summaryrefslogtreecommitdiffstats
path: root/ipa-server/ipaserver
diff options
context:
space:
mode:
Diffstat (limited to 'ipa-server/ipaserver')
-rw-r--r--ipa-server/ipaserver/radiusinstance.py67
1 files changed, 16 insertions, 51 deletions
diff --git a/ipa-server/ipaserver/radiusinstance.py b/ipa-server/ipaserver/radiusinstance.py
index 8317da03..0c94c713 100644
--- a/ipa-server/ipaserver/radiusinstance.py
+++ b/ipa-server/ipaserver/radiusinstance.py
@@ -26,6 +26,7 @@ import logging
import pwd
import time
from ipa.ipautil import *
+from ipa import radius_util
import service
@@ -33,18 +34,6 @@ import os
import re
IPA_RADIUS_VERSION = '0.0.0'
-PKG_NAME = 'freeradius'
-PKG_CONFIG_DIR = '/etc/raddb'
-
-RADIUS_SERVICE_NAME = 'radius'
-RADIUS_USER = 'radiusd'
-
-IPA_KEYTAB_FILEPATH = os.path.join(PKG_CONFIG_DIR, 'ipa.keytab')
-LDAP_ATTR_MAP_FILEPATH = os.path.join(PKG_CONFIG_DIR, 'ldap.attrmap')
-RADIUSD_CONF_FILEPATH = os.path.join(PKG_CONFIG_DIR, 'radiusd.conf')
-RADIUSD_CONF_TEMPLATE_FILEPATH = os.path.join(SHARE_DIR, 'radius.radiusd.conf.template')
-
-RADIUSD = '/usr/sbin/radiusd'
# FIXME there should a utility to get the user base dn
from ipaserver.funcs import DefaultUserContainer, DefaultGroupContainer
@@ -58,7 +47,7 @@ def ldap_mod(fd, dn, pwd):
def get_radius_version():
version = None
try:
- p = subprocess.Popen([RADIUSD, '-v'], stdout=subprocess.PIPE,
+ p = subprocess.Popen([radius_util.RADIUSD, '-v'], stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
stdout, stderr = p.communicate()
status = p.returncode
@@ -86,7 +75,7 @@ class RadiusInstance(service.Service):
self.suffix = realm_to_suffix(self.realm)
self.fqdn = host_name
self.ldap_server = ldap_server
- self.principal = "%s/%s@%s" % (RADIUS_SERVICE_NAME, self.fqdn, self.realm)
+ self.principal = "%s/%s@%s" % (radius_util.RADIUS_SERVICE_NAME, self.fqdn, self.realm)
self.basedn = self.suffix
self.user_basedn = "%s,%s" % (DefaultUserContainer, self.basedn) # FIXME, should be utility to get this
self.radius_version = get_radius_version()
@@ -117,34 +106,34 @@ class RadiusInstance(service.Service):
version = 'IPA_RADIUS_VERSION=%s FREE_RADIUS_VERSION=%s' % (IPA_RADIUS_VERSION, self.radius_version)
sub_dict = {'CONFIG_FILE_VERSION_INFO' : version,
'LDAP_SERVER' : self.ldap_server,
- 'RADIUS_KEYTAB' : IPA_KEYTAB_FILEPATH,
+ 'RADIUS_KEYTAB' : radius_util.RADIUS_IPA_KEYTAB_FILEPATH,
'RADIUS_PRINCIPAL' : self.principal,
'RADIUS_USER_BASE_DN' : self.user_basedn,
'ACCESS_ATTRIBUTE' : '',
'ACCESS_ATTRIBUTE_DEFAULT' : 'TRUE',
- 'CLIENTS_BASEDN' : 'cn=clients,cn=radius,cn=services,cn=etc,%s' % self.suffix,
+ 'CLIENTS_BASEDN' : radius_util.radius_clients_basedn(None, self.suffix),
'SUFFIX' : self.suffix,
}
try:
- radiusd_conf = template_file(RADIUSD_CONF_TEMPLATE_FILEPATH, sub_dict)
- radiusd_fd = open(RADIUSD_CONF_FILEPATH, 'w+')
+ radiusd_conf = template_file(radius_util.RADIUSD_CONF_TEMPLATE_FILEPATH, sub_dict)
+ radiusd_fd = open(radius_util.RADIUSD_CONF_FILEPATH, 'w+')
