Commit 10bf35f9 authored by Dietmar Maurer's avatar Dietmar Maurer

allow to set/edit two factor authentication

parent 281d73d8
...@@ -2,6 +2,8 @@ pve-manager (3.2-17) unstable; urgency=low ...@@ -2,6 +2,8 @@ pve-manager (3.2-17) unstable; urgency=low
* include improved Spanish translation * include improved Spanish translation
* allow to set/edit two factor authentication (yubico, oath)
-- Proxmox Support Team <support@proxmox.com> Fri, 18 Jul 2014 08:23:02 +0200 -- Proxmox Support Team <support@proxmox.com> Fri, 18 Jul 2014 08:23:02 +0200
pve-manager (3.2-16) unstable; urgency=low pve-manager (3.2-16) unstable; urgency=low
......
...@@ -285,5 +285,15 @@ Ext.define('PVE.Parser', { statics: { ...@@ -285,5 +285,15 @@ Ext.define('PVE.Parser', { statics: {
return datastr; return datastr;
}, },
parseTfaConfig: function(value) {
var res = {};
Ext.Array.each(value.split(','), function(p) {
var kva = p.split(/=/, 2);
res[kva[0]] = kva[1];
});
return res;
}
}}); }});
...@@ -63,17 +63,22 @@ Ext.define('PVE.dc.AuthEdit', { ...@@ -63,17 +63,22 @@ Ext.define('PVE.dc.AuthEdit', {
fieldLabel: gettext('User Attribute Name'), fieldLabel: gettext('User Attribute Name'),
allowBlank: false allowBlank: false
}); });
} else if (me.authType === 'pve') {
if (me.create) throw 'unknown auth type';
me.subject = 'Proxmox VE authentication server';
} else if (me.authType === 'pam') {
if (me.create) throw 'unknown auth type';
me.subject = 'linux PAM';
} else { } else {
throw 'unknown auth type '; throw 'unknown auth type ';
} }
column1.push({
xtype: 'textfield',
name: 'comment',
fieldLabel: gettext('Comment')
});
column1.push({ column1.push({
xtype: 'pvecheckbox', xtype: 'pvecheckbox',
fieldLabel: gettext('Default'), fieldLabel: gettext('Default'),
...@@ -81,7 +86,10 @@ Ext.define('PVE.dc.AuthEdit', { ...@@ -81,7 +86,10 @@ Ext.define('PVE.dc.AuthEdit', {
uncheckedValue: 0 uncheckedValue: 0
}); });
var column2 = [ var column2 = [];
if (me.authType === 'ldap' || me.authType === 'ad') {
column2.push([
{ {
xtype: 'textfield', xtype: 'textfield',
fieldLabel: gettext('Server'), fieldLabel: gettext('Server'),
...@@ -109,11 +117,58 @@ Ext.define('PVE.dc.AuthEdit', { ...@@ -109,11 +117,58 @@ Ext.define('PVE.dc.AuthEdit', {
name: 'secure', name: 'secure',
uncheckedValue: 0 uncheckedValue: 0
} }
]; ]);
}
// Two Factor Auth settings
column2.push({
xtype: 'pveKVComboBox',
name: 'tfa',
value: '',
fieldLabel: gettext('TFA'),
data: [ ['', 'none'], ['oath', 'OATH'], ['yubico', 'Yubico']],
listeners: {
change: function(f, value) {
if (!me.rendered) {
return;
}
me.down('field[name=yubico_api_id]').setVisible(value === 'yubico');
me.down('field[name=yubico_api_key]').setVisible(value === 'yubico');
me.down('field[name=yubico_url]').setVisible(value === 'yubico');
}
}
});
column2.push({
xtype: 'textfield',
name: 'yubico_api_id',
hidden: true,
fieldLabel: 'Yubico API Id'
});
column2.push({
xtype: 'textfield',
name: 'yubico_api_key',
hidden: true,
fieldLabel: 'Yubico API Key'
});
column2.push({
xtype: 'textfield',
name: 'yubico_url',
hidden: true,
fieldLabel: 'Yubico URL'
});
var ipanel = Ext.create('PVE.panel.InputPanel', { var ipanel = Ext.create('PVE.panel.InputPanel', {
column1: column1, column1: column1,
column2: column2, column2: column2,
columnB: [{
xtype: 'textfield',
name: 'comment',
fieldLabel: gettext('Comment')
}],
onGetValues: function(values) { onGetValues: function(values) {
if (!values.port) { if (!values.port) {
if (!me.create) { if (!me.create) {
...@@ -126,6 +181,23 @@ Ext.define('PVE.dc.AuthEdit', { ...@@ -126,6 +181,23 @@ Ext.define('PVE.dc.AuthEdit', {
values.type = me.authType; values.type = me.authType;
} }
if (values.tfa === 'oath') {
values.tfa = "type=oath";
} else if (values.tfa === 'yubico') {
values.tfa = "type=yubico";
values.tfa += ",id=" + values.yubico_api_id;
values.tfa += ",key=" + values.yubico_api_key;
if (values.yubico_url) {
values.tfa += ",url=" + values.yubico_url;
}
} else {
delete values.tfa;
}
delete values.yubico_api_id;
delete values.yubico_api_key;
delete values.yubico_url;
return values; return values;
} }
}); });
...@@ -150,6 +222,17 @@ Ext.define('PVE.dc.AuthEdit', { ...@@ -150,6 +222,17 @@ Ext.define('PVE.dc.AuthEdit', {
me.close(); me.close();
throw "got wrong auth type"; throw "got wrong auth type";
} }
if (data.tfa) {
var tfacfg = PVE.Parser.parseTfaConfig(data.tfa);
data.tfa = tfacfg.type;
if (tfacfg.type === 'yubico') {
data.yubico_api_key = tfacfg.key;
data.yubico_api_id = tfacfg.id;
data.yubico_url = tfacfg.url;
}
}
me.setValues(data); me.setValues(data);
} }
}); });
......
...@@ -26,10 +26,6 @@ Ext.define('PVE.dc.AuthView', { ...@@ -26,10 +26,6 @@ Ext.define('PVE.dc.AuthView', {
return; return;
} }
if (rec.data.type === 'pve' || rec.data.type === 'pam') {
return;
}
var win = Ext.create('PVE.dc.AuthEdit',{ var win = Ext.create('PVE.dc.AuthEdit',{
realm: rec.data.realm, realm: rec.data.realm,
authType: rec.data.type authType: rec.data.type
...@@ -42,9 +38,6 @@ Ext.define('PVE.dc.AuthView', { ...@@ -42,9 +38,6 @@ Ext.define('PVE.dc.AuthView', {
text: gettext('Edit'), text: gettext('Edit'),
disabled: true, disabled: true,
selModel: sm, selModel: sm,
enableFn: function(rec) {
return !(rec.data.type === 'pve' || rec.data.type === 'pam');
},
handler: run_editor handler: run_editor
}); });
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment