summaryrefslogtreecommitdiffstats
path: root/ipa-server/xmlrpc-server/funcs.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipa-server/xmlrpc-server/funcs.py')
-rw-r--r--ipa-server/xmlrpc-server/funcs.py339
1 files changed, 196 insertions, 143 deletions
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index be95d4fa..9545ad89 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -24,152 +24,205 @@ import ldap
import ipaserver.dsinstance
import ipaserver.ipaldap
import ipaserver.util
-import pdb
import string
from types import *
import xmlrpclib
import ipa.config
-# FIXME, this needs to be auto-discovered
-host = 'localhost'
-port = 389
-binddn = "cn=directory manager"
-bindpw = "freeipa"
-
-ipa.config.init_config()
-basedn = ipaserver.util.realm_to_suffix(ipa.config.config.get_realm())
-import sys
-sys.stderr.write(basedn)
-scope = ldap.SCOPE_SUBTREE
-
-def get_user (username):
- """Get a specific user's entry. Return as a dict of values.
- Multi-valued fields are represented as lists.
- """
- ent=""
-
- # FIXME: Is this the filter we want or should it be more specific?
- filter = "(uid=" + username + ")"
- try:
- m1 = ipaserver.ipaldap.IPAdmin(host,port,binddn,bindpw)
- ent = m1.getEntry(basedn, scope, filter, None)
- except ldap.LDAPError, e:
- raise xmlrpclib.Fault(1, e)
- except ipaserver.ipaldap.NoSuchEntryError:
- raise xmlrpclib.Fault(2, "No such user")
-
- # Convert to LDIF
- entry = str(ent)
-
- # Strip off any junk
- entry = entry.strip()
-
- # Don't need to identify binary fields and this breaks the parser so
- # remove double colons
- entry = entry.replace('::', ':')
- specs = [spec.split(':') for spec in entry.split('\n')]
-
- # Convert into a dict. We need to handle multi-valued attributes as well
- # so we'll convert those into lists.
- user={}
- for (k,v) in specs:
- k = k.lower()
- if user.get(k) is not None:
- if isinstance(user[k],list):
- user[k].append(v.strip())
+class IPAServer:
+
+ def __init__(self):
+ # FIXME, this needs to be auto-discovered
+ self.host = 'localhost'
+ self.port = 636
+ self.bindcert = "/usr/share/ipa/cert.pem"
+ self.bindkey = "/usr/share/ipa/key.pem"
+ self.bindca = "/usr/share/ipa/cacert.asc"
+
+ ipa.config.init_config()
+ self.basedn = ipaserver.util.realm_to_suffix(ipa.config.config.get_realm())
+ self.scope = ldap.SCOPE_SUBTREE
+ self.princ = None
+
+ def set_principal(self, princ):
+ self.princ = princ
+
+ def get_dn_from_principal(self, princ):
+ """Given a kerberls principal get the LDAP uid"""
+ filter = "(krbPrincipalName=" + princ + ")"
+ try:
+ m1 = ipaserver.ipaldap.IPAdmin(self.host,self.port,self.bindca,self.bindcert,self.bindkey)
+ ent = m1.getEntry(self.basedn, self.scope, filter, None)
+ except ldap.LDAPError, e:
+ raise xmlrpclib.Fault(1, e)
+ except ipaserver.ipaldap.NoSuchEntryError:
+ raise xmlrpclib.Fault(2, "No such user")
+
+ return "dn:" + ent.dn
+
+ def convert_entry(self, ent):
+
+ # Convert to LDIF
+ entry = str(ent)
+
+ # Strip off any junk
+ entry = entry.strip()
+
+ # Don't need to identify binary fields and this breaks the parser so
+ # remove double colons
+ entry = entry.replace('::', ':')
+ specs = [spec.split(':') for spec in entry.split('\n')]
+
+ # Convert into a dict. We need to handle multi-valued attributes as well
+ # so we'll convert those into lists.
