IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

checkpoint bug fixing and cleanup of command line radius tools

Browse Source
This commit is contained in:
John Dennis
2007-11-27 21:29:50 -05:00
parent 5d1ca46ea7
commit 3fb9a81339
4 changed files with 183 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ipa-admintools/ipa-addradiusclient
View File

@@ -79,13 +79,13 @@ def main():
opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true', opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true',
help="print information") help="print information")
opt_parser.set_usage("Usage: %s [options] Client-IP-Address" % (os.path.basename(sys.argv[0]))) opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0])))
args = ipa.config.init_config(sys.argv) args = ipa.config.init_config(sys.argv)
options, args = opt_parser.parse_args(args) options, args = opt_parser.parse_args(args)
if len(args) < 2: if len(args) < 2:
opt_parser.error("missing Client-IP-Address") opt_parser.error('missing %s' % (distinguished_attr))
ip_addr = args[1] ip_addr = args[1]
pairs[distinguished_attr] = ip_addr pairs[distinguished_attr] = ip_addr
@@ -168,13 +168,13 @@ def main():
for attr,value in pairs.items(): for attr,value in pairs.items():
print "\t%s = %s" % (attr, value) print "\t%s = %s" % (attr, value)
radius_client = radius_util.RadiusClient() radius_entity = radius_util.RadiusClient()
for attr,value in pairs.items(): for attr,value in pairs.items():
radius_client.setValue(radius_attr_to_ldap_attr[attr], value) radius_entity.setValue(radius_attr_to_ldap_attr[attr], value)
try: try:
ipa_client = ipaclient.IPAClient() ipa_client = ipaclient.IPAClient()
ipa_client.add_radius_client(radius_client) ipa_client.add_radius_client(radius_entity)
print "successfully added" print "successfully added"
except xmlrpclib.Fault, f: except xmlrpclib.Fault, f:
print f.faultString print f.faultString

