IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add authentication indicators support to Host objects

Browse Source 
https://fedorahosted.org/freeipa/ticket/433

Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
This commit is contained in:
Nathaniel McCallum 2016-06-21 14:19:03 -04:00 committed by Petr Vobornik
parent fed9d9aaa7
commit 0855b014b1
3 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
API.txt
View File

@ -2257,7 +2257,7 @@ output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: Output('value', type=[<type 'bool'>]) output: Output('value', type=[<type 'bool'>])
output: Output('warning', type=[<type 'list'>, <type 'tuple'>, <type 'NoneType'>]) output: Output('warning', type=[<type 'list'>, <type 'tuple'>, <type 'NoneType'>])
command: host_add/1 command: host_add/1
args: 1,23,3 args: 1,24,3
arg: Str('fqdn', cli_name='hostname') arg: Str('fqdn', cli_name='hostname')
option: Str('addattr*', cli_name='addattr') option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('all', autofill=True, cli_name='all', default=False)
@ -2268,6 +2268,7 @@ option: Str('ipaassignedidview?')
option: Bool('ipakrbokasdelegate?', cli_name='ok_as_delegate') option: Bool('ipakrbokasdelegate?', cli_name='ok_as_delegate')
option: Bool('ipakrbrequirespreauth?', cli_name='requires_pre_auth') option: Bool('ipakrbrequirespreauth?', cli_name='requires_pre_auth')
option: Str('ipasshpubkey*', cli_name='sshpubkey') option: Str('ipasshpubkey*', cli_name='sshpubkey')
option: Str('krbprincipalauthind*', cli_name='auth_ind')
option: Str('l?', cli_name='locality') option: Str('l?', cli_name='locality')
option: Str('macaddress*') option: Str('macaddress*')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=False)
@ -2380,7 +2381,7 @@ output: Output('completed', type=[<type 'int'>])
output: Output('failed', type=[<type 'dict'>]) output: Output('failed', type=[<type 'dict'>])
output: Entry('result') output: Entry('result')
command: host_find/1 command: host_find/1
args: 1,34,4 args: 1,35,4
arg: Str('criteria?') arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('description?', autofill=False, cli_name='desc') option: Str('description?', autofill=False, cli_name='desc')
@ -2392,6 +2393,7 @@ option: Str('in_netgroup*', cli_name='in_netgroups')
option: Str('in_role*', cli_name='in_roles') option: Str('in_role*', cli_name='in_roles')
option: Str('in_sudorule*', cli_name='in_sudorules') option: Str('in_sudorule*', cli_name='in_sudorules')
option: Str('ipaassignedidview?', autofill=False) option: Str('ipaassignedidview?', autofill=False)
option: Str('krbprincipalauthind*', autofill=False, cli_name='auth_ind')
option: Str('l?', autofill=False, cli_name='locality') option: Str('l?', autofill=False, cli_name='locality')
option: Str('macaddress*', autofill=False) option: Str('macaddress*', autofill=False)
option: Str('man_by_host*', cli_name='man_by_hosts') option: Str('man_by_host*', cli_name='man_by_hosts')
@ -2421,7 +2423,7 @@ output: ListOfEntries('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: Output('truncated', type=[<type 'bool'>]) output: Output('truncated', type=[<type 'bool'>])
command: host_mod/1 command: host_mod/1
args: 1,24,3 args: 1,25,3
arg: Str('fqdn', cli_name='hostname') arg: Str('fqdn', cli_name='hostname')
option: Str('addattr*', cli_name='addattr') option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('all', autofill=True, cli_name='all', default=False)
@ -2431,6 +2433,7 @@ option: Str('ipaassignedidview?', autofill=False)
option: Bool('ipakrbokasdelegate?', autofill=False, cli_name='ok_as_delegate') option: Bool('ipakrbokasdelegate?', autofill=False, cli_name='ok_as_delegate')
option: Bool('ipakrbrequirespreauth?', autofill=False, cli_name='requires_pre_auth') option: Bool('ipakrbrequirespreauth?', autofill=False, cli_name='requires_pre_auth')
option: Str('ipasshpubkey*', autofill=False, cli_name='sshpubkey') option: Str('ipasshpubkey*', autofill=False, cli_name='sshpubkey')
option: Str('krbprincipalauthind*', autofill=False, cli_name='auth_ind')
option: Str('krbprincipalname?', cli_name='principalname') option: Str('krbprincipalname?', cli_name='principalname')
option: Str('l?', autofill=False, cli_name='locality') option: Str('l?', autofill=False, cli_name='locality')
option: Str('macaddress*', autofill=False) option: Str('macaddress*', autofill=False)

4
VERSION
View File

@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# # # #
######################################################## ########################################################
IPA_API_VERSION_MAJOR=2 IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=202 IPA_API_VERSION_MINOR=203
# Last change: schema: support plugin versioning # Last change: host: added authentication indicators

17
ipaserver/plugins/host.py
View File

@ -295,7 +295,7 @@ class host(LDAPObject):
'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname', 'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname',
'nshardwareplatform', 'nsosversion', 'usercertificate', 'memberof', 'nshardwareplatform', 'nsosversion', 'usercertificate', 'memberof',
'managedby', 'memberofindirect', 'macaddress', 'managedby', 'memberofindirect', 'macaddress',
'userclass', 'ipaallowedtoperform', 'ipaassignedidview', 'userclass', 'ipaallowedtoperform', 'ipaassignedidview', 'krbprincipalauthind'
] ]
uuid_attribute = 'ipauniqueid' uuid_attribute = 'ipauniqueid'
attribute_members = { attribute_members = {
@ -530,6 +530,14 @@ class host(LDAPObject):
label=_('Assigned ID View'), label=_('Assigned ID View'),
flags=['no_option'], flags=['no_option'],
), ),
Str('krbprincipalauthind*',
cli_name='auth_ind',
label=_('Authentication Indicators'),
doc=_("Defines a whitelist for Authentication Indicators."
" Use 'otp' to allow OTP-based 2FA authentications."
" Use 'radius' to allow RADIUS-based 2FA authentications."
" Other values may be used for custom configurations."),
),
) + ticket_flags_params ) + ticket_flags_params
def get_dn(self, *keys, **options): def get_dn(self, *keys, **options):
@ -912,6 +920,13 @@ class host_mod(LDAPUpdate):
if 'krbticketpolicyaux' not in entry_attrs['objectclass']: if 'krbticketpolicyaux' not in entry_attrs['objectclass']:
entry_attrs['objectclass'].append('krbticketpolicyaux') entry_attrs['objectclass'].append('krbticketpolicyaux')
if 'krbprincipalauthind' in entry_attrs:
if 'objectclass' not in entry_attrs:
entry_attrs_old = ldap.get_entry(dn, ['objectclass'])
entry_attrs['objectclass'] = entry_attrs_old['objectclass']
if 'krbprincipalaux' not in entry_attrs['objectclass']:
entry_attrs['objectclass'].append('krbprincipalaux')
add_sshpubkey_to_attrs_pre(self.context, attrs_list) add_sshpubkey_to_attrs_pre(self.context, attrs_list)
return dn return dn