Пример #1
0
def get_service_keytab(request, scheme, hostname, port):
    try:
        fqdn = hostname_from_principal(request.user.username)
    except ValueError:
        return HttpResponse(
            status=401,
            content='Unable to get keytab %s://%s:%s/: invalid username' %
            (scheme, hostname, port))
    protocol = request.GET.get('protocol', 'tcp')
    hosts = list(Host.objects.filter(fqdn=fqdn)[0:1])
    if not hosts:
        return HttpResponse(status=401,
                            content='Unknown host %s is not allowed' % fqdn)
    host = hosts[0]
    if scheme == 'ssh' and host.admin_ip_address != host.main_ip_address:
        fqdn = '%s.%s%s' % (fqdn.partition('.')[0], settings.PDNS_ADMIN_PREFIX,
                            settings.PENATES_DOMAIN)
    services = list(
        Service.objects.filter(fqdn=fqdn,
                               scheme=scheme,
                               hostname=hostname,
                               port=port,
                               protocol=protocol)[0:1])
    if not services:
        return HttpResponse(status=404,
                            content='%s://%s:%s/ unknown' %
                            (scheme, hostname, port))
    service = services[0]
    if not principal_exists(service.principal_name):
        return HttpResponse(status=404,
                            content='Principal for %s://%s:%s/ undefined' %
                            (scheme, hostname, port))
    return KeytabResponse(service.principal_name)
Пример #2
0
def get_host_keytab(request, hostname):
    """Register a computer:

        - create Kerberos principal
        - create private key
        - create public SSH key
        - create x509 certificate
        - create PTR DNS record
        - create A or AAAA DNS record
        - create SSHFP DNS record
        - return keytab

    :param request:
    :type request:
    :param hostname:
    :type hostname:
    :return:
    :rtype:
    """
    admin_ip_address = request.GET.get('ip_address')
    hostname = hostname.lower()
    main_ip_address = request.META.get('HTTP_X_FORWARDED_FOR')
    short_hostname = hostname.partition('.')[0]
    fqdn = '%s.%s%s' % (short_hostname, settings.PDNS_INFRA_PREFIX, settings.PENATES_DOMAIN)
    # valid FQDN
    # create Kerberos principal
    principal = principal_from_hostname(fqdn, settings.PENATES_REALM)
    if principal_exists(principal):
        return HttpResponse('Hostname %s is already registered.' % hostname, status=403)

    principal = Host.register_host(short_hostname, main_ip_address, admin_ip_address)
    if settings.OFFER_HOST_KEYTABS:
        return KeytabResponse(principal)
    return HttpResponse('', content_type='text/plain', status=201)
Пример #3
0
def get_host_keytab(request, hostname):
    """Register a computer:

        - create Kerberos principal
        - create private key
        - create public SSH key
        - create x509 certificate
        - create PTR DNS record
        - create A or AAAA DNS record
        - create SSHFP DNS record
        - return keytab

    :param request:
    :type request:
    :param hostname:
    :type hostname:
    :return:
    :rtype:
    """
    admin_ip_address = request.GET.get('ip_address')
    ip_address = request.META.get('HTTP_X_FORWARDED_FOR')
    short_hostname = hostname.partition('.')[0]
    domain_name = settings.PENATES_DOMAIN
    fqdn = '%s.%s%s' % (short_hostname, settings.PDNS_INFRA_PREFIX, domain_name)
    # valid FQDN
    # create Kerberos principal
    principal = principal_from_hostname(fqdn, settings.PENATES_REALM)
    if principal_exists(principal):
        return HttpResponse('', status=403)
    else:
        add_principal(principal)
    Host.objects.get_or_create(fqdn=fqdn)
    # create private key, public key, public certificate, public SSH key
    entry = entry_from_hostname(fqdn)
    pki = PKI()
    pki.ensure_certificate(entry)
    # create DNS records
    if ip_address:
        Domain.ensure_auto_record(ip_address, fqdn, unique=True, override_reverse=True)
        Host.objects.filter(fqdn=fqdn).update(main_ip_address=ip_address)
    if admin_ip_address:
        admin_fqdn = '%s.%s%s' % (short_hostname, settings.PDNS_ADMIN_PREFIX, domain_name)
        Domain.ensure_auto_record(admin_ip_address, admin_fqdn, unique=True, override_reverse=False)
        Host.objects.filter(fqdn=fqdn).update(admin_ip_address=admin_ip_address)
    if settings.OFFER_HOST_KEYTABS:
        return KeytabResponse(principal)
    return HttpResponse('', content_type='text/plain', status=201)
Пример #4
0
def get_service_keytab(request, scheme, hostname, port):
    fqdn = hostname_from_principal(request.user.username)
    protocol = request.GET.get('protocol', 'tcp')
    hosts = list(Host.objects.filter(fqdn=fqdn)[0:1])
    if not hosts:
        return HttpResponse(status=401, content='Unknown host %s is not allowed' % fqdn)
    host = hosts[0]
    if scheme == 'ssh' and host.admin_ip_address != host.main_ip_address:
        fqdn = '%s.%s%s' % (fqdn.partition('.')[0], settings.PDNS_ADMIN_PREFIX, settings.PENATES_DOMAIN)
    services = list(Service.objects.filter(fqdn=fqdn, scheme=scheme, hostname=hostname, port=port,
                                           protocol=protocol)[0:1])
    if not services:
        return HttpResponse(status=404, content='%s://%s:%s/ unknown' % (scheme, hostname, port))
    service = services[0]
    principal_name = '%s/%s@%s' % (service.kerberos_service, fqdn, settings.PENATES_REALM)
    if not principal_exists(principal_name):
        return HttpResponse(status=404, content='Principal for %s://%s:%s/ undefined' % (scheme, hostname, port))
    return KeytabResponse(principal_name)
Пример #5
0
def get_host_keytab(request, hostname):
    """Register a computer:

        - create Kerberos principal
        - create private key
        - create public SSH key
        - create x509 certificate
        - create PTR DNS record
        - create A or AAAA DNS record
        - create SSHFP DNS record
        - return keytab

    :param request:
    :type request:
    :param hostname:
    :type hostname:
    :return:
    :rtype:
    """
    admin_ip_address = request.GET.get('ip_address')
    hostname = hostname.lower()
    main_ip_address = request.META.get('HTTP_X_FORWARDED_FOR')
    short_hostname = hostname.partition('.')[0]
    fqdn = '%s.%s%s' % (short_hostname, settings.PDNS_INFRA_PREFIX,
                        settings.PENATES_DOMAIN)
    # valid FQDN
    # create Kerberos principal
    principal = principal_from_hostname(fqdn, settings.PENATES_REALM)
    if principal_exists(principal):
        return HttpResponse('Hostname %s is already registered.' % hostname,
                            status=403)

    principal = Host.register_host(short_hostname, main_ip_address,
                                   admin_ip_address)
    if settings.OFFER_HOST_KEYTABS:
        return KeytabResponse(principal)
    return HttpResponse('', content_type='text/plain', status=201)