39
ipa-admintools/ipa-addradiusprofile
View File

@@ -21,7 +21,6 @@
import sys import sys
import os import os
from optparse import OptionParser from optparse import OptionParser
import copy
import ipa.ipaclient as ipaclient import ipa.ipaclient as ipaclient
import ipa.ipautil as ipautil import ipa.ipautil as ipautil
@@ -36,7 +35,10 @@ import ldap
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
radius_attrs = radius_util.radius_profile_attr_to_ldap_attr.keys() radius_attrs = radius_util.radius_profile_attr_to_ldap_attr.keys()
radius_attr_to_ldap_attr = radius_util.radius_profile_attr_to_ldap_attr
ldap_attr_to_radius_attr = radius_util.radius_profile_ldap_attr_to_radius_attr
mandatory_radius_attrs = ['UID'] mandatory_radius_attrs = ['UID']
distinguished_attr = 'UID'
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
@@ -60,7 +62,6 @@ def main():
opt_parser.add_option("-d", "--Description", dest="desc", opt_parser.add_option("-d", "--Description", dest="desc",
help="description of the RADIUS client") help="description of the RADIUS client")
opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback, opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
help="detailed help information") help="detailed help information")
opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False, opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False,
@@ -72,16 +73,16 @@ def main():
opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true', opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true',
help="print information") help="print information")
opt_parser.set_usage("Usage: %s [options] UID" % (os.path.basename(sys.argv[0]))) opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0])))
args = ipa.config.init_config(sys.argv) args = ipa.config.init_config(sys.argv)
options, args = opt_parser.parse_args(args) options, args = opt_parser.parse_args(args)
if len(args) < 2: if len(args) < 2:
opt_parser.error("missing UID") opt_parser.error('missing %s' % (distinguished_attr))
uid = args[1] uid = args[1]
pairs['UID'] = uid pairs[distinguished_attr] = uid
# Get pairs from a file or stdin # Get pairs from a file or stdin
if options.pair_file: if options.pair_file:
@@ -103,16 +104,16 @@ def main():
# Get pairs interactively # Get pairs interactively
if options.interactive: if options.interactive:
# Remove any mandatory attriubtes which have been previously specified # Prompt first for mandatory attributes which have not been previously specified
interactive_mandatory_attrs = copy.copy(mandatory_radius_attrs) prompted_mandatory_attrs = []
for attr in pairs.keys(): existing_attrs = pairs.keys():
try: for attr in mandatory_radius_attrs:
interactive_mandatory_attrs.remove(attr) if not attr in existing_attrs:
except ValueError: prompted_mandatory_attrs.append(attr)
pass
c = ipautil.AttributeValueCompleter(radius_attrs, pairs) c = ipautil.AttributeValueCompleter(radius_attrs, pairs)
c.open() c.open()
av = c.get_pairs("Enter: ", interactive_mandatory_attrs, radius_util.validate) av = c.get_pairs("Enter: ", prompted_mandatory_attrs, radius_util.validate)
pairs.update(av) pairs.update(av)
c.close() c.close()
@@ -120,9 +121,9 @@ def main():
# Data collection done, assure mandatory data has been specified # Data collection done, assure mandatory data has been specified
if pairs.has_key('UID') and pairs['UID'] != uid: if pairs.has_key(distinguished_attr) and pairs[distinguished_attr] != uid:
print "ERROR, uid specified on command line (%s) does not match value found in pairs (%s)" % \ print "ERROR, %s specified on command line (%s) does not match value found in pairs (%s)" % \
(uid, pairs['UID']) (distinguished_attr, uid, pairs[distinguished_attr])
return 1 return 1
valid = True valid = True
@@ -158,13 +159,13 @@ def main():
