diff options
| -rw-r--r-- | ipa-admintools/ipa-addradiusclient | 10 | ||||
| -rw-r--r-- | ipa-admintools/ipa-addradiusprofile | 39 | ||||
| -rw-r--r-- | ipa-admintools/ipa-radiusclientmod | 19 | ||||
| -rw-r--r-- | ipa-admintools/ipa-radiusprofilemod | 241 |
4 files changed, 185 insertions, 124 deletions
diff --git a/ipa-admintools/ipa-addradiusclient b/ipa-admintools/ipa-addradiusclient index e52902af..60473853 100644 --- a/ipa-admintools/ipa-addradiusclient +++ b/ipa-admintools/ipa-addradiusclient @@ -79,13 +79,13 @@ def main(): opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true', help="print information") - opt_parser.set_usage("Usage: %s [options] Client-IP-Address" % (os.path.basename(sys.argv[0]))) + opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0]))) args = ipa.config.init_config(sys.argv) options, args = opt_parser.parse_args(args) if len(args) < 2: - opt_parser.error("missing Client-IP-Address") + opt_parser.error('missing %s' % (distinguished_attr)) ip_addr = args[1] pairs[distinguished_attr] = ip_addr @@ -168,13 +168,13 @@ def main(): for attr,value in pairs.items(): print "\t%s = %s" % (attr, value) - radius_client = radius_util.RadiusClient() + radius_entity = radius_util.RadiusClient() for attr,value in pairs.items(): - radius_client.setValue(radius_attr_to_ldap_attr[attr], value) + radius_entity.setValue(radius_attr_to_ldap_attr[attr], value) try: ipa_client = ipaclient.IPAClient() - ipa_client.add_radius_client(radius_client) + ipa_client.add_radius_client(radius_entity) print "successfully added" except xmlrpclib.Fault, f: print f.faultString diff --git a/ipa-admintools/ipa-addradiusprofile b/ipa-admintools/ipa-addradiusprofile index 8e097c38..0872437f 100644 --- a/ipa-admintools/ipa-addradiusprofile +++ b/ipa-admintools/ipa-addradiusprofile @@ -21,7 +21,6 @@ import sys import os from optparse import OptionParser -import copy import ipa.ipaclient as ipaclient import ipa.ipautil as ipautil @@ -36,7 +35,10 @@ import ldap #------------------------------------------------------------------------------ radius_attrs = radius_util.radius_profile_attr_to_ldap_attr.keys() +radius_attr_to_ldap_attr = radius_util.radius_profile_attr_to_ldap_attr +ldap_attr_to_radius_attr = radius_util.radius_profile_ldap_attr_to_radius_attr mandatory_radius_attrs = ['UID'] +distinguished_attr = 'UID' #------------------------------------------------------------------------------ @@ -60,7 +62,6 @@ def main(): opt_parser.add_option("-d", "--Description", dest="desc", help="description of the RADIUS client") - opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback, help="detailed help information") opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False, @@ -72,16 +73,16 @@ def main(): opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true', help="print information") - opt_parser.set_usage("Usage: %s [options] UID" % (os.path.basename(sys.argv[0]))) + opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0]))) args = ipa.config.init_config(sys.argv) options, args = opt_parser.parse_args(args) if len(args) < 2: - opt_parser.error("missing UID") + opt_parser.error('missing %s' % (distinguished_attr)) uid = args[1] - pairs['UID'] = uid + pairs[distinguished_attr] = uid # Get pairs from a file or stdin if options.pair_file: @@ -103,16 +104,16 @@ def main(): # Get pairs interactively if options.interactive: - # Remove any mandatory attriubtes which have been previously specified - interactive_mandatory_attrs = copy.copy(mandatory_radius_attrs) - for attr in pairs.keys(): - try: - interactive_mandatory_attrs.remove(attr) - except ValueError: - pass + # Prompt first for mandatory attributes which have not been previously specified + prompted_mandatory_attrs = [] + existing_attrs = pairs.keys(): + for attr in mandatory_radius_attrs: + if not attr in existing_attrs: + prompted_mandatory_attrs.append(attr) + c = ipautil.AttributeValueCompleter(radius_attrs, pairs) c.open() - av = c.get_pairs("Enter: ", interactive_mandatory_attrs, radius_util.validate) + av = c.get_pairs("Enter: ", prompted_mandatory_attrs, radius_util.validate) pairs.update(av) c.close() @@ -120,9 +121,9 @@ def main(): # Data collection done, assure mandatory data has been specified - if pairs.has_key('UID') and pairs['UID'] != uid: - print "ERROR, uid specified on command line (%s) does not match value found in pairs (%s)" % \ - (uid, pairs['UID']) + if pairs.has_key(distinguished_attr) and pairs[distinguished_attr] != uid: + print "ERROR, %s specified on command line (%s) does not match value found in pairs (%s)" % \ + (distinguished_attr, uid, pairs[distinguished_attr]) return 