diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2009-01-29 16:29:11 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2009-02-03 15:28:31 -0500 |
| commit | e0d428f97aad1f9e9c3faedeaddbcade22927d37 (patch) | |
| tree | 3a21754e5f4c8283530e2619c32ace2ded324564 /ipa-admintools | |
| parent | e30cd6ba42c256d2016db45146d616f329455e86 (diff) | |
| download | freeipa.git-e0d428f97aad1f9e9c3faedeaddbcade22927d37.tar.gz freeipa.git-e0d428f97aad1f9e9c3faedeaddbcade22927d37.tar.xz freeipa.git-e0d428f97aad1f9e9c3faedeaddbcade22927d37.zip | |
Mass file removal for IPAv2.
deleted: ipa-admintools/Makefile
deleted: ipa-admintools/README
deleted: ipa-admintools/ipa-adddelegation
deleted: ipa-admintools/ipa-addgroup
deleted: ipa-admintools/ipa-addservice
deleted: ipa-admintools/ipa-adduser
deleted: ipa-admintools/ipa-admintools.spec.in
deleted: ipa-admintools/ipa-change-master-key
deleted: ipa-admintools/ipa-defaultoptions
deleted: ipa-admintools/ipa-deldelegation
deleted: ipa-admintools/ipa-delgroup
deleted: ipa-admintools/ipa-delservice
deleted: ipa-admintools/ipa-deluser
deleted: ipa-admintools/ipa-findgroup
deleted: ipa-admintools/ipa-findservice
deleted: ipa-admintools/ipa-finduser
deleted: ipa-admintools/ipa-listdelegation
deleted: ipa-admintools/ipa-lockuser
deleted: ipa-admintools/ipa-moddelegation
deleted: ipa-admintools/ipa-modgroup
deleted: ipa-admintools/ipa-moduser
deleted: ipa-admintools/ipa-passwd
deleted: ipa-admintools/ipa-pwpolicy
deleted: ipa-admintools/man/Makefile
deleted: ipa-admintools/man/ipa-adddelegation.1
deleted: ipa-admintools/man/ipa-addgroup.1
deleted: ipa-admintools/man/ipa-addservice.1
deleted: ipa-admintools/man/ipa-adduser.1
deleted: ipa-admintools/man/ipa-defaultoptions.1
deleted: ipa-admintools/man/ipa-deldelegation.1
deleted: ipa-admintools/man/ipa-delgroup.1
deleted: ipa-admintools/man/ipa-delservice.1
deleted: ipa-admintools/man/ipa-deluser.1
deleted: ipa-admintools/man/ipa-findgroup.1
deleted: ipa-admintools/man/ipa-findservice.1
deleted: ipa-admintools/man/ipa-finduser.1
deleted: ipa-admintools/man/ipa-listdelegation.1
deleted: ipa-admintools/man/ipa-lockuser.1
deleted: ipa-admintools/man/ipa-moddelegation.1
deleted: ipa-admintools/man/ipa-modgroup.1
deleted: ipa-admintools/man/ipa-moduser.1
deleted: ipa-admintools/man/ipa-passwd.1
deleted: ipa-admintools/man/ipa-pwpolicy.1
deleted: ipa-server/AUTHORS
deleted: ipa-server/Makefile.am
deleted: ipa-server/NEWS
deleted: ipa-server/README
deleted: ipa-server/configure.ac
deleted: ipa-server/ipa-gui/Makefile.am
deleted: ipa-server/ipa-gui/README.i18n
deleted: ipa-server/ipa-gui/README.multivalue
deleted: ipa-server/ipa-gui/README.txt
deleted: ipa-server/ipa-gui/dev.cfg
deleted: ipa-server/ipa-gui/i18n.patch
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/Makefile.am
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/PKG-INFO
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/SOURCES.txt
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/dependency_links.txt
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/entry_points.txt
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/not-zip-safe
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/paster_plugins.txt
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/requires.txt
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/sqlobject.txt
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/top_level.txt
deleted: ipa-server/ipa-gui/ipa_webgui
deleted: ipa-server/ipa-gui/ipa_webgui.cfg
deleted: ipa-server/ipa-gui/ipa_webgui.init
deleted: ipa-server/ipa-gui/ipagui/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/__init__.py
deleted: ipa-server/ipa-gui/ipagui/config/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/config/__init__.py
deleted: ipa-server/ipa-gui/ipagui/config/app.cfg
deleted: ipa-server/ipa-gui/ipagui/config/log.cfg
deleted: ipa-server/ipa-gui/ipagui/controllers.py
deleted: ipa-server/ipa-gui/ipagui/forms/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/forms/__init__.py
deleted: ipa-server/ipa-gui/ipagui/forms/delegate.py
deleted: ipa-server/ipa-gui/ipagui/forms/group.py
deleted: ipa-server/ipa-gui/ipagui/forms/ipapolicy.py
deleted: ipa-server/ipa-gui/ipagui/forms/principal.py
deleted: ipa-server/ipa-gui/ipagui/forms/user.py
deleted: ipa-server/ipa-gui/ipagui/helpers/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/helpers/__init__.py
deleted: ipa-server/ipa-gui/ipagui/helpers/ipahelper.py
deleted: ipa-server/ipa-gui/ipagui/helpers/userhelper.py
deleted: ipa-server/ipa-gui/ipagui/helpers/validators.py
deleted: ipa-server/ipa-gui/ipagui/json.py
deleted: ipa-server/ipa-gui/ipagui/model.py
deleted: ipa-server/ipa-gui/ipagui/proxyprovider.py
deleted: ipa-server/ipa-gui/ipagui/proxyvisit.py
deleted: ipa-server/ipa-gui/ipagui/release.py
deleted: ipa-server/ipa-gui/ipagui/static/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/static/css/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css
deleted: ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css
deleted: ipa-server/ipa-gui/ipagui/static/css/style_platform.css
deleted: ipa-server/ipa-gui/ipagui/static/images/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/static/images/branding/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/static/images/branding/logo.png
deleted: ipa-server/ipa-gui/ipagui/static/images/down.gif
deleted: ipa-server/ipa-gui/ipagui/static/images/favicon.ico
deleted: ipa-server/ipa-gui/ipagui/static/images/header_inner.png
deleted: ipa-server/ipa-gui/ipagui/static/images/info.png
deleted: ipa-server/ipa-gui/ipagui/static/images/logo.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-accesscontrol.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-channel.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-channels.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-content.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-media.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-overview.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-policy.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-system.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-user.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-usergroup.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-virtualsystem.png
deleted: ipa-server/ipa-gui/ipagui/static/images/ok.png
deleted: ipa-server/ipa-gui/ipagui/static/images/template/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/static/images/template/background-content.png
deleted: ipa-server/ipa-gui/ipagui/static/images/template/background-navbar-active.png
deleted: ipa-server/ipa-gui/ipagui/static/images/template/background-navbar-active_fullsize.png
deleted: ipa-server/ipa-gui/ipagui/static/images/template/background-navbar.png
deleted: ipa-server/ipa-gui/ipagui/static/images/template/background-navbar_fullsize.png
deleted: ipa-server/ipa-gui/ipagui/static/images/template/background-sidebar.png
deleted: ipa-server/ipa-gui/ipagui/static/images/template/background.png
deleted: ipa-server/ipa-gui/ipagui/static/images/tg_under_the_hood.png
deleted: ipa-server/ipa-gui/ipagui/static/images/under_the_hood_blue.png
deleted: ipa-server/ipa-gui/ipagui/static/images/up.gif
deleted: ipa-server/ipa-gui/ipagui/static/javascript/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/static/javascript/dynamicedit.js
deleted: ipa-server/ipa-gui/ipagui/static/javascript/dynamicselect.js
deleted: ipa-server/ipa-gui/ipagui/static/javascript/effects.js
deleted: ipa-server/ipa-gui/ipagui/static/javascript/ipautil.js
deleted: ipa-server/ipa-gui/ipagui/static/javascript/prototype.js
deleted: ipa-server/ipa-gui/ipagui/static/javascript/scriptaculous.js
deleted: ipa-server/ipa-gui/ipagui/static/javascript/tablekit.js
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/__init__.py
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/group.py
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/ipacontroller.py
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/policy.py
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/principal.py
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/user.py
deleted: ipa-server/ipa-gui/ipagui/templates/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/templates/__init__.py
deleted: ipa-server/ipa-gui/ipagui/templates/delegateedit.kid
deleted: ipa-server/ipa-gui/ipagui/templates/delegateform.kid
deleted: ipa-server/ipa-gui/ipagui/templates/delegategroupsearch.kid
deleted: ipa-server/ipa-gui/ipagui/templates/delegatelayout.kid
deleted: ipa-server/ipa-gui/ipagui/templates/delegatelist.kid
deleted: ipa-server/ipa-gui/ipagui/templates/delegatenew.kid
deleted: ipa-server/ipa-gui/ipagui/templates/dynamiceditsearch.kid
deleted: ipa-server/ipa-gui/ipagui/templates/groupedit.kid
deleted: ipa-server/ipa-gui/ipagui/templates/groupeditform.kid
deleted: ipa-server/ipa-gui/ipagui/templates/grouplayout.kid
deleted: ipa-server/ipa-gui/ipagui/templates/grouplist.kid
deleted: ipa-server/ipa-gui/ipagui/templates/groupnew.kid
deleted: ipa-server/ipa-gui/ipagui/templates/groupnewform.kid
deleted: ipa-server/ipa-gui/ipagui/templates/groupshow.kid
deleted: ipa-server/ipa-gui/ipagui/templates/ipapolicyedit.kid
deleted: ipa-server/ipa-gui/ipagui/templates/ipapolicyeditform.kid
deleted: ipa-server/ipa-gui/ipagui/templates/ipapolicyshow.kid
deleted: ipa-server/ipa-gui/ipagui/templates/loginfailed.kid
deleted: ipa-server/ipa-gui/ipagui/templates/master.kid
deleted: ipa-server/ipa-gui/ipagui/templates/not_found.kid
deleted: ipa-server/ipa-gui/ipagui/templates/policyindex.kid
deleted: ipa-server/ipa-gui/ipagui/templates/policylayout.kid
deleted: ipa-server/ipa-gui/ipagui/templates/principallayout.kid
deleted: ipa-server/ipa-gui/ipagui/templates/principallist.kid
deleted: ipa-server/ipa-gui/ipagui/templates/principalnew.kid
deleted: ipa-server/ipa-gui/ipagui/templates/principalnewform.kid
deleted: ipa-server/ipa-gui/ipagui/templates/principalshow.kid
deleted: ipa-server/ipa-gui/ipagui/templates/unhandled_exception.kid
deleted: ipa-server/ipa-gui/ipagui/templates/useredit.kid
deleted: ipa-server/ipa-gui/ipagui/templates/usereditform.kid
deleted: ipa-server/ipa-gui/ipagui/templates/userlayout.kid
deleted: ipa-server/ipa-gui/ipagui/templates/userlist.kid
deleted: ipa-server/ipa-gui/ipagui/templates/usernew.kid
deleted: ipa-server/ipa-gui/ipagui/templates/usernewform.kid
deleted: ipa-server/ipa-gui/ipagui/templates/userselectsearch.kid
deleted: ipa-server/ipa-gui/ipagui/templates/usershow.kid
deleted: ipa-server/ipa-gui/ipagui/templates/welcome.kid
deleted: ipa-server/ipa-gui/ipagui/tests/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/tests/__init__.py
deleted: ipa-server/ipa-gui/ipagui/tests/test_controllers.py
deleted: ipa-server/ipa-gui/ipagui/tests/test_model.py
deleted: ipa-server/ipa-gui/locales/ja/LC_MESSAGES/messages.po
deleted: ipa-server/ipa-gui/locales/messages.pot
deleted: ipa-server/ipa-gui/sample-prod.cfg
deleted: ipa-server/ipa-gui/setup.py
deleted: ipa-server/ipa-gui/start-ipagui.py
deleted: ipa-server/ipa-gui/test.cfg
deleted: ipa-server/ipa-server.spec.in
deleted: ipa-server/xmlrpc-server/Makefile.am
deleted: ipa-server/xmlrpc-server/README
deleted: ipa-server/xmlrpc-server/attrs.py
deleted: ipa-server/xmlrpc-server/funcs.py
deleted: ipa-server/xmlrpc-server/ipaxmlrpc.py
deleted: ipa-server/xmlrpc-server/test/Makefile.am
deleted: ipa-server/xmlrpc-server/test/README
deleted: ipa-server/xmlrpc-server/test/test.py
deleted: ipa-server/xmlrpc-server/test/test_methods.py
deleted: ipa-server/xmlrpc-server/test/test_mod_python.py
Diffstat (limited to 'ipa-admintools')
43 files changed, 0 insertions, 4606 deletions
diff --git a/ipa-admintools/Makefile b/ipa-admintools/Makefile deleted file mode 100644 index 43899ef2..00000000 --- a/ipa-admintools/Makefile +++ /dev/null @@ -1,47 +0,0 @@ -SUBDIRS=man -SBINDIR = $(DESTDIR)/usr/sbin - - -all: ; - @for subdir in $(SUBDIRS); do \ - (cd $$subdir && $(MAKE) $@) || exit 1; \ - done - -install: - install -m 755 ipa-adduser $(SBINDIR) - install -m 755 ipa-finduser $(SBINDIR) - install -m 755 ipa-moduser $(SBINDIR) - install -m 755 ipa-deluser $(SBINDIR) - install -m 755 ipa-lockuser $(SBINDIR) - install -m 755 ipa-addgroup $(SBINDIR) - install -m 755 ipa-delgroup $(SBINDIR) - install -m 755 ipa-findgroup $(SBINDIR) - install -m 755 ipa-modgroup $(SBINDIR) - install -m 755 ipa-passwd $(SBINDIR) - install -m 755 ipa-pwpolicy $(SBINDIR) - install -m 755 ipa-addservice $(SBINDIR) - install -m 755 ipa-delservice $(SBINDIR) - install -m 755 ipa-findservice $(SBINDIR) - install -m 755 ipa-adddelegation $(SBINDIR) - install -m 755 ipa-deldelegation $(SBINDIR) - install -m 755 ipa-listdelegation $(SBINDIR) - install -m 755 ipa-moddelegation $(SBINDIR) - install -m 755 ipa-defaultoptions $(SBINDIR) - install -m 755 ipa-change-master-key $(SBINDIR) - - @for subdir in $(SUBDIRS); do \ - (cd $$subdir && $(MAKE) $@) || exit 1; \ - done - -install-man: - install -m 644 - -clean: - rm -f *~ *.pyc - -distclean: clean - rm -f ipa-admintools.spec - -maintainer-clean: distclean - -test: diff --git a/ipa-admintools/README b/ipa-admintools/README deleted file mode 100644 index 6fc9db87..00000000 --- a/ipa-admintools/README +++ /dev/null @@ -1,13 +0,0 @@ -These tools are designed for administrators to work from a command-line, -use in scripts, etc. - -The design goal is to provide 100% of capabilities that the UI has, something -which is often not true. - -Developers ----------- - -These scripts use an XML-RPC interface to communicate with the IPA server. -Please use only this API and avoid the temptation to communicate directly -with the LDAP server. It is our philosophy to have a robust, standard -interface for doing all IPA administrative work. diff --git a/ipa-admintools/ipa-adddelegation b/ipa-admintools/ipa-adddelegation deleted file mode 100644 index 4493390f..00000000 --- a/ipa-admintools/ipa-adddelegation +++ /dev/null @@ -1,201 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa - import ipa.user - import ipa.ipaclient as ipaclient - import ipa.config - import ipa.aci - import ipa.ipaadminutil as ipaadminutil - import ipa.ipautil as ipautil - - import xmlrpclib - import kerberos - import krbV - import ldap - import errno - import socket -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def parse_options(): - usage = "%prog -l|--list\n" - usage += "%prog -a|--attributes attr1,attr2,..,attrn -s|--source STRING -t|--target STRING [-v|--verbose] name" - parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter()) - parser.add_option("-a", "--attributes", dest="attributes", - help="The attributes the source group may change in the target group") - parser.add_option("-s", "--source", dest="source", - help="The source group name") - parser.add_option("-t", "--target", dest="target", - help="The target group name") - parser.add_option("-l", "--list", dest="list", action="store_true", - help="List common attributes (this is not an exhaustive list)") - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - - if options.list: - ipa.config.verify_args(parser, args) - else: - ipa.config.verify_args(parser, args, "name") - if not options.attributes or not options.source or not options.target: - parser.error("need attributes and both source and target groups") - - ipa.config.init_config(options) - - return options, args - -def main(): - - options, args = parse_options() - - if options.list: - client = ipaclient.IPAClient(verbose=options.verbose) - l = client.get_all_attrs() - - for x in l: - print x - return 0 - - client = ipaclient.IPAClient(verbose=options.verbose) - - source_grp = client.find_groups(options.source) - counter = source_grp[0] - source_grp = source_grp[1:] - groupindex = -1 - if counter == 0: - print "No entries found for %s" % options.source - return 2 - elif counter == -1: - print "These results are truncated." - print "Please refine your search and try again." - return 3 - - if counter > 1: - print "\nMultiple entries for the source group found." - groupindex = ipaadminutil.select_group(counter, source_grp) - if groupindex == "q": - return 0 - - if groupindex >= 0: - source_grp = [source_grp[groupindex]] - - target_grp = client.find_groups(options.target) - counter = target_grp[0] - target_grp = target_grp[1:] - groupindex = -1 - if counter == 0: - print "No entries found for %s" % options.target - return 2 - elif counter == -1: - print "These results are truncated." - print "Please refine your search and try again." - return 3 - - if counter > 1: - print "\nMultiple entries for the target group found." - groupindex = ipaadminutil.select_group(counter, target_grp) - if groupindex == "q": - return 0 - - if groupindex >= 0: - target_grp = [target_grp[groupindex]] - - attr_list = options.attributes.split(',') - - new_aci = ipa.aci.ACI() - new_aci.name = args[0] - new_aci.source_group = source_grp[0].dn - new_aci.dest_group = target_grp[0].dn - new_aci.attrs = attr_list - - aci_entry = client.get_aci_entry(['*', 'aci']) - - # Look for an existing ACI of the same name - aci_str_list = aci_entry.getValues('aci') - if aci_str_list is None: - aci_str_list = [] - if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)): - aci_str_list = [aci_str_list] - - for aci_str in aci_str_list: - try: - old_aci = ipa.aci.ACI(aci_str) - if old_aci.name == new_aci.name: - print "A delegation of that name already exists" - return 2 - except SyntaxError: - # ignore aci_str's that ACI can't parse - pass - - aci_entry = client.get_aci_entry(['dn']) - aci_entry.setValue('aci', new_aci.export_to_string()) - - client.update_entry(aci_entry) - - # Now add to the editors group so they can make changes in the UI - try: - group = client.get_entry_by_cn("editors") - client.add_group_to_group(new_aci.source_group, group.dn) - except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST): - # This is ok, ignore it - pass - - print "Delegation %s successfully added" % args[0] - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-addgroup b/ipa-admintools/ipa-addgroup deleted file mode 100644 index 09ae9a67..00000000 --- a/ipa-admintools/ipa-addgroup +++ /dev/null @@ -1,162 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa - import ipa.group - import ipa.ipaclient as ipaclient - import ipa.ipavalidate as ipavalidate - import ipa.ipautil as ipautil - import ipa.config - import ipa.ipaerror - import ipa.ipaadminutil as ipaadminutil - - import xmlrpclib - import kerberos - import ldap - import errno - import socket -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def set_add_usage(which): - print "%s option usage: --%s NAME=VALUE" % (which, which) - -def parse_options(): - usage = "%prog [options] [group]" - parser = OptionParser(usage=usage) - parser.add_option("-d", "--description", dest="desc", - help="A description of this group") - parser.add_option("-g", "--gid", dest="gid", - help="The gid to use for this group. If not included one is automatically set.") - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - parser.add_option("--addattr", dest="addattr", - help="Adds an attribute or values to that attribute, attr=value", - action="append") - parser.add_option("--setattr", dest="setattr", - help="Set an attribute, dropping any existing values that may exist", - action="append") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - - if len(args) > 1: - parser.error("too many arguments") - - ipa.config.init_config(options) - - return options, args - -def main(): - cn = "" - desc = "" - - group=ipa.group.Group() - options, args = parse_options() - - if len(args) != 1: - cn = ipautil.user_input_name("Group name") - else: - cn = args[0] - try: - ipaadminutil.check_name(cn) - except ValueError, e: - print "Group name " + str(e) - return 1 - - if not options.desc: - desc = ipautil.user_input("Description", allow_empty = False) - else: - desc = options.desc - if not ipavalidate.String(desc, notEmpty=True): - print "Please enter a value" - return 1 - - if options.gid: - group.setValue('gidnumber', options.gid) - - group.setValue('cn', cn) - group.setValue('description', desc) - - if options.setattr: - for s in options.setattr: - s = s.split('=', 1) - if len(s) != 2: - set_add_usage("set") - sys.exit(1) - (attr,value) = s - group.setValue(attr, value) - - if options.addattr: - for a in options.addattr: - a = a.split('=', 1) - if len(a) != 2: - set_add_usage("add") - sys.exit(1) - (attr,value) = a - cvalue = group.getValue(attr) - if cvalue: - if isinstance(cvalue,str): - cvalue = [cvalue] - value = cvalue + [value] - group.setValue(attr, value) - - client = ipaclient.IPAClient(verbose=options.verbose) - client.add_group(group) - print cn + " successfully added" - - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-addservice b/ipa-admintools/ipa-addservice deleted file mode 100644 index 15105bc0..00000000 --- a/ipa-admintools/ipa-addservice +++ /dev/null @@ -1,104 +0,0 @@ -#! /usr/bin/python -E -# Authors: Karl MacMillan <kmacmill@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa - import ipa.user - import ipa.ipaclient as ipaclient - import ipa.ipautil as ipautil - import ipa.config - - import base64 - - import xmlrpclib - import kerberos - import krbV - import ldap - import getpass - import errno - import socket -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def parse_options(): - usage = "%prog [options] principal" - parser = OptionParser(usage=usage) - - parser.add_option("--force", action="store_true", default=False, - help="Force a service principal name") - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - ipa.config.verify_args(parser, args, "principal") - ipa.config.init_config(options) - - return options, args - -def main(): - # The following fields are required - princ_name = "" - - options, args = parse_options() - - princ_name = args[0] - - client = ipaclient.IPAClient(verbose=options.verbose) - - client.add_service_principal(princ_name, "%d" % options.force) - - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-adduser b/ipa-admintools/ipa-adduser deleted file mode 100644 index cf1f4324..00000000 --- a/ipa-admintools/ipa-adduser +++ /dev/null @@ -1,290 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa - import ipa.user - import ipa.ipaclient as ipaclient - import ipa.ipavalidate as ipavalidate - import ipa.ipautil as ipautil - import ipa.config - import ipa.ipaadminutil as ipaadminutil - - import xmlrpclib - import kerberos - import krbV - import ldap - import getpass - import errno - import socket -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def set_add_usage(which): - print "%s option usage: --%s NAME=VALUE" % (which, which) - -def parse_options(): - usage = "%prog [options] [user]" - parser = OptionParser(usage=usage) - parser.add_option("-c", "--gecos", dest="gecos", - help="Set the GECOS field") - parser.add_option("-d", "--directory", dest="directory", - help="Set the User's home directory") - parser.add_option("-f", "--firstname", dest="gn", - help="User's first name") - parser.add_option("-l", "--lastname", dest="sn", - help="User's last name") - parser.add_option("-p", "--password", dest="password", - help="Set user's password") - parser.add_option("-P", dest="password_prompt", action="store_true", - help="Prompt on the command-line for the user's password") - parser.add_option("-s", "--shell", dest="shell", - help="Set user's login shell to shell") - parser.add_option("-G", "--groups", dest="groups", - help="Add account to one or more groups (comma-separated)") - parser.add_option("-k", "--krb-principal", dest="principal", - help="Set user's Kerberos Principal Name") - parser.add_option("-M", "--mailAddress", dest="mail", - help="Set user's e-mail address") - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - parser.add_option("--addattr", dest="addattr", - help="Adds an attribute or values to that attribute, attr=value", - action="append") - parser.add_option("--setattr", dest="setattr", - help="Set an attribute, dropping any existing values that may exist", - action="append") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - - if len(args) > 1: - parser.error("too many arguments") - - ipa.config.init_config(options) - - return options, args - -def main(): - # The following fields are required - givenname = "" - lastname = "" - username = "" - principal = "" - password = "" - mail = "" - gecos = "" - directory = "" - shell = "" - groups = "" - - match = False - - all_interactive = False - - user=ipa.user.User() - options, args = parse_options() - - if len(args) != 1: - all_interactive = True - - if not options.gn: - givenname = ipautil.user_input("First name", allow_empty = False) - else: - givenname = options.gn - if not ipavalidate.String(givenname, notEmpty=True): - print "Please enter a value" - return 1 - - if not options.sn: - lastname = ipautil.user_input("Last name", allow_empty = False) - else: - lastname = options.sn - if not ipavalidate.String(lastname, notEmpty=True): - print "Please enter a value" - return 1 - - if len(args) != 1: - username = ipautil.user_input_name("Login name") - else: - username = args[0] - try: - ipaadminutil.check_name(username) - except ValueError, e: - print "Login name " + str(e) - return 1 - - if options.password_prompt: - while match != True: - password = getpass.getpass(" Password: ") - confirm = getpass.getpass(" Password (again): ") - if password != confirm: - print "Passwords do not match" - match = False - else: - match = True - if len(password) < 1: - print "Password cannot be empty" - match = False - else: - password = options.password - - if options.mail: - mail = options.mail - if not ipavalidate.Email(mail): - print "The email provided seem not a valid email." - return 1 - - # Ask the questions we don't normally force. We don't require answers - # for these. - if all_interactive is True: - if not options.gecos: - gecos = ipautil.user_input("gecos") - if not options.directory: - directory = ipautil.user_input_path("Home directory", "/home/" + username, allow_empty = True) - if not options.shell: - shell = ipautil.user_input("Shell", "/bin/sh", allow_empty = False) - - else: - gecos = options.gecos - directory = options.directory - shell = options.shell - groups = options.groups - - if options.principal: - principal = options.principal - else: - ctx = krbV.default_context() - principal = username + "@" + ctx.default_realm - - user.setValue('givenname', givenname) - user.setValue('sn', lastname) - user.setValue('uid', username) - user.setValue('krbprincipalname', principal) - if mail: - user.setValue('mail', mail) - if gecos: - user.setValue('gecos', gecos) - if directory: - user.setValue('homedirectory', directory) - if shell: - user.setValue('loginshell', shell) - - if options.setattr: - for s in options.setattr: - s = s.split('=', 1) - if len(s) != 2: - set_add_usage("set") - sys.exit(1) - (attr,value) = s - user.setValue(attr, value) - - if options.addattr: - for a in options.addattr: - a = a.split('=', 1) - if len(a) != 2: - set_add_usage("add") - sys.exit(1) - (attr,value) = a - cvalue = user.getValue(attr) - if cvalue: - if isinstance(cvalue,str): - cvalue = [cvalue] - value = cvalue + [value] - user.setValue(attr, value) - - client = ipaclient.IPAClient(verbose=options.verbose) - - # get group dns and verify they exist - groups_to_add = [] - if groups: - for group in groups.split(','): - group_dn = get_group_dn(client, group) - if not group_dn: - print "group %s doesn't exist" % group - return 1 - groups_to_add.append(group_dn) - - # add the user - client.add_user(user) - - # add the user to all the groups - for group in groups_to_add: - client.add_user_to_group(username, group) - - # Set the User's password - if password is not None: - try: - client.modifyPassword(principal, '', password) - except ipa.ipaerror.IPAError, e: - print "User