From ad8096b51f1f8de2c05a5c53952fcb2cb5bbd116 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 27 Feb 2008 10:40:18 -0500 Subject: - Centralize try/except so the entire program is covered. This make it possible to catch KeyboardInterrupt during the import process. - Add function for handling python differences with GSSError 434798 --- ipa-admintools/ipa-moddelegation | 272 ++++++++++++++++++++------------------- 1 file changed, 138 insertions(+), 134 deletions(-) (limited to 'ipa-admintools/ipa-moddelegation') diff --git a/ipa-admintools/ipa-moddelegation b/ipa-admintools/ipa-moddelegation index 74cfcc48..773c784d 100644 --- a/ipa-admintools/ipa-moddelegation +++ b/ipa-admintools/ipa-moddelegation @@ -18,22 +18,6 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -import sys -from optparse import OptionParser -import ipa -import ipa.user -import ipa.ipaclient as ipaclient -import ipa.ipaadminutil as ipaadminutil -import ipa.config -import ipa.aci - -import xmlrpclib -import kerberos -import krbV -import ldap -import copy -import errno - aci_fields = ['*', 'aci'] def usage(): @@ -77,125 +61,145 @@ def main(): if not options.attributes and not options.source and not options.target: usage() - try: - client = ipaclient.IPAClient() - - # first do some sanity checking - - if options.source: - source_grp = client.find_groups(options.source) - counter = source_grp[0] - source_grp = source_grp[1:] - groupindex = -1 - if counter == 0: - print "No entries found for %s" % options.source - return 2 - elif counter == -1: - print "These results are truncated." - print "Please refine your search and try again." - return 3 - - if counter > 1: - print "\nMultiple entries for the source group found." - groupindex = ipaadminutil.select_group(counter, source_grp) - if groupindex == "q": - return 0 - - if groupindex >= 0: - source_grp = [source_grp[groupindex]] - - if options.target: - target_grp = client.find_groups(options.target) - counter = target_grp[0] - target_grp = target_grp[1:] - groupindex = -1 - if counter == 0: - print "No entries found for %s" % options.target - return 2 - elif counter == -1: - print "These results are truncated." - print "Please refine your search and try again." - return 3 - - if counter > 1: - print "\nMultiple entries for the target group found." - groupindex = ipaadminutil.select_group(counter, target_grp) - if groupindex == "q": - return 0 - - if groupindex >= 0: - target_grp = [target_grp[groupindex]] - - if options.attributes: - attr_list = options.attributes.split(',') - - # find the old aci - - aci_entry = client.get_aci_entry(aci_fields) - - aci_str_list = aci_entry.getValues('aci') - if aci_str_list is None: - aci_str_list = [] - if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)): - aci_str_list = [aci_str_list] - - old_aci = None - acistr = None - for aci_str in aci_str_list: - try: - old_aci = ipa.aci.ACI(aci_str) - if old_aci.name == args[1]: - acistr = aci_str - break - except SyntaxError: - # ignore aci_str's that ACI can't parse - pass - - if acistr is None: - print "No delegation %s found." % args[1] - return 2 - - old_aci_index = aci_str_list.index(acistr) - - new_aci = ipa.aci.ACI() - new_aci.name = args[1] - if options.source: - new_aci.source_group = source_grp[0].dn - else: - new_aci.source_group = old_aci.source_group - if options.target: - new_aci.dest_group = target_grp[0].dn - else: - new_aci.dest_group = old_aci.dest_group - if options.attributes: - new_aci.attrs = attr_list - else: - new_aci.attrs = old_aci.attrs - new_aci_str = new_aci.export_to_string() - - new_aci_str_list = copy.deepcopy(aci_str_list) - new_aci_str_list[old_aci_index] = new_aci_str - aci_entry.setValue('aci', new_aci_str_list) - - client.update_entry(aci_entry) - except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - return 1 - except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0]) - return 1 - except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - return 1 - except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - return 1 + client = ipaclient.IPAClient() + + # first do some sanity checking + + if options.source: + source_grp = client.find_groups(options.source) + counter = source_grp[0] + source_grp = source_grp[1:] + groupindex = -1 + if counter == 0: + print "No entries found for %s" % options.source + return 2 + elif counter == -1: + print "These results are truncated." + print "Please refine your search and try again." + return 3 + + if counter > 1: + print "\nMultiple entries for the source group found." + groupindex = ipaadminutil.select_group(counter, source_grp) + if groupindex == "q": + return 0 + + if groupindex >= 0: + source_grp = [source_grp[groupindex]] + + if options.target: + target_grp = client.find_groups(options.target) + counter = target_grp[0] + target_grp = target_grp[1:] + groupindex = -1 + if counter == 0: + print "No entries found for %s" % options.target + return 2 + elif counter == -1: + print "These results are truncated." + print "Please refine your search and try again." + return 3 + + if counter > 1: + print "\nMultiple entries for the target group found." + groupindex = ipaadminutil.select_group(counter, target_grp) + if groupindex == "q": + return 0 + + if groupindex >= 0: + target_grp = [target_grp[groupindex]] + + if options.attributes: + attr_list = options.attributes.split(',') + + # find the old aci + + aci_entry = client.get_aci_entry(aci_fields) + + aci_str_list = aci_entry.getValues('aci') + if aci_str_list is None: + aci_str_list = [] + if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)): + aci_str_list = [aci_str_list] + + old_aci = None + acistr = None + for aci_str in aci_str_list: + try: + old_aci = ipa.aci.ACI(aci_str) + if old_aci.name == args[1]: + acistr = aci_str + break + except SyntaxError: + # ignore aci_str's that ACI can't parse + pass + + if acistr is None: + print "No delegation %s found." % args[1] + return 2 + + old_aci_index = aci_str_list.index(acistr) + + new_aci = ipa.aci.ACI() + new_aci.name = args[1] + if options.source: + new_aci.source_group = source_grp[0].dn + else: + new_aci.source_group = old_aci.source_group + if options.target: + new_aci.dest_group = target_grp[0].dn + else: + new_aci.dest_group = old_aci.dest_group + if options.attributes: + new_aci.attrs = attr_list + else: + new_aci.attrs = old_aci.attrs + new_aci_str = new_aci.export_to_string() + + new_aci_str_list = copy.deepcopy(aci_str_list) + new_aci_str_list[old_aci_index] = new_aci_str + aci_entry.setValue('aci', new_aci_str_list) + + client.update_entry(aci_entry) print "Delegation %s successfully updated" % args[1] return 0 -if __name__ == "__main__": - sys.exit(main()) +try: + import sys + from optparse import OptionParser + import ipa + import ipa.ipaclient as ipaclient + import ipa.ipaadminutil as ipaadminutil + import ipa.config + import ipa.aci + import ipa.ipautil as ipautil + + import xmlrpclib + import kerberos + import krbV + import ldap + import copy + import errno + + if __name__ == "__main__": + sys.exit(main()) +except SystemExit, e: + sys.exit(e) +except KeyboardInterrupt, e: + sys.exit(1) +except xmlrpclib.Fault, fault: + if fault.faultCode == errno.ECONNREFUSED: + print "The IPA XML-RPC service is not responding." + else: + print fault.faultString + sys.exit(1) +except kerberos.GSSError, e: + print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) + sys.exit(1) +except xmlrpclib.ProtocolError, e: + print "Unable to connect to IPA server: %s" % (e.errmsg) + sys.exit(1) +except ipa.ipaerror.IPAError, e: + print "%s" % (e.message) + sys.exit(1) -- cgit