Commit Graph

3949 Commits

Author SHA1 Message Date
Martin Kosek
02520ab98c Remove sensitive information from logs
When -w/--password option is passed to ipa-replica-install it is
printed to ipareplica-install.log. Make sure that the value of this
option is hidden.

https://fedorahosted.org/freeipa/ticket/1378
2011-07-13 15:16:24 +02:00
Martin Kosek
0cb65fd9f6 Filter reverse zones in dnszone-find
Implements a new option to filter out reverse zones.

This patch also do some clean up in dns plugin - debug prints were
accidentally left here in the last dns patch.

https://fedorahosted.org/freeipa/ticket/1471
2011-07-13 15:06:13 +02:00
Alexander Bokovoy
b93e0b8bbf Convert nsaccountlock to always work as bool towards Python code
https://fedorahosted.org/freeipa/ticket/1259

Python code will see nsaccountlock as bool. JavaScript code will also see it as bool.

This allows native boolean operations with the lock field. Passes both CLI and WebUI tests.
2011-07-13 12:02:46 +02:00
Rob Crittenden
f534445e26 Reset failed login count to 0 when admin resets password.
https://fedorahosted.org/freeipa/ticket/1441
2011-07-13 10:46:22 +02:00
Endi S. Dewata
b2c5b2b4b5 Fixed object_name and object_name_plural internationalization
The object_name, object_name_plural and messages that use these
attributes have been converted to support translation. The label
attribute in the Param class has been modified to accept unicode
string.

Ticket #1435
2011-07-12 16:33:08 -04:00
Martin Kosek
e6c68e9993 Add DNS record modification command
The DNS record plugin does not support modification of a record. One
can only add A type addresses to a DNS record or remove the current
ones. To actually change a DNS record value it has to be removed and
then added with a desired value.

This patch adds a new DNS plugin command "dnsrecord-mod" which enables
user to:
 - modify a DNS record value (note than DNS record can hold multiple values
   and those will be overwritten)
 - remove a DNS record when an empty value is passed

New tests for this new command have been added to the CLI test suite.

https://fedorahosted.org/freeipa/ticket/1137
2011-07-12 14:20:16 -04:00
Endi S. Dewata
86230333a8 Fixed collapsed table in Chrome.
The .content-table class has been modified to expand properly in
Firefox and Chrome.

Ticket #1450
2011-07-12 11:50:47 -04:00
Adam Young
e0238b5218 entity_select naming
http://fedorahosted.org/freeipa/ticket/1467
2011-07-12 11:01:18 -04:00
Rob Crittenden
28e85ee47a Fix test failure in updater when adding values to a single-value attr
The ipaldap.py code was updated to consider the schema when making
changes and does a REPLACE on single-value attributes. So when you
do an add in an update it will effectively replace the value instead
of ignoring it.
2011-07-11 19:21:51 -04:00
Rob Crittenden
2415ba6d37 Fix error in AttrValueNotFound exception example 2011-07-11 19:21:47 -04:00
Rob Crittenden
d9627ab165 find_entry_by_attr() should fail if multiple entries are found
It will only ever return one entry so if more than one are found
then we raise an exception. This is most easily seen in the host
plugin where we search on the server shortname which can be the
same across sub-domains (e.g. foo.example.com &
foo.lab.example.com).

https://fedorahosted.org/freeipa/ticket/1388
2011-07-11 18:45:49 -04:00
Rob Crittenden
3a5e26a01c Enforce class rules when query=True, continue to not run validators.
This started as a problem in allowing leading/trailing whitespaces
on primary keys. In nearly every command other than add query is True
so all rules were ignored on the primary key. This meant that to
enforce whitespace we would need to define a validator for each one.

I decided instead to set self.all_rules to just the class rules if
query == True. So the minimum set of validators will be executed
against each type but param-specific validators will only run on add.

https://fedorahosted.org/freeipa/ticket/1285
https://fedorahosted.org/freeipa/ticket/1286
https://fedorahosted.org/freeipa/ticket/1287
2011-07-11 18:43:32 -04:00
Endi S. Dewata
3229eee074 Added sudo options.
A table has been added into sudo rule details page for managing
sudo options.

