IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Host Enrollment via OTP

Browse Source 
The support for host enrollment via one-time-password has been added.
When submitted, the OTP will be used to set the host's userpassword.

Previously each IPA command can only have one JSON test data file.
The ipa_cmd() has been modifies to accept an optional command name.
When used with static files, it will pull the test data whose name
is the same as the command name.

The batch.json has been renamed to ipa_init.json for UI initialization.
Some test data have been added for operations against specific hosts.
This commit is contained in:
Endi S. Dewata
2010-11-18 20:59:08 -06:00
committed by Adam Young
parent 1b166c9e8b
commit 3e1dc6b74f
9 changed files with 421 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
install/static/host.js
View File

@@ -1,5 +1,6 @@
/* Authors:
* Pavel Zuna <pzuna@redhat.com>
* Endi S. Dewata <edewata@redhat.com>
*
* Copyright (C) 2010 Red Hat
* see file 'COPYING' for use and warranty information
@@ -119,51 +120,77 @@ function ipa_host_details_facet(spec) {
that.init = function() {
var section = ipa_details_list_section({
name: 'details',
label: 'Host Details'
'name': 'details',
'label': 'Host Details'
});
that.add_section(section);
section.create_field({
name: 'fqdn',
label: 'Fully Qualified Domain Name'
'name': 'fqdn',
'label': 'Fully Qualified Domain Name'
});
section.create_field({
name: 'krbprincipalname',
label: 'Kerberos Principal'
'name': 'krbprincipalname',
'label': 'Kerberos Principal'
});
section.create_field({
name: 'serverhostname',
label: 'Server Host Name'
'name': 'serverhostname',
'label': 'Server Host Name'
});
section = ipa_details_list_section({
name: 'enrollment',
label: 'Enrollment'
'name': 'enrollment',
'label': 'Enrollment'
});
that.add_section(section);
section.add_field(host_provisioning_status_widget({
name: 'provisioning_status',
label: 'Status'
'name': 'provisioning_status',
'label': 'Status',
'facet': that
}));
section = ipa_details_list_section({
name:'certificate',
label:'Host Certificate'
'name': 'certificate',
'label': 'Host Certificate'
});
that.add_section(section);
section.add_field(host_certificate_status_widget({
name: 'certificate_status',
label: 'Status'
'name': 'certificate_status',
'label': 'Status'
}));
that.details_facet_init();
};
that.refresh = function() {
var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
var command = ipa_command({
'name': that.entity_name+'_show_'+pkey,
'method': that.entity_name+'_show',
'args': [pkey],
'options': { 'all': true, 'rights': true }
});
command.on_success = function(data, text_status, xhr) {
that.load(data.result.result);
};
command.on_error = function(xhr, text_status, error_thrown) {
var details = $('.details', that.container).empty();
details.append('<p>Error: '+error_thrown.name+'</p>');
details.append('<p>'+error_thrown.title+'</p>');
details.append('<p>'+error_thrown.message+'</p>');
};
command.execute();
};
return that;
}
@@ -173,6 +200,8 @@ function host_provisioning_status_widget(spec) {
var that = ipa_widget(spec);
that.facet = spec.facet;
that.create = function(container) {
that.widget_create(container);
@@ -241,7 +270,7 @@ function host_provisioning_status_widget(spec) {
var button = $('input[name=unprovision]', that.container);
that.unprovision_button = ipa_button({
'label': 'Delete Key, Unprovision',
'click': that.unprovision
'click': that.show_unprovision_dialog
});
button.replaceWith(that.unprovision_button);
@@ -257,7 +286,7 @@ function host_provisioning_status_widget(spec) {
that.enroll_button = button;
};
that.unprovision = function() {
that.show_unprovision_dialog = function() {
var label = IPA.metadata[that.entity_name].label;
var dialog = ipa_dialog({
@@ -271,8 +300,7 @@ function host_provisioning_status_widget(spec) {
};
dialog.add_button('Unprovision', function() {
var pkey = that.result['fqdn'][0];
ipa_cmd(that.entity_name+'_disable', [pkey], {},
that.unprovision(
function(data, text_status, xhr) {
set_status('missing');
dialog.close();
@@ -294,9 +322,42 @@ function host_provisioning_status_widget(spec) {
return false;
};
that.unprovision = function(on_success, on_error) {
var pkey = that.facet.get_primary_key();
var command = ipa_command({
'name': that.entity_name+'_disable_'+pkey,
'method': that.entity_name+'_disable',
'args': [pkey],
'options': { 'all': true, 'rights': true },
'on_success': on_success,
'on_error': on_error
});
command.execute();
};
that.set_otp = function() {
// TODO: enroll via OTP
alert(that.otp.val());
var pkey = that.facet.get_primary_key();
var otp = that.otp_input.val();
that.otp_input.val('');
var command = ipa_command({
'method': that.entity_name+'_mod',
'args': [pkey],
'options': {
'all': true,
'rights': true,
'userpassword': otp
},
'on_success': function(data, text_status, xhr) {
alert('One-Time-Password has been set.');
}
});
command.execute();
};
that.load = function(result) {

