IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Mass file removal for IPAv2.

Browse Source 
deleted: ipa-admintools/Makefile
deleted: ipa-admintools/README
deleted: ipa-admintools/ipa-adddelegation
deleted: ipa-admintools/ipa-addgroup
deleted: ipa-admintools/ipa-addservice
deleted: ipa-admintools/ipa-adduser
deleted: ipa-admintools/ipa-admintools.spec.in
deleted: ipa-admintools/ipa-change-master-key
deleted: ipa-admintools/ipa-defaultoptions
deleted: ipa-admintools/ipa-deldelegation
deleted: ipa-admintools/ipa-delgroup
deleted: ipa-admintools/ipa-delservice
deleted: ipa-admintools/ipa-deluser
deleted: ipa-admintools/ipa-findgroup
deleted: ipa-admintools/ipa-findservice
deleted: ipa-admintools/ipa-finduser
deleted: ipa-admintools/ipa-listdelegation
deleted: ipa-admintools/ipa-lockuser
deleted: ipa-admintools/ipa-moddelegation
deleted: ipa-admintools/ipa-modgroup
deleted: ipa-admintools/ipa-moduser
deleted: ipa-admintools/ipa-passwd
deleted: ipa-admintools/ipa-pwpolicy
deleted: ipa-admintools/man/Makefile
deleted: ipa-admintools/man/ipa-adddelegation.1
deleted: ipa-admintools/man/ipa-addgroup.1
deleted: ipa-admintools/man/ipa-addservice.1
deleted: ipa-admintools/man/ipa-adduser.1
deleted: ipa-admintools/man/ipa-defaultoptions.1
deleted: ipa-admintools/man/ipa-deldelegation.1
deleted: ipa-admintools/man/ipa-delgroup.1
deleted: ipa-admintools/man/ipa-delservice.1
deleted: ipa-admintools/man/ipa-deluser.1
deleted: ipa-admintools/man/ipa-findgroup.1
deleted: ipa-admintools/man/ipa-findservice.1
deleted: ipa-admintools/man/ipa-finduser.1
deleted: ipa-admintools/man/ipa-listdelegation.1
deleted: ipa-admintools/man/ipa-lockuser.1
deleted: ipa-admintools/man/ipa-moddelegation.1
deleted: ipa-admintools/man/ipa-modgroup.1
deleted: ipa-admintools/man/ipa-moduser.1
deleted: ipa-admintools/man/ipa-passwd.1
deleted: ipa-admintools/man/ipa-pwpolicy.1
deleted: ipa-server/AUTHORS
deleted: ipa-server/Makefile.am
deleted: ipa-server/NEWS
deleted: ipa-server/README
deleted: ipa-server/configure.ac
deleted: ipa-server/ipa-gui/Makefile.am
deleted: ipa-server/ipa-gui/README.i18n
deleted: ipa-server/ipa-gui/README.multivalue
deleted: ipa-server/ipa-gui/README.txt
deleted: ipa-server/ipa-gui/dev.cfg
deleted: ipa-server/ipa-gui/i18n.patch
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/Makefile.am
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/PKG-INFO
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/SOURCES.txt
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/dependency_links.txt
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/entry_points.txt
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/not-zip-safe
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/paster_plugins.txt
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/requires.txt
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/sqlobject.txt
deleted: ipa-server/ipa-gui/ipa_gui.egg-info/top_level.txt
deleted: ipa-server/ipa-gui/ipa_webgui
deleted: ipa-server/ipa-gui/ipa_webgui.cfg
deleted: ipa-server/ipa-gui/ipa_webgui.init
deleted: ipa-server/ipa-gui/ipagui/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/__init__.py
deleted: ipa-server/ipa-gui/ipagui/config/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/config/__init__.py
deleted: ipa-server/ipa-gui/ipagui/config/app.cfg
deleted: ipa-server/ipa-gui/ipagui/config/log.cfg
deleted: ipa-server/ipa-gui/ipagui/controllers.py
deleted: ipa-server/ipa-gui/ipagui/forms/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/forms/__init__.py
deleted: ipa-server/ipa-gui/ipagui/forms/delegate.py
deleted: ipa-server/ipa-gui/ipagui/forms/group.py
deleted: ipa-server/ipa-gui/ipagui/forms/ipapolicy.py
deleted: ipa-server/ipa-gui/ipagui/forms/principal.py
deleted: ipa-server/ipa-gui/ipagui/forms/user.py
deleted: ipa-server/ipa-gui/ipagui/helpers/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/helpers/__init__.py
deleted: ipa-server/ipa-gui/ipagui/helpers/ipahelper.py
deleted: ipa-server/ipa-gui/ipagui/helpers/userhelper.py
deleted: ipa-server/ipa-gui/ipagui/helpers/validators.py
deleted: ipa-server/ipa-gui/ipagui/json.py
deleted: ipa-server/ipa-gui/ipagui/model.py
deleted: ipa-server/ipa-gui/ipagui/proxyprovider.py
deleted: ipa-server/ipa-gui/ipagui/proxyvisit.py
deleted: ipa-server/ipa-gui/ipagui/release.py
deleted: ipa-server/ipa-gui/ipagui/static/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/static/css/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css
deleted: ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css
deleted: ipa-server/ipa-gui/ipagui/static/css/style_platform.css
deleted: ipa-server/ipa-gui/ipagui/static/images/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/static/images/branding/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/static/images/branding/logo.png
deleted: ipa-server/ipa-gui/ipagui/static/images/down.gif
deleted: ipa-server/ipa-gui/ipagui/static/images/favicon.ico
deleted: ipa-server/ipa-gui/ipagui/static/images/header_inner.png
deleted: ipa-server/ipa-gui/ipagui/static/images/info.png
deleted: ipa-server/ipa-gui/ipagui/static/images/logo.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-accesscontrol.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-channel.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-channels.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-content.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-media.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-overview.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-policy.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-system.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-user.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-usergroup.png
deleted: ipa-server/ipa-gui/ipagui/static/images/objects/object-virtualsystem.png
deleted: ipa-server/ipa-gui/ipagui/static/images/ok.png
deleted: ipa-server/ipa-gui/ipagui/static/images/template/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/static/images/template/background-content.png
deleted: ipa-server/ipa-gui/ipagui/static/images/template/background-navbar-active.png
deleted: ipa-server/ipa-gui/ipagui/static/images/template/background-navbar-active_fullsize.png
deleted: ipa-server/ipa-gui/ipagui/static/images/template/background-navbar.png
deleted: ipa-server/ipa-gui/ipagui/static/images/template/background-navbar_fullsize.png
deleted: ipa-server/ipa-gui/ipagui/static/images/template/background-sidebar.png
deleted: ipa-server/ipa-gui/ipagui/static/images/template/background.png
deleted: ipa-server/ipa-gui/ipagui/static/images/tg_under_the_hood.png
deleted: ipa-server/ipa-gui/ipagui/static/images/under_the_hood_blue.png
deleted: ipa-server/ipa-gui/ipagui/static/images/up.gif
deleted: ipa-server/ipa-gui/ipagui/static/javascript/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/static/javascript/dynamicedit.js
deleted: ipa-server/ipa-gui/ipagui/static/javascript/dynamicselect.js
deleted: ipa-server/ipa-gui/ipagui/static/javascript/effects.js
deleted: ipa-server/ipa-gui/ipagui/static/javascript/ipautil.js
deleted: ipa-server/ipa-gui/ipagui/static/javascript/prototype.js
deleted: ipa-server/ipa-gui/ipagui/static/javascript/scriptaculous.js
deleted: ipa-server/ipa-gui/ipagui/static/javascript/tablekit.js
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/__init__.py
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/group.py
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/ipacontroller.py
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/policy.py
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/principal.py
deleted: ipa-server/ipa-gui/ipagui/subcontrollers/user.py
deleted: ipa-server/ipa-gui/ipagui/templates/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/templates/__init__.py
deleted: ipa-server/ipa-gui/ipagui/templates/delegateedit.kid
deleted: ipa-server/ipa-gui/ipagui/templates/delegateform.kid
deleted: ipa-server/ipa-gui/ipagui/templates/delegategroupsearch.kid
deleted: ipa-server/ipa-gui/ipagui/templates/delegatelayout.kid
deleted: ipa-server/ipa-gui/ipagui/templates/delegatelist.kid
deleted: ipa-server/ipa-gui/ipagui/templates/delegatenew.kid
deleted: ipa-server/ipa-gui/ipagui/templates/dynamiceditsearch.kid
deleted: ipa-server/ipa-gui/ipagui/templates/groupedit.kid
deleted: ipa-server/ipa-gui/ipagui/templates/groupeditform.kid
deleted: ipa-server/ipa-gui/ipagui/templates/grouplayout.kid
deleted: ipa-server/ipa-gui/ipagui/templates/grouplist.kid
deleted: ipa-server/ipa-gui/ipagui/templates/groupnew.kid
deleted: ipa-server/ipa-gui/ipagui/templates/groupnewform.kid
deleted: ipa-server/ipa-gui/ipagui/templates/groupshow.kid
deleted: ipa-server/ipa-gui/ipagui/templates/ipapolicyedit.kid
deleted: ipa-server/ipa-gui/ipagui/templates/ipapolicyeditform.kid
deleted: ipa-server/ipa-gui/ipagui/templates/ipapolicyshow.kid
deleted: ipa-server/ipa-gui/ipagui/templates/loginfailed.kid
deleted: ipa-server/ipa-gui/ipagui/templates/master.kid
deleted: ipa-server/ipa-gui/ipagui/templates/not_found.kid
deleted: ipa-server/ipa-gui/ipagui/templates/policyindex.kid
deleted: ipa-server/ipa-gui/ipagui/templates/policylayout.kid
deleted: ipa-server/ipa-gui/ipagui/templates/principallayout.kid
deleted: ipa-server/ipa-gui/ipagui/templates/principallist.kid
deleted: ipa-server/ipa-gui/ipagui/templates/principalnew.kid
deleted: ipa-server/ipa-gui/ipagui/templates/principalnewform.kid
deleted: ipa-server/ipa-gui/ipagui/templates/principalshow.kid
deleted: ipa-server/ipa-gui/ipagui/templates/unhandled_exception.kid
deleted: ipa-server/ipa-gui/ipagui/templates/useredit.kid
deleted: ipa-server/ipa-gui/ipagui/templates/usereditform.kid
deleted: ipa-server/ipa-gui/ipagui/templates/userlayout.kid
deleted: ipa-server/ipa-gui/ipagui/templates/userlist.kid
deleted: ipa-server/ipa-gui/ipagui/templates/usernew.kid
deleted: ipa-server/ipa-gui/ipagui/templates/usernewform.kid
deleted: ipa-server/ipa-gui/ipagui/templates/userselectsearch.kid
deleted: ipa-server/ipa-gui/ipagui/templates/usershow.kid
deleted: ipa-server/ipa-gui/ipagui/templates/welcome.kid
deleted: ipa-server/ipa-gui/ipagui/tests/Makefile.am
deleted: ipa-server/ipa-gui/ipagui/tests/__init__.py
deleted: ipa-server/ipa-gui/ipagui/tests/test_controllers.py
deleted: ipa-server/ipa-gui/ipagui/tests/test_model.py
deleted: ipa-server/ipa-gui/locales/ja/LC_MESSAGES/messages.po
deleted: ipa-server/ipa-gui/locales/messages.pot
deleted: ipa-server/ipa-gui/sample-prod.cfg
deleted: ipa-server/ipa-gui/setup.py
deleted: ipa-server/ipa-gui/start-ipagui.py
deleted: ipa-server/ipa-gui/test.cfg
deleted: ipa-server/ipa-server.spec.in
deleted: ipa-server/xmlrpc-server/Makefile.am
deleted: ipa-server/xmlrpc-server/README
deleted: ipa-server/xmlrpc-server/attrs.py
deleted: ipa-server/xmlrpc-server/funcs.py
deleted: ipa-server/xmlrpc-server/ipaxmlrpc.py
deleted: ipa-server/xmlrpc-server/test/Makefile.am
deleted: ipa-server/xmlrpc-server/test/README
deleted: ipa-server/xmlrpc-server/test/test.py
deleted: ipa-server/xmlrpc-server/test/test_methods.py
deleted: ipa-server/xmlrpc-server/test/test_mod_python.py
This commit is contained in:
Rob Crittenden 2009-01-29 16:29:11 -05:00
parent e30cd6ba42
commit e0d428f97a
205 changed files with 0 additions and 25933 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
ipa-admintools/Makefile
View File

@ -1,47 +0,0 @@
SUBDIRS=man
SBINDIR = $(DESTDIR)/usr/sbin
all: ;
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
done
install:
install -m 755 ipa-adduser $(SBINDIR)
install -m 755 ipa-finduser $(SBINDIR)
install -m 755 ipa-moduser $(SBINDIR)
install -m 755 ipa-deluser $(SBINDIR)
install -m 755 ipa-lockuser $(SBINDIR)
install -m 755 ipa-addgroup $(SBINDIR)
install -m 755 ipa-delgroup $(SBINDIR)
install -m 755 ipa-findgroup $(SBINDIR)
install -m 755 ipa-modgroup $(SBINDIR)
install -m 755 ipa-passwd $(SBINDIR)
install -m 755 ipa-pwpolicy $(SBINDIR)
install -m 755 ipa-addservice $(SBINDIR)
install -m 755 ipa-delservice $(SBINDIR)
install -m 755 ipa-findservice $(SBINDIR)
install -m 755 ipa-adddelegation $(SBINDIR)
install -m 755 ipa-deldelegation $(SBINDIR)
install -m 755 ipa-listdelegation $(SBINDIR)
install -m 755 ipa-moddelegation $(SBINDIR)
install -m 755 ipa-defaultoptions $(SBINDIR)
install -m 755 ipa-change-master-key $(SBINDIR)
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
done
install-man:
install -m 644
clean:
rm -f *~ *.pyc
distclean: clean
rm -f ipa-admintools.spec
maintainer-clean: distclean
test:

13
ipa-admintools/README
View File

@ -1,13 +0,0 @@
These tools are designed for administrators to work from a command-line,
use in scripts, etc.
The design goal is to provide 100% of capabilities that the UI has, something
which is often not true.
Developers
----------
These scripts use an XML-RPC interface to communicate with the IPA server.
Please use only this API and avoid the temptation to communicate directly
with the LDAP server. It is our philosophy to have a robust, standard
interface for doing all IPA administrative work.

201
ipa-admintools/ipa-adddelegation
View File

@ -1,201 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.aci
import ipa.ipaadminutil as ipaadminutil
import ipa.ipautil as ipautil
import xmlrpclib
import kerberos
import krbV
import ldap
import errno
import socket
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def parse_options():
usage = "%prog -l|--list\n"
usage += "%prog -a|--attributes attr1,attr2,..,attrn -s|--source STRING -t|--target STRING [-v|--verbose] name"
parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter())
parser.add_option("-a", "--attributes", dest="attributes",
help="The attributes the source group may change in the target group")
parser.add_option("-s", "--source", dest="source",
help="The source group name")
parser.add_option("-t", "--target", dest="target",
help="The target group name")
parser.add_option("-l", "--list", dest="list", action="store_true",
help="List common attributes (this is not an exhaustive list)")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if options.list:
ipa.config.verify_args(parser, args)
else:
ipa.config.verify_args(parser, args, "name")
if not options.attributes or not options.source or not options.target:
parser.error("need attributes and both source and target groups")
ipa.config.init_config(options)
return options, args
def main():
options, args = parse_options()
if options.list:
client = ipaclient.IPAClient(verbose=options.verbose)
l = client.get_all_attrs()
for x in l:
print x
return 0
client = ipaclient.IPAClient(verbose=options.verbose)
source_grp = client.find_groups(options.source)
counter = source_grp[0]
source_grp = source_grp[1:]
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.source
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
if counter > 1:
print "\nMultiple entries for the source group found."
groupindex = ipaadminutil.select_group(counter, source_grp)
if groupindex == "q":
return 0
if groupindex >= 0:
source_grp = [source_grp[groupindex]]
target_grp = client.find_groups(options.target)
counter = target_grp[0]
target_grp = target_grp[1:]
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.target
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
if counter > 1:
print "\nMultiple entries for the target group found."
groupindex = ipaadminutil.select_group(counter, target_grp)
if groupindex == "q":
return 0
if groupindex >= 0:
target_grp = [target_grp[groupindex]]
attr_list = options.attributes.split(',')
new_aci = ipa.aci.ACI()
new_aci.name = args[0]
new_aci.source_group = source_grp[0].dn
new_aci.dest_group = target_grp[0].dn
new_aci.attrs = attr_list
aci_entry = client.get_aci_entry(['*', 'aci'])
# Look for an existing ACI of the same name
aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None:
aci_str_list = []
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list]
for aci_str in aci_str_list:
try:
old_aci = ipa.aci.ACI(aci_str)
if old_aci.name == new_aci.name:
print "A delegation of that name already exists"
return 2
except SyntaxError:
# ignore aci_str's that ACI can't parse
pass
aci_entry = client.get_aci_entry(['dn'])
aci_entry.setValue('aci', new_aci.export_to_string())
client.update_entry(aci_entry)
# Now add to the editors group so they can make changes in the UI
try:
group = client.get_entry_by_cn("editors")
client.add_group_to_group(new_aci.source_group, group.dn)
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
# This is ok, ignore it
pass
print "Delegation %s successfully added" % args[0]
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

162
ipa-admintools/ipa-addgroup
View File

@ -1,162 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa
import ipa.group
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.ipautil as ipautil
import ipa.config
import ipa.ipaerror
import ipa.ipaadminutil as ipaadminutil
import xmlrpclib
import kerberos
import ldap
import errno
import socket
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def set_add_usage(which):
print "%s option usage: --%s NAME=VALUE" % (which, which)
def parse_options():
usage = "%prog [options] [group]"
parser = OptionParser(usage=usage)
parser.add_option("-d", "--description", dest="desc",
help="A description of this group")
parser.add_option("-g", "--gid", dest="gid",
help="The gid to use for this group. If not included one is automatically set.")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
parser.add_option("--addattr", dest="addattr",
help="Adds an attribute or values to that attribute, attr=value",
action="append")
parser.add_option("--setattr", dest="setattr",
help="Set an attribute, dropping any existing values that may exist",
action="append")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if len(args) > 1:
parser.error("too many arguments")
ipa.config.init_config(options)
return options, args
def main():
cn = ""
desc = ""
group=ipa.group.Group()
options, args = parse_options()
if len(args) != 1:
cn = ipautil.user_input_name("Group name")
else:
cn = args[0]
try:
ipaadminutil.check_name(cn)
except ValueError, e:
print "Group name " + str(e)
return 1
if not options.desc:
desc = ipautil.user_input("Description", allow_empty = False)
else:
desc = options.desc
if not ipavalidate.String(desc, notEmpty=True):
print "Please enter a value"
return 1
if options.gid:
group.setValue('gidnumber', options.gid)
group.setValue('cn', cn)
group.setValue('description', desc)
if options.setattr:
for s in options.setattr:
s = s.split('=', 1)
if len(s) != 2:
set_add_usage("set")
sys.exit(1)
(attr,value) = s
group.setValue(attr, value)
if options.addattr:
for a in options.addattr:
a = a.split('=', 1)
if len(a) != 2:
set_add_usage("add")
sys.exit(1)
(attr,value) = a
cvalue = group.getValue(attr)
if cvalue:
if isinstance(cvalue,str):
cvalue = [cvalue]
value = cvalue + [value]
group.setValue(attr, value)
client = ipaclient.IPAClient(verbose=options.verbose)
client.add_group(group)
print cn + " successfully added"
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

104
ipa-admintools/ipa-addservice
View File

@ -1,104 +0,0 @@
#! /usr/bin/python -E
# Authors: Karl MacMillan <kmacmill@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipautil as ipautil
import ipa.config
import base64
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
import socket
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def parse_options():
usage = "%prog [options] principal"
parser = OptionParser(usage=usage)
parser.add_option("--force", action="store_true", default=False,
help="Force a service principal name")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "principal")
ipa.config.init_config(options)
return options, args
def main():
# The following fields are required
princ_name = ""
options, args = parse_options()
princ_name = args[0]
client = ipaclient.IPAClient(verbose=options.verbose)
client.add_service_principal(princ_name, "%d" % options.force)
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

290
ipa-admintools/ipa-adduser
View File

@ -1,290 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.ipautil as ipautil
import ipa.config
import ipa.ipaadminutil as ipaadminutil
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
import socket
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def set_add_usage(which):
print "%s option usage: --%s NAME=VALUE" % (which, which)
def parse_options():
usage = "%prog [options] [user]"
parser = OptionParser(usage=usage)
parser.add_option("-c", "--gecos", dest="gecos",
help="Set the GECOS field")
parser.add_option("-d", "--directory", dest="directory",
help="Set the User's home directory")
parser.add_option("-f", "--firstname", dest="gn",
help="User's first name")
parser.add_option("-l", "--lastname", dest="sn",
help="User's last name")
parser.add_option("-p", "--password", dest="password",
help="Set user's password")
parser.add_option("-P", dest="password_prompt", action="store_true",
help="Prompt on the command-line for the user's password")
parser.add_option("-s", "--shell", dest="shell",
help="Set user's login shell to shell")
parser.add_option("-G", "--groups", dest="groups",
help="Add account to one or more groups (comma-separated)")
parser.add_option("-k", "--krb-principal", dest="principal",
help="Set user's Kerberos Principal Name")
parser.add_option("-M", "--mailAddress", dest="mail",
help="Set user's e-mail address")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
parser.add_option("--addattr", dest="addattr",
help="Adds an attribute or values to that attribute, attr=value",
action="append")
parser.add_option("--setattr", dest="setattr",
help="Set an attribute, dropping any existing values that may exist",
action="append")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if len(args) > 1:
parser.error("too many arguments")
ipa.config.init_config(options)
return options, args
def main():
# The following fields are required
givenname = ""
lastname = ""
username = ""
principal = ""
password = ""
mail = ""
gecos = ""
directory = ""
shell = ""
groups = ""
match = False
all_interactive = False
user=ipa.user.User()
options, args = parse_options()
if len(args) != 1:
all_interactive = True
if not options.gn:
givenname = ipautil.user_input("First name", allow_empty = False)
else:
givenname = options.gn
if not ipavalidate.String(givenname, notEmpty=True):
print "Please enter a value"
return 1
if not options.sn:
lastname = ipautil.user_input("Last name", allow_empty = False)
else:
lastname = options.sn
if not ipavalidate.String(lastname, notEmpty=True):
print "Please enter a value"
return 1
if len(args) != 1:
username = ipautil.user_input_name("Login name")
else:
username = args[0]
try:
ipaadminutil.check_name(username)
except ValueError, e:
print "Login name " + str(e)
return 1
if options.password_prompt:
while match != True:
password = getpass.getpass(" Password: ")
confirm = getpass.getpass(" Password (again): ")
if password != confirm:
print "Passwords do not match"
match = False
else:
match = True
if len(password) < 1:
print "Password cannot be empty"
match = False
else:
password = options.password
if options.mail:
mail = options.mail
if not ipavalidate.Email(mail):
print "The email provided seem not a valid email."
return 1
# Ask the questions we don't normally force. We don't require answers
# for these.
if all_interactive is True:
if not options.gecos:
gecos = ipautil.user_input("gecos")
if not options.directory:
directory = ipautil.user_input_path("Home directory", "/home/" + username, allow_empty = True)
if not options.shell:
shell = ipautil.user_input("Shell", "/bin/sh", allow_empty = False)
else:
gecos = options.gecos
directory = options.directory
shell = options.shell
groups = options.groups
if options.principal:
principal = options.principal
else:
ctx = krbV.default_context()
principal = username + "@" + ctx.default_realm
user.setValue('givenname', givenname)
user.setValue('sn', lastname)
user.setValue('uid', username)
user.setValue('krbprincipalname', principal)
if mail:
user.setValue('mail', mail)
if gecos:
user.setValue('gecos', gecos)
if directory:
user.setValue('homedirectory', directory)
if shell:
user.setValue('loginshell', shell)
if options.setattr:
for s in options.setattr:
s = s.split('=', 1)
if len(s) != 2:
set_add_usage("set")
sys.exit(1)
(attr,value) = s
user.setValue(attr, value)
if options.addattr:
for a in options.addattr:
a = a.split('=', 1)
if len(a) != 2:
set_add_usage("add")
sys.exit(1)
(attr,value) = a
cvalue = user.getValue(attr)
if cvalue:
if isinstance(cvalue,str):
cvalue = [cvalue]
value = cvalue + [value]
user.setValue(attr, value)
client = ipaclient.IPAClient(verbose=options.verbose)
# get group dns and verify they exist
groups_to_add = []
if groups:
for group in groups.split(','):
group_dn = get_group_dn(client, group)
if not group_dn:
print "group %s doesn't exist" % group
return 1
groups_to_add.append(group_dn)
# add the user
client.add_user(user)
# add the user to all the groups
for group in groups_to_add:
client.add_user_to_group(username, group)
# Set the User's password
if password is not None:
try:
client.modifyPassword(principal, '', password)
except ipa.ipaerror.IPAError, e:
print "User added but setting the password failed."
print "%s" % (e.message)
return 1
print username + " successfully added"
return 0
def get_group_dn(client, group_name):
if not group_name:
return None
found = client.find_groups(group_name)
if len(found) < 2:
return None
for group in found[1:]:
if group.cn == group_name:
return group.dn
return None
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

