IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

- Centralize try/except so the entire program is covered. This make it

Browse Source 
possible to catch KeyboardInterrupt during the import process.
- Add function for handling python differences with GSSError

434798
This commit is contained in:
Rob Crittenden 2008-02-27 10:40:18 -05:00
parent d5f5026454
commit ad8096b51f
19 changed files with 1085 additions and 983 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

199
ipa-admintools/ipa-adddelegation
View File

@ -18,21 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.aci
import ipa.ipaadminutil as ipaadminutil
import xmlrpclib
import kerberos
import krbV
import ldap
import errno
def usage():
print "ipa-adddelegation [-l|--list]"
print "ipa-adddelegation [-a|--attributes attr1,attr2,..,attrn] [-s|--source STRING] [-t|--target STRING] name"
@ -65,9 +50,9 @@ def main():
if options.list:
client = ipaclient.IPAClient()
list = client.get_all_attrs()
l = client.get_all_attrs()
for x in list:
for x in l:
print x
return 0
@ -78,100 +63,120 @@ def main():
if not options.attributes or not options.source or not options.target:
usage()
try:
client = ipaclient.IPAClient()
client = ipaclient.IPAClient()
source_grp = client.find_groups(options.source)
counter = source_grp[0]
source_grp = source_grp[1:]
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.source
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
source_grp = client.find_groups(options.source)
counter = source_grp[0]
source_grp = source_grp[1:]
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.source
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
if counter > 1:
print "\nMultiple entries for the source group found."
groupindex = ipaadminutil.select_group(counter, source_grp)
if groupindex == "q":
return 0
if counter > 1:
print "\nMultiple entries for the source group found."
groupindex = ipaadminutil.select_group(counter, source_grp)
if groupindex == "q":
return 0
if groupindex >= 0:
source_grp = [source_grp[groupindex]]
if groupindex >= 0:
source_grp = [source_grp[groupindex]]
target_grp = client.find_groups(options.target)
counter = target_grp[0]
target_grp = target_grp[1:]
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.target
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
target_grp = client.find_groups(options.target)
counter = target_grp[0]
target_grp = target_grp[1:]
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.target
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
if counter > 1:
print "\nMultiple entries for the target group found."
groupindex = ipaadminutil.select_group(counter, target_grp)
if groupindex == "q":
return 0
if counter > 1:
print "\nMultiple entries for the target group found."
groupindex = ipaadminutil.select_group(counter, target_grp)
if groupindex == "q":
return 0
if groupindex >= 0:
target_grp = [target_grp[groupindex]]
if groupindex >= 0:
target_grp = [target_grp[groupindex]]
attr_list = options.attributes.split(',')
attr_list = options.attributes.split(',')
new_aci = ipa.aci.ACI()
new_aci.name = args[1]
new_aci.source_group = source_grp[0].dn
new_aci.dest_group = target_grp[0].dn
new_aci.attrs = attr_list
new_aci = ipa.aci.ACI()
new_aci.name = args[1]
new_aci.source_group = source_grp[0].dn
new_aci.dest_group = target_grp[0].dn
new_aci.attrs = attr_list
aci_entry = client.get_aci_entry(['*', 'aci'])
aci_entry = client.get_aci_entry(['*', 'aci'])
# Look for an existing ACI of the same name
aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None:
aci_str_list = []
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list]
# Look for an existing ACI of the same name
aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None:
aci_str_list = []
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list]
for aci_str in aci_str_list:
try:
old_aci = ipa.aci.ACI(aci_str)
if old_aci.name == new_aci.name:
print "A delegation of that name already exists"
return 2
except SyntaxError:
# ignore aci_str's that ACI can't parse
pass
for aci_str in aci_str_list:
try:
old_aci = ipa.aci.ACI(aci_str)
if old_aci.name == new_aci.name:
print "A delegation of that name already exists"
return 2
except SyntaxError:
# ignore aci_str's that ACI can't parse
pass
aci_entry = client.get_aci_entry(['dn'])
aci_entry.setValue('aci', new_aci.export_to_string())
aci_entry = client.get_aci_entry(['dn'])
aci_entry.setValue('aci', new_aci.export_to_string())
client.update_entry(aci_entry)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
client.update_entry(aci_entry)
print "Delegation %s successfully added" % args[1]
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.aci
import ipa.ipaadminutil as ipaadminutil
import ipa.ipautil as ipautil
import xmlrpclib
import kerberos
import krbV
import ldap
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