17
install/static/ipa.js
View File

@@ -96,7 +96,9 @@ var IPA = ( function () {
on_success(data, text_status, xhr);
}
},
on_error
on_error,
null,
'ipa_init'
);
};
@@ -144,6 +146,7 @@ function ipa_command(spec) {
var that = {};
that.name = spec.name;
that.method = spec.method;
that.args = $.merge([], spec.args || []);
@@ -170,7 +173,9 @@ function ipa_command(spec) {
that.args,
that.options,
that.on_success,
that.on_error
that.on_error,
null,
that.name
);
};
@@ -277,7 +282,7 @@ function ipa_batch_command(spec) {
* win_callback - function to call if the JSON request succeeds
* fail_callback - function to call if the JSON request fails
* objname - name of an IPA object (optional) */
function ipa_cmd(name, args, options, win_callback, fail_callback, objname)
function ipa_cmd(name, args, options, win_callback, fail_callback, objname, command_name)
{
var default_json_url = '/ipa/json';
@@ -385,7 +390,11 @@ function ipa_cmd(name, args, options, win_callback, fail_callback, objname)
var url = IPA.json_url;
if (IPA.use_static_files){
url += '/' + method_name + '.json';
if (command_name) {
url += '/' + command_name + '.json';
} else {
url += '/' + method_name + '.json';
}
}
var data = {
method: method_name,

9
install/static/test/data/host_disable_dev.example.com.json Normal file
View File

@@ -0,0 +1,9 @@
{
"error": null,
"id": 0,
"result": {
"result": true,
"summary": "Removed kerberos key from \"dev.example.com\"",
"value": "dev.example.com"
}
}

86
install/static/test/data/host_find.json
View File

@@ -5,41 +5,87 @@
"count": 2,
"result": [
{
"dn": "fqdn=vm-121.idm.lab.bos.redhat.com,cn=computers,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com",
"enrolledby": [],
"cn": [
"dev.example.com"
],
"dn": "fqdn=dev.example.com,cn=computers,cn=accounts,dc=dev,dc=example,dc=com",
"fqdn": [
"vm-121.idm.lab.bos.redhat.com"
"dev.example.com"
],
"ipauniqueid": [
"fc6a6d5a-f388-11df-9c01-00163e72f2d9"
],
"krbextradata": [
{
"__base64__": "AAL+5+VMYWRtaW4vYWRtaW5AREVWLkVYQU1QTEUuQ09NAA=="
},
{
"__base64__": "AAgBAA=="
}
],
"krblastpwdchange": [
"20101119025910Z"
],
"krbpasswordexpiration": [
"19700101000000Z"
],
"krbprincipalname": [
"host/vm-121.idm.lab.bos.redhat.com@IDM.LAB.BOS.REDHAT.COM"
"host/dev.example.com@DEV.EXAMPLE.COM"
],
"memberof": []
"krbticketflags": [
"0"
],
"managedby": [
"fqdn=dev.example.com,cn=computers,cn=accounts,dc=dev,dc=example,dc=com"
],
"objectclass": [
"top",
"ipaobject",
"nshost",
"ipahost",
"ipaservice",
"pkiuser",
"krbprincipalaux",
"krbprincipal",
"krbticketpolicyaux"
],
"serverhostname": [
"dev"
]
},
{
"description": [
"sample host"
"cn": [
"test.example.com"
],
"dn": "fqdn=ayounghost1.idm.lab.bos.redhat.com,cn=computers,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com",
"enrolledby": [],
"dn": "fqdn=test.example.com,cn=computers,cn=accounts,dc=dev,dc=example,dc=com",
"fqdn": [
"ayounghost1.idm.lab.bos.redhat.com"
"test.example.com"
],
"l": [
"VM-lab"
"ipauniqueid": [
"ac28dca0-f3b5-11df-879f-00163e72f2d9"
],
"memberof": [],
"nshardwareplatform": [
"kvm"
"krbprincipalname": [
"host/test.example.com@DEV.EXAMPLE.COM"
],
"nshostlocation": [
"VM-lab"
"managedby": [
"fqdn=test.example.com,cn=computers,cn=accounts,dc=dev,dc=example,dc=com"
],
"nsosversion": [
"F13"
"objectclass": [
"ipaobject",
"nshost",
"ipahost",
"pkiuser",
"ipaservice",
"krbprincipalaux",
"krbprincipal",
"top"
],
"serverhostname": [
"test"
]
}
],
"summary": "2 hosts matched",
"truncated": false
}
}
}

