mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 07:33:27 -06:00
Remove some duplicated code that was moved to ipaserver and use it Remove some unused files
This commit is contained in:
parent
baef3003bc
commit
6b34f07720
@ -28,8 +28,8 @@ try:
|
||||
from optparse import OptionParser
|
||||
from ipaserver import ipaldap
|
||||
from ipa import entity, ipaerror, ipautil, config
|
||||
from ipaserver import installutils
|
||||
from ipaserver.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
|
||||
from ipaserver.install import installutils
|
||||
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
|
||||
import ldap
|
||||
import logging
|
||||
import re
|
||||
|
9
install/tools/ipa-replica-install
Normal file → Executable file
9
install/tools/ipa-replica-install
Normal file → Executable file
@ -26,8 +26,9 @@ import ldap
|
||||
|
||||
from ipa import ipautil
|
||||
|
||||
from ipaserver import dsinstance, replication, installutils, krbinstance, service
|
||||
from ipaserver import httpinstance, ntpinstance, certs, ipaldap
|
||||
from ipaserver.install import dsinstance, replication, installutils, krbinstance, service
|
||||
from ipaserver.install import httpinstance, ntpinstance, certs
|
||||
from ipaserver import ipaldap
|
||||
from ipa import version
|
||||
|
||||
CACERT="/usr/share/ipa/html/ca.crt"
|
||||
@ -266,10 +267,6 @@ def main():
|
||||
fd.write("domain=" + config.domain_name + "\n")
|
||||
fd.close()
|
||||
|
||||
# Create a Web Gui instance
|
||||
webgui = httpinstance.WebGuiInstance()
|
||||
webgui.create_instance()
|
||||
|
||||
# Apply any LDAP updates. Needs to be done after the replica is synced-up
|
||||
service.print_msg("Applying LDAP updates")
|
||||
ds.apply_updates()
|
||||
|
3
install/tools/ipa-replica-prepare
Normal file → Executable file
3
install/tools/ipa-replica-prepare
Normal file → Executable file
@ -28,7 +28,8 @@ from optparse import OptionParser
|
||||
|
||||
import ipa.config
|
||||
from ipa import ipautil
|
||||
from ipaserver import dsinstance, installutils, certs, ipaldap
|
||||
from ipaserver.install import dsinstance, installutils, certs
|
||||
from ipaserver import ipaldap
|
||||
from ipa import version
|
||||
import ldap
|
||||
|
||||
|
@ -49,6 +49,7 @@ from ipaserver.install.installutils import *
|
||||
|
||||
from ipa import sysrestore
|
||||
from ipa.ipautil import *
|
||||
from ipalib import util
|
||||
|
||||
pw_name = None
|
||||
|
||||
@ -531,6 +532,16 @@ def main():
|
||||
fd.write("domain=" + domain_name + "\n")
|
||||
fd.close()
|
||||
|
||||
# Create the management framework config file
|
||||
fstore.backup_file("/etc/ipa/default.conf")
|
||||
fd = open("/etc/ipa/default.conf", "w")
|
||||
fd.write("[global]\n")
|
||||
fd.write("basedn=" + util.realm_to_suffix(realm_name) + "\n")
|
||||
fd.write("realm=" + realm_name + "\n")
|
||||
fd.write("domain=" + domain_name + "\n")
|
||||
fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % host_name)
|
||||
fd.close()
|
||||
|
||||
bind = bindinstance.BindInstance(fstore)
|
||||
bind.setup(host_name, ip_address, realm_name, domain_name)
|
||||
if options.setup_bind:
|
||||
|
@ -1,166 +0,0 @@
|
||||
# Copyright (C) 2007 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation; version 2 only
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
|
||||
import re
|
||||
import urllib
|
||||
import ldap
|
||||
|
||||
import ipa.ipautil
|
||||
|
||||
class ACI:
|
||||
"""
|
||||
Holds the basic data for an ACI entry, as stored in the cn=accounts
|
||||
entry in LDAP. Has methods to parse an ACI string and export to an
|
||||
ACI String.
|
||||
"""
|
||||
|
||||
def __init__(self,acistr=None):
|
||||
self.name = ''
|
||||
self.source_group = ''
|
||||
self.dest_group = ''
|
||||
self.attrs = []
|
||||
self.orig_acistr = acistr
|
||||
if acistr is not None:
|
||||
self.parse_acistr(acistr)
|
||||
|
||||
def __getitem__(self,key):
|
||||
"""Fake getting attributes by key for sorting"""
|
||||
if key == 0:
|
||||
return self.name
|
||||
if key == 1:
|
||||
return self.source_group
|
||||
if key == 2:
|
||||
return self.dest_group
|
||||
raise TypeError("Unknown key value %s" % key)
|
||||
|
||||
def export_to_string(self):
|
||||
"""Converts the ACI to a string suitable for an LDAP aci attribute."""
|
||||
attrs_str = ' || '.join(self.attrs)
|
||||
|
||||
# dest_group and source_group are assumed to be pre-escaped.
|
||||
# dn's aren't typed in, but searched for, and the search results
|
||||
# will return escaped dns
|
||||
|
||||
acistr = ('(targetattr="%s")' +
|
||||
'(targetfilter="(memberOf=%s)")' +
|
||||
'(version 3.0;' +
|
||||
'acl "%s";' +
|
||||
'allow (write) ' +
|
||||
'groupdn="ldap:///%s";)') % (attrs_str,
|
||||
self.dest_group,
|
||||
self.name,
|
||||
urllib.quote(self.source_group, "/=, "))
|
||||
return acistr
|
||||
|
||||
def to_dict(self):
|
||||
result = ipa.ipautil.CIDict()
|
||||
result['name'] = self.name
|
||||
result['source_group'] = self.source_group
|
||||
result['dest_group'] = self.dest_group
|
||||
result['attrs'] = self.attrs
|
||||
result['orig_acistr'] = self.orig_acistr
|
||||
|
||||
return result
|
||||
|
||||
def _match(self, prefix, inputstr):
|
||||
"""Returns inputstr with prefix removed, or else raises a
|
||||
SyntaxError."""
|
||||
if inputstr.startswith(prefix):
|
||||
return inputstr[len(prefix):]
|
||||
else:
|
||||
raise SyntaxError, "'%s' not found at '%s'" % (prefix, inputstr)
|
||||
|
||||
def _match_str(self, inputstr):
|
||||
"""Tries to extract a " delimited string from the front of inputstr.
|
||||
Returns (string, inputstr) where:
|
||||
- string is the extracted string (minus the enclosing " chars)
|
||||
- inputstr is the parameter with the string removed.
|
||||
Raises SyntaxError is a string is not found."""
|
||||
if not inputstr.startswith('"'):
|
||||
raise SyntaxError, "string not found at '%s'" % inputstr
|
||||
|
||||
found = False
|
||||
start_index = 1
|
||||
final_index = 1
|
||||
while not found and (final_index < len(inputstr)):
|
||||
if inputstr[final_index] == '\\':
|
||||
final_index += 2
|
||||
elif inputstr[final_index] == '"':
|
||||
found = True
|
||||
else:
|
||||
final_index += 1
|
||||
if not found:
|
||||
raise SyntaxError, "string not found at '%s'" % inputstr
|
||||
|
||||
match = inputstr[start_index:final_index]
|
||||
inputstr = inputstr[final_index + 1:]
|
||||
|
||||
return(match, inputstr)
|
||||
|
||||
def parse_acistr(self, acistr):
|
||||
"""Parses the acistr. If the string isn't recognized, a SyntaxError
|
||||
is raised."""
|
||||
self.orig_acistr = acistr
|
||||
|
||||
acistr = self._match('(targetattr=', acistr)
|
||||
(attrstr, acistr) = self._match_str(acistr)
|
||||
self.attrs = attrstr.split(' || ')
|
||||
|
||||
acistr = self._match(')(targetfilter=', acistr)
|
||||
(target_dn_str, acistr) = self._match_str(acistr)
|
||||
target_dn_str = self._match('(memberOf=', target_dn_str)
|
||||
if target_dn_str.endswith(')'):
|
||||
self.dest_group = target_dn_str[:-1]
|
||||
else:
|
||||
raise SyntaxError, "illegal dest_group at '%s'" % target_dn_str
|
||||
|
||||
acistr = self._match(')(version 3.0;acl ', acistr)
|
||||
(name_str, acistr) = self._match_str(acistr)
|
||||
self.name = name_str
|
||||
|
||||
acistr = self._match(';allow (write) groupdn=', acistr)
|
||||
(src_dn_str, acistr) = self._match_str(acistr)
|
||||
src_dn_str = self._match('ldap:///', src_dn_str)
|
||||
self.source_group = urllib.unquote(src_dn_str)
|
||||
|
||||
acistr = self._match(';)', acistr)
|
||||
if len(acistr) > 0:
|
||||
raise SyntaxError, "unexpected aci suffix at '%s'" % acistr
|
||||
|
||||
def extract_group_cns(aci_list, client):
|
||||
"""Extracts all the cn's from a list of aci's and returns them as a hash
|
||||
from group_dn to group_cn.
