IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

remove radius_client.py, move contents to radius_util.py

Browse Source
This commit is contained in:
John Dennis
2007-11-26 11:12:58 -05:00
parent 2c2069d3ec
commit 4f33d67418
7 changed files with 155 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ipa-admintools/ipa-addradiusclient
View File

@@ -23,7 +23,6 @@ import os
from optparse import OptionParser
import copy
from ipa.radius_client import *
import ipa.ipaclient as ipaclient
import ipa.ipautil as ipautil
import ipa.config
@@ -121,7 +120,7 @@ def main():
pass
c = ipautil.AttributeValueCompleter(radius_attrs, pairs)
c.open()
av = c.get_pairs("Enter: ", interactive_mandatory_attrs, validate)
av = c.get_pairs("Enter: ", interactive_mandatory_attrs, radius_util.validate)
pairs.update(av)
c.close()
@@ -156,7 +155,7 @@ def main():
# Makse sure each value is valid
valid = True
for attr,value in pairs.items():
if not validate(attr, value):
if not radius_util.validate(attr, value):
valid = False
if not valid:
return 1
@@ -167,7 +166,7 @@ def main():
for attr,value in pairs.items():
print "\t%s = %s" % (attr, value)
radius_client = ipa.radius_client.RadiusClient()
radius_client = radius_util.RadiusClient()
for attr,value in pairs.items():
radius_client.setValue(radius_util.radius_client_attr_to_ldap_attr[attr], value)

1
ipa-admintools/ipa-delradiusclient
View File

@@ -22,7 +22,6 @@ import os
import sys
from optparse import OptionParser
import ipa
from ipa.radius_client import *
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.config

1
ipa-admintools/ipa-findradiusclient
View File

@@ -22,7 +22,6 @@ import os
import sys
from optparse import OptionParser
import ipa
from ipa.radius_client import *
from ipa import radius_util
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate

7
ipa-admintools/ipa-radiusclientmod
View File

@@ -23,7 +23,6 @@ import os
from optparse import OptionParser
import copy
from ipa.radius_client import *
import ipa.ipaclient as ipaclient
import ipa.ipautil as ipautil
import ipa.config
@@ -90,7 +89,7 @@ def main():
pairs['Client-IP-Address'] = ip_addr
# Verify client previously exists and get current values
radius_client = ipa.radius_client.RadiusClient()
radius_client = radius_util.RadiusClient()
ipa_client = ipaclient.IPAClient()
try:
radius_client = ipa_client.get_radius_client_by_ip_addr(ip_addr)
@@ -141,7 +140,7 @@ def main():
pass
c = ipautil.AttributeValueCompleter(radius_attrs, pairs)
c.open()
av = c.get_pairs("Enter: ", interactive_mandatory_attrs, validate)
av = c.get_pairs("Enter: ", interactive_mandatory_attrs, radius_util.validate)
pairs.update(av)
c.close()
@@ -176,7 +175,7 @@ def main():
# Makse sure each value is valid
valid = True
for attr,value in pairs.items():
if not validate(attr, value):
if not radius_util.validate(attr, value):
valid = False
if not valid:
return 1

4
ipa-python/ipaclient.py
View File

@@ -27,7 +27,7 @@ import user
import group
import ipa
import config
import radius_client
import radius_util
class IPAClient:
@@ -336,7 +336,7 @@ class IPAClient:
# radius support
def get_radius_client_by_ip_addr(self, ip_addr, container=None, sattrs=None):
result = self.transport.get_radius_client_by_ip_addr(ip_addr, container, sattrs)
return radius_client.RadiusClient(result)
return radius_util.RadiusClient(result)
def add_radius_client(self,client, container=None):
client_dict = client.toDict()

