IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

- Centralize try/except so the entire program is covered. This make it

Browse Source 
possible to catch KeyboardInterrupt during the import process.
- Add function for handling python differences with GSSError

434798
This commit is contained in:
Rob Crittenden 2008-02-27 10:40:18 -05:00
parent d5f5026454
commit ad8096b51f
19 changed files with 1085 additions and 983 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

199
ipa-admintools/ipa-adddelegation
View File

@ -18,21 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.aci
import ipa.ipaadminutil as ipaadminutil
import xmlrpclib
import kerberos
import krbV
import ldap
import errno
def usage(): def usage():
print "ipa-adddelegation [-l|--list]" print "ipa-adddelegation [-l|--list]"
print "ipa-adddelegation [-a|--attributes attr1,attr2,..,attrn] [-s|--source STRING] [-t|--target STRING] name" print "ipa-adddelegation [-a|--attributes attr1,attr2,..,attrn] [-s|--source STRING] [-t|--target STRING] name"
@ -65,9 +50,9 @@ def main():
if options.list: if options.list:
client = ipaclient.IPAClient() client = ipaclient.IPAClient()
list = client.get_all_attrs() l = client.get_all_attrs()
for x in list: for x in l:
print x print x
return 0 return 0
@ -78,100 +63,120 @@ def main():
if not options.attributes or not options.source or not options.target: if not options.attributes or not options.source or not options.target:
usage() usage()
try: client = ipaclient.IPAClient()
client = ipaclient.IPAClient()
source_grp = client.find_groups(options.source) source_grp = client.find_groups(options.source)
counter = source_grp[0] counter = source_grp[0]
source_grp = source_grp[1:] source_grp = source_grp[1:]
groupindex = -1 groupindex = -1
if counter == 0: if counter == 0:
print "No entries found for %s" % options.source print "No entries found for %s" % options.source
return 2 return 2
elif counter == -1: elif counter == -1:
print "These results are truncated." print "These results are truncated."
print "Please refine your search and try again." print "Please refine your search and try again."
return 3 return 3
if counter > 1: if counter > 1:
print "\nMultiple entries for the source group found." print "\nMultiple entries for the source group found."
groupindex = ipaadminutil.select_group(counter, source_grp) groupindex = ipaadminutil.select_group(counter, source_grp)
if groupindex == "q": if groupindex == "q":
return 0 return 0
if groupindex >= 0: if groupindex >= 0:
source_grp = [source_grp[groupindex]] source_grp = [source_grp[groupindex]]
target_grp = client.find_groups(options.target) target_grp = client.find_groups(options.target)
counter = target_grp[0] counter = target_grp[0]
target_grp = target_grp[1:] target_grp = target_grp[1:]
groupindex = -1 groupindex = -1
if counter == 0: if counter == 0:
print "No entries found for %s" % options.target print "No entries found for %s" % options.target
return 2 return 2
elif counter == -1: elif counter == -1:
print "These results are truncated." print "These results are truncated."
print "Please refine your search and try again." print "Please refine your search and try again."
return 3 return 3
if counter > 1: if counter > 1:
print "\nMultiple entries for the target group found." print "\nMultiple entries for the target group found."
groupindex = ipaadminutil.select_group(counter, target_grp) groupindex = ipaadminutil.select_group(counter, target_grp)
if groupindex == "q": if groupindex == "q":
return 0 return 0
if groupindex >= 0: if groupindex >= 0:
target_grp = [target_grp[groupindex]] target_grp = [target_grp[groupindex]]
attr_list = options.attributes.split(',') attr_list = options.attributes.split(',')
new_aci = ipa.aci.ACI() new_aci = ipa.aci.ACI()
new_aci.name = args[1] new_aci.name = args[1]
new_aci.source_group = source_grp[0].dn new_aci.source_group = source_grp[0].dn
new_aci.dest_group = target_grp[0].dn new_aci.dest_group = target_grp[0].dn
new_aci.attrs = attr_list new_aci.attrs = attr_list
aci_entry = client.get_aci_entry(['*', 'aci']) aci_entry = client.get_aci_entry(['*', 'aci'])
# Look for an existing ACI of the same name # Look for an existing ACI of the same name
aci_str_list = aci_entry.getValues('aci') aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None: if aci_str_list is None:
aci_str_list = [] aci_str_list = []
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)): if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list] aci_str_list = [aci_str_list]
for aci_str in aci_str_list: for aci_str in aci_str_list:
try: try:
old_aci = ipa.aci.ACI(aci_str) old_aci = ipa.aci.ACI(aci_str)
if old_aci.name == new_aci.name: if old_aci.name == new_aci.name:
print "A delegation of that name already exists" print "A delegation of that name already exists"
return 2 return 2
except SyntaxError: except SyntaxError:
# ignore aci_str's that ACI can't parse # ignore aci_str's that ACI can't parse
pass pass
aci_entry = client.get_aci_entry(['dn']) aci_entry = client.get_aci_entry(['dn'])
aci_entry.setValue('aci', new_aci.export_to_string()) aci_entry.setValue('aci', new_aci.export_to_string())
client.update_entry(aci_entry) client.update_entry(aci_entry)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
print "Delegation %s successfully added" % args[1] print "Delegation %s successfully added" % args[1]
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.aci
import ipa.ipaadminutil as ipaadminutil
import ipa.ipautil as ipautil
import xmlrpclib
import kerberos
import krbV
import ldap
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

