summaryrefslogtreecommitdiffstats
path: root/ipa-radius-admintools
diff options
context:
space:
mode:
authorKarl MacMillan <kmacmill@redhat.com>2007-12-18 17:24:37 -0500
committerKarl MacMillan <kmacmill@redhat.com>2007-12-18 17:24:37 -0500
commita6d852392138d2911cdaf98f8df22bc140b00888 (patch)
treea7da9fae8ac21945656096a24fdd559a52d5be09 /ipa-radius-admintools
parent6575aa606f18f8d998dcad5552e4f770e9addcdf (diff)
downloadfreeipa-a6d852392138d2911cdaf98f8df22bc140b00888.tar.gz
freeipa-a6d852392138d2911cdaf98f8df22bc140b00888.tar.xz
freeipa-a6d852392138d2911cdaf98f8df22bc140b00888.zip
Create ipa-radius-admintools
Diffstat (limited to 'ipa-radius-admintools')
-rw-r--r--ipa-radius-admintools/Makefile21
-rw-r--r--ipa-radius-admintools/ipa-addradiusclient195
-rw-r--r--ipa-radius-admintools/ipa-addradiusprofile194
-rw-r--r--ipa-radius-admintools/ipa-delradiusclient77
-rw-r--r--ipa-radius-admintools/ipa-delradiusprofile85
-rw-r--r--ipa-radius-admintools/ipa-findradiusclient104
-rw-r--r--ipa-radius-admintools/ipa-findradiusprofile107
-rw-r--r--ipa-radius-admintools/ipa-radius-admintools.spec38
-rw-r--r--ipa-radius-admintools/ipa-radius-admintools.spec.in38
-rw-r--r--ipa-radius-admintools/ipa-radiusclientmod273
-rw-r--r--ipa-radius-admintools/ipa-radiusprofilemod263
11 files changed, 1395 insertions, 0 deletions
diff --git a/ipa-radius-admintools/Makefile b/ipa-radius-admintools/Makefile
new file mode 100644
index 00000000..3f2da11a
--- /dev/null
+++ b/ipa-radius-admintools/Makefile
@@ -0,0 +1,21 @@
+SBINDIR = $(DESTDIR)/usr/sbin
+
+
+all: ;
+
+install:
+ install -m 755 ipa-addradiusclient $(SBINDIR)
+ install -m 755 ipa-radiusclientmod $(SBINDIR)
+ install -m 755 ipa-delradiusclient $(SBINDIR)
+ install -m 755 ipa-findradiusclient $(SBINDIR)
+ install -m 755 ipa-addradiusprofile $(SBINDIR)
+ install -m 755 ipa-radiusprofilemod $(SBINDIR)
+ install -m 755 ipa-delradiusprofile $(SBINDIR)
+ install -m 755 ipa-findradiusprofile $(SBINDIR)
+
+clean:
+ rm -f *~ *.pyc
+
+distclean: clean
+
+test:
diff --git a/ipa-radius-admintools/ipa-addradiusclient b/ipa-radius-admintools/ipa-addradiusclient
new file mode 100644
index 00000000..1db571a7
--- /dev/null
+++ b/ipa-radius-admintools/ipa-addradiusclient
@@ -0,0 +1,195 @@
+#! /usr/bin/python -E
+# Authors: John Dennis <jdennis@redhat.com>
+#
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+import os
+from optparse import OptionParser
+
+import ipa.ipaclient as ipaclient
+import ipa.ipautil as ipautil
+import ipa.config
+import ipa.ipaerror
+import ipa.radius_util as radius_util
+
+import xmlrpclib
+import kerberos
+import ldap
+
+#------------------------------------------------------------------------------
+
+radius_attrs = radius_util.radius_client_attr_to_ldap_attr.keys()
+radius_attr_to_ldap_attr = radius_util.radius_client_attr_to_ldap_attr
+ldap_attr_to_radius_attr = radius_util.radius_client_ldap_attr_to_radius_attr
+mandatory_radius_attrs = ['Client-IP-Address', 'Secret']
+distinguished_attr = 'Client-IP-Address'
+
+#------------------------------------------------------------------------------
+
+def help_option_callback(option, opt_str, value, parser, *args, **kwargs):
+ parser.print_help()
+ print
+ print "Valid interative attributes are:"
+ print ipautil.format_list(radius_attrs, quote='"')
+ print
+ print "Required attributes are:"
+ print ipautil.format_list(mandatory_radius_attrs, quote='"')
+ sys.exit(0)
+
+def main():
+ pairs = {}
+
+ opt_parser = OptionParser(add_help_option=False)
+
+ opt_parser.add_option("-a", "--Client-IP-Address", dest="ip_addr",
+ help="RADIUS client ip address")
+ opt_parser.add_option("-s", "--Secret", dest="secret",
+ help="RADIUS client ip address")
+ opt_parser.add_option("-n", "--Name", dest="name",
+ help="RADIUS client name")
+ opt_parser.add_option("-t", "--NAS-Type", dest="nastype",
+ help="RADIUS client NAS Type")
+ opt_parser.add_option("-d", "--Description", dest="desc",
+ help="description of the RADIUS client")
+
+ opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
+ help="detailed help information")
+ opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False,
+ help="interactive mode, prompts with auto-completion")
+ opt_parser.add_option("-p", "--pair", dest="pairs", action='append',
+ help="specify one or more attribute=value pair(s), value may be optionally quoted, pairs are delimited by whitespace")
+ opt_parser.add_option("-f", "--file", dest="pair_file",
+ help="attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. Reads from stdin if file is -")
+ opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true',
+ help="print information")
+
+ opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0])))
+
+ args = ipa.config.init_config(sys.argv)
+ options, args = opt_parser.parse_args(args)
+
+ if len(args) < 2:
+ opt_parser.error('missing %s' % (distinguished_attr))
+
+ ip_addr = args[1]
+ pairs[distinguished_attr] = ip_addr
+
+ # Get pairs from a file or stdin
+ if options.pair_file:
+ try:
