feature: enrol devices bound to another domain
This commit is contained in:
Gary Sharp
@@ -205,6 +205,10 @@
|
||||
<Compile Include="Migrations\202509070209304_DBv29.Designer.cs">
|
||||
<DependentUpon>202509070209304_DBv29.cs</DependentUpon>
|
||||
</Compile>
|
||||
<Compile Include="Migrations\202509180416385_DBv30.cs" />
|
||||
<Compile Include="Migrations\202509180416385_DBv30.Designer.cs">
|
||||
<DependentUpon>202509180416385_DBv30.cs</DependentUpon>
|
||||
</Compile>
|
||||
<Compile Include="Migrations\Configuration.cs" />
|
||||
<Compile Include="Migrations\DiscoDataMigrator.cs" />
|
||||
<Compile Include="Properties\AssemblyInfo.cs" />
|
||||
@@ -307,6 +311,9 @@
|
||||
<EmbeddedResource Include="Migrations\202509070209304_DBv29.resx">
|
||||
<DependentUpon>202509070209304_DBv29.cs</DependentUpon>
|
||||
</EmbeddedResource>
|
||||
<EmbeddedResource Include="Migrations\202509180416385_DBv30.resx">
|
||||
<DependentUpon>202509180416385_DBv30.cs</DependentUpon>
|
||||
</EmbeddedResource>
|
||||
<EmbeddedResource Include="Properties\Resources.resx">
|
||||
<Generator>ResXFileCodeGenerator</Generator>
|
||||
<LastGenOutput>Resources.Designer.cs</LastGenOutput>
|
||||
|
||||
@@ -0,0 +1,27 @@
|
||||
// <auto-generated />
|
||||
namespace Disco.Data.Migrations
|
||||
{
|
||||
using System.Data.Entity.Migrations;
|
||||
using System.Data.Entity.Migrations.Infrastructure;
|
||||
using System.Resources;
|
||||
|
||||
public sealed partial class DBv30 : IMigrationMetadata
|
||||
{
|
||||
private readonly ResourceManager Resources = new ResourceManager(typeof(DBv30));
|
||||
|
||||
string IMigrationMetadata.Id
|
||||
{
|
||||
get { return "202509180416385_DBv30"; }
|
||||
}
|
||||
|
||||
string IMigrationMetadata.Source
|
||||
{
|
||||
get { return null; }
|
||||
}
|
||||
|
||||
string IMigrationMetadata.Target
|
||||
{
|
||||
get { return Resources.GetString("Target"); }
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,17 @@
|
||||
namespace Disco.Data.Migrations
|
||||
{
|
||||
using System.Data.Entity.Migrations;
|
||||
|
||||
public partial class DBv30 : DbMigration
|
||||
{
|
||||
public override void Up()
|
||||
{
|
||||
AddColumn("dbo.DeviceProfiles", "ProvisionFromOtherDomain", c => c.Boolean(nullable: false, defaultValue: false));
|
||||
}
|
||||
|
||||
public override void Down()
|
||||
{
|
||||
DropColumn("dbo.DeviceProfiles", "ProvisionFromOtherDomain");
|
||||
}
|
||||
}
|
||||
}
|
||||
File diff suppressed because one or more lines are too long
@@ -36,7 +36,7 @@ namespace Disco.Models.Repository
|
||||
|
||||
// 2012-06-28 G#
|
||||
public bool ProvisionADAccount { get; set; }
|
||||
|
||||
public bool ProvisionFromOtherDomain { get; set; }
|
||||
public bool AssignedUserLocalAdmin { get; set; }
|
||||
public bool SetAssignedUserForLogon { get; set; }
|
||||
|
||||
|
||||
@@ -226,40 +226,46 @@ namespace Disco.Services.Devices.Enrolment
|
||||
throw;
|
||||
}
|
||||
}
|
||||
|
||||
int deviceProfileId;
|
||||
if (response.DeviceProfileId.HasValue)
|
||||
deviceProfileId = response.DeviceProfileId.Value;
|
||||
else if (device != null)
|
||||
deviceProfileId = device.DeviceProfileId;
|
||||
else
|
||||
deviceProfileId = Database.DiscoConfiguration.DeviceProfiles.DefaultDeviceProfileId;