|
||||
|
||||
It first tries to cheat by looking at the first rdn for the
|
||||
group dn. If that's not cn for some reason, it looks up the group."""
|
||||
group_dn_to_cn = {}
|
||||
for aci in aci_list:
|
||||
for dn in (aci.source_group, aci.dest_group):
|
||||
if not group_dn_to_cn.has_key(dn):
|
||||
rdn_list = ldap.explode_dn(dn, 0)
|
||||
first_rdn = rdn_list[0]
|
||||
(type,value) = first_rdn.split('=')
|
||||
if type == "cn":
|
||||
group_dn_to_cn[dn] = value
|
||||
else:
|
||||
try:
|
||||
group = client.get_entry_by_dn(dn, ['cn'])
|
||||
group_dn_to_cn[dn] = group.getValue('cn')
|
||||
except ipaerror.IPAError, e:
|
||||
group_dn_to_cn[dn] = 'unknown'
|
||||
|
||||
return group_dn_to_cn
|
@ -1,24 +0,0 @@
|
||||
# Copyright (C) 2007 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation; version 2 only
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
|
||||
from ipa.entity import Entity
|
||||
|
||||
class Group(Entity):
|
||||
|
||||
def __init2__(self):
|
||||
pass
|
||||
|
@ -1,54 +0,0 @@
|
||||
# Authors: Rob Crittenden <rcritten@redhat.com>
|
||||
#
|
||||
# Copyright (C) 2007 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation; version 2 only
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
|
||||
import httplib
|
||||
import xmlrpclib
|
||||
import kerberos
|
||||
|
||||
class KerbTransport(xmlrpclib.SafeTransport):
|
||||
"""Handles Kerberos Negotiation authentication to an XML-RPC server."""
|
||||
|
||||
def get_host_info(self, host):
|
||||
|
||||
host, extra_headers, x509 = xmlrpclib.Transport.get_host_info(self, host)
|
||||
|
||||
# Set the remote host principal
|
||||
h = host
|
||||
hostinfo = h.split(':')
|
||||
service = "HTTP@" + hostinfo[0]
|
||||
|
||||
try:
|
||||
rc, vc = kerberos.authGSSClientInit(service,
|
||||
kerberos.GSS_C_DELEG_FLAG |
|
||||
kerberos.GSS_C_MUTUAL_FLAG |
|
||||
kerberos.GSS_C_SEQUENCE_FLAG)
|
||||
except kerberos.GSSError, e:
|
||||
raise kerberos.GSSError(e)
|
||||
|
||||
try:
|
||||
kerberos.authGSSClientStep(vc, "");
|
||||
except kerberos.GSSError, e:
|
||||
raise kerberos.GSSError(e)
|
||||
|
||||
extra_headers = [
|
||||
("Authorization", "negotiate %s" % kerberos.authGSSClientResponse(vc) )
|
||||
]
|
||||
|
||||
return host, extra_headers, x509
|
||||
|
@ -1,906 +0,0 @@
|
||||
# Authors: Rob Crittenden <rcritten@redhat.com>
|
||||
#
|
||||
# Copyright (C) 2007 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation; version 2 only
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
|
||||
import xmlrpclib
|
||||
import socket
|
||||
import config
|
||||
import errno
|
||||
from krbtransport import KerbTransport
|
||||
from kerberos import GSSError
|
||||
from ipa import ipaerror, ipautil
|
||||
from ipa import config
|
||||
|
||||
# Some errors to catch
|
||||
# http://cvs.fedora.redhat.com/viewcvs/ldapserver/ldap/servers/plugins/pam_passthru/README?root=dirsec&rev=1.6&view=auto
|
||||
|
||||
class RPCClient:
|
||||
|
||||
def __init__(self, verbose=False):
|
||||
self.server = None
|
||||
self.verbose = verbose
|
||||
config.init_config()
|
||||
|
||||
def server_url(self, server):
|
||||
"""Build the XML-RPC server URL from our configuration"""
|
||||
url = "https://" + server + "/ipa/xml"
|
||||
if self.verbose:
|
||||
print "Connecting to IPA server: %s" % url
|
||||
return url
|
||||
|
||||
def setup_server(self):
|
||||
"""Create our XML-RPC server connection using kerberos
|
||||
authentication"""
|
||||
if not self.server:
|
||||
serverlist = config.config.get_server()
|
||||
|
||||
# Try each server until we succeed or run out of servers to try
|
||||
# Guaranteed by ipa.config to have at least 1 in the list
|
||||
for s in serverlist:
|
||||
try:
|
||||
self.server = s
|
||||
remote = xmlrpclib.ServerProxy(self.server_url(s), KerbTransport())
|
||||
result = remote.ping()
|
||||
break
|
||||
except socket.error, e:
|
||||
if (e[0] == errno.ECONNREFUSED) or (e[0] == errno.ECONNREFUSED) or (e[0] == errno.EHOSTDOWN) or (e[0] == errno.EHOSTUNREACH):
|
||||
continue
|
||||
else:
|
||||
raise e
|
||||
except GSSError:
|
||||
continue
|
||||
|
||||
return xmlrpclib.ServerProxy(self.server_url(self.server), KerbTransport(), verbose=self.verbose)
|
||||
|
||||
# Higher-level API
|
||||
|
||||
def get_aci_entry(self, sattrs=None):
|
||||
"""Returns the entry containing access control ACIs."""
|
||||
server = self.setup_server()
|
||||
if sattrs is None:
|
||||
sattrs = "__NONE__"
|
||||
try:
|
||||
result = server.get_aci_entry(sattrs)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
|
||||
# General searches
|
||||
|
||||
def get_entry_by_dn(self,dn,sattrs=None):
|
||||
"""Get a specific entry. If sattrs is not None then only those
|
||||
attributes will be returned, otherwise all available
|
||||
attributes are returned. The result is a dict."""
|
||||
server = self.setup_server()
|
||||
if sattrs is None:
|
||||
sattrs = "__NONE__"
|
||||
try:
|
||||
result = server.get_entry_by_dn(dn, sattrs)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def get_entry_by_cn(self,cn,sattrs=None):
|
||||
"""Get a specific entry by cn. If sattrs is not None then only those
|
||||
attributes will be returned, otherwise all available
|
||||
attributes are returned. The result is a dict."""
|
||||
server = self.setup_server()
|
||||
if sattrs is None:
|
||||
sattrs = "__NONE__"
|
||||
try:
|
||||
result = server.get_entry_by_cn(cn, sattrs)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def update_entry(self,oldentry,newentry):
|
||||
"""Update an existing entry. oldentry and newentry are dicts of attributes"""
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.update_entry(ipautil.wrap_binary_data(oldentry),
|
||||
ipautil.wrap_binary_data(newentry))
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
|
||||
# User support
|
||||
|
||||
def get_user_by_uid(self,uid,sattrs=None):
|
||||
"""Get a specific user. If sattrs is not None then only those
|
||||
attributes will be returned, otherwise all available
|
||||
attributes are returned. The result is a dict."""
|
||||
server = self.setup_server()
|
||||
if sattrs is None:
|
||||
sattrs = "__NONE__"
|
||||
try:
|
||||
result = server.get_user_by_uid(uid, sattrs)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def get_user_by_principal(self,principal,sattrs=None):
|
||||
"""Get a specific user. If sattrs is not None then only those
|
||||
attributes will be returned, otherwise all available
|
||||
attributes are returned. The result is a dict."""
|
||||
server = self.setup_server()
|
||||
if sattrs is None:
|
||||
sattrs = "__NONE__"
|
||||
try:
|
||||
result = server.get_user_by_principal(principal, sattrs)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def get_user_by_email(self,email,sattrs=None):
|
||||
"""Get a specific user's entry. Return as a dict of values.
|
||||
Multi-valued fields are represented as lists. The result is a
|
||||
dict.
|
||||
"""
|
||||
server = self.setup_server()
|
||||
if sattrs is None:
|
||||
sattrs = "__NONE__"
|
||||
try:
|
||||
result = server.get_user_by_email(email, sattrs)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def get_users_by_manager(self,manager_dn,sattrs=None):
|
||||
"""Gets the users that report to a manager.
|
||||
If sattrs is not None then only those
|
||||
attributes will be returned, otherwise all available
|
||||
attributes are returned. The result is a list of dicts."""
|
||||
server = self.setup_server()
|
||||
if sattrs is None:
|
||||
sattrs = "__NONE__"
|
||||
try:
|
||||
result = server.get_users_by_manager(manager_dn, sattrs)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def add_user(self,user,user_container=None):
|
||||
"""Add a new user. Takes as input a dict where the key is the
|
||||
attribute name and the value is either a string or in the case
|
||||
of a multi-valued field a list of values"""
|
||||
server = self.setup_server()
|
||||
|
||||
if user_container is None:
|
||||
user_container = "__NONE__"
|
||||
|
||||
try:
|
||||
result = server.add_user(ipautil.wrap_binary_data(user),
|
||||
user_container)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def get_custom_fields(self):
|
||||
"""Get custom user fields."""
