diff options
author | Kevin McCarthy <kmccarth@redhat.com> | 2007-10-12 15:11:55 -0700 |
---|---|---|
committer | Kevin McCarthy <kmccarth@redhat.com> | 2007-10-12 15:11:55 -0700 |
commit | 63f7cdf7f7e1c39b791dad6951fa39d9a6d58c9d (patch) | |
tree | 72f1bd539e6fcbbce99a31f4b6695c149e828c2a /ipa-python | |
parent | af0a1d989b1eb483ae3e76fa5a3008fda3fafb5e (diff) | |
download | freeipa-63f7cdf7f7e1c39b791dad6951fa39d9a6d58c9d.tar.gz freeipa-63f7cdf7f7e1c39b791dad6951fa39d9a6d58c9d.tar.xz freeipa-63f7cdf7f7e1c39b791dad6951fa39d9a6d58c9d.zip |
Adds delegation listing and creation to the GUI.
Diffstat (limited to 'ipa-python')
-rw-r--r-- | ipa-python/aci.py | 14 | ||||
-rw-r--r-- | ipa-python/ipaclient.py | 8 | ||||
-rw-r--r-- | ipa-python/rpcclient.py | 17 | ||||
-rw-r--r-- | ipa-python/test/test_aci.py | 34 |
4 files changed, 65 insertions, 8 deletions
diff --git a/ipa-python/aci.py b/ipa-python/aci.py index d834f899..137d9ee1 100644 --- a/ipa-python/aci.py +++ b/ipa-python/aci.py @@ -16,6 +16,7 @@ # import re +import urllib class ACI: """ @@ -25,10 +26,10 @@ class ACI: """ def __init__(self,acistr=None): + self.name = '' self.source_group = '' self.dest_group = '' self.attrs = [] - self.name = '' if acistr is not None: self.parse_acistr(acistr) @@ -40,15 +41,15 @@ class ACI: # dn's aren't typed in, but searched for, and the search results # will return escaped dns - acistr = ('(targetattr = "%s")' + + acistr = ('(targetattr="%s")' + '(targetfilter="(memberOf=%s)")' + '(version 3.0;' + 'acl "%s";' + 'allow (write) ' + - 'groupdn="%s";)') % (attrs_str, + 'groupdn="ldap:///%s";)') % (attrs_str, self.dest_group, self.name, - self.source_group) + urllib.quote(self.source_group, "/=, ")) return acistr def _match(self, prefix, inputstr): @@ -89,7 +90,7 @@ class ACI: def parse_acistr(self, acistr): """Parses the acistr. If the string isn't recognized, a SyntaxError is raised.""" - acistr = self._match('(targetattr = ', acistr) + acistr = self._match('(targetattr=', acistr) (attrstr, acistr) = self._match_str(acistr) self.attrs = attrstr.split(' || ') @@ -107,7 +108,8 @@ class ACI: acistr = self._match(';allow (write) groupdn=', acistr) (src_dn_str, acistr) = self._match_str(acistr) - self.source_group = src_dn_str + src_dn_str = self._match('ldap:///', src_dn_str) + self.source_group = urllib.unquote(src_dn_str) acistr = self._match(';)', acistr) if len(acistr) > 0: diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py index 3a6e1305..cf2e355a 100644 --- a/ipa-python/ipaclient.py +++ b/ipa-python/ipaclient.py @@ -54,6 +54,14 @@ class IPAClient: if self.local: self.transport.set_krbccache(krbccache) +# Higher-level API + + def get_aci_entry(self, sattrs=None): + """Returns the entry containing access control ACIs.""" + + result = self.transport.get_aci_entry(sattrs) + return entity.Entity(result) + # General searches def get_entry_by_dn(self,dn,sattrs=None): diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py index 8bc288b4..ae26d707 100644 --- a/ipa-python/rpcclient.py +++ b/ipa-python/rpcclient.py @@ -67,6 +67,23 @@ class RPCClient: return obj +# Higher-level API + + def get_aci_entry(self, sattrs=None): + """Returns the entry containing access control ACIs.""" + server = self.setup_server() + if sattrs is None: + sattrs = "__NONE__" + try: + result = server.get_aci_entry(sattrs) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + # General searches def get_entry_by_dn(self,dn,sattrs=None): diff --git a/ipa-python/test/test_aci.py b/ipa-python/test/test_aci.py index ffe2d071..5556deb3 100644 --- a/ipa-python/test/test_aci.py +++ b/ipa-python/test/test_aci.py @@ -22,15 +22,16 @@ sys.path.insert(0, ".") import unittest import aci +import urllib class TestACI(unittest.TestCase): - acitemplate = ('(targetattr = "%s")' + + acitemplate = ('(targetattr="%s")' + '(targetfilter="(memberOf=%s)")' + '(version 3.0;' + 'acl "%s";' + 'allow (write) ' + - 'groupdn="%s";)') + 'groupdn="ldap:///%s";)') def setUp(self): self.aci = aci.ACI() @@ -52,6 +53,20 @@ class TestACI(unittest.TestCase): self.assertEqual(aci, exportaci) + def testURLEncodedExport(self): + self.aci.source_group = 'cn=foo " bar, dc=freeipa, dc=org' + self.aci.dest_group = 'cn=bar, dc=freeipa, dc=org' + self.aci.name = 'this is a "name' + self.aci.attrs = ['field1', 'field2', 'field3'] + + exportaci = self.aci.export_to_string() + aci = TestACI.acitemplate % ('field1 || field2 || field3', + self.aci.dest_group, + 'this is a "name', + urllib.quote(self.aci.source_group, "/=, ")) + + self.assertEqual(aci, exportaci) + def testSimpleParse(self): attr_str = 'field3 || field4 || field5' dest_dn = 'cn=dest\\"group, dc=freeipa, dc=org' @@ -66,6 +81,21 @@ class TestACI(unittest.TestCase): self.assertEqual(name, self.aci.name) self.assertEqual(src_dn, self.aci.source_group) + def testUrlEncodedParse(self): + attr_str = 'field3 || field4 || field5' + dest_dn = 'cn=dest\\"group, dc=freeipa, dc=org' + name = 'my name' + src_dn = 'cn=src " group, dc=freeipa, dc=org' + + acistr = TestACI.acitemplate % (attr_str, dest_dn, name, + urllib.quote(src_dn, "/=, ")) + self.aci.parse_acistr(acistr) + + self.assertEqual(['field3', 'field4', 'field5'], self.aci.attrs) + self.assertEqual(dest_dn, self.aci.dest_group) + self.assertEqual(name, self.aci.name) + self.assertEqual(src_dn, self.aci.source_group) + def testInvalidParse(self): try: self.aci.parse_acistr('foo bar') |