Commit Graph

3073 Commits

Author SHA1 Message Date
Pavel Vomacka
2232a5bb09 Set default confirmation button label to 'Remove'
Part of: https://fedorahosted.org/freeipa/ticket/5831

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-07-01 09:39:49 +02:00
Pavel Vomacka
df56fd3371 Change error handling in custom_command_multivalued_widget
The custom_command_multivalued_widget now handles remove and add commands errors
correctly and shows error message.

Part of: https://fedorahosted.org/freeipa/ticket/5381

add_error

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-07-01 09:39:49 +02:00
Martin Babinsky
7e803aa462 replace an ACI relying on presence of deprecated objectclass
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-07-01 09:37:25 +02:00
Martin Babinsky
d1517482b5 Add ACI for admins to modify principal attributes
This is required for admins to utilize the APIs that enable them to add/remove
principal aliases to entities.

https://fedorahosted.org/freeipa/ticket/3864
https://fedorahosted.org/freeipa/ticket/3961
https://fedorahosted.org/freeipa/ticket/5413

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-07-01 09:37:25 +02:00
Martin Basti
08fcc7e25a Do not log to file in remote conncheck side
https://fedorahosted.org/freeipa/ticket/5757

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-01 09:05:33 +02:00
Martin Basti
4ce0258c23 Add option --no-log for ipa-replica-conncheck script
When option is sued, ipa-replica-conncheck will not log into file

https://fedorahosted.org/freeipa/ticket/5757

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-01 09:05:33 +02:00
Petr Vobornik
88f7154f7f webui: prevent infinite reload for users with krbbprincipal alias set
Web UI has inbuilt mechanism to reload in case response from a server
contains a different principal than the one loaded during Web UI
startup.

see rpc.js:381

With kerberos aliases support the loaded principal could be different
because krbprincipalname contained multiple values.

In such case krbcanonicalname should be used - it contains the same
principal as the one which will be in future API responses.

https://fedorahosted.org/freeipa/ticket/5927

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-01 08:53:35 +02:00
Stanislav Laznicka
f3858be6e3 Fix wrong imports in copy-schema-to-ca.py
Some imports were not possible in old versions of IPA. This caused
import exceptions on the script start.

https://fedorahosted.org/freeipa/ticket/6003

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-06-30 14:28:14 +02:00
Pavel Vomacka
7f4de88ea1 Add button for server-del command
WebUI counterpart of: https://fedorahosted.org/freeipa/ticket/5588

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-30 14:22:51 +02:00
Pavel Vomacka
e65ce4fedc Add support to change button css class on confirm dialog
Part of: https://fedorahosted.org/freeipa/ticket/5588

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-30 14:22:51 +02:00
Pavel Vomacka
a3c7f845e0 Simplify the confirmation messages
The confirmation of revoke and remove the certificate hold action is simplier
and more consistent with another parts of WebUI.

Part of: https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-30 14:18:47 +02:00
Jan Cholasta
2615103c68 makeaci, makeapi, oddjob: use the default API context
Use the default context rather the server context for code not running
inside the server.

This prevents the affected code from attempting to initialize the session
manager.

https://fedorahosted.org/freeipa/ticket/5988

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-06-30 14:09:24 +02:00
Pavel Vomacka
ec6925e775 Change paths of strings in auth indicators widget on service page
Strings which are used by widget which shows authentication indicators were moved.
Therefore the change in string paths.

Part of: https://fedorahosted.org/freeipa/ticket/5872

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-30 13:42:58 +02:00
Pavel Vomacka
55049fceb9 Add authentication identificator to host page
Also move strings which are connected with authentication indicators to authtype dict.
This place is more general than have them in service dict. It's nicer when these strings are
not used only on service page.