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.get_custom_fields()
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def set_custom_fields(self, schema):
|
||||
"""Set custom user fields."""
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.set_custom_fields(schema)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def get_all_users (self):
|
||||
"""Return a list containing a dict for each existing user."""
|
||||
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.get_all_users()
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def find_users (self, criteria, sattrs=None, sizelimit=-1, timelimit=-1):
|
||||
"""Return a list: counter followed by a dict for each user that
|
||||
matches the criteria. If the results are truncated, counter will
|
||||
be set to -1"""
|
||||
|
||||
server = self.setup_server()
|
||||
try:
|
||||
# None values are not allowed in XML-RPC
|
||||
if sattrs is None:
|
||||
sattrs = "__NONE__"
|
||||
result = server.find_users(criteria, sattrs, sizelimit, timelimit)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def update_user(self,olduser,newuser):
|
||||
"""Update an existing user. olduser and newuser are dicts of attributes"""
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.update_user(ipautil.wrap_binary_data(olduser),
|
||||
ipautil.wrap_binary_data(newuser))
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def delete_user(self,uid):
|
||||
"""Delete a user. uid is the uid of the user to delete."""
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.delete_user(uid)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return result
|
||||
|
||||
def modifyPassword(self,principal,oldpass,newpass):
|
||||
"""Modify a user's password"""
|
||||
server = self.setup_server()
|
||||
|
||||
if oldpass is None:
|
||||
oldpass = "__NONE__"
|
||||
|
||||
try:
|
||||
result = server.modifyPassword(principal,oldpass,newpass)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return result
|
||||
|
||||
def mark_user_active(self,uid):
|
||||
"""Mark a user as active"""
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.mark_user_active(uid)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def mark_user_inactive(self,uid):
|
||||
"""Mark a user as inactive"""
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.mark_user_inactive(uid)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
|
||||
# Group support
|
||||
|
||||
def get_groups_by_member(self,member_dn,sattrs=None):
|
||||
"""Gets the groups that member_dn belongs to.
|
||||
If sattrs is not None then only those
|
||||
attributes will be returned, otherwise all available
|
||||
attributes are returned. The result is a list of dicts."""
|
||||
server = self.setup_server()
|
||||
if sattrs is None:
|
||||
sattrs = "__NONE__"
|
||||
try:
|
||||
result = server.get_groups_by_member(member_dn, sattrs)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def add_group(self,group,group_container=None):
|
||||
"""Add a new group. Takes as input a dict where the key is the
|
||||
attribute name and the value is either a string or in the case
|
||||
of a multi-valued field a list of values"""
|
||||
server = self.setup_server()
|
||||
|
||||
if group_container is None:
|
||||
group_container = "__NONE__"
|
||||
|
||||
try:
|
||||
result = server.add_group(ipautil.wrap_binary_data(group),
|
||||
group_container)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def find_groups (self, criteria, sattrs=None, sizelimit=-1, timelimit=-1):
|
||||
"""Return a list containing a Group object for each group that matches
|
||||
the criteria."""
|
||||
|
||||
server = self.setup_server()
|
||||
try:
|
||||
# None values are not allowed in XML-RPC
|
||||
if sattrs is None:
|
||||
sattrs = "__NONE__"
|
||||
result = server.find_groups(criteria, sattrs, sizelimit, timelimit)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def add_member_to_group(self, member_dn, group_dn):
|
||||
"""Add a new member to an existing group.
|
||||
"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.add_member_to_group(member_dn, group_dn)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def add_members_to_group(self, member_dns, group_dn):
|
||||
"""Add several members to an existing group.
|
||||
member_dns is a list of the dns to add
|
||||
|
||||
Returns a list of the dns that were not added.
|
||||
"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.add_members_to_group(member_dns, group_dn)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def remove_member_from_group(self, member_dn, group_dn):
|
||||
"""Remove a member from an existing group.
|
||||
"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.remove_member_from_group(member_dn, group_dn)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def remove_members_from_group(self, member_dns, group_dn):
|
||||
"""Remove several members from an existing group.
|
||||
|
||||
Returns a list of the dns that were not removed.
|
||||
"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.remove_members_from_group(member_dns, group_dn)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def add_user_to_group(self, user_uid, group_dn):
|
||||
"""Add a user to an existing group.
|
||||
"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.add_user_to_group(user_uid, group_dn)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def add_users_to_group(self, user_uids, group_dn):
|
||||
"""Add several users to an existing group.
|
||||
user_uids is a list of the uids of the users to add
|
||||
|
||||
Returns a list of the user uids that were not added.
|
||||
"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.add_users_to_group(user_uids, group_dn)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def remove_user_from_group(self, user_uid, group_dn):
|
||||
"""Remove a user from an existing group.
|
||||
"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.remove_user_from_group(user_uid, group_dn)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def remove_users_from_group(self, user_uids, group_dn):
|
||||
"""Remove several users from an existing group.
|
||||
user_uids is a list of the uids of the users to remove
|
||||
|
||||
Returns a list of the user uids that were not removed.
|
||||
"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.remove_users_from_group(user_uids, group_dn)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def add_groups_to_user(self, group_dns, user_dn):
|
||||
"""Given a list of group dn's add them to the user.
|
||||
|
||||
Returns a list of the group dns that were not added.
|
||||
"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.add_groups_to_user(group_dns, user_dn)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def remove_groups_from_user(self, group_dns, user_dn):
|
||||
"""Given a list of group dn's remove them from the user.
|
||||
|
||||
Returns a list of the group dns that were not removed.
|
||||
"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.remove_groups_from_user(group_dns, user_dn)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def update_group(self,oldgroup,newgroup):
|
||||
"""Update an existing group. oldgroup and newgroup are dicts of attributes"""
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.update_group(ipautil.wrap_binary_data(oldgroup),
|
||||
ipautil.wrap_binary_data(newgroup))
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def delete_group(self,group_dn):
|
||||
"""Delete a group. group_dn is the dn of the group to be deleted."""
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.delete_group(group_dn)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def add_group_to_group(self, group_cn, tgroup_cn):
|
||||
"""Add a group to an existing group.
|
||||
group_cn is a cn of the group to add
|
||||
tgroup_cn is the cn of the group to be added to
|
||||
"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.add_group_to_group(group_cn, tgroup_cn)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def attrs_to_labels(self,attrs):
|
||||
"""Convert a list of LDAP attributes into a more readable form."""
|
||||
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.attrs_to_labels(attrs)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def get_all_attrs(self):
|
||||
"""We have a list of hardcoded attributes -> readable labels. Return
|
||||
that complete list if someone wants it.
|
||||
"""
|
||||
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.get_all_attrs()
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def group_members(self, groupdn, attr_list=None, memberstype=0):
|
||||
"""Do a memberOf search of groupdn and return the attributes in
|
||||
attr_list (an empty list returns everything)."""
