diff --git a/freeipa.spec.in b/freeipa.spec.in index e5e12928a..891ee40ac 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -165,7 +165,6 @@ Requires: pki-ca >= 10.3.5-6 Requires: pki-kra >= 10.3.5-6 Requires(preun): python systemd-units Requires(postun): python systemd-units -Requires: zip Requires: policycoreutils >= 2.1.12-5 Requires: tar Requires(pre): certmonger >= 0.78 @@ -1166,17 +1165,6 @@ fi %{_usr}/share/ipa/advise/legacy/*.template %dir %{_usr}/share/ipa/profiles %{_usr}/share/ipa/profiles/*.cfg -%dir %{_usr}/share/ipa/ffextension -%{_usr}/share/ipa/ffextension/bootstrap.js -%{_usr}/share/ipa/ffextension/install.rdf -%{_usr}/share/ipa/ffextension/chrome.manifest -%dir %{_usr}/share/ipa/ffextension/chrome -%dir %{_usr}/share/ipa/ffextension/chrome/content -%{_usr}/share/ipa/ffextension/chrome/content/kerberosauth.js -%{_usr}/share/ipa/ffextension/chrome/content/kerberosauth_overlay.xul -%dir %{_usr}/share/ipa/ffextension/locale -%dir %{_usr}/share/ipa/ffextension/locale/en-US -%{_usr}/share/ipa/ffextension/locale/en-US/kerberosauth.properties %dir %{_usr}/share/ipa/html %{_usr}/share/ipa/html/ffconfig.js %{_usr}/share/ipa/html/ffconfig_page.js diff --git a/install/Makefile.am b/install/Makefile.am index ac52ad3bb..d13ecb701 100644 --- a/install/Makefile.am +++ b/install/Makefile.am @@ -7,7 +7,6 @@ NULL = SUBDIRS = \ certmonger \ conf \ - ffextension \ html \ migration \ share \ diff --git a/install/configure.ac b/install/configure.ac index 81f17b9ac..b89593308 100644 --- a/install/configure.ac +++ b/install/configure.ac @@ -77,11 +77,6 @@ AC_CONFIG_FILES([ Makefile certmonger/Makefile conf/Makefile - ffextension/Makefile - ffextension/chrome/Makefile - ffextension/chrome/content/Makefile - ffextension/locale/Makefile - ffextension/locale/en-US/Makefile html/Makefile migration/Makefile share/Makefile diff --git a/install/ffextension/Makefile.am b/install/ffextension/Makefile.am deleted file mode 100644 index 7a7220562..000000000 --- a/install/ffextension/Makefile.am +++ /dev/null @@ -1,23 +0,0 @@ -AUTOMAKE_OPTIONS = 1.7 - -NULL = - -SUBDIRS = \ - chrome \ - locale \ - $(NULL) - -appdir = $(IPA_DATA_DIR)/ffextension -app_DATA = \ - bootstrap.js \ - chrome.manifest \ - install.rdf \ - $(NULL) - -EXTRA_DIST = \ - $(app_DATA) \ - $(NULL) - -MAINTAINERCLEANFILES = \ - *~ \ - Makefile.in diff --git a/install/ffextension/bootstrap.js b/install/ffextension/bootstrap.js deleted file mode 100644 index 7e2ae576c..000000000 --- a/install/ffextension/bootstrap.js +++ /dev/null @@ -1,88 +0,0 @@ -// Heavily inspired by Dave Townsend's post: -// Playing with windows in restartless (bootstrapped) extensions -// http://www.oxymoronical.com/blog/2011/01/Playing-with-windows-in-restartless-bootstrapped-extensions - -const Cc = Components.classes; -const Ci = Components.interfaces; -const Cu = Components.utils; - -var WindowListener = { - - setupBrowserUI: function(domWindow) { - var doc = domWindow.document; - domWindow.kerberosauth_listener = kerberosauth_listener(domWindow); - doc.addEventListener('kerberos-auth-config', domWindow.kerberosauth_listener, false, true); - }, - - tearDownBrowserUI: function(domWindow) { - - var doc = domWindow.document; - doc.removeEventListener('kerberos-auth-config', domWindow.kerberosauth_listener); - delete domWindow.kerberosauth_listener; - }, - - // nsIWindowMediatorListener functions - onOpenWindow: function(xulWindow) { - // A new window has opened - var domWindow = xulWindow.QueryInterface(Ci.nsIInterfaceRequestor). - getInterface(Ci.nsIDOMWindowInternal); - - // Wait for it to finish loading - domWindow.addEventListener("load", function listener() { - domWindow.removeEventListener("load", listener, false); - - // If