diff options
author | John Dennis <jdennis@redhat.com> | 2007-11-28 07:49:07 -0500 |
---|---|---|
committer | John Dennis <jdennis@redhat.com> | 2007-11-28 07:49:07 -0500 |
commit | 904b76059cec667a9c155021c8e33ce1dbf2b389 (patch) | |
tree | c2f9d8ed6a2f84427dd494d3814cac77c29a34f0 /ipa-python | |
parent | c939c5d289daaf4c855caa2a6816e7eeba7e2661 (diff) | |
parent | 2e7f629d913d775cfb285ede166d7a0f977782fe (diff) | |
download | freeipa-904b76059cec667a9c155021c8e33ce1dbf2b389.tar.gz freeipa-904b76059cec667a9c155021c8e33ce1dbf2b389.tar.xz freeipa-904b76059cec667a9c155021c8e33ce1dbf2b389.zip |
merged radius work with latest mainline tip
Diffstat (limited to 'ipa-python')
-rw-r--r-- | ipa-python/aci.py | 10 | ||||
-rwxr-xr-x | ipa-python/ipa-python.spec (renamed from ipa-python/freeipa-python.spec) | 11 | ||||
-rwxr-xr-x | ipa-python/ipa-python.spec.in (renamed from ipa-python/freeipa-python.spec.in) | 9 | ||||
-rw-r--r-- | ipa-python/ipaclient.py | 68 | ||||
-rw-r--r-- | ipa-python/ipaerror.py | 15 | ||||
-rw-r--r-- | ipa-python/ipautil.py | 13 | ||||
-rw-r--r-- | ipa-python/rpcclient.py | 145 | ||||
-rw-r--r-- | ipa-python/setup.py | 2 |
8 files changed, 247 insertions, 26 deletions
diff --git a/ipa-python/aci.py b/ipa-python/aci.py index 60e19075a..d35da8dab 100644 --- a/ipa-python/aci.py +++ b/ipa-python/aci.py @@ -37,6 +37,16 @@ class ACI: if acistr is not None: self.parse_acistr(acistr) + def __getitem__(self,key): + """Fake getting attributes by key for sorting""" + if key == 0: + return self.name + if key == 1: + return self.source_group + if key == 2: + return self.dest_group + raise TypeError("Unknown key value %s" % key) + def export_to_string(self): """Converts the ACI to a string suitable for an LDAP aci attribute.""" attrs_str = ' || '.join(self.attrs) diff --git a/ipa-python/freeipa-python.spec b/ipa-python/ipa-python.spec index a84fb0fe2..2837a2832 100755 --- a/ipa-python/freeipa-python.spec +++ b/ipa-python/ipa-python.spec @@ -1,7 +1,7 @@ -Name: freeipa-python -Version: 0.4.1 +Name: ipa-python +Version: 0.5.0 Release: 1%{?dist} -Summary: FreeIPA authentication server +Summary: Ipa authentication server Group: System Environment/Base License: GPL @@ -17,7 +17,7 @@ Requires: PyKerberos %define pkgpythondir %{python_sitelib}/ipa %description -FreeIPA is a server for identity, policy, and audit. +Ipa is a server for identity, policy, and audit. %prep %setup -q @@ -38,6 +38,9 @@ rm -rf %{buildroot} %config(noreplace) %{_sysconfdir}/ipa/ipa.conf %changelog +* Wed Nov 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.5.0-1 +- Version bump for release and rename of rpm + * Thu Nov 1 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.1-1 - Version bump for release diff --git a/ipa-python/freeipa-python.spec.in b/ipa-python/ipa-python.spec.in index 0c46098ce..bd8ac0da6 100755 --- a/ipa-python/freeipa-python.spec.in +++ b/ipa-python/ipa-python.spec.in @@ -1,7 +1,7 @@ -Name: freeipa-python +Name: ipa-python Version: VERSION Release: 1%{?dist} -Summary: FreeIPA authentication server +Summary: Ipa authentication server Group: System Environment/Base License: GPL @@ -17,7 +17,7 @@ Requires: PyKerberos %define pkgpythondir %{python_sitelib}/ipa %description -FreeIPA is a server for identity, policy, and audit. +Ipa is a server for identity, policy, and audit. %prep %setup -q @@ -38,6 +38,9 @@ rm -rf %{buildroot} %config(noreplace) %{_sysconfdir}/ipa/ipa.conf %changelog +* Wed Nov 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.5.0-1 +- Version bump for release and rename of rpm + * Thu Nov 1 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.1-1 - Version bump for release diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py index 7a140308a..168f01d38 100644 --- a/ipa-python/ipaclient.py +++ b/ipa-python/ipaclient.py @@ -135,10 +135,14 @@ class IPAClient: return all_users - def get_add_schema(self): - """Prototype for the GUI. Specify in the directory fields to - be displayed and what data to get for new users.""" - result = self.transport.get_add_schema() + def get_custom_fields(self): + """Get custom