IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Rework config.py and change cli tools. Maintain order of IPA servers from command line, config and DNS. Parse options before detecting IPA configuration. Don't ignore rest of the options if one is missing in ipa.conf. Drop the --usage options, we will rely on --help. Fixes: 458869, 459070, 458980, 459234

Browse Source
This commit is contained in:
Martin Nagy
2008-08-15 18:08:01 +02:00
parent 57669ba432
commit 885103c321
32 changed files with 375 additions and 441 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
ipa-admintools/ipa-adddelegation
View File

@@ -43,13 +43,10 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-adddelegation [-l|--list]"
print "ipa-adddelegation [-a|--attributes attr1,attr2,..,attrn] [-s|--source STRING] [-t|--target STRING] [-v|--verbose] name"
sys.exit(1)
def parse_options():
parser = OptionParser()
usage = "%prog -l|--list\n"
usage += "%prog -a|--attributes attr1,attr2,..,attrn -s|--source STRING -t|--target STRING [-v|--verbose] name"
parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter())
parser.add_option("-a", "--attributes", dest="attributes",
help="The attributes the source group may change in the target group")
parser.add_option("-s", "--source", dest="source",
@@ -60,11 +57,18 @@ def parse_options():
help="List common attributes (this is not an exhaustive list)")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
parser.add_option("--usage", action="store_true",
help="Program usage")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if options.list:
ipa.config.verify_args(parser, args)
else:
ipa.config.verify_args(parser, args, "name")
if not options.attributes or not options.source or not options.target:
parser.error("need attributes and both source and target groups")
ipa.config.init_config(options)
return options, args
@@ -72,9 +76,6 @@ def main():
options, args = parse_options()
if options.usage:
usage()
if options.list:
client = ipaclient.IPAClient(verbose=options.verbose)
l = client.get_all_attrs()
@@ -83,13 +84,6 @@ def main():
print x
return 0
if len(args) != 2:
print "args is %s" % len(args)
usage()
if not options.attributes or not options.source or not options.target:
usage()
client = ipaclient.IPAClient(verbose=options.verbose)
source_grp = client.find_groups(options.source)
@@ -137,7 +131,7 @@ def main():
attr_list = options.attributes.split(',')
new_aci = ipa.aci.ACI()
new_aci.name = args[1]
new_aci.name = args[0]
new_aci.source_group = source_grp[0].dn
new_aci.dest_group = target_grp[0].dn
new_aci.attrs = attr_list
@@ -174,7 +168,7 @@ def main():
# This is ok, ignore it
pass
print "Delegation %s successfully added" % args[1]
print "Delegation %s successfully added" % args[0]
return 0
try:

27
ipa-admintools/ipa-addgroup
View File

@@ -43,15 +43,12 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-addgroup [-d|--description STRING] [-g|--gid GID] [--addattr attribute=value] [--setattr attribute=value] [-v|--verbose] group"
sys.exit(1)
def set_add_usage(which):
print "%s option usage: --%s NAME=VALUE" % (which, which)
def parse_options():
parser = OptionParser()
usage = "%prog [options] [group]"
parser = OptionParser(usage=usage)
parser.add_option("-d", "--description", dest="desc",
help="A description of this group")
parser.add_option("-g", "--gid", dest="gid",
@@ -64,11 +61,14 @@ def parse_options():
parser.add_option("--setattr", dest="setattr",
help="Set an attribute, dropping any existing values that may exist",
action="append")
parser.add_option("--usage", action="store_true",
help="Program usage")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if len(args) > 1:
parser.error("too many arguments")
ipa.config.init_config(options)
return options, args
@@ -79,13 +79,10 @@ def main():
group=ipa.group.Group()
options, args = parse_options()
if options.usage:
usage()
if (len(args) != 2):
if len(args) != 1:
cn = ipautil.user_input_name("Group name")
else:
cn = args[1]
cn = args[0]
try:
ipaadminutil.check_name(cn)
except ValueError, e:
@@ -96,7 +93,7 @@ def main():
desc = ipautil.user_input("Description", allow_empty = False)
else:
desc = options.desc
if (not ipavalidate.String(desc, notEmpty=True)):
if not ipavalidate.String(desc, notEmpty=True):
print "Please enter a value"
return 1

19
ipa-admintools/ipa-addservice
View File

@@ -44,22 +44,19 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-addservice [--force] [-v|--verbose] principal"
sys.exit(1)
def parse_options():
parser = OptionParser()
usage = "%prog [options] principal"
parser = OptionParser(usage=usage)
parser.add_option("--force", action="store_true", default=False,
help="Force a service principal name")
parser.add_option("--usage", action="store_true",
help="Program usage")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "principal")
ipa.config.init_config(options)
return options, args
@@ -69,9 +66,7 @@ def main():
options, args = parse_options()
if len(args) != 2:
usage()
princ_name = args[1]
princ_name = args[0]
client = ipaclient.IPAClient(verbose=options.verbose)