+ av = ipautil.read_pairs_file(options.pair_file)
+ pairs.update(av)
+ except Exception, e:
+ print "ERROR, could not read pairs (%s)" % (e)
+
+ # Get pairs specified on the command line as a named argument
+ if options.ip_addr: pairs[distinguished_attr] = options.ip_addr
+ if options.secret: pairs['Secret'] = options.secret
+ if options.name: pairs['Name'] = options.name
+ if options.nastype: pairs['NAS-Type'] = options.nastype
+ if options.desc: pairs['Description'] = options.desc
+
+ # Get pairs specified on the command line as a pair argument
+ if options.pairs:
+ for p in options.pairs:
+ av = ipautil.parse_key_value_pairs(p)
+ pairs.update(av)
+
+ # Get pairs interactively
+ if options.interactive:
+ # Prompt first for mandatory attributes which have not been previously specified
+ prompted_mandatory_attrs = []
+ existing_attrs = pairs.keys()
+ for attr in mandatory_radius_attrs:
+ if not attr in existing_attrs:
+ prompted_mandatory_attrs.append(attr)
+
+ c = ipautil.AttributeValueCompleter(radius_attrs, pairs)
+ c.open()
+ av = c.get_pairs("Enter: ", prompted_mandatory_attrs, radius_util.validate)
+ pairs.update(av)
+ c.close()
+
+ # FIXME: validation should be moved to xmlrpc server
+
+ # Data collection done, assure mandatory data has been specified
+
+ if pairs.has_key(distinguished_attr) and pairs[distinguished_attr] != ip_addr:
+ print "ERROR, %s specified on command line (%s) does not match value found in pairs (%s)" % \
+ (distinguished_attr, ip_addr, pairs[distinguished_attr])
+ return 1
+
+ valid = True
+ for attr in mandatory_radius_attrs:
+ if not pairs.has_key(attr):
+ valid = False
+ print "ERROR, %s is mandatory, but has not been specified" % (attr)
+ if not valid:
+ return 1
+
+ # Make sure each attribute is a member of the set of valid attributes
+ valid = True
+ for attr,value in pairs.items():
+ if attr not in radius_attrs:
+ valid = False
+ print "ERROR, %s is not a valid attribute" % (attr)
+ if not valid:
+ print "Valid attributes are:"
+ print ipautil.format_list(radius_attrs, quote='"')
+ return 1
+
+ # Makse sure each value is valid
+ valid = True
+ for attr,value in pairs.items():
+ if not radius_util.validate(attr, value):
+ valid = False
+ if not valid:
+ return 1
+
+ # Dump what we've got so far
+ if options.verbose:
+ print "Pairs:"
+ for attr,value in pairs.items():
+ print "\t%s = %s" % (attr, value)
+
+ radius_entity = radius_util.RadiusClient()
+ for attr,value in pairs.items():
+ radius_entity.setValue(radius_attr_to_ldap_attr[attr], value)
+
+ try:
+ ipa_client = ipaclient.IPAClient()
+ ipa_client.add_radius_client(radius_entity)
+ print "successfully added"
+ except xmlrpclib.Fault, f:
+ print f.faultString
+ return 1
+ except kerberos.GSSError, e:
+ print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
+ return 1
+ except xmlrpclib.ProtocolError, e:
+ print "Unable to connect to IPA server: %s" % (e.errmsg)
+ return 1
+ except ipa.ipaerror.IPAError, e:
+ print "%s" % (e.message)
+ return 1
+
+ return 0
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/ipa-radius-admintools/ipa-addradiusprofile b/ipa-radius-admintools/ipa-addradiusprofile
new file mode 100644
index 00000000..66db5226
--- /dev/null
+++ b/ipa-radius-admintools/ipa-addradiusprofile
@@ -0,0 +1,194 @@
+#! /usr/bin/python -E
+# Authors: John Dennis <jdennis@redhat.com>
+#
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+import os
+from optparse import OptionParser
+
+import ipa.ipaclient as ipaclient
+import ipa.ipautil as ipautil
+import ipa.config
+import ipa.ipaerror
+import ipa.radius_util as radius_util
+
+import xmlrpclib
+import kerberos
+import ldap
+
+#------------------------------------------------------------------------------
+
+radius_attrs = radius_util.radius_profile_attr_to_ldap_attr.keys()
+radius_attr_to_ldap_attr = radius_util.radius_profile_attr_to_ldap_attr
+ldap_attr_to_radius_attr = radius_util.radius_profile_ldap_attr_to_radius_attr
+mandatory_radius_attrs = ['UID']
+distinguished_attr = 'UID'
+
+#------------------------------------------------------------------------------
+
+def help_option_callback(option, opt_str, value, parser, *args, **kwargs):
+ parser.print_help()
+ print
+ print "Valid interative attributes are:"
+ print ipautil.format_list(radius_attrs, quote='"')
+ print
+ print "Required attributes are:"
+ print ipautil.format_list(mandatory_radius_attrs, quote='"')
+ sys.exit(0)
+
+def main():
+ pairs = {}
+
+ opt_parser = OptionParser(add_help_option=False)
+
+ opt_parser.add_option("-u", "--uid", dest="uid",
+ help="RADIUS profile identifier")
+ opt_parser.add_option("-s", "--shared", dest="shared", default=False, action='store_true',
+ help="profile is shared")
+ opt_parser.add_option("-d", "--Description", dest="desc",
+ help="description of the RADIUS client")
+
+ opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
+ help="detailed help information")
+ opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False,
+ help="interactive mode, prompts with auto-completion")