75
ipa-admintools/ipa-addgroup
View File

@ -18,20 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa
import ipa.group
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.config
import ipa.ipaerror
import xmlrpclib
import kerberos
import ldap
import errno
def usage(): def usage():
print "ipa-addgroup [-d|--description STRING] [-g|--gid GID] group" print "ipa-addgroup [-d|--description STRING] [-g|--gid GID] group"
sys.exit(1) sys.exit(1)
@ -95,27 +81,46 @@ def main():
group.setValue('cn', cn) group.setValue('cn', cn)
group.setValue('description', desc) group.setValue('description', desc)
try: client = ipaclient.IPAClient()
client = ipaclient.IPAClient() client.add_group(group)
client.add_group(group) print cn + " successfully added"
print cn + " successfully added"
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa
import ipa.group
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.ipautil as ipautil
import ipa.config
import ipa.ipaerror
import xmlrpclib
import kerberos
import ldap
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

64
ipa-admintools/ipa-addservice
View File

@ -18,23 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.config
import base64
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
def usage(): def usage():
print "ipa-addservice [--force] principal" print "ipa-addservice [--force] principal"
sys.exit(1) sys.exit(1)
@ -64,12 +47,47 @@ def main():
client = ipaclient.IPAClient() client = ipaclient.IPAClient()
try: client.add_service_principal(princ_name, "%d" % options.force)
client.add_service_principal(princ_name, "%d" % options.force)
except Exception, e: return 0
print str(e)
try:
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.ipautil as ipautil
import ipa.config
if __name__ == "__main__": import base64
sys.exit(main())
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

75
ipa-admintools/ipa-adduser
View File

@ -18,21 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.config
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
def usage(): def usage():
print "ipa-adduser [-c|--gecos STRING] [-d|--directory STRING] [-f|--firstname STRING] [-l|--lastname STRING] [-s|--shell] [-g|--groups] [-k|krb-principal [-M|mailAddress] user" print "ipa-adduser [-c|--gecos STRING] [-d|--directory STRING] [-f|--firstname STRING] [-l|--lastname STRING] [-s|--shell] [-g|--groups] [-k|krb-principal [-M|mailAddress] user"
sys.exit(1) sys.exit(1)
@ -209,24 +194,8 @@ def main():
if shell: if shell:
user.setValue('loginshell', shell) user.setValue('loginshell', shell)
try: client = ipaclient.IPAClient()
client = ipaclient.IPAClient() client.add_user(user)
client.add_user(user)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
# Set the User's password # Set the User's password
if password is not None: if password is not None:
@ -251,5 +220,41 @@ def main():
print username + " successfully added" print username + " successfully added"
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.ipautil as ipautil
import ipa.config
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

123
ipa-admintools/ipa-deldelegation
View File

@ -18,19 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import xmlrpclib
import kerberos
import copy
import errno
import ipa.aci
from ipa import ipaerror
aci_fields = ['*', 'aci'] aci_fields = ['*', 'aci']
def usage(): def usage():
@ -55,58 +42,76 @@ def main():
usage() usage()
client = ipaclient.IPAClient() client = ipaclient.IPAClient()
try: aci_entry = client.get_aci_entry(aci_fields)
aci_entry = client.get_aci_entry(aci_fields)
aci_str_list = aci_entry.getValues('aci') aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None: if aci_str_list is None:
aci_str_list = [] aci_str_list = []
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)): if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list] aci_str_list = [aci_str_list]
acistr = None acistr = None
for aci_str in aci_str_list: for aci_str in aci_str_list:
try: try:
aci = ipa.aci.ACI(aci_str) aci = ipa.aci.ACI(aci_str)
if aci.name == args[1]: if aci.name == args[1]:
acistr = aci_str acistr = aci_str
break break
except SyntaxError: except SyntaxError:
# ignore aci_str's that ACI can't parse # ignore aci_str's that ACI can't parse
pass pass
if acistr is None: if acistr is None:
print "No delegation '%s' found." % args[1] print "No delegation '%s' found." % args[1]
return 2 return 2
old_aci_index = aci_str_list.index(acistr) old_aci_index = aci_str_list.index(acistr)
new_aci_str_list = copy.deepcopy(aci_str_list) new_aci_str_list = copy.deepcopy(aci_str_list)
del new_aci_str_list[old_aci_index] del new_aci_str_list[old_aci_index]
aci_entry.setValue('aci', new_aci_str_list) aci_entry.setValue('aci', new_aci_str_list)
client.update_entry(aci_entry) client.update_entry(aci_entry)
print "Delegation removed." print "Delegation removed."
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except (SyntaxError, ipaerror.IPAError), e:
print "Delegation deletion failed: " + str(e)
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import xmlrpclib
import kerberos
import copy
import errno
import ipa.aci
from ipa import ipaerror
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except (SyntaxError, ipaerror.IPAError), e:
print "Delegation deletion failed: " + str(e)
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