87
ipa-admintools/ipa-admintools.spec.in
View File

@ -1,87 +0,0 @@
Name: ipa-admintools
Version: __VERSION__
Release: __RELEASE__%{?dist}
Summary: IPA admin tools
Group: System Environment/Base
License: GPLv2
URL: http://www.freeipa.org
Source0: %{name}-%{version}.tgz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
Requires: python
Requires: python-krbV
Requires: ipa-python
Requires: python-ldap
Requires: python-configobj
%description
User, group, delegation and policy administration tools for IPA. IPA is a
server for identity, policy, and audit.
%prep
%setup -q
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}%{_sbindir}
make install DESTDIR=%{buildroot}
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
%{_sbindir}/ipa*
%{_mandir}/man1/*
%changelog
* Fri May 23 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-2
- Add Requires for python-ldap and python-configobj
* Thu Apr 3 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1
- Version bump for release
* Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-1
- Version bump for release
* Thu Jan 31 2008 Rob Crittenden <rcritten@redhat.com> - 0.6.0-3
- Marked with wrong license. IPA is GPLv2.
* Thu Jan 17 2008 Rob Crittenden <rcritten@redhat.com> - 0.6.0-2
- Fixed License in specfile
* Fri Dec 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.6.0-1
- Version bump for release.
* Wed Nov 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.5.0-1
- Version bump for release and rpm name change
* Thu Nov 1 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.1-1
- Version bump for release
* Thu Oct 11 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-2
- Package man files
* Tue Oct 2 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-1
- Milestone 4
* Mon Sep 10 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.0-1
- Milestone 3
* Fri Aug 17 2007 Karl MacMillan <kmacmill@redhat.com> - 0.2.0-4
- Package additional utilities.
* Mon Aug 5 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-3
- Abstracted client class to work directly or over RPC
* Wed Aug 1 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-2
- Update tools to do kerberos
- Add User class
* Fri Jul 27 2007 Karl MacMillan <kmacmill@localhost.localdomain> - 0.1.0-1
- Initial rpm version

387
ipa-admintools/ipa-change-master-key
View File

@ -1,387 +0,0 @@
#! /usr/bin/python -E
# Authors: Simo Sorce <ssorce@redhat.com>
#
# Copyright (C) 2007 Simo Sorce <ssorce@redhat.com>
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 or later
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
etckrb5conf = "/etc/krb5.conf"
krb5dir = "/var/kerberos/krb5kdc"
cachedir = "/var/cache/ipa"
libdir = "/var/lib/ipa"
basedir = libdir+"/mkey"
ourkrb5conf = basedir+"/krb5.conf"
ldappwdfile = basedir+"/ldappwd"
password = ""
import sys
try:
from optparse import OptionParser
import ipa
import ipa.config
import ipa.ipautil
from ipaclient import ipachangeconf
from ipaserver import ipaldap
import krbV
import ldap
from ldap import LDAPError
from ldap import ldapobject
from pyasn1.type import univ, namedtype
import pyasn1.codec.ber.encoder
import pyasn1.codec.ber.decoder
import struct
import base64
import random
import time
import os
import shutil
import getpass
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def parse_options():
parser = OptionParser("%prog [-q|--quiet] [-p DM_PASSWORD]")
parser.add_option("-p", "--dm-password", dest="dm_password",
help="The Directory Manager password")
parser.add_option("-q", "--quiet", action="store_true", dest="quiet",
help="Keep quiet")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args)
ipa.config.init_config(options)
return options, args
# We support only des3 encoded stash files for now
def generate_new_stash_file(file):
odd_parity_bytes_pool = ['\x01', '\x02', '\x04', '\x07', '\x08', '\x0b',
'\r', '\x0e', '\x10', '\x13', '\x15', '\x16', '\x19', '\x1a', '\x1c',
'\x1f', ' ', '#', '%', '&', ')', '*', ',', '/', '1', '2', '4', '7', '8',
';', '=', '>', '@', 'C', 'E', 'F', 'I', 'J', 'L', 'O', 'Q', 'R', 'T',
'W', 'X', '[', ']', '^', 'a', 'b', 'd', 'g', 'h', 'k', 'm', 'n', 'p',
's', 'u', 'v', 'y', 'z', '|', '\x7f', '\x80', '\x83', '\x85', '\x86',
'\x89', '\x8a', '\x8c', '\x8f', '\x91', '\x92', '\x94', '\x97', '\x98',
'\x9b', '\x9d', '\x9e', '\xa1', '\xa2', '\xa4', '\xa7', '\xa8', '\xab',
'\xad', '\xae', '\xb0', '\xb3', '\xb5', '\xb6', '\xb9', '\xba', '\xbc',
'\xbf', '\xc1', '\xc2', '\xc4', '\xc7', '\xc8', '\xcb', '\xcd', '\xce',
'\xd0', '\xd3', '\xd5', '\xd6', '\xd9', '\xda', '\xdc', '\xdf', '\xe0',
'\xe3', '\xe5', '\xe6', '\xe9', '\xea', '\xec', '\xef', '\xf1', '\xf2',
'\xf4', '\xf7', '\xf8', '\xfb', '\xfd', '\xfe']
pool_len = len(odd_parity_bytes_pool)
keytype = 16 # des3
keydata = ""
r = random.SystemRandom()
for k in range(24):
keydata += r.choice(odd_parity_bytes_pool)
format = '=hi%ss' % len(keydata)
s = struct.pack(format, keytype, len(keydata), keydata)
try:
fd = open(file, "w")
fd.write(s)
except os.error, e:
logging.critical("failed to write stash file")
raise e
# clean up procedures
def cleanup(password):
try:
os.stat(basedir)
except:
return None
try:
# always remove ldappwdfile as it contains the Directory Manager password
os.remove(ldappwdfile)
except:
pass
# tar and encrypt the working dir so that we do not leave sensitive data
# around unproteceted
curtime = time.strftime("%Y%m%d%H%M%S",time.gmtime())
tarfile = libdir+"/ipa-change-mkey-"+curtime+".tar"
gpgfile = tarfile+".gpg"
args = ['/bin/tar', '-C', libdir, '-cf', tarfile, 'mkey']
ipa.ipautil.run(args)
ipa.ipautil.encrypt_file(tarfile, gpgfile, password, cachedir)
os.remove(tarfile)
shutil.rmtree(basedir, ignore_errors=True)
return "The temporary working directory with backup dump files has been securely archived and gpg-encrypted as "+gpgfile+" using the Directory Manager password."
def main():
global password
options, args = parse_options()
krbctx = krbV.default_context()
realm = krbctx.default_realm
suffix = ipa.ipautil.realm_to_suffix(realm)
backupfile = basedir+"/backup.dump"
convertfile = basedir+"/convert.dump"
oldstashfile = krb5dir+"/.k5."+realm
newstashfile = basedir+"/.new.mkey"
bkpstashfile = basedir+"/.k5."+realm
if os.getuid() != 0:
print "ERROR: This command must be run as root"
sys.exit(1)
print "DANGER: This is a dangerous operation, make sure you backup all your IPA data before running the tool"
print "This command will restart your Directory and KDC Servers."
#TODO: ask for confirmation
if not ipa.ipautil.user_input("Do you want to proceed and change the Kerberos Master key?", False):
print ""
print "Aborting..."
return 1
password = options.dm_password
if not password:
password = getpass.getpass("Directory Manager password: ")
# get a connection to the DS
try:
conn = ipaldap.IPAdmin(ipa.config.config.default_server[0])
conn.do_simple_bind(bindpw=password)
except Exception, e:
print "ERROR: Could not connect to the Directory Server on "+ipa.config.config.default_server[0]+" ("+str(e)+")"
return 1
# Wipe basedir and recreate it
shutil.rmtree(basedir, ignore_errors=True)
os.mkdir(basedir, 0700)
generate_new_stash_file(newstashfile)
# Generate conf files
try:
shutil.copyfile(etckrb5conf, ourkrb5conf)
krbconf = ipachangeconf.IPAChangeConf("IPA Installer")
krbconf.setOptionAssignment(" = ")
krbconf.setSectionNameDelimiters(("[","]"))
krbconf.setSubSectionDelimiters(("{","}"))
krbconf.setIndent((""," "," "))
#OPTS
opts = [{'name':'ldap_kadmind_dn', 'type':'option', 'action':'set', 'value':'cn=Directory Manager'},
{'name':'ldap_service_password_file', 'type':'option', 'action':'set', 'value':ldappwdfile}]
#REALM
realmopts = [{'name':realm, 'type':'subsection', 'action':'set', 'value':opts}]
#DBMODULES
dbopts = [{'name':'dbmodules', 'type':'section', 'action':'set', 'value':realmopts}]
krbconf.changeConf(ourkrb5conf, dbopts);
hexpwd = ""
for x in password:
hexpwd += (hex(ord(x))[2:])
pwd_fd = open(ldappwdfile, "w")
pwd_fd.write("cn=Directory Manager#{HEX}"+hexpwd+"\n")
pwd_fd.close()
os.chmod(ldappwdfile, 0600)
except Exception, e:
print "Failed to create custom configuration files ("+str(e)+") aborting..."
return 1
#Set environment vars so that the modified krb5.conf is used
os.environ['KRB5_CONFIG'] = ourkrb5conf
#Backup the kerberos key material for recovery if needed
args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-verbose", backupfile]
print "Performing safety backup of the key material"
try:
output = ipa.ipautil.run(args)
except ipa.ipautil.CalledProcessError, e:
print "Failed to backup key material ("+str(e)+"), aborting ..."
return 1
if not options.quiet:
princlist = output[1].split('\n')
print "Principals stored into the backup file "+backupfile+":"
for p in princlist:
print p
print ""
#Convert the kerberos keys to the new master key
args = ["/usr/kerberos/sbin/kdb5_util", "dump", "-verbose", "-new_mkey_file", newstashfile, convertfile]
print "Converting key material to new master key"
try:
output = ipa.ipautil.run(args)
except ipa.ipautil.CalledProcessError, e:
print "Failed to convert key material, aborting ..."
return 1
savedprinclist = output[1].split('\n')
if not options.quiet:
princlist = output[1].split('\n')
print "Principals dumped for conversion:"
for p in princlist:
print p
print ""
#Stop the KDC
args = ["/etc/init.d/krb5kdc", "stop"]
try:
output = ipa.ipautil.run(args)
if output[0]:
print output[0]
if output[1]:
print output[1]
except ipa.ipautil.CalledProcessError, e:
print "WARNING: Failed to restart the KDC ("+str(e)+")"
print "You will have to manually restart the KDC when the operation is completed"
#Change the mkey into ldap
try:
stash = open(newstashfile, "r")
keytype = struct.unpack('h', stash.read(2))[0]
keylen = struct.unpack('i', stash.read(4))[0]
keydata = stash.read(keylen)
#encode it in the asn.1 attribute
MasterKey = univ.Sequence()
MasterKey.setComponentByPosition(0, univ.Integer(keytype))
MasterKey.setComponentByPosition(1, univ.OctetString(keydata))
krbMKey = univ.Sequence()
krbMKey.setComponentByPosition(0, univ.Integer(0)) #we have no kvno
krbMKey.setComponentByPosition(1, MasterKey)
asn1key = pyasn1.codec.ber.encoder.encode(krbMKey)
dn = "cn="+realm+",cn=kerberos,"+suffix
mod = [(ldap.MOD_REPLACE, 'krbMKey', str(asn1key))]
conn.modify_s(dn, mod)
except Exception, e:
print "ERROR: Failed to upload the Master Key from the Stash file: "+newstashfile+" ("+str(e)+")"
return 1
#Backup old stash file and substitute with new
try:
shutil.move(oldstashfile, bkpstashfile)
shutil.copyfile(newstashfile, oldstashfile)
except Exception, e:
print "ERROR: An error occurred while installing the new stash file("+str(e)+")"
print "The KDC may fail to start if the correct stash file is not in place"
print "Verify that "+newstashfile+" has been correctly installed into "+oldstashfile
print "A backup copy of the old stash file should be saved in "+bkpstashfile
#Finally upload the converted principals
args = ["/usr/kerberos/sbin/kdb5_util", "load", "-verbose", "-update", convertfile]
print "Uploading converted key material"
try:
output = ipa.ipautil.run(args)
except ipa.ipautil.CalledProcessError, e:
print "Failed to upload key material ("+e+"), aborting ..."
return 1
if not options.quiet:
princlist = output[1].split('\n')
print "Principals converted and uploaded:"
for p in princlist:
print p
print ""
uploadedprinclist = output[1].split('\n')
#Check for differences and report
d = []
for p in savedprinclist:
if uploadedprinclist.count(p) == 0:
d.append(p)
if len(d) != 0:
print "WARNING: Not all dumped principals have been updated"
print "Principals not Updated:"
for p in d:
print p
#Remove custom environ
del os.environ['KRB5_CONFIG']
#Restart Directory Server (the pwd plugin need to read the new mkey)
args = ["/etc/init.d/dirsrv", "restart"]
try:
output = ipa.ipautil.run(args)
if output[0]:
print output[0]
if output[1]:
print output[1]
except ipa.ipautil.CalledProcessError, e:
print "WARNING: Failed to restart the Directory Server ("+str(e)+")"
print "Please manually restart the DS with 'service dirsrv restart'"
#Restart the KDC
args = ["/etc/init.d/krb5kdc", "start"]
try:
output = ipa.ipautil.run(args)
if output[0]:
print output[0]
if output[1]:
print output[1]
except ipa.ipautil.CalledProcessError, e:
print "WARNING: Failed to restart the KDC ("+str(e)+")"
print "Please manually restart the kdc with 'service krb5kdc start'"
print "Master Password successfully changed"
print "You MUST now copy the stash file "+oldstashfile+" to all the replicas and restart them!"
print ""
return 0
if __name__ == "__main__":
ret = 0
try:
ret = main()
except SystemExit, e:
ret = e
except KeyboardInterrupt, e:
ret = 1
except Exception, e:
print "%s" % str(e)
ret = 1
try:
msg = cleanup(password)
if msg:
print msg
except Exception, e:
print "Failed to clean up the temporary location for the dump files and generate and encrypted archive with error:"
print e
print "Please securely archive/encrypt "+basedir
sys.exit(ret)

181
ipa-admintools/ipa-defaultoptions
View File

@ -1,181 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2008 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa
import ipa.entity
import ipa.ipaclient as ipaclient
import ipa.config
import xmlrpclib
import kerberos
import errno
import validate
import socket
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def parse_options():
usage = "%prog [options]\n"
usage += "%prog --show"
parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter())
parser.add_option("--maxusername", dest="maxusername",
help="Max. Length of a username")
parser.add_option("--homedir", dest="homedir",
help="Default location of home directories")
parser.add_option("--defaultshell", dest="defaultshell",
help="Default shell for new users")
parser.add_option("--defaultgroup", dest="defaultgroup",
help="Default group for new users")
parser.add_option("--emaildomain", dest="emaildomain",
help="Default e-mail domain")
parser.add_option("--searchtimelimit", dest="searchtimelimit",
help="Max. amount of time (sec.) for a search (-1 is unlimited)")
parser.add_option("--searchrecordslimit", dest="searchrecordslimit",
help="Max. number of records to search (-1 is unlimited)")
parser.add_option("--usersearch", dest="usersearch",
help="A comma-separated list of fields to search when searching for users")
parser.add_option("--groupsearch", dest="groupsearch",
help="A comma-separated list of fields to search when searching for groups")
parser.add_option("--show", dest="show", action="store_true",
help="Show the current configuration")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args)
if not options.show and not options.maxusername and not options.homedir and not options.defaultshell and not options.defaultgroup and not options.emaildomain and not options.searchtimelimit and not options.searchrecordslimit and not options.usersearch and not options.groupsearch:
parser.error("nothing to do")
ipa.config.init_config(options)
return options, args
def show_config(client):
policy = client.get_ipa_config()
print "Search Configuration"
print " Search Time Limit (sec.): %s" % policy.getValues('ipaSearchTimeLimit')
print " Search Records Limit: %s" % policy.getValues('ipaSearchRecordsLimit')
print " User Search Fields: %s" % policy.getValues('ipaUserSearchFields')
print " Group Search Fields: %s" % policy.getValues('ipaGroupSearchFields')
print ""
print "User Settings"
print " Max. Username Length: %s" % policy.getValues('ipaMaxUsernameLength')
print " Root for Home Directories: %s" % policy.getValues('ipaHomesRootDir')
print " Default Shell: %s" % policy.getValues('ipaDefaultLoginShell')
print " Default User Group: %s" % policy.getValues('ipaDefaultPrimaryGroup')
print "Default E-mail Domain: %s" % policy.getValues('ipaDefaultEmailDomain')
def update_policy(client, options):
current = client.get_ipa_config()
new = ipa.entity.Entity(current.toDict())
try:
if options.maxusername:
validate.is_integer(options.maxusername, min=1)
new.setValue('ipamaxusernamelength', options.maxusername)
if options.homedir:
validate.is_string(options.homedir)
new.setValue('ipahomesrootdir', options.homedir)
if options.defaultshell:
validate.is_string(options.defaultshell)
new.setValue('ipadefaultloginshell', options.history)
if options.defaultgroup:
new.setValue('ipadefaultprimarygroup', options.defaultgroup)
if options.emaildomain:
new.setValue('ipadefaultemaildomain', options.emaildomain)
if options.searchtimelimit:
validate.is_integer(options.searchtimelimit, min=-1)
new.setValue('ipasearchtimelimit', options.searchtimelimit)
if options.searchrecordslimit:
validate.is_integer(options.searchrecordslimit, min=-1)
new.setValue('ipasearchrecordslimit', options.searchrecordslimit)
if options.usersearch:
new.setValue('ipausersearchfields', options.usersearch)
if options.groupsearch:
new.setValue('ipagroupsearchfields', options.groupsearch)
except validate.VdtTypeError, e:
print "%s" % str(e)
return 1
except validate.VdtValueTooSmallError, e:
print "%s" % str(e)
return 1
client.update_ipa_config(new)
if options.usersearch or options.groupsearch:
print "WARNING: Be sure that the attributes in User and Group search are indexed in the Directory Server or you may suffer a performance loss."
def main():
options, args = parse_options()
client = ipaclient.IPAClient(verbose=options.verbose)
if options.show:
show_config(client)
return 0
if update_policy(client, options):
return 1
print "Update successful."
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1])
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

143
ipa-admintools/ipa-deldelegation
View File

@ -1,143 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import xmlrpclib
import kerberos
import copy
import errno
import socket
import ipa.aci
from ipa import ipaerror
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
aci_fields = ['*', 'aci']
def parse_options():
usage = "%prog [-v|--verbose] name"
parser = OptionParser(usage=usage)
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "name")
ipa.config.init_config(options)
return options, args
def main():
options, args = parse_options()
client = ipaclient.IPAClient(verbose=options.verbose)
aci_entry = client.get_aci_entry(aci_fields)
aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None:
aci_str_list = []
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list]
acistr = None
aci_list = []
for aci_str in aci_str_list:
try:
aci = ipa.aci.ACI(aci_str)
if aci.name == args[0]:
acistr = aci_str
source_group = aci.source_group
else:
aci_list.append(aci)
except SyntaxError:
# ignore aci_str's that ACI can't parse
pass
if acistr is None:
print "No delegation '%s' found." % args[0]
return 2
old_aci_index = aci_str_list.index(acistr)
new_aci_str_list = copy.deepcopy(aci_str_list)
del new_aci_str_list[old_aci_index]
aci_entry.setValue('aci', new_aci_str_list)
client.update_entry(aci_entry)
last = True
# If this is the last delegation for a group, remove it from editors
for a in aci_list:
if source_group == a.source_group:
last = False
break
if last:
group = client.get_entry_by_cn("editors")
client.remove_member_from_group(source_group, group.dn)
print "Delegation removed."
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except (SyntaxError, ipaerror.IPAError), e:
print "Delegation deletion failed: " + str(e)
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

109
ipa-admintools/ipa-delgroup
View File

@ -1,109 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import errno
import socket
import ldap
import xmlrpclib
import kerberos
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def parse_options():
usage = "%prog [-v|--verbose] group"
parser = OptionParser(usage=usage)
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "group")
ipa.config.init_config(options)
return options, args
def main():
options, args = parse_options()
client = ipaclient.IPAClient(verbose=options.verbose)
groups = client.find_groups(args[0], ['cn','description','gidnumber','nsAccountLock'])
counter = groups[0]
groups = groups[1:]
to_delete = None
for i in range(counter):
dn_list = ldap.explode_dn(groups[i].dn.lower())
if "cn=%s" % args[0].lower() in dn_list:
to_delete = groups[i]
if to_delete is None:
print "Group '%s' not found." % args[0]
return 2
ret = client.delete_group(to_delete.dn)
if (ret == "Success"):
print args[0] + " successfully deleted"
else:
print args[0] + " " + ret
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