Part of: https://fedorahosted.org/freeipa/ticket/5872

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-30 13:42:58 +02:00
Martin Basti
a155f692e7 Fix replica install with CA
The incorrect api was used, and CA record updated was duplicated.

https://fedorahosted.org/freeipa/ticket/5966

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-06-30 13:18:51 +02:00
Pavel Vomacka
aaf65e9c56 Add certificate widget to ID override user details page.
Add possibility to add, remove, view, get and download custom certificates on ID override user page.

https://fedorahosted.org/freeipa/ticket/5926

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 16:46:12 +02:00
Pavel Vomacka
31a13c9e98 Add button for dns_update_system_records command
Part of: https://fedorahosted.org/freeipa/ticket/5905

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-06-29 16:33:42 +02:00
Florence Blanc-Renaud
3c40d3aa9e Do not allow installation in FIPS mode
https://fedorahosted.org/freeipa/ticket/5761

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2016-06-29 16:17:27 +02:00
Pavel Vomacka
d7898ac2eb Add new custom command multivalued widget
Add general class for multivalued widget which uses special commands which
are performed immediately.

Part of: https://fedorahosted.org/freeipa/ticket/5108

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 15:41:58 +02:00
Pavel Vomacka
2f048224d2 Updated certificates table
All certificates which are not issued by IPA CA are grey and not clickable. That's
because these certificates are not maintained by IPA CA.

Part of: https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 15:41:58 +02:00
Pavel Vomacka
82e69e4300 Add new certificates widget to the service details page
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 15:41:58 +02:00
Pavel Vomacka
79ec965a96 Add new certificates widget to the host details page. Also extends evaluator and add support for adapters.
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 15:41:58 +02:00
Pavel Vomacka
0b72571c5a Add new certificates widget to the user details page
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 15:41:58 +02:00
Pavel Vomacka
55a0baf1c3 Add certificate widget
The certificate widget is used for each certificate in certs_widget. It allows to
view, get, download, revoke and restore certificate.

https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 15:41:58 +02:00
Pavel Vomacka
6d3622c600 Add widget for showing multiple certificates
Certs widget is based on multivalued widget and adds ability to add new certificate
and delete it. Each line is cert_widget.

https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 15:41:58 +02:00
Pavel Vomacka
3056f349b9 Remove old useless actions - get and view
These two actions are not available any more. So that code is never called.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 15:41:58 +02:00
Pavel Vomacka
260a00b81f Changed the way how to handle remove hold and revoke actions
Method calling in actions is moved to another function - these calls may be used
by another functions, not only by actions.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 15:41:58 +02:00
Pavel Vomacka
06a9a84876 Refactored certificate view and remove hold dialog
Removed old layout created using html tables. Now table layout is made by div
and modern css styling.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 15:41:58 +02:00
Pavel Vomacka
e7a55ef30b Add Object adapter
Object adapter changes data to more useful format. Single value is reachable
as single value, property with more values is transformed to array.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 15:41:58 +02:00
Pavel Vomacka
044d3c25de Add ability to turn off activity icon
By specifying correct attribute when creating command it turn off showing activity icon
when webui waits for response from the server.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 15:41:58 +02:00
Pavel Vomacka
3d61aca623 Add working widget
This widget can be used as notification that some other widget is working.
It shows spinner and cover the other widget by specified color.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 15:41:58 +02:00
Pavel Vomacka
f243bd2d65 Extends functionality of DropdownWidget
Adds methods which are able to enable and disable options according to the name of option
and methods which set or get whole item list.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 15:41:58 +02:00
Pavel Vomacka
e3e83272c9 Add support for custom menu in multivalued widget
Every single widget which is in multivalued widget can now have custom action menu
and the delete button is included in this custom action menu.

Part of this ticket:
https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-29 15:41:58 +02:00
Fraser Tweedale
0078e7a919 ipa-certupdate: track lightweight CA certificates
Enhance the ipa-certupdate program to add Certmonger tracking
requests for lightweight CA certificates.

Also update the dogtag-ipa-ca-renew-agent-submit to not store or
retrieve lightweight CA certificates, becaues Dogtag clones observe
renewals and update their NSSDBs on their own, and allow the helper
to request non-self-signed certificates.

Part of: https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-06-29 08:52:29 +02:00
Fraser Tweedale
b720aa94e9 Update lightweight CA serial after renewal
For CA replicas to pick up renewed lightweight CA signing
certificates, the authoritySerial attribute can be updated with the
new serial number.

Update the renew_ca_cert script, which is executed by Certmonger
after writing a renewed CA certificate to the NSSDB, to update the
authoritySerial attribute if the certificate belongs to a
lightweight CA.