Ticket #1447
2011-07-11 22:11:40 +00:00
Adam Young
0475340344 indirect admins
https://fedorahosted.org/freeipa/ticket/1465
2011-07-11 16:08:09 +00:00
Adam Young
30492ef3fa clear errors on reset
https://fedorahosted.org/freeipa/ticket/1446
2011-07-08 17:34:55 +00:00
Endi S. Dewata
2337fb5760 Fixed missing entitlement import button label
Ticket #1456
2011-07-08 16:50:44 +00:00
Adam Young
0a5f103733 check required on add
previsouly was checked on key down, but that does the check too soon.
Next attempt was on blur, but that had numerous problems.  This now checkes when the add button is clicked.
works for entity_select widget, too
Checks upon form submission

https://fedorahosted.org/freeipa/ticket/1437
2011-07-08 01:36:52 +00:00
Endi S. Dewata
6dc6c4b2c6 Fixed test fixture file name. 2011-07-07 20:33:06 +00:00
Endi S. Dewata
078d6dfb1c Fixed dirty dialog problems in HBAC/Sudo rules.
The update() in HBAC/Sudo details facet has been fixed to call the
callback function which will show the dirty dialog properly.

Ticket #1439
2011-07-07 16:27:59 -04:00
Endi S. Dewata
158bb676fd Fixed blank self-service page.
The self-service navigation has been fixed to include the root
of the navigation path.

Ticket #1445
2011-07-06 20:57:54 -04:00
Adam Young
e4a444ba81 HBAC deny warning
shows dialog if there are any HBAC deny rules.  Dialog provides option to navigate to the HBAC page.  Deny rules have their rule type value show up in red.

Only shows up fro administrators, not for self service users.

https://fedorahosted.org/freeipa/ticket/1421
2011-07-06 21:52:00 +00:00
Endi S. Dewata
aca908e1e4 Fixed HBAC/Sudo rules associations.
The HBAC/Sudo rules associations in users, groups, hosts and host
groups have been fixed to use the correct associator and method
names.

Ticket #1438
2011-07-06 11:42:14 -04:00
Adam Young
a38ad1d433 password expiration label 2011-07-05 18:00:05 -04:00
Adam Young
a3a9267334 validate ints
validate integers whether meta comes from metadata or param_info

https://fedorahosted.org/freeipa/ticket/1415
2011-07-05 20:31:00 +00:00
Endi S. Dewata
6083df1b02 Fixed object_name usage.
The object_name attribute was used as both an identifier and a
label which sometimes require different values (e.g. hbacrule
vs. HBAC rule). The code that uses object_name as an identifier
has been changed to use the 'name' attribute instead. The values
of the object_name attribute have been fixed to become proper
labels.

Ticket #1217
2011-07-05 16:19:10 -04:00
Rob Crittenden
cd237e5f54 Add pwd expiration notif (ipapwdexpadvnotify) to config plugin def attr list
https://fedorahosted.org/freeipa/ticket/1416
2011-07-05 00:13:55 -04:00
Rob Crittenden
6ad7deb7ac Set the client auth callback after creating the SSL connection.
If we set the callback before calling connect() then if the connection
tries a network family type and fails, it will try other family types.
If this happens then the callback set on the first socket will be lost
when a new socket is created. There is no way to query for the callback
in an existing socket.

https://fedorahosted.org/freeipa/ticket/1349
2011-07-01 21:01:22 -04:00
Endi S. Dewata
3894a4f13d Added arrow icons for details sections.
New arrow icons have been added to replace the plus/minus sign icons
for expanding/collapsing details sections.

Ticket #1422
2011-07-01 20:57:58 -04:00
Adam Young
7a25523d63 entity link for password policy
https://fedorahosted.org/freeipa/ticket/1111

reset() now hides both the link and the label
calucalating  should_link is now a function that can be overloaded.
2011-07-01 16:49:49 -04:00
Endi S. Dewata
58eec70884 Removed invalid associations.
The following invalid associations have been removed:
 - group's memberindirect netgroup and role
 - hostgroup's memberofindirect host

Ticket #1366
Ticket #1367
2011-07-01 00:59:34 -04:00
Endi S. Dewata
c746abd63a Fixed button style in Entitlements
The entitlement buttons are located serveral levels underneath
facet-controls, so the CSS selector has been fixed to extend beyond
facet-controls' immediate children.

Ticket #1419
2011-07-01 03:10:38 +00:00
Endi S. Dewata
c27a6de2a6 Added confirmation dialog for user activation.
The IPA.user_status_widget has been modified such that it checks
the facet dirty status and asks the admin to either Update or Reset
the changes. Then the widget shows a dialog to confirm whether
the admin wants to activate/deactivate the user.

Ticket #1395
2011-07-01 02:49:12 +00:00
Adam Young
9d8ddb5d46 config widgets entity select default group checkbox for migration 2011-06-30 22:26:19 -04:00
Endi S. Dewata
2a52723465 Fixed hard-coded messages.
Hard-coded messages in the UI have been replaced with I18n messages.