110
ipa-admintools/ipa-delservice
View File

@ -1,110 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import xmlrpclib
import kerberos
import krbV
import ldap
import errno
import socket
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def parse_options():
usage = "%prog [-v|--verbose] principal"
parser = OptionParser(usage=usage)
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "principal")
ipa.config.init_config(options)
return options, args
def main():
# The following fields are required
princ_name = ""
options, args = parse_options()
princ_name = args[0]
client = ipaclient.IPAClient(verbose=options.verbose)
hosts = client.find_service_principal(args[0], sattrs=None)
counter = hosts[0]
hosts = hosts[1:]
if counter == 0:
print "Service Principal '%s' not found." % args[0]
return 2
if counter != 1:
print "An exact match was not found. Found %d principals for %s" % (counter, args[0])
return 2
client.delete_service_principal(hosts[0].dn)
print "Successfully deleted"
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

90
ipa-admintools/ipa-deluser
View File

@ -1,90 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.ipautil as ipautil
import ipa.config
import errno
import socket
import xmlrpclib
import kerberos
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def parse_options():
usage = "%prog [-v|--verbose] user"
parser = OptionParser(usage=usage)
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "user")
ipa.config.init_config(options)
return options, args
def main():
options, args = parse_options()
client = ipaclient.IPAClient(verbose=options.verbose)
ret = client.delete_user(args[0])
print args[0] + " successfully deleted"
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

157
ipa-admintools/ipa-findgroup
View File

@ -1,157 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.ipaadminutil as ipaadminutil
import ipa.ipautil as ipautil
import ipa.config
import errno
import sys
import xmlrpclib
import kerberos
import socket
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def parse_options():
usage = "%prog [options] group"
parser = OptionParser(usage=usage)
parser.add_option("-a", "--all", action="store_true", dest="all",
help="Show all group attributes")
parser.add_option("-n", "--notranslate", action="store_true",
dest="notranslate",
help="Don't translate LDAP attributes into readable labels")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "group")
ipa.config.init_config(options)
return options, args
def main():
group={}
options, args = parse_options()
client = ipaclient.IPAClient(verbose=options.verbose)
if options.all is None:
groups = client.find_groups(args[0], ['cn','description','gidnumber','nsAccountLock'])
else:
groups = client.find_groups(args[0], sattrs=['*','nsAccountLock'])
counter = groups[0]
groups = groups[1:]
groupindex = -1
if counter == 0:
print "No entries found for", args[0]
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
if counter > 1:
try:
groupindex = ipaadminutil.select_group(counter, groups)
except KeyboardInterrupt:
return 1
if groupindex == "q":
return 0
if groupindex >= 0:
groups = [groups[groupindex]]
for ent in groups:
try:
members = client.group_members(ent.dn, ['dn','cn'], 0)
except ipa.ipaerror.IPAError, e:
print "Error getting members for " + ent.dn
print str(e)
continue
attr = ent.attrList()
if options.notranslate:
labels = {}
for a in attr:
labels[a] = a
else:
labels = client.attrs_to_labels(attr)
print "dn: " + ent.dn
for a in attr:
value = ent.getValues(a)
if isinstance(value,str):
print labels[a] + ": " + value
else:
print labels[a] + ": "
for l in value:
print "\t" + l
counter = members[0]
members = members[1:]
if counter > 0:
print "Members:"
for m in members:
print " " + m.getValue('cn') + ": " + m.dn
# blank line between results
print
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

105
ipa-admintools/ipa-findservice
View File

@ -1,105 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import ipa.ipaadminutil as ipaadminutil
import errno
import sys
import xmlrpclib
import kerberos
import socket
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def parse_options():
usage = "%prog [-v|--verbose] host"
parser = OptionParser(usage=usage)
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "host")
ipa.config.init_config(options)
return options, args
def main():
user={}
options, args = parse_options()
client = ipaclient.IPAClient(verbose=options.verbose)
hosts = client.find_service_principal(args[0], sattrs=None)
counter = hosts[0]
hosts = hosts[1:]
userindex = 0
if counter == 0:
print "No entries found for", args[0]
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
for ent in hosts:
print ent.krbprincipalname
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

177
ipa-admintools/ipa-finduser
View File

@ -1,177 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import ipa.ipaadminutil as ipaadminutil
import base64
import errno
import sys
import xmlrpclib
import kerberos
import socket
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def parse_options():
usage = "%prog [-a|--all] [-n|--notranslate] [-v|--verbose] user"
parser = OptionParser(usage=usage)
parser.add_option("-a", "--all", action="store_true", dest="all",
help="Display all attributes")
parser.add_option("-n", "--notranslate", action="store_true",
dest="notranslate",
help="Don't translate LDAP attributes into readable labels")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "user")
ipa.config.init_config(options)
return options, args
def wrap_binary_data(data):
"""Converts all binary data strings into base64-encoded objects for display
"""
if isinstance(data, str):
if ipautil.needs_base64(data):
return base64.encodestring(data)
else:
return data
elif isinstance(data, list) or isinstance(data,tuple):
retval = []
for value in data:
retval.append(wrap_binary_data(value))
return retval
elif isinstance(data, dict):
retval = {}
for (k,v) in data.iteritems():
retval[k] = wrap_binary_data(v)
return retval
else:
return data
def main():
user={}
options, args = parse_options()
client = ipaclient.IPAClient(verbose=options.verbose)
if options.all is None:
users = client.find_users(args[0], sattrs=['uid','givenname','sn','homeDirectory','loginshell'])
else:
users = client.find_users(args[0], sattrs=None)
counter = users[0]
users = users[1:]
userindex = 0
if counter == 0:
print "No entries found for", args[0]
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
if counter > 1:
try:
userindex = ipaadminutil.select_user(counter, users)
except KeyboardInterrupt:
return 1
if userindex == "q":
return 0
if userindex >= 0:
users = [users[userindex]]
for ent in users:
attr = ent.attrList()
attr.sort()
# Always have sn following givenname
try:
l = attr.index('givenname')
attr.remove('sn')
attr.insert(l+1, 'sn')
except ValueError:
pass
if options.notranslate:
labels = {}
for a in attr:
labels[a] = a
else:
labels = client.attrs_to_labels(attr)
if options.all is True:
print "dn: " + ent.dn
for a in attr:
value = ent.getValues(a)
if isinstance(value,str):
print labels[a] + ": " + str(wrap_binary_data(value)).rstrip()
else:
print labels[a] + ": "
for l in value:
print "\t" + wrap_binary_data(l)
# blank line between results
print
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

140
ipa-admintools/ipa-listdelegation
View File

@ -1,140 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import operator
import xmlrpclib
import kerberos
import errno
import socket
import ipa.aci
from ipa import ipaerror
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
aci_fields = ['*', 'aci']
def parse_options():
parser = OptionParser()
parser.add_option("-s", "--source", dest="source",
help="Source group of delegation")
parser.add_option("-n", "--name", dest="name",
help="Name of delegation")
parser.add_option("-t", "--target", dest="target",
help="Target group of delegation")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args)
ipa.config.init_config(options)
return options, args
def main():
options, args = parse_options()
all = True
if options.name or options.source or options.target:
all = False
client = ipaclient.IPAClient(verbose=options.verbose)
aci_entry = client.get_aci_entry(aci_fields)
aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None:
aci_str_list = []
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list]
aci_list = []
for aci_str in aci_str_list:
try:
aci = ipa.aci.ACI(aci_str)
aci_list.append(aci)
except SyntaxError:
# ignore aci_str's that ACI can't parse
pass
group_dn_to_cn = ipa.aci.extract_group_cns(aci_list, client)
found = False
# the operator.itemgetter(0) lets us sort by the name field
for a in sorted(aci_list, key=operator.itemgetter(0)):
labels = client.attrs_to_labels(a.attrs)
if (all or options.name == a.name or
options.source == group_dn_to_cn[a.source_group] or
options.target == group_dn_to_cn[a.dest_group]):
print "Delegation Name: " + a.name
print "Group " + group_dn_to_cn[a.source_group]
print " can modify these attributes: "
for l in labels:
print "\t" + labels[l]
print " for group " + group_dn_to_cn[a.dest_group]
print
found = True
if found:
return 0
else:
return 2
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipaerror.IPAError, e:
print("Delegation list failed: " + str(e))
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

109
ipa-admintools/ipa-lockuser
View File

@ -1,109 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipautil as ipautil
import errno
import socket
import xmlrpclib
import kerberos
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def parse_options():
usage = "%prog [-u|--unlock] [-v|--verbose] user"
parser = OptionParser(usage=usage)
parser.add_option("-u", "--unlock", action="store_true", dest="unlock",
help="Unlock a user's account")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
ipa.config.verify_args(parser, args, "user")
ipa.config.init_config(options)
return options, args
def main():
options, args = parse_options()
msg = "inactivated"
client = ipaclient.IPAClient(verbose=options.verbose)
if options.unlock:
try:
ret = client.mark_user_active(args[0])
msg = "unlocked"
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
print "User is already marked active"
return 0
except:
raise
else:
try:
ret = client.mark_user_inactive(args[0])
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
print "User is already marked inactive"
return 0
except:
raise
print args[0] + " successfully %s" % msg
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

241
ipa-admintools/ipa-moddelegation
View File

@ -1,241 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.ipaadminutil as ipaadminutil
import ipa.config
import ipa.aci
import ipa.ipautil as ipautil
import xmlrpclib
import kerberos
import krbV
import ldap
import copy
import errno
import socket
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
aci_fields = ['*', 'aci']
def parse_options():
usage = "%prog -l|--list\n"
usage += "%prog [-a|--attributes attr1,attr2,..,attrn] [-s|--source STRING] [-t|--target STRING] [-v|--verbose] name"
parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter())
parser.add_option("-a", "--attributes", dest="attributes",
help="The attributes the source group may change in the target group")
parser.add_option("-l", "--list", dest="list", action="store_true",
help="List common attributes (this is not an exhaustive list)")
parser.add_option("-s", "--source", dest="source",
help="The source group name")
parser.add_option("-t", "--target", dest="target",
help="The target group name")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if not options.list:
if not options.attributes and not options.source and not options.target:
parser.error("need at least one option of -a, -s, or -t")
ipa.config.verify_args(parser, args, "name")
ipa.config.init_config(options)
return options, args
def main():
options, args = parse_options()
if options.list:
client = ipaclient.IPAClient(verbose=options.verbose)
l = client.get_all_attrs()
for x in l:
print x
return 0
client = ipaclient.IPAClient(verbose=options.verbose)
# first do some sanity checking
if options.source:
source_grp = client.find_groups(options.source)
counter = source_grp[0]
source_grp = source_grp[1:]
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.source
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
if counter > 1:
print "\nMultiple entries for the source group found."
groupindex = ipaadminutil.select_group(counter, source_grp)
if groupindex == "q":
return 0
if groupindex >= 0:
source_grp = [source_grp[groupindex]]
if options.target:
target_grp = client.find_groups(options.target)
counter = target_grp[0]
target_grp = target_grp[1:]
groupindex = -1
if counter == 0:
print "No entries found for %s" % options.target
return 2
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
return 3
if counter > 1:
print "\nMultiple entries for the target group found."
groupindex = ipaadminutil.select_group(counter, target_grp)
if groupindex == "q":
return 0
if groupindex >= 0:
target_grp = [target_grp[groupindex]]
if options.attributes:
attr_list = options.attributes.split(',')
# find the old aci
aci_entry = client.get_aci_entry(aci_fields)
aci_str_list = aci_entry.getValues('aci')
if aci_str_list is None:
aci_str_list = []
if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
aci_str_list = [aci_str_list]
old_aci = None
acistr = None
aci_list = []
for aci_str in aci_str_list:
try:
old_aci = ipa.aci.ACI(aci_str)
if old_aci.name == args[0]:
acistr = aci_str
orig_group = old_aci.source_group
else:
aci_list.append(old_aci)
except SyntaxError:
# ignore aci_str's that ACI can't parse
pass
if acistr is None:
print "No delegation %s found." % args[0]
return 2
old_aci_index = aci_str_list.index(acistr)
new_aci = ipa.aci.ACI()
new_aci.name = args[0]
if options.source:
new_aci.source_group = source_grp[0].dn
else:
new_aci.source_group = old_aci.source_group
if options.target:
new_aci.dest_group = target_grp[0].dn
else:
new_aci.dest_group = old_aci.dest_group
if options.attributes:
new_aci.attrs = attr_list
else:
new_aci.attrs = old_aci.attrs
new_aci_str = new_aci.export_to_string()
new_aci_str_list = copy.deepcopy(aci_str_list)
new_aci_str_list[old_aci_index] = new_aci_str
aci_entry.setValue('aci', new_aci_str_list)
client.update_entry(aci_entry)
if options.source:
last = True
# If this is the last delegation for a group, remove it from editors
for a in aci_list:
if orig_group == a.source_group:
last = False
break
if last:
group = client.get_entry_by_cn("editors")
client.remove_member_from_group(orig_group, group.dn)
# Now add to the editors group so they can make changes in the UI
try:
group = client.get_entry_by_cn("editors")
client.add_group_to_group(new_aci.source_group, group.dn)
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
# This is ok, ignore it
pass
print "Delegation %s successfully updated" % args[0]
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

234
ipa-admintools/ipa-modgroup
View File

@ -1,234 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa
import ipa.group
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipaerror
import xmlrpclib
import kerberos
import ldap
import errno
import socket
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def set_add_usage(which):
print "%s option usage: --%s NAME=VALUE" % (which, which)
def parse_options():
usage = "%prog [-l|--list]\n"
usage += "%prog [-a|--add] [-r|--remove] [-v|--verbose] user group\n"
usage += "%prog [-g|--groupadd] [-e|--groupdel] [-v|--verbose] group group\n"
usage += "%prog [-d|--desc description STRING] [--addattr attribute=value] [--delattr attribute] [--setattr attribute=value] [-v|--verbose] group"
parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter())
parser.add_option("-a", "--add", dest="add", action="store_true",
help="Add a user to the group")
parser.add_option("-r", "--remove", dest="remove", action="store_true",
help="Remove a user from the group")
parser.add_option("-g", "--groupadd", dest="groupadd", action="store_true",
help="Add a group to the group")
parser.add_option("-e", "--groupdel", dest="groupdel", action="store_true",
help="Remove a group from the group")
parser.add_option("-d", "--description", dest="desc",
help="Modify the description of the group")
parser.add_option("--addattr", dest="addattr",
help="Adds an attribute or values to that attribute, attr=value",
action="append")
parser.add_option("--delattr", dest="delattr",
help="Remove an attribute", action="append")
parser.add_option("--setattr", dest="setattr",
help="Set an attribute, dropping any existing values that may exist",
action="append")
parser.add_option("-l", "--list", dest="list", action="store_true",
help="List common attributes (this is not an exhaustive list)")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if ((not options.add and not options.remove) and
(not options.groupadd and not options.groupdel) and
(not options.desc and not options.addattr and
not options.delattr and not options.setattr and not options.list)):
parser.error("need to specify at least one operation")
if not options.list:
if options.add or options.remove:
ipa.config.verify_args(parser, args, "user group")
elif options.groupadd or options.groupdel:
ipa.config.verify_args(parser, args, "group group")
elif options.desc or options.addattr or options.delattr or options.setattr:
ipa.config.verify_args(parser, args, "group")
ipa.config.init_config(options)
return options, args
def get_group(client, options, group_cn):
try:
attrs = ['*']
# in case any attributes being modified are operational such as
# nsaccountlock. Any attribute to be deleted needs to be included
# in the original record so it can be seen as being removed.
if options.delattr:
for d in options.delattr:
attrs.append(d)
group = client.get_entry_by_cn(group_cn, sattrs=attrs)
except ipa.ipaerror.IPAError, e:
print "%s" % e.message
return None
return group
def main():
group=ipa.group.Group()
options, args = parse_options()
if options.list:
client = ipaclient.IPAClient(verbose=options.verbose)
list = client.get_all_attrs()
for x in list:
print x
return 0
client = ipaclient.IPAClient(verbose=options.verbose)
if options.add:
group = get_group(client, options, args[1])
if group is None:
return 1
users = args[0].split(',')
for user in users:
client.add_user_to_group(user, group.dn)
print user + " successfully added to " + args[1]
elif options.remove:
group = get_group(client, options, args[1])
if group is None:
return 1
users = args[0].split(',')
for user in users:
client.remove_user_from_group(user, group.dn)
print user + " successfully removed"
elif options.groupadd:
group = get_group(client, options, args[1])
if group is None:
return 1
groups = args[0].split(',')
for g in groups:
tgroup = get_group(client, options, g)
if tgroup is not None:
client.add_group_to_group(tgroup.dn, group.dn)
print g + " successfully added to " + args[1]
else:
print "Group %s not found" % g
elif options.groupdel:
group = get_group(client, options, args[1])
if group is None:
return 1
groups = args[0].split(',')
for g in groups:
tgroup = get_group(client, options, g)
if tgroup is not None:
client.remove_member_from_group(tgroup.dn, group.dn)
print g + " successfully removed " + args[1]
else:
print "Group %s not found" % g
else:
group = get_group(client, options, args[0])
if group is None:
return 1
if options.desc:
group.setValue('description', options.desc)
if options.delattr:
for d in options.delattr:
group.delValue(d)
if options.setattr:
for s in options.setattr:
s = s.split('=', 1)
if len(s) != 2:
set_add_usage("set")
sys.exit(1)
(attr,value) = s
group.setValue(attr, value)
if options.addattr:
for a in options.addattr:
a = a.split('=', 1)
if len(a) != 2:
set_add_usage("add")
sys.exit(1)
(attr,value) = a
cvalue = group.getValue(attr)
if cvalue:
if isinstance(cvalue,str):
cvalue = [cvalue]
value = cvalue + [value]
group.setValue(attr, value)
client.update_group(group)
print args[0] + " successfully updated"
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

256
ipa-admintools/ipa-moduser
View File

@ -1,256 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa
import ipa.user
import ipa.ipaclient as ipaclient
import ipa.ipavalidate as ipavalidate
import ipa.ipautil as ipautil
import ipa.config
import xmlrpclib
import kerberos
import ldap
import errno
import socket
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def set_add_usage(which):
print "%s option usage: --%s NAME=VALUE" % (which, which)
def parse_options():
usage = "%prog --list\n"
usage = "%prog [options] user"
parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter())
parser.add_option("-a", "--activate", dest="activate", action="store_true",
help="Activate the user")
parser.add_option("-c", "--gecos", dest="gecos",
help="Set the GECOS field")
parser.add_option("-d", "--directory", dest="directory",
help="Set the User's home directory")
parser.add_option("-f", "--firstname", dest="gn",
help="User's first name")
parser.add_option("-l", "--lastname", dest="sn",
help="User's last name")
parser.add_option("-s", "--shell", dest="shell",
help="Set user's login shell to shell")
parser.add_option("--addattr", dest="addattr",
help="Adds an attribute or values to that attribute, attr=value",
action="append")
parser.add_option("--delattr", dest="delattr",
help="Remove an attribute", action="append")
parser.add_option("--setattr", dest="setattr",
help="Set an attribute, dropping any existing values that may exist",
action="append")
parser.add_option("--list", dest="list", action="store_true",
help="List common attributes (this is not an exhaustive list)")
parser.add_option("-M", "--mailAddress", dest="mail",
help="Set user's e-mail address")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if not options.list:
ipa.config.verify_args(parser, args, "user")
ipa.config.init_config(options)
return options, args
def main():
# The following fields are required
givenname = ""
lastname = ""
username = ""
mail = ""
gecos = ""
directory = ""
groups = ""
shell = ""
match = False
options, args = parse_options()
if options.list:
client = ipaclient.IPAClient(verbose=options.verbose)
list = client.get_all_attrs()
for x in list:
print x
return 0
username = args[0]
client = ipaclient.IPAClient(verbose=options.verbose)
try:
attrs = ['*']
# in case any attributes being modified are operational such as
# nsaccountlock. Any attribute to be deleted needs to be included
# in the original record so it can be seen as being removed.
if options.delattr:
for d in options.delattr:
attrs.append(d)
user = client.get_user_by_uid(username, sattrs=attrs)
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND):
print "User %s not found" % username
return 1
except:
raise
# If any options are set we use just those. Otherwise ask for all of them.
if options.gn or options.sn or options.directory or options.gecos or options.mail or options.shell or options.addattr or options.delattr or options.setattr or options.activate:
givenname = options.gn
lastname = options.sn
gecos = options.gecos
directory = options.directory
mail = options.mail
shell = options.shell
else:
if not options.gn:
givenname = ipautil.user_input("First name", user.getValue('givenname'), allow_empty = False)
else:
givenname = options.gn
if (not ipavalidate.String(givenname, notEmpty=True)):
print "Please enter a value"
return 1
if not options.sn:
lastname = ipautil.user_input("Last name", user.getValue('sn'), allow_empty = False)
else:
lastname = options.sn
if (not ipavalidate.String(lastname, notEmpty=True)):
print "Please enter a value"
return 1
if not options.mail:
mail = ipautil.user_input_email("E-mail address", user.getValue('mail'), allow_empty = True)
else:
mail = options.mail
if (not ipavalidate.Email(mail)):
print "E-mail must include a user and domain name"
return 1
# Ask the questions we don't normally force. We don't require answers
# for these.
if not options.gecos:
gecos = ipautil.user_input("gecos", user.getValue('gecos'))
if not options.directory:
directory = ipautil.user_input_path("Home directory", user.getValue('homeDirectory'))
if not options.shell:
shell = ipautil.user_input("Shell", user.getValue('loginshell'), allow_empty = False)
if givenname:
user.setValue('givenname', givenname)
if lastname:
user.setValue('sn', lastname)
if mail:
user.setValue('mail', mail)
if gecos:
user.setValue('gecos', gecos)
if directory:
user.setValue('homedirectory', directory)
if shell:
user.setValue('loginshell', shell)
if options.delattr:
for d in options.delattr:
user.delValue(d)
if options.setattr:
for s in options.setattr:
s = s.split('=', 1)
if len(s) != 2:
set_add_usage("set")
sys.exit(1)
(attr,value) = s
user.setValue(attr, value)
if options.addattr:
for a in options.addattr:
a = a.split('=', 1)
if len(a) != 2:
set_add_usage("add")
sys.exit(1)
(attr,value) = a
cvalue = user.getValues(attr)
if cvalue:
if isinstance(cvalue,str):
cvalue = [cvalue]
value = cvalue + [value]
user.setValue(attr, value)
if options.activate:
try:
client.mark_user_active(user.getValues('uid'))
print "User activated successfully."
except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_EMPTY_MODLIST):
print "User is already marked active"
return 0
except:
raise
client.update_user(user)
print username + " successfully updated"
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1])
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

