From 09238510ff0dced7998e6a1b72f450070e8c6116 Mon Sep 17 00:00:00 2001 From: John Dennis Date: Mon, 26 Nov 2007 19:30:33 -0500 Subject: add command line utilites for radius profiles --- ipa-admintools/Makefile | 4 + ipa-admintools/ipa-addradiusprofile | 185 +++++++++++++++++++++++++++++++ ipa-admintools/ipa-delradiusprofile | 77 +++++++++++++ ipa-admintools/ipa-findradiusprofile | 104 ++++++++++++++++++ ipa-admintools/ipa-radiusprofilemod | 207 +++++++++++++++++++++++++++++++++++ ipa-python/ipaclient.py | 36 +++++- ipa-python/radius_util.py | 5 +- ipa-python/rpcclient.py | 77 ++++++++++++- ipa-server/xmlrpc-server/funcs.py | 11 +- 9 files changed, 693 insertions(+), 13 deletions(-) create mode 100644 ipa-admintools/ipa-addradiusprofile create mode 100644 ipa-admintools/ipa-delradiusprofile create mode 100644 ipa-admintools/ipa-findradiusprofile create mode 100644 ipa-admintools/ipa-radiusprofilemod diff --git a/ipa-admintools/Makefile b/ipa-admintools/Makefile index 2db506f9d..5ceb42d27 100644 --- a/ipa-admintools/Makefile +++ b/ipa-admintools/Makefile @@ -25,6 +25,10 @@ install: install -m 755 ipa-radiusclientmod $(SBINDIR) install -m 755 ipa-delradiusclient $(SBINDIR) install -m 755 ipa-findradiusclient $(SBINDIR) + install -m 755 ipa-addradiusprofile $(SBINDIR) + install -m 755 ipa-radiusprofilemod $(SBINDIR) + install -m 755 ipa-delradiusprofile $(SBINDIR) + install -m 755 ipa-findradiusprofile $(SBINDIR) @for subdir in $(SUBDIRS); do \ (cd $$subdir && $(MAKE) $@) || exit 1; \ diff --git a/ipa-admintools/ipa-addradiusprofile b/ipa-admintools/ipa-addradiusprofile new file mode 100644 index 000000000..5f44d9ff4 --- /dev/null +++ b/ipa-admintools/ipa-addradiusprofile @@ -0,0 +1,185 @@ +#! /usr/bin/python -E +# Authors: John Dennis +# +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import sys +import os +from optparse import OptionParser +import copy + +import ipa.ipaclient as ipaclient +import ipa.ipautil as ipautil +import ipa.config +import ipa.ipaerror +import ipa.radius_util as radius_util + +import xmlrpclib +import kerberos +import ldap + +#------------------------------------------------------------------------------ + +radius_attrs = radius_util.radius_profile_attr_to_ldap_attr.keys() +mandatory_radius_attrs = ['UID'] + +#------------------------------------------------------------------------------ + +def help_option_callback(option, opt_str, value, parser, *args, **kwargs): + parser.print_help() + print + print "Valid interative attributes are:" + print ipautil.format_list(radius_attrs, quote='"') + print + print "Required attributes are:" + print ipautil.format_list(mandatory_radius_attrs, quote='"') + sys.exit(0) + +def main(): + pairs = {} + + opt_parser = OptionParser(add_help_option=False) + + opt_parser.add_option("-u", "--uid", dest="uid", + help="RADIUS profile identifier") + opt_parser.add_option("-d", "--Description", dest="desc", + help="description of the RADIUS client") + + + opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback, + help="detailed help information") + opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False, + help="interactive mode, prompts with auto-completion") + opt_parser.add_option("-p", "--pair", dest="pairs", action='append', + help="specify one or more attribute=value pair(s), value may be optionally quoted, pairs are delimited by whitespace") + opt_parser.add_option("-f", "--file", dest="pair_file", + help="attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. Reads from stdin if file is -") + opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true', + help="print information") + + opt_parser.set_usage("Usage: %s [options] UID" % (os.path.basename(sys.argv[0]))) + + args = ipa.config.init_config(sys.argv) + options, args = opt_parser.parse_args(args) + + if len(args) < 2: + opt_parser.error("missing UID") + + uid = args[1] + pairs['UID'] = uid + + # Get pairs from a file or stdin + if options.pair_file: + try: + av = radius_util.read_pairs_file(options.pair_file) + pairs.update(av) + except