def get_service_keytab(request, scheme, hostname, port):
try:
fqdn = hostname_from_principal(request.user.username)
except ValueError:
return HttpResponse(
status=401,
content='Unable to get keytab %s://%s:%s/: invalid username' %
(scheme, hostname, port))
protocol = request.GET.get('protocol', 'tcp')
hosts = list(Host.objects.filter(fqdn=fqdn)[0:1])
if not hosts:
return HttpResponse(status=401,
content='Unknown host %s is not allowed' % fqdn)
host = hosts[0]
if scheme == 'ssh' and host.admin_ip_address != host.main_ip_address:
fqdn = '%s.%s%s' % (fqdn.partition('.')[0], settings.PDNS_ADMIN_PREFIX,
settings.PENATES_DOMAIN)
services = list(
Service.objects.filter(fqdn=fqdn,
scheme=scheme,
hostname=hostname,
port=port,
protocol=protocol)[0:1])
if not services:
return HttpResponse(status=404,
content='%s://%s:%s/ unknown' %
(scheme, hostname, port))
service = services[0]
if not principal_exists(service.principal_name):
return HttpResponse(status=404,
content='Principal for %s://%s:%s/ undefined' %
(scheme, hostname, port))
return KeytabResponse(service.principal_name)
def get_host_keytab(request, hostname):
"""Register a computer:
- create Kerberos principal
- create private key
- create public SSH key
- create x509 certificate
- create PTR DNS record
- create A or AAAA DNS record
- create SSHFP DNS record
- return keytab
:param request:
:type request:
:param hostname:
:type hostname:
:return:
:rtype:
"""
admin_ip_address = request.GET.get('ip_address')
hostname = hostname.lower()
main_ip_address = request.META.get('HTTP_X_FORWARDED_FOR')
short_hostname = hostname.partition('.')[0]
fqdn = '%s.%s%s' % (short_hostname, settings.PDNS_INFRA_PREFIX, settings.PENATES_DOMAIN)
# valid FQDN
# create Kerberos principal
principal = principal_from_hostname(fqdn, settings.PENATES_REALM)
if principal_exists(principal):
return HttpResponse('Hostname %s is already registered.' % hostname, status=403)
principal = Host.register_host(short_hostname, main_ip_address, admin_ip_address)
if settings.OFFER_HOST_KEYTABS:
return KeytabResponse(principal)
return HttpResponse('', content_type='text/plain', status=201)
def get_host_keytab(request, hostname):
"""Register a computer:
- create Kerberos principal
- create private key
- create public SSH key
- create x509 certificate
- create PTR DNS record
- create A or AAAA DNS record
- create SSHFP DNS record
- return keytab
:param request:
:type request:
:param hostname:
:type hostname:
:return:
:rtype:
"""
admin_ip_address = request.GET.get('ip_address')
ip_address = request.META.get('HTTP_X_FORWARDED_FOR')
short_hostname = hostname.partition('.')[0]
domain_name = settings.PENATES_DOMAIN
fqdn = '%s.%s%s' % (short_hostname, settings.PDNS_INFRA_PREFIX, domain_name)
# valid FQDN
# create Kerberos principal
principal = principal_from_hostname(fqdn, settings.PENATES_REALM)
if principal_exists(principal):
return HttpResponse('', status=403)
else:
add_principal(principal)
Host.objects.get_or_create(fqdn=fqdn)
# create private key, public key, public certificate, public SSH key
entry = entry_from_hostname(fqdn)
pki = PKI()
pki.ensure_certificate(entry)
# create DNS records
if ip_address:
Domain.ensure_auto_record(ip_address, fqdn, unique=True, override_reverse=True)
Host.objects.filter(fqdn=fqdn).update(main_ip_address=ip_address)
if admin_ip_address:
admin_fqdn = '%s.%s%s' % (short_hostname, settings.PDNS_ADMIN_PREFIX, domain_name)
Domain.ensure_auto_record(admin_ip_address, admin_fqdn, unique=True, override_reverse=False)
Host.objects.filter(fqdn=fqdn).update(admin_ip_address=admin_ip_address)
if settings.OFFER_HOST_KEYTABS:
return KeytabResponse(principal)
return HttpResponse('', content_type='text/plain', status=201)
def get_service_keytab(request, scheme, hostname, port):
fqdn = hostname_from_principal(request.user.username)
protocol = request.GET.get('protocol', 'tcp')
hosts = list(Host.objects.filter(fqdn=fqdn)[0:1])
if not hosts:
return HttpResponse(status=401, content='Unknown host %s is not allowed' % fqdn)
host = hosts[0]
if scheme == 'ssh' and host.admin_ip_address != host.main_ip_address:
fqdn = '%s.%s%s' % (fqdn.partition('.')[0], settings.PDNS_ADMIN_PREFIX, settings.PENATES_DOMAIN)
services = list(Service.objects.filter(fqdn=fqdn, scheme=scheme, hostname=hostname, port=port,
protocol=protocol)[0:1])
if not services:
return HttpResponse(status=404, content='%s://%s:%s/ unknown' % (scheme, hostname, port))
service = services[0]
principal_name = '%s/%s@%s' % (service.kerberos_service, fqdn, settings.PENATES_REALM)
if not principal_exists(principal_name):
return HttpResponse(status=404, content='Principal for %s://%s:%s/ undefined' % (scheme, hostname, port))
return KeytabResponse(principal_name)
def get_host_keytab(request, hostname):
"""Register a computer:
- create Kerberos principal
- create private key
- create public SSH key
- create x509 certificate
- create PTR DNS record
- create A or AAAA DNS record
- create SSHFP DNS record
- return keytab
:param request:
:type request:
:param hostname:
:type hostname:
:return:
:rtype:
"""
admin_ip_address = request.GET.get('ip_address')
hostname = hostname.lower()
main_ip_address = request.META.get('HTTP_X_FORWARDED_FOR')
short_hostname = hostname.partition('.')[0]
fqdn = '%s.%s%s' % (short_hostname, settings.PDNS_INFRA_PREFIX,
settings.PENATES_DOMAIN)
# valid FQDN
# create Kerberos principal
principal = principal_from_hostname(fqdn, settings.PENATES_REALM)
if principal_exists(principal):
return HttpResponse('Hostname %s is already registered.' % hostname,
status=403)
principal = Host.register_host(short_hostname, main_ip_address,
admin_ip_address)
if settings.OFFER_HOST_KEYTABS:
return KeytabResponse(principal)
return HttpResponse('', content_type='text/plain', status=201)