this is a browser window then setup its UI - if (domWindow.document.documentElement.getAttribute("windowtype") === "navigator:browser") { - WindowListener.setupBrowserUI(domWindow); - } - }, false); - }, - - onCloseWindow: function(xulWindow) { - }, - - onWindowTitleChange: function(xulWindow, newTitle) { - } -}; - -function startup(data, reason) { - var wm = Cc["@mozilla.org/appshell/window-mediator;1"].getService(Ci.nsIWindowMediator); - - Cu['import']("chrome://kerberosauth/content/kerberosauth.js"); - - // Get the list of browser windows already open - var windows = wm.getEnumerator("navigator:browser"); - while (windows.hasMoreElements()) { - var domWindow = windows.getNext().QueryInterface(Ci.nsIDOMWindow); - - WindowListener.setupBrowserUI(domWindow); - } - - // Wait for any new browser windows to open - wm.addListener(WindowListener); -} - -function shutdown(data, reason) { - // When the application is shutting down we normally don't have to clean - // up any UI changes made - if (reason == APP_SHUTDOWN) - return; - - var wm = Cc["@mozilla.org/appshell/window-mediator;1"]. - getService(Ci.nsIWindowMediator); - - // Get the list of browser windows already open - var windows = wm.getEnumerator("navigator:browser"); - while (windows.hasMoreElements()) { - var domWindow = windows.getNext().QueryInterface(Ci.nsIDOMWindow); - WindowListener.tearDownBrowserUI(domWindow); - } - - // Stop listening for any new browser windows to open - wm.removeListener(WindowListener); - - Cu.unload("chrome://kerberosauth/content/kerberosauth.js"); -} - -function install() {} -function uninstall() {} \ No newline at end of file diff --git a/install/ffextension/chrome.manifest b/install/ffextension/chrome.manifest deleted file mode 100644 index 775d3a338..000000000 --- a/install/ffextension/chrome.manifest +++ /dev/null @@ -1,4 +0,0 @@ -content kerberosauth chrome/content/ -resource kerberosauth chrome/content/ -overlay chrome://browser/content/browser.xul resource://kerberosauth/kerberosauth_overlay.xul -locale kerberosauth en-US locale/en-US/ \ No newline at end of file diff --git a/install/ffextension/chrome/Makefile.am b/install/ffextension/chrome/Makefile.am deleted file mode 100644 index 10d23a7a7..000000000 --- a/install/ffextension/chrome/Makefile.am +++ /dev/null @@ -1,19 +0,0 @@ -AUTOMAKE_OPTIONS = 1.7 - -NULL = - -SUBDIRS = \ - content \ - $(NULL) - -appdir = $(IPA_DATA_DIR)/ffextension/chrome -app_DATA = \ - $(NULL) - -EXTRA_DIST = \ - $(app_DATA) \ - $(NULL) - -MAINTAINERCLEANFILES = \ - *~ \ - Makefile.in diff --git a/install/ffextension/chrome/content/Makefile.am b/install/ffextension/chrome/content/Makefile.am deleted file mode 100644 index 7ff81e571..000000000 --- a/install/ffextension/chrome/content/Makefile.am +++ /dev/null @@ -1,17 +0,0 @@ -AUTOMAKE_OPTIONS = 1.7 - -NULL = - -appdir = $(IPA_DATA_DIR)/ffextension/chrome/content -app_DATA = \ - kerberosauth_overlay.xul \ - kerberosauth.js \ - $(NULL) - -EXTRA_DIST = \ - $(app_DATA) \ - $(NULL) - -MAINTAINERCLEANFILES = \ - *~ \ - Makefile.in diff --git a/install/ffextension/chrome/content/kerberosauth.js b/install/ffextension/chrome/content/kerberosauth.js deleted file mode 100644 index c5afde984..000000000 --- a/install/ffextension/chrome/content/kerberosauth.js +++ /dev/null @@ -1,197 +0,0 @@ -/* Authors: - * Petr Vobornik - * - * Copyright (C) 2012 Red Hat - * see file 'COPYING' for use and warranty information - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -var EXPORTED_SYMBOLS = ["kerberosauth", "kerberosauth_listener"]; - -var Cc = Components.classes; -var Ci = Components.interfaces; - -var kerberosauth = { - - // Dictionary of configuration options this extension can