for attr,value in pairs.items(): for attr,value in pairs.items():
print "\t%s = %s" % (attr, value) print "\t%s = %s" % (attr, value)
radius_profile = radius_util.RadiusProfile() radius_entity = radius_util.RadiusProfile()
for attr,value in pairs.items(): for attr,value in pairs.items():
radius_profile.setValue(radius_util.radius_profile_attr_to_ldap_attr[attr], value) radius_entity.setValue(radius_attr_to_ldap_attr[attr], value)
try: try:
ipa_client = ipaclient.IPAClient() ipa_client = ipaclient.IPAClient()
ipa_client.add_radius_profile(radius_profile) ipa_client.add_radius_profile(radius_entity)
print "successfully added" print "successfully added"
except xmlrpclib.Fault, f: except xmlrpclib.Fault, f:
print f.faultString print f.faultString

19
ipa-admintools/ipa-radiusclientmod
View File

@@ -80,21 +80,20 @@ def main():
opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true', opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true',
help="print information") help="print information")
opt_parser.set_usage("Usage: %s [options] Client-IP-Address" % (os.path.basename(sys.argv[0]))) opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0])))
args = ipa.config.init_config(sys.argv) args = ipa.config.init_config(sys.argv)
options, args = opt_parser.parse_args(args) options, args = opt_parser.parse_args(args)
if len(args) < 2: if len(args) < 2:
opt_parser.error("missing Client-IP-Address") opt_parser.error('missing %s' % (distinguished_attr))
ip_addr = args[1] ip_addr = args[1]
# Verify client previously exists and get current values # Verify entity previously exists and get current values
radius_client = radius_util.RadiusClient()
ipa_client = ipaclient.IPAClient() ipa_client = ipaclient.IPAClient()
try: try:
radius_client = ipa_client.get_radius_client_by_ip_addr(ip_addr) radius_entity = ipa_client.get_radius_client_by_ip_addr(ip_addr)
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND): except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND):
print "client %s not found" % ip_addr print "client %s not found" % ip_addr
return 1 return 1
@@ -135,7 +134,7 @@ def main():
deletable_attrs = [] deletable_attrs = []
for radius_attr in radius_attrs: for radius_attr in radius_attrs:
if radius_attr in mandatory_radius_attrs: continue if radius_attr in mandatory_radius_attrs: continue
if radius_client.hasAttr(radius_attr_to_ldap_attr[radius_attr]): if radius_entity.hasAttr(radius_attr_to_ldap_attr[radius_attr]):
deletable_attrs.append(radius_attr) deletable_attrs.append(radius_attr)
if deletable_attrs: if deletable_attrs:
@@ -172,7 +171,7 @@ def main():
print "\t%s" % (attr) print "\t%s" % (attr)
for attr in attrs: for attr in attrs:
radius_client.delValue(radius_attr_to_ldap_attr[attr]) radius_entity.delValue(radius_attr_to_ldap_attr[attr])
else: else:
pairs = {} pairs = {}
@@ -180,7 +179,7 @@ def main():
# Populate the pair list with pre-existing values # Populate the pair list with pre-existing values
for attr in radius_attrs: for attr in radius_attrs:
pairs[attr] = radius_client.getValues(radius_attr_to_ldap_attr[attr]) pairs[attr] = radius_entity.getValues(radius_attr_to_ldap_attr[attr])
# Get pairs from a file or stdin # Get pairs from a file or stdin
if options.data_file: if options.data_file:
@@ -248,10 +247,10 @@ def main():
print "\t%s = %s" % (attr, value) print "\t%s = %s" % (attr, value)
for attr,value in pairs.items(): for attr,value in pairs.items():
radius_client.setValue(radius_attr_to_ldap_attr[attr], value) radius_entity.setValue(radius_attr_to_ldap_attr[attr], value)
try: try:
ipa_client.update_radius_client(radius_client) ipa_client.update_radius_client(radius_entity)
print "successfully modified" print "successfully modified"
except xmlrpclib.Fault, f: except xmlrpclib.Fault, f:
print f.faultString print f.faultString