41
ipa-admintools/ipa-adduser
View File

@@ -44,15 +44,12 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-adduser [-c|--gecos STRING] [-d|--directory STRING] [-f|--firstname STRING] [-l|--lastname STRING] [-s|--shell] [-g|--groups] [-k|krb-principal [-M|mailAddress] [--addattr attribute=value] [--setattr attribute=value] [-v|--verbose] user"
sys.exit(1)
def set_add_usage(which):
print "%s option usage: --%s NAME=VALUE" % (which, which)
def parse_options():
parser = OptionParser()
usage = "%prog [options] [user]"
parser = OptionParser(usage=usage)
parser.add_option("-c", "--gecos", dest="gecos",
help="Set the GECOS field")
parser.add_option("-d", "--directory", dest="directory",
@@ -73,8 +70,6 @@ def parse_options():
help="Set user's Kerberos Principal Name")
parser.add_option("-M", "--mailAddress", dest="mail",
help="Set user's e-mail address")
parser.add_option("--usage", action="store_true",
help="Program usage")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
parser.add_option("--addattr", dest="addattr",
@@ -84,8 +79,13 @@ def parse_options():
help="Set an attribute, dropping any existing values that may exist",
action="append")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if len(args) > 1:
parser.error("too many arguments")
ipa.config.init_config(options)
return options, args
@@ -96,7 +96,7 @@ def main():
username = ""
principal = ""
password = ""
mail = ""
mail = ""
gecos = ""
directory = ""
shell = ""
@@ -109,17 +109,14 @@ def main():
user=ipa.user.User()
options, args = parse_options()
if options.usage:
usage()
if len(args) != 2:
if len(args) != 1:
all_interactive = True
if not options.gn:
givenname = ipautil.user_input("First name", allow_empty = False)
else:
givenname = options.gn
if (not ipavalidate.String(givenname, notEmpty=True)):
if not ipavalidate.String(givenname, notEmpty=True):
print "Please enter a value"
return 1
@@ -127,14 +124,14 @@ def main():
lastname = ipautil.user_input("Last name", allow_empty = False)
else:
lastname = options.sn
if (not ipavalidate.String(lastname, notEmpty=True)):
if not ipavalidate.String(lastname, notEmpty=True):
print "Please enter a value"
return 1
if (len(args) != 2):
if len(args) != 1:
username = ipautil.user_input_name("Login name")
else:
username = args[1]
username = args[0]
try:
ipaadminutil.check_name(username)
except ValueError, e:
@@ -142,15 +139,15 @@ def main():
return 1
if options.password_prompt:
while (match != True):
while match != True:
password = getpass.getpass(" Password: ")
confirm = getpass.getpass(" Password (again): ")
if (password != confirm):
if password != confirm:
print "Passwords do not match"
match = False
else:
match = True
if (len(password) < 1):
if len(password) < 1:
print "Password cannot be empty"
match = False
else:
@@ -158,7 +155,7 @@ def main():
if options.mail:
mail = options.mail
if (not ipavalidate.Email(mail)):
if not ipavalidate.Email(mail):
print "The email provided seem not a valid email."
return 1

0
ipa-admintools/ipa-admintools.spec.in Executable file → Normal file
View File

35
ipa-admintools/ipa-change-master-key
View File

@@ -63,30 +63,38 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-change-master-key [-q|--quiet] [-p DM_PASSWORD]"
sys.exit(1)
def parse_options():
parser = OptionParser()
parser = OptionParser("%prog [-q|--quiet] [-p DM_PASSWORD]")
parser.add_option("-p", "--dm-password", dest="dm_password",
help="The Directory Manager password")
parser.add_option("-q", "--quiet", action="store_true", dest="quiet",
help="Keep quiet")
parser.add_option("--usage", action="store_true",
help="Program usage")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args)
ipa.config.init_config(options)
return options, args
# We support only des3 encoded stash files for now
def generate_new_stash_file(file):
odd_parity_bytes_pool = ['\x01', '\x02', '\x04', '\x07', '\x08', '\x0b', '\r', '\x0e', '\x10', '\x13', '\x15', '\x16', '\x19', '\x1a', '\x1c', '\x1f', ' ', '#', '%', '&', ')', '*', ',', '/', '1', '2', '4', '7', '8', ';', '=', '>', '@', 'C', 'E', 'F', 'I', 'J', 'L', 'O', 'Q', 'R', 'T', 'W', 'X', '[', ']', '^', 'a', 'b', 'd', 'g', 'h', 'k', 'm', 'n', 'p', 's', 'u', 'v', 'y', 'z', '|', '\x7f', '\x80', '\x83', '\x85', '\x86', '\x89', '\x8a', '\x8c', '\x8f', '\x91', '\x92', '\x94', '\x97', '\x98', '\x9b', '\x9d', '\x9e', '\xa1', '\xa2', '\xa4', '\xa7', '\xa8', '\xab', '\xad', '\xae', '\xb0', '\xb3', '\xb5', '\xb6', '\xb9', '\xba', '\xbc', '\xbf', '\xc1', '\xc2', '\xc4', '\xc7', '\xc8', '\xcb', '\xcd', '\xce', '\xd0', '\xd3', '\xd5', '\xd6', '\xd9', '\xda', '\xdc', '\xdf', '\xe0', '\xe3',
'\xe5', '\xe6', '\xe9', '\xea', '\xec', '\xef', '\xf1', '\xf2', '\xf4', '\xf7',
'\xf8', '\xfb', '\xfd', '\xfe']
odd_parity_bytes_pool = ['\x01', '\x02', '\x04', '\x07', '\x08', '\x0b',
'\r', '\x0e', '\x10', '\x13', '\x15', '\x16', '\x19', '\x1a', '\x1c',
'\x1f', ' ', '#', '%', '&', ')', '*', ',', '/', '1', '2', '4', '7', '8',
';', '=', '>', '@', 'C', 'E', 'F', 'I', 'J', 'L', 'O', 'Q', 'R', 'T',
'W', 'X', '[', ']', '^', 'a', 'b', 'd', 'g', 'h', 'k', 'm', 'n', 'p',
's', 'u', 'v', 'y', 'z', '|', '\x7f', '\x80', '\x83', '\x85', '\x86',
'\x89', '\x8a', '\x8c', '\x8f', '\x91', '\x92', '\x94', '\x97', '\x98',
'\x9b', '\x9d', '\x9e', '\xa1', '\xa2', '\xa4', '\xa7', '\xa8', '\xab',
'\xad', '\xae', '\xb0', '\xb3', '\xb5', '\xb6', '\xb9', '\xba', '\xbc',
'\xbf', '\xc1', '\xc2', '\xc4', '\xc7', '\xc8', '\xcb', '\xcd', '\xce',
'\xd0', '\xd3', '\xd5', '\xd6', '\xd9', '\xda', '\xdc', '\xdf', '\xe0',
'\xe3', '\xe5', '\xe6', '\xe9', '\xea', '\xec', '\xef', '\xf1', '\xf2',
'\xf4', '\xf7', '\xf8', '\xfb', '\xfd', '\xfe']
pool_len = len(odd_parity_bytes_pool)
keytype = 16 # des3
keydata = ""
@@ -135,9 +143,6 @@ def main():
options, args = parse_options()
if options.usage:
usage()
krbctx = krbV.default_context()
realm = krbctx.default_realm