|
||||
var deviceProfile = Database.DeviceProfiles.Find(deviceProfileId)
|
||||
?? throw new InvalidOperationException($"Device profile {deviceProfileId} was not found, please check your default profile configuration");
|
||||
|
||||
if (Request.IsPartOfDomain && !string.IsNullOrWhiteSpace(Request.ComputerName))
|
||||
{
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 20, "Loading Active Directory Computer Account");
|
||||
Guid? uuidGuid = null;
|
||||
Guid? macAddressGuid = null;
|
||||
if (!string.IsNullOrEmpty(Request.Hardware.UUID))
|
||||
uuidGuid = ADMachineAccount.NetbootGUIDFromUUID(Request.Hardware.UUID);
|
||||
if (ActiveDirectory.Context.TryGetDomainByName(Request.DNSDomainName, out domain))
|
||||
{
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 20, "Loading Active Directory Computer Account");
|
||||
Guid? uuidGuid = null;
|
||||
Guid? macAddressGuid = null;
|
||||
if (!string.IsNullOrEmpty(Request.Hardware.UUID))
|
||||
uuidGuid = ADMachineAccount.NetbootGUIDFromUUID(Request.Hardware.UUID);
|
||||
|
||||
// Use non-Wlan Adapter with fastest speed
|
||||
var macAddress = Request.Hardware?.NetworkAdapters?.Where(na => !na.IsWlanAdapter).OrderByDescending(na => na.Speed).Select(na => na.MACAddress).FirstOrDefault();
|
||||
if (!string.IsNullOrEmpty(macAddress))
|
||||
macAddressGuid = ADMachineAccount.NetbootGUIDFromMACAddress(macAddress);
|
||||
// Use non-Wlan Adapter with fastest speed
|
||||
var macAddress = Request.Hardware?.NetworkAdapters?.Where(na => !na.IsWlanAdapter).OrderByDescending(na => na.Speed).Select(na => na.MACAddress).FirstOrDefault();
|
||||
if (!string.IsNullOrEmpty(macAddress))
|
||||
macAddressGuid = ADMachineAccount.NetbootGUIDFromMACAddress(macAddress);
|
||||
|
||||
if (domain == null)
|
||||
domain = ActiveDirectory.Context.GetDomainByName(Request.DNSDomainName);
|
||||
var requestDeviceId = $@"{domain.NetBiosName}\{Request.ComputerName}";
|
||||
|
||||
var requestDeviceId = $@"{domain.NetBiosName}\{Request.ComputerName}";
|
||||
|
||||
adMachineAccount = domainController.Value.RetrieveADMachineAccount(requestDeviceId, uuidGuid, macAddressGuid);
|
||||
adMachineAccount = domainController.Value.RetrieveADMachineAccount(requestDeviceId, uuidGuid, macAddressGuid);
|
||||
}
|
||||
else if (!deviceProfile.ProvisionFromOtherDomain)
|
||||
{
|
||||
throw new EnrolmentSafeException($"The specified domain name '{Request.DNSDomainName}' is not recognized or reachable.");
|
||||
}
|
||||
}
|
||||
if (device == null)
|
||||
{
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 30, "New Device, Creating Disco Instance");
|
||||
EnrolmentLog.LogSessionTaskAddedDevice(sessionId, Request.SerialNumber);
|
||||
|
||||
int deviceProfileId;
|
||||
if (response.DeviceProfileId.HasValue)
|
||||
deviceProfileId = response.DeviceProfileId.Value;
|
||||
else
|
||||
deviceProfileId = Database.DiscoConfiguration.DeviceProfiles.DefaultDeviceProfileId;
|
||||
|
||||
var deviceProfile = Database.DeviceProfiles.Find(deviceProfileId)
|
||||
?? throw new InvalidOperationException($"Device profile {deviceProfileId} was not found, please check your default profile configuration");
|
||||
|
||||
var deviceBatch = default(DeviceBatch);