+ opt_parser.add_option("-p", "--pair", dest="pairs", action='append',
+ help="specify one or more attribute=value pair(s), value may be optionally quoted, pairs are delimited by whitespace")
+ opt_parser.add_option("-f", "--file", dest="pair_file",
+ help="attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. Reads from stdin if file is -")
+ opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true',
+ help="print information")
+
+ opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0])))
+
+ args = ipa.config.init_config(sys.argv)
+ options, args = opt_parser.parse_args(args)
+
+ if len(args) < 2:
+ opt_parser.error('missing %s' % (distinguished_attr))
+
+ uid = args[1]
+ user_profile = not options.shared
+ pairs[distinguished_attr] = uid
+
+ # Per user profiles are pre-created (i.e. objectclass radiusprofile is always added for each user)
+ if user_profile:
+ print "ERROR, you cannot add a per-user radius profile, it pre-exists"
+ return 1
+
+ # Get pairs from a file or stdin
+ if options.pair_file:
+ try:
+ av = ipautil.read_pairs_file(options.pair_file)
+ pairs.update(av)
+ except Exception, e:
+ print "ERROR, could not read pairs (%s)" % (e)
+
+ # Get pairs specified on the command line as a named argument
+ if options.uid: pairs['UID'] = options.uid
+ if options.desc: pairs['Description'] = options.desc
+
+ # Get pairs specified on the command line as a pair argument
+ if options.pairs:
+ for p in options.pairs:
+ av = ipautil.parse_key_value_pairs(p)
+ pairs.update(av)
+
+ # Get pairs interactively
+ if options.interactive:
+ # Prompt first for mandatory attributes which have not been previously specified
+ prompted_mandatory_attrs = []
+ existing_attrs = pairs.keys()
+ for attr in mandatory_radius_attrs:
+ if not attr in existing_attrs:
+ prompted_mandatory_attrs.append(attr)
+
+ c = ipautil.AttributeValueCompleter(radius_attrs, pairs)
+ c.open()
+ av = c.get_pairs("Enter: ", prompted_mandatory_attrs, radius_util.validate)
+ pairs.update(av)
+ c.close()
+
+ # FIXME: validation should be moved to xmlrpc server
+
+ # Data collection done, assure mandatory data has been specified
+
+ if pairs.has_key(distinguished_attr) and pairs[distinguished_attr] != uid:
+ print "ERROR, %s specified on command line (%s) does not match value found in pairs (%s)" % \
+ (distinguished_attr, uid, pairs[distinguished_attr])
+ return 1
+
+ valid = True
+ for attr in mandatory_radius_attrs:
+ if not pairs.has_key(attr):
+ valid = False
+ print "ERROR, %s is mandatory, but has not been specified" % (attr)
+ if not valid:
+ return 1
+
+ # Make sure each attribute is a member of the set of valid attributes
+ valid = True
+ for attr,value in pairs.items():
+ if attr not in radius_attrs:
+ valid = False
+ print "ERROR, %s is not a valid attribute" % (attr)
+ if not valid:
+ print "Valid attributes are:"
+ print ipautil.format_list(radius_attrs, quote='"')
+ return 1
+
+ # Makse sure each value is valid
+ valid = True
+ for attr,value in pairs.items():
+ if not radius_util.validate(attr, value):
+ valid = False
+ if not valid:
+ return 1
+
+ # Dump what we've got so far
+ if options.verbose:
+ print "Pairs:"
+ for attr,value in pairs.items():
+ print "\t%s = %s" % (attr, value)
+
+ radius_entity = radius_util.RadiusProfile()
+ for attr,value in pairs.items():
+ radius_entity.setValue(radius_attr_to_ldap_attr[attr], value)
+
+ try:
+ ipa_client = ipaclient.IPAClient()
+ ipa_client.add_radius_profile(radius_entity)
+ print "successfully added"
+ except xmlrpclib.Fault, f:
+ print f.faultString
+ return 1
+ except kerberos.GSSError, e:
+ print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
+ return 1
+ except xmlrpclib.ProtocolError, e:
+ print "Unable to connect to IPA server: %s" % (e.errmsg)
+ return 1
+ except ipa.ipaerror.IPAError, e:
+ print "%s" % (e.message)
+ return 1
+
+ return 0
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/ipa-radius-admintools/ipa-delradiusclient b/ipa-radius-admintools/ipa-delradiusclient
new file mode 100644
index 00000000..dd26e8ac
--- /dev/null
+++ b/ipa-radius-admintools/ipa-delradiusclient
@@ -0,0 +1,77 @@
+#! /usr/bin/python -E
+# Authors: John Dennis <jdennis@redhat.com>
+#
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import sys
+from optparse import OptionParser
+import ipa
+import ipa.ipaclient as ipaclient
+import ipa.ipavalidate as ipavalidate
+import ipa.config
+import ipa.ipaerror
+import ipa.radius_util as radius_util
+
+import xmlrpclib
+import kerberos
+import ldap
+
+#------------------------------------------------------------------------------
+
+def help_option_callback(option, opt_str, value, parser, *args, **kwargs):
+ parser.print_help()
+ sys.exit(0)
+
+
+def main():
+ opt_parser = OptionParser(add_help_option=False)
+
+ opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
+ help="detailed help information")
+ opt_parser.set_usage("Usage: %s [options] Client-IP-Address" % (os.path.basename(sys.argv[0])))
+