27
ipa-admintools/ipa-defaultoptions
View File

@@ -39,13 +39,10 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-defaultoptions [--maxusername number] [--homedir directory] [--defaultshell shell] [--defaultgroup group] [--emaildomain domain] [--searchtimelimit number] [--searchrecordslimit number] [--usersearch fields] [--groupsearch fields] [-v|--verbose]"
print "ipa-defaultoptions --show"
sys.exit(1)
def parse_options():
parser = OptionParser()
usage = "%prog [options]\n"
usage += "%prog --show"
parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter())
parser.add_option("--maxusername", dest="maxusername",
help="Max. Length of a username")
parser.add_option("--homedir", dest="homedir",
@@ -66,13 +63,17 @@ def parse_options():
help="A comma-separated list of fields to search when searching for groups")
parser.add_option("--show", dest="show", action="store_true",
help="Show the current configuration")
parser.add_option("--usage", action="store_true",
help="Program usage")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args)
if not options.show and not options.maxusername and not options.homedir and not options.defaultshell and not options.defaultgroup and not options.emaildomain and not options.searchtimelimit and not options.searchrecordslimit and not options.usersearch and not options.groupsearch:
parser.error("nothing to do")
ipa.config.init_config(options)
return options, args
@@ -94,9 +95,6 @@ def show_config(client):
print "Default E-mail Domain: %s" % policy.getValues('ipaDefaultEmailDomain')
def update_policy(client, options):
if not options.maxusername and not options.homedir and not options.defaultshell and not options.defaultgroup and not options.emaildomain and not options.searchtimelimit and not options.searchrecordslimit and not options.usersearch and not options.groupsearch:
usage()
current = client.get_ipa_config()
new = ipa.entity.Entity(current.toDict())
@@ -140,9 +138,6 @@ def update_policy(client, options):
def main():
options, args = parse_options()
if options.usage:
usage()
client = ipaclient.IPAClient(verbose=options.verbose)
if options.show:

26
ipa-admintools/ipa-deldelegation
View File

@@ -7,7 +7,7 @@
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@@ -16,7 +16,7 @@
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#
import sys
try:
from optparse import OptionParser
@@ -43,19 +43,16 @@ error was:
aci_fields = ['*', 'aci']
def usage():
print "ipa-deldelgation [-v|--verbose] name"
sys.exit(1)
def parse_options():
parser = OptionParser()
parser.add_option("--usage", action="store_true",
help="Program usage")
usage = "%prog [-v|--verbose] name"
parser = OptionParser(usage=usage)
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "name")
ipa.config.init_config(options)
return options, args
@@ -63,9 +60,6 @@ def main():
options, args = parse_options()
if options.usage or len(args) != 2:
usage()
client = ipaclient.IPAClient(verbose=options.verbose)
aci_entry = client.get_aci_entry(aci_fields)
@@ -80,7 +74,7 @@ def main():
for aci_str in aci_str_list:
try:
aci = ipa.aci.ACI(aci_str)
if aci.name == args[1]:
if aci.name == args[0]:
acistr = aci_str
source_group = aci.source_group
else:
@@ -90,7 +84,7 @@ def main():
pass
if acistr is None:
print "No delegation '%s' found." % args[1]
print "No delegation '%s' found." % args[0]
return 2
old_aci_index = aci_str_list.index(acistr)

30
ipa-admintools/ipa-delgroup
View File

@@ -39,49 +39,43 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-delgroup [-v|--verbose] group"
sys.exit(1)
def parse_options():
parser = OptionParser()
parser.add_option("--usage", action="store_true",
help="Program usage")
usage = "%prog [-v|--verbose] group"
parser = OptionParser(usage=usage)
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "group")
ipa.config.init_config(options)
return options, args
def main():
options, args = parse_options()
if options.usage or len(args) != 2:
usage()
client = ipaclient.IPAClient(verbose=options.verbose)
groups = client.find_groups(args[1], ['cn','description','gidnumber','nsAccountLock'])
groups = client.find_groups(args[0], ['cn','description','gidnumber','nsAccountLock'])
counter = groups[0]
groups = groups[1:]
groups = groups[1:]
to_delete = None
for i in range(counter):
dn_list = ldap.explode_dn(groups[i].dn.lower())
if "cn=%s" % args[1].lower() in dn_list:
if "cn=%s" % args[0].lower() in dn_list:
to_delete = groups[i]
if to_delete is None:
print "Group '%s' not found." % args[1]
print "Group '%s' not found." % args[0]
return 2
ret = client.delete_group(to_delete.dn)
if (ret == "Success"):
print args[1] + " successfully deleted"
print args[0] + " successfully deleted"
else:
print args[1] + " " + ret
print args[0] + " " + ret
return 0

25
ipa-admintools/ipa-delservice
View File

@@ -40,19 +40,16 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-delservice [-v|--verbose] principal"
sys.exit(1)
def parse_options():
parser = OptionParser()
parser.add_option("--usage", action="store_true",
help="Program usage")
usage = "%prog [-v|--verbose] principal"
parser = OptionParser(usage=usage)
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "principal")
ipa.config.init_config(options)
return options, args
@@ -62,21 +59,19 @@ def main():
options, args = parse_options()
if len(args) != 2:
usage()
princ_name = args[1]
princ_name = args[0]
client = ipaclient.IPAClient(verbose=options.verbose)
hosts = client.find_service_principal(args[1], sattrs=None)
hosts = client.find_service_principal(args[0], sattrs=None)
counter = hosts[0]
hosts = hosts[1:]
if counter == 0:
print "Service Principal '%s' not found." % args[1]
print "Service Principal '%s' not found." % args[0]
return 2
if counter != 1:
print "An exact match was not found. Found %d principals for %s" % (counter, args[1])
print "An exact match was not found. Found %d principals for %s" % (counter, args[0])
return 2
client.delete_service_principal(hosts[0].dn)

22
ipa-admintools/ipa-deluser
View File

@@ -38,31 +38,25 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-deluser [-v|--verbose] user"
sys.exit(1)
def parse_options():
parser = OptionParser()
parser.add_option("--usage", action="store_true",
help="Program usage")
usage = "%prog [-v|--verbose] user"
parser = OptionParser(usage=usage)
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "user")
ipa.config.init_config(options)
return options, args
def main():
options, args = parse_options()
if options.usage or len(args) != 2:
usage()
client = ipaclient.IPAClient(verbose=options.verbose)
ret = client.delete_user(args[1])
print args[1] + " successfully deleted"
ret = client.delete_user(args[0])
print args[0] + " successfully deleted"
return 0

