IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-25 23:56:30 -06:00
Code Issues Packages Projects Releases Wiki Activity

Purge obsolete firefox extension

Browse Source 
Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Timo Aaltonen 2016-03-29 21:33:15 +03:00 committed by Martin Basti
parent 91b51e702f
commit 6c53765ac1
20 changed files with 2 additions and 502 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
freeipa.spec.in
View File

@ -165,7 +165,6 @@ Requires: pki-ca >= 10.3.5-6
Requires: pki-kra >= 10.3.5-6
Requires(preun): python systemd-units
Requires(postun): python systemd-units
Requires: zip
Requires: policycoreutils >= 2.1.12-5
Requires: tar
Requires(pre): certmonger >= 0.78
@ -1166,17 +1165,6 @@ fi
%{_usr}/share/ipa/advise/legacy/*.template
%dir %{_usr}/share/ipa/profiles
%{_usr}/share/ipa/profiles/*.cfg
%dir %{_usr}/share/ipa/ffextension
%{_usr}/share/ipa/ffextension/bootstrap.js
%{_usr}/share/ipa/ffextension/install.rdf
%{_usr}/share/ipa/ffextension/chrome.manifest
%dir %{_usr}/share/ipa/ffextension/chrome
%dir %{_usr}/share/ipa/ffextension/chrome/content
%{_usr}/share/ipa/ffextension/chrome/content/kerberosauth.js
%{_usr}/share/ipa/ffextension/chrome/content/kerberosauth_overlay.xul
%dir %{_usr}/share/ipa/ffextension/locale
%dir %{_usr}/share/ipa/ffextension/locale/en-US
%{_usr}/share/ipa/ffextension/locale/en-US/kerberosauth.properties
%dir %{_usr}/share/ipa/html
%{_usr}/share/ipa/html/ffconfig.js
%{_usr}/share/ipa/html/ffconfig_page.js

1
install/Makefile.am
View File

@ -7,7 +7,6 @@ NULL =
SUBDIRS = \
certmonger \
conf \
ffextension \
html \
migration \
share \

5
install/configure.ac
View File

@ -77,11 +77,6 @@ AC_CONFIG_FILES([
Makefile
certmonger/Makefile
conf/Makefile
ffextension/Makefile
ffextension/chrome/Makefile
ffextension/chrome/content/Makefile
ffextension/locale/Makefile
ffextension/locale/en-US/Makefile
html/Makefile
migration/Makefile
share/Makefile

23
install/ffextension/Makefile.am
View File

@ -1,23 +0,0 @@
AUTOMAKE_OPTIONS = 1.7
NULL =
SUBDIRS = \
chrome \
locale \
$(NULL)
appdir = $(IPA_DATA_DIR)/ffextension
app_DATA = \
bootstrap.js \
chrome.manifest \
install.rdf \
$(NULL)
EXTRA_DIST = \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