|
||||
|
||||
if attr_list is None:
|
||||
attr_list = "__NONE__"
|
||||
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.group_members(groupdn, attr_list, memberstype)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def mark_group_active(self,cn):
|
||||
"""Mark a group as active"""
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.mark_group_active(cn)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def mark_group_inactive(self,cn):
|
||||
"""Mark a group as inactive"""
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.mark_group_inactive(cn)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
# Configuration support
|
||||
|
||||
def get_ipa_config(self):
|
||||
"""Get the IPA configuration"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.get_ipa_config()
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def update_ipa_config(self, oldconfig, newconfig):
|
||||
"""Update the IPA configuration"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.update_ipa_config(ipautil.wrap_binary_data(oldconfig), ipautil.wrap_binary_data(newconfig))
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def get_password_policy(self):
|
||||
"""Get the IPA password policy"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.get_password_policy()
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def update_password_policy(self, oldpolicy, newpolicy):
|
||||
"""Update the IPA password policy"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.update_password_policy(ipautil.wrap_binary_data(oldpolicy), ipautil.wrap_binary_data(newpolicy))
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def add_service_principal(self, princ_name, force):
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.add_service_principal(princ_name, force)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def delete_service_principal(self, principal_dn):
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.delete_service_principal(principal_dn)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def find_service_principal (self, criteria, sattrs=None, sizelimit=-1, timelimit=-1):
|
||||
"""Return a list: counter followed by a Entity object for each host that
|
||||
matches the criteria. If the results are truncated, counter will
|
||||
be set to -1"""
|
||||
|
||||
server = self.setup_server()
|
||||
try:
|
||||
# None values are not allowed in XML-RPC
|
||||
if sattrs is None:
|
||||
sattrs = "__NONE__"
|
||||
result = server.find_service_principal(criteria, sattrs, sizelimit, timelimit)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def get_keytab(self, princ_name):
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.get_keytab(princ_name)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
# radius support
|
||||
|
||||
def get_radius_client_by_ip_addr(self, ip_addr, container, sattrs=None):
|
||||
server = self.setup_server()
|
||||
if container is None: container = "__NONE__"
|
||||
if sattrs is None: sattrs = "__NONE__"
|
||||
try:
|
||||
result = server.get_radius_client_by_ip_addr(ip_addr, container, sattrs)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def add_radius_client(self, client, container=None):
|
||||
server = self.setup_server()
|
||||
|
||||
if container is None: container = "__NONE__"
|
||||
|
||||
try:
|
||||
result = server.add_radius_client(ipautil.wrap_binary_data(client), container)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def update_radius_client(self, oldclient, newclient):
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.update_radius_client(ipautil.wrap_binary_data(oldclient),
|
||||
ipautil.wrap_binary_data(newclient))
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
|
||||
def delete_radius_client(self, ip_addr, container=None):
|
||||
server = self.setup_server()
|
||||
if container is None: container = "__NONE__"
|
||||
|
||||
try:
|
||||
result = server.delete_radius_client(ip_addr, container)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def find_radius_clients(self, criteria, container=None, sattrs=None, sizelimit=-1, timelimit=-1):
|
||||
server = self.setup_server()
|
||||
if container is None: container = "__NONE__"
|
||||
try:
|
||||
# None values are not allowed in XML-RPC
|
||||
if sattrs is None:
|
||||
sattrs = "__NONE__"
|
||||
result = server.find_radius_clients(criteria, container, sattrs, sizelimit, timelimit)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def get_radius_profile_by_uid(self, ip_addr, user_profile, sattrs=None):
|
||||
server = self.setup_server()
|
||||
if user_profile is None: user_profile = "__NONE__"
|
||||
if sattrs is None: sattrs = "__NONE__"
|
||||
try:
|
||||
result = server.get_radius_profile_by_uid(ip_addr, user_profile, sattrs)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def add_radius_profile(self, profile, user_profile=None):
|
||||
server = self.setup_server()
|
||||
|
||||
if user_profile is None: user_profile = "__NONE__"
|
||||
|
||||
try:
|
||||
result = server.add_radius_profile(ipautil.wrap_binary_data(profile), user_profile)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def update_radius_profile(self, oldprofile, newprofile):
|
||||
server = self.setup_server()
|
||||
|
||||
try:
|
||||
result = server.update_radius_profile(ipautil.wrap_binary_data(oldprofile),
|
||||
ipautil.wrap_binary_data(newprofile))
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
|
||||
def delete_radius_profile(self, ip_addr, user_profile=None):
|
||||
server = self.setup_server()
|
||||
if user_profile is None: user_profile = "__NONE__"
|
||||
|
||||
try:
|
||||
result = server.delete_radius_profile(ip_addr, user_profile)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
||||
def find_radius_profiles(self, criteria, user_profile=None, sattrs=None, sizelimit=-1, timelimit=-1):
|
||||
server = self.setup_server()
|
||||
if user_profile is None: user_profile = "__NONE__"
|
||||
try:
|
||||
# None values are not allowed in XML-RPC
|
||||
if sattrs is None:
|
||||
sattrs = "__NONE__"
|
||||
result = server.find_radius_profiles(criteria, user_profile, sattrs, sizelimit, timelimit)
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
raise xmlrpclib.Fault(value, msg)
|
||||
|
||||
return ipautil.unwrap_binary_data(result)
|
||||
|
@ -1,24 +0,0 @@
|
||||
# Copyright (C) 2007 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation; version 2 only
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
|
||||
from ipa.entity import Entity
|
||||
|
||||
class User(Entity):
|
||||
|
||||
def __init2__(self):
|
||||
pass
|
||||
|
@ -150,3 +150,8 @@ def make_repr(name, *args, **kw):
|
||||
args = [repr(a) for a in args]
|
||||
kw = ['%s=%r' % (k, kw[k]) for k in sorted(kw)]
|
||||
return '%s(%s)' % (name, ', '.join(args + kw))
|
||||
|
||||
def realm_to_suffix(realm_name):
|
||||
s = realm_name.split(".")
|
||||
terms = ["dc=" + x.lower() for x in s]
|
||||
return ",".join(terms)
|
||||
|
@ -34,17 +34,14 @@ from ipa import ipautil
|
||||
import service
|
||||
import installutils
|
||||
import certs
|
||||
import ipaldap, ldap
|
||||
import ldap
|
||||
from ipaserver import ipaldap
|
||||
from ipaserver.install import ldapupdate
|
||||
from ipalib import util
|
||||
|
||||
SERVER_ROOT_64 = "/usr/lib64/dirsrv"
|
||||
SERVER_ROOT_32 = "/usr/lib/dirsrv"
|
||||
|
||||
def realm_to_suffix(realm_name):
|
||||
s = realm_name.split(".")
|
||||
terms = ["dc=" + x.lower() for x in s]
|
||||
return ",".join(terms)
|
||||
|
||||
def find_server_root():
|
||||
if ipautil.dir_exists(SERVER_ROOT_64):
|
||||
return SERVER_ROOT_64
|
||||
@ -152,7 +149,7 @@ class DsInstance(service.Service):
|
||||
self.pkcs12_info = None
|
||||
self.ds_user = None
|
||||
if realm_name:
|
||||
self.suffix = realm_to_suffix(self.realm_name)
|
||||
self.suffix = util.realm_to_suffix(self.realm_name)
|
||||
self.__setup_sub_dict()
|
||||
else:
|
||||
self.suffix = None
|
||||
@ -161,7 +158,7 @@ class DsInstance(service.Service):
|
||||
self.ds_user = ds_user
|
||||
self.realm_name = realm_name.upper()
|
||||
self.serverid = realm_to_serverid(self.realm_name)
|
||||
self.suffix = realm_to_suffix(self.realm_name)
|
||||
self.suffix = util.realm_to_suffix(self.realm_name)
|
||||
self.host_name = host_name
|
||||
self.dm_password = dm_password
|
||||
self.domain = domain_name
|
||||
|
@ -1,701 +0,0 @@
|
||||
# Authors: Rich Megginson <richm@redhat.com>
|
||||
# Rob Crittenden <rcritten@redhat.com
|
||||
#
|
||||
# Copyright (C) 2007 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation; version 2 only
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
|
||||
import sys
|
||||
import os
|
||||
import os.path
|
||||
import popen2
|
||||
import base64
|
||||
import urllib
|
||||
import urllib2
|
||||
import socket
|
||||
import ldif
|
||||
import re
|
||||
import string
|
||||
import ldap
|
||||
import cStringIO
|
||||
import time
|
||||
import operator
|
||||
import struct
|
||||
import ldap.sasl
|
||||
from ldap.controls import LDAPControl,DecodeControlTuples,EncodeControlTuples
|
||||
from ldap.ldapobject import SimpleLDAPObject
|
||||
from ipa import ipaerror, ipautil
|
||||
|
||||
# Global variable to define SASL auth
|
||||
sasl_auth = ldap.sasl.sasl({},'GSSAPI')
|
||||
|
||||
class Entry:
|
||||
"""This class represents an LDAP Entry object. An LDAP entry consists of a DN
|
||||
and a list of attributes. Each attribute consists of a name and a list of
|
||||
values. In python-ldap, entries are returned as a list of 2-tuples.
|
||||
Instance variables:
|
||||
dn - string - the string DN of the entry
|
||||
data - CIDict - case insensitive dict of the attributes and values"""
|
||||
|
||||
def __init__(self,entrydata):
|
||||
"""data is the raw data returned from the python-ldap result method, which is
|
||||
a search result entry or a reference or None.