146
ipa-admintools/ipa-passwd
View File

@ -1,146 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Tempal Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa
import ipa.ipaclient as ipaclient
import ipa.config
import xmlrpclib
import kerberos
import krbV
import ldap
import getpass
import errno
import socket
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def parse_options():
usage = "ipa-passwd [-v|--verbose] [user]"
parser = OptionParser(usage=usage)
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if len(args) > 1:
parser.error("too many arguments")
ipa.config.init_config(options)
return options, args
def get_principal(krbctx):
try:
ccache = krbctx.default_ccache()
cprinc = ccache.principal()
except krbV.Krb5Error, e:
#TODO: do a kinit
print "Unable to get kerberos principal: %s" % e[1]
return None
return cprinc.name
def main():
match = False
username = None
principal = None
options, args = parse_options()
krbctx = krbV.default_context()
if len(args) == 1:
username = args[0]
else:
principal = get_principal(krbctx)
if principal is None:
return 1
if not principal:
u = username.split('@')
if len(u) > 2 or len(u) == 0:
print "Invalid user name (%s)" % username
if len(u) == 1:
principal = username+"@"+krbctx.default_realm
else:
principal = username
print "Changing password for %s" % principal
try:
while (match != True):
# No syntax checking of the password is required because that is
# done on the server side
password = getpass.getpass(" New Password: ")
confirm = getpass.getpass(" Confirm Password: ")
if (password != confirm):
print "Passwords do not match"
match = False
elif (len(password) < 1):
print "Password cannot be empty"
match = False
else:
match = True
except KeyboardInterrupt:
print ""
print "Password change cancelled"
return 1
client = ipaclient.IPAClient(verbose=options.verbose)
client.modifyPassword(principal, '', password)
return 0
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1])
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

153
ipa-admintools/ipa-pwpolicy
View File

@ -1,153 +0,0 @@
#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
try:
from optparse import OptionParser
import ipa
import ipa.entity
import ipa.ipaclient as ipaclient
import ipa.config
import xmlrpclib
import kerberos
import errno
import validate
import socket
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
def parse_options():
usage = "ipa-pwpolicy [--maxlife days] [--minlife hours] [--history number] [--minclasses number] [--minlength number] [-v|--verbose]\n"
usage += "ipa-pwpolicy --show"
parser = OptionParser(usage=usage, formatter=ipa.config.IPAFormatter())
parser.add_option("--maxlife", dest="maxlife",
help="Max. Password Lifetime (days)")
parser.add_option("--minlife", dest="minlife",
help="Min. Password Lifetime (hours)")
parser.add_option("--history", dest="history",
help="Password History Size")
parser.add_option("--minclasses", dest="minclasses",
help="Min. Number of Character Classes")
parser.add_option("--minlength", dest="minlength",
help="Min. Length of Password")
parser.add_option("--show", dest="show", action="store_true",
help="Show the current password policy")
parser.add_option("--usage", action="store_true",
help="Program usage")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Verbose output of the XML-RPC connection")
ipa.config.add_standard_options(parser)
options, args = parser.parse_args()
if not options.show:
if not options.maxlife and not options.minlife and not options.history and not options.minclasses and not options.minlength:
parser.error("need at least one option of --maxlife, --minlife, --history, --minclasses or --minlength")
ipa.config.init_config(options)
return options, args
def show_policy(client):
policy = client.get_password_policy()
print "Password Policy"
print "Min. Password Lifetime (hours): %s" % policy.getValues('krbminpwdlife')
print "Max. Password Lifetime (days): %s" % policy.getValues('krbmaxpwdlife')
print "Min. Number of Character Classes: %s" % policy.getValues('krbpwdmindiffchars')
print "Min. Length of Password: %s" % policy.getValues('krbpwdminlength')
print "Password History Size: %s" % policy.getValues('krbpwdhistorylength')
def update_policy(client, options):
current = client.get_password_policy()
new = ipa.entity.Entity(current.toDict())
try:
if options.maxlife:
validate.is_integer(options.maxlife, min=0)
new.setValue('krbmaxpwdlife', options.maxlife)
if options.minlife:
validate.is_integer(options.minlife, min=0)
new.setValue('krbminpwdlife', options.minlife)
if options.history:
validate.is_integer(options.history, min=0)
new.setValue('krbpwdhistorylength', options.history)
if options.minclasses:
validate.is_integer(options.minclasses, min=0)
new.setValue('krbpwdmindiffchars', options.minclasses)
if options.minlength:
validate.is_integer(options.minlength, min=0)
new.setValue('krbpwdminlength', options.minlength)
except (validate.VdtTypeError, validate.VdtValueTooSmallError), e:
print e
return 1
if int(new.getValue('krbminpwdlife')) > int(new.getValue('krbmaxpwdlife')) * 24:
print "Maximum password life must be greater than minimum"
return 1
client.update_password_policy(new)
return 0
def main():
options, args = parse_options()
client = ipaclient.IPAClient(verbose=options.verbose)
if options.show:
show_policy(client)
return 0
return update_policy(client, options)
try:
if __name__ == "__main__":
sys.exit(main())
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
except xmlrpclib.Fault, fault:
if fault.faultCode == errno.ECONNREFUSED:
print "The IPA XML-RPC service is not responding."
else:
print fault.faultString
sys.exit(1)
except kerberos.GSSError, e:
print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1])
sys.exit(1)
except xmlrpclib.ProtocolError, e:
print "Unable to connect to IPA server: %s" % (e.errmsg)
sys.exit(1)
except ipa.ipaerror.IPAError, e:
print "%s" % (e.message)
sys.exit(1)
except socket.error, e:
print e[1]
print "Re-run with -v flag for more details."
except Exception, e:
print "%s" % str(e)
sys.exit(1)

32
ipa-admintools/man/Makefile
View File

@ -1,32 +0,0 @@
MANDIR = $(DESTDIR)/usr/share/man
MANFILES=\
ipa-adddelegation.1 \
ipa-addgroup.1 \
ipa-addservice.1 \
ipa-adduser.1 \
ipa-deldelegation.1 \
ipa-delgroup.1 \
ipa-delservice.1 \
ipa-deluser.1 \
ipa-findgroup.1 \
ipa-findservice.1 \
ipa-finduser.1 \
ipa-modgroup.1 \
ipa-listdelegation.1 \
ipa-lockuser.1 \
ipa-moddelegation.1 \
ipa-passwd.1 \
ipa-pwpolicy.1 \
ipa-moduser.1 \
ipa-defaultoptions.1
all: ;
install:
mkdir -p $(MANDIR)/man1
@for i in $(MANFILES) ; do install -m 644 $$i $(MANDIR)/man1 ; gzip -f $(MANDIR)/man1/$$i ; done
clean:
test:

62
ipa-admintools/man/ipa-adddelegation.1
View File

@ -1,62 +0,0 @@
.\" A man page for ipa-adddelegation
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-adddelegation" "1" "Oct 24 2007" "freeipa" ""
.SH "NAME"
ipa\-adddelegation \- Add a delegation
.SH "SYNOPSIS"
ipa\-adddelegation [\fIOPTION\fR]... \fIname\fR
.SH "DESCRIPTION"
Adds a delegation named \fIname\fR.
A delegation is used to grant write access to certain attributes from one group to another.
For example, a secretary group may be granted write access to modify the phone attribute of all users in a manager's group.
.SH "OPTIONS"
.TP
\fB\-a\fR, \fB\-\-attributes\fR=\fIATTRIBUTES\fR
A comma\-separated list of the \f[SM]attributes\fR that may be written by the source group.
.TP
\fB\-l\fR
Provide a list of common attribute names. This is not an exhaustive list.
.TP
\fB\-s\fR, \fB\-\-source\fR=\fISOURCE\fR
The name of the group that is being granted write permission.
.TP
\fB\-t\fR, \fB\-\-target\fR=\fITARGET\fR
The name of the group that will be written to.
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output
.PP
All arguments except \-v/\-\-verbose are mandatory.
.SH "EXAMPLES"
.TP
ipa\-adddelegation \-a telephonenumber,facsimiletelephonenumber,mobile \-s secretaries \-t everyone phones
Create a delegation named \fBphones\fR that will let anyone in the \fIsecretaries\fR group edit the phone numbers of anyone in the group \fIeveryone\fR.
.SH "EXIT STATUS"
0 if the delegation was added successfully
1 if an error occurred
2 if no not exactly one matching source group was found (0 or more than one)
3 if no not exactly one matching target group was found (0 or more than one

51
ipa-admintools/man/ipa-addgroup.1
View File

@ -1,51 +0,0 @@
.\" A man page for ipa-addgroup
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-addgroup" "1" "Oct 10 2007" "freeipa" ""
.SH "NAME"
ipa\-addgroup \- Add a group
.SH "SYNOPSIS"
ipa\-addgroup [\fIOPTION\fR]... \fIgroup\fR
.SH "DESCRIPTION"
Adds a group with name \fIgroup\fR.
.SH "OPTIONS"
.TP
\fB\-d\fR, \fB\-\-description\fR=\fIdescription\fR
Set the description of the group to \fIdescription\fR.
.TP
\fB\-g\fR, \fB\-\-gid\fR=\fIgid\fR
Set the gid for this group to \fIgid\fR.
If this option is not present, one is created automatically
by \fBfreeIPA\fR.
.TP
\fB\-\-addattr\fR \fIattr=value\fR
Adds \fIvalue\fR to attribute \fIattr\fR. Attributes set this way are done after other options. If an attribute is listed more than once or already exists in the entry, it is considered a multi\-valued attribute and a list of the values is created.
.TP
\fB\-\-setattr\fR \fIattr=value\fR
Set attribute \fIattr\fR to \fIvalue\fR. Any existing value will be replaced with \fIvalue\fR.
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output.
.PP
The group name and description are mandatory fields. If either of these are not included on the command line you will be asked interactively.
If no options are passed then all questions are asked.
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.

59
ipa-admintools/man/ipa-addservice.1
View File

@ -1,59 +0,0 @@
.\" A man page for ipa-addservice
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-addservice" "1" "Jan 4 2008" "freeipa" ""
.SH "NAME"
ipa\-addservice \- Add a service principal
.SH "SYNOPSIS"
ipa\-addservice [\fIOPTION\fR]... \fIprincipal\fR
.SH "DESCRIPTION"
Adds a service principal \fIprincipal\fR.
The principal takes the form of:
service/fully\-qualified\-hostname
The list of possible services is too extensive to list here but a short list is:
cifs
dns
host
HTTP
ldap
nfs
The IPA server automatically appends the Kerberos realm for which it is configured. You cannot specify a different realm.
The hostname must resolve to a DNS A record in order to ensure that it will work with Kerberos. Use the \-\-force flag to force the creation of a principal.
.SH "OPTIONS"
.TP
\fB\-\-force\fR
Force the creation of the given principal name.
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output.
.SH "EXAMPLES"
.TP
ipa\-addservice HTTP/www.example.com
Add a service principal for a web server
.TP
ipa\-addservice host/ipa.example.com
Add a service principal for the host (for ssh, for example)
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.

84
ipa-admintools/man/ipa-adduser.1
View File

@ -1,84 +0,0 @@
.\" A man page for ipa-adduser
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-adduser" "1" "Oct 10 2007" "freeipa" ""
.SH "NAME"
ipa\-adduser \- Add a user
.SH "SYNOPSIS"
ipa\-adduser [\fIOPTION\fR]... \fIuser\fR
.SH "DESCRIPTION"
Adds a user with username \fIuser\fR.
.SH "OPTIONS"
.TP
\fB\-c\fR, \fB\-\-gecos\fR=\fIgecos\fR
Set the \f[SM]GECOS\fR field to \fIgecos\fR.
The \f[SM]GECOS\fR field is traditionally used to store user's real name and other information.
.TP
\fB\-d\fR, \fB\-\-directory\fR=\fIdirectory\fR
Set user's home directory to \fIdirectory\fR.
If this option is not present, a default specified by the
.B freeIPA configuration is used.
.TP
\fB\-f\fR, \fB\-\-firstname\fR=\fIgivenName\fR
Set user's first name to \fIgivenName\fR.
.TP
\fB\-l\fR, \fB\-\-lastname\fR=\fIfamilyName\fR
Set user's last name to \fIfamilyName\fR.
.TP
\fB\-p\fR, \fB\-\-password\fR=\fIpassword\fR
Set user's password to \fIpassword\fR.
.TP
\fB\-P\fR
Prompt for the user's password.
.TP
\fB\-s\fR, \fB\-\-shell\fR=\fIshell\fR
Set the user's login shell to \fIshell\fR.
If this option is not present, a default specified by the
.B freeIPA configuration is used.
.TP
\fB\-G\fR, \fB\-\-groups\fR=\fIgroups\fR
Add this user to one or more groups in \fIgroups\fR.
\fIgroups\fR is a comma\-separated list of groups.
Each \fIgroup\fR must already exist.
.TP
\fB\-k\fR, \fB\-\-krb\-principal\fR=\fIprincipal\fR
Set this user's principal to \fIprincipal\fR.
By default the principal is set to \fBuser\fR.
.TP
\fB\-M\fR, \fB\-\-mailAddress\fR=\fImail\fR
Set this user's e\-mail address to \fImail\fR.
.TP
\fB\-\-addattr\fR \fIattr=value\fR
Adds \fIvalue\fR to attribute \fIattr\fR. Attributes set this way are done after other options. If an attribute is listed more than once or already exists in the entry, it is considered a multi\-valued attribute and a list of the values is created.
.TP
\fB\-\-setattr\fR \fIattr=value\fR
Set attribute \fIattr\fR to \fIvalue\fR. Any existing value will be replaced with \fIvalue\fR.
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output.
.PP
The mandatory fields are: user, first name and last name. If any of these are not included on the command line you will be asked interactively.
The password is asked interactively if not passed on the command\-line but it isn't mandatory. Leaving both values blank will leave the password unset on the account.
If no options are passed then all questions are asked.
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.

65
ipa-admintools/man/ipa-defaultoptions.1
View File

@ -1,65 +0,0 @@
.\" A man page for ipa-defaultoptions
.\" Copyright (C) 2008 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-defaultoptions" "1" "Jul 14 2008" "freeipa" ""
.SH "NAME"
ipa\-defaultoptions \- Display or modify the IPA Search and User Policies
.SH "SYNOPSIS"
ipa\-defaultoptions [\-\-maxusername number] [\-\-homedir directory] [\-\-defaultshell shell] [\-\-defaultgroup group] [\-\-emaildomain domain] [\-\-searchtimelimit number] [\-\-searchrecordslimit number] [\-\-usersearch fields] [\-\-groupsearch fields] [\-v|\-\-verbose]
ipa\-defaultoptions \-\-show
.SH "DESCRIPTION"
Displays or updates the IPA Search and User Policy.
.SH "OPTIONS"
.TP
\fB\-\-maxusername\fR=\fIMAXUSERNAME\fR
Max. Length of a username
.TP
\fB\-\-homedir\fR=\fIHOMEDIR\fR
Default location of home directories
.TP
\fB\-\-defaultshell\fR=\fIDEFAULTSHELL\fR
Default shell for new users
.TP
\fB\-\-defaultgroup\fR=\fIDEFAULTGROUP\fR
Default group for new users
.TP
\fB\-\-emaildomain\fR=\fIEMAILDOMAIN\fR
Default e\-mail domain
.TP
\fB\-\-searchtimelimit\fR=\fISEARCHTIMELIMIT\fR
Max. amount of time (sec.) for a search (-1 for unlimited)
.TP
\fB\-\-searchrecordslimit\fR=\fISEARCHRECORDSLIMIT\fR
Max. number of records to search (-1 for unlimited)
.TP
\fB\-\-usersearch\fR=\fIUSERSEARCH\fR
A comma\-separated list of fields to search when
searching for users
.TP
\fB\-\-groupsearch\fR=\fIGROUPSEARCH\fR
A comma\-separated list of fields to search when
searching for groups
.TP
\fB\-\-show\fR
Display the current password policy.
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.

39
ipa-admintools/man/ipa-deldelegation.1
View File

@ -1,39 +0,0 @@
.\" A man page for ipa-deldelegation
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-deldelegation" "1" "Oct 24 2007" "freeipa" ""
.SH "NAME"
ipa\-deldelegation \- Remove a delegation
.SH "SYNOPSIS"
ipa\-deldelegation \fIname\fR
.SH "OPTIONS"
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output.
.SH "DESCRIPTION"
Removes an existing delegation named \fIname\fR.
A delegation is used to grant write access to certain attributes from one group to another. ipa\-deldelegation removes this access.
.SH "EXIT STATUS"
0 if the delegation was removed successfully
1 if an error occurred
2 if no matching delegation was found

37
ipa-admintools/man/ipa-delgroup.1
View File

@ -1,37 +0,0 @@
.\" A man page for ipa-delgroup
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-delgroup" "1" "Oct 10 2007" "freeipa" ""
.SH "NAME"
ipa\-delgroup \- Delete a group
.SH "SYNOPSIS"
ipa\-delgroup \fIgroup\fR
.SH "OPTIONS"
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output.
.SH "DESCRIPTION"
Deletes a group with group name \fIgroup\fR.
Members of the group are not affected.
The groups \fIadmins\fR and \fIeditors\fR are required by IPA and may not be removed.
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.

38
ipa-admintools/man/ipa-delservice.1
View File

@ -1,38 +0,0 @@
.\" A man page for ipa-delservice
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-delservice" "1" "Jan 11 2008" "freeipa" ""
.SH "NAME"
ipa\-delservice \- Delete a service principal
.SH "SYNOPSIS"
ipa\-delservice \fIprincipal\fR
.SH "OPTIONS"
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output.
.SH "DESCRIPTION"
Deletes a service principal with name \fIprincipal\fR.
.SH "EXIT STATUS"
0 on success
1 if an error occurred
2 if not exactly one matching entries was found

35
ipa-admintools/man/ipa-deluser.1
View File

@ -1,35 +0,0 @@
.\" A man page for ipa-deluser
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-deluser" "1" "Oct 10 2007" "freeipa" ""
.SH "NAME"
ipa\-deluser \- Delete a user
.SH "SYNOPSIS"
ipa\-deluser \fIuser\fR
.SH "OPTIONS"
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output.
.SH "DESCRIPTION"
Deletes a user with user name \fIname\fR.
Users are automatically removed from groups when they are deleted.
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.

41
ipa-admintools/man/ipa-findgroup.1
View File

@ -1,41 +0,0 @@
.\" A man page for ipa-findgroup
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-findgroup" "1" "Oct 10 2007" "freeipa" ""
.SH "NAME"
ipa\-findgroup \- Find a group
.SH "SYNOPSIS"
ipa\-findgroup \fIstring\fR
.SH "OPTIONS"
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output.
.SH "DESCRIPTION"
Searches for a group that contains \fIstring\fR.
The search is a substring search in the name and description attributes.
All entries that match are displayed.
.SH "EXIT STATUS"
0 if one or more entries were found
1 if an error occurred
2 if no matching entries were found

48
ipa-admintools/man/ipa-findservice.1
View File

@ -1,48 +0,0 @@
.\" A man page for ipa-findservice
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-findservice" "1" "Jan 11 2008" "freeipa" ""
.SH "NAME"
ipa\-findservice \- Find a service principal
.SH "SYNOPSIS"
ipa\-findservice \fIstring\fR
.SH "DESCRIPTION"
Searches for a service principal that contains \fIstring\fR.
The search is a substring search in the service principal. You can search for all principals for a given host, by service or a substring.
All entries that match are displayed.
.SH "OPTIONS"
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output.
.SH "EXAMPLES"
Find all ldap service principals issued by the IPA KDC:
# ipa\-findservice ldap
Find all service principals for ipa.example.com:
# ipa\-findservice ipa.example.com
.SH "EXIT STATUS"
0 if one or more entries were found
1 if an error occurred
2 if no matching entries were found

48
ipa-admintools/man/ipa-finduser.1
View File

@ -1,48 +0,0 @@
.\" A man page for ipa-finduser
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-finduser" "1" "Oct 10 2007" "freeipa" ""
.SH "NAME"
ipa\-finduser \- Find a user
.SH "SYNOPSIS"
ipa\-finduser [\fIOPTION\fR]... \fIstring\fR
.SH "DESCRIPTION"
Searches for a user that contains \fIstring\fR.
The search is a substring search in the username, given name, family name, telephone number, organization and title attributes.
All entries that match are displayed.
.SH "OPTIONS"
.TP
\fB\-a\fR, \fB\-\-all
Display all attributes
.TP
\fB\-n\fR, \fB\-\-notranslate\fR
Don't translate the LDAP attribute names to labels that match the UI.
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output.
.PP
By default, the full name, home directory, login shell, and username fields are displayed.
.SH "EXIT STATUS"
0 if one or more entries were found
1 if an error occurred
2 if no matching entries were found

37
ipa-admintools/man/ipa-listdelegation.1
View File

@ -1,37 +0,0 @@
.\" A man page for ipa-listdelegation
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-listdelegation" "1" "Oct 24 2007" "freeipa" ""
.SH "NAME"
ipa\-listdelegation \- Lists all current delegations
.SH "SYNOPSIS"
ipa\-listdelegation
.SH "DESCRIPTION"
Lists all current delegations.
No sorting is done.
.SH "OPTIONS"
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output.
.SH "EXIT STATUS"
0 if the delegations are listed successfully
1 if an error occurred

38
ipa-admintools/man/ipa-lockuser.1
View File

@ -1,38 +0,0 @@
.\" A man page for ipa-lockuser
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-lockuser" "1" "Oct 10 2007" "freeipa" ""
.SH "NAME"
ipa\-lockuser \- Lock or unlock a user account
.SH "SYNOPSIS"
ipa\-lockuser [\fIOPTION\fR]... \fIuser\fR
.SH "DESCRIPTION"
Locks a user account with login name \fIname\fR.
Users are not removed from groups when their account is locked.
.SH "OPTIONS"
.TP
\fB\-u\fR, \fB\-\-unlock
Unlock a user's account
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output.
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.