88
install/ffextension/bootstrap.js vendored
View File

@ -1,88 +0,0 @@
// Heavily inspired by Dave Townsend's post:
// Playing with windows in restartless (bootstrapped) extensions
// http://www.oxymoronical.com/blog/2011/01/Playing-with-windows-in-restartless-bootstrapped-extensions
const Cc = Components.classes;
const Ci = Components.interfaces;
const Cu = Components.utils;
var WindowListener = {
setupBrowserUI: function(domWindow) {
var doc = domWindow.document;
domWindow.kerberosauth_listener = kerberosauth_listener(domWindow);
doc.addEventListener('kerberos-auth-config', domWindow.kerberosauth_listener, false, true);
},
tearDownBrowserUI: function(domWindow) {
var doc = domWindow.document;
doc.removeEventListener('kerberos-auth-config', domWindow.kerberosauth_listener);
delete domWindow.kerberosauth_listener;
},
// nsIWindowMediatorListener functions
onOpenWindow: function(xulWindow) {
// A new window has opened
var domWindow = xulWindow.QueryInterface(Ci.nsIInterfaceRequestor).
getInterface(Ci.nsIDOMWindowInternal);
// Wait for it to finish loading
domWindow.addEventListener("load", function listener() {
domWindow.removeEventListener("load", listener, false);
// If this is a browser window then setup its UI
if (domWindow.document.documentElement.getAttribute("windowtype") === "navigator:browser") {
WindowListener.setupBrowserUI(domWindow);
}
}, false);
},
onCloseWindow: function(xulWindow) {
},
onWindowTitleChange: function(xulWindow, newTitle) {
}
};
function startup(data, reason) {
var wm = Cc["@mozilla.org/appshell/window-mediator;1"].getService(Ci.nsIWindowMediator);
Cu['import']("chrome://kerberosauth/content/kerberosauth.js");
// Get the list of browser windows already open
var windows = wm.getEnumerator("navigator:browser");
while (windows.hasMoreElements()) {
var domWindow = windows.getNext().QueryInterface(Ci.nsIDOMWindow);
WindowListener.setupBrowserUI(domWindow);
}
// Wait for any new browser windows to open
wm.addListener(WindowListener);
}
function shutdown(data, reason) {
// When the application is shutting down we normally don't have to clean
// up any UI changes made
if (reason == APP_SHUTDOWN)
return;
var wm = Cc["@mozilla.org/appshell/window-mediator;1"].
getService(Ci.nsIWindowMediator);
// Get the list of browser windows already open
var windows = wm.getEnumerator("navigator:browser");
while (windows.hasMoreElements()) {
var domWindow = windows.getNext().QueryInterface(Ci.nsIDOMWindow);
WindowListener.tearDownBrowserUI(domWindow);
}
// Stop listening for any new browser windows to open
wm.removeListener(WindowListener);
Cu.unload("chrome://kerberosauth/content/kerberosauth.js");
}
function install() {}
function uninstall() {}

4
install/ffextension/chrome.manifest
View File

@ -1,4 +0,0 @@
content kerberosauth chrome/content/
resource kerberosauth chrome/content/
overlay chrome://browser/content/browser.xul resource://kerberosauth/kerberosauth_overlay.xul
locale kerberosauth en-US locale/en-US/

19
install/ffextension/chrome/Makefile.am
View File

@ -1,19 +0,0 @@
AUTOMAKE_OPTIONS = 1.7
NULL =
SUBDIRS = \
content \
$(NULL)
appdir = $(IPA_DATA_DIR)/ffextension/chrome
app_DATA = \
$(NULL)
EXTRA_DIST = \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

17
install/ffextension/chrome/content/Makefile.am
View File

@ -1,17 +0,0 @@
AUTOMAKE_OPTIONS = 1.7
NULL =
appdir = $(IPA_DATA_DIR)/ffextension/chrome/content
app_DATA = \
kerberosauth_overlay.xul \
kerberosauth.js \
$(NULL)
EXTRA_DIST = \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

