Support creating ad and ldap modules with ca-based cert checking

author: Simon Rettberg 2015-10-20 17:15:49 +0200
committer: Simon Rettberg 2015-10-20 17:15:49 +0200
commit: 2c6bbc84799bcca7beb88abc4781ab0bc8ec5328 (patch)
tree: 21ca2565c6dd63b7405201964652d396e4d87d7c /templates/sysconfig
parent: [serversetup] Fix ipxe html layout (diff)
download: slx-admin-2c6bbc84799bcca7beb88abc4781ab0bc8ec5328.tar.gz
slx-admin-2c6bbc84799bcca7beb88abc4781ab0bc8ec5328.tar.xz
slx-admin-2c6bbc84799bcca7beb88abc4781ab0bc8ec5328.zip
6 files changed, 86 insertions, 160 deletions
diff --git a/templates/sysconfig/ad-start.html b/templates/sysconfig/ad-start.html
index 8ce92c25..58f4a381 100644
--- a/templates/sysconfig/ad-start.html
+++ b/templates/sysconfig/ad-start.html
@@ -10,6 +10,8 @@
 	{{lang_adText4}}
 </p>
 
+<i>{{lang_asteriskMandatory}}</i>
+
 <form role="form" method="post" action="?do=SysConfig&amp;action=addmodule&amp;step={{step}}">
 	<input type="hidden" name="token" value="{{token}}">
 	<input type="hidden" name="edit" value="{{edit}}">
@@ -20,30 +22,18 @@
 	<div class="input-group">
 		<span class="input-group-addon slx-ga">Server *</span>
 		<input tabindex="2" name="server" value="{{server}}" type="text" class="form-control" placeholder="dc0.institution.example.com">
-		<!--span class="input-group-btn">
-			<a class="btn btn-default"><span class="glyphicon glyphicon-question-sign"></span></a>
-		</span-->
 	</div>
 	<div class="input-group">
 		<span class="input-group-addon slx-ga">{{lang_bindDN}} *</span>
 		<input tabindex="3" name="binddn" value="{{binddn}}" type="text" class="form-control" placeholder="domain\bwlp *ODER* CN=bwlp,OU=Benutzer,DC=domain,DC=hs-beispiel,DC=de">
-		<!--span class="input-group-btn">
-			<a class="btn btn-default"><span class="glyphicon glyphicon-question-sign"></span></a>
-		</span-->
 	</div>
 	<div class="input-group">
 		<span class="input-group-addon slx-ga">{{lang_password}} *</span>
 		<input tabindex="4" name="bindpw" value="{{bindpw}}" type="{{password_type}}" class="form-control" placeholder="{{lang_password}}">
-		<!--span class="input-group-btn">
-			<a class="btn btn-default"><span class="glyphicon glyphicon-question-sign"></span></a>
-		</span-->
 	</div>
 	<div class="input-group">
 		<span class="input-group-addon slx-ga">{{lang_searchBase}}</span>
 		<input tabindex="5" name="searchbase" value="{{searchbase}}" type="text" class="form-control" placeholder="dc=windows,dc=hs-beispiel,dc=de">
-		<!--span class="input-group-btn">
-			<a class="btn btn-default"><span class="glyphicon glyphicon-question-sign"></span></a>
-		</span-->
 	</div>
 	<br>
 	<div class="input-group">
@@ -54,16 +44,36 @@
 		</span>
 	</div>
 	<br>
-	<div class="checkbox">
+	<div>
 		<label>
-			<input type="checkbox" name="ssl" {{#ssl}}checked{{/ssl}}> {{lang_ssl}}
+			<input type="checkbox" name="ssl" onchange="$('#cert-box').css('display', this.checked ? '' : 'none')" {{#ssl}}checked{{/ssl}}> {{lang_ssl}}
 		</label>
 	</div>
-	<div><i>{{lang_sslDescription}}</i></div>
+	<i>{{lang_sslDescription}}</i>
 	<br>
 	<div class="pull-right">
 		<button type="submit" class="btn btn-primary">{{lang_next}} &raquo;</button>
 	</div>
+	<div class="clearfix"></div>
+	<hr>
+	<div {{^ssl}}style="display:none"{{/ssl}} id="cert-box">
+		<div class="well well-sm" id="wcustom">
+			{{lang_customCertificate}}
+			<pre class="small">
+-----BEGIN CERTIFICATE-----
+MIIFfTCCA...
+.....
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+.....