+ args = ipa.config.init_config(sys.argv)
+ options, args = opt_parser.parse_args(args)
+
+ if len(args) < 2:
+ opt_parser.error("missing Client-IP-Address")
+
+ ip_addr = args[1]
+
+ try:
+ ipa_client = ipaclient.IPAClient()
+ ipa_client.delete_radius_client(ip_addr)
+ print "successfully deleted"
+ except xmlrpclib.Fault, f:
+ print f.faultString
+ return 1
+ except kerberos.GSSError, e:
+ print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
+ return 1
+ except xmlrpclib.ProtocolError, e:
+ print "Unable to connect to IPA server: %s" % (e.errmsg)
+ return 1
+ except ipa.ipaerror.IPAError, e:
+ print "%s" % (e.message)
+ return 1
+
+ return 0
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/ipa-radius-admintools/ipa-delradiusprofile b/ipa-radius-admintools/ipa-delradiusprofile
new file mode 100644
index 00000000..f77d0174
--- /dev/null
+++ b/ipa-radius-admintools/ipa-delradiusprofile
@@ -0,0 +1,85 @@
+#! /usr/bin/python -E
+# Authors: John Dennis <jdennis@redhat.com>
+#
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import sys
+from optparse import OptionParser
+import ipa
+import ipa.ipaclient as ipaclient
+import ipa.ipavalidate as ipavalidate
+import ipa.config
+import ipa.ipaerror
+import ipa.radius_util as radius_util
+
+import xmlrpclib
+import kerberos
+import ldap
+
+#------------------------------------------------------------------------------
+
+def help_option_callback(option, opt_str, value, parser, *args, **kwargs):
+ parser.print_help()
+ sys.exit(0)
+
+
+def main():
+ opt_parser = OptionParser(add_help_option=False)
+
+ opt_parser.add_option("-s", "--shared", dest="shared", default=False, action='store_true',
+ help="profile is shared")
+ opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
+ help="detailed help information")
+ opt_parser.set_usage("Usage: %s [options] UID" % (os.path.basename(sys.argv[0])))
+
+ args = ipa.config.init_config(sys.argv)
+ options, args = opt_parser.parse_args(args)
+
+ if len(args) < 2:
+ opt_parser.error("missing UID")
+
+ uid = args[1]
+ user_profile = not options.shared
+
+ # Per user profiles are pre-created (i.e. objectclass radiusprofile is always added for each user)
+ if user_profile:
+ print "ERROR, you cannot delete a per-user radius profile, it always exists"
+ return 1
+
+ try:
+ ipa_client = ipaclient.IPAClient()
+ ipa_client.delete_radius_profile(uid, user_profile)
+ print "successfully deleted"
+ except xmlrpclib.Fault, f:
+ print f.faultString
+ return 1
+ except kerberos.GSSError, e:
+ print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
+ return 1
+ except xmlrpclib.ProtocolError, e:
+ print "Unable to connect to IPA server: %s" % (e.errmsg)
+ return 1
+ except ipa.ipaerror.IPAError, e:
+ print "%s" % (e.message)
+ return 1
+
+ return 0
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/ipa-radius-admintools/ipa-findradiusclient b/ipa-radius-admintools/ipa-findradiusclient
new file mode 100644
index 00000000..ade4bd39
--- /dev/null
+++ b/ipa-radius-admintools/ipa-findradiusclient
@@ -0,0 +1,104 @@
+#! /usr/bin/python -E
+# Authors: John Dennis <jdennis@redhat.com>
+#
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import sys
+from optparse import OptionParser
+import ipa
+from ipa import radius_util
+import ipa.ipaclient as ipaclient
+import ipa.ipavalidate as ipavalidate
+import ipa.config
+import ipa.ipaerror
+import ipa.ipautil
+
+import xmlrpclib
+import kerberos
+import ldap
+
+#------------------------------------------------------------------------------
+
+attrs = radius_util.radius_client_ldap_attr_to_radius_attr.keys()
+
+#------------------------------------------------------------------------------
+
+def parse_options():
+ return options, args
+
+#------------------------------------------------------------------------------
+
+# FIXME
+def help_option_callback(option, opt_str, value, parser, *args, **kwargs):
+ parser.print_help()
+ print
+ print "Note: Client-IP-Address may contain wildcards, to get all clients use '*'"
+ sys.exit(0)
+
+def main():
+ opt_parser = OptionParser(add_help_option=False)
+ opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
+ help="detailed help information")
+
+ args = ipa.config.init_config(sys.argv)
+ options, args = opt_parser.parse_args(args)
+
+ opt_parser.set_usage("Usage: %s [options] Client-IP-Address [Client-IP-Address ...]" % (os.path.basename(sys.argv[0])))
+
+ if len(args) < 2:
+ opt_parser.error("missing Client-IP-Address(es)")
+
+ ip_addrs = args[1:]
+
+ try:
+ ipa_client = ipaclient.IPAClient()
+ radius_clients = ipa_client.find_radius_clients(ip_addrs, sattrs=attrs)
+ counter = radius_clients[0]
+ radius_clients = radius_clients[1:]
+
+ if counter == 0:
+ print "No entries found for", ip_addrs
+ return 2
+
+ for radius_client in radius_clients:
+ client_attrs = radius_client.attrList()
+ client_attrs.sort()
+
+ print "%s:" % radius_client.getValues(radius_util.radius_client_attr_to_ldap_attr['Client-IP-Address'])
+ for attr in client_attrs:
+ value = radius_client.getValues(attr)
+ print "\t%s = %s" % (radius_util.radius_client_ldap_attr_to_radius_attr[attr], value)
+
+ except xmlrpclib.Fault, f:
+ print f.faultString
+ return 1
+ except kerberos.GSSError, e:
+ print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
+ return 1
+ except xmlrpclib.ProtocolError, e:
+ print "Unable to connect to IPA server: %s" % (e.errmsg)
+ return 1
+ except ipa.ipaerror.IPAError, e:
+ print "%s" % (e.message)
+ return 1
+
+ return 0
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/ipa-radius-admintools/ipa-findradiusprofile b/ipa-radius-admintools/ipa-findradiusprofile
new file mode 100644
index 00000000..ba714068
--- /dev/null
+++ b/ipa-radius-admintools/ipa-findradiusprofile
@@ -0,0 +1,107 @@
+#! /usr/bin/python -E
+# Authors: John Dennis <jdennis@redhat.com>
+#
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import sys
+from optparse import OptionParser
+import ipa
+from ipa import radius_util
+import ipa.ipaclient as ipaclient
+import ipa.ipavalidate as ipavalidate
+import ipa.config
+import ipa.ipaerror
+import ipa.ipautil
+
+import xmlrpclib
+import kerberos
+import ldap
+
+#------------------------------------------------------------------------------
+
+attrs = radius_util.radius_profile_ldap_attr_to_radius_attr.keys()
+
+#------------------------------------------------------------------------------
+
+def parse_options():
+ return options, args
+
+#------------------------------------------------------------------------------
+
+# FIXME
+def help_option_callback(option, opt_str, value, parser, *args, **kwargs):
+ parser.print_help()
+ print
+ print "Note: UID may contain wildcards, to get all profiles use '*'"
+ sys.exit(0)
+
+def main():
+ opt_parser = OptionParser(add_help_option=False)
+ opt_parser.add_option("-s", "--shared", dest="shared", default=False, action='store_true',
+ help="profile is shared")
+ opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
+ help="detailed help information")
+
+ args = ipa.config.init_config(sys.argv)
+ options, args = opt_parser.parse_args(args)
+
+ opt_parser.set_usage("Usage: %s [options] UID [UID ...]" % (os.path.basename(sys.argv[0])))
+
+ if len(args) < 2:
+ opt_parser.error("missing UID(es)")
+
+ uids = args[1:]
+ user_profile = not options.shared
+
+ try:
+ ipa_client = ipaclient.IPAClient()
+ radius_profiles = ipa_client.find_radius_profiles(uids, user_profile, sattrs=attrs)
+ counter = radius_profiles[0]
+ radius_profiles = radius_profiles[1:]
+
+ if counter == 0:
+ print "No entries found for", uids
+ return 2
+
+ for radius_profile in radius_profiles:
+ profile_attrs = radius_profile.attrList()
+ profile_attrs.sort()
+
+ print "%s:" % radius_profile.getValues(radius_util.radius_profile_attr_to_ldap_attr['UID'])
+ for attr in profile_attrs:
+ value = radius_profile.getValues(attr)
+ print "\t%s = %s" % (radius_util.radius_profile_ldap_attr_to_radius_attr[attr], value)
+
+ except xmlrpclib.Fault, f:
+ print f.faultString
+ return 1
+ except kerberos.GSSError, e:
+ print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
+ return 1
+ except xmlrpclib.ProtocolError, e:
+ print "Unable to connect to IPA server: %s" % (e.errmsg)
+ return 1
+ except ipa.ipaerror.IPAError, e:
+ print "%s" % (e.message)
+ return 1
+
+ return 0
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/ipa-radius-admintools/ipa-radius-admintools.spec b/ipa-radius-admintools/ipa-radius-admintools.spec
new file mode 100644
index 00000000..bd4ee32f
--- /dev/null
+++ b/ipa-radius-admintools/ipa-radius-admintools.spec
@@ -0,0 +1,38 @@
+Name: ipa-radius-admintools
+Version: 0.5.0
+Release: 1%{?dist}
+Summary: IPA authentication server - radius admin tools
+
+Group: System Environment/Base
+License: GPL
+URL: http://www.freeipa.org
+Source0: %{name}-%{version}.tgz
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildArch: noarch
+
+Requires: python python-krbV ipa-python ipa-admintools
+
+%description
+IPA is a server for identity, policy, and audit.
+
+%prep
+%setup -q
+
+%install
+rm -rf %{buildroot}
+mkdir -p %{buildroot}%{_sbindir}
+
+make install DESTDIR=%{buildroot}
+
+
+%clean
+rm -rf %{buildroot}
+
+
+%files
+%defattr(-,root,root,-)
+%{_sbindir}/ipa*
+
+%changelog
+* Tue Dec 18 2007 Karl MacMillan <kmacmill@redhat.com> - 0.5.0
+- Initial rpm version
diff --git a/ipa-radius-admintools/ipa-radius-admintools.spec.in b/ipa-radius-admintools/ipa-radius-admintools.spec.in
new file mode 100644
index 00000000..f40baa8e
--- /dev/null
+++ b/ipa-radius-admintools/ipa-radius-admintools.spec.in
@@ -0,0 +1,38 @@
+Name: ipa-radius-admintools
+Version: VERSION
+Release: 1%{?dist}
+Summary: IPA authentication server - radius admin tools
+
+Group: System Environment/Base
+License: GPL
+URL: http://www.freeipa.org
+Source0: %{name}-%{version}.tgz
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildArch: noarch
+
+Requires: python python-krbV ipa-python ipa-admintools
+
+%description
+IPA is a server for identity, policy, and audit.