radiusd_fd.write(radiusd_conf)
radiusd_fd.close()
except Exception, e:
- logging.error("could not create %s: %s", RADIUSD_CONF_FILEPATH, e)
+ logging.error("could not create %s: %s", radius_util.RADIUSD_CONF_FILEPATH, e)
def __create_radius_keytab(self):
self.step("create radiusd keytab")
try:
- if file_exists(IPA_KEYTAB_FILEPATH):
- os.remove(IPA_KEYTAB_FILEPATH)
+ if file_exists(radius_util.RADIUS_IPA_KEYTAB_FILEPATH):
+ os.remove(radius_util.RADIUS_IPA_KEYTAB_FILEPATH)
except os.error:
- logging.error("Failed to remove %s", IPA_KEYTAB_FILEPATH)
+ logging.error("Failed to remove %s", radius_util.RADIUS_IPA_KEYTAB_FILEPATH)
(kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
kwrite.write("addprinc -randkey %s\n" % (self.principal))
kwrite.flush()
- kwrite.write("ktadd -k %s %s\n" % (IPA_KEYTAB_FILEPATH, self.principal))
+ kwrite.write("ktadd -k %s %s\n" % (radius_util.RADIUS_IPA_KEYTAB_FILEPATH, self.principal))
kwrite.flush()
kwrite.close()
kread.close()
@@ -152,7 +141,7 @@ class RadiusInstance(service.Service):
# give kadmin time to actually write the file before we go on
retry = 0
- while not file_exists(IPA_KEYTAB_FILEPATH):
+ while not file_exists(radius_util.RADIUS_IPA_KEYTAB_FILEPATH):
time.sleep(1)
retry += 1
if retry > 15:
@@ -160,10 +149,10 @@ class RadiusInstance(service.Service):
os.exit()
try:
- pent = pwd.getpwnam(RADIUS_USER)
- os.chown(IPA_KEYTAB_FILEPATH, pent.pw_uid, pent.pw_gid)
+ pent = pwd.getpwnam(radius_util.RADIUS_USER)
+ os.chown(radius_util.RADIUS_IPA_KEYTAB_FILEPATH, pent.pw_uid, pent.pw_gid)
except Exception, e:
- logging.error("could not chown on %s to %s: %s", IPA_KEYTAB_FILEPATH, RADIUS_USER, e)
+ logging.error("could not chown on %s to %s: %s", radius_util.RADIUS_IPA_KEYTAB_FILEPATH, radius_util.RADIUS_USER, e)
#FIXME, should use IPAdmin method
def __set_ldap_encrypted_attributes(self):
@@ -179,27 +168,3 @@ class RadiusInstance(service.Service):
#-------------------------------------------------------------------------------
-# FIXME: this should be in a common area so it can be shared
-def get_ldap_attr_translations():
- comment_re = re.compile('#.*$')
- radius_attr_to_ldap_attr = {}
- ldap_attr_to_radius_attr = {}
- try:
- f = open(LDAP_ATTR_MAP_FILEPATH)
- for line in f.readlines():
- line = comment_re.sub('', line).strip()
- if not line: continue
- attr_type, radius_attr, ldap_attr = line.split()
- print 'type="%s" radius="%s" ldap="%s"' % (attr_type, radius_attr, ldap_attr)
- radius_attr_to_ldap_attr[radius_attr] = {'ldap_attr':ldap_attr, 'attr_type':attr_type}
- ldap_attr_to_radius_attr[ldap_attr] = {'radius_attr':radius_attr, 'attr_type':attr_type}
- f.close()
- except Exception, e:
- logging.error('cold not read radius ldap attribute map file (%s): %s', LDAP_ATTR_MAP_FILEPATH, e)
- pass # FIXME
-
- #for k,v in radius_attr_to_ldap_attr.items():
- # print '%s --> %s' % (k,v)
- #for k,v in ldap_attr_to_radius_attr.items():
- # print '%s --> %s' % (k,v)
-
generated by cgit (git 2.34.1) at 2025-09-03 14:05:35 +0000