1 valid = True @@ -158,13 +159,13 @@ def main(): for attr,value in pairs.items(): print "\t%s = %s" % (attr, value) - radius_profile = radius_util.RadiusProfile() + radius_entity = radius_util.RadiusProfile() for attr,value in pairs.items(): - radius_profile.setValue(radius_util.radius_profile_attr_to_ldap_attr[attr], value) + radius_entity.setValue(radius_attr_to_ldap_attr[attr], value) try: ipa_client = ipaclient.IPAClient() - ipa_client.add_radius_profile(radius_profile) + ipa_client.add_radius_profile(radius_entity) print "successfully added" except xmlrpclib.Fault, f: print f.faultString diff --git a/ipa-admintools/ipa-radiusclientmod b/ipa-admintools/ipa-radiusclientmod index 9bae216e..19f3ed14 100644 --- a/ipa-admintools/ipa-radiusclientmod +++ b/ipa-admintools/ipa-radiusclientmod @@ -80,21 +80,20 @@ def main(): opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true', help="print information") - opt_parser.set_usage("Usage: %s [options] Client-IP-Address" % (os.path.basename(sys.argv[0]))) + opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0]))) args = ipa.config.init_config(sys.argv) options, args = opt_parser.parse_args(args) if len(args) < 2: - opt_parser.error("missing Client-IP-Address") + opt_parser.error('missing %s' % (distinguished_attr)) ip_addr = args[1] - # Verify client previously exists and get current values - radius_client = radius_util.RadiusClient() + # Verify entity previously exists and get current values ipa_client = ipaclient.IPAClient() try: - radius_client = ipa_client.get_radius_client_by_ip_addr(ip_addr) + radius_entity = ipa_client.get_radius_client_by_ip_addr(ip_addr) except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND): print "client %s not found" % ip_addr return 1 @@ -135,7 +134,7 @@ def main(): deletable_attrs = [] for radius_attr in radius_attrs: if radius_attr in mandatory_radius_attrs: continue - if radius_client.hasAttr(radius_attr_to_ldap_attr[radius_attr]): + if radius_entity.hasAttr(radius_attr_to_ldap_attr[radius_attr]): deletable_attrs.append(radius_attr) if deletable_attrs: @@ -172,7 +171,7 @@ def main(): print "\t%s" % (attr) for attr in attrs: - radius_client.delValue(radius_attr_to_ldap_attr[attr]) + radius_entity.delValue(radius_attr_to_ldap_attr[attr]) else: pairs = {} @@ -180,7 +179,7 @@ def main(): # Populate the pair list with pre-existing values for attr in radius_attrs: - pairs[attr] = radius_client.getValues(radius_attr_to_ldap_attr[attr]) + pairs[attr] = radius_entity.getValues(radius_attr_to_ldap_attr[attr]) # Get pairs from a file or stdin if options.data_file: @@ -248,10 +247,10 @@ def main(): print "\t%s = %s" % (attr, value) for attr,value in pairs.items(): - radius_client.setValue(radius_attr_to_ldap_attr[attr], value) + radius_entity.setValue(radius_attr_to_ldap_attr[attr], value) try: - ipa_client.update_radius_client(radius_client) + ipa_client.update_radius_client(radius_entity) print "successfully modified" except xmlrpclib.Fault, f: print f.faultString diff --git a/ipa-admintools/ipa-radiusprofilemod b/ipa-admintools/ipa-radiusprofilemod index e22cbdea..7a064d5a 100644 --- a/ipa-admintools/ipa-radiusprofilemod +++ b/ipa-admintools/ipa-radiusprofilemod @@ -21,7 +21,7 @@ import sys import os from optparse import OptionParser -import copy +from sets import Set import ipa.ipaclient as ipaclient import ipa.ipautil as ipautil @@ -36,7 +36,10 @@ import ldap #------------------------------------------------------------------------------ radius_attrs = radius_util.radius_profile_attr_to_ldap_attr.keys() +radius_attr_to_ldap_attr = radius_util.radius_profile_attr_to_ldap_attr +ldap_attr_to_radius_attr = radius_util.radius_profile_ldap_attr_to_radius_attr mandatory_radius_attrs = ['UID'] +distinguished_attr = 'UID' #------------------------------------------------------------------------------ @@ -51,8 +54,6 @@ def help_option_callback(option, opt_str, value, parser, *args, **kwargs): sys.exit(0) def main(): - pairs = {} - opt_parser = OptionParser(add_help_option=False) opt_parser.add_option("-u", "--uid", dest="uid", @@ -62,35 +63,34 @@ def main(): opt_parser.add_option("-d", "--Description", dest="desc", help="description of the RADIUS client") + opt_parser.add_option("-D", "--delete-attrs", dest="delete_attrs", action='store_true', default=False, + help="delete the specified attributes") opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback, help="detailed help information") opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False, help="interactive mode, prompts with auto-completion") - opt_parser.add_option("-p", "--pair", dest="pairs", action='append', - help="specify