Exception, e: + print "ERROR, could not read pairs (%s)" % (e) + + # Get pairs specified on the command line as a named argument + if options.uid: pairs['UID'] = options.uid + if options.desc: pairs['Description'] = options.desc + + # Get pairs specified on the command line as a pair argument + if options.pairs: + for p in options.pairs: + av = ipautil.parse_key_value_pairs(p) + pairs.update(av) + + # Get pairs interactively + if options.interactive: + # Remove any mandatory attriubtes which have been previously specified + interactive_mandatory_attrs = copy.copy(mandatory_radius_attrs) + for attr in pairs.keys(): + try: + interactive_mandatory_attrs.remove(attr) + except ValueError: + pass + c = ipautil.AttributeValueCompleter(radius_attrs, pairs) + c.open() + av = c.get_pairs("Enter: ", interactive_mandatory_attrs, radius_util.validate) + pairs.update(av) + c.close() + + # FIXME: validation should be moved to xmlrpc server + + # Data collection done, assure mandatory data has been specified + + if pairs.has_key('UID') and pairs['UID'] != uid: + print "ERROR, uid specified on command line (%s) does not match value found in pairs (%s)" % \ + (uid, pairs['UID']) + return 1 + + valid = True + for attr in mandatory_radius_attrs: + if not pairs.has_key(attr): + valid = False + print "ERROR, %s is mandatory, but has not been specified" % (attr) + if not valid: + return 1 + + # Make sure each attribute is a member of the set of valid attributes + valid = True + for attr,value in pairs.items(): + if attr not in radius_attrs: + valid = False + print "ERROR, %s is not a valid attribute" % (attr) + if not valid: + print "Valid attributes are:" + print ipautil.format_list(radius_attrs, quote='"') + return 1 + + # Makse sure each value is valid + valid = True + for attr,value in pairs.items(): + if not radius_util.validate(attr, value): + valid = False + if not valid: + return 1 + + # Dump what we've got so far + if options.verbose: + print "Pairs:" + for attr,value in pairs.items(): + print "\t%s = %s" % (attr, value) + + radius_profile = radius_util.RadiusProfile() + for attr,value in pairs.items(): + radius_profile.setValue(radius_util.radius_profile_attr_to_ldap_attr[attr], value) + + try: + ipa_client = ipaclient.IPAClient() + ipa_client.add_radius_profile(radius_profile) + print "successfully added" + except xmlrpclib.Fault, f: + print f.faultString + return 1 + except kerberos.GSSError, e: + print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0]) + return 1 + except xmlrpclib.ProtocolError, e: + print "Unable to connect to IPA server: %s" % (e.errmsg) + return 1 + except ipa.ipaerror.IPAError, e: + print "%s" % (e.message) + return 1 + + return 0 + +if __name__ == "__main__": + sys.exit(main()) diff --git a/ipa-admintools/ipa-delradiusprofile b/ipa-admintools/ipa-delradiusprofile new file mode 100644 index 000000000..16baea4ab --- /dev/null +++ b/ipa-admintools/ipa-delradiusprofile @@ -0,0 +1,77 @@ +#! /usr/bin/python -E +# Authors: John Dennis +# +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import os +import sys +from optparse import OptionParser +import ipa +import ipa.ipaclient as ipaclient +import ipa.ipavalidate as ipavalidate +import ipa.config +import ipa.ipaerror +import ipa.radius_util as radius_util + +import xmlrpclib +import kerberos +import ldap + +#------------------------------------------------------------------------------ + +def help_option_callback(option, opt_str, value, parser, *args, **kwargs): + parser.print_help() + sys.exit(0) + + +def main(): + opt_parser = OptionParser(add_help_option=False) + + opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback, + help="detailed help information") + opt_parser.set_usage("Usage: %s [options] UID" % (os.path.basename(sys.argv[0]))) + + args = ipa.config.init_config(sys.argv) + options, args = opt_parser.parse_args(args) + + if len(args) < 2: + opt_parser.error("missing UID") + + uid = args[1] + + try: + ipa_client = ipaclient.IPAClient() + ipa_client.delete_radius_profile(uid) + print "successfully deleted" + except xmlrpclib.Fault, f: + print f.faultString + return 1 + except kerberos.GSSError, e: + print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0]) + return 1 + except xmlrpclib.ProtocolError, e: + print "Unable to connect to IPA server: %s" % (e.errmsg) + return 1 + except ipa.ipaerror.IPAError, e: + print "%s" % (e.message) + return 1 + + return 0 + +if __name__ == "__main__": + sys.exit(main()) diff --git a/ipa-admintools/ipa-findradiusprofile b/ipa-admintools/ipa-findradiusprofile new file mode 100644 index 000000000..6fd5b466d --- /dev/null +++ b/ipa-admintools/ipa-findradiusprofile @@ -0,0 +1,104 @@ +#! /usr/bin/python -E +# Authors: John Dennis +# +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import os +import sys +from optparse import OptionParser +import ipa +from ipa import radius_util +import ipa.ipaclient as ipaclient +import ipa.ipavalidate as ipavalidate +import ipa.config +import ipa.ipaerror +import ipa.ipautil + +import xmlrpclib +import kerberos +import ldap + +#------------------------------------------------------------------------------ + +attrs = radius_util.radius_profile_ldap_attr_to_radius_attr.keys() + +#------------------------------------------------------------------------------ + +def parse_options(): + return options, args + +#------------------------------------------------------------------------------ + +# FIXME +def help_option_callback(option, opt_str, value, parser, *args, **kwargs): + parser.print_help() + print + print "Note: UID may contain wildcards, to get all profiles use '*'" + sys.exit(0) + +def main(): + opt_parser = OptionParser(add_help_option=False) + opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback, + help="detailed help information") + + args = ipa.config.init_config(sys.argv) + options, args = opt_parser.parse_args(args) + + opt_parser.set_usage("Usage: %s [options] UID [UID ...]" % (os.path.basename(sys.argv[0]))) + + if len(args) < 2: + opt_parser.error("missing UID(es)") + + uids = args[1:] + + try: + ipa_client = ipaclient.IPAClient() + radius_profiles = ipa_client.find_radius_profiles(uids, sattrs=attrs) + counter = radius_profiles[0] + radius_profiles = radius_profiles[1:] + + if counter == 0: + print "No entries found for", uids + return 2 + + for radius_profile in radius_profiles: + profile_attrs = radius_profile.attrList() + profile_attrs.sort() + + print "%s:" % radius_profile.getValues(radius_util.radius_profile_attr_to_ldap_attr['UID']) + for attr in profile_attrs: + value = radius_profile.getValues(attr) + print "\t%s = %s" % (radius_util.radius_profile_ldap_attr_to_radius_attr[attr], value) + + except xmlrpclib.Fault, f: + print f.faultString + return 1 + except kerberos.GSSError, e: + print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0]) + return 1 + except xmlrpclib.ProtocolError, e: + print "Unable to connect to IPA server: %s" % (e.errmsg) + return 1 + except ipa.ipaerror.IPAError, e: + print "%s" % (e.message) + return 1 + + return 0 + +if __name__ == "__main__": + sys.exit(main()) diff --git a/ipa-admintools/ipa-radiusprofilemod b/ipa-admintools/ipa-radiusprofilemod new file mode 100644 index 000000000..7b441a31f --- /dev/null +++ b/ipa-admintools/ipa-radiusprofilemod @@ -0,0 +1,207 @@ +#! /usr/bin/python -E +# Authors: John Dennis +# +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import sys +import os +from optparse import OptionParser +import copy + +import ipa.ipaclient as ipaclient +import ipa.ipautil as ipautil +import ipa.config +import ipa.ipaerror +import ipa.radius_util as radius_util + +import xmlrpclib +import kerberos +import ldap + +#------------------------------------------------------------------------------ + +radius_attrs = radius_util.radius_profile_attr_to_ldap_attr.keys() +mandatory_radius_attrs = ['UID'] + +#------------------------------------------------------------------------------ + +def help_option_callback(option, opt_str, value, parser, *args, **kwargs): + parser.print_help() + print + print "Valid interative attributes are:" + print ipautil.format_list(radius_attrs, quote='"') + print + print "Required attributes are:" + print ipautil.format_list(mandatory_radius_attrs, quote='"') + sys.exit(0) + +def main(): + pairs = {} + + opt_parser = OptionParser(add_help_option=False) + + opt_parser.add_option("-u", "--uid", dest="uid", + help="RADIUS profile identifier") + opt_parser.add_option("-s", "--shared", dest="shared", default=False, action='store_true', + help="profile is shared") + opt_parser.add_option("-d", "--Description", dest="desc", + help="description of the RADIUS client") + + opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback, + help="detailed help information") + opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False, + help="interactive mode, prompts with auto-completion") + opt_parser.add_option("-p", "--pair", dest="pairs", action='append', + help="specify one or more attribute=value pair(s), value may be optionally quoted, pairs are delimited by whitespace") + opt_parser.add_option("-f", "--file", dest="pair_file", + help="attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. Reads from stdin if file is -") + opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true', + help="print information") + + opt_parser.set_usage("Usage: %s [options] Client-IP-Address" % (os.path.basename(sys.argv[0]))) + + args = ipa.config.init_config(sys.argv) + options, args = opt_parser.parse_args(args) + + if len(args) < 2: + opt_parser.error("missing uid") + + uid = args[1] + pairs['UID'] = uid + + user_profile = not options.shared + + # Verify profile previously exists and get current values + radius_profile = radius_util.RadiusClient() + ipa_client = ipaclient.IPAClient() + try: + radius_profile = ipa_client.get_radius_profile_by_uid(uid, user_profile) + except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND): + print "profile %s not found" % uid + return 1 + except ipa.ipaerror.IPAError, e: + print "%s" % e.message + return 1 + except kerberos.GSSError, e: + print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0]) + return 1 + + # Populate the pair list with pre-existing values + for attr in radius_attrs: + value = radius_profile.getValues(radius_util.radius_profile_attr_to_ldap_attr[attr]) + if value is None: continue + pairs[attr] = value + + # Get pairs from a file or stdin + if options.pair_file: + try: + av = radius_util.read_pairs_file(options.pair_file) + pairs.update(av) + except Exception, e: + print "ERROR, could not read pairs (%s)" % (e) + + # Get pairs specified on the command line as a named argument + if options.uid is not None: pairs['UID'] = options.uid + if options.desc is not None: pairs['Description'] = options.desc + + # Get pairs specified on the command line as a pair argument + if options.pairs: + for p in options.pairs: + av = ipautil.parse_key_value_pairs(p) + pairs.update(av) + + # Get pairs interactively + if options.interactive: + # Remove any mandatory attriubtes which have been previously specified + interactive_mandatory_attrs = copy.copy(mandatory_radius_attrs) + for attr in pairs.keys(): + try: + interactive_mandatory_attrs.remove(attr) + except ValueError: + pass + c = ipautil.AttributeValueCompleter(radius_attrs, pairs) + c.open() + av = c.get_pairs("Enter: ", interactive_mandatory_attrs, radius_util.validate) + pairs.update(av) + c.close() + + # FIXME: validation should be moved to xmlrpc server + + # Data collection done, assure mandatory data has been specified + + if pairs.has_key('UID') and pairs['UID'] != uid: + print "ERROR, uid specified on command line (%s) does not match value found in pairs (%s)" % \ + (uid, pairs['UID']) + return 1 + + valid = True + for attr in mandatory_radius_attrs: + if not pairs.has_key(attr): + valid = False + print "ERROR, %s is mandatory, but has not been specified" % (attr) + if not valid: + return 1 + + # Make sure each attribute is a member of the set of valid attributes + valid = True + for attr,value in