2 files changed, 135 insertions, 25 deletions

diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index 26fdba48..aa557f79 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -30,6 +30,7 @@ import xmlrpclib
 import copy
 import attrs
 from ipa import ipaerror
+from ipa import radius_util
 
 import string
 from types import *
@@ -458,41 +459,40 @@ class IPAServer:
     
 # radius support
 
-    # FIXME, why not just use get_entry_by_dn?
-    def get_radius_client_by_ip_addr(self, ip_addr, sattrs=None, opts=None):
-        ip_addr = self.__safe_filter(ip_addr)
-        basedn = 'cn=clients,cn=radius,cn=services,cn=etc,%s' % self.basedn # FIXME, should not be hardcoded
-        filter = "(&(radiusClientNASIpAddress=%s)(objectclass=radiusClientProfile))" % ip_addr
+    # clients
+    def get_radius_client_by_ip_addr(self, ip_addr, container=None, sattrs=None, opts=None):
+        filter = radius_util.radius_client_filter(ip_addr)
+        basedn = radius_util.radius_clients_basedn(container, self.basedn)
         return self.__get_sub_entry(basedn, filter, sattrs, opts)
 
-    def __is_radius_client_unique(self, ip_addr, opts):
-        """Return 1 if the radius client is unique in the tree, 0 otherwise."""
-        ip_addr = self.__safe_filter(ip_addr)
-        basedn = 'cn=clients,cn=radius,cn=services,cn=etc,%s' % self.basedn # FIXME, should not be hardcoded
-        filter = "(&(radiusClientNASIpAddress=%s)(objectclass=radiusClientProfile))" % ip_addr
+    def __radius_client_exists(self, ip_addr, container, opts):
+        filter = radius_util.radius_client_filter(ip_addr)
+        basedn = radius_util.radius_clients_basedn(container, self.basedn)
  
         try:
             entry = self.__get_sub_entry(basedn, filter, ['dn','uid'], opts)
-            return 0
+            return True
         except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
-            return 1
+            return False
 
-    def add_radius_client (self, client, opts=None):
-        client_container = 'cn=clients,cn=radius,cn=services,cn=etc' # FIXME, should not be hardcoded
-        if self.__is_radius_client_unique(client['radiusClientNASIpAddress'], opts) == 0:
-            raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
+    def add_radius_client (self, client, container=None, opts=None):
+        if container is None:
+            container = radius_util.clients_container
 
-        dn="radiusClientNASIpAddress=%s,%s,%s" % (ldap.dn.escape_dn_chars(client['radiusClientNASIpAddress']),
-                             client_container,self.basedn)
+        ip_addr = client['radiusClientIPAddress']
+
+        if self.__radius_client_exists(ip_addr, container, opts):
+            raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
 
+        dn = radius_util.radius_client_dn(ip_addr, container, self.basedn)
         entry = ipaserver.ipaldap.Entry(dn)
 
         # some required objectclasses
         entry.setValues('objectClass', 'top', 'radiusClientProfile')
 
         # fill in our new entry with everything sent by the client
-        for u in client:
-            entry.setValues(u, client[u])
+        for attr in client:
+            entry.setValues(attr, client[attr])
 
         conn = self.getConnection(opts)
         try:
@@ -504,8 +504,8 @@ class IPAServer:
     def update_radius_client(self, oldentry, newentry, opts=None):
         return self.update_entry(oldentry, newentry, opts)
 
-    def delete_radius_client(self, ip_addr, opts=None):
-        client = self.get_radius_client_by_ip_addr(ip_addr, ['dn', 'cn'], opts)
+    def delete_radius_client(self, ip_addr, container=None, opts=None):
+        client = self.get_radius_client_by_ip_addr(ip_addr, container, ['dn', 'cn'], opts)
         if client is None:
             raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
 
@@ -516,7 +516,7 @@ class IPAServer:
             self.releaseConnection(conn)
         return res
 
-    def find_radius_clients(self, ip_attrs, sattrs=None, searchlimit=0, timelimit=-1, opts=None):
+    def find_radius_clients(self, ip_attrs, container=None, sattrs=None, searchlimit=0, timelimit=-1, opts=None):
         def gen_filter(objectclass, attr, values):
             '''Given ('myclass', 'myattr', [v1, v2]) returns
                (&(objectclass=myclass)(|(myattr=v1)(myattr=v2)))
@@ -527,8 +527,8 @@ class IPAServer:
             filter = "(&(objectclass=%s)(|%s))" % (objectclass, attrs)
             return filter
 
