diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-09-14 17:04:08 -0400 |
---|---|---|
committer | Jason Gerard DeRose <jderose@redhat.com> | 2009-09-24 17:45:49 -0600 |
commit | d0587cbdd5bc5e07a6e8519deb07adaace643740 (patch) | |
tree | aa6b96e33337a809687ab025ec4d2a392ca757f0 /ipalib/plugins/host.py | |
parent | 4f4d57cd30ac7169e18a8e2e22e62d8bdda083c4 (diff) | |
download | freeipa-d0587cbdd5bc5e07a6e8519deb07adaace643740.tar.gz freeipa-d0587cbdd5bc5e07a6e8519deb07adaace643740.tar.xz freeipa-d0587cbdd5bc5e07a6e8519deb07adaace643740.zip |
Enrollment for a host in an IPA domain
This will create a host service principal and may create a host entry (for
admins). A keytab will be generated, by default in /etc/krb5.keytab
If no kerberos credentails are available then enrollment over LDAPS is used
if a password is provided.
This change requires that openldap be used as our C LDAP client. It is much
easier to do SSL using openldap than mozldap (no certdb required). Otherwise
we'd have to write a slew of extra code to create a temporary cert database,
import the CA cert, ...
Diffstat (limited to 'ipalib/plugins/host.py')
-rw-r--r-- | ipalib/plugins/host.py | 63 |
1 files changed, 26 insertions, 37 deletions
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 809ec319b..bf720abbc 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -21,13 +21,9 @@ Hosts/Machines (Identity) """ -import platform -import os -import sys - from ipalib import api, crud, errors, util from ipalib import Object -from ipalib import Str, Flag +from ipalib import Str, Flag, List from ipalib.plugins.service import split_principal from ipalib import uuid @@ -59,25 +55,6 @@ def validate_host(ugettext, fqdn): return 'Fully-qualified hostname required' return None -def determine_os(): - """ - Return OS name (e.g. redhat 10 Cambridge). - """ - (sysname, nodename, release, version, machine) = os.uname() - if sys.platform == 'linux2': - # something like 'fedora 9 Sulpher' - return unicode(' '.join(platform.dist())) - else: - # on Solaris this will be: 'SunOS 5.10' - return unicode(sysname + ' ' + release) - -def determine_platform(): - """ - Return platform name (e.g. i686). - """ - (sysname, nodename, release, version, machine) = os.uname() - return unicode(machine) - class host(Object): """ @@ -106,14 +83,10 @@ class host(Object): Str('nshardwareplatform?', cli_name='platform', doc='Hardware platform of the host (e.g. Lenovo T61)', - default=determine_platform(), - autofill=True, ), Str('nsosversion?', cli_name='os', doc='Operating System and version of the host (e.g. Fedora 9)', - default=determine_os(), - autofill=True, ), Str('userpassword?', cli_name='password', @@ -157,13 +130,6 @@ class host_add(crud.Create): # FIXME: do a DNS lookup to ensure host exists - current = util.get_current_principal() - if not current: - raise errors.NotFound(reason='Unable to determine current user') - entry_attrs['enrolledby'] = ldap.find_entry_by_attr( - 'krbprincipalname', current, 'posixAccount' - )[0] - # FIXME: add this attribute to cn=ipaconfig # config = ldap.get_ipa_config()[1] # kw['objectclass'] = config.get('ipahostobjectclasses') @@ -242,6 +208,15 @@ class host_mod(crud.Update): """ Modify host. """ + + takes_options = ( + Str('krbprincipalname?', + cli_name='principalname', + doc='Kerberos principal name for this host', + attribute=True + ), + ) + def execute(self, hostname, **kw): """ Execute the host-mod operation. @@ -261,6 +236,14 @@ class host_mod(crud.Update): entry_attrs = self.args_options_2_entry(**kw) + # Once a principal name is set it cannot be changed + if 'krbprincipalname' in entry_attrs: + (d, e) = api.Command['host_show'](hostname, all=True) + if 'krbprincipalname' in e: + raise errors.ACIError(info='Principal name already set, it is unchangeable.') + entry_attrs['objectclass'] = e['objectclass'] + entry_attrs['objectclass'].append('krbprincipalaux') + try: ldap.update_entry(dn, entry_attrs) except errors.EmptyModlist: @@ -349,8 +332,12 @@ class host_show(crud.Retrieve): """ takes_options = ( Flag('all', + cli_short_name='a', doc='Retrieve all attributes' ), + List('attrs?', + doc='comma-separated list of attributes to display' + ), ) def execute(self, hostname, **kw): @@ -371,7 +358,10 @@ class host_show(crud.Retrieve): if kw['all']: attrs_list = ['*'] else: - attrs_list = _default_attributes + if 'attrs' in kw: + attrs_list = kw['attrs'] + else: + attrs_list = _default_attributes return ldap.get_entry(dn, attrs_list) @@ -383,4 +373,3 @@ class host_show(crud.Retrieve): textui.print_entry(entry_attrs) api.register(host_show) - |