IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

25 Create Tool for Enabling/Disabling Managed Entry Plugins

Browse Source 
Remove legacy ipa-host-net-manage
Add ipa-managed-entries tool
Add man page for ipa-managed-entries tool

https://fedorahosted.org/freeipa/ticket/1181
This commit is contained in:
JR Aquino 2011-09-20 09:13:42 -07:00 committed by Martin Kosek
parent 06ccb38c69
commit 1ac613fc18
7 changed files with 275 additions and 236 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
freeipa.spec.in
View File

@ -413,7 +413,7 @@ fi
%{_sbindir}/ipa-ldap-updater %{_sbindir}/ipa-ldap-updater
%{_sbindir}/ipa-compat-manage %{_sbindir}/ipa-compat-manage
%{_sbindir}/ipa-nis-manage %{_sbindir}/ipa-nis-manage
%{_sbindir}/ipa-host-net-manage %{_sbindir}/ipa-managed-entries
%{_sbindir}/ipactl %{_sbindir}/ipactl
%{_sbindir}/ipa-upgradeconfig %{_sbindir}/ipa-upgradeconfig
%{_sbindir}/ipa-compliance %{_sbindir}/ipa-compliance
@ -488,7 +488,7 @@ fi
%{_mandir}/man1/ipa-ca-install.1.gz %{_mandir}/man1/ipa-ca-install.1.gz
%{_mandir}/man1/ipa-compat-manage.1.gz %{_mandir}/man1/ipa-compat-manage.1.gz
%{_mandir}/man1/ipa-nis-manage.1.gz %{_mandir}/man1/ipa-nis-manage.1.gz
%{_mandir}/man1/ipa-host-net-manage.1.gz %{_mandir}/man1/ipa-managed-entries.1.gz
%{_mandir}/man1/ipa-ldap-updater.1.gz %{_mandir}/man1/ipa-ldap-updater.1.gz
%{_mandir}/man8/ipactl.8.gz %{_mandir}/man8/ipactl.8.gz
%{_mandir}/man1/ipa-compliance.1.gz %{_mandir}/man1/ipa-compliance.1.gz

2
install/po/Makefile.in
View File

@ -47,7 +47,7 @@ PY_EXPLICIT_FILES = \
install/tools/ipa-upgradeconfig \ install/tools/ipa-upgradeconfig \
install/tools/ipa-replica-prepare \ install/tools/ipa-replica-prepare \
install/tools/ipa-compat-manage \ install/tools/ipa-compat-manage \
install/tools/ipa-host-net-manage \ install/tools/ipa-managed-entries \
install/tools/ipa-server-install \ install/tools/ipa-server-install \
install/tools/ipa-ldap-updater \ install/tools/ipa-ldap-updater \
install/tools/ipa-dns-install \ install/tools/ipa-dns-install \

2
install/tools/Makefile.am
View File

@ -18,7 +18,7 @@ sbin_SCRIPTS = \
ipactl \ ipactl \
ipa-compat-manage \ ipa-compat-manage \
ipa-nis-manage \ ipa-nis-manage \
ipa-host-net-manage \ ipa-managed-entries \
ipa-ldap-updater \ ipa-ldap-updater \
ipa-upgradeconfig \ ipa-upgradeconfig \
ipa-compliance \ ipa-compliance \