Part of: https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-06-29 08:52:29 +02:00
Martin Basti
104040cf36 DNS Locations: cleanup of bininstance
We don't need anymore:
* sample of zone file - list of all records required by IPa will be
provided

* NTP related params - DNS records will be updated automatically,
based on LDAP values

* CA related params - DNS records will be updated automatically based
* on LDAP values

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-06-28 15:23:51 +02:00
Martin Basti
218734ba5a DNS Locations: hide option --no-msdcs in adtrust-install
Since DNS location mechanism is active, this option has no effect,
because records are generate dynamically.

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-06-27 13:35:00 +02:00
Stanislav Laznicka
e136db0192 Add missing nsSystemIndex attributes
https://fedorahosted.org/freeipa/ticket/5947

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-06-27 10:49:51 +02:00
Petr Vobornik
fd840a9cd7 mod_auth_gssapi: enable unique credential caches names
mod_auth_gssapi > 1.4.0 implements support for unique ccaches names.
Without it ccache name is derived from pricipal name.

It solves a race condition in two concurrent request of the same
principal. Where first request deletes the ccache and the second
tries to use it which then fails. It may lead e.g. to a failure of
two concurrent ipa-client-install.

With this feature there are two ccaches so there is no clash.

https://fedorahosted.org/freeipa/ticket/5653

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>
2016-06-24 16:06:49 +02:00
Stanislav Laznicka
0db48e4d04 Fix to ipa-ca-install asking for host principal password
With a ca_cert_file specified in options, the nss_db was used before the
certificates from the file were added to it, which caused an exception
that led to fallback to ssh which is broken.

https://fedorahosted.org/freeipa/ticket/5965

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-06-23 12:26:20 +02:00
Martin Babinsky
3f93f80557 add krbCanonicalName to attributes watched by MODRDN plugin
https://fedorahosted.org/freeipa/ticket/3864

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
2016-06-23 09:48:06 +02:00
Martin Babinsky
229ab40dd3 add case-insensitive matching rule to krbprincipalname index
Part of https://fedorahosted.org/freeipa/ticket/3864

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
2016-06-23 09:48:06 +02:00
Martin Babinsky
5f963e1ad1 mark 'ipaKrbPrincipalAlias' attribute as deprecated in schema
part of https://fedorahosted.org/freeipa/ticket/3864

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
2016-06-23 09:48:06 +02:00
Pavel Vomacka
cc6a3325d4 DNS Servers: Web UI part
Adds new page with DNS Servers and details page about each server.
It is counterpart of dnsserver-{find,show,mod} CLI commands.

Part of: https://fedorahosted.org/freeipa/ticket/5905

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-21 16:53:25 +02:00
Pavel Vomacka
68c748c2b6 Allow to set weight of a server without location
There was a bug when a new server was added it was not possible to set weight until
a location was set. This change corrects it and allows user to set a weight of server
without location.

Part of: https://fedorahosted.org/freeipa/ticket/5905

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-21 16:30:35 +02:00
Pavel Vomacka
75d2f9fe06 Add DNS default TTL field
DNS default TTL is new field on DNS Zone Settings page.

WebUI counterpart of: https://fedorahosted.org/freeipa/ticket/2956

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-06-21 16:11:54 +02:00
Pavel Vomacka
f85c347f4d Add placeholder to add segment dialog
'Autogenerated' placeholder is shown when adding new segment.

https://fedorahosted.org/freeipa/ticket/5867

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-21 14:15:56 +02:00
Pavel Vomacka
ab52b33c71 Add listener which opens add segment dialog
The event is emited by clicking on the second node when adding segment by mouse.
The listener opens dialog and prefill values.

Part of: https://fedorahosted.org/freeipa/ticket/5648

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-21 14:15:56 +02:00
Pavel Vomacka
be235cedf8 Add creating a segment using mouse
Create new semicircles around the node after mouseover. These work as buttons
to create arrow and after clicking on another node the Add topology segment dialog
is opened. Also selecting segment works, if the segment already exists then
the segment is selected instead of opening the dialog.

https://fedorahosted.org/freeipa/ticket/5648

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2016-06-21 14:15:56 +02:00
Pavel Vomacka
fac0c7b260 Extend trust config page
Add list of AD trust agents and controllers to trust config page.

Part of: https://fedorahosted.org/freeipa/ticket/5906

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-06-21 13:39:01 +02:00