diff options
Diffstat (limited to 'ipa-admintools/ipa-radiusprofilemod')
-rw-r--r-- | ipa-admintools/ipa-radiusprofilemod | 207 |
1 files changed, 207 insertions, 0 deletions
diff --git a/ipa-admintools/ipa-radiusprofilemod b/ipa-admintools/ipa-radiusprofilemod new file mode 100644 index 000000000..7b441a31f --- /dev/null +++ b/ipa-admintools/ipa-radiusprofilemod @@ -0,0 +1,207 @@ +#! /usr/bin/python -E +# Authors: John Dennis <jdennis@redhat.com> +# +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import sys +import os +from optparse import OptionParser +import copy + +import ipa.ipaclient as ipaclient +import ipa.ipautil as ipautil +import ipa.config +import ipa.ipaerror +import ipa.radius_util as radius_util + +import xmlrpclib +import kerberos +import ldap + +#------------------------------------------------------------------------------ + +radius_attrs = radius_util.radius_profile_attr_to_ldap_attr.keys() +mandatory_radius_attrs = ['UID'] + +#------------------------------------------------------------------------------ + +def help_option_callback(option, opt_str, value, parser, *args, **kwargs): + parser.print_help() + print + print "Valid interative attributes are:" + print ipautil.format_list(radius_attrs, quote='"') + print + print "Required attributes are:" + print ipautil.format_list(mandatory_radius_attrs, quote='"') + sys.exit(0) + +def main(): + pairs = {} + + opt_parser = OptionParser(add_help_option=False) + + opt_parser.add_option("-u", "--uid", dest="uid", + help="RADIUS profile identifier") + opt_parser.add_option("-s", "--shared", dest="shared", default=False, action='store_true', + help="profile is shared") + opt_parser.add_option("-d", "--Description", dest="desc", + help="description of the RADIUS client") + + opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback, + help="detailed help information") + opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False, + help="interactive mode, prompts with auto-completion") + opt_parser.add_option("-p", "--pair", dest="pairs", action='append', + help="specify one or more attribute=value pair(s), value may be optionally quoted, pairs are delimited by whitespace") + opt_parser.add_option("-f", "--file", dest="pair_file", + help="attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. Reads from stdin if file is -") + opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true', + help="print information") + + opt_parser.set_usage("Usage: %s [options] Client-IP-Address" % (os.path.basename(sys.argv[0]))) + + args = ipa.config.init_config(sys.argv) + options, args = opt_parser.parse_args(args) + + if len(args) < 2: + opt_parser.error("missing uid") + + uid = args[1] + pairs['UID'] = uid + + user_profile = not options.shared + + # Verify profile previously exists and get current values + radius_profile = radius_util.RadiusClient() + ipa_client = ipaclient.IPAClient() + try: + radius_profile = ipa_client.get_radius_profile_by_uid(uid, user_profile) + except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND): + print "profile %s not found" % uid + return 1 + except ipa.ipaerror.IPAError, e: + print "%s" % e.message + return 1 + except kerberos.GSSError, e: + print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0]) + return 1 + + # Populate the pair list with pre-existing values + for attr in radius_attrs: + value = radius_profile.getValues(radius_util.radius_profile_attr_to_ldap_attr[attr]) + if value is None: continue + pairs[attr] = value + + # Get pairs from a file or stdin + if options.pair_file: + try: + av = radius_util.read_pairs_file(options.pair_file) + pairs.update(av) + except Exception, e: + print "ERROR, could not read pairs (%s)" % (e) + + # Get pairs specified on the command line as a named argument + if options.uid is not None: pairs['UID'] = options.uid + if options.desc is not None: pairs['Description'] = options.desc + + # Get pairs specified on the command line as a pair argument + if options.pairs: + for p in options.pairs: + av = ipautil.parse_key_value_pairs(p) + pairs.update(av) + + # Get pairs interactively + if options.interactive: + # Remove any mandatory attriubtes which have been previously specified + interactive_mandatory_attrs = copy.copy(mandatory_radius_attrs) + for attr in pairs.keys(): + try: + interactive_mandatory_attrs.remove(attr) + except ValueError: + pass + c = ipautil.AttributeValueCompleter(radius_attrs, pairs) + c.open() + av = c.get_pairs("Enter: ", interactive_mandatory_attrs, radius_util.validate) + pairs.update(av) + c.close() + + # FIXME: validation should be moved to xmlrpc server + + # Data collection done, assure mandatory data has been specified + + if pairs.has_key('UID') and pairs['UID'] != uid: + print "ERROR, uid specified on command line (%s) does not match value found in pairs (%s)" % \ + (uid, pairs['UID']) + return 1 + + valid = True + for attr in mandatory_radius_attrs: + if not pairs.has_key(attr): + valid = False + print "ERROR, %s is mandatory, but has not been specified" % (attr) + if not valid: + return 1 + + # Make sure each attribute is a member of the set of valid attributes + valid = True + for attr,value in pairs.items(): + if attr not in radius_attrs: + valid = False + print "ERROR, %s is not a valid attribute" % (attr) + if not valid: + print "Valid attributes are:" + print ipautil.format_list(radius_attrs, quote='"') + return 1 + + # Makse sure each value is valid + valid = True + for attr,value in pairs.items(): + if not radius_util.validate(attr, value): + valid = False + if not valid: + return 1 + + # Dump what we've got so far + if options.verbose: + print "Pairs:" + for attr,value in pairs.items(): + print "\t%s = %s" % (attr, value) + + for attr,value in pairs.items(): + radius_profile.setValue(radius_util.radius_profile_attr_to_ldap_attr[attr], value) + + try: + ipa_client.update_radius_profile(radius_profile) + print "successfully modified" + except xmlrpclib.Fault, f: + print f.faultString + return 1 + except kerberos.GSSError, e: + print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0]) + return 1 + except xmlrpclib.ProtocolError, e: + print "Unable to connect to IPA server: %s" % (e.errmsg) + return 1 + except ipa.ipaerror.IPAError, e: + print "%s" % (e.message) + return 1 + + return 0 + +if __name__ == "__main__": + sys.exit(main()) |