50
ipa-admintools/man/ipa-moddelegation.1
View File

@ -1,50 +0,0 @@
.\" A man page for ipa-moddelegation
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-moddelegation" "1" "Oct 24 2007" "freeipa" ""
.SH "NAME"
ipa\-moddelegation \- Modify an existing delegation
.SH "SYNOPSIS"
ipa\-moddelegation [\fIOPTION\fR]... \fIname\fR
.SH "DESCRIPTION"
Modifies an existing delegation named \fIname\fR.
A delegation is used to grant access to certain attributes from one group to another.
.SH "OPTIONS"
.TP
\fB\-a\fR, \fB\-\-attributes\fR=\fIATTRIBUTES\fR
A comma\-separated list of the the \f[SM]attributes\fR that may be written by the source group. This list of attributes replaces the list in the existing delegation.
.TP
\fB\-s\fR, \fB\-\-source\fR=\fISOURCE\fR
The name of the group that is being granted write permission.
.TP
\fB\-t\fR, \fB\-\-target\fR=\fITARGET\fR
The name of the group that will be written to.
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output.
.PP
At least one of \-a, \-s or \-t is required.
.SH "EXIT STATUS"
0 if the delegation was updated successfully
1 if an error occurred
2 if no matching delegation was found

56
ipa-admintools/man/ipa-modgroup.1
View File

@ -1,56 +0,0 @@
.\" A man page for ipa-modgroup
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-modgroup" "1" "Oct 10 2007" "freeipa" ""
.SH "NAME"
ipa\-modgroup \- Modify a group
.SH "SYNOPSIS"
ipa\-modgroup [\fIOPTION\fR]... \fIgroup\fR
.SH "DESCRIPTION"
Updates the members or description of \fIgroup\fR.
.SH "OPTIONS"
.TP
\fB\-a\fR, \fB\-\-add\fR=\fIuser1,user2,...usern\fR
Add one or more users to the group
.TP
\fB\-d\fR, \fB\-\-description\fR=\fIdescription\fR
Modify the description of the group
.TP
\fB\-e\fR, \fB\-\-groupdel\fR=\fIgroup1,group2,...groupn\fR
Remove one or more groups from the group
.TP
\fB\-g\fR, \fB\-\-groupadd\fR=\fIgroup1,group2,...groupn\fR
Add one or more groups to the group
.TP
\fB\-r\fR, \fB\-\-remove\fR=\fIuser1,user2,...usern\fR
Remove one or more users from the group
.TP
\fB\-\-addattr\fR \fIattr=value\fR
Add a new attribute, or value to an existing attribute
.TP
\fB\-\-delattr\fR \fIattr=value\fR
Remove an attribute and all values
.TP
\fB\-\-setattr\fR \fIattr=value\fR
Set an attribute to a new value, removing all old ones
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output.
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.

56
ipa-admintools/man/ipa-moduser.1
View File

@ -1,56 +0,0 @@
.\" A man page for ipa-moduser
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-moduser" "1" "Oct 10 2007" "freeipa" ""
.SH "NAME"
ipa\-moduser \- Modify a user
.SH "SYNOPSIS"
ipa\-moduser [\fIOPTION\fR]... \fIname\fR
.SH "DESCRIPTION"
Updates the user \fIname\fR.
.SH "OPTIONS"
.TP
\fB\-a\fR, \fB\-\-activate\fR
Activate a user that was previously inactivated
.TP
\fB\-c\fR, \fB\-\-gecos\fR=\fIGECOS\fR
Set the gecos field of the user. This is traditionally the user's full name.
.TP
\fB\-d\fR, \fB\-\-directory\fR=\fIdirectory\fR
Set user's home directory
.TP
\fB\-f\fR, \fB\-\-firstname\fR=\fINAME\fR
Set user's first name
.TP
\fB\-l\fR, \fB\-\-lastname\fR=\fINAME\fR
Set user's last name
.TP
\fB\-s\fR, \fB\-\-shell\fR=\fIshell\fR
Set user's login shell
.TP
\fB\-\-addattr\fR \fIattr=value\fR
Add a new attribute, or value to an existing attribute
.TP
\fB\-\-delattr\fR \fIattr=value\fR
Remove an attribute and all values
.TP
\fB\-\-setattr\fR \fIattr=value\fR
Set an attribute to a new value, removing all old ones
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.

34
ipa-admintools/man/ipa-passwd.1
View File

@ -1,34 +0,0 @@
.\" A man page for ipa-passwd
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-passwd" "1" "Oct 10 2007" "freeipa" ""
.SH "NAME"
ipa\-passwd \- Change a user's password
.SH "SYNOPSIS"
ipa\-password [\fIuser\fR]
.SH "DESCRIPTION"
Changes the current user's password. If a \fIuser\fR is included on the command\-line then that user's password is modified.
The user is the name in the kerberos principal, so it may not match username.
.SH "OPTIONS"
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output.
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.

54
ipa-admintools/man/ipa-pwpolicy.1
View File

@ -1,54 +0,0 @@
.\" A man page for ipa-pwpolicy
.\" Copyright (C) 2007 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-pwpolicy" "1" "Feb 25 2008" "freeipa" ""
.SH "NAME"
ipa\-pwpolicy \- Display or modify the IPA password policy
.SH "SYNOPSIS"
ipa\-pwpolicy
[\-\-maxlife days] [\-\-minlife hours] [\-\-history number] [\-\-minclasses number] [\-\-minlength number]
.TP
ipa\-pwpolicy \-\-show
.SH "DESCRIPTION"
Displays or updates the IPA password policy.
.SH "OPTIONS"
.TP
\fB\-\-maxlife\fR=\fIdays\fR
Set the maximum Password Lifetime in days
.TP
\fB\-\-minlife\fR=\fIhours\fR
Set the minimum Password Lifetime in hours
.TP
\fB\-\-history\fR=\fIinteger\fR
The number of passwords stored in the password history. A value of 0 means do not store a password history.
.TP
\fB\-\-minclasses\fR=\fIinteger\fR
Set the minimum number of character classes required in a password. The classes are alpha, numeric, mixed\-case and special characters.
.TP
\fB\-\-minlength\fR=\fIinteger\fR
Set the minimum password length.
.TP
\fB\-\-show\fR
Display the current password policy.
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Display the XML\-RPC request and response for more verbose debugging output
.SH "EXIT STATUS"
The exit status is 0 on success, nonzero on error.

0
ipa-server/AUTHORS
View File

91
ipa-server/Makefile.am
View File

@ -1,91 +0,0 @@
# This file will be processed with automake-1.7 to create Makefile.in
AUTOMAKE_OPTIONS = 1.7
NULL =
SUBDIRS = \
ipa-gui \
ipa-install \
ipa-kpasswd \
ipaserver \
ipa-slapi-plugins \
xmlrpc-server \
man \
$(NULL)
sbin_SCRIPTS = \
ipa-upgradeconfig \
ipa-fix-CVE-2008-3274 \
ipa-ldap-updater \
ipa-compat-manage \
$(NULL)
install-exec-local:
mkdir -p $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore
chmod 700 $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore
mkdir -p $(DESTDIR)$(localstatedir)/cache/ipa/sessions
chmod 700 $(DESTDIR)$(localstatedir)/cache/ipa/sessions
uninstall-local:
-rmdir $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore
-rmdir $(DESTDIR)$(localstatedir)/lib/ipa
-rmdir $(DESTDIR)$(localstatedir)/cache/ipa/sessions
-rmdir $(DESTDIR)$(localstatedir)/cache/ipa
EXTRA_DIST = \
ipa-server.spec \
COPYING \
AUTHORS \
INSTALL \
README \
HACKING \
NEWS \
ChangeLog \
$(sbin_SCRIPTS) \
$(NULL)
DISTCLEANFILES = \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
intltool-*.in \
compile \
configure \
COPYING \
INSTALL \
install-sh \
missing \
mkinstalldirs \
config.guess \
ltmain.sh \
config.sub \
depcomp \
Makefile.in \
config.h.* \
aclocal.m4 \
version.m4 \
ipa-server.spec \
py-compile \
$(NULL)
# Creating ChangeLog from hg log (taken from cairo/Makefile.am):
ChangeLog: $(srcdir)/ChangeLog
$(srcdir)/ChangeLog:
@if test -d "$(srcdir)/../.hg"; then \
(cd "$(srcdir)" && \
./missing --run hg log --verbose) | fmt --split-only > $@.tmp \
&& mv -f $@.tmp $@ \
|| ($(RM) $@.tmp; \
echo Failed to generate ChangeLog, your ChangeLog may be outdated >&2; \
(test -f $@ || echo hg log is required to generate this file >> $@)); \
else \
test -f $@ || \
(echo A hg checkout and hg -log is required to generate ChangeLog >&2 && \
echo A hg checkout and hg log is required to generate this file >> $@); \
fi
.PHONY: ChangeLog $(srcdir)/ChangeLog

0
ipa-server/NEWS
View File

20
ipa-server/README
View File

@ -1,20 +0,0 @@
IPA uses Kerberos with an LDAP storage backend and some custom plugins
to help manage users and passwords.
A UI interface is provided to make user administration and self-service
possible. A set of command-line utilities that should provide the same
capabilities is in ipa-admintools.
Firefox
-------
The Gecko engine provides an interface for managing a user's configuration
in Javascript. Naturally this is highly protected and the user gets an
appropriately dire warning when you try to do this. It also requires
signed javascript.
During installation a signing certificate is created that creates
and signs /usr/share/ipa/html/configure.jar which contains the javascript
to update the browser configuration. User's are directed to go to
/errors/preferencs.html to load this javascript and apply the changes.

323
ipa-server/configure.ac
View File

@ -1,323 +0,0 @@
AC_PREREQ(2.59)
m4_include(version.m4)
AC_INIT([ipa-server],
IPA_VERSION,
[https://hosted.fedoraproject.org/projects/freeipa/newticket])
AC_CONFIG_SRCDIR([ipaserver/ipaldap.py])
AC_CONFIG_HEADERS([config.h])
AM_INIT_AUTOMAKE
AM_MAINTAINER_MODE
AC_PROG_CC
AC_STDC_HEADERS
AC_DISABLE_STATIC
AC_PROG_LIBTOOL
AC_HEADER_STDC
AC_SUBST(VERSION)
dnl ---------------------------------------------------------------------------
dnl - Check for NSPR
dnl ---------------------------------------------------------------------------
AC_CHECK_HEADER(nspr4/nspr.h)
if test "x$ac_cv_header_nspr4_nspr_h" = "xno" ; then
AC_MSG_ERROR([Required NSPR header not available (nspr-devel)])
fi
dnl ---------------------------------------------------------------------------
dnl - Check for NSS
dnl ---------------------------------------------------------------------------
SAVE_CPPFLAGS=$CPPFLAGS
CPPFLAGS="-I/usr/include/nspr4"
AC_CHECK_HEADER(nss3/nss.h)
CPPFLAGS=$SAVE_CPPFLAGS
if test "x$ac_cv_header_nss3_nss_h" = "xno" ; then
AC_MSG_ERROR([Required NSS header not available (nss-devel)])
fi
dnl ---------------------------------------------------------------------------
dnl - Check for DS slapi plugin
dnl ---------------------------------------------------------------------------
# Need to hack CPPFLAGS to be able to correctly detetct slapi-plugin.h
SAVE_CPPFLAGS=$CPPFLAGS
CPPFLAGS="-I/usr/include/nspr4"
AC_CHECK_HEADER(dirsrv/slapi-plugin.h)
CPPFLAGS=$SAVE_CPPFLAGS
if test "x$ac_cv_header_dirsrv_slapi_plugin_h" = "xno" ; then
AC_MSG_ERROR([Required DS slapi plugin header not available (fedora-ds-base-devel)])
fi
dnl ---------------------------------------------------------------------------
dnl - Check for KRB5
dnl ---------------------------------------------------------------------------
KRB5_LIBS=
AC_CHECK_HEADER(krb5.h)
krb5_impl=mit
if test "x$ac_cv_header_krb5_h" = "xyes" ; then
dnl lazy check for Heimdal Kerberos
AC_CHECK_HEADERS(heim_err.h)
if test $ac_cv_header_heim_err_h = yes ; then
krb5_impl=heimdal
else
krb5_impl=mit
fi
if test "x$krb5_impl" = "xmit"; then
AC_CHECK_LIB(k5crypto, main,
[krb5crypto=k5crypto],
[krb5crypto=crypto])
AC_CHECK_LIB(krb5, main,
[have_krb5=yes
KRB5_LIBS="-lkrb5 -l$krb5crypto -lcom_err"],
[have_krb5=no],
[-l$krb5crypto -lcom_err])
elif test "x$krb5_impl" = "xheimdal"; then
AC_CHECK_LIB(des, main,
[krb5crypto=des],
[krb5crypto=crypto])
AC_CHECK_LIB(krb5, main,
[have_krb5=yes
KRB5_LIBS="-lkrb5 -l$krb5crypto -lasn1 -lroken -lcom_err"],
[have_krb5=no],
[-l$krb5crypto -lasn1 -lroken -lcom_err])
AC_DEFINE(HAVE_HEIMDAL_KERBEROS, 1,
[define if you have HEIMDAL Kerberos])
else
have_krb5=no
AC_MSG_WARN([Unrecognized Kerberos5 Implementation])
fi
if test "x$have_krb5" = "xyes" ; then
ol_link_krb5=yes
AC_DEFINE(HAVE_KRB5, 1,
[define if you have Kerberos V])
else
AC_MSG_ERROR([Required Kerberos 5 support not available])
fi
fi
AC_SUBST(KRB5_LIBS)
dnl ---------------------------------------------------------------------------
dnl - Check for Mozilla LDAP or OpenLDAP SDK
dnl ---------------------------------------------------------------------------
AC_ARG_WITH(openldap, [ --with-openldap Use OpenLDAP])
dnl The mozldap libraries are always needed because ipa-slapi-plugins/dna/
dnl will not build against OpenLDAP.
SAVE_CPPFLAGS=$CPPFLAGS
CPPFLAGS="-I/usr/include/nspr4 -I/usr/include/nss3"
AC_CHECK_HEADER(svrcore.h)
if test "x$ac_cv_header_svrcore_h" = "xno" ; then
AC_MSG_ERROR([Required svrcore header not available (svrcore-devel)])
fi
CPPFLAGS=$SAVE_CPPFLAGS
AC_CHECK_HEADER(mozldap/ldap.h)
if test "x$ac_cv_header_mozldap_ldap_h" = "xno" ; then
AC_MSG_ERROR([Required MOZLDAP header not available (mozldap-devel)])
fi
PKG_CHECK_MODULES(MOZLDAP, mozldap > 6)
if test x$with_openldap = xyes; then
AC_CHECK_LIB(ldap, ldap_search, with_ldap=yes)
dnl Check for other libraries we need to link with to get the main routines.
test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes], , -llber) }
test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes], , -llber -lkrb) }
test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes with_ldap_des=yes], , -llber -lkrb -ldes) }
dnl Recently, we need -lber even though the main routines are elsewhere,
dnl because otherwise be get link errors w.r.t. ber_pvt_opt_on. So just
dnl check for that (it's a variable not a fun but that doesn't seem to
dnl matter in these checks) and stick in -lber if so. Can't hurt (even to
dnl stick it in always shouldn't hurt, I don't think) ... #### Someone who
dnl #### understands LDAP needs to fix this properly.
test "$with_ldap_lber" != "yes" && { AC_CHECK_LIB(lber, ber_pvt_opt_on, with_ldap_lber=yes) }
if test "$with_ldap" = "yes"; then
if test "$with_ldap_des" = "yes" ; then
LDAP_LIBS="${LDAP_LIBS} -ldes"
fi
if test "$with_ldap_krb" = "yes" ; then
LDAP_LIBS="${LDAP_LIBS} -lkrb"
fi
if test "$with_ldap_lber" = "yes" ; then
LDAP_LIBS="${LDAP_LIBS} -llber"
fi
LDAP_LIBS="${LDAP_LIBS} -lldap"
else
AC_MSG_ERROR([OpenLDAP not found])
fi
AC_SUBST(LDAP_LIBS)
LDAP_CFLAGS="${LDAP_CFLAGS} -DWITH_OPENLDAP"
AC_SUBST(LDAP_CFLAGS)
else
LDAP_LIBS="${MOZLDAP_LIBS}"
AC_SUBST(LDAP_LIBS)
LDAP_CFLAGS="${LDAP_CFLAGS} -DWITH_MOZLDAP"
AC_SUBST(LDAP_CFLAGS)
fi
dnl ---------------------------------------------------------------------------
dnl - Check for OpenSSL Crypto library
dnl ---------------------------------------------------------------------------
dnl This is a very simple check, we should probably check also for MD4_Init and
dnl probably also the version we are using is recent enough
SSL_LIBS=
AC_CHECK_LIB(crypto, DES_set_key_unchecked, [SSL_LIBS="-lcrypto"])
AC_SUBST(SSL_LIBS)
dnl ---------------------------------------------------------------------------
dnl - Check for Python
dnl ---------------------------------------------------------------------------
AC_MSG_NOTICE([Checking for Python])
have_python=no
AM_PATH_PYTHON(2.3)
if test "x$PYTHON" = "x" ; then
AC_MSG_ERROR([Python not found])
fi
dnl ---------------------------------------------------------------------------
dnl - Check for TurboGears
dnl ---------------------------------------------------------------------------
AC_MSG_NOTICE([Checking for TurboGears])
AC_CHECK_PROG(tg_found,tg-admin,true,false)
if test x"${tg_found}" = xfalse ; then
AC_MSG_ERROR(tg-admin not found in PATH. Install TurboGears)
fi
dnl ---------------------------------------------------------------------------
dnl - Set the data install directory since we don't use pkgdatadir
dnl ---------------------------------------------------------------------------
IPA_DATA_DIR="$datadir/ipa"
AC_SUBST(IPA_DATA_DIR)
dnl ---------------------------------------------------------------------------
dnl Finish
dnl ---------------------------------------------------------------------------
# Turn on the additional warnings last, so -Werror doesn't affect other tests.
AC_ARG_ENABLE(more-warnings,
[AC_HELP_STRING([--enable-more-warnings],
[Maximum compiler warnings])],
set_more_warnings="$enableval",[
if test -d $srcdir/../.hg; then
set_more_warnings=yes
else
set_more_warnings=no
fi
])
AC_MSG_CHECKING(for more warnings)
if test "$GCC" = "yes" -a "$set_more_warnings" != "no"; then
AC_MSG_RESULT(yes)
CFLAGS="\
-Wall \
-Wchar-subscripts -Wmissing-declarations -Wmissing-prototypes \
-Wnested-externs -Wpointer-arith \
-Wcast-align -Wsign-compare \
$CFLAGS"
for option in -Wno-strict-aliasing -Wno-sign-compare; do
SAVE_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $option"
AC_MSG_CHECKING([whether gcc understands $option])
AC_TRY_COMPILE([], [],
has_option=yes,
has_option=no,)
if test $has_option = no; then
CFLAGS="$SAVE_CFLAGS"
fi
AC_MSG_RESULT($has_option)
unset has_option
unset SAVE_CFLAGS
done
unset option
else
AC_MSG_RESULT(no)
fi
# Flags
AC_SUBST(CFLAGS)
AC_SUBST(CPPFLAGS)
AC_SUBST(LDFLAGS)
# Files
AC_CONFIG_FILES([
Makefile
ipa-gui/Makefile
ipa-gui/ipagui/Makefile
ipa-gui/ipagui/config/Makefile
ipa-gui/ipagui/forms/Makefile
ipa-gui/ipagui/helpers/Makefile
ipa-gui/ipagui/static/Makefile
ipa-gui/ipagui/static/css/Makefile
ipa-gui/ipagui/static/images/Makefile
ipa-gui/ipagui/static/images/template/Makefile
ipa-gui/ipagui/static/images/branding/Makefile
ipa-gui/ipagui/static/images/objects/Makefile
ipa-gui/ipagui/static/javascript/Makefile
ipa-gui/ipagui/subcontrollers/Makefile
ipa-gui/ipagui/templates/Makefile
ipa-gui/ipagui/tests/Makefile
ipa-gui/ipa_gui.egg-info/Makefile
ipa-install/Makefile
ipa-install/share/Makefile
ipa-install/updates/Makefile
ipa-kpasswd/Makefile
ipaserver/Makefile
ipa-slapi-plugins/Makefile
ipa-slapi-plugins/dna/Makefile
ipa-slapi-plugins/ipa-memberof/Makefile
ipa-slapi-plugins/ipa-pwd-extop/Makefile
ipa-slapi-plugins/ipa-winsync/Makefile
xmlrpc-server/Makefile
xmlrpc-server/test/Makefile
man/Makefile
])
AC_OUTPUT
echo "
IPA Server $VERSION
========================
prefix: ${prefix}
exec_prefix: ${exec_prefix}
libdir: ${libdir}
bindir: ${bindir}
sbindir: ${sbindir}
sysconfdir: ${sysconfdir}
localstatedir: ${localstatedir}
datadir: ${datadir}
source code location: ${srcdir}
compiler: ${CC}
cflags: ${CFLAGS}
LDAP libs: ${LDAP_LIBS}
KRB5 libs: ${KRB5_LIBS}
OpenSSL libs: ${SSL_LIBS}
Maintainer mode: ${USE_MAINTAINER_MODE}
"

66
ipa-server/ipa-gui/Makefile.am
View File

@ -1,66 +0,0 @@
NULL =
SUBDIRS = \
ipagui \
ipa_gui.egg-info \
$(NULL)
sbin_SCRIPTS = \
ipa_webgui \
$(NULL)
appdir = $(IPA_DATA_DIR)
app_DATA = \
ipa_webgui.cfg \
$(NULL)
LINGUAS = ja
mo = $(foreach lang,$(LINGUAS),locales/$(lang)/LC_MESSAGES/messages.mo)
po = $(foreach lang,$(LINGUAS),locales/$(lang)/LC_MESSAGES/messages.po)
$(mo): $(po)
tg-admin i18n compile
noinst_DATA = $(mo)
EXTRA_DIST = \
README.txt \
$(sbin_SCRIPTS) \
$(app_DATA) \
ipa_webgui.init \
dev.cfg \
sample-prod.cfg \
setup.py \
start-ipagui.py \
test.cfg \
$(po) \
locales/messages.pot \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in
CLEANFILES = \
$(mo)
initdir=$(sysconfdir)/rc.d/init.d
install-data-hook: ipa_webgui.init
if test '!' -d $(DESTDIR)$(initdir); then \
$(mkinstalldirs) $(DESTDIR)$(initdir); \
chmod 755 $(DESTDIR)$(initdir); \
fi
$(INSTALL_SCRIPT) $(srcdir)/ipa_webgui.init $(DESTDIR)$(initdir)/ipa_webgui
for mo in $(mo); do \
$(mkinstalldirs) $(DESTDIR)$(appdir)/`dirname $$mo`; \
$(INSTALL_DATA) $$mo $(DESTDIR)$(appdir)/`dirname $$mo`; \
done
uninstall-hook:
rm -f $(DESTDIR)$(initdir)/ipa_webgui
for mo in $(mo); do \
rm -f $(DESTDIR)$(appdir)/$$mo; \
done

10
ipa-server/ipa-gui/README.i18n
View File

@ -1,10 +0,0 @@
You can collect the template pot file by running the following command:
~/ipa-server/ipa-gui$ tg-admin i18n collect
which creates locales/messages.pot. However, unfortunately, the above
command doesn't work correctly for .kid files unless you apply the
patch i18n.patch.
If you add a new language translation remember to add the name to
LINGUAS in Makefile.am.

