From c5ebd41fd34e72fe66e1d2c2504fa9bfdc489f7a Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Fri, 18 Jul 2014 11:45:58 +0200 Subject: [PATCH] allow to set/edit two factor authentication --- debian/changelog.Debian | 4 +- www/manager/Parser.js | 10 +++ www/manager/dc/AuthEdit.js | 153 ++++++++++++++++++++++++++++--------- www/manager/dc/AuthView.js | 7 -- 4 files changed, 131 insertions(+), 43 deletions(-) diff --git a/debian/changelog.Debian b/debian/changelog.Debian index 6b4926a9a..ecc8bfc32 100644 --- a/debian/changelog.Debian +++ b/debian/changelog.Debian @@ -1,7 +1,9 @@ pve-manager (3.2-17) unstable; urgency=low - * include improved Spanish translation + * include improved Spanish translation + * allow to set/edit two factor authentication (yubico, oath) + -- Proxmox Support Team Fri, 18 Jul 2014 08:23:02 +0200 pve-manager (3.2-16) unstable; urgency=low diff --git a/www/manager/Parser.js b/www/manager/Parser.js index 1eefa9a47..11fbe4974 100644 --- a/www/manager/Parser.js +++ b/www/manager/Parser.js @@ -285,5 +285,15 @@ Ext.define('PVE.Parser', { statics: { return datastr; }, + parseTfaConfig: function(value) { + var res = {}; + + Ext.Array.each(value.split(','), function(p) { + var kva = p.split(/=/, 2); + res[kva[0]] = kva[1]; + }); + + return res; + } }}); diff --git a/www/manager/dc/AuthEdit.js b/www/manager/dc/AuthEdit.js index 68f006270..80261d298 100644 --- a/www/manager/dc/AuthEdit.js +++ b/www/manager/dc/AuthEdit.js @@ -63,17 +63,22 @@ Ext.define('PVE.dc.AuthEdit', { fieldLabel: gettext('User Attribute Name'), allowBlank: false }); + } else if (me.authType === 'pve') { + + if (me.create) throw 'unknown auth type'; + + me.subject = 'Proxmox VE authentication server'; + + } else if (me.authType === 'pam') { + + if (me.create) throw 'unknown auth type'; + + me.subject = 'linux PAM'; } else { throw 'unknown auth type '; } - column1.push({ - xtype: 'textfield', - name: 'comment', - fieldLabel: gettext('Comment') - }); - column1.push({ xtype: 'pvecheckbox', fieldLabel: gettext('Default'), @@ -81,39 +86,89 @@ Ext.define('PVE.dc.AuthEdit', { uncheckedValue: 0 }); - var column2 = [ - { - xtype: 'textfield', - fieldLabel: gettext('Server'), - name: 'server1', - allowBlank: false - }, - { - xtype: 'pvetextfield', - fieldLabel: gettext('Fallback Server'), - deleteEmpty: !me.create, - name: 'server2' - }, - { - xtype: 'numberfield', - name: 'port', - fieldLabel: gettext('Port'), - minValue: 1, - maxValue: 65535, - emptyText: gettext('Default'), - submitEmptyText: false - }, - { - xtype: 'pvecheckbox', - fieldLabel: 'SSL', - name: 'secure', - uncheckedValue: 0 - } - ]; + var column2 = []; + + if (me.authType === 'ldap' || me.authType === 'ad') { + column2.push([ + { + xtype: 'textfield', + fieldLabel: gettext('Server'), + name: 'server1', + allowBlank: false + }, + { + xtype: 'pvetextfield', + fieldLabel: gettext('Fallback Server'), + deleteEmpty: !me.create, + name: 'server2' + }, + { + xtype: 'numberfield', + name: 'port', + fieldLabel: gettext('Port'), + minValue: 1, + maxValue: 65535, + emptyText: gettext('Default'), + submitEmptyText: false + }, + { + xtype: 'pvecheckbox', + fieldLabel: 'SSL', + name: 'secure', + uncheckedValue: 0 + } + ]); + } + + // Two Factor Auth settings + + column2.push({ + xtype: 'pveKVComboBox', + name: 'tfa', + value: '', + fieldLabel: gettext('TFA'), + data: [ ['', 'none'], ['oath', 'OATH'], ['yubico', 'Yubico']], + listeners: { + change: function(f, value) { + if (!me.rendered) { + return; + } + me.down('field[name=yubico_api_id]').setVisible(value === 'yubico'); + me.down('field[name=yubico_api_key]').setVisible(value === 'yubico'); + me.down('field[name=yubico_url]').setVisible(value === 'yubico'); + } + } + }); + + column2.push({ + xtype: 'textfield', + name: 'yubico_api_id', + hidden: true, + fieldLabel: 'Yubico API Id' + }); + + column2.push({ + xtype: 'textfield', + name: 'yubico_api_key', + hidden: true, + fieldLabel: 'Yubico API Key' + }); + + column2.push({ + xtype: 'textfield', + name: 'yubico_url', + hidden: true, + fieldLabel: 'Yubico URL' + }); var ipanel = Ext.create('PVE.panel.InputPanel', { column1: column1, column2: column2, + columnB: [{ + xtype: 'textfield', + name: 'comment', + fieldLabel: gettext('Comment') + }], onGetValues: function(values) { if (!values.port) { if (!me.create) { @@ -126,6 +181,23 @@ Ext.define('PVE.dc.AuthEdit', { values.type = me.authType; } + if (values.tfa === 'oath') { + values.tfa = "type=oath"; + } else if (values.tfa === 'yubico') { + values.tfa = "type=yubico"; + values.tfa += ",id=" + values.yubico_api_id; + values.tfa += ",key=" + values.yubico_api_key; + if (values.yubico_url) { + values.tfa += ",url=" + values.yubico_url; + } + } else { + delete values.tfa; + } + + delete values.yubico_api_id; + delete values.yubico_api_key; + delete values.yubico_url; + return values; } }); @@ -150,6 +222,17 @@ Ext.define('PVE.dc.AuthEdit', { me.close(); throw "got wrong auth type"; } + + if (data.tfa) { + var tfacfg = PVE.Parser.parseTfaConfig(data.tfa); + data.tfa = tfacfg.type; + if (tfacfg.type === 'yubico') { + data.yubico_api_key = tfacfg.key; + data.yubico_api_id = tfacfg.id; + data.yubico_url = tfacfg.url; + } + } + me.setValues(data); } }); diff --git a/www/manager/dc/AuthView.js b/www/manager/dc/AuthView.js index cbeee5017..83e79c659 100644 --- a/www/manager/dc/AuthView.js +++ b/www/manager/dc/AuthView.js @@ -26,10 +26,6 @@ Ext.define('PVE.dc.AuthView', { return; } - if (rec.data.type === 'pve' || rec.data.type === 'pam') { - return; - } - var win = Ext.create('PVE.dc.AuthEdit',{ realm: rec.data.realm, authType: rec.data.type @@ -42,9 +38,6 @@ Ext.define('PVE.dc.AuthView', { text: gettext('Edit'), disabled: true, selModel: sm, - enableFn: function(rec) { - return !(rec.data.type === 'pve' || rec.data.type === 'pam'); - }, handler: run_editor });