+ user={}
+ for (k,v) in specs:
+ k = k.lower()
+ if user.get(k) is not None:
+ if isinstance(user[k],list):
+ user[k].append(v.strip())
+ else:
+ first = user[k]
+ user[k] = []
+ user[k].append(first)
+ user[k].append(v.strip())
else:
- first = user[k]
- user[k] = []
- user[k].append(first)
- user[k].append(v.strip())
- else:
- user[k] = v.strip()
-
- return user
-# return str(ent) # return as LDIF
-
-def add_user (user):
- """Add a user in LDAP"""
- dn="uid=%s,ou=users,ou=default,%s" % (user['uid'], basedn)
- entry = ipaserver.ipaldap.Entry(dn)
-
- # some required objectclasses
- entry.setValues('objectClass', 'top', 'posixAccount', 'shadowAccount', 'account', 'person', 'inetOrgPerson', 'organizationalPerson', 'krbPrincipalAux', 'krbTicketPolicyAux')
-
- # Fill in shadow fields
- entry.setValue('shadowMin', '0')
- entry.setValue('shadowMax', '99999')
- entry.setValue('shadowWarning', '7')
- entry.setValue('shadowExpire', '-1')
- entry.setValue('shadowInactive', '-1')
- entry.setValue('shadowFlag', '-1')
-
- # FIXME: calculate shadowLastChange
-
- # fill in our new entry with everything sent by the user
- for u in user:
- entry.setValues(u, user[u])
-
- try:
- m1 = ipaserver.ipaldap.IPAdmin(host,port,binddn,bindpw)
- res = m1.addEntry(entry)
- return res
- except ldap.ALREADY_EXISTS:
- raise xmlrpclib.Fault(3, "User already exists")
- return None
- except ldap.LDAPError, e:
- raise xmlrpclib.Fault(1, str(e))
- return None
-
-def get_add_schema ():
- """Get the list of fields to be used when adding users in the GUI."""
-
- # FIXME: this needs to be pulled from LDAP
- fields = []
-
- field1 = {
- "name": "uid" ,
- "label": "Login:",
- "type": "text",
- "validator": "text",
- "required": "true"
- }
- fields.append(field1)
-
- field1 = {
- "name": "userPassword" ,
- "label": "Password:",
- "type": "password",
- "validator": "String",
- "required": "true"
- }
- fields.append(field1)
-
- field1 = {
- "name": "givenName" ,
- "label": "First name:",
- "type": "text",
- "validator": "string",
- "required": "true"
- }
- fields.append(field1)
-
- field1 = {
- "name": "sn" ,
- "label": "Last name:",
- "type": "text",
- "validator": "string",
- "required": "true"
- }
- fields.append(field1)
-
- field1 = {
- "name": "mail" ,
- "label": "E-mail address:",
- "type": "text",
- "validator": "email",
- "required": "true"
- }
- fields.append(field1)
-
- return fields
+ user[k] = v.strip()
+
+ return user
+
+ def get_user (self, username, opts=None):
+ """Get a specific user's entry. Return as a dict of values.
+ Multi-valued fields are represented as lists.
