Skip to content

Commit

Permalink
UserLocal : Add support of User LDAP/RADIUS/TACACS (#267)
Browse files Browse the repository at this point in the history 

Co-authored-by: Cédric Moreau <[email protected]>
  • Loading branch information
@CedricMoreau
CedricMoreau and Cédric Moreau authored Oct 7, 2024
1 parent 08cd975 commit 5657567
Show file tree
Hide file tree
Showing 2 changed files with 519 additions and 14 deletions.
80 changes: 66 additions & 14 deletions PowerFGT/Public/cmdb/user/local.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,15 @@ function Add-FGTUserLocal {
[switch]$status,
[Parameter (Mandatory = $false, ParameterSetName = "password")]
[SecureString]$passwd,
<#[Parameter (Mandatory = $false, ParameterSetName = "radius")]
[Parameter (Mandatory = $false, ParameterSetName = "radius")]
[ValidateLength(1, 35)]
[string]$radius_server,
[Parameter (Mandatory = $false, ParameterSetName = "tacacs")]
[string]$tacacs_server,#>
[ValidateLength(1, 35)]
[string]$tacacs_server,
[Parameter (Mandatory = $false, ParameterSetName = "ldap")]
[ValidateLength(1, 35)]
[string]$ldap_server,
[Parameter (Mandatory = $false)]
[ValidateSet("fortitoken", "email", "sms", "disable", "fortitoken-cloud")]
[string]$two_factor,
Expand Down Expand Up @@ -94,6 +99,24 @@ function Add-FGTUserLocal {
Throw "Already a Local User object using the same name"
}

if ( $PsBoundParameters.ContainsKey('radius_server') ) {
if ( -Not (Get-FGTUserRADIUS @invokeParams -name $radius_server -connection $connection)) {
Throw "There is no RADIUS Server existing using this name"
}
}

if ( $PsBoundParameters.ContainsKey('tacacs_server') ) {
if ( -Not (Get-FGTUserTACACS @invokeParams -name $tacacs_server -connection $connection)) {
Throw "There is no TACACS Server existing using this name"
}
}

if ( $PsBoundParameters.ContainsKey('ldap_server') ) {
if ( -Not (Get-FGTUserLDAP @invokeParams -name $ldap_server -connection $connection)) {
Throw "There is no LDAP Server existing using this name"
}
}

$uri = "api/v2/cmdb/user/local"

$local = New-Object -TypeName PSObject
Expand All @@ -112,15 +135,18 @@ function Add-FGTUserLocal {
$local | add-member -name "type" -membertype NoteProperty -Value "password"
$local | add-member -name "passwd" -membertype NoteProperty -Value $password
}
<#
"radius" {
$local | add-member -name "type" -membertype NoteProperty -Value "radius"
$local | add-member -name "radius-server" -membertype NoteProperty -Value $radius_server
}
"tacacs" {
$local | add-member -name "type" -membertype NoteProperty -Value "tacacs"
$local | add-member -name "type" -membertype NoteProperty -Value "tacacs+"
$local | add-member -name "tacacs+-server" -membertype NoteProperty -Value $tacacs_server
}#>
}
"ldap" {
$local | add-member -name "type" -membertype NoteProperty -Value "ldap"
$local | add-member -name "ldap-server" -membertype NoteProperty -Value $ldap_server
}
default { }
}

Expand Down Expand Up @@ -323,10 +349,15 @@ function Set-FGTUserLocal {
[switch]$status,
[Parameter (Mandatory = $false, ParameterSetName = "password")]
[SecureString]$passwd,
<#[Parameter (Mandatory = $false, ParameterSetName = "radius")]
[Parameter (Mandatory = $false, ParameterSetName = "radius")]
[ValidateLength(1, 35)]
[string]$radius_server,
[Parameter (Mandatory = $false, ParameterSetName = "tacacs")]
[string]$tacacs_server,#>
[ValidateLength(1, 35)]
[string]$tacacs_server,
[Parameter (Mandatory = $false, ParameterSetName = "ldap")]
[ValidateLength(1, 35)]
[string]$ldap_server,
[Parameter (Mandatory = $false)]
[ValidateSet("fortitoken", "email", "sms", "disable", "fortitoken-cloud")]
[string]$two_factor,
Expand Down Expand Up @@ -356,6 +387,24 @@ function Set-FGTUserLocal {
$invokeParams.add( 'vdom', $vdom )
}

if ( $PsBoundParameters.ContainsKey('radius_server') ) {
if ( -Not (Get-FGTUserRADIUS @invokeParams -name $radius_server -connection $connection)) {
Throw "There is no RADIUS Server existing using this name"
}
}

if ( $PsBoundParameters.ContainsKey('tacacs_server') ) {
if ( -Not (Get-FGTUserTACACS @invokeParams -name $tacacs_server -connection $connection)) {
Throw "There is no TACACS Server existing using this name"
}
}

if ( $PsBoundParameters.ContainsKey('ldap_server') ) {
if ( -Not (Get-FGTUserLDAP @invokeParams -name $ldap_server -connection $connection)) {
Throw "There is no LDAP Server existing using this name"
}
}

$uri = "api/v2/cmdb/user/local/$($userlocal.name)"

$_local = New-Object -TypeName PSObject
Expand All @@ -379,10 +428,6 @@ function Set-FGTUserLocal {
}
}

if ( $PSCmdlet.ParameterSetName -ne "default" -and $userlocal.type -ne $PSCmdlet.ParameterSetName ) {
throw "User type ($($userlocal.type)) need to be on the same type ($($PSCmdlet.ParameterSetName))"
}

if ($PsBoundParameters.ContainsKey('status')) {
if ($status) {
$_local | add-member -name "status" -membertype NoteProperty -Value "enable"
Expand All @@ -394,14 +439,21 @@ function Set-FGTUserLocal {

switch ( $PSCmdlet.ParameterSetName ) {
"password" {
$_local | add-member -name "type" -membertype NoteProperty -Value "password"
$_local | add-member -name "passwd" -membertype NoteProperty -Value $password
}
<#"radius" {
"radius" {
$_local | add-member -name "type" -membertype NoteProperty -Value "radius"
$_local | add-member -name "radius-server" -membertype NoteProperty -Value $radius_server
}
"tacacs" {
$_local | add-member -name "type" -membertype NoteProperty -Value "tacacs+"
$_local | add-member -name "tacacs+-server" -membertype NoteProperty -Value $tacacs_server
}#>
}
"ldap" {
$_local | add-member -name "type" -membertype NoteProperty -Value "ldap"
$_local | add-member -name "ldap-server" -membertype NoteProperty -Value $ldap_server
}
default { }
}

Expand All @@ -417,7 +469,7 @@ function Set-FGTUserLocal {
}
elseif ( $two_factor -eq "sms" ) {
$_local | add-member -name "two-factor" -membertype NoteProperty -Value $two_factor
$_local | add-member -name "two-factor-authentication" -membertype NoteProperty -Value $two_factor++
$_local | add-member -name "two-factor-authentication" -membertype NoteProperty -Value $two_factor
}
}

Expand Down
Loading

0 comments on commit 5657567

Please sign in to comment.