26
ipa-admintools/ipa-findgroup
View File

@@ -39,25 +39,22 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-findgroup [-a|--all] [-n|--notranslate] [-v|--verbose] group"
sys.exit()
def parse_options():
parser = OptionParser()
usage = "%prog [options] group"
parser = OptionParser(usage=usage)
parser.add_option("-a", "--all", action="store_true", dest="all",
help="Show all group attributes")
parser.add_option("-n", "--notranslate", action="store_true",
dest="notranslate",
help="Don't translate LDAP attributes into readable labels")
parser.add_option("--usage", action="store_true",
help="Program usage")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "group")
ipa.config.init_config(options)
return options, args
@@ -65,20 +62,17 @@ def main():
group={}
options, args = parse_options()
if options.usage or len(args) != 2:
usage()
client = ipaclient.IPAClient(verbose=options.verbose)
if options.all is None:
groups = client.find_groups(args[1], ['cn','description','gidnumber','nsAccountLock'])
groups = client.find_groups(args[0], ['cn','description','gidnumber','nsAccountLock'])
else:
groups = client.find_groups(args[1], sattrs=['*','nsAccountLock'])
groups = client.find_groups(args[0], sattrs=['*','nsAccountLock'])
counter = groups[0]
groups = groups[1:]
groupindex = -1
if counter == 0:
print "No entries found for", args[1]
print "No entries found for", args[0]
return 2
elif counter == -1:
print "These results are truncated."
@@ -129,7 +123,7 @@ def main():
for m in members:
print " " + m.getValue('cn') + ": " + m.dn
# blank line between results
print
print
return 0

22
ipa-admintools/ipa-findservice
View File

@@ -39,20 +39,17 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-findservice [-v|--verbose] host"
sys.exit()
def parse_options():
parser = OptionParser()
usage = "%prog [-v|--verbose] host"
parser = OptionParser(usage=usage)
parser.add_option("--usage", action="store_true",
help="Program usage")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "host")
ipa.config.init_config(options)
return options, args
@@ -60,17 +57,14 @@ def main():
user={}
options, args = parse_options()
if options.usage or len(args) != 2:
usage()
client = ipaclient.IPAClient(verbose=options.verbose)
hosts = client.find_service_principal(args[1], sattrs=None)
hosts = client.find_service_principal(args[0], sattrs=None)
counter = hosts[0]
hosts = hosts[1:]
userindex = 0
if counter == 0:
print "No entries found for", args[1]
print "No entries found for", args[0]
return 2
elif counter == -1:
print "These results are truncated."

33
ipa-admintools/ipa-finduser
View File

@@ -41,25 +41,22 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-finduser [-a|--all] [-n|--notranslate] [-v|--verbose] user"
sys.exit()
def parse_options():
parser = OptionParser()
usage = "%prog [-a|--all] [-n|--notranslate] [-v|--verbose] user"
parser = OptionParser(usage=usage)
parser.add_option("-a", "--all", action="store_true", dest="all",
help="Display all attributes")
parser.add_option("-n", "--notranslate", action="store_true",
dest="notranslate",
help="Don't translate LDAP attributes into readable labels")
parser.add_option("--usage", action="store_true",
help="Program usage")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "user")
ipa.config.init_config(options)
return options, args
@@ -88,20 +85,17 @@ def main():
user={}
options, args = parse_options()
if options.usage or len(args) != 2:
usage()
client = ipaclient.IPAClient(verbose=options.verbose)
if options.all is None:
users = client.find_users(args[1], sattrs=['uid','givenname','sn','homeDirectory','loginshell'])
users = client.find_users(args[0], sattrs=['uid','givenname','sn','homeDirectory','loginshell'])
else:
users = client.find_users(args[1], sattrs=None)
users = client.find_users(args[0], sattrs=None)
counter = users[0]
users = users[1:]
userindex = 0
if counter == 0:
print "No entries found for", args[1]
print "No entries found for", args[0]
return 2
elif counter == -1:
print "These results are truncated."
@@ -125,11 +119,8 @@ def main():
# Always have sn following givenname
try:
l = attr.index('givenname')
try:
attr.remove('sn')
attr.insert(l+1, 'sn')
except ValueError:
pass
attr.remove('sn')
attr.insert(l+1, 'sn')
except ValueError:
pass
@@ -152,7 +143,7 @@ def main():
for l in value:
print "\t" + wrap_binary_data(l)
# blank line between results
print
print
return 0

11
ipa-admintools/ipa-listdelegation
View File

@@ -51,16 +51,13 @@ def parse_options():
help="Name of delegation")
parser.add_option("-t", "--target", dest="target",
help="Target group of delegation")
parser.add_option("--usage", action="store_true",
help="Program usage")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
if options.usage or len(args) != 1:
parser.error("too many arguments")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args)
ipa.config.init_config(options)
return options, args

24
ipa-admintools/ipa-lockuser
View File

@@ -38,35 +38,29 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-lockuser [-u|--unlock] [-v|--verbose] user"
sys.exit(1)
def parse_options():
parser = OptionParser()
usage = "%prog [-u|--unlock] [-v|--verbose] user"
parser = OptionParser(usage=usage)
parser.add_option("-u", "--unlock", action="store_true", dest="unlock",
help="Unlock a user's account")
parser.add_option("--usage", action="store_true",
help="Program usage")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "user")
ipa.config.init_config(options)
return options, args
def main():
options, args = parse_options()
if options.usage or len(args) != 2:
usage()
msg = "inactivated"
client = ipaclient.IPAClient(verbose=options.verbose)
if options.unlock:
try:
ret = client.mark_user_active(args[1])
ret = client.mark_user_active(args[0])
msg = "unlocked"
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
print "User is already marked active"
@@ -75,13 +69,13 @@ def main():
raise
else:
try:
ret = client.mark_user_inactive(args[1])
ret = client.mark_user_inactive(args[0])
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
print "User is already marked inactive"
return 0
except:
raise
print args[1] + " successfully %s" % msg
print args[0] + " successfully %s" % msg
return 0