pairs.items(): + if attr not in radius_attrs: + valid = False + print "ERROR, %s is not a valid attribute" % (attr) + if not valid: + print "Valid attributes are:" + print ipautil.format_list(radius_attrs, quote='"') + return 1 + + # Makse sure each value is valid + valid = True + for attr,value in pairs.items(): + if not radius_util.validate(attr, value): + valid = False + if not valid: + return 1 + + # Dump what we've got so far + if options.verbose: + print "Pairs:" + for attr,value in pairs.items(): + print "\t%s = %s" % (attr, value) + + for attr,value in pairs.items(): + radius_profile.setValue(radius_util.radius_profile_attr_to_ldap_attr[attr], value) + + try: + ipa_client.update_radius_profile(radius_profile) + print "successfully modified" + except xmlrpclib.Fault, f: + print f.faultString + return 1 + except kerberos.GSSError, e: + print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0]) + return 1 + except xmlrpclib.ProtocolError, e: + print "Unable to connect to IPA server: %s" % (e.errmsg) + return 1 + except ipa.ipaerror.IPAError, e: + print "%s" % (e.message) + return 1 + + return 0 + +if __name__ == "__main__": + sys.exit(main()) diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py index fab337752..7a140308a 100644 --- a/ipa-python/ipaclient.py +++ b/ipa-python/ipaclient.py @@ -338,7 +338,7 @@ class IPAClient: result = self.transport.get_radius_client_by_ip_addr(ip_addr, container, sattrs) return radius_util.RadiusClient(result) - def add_radius_client(self,client, container=None): + def add_radius_client(self, client, container=None): client_dict = client.toDict() # dn is set on the server-side @@ -348,7 +348,7 @@ class IPAClient: result = self.transport.add_radius_client(client_dict, container) return result - def update_radius_client(self,client): + def update_radius_client(self, client): result = self.transport.update_radius_client(client.origDataDict(), client.toDict()) return result @@ -366,3 +366,35 @@ class IPAClient: return users + def get_radius_profile_by_uid(self, uid, user_profile=None, sattrs=None): + result = self.transport.get_radius_profile_by_uid(uid, user_profile, sattrs) + return radius_util.RadiusClient(result) + + def add_radius_profile(self, profile, user_profile=None): + profile_dict = profile.toDict() + + # dn is set on the server-side + del profile_dict['dn'] + + # convert to a regular dict before sending + result = self.transport.add_radius_profile(profile_dict, user_profile) + return result + + def update_radius_profile(self, profile): + result = self.transport.update_radius_profile(profile.origDataDict(), profile.toDict()) + return result + + def delete_radius_profile(self, ip_addr, user_profile=None): + return self.transport.delete_radius_profile(ip_addr, user_profile) + + def find_radius_profiles(self, criteria, user_profile=None, sattrs=None, searchlimit=0, timelimit=-1): + result = self.transport.find_radius_profiles(criteria, user_profile, sattrs, searchlimit, timelimit) + counter = result[0] + + users = [counter] + for attrs in result[1:]: + if attrs is not None: + users.append(user.User(attrs)) + + return users + diff --git a/ipa-python/radius_util.py b/ipa-python/radius_util.py index 24eb949ab..e502fecec 100644 --- a/ipa-python/radius_util.py +++ b/ipa-python/radius_util.py @@ -140,7 +140,8 @@ radius_client_attr_to_ldap_attr = reverse_map_dict(radius_client_ldap_attr_to_ra #------------------------------------------------------------------------------ -radius_profile_ldap_attr_to_radius_attr = { +radius_profile_ldap_attr_to_radius_attr = ipautil.CIDict({ + 'uid' : 'UID', 'radiusArapFeatures' : 'Arap-Features', 'radiusArapSecurity' : 'Arap-Security', 'radiusArapZoneAccess' : 'Arap-Zone-Access', @@ -200,7 +201,7 @@ radius_profile_ldap_attr_to_radius_attr = { 'radiusTunnelType' : 'Tunnel-Type', 'radiusUserCategory' : 'User-Category', 'radiusVSA' : 'VSA', -} +}) radius_profile_attr_to_ldap_attr = reverse_map_dict(radius_profile_ldap_attr_to_radius_attr) diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py