91
ipa-admintools/ipa-delgroup
View File

@ -18,16 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import errno
import xmlrpclib
import kerberos
def usage(): def usage():
print "ipa-delgroup group" print "ipa-delgroup group"
sys.exit(1) sys.exit(1)
@ -48,42 +38,57 @@ def main():
if options.usage or len(args) != 2: if options.usage or len(args) != 2:
usage() usage()
try: client = ipaclient.IPAClient()
client = ipaclient.IPAClient() groups = client.find_groups(args[1], ['cn','description','gidnumber','nsAccountLock'])
groups = client.find_groups(args[1], ['cn','description','gidnumber','nsAccountLock'])
counter = groups[0] counter = groups[0]
groups = groups[1:] groups = groups[1:]
if counter == 0: if counter == 0:
print "Group '%s' not found." % args[1] print "Group '%s' not found." % args[1]
return 2 return 2
if counter != 1: if counter != 1:
print "An exact group match was not found. Found %d groups" % counter print "An exact group match was not found. Found %d groups" % counter
return 2 return 2
ret = client.delete_group(groups[0].dn) ret = client.delete_group(groups[0].dn)
if (ret == "Success"): if (ret == "Success"):
print args[1] + " successfully deleted" print args[1] + " successfully deleted"
else: else:
print args[1] + " " + ret print args[1] + " " + ret
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import errno
import xmlrpclib
import kerberos
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

80
ipa-admintools/ipa-delservice
View File

@ -18,23 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.config
import base64
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
def usage(): def usage():
print "ipa-delservice principal" print "ipa-delservice principal"
sys.exit(1) sys.exit(1)
@ -59,26 +42,55 @@ def main():
client = ipaclient.IPAClient() client = ipaclient.IPAClient()
try: hosts = client.find_service_principal(args[1], sattrs=None)
hosts = client.find_service_principal(args[1], sattrs=None) counter = hosts[0]
counter = hosts[0] hosts = hosts[1:]
hosts = hosts[1:]
if counter == 0: if counter == 0:
print "Service Principal '%s' not found." % args[1] print "Service Principal '%s' not found." % args[1]
return 2 return 2
if counter != 1: if counter != 1:
print "An exact match was not found. Found %d principals for %s" % (counter, args[1]) print "An exact match was not found. Found %d principals for %s" % (counter, args[1])
return 2 return 2
client.delete_service_principal(hosts[0].dn) client.delete_service_principal(hosts[0].dn)
except Exception, e: print "Successfully deleted"
print str(e)
return 1
print hosts[0] + " successfully deleted"
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import xmlrpclib
import kerberos
import krbV
import ldap
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

67
ipa-admintools/ipa-deluser
View File

@ -18,16 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import errno
import xmlrpclib
import kerberos
def usage(): def usage():
print "ipa-deluser user" print "ipa-deluser user"
sys.exit(1) sys.exit(1)
@ -48,27 +38,42 @@ def main():
if options.usage or len(args) != 2: if options.usage or len(args) != 2:
usage() usage()
try: client = ipaclient.IPAClient()
client = ipaclient.IPAClient() ret = client.delete_user(args[1])
ret = client.delete_user(args[1]) print args[1] + " successfully deleted"
print args[1] + " successfully deleted"
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.ipautil as ipautil
import ipa.config
import errno
import xmlrpclib
import kerberos
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

