summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ipa-admintools/ipa-addradiusclient16
-rw-r--r--ipa-python/ipaclient.py11
-rw-r--r--ipa-python/rpcclient.py13
-rw-r--r--ipa-server/ipa-install/share/bootstrap-template.ldif4
-rw-r--r--ipa-server/ipaserver/dsinstance.py2
-rw-r--r--ipa-server/ipaserver/radiusinstance.py6
-rw-r--r--ipa-server/xmlrpc-server/funcs.py22
-rw-r--r--ipa-server/xmlrpc-server/ipaxmlrpc.py1
8 files changed, 59 insertions, 16 deletions
diff --git a/ipa-admintools/ipa-addradiusclient b/ipa-admintools/ipa-addradiusclient
index 5772b4d8e..29fac531b 100644
--- a/ipa-admintools/ipa-addradiusclient
+++ b/ipa-admintools/ipa-addradiusclient
@@ -163,7 +163,7 @@ def main():
nastype = None
desc = None
- client=ipa.radius_client.RadiusClient()
+ radius_client = ipa.radius_client.RadiusClient()
options, args = parse_options()
# client address is required
@@ -205,29 +205,29 @@ def main():
#print "ip_addr=%s secret=%s name=%s nastype=%s desc=%s" % (ip_addr, secret, name, nastype, desc)
if ip_addr is not None:
- client.setValue('radiusClientNASIpAddress', ip_addr)
+ radius_client.setValue('radiusClientNASIpAddress', ip_addr)
else:
print "client IP Address is required"
return 1
if secret is not None:
- client.setValue('radiusClientSecret', secret)
+ radius_client.setValue('radiusClientSecret', secret)
else:
print "client secret is required"
return 1
if name is not None:
- client.setValue('radiusClientShortName', name)
+ radius_client.setValue('radiusClientShortName', name)
if nastype is not None:
- client.setValue('radiusClientNASType', nastype)
+ radius_client.setValue('radiusClientNASType', nastype)
if desc is not None:
- client.setValue('description', desc)
+ radius_client.setValue('description', desc)
try:
- client = ipaclient.IPAClient()
- client.add_radius_client(client)
+ ipa_client = ipaclient.IPAClient()
+ ipa_client.add_radius_client(radius_client)
print "successfully added"
except xmlrpclib.Fault, f:
print f.faultString
diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py
index 659ff995d..3c54d6ab5 100644
--- a/ipa-python/ipaclient.py
+++ b/ipa-python/ipaclient.py
@@ -331,3 +331,14 @@ class IPAClient:
entries.append(user.User(e))
return entries
+
+ def add_radius_client(self,client):
+ client_dict = client.toDict()
+
+ # dn is set on the server-side
+ del client_dict['dn']
+
+ # convert to a regular dict before sending
+ result = self.transport.add_radius_client(client_dict)
+ return result
+
diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py
index 871c37254..f0ffec02e 100644
--- a/ipa-python/rpcclient.py
+++ b/ipa-python/rpcclient.py
@@ -591,3 +591,16 @@ class RPCClient:
raise xmlrpclib.Fault(value, msg)
return ipautil.unwrap_binary_data(result)
+
+ def add_radius_client(self,client):
+ server = self.setup_server()
+
+ try:
+ result = server.add_radius_client(ipautil.wrap_binary_data(client))
+ except xmlrpclib.Fault, fault:
+ raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+ except socket.error, (value, msg):
+ raise xmlrpclib.Fault(value, msg)
+
+ return ipautil.unwrap_binary_data(result)
+
diff --git a/ipa-server/ipa-install/share/bootstrap-template.ldif b/ipa-server/ipa-install/share/bootstrap-template.ldif
index df59bc0ec..fcc2506de 100644
--- a/ipa-server/ipa-install/share/bootstrap-template.ldif
+++ b/ipa-server/ipa-install/share/bootstrap-template.ldif
@@ -92,11 +92,11 @@ objectClass: nsContainer
objectClass: top
cn: profiles
-dn: uid=ipa_default, cn=profiles,cn=radius,cn=services,cn=etc,$SUFFIX
+dn: cn=ipa_default, cn=profiles,cn=radius,cn=services,cn=etc,$SUFFIX
changetype: add
objectClass: top
objectClass: radiusprofile
-uid: ipa_default
+cn: ipa_default
dn: cn=admins,cn=groups,cn=accounts,$SUFFIX
changetype: add
diff --git a/ipa-server/ipaserver/dsinstance.py b/ipa-server/ipaserver/dsinstance.py
index 9a539470e..ce3c154f0 100644
--- a/ipa-server/ipaserver/dsinstance.py