40
ipa-admintools/ipa-moddelegation
View File

@@ -45,13 +45,10 @@ error was:
aci_fields = ['*', 'aci']
def usage():
print "ipa-moddelegation [-l|--list]"
print "ipa-moddelegation [-a|--attributes attr1,attr2,..,attrn] [-s|--source STRING] [-t|--target STRING] [-v|--verbose] name"
sys.exit(1)
def parse_options():
parser = OptionParser()
usage = "%prog -l|--list\n"
usage += "%prog [-a|--attributes attr1,attr2,..,attrn] [-s|--source STRING] [-t|--target STRING] [-v|--verbose] name"
parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter())
parser.add_option("-a", "--attributes", dest="attributes",
help="The attributes the source group may change in the target group")
parser.add_option("-l", "--list", dest="list", action="store_true",
@@ -60,13 +57,18 @@ def parse_options():
help="The source group name")
parser.add_option("-t", "--target", dest="target",
help="The target group name")
parser.add_option("--usage", action="store_true",
help="Program usage")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if not options.list:
if not options.attributes and not options.source and not options.target:
parser.error("need at least one option of -a, -s, or -t")
ipa.config.verify_args(parser, args, "name")
ipa.config.init_config(options)
return options, args
@@ -82,12 +84,6 @@ def main():
print x
return 0
if options.usage or len(args) != 2:
usage()
if not options.attributes and not options.source and not options.target:
usage()
client = ipaclient.IPAClient(verbose=options.verbose)
# first do some sanity checking
@@ -99,7 +95,7 @@ def main():
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.source
return 2
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
@@ -121,7 +117,7 @@ def main():
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.target
return 2
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
@@ -155,7 +151,7 @@ def main():
for aci_str in aci_str_list:
try:
old_aci = ipa.aci.ACI(aci_str)
if old_aci.name == args[1]:
if old_aci.name == args[0]:
acistr = aci_str
orig_group = old_aci.source_group
else:
@@ -165,13 +161,13 @@ def main():
pass
if acistr is None:
print "No delegation %s found." % args[1]
print "No delegation %s found." % args[0]
return 2
old_aci_index = aci_str_list.index(acistr)
new_aci = ipa.aci.ACI()
new_aci.name = args[1]
new_aci.name = args[0]
if options.source:
new_aci.source_group = source_grp[0].dn
else:
@@ -212,7 +208,7 @@ def main():
# This is ok, ignore it
pass
print "Delegation %s successfully updated" % args[1]
print "Delegation %s successfully updated" % args[0]
return 0
try:

66
ipa-admintools/ipa-modgroup
View File

@@ -40,18 +40,15 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-modgroup [-l|--list]"
print "ipa-modgroup [-a|--add] [-r|--remove] [-v|--verbose] user group"
print "ipa-modgroup [-g|--groupadd] [-e|--groupdel] [-v|--verbose] group group"
print "ipa-modgroup [-d|--desc description STRING] [--addattr attribute=value] [--delattr attribute] [--setattr attribute=value] [-v|--verbose] group"
sys.exit(1)
def set_add_usage(which):
print "%s option usage: --%s NAME=VALUE" % (which, which)
def parse_options():
parser = OptionParser()
usage = "%prog [-l|--list]\n"
usage += "%prog [-a|--add] [-r|--remove] [-v|--verbose] user group\n"
usage += "%prog [-g|--groupadd] [-e|--groupdel] [-v|--verbose] group group\n"
usage += "%prog [-d|--desc description STRING] [--addattr attribute=value] [--delattr attribute] [--setattr attribute=value] [-v|--verbose] group"
parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter())
parser.add_option("-a", "--add", dest="add", action="store_true",
help="Add a user to the group")
parser.add_option("-r", "--remove", dest="remove", action="store_true",
@@ -60,7 +57,7 @@ def parse_options():
help="Add a group to the group")
parser.add_option("-e", "--groupdel", dest="groupdel", action="store_true",
help="Remove a group from the group")
parser.add_option("-d", "--description", dest="desc",
parser.add_option("-d", "--description", dest="desc",
help="Modify the description of the group")
parser.add_option("--addattr", dest="addattr",
help="Adds an attribute or values to that attribute, attr=value",
@@ -72,19 +69,27 @@ def parse_options():
action="append")
parser.add_option("-l", "--list", dest="list", action="store_true",
help="List common attributes (this is not an exhaustive list)")
parser.add_option("--usage", action="store_true",
help="Program usage")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if ((not options.add and not options.remove) and
(not options.groupadd and not options.groupdel) and
(not options.desc and not options.addattr and
not options.delattr and not options.setattr and not options.list)):
usage()
parser.error("need to specify at least one operation")
if not options.list:
if options.add or options.remove:
ipa.config.verify_args(parser, args, "user group")
elif options.groupadd or option.groupdel:
ipa.config.verify_args(parser, args, "group group")
elif options.desc or options.addattr or options.delattr or options.setattr:
ipa.config.verify_args(parser, args, "group")
ipa.config.init_config(options)
return options, args
@@ -118,56 +123,49 @@ def main():
print x
return 0
if options.usage:
usage()
if (options.add or options.remove) and (len(args) != 3):
usage()
elif ((options.desc or options.addattr or options.delattr or options.setattr) and (len(args) != 2)):
usage()
client = ipaclient.IPAClient(verbose=options.verbose)
if options.add:
group = get_group(client, options, args[2])
group = get_group(client, options, args[1])
if group is None:
return 1
users = args[1].split(',')
users = args[0].split(',')
for user in users:
client.add_user_to_group(user, group.dn)
print user + " successfully added to " + args[2]
print user + " successfully added to " + args[1]
elif options.remove:
group = get_group(client, options, args[2])
group = get_group(client, options, args[1])
if group is None:
return 1
users = args[1].split(',')
users = args[0].split(',')
for user in users:
client.remove_user_from_group(user, group.dn)
print user + " successfully removed"
elif options.groupadd:
group = get_group(client, options, args[2])
group = get_group(client, options, args[1])
if group is None:
return 1
groups = args[1].split(',')
groups = args[0].split(',')
for g in groups:
tgroup = get_group(client, options, g)
if tgroup is not None:
client.add_group_to_group(tgroup.dn, group.dn)
print g + " successfully added to " + args[2]
print g + " successfully added to " + args[1]
else:
print "Group %s not found" % g
elif options.groupdel:
group = get_group(client, options, args[2])
group = get_group(client, options, args[1])
if group is None:
return 1
groups = args[1].split(',')
groups = args[0].split(',')
for g in groups:
tgroup = get_group(client, options, g)
if tgroup is not None:
client.remove_member_from_group(tgroup.dn, group.dn)
print g + " successfully removed " + args[2]
print g + " successfully removed " + args[1]
else:
print "Group %s not found" % g
else:
group = get_group(client, options, args[1])
group = get_group(client, options, args[0])
if group is None:
return 1
@@ -202,7 +200,7 @@ def main():
group.setValue(attr, value)
client.update_group(group)
print args[1] + " successfully updated"
print args[0] + " successfully updated"
return 0