+-----END CERTIFICATE-----</pre>
+			<textarea name="certificate" class="form-control small" cols="101" rows="10">{{certificate}}</textarea>
+		</div>
+		<div class="pull-right">
+			<button type="submit" class="btn btn-primary">{{lang_next}} &raquo;</button>
+		</div>
+		<div class="clearfix"></div>
+	</div>
 </form>
 
 <div class="modal fade" id="help-home" tabindex="-1" role="dialog">
diff --git a/templates/sysconfig/ad-checkconnection.html b/templates/sysconfig/ad_ldap-checkconnection.html
index 0c7cd77f..58196958 100644
--- a/templates/sysconfig/ad-checkconnection.html
+++ b/templates/sysconfig/ad_ldap-checkconnection.html
@@ -5,9 +5,12 @@
 <div id="zeug">
 	<div data-tm-id="{{taskid}}" data-tm-log="messages" data-tm-callback="portScan">Port Check</div>
 </div>
+<div id="self-signed" style="display:none" class="alert alert-info">{{lang_selfSignedNote}}</div>
+<div id="no-valid-cert" style="display:none" class="alert alert-danger">{{lang_noValidCert}}</div>
+<div id="no-open-port" style="display:none" class="alert alert-danger">{{lang_noOpenPort}}</div>
 <br>
 <div class="pull-left">
-	<form role="form" method="post" action="?do=SysConfig&amp;action=addmodule&amp;step=AdAuth_Start">
+	<form role="form" method="post" action="?do=SysConfig&amp;action=addmodule&amp;step={{prev}}">
 		<input type="hidden" name="token" value="{{token}}">
 		<input type="hidden" name="edit" value="{{edit}}">
 		<input name="title" value="{{title}}" type="hidden">
@@ -17,13 +20,14 @@
 		<input name="bindpw" value="{{bindpw}}" type="hidden">
 		<input name="home" value="{{home}}" type="hidden">
 		{{#ssl}}
-		<input id="ssl" name="ssl" value="on" type="hidden">
+		<input name="ssl" value="on" type="hidden">
+		<input type="hidden" name="certificate" value="{{certificate}}">
 		{{/ssl}}
 		<button type="submit" class="btn btn-primary">&laquo; {{lang_back}}</button>
 	</form>
 </div>
 <div class="pull-right">
-	<form id="nextform" role="form" method="post" action="?do=SysConfig&amp;action=addmodule&amp;step={{step}}">
+	<form id="nextform" role="form" method="post" action="?do=SysConfig&amp;action=addmodule&amp;step={{next}}">
 		<input type="hidden" name="token" value="{{token}}">
 		<input type="hidden" name="edit" value="{{edit}}">
 		<input name="title" value="{{title}}" type="hidden">
@@ -34,8 +38,9 @@
 		<input name="bindpw" value="{{bindpw}}" type="hidden">
 		<input name="home" value="{{home}}" type="hidden">
 		{{#ssl}}
-		<input name="ssl" value="on" type="hidden">
+		<input id="ssl" name="ssl" value="on" type="hidden">
 		<input id="fingerprint" name="fingerprint" value="" type="hidden">
+		<input id="certificate" type="hidden" name="certificate" value="{{certificate}}">
 		{{/ssl}}
 		<input name="originalbinddn" value="{{binddn}}" type="hidden">
 		<button id="nextbutton" type="submit" class="btn btn-primary" style="display:none">{{lang_next}} &raquo;</button>
@@ -43,6 +48,10 @@
 </div>
 <div id="bla"></div>
 <script type="text/javascript">
+	function isSelfSigned(code)
+	{
+		return code == 18 || code == 19 || code == 20 || code == 21;
+	}
 	function portScan(task)
 	{
 		if (!task || !task.statusCode)
@@ -50,16 +59,30 @@
 		if (task.statusCode === 'TASK_FINISHED' && task.data && task.data.ports) {
 			var ssl = $('#ssl').length > 0;
 			var ports = task.data.ports;
+			var verRes = -1;
+			var cert = $('#certificate').val().length > 10;
 			for (var i = 0; i < ports.length; ++i) {
-				if (ports[i].open && ports[i].port && (!ssl || ports[i].certFingerprint.length > 10)) {
-					if ($.isNumeric($('#port').val()) && $('#port').val() < ports[i].port) continue; // Prefer the global LDAP ports over the specific AD ports
