diff options
| author | Nathaniel McCallum <npmccallum@redhat.com> | 2016-06-21 14:19:03 -0400 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2016-06-30 13:39:59 +0200 |
| commit | 0855b014b1edcb1632a41e380220abd7bb5e481a (patch) | |
| tree | 559ab62db4dde64968ad5198b14edc807dec1d55 | |
| parent | fed9d9aaa73604f6e100acbe2d3c192f4e4676e8 (diff) | |
| download | freeipa-0855b014b1edcb1632a41e380220abd7bb5e481a.tar.gz freeipa-0855b014b1edcb1632a41e380220abd7bb5e481a.tar.xz freeipa-0855b014b1edcb1632a41e380220abd7bb5e481a.zip | |
Add authentication indicators support to Host objects
https://fedorahosted.org/freeipa/ticket/433
Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
| -rw-r--r-- | API.txt | 9 | ||||
| -rw-r--r-- | VERSION | 4 | ||||
| -rw-r--r-- | ipaserver/plugins/host.py | 17 |
3 files changed, 24 insertions, 6 deletions
@@ -2257,7 +2257,7 @@ output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: Output('value', type=[<type 'bool'>]) output: Output('warning', type=[<type 'list'>, <type 'tuple'>, <type 'NoneType'>]) command: host_add/1 -args: 1,23,3 +args: 1,24,3 arg: Str('fqdn', cli_name='hostname') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) @@ -2268,6 +2268,7 @@ option: Str('ipaassignedidview?') option: Bool('ipakrbokasdelegate?', cli_name='ok_as_delegate') option: Bool('ipakrbrequirespreauth?', cli_name='requires_pre_auth') option: Str('ipasshpubkey*', cli_name='sshpubkey') +option: Str('krbprincipalauthind*', cli_name='auth_ind') option: Str('l?', cli_name='locality') option: Str('macaddress*') option: Flag('no_members', autofill=True, default=False) @@ -2380,7 +2381,7 @@ output: Output('completed', type=[<type 'int'>]) output: Output('failed', type=[<type 'dict'>]) output: Entry('result') command: host_find/1 -args: 1,34,4 +args: 1,35,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', autofill=False, cli_name='desc') @@ -2392,6 +2393,7 @@ option: Str('in_netgroup*', cli_name='in_netgroups') option: Str('in_role*', cli_name='in_roles') option: Str('in_sudorule*', cli_name='in_sudorules') option: Str('ipaassignedidview?', autofill=False) +option: Str('krbprincipalauthind*', autofill=False, cli_name='auth_ind') option: Str('l?', autofill=False, cli_name='locality') option: Str('macaddress*', autofill=False) option: Str('man_by_host*', cli_name='man_by_hosts') @@ -2421,7 +2423,7 @@ output: ListOfEntries('result') output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: Output('truncated', type=[<type 'bool'>]) command: host_mod/1 -args: 1,24,3 +args: 1,25,3 arg: Str('fqdn', cli_name='hostname') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) @@ -2431,6 +2433,7 @@ option: Str('ipaassignedidview?', autofill=False) option: Bool('ipakrbokasdelegate?', autofill=False, cli_name='ok_as_delegate') option: Bool('ipakrbrequirespreauth?', autofill=False, cli_name='requires_pre_auth') option: Str('ipasshpubkey*', autofill=False, cli_name='sshpubkey') +option: Str('krbprincipalauthind*', autofill=False, cli_name='auth_ind') option: Str('krbprincipalname?', cli_name='principalname') option: Str('l?', autofill=False, cli_name='locality') option: Str('macaddress*', autofill=False) @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=202 -# Last change: schema: support plugin versioning +IPA_API_VERSION_MINOR=203 +# Last change: host: added authentication indicators diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index 0072431de..1091f8574 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -295,7 +295,7 @@ class host(LDAPObject): 'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname', 'nshardwareplatform', 'nsosversion', 'usercertificate', 'memberof', 'managedby', 'memberofindirect', 'macaddress', - 'userclass', 'ipaallowedtoperform', 'ipaassignedidview', + 'userclass', 'ipaallowedtoperform', 'ipaassignedidview', 'krbprincipalauthind' ] uuid_attribute = 'ipauniqueid' attribute_members = { @@ -530,6 +530,14 @@ class host(LDAPObject): label=_('Assigned ID View'), flags=['no_option'], ), + Str('krbprincipalauthind*', + cli_name='auth_ind', + label=_('Authentication Indicators'), + doc=_("Defines a whitelist for Authentication Indicators." + " Use 'otp' to allow OTP-based 2FA authentications." + " Use 'radius' to allow RADIUS-based 2FA authentications." + " Other values may be used for custom configurations."), + ), ) + ticket_flags_params def get_dn(self, *keys, **options): @@ -912,6 +920,13 @@ class host_mod(LDAPUpdate): if 'krbticketpolicyaux' not in entry_attrs['objectclass']: entry_attrs['objectclass'].append('krbticketpolicyaux') + if 'krbprincipalauthind' in entry_attrs: + if 'objectclass' not in entry_attrs: + entry_attrs_old = ldap.get_entry(dn, ['objectclass']) + entry_attrs['objectclass'] = entry_attrs_old['objectclass'] + if 'krbprincipalaux' not in entry_attrs['objectclass']: + entry_attrs['objectclass'].append('krbprincipalaux') + add_sshpubkey_to_attrs_pre(self.context, attrs_list) return dn |