176
ipa-admintools/ipa-findgroup
View File

@ -18,17 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.ipaadminutil as ipaadminutil
import ipa.config
import errno
import sys
import xmlrpclib
import kerberos
def usage(): def usage():
print "ipa-findgroup [-a|--all] [-n|--notranslate] group" print "ipa-findgroup [-a|--all] [-n|--notranslate] group"
sys.exit() sys.exit()
@ -56,87 +45,102 @@ def main():
if options.usage or len(args) != 2: if options.usage or len(args) != 2:
usage() usage()
try: client = ipaclient.IPAClient()
client = ipaclient.IPAClient() if options.all is None:
if options.all is None: groups = client.find_groups(args[1], ['cn','description','gidnumber','nsAccountLock'])
groups = client.find_groups(args[1], ['cn','description','gidnumber','nsAccountLock']) else:
else: groups = client.find_groups(args[1], sattrs=['*','nsAccountLock'])
groups = client.find_groups(args[1], sattrs=['*','nsAccountLock'])
counter = groups[0] counter = groups[0]
groups = groups[1:] groups = groups[1:]
groupindex = -1 groupindex = -1
if counter == 0: if counter == 0:
print "No entries found for", args[1] print "No entries found for", args[1]
return 2 return 2
elif counter == -1: elif counter == -1:
print "These results are truncated." print "These results are truncated."
print "Please refine your search and try again." print "Please refine your search and try again."
if counter > 1: if counter > 1:
try: try:
groupindex = ipaadminutil.select_group(counter, groups) groupindex = ipaadminutil.select_group(counter, groups)
except KeyboardInterrupt: except KeyboardInterrupt:
return 1 return 1
if groupindex == "q": if groupindex == "q":
return 0 return 0
if groupindex >= 0: if groupindex >= 0:
groups = [groups[groupindex]] groups = [groups[groupindex]]
for ent in groups:
try:
members = client.group_members(ent.dn, ['dn','cn'])
except ipa.ipaerror.IPAError, e:
print "Error getting members for " + ent.dn
print str(e)
continue
attr = ent.attrList()
if options.notranslate:
labels = {}
for a in attr:
labels[a] = a
else:
labels = client.attrs_to_labels(attr)
print "dn: " + ent.dn
for ent in groups:
try:
members = client.group_members(ent.dn, ['dn','cn'])
except ipa.ipaerror.IPAError, e:
print "Error getting members for " + ent.dn
print str(e)
continue
attr = ent.attrList()
if options.notranslate:
labels = {}
for a in attr: for a in attr:
value = ent.getValues(a) labels[a] = a
if isinstance(value,str):
print labels[a] + ": " + value
else:
print labels[a] + ": "
for l in value:
print "\t" + l
counter = members[0]
members = members[1:]
if counter > 0:
print "Members:"
for m in members:
print " " + m.getValue('cn') + ": " + m.dn
# blank line between results
print
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else: else:
print fault.faultString labels = client.attrs_to_labels(attr)
return 1
except kerberos.GSSError, e: print "dn: " + ent.dn
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1 for a in attr:
except xmlrpclib.ProtocolError, e: value = ent.getValues(a)
print "Unable to connect to IPA server: %s" % (e.errmsg) if isinstance(value,str):
return 1 print labels[a] + ": " + value
except ipa.ipaerror.IPAError, e: else:
print "%s" % (e.message) print labels[a] + ": "
return 1 for l in value:
print "\t" + l
counter = members[0]
members = members[1:]
if counter > 0:
print "Members:"
for m in members:
print " " + m.getValue('cn') + ": " + m.dn
# blank line between results
print
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.ipaadminutil as ipaadminutil
import ipa.ipautil as ipautil
import ipa.config
import errno
import sys
import xmlrpclib
import kerberos
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

93
ipa-admintools/ipa-findservice
View File

@ -18,19 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import ipa.ipaadminutil as ipaadminutil
import base64
import errno
import sys
import xmlrpclib
import kerberos
def usage(): def usage():
print "ipa-findservice host" print "ipa-findservice host"
sys.exit() sys.exit()
@ -53,41 +40,55 @@ def main():
if options.usage or len(args) != 2: if options.usage or len(args) != 2:
usage() usage()
try: client = ipaclient.IPAClient()
client = ipaclient.IPAClient() hosts = client.find_service_principal(args[1], sattrs=None)
hosts = client.find_service_principal(args[1], sattrs=None)
counter = hosts[0] counter = hosts[0]
hosts = hosts[1:] hosts = hosts[1:]
userindex = 0 userindex = 0
if counter == 0: if counter == 0:
print "No entries found for", args[1] print "No entries found for", args[1]
return 2 return 2
elif counter == -1: elif counter == -1:
print "These results are truncated." print "These results are truncated."
print "Please refine your search and try again." print "Please refine your search and try again."
for ent in hosts:
for ent in hosts: print ent.krbprincipalname
print ent.krbprincipalname
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import ipa.ipaadminutil as ipaadminutil
import errno
import sys
import xmlrpclib
import kerberos
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