-					$('#port').val(ports[i].port);
-					if (ssl) $('#fingerprint').val(ports[i].certFingerprint);
+				if (!ports[i].open || !ports[i].port) continue;
+				if ($.isNumeric($('#port').val()) && $('#port').val() < ports[i].port) continue; // Prefer the global LDAP ports over the specific AD ports
+				if (ssl) {
+					if (verRes === -1) verRes = ports[i].verifyResult;
+					if (ports[i].certFingerprint.length < 10 || ports[i].certificateChain.length < 10) continue;
+					if (ports[i].verifyResult != 0 && (cert || !isSelfSigned(ports[i].verifyResult))) continue;
+					verRes = ports[i].verifyResult;
+					$('#fingerprint').val(ports[i].certFingerprint);
+					if (!cert && verRes != 0) $('#certificate').val(ports[i].certificateChain);
+					else if (!cert && verRes == 0) $('#certificate').val('default');
 				}
+				$('#port').val(ports[i].port);
 			}
-			if ($('#port').val() > 0) {
+			if (ssl && verRes != 0 && (cert || !isSelfSigned(verRes))) {
+				$('#no-valid-cert').css('display', '');
+			} else if ($('#port').val() > 0) {
 				$('#nextbutton').show();
-				$('#nextform').submit();
+				if (ssl && isSelfSigned(verRes)) $('#self-signed').css('display', '');
+				else $('#nextform').submit();
+			} else {
+				$('#no-open-port').css('display', '');
 			}
 		}
 	}
diff --git a/templates/sysconfig/ad-checkcredentials.html b/templates/sysconfig/ad_ldap-checkcredentials.html
index dbd09d58..5a9d6b38 100644
--- a/templates/sysconfig/ad-checkcredentials.html
+++ b/templates/sysconfig/ad_ldap-checkcredentials.html
@@ -3,13 +3,13 @@
 </p>
 
 <div id="zeug">
-	<div data-tm-id="{{self-search}}" data-tm-log="messages" data-tm-callback="selfCb">LDAP Self-Query</div>
+	{{#self-search}}<div data-tm-id="{{self-search}}" data-tm-log="messages" data-tm-callback="selfCb">LDAP Self-Query</div>{{/self-search}}
 	<div data-tm-id="{{tm-search}}" data-tm-log="messages" data-tm-callback="ldapCb">LDAP Test-Query</div>
 </div>
 <i>{{lang_onProblemSearchBase}}</i>
 <br><br>
 <div class="pull-left">
-	<form role="form" method="post" action="?do=SysConfig&amp;action=addmodule&amp;step=AdAuth_Start">
+	<form role="form" method="post" action="?do=SysConfig&amp;action=addmodule&amp;step={{prev}}">
 		<input type="hidden" name="token" value="{{token}}">
 		<input type="hidden" name="edit" value="{{edit}}">
 		<input name="title" value="{{title}}" type="hidden">
@@ -20,12 +20,13 @@
 		<input name="home" value="{{home}}" type="hidden">
 		{{#ssl}}
 		<input name="ssl" value="on" type="hidden">
+		<input type="hidden" name="certificate" value="{{certificate}}">
 		{{/ssl}}
 		<button type="submit" class="btn btn-primary">&laquo; {{lang_back}}</button>
 	</form>
 </div>
 <div class="pull-right">
-	<form role="form" method="post" action="?do=SysConfig&amp;action=addmodule&amp;step={{step}}">
+	<form role="form" method="post" action="?do=SysConfig&amp;action=addmodule&amp;step={{next}}">
 		<input type="hidden" name="token" value="{{token}}">
 		<input type="hidden" name="edit" value="{{edit}}">
 		<input name="title" value="{{title}}" type="hidden">
@@ -37,6 +38,7 @@
 		<input name="home" value="{{home}}" type="hidden">
 		{{#ssl}}
 		<input name="ssl" value="on" type="hidden">
+		<input type="hidden" name="certificate" value="{{certificate}}">
 		{{/ssl}}
 		<input name="fingerprint" value="{{fingerprint}}" type="hidden">
 		<input name="originalbinddn" value="{{binddn}}" type="hidden">
diff --git a/templates/sysconfig/ldap-checkconnection.html b/templates/sysconfig/ldap-checkconnection.html
deleted file mode 100644
index b661a263..00000000
--- a/templates/sysconfig/ldap-checkconnection.html
+++ /dev/null