27
ipa-admintools/ipa-moduser
View File

@@ -41,16 +41,13 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-moduser [--list]"
print "ipa-moduser [-a|--activate] [-c|--gecos STRING] [-d|--directory STRING] [-f|--firstname STRING] [-l|--lastname STRING] [-s|--shell STRING] [--addattr attribute=value] [--delattr attribute] [--setattr attribute=value] [-v|--verbose] user"
sys.exit(1)
def set_add_usage(which):
print "%s option usage: --%s NAME=VALUE" % (which, which)
def parse_options():
parser = OptionParser()
usage = "%prog --list\n"
usage = "%prog [options] user"
parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter())
parser.add_option("-a", "--activate", dest="activate", action="store_true",
help="Activate the user")
parser.add_option("-c", "--gecos", dest="gecos",
@@ -75,13 +72,16 @@ def parse_options():
help="List common attributes (this is not an exhaustive list)")
parser.add_option("-M", "--mailAddress", dest="mail",
help="Set user's e-mail address")
parser.add_option("--usage", action="store_true",
help="Program usage")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if not options.list:
ipa.config.verify_args(parser, args, "user")
ipa.config.init_config(options)
return options, args
@@ -108,10 +108,7 @@ def main():
print x
return 0
if options.usage or len(args) != 2:
usage()
username = args[1]
username = args[0]
client = ipaclient.IPAClient(verbose=options.verbose)
try:
@@ -197,7 +194,7 @@ def main():
if len(s) != 2:
set_add_usage("set")
sys.exit(1)
(attr,value) = s
(attr,value) = s
user.setValue(attr, value)
if options.addattr:

23
ipa-admintools/ipa-passwd
View File

@@ -40,19 +40,17 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-passwd [-v|--verbose] [user]"
sys.exit(1)
def parse_options():
parser = OptionParser()
parser.add_option("--usage", action="store_true",
help="Program usage")
usage = "ipa-passwd [-v|--verbose] [user]"
parser = OptionParser(usage=usage)
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if len(args) > 1:
parser.error("too many arguments")
ipa.config.init_config(options)
return options, args
@@ -74,13 +72,10 @@ def main():
options, args = parse_options()
if options.usage:
usage()
krbctx = krbV.default_context()
if len(args) == 2:
username = args[1]
if len(args) == 1:
username = args[0]
else:
principal = get_principal(krbctx)
if principal is None:

27
ipa-admintools/ipa-pwpolicy
View File

@@ -39,13 +39,10 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-pwpolicy [--maxlife days] [--minlife hours] [--history number] [--minclasses number] [--minlength number] [-v|--verbose]"
print "ipa-pwpolicy --show"
sys.exit(1)
def parse_options():
parser = OptionParser()
usage = "ipa-pwpolicy [--maxlife days] [--minlife hours] [--history number] [--minclasses number] [--minlength number] [-v|--verbose]\n"
usage = "ipa-pwpolicy --show"
parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter())
parser.add_option("--maxlife", dest="maxlife",
help="Max. Password Lifetime (days)")
parser.add_option("--minlife", dest="minlife",
@@ -63,8 +60,14 @@ def parse_options():
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if not options.show:
if not options.maxlife and not options.minlife and not options.history and not options.minclasses and not options.minlength:
parser.error("need at least one option of --maxlife, --minlife, --history, --minclasses or --minlength")
ipa.config.init_config(options)
return options, args
@@ -78,9 +81,6 @@ def show_policy(client):
print "Password History Size: %s" % policy.getValues('krbpwdhistorylength')
def update_policy(client, options):
if not options.maxlife and not options.minlife and not options.history and not options.minclasses and not options.minlength:
usage()
current = client.get_password_policy()
new = ipa.entity.Entity(current.toDict())
@@ -113,12 +113,9 @@ def update_policy(client, options):
def main():
options, args = parse_options()
if options.usage:
usage()
client = ipaclient.IPAClient(verbose=options.verbose)
if options.show:
if options.show:
show_policy(client)
return 0

93
ipa-python/config.py
View File

@@ -18,7 +18,7 @@
#
import ConfigParser
from optparse import OptionParser
from optparse import OptionParser, IndentedHelpFormatter
import krbV
import socket
@@ -35,6 +35,30 @@ class IPAConfigError(Exception):
__str__ = __repr__
class IPAFormatter(IndentedHelpFormatter):
"""Our own optparse formatter that indents multiple lined usage string."""
def format_usage(self, usage):
usage_string = "Usage:"
spacing = " " * len(usage_string)
lines = usage.split("\n")
ret = "%s %s\n" % (usage_string, lines[0])
for line in lines[1:]:
ret += "%s %s\n" % (spacing, line)
return ret
def verify_args(parser, args, needed_args = None):
"""Verify that we have all positional arguments we need, if not, exit."""
if needed_args:
needed_list = needed_args.split(" ")
else:
needed_list = []
len_need = len(needed_list)
len_have = len(args)
if len_have > len_need:
parser.error("too many arguments")
elif len_have < len_need:
parser.error("no %s specified" % needed_list[len_have])
class IPAConfig:
def __init__(self):
self.default_realm = None
@@ -69,9 +93,15 @@ def __parse_config():
try:
if not config.default_realm:
config.default_realm = p.get("defaults", "realm")
except:
pass
try:
if not len(config.default_server):
s = p.get("defaults", "server")
config.default_server = re.sub("\s+", "", s).split(',')
except:
pass
try:
if not config.default_domain:
config.default_domain = p.get("defaults", "domain")
except:
@@ -118,53 +148,27 @@ def __discover_config():
except:
pass
def usage():
return """ --realm\tset the IPA realm
--server\tset the IPA server
--domain\tset the IPA dns domain
"""
def add_standard_options(parser):
parser.add_option("--realm", dest="realm", help="Override default IPA realm")
parser.add_option("--server", dest="server", help="Override default IPA server")
parser.add_option("--domain", dest="domain", help="Override default IPA DNS domain")
def __parse_args(args):
# Can't use option parser because it doesn't easily leave
# unknown arguments - creating our own seems simpler.
#
# should make this more robust and handle --realm=foo syntax
out_args = []
i = 0
while i < len(args):
if args[i] == "--realm":
if i == len(args) - 1:
raise IPAConfigError("missing argument to --realm")
config.default_realm = args[i + 1]
i = i + 2
continue
if args[i] == "--server":
if i == len(args) - 1:
raise IPAConfigError("missing argument to --server")
config.default_server.append(args[i + 1])
i = i + 2
continue
if args[i] == "--domain":
if i == len(args) - 1:
raise IPAConfigError("missing argument to --domain")
config.default_domain = args[i + 1]
i = i + 2
continue
out_args.append(args[i])
i = i + 1
return out_args
def init_config(args=None):
out_args = None
if args:
out_args = __parse_args(args)
def init_config(options=None):
if options:
config.default_realm = options.realm
config.default_domain = options.domain
if options.server:
config.default_server.extend(options.server.split(","))
__parse_config()
__discover_config()
config.default_server = list(set(config.default_server))
# make sure the server list only contains unique items
new_server = []
for server in config.default_server:
if server not in new_server:
new_server.append(server)
config.default_server = new_server
if not config.default_realm:
raise IPAConfigError("IPA realm not found in DNS, in the config file (/etc/ipa/ipa.conf) or on the command line.")
@@ -172,6 +176,3 @@ def init_config(args=None):
raise IPAConfigError("IPA server not found in DNS, in the config file (/etc/ipa/ipa.conf) or on the command line.")
if not config.default_domain:
raise IPAConfigError("IPA domain not found in the config file (/etc/ipa/ipa.conf) or on the command line.")
if out_args:
return out_args