configure. - // An alias (key) is set for each options. Using a set of aliases limits - // configuration pages from supplying potential malicious options. - config_options: { - referer: ['network.http.sendRefererHeader', 'int'], - native_gss_lib: ['network.negotiate-auth.using-native-gsslib', 'bool'], - trusted_uris: ['network.negotiate-auth.trusted-uris', 'str'], - allow_proxies: ['network.negotiate-auth.allow-proxies', 'bool'] - }, - - // Some preconfigurations to make things easier. Can be good if UI is added - // (mostly for future usage). - predefined_configurations: { - ipa: { - referer: '2', - native_gss_lib: 'true', - trusted_uris: '', - allow_proxies: 'true', - append: ['trusted_uris'] - } - }, - - page_listener: function(event, dom_window) { - - var self = this; - - var conf = { - event: event, - window: dom_window || window, - element: event.target - }; - - if (!conf.element.hasAttribute('method')) return; - - var method = conf.element.getAttribute('method'); - - if (method === 'configure') self.configure(conf); - if (method === 'can_configure') self.send_response(conf.element, { answer: 'true' }); - }, - - send_response: function(element, options) { - - options = options || {}; - - var doc = element.ownerDocument; - - for (var opt in options) { - element.setAttribute(opt, options[opt]); - } - - var answer_event = doc.createEvent("HTMLEvents"); - answer_event.initEvent("kerberos-auth-answer", true, false); - element.dispatchEvent(answer_event); - }, - - notify_installed: function(window) { - var doc = window.document; - var event = doc.createEvent("HTMLEvents"); - event.initEvent("kerberos-auth-installed", true, false); - doc.dispatchEvent(event); - }, - - configure: function(conf) { - var self = this; - - var options = {}; // options to be configured - var opt; - - // use predefined configuration if supplied - if (conf.element.hasAttribute('predefined')) { - var predefined = conf.element.getAttribute('predefined'); - - var pconfig = self.predefined_configurations[predefined]; - if (pconfig) { - for (opt in pconfig) { - options[opt] = pconfig[opt]; - } - } - } - - // overwrite predefined with supplied and only supported options - for (var i=0; i < conf.element.attributes.length; i++) { - var attr = conf.element.attributes[i].name; - if (attr in self.config_options) { - options[attr] = conf.element.getAttribute(attr); - } - } - - if (self.prompt(conf, options)) { - self.configure_core(conf, options); - self.send_response(conf.element, { answer: 'configured' }); - } else { - self.send_response(conf.element, { answer: 'aborted' }); - } - }, - - configure_core: function(conf, options) { - - var self = this; - - var prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch); - var append_opts = options.append || []; - - for (var opt in options) { - - if (!self.config_options[opt]) continue; - - var name = self.config_options[opt][0]; - var type = self.config_options[opt][1]; - var value = options[opt]; - - if (type === 'str') { - if (value && append_opts.indexOf(opt) > -1) { - var current = prefs.getCharPref(name) || ''; - if (this.str_contains(current, value)) { - continue; - } else if (current) { - value = current + ', ' + value; - } - } - prefs.setCharPref(name, value); - } else if (type ==='int') { - prefs.setIntPref(name, Number(value)); - } else if (type === 'bool') { - prefs.setBoolPref(name, value === 'true'); - } - } - }, - - str_contains: function(str, value) { - - if (!str) return false; - var vals = str.split(','); - for (var i=0, l=vals.length; i - - - - - \ No newline at end of file diff --git a/install/ffextension/install.rdf b/install/ffextension/install.rdf deleted file mode 100644 index d931f19d8..000000000 --- a/install/ffextension/install.rdf +++ /dev/null @@ -1,26 +0,0 @@ - - - - - - kerberosauth@redhat.com - Kerberos Configuration - 0.1 - Configures browser to use negotiate authentication - 2 - Red Hat, Inc. - Petr Vobornik - http://www.redhat.com/ - true - - - - - {ec8030f7-c20a-464f-9b0e-13a3a9e97384} - 10.0 - 15.0.