75
install/static/test/data/host_mod.json Normal file
View File

@@ -0,0 +1,75 @@
{
"error": null,
"id": 0,
"result": {
"result": {
"attributelevelrights": {
"aci": "rscwo",
"cn": "rscwo",
"description": "rscwo",
"enrolledby": "rsc",
"fqdn": "rscwo",
"ipaclientversion": "rscwo",
"ipauniqueid": "rsc",
"krbcanonicalname": "rscwo",
"krbextradata": "rscwo",
"krblastfailedauth": "rscwo",
"krblastpwdchange": "rscwo",
"krblastsuccessfulauth": "rscwo",
"krbloginfailedcount": "rscwo",
"krbobjectreferences": "rscwo",
"krbpasswordexpiration": "rscwo",
"krbprincipalaliases": "rscwo",
"krbprincipalexpiration": "rscwo",
"krbprincipalkey": "wo",
"krbprincipalname": "rscwo",
"krbprincipaltype": "rscwo",
"krbpwdhistory": "rscwo",
"krbpwdpolicyreference": "rscwo",
"krbticketpolicyreference": "rscwo",
"krbupenabled": "rscwo",
"l": "rscwo",
"managedby": "rscwo",
"memberof": "rsc",
"nsaccountlock": "rscwo",
"nshardwareplatform": "rscwo",
"nshostlocation": "rscwo",
"nsosversion": "rscwo",
"objectclass": "rscwo",
"serverhostname": "rsc",
"usercertificate": "rscwo",
"userpassword": "wo"
},
"cn": [
"test.example.com"
],
"fqdn": [
"test.example.com"
],
"ipauniqueid": [
"ac28dca0-f3b5-11df-879f-00163e72f2d9"
],
"krbprincipalname": [
"host/test.example.com@DEV.EXAMPLE.COM"
],
"managedby": [
"fqdn=test.example.com,cn=computers,cn=accounts,dc=dev,dc=example,dc=com"
],
"objectclass": [
"ipaobject",
"nshost",
"ipahost",
"pkiuser",
"ipaservice",
"krbprincipalaux",
"krbprincipal",
"top"
],
"serverhostname": [
"test"
]
},
"summary": "Modified host \"test.example.com\"",
"value": "test.example.com"
}
}

