mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-28 17:14:38 -06:00
d7a7ba4f45
profile command line tools to select between shared and per user profiles modify AttributeValueCompleter so default values prefer previously entered values in editing session
195 lines
7.0 KiB
Python
195 lines
7.0 KiB
Python
#! /usr/bin/python -E
|
|
# Authors: John Dennis <jdennis@redhat.com>
|
|
#
|
|
# Copyright (C) 2007 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License as
|
|
# published by the Free Software Foundation; version 2 only
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
#
|
|
|
|
import sys
|
|
import os
|
|
from optparse import OptionParser
|
|
|
|
import ipa.ipaclient as ipaclient
|
|
import ipa.ipautil as ipautil
|
|
import ipa.config
|
|
import ipa.ipaerror
|
|
import ipa.radius_util as radius_util
|
|
|
|
import xmlrpclib
|
|
import kerberos
|
|
import ldap
|
|
|
|
#------------------------------------------------------------------------------
|
|
|
|
radius_attrs = radius_util.radius_profile_attr_to_ldap_attr.keys()
|
|
radius_attr_to_ldap_attr = radius_util.radius_profile_attr_to_ldap_attr
|
|
ldap_attr_to_radius_attr = radius_util.radius_profile_ldap_attr_to_radius_attr
|
|
mandatory_radius_attrs = ['UID']
|
|
distinguished_attr = 'UID'
|
|
|
|
#------------------------------------------------------------------------------
|
|
|
|
def help_option_callback(option, opt_str, value, parser, *args, **kwargs):
|
|
parser.print_help()
|
|
print
|
|
print "Valid interative attributes are:"
|
|
print ipautil.format_list(radius_attrs, quote='"')
|
|
print
|
|
print "Required attributes are:"
|
|
print ipautil.format_list(mandatory_radius_attrs, quote='"')
|
|
sys.exit(0)
|
|
|
|
def main():
|
|
pairs = {}
|
|
|
|
opt_parser = OptionParser(add_help_option=False)
|
|
|
|
opt_parser.add_option("-u", "--uid", dest="uid",
|
|
help="RADIUS profile identifier")
|
|
opt_parser.add_option("-s", "--shared", dest="shared", default=False, action='store_true',
|
|
help="profile is shared")
|
|
opt_parser.add_option("-d", "--Description", dest="desc",
|
|
help="description of the RADIUS client")
|
|
|
|
opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
|
|
help="detailed help information")
|
|
opt_parser.add_option("-i", "--interactive", dest="interactive", action='store_true', default=False,
|
|
help="interactive mode, prompts with auto-completion")
|
|
opt_parser.add_option("-p", "--pair", dest="pairs", action='append',
|
|
help="specify one or more attribute=value pair(s), value may be optionally quoted, pairs are delimited by whitespace")
|
|
opt_parser.add_option("-f", "--file", dest="pair_file",
|
|
help="attribute=value pair(s) are read from file, value may be optionally quoted, pairs are delimited by whitespace. Reads from stdin if file is -")
|
|
opt_parser.add_option("-v", "--verbose", dest="verbose", action='store_true',
|
|
help="print information")
|
|
|
|
opt_parser.set_usage("Usage: %s [options] %s" % (distinguished_attr, os.path.basename(sys.argv[0])))
|
|
|
|
args = ipa.config.init_config(sys.argv)
|
|
options, args = opt_parser.parse_args(args)
|
|
|
|
if len(args) < 2:
|
|
opt_parser.error('missing %s' % (distinguished_attr))
|
|
|
|
uid = args[1]
|
|
user_profile = not options.shared
|
|
pairs[distinguished_attr] = uid
|
|
|
|
