa-python/radius_util.py +++ b/ipa-python/radius_util.py @@ -21,9 +21,12 @@ import sys import os import re import ldap +import getpass import ldap.filter from ipa import ipautil +from ipa.entity import Entity +import ipa.ipavalidate as ipavalidate __all__ = [ @@ -37,6 +40,9 @@ __all__ = [ 'RADIUSD_CONF_TEMPLATE_FILEPATH', 'RADIUSD', + 'RadiusClient', + 'RadiusProfile', + 'clients_container', 'radius_clients_basedn', 'radius_client_filter', @@ -54,7 +60,15 @@ __all__ = [ 'radius_profile_attr_to_ldap_attr', 'read_pairs_file', -] + + 'get_secret', + 'validate_ip_addr', + 'validate_secret', + 'validate_name', + 'validate_nastype', + 'validate_desc', + 'validate', + ] #------------------------------------------------------------------------------ @@ -73,6 +87,35 @@ RADIUSD = '/usr/sbin/radiusd' #------------------------------------------------------------------------------ +dotted_octet_re = re.compile(r"^(\d+)\.(\d+)\.(\d+)\.(\d+)(/(\d+))?$") +dns_re = re.compile(r"^[a-zA-Z][a-zA-Z0-9.-]+$") +# secret, name, nastype all have 31 char max in freeRADIUS, max ip address len is 255 +valid_secret_len = (1,31) +valid_name_len = (1,31) +valid_nastype_len = (1,31) +valid_ip_addr_len = (1,255) + +valid_ip_addr_msg = '''\ +IP address must be either a DNS name (letters,digits,dot,hyphen, beginning with +a letter),or a dotted octet followed by an optional mask (e.g 192.168.1.0/24)''' + +valid_desc_msg = "Description must text string" + +#------------------------------------------------------------------------------ + +class RadiusClient(Entity): + + def __init2__(self): + pass + +class RadiusProfile(Entity): + + def __init2__(self): + pass + + +#------------------------------------------------------------------------------ + def reverse_map_dict(src_dict): reverse_dict = {} @@ -232,3 +275,106 @@ def get_ldap_attr_translations(): #for k,v in ldap_attr_to_radius_attr.items(): # print '%s --> %s' % (k,v) +def get_secret(): + valid = False + while (not valid): + secret = getpass.getpass("Enter Secret: ") + confirm = getpass.getpass("Confirm Secret: ") + if (secret != confirm): + print "Secrets do not match" + continue + valid = True + return secret + +#------------------------------------------------------------------------------ + +def valid_ip_addr(text): + + # is it a dotted octet? If so there should be 4 integers seperated + # by a dot and each integer should be between 0 and 255 + # there may be an optional mask preceded by a slash (e.g. 1.2.3.4/24) + match = dotted_octet_re.search(text) + if match: + # dotted octet notation + i = 1 + while i <= 4: + octet = int(match.group(i)) + if octet > 255: return False + i += 1 + if match.group(5): + mask = int(match.group(6)) + if mask <= 32: + return True + else: + return False + return True + else: + # DNS name, can contain letters, numbers, dot and hypen, must start with a letter + if dns_re.search(text): return True + return False + +def validate_length(value, limits): + length = len(value) + if length < limits[0] or length > limits[1]: + return False + return True + +def valid_length_msg(name, limits): + return "%s length must be at least %d and not more than %d" % (name, limits[0], limits[1]) + +def err_msg(variable, variable_name=None): + if variable_name is None: variable_name = 'value' + print "ERROR: %s = %s" % (variable_name, variable) + +#------------------------------------------------------------------------------ + +def validate_ip_addr(ip_addr, variable_name=None): + if not validate_length(ip_addr, valid_ip_addr_len): + err_msg(ip_addr, variable_name) + print valid_length_msg('ip address', valid_ip_addr_len) + return False + if not valid_ip_addr(ip_addr): + err_msg(ip_addr, variable_name) + print valid_ip_addr_msg + return False + return True + +def validate_secret(secret, variable_name=None): + if not validate_length(secret, valid_secret_len): + err_msg(secret, variable_name) + print valid_length_msg('secret', valid_secret_len) + return False + return True + +def validate_name(name, variable_name=None): + if not validate_length(name, valid_name_len): + err_msg(name, variable_name) + print valid_length_msg('name', valid_name_len) + return False + return True + +def validate_nastype(nastype, variable_name=None): + if not validate_length(nastype, valid_nastype_len): + err_msg(nastype, variable_name) + print valid_length_msg('NAS Type', valid_nastype_len) + return False + return True + +def validate_desc(desc, variable_name=None): + if ipavalidate.plain(desc, notEmpty=True) != 0: + print valid_desc_msg + return False + return True + +def validate(attribute, value): + if attribute == 'Client-IP-Address': + return validate_ip_addr(value, attribute) + if attribute == 'Secret': + return validate_secret(value, attribute) + if attribute == 'NAS-Type': + return validate_nastype(value, attribute) + if attribute == 'Name': + return validate_name(value, attribute) + if attribute == 'Description': + return validate_desc(value, attribute) + return True |