75
ipa-admintools/ipa-addgroup
View File

@ -18,20 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa
import ipa.group
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.config
import ipa.ipaerror
import xmlrpclib
import kerberos
import ldap
import errno
def usage():
print "ipa-addgroup [-d|--description STRING] [-g|--gid GID] group"
sys.exit(1)
@ -95,27 +81,46 @@ def main():
group.setValue('cn', cn)
group.setValue('description', desc)
try:
client = ipaclient.IPAClient()
client.add_group(group)
print cn + " successfully added"
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
client = ipaclient.IPAClient()
client.add_group(group)
print cn + " successfully added"
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa
import ipa.group
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.ipautil as ipautil
import ipa.config
import ipa.ipaerror
import xmlrpclib
import kerberos
import ldap
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

64
ipa-admintools/ipa-addservice
View File

@ -18,23 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.config
import base64
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
def usage():
print "ipa-addservice [--force] principal"
sys.exit(1)
@ -64,12 +47,47 @@ def main():
client = ipaclient.IPAClient()
try:
client.add_service_principal(princ_name, "%d" % options.force)
client.add_service_principal(princ_name, "%d" % options.force)
except Exception, e:
print str(e)
return 0
try:
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.ipautil as ipautil
import ipa.config
if __name__ == "__main__":
sys.exit(main())
import base64
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

77
ipa-admintools/ipa-adduser
View File

@ -18,21 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.config
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
def usage():
print "ipa-adduser [-c|--gecos STRING] [-d|--directory STRING] [-f|--firstname STRING] [-l|--lastname STRING] [-s|--shell] [-g|--groups] [-k|krb-principal [-M|mailAddress] user"
sys.exit(1)
@ -179,7 +164,7 @@ def main():
if not options.shell:
while (cont != True):
shell = raw_input("shell [/bin/sh]: ")
if len(shell) < 1:
shell = None
cont = True
@ -209,24 +194,8 @@ def main():
if shell:
user.setValue('loginshell', shell)
try:
client = ipaclient.IPAClient()
client.add_user(user)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
client = ipaclient.IPAClient()
client.add_user(user)
# Set the User's password
if password is not None:
@ -251,5 +220,41 @@ def main():
print username + " successfully added"
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.ipautil as ipautil
import ipa.config
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

123
ipa-admintools/ipa-deldelegation
View File

@ -18,19 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import xmlrpclib
import kerberos
import copy
import errno
import ipa.aci
from ipa import ipaerror
aci_fields = ['*', 'aci']
def usage():
@ -55,58 +42,76 @@ def main():
usage()
client = ipaclient.IPAClient()
try:
aci_entry = client.get_aci_entry(aci_fields)
aci_entry = client.get_aci_entry(aci_fields)
aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None:
aci_str_list = []
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list]
aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None:
aci_str_list = []
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list]
acistr = None
for aci_str in aci_str_list:
try:
aci = ipa.aci.ACI(aci_str)
if aci.name == args[1]:
acistr = aci_str
break
except SyntaxError:
# ignore aci_str's that ACI can't parse
pass
acistr = None
for aci_str in aci_str_list:
try:
aci = ipa.aci.ACI(aci_str)
if aci.name == args[1]:
acistr = aci_str
break
except SyntaxError:
# ignore aci_str's that ACI can't parse
pass
if acistr is None:
print "No delegation '%s' found." % args[1]
return 2
if acistr is None:
print "No delegation '%s' found." % args[1]
return 2
old_aci_index = aci_str_list.index(acistr)
old_aci_index = aci_str_list.index(acistr)
new_aci_str_list = copy.deepcopy(aci_str_list)
del new_aci_str_list[old_aci_index]
aci_entry.setValue('aci', new_aci_str_list)
new_aci_str_list = copy.deepcopy(aci_str_list)
del new_aci_str_list[old_aci_index]
aci_entry.setValue('aci', new_aci_str_list)
client.update_entry(aci_entry)
print "Delegation removed."
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except (SyntaxError, ipaerror.IPAError), e:
print "Delegation deletion failed: " + str(e)
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
client.update_entry(aci_entry)
print "Delegation removed."
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import xmlrpclib
import kerberos
import copy
import errno
import ipa.aci
from ipa import ipaerror
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except (SyntaxError, ipaerror.IPAError), e:
print "Delegation deletion failed: " + str(e)
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

