#! /usr/bin/python -E # Authors: John Dennis # # Copyright (C) 2007 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; version 2 only # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # import sys import os from optparse import OptionParser from sets import Set import ipa.ipaclient as ipaclient import ipa.ipautil as ipautil import ipa.config import ipa.ipaerror import ipa.radius_util as radius_util import xmlrpclib import kerberos import ldap #------------------------------------------------------------------------------ radius_attrs = radius_util.radius_profile_attr_to_ldap_attr.keys() radius_attr_to_ldap_attr = radius_util.radius_profile_attr_to_ldap_attr ldap_attr_to_radius_attr = radius_util.radius_profile_ldap_attr_to_radius_attr mandatory_radius_attrs = ['UID'] distinguished_attr = 'UID' #------------------------------------------------------------------------------ def help_option_callback(option, opt_str, value, parser, *args, **kwargs): parser.print_help() print print "Valid interative attributes are:" print ipautil.format_list(radius_attrs, quote='"') print print "Required attributes are:" print ipautil.format_list(mandatory_radius_attrs, quote='"') sys.exit(0) def main(): opt_parser = OptionParser(add_help_option=False) opt_parser.add_option("-u", "--uid", dest="uid", help="RADIUS profile identifier") opt_parser.add_option("-s", "--shared", dest="shared", default=False, action='store_true', help="profile is shared") opt_parser.add_option("-d", "--Description", dest="desc", help="description of the RADIUS client") opt_parser.add_option("-D", "--delete-attrs", dest="delete_attrs", action='store_true', default=False, help="delete the specified attributes") opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback, help="detailed help information") opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False, help="interactive mode, prompts with auto-completion") opt_parser.add_option("-A", "--attr", dest="attrs", action='append', help="If adding or modifying then this argument specifies one or more attribute=value pair(s), value may be optionally quoted, pairs are seperated by whitespace. If deleting attributes then this argument specifies one or more attribute names seperated by whitespace or commas") opt_parser.add_option("-f", "--file", dest="data_file", help="If adding or modifying then attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. If deleting attributes then attributes are read from file, attributes are seperated by whitespace or commas. Reads from stdin if file is -") opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true', help="print information") opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0]))) ipa.config.add_standard_options(opt_parser) options, args = opt_parser.parse_args() if len(args) < 1: opt_parser.error('missing %s' % (distinguished_attr)) ipa.config.init_config(options) uid = args[0] user_profile = not options.shared # Verify entity previously exists and get current values ipa_client = ipaclient.IPAClient() try: radius_entity = ipa_client.get_radius_profile_by_uid(uid, user_profile) except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND): print "profile %s not found" % uid return 1 except ipa.ipaerror.IPAError, e: print "%s" % e.message return 1 except kerberos.GSSError, e: print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0]) return 1 # Deleteing attributes is fundamentally different than adding/modifying an attribute. # When adding/modifying there is always a value the attribute is paired with, # so handle the two cases independently. if options.delete_attrs: attrs = Set() # Get attrs from a file or stdin if options.data_file: try: items = ipautil.read_items_file(options.data_file) attrs.update(items) except Exception, e: print "ERROR, could not read attrs (%s)" % (e) # Get attrs specified on the command line as a named argument if options.desc is not None: attrs.add('Description') # Get attrs specified on the command line as a attr argument if options.attrs: for a in options.attrs: items = ipautil.parse_items(a) attrs.update(items) # Get attrs interactively if options.interactive: deletable_attrs = [] for radius_attr in radius_attrs: if radius_attr in mandatory_radius_attrs: continue if radius_entity.hasAttr(radius_attr_to_ldap_attr[radius_attr]): deletable_attrs.append(radius_attr) if deletable_attrs: c = ipautil.ItemCompleter(deletable_attrs) c.open() items = c.get_items("Enter: ") attrs.update(items) c.close() # Data collection done, assure no mandatory attrs are in the delete list valid = True for attr in mandatory_radius_attrs: if attr in attrs: valid = False print "ERROR, %s is mandatory, but is set to be deleted" % (attr) if not valid: return 1 # Make sure each attribute is a member of the set of valid attributes valid = True for attr in attrs: if attr not in radius_attrs: valid = False print "ERROR, %s is not a valid attribute" % (attr) if not valid: print "Valid attributes are:" print ipautil.format_list(radius_attrs, quote='"') return 1 # Dump what we've got so far if options.verbose: print "Attributes:" for attr in attrs: print "\t%s" % (attr) for attr in attrs: radius_entity.delValue(radius_attr_to_ldap_attr[attr]) else: pairs = {} pairs[distinguished_attr] = uid # Populate the pair list with pre-existing values for attr in radius_attrs: value = radius_entity.getValues(radius_attr_to_ldap_attr[attr]) if value is None: continue pairs[attr] = value # Get pairs from a file or stdin if options.data_file: try: av = ipautil.read_pairs_file(options.data_file) pairs.update(av) except Exception, e: print "ERROR, could not read pairs (%s)" % (e) # Get pairs specified on the command line as a named argument if options.desc is not None: pairs['Description'] = options.desc # Get pairs specified on the command line as a pair argument if options.attrs: for p in options.attrs: av = ipautil.parse_key_value_pairs(p) pairs.update(av) # Get pairs interactively if options.interactive: prompted_attrs = radius_attrs[:] prompted_attrs.remove(distinguished_attr) c = ipautil.AttributeValueCompleter(prompted_attrs, pairs) c.open() av = c.get_pairs("Enter: ", validate_callback=radius_util.validate) pairs.update(av) c.close() # FIXME: validation should be moved to xmlrpc server # Data collection done, assure mandatory data has been specified if pairs.has_key(distinguished_attr) and pairs[distinguished_attr] != uid: print "ERROR, %s specified on command line (%s) does not match value found in pairs (%s)" % \ (distinguished_attr, uid, pairs[distinguished_attr]) return 1 # Make sure each attribute is a member of the set of valid attributes valid = True for attr,value in pairs.items(): if attr not in radius_attrs: valid = False print "ERROR, %s is not a valid attribute" % (attr) if not valid: print "Valid attributes are:" print ipautil.format_list(radius_attrs, quote='"') return 1 # Makse sure each value is valid valid = True for attr,value in pairs.items(): if not radius_util.validate(attr, value): valid = False if not valid: return 1 # Dump what we've got so far if options.verbose: print "Pairs:" for attr,value in pairs.items(): print "\t%s = %s" % (attr, value) for attr,value in pairs.items(): radius_entity.setValue(radius_attr_to_ldap_attr[attr], value) try: ipa_client.update_radius_profile(radius_entity) print "successfully modified" except xmlrpclib.Fault, f: print f.faultString return 1 except kerberos.GSSError, e: print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0]) return 1 except xmlrpclib.ProtocolError, e: print "Unable to connect to IPA server: %s" % (e.errmsg) return 1 except ipa.ipaerror.IPAError, e: print "%s" % (e.message) return 1 return 0 if __name__ == "__main__": sys.exit(main())