mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
c3fedca013
Add default exception handler to avoid backtraces in cmdline tools Enhance error message when the IPA server or realm can't be found 437565
223 lines
7.6 KiB
Python
223 lines
7.6 KiB
Python
#! /usr/bin/python -E
|
|
# Authors: Rob Crittenden <rcritten@redhat.com>
|
|
#
|
|
# Copyright (C) 2007 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License as
|
|
# published by the Free Software Foundation; version 2 only
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
#
|
|
|
|
def usage():
|
|
print "ipa-modgroup [-l|--list]"
|
|
print "ipa-modgroup [-a|--add] [-r|--remove] user group"
|
|
print "ipa-modgroup [-g|--groupadd] [-e|--groupdel] group group"
|
|
print "ipa-modgroup [-d|--desc description STRING] [--addattr attribute=value] [--delattr attribute] [--setattr attribute=value] group"
|
|
sys.exit(1)
|
|
|
|
def set_add_usage(which):
|
|
print "%s option usage: --%s NAME=VALUE" % (which, which)
|
|
|
|
def parse_options():
|
|
parser = OptionParser()
|
|
parser.add_option("-a", "--add", dest="add", action="store_true",
|
|
help="Add a user to the group")
|
|
parser.add_option("-r", "--remove", dest="remove", action="store_true",
|
|
help="Remove a user from the group")
|
|
parser.add_option("-g", "--groupadd", dest="groupadd", action="store_true",
|
|
help="Add a group to the group")
|
|
parser.add_option("-e", "--groupdel", dest="groupdel", action="store_true",
|
|
help="Remove a group from the group")
|
|
parser.add_option("-d", "--description", dest="desc",
|
|
help="Modify the description of the group")
|
|
parser.add_option("--addattr", dest="addattr",
|
|
help="Adds an attribute or values to that attribute, attr=value",
|
|
action="append")
|
|
parser.add_option("--delattr", dest="delattr",
|
|
help="Remove an attribute", action="append")
|
|
parser.add_option("--setattr", dest="setattr",
|
|
help="Set an attribute, dropping any existing values that may exist",
|
|
action="append")
|
|
parser.add_option("-l", "--list", dest="list", action="store_true",
|
|
help="List common attributes (this is not an exhaustive list)")
|
|
parser.add_option("--usage", action="store_true",
|
|
help="Program usage")
|
|
|
|
args = ipa.config.init_config(sys.argv)
|
|
options, args = parser.parse_args(args)
|
|
|
|
if ((not options.add and not options.remove) and
|
|
(not options.groupadd and not options.groupdel) and
|
|
(not options.desc and not options.addattr and
|
|
not options.delattr and not options.setattr and not options.list)):
|
|
usage()
|
|
|
|
return options, args
|
|
|
|
def get_group(client, options, group_cn):
|
|
try:
|
|
attrs = ['*']