93
ipa-admintools/ipa-delgroup
View File

@ -18,16 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import errno
import xmlrpclib
import kerberos
def usage():
print "ipa-delgroup group"
sys.exit(1)
@ -48,42 +38,57 @@ def main():
if options.usage or len(args) != 2:
usage()
try:
client = ipaclient.IPAClient()
groups = client.find_groups(args[1], ['cn','description','gidnumber','nsAccountLock'])
counter = groups[0]
groups = groups[1:]
client = ipaclient.IPAClient()
groups = client.find_groups(args[1], ['cn','description','gidnumber','nsAccountLock'])
if counter == 0:
print "Group '%s' not found." % args[1]
return 2
if counter != 1:
print "An exact group match was not found. Found %d groups" % counter
return 2
counter = groups[0]
groups = groups[1:]
ret = client.delete_group(groups[0].dn)
if (ret == "Success"):
print args[1] + " successfully deleted"
else:
print args[1] + " " + ret
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
if counter == 0:
print "Group '%s' not found." % args[1]
return 2
if counter != 1:
print "An exact group match was not found. Found %d groups" % counter
return 2
ret = client.delete_group(groups[0].dn)
if (ret == "Success"):
print args[1] + " successfully deleted"
else:
print args[1] + " " + ret
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import errno
import xmlrpclib
import kerberos
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

80
ipa-admintools/ipa-delservice
View File

@ -18,23 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.config
import base64
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
def usage():
print "ipa-delservice principal"
sys.exit(1)
@ -59,26 +42,55 @@ def main():
client = ipaclient.IPAClient()
try:
hosts = client.find_service_principal(args[1], sattrs=None)
counter = hosts[0]
hosts = hosts[1:]
hosts = client.find_service_principal(args[1], sattrs=None)
counter = hosts[0]
hosts = hosts[1:]
if counter == 0:
print "Service Principal '%s' not found." % args[1]
return 2
if counter != 1:
print "An exact match was not found. Found %d principals for %s" % (counter, args[1])
return 2
if counter == 0:
print "Service Principal '%s' not found." % args[1]
return 2
if counter != 1:
print "An exact match was not found. Found %d principals for %s" % (counter, args[1])
return 2
client.delete_service_principal(hosts[0].dn)
client.delete_service_principal(hosts[0].dn)
except Exception, e:
print str(e)
return 1
print "Successfully deleted"
print hosts[0] + " successfully deleted"
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import xmlrpclib
import kerberos
import krbV
import ldap
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

67
ipa-admintools/ipa-deluser
View File

@ -18,16 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import errno
import xmlrpclib
import kerberos
def usage():
print "ipa-deluser user"
sys.exit(1)
@ -48,27 +38,42 @@ def main():
if options.usage or len(args) != 2:
usage()
try:
client = ipaclient.IPAClient()
ret = client.delete_user(args[1])
print args[1] + " successfully deleted"
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
client = ipaclient.IPAClient()
ret = client.delete_user(args[1])
print args[1] + " successfully deleted"
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.ipautil as ipautil
import ipa.config
import errno
import xmlrpclib
import kerberos
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