+++ b/ipa-server/ipaserver/dsinstance.py
@@ -78,7 +78,7 @@ class DsInstance(service.Service):
self.dm_password = dm_password
self.__setup_sub_dict()
- self.start_creation(11, "Configuring directory server:")
+ self.start_creation(14, "Configuring directory server:")
self.__create_ds_user()
self.__create_instance()
self.__add_default_schemas()
diff --git a/ipa-server/ipaserver/radiusinstance.py b/ipa-server/ipaserver/radiusinstance.py
index 38091d696..8317da03b 100644
--- a/ipa-server/ipaserver/radiusinstance.py
+++ b/ipa-server/ipaserver/radiusinstance.py
@@ -122,7 +122,8 @@ class RadiusInstance(service.Service):
'RADIUS_USER_BASE_DN' : self.user_basedn,
'ACCESS_ATTRIBUTE' : '',
'ACCESS_ATTRIBUTE_DEFAULT' : 'TRUE',
- 'CLIENTS_BASEDN' : 'cn=clients,cn=radius,cn=services,cn=etc,%s' % self.suffix
+ 'CLIENTS_BASEDN' : 'cn=clients,cn=radius,cn=services,cn=etc,%s' % self.suffix,
+ 'SUFFIX' : self.suffix,
}
try:
radiusd_conf = template_file(RADIUSD_CONF_TEMPLATE_FILEPATH, sub_dict)
@@ -164,10 +165,11 @@ class RadiusInstance(service.Service):
except Exception, e:
logging.error("could not chown on %s to %s: %s", IPA_KEYTAB_FILEPATH, RADIUS_USER, e)
+ #FIXME, should use IPAdmin method
def __set_ldap_encrypted_attributes(self):
ldif_file = 'encrypted_attribute.ldif'
self.step("setting ldap encrypted attributes")
- ldif_txt = template_file(SHARE_DIR + ldif_file, {'ENCRYPTED_ATTRIBUTE':'radiusClientSecret')
+ ldif_txt = template_file(SHARE_DIR + ldif_file, {'ENCRYPTED_ATTRIBUTE':'radiusClientSecret'})
ldif_fd = write_tmp_file(ldif_txt)
try:
ldap_mod(ldif_fd, "cn=Directory Manager", self.dm_password)
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index 8169b4463..7c53e6d03 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -456,22 +456,38 @@ class IPAServer:
self.releaseConnection(conn)
return res
+ def __is_radius_client_unique(self, ip_addr, opts):
+ """Return 1 if the radius client is unique in the tree, 0 otherwise."""
+ ip_addr = self.__safe_filter(ip_addr)
+ basedn = 'cn=clients,cn=radius,cn=services,cn=etc,%s' % self.basedn # FIXME, should not be hardcoded
+
+ filter = "(&(radiusClientNASIpAddress=%s)(objectclass=radiusClientProfile))" % ip_addr
+
+ try:
+ entry = self.__get_sub_entry(basedn, filter, ['dn','uid'], opts)
+ return 0
+ except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+ return 1
+
def add_radius_client (self, client, opts=None):
+ print "add_radius_client:"
client_container = 'cn=clients,cn=radius,cn=services,cn=etc' # FIXME, should not be hardcoded
- if self.__is_client_unique(client['radiusClientNASIpAddress'], opts) == 0:
+ if self.__is_radius_client_unique(client['radiusClientNASIpAddress'], opts) == 0:
raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
dn="radiusClientNASIpAddress=%s,%s,%s" % (ldap.dn.escape_dn_chars(client['radiusClientNASIpAddress']),
client_container,self.basedn)
- entry = ipaserver.ipaldap.Entry(dn)
- # FIXME: This should be dynamic and can include just about anything
+ print "add_radius_client: dn=%s" % (dn)
+
+ entry = ipaserver.ipaldap.Entry(dn)
# some required objectclasses
entry.setValues('objectClass', 'top', 'radiusClientProfile')
# fill in our new entry with everything sent by the client
for u in client:
+ print "add_radius_client: attr=%s %s" % (u, client[u])
entry.setValues(u, client[u])
conn = self.getConnection(opts)
diff --git a/ipa-server/xmlrpc-server/ipaxmlrpc.py b/ipa-server/xmlrpc-server/ipaxmlrpc.py
index 6aaad1170..fe71aec47 100644
--- a/ipa-server/xmlrpc-server/ipaxmlrpc.py
+++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py
@@ -351,6 +351,7 @@ def handler(req, profiling=False):
h.register_function(f.delete_group)
h.register_function(f.attrs_to_labels)
h.register_function(f.group_members)
+ h.register_function(f.add_radius_client)
h.handle_request(req)
finally:
pass
generated by cgit (git 2.34.1) at 2024-06-21 09:22:10 +0000