10
ipa-radius-admintools/ipa-addradiusclient
View File

@@ -81,13 +81,15 @@ def main():
opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0])))
args = ipa.config.init_config(sys.argv)
options, args = opt_parser.parse_args(args)
ipa.config.add_standard_options(opt_parser)
options, args = opt_parser.parse_args()
if len(args) < 2:
if len(args) < 1:
opt_parser.error('missing %s' % (distinguished_attr))
ip_addr = args[1]
ipa.config.init_config(options)
ip_addr = args[0]
pairs[distinguished_attr] = ip_addr
# Get pairs from a file or stdin

10
ipa-radius-admintools/ipa-addradiusprofile
View File

@@ -77,13 +77,15 @@ def main():
opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0])))
args = ipa.config.init_config(sys.argv)
options, args = opt_parser.parse_args(args)
ipa.config.add_standard_options(opt_parser)
options, args = opt_parser.parse_args()
if len(args) < 2:
if len(args) < 1:
opt_parser.error('missing %s' % (distinguished_attr))
uid = args[1]
ipa.config.init_config(options)
uid = args[0]
user_profile = not options.shared
pairs[distinguished_attr] = uid

10
ipa-radius-admintools/ipa-delradiusclient
View File

@@ -46,13 +46,15 @@ def main():
help="detailed help information")
opt_parser.set_usage("Usage: %s [options] Client-IP-Address" % (os.path.basename(sys.argv[0])))
args = ipa.config.init_config(sys.argv)
options, args = opt_parser.parse_args(args)
ipa.config.add_standard_options(opt_parser)
options, args = opt_parser.parse_args()
if len(args) < 2:
if len(args) < 1:
opt_parser.error("missing Client-IP-Address")
ip_addr = args[1]
ipa.config.init_config(options)
ip_addr = args[0]
try:
ipa_client = ipaclient.IPAClient()

10
ipa-radius-admintools/ipa-delradiusprofile
View File

@@ -48,13 +48,15 @@ def main():
help="detailed help information")
opt_parser.set_usage("Usage: %s [options] UID" % (os.path.basename(sys.argv[0])))
args = ipa.config.init_config(sys.argv)
options, args = opt_parser.parse_args(args)
ipa.config.add_standard_options(opt_parser)
options, args = opt_parser.parse_args()
if len(args) < 2:
if len(args) < 1:
opt_parser.error("missing UID")
uid = args[1]
ipa.config.init_config(options)
uid = args[0]
user_profile = not options.shared
# Per user profiles are pre-created (i.e. objectclass radiusprofile is always added for each user)

10
ipa-radius-admintools/ipa-findradiusclient
View File

@@ -56,15 +56,17 @@ def main():
opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
help="detailed help information")
args = ipa.config.init_config(sys.argv)
options, args = opt_parser.parse_args(args)
ipa.config.add_standard_options(opt_parser)
options, args = opt_parser.parse_args()
opt_parser.set_usage("Usage: %s [options] Client-IP-Address [Client-IP-Address ...]" % (os.path.basename(sys.argv[0])))
if len(args) < 2:
if len(args) < 1:
opt_parser.error("missing Client-IP-Address(es)")
ip_addrs = args[1:]
ipa.config.init_config(options)
ip_addrs = args
try:
ipa_client = ipaclient.IPAClient()

10
ipa-radius-admintools/ipa-findradiusprofile
View File

@@ -58,15 +58,17 @@ def main():
opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
help="detailed help information")
args = ipa.config.init_config(sys.argv)
options, args = opt_parser.parse_args(args)
ipa.config.add_standard_options(opt_parser)
options, args = opt_parser.parse_args()
opt_parser.set_usage("Usage: %s [options] UID [UID ...]" % (os.path.basename(sys.argv[0])))
if len(args) < 2:
if len(args) < 1:
opt_parser.error("missing UID(es)")
uids = args[1:]
ipa.config.init_config(options)
uids = args
user_profile = not options.shared
try:

10
ipa-radius-admintools/ipa-modradiusclient
View File

@@ -82,13 +82,15 @@ def main():
opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0])))
args = ipa.config.init_config(sys.argv)
options, args = opt_parser.parse_args(args)
ipa.config.add_standard_options(opt_parser)
options, args = opt_parser.parse_args()
if len(args) < 2:
if len(args) < 1:
opt_parser.error('missing %s' % (distinguished_attr))
ip_addr = args[1]
ipa.config.init_config(options)
ip_addr = args[0]
# Verify entity previously exists and get current values
ipa_client = ipaclient.IPAClient()

10
ipa-radius-admintools/ipa-modradiusprofile
View File

@@ -78,13 +78,15 @@ def main():
opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0])))
args = ipa.config.init_config(sys.argv)
options, args = opt_parser.parse_args(args)
ipa.config.add_standard_options(opt_parser)
options, args = opt_parser.parse_args()
if len(args) < 2:
if len(args) < 1:
opt_parser.error('missing %s' % (distinguished_attr))
uid = args[1]
ipa.config.init_config(options)
uid = args[0]
user_profile = not options.shared
# Verify entity previously exists and get current values