176
ipa-admintools/ipa-findgroup
View File

@ -18,17 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.ipaadminutil as ipaadminutil
import ipa.config
import errno
import sys
import xmlrpclib
import kerberos
def usage():
print "ipa-findgroup [-a|--all] [-n|--notranslate] group"
sys.exit()
@ -56,87 +45,102 @@ def main():
if options.usage or len(args) != 2:
usage()
try:
client = ipaclient.IPAClient()
if options.all is None:
groups = client.find_groups(args[1], ['cn','description','gidnumber','nsAccountLock'])
else:
groups = client.find_groups(args[1], sattrs=['*','nsAccountLock'])
client = ipaclient.IPAClient()
if options.all is None:
groups = client.find_groups(args[1], ['cn','description','gidnumber','nsAccountLock'])
else:
groups = client.find_groups(args[1], sattrs=['*','nsAccountLock'])
counter = groups[0]
groups = groups[1:]
groupindex = -1
if counter == 0:
print "No entries found for", args[1]
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
counter = groups[0]
groups = groups[1:]
groupindex = -1
if counter == 0:
print "No entries found for", args[1]
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
if counter > 1:
try:
groupindex = ipaadminutil.select_group(counter, groups)
except KeyboardInterrupt:
return 1
if groupindex == "q":
return 0
if counter > 1:
try:
groupindex = ipaadminutil.select_group(counter, groups)
except KeyboardInterrupt:
return 1
if groupindex == "q":
return 0
if groupindex >= 0:
groups = [groups[groupindex]]
for ent in groups:
try:
members = client.group_members(ent.dn, ['dn','cn'])
except ipa.ipaerror.IPAError, e:
print "Error getting members for " + ent.dn
print str(e)
continue
attr = ent.attrList()
if options.notranslate:
labels = {}
for a in attr:
labels[a] = a
else:
labels = client.attrs_to_labels(attr)
print "dn: " + ent.dn
if groupindex >= 0:
groups = [groups[groupindex]]
for ent in groups:
try:
members = client.group_members(ent.dn, ['dn','cn'])
except ipa.ipaerror.IPAError, e:
print "Error getting members for " + ent.dn
print str(e)
continue
attr = ent.attrList()
if options.notranslate:
labels = {}
for a in attr:
value = ent.getValues(a)
if isinstance(value,str):
print labels[a] + ": " + value
else:
print labels[a] + ": "
for l in value:
print "\t" + l
counter = members[0]
members = members[1:]
if counter > 0:
print "Members:"
for m in members:
print " " + m.getValue('cn') + ": " + m.dn
# blank line between results
print
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
labels[a] = a
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
labels = client.attrs_to_labels(attr)
print "dn: " + ent.dn
for a in attr:
value = ent.getValues(a)
if isinstance(value,str):
print labels[a] + ": " + value
else:
print labels[a] + ": "
for l in value:
print "\t" + l
counter = members[0]
members = members[1:]
if counter > 0:
print "Members:"
for m in members:
print " " + m.getValue('cn') + ": " + m.dn
# blank line between results
print
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.ipaadminutil as ipaadminutil
import ipa.ipautil as ipautil
import ipa.config
import errno
import sys
import xmlrpclib
import kerberos
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

93
ipa-admintools/ipa-findservice
View File

@ -18,19 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import ipa.ipaadminutil as ipaadminutil
import base64
import errno
import sys
import xmlrpclib
import kerberos
def usage():
print "ipa-findservice host"
sys.exit()
@ -53,41 +40,55 @@ def main():
if options.usage or len(args) != 2:
usage()
try:
client = ipaclient.IPAClient()
hosts = client.find_service_principal(args[1], sattrs=None)
client = ipaclient.IPAClient()
hosts = client.find_service_principal(args[1], sattrs=None)
counter = hosts[0]
hosts = hosts[1:]
userindex = 0
if counter == 0:
print "No entries found for", args[1]
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
counter = hosts[0]
hosts = hosts[1:]
userindex = 0
if counter == 0:
print "No entries found for", args[1]
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
for ent in hosts:
print ent.krbprincipalname
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
for ent in hosts:
print ent.krbprincipalname
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import ipa.ipaadminutil as ipaadminutil
import errno
import sys
import xmlrpclib
import kerberos
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