index 531bf72bf..ed23015e1 100644 --- a/ipa-python/rpcclient.py +++ b/ipa-python/rpcclient.py @@ -594,7 +594,7 @@ class RPCClient: # radius support - def get_radius_client_by_ip_addr(self,ip_addr, container, sattrs=None): + def get_radius_client_by_ip_addr(self, ip_addr, container, sattrs=None): server = self.setup_server() if container is None: container = "__NONE__" if sattrs is None: sattrs = "__NONE__" @@ -607,7 +607,7 @@ class RPCClient: return ipautil.unwrap_binary_data(result) - def add_radius_client(self,client, container=None): + def add_radius_client(self, client, container=None): server = self.setup_server() if container is None: container = "__NONE__" @@ -621,7 +621,7 @@ class RPCClient: return ipautil.unwrap_binary_data(result) - def update_radius_client(self,oldclient,newclient): + def update_radius_client(self, oldclient, newclient): server = self.setup_server() try: @@ -635,7 +635,7 @@ class RPCClient: return ipautil.unwrap_binary_data(result) - def delete_radius_client(self,ip_addr, container=None): + def delete_radius_client(self, ip_addr, container=None): server = self.setup_server() if container is None: container = "__NONE__" @@ -663,3 +663,72 @@ class RPCClient: return ipautil.unwrap_binary_data(result) + def get_radius_profile_by_uid(self, ip_addr, user_profile, sattrs=None): + server = self.setup_server() + if user_profile is None: user_profile = "__NONE__" + if sattrs is None: sattrs = "__NONE__" + try: + result = server.get_radius_profile_by_uid(ip_addr, user_profile, sattrs) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + def add_radius_profile(self, profile, user_profile=None): + server = self.setup_server() + + if user_profile is None: user_profile = "__NONE__" + + try: + result = server.add_radius_profile(ipautil.wrap_binary_data(profile), user_profile) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + def update_radius_profile(self, oldprofile, newprofile): + server = self.setup_server() + + try: + result = server.update_radius_profile(ipautil.wrap_binary_data(oldprofile), + ipautil.wrap_binary_data(newprofile)) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + + def delete_radius_profile(self, ip_addr, user_profile=None): + server = self.setup_server() + if user_profile is None: user_profile = "__NONE__" + + try: + result = server.delete_radius_profile(ip_addr, user_profile) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + def find_radius_profiles(self, criteria, user_profile=None, sattrs=None, searchlimit=0, timelimit=-1): + server = self.setup_server() + if user_profile is None: user_profile = "__NONE__" + try: + # None values are not allowed in XML-RPC + if sattrs is None: + sattrs = "__NONE__" + result = server.find_radius_profiles(criteria, user_profile, sattrs, searchlimit, timelimit) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index aa557f79c..de9b265e3 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -574,8 +574,10 @@ class IPAServer: except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): return False - def add_radius_profile (self, uid, user_profile=True, opts=None): - if self.__radius_profile_exists(profile['uid'], user_profile, opts): + def add_radius_profile (self, profile, user_profile=True, opts=None): + uid = profile['uid'] + + if self.__radius_profile_exists(uid, user_profile, opts): raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE) if user_profile: @@ -587,7 +589,7 @@ class IPAServer: entry = ipaserver.ipaldap.Entry(dn) # some required objectclasses - entry.setValues('objectClass', 'top', 'radiusClientProfile') + entry.setValues('objectClass', 'top', 'radiusprofile') # fill in our new entry with everything sent by the profile for attr in profile: @@ -631,8 +633,7 @@ class IPAServer: else: container = radius_util.profiles_container - uid = self.__safe_filter(uid) - filter = gen_filter('radiusClientProfile' 'uid', uids) + filter = gen_filter('radiusprofile', 'uid', uids) basedn="%s,%s" % (container, self.basedn) conn = self.getConnection(opts) try: -- cgit