Add radius profile implementations:

  get_radius_profile_by_uid
  add_radius_profile
  update_radius_profile
  delete_radius_profile
  find_radius_profiles

Rewrite command line arg handling, now support pair entry, interactive
mode with auto completion, reading pairs from a file, better handling
of mandatory values, better help, long arg names now match attribute
name in pairs

Establish mappings for all attributes and names used in clients and
profiles

Add notion of containers to radius clients and profiles in LDAP

Move common code, variables, constants, and strings into the files
radius_client.py, radius_util.py, ipautil.py to eliminate redundant
elements which could get out of sync if modified and to provide access
to other code which might benefit from using these items in the
future.

Add utility functions:
  format_list()
  parse_key_value_pairs()

Add utility class:
  AttributeValueCompleter

Unify attribute usage in radius ldap schema

1 files changed, 130 insertions, 25 deletions

diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index 26fdba484..aa557f79c 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -30,6 +30,7 @@ import xmlrpclib
 import copy
 import attrs
 from ipa import ipaerror
+from ipa import radius_util
 
 import string
 from types import *
@@ -458,41 +459,40 @@ class IPAServer:
     
 # radius support
 
-    # FIXME, why not just use get_entry_by_dn?
-    def get_radius_client_by_ip_addr(self, ip_addr, sattrs=None, opts=None):
-        ip_addr = self.__safe_filter(ip_addr)
-        basedn = 'cn=clients,cn=radius,cn=services,cn=etc,%s' % self.basedn # FIXME, should not be hardcoded
-        filter = "(&(radiusClientNASIpAddress=%s)(objectclass=radiusClientProfile))" % ip_addr
+    # clients
+    def get_radius_client_by_ip_addr(self, ip_addr, container=None, sattrs=None, opts=None):
+        filter = radius_util.radius_client_filter(ip_addr)
+        basedn = radius_util.radius_clients_basedn(container, self.basedn)
         return self.__get_sub_entry(basedn, filter, sattrs, opts)
 
-    def __is_radius_client_unique(self, ip_addr, opts):
-        """Return 1 if the radius client is unique in the tree, 0 otherwise."""
-        ip_addr = self.__safe_filter(ip_addr)
-        basedn = 'cn=clients,cn=radius,cn=services,cn=etc,%s' % self.basedn # FIXME, should not be hardcoded
-        filter = "(&(radiusClientNASIpAddress=%s)(objectclass=radiusClientProfile))" % ip_addr
+    def __radius_client_exists(self, ip_addr, container, opts):
+        filter = radius_util.radius_client_filter(ip_addr)
+        basedn = radius_util.radius_clients_basedn(container, self.basedn)
  
         try:
             entry = self.__get_sub_entry(basedn, filter, ['dn','uid'], opts)
-            return 0
+            return True
         except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
-            return 1
+            return False
 
-    def add_radius_client (self, client, opts=None):
-        client_container = 'cn=clients,cn=radius,cn=services,cn=etc' # FIXME, should not be hardcoded
-        if self.__is_radius_client_unique(client['radiusClientNASIpAddress'], opts) == 0:
-            raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
+    def add_radius_client (self, client, container=None, opts=None):
+        if container is None:
+            container = radius_util.clients_container
 
-        dn="radiusClientNASIpAddress=%s,%s,%s" % (ldap.dn.escape_dn_chars(client['radiusClientNASIpAddress']),
-                             client_container,self.basedn)
+        ip_addr = client['radiusClientIPAddress']
+
+        if self.__radius_client_exists(ip_addr, container, opts):
+            raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
 
+        dn = radius_util.radius_client_dn(ip_addr, container, self.basedn)
         entry = ipaserver.ipaldap.Entry(dn)
 
         # some required objectclasses
         entry.setValues('objectClass', 'top', 'radiusClientProfile')
 
         # fill in our new entry with everything sent by the client
-        for u in client:
-            entry.setValues(u, client[u])
+        for attr in client:
+            entry.setValues(attr, client[attr])
 
         conn = self.getConnection(opts)
         try:
@@ -504,8 +504,8 @@ class IPAServer:
     def update_radius_client(self, oldentry, newentry, opts=None):
         return self.update_entry(oldentry, newentry, opts)
 
-    def delete_radius_client(self, ip_addr, opts=None):
-        client = self.get_radius_client_by_ip_addr(ip_addr, ['dn', 'cn'], opts)
+    def delete_radius_client(self, ip_addr, container=None, opts=None):
+        client = self.get_radius_client_by_ip_addr(ip_addr, container, ['dn', 'cn'], opts)
         if client is None:
             raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
 
@@ -516,7 +516,7 @@ class IPAServer:
             self.releaseConnection(conn)
         return res
 
