mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
service: add flag to allow S4U2Self
Prerequisite for: https://fedorahosted.org/freeipa/ticket/5764 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
parent
4ee426a68e
commit
1c73ac91a4
12
API.txt
12
API.txt
@ -2260,7 +2260,7 @@ output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
|
||||
output: Output('value', type=[<type 'bool'>])
|
||||
output: Output('warning', type=[<type 'list'>, <type 'tuple'>, <type 'NoneType'>])
|
||||
command: host_add/1
|
||||
args: 1,24,3
|
||||
args: 1,25,3
|
||||
arg: Str('fqdn', cli_name='hostname')
|
||||
option: Str('addattr*', cli_name='addattr')
|
||||
option: Flag('all', autofill=True, cli_name='all', default=False)
|
||||
@ -2269,6 +2269,7 @@ option: Flag('force', autofill=True, default=False)
|
||||
option: Str('ip_address?')
|
||||
option: Str('ipaassignedidview?')
|
||||
option: Bool('ipakrbokasdelegate?', cli_name='ok_as_delegate')
|
||||
option: Bool('ipakrboktoauthasdelegate?', cli_name='ok_to_auth_as_delegate')
|
||||
option: Bool('ipakrbrequirespreauth?', cli_name='requires_pre_auth')
|
||||
option: Str('ipasshpubkey*', cli_name='sshpubkey')
|
||||
option: Str('krbprincipalauthind*', cli_name='auth_ind')
|
||||
@ -2437,7 +2438,7 @@ output: ListOfEntries('result')
|
||||
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
|
||||
output: Output('truncated', type=[<type 'bool'>])
|
||||
command: host_mod/1
|
||||
args: 1,25,3
|
||||
args: 1,26,3
|
||||
arg: Str('fqdn', cli_name='hostname')
|
||||
option: Str('addattr*', cli_name='addattr')
|
||||
option: Flag('all', autofill=True, cli_name='all', default=False)
|
||||
@ -2445,6 +2446,7 @@ option: Str('delattr*', cli_name='delattr')
|
||||
option: Str('description?', autofill=False, cli_name='desc')
|
||||
option: Str('ipaassignedidview?', autofill=False)
|
||||
option: Bool('ipakrbokasdelegate?', autofill=False, cli_name='ok_as_delegate')
|
||||
option: Bool('ipakrboktoauthasdelegate?', autofill=False, cli_name='ok_to_auth_as_delegate')
|
||||
option: Bool('ipakrbrequirespreauth?', autofill=False, cli_name='requires_pre_auth')
|
||||
option: Str('ipasshpubkey*', autofill=False, cli_name='sshpubkey')
|
||||
option: Str('krbprincipalauthind*', autofill=False, cli_name='auth_ind')
|
||||
@ -4293,13 +4295,14 @@ output: Entry('result')
|
||||
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
|
||||
output: PrimaryKey('value')
|
||||
command: service_add/1
|
||||
args: 1,12,3
|
||||
args: 1,13,3
|
||||
arg: Principal('krbcanonicalname', cli_name='canonical_principal')
|
||||
option: Str('addattr*', cli_name='addattr')
|
||||
option: Flag('all', autofill=True, cli_name='all', default=False)
|
||||
option: Flag('force', autofill=True, default=False)
|
||||
option: StrEnum('ipakrbauthzdata*', cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE'])
|
||||
option: Bool('ipakrbokasdelegate?', cli_name='ok_as_delegate')
|
||||
option: Bool('ipakrboktoauthasdelegate?', cli_name='ok_to_auth_as_delegate')
|
||||
option: Bool('ipakrbrequirespreauth?', cli_name='requires_pre_auth')
|
||||
option: Str('krbprincipalauthind*', cli_name='auth_ind')
|
||||
option: Flag('no_members', autofill=True, default=False)
|
||||
@ -4435,13 +4438,14 @@ output: ListOfEntries('result')
|
||||
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
|
||||
output: Output('truncated', type=[<type 'bool'>])
|
||||
command: service_mod/1
|
||||
args: 1,14,3
|
||||
args: 1,15,3
|
||||
arg: Principal('krbcanonicalname', cli_name='canonical_principal')
|
||||
option: Str('addattr*', cli_name='addattr')
|
||||
option: Flag('all', autofill=True, cli_name='all', default=False)
|
||||
option: Str('delattr*', cli_name='delattr')
|
||||
option: StrEnum('ipakrbauthzdata*', autofill=False, cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE'])
|
||||
option: Bool('ipakrbokasdelegate?', autofill=False, cli_name='ok_as_delegate')
|
||||
option: Bool('ipakrboktoauthasdelegate?', autofill=False, cli_name='ok_to_auth_as_delegate')
|
||||
option: Bool('ipakrbrequirespreauth?', autofill=False, cli_name='requires_pre_auth')
|
||||
option: Str('krbprincipalauthind*', autofill=False, cli_name='auth_ind')
|
||||
option: Principal('krbprincipalname*', autofill=False, cli_name='principal')
|
||||
|
4
VERSION
4
VERSION
@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
|
||||
# #
|
||||
########################################################
|
||||
IPA_API_VERSION_MAJOR=2
|
||||
IPA_API_VERSION_MINOR=211
|
||||
# Last change: mbabinsk: allow 'value' output param in commands without primary key
|
||||
IPA_API_VERSION_MINOR=212
|
||||
# Last change: ab: service: add flag to allow S4U2Self
|
||||
|
@ -171,11 +171,18 @@ ticket_flags_params = (
|
||||
doc=_('Client credentials may be delegated to the service'),
|
||||
flags=['virtual_attribute', 'no_search'],
|
||||
),
|
||||
Bool('ipakrboktoauthasdelegate?',
|
||||
cli_name='ok_to_auth_as_delegate',
|
||||
label=_('Trusted to authenticate as user'),
|
||||
doc=_('The service is allowed to authenticate on behalf of a client'),
|
||||
flags=['virtual_attribute', 'no_search'],
|
||||
),
|
||||
)
|
||||
|
||||
_ticket_flags_map = {
|
||||
'ipakrbrequirespreauth': 0x00000080,
|
||||
'ipakrbokasdelegate': 0x00100000,
|
||||
'ipakrboktoauthasdelegate': 0x00200000,
|
||||
}
|
||||
|
||||
_ticket_flags_default = _ticket_flags_map['ipakrbrequirespreauth']
|
||||
|
Loading…
Reference in New Issue
Block a user