Ticket #1396
2011-06-30 14:50:09 -04:00
Endi S. Dewata
d70ba68401 Removed unused images.
Images that are no longer used have been removed.

Ticket #990
2011-06-30 13:59:47 -04:00
Adam Young
21dd4a2a82 ipadefaultemaildomain 2011-06-30 12:39:56 -04:00
Adam Young
2352fcbcc3 config fields
https://fedorahosted.org/freeipa/ticket/1403
https://fedorahosted.org/freeipa/ticket/1404
https://fedorahosted.org/freeipa/ticket/1405
https://fedorahosted.org/freeipa/ticket/1406

fields and sections for config screen
Using multivalue controls for object classes
2011-06-30 11:23:58 -04:00
Adam Young
870e430b65 undefined pkeys https://fedorahosted.org/freeipa/ticket/1399
Thereis not metatdata defined pkey for config, so we need to short circuit the logic that uses the metatdata pkey to look up the key from the hashurl.
2011-06-29 21:14:16 +00:00
Adam Young
b8b2ac5357 containing entity pkeys
Instead of looking for a match on the entity name, use the nesting structure
of containing entites to grab their pkeys.

Code review fixes

https://fedorahosted.org/freeipa/ticket/674
2011-06-29 17:09:57 -04:00
Adam Young
66eeaceb8c shorten url cache state in a javascript variable, and leave on information about the current entity in the URL hash params
https://fedorahosted.org/freeipa/ticket/674

decrement depth for hidden tabs.

Initialize state from url
useing delete for removing state
stricter attribute matching
not incrementing depth for all hidden tabs.
whitespace cleanup
2011-06-28 22:40:42 +00:00
Jan Cholasta
67b807d640 Replace the 'private' option in netgroup-find with 'managed'.
The 'private' option is kept in to maintain API compatibility, but
is hidden from the user.

ticket 1120
2011-06-28 01:57:11 -04:00
Jan Cholasta
f05141e646 Remove redundant configuration values from krb5.conf.
ticket 1358
2011-06-28 01:10:06 -04:00
Rich Megginson
cae6f1511e memory leak in ipa_winsync_get_new_ds_user_dn_cb
The new_dn_string passed into this function is malloc'd.  It
must be freed before we reassign the value.
2011-06-28 00:11:04 -04:00
Rich Megginson
89c67c3ad9 modify user deleted in AD crashes winsync
https://fedorahosted.org/freeipa/ticket/1382
crash in winsync if replaying a MOD and user does not exist in AD
If the AD entry is deleted before the deletion can be synced back to IPA,
and in the meantime an operation is performed on the corresponding
entry in IPA that should be synced to AD, winsync attempts to get the
AD entry and it is empty.  This just means the operation will not go
through, and the entry will be deleted when the sync from AD happens.
The IPA winsync plugin needs to handle the case when the ad_entry
is NULL.
2011-06-28 00:11:04 -04:00
Rich Megginson
d43e87e10c winsync enables disabled users in AD
https://fedorahosted.org/freeipa/ticket/1379
winsync enables disabled users in AD when the AD entry changes
This was likely broken when ipa switched from using CoS/groups for account
inactivation to using nsAccountLock directly.  The code that handled the
account sync in the from AD direction was broken, but was never found before
now because it had not been used.  The fix is to correctly set or remove
nsAccountLock.
2011-06-28 00:11:04 -04:00
Martin Kosek
5f4c75eb28 Allow recursion by default
Update name server configuration file to allow any host to issue
recursive queries (allow-recursion statement).

https://fedorahosted.org/freeipa/ticket/1335
2011-06-27 23:14:16 -04:00
Adam Young
acc00afa4c Generate record type list from metadata https://fedorahosted.org/freeipa/ticket/945
now matches record at the end of the string
2011-06-28 18:10:02 +00:00
Alexander Bokovoy
9837bb0d10 Minor typos in the examples 2011-06-27 23:04:18 -04:00
Alexander Bokovoy
716a25a784 Convert Bool to TRUE/FALSE when working with LDAP backend https://fedorahosted.org/freeipa/ticket/1259
According to RFC4517 the only valid values for a boolean in LDAP are TRUE or FALSE.
This commit adds support to recognize TRUE and FALSE as valid Bool constants when converting from LDAP attribute values
and enforces TRUE or FALSE string for account locking.
2011-06-27 23:03:23 -04:00
Endi S. Dewata
f1e1223bd9 Fixed undo all problem.
The IPA.multivalued_text_widget has been modified such that the
'undo all' will appear only if at least one of the values is dirty.

Ticket #1109
2011-06-27 20:55:47 -04:00