+
+%prep
+%setup -q
+
+%install
+rm -rf %{buildroot}
+mkdir -p %{buildroot}%{_sbindir}
+
+make install DESTDIR=%{buildroot}
+
+
+%clean
+rm -rf %{buildroot}
+
+
+%files
+%defattr(-,root,root,-)
+%{_sbindir}/ipa*
+
+%changelog
+* Tue Dec 18 2007 Karl MacMillan <kmacmill@redhat.com> - 0.5.0
+- Initial rpm version
diff --git a/ipa-radius-admintools/ipa-radiusclientmod b/ipa-radius-admintools/ipa-radiusclientmod
new file mode 100644
index 00000000..9e973b12
--- /dev/null
+++ b/ipa-radius-admintools/ipa-radiusclientmod
@@ -0,0 +1,273 @@
+#! /usr/bin/python -E
+# Authors: John Dennis <jdennis@redhat.com>
+#
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+import os
+from optparse import OptionParser
+from sets import Set
+
+import ipa.ipaclient as ipaclient
+import ipa.ipautil as ipautil
+import ipa.config
+import ipa.ipaerror
+import ipa.radius_util as radius_util
+
+import xmlrpclib
+import kerberos
+import ldap
+
+#------------------------------------------------------------------------------
+
+radius_attrs = radius_util.radius_client_attr_to_ldap_attr.keys()
+radius_attr_to_ldap_attr = radius_util.radius_client_attr_to_ldap_attr
+ldap_attr_to_radius_attr = radius_util.radius_client_ldap_attr_to_radius_attr
+mandatory_radius_attrs = ['Client-IP-Address', 'Secret']
+distinguished_attr = 'Client-IP-Address'
+
+#------------------------------------------------------------------------------
+
+def help_option_callback(option, opt_str, value, parser, *args, **kwargs):
+ parser.print_help()
+ print
+ print "Valid interative attributes are:"
+ print ipautil.format_list(radius_attrs, quote='"')
+ print
+ print "Required attributes are:"
+ print ipautil.format_list(mandatory_radius_attrs, quote='"')
+ sys.exit(0)
+
+def main():
+ opt_parser = OptionParser(add_help_option=False)
+
+ opt_parser.add_option("-a", "--Client-IP-Address", dest="ip_addr",
+ help="RADIUS client ip address")
+ opt_parser.add_option("-s", "--Secret", dest="secret",
+ help="RADIUS client ip address")
+ opt_parser.add_option("-n", "--Name", dest="name",
+ help="RADIUS client name")
+ opt_parser.add_option("-t", "--NAS-Type", dest="nastype",
+ help="RADIUS client NAS Type")
+ opt_parser.add_option("-d", "--Description", dest="desc",
+ help="description of the RADIUS client")
+
+ opt_parser.add_option("-D", "--delete-attrs", dest="delete_attrs", action='store_true', default=False,
+ help="delete the specified attributes")
+ opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
+ help="detailed help information")
+ opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False,
+ help="interactive mode, prompts with auto-completion")
+ opt_parser.add_option("-A", "--attr", dest="attrs", action='append',
+ help="If adding or modifying then this argument specifies one or more attribute=value pair(s), value may be optionally quoted, pairs are seperated by whitespace. If deleting attributes then this argument specifies one or more attribute names seperated by whitespace or commas")
+ opt_parser.add_option("-f", "--file", dest="data_file",
+ help="If adding or modifying then attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. If deleting attributes then attributes are read from file, attributes are seperated by whitespace or commas. Reads from stdin if file is -")
+ opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true',
+ help="print information")
+
+ opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0])))
+
+ args = ipa.config.init_config(sys.argv)
+ options, args = opt_parser.parse_args(args)
+
+ if len(args) < 2:
+ opt_parser.error('missing %s' % (distinguished_attr))
+
+ ip_addr = args[1]
+
+ # Verify entity previously exists and get current values
+ ipa_client = ipaclient.IPAClient()
+ try:
+ radius_entity = ipa_client.get_radius_client_by_ip_addr(ip_addr)
+ except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND):
+ print "client %s not found" % ip_addr
+ return 1
+ except ipa.ipaerror.IPAError, e:
+ print "%s" % e.message
+ return 1
+ except kerberos.GSSError, e:
+ print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
+ return 1
+
+ # Deleteing attributes is fundamentally different than adding/modifying an attribute.
+ # When adding/modifying there is always a value the attribute is paired with,
+ # so handle the two cases independently.
+ if options.delete_attrs:
+ attrs = Set()
+ # Get attrs from a file or stdin
+ if options.data_file:
+ try:
+ items = ipautil.read_items_file(options.data_file)
+ attrs.update(items)
+ except Exception, e:
+ print "ERROR, could not read attrs (%s)" % (e)
+
+ # Get attrs specified on the command line as a named argument
+ if options.secret is not None: attrs.add('Secret')
+ if options.name is not None: attrs.add('Name')
+ if options.nastype is not None: attrs.add('NAS-Type')
+ if options.desc is not None: attrs.add('Description')
+
+ # Get attrs specified on the command line as a attr argument
+ if options.attrs:
+ for a in options.attrs:
+ items = ipautil.parse_items(a)
+ attrs.update(items)
+
+ # Get attrs interactively
+ if options.interactive:
+ deletable_attrs = []
+ for radius_attr in radius_attrs:
+ if radius_attr in mandatory_radius_attrs: continue
+ if radius_entity.hasAttr(radius_attr_to_ldap_attr[radius_attr]):
+ deletable_attrs.append(radius_attr)
+
+ if deletable_attrs:
+ c = ipautil.ItemCompleter(deletable_attrs)
+ c.open()
+ items = c.get_items("Enter: ")
+ attrs.update(items)
+ c.close()
+
+ # Data collection done, assure no mandatory attrs are in the delete list
+ valid = True
+ for attr in mandatory_radius_attrs:
+ if attr in attrs:
+ valid = False
+ print "ERROR, %s is mandatory, but is set to be deleted" % (attr)
+ if not valid:
+ return 1
+
+ # Make sure each attribute is a member of the set of valid attributes
+ valid = True
+ for attr in attrs:
+ if attr not in radius_attrs:
+ valid = False
+ print "ERROR, %s is not a valid attribute" % (attr)
+ if not valid:
+ print "Valid attributes are:"
+ print ipautil.format_list(radius_attrs, quote='"')
+ return 1
+
+ # Dump what we've got so far
+ if options.verbose:
+ print "Attributes:"
+ for attr in attrs:
+ print "\t%s" % (attr)
+
+ for attr in attrs:
+ radius_entity.delValue(radius_attr_to_ldap_attr[attr])
+
+ else:
+ pairs = {}
+ pairs[distinguished_attr] = ip_addr
+
+ # Populate the pair list with pre-existing values
+ for attr in radius_attrs:
+ value = radius_entity.getValues(radius_attr_to_ldap_attr[attr])
+ if value is None: continue