155
ipa-admintools/ipa-finduser
View File

@ -18,19 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import ipa.ipaadminutil as ipaadminutil
import base64
import errno
import sys
import xmlrpclib
import kerberos
def usage():
print "ipa-finduser [-a|--all] [-n|--notranslate] user"
sys.exit()
@ -79,75 +66,91 @@ def main():
if options.usage or len(args) != 2:
usage()
try:
client = ipaclient.IPAClient()
if options.all is None:
users = client.find_users(args[1], sattrs=['uid','cn','homeDirectory','loginshell'])
else:
users = client.find_users(args[1], sattrs=None)
client = ipaclient.IPAClient()
if options.all is None:
users = client.find_users(args[1], sattrs=['uid','cn','homeDirectory','loginshell'])
else:
users = client.find_users(args[1], sattrs=None)
counter = users[0]
users = users[1:]
userindex = 0
if counter == 0:
print "No entries found for", args[1]
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
counter = users[0]
users = users[1:]
userindex = 0
if counter == 0:
print "No entries found for", args[1]
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
if counter > 1:
try:
userindex = ipaadminutil.select_user(counter, users)
except KeyboardInterrupt:
return 1
if userindex == "q":
return 0
if counter > 1:
try:
userindex = ipaadminutil.select_user(counter, users)
except KeyboardInterrupt:
return 1
if userindex == "q":
return 0
if userindex >= 0:
users = [users[userindex]]
for ent in users:
attr = ent.attrList()
attr.sort()
if options.notranslate:
labels = {}
for a in attr:
labels[a] = a
else:
labels = client.attrs_to_labels(attr)
if options.all is True:
print "dn: " + ent.dn
if userindex >= 0:
users = [users[userindex]]
for ent in users:
attr = ent.attrList()
attr.sort()
if options.notranslate:
labels = {}
for a in attr:
value = ent.getValues(a)
if isinstance(value,str):
print labels[a] + ": " + str(wrap_binary_data(value)).rstrip()
else:
print labels[a] + ": "
for l in value:
print "\t" + wrap_binary_data(l)
# blank line between results
print
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
labels[a] = a
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
labels = client.attrs_to_labels(attr)
if options.all is True:
print "dn: " + ent.dn
for a in attr:
value = ent.getValues(a)
if isinstance(value,str):
print labels[a] + ": " + str(wrap_binary_data(value)).rstrip()
else:
print labels[a] + ": "
for l in value:
print "\t" + wrap_binary_data(l)
# blank line between results
print
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import ipa.ipaadminutil as ipaadminutil
import base64
import errno
import sys
import xmlrpclib
import kerberos
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

69
ipa-admintools/ipa-listdelegation
View File

@ -18,19 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import operator
import xmlrpclib
import kerberos
import errno
import ipa.aci
from ipa import ipaerror
aci_fields = ['*', 'aci']
def usage():
print "ipa-listdelgation"
@ -54,23 +41,7 @@ def main():
usage()
client = ipaclient.IPAClient()
try:
aci_entry = client.get_aci_entry(aci_fields)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipaerror.IPAError, e:
print("Delegation list failed: " + str(e))
return 1
aci_entry = client.get_aci_entry(aci_fields)
aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None:
@ -102,5 +73,39 @@ def main():
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import operator
import xmlrpclib
import kerberos
import errno
import ipa.aci
from ipa import ipaerror
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipaerror.IPAError, e:
print("Delegation list failed: " + str(e))
sys.exit(1)

99
ipa-admintools/ipa-lockuser
View File

@ -18,16 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import errno
import xmlrpclib
import kerberos
def usage():
print "ipa-lockuser [-u|--unlock] user"
sys.exit(1)
@ -51,43 +41,58 @@ def main():
usage()
msg = "inactivated"
try:
client = ipaclient.IPAClient()
if options.unlock:
try:
ret = client.mark_user_active(args[1])
msg = "unlocked"
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
print "User is already marked active"
return 0
except:
raise
else:
try:
ret = client.mark_user_inactive(args[1])
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
print "User is already marked inactive"
return 0
except:
raise
print args[1] + " successfully %s" % msg
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
client = ipaclient.IPAClient()
if options.unlock:
try:
ret = client.mark_user_active(args[1])
msg = "unlocked"
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
print "User is already marked active"
return 0
except:
raise
else:
try:
ret = client.mark_user_inactive(args[1])
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
print "User is already marked inactive"
return 0
except:
raise
print args[1] + " successfully %s" % msg
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import errno
import xmlrpclib
import kerberos
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