27
ipa-server/ipa-gui/README.multivalue
View File

@ -1,27 +0,0 @@
The way multi-valued fields work is this:
- A new widget is added to the form. I name it as the attribute + s.
For example, I use cns for the cn attribute.
- If you need a new validator use a ForEach() so that each value is
checked.
- This attribute is populated from the incoming attribute from the
user or group record. The widget can support multiple fields at once
but I'm using it for just one field. In fact, I don't know if it
will work with more the way I'm using it.
- In the GUI an operator can add/remove values to each multi-valued field.
- Naming is very important in the widget. TurboGears automatically
re-assembles the data into a list of dict entries if you name things
properly. For example, the cns (multiple CN entries) looks like:
cns-0.cn=Rob+Crittenden&cns-1.cn=Robert+Crittenden&cns-2.cn=rcrit
- This gets converted to:
[{'cn': u'Rob Crittenden'}, {'cn': u'Robert Crittenden'}, {'cn': u'rcrit'}]
- I take this list of dicts and pull out each value and append it to a new
list that represents the original multi-valued field
- Then the list/dict version is removed (in this case, kw['cns']).
When adding a new field you have to update:
1. The form to add the new ExpandingForm() field and perhaps a validator
2. The edit template to add the boilerplate to display the field
3. The show template to be able to display all the fields separately
4. The new template if you want to be able to enter these on new entries
5. The subcontroller so you can do the input and output conversions

4
ipa-server/ipa-gui/README.txt
View File

@ -1,4 +0,0 @@
ipa-gui
This is a TurboGears (http://www.turbogears.org) project. It can be
started by running the start-ipagui.py script.

73
ipa-server/ipa-gui/dev.cfg
View File

@ -1,73 +0,0 @@
[global]
# This is where all of your settings go for your development environment
# Settings that are the same for both development and production
# (such as template engine, encodings, etc.) all go in
# ipagui/config/app.cfg
# DATABASE
# pick the form for your database
# sqlobject.dburi="postgres://username@hostname/databasename"
# sqlobject.dburi="mysql://username:password@hostname:port/databasename"
# sqlobject.dburi="sqlite:///file_name_and_path"
# If you have sqlite, here's a simple default to get you started
# in development
# sqlobject.dburi="sqlite://%(current_dir_uri)s/devdata.sqlite"
# if you are using a database or table type without transactions
# (MySQL default, for example), you should turn off transactions
# by prepending notrans_ on the uri
# sqlobject.dburi="notrans_mysql://username:password@hostname:port/databasename"
# for Windows users, sqlite URIs look like:
# sqlobject.dburi="sqlite:///drive_letter:/path/to/file"
# TurboGears sessions. Storing in /tmp for a production system would be
# insane but should be fine for developers.
session_filter.storage_type='File'
session_filter.storage_path='/tmp'
# SERVER
# Some server parameters that you may want to tweak
# server.socket_port=8080
# Enable the debug output at the end on pages.
# log_debug_info_filter.on = False
server.environment="development"
autoreload.package="ipagui"
# Auto-Reload after code modification
# autoreload.on = True
# Set to True if you'd like to abort execution if a controller gets an
# unexpected parameter. False by default
tg.strict_parameters = True
# Set to True if you want to use internationalization support.
i18n.run_template_filter = True
# LOGGING
# Logging configuration generally follows the style of the standard
# Python logging module configuration. Note that when specifying
# log format messages, you need to use *() for formatting variables.
# Deployment independent log configuration is in ipagui/config/log.cfg
[logging]
[[loggers]]
[[[ipagui]]]
level='DEBUG'
qualname='ipagui'
handlers=['debug_out']
[[[allinfo]]]
level='INFO'
handlers=['debug_out']
[[[access]]]
level='INFO'
qualname='turbogears.access'
handlers=['access_out']
propagate=0

16
ipa-server/ipa-gui/i18n.patch
View File

@ -1,16 +0,0 @@
--- turbogears/command/i18n.py.orig 2008-02-07 16:40:14.000000000 -0500
+++ turbogears/command/i18n.py 2008-02-07 16:40:43.000000000 -0500
@@ -251,7 +251,12 @@
if self.options.loose_kid_support or el.get('lang', None):
tag = re.sub('({[^}]+})?(\w+)', '\\2', el.tag)
ents = []
- if el.text: ents = [el.text.strip()]
+ if el.text and not ( el.text.strip() in keys):
+ if el.tag == "script":
+ ents = [el.text.strip()]
+ else:
+ messages.append((tag, fname, el.text.strip()))
+ keys.append(el.text.strip())
if el.attrib: ents.extend(el.attrib.values())
for k in ents:
key = None

22
ipa-server/ipa-gui/ipa_gui.egg-info/Makefile.am
View File

@ -1,22 +0,0 @@
NULL =
appdir = $(IPA_DATA_DIR)/ipa_gui.egg-info
app_DATA = \
dependency_links.txt \
entry_points.txt \
not-zip-safe \
paster_plugins.txt \
PKG-INFO \
requires.txt \
SOURCES.txt \
sqlobject.txt \
top_level.txt \
$(NULL)
EXTRA_DIST = \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

15
ipa-server/ipa-gui/ipa_gui.egg-info/PKG-INFO
View File

@ -1,15 +0,0 @@
Metadata-Version: 1.0
Name: ipa-gui
Version: 1.0
Summary: UNKNOWN
Home-page: UNKNOWN
Author: UNKNOWN
Author-email: UNKNOWN
License: UNKNOWN
Description: UNKNOWN
Platform: UNKNOWN
Classifier: Development Status :: 3 - Alpha
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Framework :: TurboGears

30
ipa-server/ipa-gui/ipa_gui.egg-info/SOURCES.txt
View File

@ -1,30 +0,0 @@
README.txt
ipa-webgui
setup.py
start-ipagui.py
ipa_gui.egg-info/PKG-INFO
ipa_gui.egg-info/SOURCES.txt
ipa_gui.egg-info/dependency_links.txt
ipa_gui.egg-info/entry_points.txt
ipa_gui.egg-info/not-zip-safe
ipa_gui.egg-info/paster_plugins.txt
ipa_gui.egg-info/requires.txt
ipa_gui.egg-info/sqlobject.txt
ipa_gui.egg-info/top_level.txt
ipagui/__init__.py
ipagui/controllers.py
ipagui/json.py
ipagui/model.py
ipagui/proxyprovider.py
ipagui/proxyvisit.py
ipagui/release.py
ipagui/config/__init__.py
ipagui/forms/__init__.py
ipagui/forms/group.py
ipagui/forms/user.py
ipagui/helpers/__init__.py
ipagui/helpers/userhelper.py
ipagui/templates/__init__.py
ipagui/tests/__init__.py
ipagui/tests/test_controllers.py
ipagui/tests/test_model.py

1
ipa-server/ipa-gui/ipa_gui.egg-info/dependency_links.txt
View File

@ -1 +0,0 @@

6
ipa-server/ipa-gui/ipa_gui.egg-info/entry_points.txt
View File

@ -1,6 +0,0 @@
[turbogears.identity.provider]
proxyprovider = ipagui.proxyprovider:ProxyIdentityProvider
[turbogears.visit.manager]
proxyvisit = ipagui.proxyvisit:ProxyVisitManager

1
ipa-server/ipa-gui/ipa_gui.egg-info/not-zip-safe
View File

@ -1 +0,0 @@

2
ipa-server/ipa-gui/ipa_gui.egg-info/paster_plugins.txt
View File

@ -1,2 +0,0 @@
TurboGears
PasteScript

1
ipa-server/ipa-gui/ipa_gui.egg-info/requires.txt
View File

@ -1 +0,0 @@
TurboGears >= 1.0.2.2

2
ipa-server/ipa-gui/ipa_gui.egg-info/sqlobject.txt
View File

@ -1,2 +0,0 @@
db_module=ipagui.model
history_dir=$base/ipagui/sqlobject-history

1
ipa-server/ipa-gui/ipa_gui.egg-info/top_level.txt
View File

@ -1 +0,0 @@
ipagui

207
ipa-server/ipa-gui/ipa_webgui
View File

@ -1,207 +0,0 @@
#! /usr/bin/python -E
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import os, sys, pwd, grp
from optparse import OptionParser
import traceback
import logging
import signal
def usage():
print "ipa_webgui [-f|--foreground] [-d|--debug]"
sys.exit(1)
def parse_options():
parser = OptionParser()
parser.add_option("-f", "--foreground", dest="foreground",
action="store_true", default=False,
help="Remain in the foreground")
parser.add_option("-d", "--debug", dest="debug", action="store_true",
default=False,
help="Increase the amount of logging information")
parser.add_option("--usage", action="store_true",
help="Program usage")
options, args = parser.parse_args(sys.argv)
return options, args
def daemonize():
# fork once so the parent can exit
try:
pid = os.fork()
except OSError, e:
raise Exception, "%s [%d]" % (e.strerror, e.errno)
if pid != 0:
os._exit(0)
# become session leader
os.setsid()
# fork again to reparent to init
try:
pid = os.fork()
except OSError, e:
raise Exception, "%s [%d]" % (e.strerror, e.errno)
if pid != 0:
os._exit(0)
os.chdir("/")
os.umask(0)
import resource
maxfd = resource.getrlimit(resource.RLIMIT_NOFILE)[1]
if (maxfd == resource.RLIM_INFINITY):
maxfd = 1024
# close all file descriptors
for fd in range(0, maxfd):
try:
os.close(fd)
except OSError:
pass
# stdin
os.open("/dev/null", os.O_RDWR)
# stdout
os.open("/dev/null", os.O_RDWR)
# stderr
os.open("/dev/null", os.O_RDWR)
def main():
options, args = parse_options()
foreground = options.foreground
if options.debug:
loglevel = logging.DEBUG
else:
loglevel = logging.WARN
# To make development easier, we detect if we are in the development
# environment to load a different configuration and avoid becoming
# a daemon
devel = False
if os.path.exists(os.path.join(os.path.dirname(__file__), "Makefile.am")):
devel = True
foreground = True
if not foreground:
try:
daemonize()
except Exception, e:
sys.stderr.write("error becoming daemon: " + str(e))
sys.exit(1)
if not foreground:
try:
daemonize()
except Exception, e:
sys.stderr.write("error becoming daemon: " + str(e))
sys.exit(1)
# Drop privileges and write our pid file only if we're running as root
if os.getuid() == 0:
# Write out our pid file
pidfile = open("/var/run/ipa_webgui.pid", "w")
pidfile.write(str(os.getpid()))
pidfile.close()
# Drop privs
apache_uid = pwd.getpwnam("apache")[2]
apache_gid = grp.getgrnam("apache")[2]
try:
os.setgid(apache_gid)
except OSError, e:
log.error("Could not set effective group id: %s" % e)
try:
os.setuid(apache_uid)
except OSError, e:
log.error("Could not set effective user id: %s" % e)
if foreground:
logging.basicConfig(level=loglevel,
format='%(asctime)s %(name)s %(levelname)s %(message)s',
stream=sys.stderr)
else:
# This log file name needs to be kept in sync with the one in
# ipa_webgui.cfg
logging.basicConfig(level=loglevel,
format='%(asctime)s %(name)s %(levelname)s %(message)s',
filename='/var/log/ipa_error.log')
sys.path.append("/usr/share/ipa")
# this must be after sys.path is changed to work correctly
import pkg_resources
pkg_resources.require("TurboGears")
pkg_resources.require("ipa_gui")
from turbogears import update_config, start_server
from turbogears.config import update
import cherrypy
cherrypy.lowercase_api = True
try:
if hasattr(signal, "SIGTERM"):
def SIGTERM(signum=None, frame=None):
cherrypy.server.stop()
signal.signal(signal.SIGTERM, SIGTERM)
except ValueError, _signal_exc:
if _signal_exc.args[0] != "signal only works in main thread":
raise
# Shut down the logging set up here so that CherryPy logging can take
# over. TurboGears configuration errors will not be caught.
if not foreground:
logging.shutdown()
# Load the config - look for a local file first for development
# and then the system config file
if devel:
update_config(configfile="dev.cfg",
modulename="ipagui.config")
update( { "i18n.locale_dir": "locales"} )
else:
update_config(configfile="/usr/share/ipa/ipa_webgui.cfg",
modulename="ipagui.config.app")
update( { "i18n.locale_dir": "/usr/share/ipa/locales"} )
from ipagui.controllers import Root
start_server(Root())
try:
main()
sys.exit(0)
except SystemExit, e:
sys.exit(e)
except Exception, e:
message = "failed to start web gui: %s" % str(e)
print message
for str in traceback.format_tb(sys.exc_info()[2]):
message = message + "\n" + str
logging.error(message)
sys.exit(1)

109
ipa-server/ipa-gui/ipa_webgui.cfg
View File

@ -1,109 +0,0 @@
[global]
# This is where all of your settings go for your production environment.
# Settings that are the same for both development and production
# (such as template engine, encodings, etc.) all go in
# ipagui/config/app.cfg
# DATABASE
# no database for ipa_webgui since everything is stored in LDAP
# SERVER
server.environment="production"
autoreload.package="ipagui"
autoreload.on = False
# Sets the number of threads the server uses
server.thread_pool = 10
# if this is part of a larger site, you can set the path
# to the TurboGears instance here
server.webpath="/ipa/ui"
# Set to True if you are deploying your App behind a proxy
# e.g. Apache using mod_proxy
base_url_filter.on = True
# Set to True if your proxy adds the x_forwarded_host header
# base_url_filter.use_x_forwarded_host = True
# If your proxy does not add the x_forwarded_host header, set
# the following to the *public* host url.
# (Note: This will be overridden by the use_x_forwarded_host option
# if it is set to True and the proxy adds the header correctly.
# base_url_filter.base_url = "http://www.example.com"
# Set to True if you'd like to abort execution if a controller gets an
# unexpected parameter. False by default
# tg.strict_parameters = False
# Set to True if you want to use internationalization support.
i18n.run_template_filter = True
# TurboGears sessions.
session_filter.storage_type='File'
session_filter.storage_path='/var/cache/ipa/sessions'
# Listen only on the local interface so all requests go through
# Apache/mod_auth_kerb/mod_proxy.
server.socket_port = 8080
server.socket_host="127.0.0.1"
# LOGGING
# Logging configuration generally follows the style of the standard
# Python logging module configuration. Note that when specifying
# log format messages, you need to use *() for formatting variables.
# Deployment independent log configuration is in ipagui/config/log.cfg
[logging]
[[formatters]]
[[[message_only]]]
format='*(message)s'
[[[full_content]]]
format='*(asctime)s *(name)s *(levelname)s *(message)s'
[[handlers]]
[[[debug_out]]]
# Rotate weekly on Sunday. Keep 4 backups of the log
class='TimedRotatingFileHandler'
level='DEBUG'
args="('/var/log/ipa_error.log', 'w6', 1, 4)"
formatter='full_content'
[[[access_out]]]
# For example only if one wants to duplicate the access log in TurboGears
# Rotate weekly on Sunday. Keep 4 backups of the log
#class='TimedRotatingFileHandler'
#level='INFO'
#args="('/var/log/ipa_error.log', 'w6', 1, 4)"
#formatter='message_only'
# By default log access to stdout which will go to /dev/null in production
class='StreamHandler'
level='INFO'
args='(sys.stdout,)'
formatter='message_only'
[[[error_out]]]
class='StreamHandler'
level='ERROR'
args='(sys.stdout,)'
[[loggers]]
[[[ipagui]]]
level='DEBUG'
qualname='ipagui'
handlers=['debug_out']
propagate=0
[[[allinfo]]]
level='INFO'
handlers=['debug_out']
propagate=0
[[[access]]]
level='INFO'
qualname='turbogears.access'
handlers=['access_out']
propagate=0

79
ipa-server/ipa-gui/ipa_webgui.init
View File

@ -1,79 +0,0 @@
#!/bin/sh
#
# ipa_webgui This starts and stops ipa_webgui
#
# chkconfig: - 36 64
# description: ipa_webgui IPA Web User Interface
# processname: /usr/sbin/ipa_webgui
# configdir: /etc/sysconfig/ipa_webgui
#
# Source function library.
if [ -f /etc/rc.d/init.d/functions ] ; then
. /etc/rc.d/init.d/functions
fi
# Source networking configuration.
if [ -f /etc/sysconfig/network ] ; then
. /etc/sysconfig/network
fi
# Check that networking is up.
if [ "${NETWORKING}" = "no" ]
then
echo "Networking is down"
exit 0
fi
NAME="ipa_webgui"
PROG="/usr/sbin/ipa_webgui"
RUNAS="apache"
start() {
echo -n $"Starting $NAME: "
daemon $PROG
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ipa_webgui || \
RETVAL=1
return $RETVAL
}
stop() {
echo -n $"Shutting down $NAME: "
killproc $NAME
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ipa_webgui
return $RETVAL
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $PROG
;;
restart)
restart
;;
condrestart)
[ -f /var/lock/subsys/ipa_webgui ] && restart || :
;;
reload)
exit 3
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart}"
exit 2
esac
exit $?

30
ipa-server/ipa-gui/ipagui/Makefile.am
View File

@ -1,30 +0,0 @@
NULL =
SUBDIRS = \
config \
forms \
helpers \
static \
subcontrollers \
templates \
tests \
$(NULL)
appdir = $(IPA_DATA_DIR)/ipagui
app_PYTHON = \
__init__.py \
controllers.py \
json.py \
model.py \
proxyprovider.py \
proxyvisit.py \
release.py \
$(NULL)
EXTRA_DIST = \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
*.pyc \
Makefile.in

0
ipa-server/ipa-gui/ipagui/__init__.py
View File

20
ipa-server/ipa-gui/ipagui/config/Makefile.am
View File

@ -1,20 +0,0 @@
NULL =
appdir = $(IPA_DATA_DIR)/ipagui/config
app_PYTHON = \
__init__.py \
$(NULL)
app_DATA = \
app.cfg \
log.cfg \
$(NULL)
EXTRA_DIST = \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
*.pyc \
Makefile.in

0
ipa-server/ipa-gui/ipagui/config/__init__.py
View File

104
ipa-server/ipa-gui/ipagui/config/app.cfg
View File

@ -1,104 +0,0 @@
[global]
# The settings in this file should not vary depending on the deployment
# environment. dev.cfg and prod.cfg are the locations for
# the different deployment settings. Settings in this file will
# be overridden by settings in those other files.
# The commented out values below are the defaults
# VIEW
# which view (template engine) to use if one is not specified in the
# template name
# tg.defaultview = "kid"
# The following kid settings determine the settings used by the kid serializer.
# One of (html|html-strict|xhtml|xhtml-strict|xml|json)
# kid.outputformat="html"
# kid.encoding="utf-8"
# The sitetemplate is used for overall styling of a site that
# includes multiple TurboGears applications
# tg.sitetemplate="<packagename.templates.templatename>"
# Allow every exposed function to be called as json,
# tg.allow_json = False
# List of Widgets to include on every page.
# for exemple ['turbogears.mochikit']
# tg.include_widgets = []
# Set to True if the scheduler should be started
# tg.scheduler = False
# Set session or cookie
session_filter.on = True
# VISIT TRACKING
# Each visit to your application will be assigned a unique visit ID tracked via
# a cookie sent to the visitor's browser.
# --------------
# Enable Visit tracking
visit.on=True
# Number of minutes a visit may be idle before it expires.
# visit.timeout=20
# The name of the cookie to transmit to the visitor's browser.
# visit.cookie.name="tg-visit"
# Domain name to specify when setting the cookie (must begin with . according to
# RFC 2109). The default (None) should work for most cases and will default to
# the machine to which the request was made. NOTE: localhost is NEVER a valid
# value and will NOT WORK.
# visit.cookie.domain=None
# Specific path for the cookie
# visit.cookie.path="/"
# The name of the VisitManager plugin to use for visitor tracking.
visit.manager="proxyvisit"
# IDENTITY
# General configuration of the TurboGears Identity management module
# --------
# Switch to turn on or off the Identity management module
identity.on=True
# [REQUIRED] URL to which CherryPy will internally redirect when an access
# control check fails. If Identity management is turned on, a value for this
# option must be specified.
identity.failure_url="/loginfailed"
identity.provider='proxyprovider'
# The names of the fields on the login form containing the visitor's user ID
# and password. In addition, the submit button is specified simply so its
# existence may be stripped out prior to passing the form data to the target
# controller.
# identity.form.user_name="user_name"
# identity.form.password="password"
# identity.form.submit="login"
# What sources should the identity provider consider when determining the
# identity associated with a request? Comma separated list of identity sources.
# Valid sources: form, visit, http_auth
# identity.source="form,http_auth,visit"
identity.source="visit"
# compress the data sends to the web browser
# [/]
# gzip_filter.on = True
# gzip_filter.mime_types = ["application/x-javascript", "text/javascript", "text/html", "text/css", "text/plain"]
[/static]
static_filter.on = True
static_filter.dir = "%(top_level_dir)s/static"
[/favicon.ico]
static_filter.on = True
static_filter.file = "%(top_level_dir)s/static/images/favicon.ico"

32
ipa-server/ipa-gui/ipagui/config/log.cfg
View File

@ -1,32 +0,0 @@
# LOGGING
# Logging is often deployment specific, but some handlers and
# formatters can be defined here.
[logging]
[[formatters]]
[[[message_only]]]
format='*(message)s'
[[[full_content]]]
format='*(asctime)s *(name)s *(levelname)s *(message)s'
[[[datestamped]]]
format='*(asctime)s *(message)s'
[[handlers]]
[[[debug_out]]]
class='StreamHandler'
level='DEBUG'
args='(sys.stdout,)'
formatter='full_content'
[[[access_out]]]
class='StreamHandler'
level='INFO'
args='(sys.stdout,)'
formatter='datestamped'
[[[error_out]]]
class='StreamHandler'
level='ERROR'
args='(sys.stdout,)'

135
ipa-server/ipa-gui/ipagui/controllers.py
View File

@ -1,135 +0,0 @@
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import logging
import StringIO
import traceback
import cherrypy
import turbogears
from turbogears import controllers, expose, flash
from turbogears import config
from turbogears import validators, validate
from turbogears import widgets, paginate
from turbogears import error_handler
from turbogears import identity
import ipa.config
import ipa.ipaclient
from subcontrollers.user import UserController
from subcontrollers.group import GroupController
from subcontrollers.delegation import DelegationController
from subcontrollers.policy import PolicyController
from subcontrollers.ipapolicy import IPAPolicyController
from subcontrollers.principal import PrincipalController
ipa.config.init_config()
log = logging.getLogger(__name__)
class Root(controllers.RootController):
user = UserController()
group = GroupController()
delegate = DelegationController()
policy = PolicyController()
ipapolicy = IPAPolicyController()
principal = PrincipalController()
@expose(template="ipagui.templates.welcome")
@identity.require(identity.not_anonymous())
def index(self):
return dict()
@expose()
@identity.require(identity.not_anonymous())
def topsearch(self, **kw):
if kw.get('searchtype') == "Users":
return Root.user.list(uid=kw.get('searchvalue'))
else:
return Root.group.list(criteria=kw.get('searchvalue'))
@expose("ipagui.templates.loginfailed")
def loginfailed(self, **kw):
return dict()
_error_codes = {
None: u'General Error',
400: u'400 - Bad Request',
401: u'401 - Unauthorized',
403: u'403 - Forbidden',
404: u'404 - Not Found',
500: u'500 - Internal Server Error',
501: u'501 - Not Implemented',
502: u'502 - Bad Gateway',
}
def handle_error(self, status, message):
"""This method is derived from the sample error catcher on
http://docs.turbogears.org/1.0/ErrorReporting."""
try:
error_msg = self._error_codes.get(status, self._error_codes[None])
url = "%s %s" % (cherrypy.request.method, cherrypy.request.path)
if (status == 500):
log.exception("%s error (%s) for request '%s'", status,
error_msg, url)
else:
log.error("%s error (%s) for request '%s'", status,
error_msg, url)
if config.get('server.environment') == 'production':
details = ''
else:
buf = StringIO.StringIO()
traceback.print_exc(file=buf)
details = buf.getvalue()
buf.close()
data = dict(
status = status,
message = message,
error_msg = error_msg,
url = url,
details = details,
)
if status == 404:
page_template = 'ipagui.templates.not_found'
else:
page_template = 'ipagui.templates.unhandled_exception'
body = controllers._process_output(
data,
page_template,
'html',
'text/html',
None
)
cherrypy.response.headers['Content-Length'] = len(body)
cherrypy.response.body = body
# don't catch SystemExit
except StandardError, exc:
log.exception('Error handler failed: %s', exc)
# To hook in error handler for production only:
# if config.get('server.environment') == 'production':
# _cp_on_http_error = handle_error
_cp_on_http_error = handle_error

