diff options
Diffstat (limited to 'ipa-radius-admintools/ipa-addradiusclient')
-rw-r--r-- | ipa-radius-admintools/ipa-addradiusclient | 195 |
1 files changed, 195 insertions, 0 deletions
diff --git a/ipa-radius-admintools/ipa-addradiusclient b/ipa-radius-admintools/ipa-addradiusclient new file mode 100644 index 000000000..1db571a71 --- /dev/null +++ b/ipa-radius-admintools/ipa-addradiusclient @@ -0,0 +1,195 @@ +#! /usr/bin/python -E +# Authors: John Dennis <jdennis@redhat.com> +# +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import sys +import os +from optparse import OptionParser + +import ipa.ipaclient as ipaclient +import ipa.ipautil as ipautil +import ipa.config +import ipa.ipaerror +import ipa.radius_util as radius_util + +import xmlrpclib +import kerberos +import ldap + +#------------------------------------------------------------------------------ + +radius_attrs = radius_util.radius_client_attr_to_ldap_attr.keys() +radius_attr_to_ldap_attr = radius_util.radius_client_attr_to_ldap_attr +ldap_attr_to_radius_attr = radius_util.radius_client_ldap_attr_to_radius_attr +mandatory_radius_attrs = ['Client-IP-Address', 'Secret'] +distinguished_attr = 'Client-IP-Address' + +#------------------------------------------------------------------------------ + +def help_option_callback(option, opt_str, value, parser, *args, **kwargs): + parser.print_help() + print + print "Valid interative attributes are:" + print ipautil.format_list(radius_attrs, quote='"') + print + print "Required attributes are:" + print ipautil.format_list(mandatory_radius_attrs, quote='"') + sys.exit(0) + +def main(): + pairs = {} + + opt_parser = OptionParser(add_help_option=False) + + opt_parser.add_option("-a", "--Client-IP-Address", dest="ip_addr", + help="RADIUS client ip address") + opt_parser.add_option("-s", "--Secret", dest="secret", + help="RADIUS client ip address") + opt_parser.add_option("-n", "--Name", dest="name", + help="RADIUS client name") + opt_parser.add_option("-t", "--NAS-Type", dest="nastype", + help="RADIUS client NAS Type") + opt_parser.add_option("-d", "--Description", dest="desc", + help="description of the RADIUS client") + + opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback, + help="detailed help information") + opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False, + help="interactive mode, prompts with auto-completion") + opt_parser.add_option("-p", "--pair", dest="pairs", action='append', + help="specify one or more attribute=value pair(s), value may be optionally quoted, pairs are delimited by whitespace") + opt_parser.add_option("-f", "--file", dest="pair_file", + help="attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. Reads from stdin if file is -") + opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true', + help="print information") + + opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0]))) + + args = ipa.config.init_config(sys.argv) + options, args = opt_parser.parse_args(args) + + if len(args) < 2: + opt_parser.error('missing %s' % (distinguished_attr)) + + ip_addr = args[1] + pairs[distinguished_attr] = ip_addr + + # Get pairs from a file or stdin + if options.pair_file: + try: + av = ipautil.read_pairs_file(options.pair_file) + pairs.update(av) + except Exception, e: + print "ERROR, could not read pairs (%s)" % (e) + + # Get pairs specified on the command line as a named argument + if options.ip_addr: pairs[distinguished_attr] = options.ip_addr + if options.secret: pairs['Secret'] = options.secret + if options.name: pairs['Name'] = options.name + if options.nastype: pairs['NAS-Type'] = options.nastype + if options.desc: pairs['Description'] = options.desc + + # Get pairs specified on the command line as a pair argument + if options.pairs: + for p in options.pairs: + av = ipautil.parse_key_value_pairs(p) + pairs.update(av) + + # Get pairs interactively + if options.interactive: + # Prompt first for mandatory attributes which have not been previously specified + prompted_mandatory_attrs = [] + existing_attrs = pairs.keys() + for attr in mandatory_radius_attrs: + if not attr in existing_attrs: + prompted_mandatory_attrs.append(attr) + + c = ipautil.AttributeValueCompleter(radius_attrs, pairs) + c.open() + av = c.get_pairs("Enter: ", prompted_mandatory_attrs, radius_util.validate) + pairs.update(av) + c.close() + + # FIXME: validation should be moved to xmlrpc server + + # Data collection done, assure mandatory data has been specified + + if pairs.has_key(distinguished_attr) and pairs[distinguished_attr] != ip_addr: + print "ERROR, %s specified on command line (%s) does not match value found in pairs (%s)" % \ + (distinguished_attr, ip_addr, pairs[distinguished_attr]) + return 1 + + valid = True + for attr in mandatory_radius_attrs: + if not pairs.has_key(attr): + valid = False + print "ERROR, %s is mandatory, but has not been specified" % (attr) + if not valid: + return 1 + + # Make sure each attribute is a member of the set of valid attributes + valid = True + for attr,value in pairs.items(): + if attr not in radius_attrs: + valid = False + print "ERROR, %s is not a valid attribute" % (attr) + if not valid: + print "Valid attributes are:" + print ipautil.format_list(radius_attrs, quote='"') + return 1 + + # Makse sure each value is valid + valid = True + for attr,value in pairs.items(): + if not radius_util.validate(attr, value): + valid = False + if not valid: + return 1 + + # Dump what we've got so far + if options.verbose: + print "Pairs:" + for attr,value in pairs.items(): + print "\t%s = %s" % (attr, value) + + radius_entity = radius_util.RadiusClient() + for attr,value in pairs.items(): + radius_entity.setValue(radius_attr_to_ldap_attr[attr], value) + + try: + ipa_client = ipaclient.IPAClient() + ipa_client.add_radius_client(radius_entity) + print "successfully added" + except xmlrpclib.Fault, f: + print f.faultString + return 1 + except kerberos.GSSError, e: + print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0]) + return 1 + except xmlrpclib.ProtocolError, e: + print "Unable to connect to IPA server: %s" % (e.errmsg) + return 1 + except ipa.ipaerror.IPAError, e: + print "%s" % (e.message) + return 1 + + return 0 + +if __name__ == "__main__": + sys.exit(main()) |