155
ipa-admintools/ipa-finduser
View File

@ -18,19 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import ipa.ipaadminutil as ipaadminutil
import base64
import errno
import sys
import xmlrpclib
import kerberos
def usage(): def usage():
print "ipa-finduser [-a|--all] [-n|--notranslate] user" print "ipa-finduser [-a|--all] [-n|--notranslate] user"
sys.exit() sys.exit()
@ -79,75 +66,91 @@ def main():
if options.usage or len(args) != 2: if options.usage or len(args) != 2:
usage() usage()
try: client = ipaclient.IPAClient()
client = ipaclient.IPAClient() if options.all is None:
if options.all is None: users = client.find_users(args[1], sattrs=['uid','cn','homeDirectory','loginshell'])
users = client.find_users(args[1], sattrs=['uid','cn','homeDirectory','loginshell']) else:
else: users = client.find_users(args[1], sattrs=None)
users = client.find_users(args[1], sattrs=None)
counter = users[0] counter = users[0]
users = users[1:] users = users[1:]
userindex = 0 userindex = 0
if counter == 0: if counter == 0:
print "No entries found for", args[1] print "No entries found for", args[1]
return 2 return 2
elif counter == -1: elif counter == -1:
print "These results are truncated." print "These results are truncated."
print "Please refine your search and try again." print "Please refine your search and try again."
if counter > 1: if counter > 1:
try: try:
userindex = ipaadminutil.select_user(counter, users) userindex = ipaadminutil.select_user(counter, users)
except KeyboardInterrupt: except KeyboardInterrupt:
return 1 return 1
if userindex == "q": if userindex == "q":
return 0 return 0
if userindex >= 0: if userindex >= 0:
users = [users[userindex]] users = [users[userindex]]
for ent in users:
attr = ent.attrList()
attr.sort()
if options.notranslate:
labels = {}
for a in attr:
labels[a] = a
else:
labels = client.attrs_to_labels(attr)
if options.all is True:
print "dn: " + ent.dn
for ent in users:
attr = ent.attrList()
attr.sort()
if options.notranslate:
labels = {}
for a in attr: for a in attr:
value = ent.getValues(a) labels[a] = a
if isinstance(value,str):
print labels[a] + ": " + str(wrap_binary_data(value)).rstrip()
else:
print labels[a] + ": "
for l in value:
print "\t" + wrap_binary_data(l)
# blank line between results
print
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else: else:
print fault.faultString labels = client.attrs_to_labels(attr)
return 1
except kerberos.GSSError, e: if options.all is True:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0]) print "dn: " + ent.dn
return 1
except xmlrpclib.ProtocolError, e: for a in attr:
print "Unable to connect to IPA server: %s" % (e.errmsg) value = ent.getValues(a)
return 1 if isinstance(value,str):
except ipa.ipaerror.IPAError, e: print labels[a] + ": " + str(wrap_binary_data(value)).rstrip()
print "%s" % (e.message) else:
return 1 print labels[a] + ": "
for l in value:
print "\t" + wrap_binary_data(l)
# blank line between results
print
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import ipa.ipaadminutil as ipaadminutil
import base64
import errno
import sys
import xmlrpclib
import kerberos
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

69
ipa-admintools/ipa-listdelegation
View File

@ -18,19 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import operator
import xmlrpclib
import kerberos
import errno
import ipa.aci
from ipa import ipaerror
aci_fields = ['*', 'aci'] aci_fields = ['*', 'aci']
def usage(): def usage():
print "ipa-listdelgation" print "ipa-listdelgation"
@ -54,23 +41,7 @@ def main():
usage() usage()
client = ipaclient.IPAClient() client = ipaclient.IPAClient()
try: aci_entry = client.get_aci_entry(aci_fields)
aci_entry = client.get_aci_entry(aci_fields)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipaerror.IPAError, e:
print("Delegation list failed: " + str(e))
return 1
aci_str_list = aci_entry.getValues('aci') aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None: if aci_str_list is None:
@ -102,5 +73,39 @@ def main():
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import operator
import xmlrpclib
import kerberos
import errno
import ipa.aci
from ipa import ipaerror
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipaerror.IPAError, e:
print("Delegation list failed: " + str(e))
sys.exit(1)

99
ipa-admintools/ipa-lockuser
View File

@ -18,16 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import errno
import xmlrpclib
import kerberos
def usage(): def usage():
print "ipa-lockuser [-u|--unlock] user" print "ipa-lockuser [-u|--unlock] user"
sys.exit(1) sys.exit(1)
@ -51,43 +41,58 @@ def main():
usage() usage()
msg = "inactivated" msg = "inactivated"
try: client = ipaclient.IPAClient()
client = ipaclient.IPAClient() if options.unlock:
if options.unlock: try:
try: ret = client.mark_user_active(args[1])
ret = client.mark_user_active(args[1]) msg = "unlocked"
msg = "unlocked" except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST): print "User is already marked active"
print "User is already marked active" return 0
return 0 except:
except: raise
raise else:
else: try:
try: ret = client.mark_user_inactive(args[1])
ret = client.mark_user_inactive(args[1]) except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST): print "User is already marked inactive"
print "User is already marked inactive" return 0
return 0 except:
except: raise
raise print args[1] + " successfully %s" % msg
print args[1] + " successfully %s" % msg
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import errno
import xmlrpclib
import kerberos
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