|
||||
if (response.DeviceBatchId.HasValue)
|
||||
deviceBatch = Database.DeviceBatches.Find(response.DeviceBatchId.Value);
|
||||
@@ -300,14 +306,10 @@ namespace Disco.Services.Devices.Enrolment
|
||||
|
||||
device.DeviceModel = deviceModel;
|
||||
|
||||
if (response.DeviceProfileId.HasValue && device.DeviceProfile.Id != response.DeviceProfileId.Value)
|
||||
if (device.DeviceProfile.Id != deviceProfileId)
|
||||
{
|
||||
var deviceProfile = Database.DeviceProfiles.Find(response.DeviceProfileId.Value);
|
||||
if (deviceProfile != null)
|
||||
{
|
||||
device.DeviceProfile = deviceProfile;
|
||||
device.DeviceProfileId = deviceProfile.Id;
|
||||
}
|
||||
device.DeviceProfile = deviceProfile;
|
||||
device.DeviceProfileId = deviceProfile.Id;
|
||||
}
|
||||
|
||||
if (response.DeviceBatchId.HasValue && device.DeviceBatch?.Id != response.DeviceBatchId.Value)
|
||||
|
||||
@@ -34,6 +34,7 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
private const string pEnforceComputerNameConvention = "enforcecomputernameconvention";
|
||||
private const string pEnforceOrganisationalUnit = "enforceorganisationalunit";
|
||||
private const string pProvisionADAccount = "provisionadaccount";
|
||||
private const string pProvisionFromOtherDomain = "provisionfromotherdomain";
|
||||
private const string pAssignedUserLocalAdmin = "assigneduserlocaladmin";
|
||||
private const string pSetAssignedUserForLogon = "setassigneduserforlogon";
|
||||
private const string pAllowUntrustedReimageJobEnrolment = "allowuntrustedreimagejobrnrolment";
|
||||
@@ -93,6 +94,9 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
case pProvisionADAccount:
|
||||
UpdateProvisionADAccount(deviceProfile, value);
|
||||
break;
|
||||
case pProvisionFromOtherDomain:
|
||||
UpdateProvisionFromOtherDomain(deviceProfile, value);
|
||||
break;
|
||||
case pAssignedUserLocalAdmin:
|
||||
UpdateAssignedUserLocalAdmin(deviceProfile, value);
|
||||
break;
|
||||
@@ -351,6 +355,13 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
return Update(id, pProvisionADAccount, ProvisionADAccount, redirect);
|
||||
}
|
||||
|
||||
[DiscoAuthorize(Claims.Config.DeviceProfile.Configure)]
|
||||
[HttpPost, ValidateAntiForgeryToken]
|
||||
public virtual ActionResult UpdateProvisionFromOtherDomain(int id, string ProvisionFromOtherDomain = null, bool? redirect = null)
|
||||
{
|
||||
return Update(id, pProvisionFromOtherDomain, ProvisionFromOtherDomain, redirect);
|
||||
}
|
||||
|
||||
[DiscoAuthorize(Claims.Config.DeviceProfile.Configure)]
|
||||
[HttpPost, ValidateAntiForgeryToken]
|
||||
public virtual ActionResult UpdateSetAssignedUserForLogon(int id, string setAssignedUserForLogon = null, bool? redirect = null)
|
||||
@@ -666,6 +677,18 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
throw new Exception("Invalid Boolean Value");
|
||||
}
|
||||
|
||||
private void UpdateProvisionFromOtherDomain(DeviceProfile deviceProfile, string provisionFromOtherDomain)
|
||||
{
|
||||
if (bool.TryParse(provisionFromOtherDomain, out var bValue))
|
||||
{
|
||||
deviceProfile.ProvisionFromOtherDomain = bValue;
|
||||
|
||||
Database.SaveChanges();
|
||||
return;
|
||||
}
|
||||
throw new Exception("Invalid Boolean Value");