238
ipa-admintools/ipa-moddelegation
View File

@ -18,22 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipaadminutil as ipaadminutil
import ipa.config
import ipa.aci
import xmlrpclib
import kerberos
import krbV
import ldap
import copy
import errno
aci_fields = ['*', 'aci']
def usage():
@ -77,125 +61,145 @@ def main():
if not options.attributes and not options.source and not options.target:
usage()
try:
client = ipaclient.IPAClient()
client = ipaclient.IPAClient()
# first do some sanity checking
# first do some sanity checking
if options.source:
source_grp = client.find_groups(options.source)
counter = source_grp[0]
source_grp = source_grp[1:]
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.source
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
if options.source:
source_grp = client.find_groups(options.source)
counter = source_grp[0]
source_grp = source_grp[1:]
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.source
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
if counter > 1:
print "\nMultiple entries for the source group found."
groupindex = ipaadminutil.select_group(counter, source_grp)
if groupindex == "q":
return 0
if counter > 1:
print "\nMultiple entries for the source group found."
groupindex = ipaadminutil.select_group(counter, source_grp)
if groupindex == "q":
return 0
if groupindex >= 0:
source_grp = [source_grp[groupindex]]
if groupindex >= 0:
source_grp = [source_grp[groupindex]]
if options.target:
target_grp = client.find_groups(options.target)
counter = target_grp[0]
target_grp = target_grp[1:]
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.target
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
if options.target:
target_grp = client.find_groups(options.target)
counter = target_grp[0]
target_grp = target_grp[1:]
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.target
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
if counter > 1:
print "\nMultiple entries for the target group found."
groupindex = ipaadminutil.select_group(counter, target_grp)
if groupindex == "q":
return 0
if counter > 1:
print "\nMultiple entries for the target group found."
groupindex = ipaadminutil.select_group(counter, target_grp)
if groupindex == "q":
return 0
if groupindex >= 0:
target_grp = [target_grp[groupindex]]
if groupindex >= 0:
target_grp = [target_grp[groupindex]]
if options.attributes:
attr_list = options.attributes.split(',')
if options.attributes:
attr_list = options.attributes.split(',')
# find the old aci
# find the old aci
aci_entry = client.get_aci_entry(aci_fields)
aci_entry = client.get_aci_entry(aci_fields)
aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None:
aci_str_list = []
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list]
aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None:
aci_str_list = []
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list]
old_aci = None
acistr = None
for aci_str in aci_str_list:
try:
old_aci = ipa.aci.ACI(aci_str)
if old_aci.name == args[1]:
acistr = aci_str
break
except SyntaxError:
# ignore aci_str's that ACI can't parse
pass
old_aci = None
acistr = None
for aci_str in aci_str_list:
try:
old_aci = ipa.aci.ACI(aci_str)
if old_aci.name == args[1]:
acistr = aci_str
break
except SyntaxError:
# ignore aci_str's that ACI can't parse
pass
if acistr is None:
print "No delegation %s found." % args[1]
return 2
if acistr is None:
print "No delegation %s found." % args[1]
return 2
old_aci_index = aci_str_list.index(acistr)
old_aci_index = aci_str_list.index(acistr)
new_aci = ipa.aci.ACI()
new_aci.name = args[1]
if options.source:
new_aci.source_group = source_grp[0].dn
else:
new_aci.source_group = old_aci.source_group
if options.target:
new_aci.dest_group = target_grp[0].dn
else:
new_aci.dest_group = old_aci.dest_group
if options.attributes:
new_aci.attrs = attr_list
else:
new_aci.attrs = old_aci.attrs
new_aci_str = new_aci.export_to_string()
new_aci = ipa.aci.ACI()
new_aci.name = args[1]
if options.source:
new_aci.source_group = source_grp[0].dn
else:
new_aci.source_group = old_aci.source_group
if options.target:
new_aci.dest_group = target_grp[0].dn
else:
new_aci.dest_group = old_aci.dest_group
if options.attributes:
new_aci.attrs = attr_list
else:
new_aci.attrs = old_aci.attrs
new_aci_str = new_aci.export_to_string()
new_aci_str_list = copy.deepcopy(aci_str_list)
new_aci_str_list[old_aci_index] = new_aci_str
aci_entry.setValue('aci', new_aci_str_list)
new_aci_str_list = copy.deepcopy(aci_str_list)
new_aci_str_list[old_aci_index] = new_aci_str
aci_entry.setValue('aci', new_aci_str_list)
client.update_entry(aci_entry)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
client.update_entry(aci_entry)
print "Delegation %s successfully updated" % args[1]
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.ipaadminutil as ipaadminutil
import ipa.config
import ipa.aci
import ipa.ipautil as ipautil
import xmlrpclib
import kerberos
import krbV
import ldap
import copy
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