197
install/ffextension/chrome/content/kerberosauth.js
View File

@ -1,197 +0,0 @@
/* Authors:
* Petr Vobornik <pvoborni@redhat.com>
*
* Copyright (C) 2012 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
var EXPORTED_SYMBOLS = ["kerberosauth", "kerberosauth_listener"];
var Cc = Components.classes;
var Ci = Components.interfaces;
var kerberosauth = {
// Dictionary of configuration options this extension can configure.
// An alias (key) is set for each options. Using a set of aliases limits
// configuration pages from supplying potential malicious options.
config_options: {
referer: ['network.http.sendRefererHeader', 'int'],
native_gss_lib: ['network.negotiate-auth.using-native-gsslib', 'bool'],
trusted_uris: ['network.negotiate-auth.trusted-uris', 'str'],
allow_proxies: ['network.negotiate-auth.allow-proxies', 'bool']
},
// Some preconfigurations to make things easier. Can be good if UI is added
// (mostly for future usage).
predefined_configurations: {
ipa: {
referer: '2',
native_gss_lib: 'true',
trusted_uris: '',
allow_proxies: 'true',
append: ['trusted_uris']
}
},
page_listener: function(event, dom_window) {
var self = this;
var conf = {
event: event,
window: dom_window || window,
element: event.target
};
if (!conf.element.hasAttribute('method')) return;
var method = conf.element.getAttribute('method');
if (method === 'configure') self.configure(conf);
if (method === 'can_configure') self.send_response(conf.element, { answer: 'true' });
},
send_response: function(element, options) {
options = options || {};
var doc = element.ownerDocument;
for (var opt in options) {
element.setAttribute(opt, options[opt]);
}
var answer_event = doc.createEvent("HTMLEvents");
answer_event.initEvent("kerberos-auth-answer", true, false);
element.dispatchEvent(answer_event);
},
notify_installed: function(window) {
var doc = window.document;
var event = doc.createEvent("HTMLEvents");
event.initEvent("kerberos-auth-installed", true, false);
doc.dispatchEvent(event);
},
configure: function(conf) {
var self = this;
var options = {}; // options to be configured
var opt;
// use predefined configuration if supplied
if (conf.element.hasAttribute('predefined')) {
var predefined = conf.element.getAttribute('predefined');
var pconfig = self.predefined_configurations[predefined];
if (pconfig) {
for (opt in pconfig) {
options[opt] = pconfig[opt];
}
}
}
// overwrite predefined with supplied and only supported options
for (var i=0; i < conf.element.attributes.length; i++) {
var attr = conf.element.attributes[i].name;
if (attr in self.config_options) {
options[attr] = conf.element.getAttribute(attr);
}
}
if (self.prompt(conf, options)) {
self.configure_core(conf, options);
self.send_response(conf.element, { answer: 'configured' });
} else {
self.send_response(conf.element, { answer: 'aborted' });
}
},
configure_core: function(conf, options) {
var self = this;
var prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
var append_opts = options.append || [];
for (var opt in options) {
if (!self.config_options[opt]) continue;
var name = self.config_options[opt][0];
var type = self.config_options[opt][1];
var value = options[opt];
if (type === 'str') {
if (value && append_opts.indexOf(opt) > -1) {
var current = prefs.getCharPref(name) || '';
if (this.str_contains(current, value)) {
continue;
} else if (current) {
value = current + ', ' + value;
}
}
prefs.setCharPref(name, value);
} else if (type ==='int') {
prefs.setIntPref(name, Number(value));
} else if (type === 'bool') {
prefs.setBoolPref(name, value === 'true');
}
}
},
str_contains: function(str, value) {
if (!str) return false;
var vals = str.split(',');
for (var i=0, l=vals.length; i<l; i++) {
if (vals[i].trim() === value) return true;
}
return false;
},
prompt: function(conf, options) {
var strs = Cc["@mozilla.org/intl/stringbundle;1"].
getService(Ci.nsIStringBundleService).
createBundle("chrome://kerberosauth/locale/kerberosauth.properties");
var prompts = Cc["@mozilla.org/embedcomp/prompt-service;1"].
getService(Ci.nsIPromptService);
var title = strs.GetStringFromName('prompt_title');
var text = strs.GetStringFromName('prompt_topic');
if (options.trusted_uris) {
text += strs.GetStringFromName('prompt_domain').replace('${domain}', options.trusted_uris);
}
text += strs.GetStringFromName('prompt_question');
var flags = prompts.STD_YES_NO_BUTTONS;
var confirmed = prompts.confirmEx(conf.window, title, text, flags, "","","",
null,{value: false}) === 0;
return confirmed;
}
};
var kerberosauth_listener = function(window) {
return function(event) {
kerberosauth.page_listener(event, window);
};
};

9
install/ffextension/chrome/content/kerberosauth_overlay.xul
View File

@ -1,9 +0,0 @@
<?xml version="1.0"?>
<overlay id="kerberosauthOverlay" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<script type="application/x-javascript">
Components.utils['import']("resource://kerberosauth/kerberosauth.js");
window.addEventListener('kerberos-auth-config', kerberosauth_listener(window), false, true);
</script>
</overlay>