44
ipa-server/ipa-fix-CVE-2008-3274
View File

@@ -30,7 +30,7 @@ try:
from ldap import LDAPError
from ldap import ldapobject
from ipaclient import ipachangeconf
from ipaclient import ipachangeconf
from ipaserver import ipaldap
from pyasn1.type import univ, namedtype
@@ -48,23 +48,23 @@ error was:
""" % sys.exc_value
sys.exit(1)
def usage():
print "ipa-fix-CVE-2008-3274 [--check] [--fix] [--fix-replica]"
sys.exit(1)
def parse_options():
parser = OptionParser()
parser = OptionParser("%prog [--check] [--fix] [--fix-replica]")
parser.add_option("--check", dest="check", action="store_true",
help="Just check for the vulnerability and report (default action)")
parser.add_option("--fix", dest="fix", action="store_true",
help="Run checks and start procedure to fix the problem")
parser.add_option("--fix-replica", dest="fix_replica", action="store_true",
help="Fix a replica after the tool has been tun with --fix on another master")
parser.add_option("--usage", action="store_true",
help="Program usage")
args = ipa.config.init_config(sys.argv)
options, args = parser.parse_args(args)
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args)
if not options.fix and not options.fix_replica and not options.check:
parser.error("please specify at least one option")
ipa.config.init_config(options)
return options, args
@@ -99,9 +99,20 @@ def check_vuln(realm, suffix):
# We support only des3 encoded stash files for now
def generate_new_stash_file(file):
odd_parity_bytes_pool = ['\x01', '\x02', '\x04', '\x07', '\x08', '\x0b', '\r', '\x0e', '\x10', '\x13', '\x15', '\x16', '\x19', '\x1a', '\x1c', '\x1f', ' ', '#', '%', '&', ')', '*', ',', '/', '1', '2', '4', '7', '8', ';', '=', '>', '@', 'C', 'E', 'F', 'I', 'J', 'L', 'O', 'Q', 'R', 'T', 'W', 'X', '[', ']', '^', 'a', 'b', 'd', 'g', 'h', 'k', 'm', 'n', 'p', 's', 'u', 'v', 'y', 'z', '|', '\x7f', '\x80', '\x83', '\x85', '\x86', '\x89', '\x8a', '\x8c', '\x8f', '\x91', '\x92', '\x94', '\x97', '\x98', '\x9b', '\x9d', '\x9e', '\xa1', '\xa2', '\xa4', '\xa7', '\xa8', '\xab', '\xad', '\xae', '\xb0', '\xb3', '\xb5', '\xb6', '\xb9', '\xba', '\xbc', '\xbf', '\xc1', '\xc2', '\xc4', '\xc7', '\xc8', '\xcb', '\xcd', '\xce', '\xd0', '\xd3', '\xd5', '\xd6', '\xd9', '\xda', '\xdc', '\xdf', '\xe0', '\xe3',
'\xe5', '\xe6', '\xe9', '\xea', '\xec', '\xef', '\xf1', '\xf2', '\xf4', '\xf7',
'\xf8', '\xfb', '\xfd', '\xfe']
odd_parity_bytes_pool = ['\x01', '\x02', '\x04', '\x07', '\x08', '\x0b',
'\r', '\x0e', '\x10', '\x13', '\x15', '\x16', '\x19', '\x1a', '\x1c',
'\x1f', ' ', '#', '%', '&', ')', '*', ',', '/', '1', '2', '4', '7', '8',
';', '=', '>', '@', 'C', 'E', 'F', 'I', 'J', 'L', 'O', 'Q', 'R', 'T',
'W', 'X', '[', ']', '^', 'a', 'b', 'd', 'g', 'h', 'k', 'm', 'n', 'p',
's', 'u', 'v', 'y', 'z', '|', '\x7f', '\x80', '\x83', '\x85', '\x86',
'\x89', '\x8a', '\x8c', '\x8f', '\x91', '\x92', '\x94', '\x97', '\x98',
'\x9b', '\x9d', '\x9e', '\xa1', '\xa2', '\xa4', '\xa7', '\xa8', '\xab',
'\xad', '\xae', '\xb0', '\xb3', '\xb5', '\xb6', '\xb9', '\xba', '\xbc',
'\xbf', '\xc1', '\xc2', '\xc4', '\xc7', '\xc8', '\xcb', '\xcd', '\xce',
'\xd0', '\xd3', '\xd5', '\xd6', '\xd9', '\xda', '\xdc', '\xdf', '\xe0',
'\xe3', '\xe5', '\xe6', '\xe9', '\xea', '\xec', '\xef', '\xf1', '\xf2',
'\xf4', '\xf7', '\xf8', '\xfb', '\xfd', '\xfe']
pool_len = len(odd_parity_bytes_pool)
keytype = 16 # des3
keydata = ""
@@ -467,13 +478,6 @@ def main():
options, args = parse_options()
if options.usage:
usage()
if not options.fix and not options.fix_replica and not options.check:
print "use --help for more info"
usage()
if options.fix or options.fix_replica:
password = getpass.getpass("Directory Manager password: ")

10
ipa-server/ipa-install/ipa-replica-prepare
View File

@@ -39,8 +39,6 @@ def usage():
def parse_options():
parser = OptionParser(version=version.VERSION)
args = ipa.config.init_config(sys.argv)
parser.add_option("--dirsrv_pkcs12", dest="dirsrv_pkcs12",
help="install certificate for the directory server")
parser.add_option("--http_pkcs12", dest="http_pkcs12",
@@ -52,7 +50,7 @@ def parse_options():
parser.add_option("-p", "--password", dest="password",
help="Directory Manager (existing master) password")
options, args = parser.parse_args(args)
options, args = parser.parse_args()
# If any of the PKCS#12 options are selected, all are required. Create a
# list of the options and count it to enforce that all are required without
@@ -62,9 +60,11 @@ def parse_options():
if cnt > 0 and cnt < 4:
parser.error("error: All PKCS#12 options are required if any are used.")
if len(args) != 2:
if len(args) != 1:
parser.error("must provide the fully-qualified name of the replica")
ipa.config.init_config(options)
return options, args
def get_host_name():
@@ -171,7 +171,7 @@ def get_dirman_password():
def main():
options, args = parse_options()
replica_fqdn = args[1]
replica_fqdn = args[0]
if not ipautil.file_exists(certs.CA_SERIALNO) and not options.dirsrv_pin:
sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.")