|
||||
If creating a new empty entry, data is the string DN."""
|
||||
if entrydata:
|
||||
if isinstance(entrydata,tuple):
|
||||
self.dn = entrydata[0]
|
||||
self.data = ipautil.CIDict(entrydata[1])
|
||||
elif isinstance(entrydata,str) or isinstance(entrydata,unicode):
|
||||
self.dn = entrydata
|
||||
self.data = ipautil.CIDict()
|
||||
else:
|
||||
self.dn = ''
|
||||
self.data = ipautil.CIDict()
|
||||
|
||||
def __nonzero__(self):
|
||||
"""This allows us to do tests like if entry: returns false if there is no data,
|
||||
true otherwise"""
|
||||
return self.data != None and len(self.data) > 0
|
||||
|
||||
def hasAttr(self,name):
|
||||
"""Return True if this entry has an attribute named name, False otherwise"""
|
||||
return self.data and self.data.has_key(name)
|
||||
|
||||
def __getattr__(self,name):
|
||||
"""If name is the name of an LDAP attribute, return the first value for that
|
||||
attribute - equivalent to getValue - this allows the use of
|
||||
entry.cn
|
||||
instead of
|
||||
entry.getValue('cn')
|
||||
This also allows us to return None if an attribute is not found rather than
|
||||
throwing an exception"""
|
||||
return self.getValue(name)
|
||||
|
||||
def getValues(self,name):
|
||||
"""Get the list (array) of values for the attribute named name"""
|
||||
return self.data.get(name)
|
||||
|
||||
def getValue(self,name):
|
||||
"""Get the first value for the attribute named name"""
|
||||
return self.data.get(name,[None])[0]
|
||||
|
||||
def setValue(self,name,*value):
|
||||
"""Value passed in may be a single value, several values, or a single sequence.
|
||||
For example:
|
||||
ent.setValue('name', 'value')
|
||||
ent.setValue('name', 'value1', 'value2', ..., 'valueN')
|
||||
ent.setValue('name', ['value1', 'value2', ..., 'valueN'])
|
||||
ent.setValue('name', ('value1', 'value2', ..., 'valueN'))
|
||||
Since *value is a tuple, we may have to extract a list or tuple from that
|
||||
tuple as in the last two examples above"""
|
||||
if isinstance(value[0],list) or isinstance(value[0],tuple):
|
||||
self.data[name] = value[0]
|
||||
else:
|
||||
self.data[name] = value
|
||||
|
||||
setValues = setValue
|
||||
|
||||
def toTupleList(self):
|
||||
"""Convert the attrs and values to a list of 2-tuples. The first element
|
||||
of the tuple is the attribute name. The second element is either a
|
||||
single value or a list of values."""
|
||||
return self.data.items()
|
||||
|
||||
def __str__(self):
|
||||
"""Convert the Entry to its LDIF representation"""
|
||||
return self.__repr__()
|
||||
|
||||
# the ldif class base64 encodes some attrs which I would rather see in raw form - to
|
||||
# encode specific attrs as base64, add them to the list below
|
||||
ldif.safe_string_re = re.compile('^$')
|
||||
base64_attrs = ['nsstate', 'krbprincipalkey', 'krbExtraData']
|
||||
|
||||
def __repr__(self):
|
||||
"""Convert the Entry to its LDIF representation"""
|
||||
sio = cStringIO.StringIO()
|
||||
# what's all this then? the unparse method will currently only accept
|
||||
# a list or a dict, not a class derived from them. self.data is a
|
||||
# cidict, so unparse barfs on it. I've filed a bug against python-ldap,
|
||||
# but in the meantime, we have to convert to a plain old dict for printing
|
||||
# I also don't want to see wrapping, so set the line width really high (1000)
|
||||
newdata = {}
|
||||
newdata.update(self.data)
|
||||
ldif.LDIFWriter(sio,Entry.base64_attrs,1000).unparse(self.dn,newdata)
|
||||
return sio.getvalue()
|
||||
|
||||
def wrapper(f,name):
|
||||
"""This is the method that wraps all of the methods of the superclass. This seems
|
||||
to need to be an unbound method, that's why it's outside of IPAdmin. Perhaps there
|
||||
is some way to do this with the new classmethod or staticmethod of 2.4.
|
||||
Basically, we replace every call to a method in SimpleLDAPObject (the superclass
|
||||
of IPAdmin) with a call to inner. The f argument to wrapper is the bound method
|
||||
of IPAdmin (which is inherited from the superclass). Bound means that it will implicitly
|
||||
be called with the self argument, it is not in the args list. name is the name of
|
||||
the method to call. If name is a method that returns entry objects (e.g. result),
|
||||
we wrap the data returned by an Entry class. If name is a method that takes an entry
|
||||
argument, we extract the raw data from the entry object to pass in."""
|
||||
def inner(*args, **kargs):
|
||||
if name == 'result':
|
||||
type, data = f(*args, **kargs)
|
||||
# data is either a 2-tuple or a list of 2-tuples
|
||||
# print data
|
||||
if data:
|
||||
if isinstance(data,tuple):
|
||||
return type, Entry(data)
|
||||
elif isinstance(data,list):
|
||||
return type, [Entry(x) for x in data]
|
||||
else:
|
||||
raise TypeError, "unknown data type %s returned by result" % type(data)
|
||||
else:
|
||||
return type, data
|
||||
elif name.startswith('add'):
|
||||
# the first arg is self
|
||||
# the second and third arg are the dn and the data to send
|
||||
# We need to convert the Entry into the format used by
|
||||
# python-ldap
|
||||
ent = args[0]
|
||||
if isinstance(ent,Entry):
|
||||
return f(ent.dn, ent.toTupleList(), *args[2:])
|
||||
else:
|
||||
return f(*args, **kargs)
|
||||
else:
|
||||
return f(*args, **kargs)
|
||||
return inner
|
||||
|
||||
class LDIFConn(ldif.LDIFParser):
|
||||
def __init__(
|
||||
self,
|
||||
input_file,
|
||||
ignored_attr_types=None,max_entries=0,process_url_schemes=None
|
||||
):
|
||||
"""
|
||||
See LDIFParser.__init__()
|
||||
|
||||
Additional Parameters:
|
||||
all_records
|
||||
List instance for storing parsed records
|
||||
"""
|
||||
self.dndict = {} # maps dn to Entry
|
||||
self.dnlist = [] # contains entries in order read
|
||||
myfile = input_file
|
||||
if isinstance(input_file,str) or isinstance(input_file,unicode):
|
||||
myfile = open(input_file, "r")
|
||||
ldif.LDIFParser.__init__(self,myfile,ignored_attr_types,max_entries,process_url_schemes)
|
||||
self.parse()
|
||||
if isinstance(input_file,str) or isinstance(input_file,unicode):
|
||||
myfile.close()
|
||||
|
||||
def handle(self,dn,entry):
|
||||
"""
|
||||
Append single record to dictionary of all records.
|
||||
"""
|
||||
if not dn:
|
||||
dn = ''
|
||||
newentry = Entry((dn, entry))
|
||||
self.dndict[IPAdmin.normalizeDN(dn)] = newentry
|
||||
self.dnlist.append(newentry)
|
||||
|
||||
def get(self,dn):
|
||||
ndn = IPAdmin.normalizeDN(dn)
|
||||
return self.dndict.get(ndn, Entry(None))
|
||||
|
||||
class IPAdmin(SimpleLDAPObject):
|
||||
CFGSUFFIX = "o=NetscapeRoot"
|
||||
DEFAULT_USER_ID = "nobody"
|
||||
|
||||
def getDseAttr(self,attrname):
|
||||
conffile = self.confdir + '/dse.ldif'
|
||||
dseldif = LDIFConn(conffile)
|
||||
cnconfig = dseldif.get("cn=config")
|
||||
if cnconfig:
|
||||
return cnconfig.getValue(attrname)
|
||||
return None
|
||||
|
||||
def __initPart2(self):
|
||||
if self.binddn and len(self.binddn) and not hasattr(self,'sroot'):
|
||||
try:
|
||||
ent = self.getEntry('cn=config', ldap.SCOPE_BASE, '(objectclass=*)',
|
||||
[ 'nsslapd-instancedir', 'nsslapd-errorlog',
|
||||
'nsslapd-certdir', 'nsslapd-schemadir' ])
|
||||
self.errlog = ent.getValue('nsslapd-errorlog')
|
||||
self.confdir = ent.getValue('nsslapd-certdir')
|
||||
if not self.confdir:
|
||||
self.confdir = ent.getValue('nsslapd-schemadir')
|
||||
if self.confdir:
|
||||
self.confdir = os.path.dirname(self.confdir)
|
||||
instdir = ent.getValue('nsslapd-instancedir')
|
||||
ent = self.getEntry('cn=config,cn=ldbm database,cn=plugins,cn=config',
|
||||
ldap.SCOPE_BASE, '(objectclass=*)',
|
||||
[ 'nsslapd-directory' ])
|
||||
self.dbdir = os.path.dirname(ent.getValue('nsslapd-directory'))
|
||||
except (ldap.INSUFFICIENT_ACCESS, ldap.CONNECT_ERROR):
|
||||
pass # usually means
|
||||
except ldap.OPERATIONS_ERROR, e:
|
||||
pass # usually means this is Active Directory
|
||||
except ldap.LDAPError, e:
|
||||
print "caught exception ", e
|
||||
raise
|
||||
|
||||
def __localinit__(self):
|
||||
"""If a CA certificate is provided then it is assumed that we are
|
||||
doing SSL client authentication with proxy auth.
