service: add flag to allow S4U2Self

Prerequisite for: https://fedorahosted.org/freeipa/ticket/5764

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
Alexander Bokovoy 2016-08-11 11:52:05 +03:00 committed by Jan Cholasta
parent 4ee426a68e
commit 1c73ac91a4
3 changed files with 17 additions and 6 deletions

12
API.txt
View File

@ -2260,7 +2260,7 @@ output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: Output('value', type=[<type 'bool'>])
output: Output('warning', type=[<type 'list'>, <type 'tuple'>, <type 'NoneType'>])
command: host_add/1
args: 1,24,3
args: 1,25,3
arg: Str('fqdn', cli_name='hostname')
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
@ -2269,6 +2269,7 @@ option: Flag('force', autofill=True, default=False)
option: Str('ip_address?')
option: Str('ipaassignedidview?')
option: Bool('ipakrbokasdelegate?', cli_name='ok_as_delegate')
option: Bool('ipakrboktoauthasdelegate?', cli_name='ok_to_auth_as_delegate')
option: Bool('ipakrbrequirespreauth?', cli_name='requires_pre_auth')
option: Str('ipasshpubkey*', cli_name='sshpubkey')
option: Str('krbprincipalauthind*', cli_name='auth_ind')
@ -2437,7 +2438,7 @@ output: ListOfEntries('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: Output('truncated', type=[<type 'bool'>])
command: host_mod/1
args: 1,25,3
args: 1,26,3
arg: Str('fqdn', cli_name='hostname')
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
@ -2445,6 +2446,7 @@ option: Str('delattr*', cli_name='delattr')
option: Str('description?', autofill=False, cli_name='desc')
option: Str('ipaassignedidview?', autofill=False)
option: Bool('ipakrbokasdelegate?', autofill=False, cli_name='ok_as_delegate')
option: Bool('ipakrboktoauthasdelegate?', autofill=False, cli_name='ok_to_auth_as_delegate')
option: Bool('ipakrbrequirespreauth?', autofill=False, cli_name='requires_pre_auth')
option: Str('ipasshpubkey*', autofill=False, cli_name='sshpubkey')
option: Str('krbprincipalauthind*', autofill=False, cli_name='auth_ind')
@ -4293,13 +4295,14 @@ output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: service_add/1
args: 1,12,3
args: 1,13,3
arg: Principal('krbcanonicalname', cli_name='canonical_principal')
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Flag('force', autofill=True, default=False)
option: StrEnum('ipakrbauthzdata*', cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE'])
option: Bool('ipakrbokasdelegate?', cli_name='ok_as_delegate')
option: Bool('ipakrboktoauthasdelegate?', cli_name='ok_to_auth_as_delegate')
option: Bool('ipakrbrequirespreauth?', cli_name='requires_pre_auth')
option: Str('krbprincipalauthind*', cli_name='auth_ind')
option: Flag('no_members', autofill=True, default=False)
@ -4435,13 +4438,14 @@ output: ListOfEntries('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: Output('truncated', type=[<type 'bool'>])
command: service_mod/1
args: 1,14,3
args: 1,15,3
arg: Principal('krbcanonicalname', cli_name='canonical_principal')
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('delattr*', cli_name='delattr')
option: StrEnum('ipakrbauthzdata*', autofill=False, cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE'])
option: Bool('ipakrbokasdelegate?', autofill=False, cli_name='ok_as_delegate')
option: Bool('ipakrboktoauthasdelegate?', autofill=False, cli_name='ok_to_auth_as_delegate')
option: Bool('ipakrbrequirespreauth?', autofill=False, cli_name='requires_pre_auth')
option: Str('krbprincipalauthind*', autofill=False, cli_name='auth_ind')
option: Principal('krbprincipalname*', autofill=False, cli_name='principal')

View File

@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=211
# Last change: mbabinsk: allow 'value' output param in commands without primary key
IPA_API_VERSION_MINOR=212
# Last change: ab: service: add flag to allow S4U2Self

View File

@ -171,11 +171,18 @@ ticket_flags_params = (
doc=_('Client credentials may be delegated to the service'),
flags=['virtual_attribute', 'no_search'],
),
Bool('ipakrboktoauthasdelegate?',
cli_name='ok_to_auth_as_delegate',
label=_('Trusted to authenticate as user'),
doc=_('The service is allowed to authenticate on behalf of a client'),
flags=['virtual_attribute', 'no_search'],
),
)
_ticket_flags_map = {
'ipakrbrequirespreauth': 0x00000080,
'ipakrbokasdelegate': 0x00100000,
'ipakrboktoauthasdelegate': 0x00200000,
}
_ticket_flags_default = _ticket_flags_map['ipakrbrequirespreauth']