164
ipa-admintools/ipa-modgroup
View File

@ -18,19 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa
import ipa.group
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipaerror
import xmlrpclib
import kerberos
import ldap
import errno
def usage():
print "ipa-modgroup [-l|--list]"
print "ipa-modgroup [-a|--add] [-r|--remove] user group"
@ -107,78 +94,95 @@ def main():
elif ((options.desc or options.addattr or options.delattr or options.setattr) and (len(args) != 2)):
usage()
try:
client = ipaclient.IPAClient()
if options.add:
group = get_group(client, options, args[2])
if group is None:
return 1
users = args[1].split(',')
for user in users:
client.add_user_to_group(user, group.dn)
print user + " successfully added to " + args[2]
elif options.remove:
group = get_group(client, options, args[2])
if group is None:
return 1
users = args[1].split(',')
for user in users:
client.remove_user_from_group(user, group.dn)
print user + " successfully removed"
else:
group = get_group(client, options, args[1])
if group is None:
return 1
client = ipaclient.IPAClient()
if options.add:
group = get_group(client, options, args[2])
if group is None:
return 1
users = args[1].split(',')
for user in users:
client.add_user_to_group(user, group.dn)
print user + " successfully added to " + args[2]
elif options.remove:
group = get_group(client, options, args[2])
if group is None:
return 1
users = args[1].split(',')
for user in users:
client.remove_user_from_group(user, group.dn)
print user + " successfully removed"
else:
group = get_group(client, options, args[1])
if group is None:
return 1
if options.desc:
group.setValue('description', options.desc)
if options.desc:
group.setValue('description', options.desc)
if options.delattr:
for d in options.delattr:
group.delValue(d)
if options.delattr:
for d in options.delattr:
group.delValue(d)
if options.setattr:
for s in options.setattr:
s = s.split('=')
if len(s) != 2:
set_add_usage("set")
sys.exit(1)
(attr,value) = s
group.setValue(attr, value)
if options.setattr:
for s in options.setattr:
s = s.split('=')
if len(s) != 2:
set_add_usage("set")
sys.exit(1)
(attr,value) = s
group.setValue(attr, value)
if options.addattr:
for a in options.addattr:
a = a.split('=')
if len(a) != 2:
set_add_usage("add")
sys.exit(1)
(attr,value) = a
cvalue = group.getValue(attr)
if cvalue:
if isinstance(cvalue,str):
cvalue = [cvalue]
value = cvalue + [value]
group.setValue(attr, value)
if options.addattr:
for a in options.addattr:
a = a.split('=')
if len(a) != 2:
set_add_usage("add")
sys.exit(1)
(attr,value) = a
cvalue = group.getValue(attr)
if cvalue:
if isinstance(cvalue,str):
cvalue = [cvalue]
value = cvalue + [value]
group.setValue(attr, value)
client.update_group(group)
print args[1] + " successfully updated"
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
client.update_group(group)
print args[1] + " successfully updated"
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa
import ipa.group
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipaerror
import xmlrpclib
import kerberos
import ldap
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

100
ipa-admintools/ipa-moduser
View File

@ -18,19 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.config
import xmlrpclib
import kerberos
import ldap
import errno
def usage():
print "ipa-moduser [--list]"
print "ipa-moduser [-a|--activate] [-c|--gecos STRING] [-d|--directory STRING] [-f|--firstname STRING] [-l|--lastname STRING] [-s|--shell STRING] [--addattr attribute=value] [--delattr attribute] [--setattr attribute=value] user"
@ -116,12 +103,8 @@ def main():
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND):
print "User %s not found" % username
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % e.message
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except:
raise
# If any options are set we use just those. Otherwise ask for all of them.
if options.gn or options.sn or options.directory or options.gecos or options.mail or options.shell or options.addattr or options.delattr or options.setattr or options.activate:
@ -202,7 +185,7 @@ def main():
if not options.shell:
while (cont != True):
shell = raw_input("shell: [%s] " % user.getValue('loginshell'))
if len(shell) < 1:
shell = None
cont = True
@ -241,7 +224,7 @@ def main():
if len(a) != 2:
set_add_usage("add")
sys.exit(1)
(attr,value) = a
(attr,value) = a
cvalue = user.getValue(attr)
if cvalue:
if isinstance(cvalue,str):
@ -249,35 +232,54 @@ def main():
value = cvalue + [value]
user.setValue(attr, value)
try:
if options.activate:
try:
client.mark_user_active(user.getValues('uid'))
print "User activated successfully."
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
print "User is already marked active"
return 0
except:
raise
client.update_user(user)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
if options.activate:
try:
client.mark_user_active(user.getValues('uid'))
print "User activated successfully."
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
print "User is already marked active"
return 0
except:
raise
client.update_user(user)
print username + " successfully updated"
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.ipautil as ipautil
import ipa.config
import xmlrpclib
import kerberos
import ldap
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1])
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