+ pairs[attr] = value
+
+ # Get pairs from a file or stdin
+ if options.data_file:
+ try:
+ av = ipautil.read_pairs_file(options.data_file)
+ pairs.update(av)
+ except Exception, e:
+ print "ERROR, could not read pairs (%s)" % (e)
+
+ # Get pairs specified on the command line as a named argument
+ if options.ip_addr is not None: pairs[distinguished_attr] = options.ip_addr
+ if options.secret is not None: pairs['Secret'] = options.secret
+ if options.name is not None: pairs['Name'] = options.name
+ if options.nastype is not None: pairs['NAS-Type'] = options.nastype
+ if options.desc is not None: pairs['Description'] = options.desc
+
+ # Get pairs specified on the command line as a pair argument
+ if options.attrs:
+ for p in options.attrs:
+ av = ipautil.parse_key_value_pairs(p)
+ pairs.update(av)
+
+ # Get pairs interactively
+ if options.interactive:
+ prompted_attrs = radius_attrs[:]
+ prompted_attrs.remove(distinguished_attr)
+ c = ipautil.AttributeValueCompleter(prompted_attrs, pairs)
+ c.open()
+ av = c.get_pairs("Enter: ", validate_callback=radius_util.validate)
+ pairs.update(av)
+ c.close()
+
+ # FIXME: validation should be moved to xmlrpc server
+
+ # Data collection done, assure mandatory data has been specified
+
+ if pairs.has_key(distinguished_attr) and pairs[distinguished_attr] != ip_addr:
+ print "ERROR, %s specified on command line (%s) does not match value found in pairs (%s)" % \
+ (distinguished_attr, ip_addr, pairs[distinguished_attr])
+ return 1
+
+ # Make sure each attribute is a member of the set of valid attributes
+ valid = True
+ for attr,value in pairs.items():
+ if attr not in radius_attrs:
+ valid = False
+ print "ERROR, %s is not a valid attribute" % (attr)
+ if not valid:
+ print "Valid attributes are:"
+ print ipautil.format_list(radius_attrs, quote='"')
+ return 1
+
+ # Makse sure each value is valid
+ valid = True
+ for attr,value in pairs.items():
+ if not radius_util.validate(attr, value):
+ valid = False
+ if not valid:
+ return 1
+
+ # Dump what we've got so far
+ if options.verbose:
+ print "Pairs:"
+ for attr,value in pairs.items():
+ print "\t%s = %s" % (attr, value)
+
+ for attr,value in pairs.items():
+ radius_entity.setValue(radius_attr_to_ldap_attr[attr], value)
+
+ try:
+ ipa_client.update_radius_client(radius_entity)
+ print "successfully modified"
+ except xmlrpclib.Fault, f:
+ print f.faultString
+ return 1
+ except kerberos.GSSError, e:
+ print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
+ return 1
+ except xmlrpclib.ProtocolError, e:
+ print "Unable to connect to IPA server: %s" % (e.errmsg)
+ return 1
+ except ipa.ipaerror.IPAError, e:
+ print "%s" % (e.message)
+ return 1
+
+ return 0
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/ipa-radius-admintools/ipa-radiusprofilemod b/ipa-radius-admintools/ipa-radiusprofilemod
new file mode 100644
index 00000000..405abcfc
--- /dev/null
+++ b/ipa-radius-admintools/ipa-radiusprofilemod
@@ -0,0 +1,263 @@
+#! /usr/bin/python -E
+# Authors: John Dennis <jdennis@redhat.com>
+#
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+import os
+from optparse import OptionParser
+from sets import Set
+
+import ipa.ipaclient as ipaclient
+import ipa.ipautil as ipautil
+import ipa.config
+import ipa.ipaerror
+import ipa.radius_util as radius_util
+
+import xmlrpclib
+import kerberos
+import ldap
+
+#------------------------------------------------------------------------------
+
+radius_attrs = radius_util.radius_profile_attr_to_ldap_attr.keys()
+radius_attr_to_ldap_attr = radius_util.radius_profile_attr_to_ldap_attr
+ldap_attr_to_radius_attr = radius_util.radius_profile_ldap_attr_to_radius_attr
+mandatory_radius_attrs = ['UID']
+distinguished_attr = 'UID'
+
+#------------------------------------------------------------------------------
+
+def help_option_callback(option, opt_str, value, parser, *args, **kwargs):
+ parser.print_help()
+ print
+ print "Valid interative attributes are:"
+ print ipautil.format_list(radius_attrs, quote='"')
+ print
+ print "Required attributes are:"
+ print ipautil.format_list(mandatory_radius_attrs, quote='"')
+ sys.exit(0)
+
+def main():
+ opt_parser = OptionParser(add_help_option=False)
+
+ opt_parser.add_option("-u", "--uid", dest="uid",
+ help="RADIUS profile identifier")
+ opt_parser.add_option("-s", "--shared", dest="shared", default=False, action='store_true',
+ help="profile is shared")
+ opt_parser.add_option("-d", "--Description", dest="desc",
+ help="description of the RADIUS client")
+
+ opt_parser.add_option("-D", "--delete-attrs", dest="delete_attrs", action='store_true', default=False,
+ help="delete the specified attributes")
+ opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
+ help="detailed help information")
+ opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False,
+ help="interactive mode, prompts with auto-completion")
+ opt_parser.add_option("-A", "--attr", dest="attrs", action='append',
+ help="If adding or modifying then this argument specifies one or more attribute=value pair(s), value may be optionally quoted, pairs are seperated by whitespace. If deleting attributes then this argument specifies one or more attribute names seperated by whitespace or commas")
+ opt_parser.add_option("-f", "--file", dest="data_file",
+ help="If adding or modifying then attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. If deleting attributes then attributes are read from file, attributes are seperated by whitespace or commas. Reads from stdin if file is -")
+ opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true',
+ help="print information")
+
+ opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0])))
+
+ args = ipa.config.init_config(sys.argv)
+ options, args = opt_parser.parse_args(args)
+
+ if len(args) < 2:
+ opt_parser.error('missing %s' % (distinguished_attr))
+
+ uid = args[1]
+ user_profile = not options.shared
+
+ # Verify entity previously exists and get current values
+ ipa_client = ipaclient.IPAClient()
+ try:
+ radius_entity = ipa_client.get_radius_profile_by_uid(uid, user_profile)
+ except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND):
+ print "profile %s not found" % uid
+ return 1
+ except ipa.ipaerror.IPAError, e:
+ print "%s" % e.message
+ return 1
+ except kerberos.GSSError, e:
+ print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
+ return 1
+
+ # Deleteing attributes is fundamentally different than adding/modifying an attribute.