|
|
|
|
# in case any attributes being modified are operational such as
|
|
# nsaccountlock. Any attribute to be deleted needs to be included
|
|
# in the original record so it can be seen as being removed.
|
|
if options.delattr:
|
|
for d in options.delattr:
|
|
attrs.append(d)
|
|
group = client.get_entry_by_cn(group_cn, sattrs=attrs)
|
|
|
|
except ipa.ipaerror.IPAError, e:
|
|
print "%s" % e.message
|
|
return None
|
|
|
|
return group
|
|
|
|
def main():
|
|
group=ipa.group.Group()
|
|
options, args = parse_options()
|
|
|
|
if options.list:
|
|
client = ipaclient.IPAClient()
|
|
list = client.get_all_attrs()
|
|
|
|
for x in list:
|
|
print x
|
|
return 0
|
|
|
|
if options.usage:
|
|
usage()
|
|
if (options.add or options.remove) and (len(args) != 3):
|
|
usage()
|
|
elif ((options.desc or options.addattr or options.delattr or options.setattr) and (len(args) != 2)):
|
|
usage()
|
|
|
|
client = ipaclient.IPAClient()
|
|
if options.add:
|
|
group = get_group(client, options, args[2])
|
|
if group is None:
|
|
return 1
|
|
users = args[1].split(',')
|
|
for user in users:
|
|
client.add_user_to_group(user, group.dn)
|
|
print user + " successfully added to " + args[2]
|
|
elif options.remove:
|
|
group = get_group(client, options, args[2])
|
|
if group is None:
|
|
return 1
|
|
users = args[1].split(',')
|
|
for user in users:
|
|
client.remove_user_from_group(user, group.dn)
|
|
print user + " successfully removed"
|
|
elif options.groupadd:
|
|
group = get_group(client, options, args[2])
|
|
if group is None:
|
|
return 1
|
|
groups = args[1].split(',')
|
|
for g in groups:
|
|
tgroup = get_group(client, options, g)
|
|
if tgroup is not None:
|
|
client.add_group_to_group(tgroup.dn, group.dn)
|
|
print g + " successfully added to " + args[2]
|
|
else:
|
|
print "Group %s not found" % g
|
|
elif options.groupdel:
|
|
group = get_group(client, options, args[2])
|
|
if group is None:
|
|
return 1
|
|
groups = args[1].split(',')
|
|
for g in groups:
|
|
tgroup = get_group(client, options, g)
|
|
if tgroup is not None:
|
|
client.remove_member_from_group(tgroup.dn, group.dn)
|
|
print g + " successfully removed " + args[2]
|
|
else:
|
|
print "Group %s not found" % g
|
|
else:
|
|
group = get_group(client, options, args[1])
|
|
if group is None:
|
|
return 1
|
|
|
|
if options.desc:
|
|
group.setValue('description', options.desc)
|
|
|
|
if options.delattr:
|
|
for d in options.delattr:
|
|
group.delValue(d)
|
|
|
|
if options.setattr:
|
|
for s in options.setattr:
|
|
s = s.split('=')
|
|
if len(s) != 2:
|
|
set_add_usage("set")
|
|
sys.exit(1)
|
|
(attr,value) = s
|
|
group.setValue(attr, value)
|
|
|
|
if options.addattr:
|
|
for a in options.addattr:
|
|
a = a.split('=')
|
|
if len(a) != 2:
|
|
set_add_usage("add")
|
|
sys.exit(1)
|
|
(attr,value) = a
|
|
cvalue = group.getValue(attr)
|
|
if cvalue:
|
|
if isinstance(cvalue,str):
|
|
cvalue = [cvalue]
|
|
value = cvalue + [value]
|
|
group.setValue(attr, value)
|
|
|
|
client.update_group(group)
|
|
print args[1] + " successfully updated"
|
|
|
|
return 0
|
|
|
|
try:
|
|
import sys
|
|
from optparse import OptionParser
|
|
import ipa
|
|
import ipa.group
|
|
import ipa.ipaclient as ipaclient
|
|
import ipa.config
|
|
import ipa.ipaerror
|
|
|
|
import xmlrpclib
|
|
import kerberos
|
|
import ldap
|
|
import errno
|
|
|
|
if __name__ == "__main__":
|
|
sys.exit(main())
|
|
except SystemExit, e:
|
|
sys.exit(e)
|
|
except KeyboardInterrupt, e:
|
|
sys.exit(1)
|
|
except xmlrpclib.Fault, fault:
|
|
if fault.faultCode == errno.ECONNREFUSED:
|
|
print "The IPA XML-RPC service is not responding."
|
|
else:
|
|
print fault.faultString
|
|
sys.exit(1)
|
|
except kerberos.GSSError, e:
|
|
print "Could not initialize GSSAPI: %s/%s" % (ipautil.get_gsserror(e))
|
|
sys.exit(1)
|
|
except xmlrpclib.ProtocolError, e:
|
|
print "Unable to connect to IPA server: %s" % (e.errmsg)
|
|
sys.exit(1)
|
|
except ipa.ipaerror.IPAError, e:
|
|
print "%s" % (e.message)
|
|
sys.exit(1)
|
|
except Exception, e:
|
|
print "%s" % str(e)
|
|
sys.exit(1)
|