diff options
| author | John Dennis <jdennis@redhat.com> | 2007-11-21 13:11:10 -0500 |
|---|---|---|
| committer | John Dennis <jdennis@redhat.com> | 2007-11-21 13:11:10 -0500 |
| commit | d98686e96758870cb4a56d41fb0aaae54d4067c5 (patch) | |
| tree | 6fc7101684591afdfb9677732352e59067066bc1 /ipa-admintools | |
| parent | 087d11af5cebe7bb7a87d0581c7fa95353d9aa3b (diff) | |
| download | freeipa-d98686e96758870cb4a56d41fb0aaae54d4067c5.tar.gz freeipa-d98686e96758870cb4a56d41fb0aaae54d4067c5.tar.xz freeipa-d98686e96758870cb4a56d41fb0aaae54d4067c5.zip | |
Add radius profile implementations:
get_radius_profile_by_uid
add_radius_profile
update_radius_profile
delete_radius_profile
find_radius_profiles
Rewrite command line arg handling, now support pair entry, interactive
mode with auto completion, reading pairs from a file, better handling
of mandatory values, better help, long arg names now match attribute
name in pairs
Establish mappings for all attributes and names used in clients and
profiles
Add notion of containers to radius clients and profiles in LDAP
Move common code, variables, constants, and strings into the files
radius_client.py, radius_util.py, ipautil.py to eliminate redundant
elements which could get out of sync if modified and to provide access
to other code which might benefit from using these items in the
future.
Add utility functions:
format_list()
parse_key_value_pairs()
Add utility class:
AttributeValueCompleter
Unify attribute usage in radius ldap schema
Diffstat (limited to 'ipa-admintools')
| -rw-r--r-- | ipa-admintools/ipa-addradiusclient | 195 | ||||
| -rw-r--r-- | ipa-admintools/ipa-findradiusclient | 15 | ||||
| -rw-r--r-- | ipa-admintools/ipa-radiusclientmod | 92 |
3 files changed, 179 insertions, 123 deletions
diff --git a/ipa-admintools/ipa-addradiusclient b/ipa-admintools/ipa-addradiusclient index 55926214..b5d829ac 100644 --- a/ipa-admintools/ipa-addradiusclient +++ b/ipa-admintools/ipa-addradiusclient @@ -19,13 +19,16 @@ # import sys +import os from optparse import OptionParser -import ipa +import copy + from ipa.radius_client import * import ipa.ipaclient as ipaclient -import ipa.ipavalidate as ipavalidate +import ipa.ipautil as ipautil import ipa.config import ipa.ipaerror +import ipa.radius_util as radius_util import xmlrpclib import kerberos @@ -33,97 +36,127 @@ import ldap #------------------------------------------------------------------------------ -def parse_options(): - parser = OptionParser() - parser.add_option("--usage", action="store_true", - help="Program usage") - parser.add_option("-a", "--address", dest="ip_addr", - help="RADIUS client IP address (required)") - parser.add_option("-s", "--secret", dest="secret", - help="RADIUS client secret (required)") - parser.add_option("-n", "--name", dest="name", +attrs = radius_util.client_name_to_ldap_attr.keys() +mandatory_attrs = ['Client-IP-Address', 'Secret'] + +#------------------------------------------------------------------------------ + +def help_option_callback(option, opt_str, value, parser, *args, **kwargs): + parser.print_help() + print + print "Valid interative attributes are:" + print ipautil.format_list(attrs, quote='"') + print + print "Required attributes are:" + print ipautil.format_list(mandatory_attrs, quote='"') + sys.exit(0) + +def main(): + pairs = {} + + opt_parser = OptionParser(add_help_option=False) + + opt_parser.add_option("-a", "--Client-IP-Address", dest="ip_addr", + help="RADIUS client ip address") + opt_parser.add_option("-s", "--Secret", dest="secret", + help="RADIUS client ip address") + opt_parser.add_option("-n", "--Name", dest="name", help="RADIUS client name") - parser.add_option("-t", "--type", dest="nastype", + opt_parser.add_option("-t", "--NAS-Type", dest="nastype", help="RADIUS client NAS Type") - parser.add_option("-d", "--description", dest="desc", + opt_parser.add_option("-d", "--Description", dest="desc", help="description of the RADIUS client") - args = ipa.config.init_config(sys.argv) - options, args = parser.parse_args(args) + opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback, + help="detailed help information") + opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False, + help="interactive mode, prompts with auto-completion") + opt_parser.add_option("-p", "--pair", dest="pairs", action='append', + help="specify one or more attribute=value pair(s), value may be optionally quoted, pairs are delimited by whitespace") + opt_parser.add_option("-f", "--file", dest="pair_file", + help="attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. Reads from stdin if file is -") + opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true', + help="print information") - return options, args + #opt_parser.set_usage("Usage: %s [options] %s" % (os.path.basename(sys.argv[0]), ' '.join(mandatory_attrs))) -#------------------------------------------------------------------------------ - -def main(): - ip_addr = None - secret = None - name = None - nastype = None - desc = None + args = ipa.config.init_config(sys.argv) + options, args = opt_parser.parse_args(args) + + # Get pairs from a file or stdin + if options.pair_file: + try: + av = radius_util.read_pairs_file(options.pair_file) + pairs.update(av) + except Exception, e: + print "ERROR, could not read pairs (%s)" % (e) + + # Get pairs specified on the command line as a named argument + if options.ip_addr: pairs['Client-IP-Address'] = options.ip_addr + if options.secret: pairs['Secret'] = options.secret + if options.name: pairs['Name'] = options.name + if options.nastype: pairs['NAS-Type'] = options.nastype + if options.desc: pairs['Description'] = options.desc + + # Get pairs specified on the command line as a pair argument + if options.pairs: + for p in options.pairs: + av = ipautil.parse_key_value_pairs(p) + pairs.update(av) + + # Get pairs interactively + if options.interactive: + # Remove any mandatory attriubtes which have been previously specified + interactive_mandatory_attrs = copy.copy(mandatory_attrs) + for attr in pairs.keys(): + try: + interactive_mandatory_attrs.remove(attr) + except ValueError: + pass + c = ipautil.AttributeValueCompleter(attrs, pairs) + c.open() + av = c.get_pairs("Enter: ", interactive_mandatory_attrs, validate) + pairs.update(av) + c.close() + + # Data collection done, assure mandatory data has been specified + valid = True + for attr in mandatory_attrs: + if not pairs.has_key(attr): + valid = False + print "ERROR, %s is mandatory, but has not been specified" % (attr) + if not valid: + return 1 - radius_client = ipa.radius_client.RadiusClient() - options, args = parse_options() - - # client address is required - if options.ip_addr: - ip_addr = options.ip_addr - if not validate_ip_addr(ip_addr): return 1 - else: - valid = False - while not valid: - ip_addr = raw_input("Client IP: ") - if validate_ip_addr(ip_addr): valid = True - - # client secret is required - if options.secret: - secret = options.secret - if not validate_secret(secret): return 1 - else: - valid = False - while not valid: - secret = get_secret() - if validate_secret(secret): valid = True - - # client name is optional - if options.name: - name = options.name - if not validate_name(name): return 1 - - # client NAS Type is optional - if options.nastype: - nastype = options.nastype - if not validate_nastype(nastype): return 1 - - # client description is optional - if options.desc: - desc = options.desc - if not validate_desc(desc): return 1 - - - #print "ip_addr=%s secret=%s name=%s nastype=%s desc=%s" % (ip_addr, secret, name, nastype, desc) - - if ip_addr is not None: - radius_client.setValue('radiusClientNASIpAddress', ip_addr) - else: - print "client IP Address is required" + # Make sure each attribute is a member of the set of valid attributes + valid = True + for attr,value in pairs.items(): + if attr not in attrs: + valid = False + print "ERROR, %s is not a valid attribute" % (attr) + if not valid: + print "Valid attributes are:" + print ipautil.format_list(attrs, quote='"') return 1 - if secret is not None: - radius_client.setValue('radiusClientSecret', secret) - else: - print "client secret is required" + # Makse sure each value is valid + valid = True + for attr,value in pairs.items(): + if not validate(attr, value): + valid = False + if not valid: return 1 - if name is not None: - radius_client.setValue('radiusClientShortName', name) + # Dump what we've got so far + if options.verbose: + print "Pairs:" + for attr,value in pairs.items(): + print "\t%s = %s" % (attr, value) + + radius_client = ipa.radius_client.RadiusClient() + for attr,value in pairs.items(): + radius_client.setValue(radius_util.client_name_to_ldap_attr[attr], value) - if nastype is not None: - radius_client.setValue('radiusClientNASType', nastype) - - if desc is not None: - radius_client.setValue('description', desc) - try: ipa_client = ipaclient.IPAClient() ipa_client.add_radius_client(radius_client) diff --git a/ipa-admintools/ipa-findradiusclient b/ipa-admintools/ipa-findradiusclient index 63d51007..a922c6ea 100644 --- a/ipa-admintools/ipa-findradiusclient +++ b/ipa-admintools/ipa-findradiusclient @@ -22,6 +22,7 @@ import sys from optparse import OptionParser import ipa from ipa.radius_client import * +from ipa import radius_util import ipa.ipaclient as ipaclient import ipa.ipavalidate as ipavalidate import ipa.config @@ -45,21 +46,13 @@ def parse_options(): #------------------------------------------------------------------------------ -attr_to_name = ipa.ipautil.CIDict({ - 'radiusClientNASIpAddress' : 'IP Address', - 'radiusClientSecret' : 'Secret', - 'radiusClientNASType' : 'NAS Type', - 'radiusClientShortName' : 'Name', - 'description' : 'Description', - }) - # FIXME def usage(): print "ipa-findradiusclients ip_addr [ip_addr ...]" sys.exit(1) def main(): - attrs=['radiusClientNASIpAddress', 