# Per user profiles are pre-created (i.e. objectclass radiusprofile is always added for each user)
|
|
if user_profile:
|
|
print "ERROR, you cannot add a per-user radius profile, it pre-exists"
|
|
return 1
|
|
|
|
# Get pairs from a file or stdin
|
|
if options.pair_file:
|
|
try:
|
|
av = ipautil.read_pairs_file(options.pair_file)
|
|
pairs.update(av)
|
|
except Exception, e:
|
|
print "ERROR, could not read pairs (%s)" % (e)
|
|
|
|
# Get pairs specified on the command line as a named argument
|
|
if options.uid: pairs['UID'] = options.uid
|
|
if options.desc: pairs['Description'] = options.desc
|
|
|
|
# Get pairs specified on the command line as a pair argument
|
|
if options.pairs:
|
|
for p in options.pairs:
|
|
av = ipautil.parse_key_value_pairs(p)
|
|
pairs.update(av)
|
|
|
|
# Get pairs interactively
|
|
if options.interactive:
|
|
# Prompt first for mandatory attributes which have not been previously specified
|
|
prompted_mandatory_attrs = []
|
|
existing_attrs = pairs.keys()
|
|
for attr in mandatory_radius_attrs:
|
|
if not attr in existing_attrs:
|
|
prompted_mandatory_attrs.append(attr)
|
|
|
|
c = ipautil.AttributeValueCompleter(radius_attrs, pairs)
|
|
c.open()
|
|
av = c.get_pairs("Enter: ", prompted_mandatory_attrs, radius_util.validate)
|
|
pairs.update(av)
|
|
c.close()
|
|
|
|
# FIXME: validation should be moved to xmlrpc server
|
|
|
|
# Data collection done, assure mandatory data has been specified
|
|
|
|
if pairs.has_key(distinguished_attr) and pairs[distinguished_attr] != uid:
|
|
print "ERROR, %s specified on command line (%s) does not match value found in pairs (%s)" % \
|
|
(distinguished_attr, uid, pairs[distinguished_attr])
|
|
return 1
|
|
|
|
valid = True
|
|
for attr in mandatory_radius_attrs:
|
|
if not pairs.has_key(attr):
|
|
valid = False
|
|
print "ERROR, %s is mandatory, but has not been specified" % (attr)
|
|
if not valid:
|
|
return 1
|
|
|
|
# Make sure each attribute is a member of the set of valid attributes
|
|
valid = True
|
|
for attr,value in pairs.items():
|
|
if attr not in radius_attrs:
|
|
valid = False
|
|
print "ERROR, %s is not a valid attribute" % (attr)
|
|
if not valid:
|
|
print "Valid attributes are:"
|
|
print ipautil.format_list(radius_attrs, quote='"')
|
|
return 1
|
|
|
|
# Makse sure each value is valid
|
|
valid = True
|
|
for attr,value in pairs.items():
|
|
if not radius_util.validate(attr, value):
|
|
valid = False
|
|
if not valid:
|
|
return 1
|
|
|
|
# Dump what we've got so far
|
|
if options.verbose:
|
|
print "Pairs:"
|
|
for attr,value in pairs.items():
|
|
print "\t%s = %s" % (attr, value)
|
|
|
|
radius_entity = radius_util.RadiusProfile()
|
|
for attr,value in pairs.items():
|
|
radius_entity.setValue(radius_attr_to_ldap_attr[attr], value)
|
|
|
|
try:
|
|
ipa_client = ipaclient.IPAClient()
|
|
ipa_client.add_radius_profile(radius_entity)
|
|
print "successfully added"
|
|
except xmlrpclib.Fault, f:
|
|
print f.faultString
|
|
return 1
|
|
except kerberos.GSSError, e:
|
|
print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
|
|
return 1
|
|
except xmlrpclib.ProtocolError, e:
|
|
print "Unable to connect to IPA server: %s" % (e.errmsg)
|
|
return 1
|
|
except ipa.ipaerror.IPAError, e:
|
|
print "%s" % (e.message)
|
|
return 1
|
|
|
|
return 0
|
|
|
|
if __name__ == "__main__":
|
|
sys.exit(main())
|