2007-11-14 00:04:19 -05:00
#! /usr/bin/python -E
# Authors: John Dennis <jdennis@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
Add radius profile implementations:
get_radius_profile_by_uid
add_radius_profile
update_radius_profile
delete_radius_profile
find_radius_profiles
Rewrite command line arg handling, now support pair entry, interactive
mode with auto completion, reading pairs from a file, better handling
of mandatory values, better help, long arg names now match attribute
name in pairs
Establish mappings for all attributes and names used in clients and
profiles
Add notion of containers to radius clients and profiles in LDAP
Move common code, variables, constants, and strings into the files
radius_client.py, radius_util.py, ipautil.py to eliminate redundant
elements which could get out of sync if modified and to provide access
to other code which might benefit from using these items in the
future.
Add utility functions:
format_list()
parse_key_value_pairs()
Add utility class:
AttributeValueCompleter
Unify attribute usage in radius ldap schema
2007-11-21 13:11:10 -05:00
import os
2007-11-14 00:04:19 -05:00
from optparse import OptionParser
2007-11-23 10:35:22 -05:00
import copy
2007-11-27 07:57:49 -05:00
from sets import Set
2007-11-23 10:35:22 -05:00
2007-11-14 00:04:19 -05:00
import ipa.ipaclient as ipaclient
Add radius profile implementations:
get_radius_profile_by_uid
add_radius_profile
update_radius_profile
delete_radius_profile
find_radius_profiles
Rewrite command line arg handling, now support pair entry, interactive
mode with auto completion, reading pairs from a file, better handling
of mandatory values, better help, long arg names now match attribute
name in pairs
Establish mappings for all attributes and names used in clients and
profiles
Add notion of containers to radius clients and profiles in LDAP
Move common code, variables, constants, and strings into the files
radius_client.py, radius_util.py, ipautil.py to eliminate redundant
elements which could get out of sync if modified and to provide access
to other code which might benefit from using these items in the
future.
Add utility functions:
format_list()
parse_key_value_pairs()
Add utility class:
AttributeValueCompleter
Unify attribute usage in radius ldap schema
2007-11-21 13:11:10 -05:00
import ipa.ipautil as ipautil
2007-11-14 00:04:19 -05:00
import ipa.config
import ipa.ipaerror
Add radius profile implementations:
get_radius_profile_by_uid
add_radius_profile
update_radius_profile
delete_radius_profile
find_radius_profiles
Rewrite command line arg handling, now support pair entry, interactive
mode with auto completion, reading pairs from a file, better handling
of mandatory values, better help, long arg names now match attribute
name in pairs
Establish mappings for all attributes and names used in clients and
profiles
Add notion of containers to radius clients and profiles in LDAP
Move common code, variables, constants, and strings into the files
radius_client.py, radius_util.py, ipautil.py to eliminate redundant
elements which could get out of sync if modified and to provide access
to other code which might benefit from using these items in the
future.
Add utility functions:
format_list()
parse_key_value_pairs()
Add utility class:
AttributeValueCompleter
Unify attribute usage in radius ldap schema
2007-11-21 13:11:10 -05:00
import ipa.radius_util as radius_util
2007-11-14 00:04:19 -05:00
import xmlrpclib
import kerberos
import ldap
#------------------------------------------------------------------------------
2007-11-24 11:20:28 -05:00
radius_attrs = radius_util.radius_client_attr_to_ldap_attr.keys()
2007-11-27 07:57:49 -05:00
radius_attr_to_ldap_attr = radius_util.radius_client_attr_to_ldap_attr
2007-11-24 11:20:28 -05:00
mandatory_radius_attrs = ['Client-IP-Address']
Add radius profile implementations:
get_radius_profile_by_uid
add_radius_profile
update_radius_profile
delete_radius_profile
find_radius_profiles
Rewrite command line arg handling, now support pair entry, interactive
mode with auto completion, reading pairs from a file, better handling
of mandatory values, better help, long arg names now match attribute
name in pairs
Establish mappings for all attributes and names used in clients and
profiles
Add notion of containers to radius clients and profiles in LDAP
Move common code, variables, constants, and strings into the files
radius_client.py, radius_util.py, ipautil.py to eliminate redundant
elements which could get out of sync if modified and to provide access
to other code which might benefit from using these items in the
future.