26
install/ffextension/install.rdf
View File

@ -1,26 +0,0 @@
<?xml version="1.0"?>
<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:em="http://www.mozilla.org/2004/em-rdf#">
<Description about="urn:mozilla:install-manifest">
<em:id>kerberosauth@redhat.com</em:id>
<em:name>Kerberos Configuration</em:name>
<em:version>0.1</em:version>
<em:description>Configures browser to use negotiate authentication</em:description>
<em:type>2</em:type>
<em:creator>Red Hat, Inc.</em:creator>
<em:developer>Petr Vobornik</em:developer>
<em:homepageURL>http://www.redhat.com/</em:homepageURL>
<em:bootstrap>true</em:bootstrap>
<!-- Firefox -->
<em:targetApplication>
<Description>
<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
<em:minVersion>10.0</em:minVersion>
<em:maxVersion>15.0.*</em:maxVersion>
</Description>
</em:targetApplication>
</Description>
</RDF>

19
install/ffextension/locale/Makefile.am
View File

@ -1,19 +0,0 @@
AUTOMAKE_OPTIONS = 1.7
NULL =
SUBDIRS = \
en-US \
$(NULL)
appdir = $(IPA_DATA_DIR)/ffextension/locale
app_DATA = \
$(NULL)
EXTRA_DIST = \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

16
install/ffextension/locale/en-US/Makefile.am
View File

@ -1,16 +0,0 @@
AUTOMAKE_OPTIONS = 1.7
NULL =
appdir = $(IPA_DATA_DIR)/ffextension/locale/en-US
app_DATA = \
kerberosauth.properties \
$(NULL)
EXTRA_DIST = \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

4
install/ffextension/locale/en-US/kerberosauth.properties
View File

@ -1,4 +0,0 @@
prompt_title=Kerberos configuration confirmation
prompt_topic=The page you are visiting is trying to configure Firefox for Kerberos authentication.
prompt_domain=\n\nDomain: ${domain}
prompt_question=\n\nDo you want to configure the browser?

1
install/share/Makefile.am
View File

@ -51,7 +51,6 @@ app_DATA = \
krb5.conf.template \
krb5.ini.template \
krb.con.template \
krb.js.template \
krbrealm.con.template \
smb.conf.template \
smb.conf.empty \

2
install/share/krb.js.template
View File

@ -1,2 +0,0 @@
var IPA_REALM = "$REALM";
var IPA_DOMAIN = "$DOMAIN";

4
ipaplatform/base/paths.py
View File

@ -184,7 +184,6 @@ class BasePathNamespace(object):
BIN_TIMEOUT = "/usr/bin/timeout"
UPDATE_CA_TRUST = "/usr/bin/update-ca-trust"
BIN_CURL = "/usr/bin/curl"
ZIP = "/usr/bin/zip"
BIND_LDAP_SO = "/usr/lib/bind/ldap.so"
BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"
BIND_LDAP_DNS_ZONE_WORKDIR = "/var/named/dyndb-ldap/ipa/master/"
@ -231,12 +230,9 @@ class BasePathNamespace(object):
USERADD = "/usr/sbin/useradd"
USR_SHARE_IPA_DIR = "/usr/share/ipa/"
CA_TOPOLOGY_ULDIF = "/usr/share/ipa/ca-topology.uldif"
FFEXTENSION = "/usr/share/ipa/ffextension"
IPA_HTML_DIR = "/usr/share/ipa/html"
CA_CRT = "/usr/share/ipa/html/ca.crt"
KERBEROSAUTH_XPI = "/usr/share/ipa/html/kerberosauth.xpi"
KRB_CON = "/usr/share/ipa/html/krb.con"
KRB_JS = "/usr/share/ipa/html/krb.js"
HTML_KRB5_INI = "/usr/share/ipa/html/krb5.ini"
HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con"
NIS_ULDIF = "/usr/share/ipa/nis.uldif"