72
ipa-admintools/ipa-passwd
View File

@ -18,19 +18,6 @@
# Foundation, Inc., 59 Tempal Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
def usage():
print "ipa-passwd [user]"
sys.exit(1)
@ -53,7 +40,7 @@ def get_principal(krbctx):
#TODO: do a kinit
print "Unable to get kerberos principal: %s" % e[1]
return None
return cprinc.name
def main():
@ -105,26 +92,43 @@ def main():
print "Password change cancelled"
return 1
try:
client = ipaclient.IPAClient()
client.modifyPassword(principal, '', password)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
client = ipaclient.IPAClient()
client.modifyPassword(principal, '', password)
return 0
if __name__ == "__main__":
sys.exit(main())
try:
import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1])
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

112
ipa-admintools/ipa-pwpolicy
View File

@ -18,18 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
from optparse import OptionParser
import ipa
import ipa.entity
import ipa.ipaclient as ipaclient
import ipa.config
import xmlrpclib
import kerberos
import errno
import validate
def usage():
print "ipa-pwpolicy [--maxlife days] [--minlife hours] [--history number] [--minclasses number] [--minlength number]"
print "ipa-pwpolicy --show"
@ -74,21 +62,28 @@ def update_policy(client, options):
new = ipa.entity.Entity(current.toDict())
if options.maxlife:
if validate.is_integer(options.maxlife, min=0):
new.setValue('krbmaxpwdlife', options.maxlife)
if options.minlife:
if validate.is_integer(options.minlife, min=0):
new.setValue('krbminpwdlife', options.minlife)
if options.history:
if validate.is_integer(options.history, min=0):
new.setValue('krbpwdhistorylength', options.history)
if options.minclasses:
if validate.is_integer(options.minclasses, min=0):
new.setValue('krbpwdmindiffchars', options.minclasses)
if options.minlength:
if validate.is_integer(options.minlength, min=0):
new.setValue('krbpwdminlength', options.minlength)
try:
if options.maxlife:
if validate.is_integer(options.maxlife, min=0):
new.setValue('krbmaxpwdlife', options.maxlife)
if options.minlife:
if validate.is_integer(options.minlife, min=0):
new.setValue('krbminpwdlife', options.minlife)
if options.history:
if validate.is_integer(options.history, min=0):
new.setValue('krbpwdhistorylength', options.history)
if options.minclasses:
if validate.is_integer(options.minclasses, min=0):
new.setValue('krbpwdmindiffchars', options.minclasses)
if options.minlength:
if validate.is_integer(options.minlength, min=0):
new.setValue('krbpwdminlength', options.minlength)
except validate.VdtTypeError, e:
print "%s" % (e.message)
return 1
except validate.VdtValueTooSmallError, e:
print "%s" % (e.message)
return 1
client.update_password_policy(new)
@ -98,44 +93,47 @@ def main():
if options.usage:
usage()
try:
client = ipaclient.IPAClient()
client = ipaclient.IPAClient()
if options.show:
show_policy(client)
return 0
if options.show:
show_policy(client)
return 0
update_policy(client, options)
update_policy(client, options)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
except validate.VdtTypeError, e:
print "%s" % (e.message)
return 1
except validate.VdtValueTooSmallError, e:
print "%s" % (e.message)
return 1
except KeyboardInterrupt, e:
return 1
return 0
try:
import sys
from optparse import OptionParser
import ipa
import ipa.entity
import ipa.ipaclient as ipaclient
import ipa.config
import xmlrpclib
import kerberos
import errno
import validate
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1])
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

12
ipa-python/ipautil.py
View File

@ -828,3 +828,15 @@ class ItemCompleter:
return items
def get_gsserror(e):
"""A GSSError exception looks differently in python 2.4 than it does
in python 2.5, deal with it."""
try:
primary = e[0]
secondary = e[1]
except:
primary = e[0][0]
secondary = e[0][1]
return (primary[0], secondary[0])