* - - - - \ No newline at end of file diff --git a/install/ffextension/locale/Makefile.am b/install/ffextension/locale/Makefile.am deleted file mode 100644 index 7e64536ed..000000000 --- a/install/ffextension/locale/Makefile.am +++ /dev/null @@ -1,19 +0,0 @@ -AUTOMAKE_OPTIONS = 1.7 - -NULL = - -SUBDIRS = \ - en-US \ - $(NULL) - -appdir = $(IPA_DATA_DIR)/ffextension/locale -app_DATA = \ - $(NULL) - -EXTRA_DIST = \ - $(app_DATA) \ - $(NULL) - -MAINTAINERCLEANFILES = \ - *~ \ - Makefile.in diff --git a/install/ffextension/locale/en-US/Makefile.am b/install/ffextension/locale/en-US/Makefile.am deleted file mode 100644 index d19e8c7bd..000000000 --- a/install/ffextension/locale/en-US/Makefile.am +++ /dev/null @@ -1,16 +0,0 @@ -AUTOMAKE_OPTIONS = 1.7 - -NULL = - -appdir = $(IPA_DATA_DIR)/ffextension/locale/en-US -app_DATA = \ - kerberosauth.properties \ - $(NULL) - -EXTRA_DIST = \ - $(app_DATA) \ - $(NULL) - -MAINTAINERCLEANFILES = \ - *~ \ - Makefile.in diff --git a/install/ffextension/locale/en-US/kerberosauth.properties b/install/ffextension/locale/en-US/kerberosauth.properties deleted file mode 100644 index b822535ee..000000000 --- a/install/ffextension/locale/en-US/kerberosauth.properties +++ /dev/null @@ -1,4 +0,0 @@ -prompt_title=Kerberos configuration confirmation -prompt_topic=The page you are visiting is trying to configure Firefox for Kerberos authentication. -prompt_domain=\n\nDomain: ${domain} -prompt_question=\n\nDo you want to configure the browser? \ No newline at end of file diff --git a/install/share/Makefile.am b/install/share/Makefile.am index d8845ee16..32cf36413 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -51,7 +51,6 @@ app_DATA = \ krb5.conf.template \ krb5.ini.template \ krb.con.template \ - krb.js.template \ krbrealm.con.template \ smb.conf.template \ smb.conf.empty \ diff --git a/install/share/krb.js.template b/install/share/krb.js.template deleted file mode 100644 index e7ea05595..000000000 --- a/install/share/krb.js.template +++ /dev/null @@ -1,2 +0,0 @@ -var IPA_REALM = "$REALM"; -var IPA_DOMAIN = "$DOMAIN"; \ No newline at end of file diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 025bed6b0..bbf6b5387 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -184,7 +184,6 @@ class BasePathNamespace(object): BIN_TIMEOUT = "/usr/bin/timeout" UPDATE_CA_TRUST = "/usr/bin/update-ca-trust" BIN_CURL = "/usr/bin/curl" - ZIP = "/usr/bin/zip" BIND_LDAP_SO = "/usr/lib/bind/ldap.so" BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/" BIND_LDAP_DNS_ZONE_WORKDIR = "/var/named/dyndb-ldap/ipa/master/" @@ -231,12 +230,9 @@ class BasePathNamespace(object): USERADD = "/usr/sbin/useradd" USR_SHARE_IPA_DIR = "/usr/share/ipa/" CA_TOPOLOGY_ULDIF = "/usr/share/ipa/ca-topology.uldif" - FFEXTENSION = "/usr/share/ipa/ffextension" IPA_HTML_DIR = "/usr/share/ipa/html" CA_CRT = "/usr/share/ipa/html/ca.crt" - KERBEROSAUTH_XPI = "/usr/share/ipa/html/kerberosauth.xpi" KRB_CON = "/usr/share/ipa/html/krb.con" - KRB_JS = "/usr/share/ipa/html/krb.js" HTML_KRB5_INI = "/usr/share/ipa/html/krb5.ini" HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con" NIS_ULDIF = "/usr/share/ipa/nis.uldif" diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 7914f4ccf..60d62c03a 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -21,9 +21,7 @@ from __future__ import print_function import os import os.path -import tempfile import pwd -import shutil import re import dbus import shlex @@ -130,7 +128,7 @@ class HTTPInstance(service.Service): subject_base = ipautil.dn_attribute_property('_subject_base') def create_instance(self, realm, fqdn, domain_name, dm_password=None, - autoconfig=True, pkcs12_info=None, + pkcs12_info=None, subject_base=None, auto_redirect=True, ca_file=None, ca_is_configured=None, promote=False): self.fqdn = fqdn @@ -173,8 +171,6 @@ class HTTPInstance(service.Service): self.step("setting up httpd keytab", self.