258
ipa-admintools/ipa-moddelegation
View File

@ -18,22 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipaadminutil as ipaadminutil
import ipa.config
import ipa.aci
import xmlrpclib
import kerberos
import krbV
import ldap
import copy
import errno
aci_fields = ['*', 'aci'] aci_fields = ['*', 'aci']
def usage(): def usage():
@ -77,125 +61,145 @@ def main():
if not options.attributes and not options.source and not options.target: if not options.attributes and not options.source and not options.target:
usage() usage()
try: client = ipaclient.IPAClient()
client = ipaclient.IPAClient()
# first do some sanity checking # first do some sanity checking
if options.source: if options.source:
source_grp = client.find_groups(options.source) source_grp = client.find_groups(options.source)
counter = source_grp[0] counter = source_grp[0]
source_grp = source_grp[1:] source_grp = source_grp[1:]
groupindex = -1 groupindex = -1
if counter == 0: if counter == 0:
print "No entries found for %s" % options.source print "No entries found for %s" % options.source
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
if counter > 1:
print "\nMultiple entries for the source group found."
groupindex = ipaadminutil.select_group(counter, source_grp)
if groupindex == "q":
return 0
if groupindex >= 0:
source_grp = [source_grp[groupindex]]
if options.target:
target_grp = client.find_groups(options.target)
counter = target_grp[0]
target_grp = target_grp[1:]
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.target
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
if counter > 1:
print "\nMultiple entries for the target group found."
groupindex = ipaadminutil.select_group(counter, target_grp)
if groupindex == "q":
return 0
if groupindex >= 0:
target_grp = [target_grp[groupindex]]
if options.attributes:
attr_list = options.attributes.split(',')
# find the old aci
aci_entry = client.get_aci_entry(aci_fields)
aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None:
aci_str_list = []
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list]
old_aci = None
acistr = None
for aci_str in aci_str_list:
try:
old_aci = ipa.aci.ACI(aci_str)
if old_aci.name == args[1]:
acistr = aci_str
break
except SyntaxError:
# ignore aci_str's that ACI can't parse
pass
if acistr is None:
print "No delegation %s found." % args[1]
return 2 return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
old_aci_index = aci_str_list.index(acistr) if counter > 1:
print "\nMultiple entries for the source group found."
groupindex = ipaadminutil.select_group(counter, source_grp)
if groupindex == "q":
return 0
new_aci = ipa.aci.ACI() if groupindex >= 0:
new_aci.name = args[1] source_grp = [source_grp[groupindex]]
if options.source:
new_aci.source_group = source_grp[0].dn
else:
new_aci.source_group = old_aci.source_group
if options.target:
new_aci.dest_group = target_grp[0].dn
else:
new_aci.dest_group = old_aci.dest_group
if options.attributes:
new_aci.attrs = attr_list
else:
new_aci.attrs = old_aci.attrs
new_aci_str = new_aci.export_to_string()
new_aci_str_list = copy.deepcopy(aci_str_list) if options.target:
new_aci_str_list[old_aci_index] = new_aci_str target_grp = client.find_groups(options.target)
aci_entry.setValue('aci', new_aci_str_list) counter = target_grp[0]
target_grp = target_grp[1:]
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.target
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
client.update_entry(aci_entry) if counter > 1:
except xmlrpclib.Fault, fault: print "\nMultiple entries for the target group found."
if fault.faultCode == errno.ECONNREFUSED: groupindex = ipaadminutil.select_group(counter, target_grp)
print "The IPA XML-RPC service is not responding." if groupindex == "q":
else: return 0
print fault.faultString
return 1 if groupindex >= 0:
except kerberos.GSSError, e: target_grp = [target_grp[groupindex]]
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1 if options.attributes:
except xmlrpclib.ProtocolError, e: attr_list = options.attributes.split(',')
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1 # find the old aci
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message) aci_entry = client.get_aci_entry(aci_fields)
return 1
aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None:
aci_str_list = []
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list]
old_aci = None
acistr = None
for aci_str in aci_str_list:
try:
old_aci = ipa.aci.ACI(aci_str)
if old_aci.name == args[1]:
acistr = aci_str
break
except SyntaxError:
# ignore aci_str's that ACI can't parse
pass
if acistr is None:
print "No delegation %s found." % args[1]
return 2
old_aci_index = aci_str_list.index(acistr)
new_aci = ipa.aci.ACI()
new_aci.name = args[1]
if options.source:
new_aci.source_group = source_grp[0].dn
else:
new_aci.source_group = old_aci.source_group
if options.target:
new_aci.dest_group = target_grp[0].dn
else:
new_aci.dest_group = old_aci.dest_group
if options.attributes:
new_aci.attrs = attr_list
else:
new_aci.attrs = old_aci.attrs
new_aci_str = new_aci.export_to_string()
new_aci_str_list = copy.deepcopy(aci_str_list)
new_aci_str_list[old_aci_index] = new_aci_str
aci_entry.setValue('aci', new_aci_str_list)
client.update_entry(aci_entry)
print "Delegation %s successfully updated" % args[1] print "Delegation %s successfully updated" % args[1]
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.ipaadminutil as ipaadminutil
import ipa.config
import ipa.aci
import ipa.ipautil as ipautil
import xmlrpclib
import kerberos
import krbV
import ldap
import copy
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