Add utility functions:
format_list()
parse_key_value_pairs()
Add utility class:
AttributeValueCompleter
Unify attribute usage in radius ldap schema
2007-11-21 13:11:10 -05:00
#------------------------------------------------------------------------------
def help_option_callback(option, opt_str, value, parser, *args, **kwargs):
parser.print_help()
print
print "Valid interative attributes are:"
2007-11-24 11:20:28 -05:00
print ipautil.format_list(radius_attrs, quote='"')
Add radius profile implementations:
get_radius_profile_by_uid
add_radius_profile
update_radius_profile
delete_radius_profile
find_radius_profiles
Rewrite command line arg handling, now support pair entry, interactive
mode with auto completion, reading pairs from a file, better handling
of mandatory values, better help, long arg names now match attribute
name in pairs
Establish mappings for all attributes and names used in clients and
profiles
Add notion of containers to radius clients and profiles in LDAP
Move common code, variables, constants, and strings into the files
radius_client.py, radius_util.py, ipautil.py to eliminate redundant
elements which could get out of sync if modified and to provide access
to other code which might benefit from using these items in the
future.
Add utility functions:
format_list()
parse_key_value_pairs()
Add utility class:
AttributeValueCompleter
Unify attribute usage in radius ldap schema
2007-11-21 13:11:10 -05:00
print
print "Required attributes are:"
2007-11-24 11:20:28 -05:00
print ipautil.format_list(mandatory_radius_attrs, quote='"')
Add radius profile implementations:
get_radius_profile_by_uid
add_radius_profile
update_radius_profile
delete_radius_profile
find_radius_profiles
Rewrite command line arg handling, now support pair entry, interactive
mode with auto completion, reading pairs from a file, better handling
of mandatory values, better help, long arg names now match attribute
name in pairs
Establish mappings for all attributes and names used in clients and
profiles
Add notion of containers to radius clients and profiles in LDAP
Move common code, variables, constants, and strings into the files
radius_client.py, radius_util.py, ipautil.py to eliminate redundant
elements which could get out of sync if modified and to provide access
to other code which might benefit from using these items in the
future.
Add utility functions:
format_list()
parse_key_value_pairs()
Add utility class:
AttributeValueCompleter
Unify attribute usage in radius ldap schema
2007-11-21 13:11:10 -05:00
sys.exit(0)
def main():
opt_parser = OptionParser(add_help_option=False)
2007-11-23 10:35:22 -05:00
opt_parser.add_option("-a", "--Client-IP-Address", dest="ip_addr",
help="RADIUS client ip address")
opt_parser.add_option("-s", "--Secret", dest="secret",
help="RADIUS client ip address")
opt_parser.add_option("-n", "--Name", dest="name",
help="RADIUS client name")
opt_parser.add_option("-t", "--NAS-Type", dest="nastype",
help="RADIUS client NAS Type")
opt_parser.add_option("-d", "--Description", dest="desc",
help="description of the RADIUS client")
2007-11-27 07:57:49 -05:00
opt_parser.add_option("-D", "--delete-attrs", dest="delete_attrs", action='store_true', default=False,
help="delete the specified attributes")
Add radius profile implementations:
get_radius_profile_by_uid
add_radius_profile
update_radius_profile
delete_radius_profile
find_radius_profiles
Rewrite command line arg handling, now support pair entry, interactive
mode with auto completion, reading pairs from a file, better handling
of mandatory values, better help, long arg names now match attribute
name in pairs
Establish mappings for all attributes and names used in clients and
profiles
Add notion of containers to radius clients and profiles in LDAP
Move common code, variables, constants, and strings into the files
radius_client.py, radius_util.py, ipautil.py to eliminate redundant
elements which could get out of sync if modified and to provide access
to other code which might benefit from using these items in the
future.