'radiusClientSecret', 'radiusClientNASType', 'radiusClientShortName', 'description'] + attrs=['radiusClientIPAddress', 'radiusClientSecret', 'radiusClientNASType', 'radiusClientShortName', 'description'] options, args = parse_options() @@ -82,10 +75,10 @@ def main(): attrs = radius_client.attrList() attrs.sort() - print "%s:" % radius_client.getValues('radiusClientNASIpAddress') + print "%s:" % radius_client.getValues('radiusClientIPAddress') for attr in attrs: value = radius_client.getValues(attr) - print "\t%s = %s" % (attr_to_name[attr], value) + print "\t%s = %s" % (radius_util.client_ldap_attr_to_name[attr], value) except xmlrpclib.Fault, f: print f.faultString diff --git a/ipa-admintools/ipa-radiusclientmod b/ipa-admintools/ipa-radiusclientmod index 3f40b7b7..9f5d8d75 100644 --- a/ipa-admintools/ipa-radiusclientmod +++ b/ipa-admintools/ipa-radiusclientmod @@ -19,13 +19,14 @@ # import sys +import os from optparse import OptionParser -import ipa from ipa.radius_client import * import ipa.ipaclient as ipaclient -import ipa.ipavalidate as ipavalidate +import ipa.ipautil as ipautil import ipa.config import ipa.ipaerror +import ipa.radius_util as radius_util import xmlrpclib import kerberos @@ -33,49 +34,76 @@ import ldap #------------------------------------------------------------------------------ -def parse_options(): - parser = OptionParser() - parser.add_option("--usage", action="store_true", - help="Program usage") - parser.add_option("-s", "--secret", dest="secret", - help="RADIUS client secret (required)") - parser.add_option("-n", "--name", dest="name", - help="RADIUS client name") - parser.add_option("-t", "--type", dest="nastype", - help="RADIUS client NAS Type") - parser.add_option("-d", "--description", dest="desc", - help="description of the RADIUS client") +attrs = radius_util.client_name_to_ldap_attr.keys() +mandatory_attrs = ['Client-IP-Address'] - args = ipa.config.init_config(sys.argv) - options, args = parser.parse_args(args) +#------------------------------------------------------------------------------ - return options, args +def help_option_callback(option, opt_str, value, parser, *args, **kwargs): + parser.print_help() + print + print "Valid interative attributes are:" + print ipautil.format_list(attrs, quote='"') + print + print "Required attributes are:" + print ipautil.format_list(mandatory_attrs, quote='"') + sys.exit(0) #------------------------------------------------------------------------------ -# FIXME -def usage(): - print "ipa-radiusclientmod ip_addr" - sys.exit(1) - def main(): - ip_addr = None - secret = None - name = None - nastype = None - desc = None + opt_parser = OptionParser(add_help_option=False) + opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback, + help="detailed help information") + opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False, + help="interactive mode, prompts with auto-completion") + opt_parser.add_option("-n", "--name", dest="name", + help="RADIUS client name") + opt_parser.add_option("-t", "--type", dest="nastype", + help="RADIUS client NAS Type") + opt_parser.add_option("-d", "--description", dest="desc", + help="description of the RADIUS client") - options, args = parse_options() + #FIXME interactive vs. non-interactive usage + opt_parser.set_usage("Usage: %s [options] %s" % (os.path.basename(sys.argv[0]), ' '.join(mandatory_attrs))) + #FIXME, map options name to our name? + #FIXME if mandatory is on command line remove it from mandatory passed to completer - if len(args) != 2: - usage() + args = ipa.config.init_config(sys.argv) + options, args = opt_parser.parse_args(args) + + if options.interactive: + c = ipautil.AttributeValueCompleter(attrs) + c.open() + pairs = c.get_pairs("Enter: ", mandatory_attrs, validate) + c.close() + else: + pairs = {} + + if False and len(args) != 2: + print "wrong number of arguments" + opt_parser.print_help() + sys.exit(1) + + pairs['Client-IP-Address'] = args[1] + pairs['Secret'] = args[2] + if options.name: pairs['Name'] = options.name + if options.nastype: pairs['NAS-Type'] = options.nastype + if options.desc: pairs['Description'] = options.desc + + for name,value in pairs.items(): + if not validate(name, value): return 1 ip_addr = args[1] + radius_client = ipa.radius_client.RadiusClient() ipa_client = ipaclient.IPAClient() try: - radius_client = ipa_client.get_radius_client_by_ip_addr(ip_addr) + #radius_client = ipa_client.get_radius_client_by_ip_addr(ip_addr) + dn = radius_util.radius_client_dn(ip_addr, 'dc=ipatest,dc=jrd') + print dn + radius_client = ipa_client.get_entry_by_dn(dn) pass except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND): print "client %s not found" % ip_addr @@ -87,6 +115,8 @@ def main(): print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0]) return 1 + sys.exit(0) + if options.secret: secret = options.secret if not validate_secret(secret): return 1 |