user fields""" + result = self.transport.get_custom_fields() + return result + + def set_custom_fields(self, schema): + """Set custom user fields""" + result = self.transport.set_custom_fields(schema) return result def find_users(self, criteria, sattrs=None, searchlimit=0, timelimit=-1): @@ -174,10 +178,16 @@ class IPAClient: return result - def mark_user_deleted(self,uid): + def mark_user_active(self,uid): + """Set a user as active by uid.""" + + result = self.transport.mark_user_active(uid) + return result + + def mark_user_inactive(self,uid): """Set a user as inactive by uid.""" - result = self.transport.mark_user_deleted(uid) + result = self.transport.mark_user_inactive(uid) return result # Groups support @@ -332,6 +342,52 @@ class IPAClient: entries.append(user.User(e)) return entries + + def mark_group_active(self,cn): + """Set a group as active by cn.""" + + result = self.transport.mark_group_active(cn) + return result + + def mark_group_inactive(self,cn): + """Set a group as inactive by cn.""" + + result = self.transport.mark_group_inactive(cn) + return result + +# Configuration + + def get_ipa_config(self): + """Get the IPA configuration""" + result = self.transport.get_ipa_config() + return entity.Entity(result) + + def update_ipa_config(self, config): + """Updates the IPA configuration. + + config is an Entity object. + """ + result = self.transport.update_ipa_config(config.origDataDict(), config.toDict()) + return result + + def get_password_policy(self): + """Get the IPA password policy""" + result = self.transport.get_password_policy() + return entity.Entity(result) + + def update_password_policy(self, policy): + """Updates the IPA password policy. + + policy is an Entity object. + """ + result = self.transport.update_password_policy(policy.origDataDict(), policy.toDict()) + return result + + def add_service_principal(self, princ_name): + return self.transport.add_service_principal(princ_name) + + def get_keytab(self, princ_name): + return self.transport.get_keytab(princ_name) # radius support def get_radius_client_by_ip_addr(self, ip_addr, container=None, sattrs=None): diff --git a/ipa-python/ipaerror.py b/ipa-python/ipaerror.py index 0106132ca..5391b3fd4 100644 --- a/ipa-python/ipaerror.py +++ b/ipa-python/ipaerror.py @@ -28,6 +28,11 @@ class IPAError(exceptions.Exception): error.""" self.code = code self.message = message + # Fill this in as an empty LDAP error message so we don't have a lot + # of "if e.detail ..." everywhere + if detail is None: + detail = [] + detail.append({'desc':'','info':''}) self.detail = detail def __str__(self): @@ -118,6 +123,11 @@ LDAP_EMPTY_MODLIST = gen_error_code( 0x0006, "No modifications to be performed") +LDAP_NO_CONFIG = gen_error_code( + LDAP_CATEGORY, + 0x0007, + "IPA configuration not found") + # # Input errors (sample - replace me) # @@ -147,3 +157,8 @@ CONNECTION_GSSAPI_CREDENTIALS = gen_error_code( CONNECTION_CATEGORY, 0x0003, "GSSAPI Authorization error") + +CONNECTION_UNWILLING = gen_error_code( + CONNECTION_CATEGORY, + 0x0004, + "Account inactivated. Server is unwilling to perform.") diff --git a/ipa-python/ipautil.py b/ipa-python/ipautil.py index 9584f9289..5f7d396aa 100644 --- a/ipa-python/ipautil.py +++ b/ipa-python/ipautil.py @@ -23,8 +23,11 @@ import string import tempfile import logging import subprocess +from random import Random +from time import gmtime import os import stat +import socket import readline import traceback from types import * @@ -39,7 +42,6 @@ def realm_to_suffix(realm_name): terms = ["dc=" + x.lower() for x in s] return ",".join(terms) - def template_str(txt, vars): return string.Template(txt).substitute(vars) @@ -334,6 +336,15 @@ def parse_generalized_time(timestr): except ValueError: return None +def ipa_generate_password(): + rndpwd = '' + r = Random() + r.seed(gmtime()) + for x in range(12): +# rndpwd += chr(r.randint(32,126)) + rndpwd += chr(r.randint(65,90)) #stricter set for testing + return rndpwd + def format_list(items, quote=None, page_width=80): '''Format a list of items formatting them so they wrap to fit the diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py index ed23015e1..6f039f9fa 100644 --- a/ipa-python/rpcclient.py +++ b/ipa-python/rpcclient.py @@ -218,23 +218,32 @@ class RPCClient: return ipautil.unwrap_binary_data(result) - def get_add_schema(self): - """Get the list of attributes we need to ask when adding a new - user. - """ + def get_custom_fields(self): + """Get custom user fields.""" server = self.setup_server() - # FIXME: Hardcoded and designed for the TurboGears GUI. Do we want - # this for the CLI as well? try: - result = server.get_add_schema() + result = server.get_custom_fields() except xmlrpclib.Fault, fault: raise ipaerror.gen_exception(fault.faultCode, fault.faultString) except socket.error, (value, msg): raise xmlrpclib.Fault(value, msg) return ipautil.unwrap_binary_data(result) - + + def set_custom_fields(self, schema): + """Set custom user fields.""" + server = self.setup_server() + + try: + result = server.set_custom_fields(schema) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + def get_all_users (self): """Return a list containing a User object for each existing user.""" @@ -309,12 +318,12 @@ class RPCClient: return result - def mark_user_deleted(self,uid): - """Mark a user as deleted/inactive""" + def mark_user_active(self,uid): + """Mark a user as active""" server = self.setup_server() try: - result = server.mark_user_deleted(uid) + result = server.mark_user_active(uid) except xmlrpclib.Fault, fault: raise ipaerror.gen_exception(fault.faultCode, fault.faultString) except socket.error, (value, msg): @@ -322,6 +331,20 @@ class RPCClient: return ipautil.unwrap_binary_data(result) + def mark_user_inactive(self,uid): + """Mark a user as inactive""" + server = self.setup_server() + + try: + result = server.mark_user_inactive(uid) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + # Group support def get_groups_by_member(self,member_dn,sattrs=None): @@ -592,6 +615,106 @@ class RPCClient: return ipautil.unwrap_binary_data(result) + def mark_group_active(self,cn): + """Mark a group as active""" + server = self.setup_server() + + try: + result = server.mark_group_active(cn) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + def mark_group_inactive(self,cn): + """Mark a group as inactive""" + server = self.setup_server() + + try: + result = server.mark_group_inactive(cn) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + +# Configuration support + + def get_ipa_config(self): + """Get the IPA configuration""" + server = self.setup_server() + try: + result = server.get_ipa_config() + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + def update_ipa_config(self, oldconfig, newconfig): + """Update the IPA configuration""" + server = self.setup_server() + try: + result = server.update_ipa_config(oldconfig, newconfig) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + def get_password_policy(self): + """Get the IPA password policy""" + server = self.setup_server() + try: + result = server.get_password_policy() + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + def update_password_policy(self, oldpolicy, newpolicy): + """Update the IPA password policy""" + server = self.setup_server() + try: + result = server.update_password_policy(oldpolicy, newpolicy) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + def add_service_principal(self, princ_name): + server = self.setup_server() + + try: + result = server.add_service_principal(princ_name) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + def get_keytab(self, princ_name): + server = self.setup_server() + + try: + result = server.get_keytab(princ_name) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + # radius support def get_radius_client_by_ip_addr(self, ip_addr, container, sattrs=None): diff --git a/ipa-python/setup.py b/ipa-python/setup.py index defd49cbd..3a5a6f4eb 100644 --- a/ipa-python/setup.py +++ b/ipa-python/setup.py @@ -35,7 +35,7 @@ def setup_package(): try: setup( name = "freeipa-python", - version = "0.4.1", + version = "0.5.0", license = "GPL", author = "Karl MacMillan, et.al.", author_email = "kmacmillan@redhat.com", |