@@ -1,66 +0,0 @@
-<p>
-	{{lang_connectionWait}}
-</p>
-
-<div id="zeug">
-	<div data-tm-id="{{taskid}}" data-tm-log="messages" data-tm-callback="portScan">Port Check</div>
-</div>
-<br>
-<div class="pull-left">
-	<form role="form" method="post" action="?do=SysConfig&amp;action=addmodule&amp;step=LdapAuth_Start">
-		<input type="hidden" name="token" value="{{token}}">
-		<input type="hidden" name="edit" value="{{edit}}">
-		<input name="title" value="{{title}}" type="hidden">
-		<input name="server" value="{{server}}" type="hidden">
-		<input name="searchbase" value="{{searchbase}}" type="hidden">
-		<input name="binddn" value="{{binddn}}" type="hidden">
-		<input name="bindpw" value="{{bindpw}}" type="hidden">
-		<input name="home" value="{{home}}" type="hidden">
-		{{#ssl}}
-		<input id="ssl" name="ssl" value="on" type="hidden">
-		{{/ssl}}
-		<button type="submit" class="btn btn-primary">&laquo; {{lang_back}}</button>
-	</form>
-</div>
-<div class="pull-right">
-	<form id="nextform" role="form" method="post" action="?do=SysConfig&amp;action=addmodule&amp;step={{step}}">
-		<input type="hidden" name="token" value="{{token}}">
-		<input type="hidden" name="edit" value="{{edit}}">
-		<input name="title" value="{{title}}" type="hidden">
-		<input name="server" value="{{server}}" type="hidden">
-		<input id="port" name="port" value="" type="hidden">
-		<input name="searchbase" value="{{searchbase}}" type="hidden">
-		<input name="binddn" value="{{binddn}}" type="hidden">
-		<input name="bindpw" value="{{bindpw}}" type="hidden">
-		<input name="home" value="{{home}}" type="hidden">
-		{{#ssl}}
-		<input name="ssl" value="on" type="hidden">
-		<input id="fingerprint" name="fingerprint" value="" type="hidden">
-		{{/ssl}}
-		<input name="originalbinddn" value="{{binddn}}" type="hidden">
-		<button id="nextbutton" type="submit" class="btn btn-primary" style="display:none">{{lang_next}} &raquo;</button>
-	</form>
-</div>
-<div id="bla"></div>
-<script type="text/javascript">
-	function portScan(task)
-	{
-		if (!task || !task.statusCode)
-			return;
-		if (task.statusCode === 'TASK_FINISHED' && task.data && task.data.ports) {
-			var ssl = $('#ssl').length > 0;
-			var ports = task.data.ports;
-			for (var i = 0; i < ports.length; ++i) {
-				if (ports[i].open && ports[i].port && (!ssl || ports[i].certFingerprint.length > 10)) {
-					if ($.isNumeric($('#port').val()) && $('#port').val() < ports[i].port) continue; // Prefer the global LDAP ports
-					$('#port').val(ports[i].port);
-					if (ssl) $('#fingerprint').val(ports[i].certFingerprint);
-				}
-			}
-			if ($('#port').val() > 0) {
-				$('#nextbutton').show();
-				$('#nextform').submit();
-			}
-		}
-	}
-</script>
diff --git a/templates/sysconfig/ldap-checkcredentials.html b/templates/sysconfig/ldap-checkcredentials.html
deleted file mode 100644
index 77736c9c..00000000
--- a/templates/sysconfig/ldap-checkcredentials.html
+++ /dev/null
@@ -1,63 +0,0 @@
-<p>
-	{{lang_connectionWait}}
-</p>
-
-<div id="zeug">
-	<div data-tm-id="{{tm-search}}" data-tm-log="messages" data-tm-callback="ldapCb">LDAP Test-Query</div>
-</div>
-<i>{{lang_onProblemSearchBase}}</i>
-<br><br>
-<div class="pull-left">
-	<form role="form" method="post" action="?do=SysConfig&amp;action=addmodule&amp;step=LdapAuth_Start">
-		<input type="hidden" name="token" value="{{token}}">
-		<input type="hidden" name="edit" value="{{edit}}">
-		<input name="title" value="{{title}}" type="hidden">
-		<input name="server" value="{{server}}" type="hidden">
-		<input name="searchbase" value="{{searchbase}}" type="hidden">
-		<input name="binddn" value="{{binddn}}" type="hidden">
