summaryrefslogtreecommitdiffstats
path: root/ipa-radius-admintools/ipa-addradiusclient
diff options
context:
space:
mode:
Diffstat (limited to 'ipa-radius-admintools/ipa-addradiusclient')
-rw-r--r--ipa-radius-admintools/ipa-addradiusclient195
1 files changed, 195 insertions, 0 deletions
diff --git a/ipa-radius-admintools/ipa-addradiusclient b/ipa-radius-admintools/ipa-addradiusclient
new file mode 100644
index 000000000..1db571a71
--- /dev/null
+++ b/ipa-radius-admintools/ipa-addradiusclient
@@ -0,0 +1,195 @@
+#! /usr/bin/python -E
+# Authors: John Dennis <jdennis@redhat.com>
+#
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+import os
+from optparse import OptionParser
+
+import ipa.ipaclient as ipaclient
+import ipa.ipautil as ipautil
+import ipa.config
+import ipa.ipaerror
+import ipa.radius_util as radius_util
+
+import xmlrpclib
+import kerberos
+import ldap
+
+#------------------------------------------------------------------------------
+
+radius_attrs = radius_util.radius_client_attr_to_ldap_attr.keys()
+radius_attr_to_ldap_attr = radius_util.radius_client_attr_to_ldap_attr
+ldap_attr_to_radius_attr = radius_util.radius_client_ldap_attr_to_radius_attr
+mandatory_radius_attrs = ['Client-IP-Address', 'Secret']
+distinguished_attr = 'Client-IP-Address'
+
+#------------------------------------------------------------------------------
+
+def help_option_callback(option, opt_str, value, parser, *args, **kwargs):
+ parser.print_help()
+ print
+ print "Valid interative attributes are:"
+ print ipautil.format_list(radius_attrs, quote='"')
+ print
+ print "Required attributes are:"
+ print ipautil.format_list(mandatory_radius_attrs, quote='"')
+ sys.exit(0)
+
+def main():
+ pairs = {}
+
+ opt_parser = OptionParser(add_help_option=False)
+
+ opt_parser.add_option("-a", "--Client-IP-Address", dest="ip_addr",
+ help="RADIUS client ip address")
+ opt_parser.add_option("-s", "--Secret", dest="secret",
+ help="RADIUS client ip address")
+ opt_parser.add_option("-n", "--Name", dest="name",
+ help="RADIUS client name")
+ opt_parser.add_option("-t", "--NAS-Type", dest="nastype",
+ help="RADIUS client NAS Type")
+ opt_parser.add_option("-d", "--Description", dest="desc",
+ help="description of the RADIUS client")
+
+ opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
+ help="detailed help information")
+ opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False,
+ help="interactive mode, prompts with auto-completion")
+ opt_parser.add_option("-p", "--pair", dest="pairs", action='append',
+ help="specify one or more attribute=value pair(s), value may be optionally quoted, pairs are delimited by whitespace")
+ opt_parser.add_option("-f", "--file", dest="pair_file",
+ help="attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. Reads from stdin if file is -")
+ opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true',
+ help="print information")
+
+ opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0])))
+
+ args = ipa.config.init_config(sys.argv)
+ options, args = opt_parser.parse_args(args)
+
+ if len(args) < 2:
+ opt_parser.error('missing %s' % (distinguished_attr))
+
+ ip_addr = args[1]
+ pairs[distinguished_attr] = ip_addr
+
+ # Get pairs from a file or stdin
+ if options.pair_file:
+ try:
+ av = ipautil.read_pairs_file(options.pair_file)
+ pairs.update(av)
+ except Exception, e:
+ print "ERROR, could not read pairs (%s)" % (e)
+
+ # Get pairs specified on the command line as a named argument
+ if options.ip_addr: pairs[distinguished_attr] = options.ip_addr
+ if options.secret: pairs['Secret'] = options.secret
+ if options.name: pairs['Name'] = options.name
+ if options.nastype: pairs['NAS-Type'] = options.nastype
+ if options.desc: pairs['Description'] = options.desc
+
+ # Get pairs specified on the command line as a pair argument
+ if options.pairs:
+ for p in options.pairs:
+ av = ipautil.parse_key_value_pairs(p)
+ pairs.update(av)
+
+ # Get pairs interactively
+ if options.interactive:
+ # Prompt first for mandatory attributes which have not been previously specified
+ prompted_mandatory_attrs = []
+ existing_attrs = pairs.keys()
+ for attr in mandatory_radius_attrs:
+ if not attr in existing_attrs:
+ prompted_mandatory_attrs.append(attr)
+
+ c = ipautil.AttributeValueCompleter(radius_attrs, pairs)
+ c.open()
+ av = c.get_pairs("Enter: ", prompted_mandatory_attrs, radius_util.validate)
+ pairs.update(av)
+ c.close()
+
+ # FIXME: validation should be moved to xmlrpc server
+
+ # Data collection done, assure mandatory data has been specified
+
+ if pairs.has_key(distinguished_attr) and pairs[distinguished_attr] != ip_addr:
+ print "ERROR, %s specified on command line (%s) does not match value found in pairs (%s)" % \
+ (distinguished_attr, ip_addr, pairs[distinguished_attr])
+ return 1
+
+ valid = True
+ for attr in mandatory_radius_attrs:
+ if not pairs.has_key(attr):
+ valid = False
+ print "ERROR, %s is mandatory, but has not been specified" % (attr)
+ if not valid:
+ return 1
+
+ # Make sure each attribute is a member of the set of valid attributes
+ valid = True
+ for attr,value in pairs.items():
+ if attr not in radius_attrs:
+ valid = False
+ print "ERROR, %s is not a valid attribute" % (attr)
+ if not valid:
+ print "Valid attributes are:"
+ print ipautil.format_list(radius_attrs, quote='"')
+ return 1
+
+ # Makse sure each value is valid
+ valid = True
+ for attr,value in pairs.items():
+ if not radius_util.validate(attr, value):
+ valid = False
+ if not valid:
+ return 1
+
+ # Dump what we've got so far
+ if options.verbose:
+ print "Pairs:"
+ for attr,value in pairs.items():
+ print "\t%s = %s" % (attr, value)
+
+ radius_entity = radius_util.RadiusClient()
+ for attr,value in pairs.items():
+ radius_entity.setValue(radius_attr_to_ldap_attr[attr], value)
+
+ try:
+ ipa_client = ipaclient.IPAClient()
+ ipa_client.add_radius_client(radius_entity)
+ print "successfully added"
+ except xmlrpclib.Fault, f:
+ print f.faultString
+ return 1
+ except kerberos.GSSError, e:
+ print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
+ return 1
+ except xmlrpclib.ProtocolError, e:
+ print "Unable to connect to IPA server: %s" % (e.errmsg)
+ return 1
+ except ipa.ipaerror.IPAError, e:
+ print "%s" % (e.message)
+ return 1
+
+ return 0
+
+if __name__ == "__main__":
+ sys.exit(main())