68
install/static/test/data/host_show.json
View File

@@ -1,68 +0,0 @@
{
"error": null,
"id": 0,
"result": {
"result": {
"cn": [
"vm-121.idm.lab.bos.redhat.com"
],
"dn": "fqdn=vm-121.idm.lab.bos.redhat.com,cn=computers,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com",
"enrolledby": [],
"fqdn": [
"vm-121.idm.lab.bos.redhat.com"
],
"ipauniqueid": [
"b54b73a8-8ba8-11df-80bc-00163e26b89e"
],
"issuer": "CN=IPA Test Certificate Authority",
"krbextradata": [
{
"__base64__": "AAKOoTdMYWRtaW4vYWRtaW5ASURNLkxBQi5CT1MuUkVESEFULkNPTQA="
}
],
"krblastpwdchange": [
"20100709222414Z"
],
"krbpasswordexpiration": [
"19700101000000Z"
],
"krbprincipalname": [
"host/vm-121.idm.lab.bos.redhat.com@IDM.LAB.BOS.REDHAT.COM"
],
"krbticketflags": [
"0"
],
"managedby": [
"fqdn=vm-121.idm.lab.bos.redhat.com,cn=computers,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com"
],
"md5_fingerprint": "08:86:a9:f9:87:af:0d:d7:42:01:e0:5f:12:9b:32:7f",
"memberof": [],
"objectclass": [
"top",
"ipaobject",
"nshost",
"ipahost",
"ipaservice",
"pkiuser",
"krbprincipalaux",
"krbprincipal",
"krbticketpolicyaux"
],
"serial_number": "1",
"serverhostname": [
"vm-121"
],
"sha1_fingerprint": "b8:4c:4b:79:4f:13:03:79:47:08:fa:6b:52:63:3d:f9:15:8e:7e:dc",
"subject": "CN=dev.example.com,O=IPA",
"usercertificate": [
{
"__base64__": "MIICAjCCAWugAwIBAgICBAswDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTAwNzIzMzk0NFoXDTE1MTAwNzIzMzk0NFowKDEMMAoGA1UECgwDSVBBMRgwFgYDVQQDDA9kZXYuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOTXyj8grVB7Rj95RFawgdwn9OYZ03LWHZ+HMYggu2/xCCrUrdThP14YBlVqZumjVJSclj6T4ACjjdPJq9JTTmx7gMizDTReus7IPlS6fCxb5v5whQJZsEksXL04OxUMl25euPRFkYcTK1rdW47+AkG10j1qeNW+B6CpdQGR6eM/AgMBAAGjOjA4MBEGCWCGSAGG+EIBAQQEAwIGQDATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEASIhq723VL5xP0q51MYXFlGU1boD7pPD1pIQspD/MjCIEupcbH2kAo4wf+EiKsXR0rs+WZkaSgvFqaM4OQ2kWSFTiqmFXFDBEi6EFr68yLg7IpQpNTzVBXERd8B4GwNL9wrRw60jPXlUK29DPBsdGq8fDgX18l39wKkWXv7p1to4="
}
],
"valid_not_after": "Tue Oct 13 01:59:32 2015 UTC",
"valid_not_before": "Wed Oct 13 01:59:32 2010 UTC"
},
"summary": null,
"value": "vm-121.idm.lab.bos.redhat.com"
}
}