165
ipa-python/radius_client.py
View File

@@ -1,165 +0,0 @@
# Authors: John Dennis <jdennis@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import getpass
import re
from ipa.entity import Entity
import ipa.ipavalidate as ipavalidate
__all__ = ['RadiusClient',
'get_secret',
'validate_ip_addr',
'validate_secret',
'validate_name',
'validate_nastype',
'validate_desc',
'validate',
]
#------------------------------------------------------------------------------
dotted_octet_re = re.compile(r"^(\d+)\.(\d+)\.(\d+)\.(\d+)(/(\d+))?$")
dns_re = re.compile(r"^[a-zA-Z][a-zA-Z0-9.-]+$")
# secret, name, nastype all have 31 char max in freeRADIUS, max ip address len is 255
valid_secret_len = (1,31)
valid_name_len = (1,31)
valid_nastype_len = (1,31)
valid_ip_addr_len = (1,255)
valid_ip_addr_msg = '''\
IP address must be either a DNS name (letters,digits,dot,hyphen, beginning with
a letter),or a dotted octet followed by an optional mask (e.g 192.168.1.0/24)'''
valid_desc_msg = "Description must text string"
#------------------------------------------------------------------------------
class RadiusClient(Entity):
def __init2__(self):
pass
#------------------------------------------------------------------------------
def get_secret():
valid = False
while (not valid):
secret = getpass.getpass("Enter Secret: ")
confirm = getpass.getpass("Confirm Secret: ")
if (secret != confirm):
print "Secrets do not match"
continue
valid = True
return secret
#------------------------------------------------------------------------------
def valid_ip_addr(text):
# is it a dotted octet? If so there should be 4 integers seperated
# by a dot and each integer should be between 0 and 255
# there may be an optional mask preceded by a slash (e.g. 1.2.3.4/24)
match = dotted_octet_re.search(text)
if match:
# dotted octet notation
i = 1
while i <= 4:
octet = int(match.group(i))
if octet > 255: return False
i += 1
if match.group(5):
mask = int(match.group(6))
if mask <= 32:
return True
else:
return False
return True
else:
# DNS name, can contain letters, numbers, dot and hypen, must start with a letter
if dns_re.search(text): return True
return False
def validate_length(value, limits):
length = len(value)
if length < limits[0] or length > limits[1]:
return False
return True
def valid_length_msg(name, limits):
return "%s length must be at least %d and not more than %d" % (name, limits[0], limits[1])
def err_msg(variable, variable_name=None):
if variable_name is None: variable_name = 'value'
print "ERROR: %s = %s" % (variable_name, variable)
#------------------------------------------------------------------------------
def validate_ip_addr(ip_addr, variable_name=None):
if not validate_length(ip_addr, valid_ip_addr_len):
err_msg(ip_addr, variable_name)
print valid_length_msg('ip address', valid_ip_addr_len)
return False
if not valid_ip_addr(ip_addr):
err_msg(ip_addr, variable_name)
print valid_ip_addr_msg
return False
return True
def validate_secret(secret, variable_name=None):
if not validate_length(secret, valid_secret_len):
err_msg(secret, variable_name)
print valid_length_msg('secret', valid_secret_len)
return False
return True
def validate_name(name, variable_name=None):
if not validate_length(name, valid_name_len):
err_msg(name, variable_name)
print valid_length_msg('name', valid_name_len)
return False
return True
def validate_nastype(nastype, variable_name=None):
if not validate_length(nastype, valid_nastype_len):
err_msg(nastype, variable_name)
print valid_length_msg('NAS Type', valid_nastype_len)
return False
return True
def validate_desc(desc, variable_name=None):
if ipavalidate.plain(desc, notEmpty=True) != 0:
print valid_desc_msg
return False
return True
def validate(attribute, value):
if attribute == 'Client-IP-Address':
return validate_ip_addr(value, attribute)
if attribute == 'Secret':
return validate_secret(value, attribute)
if attribute == 'NAS-Type':
return validate_nastype(value, attribute)
if attribute == 'Name':
return validate_name(value, attribute)
if attribute == 'Description':
return validate_desc(value, attribute)
return True