+ # When adding/modifying there is always a value the attribute is paired with,
+ # so handle the two cases independently.
+ if options.delete_attrs:
+ attrs = Set()
+ # Get attrs from a file or stdin
+ if options.data_file:
+ try:
+ items = ipautil.read_items_file(options.data_file)
+ attrs.update(items)
+ except Exception, e:
+ print "ERROR, could not read attrs (%s)" % (e)
+
+ # Get attrs specified on the command line as a named argument
+ if options.desc is not None: attrs.add('Description')
+
+ # Get attrs specified on the command line as a attr argument
+ if options.attrs:
+ for a in options.attrs:
+ items = ipautil.parse_items(a)
+ attrs.update(items)
+
+ # Get attrs interactively
+ if options.interactive:
+ deletable_attrs = []
+ for radius_attr in radius_attrs:
+ if radius_attr in mandatory_radius_attrs: continue
+ if radius_entity.hasAttr(radius_attr_to_ldap_attr[radius_attr]):
+ deletable_attrs.append(radius_attr)
+
+ if deletable_attrs:
+ c = ipautil.ItemCompleter(deletable_attrs)
+ c.open()
+ items = c.get_items("Enter: ")
+ attrs.update(items)
+ c.close()
+
+ # Data collection done, assure no mandatory attrs are in the delete list
+ valid = True
+ for attr in mandatory_radius_attrs:
+ if attr in attrs:
+ valid = False
+ print "ERROR, %s is mandatory, but is set to be deleted" % (attr)
+ if not valid:
+ return 1
+
+ # Make sure each attribute is a member of the set of valid attributes
+ valid = True
+ for attr in attrs:
+ if attr not in radius_attrs:
+ valid = False
+ print "ERROR, %s is not a valid attribute" % (attr)
+ if not valid:
+ print "Valid attributes are:"
+ print ipautil.format_list(radius_attrs, quote='"')
+ return 1
+
+ # Dump what we've got so far
+ if options.verbose:
+ print "Attributes:"
+ for attr in attrs:
+ print "\t%s" % (attr)
+
+ for attr in attrs:
+ radius_entity.delValue(radius_attr_to_ldap_attr[attr])
+
+ else:
+ pairs = {}
+ pairs[distinguished_attr] = uid
+
+ # Populate the pair list with pre-existing values
+ for attr in radius_attrs:
+ value = radius_entity.getValues(radius_attr_to_ldap_attr[attr])
+ if value is None: continue
+ pairs[attr] = value
+
+ # Get pairs from a file or stdin
+ if options.data_file:
+ try:
+ av = ipautil.read_pairs_file(options.data_file)
+ pairs.update(av)
+ except Exception, e:
+ print "ERROR, could not read pairs (%s)" % (e)
+
+ # Get pairs specified on the command line as a named argument
+ if options.desc is not None: pairs['Description'] = options.desc
+
+ # Get pairs specified on the command line as a pair argument
+ if options.attrs:
+ for p in options.attrs:
+ av = ipautil.parse_key_value_pairs(p)
+ pairs.update(av)
+
+ # Get pairs interactively
+ if options.interactive:
+ prompted_attrs = radius_attrs[:]
+ prompted_attrs.remove(distinguished_attr)
+ c = ipautil.AttributeValueCompleter(prompted_attrs, pairs)
+ c.open()
+ av = c.get_pairs("Enter: ", validate_callback=radius_util.validate)
+ pairs.update(av)
+ c.close()
+
+ # FIXME: validation should be moved to xmlrpc server
+
+ # Data collection done, assure mandatory data has been specified
+
+ if pairs.has_key(distinguished_attr) and pairs[distinguished_attr] != uid:
+ print "ERROR, %s specified on command line (%s) does not match value found in pairs (%s)" % \
+ (distinguished_attr, uid, pairs[distinguished_attr])
+ return 1
+
+ # Make sure each attribute is a member of the set of valid attributes
+ valid = True
+ for attr,value in pairs.items():
+ if attr not in radius_attrs:
+ valid = False
+ print "ERROR, %s is not a valid attribute" % (attr)
+ if not valid:
+ print "Valid attributes are:"
+ print ipautil.format_list(radius_attrs, quote='"')
+ return 1
+
+ # Makse sure each value is valid
+ valid = True
+ for attr,value in pairs.items():
+ if not radius_util.validate(attr, value):
+ valid = False
+ if not valid:
+ return 1
+
+ # Dump what we've got so far
+ if options.verbose:
+ print "Pairs:"
+ for attr,value in pairs.items():
+ print "\t%s = %s" % (attr, value)
+
+ for attr,value in pairs.items():
+ radius_entity.setValue(radius_attr_to_ldap_attr[attr], value)
+
+ try:
+ ipa_client.update_radius_profile(radius_entity)
+ print "successfully modified"
+ except xmlrpclib.Fault, f:
+ print f.faultString
+ return 1
+ except kerberos.GSSError, e:
+ print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
+ return 1
+ except xmlrpclib.ProtocolError, e:
+ print "Unable to connect to IPA server: %s" % (e.errmsg)
+ return 1
+ except ipa.ipaerror.IPAError, e:
+ print "%s" % (e.message)
+ return 1
+
+ return 0
+
+if __name__ == "__main__":
+ sys.exit(main())