added but setting the password failed." - print "%s" % (e.message) - return 1 - - print username + " successfully added" - return 0 - -def get_group_dn(client, group_name): - if not group_name: - return None - - found = client.find_groups(group_name) - if len(found) < 2: - return None - for group in found[1:]: - if group.cn == group_name: - return group.dn - return None - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-admintools.spec.in b/ipa-admintools/ipa-admintools.spec.in deleted file mode 100644 index ea03923a..00000000 --- a/ipa-admintools/ipa-admintools.spec.in +++ /dev/null @@ -1,87 +0,0 @@ -Name: ipa-admintools -Version: __VERSION__ -Release: __RELEASE__%{?dist} -Summary: IPA admin tools - -Group: System Environment/Base -License: GPLv2 -URL: http://www.freeipa.org -Source0: %{name}-%{version}.tgz -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildArch: noarch - -Requires: python -Requires: python-krbV -Requires: ipa-python -Requires: python-ldap -Requires: python-configobj - -%description -User, group, delegation and policy administration tools for IPA. IPA is a -server for identity, policy, and audit. - -%prep -%setup -q - -%install -rm -rf %{buildroot} -mkdir -p %{buildroot}%{_sbindir} - -make install DESTDIR=%{buildroot} - - -%clean -rm -rf %{buildroot} - - -%files -%defattr(-,root,root,-) -%{_sbindir}/ipa* -%{_mandir}/man1/* - -%changelog -* Fri May 23 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-2 -- Add Requires for python-ldap and python-configobj - -* Thu Apr 3 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1 -- Version bump for release - -* Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-1 -- Version bump for release - -* Thu Jan 31 2008 Rob Crittenden <rcritten@redhat.com> - 0.6.0-3 -- Marked with wrong license. IPA is GPLv2. - -* Thu Jan 17 2008 Rob Crittenden <rcritten@redhat.com> - 0.6.0-2 -- Fixed License in specfile - -* Fri Dec 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.6.0-1 -- Version bump for release. - -* Wed Nov 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.5.0-1 -- Version bump for release and rpm name change - -* Thu Nov 1 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.1-1 -- Version bump for release - -* Thu Oct 11 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-2 -- Package man files - -* Tue Oct 2 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-1 -- Milestone 4 - -* Mon Sep 10 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.0-1 -- Milestone 3 - -* Fri Aug 17 2007 Karl MacMillan <kmacmill@redhat.com> - 0.2.0-4 -- Package additional utilities. - -* Mon Aug 5 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-3 -- Abstracted client class to work directly or over RPC - -* Wed Aug 1 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-2 -- Update tools to do kerberos -- Add User class - -* Fri Jul 27 2007 Karl MacMillan <kmacmill@localhost.localdomain> - 0.1.0-1 -- Initial rpm version diff --git a/ipa-admintools/ipa-change-master-key b/ipa-admintools/ipa-change-master-key deleted file mode 100644 index a4e94399..00000000 --- a/ipa-admintools/ipa-change-master-key +++ /dev/null @@ -1,387 +0,0 @@ -#! /usr/bin/python -E -# Authors: Simo Sorce <ssorce@redhat.com> -# -# Copyright (C) 2007 Simo Sorce <ssorce@redhat.com> -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 or later -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -etckrb5conf = "/etc/krb5.conf" -krb5dir = "/var/kerberos/krb5kdc" -cachedir = "/var/cache/ipa" -libdir = "/var/lib/ipa" -basedir = libdir+"/mkey" -ourkrb5conf = basedir+"/krb5.conf" -ldappwdfile = basedir+"/ldappwd" - -password = "" - -import sys -try: - from optparse import OptionParser - import ipa - import ipa.config - import ipa.ipautil - from ipaclient import ipachangeconf - from ipaserver import ipaldap - - import krbV - - import ldap - from ldap import LDAPError - from ldap import ldapobject - - from pyasn1.type import univ, namedtype - import pyasn1.codec.ber.encoder - import pyasn1.codec.ber.decoder - import struct - import base64 - - import random - import time - import os - import shutil - import getpass -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def parse_options(): - parser = OptionParser("%prog [-q|--quiet] [-p DM_PASSWORD]") - parser.add_option("-p", "--dm-password", dest="dm_password", - help="The Directory Manager password") - parser.add_option("-q", "--quiet", action="store_true", dest="quiet", - help="Keep quiet") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - - ipa.config.verify_args(parser, args) - ipa.config.init_config(options) - - return options, args - -# We support only des3 encoded stash files for now -def generate_new_stash_file(file): - - odd_parity_bytes_pool = ['\x01', '\x02', '\x04', '\x07', '\x08', '\x0b', - '\r', '\x0e', '\x10', '\x13', '\x15', '\x16', '\x19', '\x1a', '\x1c', - '\x1f', ' ', '#', '%', '&', ')', '*', ',', '/', '1', '2', '4', '7', '8', - ';', '=', '>', '@', 'C', 'E', 'F', 'I', 'J', 'L', 'O', 'Q', 'R', 'T', - 'W', 'X', '[', ']', '^', 'a', 'b', 'd', 'g', 'h', 'k', 'm', 'n', 'p', - 's', 'u', 'v', 'y', 'z', '|', '\x7f', '\x80', '\x83', '\x85', '\x86', - '\x89', '\x8a', '\x8c', '\x8f', '\x91', '\x92', '\x94', '\x97', '\x98', - '\x9b', '\x9d', '\x9e', '\xa1', '\xa2', '\xa4', '\xa7', '\xa8', '\xab', - '\xad', '\xae', '\xb0', '\xb3', '\xb5', '\xb6', '\xb9', '\xba', '\xbc', - '\xbf', '\xc1', '\xc2', '\xc4', '\xc7', '\xc8', '\xcb', '\xcd', '\xce', - '\xd0', '\xd3', '\xd5', '\xd6', '\xd9', '\xda', '\xdc', '\xdf', '\xe0', - '\xe3', '\xe5', '\xe6', '\xe9', '\xea', '\xec', '\xef', '\xf1', '\xf2', - '\xf4', '\xf7', '\xf8', '\xfb', '\xfd', '\xfe'] - - pool_len = len(odd_parity_bytes_pool) - keytype = 16 # des3 - keydata = "" - - r = random.SystemRandom() - for k in range(24): - keydata += r.choice(odd_parity_bytes_pool) - - format = '=hi%ss' % len(keydata) - s = struct.pack(format, keytype, len(keydata), keydata) - try: - fd = open(file, "w") - fd.write(s) - except os.error, e: - logging.critical("failed to write stash file") - raise e - -# clean up procedures -def cleanup(password): - try: - os.stat(basedir) - except: - return None - try: - # always remove ldappwdfile as it contains the Directory Manager password - os.remove(ldappwdfile) - except: - pass - - # tar and encrypt the working dir so that we do not leave sensitive data - # around unproteceted - curtime = time.strftime("%Y%m%d%H%M%S",time.gmtime()) - tarfile = libdir+"/ipa-change-mkey-"+curtime+".tar" - gpgfile = tarfile+".gpg" - args = ['/bin/tar', '-C', libdir, '-cf', tarfile, 'mkey'] - ipa.ipautil.run(args) - ipa.ipautil.encrypt_file(tarfile, gpgfile, password, cachedir) - os.remove(tarfile) - shutil.rmtree(basedir, ignore_errors=True) - - return "The temporary working directory with backup dump files has been securely archived and gpg-encrypted as "+gpgfile+" using the Directory Manager password." - -def main(): - - global password - - options, args = parse_options() - - krbctx = krbV.default_context() - - realm = krbctx.default_realm - suffix = ipa.ipautil.realm_to_suffix(realm) - - backupfile = basedir+"/backup.dump" - convertfile = basedir+"/convert.dump" - oldstashfile = krb5dir+"/.k5."+realm - newstashfile = basedir+"/.new.mkey" - bkpstashfile = basedir+"/.k5."+realm - - if os.getuid() != 0: - print "ERROR: This command must be run as root" - sys.exit(1) - - print "DANGER: This is a dangerous operation, make sure you backup all your IPA data before running the tool" - print "This command will restart your Directory and KDC Servers." - - #TODO: ask for confirmation - if not ipa.ipautil.user_input("Do you want to proceed and change the Kerberos Master key?", False): - print "" - print "Aborting..." - return 1 - - password = options.dm_password - if not password: - password = getpass.getpass("Directory Manager password: ") - - # get a connection to the DS - try: - conn = ipaldap.IPAdmin(ipa.config.config.default_server[0]) - conn.do_simple_bind(bindpw=password) - except Exception, e: - print "ERROR: Could not connect to the Directory Server on "+ipa.config.config.default_server[0]+" ("+str(e)+")" - return 1 - - # Wipe basedir and recreate it - shutil.rmtree(basedir, ignore_errors=True) - os.mkdir(basedir, 0700) - - generate_new_stash_file(newstashfile) - - # Generate conf files - try: - shutil.copyfile(etckrb5conf, ourkrb5conf) - - krbconf = ipachangeconf.IPAChangeConf("IPA Installer") - krbconf.setOptionAssignment(" = ") - krbconf.setSectionNameDelimiters(("[","]")) - krbconf.setSubSectionDelimiters(("{","}")) - krbconf.setIndent((""," "," ")) - - #OPTS - opts = [{'name':'ldap_kadmind_dn', 'type':'option', 'action':'set', 'value':'cn=Directory Manager'}, - {'name':'ldap_service_password_file', 'type':'option', 'action':'set', 'value':ldappwdfile}] - - #REALM - realmopts = [{'name':realm, 'type':'subsection', 'action':'set', 'value':opts}] - - #DBMODULES - dbopts = [{'name':'dbmodules', 'type':'section', 'action':'set', 'value':realmopts}] - - krbconf.changeConf(ourkrb5conf, dbopts); - - hexpwd = "" - for x in password: - hexpwd += (hex(ord(x))[2:]) - pwd_fd = open(ldappwdfile, "w") - pwd_fd.write("cn=Directory Manager#{HEX}"+hexpwd+"\n") - pwd_fd.close() - os.chmod(ldappwdfile, 0600) - - except Exception, e: - print "Failed to create custom configuration files ("+str(e)+") aborting..." - return 1 - - #Set environment vars so that the modified krb5.conf is used - os.environ['KRB5_CONFIG'] = ourkrb5conf - - #Backup the kerberos key material for recovery if needed - args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-verbose", backupfile] - print "Performing safety backup of the key material" - try: - output = ipa.ipautil.run(args) - except ipa.ipautil.CalledProcessError, e: - print "Failed to backup key material ("+str(e)+"), aborting ..." - return 1 - - if not options.quiet: - princlist = output[1].split('\n') - print "Principals stored into the backup file "+backupfile+":" - for p in princlist: - print p - print "" - - #Convert the kerberos keys to the new master key - args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-verbose", "-new_mkey_file", newstashfile, convertfile] - print "Converting key material to new master key" - try: - output = ipa.ipautil.run(args) - except ipa.ipautil.CalledProcessError, e: - print "Failed to convert key material, aborting ..." - return 1 - - savedprinclist = output[1].split('\n') - - if not options.quiet: - princlist = output[1].split('\n') - print "Principals dumped for conversion:" - for p in princlist: - print p - print "" - - #Stop the KDC - args = ["/etc/init.d/krb5kdc", "stop"] - try: - output = ipa.ipautil.run(args) - if output[0]: - print output[0] - if output[1]: - print output[1] - except ipa.ipautil.CalledProcessError, e: - print "WARNING: Failed to restart the KDC ("+str(e)+")" - print "You will have to manually restart the KDC when the operation is completed" - - #Change the mkey into ldap - try: - stash = open(newstashfile, "r") - keytype = struct.unpack('h', stash.read(2))[0] - keylen = struct.unpack('i', stash.read(4))[0] - keydata = stash.read(keylen) - - #encode it in the asn.1 attribute - MasterKey = univ.Sequence() - MasterKey.setComponentByPosition(0, univ.Integer(keytype)) - MasterKey.setComponentByPosition(1, univ.OctetString(keydata)) - krbMKey = univ.Sequence() - krbMKey.setComponentByPosition(0, univ.Integer(0)) #we have no kvno - krbMKey.setComponentByPosition(1, MasterKey) - asn1key = pyasn1.codec.ber.encoder.encode(krbMKey) - - dn = "cn="+realm+",cn=kerberos,"+suffix - mod = [(ldap.MOD_REPLACE, 'krbMKey', str(asn1key))] - conn.modify_s(dn, mod) - except Exception, e: - print "ERROR: Failed to upload the Master Key from the Stash file: "+newstashfile+" ("+str(e)+")" - return 1 - - #Backup old stash file and substitute with new - try: - shutil.move(oldstashfile, bkpstashfile) - shutil.copyfile(newstashfile, oldstashfile) - except Exception, e: - print "ERROR: An error occurred while installing the new stash file("+str(e)+")" - print "The KDC may fail to start if the correct stash file is not in place" - print "Verify that "+newstashfile+" has been correctly installed into "+oldstashfile - print "A backup copy of the old stash file should be saved in "+bkpstashfile - - #Finally upload the converted principals - args = ["/usr/kerberos/sbin/kdb5_util", "load", "-verbose", "-update", convertfile] - print "Uploading converted key material" - try: - output = ipa.ipautil.run(args) - except ipa.ipautil.CalledProcessError, e: - print "Failed to upload key material ("+e+"), aborting ..." - return 1 - - if not options.quiet: - princlist = output[1].split('\n') - print "Principals converted and uploaded:" - for p in princlist: - print p - print "" - - uploadedprinclist = output[1].split('\n') - - #Check for differences and report - d = [] - for p in savedprinclist: - if uploadedprinclist.count(p) == 0: - d.append(p) - if len(d) != 0: - print "WARNING: Not all dumped principals have been updated" - print "Principals not Updated:" - for p in d: - print p - - #Remove custom environ - del os.environ['KRB5_CONFIG'] - - #Restart Directory Server (the pwd plugin need to read the new mkey) - args = ["/etc/init.d/dirsrv", "restart"] - try: - output = ipa.ipautil.run(args) - if output[0]: - print output[0] - if output[1]: - print output[1] - except ipa.ipautil.CalledProcessError, e: - print "WARNING: Failed to restart the Directory Server ("+str(e)+")" - print "Please manually restart the DS with 'service dirsrv restart'" - - #Restart the KDC - args = ["/etc/init.d/krb5kdc", "start"] - try: - output = ipa.ipautil.run(args) - if output[0]: - print output[0] - if output[1]: - print output[1] - except ipa.ipautil.CalledProcessError, e: - print "WARNING: Failed to restart the KDC ("+str(e)+")" - print "Please manually restart the kdc with 'service krb5kdc start'" - - print "Master Password successfully changed" - print "You MUST now copy the stash