IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Enable service authentication indicator management

Browse Source 
https://fedorahosted.org/freeipa/ticket/433

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Nathaniel McCallum 2016-05-04 17:08:45 -04:00 committed by Petr Vobornik
parent 5f7433839f
commit 4ded2ffc16
3 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
API.txt
View File

@ -3901,7 +3901,7 @@ output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value') output: PrimaryKey('value')
command: service_add command: service_add
args: 1,11,3 args: 1,12,3
arg: Str('krbprincipalname', cli_name='principal') arg: Str('krbprincipalname', cli_name='principal')
option: Str('addattr*', cli_name='addattr') option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('all', autofill=True, cli_name='all', default=False)
@ -3909,6 +3909,7 @@ option: Flag('force', autofill=True, default=False)
option: StrEnum('ipakrbauthzdata*', cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE']) option: StrEnum('ipakrbauthzdata*', cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE'])
option: Bool('ipakrbokasdelegate?', cli_name='ok_as_delegate') option: Bool('ipakrbokasdelegate?', cli_name='ok_as_delegate')
option: Bool('ipakrbrequirespreauth?', cli_name='requires_pre_auth') option: Bool('ipakrbrequirespreauth?', cli_name='requires_pre_auth')
option: Str('krbprincipalauthind*', cli_name='auth_ind')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('setattr*', cli_name='setattr') option: Str('setattr*', cli_name='setattr')
@ -4011,10 +4012,11 @@ output: Output('completed', type=[<type 'int'>])
output: Output('failed', type=[<type 'dict'>]) output: Output('failed', type=[<type 'dict'>])
output: Entry('result') output: Entry('result')
command: service_find command: service_find
args: 1,11,4 args: 1,12,4
arg: Str('criteria?') arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('all', autofill=True, cli_name='all', default=False)
option: StrEnum('ipakrbauthzdata*', autofill=False, cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE']) option: StrEnum('ipakrbauthzdata*', autofill=False, cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE'])
option: Str('krbprincipalauthind*', autofill=False, cli_name='auth_ind')
option: Str('krbprincipalname?', autofill=False, cli_name='principal') option: Str('krbprincipalname?', autofill=False, cli_name='principal')
option: Str('man_by_host*', cli_name='man_by_hosts') option: Str('man_by_host*', cli_name='man_by_hosts')
option: Flag('no_members', autofill=True, default=True) option: Flag('no_members', autofill=True, default=True)
@ -4029,7 +4031,7 @@ output: ListOfEntries('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: Output('truncated', type=[<type 'bool'>]) output: Output('truncated', type=[<type 'bool'>])
command: service_mod command: service_mod
args: 1,12,3 args: 1,13,3
arg: Str('krbprincipalname', cli_name='principal') arg: Str('krbprincipalname', cli_name='principal')
option: Str('addattr*', cli_name='addattr') option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('all', autofill=True, cli_name='all', default=False)
@ -4037,6 +4039,7 @@ option: Str('delattr*', cli_name='delattr')
option: StrEnum('ipakrbauthzdata*', autofill=False, cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE']) option: StrEnum('ipakrbauthzdata*', autofill=False, cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE'])
option: Bool('ipakrbokasdelegate?', autofill=False, cli_name='ok_as_delegate') option: Bool('ipakrbokasdelegate?', autofill=False, cli_name='ok_as_delegate')
option: Bool('ipakrbrequirespreauth?', autofill=False, cli_name='requires_pre_auth') option: Bool('ipakrbrequirespreauth?', autofill=False, cli_name='requires_pre_auth')
option: Str('krbprincipalauthind*', autofill=False, cli_name='auth_ind')
option: Flag('no_members', autofill=True, default=False) option: Flag('no_members', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Flag('rights', autofill=True, default=False) option: Flag('rights', autofill=True, default=False)

4
VERSION
View File

@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# # # #
######################################################## ########################################################
IPA_API_VERSION_MAJOR=2 IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=170 IPA_API_VERSION_MINOR=171
# Last change: mbasti - *-find: do not search for members by default # Last change: npmccallum - enable setting authinds on services

10
ipalib/plugins/service.py
View File

@ -411,7 +411,7 @@ class service(LDAPObject):
permission_filter_objectclasses = ['ipaservice'] permission_filter_objectclasses = ['ipaservice']
search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata'] search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata']
default_attributes = ['krbprincipalname', 'usercertificate', 'managedby', default_attributes = ['krbprincipalname', 'usercertificate', 'managedby',
'ipakrbauthzdata', 'memberof', 'ipaallowedtoperform'] 'ipakrbauthzdata', 'memberof', 'ipaallowedtoperform', 'krbprincipalauthind']
uuid_attribute = 'ipauniqueid' uuid_attribute = 'ipauniqueid'
attribute_members = { attribute_members = {
'managedby': ['host'], 'managedby': ['host'],
@ -505,6 +505,14 @@ class service(LDAPObject):
" e.g. this might be necessary for NFS services."), " e.g. this might be necessary for NFS services."),
values=(u'MS-PAC', u'PAD', u'NONE'), values=(u'MS-PAC', u'PAD', u'NONE'),
), ),
Str('krbprincipalauthind*',
cli_name='auth_ind',
label=_('Authentication Indicators'),
doc=_("Defines a whitelist for Authentication Indicators."
" Use 'otp' to allow OTP-based 2FA authentications."
" Use 'radius' to allow RADIUS-based 2FA authentications."
" Other values may be used for custom configurations."),
),
) + ticket_flags_params ) + ticket_flags_params
def validate_ipakrbauthzdata(self, entry): def validate_ipakrbauthzdata(self, entry):