Add utility functions:
format_list()
parse_key_value_pairs()
Add utility class:
AttributeValueCompleter
Unify attribute usage in radius ldap schema
2007-11-21 13:11:10 -05:00
opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
help="detailed help information")
opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False,
help="interactive mode, prompts with auto-completion")
2007-11-27 07:57:49 -05:00
opt_parser.add_option("-A", "--attr", dest="attrs", action='append',
help="If adding or modifying then this argument specifies one or more attribute=value pair(s), value may be optionally quoted, pairs are seperated by whitespace. If deleting attributes then this argument specifies one or more attribute names seperated by whitespace or commas")
opt_parser.add_option("-f", "--file", dest="data_file",
help="If adding or modifying then attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. If deleting attributes then attributes are read from file, attributes are seperated by whitespace or commas. Reads from stdin if file is -")
2007-11-23 10:35:22 -05:00
opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true',
help="print information")
2007-11-14 00:04:19 -05:00
2007-11-23 10:35:22 -05:00
opt_parser.set_usage("Usage: %s [options] Client-IP-Address" % (os.path.basename(sys.argv[0])))
2007-11-14 00:04:19 -05:00
Add radius profile implementations:
get_radius_profile_by_uid
add_radius_profile
update_radius_profile
delete_radius_profile
find_radius_profiles
Rewrite command line arg handling, now support pair entry, interactive
mode with auto completion, reading pairs from a file, better handling
of mandatory values, better help, long arg names now match attribute
name in pairs
Establish mappings for all attributes and names used in clients and
profiles
Add notion of containers to radius clients and profiles in LDAP
Move common code, variables, constants, and strings into the files
radius_client.py, radius_util.py, ipautil.py to eliminate redundant
elements which could get out of sync if modified and to provide access
to other code which might benefit from using these items in the
future.
Add utility functions:
format_list()
parse_key_value_pairs()
Add utility class:
AttributeValueCompleter
Unify attribute usage in radius ldap schema
2007-11-21 13:11:10 -05:00
args = ipa.config.init_config(sys.argv)
options, args = opt_parser.parse_args(args)
2007-11-14 00:04:19 -05:00
2007-11-23 10:35:22 -05:00
if len(args) < 2:
opt_parser.error("missing Client-IP-Address")
2007-11-14 00:04:19 -05:00
ip_addr = args[1]
2007-11-23 10:35:22 -05:00
# Verify client previously exists and get current values
2007-11-26 11:12:58 -05:00
radius_client = radius_util.RadiusClient()
2007-11-14 00:04:19 -05:00
ipa_client = ipaclient.IPAClient()
try:
2007-11-23 10:35:22 -05:00
radius_client = ipa_client.get_radius_client_by_ip_addr(ip_addr)
2007-11-14 00:04:19 -05:00
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND):
print "client %s not found" % ip_addr
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % e.message
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
2007-11-27 07:57:49 -05:00
# Deleteing attributes is fundamentally different than adding/modifying an attribute.
# When adding/modifying there is always a value the attribute is paired with,
# so handle the two cases independently.
if options.delete_attrs:
attrs = Set()
# Populate the attr list with pre-existing values
for ldap_attr in radius_client.attrList():
radius_attr = radius_client.getValues(radius_attr_to_ldap_attr[ldap_attr])
attrs.add(radius_attr)
# Get attrs from a file or stdin
if options.data_file:
try:
items = ipautil.read_items_file(options.data_file)
attrs.update(items)
except Exception, e:
print "ERROR, could not read attrs (%s)" % (e)
# Get attrs specified on the command line as a named argument
if options.ip_addr is not None: attrs.add('Client-IP-Address')
if options.secret is not None: attrs.add('Secret')
if options.name is not None: attrs.add('Name')
if options.nastype is not None: attrs.add('NAS-Type')
if options.desc is not None: attrs.add('Description')
# Get attrs specified on the command line as a attr argument
if options.attrs:
for a in options.attrs:
items = ipautil.parse_items(a)
attrs.update(items)
# Get attrs interactively
if options.interactive:
# Remove any mandatory attriubtes so we don't prompt to delete them
interactive_delete_attrs = radius_client.attrList()
for attr in interactive_delete_attrs:
if attr in mandatory_radius_attrs:
try:
interactive_delete_attrs.remove(attr)
except ValueError:
pass
c = ipautil.ItemCompleter(attrs)
c.open()
items = c.get_items("Enter: ")
attrs.update(items)
c.close()
# Data collection done, assure no mandatory attrs are in the delete list
valid = True
for attr in mandatory_radius_attrs:
if attr in attrs
valid = False