19
ipa-server/ipa-gui/ipagui/forms/Makefile.am
View File

@ -1,19 +0,0 @@
NULL =
appdir = $(IPA_DATA_DIR)/ipagui/forms
app_PYTHON = \
__init__.py \
group.py \
ipapolicy.py \
user.py \
delegate.py \
principal.py \
$(NULL)
EXTRA_DIST = \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
*.pyc \
Makefile.in

0
ipa-server/ipa-gui/ipagui/forms/__init__.py
View File

110
ipa-server/ipa-gui/ipagui/forms/delegate.py
View File

@ -1,110 +0,0 @@
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import turbogears
from turbogears import validators, widgets
from ipagui.helpers import ipahelper
from ipagui.forms.user import UserFields
# TODO - get from config or somewhere
aci_attrs = [
UserFields.givenname,
UserFields.sn,
UserFields.cn,
UserFields.title,
UserFields.displayname,
UserFields.initials,
UserFields.uid,
UserFields.krbprincipalkey,
UserFields.uidnumber,
UserFields.gidnumber,
UserFields.homedirectory,
UserFields.loginshell,
UserFields.gecos,
UserFields.mail,
UserFields.telephonenumber,
UserFields.facsimiletelephonenumber,
UserFields.mobile,
UserFields.pager,
UserFields.homephone,
UserFields.street,
UserFields.l,
UserFields.st,
UserFields.postalcode,
UserFields.ou,
UserFields.businesscategory,
UserFields.description,
UserFields.employeetype,
UserFields.manager,
UserFields.roomnumber,
UserFields.secretary,
UserFields.carlicense,
UserFields.labeleduri,
]
aci_checkbox_attrs = [(field.name, field.label) for field in aci_attrs]
aci_name_to_label = dict(aci_checkbox_attrs)
class DelegateFields(object):
name = widgets.TextField(name="name", label="Delegation Name")
source_group_dn = widgets.HiddenField(name="source_group_dn")
dest_group_dn = widgets.HiddenField(name="dest_group_dn")
source_group_cn = widgets.HiddenField(name="source_group_cn",
label="People in Group")
dest_group_cn = widgets.HiddenField(name="dest_group_cn",
label="For People in Group")
orig_acistr = widgets.HiddenField(name="orig_acistr")
attrs = widgets.CheckBoxList(name="attrs", label="Can Modify",
options=aci_checkbox_attrs, validator=validators.NotEmpty)
class DelegateValidator(validators.Schema):
name = validators.String(not_empty=True)
source_group_dn = validators.String(not_empty=True,
messages = { 'empty': _("Please choose a group"), })
dest_group_dn = validators.String(not_empty=True,
messages = { 'empty': _("Please choose a group"), })
# There is no attrs validator here because then it shows as one
# huge block of color in the form. The validation is done in
# the subcontroller.
class DelegateForm(widgets.Form):
params = ['delegate_fields', 'attr_list']
hidden_fields = [
DelegateFields.source_group_dn,
DelegateFields.dest_group_dn,
DelegateFields.source_group_cn,
DelegateFields.dest_group_cn,
DelegateFields.orig_acistr,
]
validator = DelegateValidator()
def __init__(self, *args, **kw):
super(DelegateForm,self).__init__(*args, **kw)
(self.template_c, self.template) = ipahelper.load_template(
"ipagui.templates.delegateform")
self.delegate_fields = DelegateFields
def update_params(self, params):
super(DelegateForm,self).update_params(params)

89
ipa-server/ipa-gui/ipagui/forms/group.py
View File

@ -1,89 +0,0 @@
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import turbogears
from turbogears import validators, widgets
from tg_expanding_form_widget.tg_expanding_form_widget import ExpandingForm
from ipagui.helpers import ipahelper,validators
class GroupFields(object):
cn = widgets.TextField(name="cn", label="Name")
gidnumber = widgets.TextField(name="gidnumber", label="GID")
description = widgets.TextField(name="description", label="Description")
editprotected_hidden = widgets.HiddenField(name="editprotected")
nsAccountLock = widgets.SingleSelectField(name="nsAccountLock",
label="Group Status",
options = [("", "active"), ("true", "inactive")])
group_orig = widgets.HiddenField(name="group_orig")
member_data = widgets.HiddenField(name="member_data")
dn_to_info_json = widgets.HiddenField(name="dn_to_info_json")
class GroupNewValidator(validators.Schema):
filter_extra_fields = True
allow_extra_fields = True
cn = validators.GoodName(not_empty=True)
description = validators.String(not_empty=False)
class GroupNewForm(widgets.Form):
params = ['group_fields']
hidden_fields = [
GroupFields.dn_to_info_json
]
validator = GroupNewValidator()
def __init__(self, *args, **kw):
super(GroupNewForm,self).__init__(*args, **kw)
(self.template_c, self.template) = ipahelper.load_template("ipagui.templates.groupnewform")
self.group_fields = GroupFields
def update_params(self, params):
super(GroupNewForm,self).update_params(params)
class GroupEditValidator(validators.Schema):
filter_extra_fields = True
allow_extra_fields = True
cn = validators.GoodName(not_empty=False)
gidnumber = validators.Int(not_empty=False)
description = validators.String(not_empty=False)
pre_validators = [
validators.RequireIfPresent(required='cn', present='editprotected'),
validators.RequireIfPresent(required='gidnumber', present='editprotected'),
]
class GroupEditForm(widgets.Form):
params = ['members', 'group_fields']
hidden_fields = [
GroupFields.editprotected_hidden,
GroupFields.group_orig, GroupFields.member_data,
GroupFields.dn_to_info_json
]
validator = GroupEditValidator()
def __init__(self, *args, **kw):
super(GroupEditForm,self).__init__(*args, **kw)
(self.template_c, self.template) = ipahelper.load_template("ipagui.templates.groupeditform")
self.group_fields = GroupFields

87
ipa-server/ipa-gui/ipagui/forms/ipapolicy.py
View File

@ -1,87 +0,0 @@
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import turbogears
from turbogears import validators, widgets
from tg_expanding_form_widget.tg_expanding_form_widget import ExpandingForm
from ipagui.helpers import ipahelper
class IPAPolicyFields(object):
# From cn=ipaConfig
ipausersearchfields = widgets.TextField(name="ipausersearchfields", label="User Search Fields", attrs=dict(size=50))
ipagroupsearchfields = widgets.TextField(name="ipagroupsearchfields", label="Group Search Fields")
ipasearchtimelimit = widgets.TextField(name="ipasearchtimelimit", label="Search Time Limit (sec.)", attrs=dict(size=6,maxlength=6))
ipasearchrecordslimit = widgets.TextField(name="ipasearchrecordslimit", label="Search Records Limit", attrs=dict(size=6,maxlength=6))
ipahomesrootdir = widgets.TextField(name="ipahomesrootdir", label="Root for Home Directories")
ipadefaultloginshell = widgets.TextField(name="ipadefaultloginshell", label="Default Shell")
ipadefaultprimarygroup = widgets.TextField(name="ipadefaultprimarygroup", label="Default User Group")
ipamaxusernamelength = widgets.TextField(name="ipamaxusernamelength", label="Max. Username Length", attrs=dict(size=3,maxlength=3))
ipapwdexpadvnotify = widgets.TextField(name="ipapwdexpadvnotify", label="Password Expiration Notification (days)", attrs=dict(size=3,maxlength=3))
ipauserobjectclasses = widgets.TextField(name="ipauserobjectclasses", label="Default User Object Classes", attrs=dict(size=50))
userobjectclasses = ExpandingForm(name="userobjectclasses", label="Default User Object Classes", fields=[ipauserobjectclasses])
ipagroupobjectclasses = widgets.TextField(name="ipagroupobjectclasses", label="Default Group Object Classes", attrs=dict(size=50))
groupobjectclasses = ExpandingForm(name="groupobjectclasses", label="Default Group Object Classes", fields=[ipagroupobjectclasses])
ipadefaultemaildomain = widgets.TextField(name="ipadefaultemaildomain", label="Default E-mail Domain", attrs=dict(size=20))
ipapolicy_orig = widgets.HiddenField(name="ipapolicy_orig")
# From cn=accounts
krbmaxpwdlife = widgets.TextField(name="krbmaxpwdlife", label="Max. Password Lifetime (days)", attrs=dict(size=3,maxlength=3))
krbminpwdlife = widgets.TextField(name="krbminpwdlife", label="Min. Password Lifetime (hours)", attrs=dict(size=3,maxlength=3))
krbpwdmindiffchars = widgets.TextField(name="krbpwdmindiffchars", label="Min. Number of Character Classes", attrs=dict(size=3,maxlength=3))
krbpwdminlength = widgets.TextField(name="krbpwdminlength", label="Min. Length of Password", attrs=dict(size=3,maxlength=3))
krbpwdhistorylength = widgets.TextField(name="krbpwdhistorylength", label="Password History Size", attrs=dict(size=3,maxlength=3))
password_orig = widgets.HiddenField(name="password_orig")
class IPAPolicyValidator(validators.Schema):
ipausersearchfields = validators.String(not_empty=True)
ipagroupsearchfields = validators.String(not_empty=True)
ipasearchtimelimit = validators.Number(not_empty=True)
ipasearchrecordslimit = validators.Number(not_empty=True)
ipamaxusernamelength = validators.Number(not_empty=True)
ipapwdexpadvnotify = validators.Number(not_empty=True)
ipahomesrootdir = validators.String(not_empty=True)
ipadefaultloginshell = validators.String(not_empty=True)
ipadefaultprimarygroup = validators.String(not_empty=True)
ipauserobjectclasses = validators.ForEach(validators.String(not_empty=True))
ipagroupobjectclasses = validators.ForEach(validators.String(not_empty=True))
ipadefaultemaildomain = validators.String(not_empty=True)
krbmaxpwdlife = validators.Number(not_empty=True)
krbminpwdlife = validators.Number(not_empty=True)
krbpwdmindiffchars = validators.Number(not_empty=True)
krbpwdminlength = validators.Number(not_empty=True)
krbpwdhistorylength = validators.Number(not_empty=True)
class IPAPolicyForm(widgets.Form):
params = ['ipapolicy_fields']
hidden_fields = [
IPAPolicyFields.ipapolicy_orig, IPAPolicyFields.password_orig
]
validator = IPAPolicyValidator()
def __init__(self, *args, **kw):
super(IPAPolicyForm,self).__init__(*args, **kw)
(self.template_c, self.template) = ipahelper.load_template(
"ipagui.templates.ipapolicyeditform")
self.ipapolicy_fields = IPAPolicyFields
def update_params(self, params):
super(IPAPolicyForm,self).update_params(params)

55
ipa-server/ipa-gui/ipagui/forms/principal.py
View File

@ -1,55 +0,0 @@
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import turbogears
from turbogears import validators, widgets
from tg_expanding_form_widget.tg_expanding_form_widget import ExpandingForm
from ipagui.helpers import ipahelper
class PrincipalFields(object):
hostname = widgets.TextField(name="hostname", label="Host Name")
service = widgets.SingleSelectField(name="service",
label="Service Type",
options = [
("cifs", "cifs"),
("dns", "dns"),
("host", "host"),
("HTTP", "HTTP"),
("ldap", "ldap"),
("nfs", "nfs"),
("other", "other")
],
attrs=dict(onchange="toggleOther(this.id)"))
other = widgets.TextField(name="other", label="Other Service", attrs=dict(size=10))
class PrincipalNewValidator(validators.Schema):
hostname = validators.String(not_empty=True)
service = validators.String(not_empty=True)
other = validators.String(not_empty=False)
class PrincipalNewForm(widgets.Form):
params = ['principal_fields']
validator = PrincipalNewValidator()
def __init__(self, *args, **kw):
super(PrincipalNewForm,self).__init__(*args, **kw)
(self.template_c, self.template) = ipahelper.load_template("ipagui.templates.principalnewform")
self.principal_fields = PrincipalFields
def update_params(self, params):
super(PrincipalNewForm,self).update_params(params)

207
ipa-server/ipa-gui/ipagui/forms/user.py
View File

@ -1,207 +0,0 @@
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import turbogears
from turbogears import validators, widgets
from tg_expanding_form_widget.tg_expanding_form_widget import ExpandingForm
from ipagui.helpers.validators import *
from ipagui.helpers import ipahelper
class UserFields(object):
givenname = widgets.TextField(name="givenname", label="First Name")
sn = widgets.TextField(name="sn", label="Last Name")
cn = widgets.TextField(name="cn", label="Full Name")
cns = ExpandingForm(name="cns", label="Full Name", fields=[cn])
title = widgets.TextField(name="title", label="Job Title")
displayname = widgets.TextField(name="displayname", label="Display Name")
initials = widgets.TextField(name="initials", label="Initials")
uid = widgets.TextField(name="uid", label="Login", attrs=dict(onchange="warnRDN(this.id)"))
krbprincipalkey = widgets.PasswordField(name="krbprincipalkey", label="Password")
krbprincipalkey_confirm = widgets.PasswordField(name="krbprincipalkey_confirm",
label="Confirm Password")
uidnumber = widgets.TextField(name="uidnumber", label="UID")
gidnumber = widgets.TextField(name="gidnumber", label="GID")
homedirectory = widgets.TextField(name="homedirectory", label="Home Directory")
loginshell = widgets.TextField(name="loginshell", label="Login Shell")
gecos = widgets.TextField(name="gecos", label="GECOS")
mail = widgets.TextField(name="mail", label="E-mail Address")
telephonenumber = widgets.TextField(name="telephonenumber", label="Work Number")
telephonenumbers = ExpandingForm(name="telephonenumbers", label="Work Numbers", fields=[telephonenumber])
facsimiletelephonenumber = widgets.TextField(name="facsimiletelephonenumber",
label="Fax Number")
facsimiletelephonenumbers = ExpandingForm(name="facsimiletelephonenumbers", label="Fax Numbers", fields=[facsimiletelephonenumber])
mobile = widgets.TextField(name="mobile", label="Cell Number")
mobiles = ExpandingForm(name="mobiles", label="Cell Numbers", fields=[mobile])
pager = widgets.TextField(name="pager", label="Pager Number")
pagers = ExpandingForm(name="pagers", label="Pager Numbers", fields=[pager])
homephone = widgets.TextField(name="homephone", label="Home Number")
homephones = ExpandingForm(name="homephones", label="Home Numbers", fields=[homephone])
street = widgets.TextField(name="street", label="Street Address")
l = widgets.TextField(name="l", label="City")
st = widgets.TextField(name="st", label="State")
postalcode = widgets.TextField(name="postalcode", label="ZIP")
ou = widgets.TextField(name="ou", label="Org Unit")
businesscategory = widgets.TextField(name="businesscategory", label="Tags")
description = widgets.TextField(name="description", label="Description")
employeetype = widgets.TextField(name="employeetype", label="Employee Type")
manager = widgets.HiddenField(name="manager", label="Manager")
manager_cn = widgets.HiddenField(name="manager_cn", label="Manager")
roomnumber = widgets.TextField(name="roomnumber", label="Room Number")
secretary = widgets.HiddenField(name="secretary", label="Secretary")
secretary_cn = widgets.HiddenField(name="secretary_cn", label="Manager")
carlicense = widgets.TextField(name="carlicense", label="Car License")
labeleduri = widgets.TextField(name="labeleduri", label="Home Page")
nsAccountLock = widgets.SingleSelectField(name="nsAccountLock",
label="Account Status",
options = [("", "active"), ("true", "inactive")])
uid_hidden = widgets.HiddenField(name="uid_hidden")
krbPasswordExpiration_hidden = widgets.HiddenField(name="krbPasswordExpiration")
editprotected_hidden = widgets.HiddenField(name="editprotected")
user_orig = widgets.HiddenField(name="user_orig")
user_groups_data = widgets.HiddenField(name="user_groups_data")
dn_to_info_json = widgets.HiddenField(name="dn_to_info_json")
custom_fields = []
class UserNewValidator(validators.Schema):
uid = GoodName(not_empty=True)
krbprincipalkey = validators.String(not_empty=False)
krbprincipalkey_confirm = validators.String(not_empty=False)
givenname = validators.String(not_empty=True)
sn = validators.String(not_empty=True)
cn = UniqueList(not_empty=True)
mail = validators.Email(not_empty=False)
telephonenumber = UniqueList(not_empty=False)
facsimiletelephonenumber = UniqueList(not_empty=False)
mobile = UniqueList(not_empty=False)
pager = UniqueList(not_empty=False)
homephone = UniqueList(not_empty=False)
chained_validators = [
validators.FieldsMatch('krbprincipalkey', 'krbprincipalkey_confirm')
]
class UserNewForm(widgets.Form):
params = ['user_fields', 'custom_fields']
hidden_fields = [
UserFields.dn_to_info_json,
UserFields.manager,
UserFields.manager_cn,
UserFields.secretary,
UserFields.secretary_cn,
]
custom_fields = []
validator = UserNewValidator()
def __init__(self, *args, **kw):
super(UserNewForm,self).__init__(*args, **kw)
(self.template_c, self.template) = ipahelper.load_template("ipagui.templates.usernewform")
self.user_fields = UserFields
def update_params(self, params):
super(UserNewForm,self).update_params(params)
class UserEditValidator(validators.Schema):
uid = GoodName(not_empty=False)
krbprincipalkey = validators.String(not_empty=False)
krbprincipalkey_confirm = validators.String(not_empty=False)
givenname = validators.String(not_empty=True)
sn = validators.String(not_empty=True)
cn = UniqueList(not_empty=True)
mail = validators.Email(not_empty=False)
uidnumber = validators.Int(not_empty=False)
gidnumber = validators.Int(not_empty=False)
telephonenumber = UniqueList(not_empty=False)
facsimiletelephonenumber = UniqueList(not_empty=False)
mobile = UniqueList(not_empty=False)
pager = UniqueList(not_empty=False)
homephone = UniqueList(not_empty=False)
pre_validators = [
validators.RequireIfPresent(required='uid', present='editprotected'),
validators.RequireIfPresent(required='uidnumber', present='editprotected'),
validators.RequireIfPresent(required='gidnumber', present='editprotected'),
]
chained_validators = [
validators.FieldsMatch('krbprincipalkey', 'krbprincipalkey_confirm')
]
class UserEditForm(widgets.Form):
params = ['user_fields', 'custom_fields']
hidden_fields = [
UserFields.uid_hidden, UserFields.user_orig,
UserFields.krbPasswordExpiration_hidden,
UserFields.editprotected_hidden,
UserFields.user_groups_data,
UserFields.dn_to_info_json,
UserFields.manager,
UserFields.manager_cn,
UserFields.secretary,
UserFields.secretary_cn,
]
custom_fields = []
validator = UserEditValidator()
def __init__(self, *args, **kw):
super(UserEditForm,self).__init__(*args, **kw)
(self.template_c, self.template) = ipahelper.load_template("ipagui.templates.usereditform")
self.user_fields = UserFields
# TODO - add dynamic field retrieval:
# myfields=[]
# schema = ipa.rpcclient.get_add_schema ()
#
# # FIXME: What if schema is None or an error is thrown?
#
# for s in schema:
# required=False
#
# if (s['type'] == "text"):
# field = widgets.TextField(name=s['name'],label=s['label'])
# elif (s['type'] == "password"):
# field = widgets.PasswordField(name=s['name'],label=s['label'])
#
# if (s['required'] == "true"):
# required=True
#
# if (s['validator'] == "text"):
# field.validator=validators.PlainText(not_empty=required)
# elif (s['validator'] == "email"):
# field.validator=validators.Email(not_empty=required)
# elif (s['validator'] == "string"):
# field.validator=validators.String(not_empty=required)
#
# myfields.append(field)

17
ipa-server/ipa-gui/ipagui/helpers/Makefile.am
View File

@ -1,17 +0,0 @@
NULL =
appdir = $(IPA_DATA_DIR)/ipagui/helpers
app_PYTHON = \
__init__.py \
ipahelper.py \
userhelper.py \
validators.py \
$(NULL)
EXTRA_DIST = \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
*.pyc \
Makefile.in

1
ipa-server/ipa-gui/ipagui/helpers/__init__.py
View File

@ -1 +0,0 @@
# __init__.py

88
ipa-server/ipa-gui/ipagui/helpers/ipahelper.py
View File

@ -1,88 +0,0 @@
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import re
import logging
import turbogears
import kid
from turbokid import kidsupport
from pkg_resources import resource_filename
def javascript_string_escape(input):
"""Escapes the ' " and \ characters in a string so
it can be embedded inside a dynamically generated string."""
return re.sub(r'[\'\"\\]',
lambda match: "\\%s" % match.group(),
input)
def setup_mv_fields(field, fieldname):
"""Given a field (must be a list) and field name, convert that
field into a list of dictionaries of the form:
[ { fieldname : v1}, { fieldname : v2 }, .. ]
This is how we pre-fill values for multi-valued fields.
"""
mvlist = []
if field:
for v in field:
if v:
mvlist.append({ fieldname : v } )
if len(mvlist) == 0:
# We need to return an empty value so something can be
# displayed on the edit page. Otherwise only an Add link
# will show, not an empty field.
mvlist.append({ fieldname : '' } )
return mvlist
def fix_incoming_fields(fields, fieldname, multifieldname):
"""This is called by the update() function. It takes the incoming
list of dictionaries and converts it into back into the original
field, then removes the multiple field.
"""
fields[fieldname] = []
try:
for i in range(len(fields[multifieldname])):
if fields[multifieldname][i][fieldname] is not None and len(fields[multifieldname][i][fieldname]) > 0:
fields[fieldname].append(fields[multifieldname][i][fieldname])
del(fields[multifieldname])
except Exception, e:
logging.warn("fix_incoming_fields error: " + str(e))
return fields
def load_template(classname, encoding=None):
"""
Loads the given template. This only handles .kid files.
Returns a tuple (compiled_tmpl, None) to emulate
turbogears.meta.load_kid_template() which ends up not properly handling
encoding.
"""
if not encoding:
encoding = turbogears.config.get('kid.encoding', kidsupport.KidSupport.assume_encoding)
divider = classname.rfind(".")
package, basename = classname[:divider], classname[divider+1:]
file_path = resource_filename(package, basename + ".kid")
tclass = kid.load_template(
file_path,
name = classname,
).Template
tclass.serializer = kid.HTMLSerializer(encoding=encoding)
tclass.assume_encoding=encoding
return (tclass, None)