file "+oldstashfile+" to all the replicas and restart them!" - print "" - - return 0 - -if __name__ == "__main__": - ret = 0 - try: - ret = main() - except SystemExit, e: - ret = e - except KeyboardInterrupt, e: - ret = 1 - except Exception, e: - print "%s" % str(e) - ret = 1 - - try: - msg = cleanup(password) - if msg: - print msg - except Exception, e: - print "Failed to clean up the temporary location for the dump files and generate and encrypted archive with error:" - print e - print "Please securely archive/encrypt "+basedir - - sys.exit(ret) diff --git a/ipa-admintools/ipa-defaultoptions b/ipa-admintools/ipa-defaultoptions deleted file mode 100644 index 3cc94d4c..00000000 --- a/ipa-admintools/ipa-defaultoptions +++ /dev/null @@ -1,181 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2008 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa - import ipa.entity - import ipa.ipaclient as ipaclient - import ipa.config - - import xmlrpclib - import kerberos - import errno - import validate - import socket -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def parse_options(): - usage = "%prog [options]\n" - usage += "%prog --show" - parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter()) - parser.add_option("--maxusername", dest="maxusername", - help="Max. Length of a username") - parser.add_option("--homedir", dest="homedir", - help="Default location of home directories") - parser.add_option("--defaultshell", dest="defaultshell", - help="Default shell for new users") - parser.add_option("--defaultgroup", dest="defaultgroup", - help="Default group for new users") - parser.add_option("--emaildomain", dest="emaildomain", - help="Default e-mail domain") - parser.add_option("--searchtimelimit", dest="searchtimelimit", - help="Max. amount of time (sec.) for a search (-1 is unlimited)") - parser.add_option("--searchrecordslimit", dest="searchrecordslimit", - help="Max. number of records to search (-1 is unlimited)") - parser.add_option("--usersearch", dest="usersearch", - help="A comma-separated list of fields to search when searching for users") - parser.add_option("--groupsearch", dest="groupsearch", - help="A comma-separated list of fields to search when searching for groups") - parser.add_option("--show", dest="show", action="store_true", - help="Show the current configuration") - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - ipa.config.verify_args(parser, args) - - if not options.show and not options.maxusername and not options.homedir and not options.defaultshell and not options.defaultgroup and not options.emaildomain and not options.searchtimelimit and not options.searchrecordslimit and not options.usersearch and not options.groupsearch: - parser.error("nothing to do") - - ipa.config.init_config(options) - - return options, args - -def show_config(client): - policy = client.get_ipa_config() - print "Search Configuration" - print " Search Time Limit (sec.): %s" % policy.getValues('ipaSearchTimeLimit') - print " Search Records Limit: %s" % policy.getValues('ipaSearchRecordsLimit') - print " User Search Fields: %s" % policy.getValues('ipaUserSearchFields') - print " Group Search Fields: %s" % policy.getValues('ipaGroupSearchFields') - - print "" - - print "User Settings" - print " Max. Username Length: %s" % policy.getValues('ipaMaxUsernameLength') - print " Root for Home Directories: %s" % policy.getValues('ipaHomesRootDir') - print " Default Shell: %s" % policy.getValues('ipaDefaultLoginShell') - print " Default User Group: %s" % policy.getValues('ipaDefaultPrimaryGroup') - print "Default E-mail Domain: %s" % policy.getValues('ipaDefaultEmailDomain') - -def update_policy(client, options): - current = client.get_ipa_config() - - new = ipa.entity.Entity(current.toDict()) - - try: - if options.maxusername: - validate.is_integer(options.maxusername, min=1) - new.setValue('ipamaxusernamelength', options.maxusername) - if options.homedir: - validate.is_string(options.homedir) - new.setValue('ipahomesrootdir', options.homedir) - if options.defaultshell: - validate.is_string(options.defaultshell) - new.setValue('ipadefaultloginshell', options.history) - if options.defaultgroup: - new.setValue('ipadefaultprimarygroup', options.defaultgroup) - if options.emaildomain: - new.setValue('ipadefaultemaildomain', options.emaildomain) - if options.searchtimelimit: - validate.is_integer(options.searchtimelimit, min=-1) - new.setValue('ipasearchtimelimit', options.searchtimelimit) - if options.searchrecordslimit: - validate.is_integer(options.searchrecordslimit, min=-1) - new.setValue('ipasearchrecordslimit', options.searchrecordslimit) - if options.usersearch: - new.setValue('ipausersearchfields', options.usersearch) - if options.groupsearch: - new.setValue('ipagroupsearchfields', options.groupsearch) - except validate.VdtTypeError, e: - print "%s" % str(e) - return 1 - except validate.VdtValueTooSmallError, e: - print "%s" % str(e) - return 1 - - client.update_ipa_config(new) - - if options.usersearch or options.groupsearch: - print "WARNING: Be sure that the attributes in User and Group search are indexed in the Directory Server or you may suffer a performance loss." - -def main(): - options, args = parse_options() - - client = ipaclient.IPAClient(verbose=options.verbose) - - if options.show: - show_config(client) - return 0 - - if update_policy(client, options): - return 1 - - print "Update successful." - - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1]) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-deldelegation b/ipa-admintools/ipa-deldelegation deleted file mode 100644 index f11cf4b4..00000000 --- a/ipa-admintools/ipa-deldelegation +++ /dev/null @@ -1,143 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa.ipaclient as ipaclient - import ipa.config - import ipa.ipautil as ipautil - - import xmlrpclib - import kerberos - import copy - import errno - import socket - - import ipa.aci - from ipa import ipaerror -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -aci_fields = ['*', 'aci'] - -def parse_options(): - usage = "%prog [-v|--verbose] name" - parser = OptionParser(usage=usage) - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - ipa.config.verify_args(parser, args, "name") - ipa.config.init_config(options) - - return options, args - -def main(): - - options, args = parse_options() - - client = ipaclient.IPAClient(verbose=options.verbose) - aci_entry = client.get_aci_entry(aci_fields) - - aci_str_list = aci_entry.getValues('aci') - if aci_str_list is None: - aci_str_list = [] - if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)): - aci_str_list = [aci_str_list] - - acistr = None - aci_list = [] - for aci_str in aci_str_list: - try: - aci = ipa.aci.ACI(aci_str) - if aci.name == args[0]: - acistr = aci_str - source_group = aci.source_group - else: - aci_list.append(aci) - except SyntaxError: - # ignore aci_str's that ACI can't parse - pass - - if acistr is None: - print "No delegation '%s' found." % args[0] - return 2 - - old_aci_index = aci_str_list.index(acistr) - - new_aci_str_list = copy.deepcopy(aci_str_list) - del new_aci_str_list[old_aci_index] - aci_entry.setValue('aci', new_aci_str_list) - - client.update_entry(aci_entry) - - last = True - # If this is the last delegation for a group, remove it from editors - for a in aci_list: - if source_group == a.source_group: - last = False - break - - if last: - group = client.get_entry_by_cn("editors") - client.remove_member_from_group(source_group, group.dn) - - print "Delegation removed." - - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except (SyntaxError, ipaerror.IPAError), e: - print "Delegation deletion failed: " + str(e) - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-delgroup b/ipa-admintools/ipa-delgroup deleted file mode 100644 index 62ae3962..00000000 --- a/ipa-admintools/ipa-delgroup +++ /dev/null @@ -1,109 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa - import ipa.ipaclient as ipaclient - import ipa.config - import ipa.ipautil as ipautil - import errno - import socket - import ldap - - import xmlrpclib - import kerberos -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def parse_options(): - usage = "%prog [-v|--verbose] group" - parser = OptionParser(usage=usage) - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - ipa.config.verify_args(parser, args, "group") - ipa.config.init_config(options) - - return options, args - -def main(): - options, args = parse_options() - - client = ipaclient.IPAClient(verbose=options.verbose) - groups = client.find_groups(args[0], ['cn','description','gidnumber','nsAccountLock']) - - counter = groups[0] - groups = groups[1:] - to_delete = None - - for i in range(counter): - dn_list = ldap.explode_dn(groups[i].dn.lower()) - if "cn=%s" % args[0].lower() in dn_list: - to_delete = groups[i] - - if to_delete is None: - print "Group '%s' not found." % args[0] - return 2 - - ret = client.delete_group(to_delete.dn) - if (ret == "Success"): - print args[0] + " successfully deleted" - else: - print args[0] + " " + ret - - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-delservice b/ipa-admintools/ipa-delservice deleted file mode 100644 index c295edc7..00000000 --- a/ipa-admintools/ipa-delservice +++ /dev/null @@ -1,110 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa - import ipa.ipaclient as ipaclient - import ipa.config - import ipa.ipautil as ipautil - - import xmlrpclib - import kerberos - import krbV - import ldap - import errno - import socket -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def parse_options(): - usage = "%prog [-v|--verbose] principal" - parser = OptionParser(usage=usage) - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - ipa.config.verify_args(parser, args, "principal") - ipa.config.init_config(options) - - return options, args - -def main(): - # The following fields are required - princ_name = "" - - options, args = parse_options() - - princ_name = args[0] - - client = ipaclient.IPAClient(verbose=options.verbose) - - hosts = client.find_service_principal(args[0], sattrs=None) - counter = hosts[0] - hosts = hosts[1:] - - if counter == 0: - print "Service Principal '%s' not found." % args[0] - return 2 - if counter != 1: - print "An exact match was not found. Found %d principals for %s" % (counter, args[0]) - return 2 - - client.delete_service_principal(hosts[0].dn) - - print "Successfully deleted" - - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-deluser b/ipa-admintools/ipa-deluser deleted file mode 100644 index 4b0db7e6..00000000 --- a/ipa-admintools/ipa-deluser +++ /dev/null @@ -1,90 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa - import ipa.ipaclient as ipaclient - import ipa.ipautil as ipautil - import ipa.config - import errno - import socket - - import xmlrpclib - import kerberos -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def parse_options(): - usage = "%prog [-v|--verbose] user" - parser = OptionParser(usage=usage) - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - ipa.config.verify_args(parser, args, "user") - ipa.config.init_config(options) - - return options, args - -def main(): - options, args = parse_options() - - client = ipaclient.IPAClient(verbose=options.verbose) - ret = client.delete_user(args[0]) - print args[0] + " successfully deleted" - - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-findgroup b/ipa-admintools/ipa-findgroup deleted file mode 100644 index d9a9acc3..00000000 --- a/ipa-admintools/ipa-findgroup +++ /dev/null @@ -1,157 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa.ipaclient as ipaclient - import ipa.ipaadminutil as ipaadminutil - import ipa.ipautil as ipautil - import ipa.config - - import errno - import sys - import xmlrpclib - import kerberos - import socket -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def parse_options(): - usage = "%prog [options] group" - parser = OptionParser(usage=usage) - - parser.add_option("-a", "--all", action="store_true", dest="all", - help="Show all group attributes") - parser.add_option("-n", "--notranslate", action="store_true", - dest="notranslate", - help="Don't translate LDAP attributes into readable labels") - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - ipa.config.verify_args(parser, args, "group") - ipa.config.init_config(options) - - return options, args - -def main(): - group={} - options, args = parse_options() - - client = ipaclient.IPAClient(verbose=options.verbose) - if options.all is None: - groups = client.find_groups(args[0], ['cn','description','gidnumber','nsAccountLock']) - else: - groups = client.find_groups(args[0], sattrs=['*','nsAccountLock']) - - counter = groups[0] - groups = groups[1:] - groupindex = -1 - if counter == 0: - print "No entries found for", args[0] - return 2 - elif counter == -1: - print "These results are truncated." - print "Please refine your search and try again." - - if counter > 1: - try: - groupindex = ipaadminutil.select_group(counter, groups) - except KeyboardInterrupt: - return 1 - if groupindex == "q": - return 0 - - if groupindex >= 0: - groups = [groups[groupindex]] - - for ent in groups: - try: - members = client.group_members(ent.dn, ['dn','cn'], 0) - except ipa.ipaerror.IPAError, e: - print "Error getting members for " + ent.dn - print str(e) - continue - attr = ent.attrList() - if options.notranslate: - labels = {} - for a in attr: - labels[a] = a - else: - labels = client.attrs_to_labels(attr) - - print "dn: " + ent.dn - - for a in attr: - value = ent.getValues(a) - if isinstance(value,str): - print labels[a] + ": " + value - else: - print labels[a] + ": " - for l in value: - print "\t" + l - - counter = members[0] - members = members[1:] - - if counter > 0: - print "Members:" - for m in members: - print " " + m.getValue('cn') + ": " + m.dn - # blank line between results - print - - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-findservice b/ipa-admintools/ipa-findservice deleted file mode 100644 index c9aa4c05..00000000 --- a/ipa-admintools/ipa-findservice +++ /dev/null @@ -1,105 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa.ipaclient as ipaclient - import ipa.config - import ipa.ipautil as ipautil - import ipa.ipaadminutil as ipaadminutil - - import errno - import sys - import xmlrpclib - import kerberos - import socket -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def parse_options(): - usage = "%prog [-v|--verbose] host" - parser = OptionParser(usage=usage) - - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - ipa.config.verify_args(parser, args, "host") - ipa.config.init_config(options) - - return options, args - -def main(): - user={} - options, args = parse_options() - - client = ipaclient.IPAClient(verbose=options.verbose) - hosts = client.find_service_principal(args[0], sattrs=None) - - counter = hosts[0] - hosts = hosts[1:] - userindex = 0 - if counter == 0: - print "No entries found for", args[0] - return 2 - elif counter == -1: - print "These results are truncated." - print "Please refine your search and try again." - - for ent in hosts: - print ent.krbprincipalname - - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-finduser b/ipa-admintools/ipa-finduser deleted file mode 100644 index 75df9493..00000000 --- a/ipa-admintools/ipa-finduser +++ /dev/null @@ -1,177 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import sys -try: - from optparse import OptionParser - import ipa.ipaclient as ipaclient - import ipa.config - import ipa.ipautil as ipautil - import ipa.ipaadminutil as ipaadminutil - import base64 - - import errno - import sys - import xmlrpclib - import kerberos - import socket -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def parse_options(): - usage = "%prog [-a|--all] [-n|--notranslate] [-v|--verbose] user" - parser = OptionParser(usage=usage) - - parser.add_option("-a", "--all", action="store_true", dest="all", - help="Display all attributes") - parser.add_option("-n", "--notranslate", action="store_true", - dest="notranslate", - help="Don't translate LDAP attributes into readable labels") - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - ipa.config.verify_args(parser, args, "user") - ipa.config.init_config(options) - - return options, args - -def wrap_binary_data(data): - """Converts all binary data strings into base64-encoded objects for display - """ - if isinstance(data, str): - if ipautil.needs_base64(data): - return base64.encodestring(data) - else: - return data - elif isinstance(data, list) or isinstance(data,tuple): - retval = [] - for value in data: - retval.append(wrap_binary_data(value)) - return retval - elif isinstance(data, dict): - retval = {} - for (k,v) in data.iteritems(): - retval[k] = wrap_binary_data(v) - return retval - else: - return data - -def main(): - user={} - options, args = parse_options() - - client = ipaclient.IPAClient(verbose=options.verbose) - if options.all is None: - users = client.find_users(args[0], sattrs=['uid','givenname','sn','homeDirectory','loginshell']) - else: - users = client.find_users(args[0], sattrs=None) - - counter = users[0] - users = users[1:] - userindex = 0 - if counter == 0: - print "No entries found for", args[0] - return 2 - elif counter == -1: - print "These results are truncated." - print "Please refine your search and try again." - - if counter > 1: - try: - userindex = ipaadminutil.select_user(counter, users) - except KeyboardInterrupt: - return 1 - if userindex == "q": - return 0 - - if userindex >= 0: - users = [users[userindex]] - - for ent in users: - attr = ent.attrList() - attr.sort() - - # Always have sn following givenname - try: - l = attr.index('givenname') - attr.remove('sn') - attr.insert(l+1, 'sn') - except ValueError: - pass - - if options.notranslate: - labels = {} - for a in attr: - labels[a] = a - else: - labels = client.attrs_to_labels(attr) - - if options.all is True: - print "dn: " + ent.dn - - for a in attr: - value = ent.getValues(a) - if isinstance(value,str): - print labels[a] + ": " + str(wrap_binary_data(value)).rstrip() - else: - print labels[a] + ": " - for l in value: - print "\t" + wrap_binary_data(l) - # blank line between results - print - - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-listdelegation b/ipa-admintools/ipa-listdelegation deleted file mode 100644 index 46ddf3a3..00000000 --- a/ipa-admintools/ipa-listdelegation +++ /dev/null @@ -1,140 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa.ipaclient as ipaclient - import ipa.config - import ipa.ipautil as ipautil - - import operator - import xmlrpclib - import kerberos - import errno - import socket - - import ipa.aci - from ipa import ipaerror -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -aci_fields = ['*', 'aci'] - -def parse_options(): - parser = OptionParser() - parser.add_option("-s", "--source", dest="source", - help="Source group of delegation") - parser.add_option("-n", "--name", dest="name", - help="Name of delegation") - parser.add_option("-t", "--target", dest="target", - help="Target group of delegation") - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - ipa.config.verify_args(parser, args) - ipa.config.init_config(options) - - return options, args - -def main(): - - options, args = parse_options() - - all = True - if options.name or options.source or options.target: - all = False - - client = ipaclient.IPAClient(verbose=options.verbose) - aci_entry = client.get_aci_entry(aci_fields) - - aci_str_list = aci_entry.getValues('aci') - if aci_str_list is None: - aci_str_list = [] - if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)): - aci_str_list = [aci_str_list] - - aci_list = [] - for aci_str in aci_str_list: - try: - aci = ipa.aci.ACI(aci_str) - aci_list.append(aci) - except SyntaxError: - # ignore aci_str's that ACI can't parse - pass - - group_dn_to_cn = ipa.aci.extract_group_cns(aci_list, client) - - found = False - # the operator.itemgetter(0) lets us sort by the name field - for a in sorted(aci_list, key=operator.itemgetter(0)): - labels = client.attrs_to_labels(a.attrs) - if (all or options.name == a.name or - options.source == group_dn_to_cn[a.source_group] or - options.target == group_dn_to_cn[a.dest_group]): - print "Delegation Name: " + a.name - print "Group " + group_dn_to_cn[a.source_group] - print " can modify these attributes: " - for l in labels: - print "\t" + labels[l] - print " for group " + group_dn_to_cn[a.dest_group] - print - found = True - - if found: - return 0 - else: - return 2 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipaerror.IPAError, e: - print("Delegation list failed: " + str(e)) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-lockuser b/ipa-admintools/ipa-lockuser deleted file mode 100644 index 85f2d5bf..00000000 --- a/ipa-admintools/ipa-lockuser +++ /dev/null @@ -1,109 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa - import ipa.ipaclient as ipaclient - import ipa.config - import ipa.ipautil as ipautil - import errno - import socket - - import xmlrpclib - import kerberos -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def parse_options(): - usage = "%prog [-u|--unlock] [-v|--verbose] user" - parser = OptionParser(usage=usage) - parser.add_option("-u", "--unlock", action="store_true", dest="unlock", - help="Unlock a user's account") - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - ipa.config.verify_args(parser, args, "user") - ipa.config.init_config(options) - - return options, args - -def main(): - options, args = parse_options() - - msg = "inactivated" - client = ipaclient.IPAClient(verbose=options.verbose) - if options.unlock: - try: - ret = client.mark_user_active(args[0]) - msg = "unlocked" - except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST): - print "User is already marked active" - return 0 - except: - raise - else: - try: - ret = client.mark_user_inactive(args[0]) - except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST): - print "User is already marked inactive" - return 0 - except: - raise - print args[0] + " successfully %s" % msg - - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-moddelegation b/ipa-admintools/ipa-moddelegation deleted file mode 100644 index 86e12c17..00000000 --- a/ipa-admintools/ipa-moddelegation +++ /dev/null @@ -1,241 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa - import ipa.ipaclient as ipaclient - import ipa.ipaadminutil as ipaadminutil - import ipa.config - import ipa.aci - import ipa.ipautil as ipautil - - import xmlrpclib - import kerberos - import krbV - import ldap - import copy - import errno - import socket -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -aci_fields = ['*', 'aci'] - -def parse_options(): - usage = "%prog -l|--list\n" - usage += "%prog [-a|--attributes attr1,attr2,..,attrn] [-s|--source STRING] [-t|--target STRING] [-v|--verbose] name" - parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter()) - parser.add_option("-a", "--attributes", dest="attributes", - help="The attributes the source group may change in the target group") - parser.add_option("-l", "--list", dest="list", action="store_true", - help="List common attributes (this is not an exhaustive list)") - parser.add_option("-s", "--source", dest="source", - help="The source group name") - parser.add_option("-t", "--target", dest="target", - help="The target group name") - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - - if not options.list: - if not options.attributes and not options.source and not options.target: - parser.error("need at least one option of -a, -s, or -t") - ipa.config.verify_args(parser, args, "name") - - ipa.config.init_config(options) - - return options, args - -def main(): - - options, args = parse_options() - - if options.list: - client = ipaclient.IPAClient(verbose=options.verbose) - l = client.get_all_attrs() - - for x in l: - print x - return 0 - - client = ipaclient.IPAClient(verbose=options.verbose) - - # first do some sanity checking - - if options.source: - source_grp = client.find_groups(options.source) - counter = source_grp[0] - source_grp = source_grp[1:] - groupindex = -1 - if counter == 0: - print "No entries found for %s" % options.source - return 2 - elif counter == -1: - print "These results are truncated." - print "Please refine your search and try again." - return 3 - - if counter > 1: - print "\nMultiple entries for the source group found." - groupindex = ipaadminutil.select_group(counter, source_grp) - if groupindex == "q": - return 0 - - if groupindex >= 0: - source_grp = [source_grp[groupindex]] - - if options.target: - target_grp = client.find_groups(options.target) - counter = target_grp[0] - target_grp = target_grp[1:] - groupindex = -1 - if counter == 0: - print "No entries found for %s" % options.target - return 2 - elif counter == -1: - print "These results are truncated." - print "Please refine your search and try again." - return 3 - - if counter > 1: - print "\nMultiple entries for the target group found." - groupindex = ipaadminutil.select_group(counter, target_grp) - if groupindex == "q": - return 0 - - if groupindex >= 0: - target_grp = [target_grp[groupindex]] - - if options.attributes: - attr_list = options.attributes.split(',') - - # find the old aci - - aci_entry = client.get_aci_entry(aci_fields) - - aci_str_list = aci_entry.getValues('aci') - if aci_str_list is None: - aci_str_list = [] - if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)): - aci_str_list = [aci_str_list] - - old_aci = None - acistr = None - aci_list = [] - for aci_str in aci_str_list: - try: - old_aci = ipa.aci.ACI(aci_str) - if old_aci.name == args[0]: - acistr = aci_str - orig_group = old_aci.source_group - else: - aci_list.append(old_aci) - except SyntaxError: - # ignore aci_str's that ACI can't parse - pass - - if acistr is None: - print "No delegation %s found." % args[0] - return 2 - - old_aci_index = aci_str_list.index(acistr) - - new_aci = ipa.aci.ACI() - new_aci.name = args[0] - if options.source: - new_aci.source_group = source_grp[0].dn - else: - new_aci.source_group = old_aci.source_group - if options.target: - new_aci.dest_group = target_grp[0].dn - else: - new_aci.dest_group = old_aci.dest_group - if options.attributes: - new_aci.attrs = attr_list - else: - new_aci.attrs = old_aci.attrs - new_aci_str = new_aci.export_to_string() - - new_aci_str_list = copy.deepcopy(aci_str_list) - new_aci_str_list[old_aci_index] = new_aci_str - aci_entry.setValue('aci', new_aci_str_list) - - client.update_entry(aci_entry) - - if options.source: - last = True - # If this is the last delegation for a group, remove it from editors - for a in aci_list: - if orig_group == a.source_group: - last = False - break - - if last: - group = client.get_entry_by_cn("editors") - client.remove_member_from_group(orig_group, group.dn) - - # Now add to the editors group so they can make changes in the UI - try: - group = client.get_entry_by_cn("editors") - client.add_group_to_group(new_aci.source_group, group.dn) - except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST): - # This is ok, ignore it - pass - - print "Delegation %s successfully updated" % args[0] - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-modgroup b/ipa-admintools/ipa-modgroup deleted file mode 100644 index 6f5d7290..00000000 --- a/ipa-admintools/ipa-modgroup +++ /dev/null @@ -1,234 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa - import ipa.group - import ipa.ipaclient as ipaclient - import ipa.config - import ipa.ipaerror - - import xmlrpclib - import kerberos - import ldap - import errno - import socket -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def set_add_usage(which): - print "%s option usage: --%s NAME=VALUE" % (which, which) - -def parse_options(): - usage = "%prog [-l|--list]\n" - usage += "%prog [-a|--add] [-r|--remove] [-v|--verbose] user group\n" - usage += "%prog [-g|--groupadd] [-e|--groupdel] [-v|--verbose] group group\n" - usage += "%prog [-d|--desc description STRING] [--addattr attribute=value] [--delattr attribute] [--setattr attribute=value] [-v|--verbose] group" - parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter()) - parser.add_option("-a", "--add", dest="add", action="store_true", - help="Add a user to the group") - parser.add_option("-r", "--remove", dest="remove", action="store_true", - help="Remove a user from the group") - parser.add_option("-g", "--groupadd", dest="groupadd", action="store_true", - help="Add a group to the group") - parser.add_option("-e", "--groupdel", dest="groupdel", action="store_true", - help="Remove a group from the group") - parser.add_option("-d", "--description", dest="desc", - help="Modify the description of the group") - parser.add_option("--addattr", dest="addattr", - help="Adds an attribute or values to that attribute, attr=value", - action="append") - parser.add_option("--delattr", dest="delattr", - help="Remove an attribute", action="append") - parser.add_option("--setattr", dest="setattr", - help="Set an attribute, dropping any existing values that may exist", - action="append") - parser.add_option("-l", "--list", dest="list", action="store_true", - help="List common attributes (this is not an exhaustive list)") - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - - if ((not options.add and not options.remove) and - (not options.groupadd and not options.groupdel) and - (not options.desc and not options.addattr and - not options.delattr and not options.setattr and not options.list)): - parser.error("need to specify at least one operation") - - if not options.list: - if options.add or options.remove: - ipa.config.verify_args(parser, args, "user group") - elif options.groupadd or options.groupdel: - ipa.config.verify_args(parser, args, "group group") - elif options.desc or options.addattr or options.delattr or options.setattr: - ipa.config.verify_args(parser, args, "group") - - ipa.config.init_config(options) - - return options, args - -def get_group(client, options, group_cn): - try: - attrs = ['*'] - - # in case any attributes being modified are operational such as - # nsaccountlock. Any attribute to be deleted needs to be included - # in the original record so it can be seen as being removed. - if options.delattr: - for d in options.delattr: - attrs.append(d) - group = client.get_entry_by_cn(group_cn, sattrs=attrs) - - except ipa.ipaerror.IPAError, e: - print "%s" % e.message - return None - - return group - -def main(): - group=ipa.group.Group() - options, args = parse_options() - - if options.list: - client = ipaclient.IPAClient(verbose=options.verbose) - list = client.get_all_attrs() - - for x in list: - print x - return 0 - - client = ipaclient.IPAClient(verbose=options.verbose) - if options.add: - group = get_group(client, options, args[1]) - if group is None: - return 1 - users = args[0].split(',') - for user in users: - client.add_user_to_group(user, group.dn) - print user + " successfully added to " + args[1] - elif options.remove: - group = get_group(client, options, args[1]) - if group is None: - return 1 - users = args[0].split(',') - for user in users: - client.remove_user_from_group(user, group.dn) - print user + " successfully removed" - elif options.groupadd: - group = get_group(client, options, args[1]) - if group is None: - return 1 - groups = args[0].split(',') - for g in groups: - tgroup = get_group(client, options, g) - if tgroup is not None: - client.add_group_to_group(tgroup.dn, group.dn) - print g + " successfully added to " + args[1] - else: - print "Group %s not found" % g - elif options.groupdel: - group = get_group(client, options, args[1]) - if group is None: - return 1 - groups = args[0].split(',') - for g in groups: - tgroup = get_group(client, options, g) - if tgroup is not None: - client.remove_member_from_group(tgroup.dn, group.dn) - print g + " successfully removed " + args[1] - else: - print "Group %s not found" % g - else: - group = get_group(client, options, args[0]) - if group is None: - return 1 - - if options.desc: - group.setValue('description', options.desc) - - if options.delattr: - for d in options.delattr: - group.delValue(d) - - if options.setattr: - for s in options.setattr: - s = s.split('=', 1) - if len(s) != 2: - set_add_usage("set") - sys.exit(1) - (attr,value) = s - group.setValue(attr, value) - - if options.addattr: - for a in options.addattr: - a = a.split('=', 1) - if len(a) != 2: - set_add_usage("add") - sys.exit(1) - (attr,value) = a - cvalue = group.getValue(attr) - if cvalue: - if isinstance(cvalue,str): - cvalue = [cvalue] - value = cvalue + [value] - group.setValue(attr, value) - - client.update_group(group) - print args[0] + " successfully updated" - - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e)) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-moduser b/ipa-admintools/ipa-moduser deleted file mode 100644 index ec483a5d..00000000 --- a/ipa-admintools/ipa-moduser +++ /dev/null @@ -1,256 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa - import ipa.user - import ipa.ipaclient as ipaclient - import ipa.ipavalidate as ipavalidate - import ipa.ipautil as ipautil - import ipa.config - - import xmlrpclib - import kerberos - import ldap - import errno - import socket -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def set_add_usage(which): - print "%s option usage: --%s NAME=VALUE" % (which, which) - -def parse_options(): - usage = "%prog --list\n" - usage = "%prog [options] user" - parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter()) - parser.add_option("-a", "--activate", dest="activate", action="store_true", - help="Activate the user") - parser.add_option("-c", "--gecos", dest="gecos", - help="Set the GECOS field") - parser.add_option("-d", "--directory", dest="directory", - help="Set the User's home directory") - parser.add_option("-f", "--firstname", dest="gn", - help="User's first name") - parser.add_option("-l", "--lastname", dest="sn", - help="User's last name") - parser.add_option("-s", "--shell", dest="shell", - help="Set user's login shell to shell") - parser.add_option("--addattr", dest="addattr", - help="Adds an attribute or values to that attribute, attr=value", - action="append") - parser.add_option("--delattr", dest="delattr", - help="Remove an attribute", action="append") - parser.add_option("--setattr", dest="setattr", - help="Set an attribute, dropping any existing values that may exist", - action="append") - parser.add_option("--list", dest="list", action="store_true", - help="List common attributes (this is not an exhaustive list)") - parser.add_option("-M", "--mailAddress", dest="mail", - help="Set user's e-mail address") - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - - if not options.list: - ipa.config.verify_args(parser, args, "user") - - ipa.config.init_config(options) - - return options, args - -def main(): - # The following fields are required - givenname = "" - lastname = "" - username = "" - mail = "" - gecos = "" - directory = "" - groups = "" - shell = "" - - match = False - - options, args = parse_options() - - if options.list: - client = ipaclient.IPAClient(verbose=options.verbose) - list = client.get_all_attrs() - - for x in list: - print x - return 0 - - username = args[0] - - client = ipaclient.IPAClient(verbose=options.verbose) - try: - attrs = ['*'] - - # in case any attributes being modified are operational such as - # nsaccountlock. Any attribute to be deleted needs to be included - # in the original record so it can be seen as being removed. - if options.delattr: - for d in options.delattr: - attrs.append(d) - user = client.get_user_by_uid(username, sattrs=attrs) - except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND): - print "User %s not found" % username - return 1 - except: - raise - - # If any options are set we use just those. Otherwise ask for all of them. - if options.gn or options.sn or options.directory or options.gecos or options.mail or options.shell or options.addattr or options.delattr or options.setattr or options.activate: - givenname = options.gn - lastname = options.sn - gecos = options.gecos - directory = options.directory - mail = options.mail - shell = options.shell - else: - if not options.gn: - givenname = ipautil.user_input("First name", user.getValue('givenname'), allow_empty = False) - else: - givenname = options.gn - if (not ipavalidate.String(givenname, notEmpty=True)): - print "Please enter a value" - return 1 - - if not options.sn: - lastname = ipautil.user_input("Last name", user.getValue('sn'), allow_empty = False) - else: - lastname = options.sn - if (not ipavalidate.String(lastname, notEmpty=True)): - print "Please enter a value" - return 1 - - if not options.mail: - mail = ipautil.user_input_email("E-mail address", user.getValue('mail'), allow_empty = True) - else: - mail = options.mail - if (not ipavalidate.Email(mail)): - print "E-mail must include a user and domain name" - return 1 - - # Ask the questions we don't normally force. We don't require answers - # for these. - if not options.gecos: - gecos = ipautil.user_input("gecos", user.getValue('gecos')) - - if not options.directory: - directory = ipautil.user_input_path("Home directory", user.getValue('homeDirectory')) - if not options.shell: - shell = ipautil.user_input("Shell", user.getValue('loginshell'), allow_empty = False) - - if givenname: - user.setValue('givenname', givenname) - if lastname: - user.setValue('sn', lastname) - if mail: - user.setValue('mail', mail) - - if gecos: - user.setValue('gecos', gecos) - if directory: - user.setValue('homedirectory', directory) - if shell: - user.setValue('loginshell', shell) - - if options.delattr: - for d in options.delattr: - user.delValue(d) - - if options.setattr: - for s in options.setattr: - s = s.split('=', 1) - if len(s) != 2: - set_add_usage("set") - sys.exit(1) - (attr,value) = s - user.setValue(attr, value) - - if options.addattr: - for a in options.addattr: - a = a.split('=', 1) - if len(a) != 2: - set_add_usage("add") - sys.exit(1) - (attr,value) = a - cvalue = user.getValues(attr) - if cvalue: - if isinstance(cvalue,str): - cvalue = [cvalue] - value = cvalue + [value] - user.setValue(attr, value) - - if options.activate: - try: - client.mark_user_active(user.getValues('uid')) - print "User activated successfully." - except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST): - print "User is already marked active" - return 0 - except: - raise - - client.update_user(user) - - print username + " successfully updated" - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1]) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-passwd b/ipa-admintools/ipa-passwd deleted file mode 100644 index 616e6cac..00000000 --- a/ipa-admintools/ipa-passwd +++ /dev/null @@ -1,146 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Tempal Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa - import ipa.ipaclient as ipaclient - import ipa.config - - import xmlrpclib - import kerberos - import krbV - import ldap - import getpass - import errno - import socket -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def parse_options(): - usage = "ipa-passwd [-v|--verbose] [user]" - parser = OptionParser(usage=usage) - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - if len(args) > 1: - parser.error("too many arguments") - ipa.config.init_config(options) - - return options, args - -def get_principal(krbctx): - try: - ccache = krbctx.default_ccache() - cprinc = ccache.principal() - except krbV.Krb5Error, e: - #TODO: do a kinit - print "Unable to get kerberos principal: %s" % e[1] - return None - - return cprinc.name - -def main(): - match = False - username = None - principal = None - - options, args = parse_options() - - krbctx = krbV.default_context() - - if len(args) == 1: - username = args[0] - else: - principal = get_principal(krbctx) - if principal is None: - return 1 - - if not principal: - u = username.split('@') - if len(u) > 2 or len(u) == 0: - print "Invalid user name (%s)" % username - if len(u) == 1: - principal = username+"@"+krbctx.default_realm - else: - principal = username - - print "Changing password for %s" % principal - - try: - while (match != True): - # No syntax checking of the password is required because that is - # done on the server side - password = getpass.getpass(" New Password: ") - confirm = getpass.getpass(" Confirm Password: ") - if (password != confirm): - print "Passwords do not match" - match = False - elif (len(password) < 1): - print "Password cannot be empty" - match = False - else: - match = True - except KeyboardInterrupt: - print "" - print "Password change cancelled" - return 1 - - client = ipaclient.IPAClient(verbose=options.verbose) - client.modifyPassword(principal, '', password) - - return 0 - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1]) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/ipa-pwpolicy b/ipa-admintools/ipa-pwpolicy deleted file mode 100644 index 91b0f3ec..00000000 --- a/ipa-admintools/ipa-pwpolicy +++ /dev/null @@ -1,153 +0,0 @@ -#! /usr/bin/python -E -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -import sys -try: - from optparse import OptionParser - import ipa - import ipa.entity - import ipa.ipaclient as ipaclient - import ipa.config - - import xmlrpclib - import kerberos - import errno - import validate - import socket -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -def parse_options(): - usage = "ipa-pwpolicy [--maxlife days] [--minlife hours] [--history number] [--minclasses number] [--minlength number] [-v|--verbose]\n" - usage += "ipa-pwpolicy --show" - parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter()) - parser.add_option("--maxlife", dest="maxlife", - help="Max. Password Lifetime (days)") - parser.add_option("--minlife", dest="minlife", - help="Min. Password Lifetime (hours)") - parser.add_option("--history", dest="history", - help="Password History Size") - parser.add_option("--minclasses", dest="minclasses", - help="Min. Number of Character Classes") - parser.add_option("--minlength", dest="minlength", - help="Min. Length of Password") - parser.add_option("--show", dest="show", action="store_true", - help="Show the current password policy") - parser.add_option("--usage", action="store_true", - help="Program usage") - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="Verbose output of the XML-RPC connection") - - ipa.config.add_standard_options(parser) - options, args = parser.parse_args() - - if not options.show: - if not options.maxlife and not options.minlife and not options.history and not options.minclasses and not options.minlength: - parser.error("need at least one option of --maxlife, --minlife, --history, --minclasses or --minlength") - - ipa.config.init_config(options) - - return options, args - -def show_policy(client): - policy = client.get_password_policy() - print "Password Policy" - print "Min. Password Lifetime (hours): %s" % policy.getValues('krbminpwdlife') - print "Max. Password Lifetime (days): %s" % policy.getValues('krbmaxpwdlife') - print "Min. Number of Character Classes: %s" % policy.getValues('krbpwdmindiffchars') - print "Min. Length of Password: %s" % policy.getValues('krbpwdminlength') - print "Password History Size: %s" % policy.getValues('krbpwdhistorylength') - -def update_policy(client, options): - current = client.get_password_policy() - - new = ipa.entity.Entity(current.toDict()) - - try: - if options.maxlife: - validate.is_integer(options.maxlife, min=0) - new.setValue('krbmaxpwdlife', options.maxlife) - if options.minlife: - validate.is_integer(options.minlife, min=0) - new.setValue('krbminpwdlife', options.minlife) - if options.history: - validate.is_integer(options.history, min=0) - new.setValue('krbpwdhistorylength', options.history) - if options.minclasses: - validate.is_integer(options.minclasses, min=0) - new.setValue('krbpwdmindiffchars', options.minclasses) - if options.minlength: - validate.is_integer(options.minlength, min=0) - new.setValue('krbpwdminlength', options.minlength) - except (validate.VdtTypeError, validate.VdtValueTooSmallError), e: - print e - return 1 - - if int(new.getValue('krbminpwdlife')) > int(new.getValue('krbmaxpwdlife')) * 24: - print "Maximum password life must be greater than minimum" - return 1 - - client.update_password_policy(new) - return 0 - -def main(): - options, args = parse_options() - - client = ipaclient.IPAClient(verbose=options.verbose) - - if options.show: - show_policy(client) - return 0 - - return update_policy(client, options) - -try: - if __name__ == "__main__": - sys.exit(main()) -except SystemExit, e: - sys.exit(e) -except KeyboardInterrupt, e: - sys.exit(1) -except xmlrpclib.Fault, fault: - if fault.faultCode == errno.ECONNREFUSED: - print "The IPA XML-RPC service is not responding." - else: - print fault.faultString - sys.exit(1) -except kerberos.GSSError, e: - print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1]) - sys.exit(1) -except xmlrpclib.ProtocolError, e: - print "Unable to connect to IPA server: %s" % (e.errmsg) - sys.exit(1) -except ipa.ipaerror.IPAError, e: - print "%s" % (e.message) - sys.exit(1) -except socket.error, e: - print e[1] - print "Re-run with -v flag for more details." -except Exception, e: - print "%s" % str(e) - sys.exit(1) diff --git a/ipa-admintools/man/Makefile b/ipa-admintools/man/Makefile deleted file mode 100644 index 506dbb43..00000000 --- a/ipa-admintools/man/Makefile +++ /dev/null @@ -1,32 +0,0 @@ -MANDIR = $(DESTDIR)/usr/share/man - -MANFILES=\ - ipa-adddelegation.1 \ - ipa-addgroup.1 \ - ipa-addservice.1 \ - ipa-adduser.1 \ - ipa-deldelegation.1 \ - ipa-delgroup.1 \ - ipa-delservice.1 \ - ipa-deluser.1 \ - ipa-findgroup.1 \ - ipa-findservice.1 \ - ipa-finduser.1 \ - ipa-modgroup.1 \ - ipa-listdelegation.1 \ - ipa-lockuser.1 \ - ipa-moddelegation.1 \ - ipa-passwd.1 \ - ipa-pwpolicy.1 \ - ipa-moduser.1 \ - ipa-defaultoptions.1 - -all: ; - -install: - mkdir -p $(MANDIR)/man1 - @for i in $(MANFILES) ; do install -m 644 $$i $(MANDIR)/man1 ; gzip -f $(MANDIR)/man1/$$i ; done - -clean: - -test: diff --git a/ipa-admintools/man/ipa-adddelegation.1 b/ipa-admintools/man/ipa-adddelegation.1 deleted file mode 100644 index 4db109f6..00000000 --- a/ipa-admintools/man/ipa-adddelegation.1 +++ /dev/null @@ -1,62 +0,0 @@ -.\" A man page for ipa-adddelegation -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-adddelegation" "1" "Oct 24 2007" "freeipa" "" -.SH "NAME" -ipa\-adddelegation \- Add a delegation - -.SH "SYNOPSIS" -ipa\-adddelegation [\fIOPTION\fR]... \fIname\fR - -.SH "DESCRIPTION" -Adds a delegation named \fIname\fR. - -A delegation is used to grant write access to certain attributes from one group to another. - -For example, a secretary group may be granted write access to modify the phone attribute of all users in a manager's group. -.SH "OPTIONS" -.TP -\fB\-a\fR, \fB\-\-attributes\fR=\fIATTRIBUTES\fR -A comma\-separated list of the \f[SM]attributes\fR that may be written by the source group. -.TP -\fB\-l\fR -Provide a list of common attribute names. This is not an exhaustive list. -.TP -\fB\-s\fR, \fB\-\-source\fR=\fISOURCE\fR -The name of the group that is being granted write permission. -.TP -\fB\-t\fR, \fB\-\-target\fR=\fITARGET\fR -The name of the group that will be written to. -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output -.PP -All arguments except \-v/\-\-verbose are mandatory. -.SH "EXAMPLES" -.TP -ipa\-adddelegation \-a telephonenumber,facsimiletelephonenumber,mobile \-s secretaries \-t everyone phones - -Create a delegation named \fBphones\fR that will let anyone in the \fIsecretaries\fR group edit the phone numbers of anyone in the group \fIeveryone\fR. -.SH "EXIT STATUS" -0 if the delegation was added successfully - -1 if an error occurred - -2 if no not exactly one matching source group was found (0 or more than one) - -3 if no not exactly one matching target group was found (0 or more than one diff --git a/ipa-admintools/man/ipa-addgroup.1 b/ipa-admintools/man/ipa-addgroup.1 deleted file mode 100644 index 0e61c619..00000000 --- a/ipa-admintools/man/ipa-addgroup.1 +++ /dev/null @@ -1,51 +0,0 @@ -.\" A man page for ipa-addgroup -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-addgroup" "1" "Oct 10 2007" "freeipa" "" -.SH "NAME" -ipa\-addgroup \- Add a group - -.SH "SYNOPSIS" -ipa\-addgroup [\fIOPTION\fR]... \fIgroup\fR - -.SH "DESCRIPTION" -Adds a group with name \fIgroup\fR. -.SH "OPTIONS" -.TP -\fB\-d\fR, \fB\-\-description\fR=\fIdescription\fR -Set the description of the group to \fIdescription\fR. -.TP -\fB\-g\fR, \fB\-\-gid\fR=\fIgid\fR -Set the gid for this group to \fIgid\fR. -If this option is not present, one is created automatically -by \fBfreeIPA\fR. -.TP -\fB\-\-addattr\fR \fIattr=value\fR -Adds \fIvalue\fR to attribute \fIattr\fR. Attributes set this way are done after other options. If an attribute is listed more than once or already exists in the entry, it is considered a multi\-valued attribute and a list of the values is created. -.TP -\fB\-\-setattr\fR \fIattr=value\fR -Set attribute \fIattr\fR to \fIvalue\fR. Any existing value will be replaced with \fIvalue\fR. -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output. -.PP -The group name and description are mandatory fields. If either of these are not included on the command line you will be asked interactively. - -If no options are passed then all questions are asked. -.SH "EXIT STATUS" -The exit status is 0 on success, nonzero on error. diff --git a/ipa-admintools/man/ipa-addservice.1 b/ipa-admintools/man/ipa-addservice.1 deleted file mode 100644 index 54550572..00000000 --- a/ipa-admintools/man/ipa-addservice.1 +++ /dev/null @@ -1,59 +0,0 @@ -.\" A man page for ipa-addservice -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-addservice" "1" "Jan 4 2008" "freeipa" "" -.SH "NAME" -ipa\-addservice \- Add a service principal - -.SH "SYNOPSIS" -ipa\-addservice [\fIOPTION\fR]... \fIprincipal\fR -.SH "DESCRIPTION" -Adds a service principal \fIprincipal\fR. - -The principal takes the form of: - -service/fully\-qualified\-hostname - -The list of possible services is too extensive to list here but a short list is: - -cifs -dns -host -HTTP -ldap -nfs - -The IPA server automatically appends the Kerberos realm for which it is configured. You cannot specify a different realm. - -The hostname must resolve to a DNS A record in order to ensure that it will work with Kerberos. Use the \-\-force flag to force the creation of a principal. -.SH "OPTIONS" -.TP -\fB\-\-force\fR -Force the creation of the given principal name. -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output. -.SH "EXAMPLES" -.TP -ipa\-addservice HTTP/www.example.com -Add a service principal for a web server -.TP -ipa\-addservice host/ipa.example.com -Add a service principal for the host (for ssh, for example) -.SH "EXIT STATUS" -The exit status is 0 on success, nonzero on error. diff --git a/ipa-admintools/man/ipa-adduser.1 b/ipa-admintools/man/ipa-adduser.1 deleted file mode 100644 index 0b8ad3e3..00000000 --- a/ipa-admintools/man/ipa-adduser.1 +++ /dev/null @@ -1,84 +0,0 @@ -.\" A man page for ipa-adduser -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-adduser" "1" "Oct 10 2007" "freeipa" "" -.SH "NAME" -ipa\-adduser \- Add a user - -.SH "SYNOPSIS" -ipa\-adduser [\fIOPTION\fR]... \fIuser\fR - -.SH "DESCRIPTION" -Adds a user with username \fIuser\fR. - -.SH "OPTIONS" -.TP -\fB\-c\fR, \fB\-\-gecos\fR=\fIgecos\fR -Set the \f[SM]GECOS\fR field to \fIgecos\fR. -The \f[SM]GECOS\fR field is traditionally used to store user's real name and other information. -.TP -\fB\-d\fR, \fB\-\-directory\fR=\fIdirectory\fR -Set user's home directory to \fIdirectory\fR. -If this option is not present, a default specified by the -.B freeIPA configuration is used. -.TP -\fB\-f\fR, \fB\-\-firstname\fR=\fIgivenName\fR -Set user's first name to \fIgivenName\fR. -.TP -\fB\-l\fR, \fB\-\-lastname\fR=\fIfamilyName\fR -Set user's last name to \fIfamilyName\fR. -.TP -\fB\-p\fR, \fB\-\-password\fR=\fIpassword\fR -Set user's password to \fIpassword\fR. -.TP -\fB\-P\fR -Prompt for the user's password. -.TP -\fB\-s\fR, \fB\-\-shell\fR=\fIshell\fR -Set the user's login shell to \fIshell\fR. -If this option is not present, a default specified by the -.B freeIPA configuration is used. -.TP -\fB\-G\fR, \fB\-\-groups\fR=\fIgroups\fR -Add this user to one or more groups in \fIgroups\fR. -\fIgroups\fR is a comma\-separated list of groups. -Each \fIgroup\fR must already exist. -.TP -\fB\-k\fR, \fB\-\-krb\-principal\fR=\fIprincipal\fR -Set this user's principal to \fIprincipal\fR. -By default the principal is set to \fBuser\fR. -.TP -\fB\-M\fR, \fB\-\-mailAddress\fR=\fImail\fR -Set this user's e\-mail address to \fImail\fR. -.TP -\fB\-\-addattr\fR \fIattr=value\fR -Adds \fIvalue\fR to attribute \fIattr\fR. Attributes set this way are done after other options. If an attribute is listed more than once or already exists in the entry, it is considered a multi\-valued attribute and a list of the values is created. -.TP -\fB\-\-setattr\fR \fIattr=value\fR -Set attribute \fIattr\fR to \fIvalue\fR. Any existing value will be replaced with \fIvalue\fR. -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output. -.PP -The mandatory fields are: user, first name and last name. If any of these are not included on the command line you will be asked interactively. - -The password is asked interactively if not passed on the command\-line but it isn't mandatory. Leaving both values blank will leave the password unset on the account. - -If no options are passed then all questions are asked. -.SH "EXIT STATUS" -The exit status is 0 on success, nonzero on error. diff --git a/ipa-admintools/man/ipa-defaultoptions.1 b/ipa-admintools/man/ipa-defaultoptions.1 deleted file mode 100644 index f58588fe..00000000 --- a/ipa-admintools/man/ipa-defaultoptions.1 +++ /dev/null @@ -1,65 +0,0 @@ -.\" A man page for ipa-defaultoptions -.\" Copyright (C) 2008 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-defaultoptions" "1" "Jul 14 2008" "freeipa" "" -.SH "NAME" -ipa\-defaultoptions \- Display or modify the IPA Search and User Policies -.SH "SYNOPSIS" -ipa\-defaultoptions [\-\-maxusername number] [\-\-homedir directory] [\-\-defaultshell shell] [\-\-defaultgroup group] [\-\-emaildomain domain] [\-\-searchtimelimit number] [\-\-searchrecordslimit number] [\-\-usersearch fields] [\-\-groupsearch fields] [\-v|\-\-verbose] -ipa\-defaultoptions \-\-show -.SH "DESCRIPTION" -Displays or updates the IPA Search and User Policy. - -.SH "OPTIONS" -.TP -\fB\-\-maxusername\fR=\fIMAXUSERNAME\fR -Max. Length of a username -.TP -\fB\-\-homedir\fR=\fIHOMEDIR\fR -Default location of home directories -.TP -\fB\-\-defaultshell\fR=\fIDEFAULTSHELL\fR -Default shell for new users -.TP -\fB\-\-defaultgroup\fR=\fIDEFAULTGROUP\fR -Default group for new users -.TP -\fB\-\-emaildomain\fR=\fIEMAILDOMAIN\fR -Default e\-mail domain -.TP -\fB\-\-searchtimelimit\fR=\fISEARCHTIMELIMIT\fR -Max. amount of time (sec.) for a search (-1 for unlimited) -.TP -\fB\-\-searchrecordslimit\fR=\fISEARCHRECORDSLIMIT\fR -Max. number of records to search (-1 for unlimited) -.TP -\fB\-\-usersearch\fR=\fIUSERSEARCH\fR -A comma\-separated list of fields to search when -searching for users -.TP -\fB\-\-groupsearch\fR=\fIGROUPSEARCH\fR -A comma\-separated list of fields to search when -searching for groups -.TP -\fB\-\-show\fR -Display the current password policy. -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output -.SH "EXIT STATUS" -The exit status is 0 on success, nonzero on error. diff --git a/ipa-admintools/man/ipa-deldelegation.1 b/ipa-admintools/man/ipa-deldelegation.1 deleted file mode 100644 index f3d4a904..00000000 --- a/ipa-admintools/man/ipa-deldelegation.1 +++ /dev/null @@ -1,39 +0,0 @@ -.