|
||||
}
|
||||
|
||||
private void UpdateAssignedUserLocalAdmin(DeviceProfile deviceProfile, string assignedUserLocalAdmin)
|
||||
{
|
||||
if (bool.TryParse(assignedUserLocalAdmin, out var bValue))
|
||||
|
||||
@@ -229,6 +229,35 @@
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div style="margin-top: 8px;">
|
||||
@if (canConfig)
|
||||
{
|
||||
<input id="DeviceProfile_ProvisionFromOtherDomain" type="checkbox" @(Model.DeviceProfile.ProvisionFromOtherDomain ? new MvcHtmlString("checked=\"checked\" ") : new MvcHtmlString(string.Empty)) />
|
||||
<script type="text/javascript">
|
||||
$(function () {
|
||||
document.DiscoFunctions.PropertyChangeHelper(
|
||||
$('#DeviceProfile_ProvisionFromOtherDomain'),
|
||||
null,
|
||||
'@Url.Action(MVC.API.DeviceProfile.UpdateProvisionFromOtherDomain(Model.DeviceProfile.Id))',
|
||||
'ProvisionFromOtherDomain'
|
||||
);
|
||||
});
|
||||
</script>
|
||||
}
|
||||
else
|
||||
{
|
||||
<input id="DeviceProfile_ProvisionFromOtherDomain" type="checkbox" @(Model.DeviceProfile.ProvisionFromOtherDomain ? new MvcHtmlString("checked=\"checked\" ") : new MvcHtmlString(string.Empty)) disabled="disabled" />
|
||||
}
|
||||
<label for="DeviceProfile_ProvisionFromOtherDomain">
|
||||
Provision from another Domain
|
||||
</label>
|
||||
@AjaxHelpers.AjaxLoader()
|
||||
<div class="info-box">
|
||||
<p class="fa-p">
|
||||
<i class="fa fa-info-circle"></i>When enabled, devices joined to another domain will be enrolled. Based on other policies this may change the domain they are bound to (eg. Provision Active Directory Account)
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div style="margin-top: 8px;">
|
||||
@if (canConfig)
|
||||
{
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -151,6 +151,12 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
}
|
||||
[NonAction]
|
||||
[GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
|
||||
public virtual System.Web.Mvc.ActionResult UpdateProvisionFromOtherDomain()
|
||||
{
|
||||
return new T4MVC_System_Web_Mvc_ActionResult(Area, Name, ActionNames.UpdateProvisionFromOtherDomain);
|
||||
}
|
||||
[NonAction]
|
||||
[GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
|
||||
public virtual System.Web.Mvc.ActionResult UpdateSetAssignedUserForLogon()
|
||||
{
|
||||
return new T4MVC_System_Web_Mvc_ActionResult(Area, Name, ActionNames.UpdateSetAssignedUserForLogon);
|
||||
@@ -228,6 +234,7 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
public readonly string UpdateEnforceComputerNameConvention = "UpdateEnforceComputerNameConvention";
|
||||
public readonly string UpdateEnforceOrganisationalUnit = "UpdateEnforceOrganisationalUnit";
|
||||
public readonly string UpdateProvisionADAccount = "UpdateProvisionADAccount";
|
||||
public readonly string UpdateProvisionFromOtherDomain = "UpdateProvisionFromOtherDomain";
|
||||
public readonly string UpdateSetAssignedUserForLogon = "UpdateSetAssignedUserForLogon";
|
||||
public readonly string UpdateAssignedUserLocalAdmin = "UpdateAssignedUserLocalAdmin";
|
||||
public readonly string UpdateAllowUntrustedReimageJobEnrolment = "UpdateAllowUntrustedReimageJobEnrolment";
|
||||
@@ -256,6 +263,7 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