98
install/static/test/data/host_show_dev.example.com.json Normal file
View File

@@ -0,0 +1,98 @@
{
"error": null,
"id": 0,
"result": {
"result": {
"attributelevelrights": {
"aci": "rscwo",
"cn": "rscwo",
"description": "rscwo",
"enrolledby": "rsc",
"fqdn": "rscwo",
"ipaclientversion": "rscwo",
"ipauniqueid": "rsc",
"krbcanonicalname": "rscwo",
"krbextradata": "rscwo",
"krblastfailedauth": "rscwo",
"krblastpwdchange": "rscwo",
"krblastsuccessfulauth": "rscwo",
"krbloginfailedcount": "rscwo",
"krbmaxrenewableage": "rscwo",
"krbmaxticketlife": "rscwo",
"krbobjectreferences": "rscwo",
"krbpasswordexpiration": "rscwo",
"krbprincipalaliases": "rscwo",
"krbprincipalexpiration": "rscwo",
"krbprincipalkey": "wo",
"krbprincipalname": "rscwo",
"krbprincipaltype": "rscwo",
"krbpwdhistory": "rscwo",
"krbpwdpolicyreference": "rscwo",
"krbticketflags": "rscwo",
"krbticketpolicyreference": "rscwo",
"krbupenabled": "rscwo",
"l": "rscwo",
"managedby": "rscwo",
"memberof": "rsc",
"nsaccountlock": "rscwo",
"nshardwareplatform": "rscwo",
"nshostlocation": "rscwo",
"nsosversion": "rscwo",
"objectclass": "rscwo",
"serverhostname": "rsc",
"usercertificate": "rscwo",
"userpassword": "wo"
},
"cn": [
"dev.example.com"
],
"dn": "fqdn=dev.example.com,cn=computers,cn=accounts,dc=dev,dc=example,dc=com",
"fqdn": [
"dev.example.com"
],
"has_keytab": true,
"ipauniqueid": [
"fc6a6d5a-f388-11df-9c01-00163e72f2d9"
],
"krbextradata": [
{
"__base64__": "AAL+5+VMYWRtaW4vYWRtaW5AREVWLkVYQU1QTEUuQ09NAA=="
},
{
"__base64__": "AAgBAA=="
}
],
"krblastpwdchange": [
"20101119025910Z"
],
"krbpasswordexpiration": [
"19700101000000Z"
],
"krbprincipalname": [
"host/dev.example.com@DEV.EXAMPLE.COM"
],
"krbticketflags": [
"0"
],
"managedby": [
"fqdn=dev.example.com,cn=computers,cn=accounts,dc=dev,dc=example,dc=com"
],
"objectclass": [
"top",
"ipaobject",
"nshost",
"ipahost",
"ipaservice",
"pkiuser",
"krbprincipalaux",
"krbprincipal",
"krbticketpolicyaux"
],
"serverhostname": [
"dev"
]
},
"summary": null,
"value": "dev.example.com"
}
}

77
install/static/test/data/host_show_test.example.com.json Normal file
View File

@@ -0,0 +1,77 @@
{
"error": null,
"id": 0,
"result": {
"result": {
"attributelevelrights": {
"aci": "rscwo",
"cn": "rscwo",
"description": "rscwo",
"enrolledby": "rsc",
"fqdn": "rscwo",
"ipaclientversion": "rscwo",
"ipauniqueid": "rsc",
"krbcanonicalname": "rscwo",
"krbextradata": "rscwo",
"krblastfailedauth": "rscwo",
"krblastpwdchange": "rscwo",
"krblastsuccessfulauth": "rscwo",
"krbloginfailedcount": "rscwo",
"krbobjectreferences": "rscwo",
"krbpasswordexpiration": "rscwo",
"krbprincipalaliases": "rscwo",
"krbprincipalexpiration": "rscwo",
"krbprincipalkey": "wo",
"krbprincipalname": "rscwo",
"krbprincipaltype": "rscwo",
"krbpwdhistory": "rscwo",
"krbpwdpolicyreference": "rscwo",
"krbticketpolicyreference": "rscwo",
"krbupenabled": "rscwo",
"l": "rscwo",
"managedby": "rscwo",
"memberof": "rsc",
"nsaccountlock": "rscwo",
"nshardwareplatform": "rscwo",
"nshostlocation": "rscwo",
"nsosversion": "rscwo",
"objectclass": "rscwo",
"serverhostname": "rsc",
"usercertificate": "rscwo",
"userpassword": "wo"
},
"cn": [
"test.example.com"
],
"dn": "fqdn=test.example.com,cn=computers,cn=accounts,dc=dev,dc=example,dc=com",
"fqdn": [
"test.example.com"
],
"has_keytab": false,
"ipauniqueid": [
"ac28dca0-f3b5-11df-879f-00163e72f2d9"
],
"krbprincipalname": [
"host/test.example.com@DEV.EXAMPLE.COM"
],
"managedby": [
"fqdn=test.example.com,cn=computers,cn=accounts,dc=dev,dc=example,dc=com"
],
"objectclass": [
"ipaobject",
"nshost",
"ipahost",
"pkiuser",
"ipaservice",
"krbprincipalaux",
"krbprincipal",
"top"
],
"serverhostname": [
"test"
]
},
"summary": null,
"value": "test.example.com"
}
}

0
install/static/test/data/batch.json → install/static/test/data/ipa_init.json
View File