237
ipa-admintools/ipa-radiusprofilemod
View File

@@ -21,7 +21,7 @@
import sys import sys
import os import os
from optparse import OptionParser from optparse import OptionParser
import copy from sets import Set
import ipa.ipaclient as ipaclient import ipa.ipaclient as ipaclient
import ipa.ipautil as ipautil import ipa.ipautil as ipautil
@@ -36,7 +36,10 @@ import ldap
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
radius_attrs = radius_util.radius_profile_attr_to_ldap_attr.keys() radius_attrs = radius_util.radius_profile_attr_to_ldap_attr.keys()
radius_attr_to_ldap_attr = radius_util.radius_profile_attr_to_ldap_attr
ldap_attr_to_radius_attr = radius_util.radius_profile_ldap_attr_to_radius_attr
mandatory_radius_attrs = ['UID'] mandatory_radius_attrs = ['UID']
distinguished_attr = 'UID'
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
@@ -51,8 +54,6 @@ def help_option_callback(option, opt_str, value, parser, *args, **kwargs):
sys.exit(0) sys.exit(0)
def main(): def main():
pairs = {}
opt_parser = OptionParser(add_help_option=False) opt_parser = OptionParser(add_help_option=False)
opt_parser.add_option("-u", "--uid", dest="uid", opt_parser.add_option("-u", "--uid", dest="uid",
@@ -62,35 +63,34 @@ def main():
opt_parser.add_option("-d", "--Description", dest="desc", opt_parser.add_option("-d", "--Description", dest="desc",
help="description of the RADIUS client") help="description of the RADIUS client")
opt_parser.add_option("-D", "--delete-attrs", dest="delete_attrs", action='store_true', default=False,
help="delete the specified attributes")
opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback, opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
help="detailed help information") help="detailed help information")
opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False, opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False,
help="interactive mode, prompts with auto-completion") help="interactive mode, prompts with auto-completion")
opt_parser.add_option("-p", "--pair", dest="pairs", action='append', opt_parser.add_option("-A", "--attr", dest="attrs", action='append',
help="specify one or more attribute=value pair(s), value may be optionally quoted, pairs are delimited by whitespace") help="If adding or modifying then this argument specifies one or more attribute=value pair(s), value may be optionally quoted, pairs are seperated by whitespace. If deleting attributes then this argument specifies one or more attribute names seperated by whitespace or commas")
opt_parser.add_option("-f", "--file", dest="pair_file", opt_parser.add_option("-f", "--file", dest="data_file",
help="attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. Reads from stdin if file is -") help="If adding or modifying then attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. If deleting attributes then attributes are read from file, attributes are seperated by whitespace or commas. Reads from stdin if file is -")
opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true', opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true',
help="print information") help="print information")
opt_parser.set_usage("Usage: %s [options] Client-IP-Address" % (os.path.basename(sys.argv[0]))) opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0])))
args = ipa.config.init_config(sys.argv) args = ipa.config.init_config(sys.argv)
options, args = opt_parser.parse_args(args) options, args = opt_parser.parse_args(args)
if len(args) < 2: if len(args) < 2:
opt_parser.error("missing uid") opt_parser.error('missing %s' % (distinguished_attr))
uid = args[1] uid = args[1]
pairs['UID'] = uid
user_profile = not options.shared user_profile = not options.shared
# Verify profile previously exists and get current values # Verify entity previously exists and get current values
radius_profile = radius_util.RadiusClient()
ipa_client = ipaclient.IPAClient() ipa_client = ipaclient.IPAClient()
try: try:
radius_profile = ipa_client.get_radius_profile_by_uid(uid, user_profile) radius_entity = ipa_client.get_radius_profile_by_uid(uid, user_profile)
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND): except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND):
print "profile %s not found" % uid print "profile %s not found" % uid
return 1 return 1
@@ -101,92 +101,153 @@ def main():
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0]) print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1 return 1
# Populate the pair list with pre-existing values # Deleteing attributes is fundamentally different than adding/modifying an attribute.
for attr in radius_attrs: # When adding/modifying there is always a value the attribute is paired with,
value = radius_profile.getValues(radius_util.radius_profile_attr_to_ldap_attr[attr]) # so handle the two cases independently.
if value is None: continue if options.delete_attrs:
pairs[attr] = value attrs = Set()
# Get attrs from a file or stdin
# Get pairs from a file or stdin if options.data_file:
if options.pair_file:
try:
av = ipautil.read_pairs_file(options.pair_file)
pairs.update(av)
except Exception, e:
print "ERROR, could not read pairs (%s)" % (e)
# Get pairs specified on the command line as a named argument
if options.uid is not None: pairs['UID'] = options.uid
if options.desc is not None: pairs['Description'] = options.desc
# Get pairs specified on the command line as a pair argument
if options.pairs:
for p in options.pairs:
av = ipautil.parse_key_value_pairs(p)
pairs.update(av)
# Get pairs interactively
if options.interactive:
# Remove any mandatory attriubtes which have been previously specified
interactive_mandatory_attrs = copy.copy(mandatory_radius_attrs)