\" A man page for ipa-deldelegation -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-deldelegation" "1" "Oct 24 2007" "freeipa" "" -.SH "NAME" -ipa\-deldelegation \- Remove a delegation - -.SH "SYNOPSIS" -ipa\-deldelegation \fIname\fR - -.SH "OPTIONS" -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output. -.SH "DESCRIPTION" -Removes an existing delegation named \fIname\fR. - -A delegation is used to grant write access to certain attributes from one group to another. ipa\-deldelegation removes this access. -.SH "EXIT STATUS" -0 if the delegation was removed successfully - -1 if an error occurred - -2 if no matching delegation was found diff --git a/ipa-admintools/man/ipa-delgroup.1 b/ipa-admintools/man/ipa-delgroup.1 deleted file mode 100644 index 4e87bcf4..00000000 --- a/ipa-admintools/man/ipa-delgroup.1 +++ /dev/null @@ -1,37 +0,0 @@ -.\" A man page for ipa-delgroup -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-delgroup" "1" "Oct 10 2007" "freeipa" "" -.SH "NAME" -ipa\-delgroup \- Delete a group - -.SH "SYNOPSIS" -ipa\-delgroup \fIgroup\fR - -.SH "OPTIONS" -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output. -.SH "DESCRIPTION" -Deletes a group with group name \fIgroup\fR. - -Members of the group are not affected. - -The groups \fIadmins\fR and \fIeditors\fR are required by IPA and may not be removed. -.SH "EXIT STATUS" -The exit status is 0 on success, nonzero on error. diff --git a/ipa-admintools/man/ipa-delservice.1 b/ipa-admintools/man/ipa-delservice.1 deleted file mode 100644 index 779b9eca..00000000 --- a/ipa-admintools/man/ipa-delservice.1 +++ /dev/null @@ -1,38 +0,0 @@ -.\" A man page for ipa-delservice -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-delservice" "1" "Jan 11 2008" "freeipa" "" -.SH "NAME" -ipa\-delservice \- Delete a service principal - -.SH "SYNOPSIS" -ipa\-delservice \fIprincipal\fR - -.SH "OPTIONS" -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output. -.SH "DESCRIPTION" -Deletes a service principal with name \fIprincipal\fR. - -.SH "EXIT STATUS" -0 on success - -1 if an error occurred - -2 if not exactly one matching entries was found diff --git a/ipa-admintools/man/ipa-deluser.1 b/ipa-admintools/man/ipa-deluser.1 deleted file mode 100644 index 2679302e..00000000 --- a/ipa-admintools/man/ipa-deluser.1 +++ /dev/null @@ -1,35 +0,0 @@ -.\" A man page for ipa-deluser -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-deluser" "1" "Oct 10 2007" "freeipa" "" -.SH "NAME" -ipa\-deluser \- Delete a user - -.SH "SYNOPSIS" -ipa\-deluser \fIuser\fR - -.SH "OPTIONS" -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output. -.SH "DESCRIPTION" -Deletes a user with user name \fIname\fR. - -Users are automatically removed from groups when they are deleted. -.SH "EXIT STATUS" -The exit status is 0 on success, nonzero on error. diff --git a/ipa-admintools/man/ipa-findgroup.1 b/ipa-admintools/man/ipa-findgroup.1 deleted file mode 100644 index 266a60cd..00000000 --- a/ipa-admintools/man/ipa-findgroup.1 +++ /dev/null @@ -1,41 +0,0 @@ -.\" A man page for ipa-findgroup -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-findgroup" "1" "Oct 10 2007" "freeipa" "" -.SH "NAME" -ipa\-findgroup \- Find a group - -.SH "SYNOPSIS" -ipa\-findgroup \fIstring\fR - -.SH "OPTIONS" -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output. -.SH "DESCRIPTION" -Searches for a group that contains \fIstring\fR. - -The search is a substring search in the name and description attributes. - -All entries that match are displayed. -.SH "EXIT STATUS" -0 if one or more entries were found - -1 if an error occurred - -2 if no matching entries were found diff --git a/ipa-admintools/man/ipa-findservice.1 b/ipa-admintools/man/ipa-findservice.1 deleted file mode 100644 index 3942391c..00000000 --- a/ipa-admintools/man/ipa-findservice.1 +++ /dev/null @@ -1,48 +0,0 @@ -.\" A man page for ipa-findservice -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-findservice" "1" "Jan 11 2008" "freeipa" "" -.SH "NAME" -ipa\-findservice \- Find a service principal -.SH "SYNOPSIS" -ipa\-findservice \fIstring\fR - -.SH "DESCRIPTION" -Searches for a service principal that contains \fIstring\fR. - -The search is a substring search in the service principal. You can search for all principals for a given host, by service or a substring. - -All entries that match are displayed. -.SH "OPTIONS" -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output. -.SH "EXAMPLES" -Find all ldap service principals issued by the IPA KDC: - - # ipa\-findservice ldap - -Find all service principals for ipa.example.com: - - # ipa\-findservice ipa.example.com -.SH "EXIT STATUS" -0 if one or more entries were found - -1 if an error occurred - -2 if no matching entries were found diff --git a/ipa-admintools/man/ipa-finduser.1 b/ipa-admintools/man/ipa-finduser.1 deleted file mode 100644 index 1730daba..00000000 --- a/ipa-admintools/man/ipa-finduser.1 +++ /dev/null @@ -1,48 +0,0 @@ -.\" A man page for ipa-finduser -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-finduser" "1" "Oct 10 2007" "freeipa" "" -.SH "NAME" -ipa\-finduser \- Find a user -.SH "SYNOPSIS" -ipa\-finduser [\fIOPTION\fR]... \fIstring\fR - -.SH "DESCRIPTION" -Searches for a user that contains \fIstring\fR. - -The search is a substring search in the username, given name, family name, telephone number, organization and title attributes. - -All entries that match are displayed. -.SH "OPTIONS" -.TP -\fB\-a\fR, \fB\-\-all -Display all attributes -.TP -\fB\-n\fR, \fB\-\-notranslate\fR -Don't translate the LDAP attribute names to labels that match the UI. -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output. -.PP -By default, the full name, home directory, login shell, and username fields are displayed. -.SH "EXIT STATUS" -0 if one or more entries were found - -1 if an error occurred - -2 if no matching entries were found diff --git a/ipa-admintools/man/ipa-listdelegation.1 b/ipa-admintools/man/ipa-listdelegation.1 deleted file mode 100644 index 9118bc9a..00000000 --- a/ipa-admintools/man/ipa-listdelegation.1 +++ /dev/null @@ -1,37 +0,0 @@ -.\" A man page for ipa-listdelegation -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-listdelegation" "1" "Oct 24 2007" "freeipa" "" -.SH "NAME" -ipa\-listdelegation \- Lists all current delegations - -.SH "SYNOPSIS" -ipa\-listdelegation - -.SH "DESCRIPTION" -Lists all current delegations. - -No sorting is done. -.SH "OPTIONS" -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output. -.SH "EXIT STATUS" -0 if the delegations are listed successfully - -1 if an error occurred diff --git a/ipa-admintools/man/ipa-lockuser.1 b/ipa-admintools/man/ipa-lockuser.1 deleted file mode 100644 index 79df5c0e..00000000 --- a/ipa-admintools/man/ipa-lockuser.1 +++ /dev/null @@ -1,38 +0,0 @@ -.\" A man page for ipa-lockuser -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-lockuser" "1" "Oct 10 2007" "freeipa" "" -.SH "NAME" -ipa\-lockuser \- Lock or unlock a user account - -.SH "SYNOPSIS" -ipa\-lockuser [\fIOPTION\fR]... \fIuser\fR - -.SH "DESCRIPTION" -Locks a user account with login name \fIname\fR. - -Users are not removed from groups when their account is locked. -.SH "OPTIONS" -.TP -\fB\-u\fR, \fB\-\-unlock -Unlock a user's account -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output. -.SH "EXIT STATUS" -The exit status is 0 on success, nonzero on error. diff --git a/ipa-admintools/man/ipa-moddelegation.1 b/ipa-admintools/man/ipa-moddelegation.1 deleted file mode 100644 index 28ab2aa9..00000000 --- a/ipa-admintools/man/ipa-moddelegation.1 +++ /dev/null @@ -1,50 +0,0 @@ -.\" A man page for ipa-moddelegation -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-moddelegation" "1" "Oct 24 2007" "freeipa" "" -.SH "NAME" -ipa\-moddelegation \- Modify an existing delegation - -.SH "SYNOPSIS" -ipa\-moddelegation [\fIOPTION\fR]... \fIname\fR - -.SH "DESCRIPTION" -Modifies an existing delegation named \fIname\fR. - -A delegation is used to grant access to certain attributes from one group to another. -.SH "OPTIONS" -.TP -\fB\-a\fR, \fB\-\-attributes\fR=\fIATTRIBUTES\fR -A comma\-separated list of the the \f[SM]attributes\fR that may be written by the source group. This list of attributes replaces the list in the existing delegation. -.TP -\fB\-s\fR, \fB\-\-source\fR=\fISOURCE\fR -The name of the group that is being granted write permission. -.TP -\fB\-t\fR, \fB\-\-target\fR=\fITARGET\fR -The name of the group that will be written to. -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output. -.PP -At least one of \-a, \-s or \-t is required. -.SH "EXIT STATUS" -0 if the delegation was updated successfully - -1 if an error occurred - -2 if no matching delegation was found diff --git a/ipa-admintools/man/ipa-modgroup.1 b/ipa-admintools/man/ipa-modgroup.1 deleted file mode 100644 index e52d9636..00000000 --- a/ipa-admintools/man/ipa-modgroup.1 +++ /dev/null @@ -1,56 +0,0 @@ -.\" A man page for ipa-modgroup -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-modgroup" "1" "Oct 10 2007" "freeipa" "" -.SH "NAME" -ipa\-modgroup \- Modify a group -.SH "SYNOPSIS" -ipa\-modgroup [\fIOPTION\fR]... \fIgroup\fR - -.SH "DESCRIPTION" -Updates the members or description of \fIgroup\fR. -.SH "OPTIONS" -.TP -\fB\-a\fR, \fB\-\-add\fR=\fIuser1,user2,...usern\fR -Add one or more users to the group -.TP -\fB\-d\fR, \fB\-\-description\fR=\fIdescription\fR -Modify the description of the group -.TP -\fB\-e\fR, \fB\-\-groupdel\fR=\fIgroup1,group2,...groupn\fR -Remove one or more groups from the group -.TP -\fB\-g\fR, \fB\-\-groupadd\fR=\fIgroup1,group2,...groupn\fR -Add one or more groups to the group -.TP -\fB\-r\fR, \fB\-\-remove\fR=\fIuser1,user2,...usern\fR -Remove one or more users from the group -.TP -\fB\-\-addattr\fR \fIattr=value\fR -Add a new attribute, or value to an existing attribute -.TP -\fB\-\-delattr\fR \fIattr=value\fR -Remove an attribute and all values -.TP -\fB\-\-setattr\fR \fIattr=value\fR -Set an attribute to a new value, removing all old ones -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output. -.SH "EXIT STATUS" -The exit status is 0 on success, nonzero on error. diff --git a/ipa-admintools/man/ipa-moduser.1 b/ipa-admintools/man/ipa-moduser.1 deleted file mode 100644 index fff038b7..00000000 --- a/ipa-admintools/man/ipa-moduser.1 +++ /dev/null @@ -1,56 +0,0 @@ -.\" A man page for ipa-moduser -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-moduser" "1" "Oct 10 2007" "freeipa" "" -.SH "NAME" -ipa\-moduser \- Modify a user -.SH "SYNOPSIS" -ipa\-moduser [\fIOPTION\fR]... \fIname\fR - -.SH "DESCRIPTION" -Updates the user \fIname\fR. -.SH "OPTIONS" -.TP -\fB\-a\fR, \fB\-\-activate\fR -Activate a user that was previously inactivated -.TP -\fB\-c\fR, \fB\-\-gecos\fR=\fIGECOS\fR -Set the gecos field of the user. This is traditionally the user's full name. -.TP -\fB\-d\fR, \fB\-\-directory\fR=\fIdirectory\fR -Set user's home directory -.TP -\fB\-f\fR, \fB\-\-firstname\fR=\fINAME\fR -Set user's first name -.TP -\fB\-l\fR, \fB\-\-lastname\fR=\fINAME\fR -Set user's last name -.TP -\fB\-s\fR, \fB\-\-shell\fR=\fIshell\fR -Set user's login shell -.TP -\fB\-\-addattr\fR \fIattr=value\fR -Add a new attribute, or value to an existing attribute -.TP -\fB\-\-delattr\fR \fIattr=value\fR -Remove an attribute and all values -.TP -\fB\-\-setattr\fR \fIattr=value\fR -Set an attribute to a new value, removing all old ones -.SH "EXIT STATUS" -The exit status is 0 on success, nonzero on error. diff --git a/ipa-admintools/man/ipa-passwd.1 b/ipa-admintools/man/ipa-passwd.1 deleted file mode 100644 index 4554d5d2..00000000 --- a/ipa-admintools/man/ipa-passwd.1 +++ /dev/null @@ -1,34 +0,0 @@ -.\" A man page for ipa-passwd -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-passwd" "1" "Oct 10 2007" "freeipa" "" -.SH "NAME" -ipa\-passwd \- Change a user's password -.SH "SYNOPSIS" -ipa\-password [\fIuser\fR] - -.SH "DESCRIPTION" -Changes the current user's password. If a \fIuser\fR is included on the command\-line then that user's password is modified. - -The user is the name in the kerberos principal, so it may not match username. -.SH "OPTIONS" -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output. -.SH "EXIT STATUS" -The exit status is 0 on success, nonzero on error. diff --git a/ipa-admintools/man/ipa-pwpolicy.1 b/ipa-admintools/man/ipa-pwpolicy.1 deleted file mode 100644 index 4c7de4c3..00000000 --- a/ipa-admintools/man/ipa-pwpolicy.1 +++ /dev/null @@ -1,54 +0,0 @@ -.\" A man page for ipa-pwpolicy -.\" Copyright (C) 2007 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden <rcritten@redhat.com> -.\" -.TH "ipa-pwpolicy" "1" "Feb 25 2008" "freeipa" "" -.SH "NAME" -ipa\-pwpolicy \- Display or modify the IPA password policy - -.SH "SYNOPSIS" -ipa\-pwpolicy -[\-\-maxlife days] [\-\-minlife hours] [\-\-history number] [\-\-minclasses number] [\-\-minlength number] -.TP -ipa\-pwpolicy \-\-show -.SH "DESCRIPTION" -Displays or updates the IPA password policy. - -.SH "OPTIONS" -.TP -\fB\-\-maxlife\fR=\fIdays\fR -Set the maximum Password Lifetime in days -.TP -\fB\-\-minlife\fR=\fIhours\fR -Set the minimum Password Lifetime in hours -.TP -\fB\-\-history\fR=\fIinteger\fR -The number of passwords stored in the password history. A value of 0 means do not store a password history. -.TP -\fB\-\-minclasses\fR=\fIinteger\fR -Set the minimum number of character classes required in a password. The classes are alpha, numeric, mixed\-case and special characters. -.TP -\fB\-\-minlength\fR=\fIinteger\fR -Set the minimum password length. -.TP -\fB\-\-show\fR -Display the current password policy. -.TP -\fB\-v\fR, \fB\-\-verbose\fR -Display the XML\-RPC request and response for more verbose debugging output -.SH "EXIT STATUS" -The exit status is 0 on success, nonzero on error. |