42
ipaserver/install/httpinstance.py
View File

@ -21,9 +21,7 @@ from __future__ import print_function
import os
import os.path
import tempfile
import pwd
import shutil
import re
import dbus
import shlex
@ -130,7 +128,7 @@ class HTTPInstance(service.Service):
subject_base = ipautil.dn_attribute_property('_subject_base')
def create_instance(self, realm, fqdn, domain_name, dm_password=None,
autoconfig=True, pkcs12_info=None,
pkcs12_info=None,
subject_base=None, auto_redirect=True, ca_file=None,
ca_is_configured=None, promote=False):
self.fqdn = fqdn
@ -173,8 +171,6 @@ class HTTPInstance(service.Service):
self.step("setting up httpd keytab", self.__create_http_keytab)
self.step("setting up ssl", self.__setup_ssl)
self.step("importing CA certificates from LDAP", self.__import_ca_certs)
if autoconfig:
self.step("setting up browser autoconfig", self.__setup_autoconfig)
if not self.promote:
self.step("publish CA cert", self.__publish_ca_cert)
self.step("clean up any existing httpd ccache", self.remove_httpd_ccache)
@ -374,42 +370,6 @@ class HTTPInstance(service.Service):
db = certs.CertDB(self.realm, subject_base=self.subject_base)
self.import_ca_certs(db, self.ca_is_configured)
def __setup_autoconfig(self):
self.setup_firefox_extension(self.realm, self.domain)
def setup_firefox_extension(self, realm, domain):
"""Set up the signed browser configuration extension
"""
target_fname = paths.KRB_JS
sub_dict = dict(REALM=realm, DOMAIN=domain)
db = certs.CertDB(realm)
with open(db.passwd_fname) as pwdfile:
pwd = pwdfile.read()
ipautil.copy_template_file(ipautil.SHARE_DIR + "krb.js.template",
target_fname, sub_dict)
os.chmod(target_fname, 0o644)
# Setup extension
tmpdir = tempfile.mkdtemp(prefix="tmp-")
extdir = tmpdir + "/ext"
target_fname = paths.KERBEROSAUTH_XPI
shutil.copytree(paths.FFEXTENSION, extdir)
if db.has_nickname('Signing-Cert'):
db.run_signtool(["-k", "Signing-Cert",
"-p", pwd,
"-X", "-Z", target_fname,
extdir])
else:
root_logger.warning('Object-signing certificate was not found. '
'Creating unsigned Firefox configuration extension.')
filenames = os.listdir(extdir)
ipautil.run([paths.ZIP, '-r', target_fname] + filenames,
cwd=extdir)
shutil.rmtree(tmpdir)
os.chmod(target_fname, 0o644)
def __publish_ca_cert(self):
ca_db = certs.CertDB(self.realm)
ca_db.publish_ca_cert(paths.CA_CRT)

4
ipaserver/install/server/replicainstall.py
View File

@ -186,12 +186,10 @@ def install_http(config, auto_redirect, ca_is_configured, promote=False,
http = httpinstance.HTTPInstance()
http.create_instance(
config.realm_name, config.host_name, config.domain_name,
config.dirman_password, False, pkcs12_info,
config.dirman_password, pkcs12_info,
auto_redirect=auto_redirect, ca_file=ca_file,
ca_is_configured=ca_is_configured, promote=promote)
http.setup_firefox_extension(config.realm_name, config.domain_name)
return http

11
ipaserver/install/server/upgrade.py
View File

@ -266,16 +266,6 @@ def cleanup_adtrust(fstore):
root_logger.debug('Removing %s from backup', backed_up_file)
def setup_firefox_extension(fstore):
"""Set up the Firefox configuration extension, if it's not set up yet
"""
root_logger.info('[Setting up Firefox extension]')
http = httpinstance.HTTPInstance(fstore)
realm = api.env.realm
domain = api.env.domain
http.setup_firefox_extension(realm, domain)
def ca_configure_profiles_acl(ca):
root_logger.info('[Authorizing RA Agent to modify profiles]')
@ -1713,7 +1703,6 @@ def upgrade_configuration():
cleanup_kdc(fstore)
cleanup_adtrust(fstore)
setup_firefox_extension(fstore)
bind = bindinstance.BindInstance(fstore)
if bind.is_configured() and not bind.is_running():