one or more attribute=value pair(s), value may be optionally quoted, pairs are delimited by whitespace") - opt_parser.add_option("-f", "--file", dest="pair_file", - help="attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. Reads from stdin if file is -") + opt_parser.add_option("-A", "--attr", dest="attrs", action='append', + help="If adding or modifying then this argument specifies one or more attribute=value pair(s), value may be optionally quoted, pairs are seperated by whitespace. If deleting attributes then this argument specifies one or more attribute names seperated by whitespace or commas") + opt_parser.add_option("-f", "--file", dest="data_file", + help="If adding or modifying then attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. If deleting attributes then attributes are read from file, attributes are seperated by whitespace or commas. Reads from stdin if file is -") opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true', help="print information") - opt_parser.set_usage("Usage: %s [options] Client-IP-Address" % (os.path.basename(sys.argv[0]))) + opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0]))) args = ipa.config.init_config(sys.argv) options, args = opt_parser.parse_args(args) if len(args) < 2: - opt_parser.error("missing uid") + opt_parser.error('missing %s' % (distinguished_attr)) uid = args[1] - pairs['UID'] = uid - user_profile = not options.shared - # Verify profile previously exists and get current values - radius_profile = radius_util.RadiusClient() + # Verify entity previously exists and get current values ipa_client = ipaclient.IPAClient() try: - radius_profile = ipa_client.get_radius_profile_by_uid(uid, user_profile) + radius_entity = ipa_client.get_radius_profile_by_uid(uid, user_profile) except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND): print "profile %s not found" % uid return 1 @@ -101,92 +101,153 @@ def main(): print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0]) return 1 - # Populate the pair list with pre-existing values - for attr in radius_attrs: - value = radius_profile.getValues(radius_util.radius_profile_attr_to_ldap_attr[attr]) - if value is None: continue - pairs[attr] = value - - # Get pairs from a file or stdin - if options.pair_file: - try: - av = ipautil.read_pairs_file(options.pair_file) + # Deleteing attributes is fundamentally different than adding/modifying an attribute. + # When adding/modifying there is always a value the attribute is paired with, + # so handle the two cases independently. + if options.delete_attrs: + attrs = Set() + # Get attrs from a file or stdin + if options.data_file: + try: + items = ipautil.read_items_file(options.data_file) + attrs.update(items) + except Exception, e: + print "ERROR, could not read attrs (%s)" % (e) + + # Get attrs specified on the command line as a named argument + if options.secret is not None: attrs.add('Secret') + if options.name is not None: attrs.add('Name') + if options.nastype is not None: attrs.add('NAS-Type') + if options.desc is not None: attrs.add('Description') + + # Get attrs specified on the command line as a attr argument + if options.attrs: + for a in options.attrs: + items = ipautil.parse_items(a) + attrs.update(items) + + # Get attrs interactively + if options.interactive: + deletable_attrs = [] + for radius_attr in radius_attrs: + if radius_attr in mandatory_radius_attrs: continue + if radius_entity.hasAttr(radius_attr_to_ldap_attr[radius_attr]): + deletable_attrs.append(radius_attr) + + if deletable_attrs: + c = ipautil.ItemCompleter(deletable_attrs) + c.open() + items = c.get_items("Enter: ") + attrs.update(items) + c.close() + + # Data collection done, assure no mandatory attrs are in the delete list + valid = True + for attr in mandatory_radius_attrs: + if attr in attrs: + valid = False + print "ERROR, %s is mandatory, but is set to be deleted" % (attr) + if not valid: + return 1 + + # Make sure each attribute is a member of the set of valid attributes + valid = True + for attr in attrs: + if attr not in radius_attrs: + valid = False + print "ERROR, %s is not a valid attribute" % (attr) + if not valid: + print "Valid attributes are:" + print ipautil.format_list(radius_attrs, quote='"') + return 1 + + # Dump what we've got so far + if options.verbose: + print "Attributes:" + for attr in attrs: + print "\t%s" % (attr) + + for attr in attrs: + radius_entity.delValue(radius_attr_to_ldap_attr[attr]) + + else: + pairs = {} + pairs[distinguished_attr] = ip_addr + + # Populate the pair list with pre-existing values + for attr in