+ """
+ ent=""
+ if opts:
+ self.set_principal(opts['remoteuser'])
+ if (isinstance(username, tuple)):
+ username = username[0]
+
+ try:
+ dn = self.get_dn_from_principal(self.princ)
+ except ldap.LDAPError, e:
+ raise xmlrpclib.Fault(1, e)
+ except ipaserver.ipaldap.NoSuchEntryError:
+ raise xmlrpclib.Fault(2, "No such user")
+
+ filter = "(uid=" + username + ")"
+ try:
+ m1 = ipaserver.ipaldap.IPAdmin(self.host,self.port,self.bindca,self.bindcert,self.bindkey,dn)
+ ent = m1.getEntry(self.basedn, self.scope, filter, None)
+ except ldap.LDAPError, e:
+ raise xmlrpclib.Fault(1, e)
+ except ipaserver.ipaldap.NoSuchEntryError:
+ raise xmlrpclib.Fault(2, "No such user")
+
+ return self.convert_entry(ent)
+
+ def add_user (self, user, opts=None):
+ """Add a user in LDAP"""
+ if (isinstance(user, tuple)):
+ user = user[0]
+ dn="uid=%s,ou=users,ou=default,%s" % (user['uid'], self.basedn)
+ entry = ipaserver.ipaldap.Entry(str(dn))
+
+ # some required objectclasses
+ entry.setValues('objectClass', 'top', 'posixAccount', 'shadowAccount', 'account', 'person', 'inetOrgPerson', 'organizationalPerson', 'krbPrincipalAux', 'krbTicketPolicyAux')
+
+ # Fill in shadow fields
+ entry.setValue('shadowMin', '0')
+ entry.setValue('shadowMax', '99999')
+ entry.setValue('shadowWarning', '7')
+ entry.setValue('shadowExpire', '-1')
+ entry.setValue('shadowInactive', '-1')
+ entry.setValue('shadowFlag', '-1')
+
+ # FIXME: calculate shadowLastChange
+
+ # fill in our new entry with everything sent by the user
+ for u in user:
+ entry.setValues(str(u), str(user[u]))
+
+ if opts:
+ self.set_principal(opts['remoteuser'])
+
+ try:
+ dn = self.get_dn_from_principal(self.princ)
+ except ldap.LDAPError, e:
+ raise xmlrpclib.Fault(1, e)
+ except ipaserver.ipaldap.NoSuchEntryError:
+ raise xmlrpclib.Fault(2, "No such user")
+
+ try:
+ m1 = ipaserver.ipaldap.IPAdmin(self.host,self.port,self.bindca,self.bindcert,self.bindkey,dn)
+ res = m1.addEntry(entry)
+ return res
+ except ldap.ALREADY_EXISTS:
+ raise xmlrpclib.Fault(3, "User already exists")
+ except ldap.LDAPError, e:
+ raise xmlrpclib.Fault(1, str(e))
+
+ def get_add_schema (self):
+ """Get the list of fields to be used when adding users in the GUI."""
+
+ # FIXME: this needs to be pulled from LDAP
+ fields = []
+
+ field1 = {
+ "name": "uid" ,
+ "label": "Login:",
+ "type": "text",
+ "validator": "text",
+ "required": "true"
+ }
+ fields.append(field1)
+
+ field1 = {
+ "name": "givenName" ,
+ "label": "First name:",
+ "type": "text",
+ "validator": "string",
+ "required": "true"
+ }
+ fields.append(field1)
+
+ field1 = {
+ "name": "sn" ,
+ "label": "Last name:",
+ "type": "text",
+ "validator": "string",
+ "required": "true"
+ }
+ fields.append(field1)
+
+ field1 = {
+ "name": "mail" ,
+ "label": "E-mail address:",
+ "type": "text",
+ "validator": "email",
+ "required": "true"
+ }
+ fields.append(field1)
+
+ return fields
+
+ def get_all_users (self):
+ """Return a list containing a User object for each
+ existing user.
+ """
+
+ # FIXME: Is this the filter we want or should it be more specific?
+ filter = "(objectclass=posixAccount)"
+ try:
+ m1 = ipaserver.ipaldap.IPAdmin(self.host,self.port,self.bindca,self.bindcert,self.bindkey)
+ all_users = m1.getList(self.basedn, self.scope, filter, None)
+ except ldap.LDAPError, e:
+ raise xmlrpclib.Fault(1, e)
+ except ipaserver.ipaldap.NoSuchEntryError:
+ raise xmlrpclib.Fault(2, "No such user")
+
+ users = []
+ for u in all_users:
+ users.append(self.convert_entry(u))
+
+ return users
generated by cgit (git 2.34.1) at 2025-09-01 23:14:59 +0000