220
install/tools/ipa-host-net-manage
View File

@ -1,220 +0,0 @@
#!/usr/bin/python
# Authors: Jr Aquino <jr.aquino@citrix.com>
# Authors: Rob Crittenden <rcritten@redhat.com>
# Authors: Simo Sorce <ssorce@redhat.com>
#
# Copyright (C) 2010 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import sys
try:
from optparse import OptionParser
from ipapython import ipautil, config
from ipaserver.install import installutils
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax
from ipaserver.plugins.ldap2 import ldap2
from ipalib import api, errors
import logging
import StringIO
import ldif
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def parse_options():
usage = "%prog [options] <enable|disable>\n"
usage += "%prog [options]\n"
parser = OptionParser(usage=usage, formatter=config.IPAFormatter())
parser.add_option("-d", "--debug", action="store_true", dest="debug",
help="Display debugging information about the update(s)")
parser.add_option("-y", dest="password",
help="File containing the Directory Manager password")
config.add_standard_options(parser)
options, args = parser.parse_args()
config.init_config(options)
return options, args
def get_dirman_password():
"""Prompt the user for the Directory Manager password and verify its
correctness.
"""
password = installutils.read_password("Directory Manager", confirm=False,
validate=False)
return password
def main():
retval = 0
loglevel = logging.ERROR
files = ['/usr/share/ipa/host_nis_groups.ldif']
def_dn = 'cn=NGP Definition,cn=Managed Entries,cn=plugins,cn=config'
options, args = parse_options()
if options.debug:
loglevel = logging.DEBUG
if len(args) != 1:
sys.exit("You must specify one action, either enable or disable")
elif args[0] != "enable" and args[0] != "disable" and args[0] != "status":
sys.exit("Unrecognized action [" + args[0] + "]")
logging.basicConfig(level=loglevel,
format='%(levelname)s %(message)s')
dirman_password = ""
if options.password:
pw = ipautil.template_file(options.password, [])
dirman_password = pw.strip()
else:
dirman_password = get_dirman_password()
api.bootstrap(context='cli', debug=options.debug)
api.finalize()
conn = None
try:
try:
conn = ldap2(shared_instance=False, base_dn='')
conn.connect(
bind_dn='cn=directory manager', bind_pw=dirman_password
)
except errors.ExecutionError, lde:
sys.exit("An error occurred while connecting to the server.\n%s\n" %
str(lde))
except errors.ACIError, e:
sys.exit("Authentication failed: %s" % e.info)
if args[0] == "status":
try:
dn, current_attr = conn.get_entry(def_dn, ['originfilter'],
normalize=False)
if current_attr['originfilter'] == [u'objectclass=ipahostgroup']:
print "Plugin Enabled"
else:
print "Plugin Disabled"
except errors.NotFound:
print "Plugin Disabled"
except errors.ExecutionError, lde:
print "An error occurred while talking to the server."
print lde
return 0
if args[0] == "enable":
try:
enable_attr = {'originfilter': 'objectclass=ipahostgroup'}
dn, current_attr = conn.get_entry(def_dn, ['originfilter'],
normalize=False)
if current_attr['originfilter'] == [u'objectclass=ipahostgroup']:
print "Plugin already Enabled"
else:
conn.update_entry(dn, enable_attr)
print "Enabling Plugin"
retval = 2
except errors.NotFound:
print "Enabling Plugin"
except errors.ExecutionError, lde:
print "An error occurred while talking to the server."
print lde
retval = 1
if retval == 0:
ldap_data = StringIO.StringIO()
ldapfile = open(files[0], 'r').readlines()
for line in ldapfile:
if line == 'changetype: add\n':
pass
else:
line = line.replace(
'$SUFFIX', api.env.basedn).replace('$$', '$')
ldap_data.write(line,)
parsing_data = ldif.LDIFRecordList(ldap_data)
print "Enabling Plugin"
print "This setting will not take effect until you restart \
Directory Server."
for dn, entry_attr in parsing_data.all_records:
try:
conn.update_entry(dn, entry_attr)
retval = 1
except errors.LDAPError, lde:
print "An error occurred while talking to the server."
print lde
retval = 1
elif args[0] == "disable":
# Make a quick hack for now, directly delete the entries by name,
# In future we should consider an alternative means for enabling/
# disabling.
try:
disable_attr = {'originfilter': 'objectclass=disabled'}
dn, current_attr = conn.get_entry(def_dn, ['originfilter'],
normalize=False)
if current_attr['originfilter'] == [u'objectclass=disabled']:
print "Plugin already disabled"
else:
conn.update_entry(dn, disable_attr)
print "Disabling Plugin"
except errors.NotFound:
print "Plugin is already disabled"
retval = 2
except errors.DatabaseError, dbe:
print "An error occurred while talking to the server."
print dbe
retval = 1
except errors.ExecutionError, lde:
print "An error occurred while talking to the server."
print lde
retval = 1
else:
retval = 1
finally:
if conn and conn.isconnected():
conn.disconnect()
return retval
try:
if __name__ == "__main__":
sys.exit(main())
except BadSyntax, e:
print "There is a syntax error in this update file:"
print " %s" % e
sys.exit(1)
except RuntimeError, e:
print "%s" % e
sys.exit(1)
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except config.IPAConfigError, e:
print "An IPA server to update cannot be found. Has one been configured yet?"
print "The error was: %s" % e
sys.exit(1)
except errors.LDAPError, e:
print "An error occurred while performing operations: %s" % e
sys.exit(1)