-    def find_radius_clients(self, ip_attrs, sattrs=None, searchlimit=0, timelimit=-1, opts=None):
+    def find_radius_clients(self, ip_attrs, container=None, sattrs=None, searchlimit=0, timelimit=-1, opts=None):
         def gen_filter(objectclass, attr, values):
             '''Given ('myclass', 'myattr', [v1, v2]) returns
                (&(objectclass=myclass)(|(myattr=v1)(myattr=v2)))
@@ -527,8 +527,8 @@ class IPAServer:
             filter = "(&(objectclass=%s)(|%s))" % (objectclass, attrs)
             return filter
 
-        basedn = 'cn=clients,cn=radius,cn=services,cn=etc,%s' % self.basedn # FIXME, should not be hardcoded
-        filter = gen_filter('radiusClientProfile', 'radiusClientNASIpAddress', ip_attrs)
+        basedn = radius_util.radius_clients_basedn(container, self.basedn)
+        filter = gen_filter('radiusClientProfile', 'radiusClientIPAddress', ip_attrs)
         conn = self.getConnection(opts)
         try:
             try:
@@ -546,6 +546,111 @@ class IPAServer:
 
         return radius_clients
 
+    # profiles
+    def get_radius_profile_by_uid(self, uid, user_profile=True, sattrs=None, opts=None):
+        if user_profile:
+            container = DefaultUserContainer
+        else:
+            container = radius_util.profiles_container
+
+        uid = self.__safe_filter(uid)
+        filter = radius_util.radius_profile_filter(uid)
+        basedn = radius_util.radius_profiles_basedn(container, self.basedn)
+        return self.__get_sub_entry(basedn, filter, sattrs, opts)
+
+    def __radius_profile_exists(self, uid, user_profile, opts):
+        if user_profile:
+            container = DefaultUserContainer
+        else:
+            container = radius_util.profiles_container
+
+        uid = self.__safe_filter(uid)
+        filter = radius_util.radius_profile_filter(uid)
+        basedn = radius_util.radius_profiles_basedn(container, self.basedn)
+ 
+        try:
+            entry = self.__get_sub_entry(basedn, filter, ['dn','uid'], opts)
+            return True
+        except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+            return False
+
+    def add_radius_profile (self, uid, user_profile=True, opts=None):
+        if self.__radius_profile_exists(profile['uid'], user_profile, opts):
+            raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
+
+        if user_profile:
+            container = DefaultUserContainer
+        else:
+            container = radius_util.profiles_container
+
+        dn = radius_util.radius_profile_dn(uid, container, self.basedn)
+        entry = ipaserver.ipaldap.Entry(dn)
+
+        # some required objectclasses
+        entry.setValues('objectClass', 'top', 'radiusClientProfile')
+
+        # fill in our new entry with everything sent by the profile
+        for attr in profile:
+            entry.setValues(attr, profile[attr])
+
+        conn = self.getConnection(opts)
+        try:
+            res = conn.addEntry(entry)
+        finally:
+            self.releaseConnection(conn)
+        return res
+    
+    def update_radius_profile(self, oldentry, newentry, opts=None):
+        return self.update_entry(oldentry, newentry, opts)
+
+    def delete_radius_profile(self, uid, user_profile, opts=None):
+        profile = self.get_radius_profile_by_uid(uid, user_profile, ['dn', 'cn'], opts)
+        if profile is None:
+            raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
+
+        conn = self.getConnection(opts)
+        try:
+            res = conn.deleteEntry(profile['dn'])
+        finally:
+            self.releaseConnection(conn)
+        return res
+
+    def find_radius_profiles(self, uids, user_profile=True, sattrs=None, searchlimit=0, timelimit=-1, opts=None):
+        def gen_filter(objectclass, attr, values):
+            '''Given ('myclass', 'myattr', [v1, v2]) returns
+               (&(objectclass=myclass)(|(myattr=v1)(myattr=v2)))
+            '''
+            # Don't use __safe_filter, prevents wildcarding
+            #attrs = ''.join(['(%s=%s)' % (attr, self.__safe_filter(val)) for val in values])
+            attrs = ''.join(['(%s=%s)' % (attr, val) for val in values])
+            filter = "(&(objectclass=%s)(|%s))" % (objectclass, attrs)
+            return filter
+
+        if user_profile:
+            container = DefaultUserContainer
+        else:
+            container = radius_util.profiles_container
+
+        uid = self.__safe_filter(uid)
+        filter = gen_filter('radiusClientProfile' 'uid', uids)
+        basedn="%s,%s" % (container, self.basedn)
+        conn = self.getConnection(opts)
+        try:
+            try:
+                results = conn.getListAsync(basedn, self.scope, filter, sattrs, 0, None, None, timelimit, searchlimit)
+            except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+                results = [0]
+        finally:
+            self.releaseConnection(conn)
+
+        counter = results[0]
+        results = results[1:]
+        radius_profiles = [counter]
+        for radius_profile in results:
+            radius_profiles.append(self.convert_entry(radius_profile))
+
+        return radius_profiles
+
     def get_add_schema (self):
         """Get the list of fields to be used when adding users in the GUI."""