164
ipa-admintools/ipa-modgroup
View File

@ -18,19 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa
import ipa.group
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipaerror
import xmlrpclib
import kerberos
import ldap
import errno
def usage(): def usage():
print "ipa-modgroup [-l|--list]" print "ipa-modgroup [-l|--list]"
print "ipa-modgroup [-a|--add] [-r|--remove] user group" print "ipa-modgroup [-a|--add] [-r|--remove] user group"
@ -107,78 +94,95 @@ def main():
elif ((options.desc or options.addattr or options.delattr or options.setattr) and (len(args) != 2)): elif ((options.desc or options.addattr or options.delattr or options.setattr) and (len(args) != 2)):
usage() usage()
try: client = ipaclient.IPAClient()
client = ipaclient.IPAClient() if options.add:
if options.add: group = get_group(client, options, args[2])
group = get_group(client, options, args[2]) if group is None:
if group is None: return 1
return 1 users = args[1].split(',')
users = args[1].split(',') for user in users:
for user in users: client.add_user_to_group(user, group.dn)
client.add_user_to_group(user, group.dn) print user + " successfully added to " + args[2]
print user + " successfully added to " + args[2] elif options.remove:
elif options.remove: group = get_group(client, options, args[2])
group = get_group(client, options, args[2]) if group is None:
if group is None: return 1
return 1 users = args[1].split(',')
users = args[1].split(',') for user in users:
for user in users: client.remove_user_from_group(user, group.dn)
client.remove_user_from_group(user, group.dn) print user + " successfully removed"
print user + " successfully removed" else:
else: group = get_group(client, options, args[1])
group = get_group(client, options, args[1]) if group is None:
if group is None: return 1
return 1
if options.desc: if options.desc:
group.setValue('description', options.desc) group.setValue('description', options.desc)
if options.delattr: if options.delattr:
for d in options.delattr: for d in options.delattr:
group.delValue(d) group.delValue(d)
if options.setattr: if options.setattr:
for s in options.setattr: for s in options.setattr:
s = s.split('=') s = s.split('=')
if len(s) != 2: if len(s) != 2:
set_add_usage("set") set_add_usage("set")
sys.exit(1) sys.exit(1)
(attr,value) = s (attr,value) = s
group.setValue(attr, value) group.setValue(attr, value)
if options.addattr: if options.addattr:
for a in options.addattr: for a in options.addattr:
a = a.split('=') a = a.split('=')
if len(a) != 2: if len(a) != 2:
set_add_usage("add") set_add_usage("add")
sys.exit(1) sys.exit(1)
(attr,value) = a (attr,value) = a
cvalue = group.getValue(attr) cvalue = group.getValue(attr)
if cvalue: if cvalue:
if isinstance(cvalue,str): if isinstance(cvalue,str):
cvalue = [cvalue] cvalue = [cvalue]
value = cvalue + [value] value = cvalue + [value]
group.setValue(attr, value) group.setValue(attr, value)
client.update_group(group) client.update_group(group)
print args[1] + " successfully updated" print args[1] + " successfully updated"
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa
import ipa.group
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipaerror
import xmlrpclib
import kerberos
import ldap
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

96
ipa-admintools/ipa-moduser
View File

@ -18,19 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.config
import xmlrpclib
import kerberos
import ldap
import errno
def usage(): def usage():
print "ipa-moduser [--list]" print "ipa-moduser [--list]"
print "ipa-moduser [-a|--activate] [-c|--gecos STRING] [-d|--directory STRING] [-f|--firstname STRING] [-l|--lastname STRING] [-s|--shell STRING] [--addattr attribute=value] [--delattr attribute] [--setattr attribute=value] user" print "ipa-moduser [-a|--activate] [-c|--gecos STRING] [-d|--directory STRING] [-f|--firstname STRING] [-l|--lastname STRING] [-s|--shell STRING] [--addattr attribute=value] [--delattr attribute] [--setattr attribute=value] user"
@ -116,12 +103,8 @@ def main():
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND): except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND):
print "User %s not found" % username print "User %s not found" % username
return 1 return 1
except ipa.ipaerror.IPAError, e: except:
print "%s" % e.message raise
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
# If any options are set we use just those. Otherwise ask for all of them. # If any options are set we use just those. Otherwise ask for all of them.
if options.gn or options.sn or options.directory or options.gecos or options.mail or options.shell or options.addattr or options.delattr or options.setattr or options.activate: if options.gn or options.sn or options.directory or options.gecos or options.mail or options.shell or options.addattr or options.delattr or options.setattr or options.activate:
@ -249,35 +232,54 @@ def main():
value = cvalue + [value] value = cvalue + [value]
user.setValue(attr, value) user.setValue(attr, value)
try: if options.activate:
if options.activate: try:
try: client.mark_user_active(user.getValues('uid'))
client.mark_user_active(user.getValues('uid')) print "User activated successfully."
print "User activated successfully." except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST): print "User is already marked active"
print "User is already marked active" return 0
return 0 except:
except: raise
raise
client.update_user(user) client.update_user(user)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
print username + " successfully updated" print username + " successfully updated"
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.ipautil as ipautil
import ipa.config
import xmlrpclib
import kerberos
import ldap
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1])
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