for attr in pairs.keys():
try: try:
interactive_mandatory_attrs.remove(attr) items = ipautil.read_items_file(options.data_file)
except ValueError: attrs.update(items)
pass except Exception, e:
c = ipautil.AttributeValueCompleter(radius_attrs, pairs) print "ERROR, could not read attrs (%s)" % (e)
c.open()
av = c.get_pairs("Enter: ", interactive_mandatory_attrs, radius_util.validate)
pairs.update(av)
c.close()
# FIXME: validation should be moved to xmlrpc server # Get attrs specified on the command line as a named argument
if options.secret is not None: attrs.add('Secret')
if options.name is not None: attrs.add('Name')
if options.nastype is not None: attrs.add('NAS-Type')
if options.desc is not None: attrs.add('Description')
# Data collection done, assure mandatory data has been specified # Get attrs specified on the command line as a attr argument
if options.attrs:
for a in options.attrs:
items = ipautil.parse_items(a)
attrs.update(items)
if pairs.has_key('UID') and pairs['UID'] != uid: # Get attrs interactively
print "ERROR, uid specified on command line (%s) does not match value found in pairs (%s)" % \ if options.interactive:
(uid, pairs['UID']) deletable_attrs = []
return 1 for radius_attr in radius_attrs:
if radius_attr in mandatory_radius_attrs: continue
if radius_entity.hasAttr(radius_attr_to_ldap_attr[radius_attr]):
deletable_attrs.append(radius_attr)
valid = True if deletable_attrs:
for attr in mandatory_radius_attrs: c = ipautil.ItemCompleter(deletable_attrs)
if not pairs.has_key(attr): c.open()
valid = False items = c.get_items("Enter: ")
print "ERROR, %s is mandatory, but has not been specified" % (attr) attrs.update(items)
if not valid: c.close()
return 1
# Make sure each attribute is a member of the set of valid attributes # Data collection done, assure no mandatory attrs are in the delete list
valid = True valid = True
for attr,value in pairs.items(): for attr in mandatory_radius_attrs:
if attr not in radius_attrs: if attr in attrs:
valid = False valid = False
print "ERROR, %s is not a valid attribute" % (attr) print "ERROR, %s is mandatory, but is set to be deleted" % (attr)
if not valid: if not valid:
print "Valid attributes are:" return 1
print ipautil.format_list(radius_attrs, quote='"')
return 1
# Makse sure each value is valid # Make sure each attribute is a member of the set of valid attributes
valid = True valid = True
for attr,value in pairs.items(): for attr in attrs:
if not radius_util.validate(attr, value): if attr not in radius_attrs:
valid = False valid = False
if not valid: print "ERROR, %s is not a valid attribute" % (attr)
return 1 if not valid:
print "Valid attributes are:"
print ipautil.format_list(radius_attrs, quote='"')
return 1
# Dump what we've got so far # Dump what we've got so far
if options.verbose: if options.verbose:
print "Pairs:" print "Attributes:"
for attr in attrs:
print "\t%s" % (attr)
for attr in attrs:
radius_entity.delValue(radius_attr_to_ldap_attr[attr])
else:
pairs = {}
pairs[distinguished_attr] = ip_addr
# Populate the pair list with pre-existing values
for attr in radius_attrs:
pairs[attr] = radius_entity.getValues(radius_attr_to_ldap_attr[attr])
# Get pairs from a file or stdin
if options.data_file:
try:
av = ipautil.read_pairs_file(options.data_file)
pairs.update(av)
except Exception, e:
print "ERROR, could not read pairs (%s)" % (e)
# Get pairs specified on the command line as a named argument
if options.ip_addr is not None: pairs[distinguished_attr] = options.ip_addr
if options.secret is not None: pairs['Secret'] = options.secret
if options.name is not None: pairs['Name'] = options.name
if options.nastype is not None: pairs['NAS-Type'] = options.nastype
if options.desc is not None: pairs['Description'] = options.desc
# Get pairs specified on the command line as a pair argument
if options.attrs:
for p in options.attrs:
av = ipautil.parse_key_value_pairs(p)
pairs.update(av)
# Get pairs interactively
if options.interactive:
prompted_attrs = radius_attrs[:]
prompted_attrs.remove(distinguished_attr)
c = ipautil.AttributeValueCompleter(prompted_attrs, pairs)
c.open()
av = c.get_pairs("Enter: ", validate_callback=radius_util.validate)
pairs.update(av)
c.close()
# FIXME: validation should be moved to xmlrpc server
# Data collection done, assure mandatory data has been specified
if pairs.has_key(distinguished_attr) and pairs[distinguished_attr] != ip_addr:
print "ERROR, %s specified on command line (%s) does not match value found in pairs (%s)" % \
(distinguished_attr, ip_addr, pairs[distinguished_attr])
return 1
# Make sure each attribute is a member of the set of valid attributes
valid = True
for attr,value in pairs.items(): for attr,value in pairs.items():
print "\t%s = %s" % (attr, value) if attr not in radius_attrs:
valid = False
print "ERROR, %s is not a valid attribute" % (attr)
if not valid:
print "Valid attributes are:"
print ipautil.format_list(radius_attrs, quote='"')
return 1
for attr,value in pairs.items(): # Makse sure each value is valid
radius_profile.setValue(radius_util.radius_profile_attr_to_ldap_attr[attr], value) valid = True
for attr,value in pairs.items():
if not radius_util.validate(attr, value):
valid = False
if not valid:
return 1
# Dump what we've got so far
if options.verbose:
print "Pairs:"
for attr,value in pairs.items():
print "\t%s = %s" % (attr, value)
for attr,value in pairs.items():
radius_entity.setValue(radius_attr_to_ldap_attr[attr], value)
try: try:
ipa_client.update_radius_profile(radius_profile) ipa_client.update_radius_profile(radius_entity)
print "successfully modified" print "successfully modified"
except xmlrpclib.Fault, f: except xmlrpclib.Fault, f:
print f.faultString print f.faultString