radius_attrs: + pairs[attr] = radius_entity.getValues(radius_attr_to_ldap_attr[attr]) + + # Get pairs from a file or stdin + if options.data_file: + try: + av = ipautil.read_pairs_file(options.data_file) + pairs.update(av) + except Exception, e: + print "ERROR, could not read pairs (%s)" % (e) + + # Get pairs specified on the command line as a named argument + if options.ip_addr is not None: pairs[distinguished_attr] = options.ip_addr + if options.secret is not None: pairs['Secret'] = options.secret + if options.name is not None: pairs['Name'] = options.name + if options.nastype is not None: pairs['NAS-Type'] = options.nastype + if options.desc is not None: pairs['Description'] = options.desc + + # Get pairs specified on the command line as a pair argument + if options.attrs: + for p in options.attrs: + av = ipautil.parse_key_value_pairs(p) + pairs.update(av) + + # Get pairs interactively + if options.interactive: + prompted_attrs = radius_attrs[:] + prompted_attrs.remove(distinguished_attr) + c = ipautil.AttributeValueCompleter(prompted_attrs, pairs) + c.open() + av = c.get_pairs("Enter: ", validate_callback=radius_util.validate) pairs.update(av) - except Exception, e: - print "ERROR, could not read pairs (%s)" % (e) + c.close() - # Get pairs specified on the command line as a named argument - if options.uid is not None: pairs['UID'] = options.uid - if options.desc is not None: pairs['Description'] = options.desc + # FIXME: validation should be moved to xmlrpc server - # Get pairs specified on the command line as a pair argument - if options.pairs: - for p in options.pairs: - av = ipautil.parse_key_value_pairs(p) - pairs.update(av) + # Data collection done, assure mandatory data has been specified - # Get pairs interactively - if options.interactive: - # Remove any mandatory attriubtes which have been previously specified - interactive_mandatory_attrs = copy.copy(mandatory_radius_attrs) - for attr in pairs.keys(): - try: - interactive_mandatory_attrs.remove(attr) - except ValueError: - pass - c = ipautil.AttributeValueCompleter(radius_attrs, pairs) - c.open() - av = c.get_pairs("Enter: ", interactive_mandatory_attrs, radius_util.validate) - pairs.update(av) - c.close() - - # FIXME: validation should be moved to xmlrpc server - - # Data collection done, assure mandatory data has been specified - - if pairs.has_key('UID') and pairs['UID'] != uid: - print "ERROR, uid specified on command line (%s) does not match value found in pairs (%s)" % \ - (uid, pairs['UID']) - return 1 + if pairs.has_key(distinguished_attr) and pairs[distinguished_attr] != ip_addr: + print "ERROR, %s specified on command line (%s) does not match value found in pairs (%s)" % \ + (distinguished_attr, ip_addr, pairs[distinguished_attr]) + return 1 - valid = True - for attr in mandatory_radius_attrs: - if not pairs.has_key(attr): - valid = False - print "ERROR, %s is mandatory, but has not been specified" % (attr) - if not valid: - return 1 - - # Make sure each attribute is a member of the set of valid attributes - valid = True - for attr,value in pairs.items(): - if attr not in radius_attrs: - valid = False - print "ERROR, %s is not a valid attribute" % (attr) - if not valid: - print "Valid attributes are:" - print ipautil.format_list(radius_attrs, quote='"') - return 1 + # Make sure each attribute is a member of the set of valid attributes + valid = True + for attr,value in pairs.items(): + if attr not in radius_attrs: + valid = False + print "ERROR, %s is not a valid attribute" % (attr) + if not valid: + print "Valid attributes are:" + print ipautil.format_list(radius_attrs, quote='"') + return 1 + + # Makse sure each value is valid + valid = True + for attr,value in pairs.items(): + if not radius_util.validate(attr, value): + valid = False + if not valid: + return 1 - # Makse sure each value is valid - valid = True - for attr,value in pairs.items(): - if not radius_util.validate(attr, value): - valid = False - if not valid: - return 1 + # Dump what we've got so far + if options.verbose: + print "Pairs:" + for attr,value in pairs.items(): + print "\t%s = %s" % (attr, value) - # Dump what we've got so far - if options.verbose: - print "Pairs:" for attr,value in pairs.items(): - print "\t%s = %s" % (attr, value) - - for attr,value in pairs.items(): - radius_profile.setValue(radius_util.radius_profile_attr_to_ldap_attr[attr], value) + radius_entity.setValue(radius_attr_to_ldap_attr[attr], value) try: - ipa_client.update_radius_profile(radius_profile) + ipa_client.update_radius_profile(radius_entity) print "successfully modified" except xmlrpclib.Fault, f: print f.faultString |