252
install/tools/ipa-managed-entries Executable file
View File

@ -0,0 +1,252 @@
#!/usr/bin/python
# Authors: Jr Aquino <jr.aquino@citrix.com>
#
# Copyright (C) 2011 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import ldap
import re
import sys
try:
from optparse import OptionParser
from ipapython import ipautil, config
from ipaserver.install import installutils
from ipaserver import ipaldap
from ipaserver.plugins.ldap2 import ldap2
from ipalib import api, errors
from ipalib.dn import *
import logging
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
CACERT = "/etc/ipa/ca.crt"
def parse_options():
usage = "%prog [options] <status|enable|disable>\n"
usage += "%prog [options]\n"
parser = OptionParser(usage=usage, formatter=config.IPAFormatter())
parser.add_option("-d", "--debug", action="store_true", dest="debug",
help="Display debugging information about the update(s)")
parser.add_option("-e", "--entry", dest="managed_entry",
default=None, type="string",
help="DN for the Managed Entry Definition")
parser.add_option("-l", "--list", dest="list_managed_entries",
action="store_true",
help="DN for the Managed Entry Definition")
parser.add_option("-p", dest="dirman_password",
help="Directory Manager password")
config.add_standard_options(parser)
options, args = parser.parse_args()
config.init_config(options)
return options, args
def get_dirman_password():
"""Prompt the user for the Directory Manager password and verify its
correctness.
"""
password = installutils.read_password("Directory Manager", confirm=False,
validate=True)
return password
def main():
retval = 0
loglevel = logging.ERROR
def_dn = None
options, args = parse_options()
if options.debug:
loglevel = logging.DEBUG
if options.list_managed_entries:
pass
elif len(args) != 1:
sys.exit("You must specify an action, either status, enable or disable")
elif args[0] != "enable" and args[0] != "disable" and args[0] != "status":
sys.exit("Unrecognized action [" + args[0] + "]")
logging.basicConfig(level=loglevel,
format='%(levelname)s %(message)s')
host = installutils.get_fqdn()
api.bootstrap(context='cli', debug=options.debug)
api.finalize()
managed_entry_definitions_dn = DN(
('cn', 'Definitions'),
('cn', 'Managed Entries'),
('cn', 'etc'),
DN(api.env.basedn)
)
managed_entry_definitions_dn = str(managed_entry_definitions_dn)
conn = None
try:
filter = '(objectClass=extensibleObject)'
conn = ipaldap.IPAdmin(host, 636, cacert=CACERT)
conn.do_sasl_gssapi_bind()
except ldap.LOCAL_ERROR:
if options.dirman_password:
dirman_password = options.dirman_password
else:
dirman_password = get_dirman_password()
conn.do_simple_bind(bindpw=dirman_password)
except errors.ExecutionError, lde:
sys.exit("An error occurred while connecting to the server.\n%s\n" %
str(lde))
except errors.ACIError, e:
sys.exit("Authentication failed: %s" % e.info)
if options.list_managed_entries:
# List available Managed Entry Plugins
managed_entries = None
entries = conn.search_s(
managed_entry_definitions_dn, ldap.SCOPE_SUBTREE, filter
)
managed_entries = [entry.dn for entry in entries]
if managed_entries:
print "Available Managed Entry Definitions:"
for managed_entry in managed_entries:
rdn = DN(managed_entry)
managed_entry = rdn[0].value
print managed_entry
retval = 0
sys.exit()
if not options.managed_entry:
sys.exit("\nYou must specify a managed entry definition")
else:
rdn = DN(
('cn', options.managed_entry),
DN(managed_entry_definitions_dn)
)
def_dn = str(rdn)
disabled = True
try:
entries = conn.search_s(def_dn,
ldap.SCOPE_BASE,
filter,
['originfilter'],
)
disable_attr = '(objectclass=disable)'
try:
org_filter = entries[0].originfilter
disabled = re.search(r'%s' % disable_attr, org_filter)
except KeyError:
sys.exit("%s is not a valid Managed Entry" % def_dn)
except ldap.NO_SUCH_OBJECT:
sys.exit("%s is not a valid Managed Entry" % def_dn)
except errors.NotFound:
sys.exit("%s is not a valid Managed Entry" % def_dn)
except errors.ExecutionError, lde:
print "An error occurred while talking to the server."
print lde
if args[0] == "status":
if not disabled:
print "Plugin Enabled"
else:
print "Plugin Disabled"
return 0
if args[0] == "enable":
try:
if not disabled:
print "Plugin already Enabled"
retval = 2
else:
# Remove disable_attr from filter
enable_attr = org_filter.replace(disable_attr, '')
#enable_attr = {'originfilter': enable_attr}
conn.modify_s(
def_dn,
[(ldap.MOD_REPLACE,
'originfilter',
enable_attr)]
)
print "Enabling Plugin"
retval = 0
except errors.NotFound:
print "Enabling Plugin"
except errors.ExecutionError, lde:
print "An error occurred while talking to the server."
print lde
retval = 1
elif args[0] == "disable":
# Set originFilter to objectclass=disabled
# In future we should we should dedicate an attribute for enabling/
# disabling.
try:
if disabled:
print "Plugin already disabled"
retval = 2
else:
if org_filter[:2] == '(&' and org_filter[-1] == ')':
disable_attr = org_filter[:2] + disable_attr + org_filter[2:]
else:
disable_attr = '(&%s(%s))' % (disable_attr, org_filter)
conn.modify_s(
def_dn,
[(ldap.MOD_REPLACE,
'originfilter',
disable_attr)]
)
print "Disabling Plugin"
except errors.NotFound:
print "Plugin is already disabled"
retval = 2
except errors.DatabaseError, dbe:
print "An error occurred while talking to the server."
print dbe
retval = 1
except errors.ExecutionError, lde:
print "An error occurred while talking to the server."
print lde
retval = 1
else:
retval = 1
return retval
try:
if __name__ == "__main__":
sys.exit(main())
except RuntimeError, e:
print "%s" % e
sys.exit(1)
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except config.IPAConfigError, e:
print "An IPA server to update cannot be found. Has one been configured yet?"
print "The error was: %s" % e
sys.exit(1)
except errors.LDAPError, e:
print "An error occurred while performing operations: %s" % e
sys.exit(1)