70
ipa-admintools/ipa-passwd
View File

@ -18,19 +18,6 @@
# Foundation, Inc., 59 Tempal Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Tempal Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
def usage(): def usage():
print "ipa-passwd [user]" print "ipa-passwd [user]"
sys.exit(1) sys.exit(1)
@ -105,26 +92,43 @@ def main():
print "Password change cancelled" print "Password change cancelled"
return 1 return 1
try: client = ipaclient.IPAClient()
client = ipaclient.IPAClient() client.modifyPassword(principal, '', password)
client.modifyPassword(principal, '', password)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
return 0 return 0
if __name__ == "__main__": try:
sys.exit(main()) import sys
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1])
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

110
ipa-admintools/ipa-pwpolicy
View File

@ -18,18 +18,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# #
import sys
from optparse import OptionParser
import ipa
import ipa.entity
import ipa.ipaclient as ipaclient
import ipa.config
import xmlrpclib
import kerberos
import errno
import validate
def usage(): def usage():
print "ipa-pwpolicy [--maxlife days] [--minlife hours] [--history number] [--minclasses number] [--minlength number]" print "ipa-pwpolicy [--maxlife days] [--minlife hours] [--history number] [--minclasses number] [--minlength number]"
print "ipa-pwpolicy --show" print "ipa-pwpolicy --show"
@ -74,21 +62,28 @@ def update_policy(client, options):
new = ipa.entity.Entity(current.toDict()) new = ipa.entity.Entity(current.toDict())
if options.maxlife: try:
if validate.is_integer(options.maxlife, min=0): if options.maxlife:
new.setValue('krbmaxpwdlife', options.maxlife) if validate.is_integer(options.maxlife, min=0):
if options.minlife: new.setValue('krbmaxpwdlife', options.maxlife)
if validate.is_integer(options.minlife, min=0): if options.minlife:
new.setValue('krbminpwdlife', options.minlife) if validate.is_integer(options.minlife, min=0):
if options.history: new.setValue('krbminpwdlife', options.minlife)
if validate.is_integer(options.history, min=0): if options.history:
new.setValue('krbpwdhistorylength', options.history) if validate.is_integer(options.history, min=0):
if options.minclasses: new.setValue('krbpwdhistorylength', options.history)
if validate.is_integer(options.minclasses, min=0): if options.minclasses:
new.setValue('krbpwdmindiffchars', options.minclasses) if validate.is_integer(options.minclasses, min=0):
if options.minlength: new.setValue('krbpwdmindiffchars', options.minclasses)
if validate.is_integer(options.minlength, min=0): if options.minlength:
new.setValue('krbpwdminlength', options.minlength) if validate.is_integer(options.minlength, min=0):
new.setValue('krbpwdminlength', options.minlength)
except validate.VdtTypeError, e:
print "%s" % (e.message)
return 1
except validate.VdtValueTooSmallError, e:
print "%s" % (e.message)
return 1
client.update_password_policy(new) client.update_password_policy(new)
@ -98,44 +93,47 @@ def main():
if options.usage: if options.usage:
usage() usage()
try: client = ipaclient.IPAClient()
client = ipaclient.IPAClient()
if options.show: if options.show:
show_policy(client) show_policy(client)
return 0 return 0
update_policy(client, options) update_policy(client, options)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
return 1
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1])
return 1
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
return 1
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
return 1
except validate.VdtTypeError, e:
print "%s" % (e.message)
return 1
except validate.VdtValueTooSmallError, e:
print "%s" % (e.message)
return 1
except KeyboardInterrupt, e:
return 1
return 0 return 0
try: try:
import sys
from optparse import OptionParser
import ipa
import ipa.entity
import ipa.ipaclient as ipaclient
import ipa.config
import xmlrpclib
import kerberos
import errno
import validate
if __name__ == "__main__": if __name__ == "__main__":
sys.exit(main()) sys.exit(main())
except SystemExit, e: except SystemExit, e:
sys.exit(e) sys.exit(e)
except KeyboardInterrupt, e: except KeyboardInterrupt, e:
sys.exit(1) sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1])
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)

12
ipa-python/ipautil.py
View File

@ -828,3 +828,15 @@ class ItemCompleter:
return items return items
def get_gsserror(e):
"""A GSSError exception looks differently in python 2.4 than it does
in python 2.5, deal with it."""
try:
primary = e[0]
secondary = e[1]
except:
primary = e[0][0]
secondary = e[0][1]
return (primary[0], secondary[0])