-		<input name="bindpw" value="{{bindpw}}" type="hidden">
-		<input name="home" value="{{home}}" type="hidden">
-		{{#ssl}}
-		<input name="ssl" value="on" type="hidden">
-		{{/ssl}}
-		<button type="submit" class="btn btn-primary">&laquo; {{lang_back}}</button>
-	</form>
-</div>
-<div class="pull-right">
-	<form role="form" method="post" action="?do=SysConfig&amp;action=addmodule&amp;step={{step}}">
-		<input type="hidden" name="token" value="{{token}}">
-		<input type="hidden" name="edit" value="{{edit}}">
-		<input name="title" value="{{title}}" type="hidden">
-		<input name="server" value="{{server}}" type="hidden">
-		<input name="searchbase" value="{{searchbase}}" type="hidden">
-		<input id="setbase" name="somedn" value="" type="hidden">
-		<input id="setdn" name="binddn" value="{{binddn}}" type="hidden">
-		<input name="bindpw" value="{{bindpw}}" type="hidden">
-		<input name="home" value="{{home}}" type="hidden">
-		{{#ssl}}
-		<input name="ssl" value="on" type="hidden">
-		{{/ssl}}
-		<input name="fingerprint" value="{{fingerprint}}" type="hidden">
-		<input name="originalbinddn" value="{{binddn}}" type="hidden">
-		<button id="nextbutton" type="submit" class="btn btn-primary" style="display:none">{{lang_skip}} &raquo;</button>
-	</form>
-</div>
-<script type="text/javascript">
-	function ldapCb(task)
-	{
-		if (!task || !task.statusCode)
-			return;
-		if (task.statusCode === 'TASK_FINISHED') {
-			if (task.data && task.data.dn) {
-				$('#setbase').val(task.data.dn);
-			}
-			$('#nextbutton').html('Weiter &raquo;').show();
-		}
-		if (task.statusCode === 'TASK_ERROR' || task.statusCode === 'PARENT_FAILED') {
-			$('#nextbutton').html('Trotzdem weiter &raquo;');
-		}
-		if (task.statusCode === 'TASK_ERROR') {
-			$('#nextbutton').show();
-		}
-	}
-</script>
diff --git a/templates/sysconfig/ldap-start.html b/templates/sysconfig/ldap-start.html
index 8fa7cb9f..66afa68d 100644
--- a/templates/sysconfig/ldap-start.html
+++ b/templates/sysconfig/ldap-start.html
@@ -48,16 +48,36 @@
 		</span>
 	</div>
 	<br>
-	<div class="checkbox">
+	<div>
 		<label>
-			<input type="checkbox" name="ssl" {{#ssl}}checked{{/ssl}}> {{lang_ssl}}
+			<input type="checkbox" name="ssl" onchange="$('#cert-box').css('display', this.checked ? '' : 'none')" {{#ssl}}checked{{/ssl}}> {{lang_ssl}}
 		</label>
 	</div>
-	<div><i>{{lang_sslDescription}}</i></div>
+	<i>{{lang_sslDescription}}</i>
 	<br>
 	<div class="pull-right">
 		<button type="submit" class="btn btn-primary">{{lang_next}} &raquo;</button>
 	</div>
+	<div class="clearfix"></div>
+	<hr>
+	<div {{^ssl}}style="display:none"{{/ssl}} id="cert-box">
+		<div class="well well-sm" id="wcustom">
+			{{lang_customCertificate}}
+			<pre class="small">
+-----BEGIN CERTIFICATE-----
+MIIFfTCCA...
+.....
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+.....
+-----END CERTIFICATE-----</pre>
+			<textarea name="certificate" class="form-control small" cols="101" rows="10">{{certificate}}</textarea>
+		</div>
+		<div class="pull-right">
+			<button type="submit" class="btn btn-primary">{{lang_next}} &raquo;</button>
+		</div>
+		<div class="clearfix"></div>
+	</div>
 </form>
 
 <div class="modal fade" id="help-home" tabindex="-1" role="dialog">
author	Simon Rettberg	2015-10-20 17:15:49 +0200
committer	Simon Rettberg	2015-10-20 17:15:49 +0200
commit	2c6bbc84799bcca7beb88abc4781ab0bc8ec5328 (patch)
tree	21ca2565c6dd63b7405201964652d396e4d87d7c /templates/sysconfig
parent	[serversetup] Fix ipxe html layout (diff)
download	slx-admin-2c6bbc84799bcca7beb88abc4781ab0bc8ec5328.tar.gz slx-admin-2c6bbc84799bcca7beb88abc4781ab0bc8ec5328.tar.xz slx-admin-2c6bbc84799bcca7beb88abc4781ab0bc8ec5328.zip