public const string UpdateEnforceComputerNameConvention = "UpdateEnforceComputerNameConvention";
|
||||
public const string UpdateEnforceOrganisationalUnit = "UpdateEnforceOrganisationalUnit";
|
||||
public const string UpdateProvisionADAccount = "UpdateProvisionADAccount";
|
||||
public const string UpdateProvisionFromOtherDomain = "UpdateProvisionFromOtherDomain";
|
||||
public const string UpdateSetAssignedUserForLogon = "UpdateSetAssignedUserForLogon";
|
||||
public const string UpdateAssignedUserLocalAdmin = "UpdateAssignedUserLocalAdmin";
|
||||
public const string UpdateAllowUntrustedReimageJobEnrolment = "UpdateAllowUntrustedReimageJobEnrolment";
|
||||
@@ -419,6 +427,16 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
public readonly string ProvisionADAccount = "ProvisionADAccount";
|
||||
public readonly string redirect = "redirect";
|
||||
}
|
||||
static readonly ActionParamsClass_UpdateProvisionFromOtherDomain s_params_UpdateProvisionFromOtherDomain = new ActionParamsClass_UpdateProvisionFromOtherDomain();
|
||||
[GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
|
||||
public ActionParamsClass_UpdateProvisionFromOtherDomain UpdateProvisionFromOtherDomainParams { get { return s_params_UpdateProvisionFromOtherDomain; } }
|
||||
[GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
|
||||
public class ActionParamsClass_UpdateProvisionFromOtherDomain
|
||||
{
|
||||
public readonly string id = "id";
|
||||
public readonly string ProvisionFromOtherDomain = "ProvisionFromOtherDomain";
|
||||
public readonly string redirect = "redirect";
|
||||
}
|
||||
static readonly ActionParamsClass_UpdateSetAssignedUserForLogon s_params_UpdateSetAssignedUserForLogon = new ActionParamsClass_UpdateSetAssignedUserForLogon();
|
||||
[GeneratedCode("T4MVC", "2.0"), DebuggerNonUserCode]
|
||||
public ActionParamsClass_UpdateSetAssignedUserForLogon UpdateSetAssignedUserForLogonParams { get { return s_params_UpdateSetAssignedUserForLogon; } }
|
||||
@@ -727,6 +745,20 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
return callInfo;
|
||||
}
|
||||
|
||||
[NonAction]
|
||||
partial void UpdateProvisionFromOtherDomainOverride(T4MVC_System_Web_Mvc_ActionResult callInfo, int id, string ProvisionFromOtherDomain, bool? redirect);
|
||||
|
||||
[NonAction]
|
||||
public override System.Web.Mvc.ActionResult UpdateProvisionFromOtherDomain(int id, string ProvisionFromOtherDomain, bool? redirect)
|
||||
{
|
||||
var callInfo = new T4MVC_System_Web_Mvc_ActionResult(Area, Name, ActionNames.UpdateProvisionFromOtherDomain);
|
||||
ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "id", id);
|
||||
ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "ProvisionFromOtherDomain", ProvisionFromOtherDomain);
|
||||
ModelUnbinderHelpers.AddRouteValues(callInfo.RouteValueDictionary, "redirect", redirect);
|
||||
UpdateProvisionFromOtherDomainOverride(callInfo, id, ProvisionFromOtherDomain, redirect);
|
||||
return callInfo;
|
||||
}
|
||||
|
||||
[NonAction]
|
||||
partial void UpdateSetAssignedUserForLogonOverride(T4MVC_System_Web_Mvc_ActionResult callInfo, int id, string setAssignedUserForLogon, bool? redirect);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user