|
||||
|
||||
If a CA certificate is not present then it is assumed that we are
|
||||
using a forwarded kerberos ticket for SASL auth. SASL provides
|
||||
its own encryption.
|
||||
"""
|
||||
if self.cacert is not None:
|
||||
SimpleLDAPObject.__init__(self,'ldaps://%s:%d' % (self.host,self.port))
|
||||
else:
|
||||
SimpleLDAPObject.__init__(self,'ldap://%s:%d' % (self.host,self.port))
|
||||
|
||||
def __init__(self,host,port=389,cacert=None,bindcert=None,bindkey=None,proxydn=None,debug=None):
|
||||
"""We just set our instance variables and wrap the methods - the real
|
||||
work is done in __localinit__ and __initPart2 - these are separated
|
||||
out this way so that we can call them from places other than
|
||||
instance creation e.g. when we just need to reconnect, not create a
|
||||
new instance"""
|
||||
if debug and debug.lower() == "on":
|
||||
ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
|
||||
if cacert is not None:
|
||||
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,cacert)
|
||||
if bindcert is not None:
|
||||
ldap.set_option(ldap.OPT_X_TLS_CERTFILE,bindcert)
|
||||
if bindkey is not None:
|
||||
ldap.set_option(ldap.OPT_X_TLS_KEYFILE,bindkey)
|
||||
|
||||
self.__wrapmethods()
|
||||
self.port = port
|
||||
self.host = host
|
||||
self.cacert = cacert
|
||||
self.bindcert = bindcert
|
||||
self.bindkey = bindkey
|
||||
self.proxydn = proxydn
|
||||
self.suffixes = {}
|
||||
self.__localinit__()
|
||||
|
||||
def __str__(self):
|
||||
return self.host + ":" + str(self.port)
|
||||
|
||||
def __get_server_controls__(self):
|
||||
"""Create the proxy user server control. The control has the form
|
||||
0x04 = Octet String
|
||||
4|0x80 sets the length of the string length field at 4 bytes
|
||||
the struct() gets us the length in bytes of string self.proxydn
|
||||
self.proxydn is the proxy dn to send"""
|
||||
|
||||
import sys
|
||||
|
||||
if self.proxydn is not None:
|
||||
proxydn = chr(0x04) + chr(4|0x80) + struct.pack('l', socket.htonl(len(self.proxydn))) + self.proxydn;
|
||||
|
||||
# Create the proxy control
|
||||
sctrl=[]
|
||||
sctrl.append(LDAPControl('2.16.840.1.113730.3.4.18',True,proxydn))
|
||||
else:
|
||||
sctrl=None
|
||||
|
||||
return sctrl
|
||||
|
||||
def toLDAPURL(self):
|
||||
return "ldap://%s:%d/" % (self.host,self.port)
|
||||
|
||||
def set_proxydn(self, proxydn):
|
||||
self.proxydn = proxydn
|
||||
|
||||
def set_krbccache(self, krbccache, principal):
|
||||
if krbccache is not None:
|
||||
os.environ["KRB5CCNAME"] = krbccache
|
||||
self.sasl_interactive_bind_s("", sasl_auth)
|
||||
self.principal = principal
|
||||
self.proxydn = None
|
||||
|
||||
def do_simple_bind(self, binddn="cn=directory manager", bindpw=""):
|
||||
self.binddn = binddn
|
||||
self.bindpwd = bindpw
|
||||
self.simple_bind_s(binddn, bindpw)
|
||||
self.__initPart2()
|
||||
|
||||
def getEntry(self,*args):
|
||||
"""This wraps the search function. It is common to just get one entry"""
|
||||
|
||||
sctrl = self.__get_server_controls__()
|
||||
|
||||
if sctrl is not None:
|
||||
self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
|
||||
|
||||
try:
|
||||
res = self.search(*args)
|
||||
type, obj = self.result(res)
|
||||
except ldap.NO_SUCH_OBJECT:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND,
|
||||
notfound(args))
|
||||
except ldap.LDAPError, e:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
|
||||
|
||||
if not obj:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND,
|
||||
notfound(args))
|
||||
elif isinstance(obj,Entry):
|
||||
return obj
|
||||
else: # assume list/tuple
|
||||
return obj[0]
|
||||
|
||||
def getList(self,*args):
|
||||
"""This wraps the search function to find all users."""
|
||||
|
||||
sctrl = self.__get_server_controls__()
|
||||
if sctrl is not None:
|
||||
self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
|
||||
|
||||
try:
|
||||
res = self.search(*args)
|
||||
type, obj = self.result(res)
|
||||
except (ldap.ADMINLIMIT_EXCEEDED, ldap.SIZELIMIT_EXCEEDED), e:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR,
|
||||
"Too many results returned by search", e)
|
||||
except ldap.LDAPError, e:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
|
||||
|
||||
if not obj:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND,
|
||||
notfound(args))
|
||||
|
||||
all_users = []
|
||||
for s in obj:
|
||||
all_users.append(s)
|
||||
|
||||
return all_users
|
||||
|
||||
def getListAsync(self,*args):
|
||||
"""This version performs an asynchronous search, to allow
|
||||
results even if we hit a limit.
|
||||
|
||||
It returns a list: counter followed by the results.
|
||||
If the results are truncated, counter will be set to -1.
|
||||
"""
|
||||
|
||||
sctrl = self.__get_server_controls__()
|
||||
if sctrl is not None:
|
||||
self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
|
||||
|
||||
entries = []
|
||||
partial = 0
|
||||
|
||||
try:
|
||||
msgid = self.search_ext(*args)
|
||||
type, result_list = self.result(msgid, 0)
|
||||
while result_list:
|
||||
for result in result_list:
|
||||
entries.append(result)
|
||||
type, result_list = self.result(msgid, 0)
|
||||
except (ldap.ADMINLIMIT_EXCEEDED, ldap.SIZELIMIT_EXCEEDED,
|
||||
ldap.TIMELIMIT_EXCEEDED), e:
|
||||
partial = 1
|
||||
except ldap.LDAPError, e:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
|
||||
|
||||
if not entries:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND,
|
||||
notfound(args))
|
||||
|
||||
if partial == 1:
|
||||
counter = -1
|
||||
else:
|
||||
counter = len(entries)
|
||||
|
||||
return [counter] + entries
|
||||
|
||||
def addEntry(self,*args):
|
||||
"""This wraps the add function. It assumes that the entry is already
|
||||
populated with all of the desired objectclasses and attributes"""
|
||||
|
||||
sctrl = self.__get_server_controls__()
|
||||
|
||||
try:
|
||||
if sctrl is not None:
|
||||
self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
|
||||
self.add_s(*args)
|
||||
except ldap.ALREADY_EXISTS:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
|
||||
except ldap.LDAPError, e:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
|
||||
return "Success"
|
||||
|
||||
def updateRDN(self, dn, newrdn):
|
||||
"""Wrap the modrdn function."""