__create_http_keytab) self.step("setting up ssl", self.__setup_ssl) self.step("importing CA certificates from LDAP", self.__import_ca_certs) - if autoconfig: - self.step("setting up browser autoconfig", self.__setup_autoconfig) if not self.promote: self.step("publish CA cert", self.__publish_ca_cert) self.step("clean up any existing httpd ccache", self.remove_httpd_ccache) @@ -374,42 +370,6 @@ class HTTPInstance(service.Service): db = certs.CertDB(self.realm, subject_base=self.subject_base) self.import_ca_certs(db, self.ca_is_configured) - def __setup_autoconfig(self): - self.setup_firefox_extension(self.realm, self.domain) - - def setup_firefox_extension(self, realm, domain): - """Set up the signed browser configuration extension - """ - - target_fname = paths.KRB_JS - sub_dict = dict(REALM=realm, DOMAIN=domain) - db = certs.CertDB(realm) - with open(db.passwd_fname) as pwdfile: - pwd = pwdfile.read() - - ipautil.copy_template_file(ipautil.SHARE_DIR + "krb.js.template", - target_fname, sub_dict) - os.chmod(target_fname, 0o644) - - # Setup extension - tmpdir = tempfile.mkdtemp(prefix="tmp-") - extdir = tmpdir + "/ext" - target_fname = paths.KERBEROSAUTH_XPI - shutil.copytree(paths.FFEXTENSION, extdir) - if db.has_nickname('Signing-Cert'): - db.run_signtool(["-k", "Signing-Cert", - "-p", pwd, - "-X", "-Z", target_fname, - extdir]) - else: - root_logger.warning('Object-signing certificate was not found. ' - 'Creating unsigned Firefox configuration extension.') - filenames = os.listdir(extdir) - ipautil.run([paths.ZIP, '-r', target_fname] + filenames, - cwd=extdir) - shutil.rmtree(tmpdir) - os.chmod(target_fname, 0o644) - def __publish_ca_cert(self): ca_db = certs.CertDB(self.realm) ca_db.publish_ca_cert(paths.CA_CRT) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 7effda7b8..6c9f59869 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -186,12 +186,10 @@ def install_http(config, auto_redirect, ca_is_configured, promote=False, http = httpinstance.HTTPInstance() http.create_instance( config.realm_name, config.host_name, config.domain_name, - config.dirman_password, False, pkcs12_info, + config.dirman_password, pkcs12_info, auto_redirect=auto_redirect, ca_file=ca_file, ca_is_configured=ca_is_configured, promote=promote) - http.setup_firefox_extension(config.realm_name, config.domain_name) - return http diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 4426b7fdf..0d57e23ef 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -266,16 +266,6 @@ def cleanup_adtrust(fstore): root_logger.debug('Removing %s from backup', backed_up_file) -def setup_firefox_extension(fstore): - """Set up the Firefox configuration extension, if it's not set up yet - """ - root_logger.info('[Setting up Firefox extension]') - http = httpinstance.HTTPInstance(fstore) - realm = api.env.realm - domain = api.env.domain - http.setup_firefox_extension(realm, domain) - - def ca_configure_profiles_acl(ca): root_logger.info('[Authorizing RA Agent to modify profiles]') @@ -1713,7 +1703,6 @@ def upgrade_configuration(): cleanup_kdc(fstore) cleanup_adtrust(fstore) - setup_firefox_extension(fstore) bind = bindinstance.BindInstance(fstore) if bind.is_configured() and not bind.is_running():