-        basedn = 'cn=clients,cn=radius,cn=services,cn=etc,%s' % self.basedn # FIXME, should not be hardcoded
-        filter = gen_filter('radiusClientProfile', 'radiusClientNASIpAddress', ip_attrs)
+        basedn = radius_util.radius_clients_basedn(container, self.basedn)
+        filter = gen_filter('radiusClientProfile', 'radiusClientIPAddress', ip_attrs)
         conn = self.getConnection(opts)
         try:
             try:
@@ -546,6 +546,111 @@ class IPAServer:
 
         return radius_clients
 
+    # profiles
+    def get_radius_profile_by_uid(self, uid, user_profile=True, sattrs=None, opts=None):
+        if user_profile:
+            container = DefaultUserContainer
+        else:
+            container = radius_util.profiles_container
+
+        uid = self.__safe_filter(uid)
+        filter = radius_util.radius_profile_filter(uid)
+        basedn = radius_util.radius_profiles_basedn(container, self.basedn)
+        return self.__get_sub_entry(basedn, filter, sattrs, opts)
+
+    def __radius_profile_exists(self, uid, user_profile, opts):
+        if user_profile:
+            container = DefaultUserContainer
+        else:
+            container = radius_util.profiles_container
+
+        uid = self.__safe_filter(uid)
+        filter = radius_util.radius_profile_filter(uid)
+        basedn = radius_util.radius_profiles_basedn(container, self.basedn)
+ 
+        try:
+            entry = self.__get_sub_entry(basedn, filter, ['dn','uid'], opts)
+            return True
+        except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+            return False
+
+    def add_radius_profile (self, uid, user_profile=True, opts=None):
+        if self.__radius_profile_exists(profile['uid'], user_profile, opts):
+            raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
+
+        if user_profile:
+            container = DefaultUserContainer
+        else:
+            container = radius_util.profiles_container
+
+        dn = radius_util.radius_profile_dn(uid, container, self.basedn)
+        entry = ipaserver.ipaldap.Entry(dn)
+
+        # some required objectclasses
+        entry.setValues('objectClass', 'top', 'radiusClientProfile')
+
+        # fill in our new entry with everything sent by the profile
+        for attr in profile:
+            entry.setValues(attr, profile[attr])
+
+        conn = self.getConnection(opts)
+        try:
+            res = conn.addEntry(entry)
+        finally:
+            self.releaseConnection(conn)
+        return res
+    
+    def update_radius_profile(self, oldentry, newentry, opts=None):
+        return self.update_entry(oldentry, newentry, opts)
+
+    def delete_radius_profile(self, uid, user_profile, opts=None):
+        profile = self.get_radius_profile_by_uid(uid, user_profile, ['dn', 'cn'], opts)
+        if profile is None:
+            raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
+
+        conn = self.getConnection(opts)
+        try:
+            res = conn.deleteEntry(profile['dn'])
+        finally:
+            self.releaseConnection(conn)
+        return res
+
+    def find_radius_profiles(self, uids, user_profile=True, sattrs=None, searchlimit=0, timelimit=-1, opts=None):
+        def gen_filter(objectclass, attr, values):
+            '''Given ('myclass', 'myattr', [v1, v2]) returns
+               (&(objectclass=myclass)(|(myattr=v1)(myattr=v2)))
+            '''
+            # Don't use __safe_filter, prevents wildcarding
+            #attrs = ''.join(['(%s=%s)' % (attr, self.__safe_filter(val)) for val in values])
+            attrs = ''.join(['(%s=%s)' % (attr, val) for val in values])
+            filter = "(&(objectclass=%s)(|%s))" % (objectclass, attrs)
+            return filter
+
+        if user_profile:
+            container = DefaultUserContainer
+        else:
+            container = radius_util.profiles_container
+
+        uid = self.__safe_filter(uid)
+        filter = gen_filter('radiusClientProfile' 'uid', uids)
+        basedn="%s,%s" % (container, self.basedn)
+        conn = self.getConnection(opts)
+        try:
+            try:
+                results = conn.getListAsync(basedn, self.scope, filter, sattrs, 0, None, None, timelimit, searchlimit)
+            except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+                results = [0]
+        finally:
+            self.releaseConnection(conn)
+
+        counter = results[0]
+        results = results[1:]
+        radius_profiles = [counter]
+        for radius_profile in results:
+            radius_profiles.append(self.convert_entry(radius_profile))
+
+        return radius_profiles
+
     def get_add_schema (self):
         """Get the list of fields to be used when adding users in the GUI."""
     
diff --git a/ipa-server/xmlrpc-server/ipaxmlrpc.py b/ipa-server/xmlrpc-server/ipaxmlrpc.py
index d5bdb6b2..ef48f4aa 100644
--- a/ipa-server/xmlrpc-server/ipaxmlrpc.py
+++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py
@@ -356,6 +356,11 @@ def handler(req, profiling=False):
             h.register_function(f.update_radius_client)
             h.register_function(f.delete_radius_client)
             h.register_function(f.find_radius_clients)
+            h.register_function(f.get_radius_profile_by_uid)
+            h.register_function(f.add_radius_profile)
+            h.register_function(f.update_radius_profile)
+            h.register_function(f.delete_radius_profile)
+            h.register_function(f.find_radius_profiles)
             h.handle_request(req)
         finally:
              pass