|
||||
|
||||
sctrl = self.__get_server_controls__()
|
||||
|
||||
if dn == newrdn:
|
||||
# no need to report an error
|
||||
return "Success"
|
||||
|
||||
try:
|
||||
if sctrl is not None:
|
||||
self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
|
||||
self.modrdn_s(dn, newrdn, delold=1)
|
||||
except ldap.LDAPError, e:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
|
||||
return "Success"
|
||||
|
||||
def updateEntry(self,dn,olduser,newuser):
|
||||
"""This wraps the mod function. It assumes that the entry is already
|
||||
populated with all of the desired objectclasses and attributes"""
|
||||
|
||||
sctrl = self.__get_server_controls__()
|
||||
|
||||
modlist = self.generateModList(olduser, newuser)
|
||||
|
||||
if len(modlist) == 0:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_EMPTY_MODLIST)
|
||||
|
||||
try:
|
||||
if sctrl is not None:
|
||||
self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
|
||||
self.modify_s(dn, modlist)
|
||||
# this is raised when a 'delete' attribute isn't found.
|
||||
# it indicates the previous attribute was removed by another
|
||||
# update, making the olduser stale.
|
||||
except ldap.NO_SUCH_ATTRIBUTE:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_MIDAIR_COLLISION)
|
||||
except ldap.LDAPError, e:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
|
||||
return "Success"
|
||||
|
||||
def generateModList(self, old_entry, new_entry):
|
||||
"""A mod list generator that computes more precise modification lists
|
||||
than the python-ldap version. This version purposely generates no
|
||||
REPLACE operations, to deal with multi-user updates more properly."""
|
||||
modlist = []
|
||||
|
||||
old_entry = ipautil.CIDict(old_entry)
|
||||
new_entry = ipautil.CIDict(new_entry)
|
||||
|
||||
keys = set(map(string.lower, old_entry.keys()))
|
||||
keys.update(map(string.lower, new_entry.keys()))
|
||||
|
||||
for key in keys:
|
||||
new_values = new_entry.get(key, [])
|
||||
if not(isinstance(new_values,list) or isinstance(new_values,tuple)):
|
||||
new_values = [new_values]
|
||||
new_values = filter(lambda value:value!=None, new_values)
|
||||
new_values = set(new_values)
|
||||
|
||||
old_values = old_entry.get(key, [])
|
||||
if not(isinstance(old_values,list) or isinstance(old_values,tuple)):
|
||||
old_values = [old_values]
|
||||
old_values = filter(lambda value:value!=None, old_values)
|
||||
old_values = set(old_values)
|
||||
|
||||
adds = list(new_values.difference(old_values))
|
||||
removes = list(old_values.difference(new_values))
|
||||
|
||||
if len(removes) > 0:
|
||||
modlist.append((ldap.MOD_DELETE, key, removes))
|
||||
if len(adds) > 0:
|
||||
modlist.append((ldap.MOD_ADD, key, adds))
|
||||
|
||||
return modlist
|
||||
|
||||
def inactivateEntry(self,dn,has_key):
|
||||
"""Rather than deleting entries we mark them as inactive.
|
||||
has_key defines whether the entry already has nsAccountlock
|
||||
set so we can determine which type of mod operation to run."""
|
||||
|
||||
sctrl = self.__get_server_controls__()
|
||||
modlist=[]
|
||||
|
||||
if has_key == True:
|
||||
operation = ldap.MOD_REPLACE
|
||||
else:
|
||||
operation = ldap.MOD_ADD
|
||||
|
||||
modlist.append((operation, "nsAccountlock", "true"))
|
||||
|
||||
try:
|
||||
if sctrl is not None:
|
||||
self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
|
||||
self.modify_s(dn, modlist)
|
||||
except ldap.LDAPError, e:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
|
||||
return "Success"
|
||||
|
||||
def deleteEntry(self,*args):
|
||||
"""This wraps the delete function. Use with caution."""
|
||||
|
||||
sctrl = self.__get_server_controls__()
|
||||
|
||||
try:
|
||||
if sctrl is not None:
|
||||
self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
|
||||
self.delete_s(*args)
|
||||
except ldap.LDAPError, e:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
|
||||
return "Success"
|
||||
|
||||
def modifyPassword(self,dn,oldpass,newpass):
|
||||
"""Set the user password using RFC 3062, LDAP Password Modify Extended
|
||||
Operation. This ends up calling the IPA password slapi plugin
|
||||
handler so the Kerberos password gets set properly.
|
||||
|
||||
oldpass is not mandatory
|
||||
"""
|
||||
|
||||
sctrl = self.__get_server_controls__()
|
||||
|
||||
try:
|
||||
if sctrl is not None:
|
||||
self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
|
||||
self.passwd_s(dn, oldpass, newpass)
|
||||
except ldap.LDAPError, e:
|
||||
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
|
||||
return "Success"
|
||||
|
||||
def __wrapmethods(self):
|
||||
"""This wraps all methods of SimpleLDAPObject, so that we can intercept
|
||||
the methods that deal with entries. Instead of using a raw list of tuples
|
||||
of lists of hashes of arrays as the entry object, we want to wrap entries
|
||||
in an Entry class that provides some useful methods"""
|
||||
for name in dir(self.__class__.__bases__[0]):
|
||||
attr = getattr(self, name)
|
||||
if callable(attr):
|
||||
setattr(self, name, wrapper(attr, name))
|
||||
|
||||
def exportLDIF(self, file, suffix, forrepl=False, verbose=False):
|
||||
cn = "export" + str(int(time.time()))
|
||||
dn = "cn=%s, cn=export, cn=tasks, cn=config" % cn
|
||||
entry = Entry(dn)
|
||||
entry.setValues('objectclass', 'top', 'extensibleObject')
|
||||
entry.setValues('cn', cn)
|
||||
entry.setValues('nsFilename', file)
|
||||
entry.setValues('nsIncludeSuffix', suffix)
|
||||
if forrepl:
|
||||
entry.setValues('nsExportReplica', 'true')
|
||||
|
||||
rc = self.startTaskAndWait(entry, verbose)
|
||||
|
||||
if rc:
|
||||
if verbose:
|
||||
print "Error: export task %s for file %s exited with %d" % (cn,file,rc)
|
||||
else:
|
||||
if verbose:
|
||||
print "Export task %s for file %s completed successfully" % (cn,file)
|
||||
return rc
|
||||
|
||||
def waitForEntry(self, dn, timeout=7200, attr='', quiet=True):
|
||||
scope = ldap.SCOPE_BASE
|
||||
filter = "(objectclass=*)"
|
||||
attrlist = []
|
||||
if attr:
|
||||
filter = "(%s=*)" % attr
|
||||
attrlist.append(attr)
|
||||
timeout += int(time.time())
|
||||
|
||||
if isinstance(dn,Entry):
|
||||
dn = dn.dn
|
||||
|
||||
# wait for entry and/or attr to show up
|
||||
if not quiet:
|
||||
sys.stdout.write("Waiting for %s %s:%s " % (self,dn,attr))
|
||||
sys.stdout.flush()
|
||||
entry = None
|
||||
while not entry and int(time.time()) < timeout:
|
||||
try:
|
||||
entry = self.getEntry(dn, scope, filter, attrlist)
|
||||
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
|
||||
pass # found entry, but no attr
|
||||
except ldap.NO_SUCH_OBJECT:
|
||||
pass # no entry yet
|
||||
except ldap.LDAPError, e: # badness
|
||||
print "\nError reading entry", dn, e
|
||||
break
|
||||
if not entry:
|
||||
if not quiet:
|
||||
sys.stdout.write(".")
|
||||
sys.stdout.flush()
|
||||
time.sleep(1)
|
||||
|
||||
if not entry and int(time.time()) > timeout:
|
||||
print "\nwaitForEntry timeout for %s for %s" % (self,dn)
|
||||
elif entry and not quiet:
|
||||
print "\nThe waited for entry is:", entry
|
||||
elif not entry:
|
||||
print "\nError: could not read entry %s from %s" % (dn,self)
|
||||
|
||||
return entry
|
||||
|
||||
def addSchema(self, attr, val):
|
||||
dn = "cn=schema"
|
||||
self.modify_s(dn, [(ldap.MOD_ADD, attr, val)])
|
||||
|
||||
def addAttr(self, *args):
|
||||
return self.addSchema('attributeTypes', args)
|
||||
|
||||
def addObjClass(self, *args):
|
||||
return self.addSchema('objectClasses', args)
|
||||
|
||||
###########################
|
||||
# Static methods start here
|
||||
###########################
|
||||
def normalizeDN(dn):
|
||||
# not great, but will do until we use a newer version of python-ldap
|
||||
# that has DN utilities
|
||||
ary = ldap.explode_dn(dn.lower())
|
||||
return ",".join(ary)
|
||||
normalizeDN = staticmethod(normalizeDN)
|
||||
|
||||
def getfqdn(name=''):
|
||||
return socket.getfqdn(name)
|
||||
getfqdn = staticmethod(getfqdn)
|
||||
|
||||
def getdomainname(name=''):
|
||||
fqdn = IPAdmin.getfqdn(name)
|
||||
index = fqdn.find('.')