148
ipa-python/radius_util.py
View File

@@ -21,9 +21,12 @@ import sys
import os
import re
import ldap
import getpass
import ldap.filter
from ipa import ipautil
from ipa.entity import Entity
import ipa.ipavalidate as ipavalidate
__all__ = [
@@ -37,6 +40,9 @@ __all__ = [
'RADIUSD_CONF_TEMPLATE_FILEPATH',
'RADIUSD',
'RadiusClient',
'RadiusProfile',
'clients_container',
'radius_clients_basedn',
'radius_client_filter',
@@ -54,7 +60,15 @@ __all__ = [
'radius_profile_attr_to_ldap_attr',
'read_pairs_file',
]
'get_secret',
'validate_ip_addr',
'validate_secret',
'validate_name',
'validate_nastype',
'validate_desc',
'validate',
]
#------------------------------------------------------------------------------
@@ -71,6 +85,35 @@ RADIUSD_CONF_TEMPLATE_FILEPATH = os.path.join(ipautil.SHARE_DIR, 'radius.rad
RADIUSD = '/usr/sbin/radiusd'
#------------------------------------------------------------------------------
dotted_octet_re = re.compile(r"^(\d+)\.(\d+)\.(\d+)\.(\d+)(/(\d+))?$")
dns_re = re.compile(r"^[a-zA-Z][a-zA-Z0-9.-]+$")
# secret, name, nastype all have 31 char max in freeRADIUS, max ip address len is 255
valid_secret_len = (1,31)
valid_name_len = (1,31)
valid_nastype_len = (1,31)
valid_ip_addr_len = (1,255)
valid_ip_addr_msg = '''\
IP address must be either a DNS name (letters,digits,dot,hyphen, beginning with
a letter),or a dotted octet followed by an optional mask (e.g 192.168.1.0/24)'''
valid_desc_msg = "Description must text string"
#------------------------------------------------------------------------------
class RadiusClient(Entity):
def __init2__(self):
pass
class RadiusProfile(Entity):
def __init2__(self):
pass
#------------------------------------------------------------------------------
def reverse_map_dict(src_dict):
@@ -232,3 +275,106 @@ def get_ldap_attr_translations():
#for k,v in ldap_attr_to_radius_attr.items():
# print '%s --> %s' % (k,v)
def get_secret():
valid = False
while (not valid):
secret = getpass.getpass("Enter Secret: ")
confirm = getpass.getpass("Confirm Secret: ")
if (secret != confirm):
print "Secrets do not match"
continue
valid = True
return secret
#------------------------------------------------------------------------------
def valid_ip_addr(text):
# is it a dotted octet? If so there should be 4 integers seperated
# by a dot and each integer should be between 0 and 255
# there may be an optional mask preceded by a slash (e.g. 1.2.3.4/24)
match = dotted_octet_re.search(text)
if match:
# dotted octet notation
i = 1
while i <= 4:
octet = int(match.group(i))
if octet > 255: return False
i += 1
if match.group(5):
mask = int(match.group(6))
if mask <= 32:
return True
else:
return False
return True
else:
# DNS name, can contain letters, numbers, dot and hypen, must start with a letter
if dns_re.search(text): return True
return False
def validate_length(value, limits):
length = len(value)
if length < limits[0] or length > limits[1]:
return False
return True
def valid_length_msg(name, limits):
return "%s length must be at least %d and not more than %d" % (name, limits[0], limits[1])
def err_msg(variable, variable_name=None):
if variable_name is None: variable_name = 'value'
print "ERROR: %s = %s" % (variable_name, variable)
#------------------------------------------------------------------------------
def validate_ip_addr(ip_addr, variable_name=None):
if not validate_length(ip_addr, valid_ip_addr_len):
err_msg(ip_addr, variable_name)
print valid_length_msg('ip address', valid_ip_addr_len)
return False
if not valid_ip_addr(ip_addr):
err_msg(ip_addr, variable_name)
print valid_ip_addr_msg
return False
return True
def validate_secret(secret, variable_name=None):
if not validate_length(secret, valid_secret_len):
err_msg(secret, variable_name)
print valid_length_msg('secret', valid_secret_len)
return False
return True
def validate_name(name, variable_name=None):
if not validate_length(name, valid_name_len):
err_msg(name, variable_name)
print valid_length_msg('name', valid_name_len)
return False
return True
def validate_nastype(nastype, variable_name=None):
if not validate_length(nastype, valid_nastype_len):
err_msg(nastype, variable_name)
print valid_length_msg('NAS Type', valid_nastype_len)
return False
return True
def validate_desc(desc, variable_name=None):
if ipavalidate.plain(desc, notEmpty=True) != 0:
print valid_desc_msg
return False
return True
def validate(attribute, value):
if attribute == 'Client-IP-Address':
return validate_ip_addr(value, attribute)
if attribute == 'Secret':
return validate_secret(value, attribute)
if attribute == 'NAS-Type':
return validate_nastype(value, attribute)
if attribute == 'Name':
return validate_name(value, attribute)
if attribute == 'Description':
return validate_desc(value, attribute)
return True