46
ipa-server/ipa-gui/ipagui/helpers/userhelper.py
View File

@ -1,46 +0,0 @@
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import sys
import datetime
from ipa import ipautil
def password_expires_in(datestr):
"""Returns the number of days that password expires in. Returns a negative number
if the password is already expired."""
if (datestr == None) or (datestr == ""):
return sys.maxint
expdate = ipautil.parse_generalized_time(datestr)
if not expdate:
return sys.maxint
delta = expdate - datetime.datetime.now(ipautil.GeneralizedTimeZone())
return delta.days
def password_is_expired(days):
return days < 0
def password_expires_soon(days):
return (not password_is_expired(days)) and (days < 7)
def account_status_display(status):
if status == "true":
return "inactive"
else:
return "active"

92
ipa-server/ipa-gui/ipagui/helpers/validators.py
View File

@ -1,92 +0,0 @@
# Copyright (C) 2007-2008 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
from formencode.validators import *
from formencode.compound import *
from formencode.api import Invalid, NoDefault
from formencode.schema import Schema
from formencode import ForEach
def _(s): return s # dummy
class UniqueList(FancyValidator):
"""
Given a list, ensure that all of the values in it are unique.
>>> x = UniqueList()
>>> x.validate_python(['1','1'],'')
Traceback (most recent call last):
...
formencode.api.Invalid: Duplicate values are not allowed
>>> x.validate_python(['1','2'],'')
>>>
"""
not_empty = None
messages = {
'notunique': _('Duplicate values are not allowed'),
'empty': _('Empty values not allowed'),
}
def __initargs__(self, new_attrs):
if self.not_empty is None:
self.not_empty = True
def validate_python(self, value, state):
if not isinstance(value, list):
return # just punt for now
if self.not_empty:
for v in value:
if v is None or len(v) == 0:
raise Invalid(self.message('empty', state),
value, state)
orig = len(value)
check = len(set(value))
if orig > check:
raise Invalid(self.message('notunique', state),
value, state)
class GoodName(Regex):
"""
Test that the field contains only letters, numbers, underscore,
dash, hyphen and $.
Examples::
>>> GoodName.to_python('_this9_')
'_this9_'
>>> GoodName.from_python(' this ')
' this '
>>> GoodName(accept_python=False).from_python(' this ')
Traceback (most recent call last):
...
Invalid: Enter only letters, numbers, _ (underscore), - (dash) or $')
>>> GoodName(strip=True).to_python(' this ')
'this'
>>> GoodName(strip=True).from_python(' this ')
'this'
"""
regex = r"^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?$"
messages = {
'invalid': _('Enter only letters, numbers, _ (underscore), - (dash) or $'),
}

27
ipa-server/ipa-gui/ipagui/json.py
View File

@ -1,27 +0,0 @@
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# A JSON-based API(view) for your app.
# Most rules would look like:
# @jsonify.when("isinstance(obj, YourClass)")
# def jsonify_yourclass(obj):
# return [obj.val1, obj.val2]
# @jsonify can convert your objects to following types:
# lists, dicts, numbers and strings
from turbojson.jsonify import jsonify

26
ipa-server/ipa-gui/ipagui/model.py
View File

@ -1,26 +0,0 @@
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
from turbogears.database import PackageHub
from sqlobject import *
hub = PackageHub('ipagui')
__connection__ = hub
# class YourDataClass(SQLObject):
# pass

176
ipa-server/ipa-gui/ipagui/proxyprovider.py
View File

@ -1,176 +0,0 @@
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
from turbogears.identity.soprovider import *
from turbogears.identity.visitor import *
import logging
import os
import ipa.ipaclient
from ipaserver import funcs
import ipa.config
import ipa.group
import ipa.user
import ldap
import krbV
log = logging.getLogger("turbogears.identity")
class IPA_User(object):
'''
Shell of a User definition. We don't really need much here.
'''
def __init__(self, user_name):
self.user_name = user_name
(principal, realm) = user_name.split('@')
self.permissions = None
transport = funcs.IPAServer()
client = ipa.ipaclient.IPAClient(transport)
client.set_krbccache(os.environ["KRB5CCNAME"])
try:
# Use memberof so we can see recursive group memberships as well.
user = client.get_user_by_principal(user_name, ['dn', 'uid', 'memberof'])
self.display_name = user.getValue('uid')
self.groups = []
memberof = user.getValues('memberof')
if memberof is None:
# the user isn't in any groups
return
if isinstance(memberof, str):
memberof = [memberof]
for mo in memberof:
rdn_list = ldap.explode_dn(mo, 0)
first_rdn = rdn_list[0]
(type,value) = first_rdn.split('=')
if type == "cn":
self.groups.append(value)
except:
raise
return
class ProxyIdentity(object):
def __init__(self, visit_key, user=None):
self._user= user
self.visit_key= visit_key
def _get_user(self):
try:
return self._user
except AttributeError:
# User hasn't already been set
return None
user= property(_get_user)
def _get_user_name(self):
if not self._user:
return None
return self._user.user_name
user_name= property(_get_user_name)
def _get_display_name(self):
if not self._user:
return None
return self._user.display_name
display_name= property(_get_display_name)
def _get_anonymous(self):
return not self._user
anonymous= property(_get_anonymous)
def _get_permissions(self):
try:
return self._permissions
except AttributeError:
# Permissions haven't been computed yet
return None
permissions= property(_get_permissions)
def _get_groups(self):
try:
return self._user.groups
except AttributeError:
# Groups haven't been computed yet
return []
groups= property(_get_groups)
def logout(self):
'''
Remove the link between this identity and the visit.
'''
# Clear the current identity
anon= ProxyObjectIdentity(None,None)
#XXX if user is None anonymous will be true, no need to set attr.
#anon.anonymous= True
identity.set_current_identity( anon )
class ProxyIdentityProvider(SqlObjectIdentityProvider):
'''
IdentityProvider that uses REMOTE_USER from Apache
'''
def __init__(self):
super(ProxyIdentityProvider, self).__init__()
get = turbogears.config.get
# We can get any config variables here
log.info( "Proxy Identity starting" )
def create_provider_model(self):
pass
def validate_identity(self, user_name, password, visit_key):
try:
user = IPA_User(user_name)
log.debug( "validate_identity %s" % user_name)
return ProxyIdentity(visit_key, user)
except Exception, e:
# Something went wrong in fetching the user. Set to
# anonymous which will deny access.
return ProxyIdentity( None )
def validate_password(self, user, user_name, password):
'''Validation has already occurred in the proxy'''
return True
def load_identity(self, visit_key):
try:
os.environ["KRB5CCNAME"] = cherrypy.request.headers['X-FORWARDED-KEYTAB']
ccache = krbV.CCache(cherrypy.request.headers['X-FORWARDED-KEYTAB'])
user_name = ccache.principal().name
# user_name = "test@FREEIPA.ORG"
# os.environ["KRB5CCNAME"] = "FILE:/tmp/krb5cc_500"
except KeyError:
return None
except AttributeError:
return None
except krbV.Krb5Error:
return None
set_login_attempted( True )
return self.validate_identity( user_name, None, visit_key )
def anonymous_identity( self ):
'''
This shouldn't ever happen in IPA but including it to include the
entire identity API.
'''
return ProxyIdentity( None )
def authenticated_identity(self, user):
'''
Constructs Identity object for user that has no associated visit_key.
'''
return ProxyIdentity(None, user)

42
ipa-server/ipa-gui/ipagui/proxyvisit.py
View File

@ -1,42 +0,0 @@
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
from turbogears.visit.api import BaseVisitManager, Visit
from turbogears import config
import logging
log = logging.getLogger("turbogears.visit.proxyvisit")
class ProxyVisitManager(BaseVisitManager):
"""Virtually empty class just so can avoid saving this stuff in a
database."""
def __init__(self, timeout):
super(ProxyVisitManager,self).__init__(timeout)
return
def create_model(self):
return
def new_visit_with_key(self, visit_key):
return Visit(visit_key, True)
def visit_for_key(self, visit_key):
return Visit(visit_key, False)
def update_queued_visits(self, queue):
return None

16
ipa-server/ipa-gui/ipagui/release.py
View File

@ -1,16 +0,0 @@
# Release information about ipa-gui
version = "1.0"
# NOTE: We aren't really using this because we aren't shipping the UI as
# a separate .egg but it might look something like this:
# description = "The Identity, Policy and Audit system"
# long_description = "IPA is an integrated solution to provide centrally managed Identity (machine, user, virtual machines, groups, authentication credentials), Policy (configuration settings, access control information) and Audit (events, logs, analysis thereof)."
# author = "Your Name Here"
# email = "YourEmail@YourDomain"
# copyright = "2007 Red Hat, Inc."
# url = "http://www.freeipa.org/"
# download_url = "http://www.freeipa.org/page/Downloads"
# license = "GPLv2"

12
ipa-server/ipa-gui/ipagui/static/Makefile.am
View File

@ -1,12 +0,0 @@
NULL =
SUBDIRS = \
css \
images \
javascript \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
*.pyc \
Makefile.in

17
ipa-server/ipa-gui/ipagui/static/css/Makefile.am
View File

@ -1,17 +0,0 @@
NULL =
appdir = $(IPA_DATA_DIR)/ipagui/static/css
app_DATA = \
style_freeipa.css \
style_platform.css \
style_platform-objects.css \
$(NULL)
EXTRA_DIST = \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
*.pyc \
Makefile.in

62
ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css
View File

@ -1,62 +0,0 @@
/* freeipa-specific styles */
#login {
float: right;
padding-top: 15px;
padding-right: 10px;
}
#details {
border-top: 1px solid #bbdc5f;
}
#details h1 {
background-repeat: no-repeat;
margin-bottom: 18px;
}
#alertbox {
background-color: #6995d5;
}
#footer {
padding-top: 0px;
border-top: none;
text-align: center;
margin-left: auto;
margin-right: auto;
width: 30%;
padding: 20px 20px;
}
/*** TableKit CSS - see http://www.millstream.com.au/view/code/tablekit/ **/
.sortcol {
cursor: pointer;
padding-left: 10px !important;
background-repeat: no-repeat !important;
background-position: left center !important;
text-decoration: underline;
}
.sortasc {
background-image: url(/ipa/ui/static/images/up.gif) !important;
}
.sortdesc {
background-image: url(/ipa/ui/static/images/down.gif) !important;
}
.warning_message {
font-size: 120%;
font-weight: bolder;
}
.fielderror {
color: red !important;
font-weight: bold;
}
.requiredfield {
background-color: #eebbbb !important;
}

19
ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css
View File

@ -1,19 +0,0 @@
/* object h1 styles */
#details h1.overview { background-image: url('/ipa/ui/static/images/objects/object-overview.png'); }
#details h1.accesscontrol { background-image: url('/ipa/ui/static/images/objects/object-accesscontrol.png'); }
#details h1.user { background-image: url('/ipa/ui/static/images/objects/object-user.png'); }
#details h1.usergroup { background-image: url('/ipa/ui/static/images/objects/object-usergroup.png'); }
#details h1.content-overview { background-image: url('/ipa/ui/static/images/objects/object-content.png'); }
#details h1.channel { background-image: url('/ipa/ui/static/images/objects/object-channel.png'); }
#details h1.channel-new { background-image: url('/ipa/ui/static/images/objects/object-channel.png'); }
#details h1.channels { background-image: url('/ipa/ui/static/images/objects/object-channels.png'); }
#details h1.media { background-image: url('/ipa/ui/static/images/objects/object-media.png'); }
#details h1.system { background-image: url('/ipa/ui/static/images/objects/object-system.png'); }
#details h1.virtualsystem { background-image: url('/ipa/ui/static/images/objects/object-virtualsystem.png'); }
#details h1.policy { background-image: url('/ipa/ui/static/images/objects/object-policy.png'); }

517
ipa-server/ipa-gui/ipagui/static/css/style_platform.css
View File

@ -1,517 +0,0 @@
/** BASIC PAGE STYLES */
*
{
margin: 0;
padding: 0;
font-size: small;
}
html, body {
height: 100%;
}
body {
background-image: url('/ipa/ui/static/images/template/background.png');
background-repeat: repeat-x;
background-color: #f9f9f9;
margin: 0px;
padding: 0px;
padding-top: 16px;
min-width: 750px;
}
body, h1, h2, h3, h4, h5, p, ul, li, div, span, td {
font-family: "Luxi Sans", "Gill Sans", "Verdana", "Helvetica", sans-serif;
font-size: small;
color: #444;
}
td, th {
text-align: left;
}
#head {
margin: 0px;
padding: 0px 1.5ex;
}
#head h1 a {
display: block;
text-indent: -9999px;
height: 60px;
width: 350px;
overflow: hidden;
float: left;
margin-top: -10px;
background: url('/ipa/ui/static/images/branding/logo.png') no-repeat;
}
#content {
width: 100%;
min-height: 100%;
background-color: #f9f9f9;
background-image: url('/ipa/ui/static/images/template/background-content.png');
background-repeat: repeat-x;
}
#main_content table {
clear: left;
}
#main_content {
height: auto;
margin-bottom: 4ex;
}
#footer {
font-size: x-small;
color: #ccc;
clear: both;
text-align: center;
padding-top: 4ex;
border-top: 1px solid #efefef;
width: 100%;
}
/* freeipa only? */
div#search {
padding-top: 16px;
padding-bottom: 24px;
}
#searchbar {
float: right;
margin-top: 18px;
}
/** MAIN NAVBAR SECTION **/
#navbar {
width: 100%;
height: 70px;
margin: 0px;
clear: both;
background-image: url('/ipa/ui/static/images/template/background-navbar.png');
background-repeat: repeat-x;
}
#navbar ul {
margin: 0px;
padding: 0px;
padding-left: 10px;
list-style: none;
}
#navbar li {
float: left;
margin: 0px;
padding: 0px;
font-size: small;
}
#navbar a {
display: block;
margin: 22px 15px;
}
#navbar .active {
background-image: url('/ipa/ui/static/images/template/background-navbar-active.png');
height: 70px;
width: 116px;
text-align: center;
}
#navbar-secondary li {
font-size: medium;
}
#navbar-secondary .active a:link,
#navbar-secondary .active a:visited,
#navbar-secondary .active a:active,
#navbar-secondary .active a,
#navbar-secondary li
{
color: #555 !important;
text-decoration: none;
font-weight: bold;
}
/** SIDEBAR SECTION **/
#sidebar {
width: 250px;
text-align: left;
padding: 18px 12px;
margin-right: 24px;
float: right;
height: 100%;
border: 1px solid #aaa;
background-color: #ccc;
background-image: url('/ipa/ui/static/images/template/background-sidebar.png');
background-repeat: repeat-y;
}
#sidebar h1, h2, h3 {
padding: 0px;
margin: 0px;
}
#sidebar h2 { font-size: medium; }
#sidebar h3 { font-size: small; }
#sidebar ul {
padding: 0px;
margin: 0px;
list-style: none;
padding-bottom: 10px;
}
#sidebar ul, #sidebar li {
margin-bottom: 6px;
font-size: small;
}
#sidebar hr {
border-top: 1px solid #aaa;
border-bottom: 1px solid #ddd;
color: #ddd;
margin-top: 20px !important;
margin-bottom: 20px !important;
}
.context-tools {
float: right;
margin-top: -1.2em;
font-size: small;
}
.context-tools a:link, .context-tools a:active, .context-tools a:visited {
text-decoration: none;
}
/** DETAILS SECTION **/
#details {
height: 100%;
margin: 0px 24px;
margin-right: 298px;
padding: 18px 18px;
padding-bottom: 12%;
border-top: 1px solid #aaa;
background-color: white;
text-align: left;
color: #444;
}
#details p {
margin-top: 1ex;
margin-bottom: 1ex;
}
#details h3 {
font-size: medium;
text-transform: uppercase;
margin-bottom: 1ex;
margin-top: 1.5ex;
}
#details h4 {
font-size: medium;
color: #8aa445;
}
#details p,
#details td,
#details li {
font-size: small;
color: #555;
}
#details h1 {
color: #7d7d5b;
font-size: x-large;
margin-bottom: 18px;
height: 40px;
padding-left: 48px;
padding-top: 6px;
vertical-align: middle;
background-repeat: no-repeat;
}
#details h2, #details table caption {
color: #999;
font-size: large;
font-weight: normal;
border-bottom: 1px solid #999;
margin-bottom: 10px;
text-align: left;
width: 100%;
}
#details h2 img {
margin-right: 1.4ex;
}
table.details {
margin-bottom: 18px;
width: 100%;
}
#details h3, table.formtable th {
font-size: small;
color: black;
}
#details table.details th {
font-size: small;
width: 150px;
padding: 4px 0px;
padding-right: 8px;
border-bottom: 1px dotted #ddd;
}
#details table.details th.even { background-color: white; }
#details table.details th.odd { background-color: #eee; }
#details table.details td {
padding-left: 8px;
padding-bottom: 3px;
border-bottom: 1px dotted #ddd;
}
#details hr {
margin-top: 48px;
margin-bottom: 12px;
height: 1px;
border-color: #bbb;
border-width: 0pt 0pt 1px;
padding: 0.5em;
border-style: none none dashed;
}
.details-block {
border-top: 1px solid #eeeeee;
}
#details ul.context-nav {
float: left;
width: 100%;
padding: 0;
margin: 0;
list-style-type: none;
border-bottom: 6px solid #eee;
margin-bottom: 2ex;
}
#details ul.context-nav li a {
float: left;
text-decoration: none;
background-color: #d6d6d6;
padding: 1ex 2ex;
text-align: center;
margin-right: 3px;
-moz-border-radius-topleft: 12px;
-moz-border-radius-topright: 12px;
}
#details ul.context-nav li#active a {
color: #444;
background-color: #eee;
font-weight: bold;
}
/** FORMS SECTION **/
input.text {
border: 1px solid #8e8e8e;
background-color: #e5f1f4;
color: #444444;
}
input.submitbutton {
float: right;
}
form.tableform table th {
padding-right: 2ex;
text-align: right;
}
h2.formsection {
color: #999;
font-size: large;
font-weight: normal;
border-bottom: 1px solid #999;
margin-bottom: 10px;
margin-top: 12px;
text-align: left;
width: 100%;
}
table.formtable {
width: 100%;
}
/**** freeipa only below? ****/
ul.checkboxlist li {
list-style: none;
margin: 8px 0px;
}
ul.checkboxlist li input {
background-color: yellow;
height: 1.1em;
width: 1.2em;
border: 1px solid red;
}
table.formtable th, table.formtable td {
vertical-align: top;
padding-bottom: 10px;
}
table.formtable th {
width: 28%;
}
input.submitbutton, input.searchbutton, #source_searcharea input.searchbutton {
border: 1px outset #aaa;
padding: 2px 1px;
margin-bottom: 2px;
}
table.formtable td input[type="text"], input#criteria {
border: 1px inset #dcdcdc;
font-size: medium;
padding: 2px 1px;
}
table.formtable td select {
border: 1px inset #dcdcdc;
font-size: small;
padding: 2px 1px;
}
#inactive {
background-color: silver;
}
/** ALERTS / MESSAGING SECTION **/
#alertbox {
width: 100%;
padding: 10px 0px;
margin-top: 12px;
margin-bottom: 18px;
vertical-align: middle;
-moz-border-radius: 6px;
background-color: #7d7d5b;
color: white;
}
#alertbox h2 {
width: auto;
padding: 0px 16px;
float: left;
font-size: medium;
text-transform: uppercase;
color: white;
font-weight: bold;
border: none;
}
#alertbox p {
padding: 0px 16px;
text-align: center;
color: white;
width: auto;
}
/**** freeipa only alerts/messaging below ****/
p.empty-message {
font-size: large;
font-style: italic;
color: #888 !important;
}
div.instructions {
padding: 2px 6px;
margin-top: 16px;
border-top: 1px solid #c0d5f1;
border-bottom: 1px solid #c0d5f1;
background-color: #eef4fd;
}
/** OVERVIEW PAGE STYLES **/
.summary {
width: 40%;
float: left;
clear: none;
padding-top: 2ex;
}
.tasks, .search {
padding: 3ex;
padding-top: 2ex;
width: 40%;
float: right;
background-image: url('/ipa/ui/static/images/template/background-search.png');
background-repeat: repeat-y;
background-color: white;
}
.summary ul, .tasks ul, ul { margin-top: 1ex; padding-top: 1ex; list-style: square; margin-left: 2ex; }
.summary ul + ul, .tasks ul + ul { border-top: 1px solid #eee; }
.search ul { list-style: none; margin-left: 2ex; }
.additional-link {
font-size: x-small;
}
#perspectives h3 a {
font-size: x-small;
text-transform: none;
margin-left: 1ex;
font-weight: normal;
}
/** TURBOGEARS GRID-TABLE-SPECIFIC STYLES **/
.grid td, .grid th {padding:3px;border:none;}
.grid .action_cell {text-align:right;}
.grid THEAD tr th {text-align:left;background-color:#f0f0f0;color:#333;}
.grid .heading img {float:right;margin-left:2px;margin-right:3px;}
.grid .heading a {text-decoration:none;color:#333;}
.grid td a {text-decoration:none;color:#333;}
.grid tr.odd td {background-color:#edf3fe;}
.grid tr.even td {background-color:#fff;}
.grid .pointer {cursor:pointer;}
.grid .column_chooser_link {position:relative;background-color:#e3e3e3;}
.grid .column_chooser_link ul {position:absolute;display:none;top:0px;right:-20px;}
.grid .column_chooser_list a {width:200px;display:block;padding:3px;background-color:#e3e3e3;}
.grid .column_chooser_list a:hover {background-color:#cdcdcd;}
.grid .column_chooser_list {padding:0;margin:0;list-style:none;background-color:#e3e3e3;}

29
ipa-server/ipa-gui/ipagui/static/images/Makefile.am
View File

@ -1,29 +0,0 @@
NULL =
SUBDIRS = \
branding \
objects \
template \
$(NULL)
appdir = $(IPA_DATA_DIR)/ipagui/static/images
app_DATA = \
down.gif \
favicon.ico \
header_inner.png \
info.png \
logo.png \
ok.png \
tg_under_the_hood.png \
under_the_hood_blue.png \
up.gif
$(NULL)
EXTRA_DIST = \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
*.pyc \
Makefile.in

15
ipa-server/ipa-gui/ipagui/static/images/branding/Makefile.am
View File

@ -1,15 +0,0 @@
NULL =
appdir = $(IPA_DATA_DIR)/ipagui/static/images/branding
app_DATA = \
logo.png \
$(NULL)
EXTRA_DIST = \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
*.pyc \
Makefile.in

BIN
ipa-server/ipa-gui/ipagui/static/images/branding/logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 8.4 KiB

BIN
ipa-server/ipa-gui/ipagui/static/images/down.gif
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 57 B

Some files were not shown because too many files have changed in this diff Show More