|
||||
if index >= 0:
|
||||
return fqdn[index+1:]
|
||||
else:
|
||||
return fqdn
|
||||
getdomainname = staticmethod(getdomainname)
|
||||
|
||||
def getdefaultsuffix(name=''):
|
||||
dm = IPAdmin.getdomainname(name)
|
||||
if dm:
|
||||
return "dc=" + dm.replace('.', ', dc=')
|
||||
else:
|
||||
return 'dc=localdomain'
|
||||
getdefaultsuffix = staticmethod(getdefaultsuffix)
|
||||
|
||||
def is_a_dn(dn):
|
||||
"""Returns True if the given string is a DN, False otherwise."""
|
||||
return (dn.find("=") > 0)
|
||||
is_a_dn = staticmethod(is_a_dn)
|
||||
|
||||
|
||||
def notfound(args):
|
||||
"""Return a string suitable for displaying as an error when a
|
||||
search returns no results.
|
||||
|
||||
This just returns whatever is after the equals sign"""
|
||||
if len(args) > 2:
|
||||
filter = args[2]
|
||||
try:
|
||||
target = re.match(r'\(.*=(.*)\)', filter).group(1)
|
||||
except:
|
||||
target = filter
|
||||
return "%s not found" % str(target)
|
||||
else:
|
||||
return args[0]
|
@ -35,8 +35,9 @@ import installutils
|
||||
from ipa import sysrestore
|
||||
from ipa import ipautil
|
||||
from ipa import ipaerror
|
||||
from ipalib import util
|
||||
|
||||
import ipaldap
|
||||
from ipaserver import ipaldap
|
||||
|
||||
import ldap
|
||||
from ldap import LDAPError
|
||||
@ -104,7 +105,7 @@ class KrbInstance(service.Service):
|
||||
self.host = host_name.split(".")[0]
|
||||
self.ip = socket.gethostbyname(host_name)
|
||||
self.domain = domain_name
|
||||
self.suffix = ipautil.realm_to_suffix(self.realm)
|
||||
self.suffix = util.realm_to_suffix(self.realm)
|
||||
self.kdc_password = ipautil.ipa_generate_password()
|
||||
self.admin_password = admin_password
|
||||
|
||||
|
@ -25,8 +25,10 @@
|
||||
UPDATES_DIR="/usr/share/ipa/updates/"
|
||||
|
||||
import sys
|
||||
from ipaserver.install import ipaldap, installutils
|
||||
from ipaserver.install import installutils
|
||||
from ipaserver import ipaldap
|
||||
from ipa import entity, ipaerror, ipautil
|
||||
from ipalib import util
|
||||
import ldap
|
||||
import logging
|
||||
import krbV
|
||||
@ -56,14 +58,14 @@ class LDAPUpdate:
|
||||
self.modified = False
|
||||
|
||||
krbctx = krbV.default_context()
|
||||
|
||||
|
||||
fqdn = installutils.get_fqdn()
|
||||
if fqdn is None:
|
||||
raise RuntimeError("Unable to determine hostname")
|
||||
|
||||
|
||||
domain = ipautil.get_domain_name()
|
||||
libarch = self.__identify_arch()
|
||||
suffix = ipautil.realm_to_suffix(krbctx.default_realm)
|
||||
suffix = util.realm_to_suffix(krbctx.default_realm)
|
||||
|
||||
if not self.sub_dict.get("REALM"):
|
||||
self.sub_dict["REALM"] = krbctx.default_realm
|
||||
@ -324,7 +326,7 @@ class LDAPUpdate:
|
||||
while True:
|
||||
try:
|
||||
entry = self.conn.getEntry(dn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist)
|
||||
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
|
||||
except ldap.NO_SUCH_OBJECT:
|
||||
logging.error("Task not found: %s", dn)
|
||||
return
|
||||
except ipaerror.exception_for(ipaerror.LDAP_DATABASE_ERROR), e:
|
||||
@ -434,11 +436,11 @@ class LDAPUpdate:
|
||||
only[k] = True
|
||||
entry.setValues(k, e)
|
||||
logging.debug('only: updated value %s', e)
|
||||
|
||||
|
||||
self.print_entity(entry)
|
||||
|
||||
|
||||
return entry
|
||||
|
||||
|
||||
def print_entity(self, e, message=None):
|
||||
"""The entity object currently lacks a str() method"""
|
||||
logging.debug("---------------------------------------------")
|
||||
@ -479,13 +481,13 @@ class LDAPUpdate:
|
||||
return False
|
||||
else:
|
||||
return True
|
||||
|
||||
|
||||
def __update_record(self, update):
|
||||
found = False
|
||||
|
||||
|
||||
new_entry = self.__create_default_entry(update.get('dn'),
|
||||
update.get('default'))
|
||||
|
||||
|
||||
try:
|
||||
e = self.__get_entry(new_entry.dn)
|
||||
if len(e) > 1:
|
||||
@ -494,7 +496,7 @@ class LDAPUpdate:
|
||||
entry = self.__entry_to_entity(e[0])
|
||||
found = True
|
||||
logging.info("Updating existing entry: %s", entry.dn)
|
||||
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
|
||||
except ldap.NO_SUCH_OBJECT:
|
||||
# Doesn't exist, start with the default entry
|
||||
entry = new_entry
|
||||
logging.info("New entry: %s", entry.dn)
|
||||
@ -502,14 +504,14 @@ class LDAPUpdate:
|
||||
# Doesn't exist, start with the default entry
|
||||
entry = new_entry
|
||||
logging.info("New entry, using default value: %s", entry.dn)
|
||||
|
||||
|
||||
self.print_entity(entry)
|
||||
|
||||
|
||||
# Bring this entry up to date
|
||||
entry = self.__apply_updates(update.get('updates'), entry)
|
||||
|
||||
|
||||
self.print_entity(entry, "Final value")
|
||||
|
||||
|
||||
if not found:
|
||||
# New entries get their orig_data set to the entry itself. We want to
|
||||
# empty that so that everything appears new when generating the
|
||||
@ -540,7 +542,7 @@ class LDAPUpdate:
|
||||
except ipaerror.exception_for(ipaerror.LDAP_DATABASE_ERROR), e:
|
||||
logging.error("Update failed: %s: %s", e, self.__detail_error(e.detail))
|
||||
updated = False
|
||||
|
||||
|
||||
if ("cn=index" in entry.dn and
|
||||
"cn=userRoot" in entry.dn):
|
||||
taskid = self.create_index_task(entry.cn)
|
||||
@ -566,7 +568,7 @@ class LDAPUpdate:
|
||||
|
||||
returns True if anything was changed, otherwise False
|
||||
"""
|
||||
|
||||
|
||||
try:
|
||||
self.conn = ipaldap.IPAdmin(self.sub_dict['FQDN'])
|
||||
self.conn.do_simple_bind(bindpw=self.dm_password)
|
||||
@ -579,9 +581,9 @@ class LDAPUpdate:
|
||||
except Exception, e:
|
||||
print e
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
(all_updates, dn_list) = self.parse_update_file(data, all_updates, dn_list)
|
||||
|
||||
|
||||
sortedkeys = dn_list.keys()
|
||||
sortedkeys.sort()
|
||||
for k in sortedkeys:
|
||||
@ -589,5 +591,5 @@ class LDAPUpdate:
|
||||
self.__update_record(all_updates[dn])
|
||||
finally:
|
||||
if self.conn: self.conn.unbind()
|
||||
|
||||
|
||||
return self.modified
|
||||
|
@ -19,9 +19,12 @@
|
||||
|
||||
import time, logging
|
||||
|
||||
import ipaldap, ldap, dsinstance
|
||||
import ldap
|
||||
from ipaserver.install import dsinstance
|
||||
from ipaserver import ipaldap
|
||||
from ldap import modlist
|
||||
from ipa import ipaerror
|
||||
from ipalib import util
|
||||
|
||||
DIRMAN_CN = "cn=directory manager"
|
||||
CACERT="/usr/share/ipa/html/ca.crt"
|
||||
@ -469,7 +472,7 @@ class ReplicationManager:
|
||||
else:
|
||||
raise e
|
||||
|
||||
self.suffix = ipaldap.IPAdmin.normalizeDN(dsinstance.realm_to_suffix(realm_name))
|
||||
self.suffix = ipaldap.IPAdmin.normalizeDN(util.realm_to_suffix(realm_name))
|
||||
|
||||
if not iswinsync:
|
||||
local_id = self._get_replica_id(self.conn, other_conn)
|
||||
|
Loading…
Reference in New Issue
Block a user