1 files changed, 194 insertions, 0 deletions
diff --git a/ipa-admintools/ipa-addradiusprofile b/ipa-admintools/ipa-addradiusprofile
new file mode 100644
index 000000000..66db52267
--- /dev/null
+++ b/ipa-admintools/ipa-addradiusprofile
@@ -0,0 +1,194 @@
+#! /usr/bin/python -E
+# Authors: John Dennis <jdennis@redhat.com>
+#
+# Copyright (C) 2007  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+import os
+from optparse import OptionParser
+
+import ipa.ipaclient as ipaclient
+import ipa.ipautil as ipautil
+import ipa.config
+import ipa.ipaerror
+import ipa.radius_util as radius_util
+
+import xmlrpclib
+import kerberos
+import ldap
+
+#------------------------------------------------------------------------------
+
+radius_attrs = radius_util.radius_profile_attr_to_ldap_attr.keys()
+radius_attr_to_ldap_attr = radius_util.radius_profile_attr_to_ldap_attr
+ldap_attr_to_radius_attr = radius_util.radius_profile_ldap_attr_to_radius_attr
+mandatory_radius_attrs = ['UID']
+distinguished_attr = 'UID'
+
+#------------------------------------------------------------------------------
+
+def help_option_callback(option, opt_str, value, parser, *args, **kwargs):
+    parser.print_help()
+    print
+    print "Valid interative attributes are:"
+    print ipautil.format_list(radius_attrs, quote='"')
+    print
+    print "Required attributes are:"
+    print ipautil.format_list(mandatory_radius_attrs, quote='"')
+    sys.exit(0)
+
+def main():
+    pairs = {}
+
+    opt_parser = OptionParser(add_help_option=False)
+
+    opt_parser.add_option("-u", "--uid", dest="uid",
+                      help="RADIUS profile identifier")
+    opt_parser.add_option("-s", "--shared", dest="shared", default=False, action='store_true',
+                      help="profile is shared")
+    opt_parser.add_option("-d", "--Description", dest="desc", 
+                      help="description of the RADIUS client")
+
+    opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
+                        help="detailed help information")
+    opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False,
+                      help="interactive mode, prompts with auto-completion")
+    opt_parser.add_option("-p", "--pair", dest="pairs", action='append',
+                      help="specify one or more attribute=value pair(s), value may be optionally quoted, pairs are delimited by whitespace")
+    opt_parser.add_option("-f", "--file", dest="pair_file",
+                      help="attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. Reads from stdin if file is -")
+    opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true',
+                      help="print information")
+
+    opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0])))
+
+    args = ipa.config.init_config(sys.argv)
+    options, args = opt_parser.parse_args(args)
+
+    if len(args) < 2:
+        opt_parser.error('missing %s' % (distinguished_attr))
+
+    uid = args[1]
+    user_profile = not options.shared
+    pairs[distinguished_attr] = uid
+
+    # Per user profiles are pre-created (i.e. objectclass radiusprofile is always added for each user)
+    if user_profile:
+        print "ERROR, you cannot add a per-user radius profile, it pre-exists"
+        return 1
+
+    # Get pairs from a file or stdin
+    if options.pair_file:
+        try:
+            av = ipautil.read_pairs_file(options.pair_file)
+            pairs.update(av)
+        except Exception, e:
+            print "ERROR, could not read pairs (%s)" % (e)
+
+    # Get pairs specified on the command line as a named argument
+    if options.uid: pairs['UID'] = options.uid
+    if options.desc: pairs['Description'] = options.desc
+
+    # Get pairs specified on the command line as a pair argument
+    if options.pairs:
+        for p in options.pairs:
+            av = ipautil.parse_key_value_pairs(p)
+            pairs.update(av)
+
+    # Get pairs interactively
+    if options.interactive:
+        # Prompt first for mandatory attributes which have not been previously specified
+        prompted_mandatory_attrs = []
+        existing_attrs = pairs.keys()
+        for attr in mandatory_radius_attrs:
+            if not attr in existing_attrs:
+                prompted_mandatory_attrs.append(attr)
+
+        c = ipautil.AttributeValueCompleter(radius_attrs, pairs)
+        c.open()
+        av = c.get_pairs("Enter: ", prompted_mandatory_attrs, radius_util.validate)
+        pairs.update(av)
+        c.close()
+
+    # FIXME: validation should be moved to xmlrpc server
+
+    # Data collection done, assure mandatory data has been specified
+
+    if pairs.has_key(distinguished_attr) and pairs[distinguished_attr] != uid:
+        print "ERROR, %s specified on command line (%s) does not match value found in pairs (%s)" % \
+            (distinguished_attr, uid, pairs[distinguished_attr])
+        return 1
+
+    valid = True
+    for attr in mandatory_radius_attrs:
+        if not pairs.has_key(attr):
+            valid = False
+            print "ERROR, %s is mandatory, but has not been specified" % (attr)
+    if not valid:
+        return 1
+
+    # Make sure each attribute is a member of the set of valid attributes
+    valid = True
+    for attr,value in pairs.items():
+        if attr not in radius_attrs:
+            valid = False
+            print "ERROR, %s is not a valid attribute" % (attr)
+    if not valid:
+        print "Valid attributes are:"
+        print ipautil.format_list(radius_attrs, quote='"')
+        return 1
+
+    # Makse sure each value is valid
+    valid = True
+    for attr,value in pairs.items():
+        if not radius_util.validate(attr, value):
+            valid = False
+    if not valid:
+        return 1
+
+    # Dump what we've got so far
+    if options.verbose:
+        print "Pairs:"
+        for attr,value in pairs.items():
+            print "\t%s = %s" % (attr, value)
+
+    radius_entity = radius_util.RadiusProfile()
+    for attr,value in pairs.items():
+        radius_entity.setValue(radius_attr_to_ldap_attr[attr], value)
+
+    try:
+        ipa_client = ipaclient.IPAClient()
+        ipa_client.add_radius_profile(radius_entity)
+        print "successfully added"
+    except xmlrpclib.Fault, f:
+        print f.faultString
+        return 1
+    except kerberos.GSSError, e:
+        print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
+        return 1
+    except xmlrpclib.ProtocolError, e:
+        print "Unable to connect to IPA server: %s" % (e.errmsg)
+        return 1
+    except ipa.ipaerror.IPAError, e:
+        print "%s" % (e.message)
+        return 1
+
+    return 0
+
+if __name__ == "__main__":
+    sys.exit(main())