2
install/tools/man/Makefile.am
View File

@ -18,7 +18,7 @@ man1_MANS = \
ipa-ldap-updater.1 \ ipa-ldap-updater.1 \
ipa-compat-manage.1 \ ipa-compat-manage.1 \
ipa-nis-manage.1 \ ipa-nis-manage.1 \
ipa-host-net-manage.1 \ ipa-managed-entries.1 \
ipa-compliance.1 ipa-compliance.1
man8_MANS = \ man8_MANS = \

29
install/tools/man/ipa-host-net-manage.1 → install/tools/man/ipa-managed-entries.1
View File

@ -1,5 +1,5 @@
.\" A man page for ipa-host-net-manage .\" A man page for ipa-managed-entries
.\" Copyright (C) 2010 Red Hat, Inc. .\" Copyright (C) 2011 Red Hat, Inc.
.\" .\"
.\" This program is free software; you can redistribute it and/or modify .\" This program is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by .\" it under the terms of the GNU General Public License as published by
@ -16,29 +16,36 @@
.\" .\"
.\" Author: Jr Aquino <jr.aquino@citrix.com> .\" Author: Jr Aquino <jr.aquino@citrix.com>
.\" .\"
.TH "ipa-host-net-manage" "1" "Dec 2 2010" "FreeIPA" "FreeIPA Manual Pages" .TH "ipa-managed-entries" "1" "Sept 15 2011" "FreeIPA" "FreeIPA Manual
Pages"
.SH "NAME" .SH "NAME"
ipa\-host\-net\-manage \- Enables or disables the schema Managed Entry Hostgroup -to- Netgroup plugin ipa\-managed\-entries \- Enables or disables the schema Managed Entry plugins
.SH "SYNOPSIS" .SH "SYNOPSIS"
ipa\-host\-net\-manage [options] <enable|disable|status> ipa\-managed\-entries [options] <enable|disable|status>
.SH "DESCRIPTION" .SH "DESCRIPTION"
Run the command with the \fBenable\fR option to enable the Managed Entry Hostgroup -to- Netgroup plugin. Run the command with the \fBenable\fR option to enable the Managed Entry plugin.
Run the command with the \fBdisable\fR option to disable the Managed Entry Hostgroup -to- Netgroup plugin. Run the command with the \fBdisable\fR option to disable the Managed Entry plugin.
Run the command with the \fBstatus\fR to determine the current status of the Managed Entry Hostgroup -to- Netgroup plugin. Run the command with the \fBstatus\fR to determine the current status of the Managed Entry plugin.
In all cases the user will be prompted to provide the Directory Manager's password unless option \fB\-y\fR is used. In all cases the user will be prompted to provide the Directory Manager's password unless option \fB\-y\fR is used.
Directory Server will need to be restarted after the schema compatibility plugin has been enabled. Directory Server will need to be restarted after the Managed Entry plugin has been enabled.
.SH "OPTIONS" .SH "OPTIONS"
.TP .TP
\fB\-d\fR, \fB\-\-debug\fR \fB\-d\fR, \fB\-\-debug\fR
Enable debug logging when more verbose output is needed Enable debug logging when more verbose output is needed
.TP .TP
\fB\-y\fR \fIfile\fR \fB\-e\fR, \fB\-\-entries\fR
File containing the Directory Manager password DN for the Managed Entry Definition
.TP
\fB\-l\fR, \fB-\-list\fR
List available Managed Entries
.TP
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
The Directory Manager password to use for authentication
.SH "EXIT STATUS" .SH "EXIT STATUS"
0 if the command was successful 0 if the command was successful