print "ERROR, %s is mandatory, but is set to be deleted" % (attr)
if not valid:
return 1
# Make sure each attribute is a member of the set of valid attributes
valid = True
for attr in attrs:
if attr not in radius_attrs:
valid = False
print "ERROR, %s is not a valid attribute" % (attr)
if not valid:
print "Valid attributes are:"
print ipautil.format_list(radius_attrs, quote='"')
return 1
# Dump what we've got so far
if options.verbose:
print "Attributes:"
for attr in attrs:
print "\t%s" % (attr)
for attr in attrs:
radius_client.delValue(radius_attr_to_ldap_attr[attr])
else:
pairs = {}
pairs['Client-IP-Address'] = ip_addr
# Populate the pair list with pre-existing values
for attr in radius_attrs:
pairs[attr] = radius_client.getValues(radius_attr_to_ldap_attr[attr])
# Get pairs from a file or stdin
if options.data_file:
try:
av = ipautil.read_pairs_file(options.data_file)
pairs.update(av)
except Exception, e:
print "ERROR, could not read pairs (%s)" % (e)
# Get pairs specified on the command line as a named argument
if options.ip_addr is not None: pairs['Client-IP-Address'] = options.ip_addr
if options.secret is not None: pairs['Secret'] = options.secret
if options.name is not None: pairs['Name'] = options.name
if options.nastype is not None: pairs['NAS-Type'] = options.nastype
if options.desc is not None: pairs['Description'] = options.desc
# Get pairs specified on the command line as a pair argument
if options.attrs:
for p in options.attrs:
av = ipautil.parse_key_value_pairs(p)
pairs.update(av)
# Get pairs interactively
if options.interactive:
# Remove any mandatory attriubtes which have been previously specified
interactive_mandatory_attrs = copy.copy(mandatory_radius_attrs)
for attr in pairs.keys():
try:
interactive_mandatory_attrs.remove(attr)
except ValueError:
pass
c = ipautil.AttributeValueCompleter(radius_attrs, pairs)
c.open()
av = c.get_pairs("Enter: ", interactive_mandatory_attrs, radius_util.validate)
2007-11-23 10:35:22 -05:00
pairs.update(av)
2007-11-27 07:57:49 -05:00
c.close()
2007-11-23 10:35:22 -05:00
2007-11-27 07:57:49 -05:00
# FIXME: validation should be moved to xmlrpc server
2007-11-23 10:35:22 -05:00
2007-11-27 07:57:49 -05:00
# Data collection done, assure mandatory data has been specified
2007-11-23 10:35:22 -05:00
2007-11-27 07:57:49 -05:00
if pairs.has_key('Client-IP-Address') and pairs['Client-IP-Address'] != ip_addr:
print "ERROR, Client-IP-Address specified on command line (%s) does not match value found in pairs (%s)" % \
(ip_addr, pairs['Client-IP-Address'])
return 1
2007-11-23 10:35:22 -05:00
2007-11-27 07:57:49 -05:00
valid = True
for attr in mandatory_radius_attrs:
if not pairs.has_key(attr):
valid = False
print "ERROR, %s is mandatory, but has not been specified" % (attr)
if not valid:
return 1
2007-11-23 10:35:22 -05:00
2007-11-27 07:57:49 -05:00
# Make sure each attribute is a member of the set of valid attributes
valid = True
2007-11-23 10:35:22 -05:00
for attr,value in pairs.items():
2007-11-27 07:57:49 -05:00
if attr not in radius_attrs:
valid = False
print "ERROR, %s is not a valid attribute" % (attr)
if not valid:
print "Valid attributes are:"
print ipautil.format_list(radius_attrs, quote='"')
return 1
# Makse sure each value is valid
valid = True
for attr,value in pairs.items():
if not radius_util.validate(attr, value):
valid = False
if not valid:
return 1
# Dump what we've got so far
if options.verbose:
print "Pairs:"
for attr,value in pairs.items():
print "\t%s = %s" % (attr, value)
2007-11-23 10:35:22 -05:00
2007-11-27 07:57:49 -05:00
for attr,value in pairs.items():
radius_client.setValue(radius_attr_to_ldap_attr[attr], value)
Add radius profile implementations:
get_radius_profile_by_uid
add_radius_profile
update_radius_profile
delete_radius_profile
find_radius_profiles
Rewrite command line arg handling, now support pair entry, interactive
mode with auto completion, reading pairs from a file, better handling
of mandatory values, better help, long arg names now match attribute
name in pairs
Establish mappings for all attributes and names used in clients and
profiles
Add notion of containers to radius clients and profiles in LDAP
Move common code, variables, constants, and strings into the files
radius_client.py, radius_util.py, ipautil.py to eliminate redundant
elements which could get out of sync if modified and to provide access
to other code which might benefit from using these items in the
future.
Add utility functions:
format_list()
parse_key_value_pairs()
Add utility class:
AttributeValueCompleter
Unify attribute usage in radius ldap schema
2007-11-21 13:11:10 -05:00
2007-11-14 00:04:19 -05:00
try:
ipa_client.update_radius_client(radius_client)
print "successfully modified"
except xmlrpclib.Fault, f:
print f.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
return 0
if __name__ == "__main__":
sys.exit(main())
