IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
7,421 Commits 11 Branches 60 Tags
451c2e2bc4da52900dbf6cd67ea62ccd70e8e421
Commit Graph

2444 Commits

Author SHA1 Message Date
Jan Cholasta
aae7848022 Allow changing CA renewal master in ipa-csreplica-manage. 
https://fedorahosted.org/freeipa/ticket/4039

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-02 15:28:51 +02:00
Petr Vobornik
2752f8e286 webui: fix group type padding 
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-08-21 14:10:35 +02:00
Petr Vobornik
dd45278e5a webui: disable batch action buttons by default 
action buttons associated with batch actions were enabled by default, but
they were disabled right after facet creation and a load of data. It caused
a visual flicker.

UX is enhanced by making them disabled by default.

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-08-21 14:10:35 +02:00
Petr Vobornik
a8a799822c webui: sshkey widget - usability fixes 
- save one click by opening edit dialog right after adding new row
- add margin between fingerprint and "show/edit" button
- fix honoring of writable/read-only flags upon row creation

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-08-21 14:10:35 +02:00
Petr Vobornik
189f6fdfd5 webui: improve rule table css 
- category radio line has line-height large enough to contain
  undo button -> content doesn't move several pixels on change
- remove vertical padding from btns in table headers to maintain
  about the same height
- remove invisible border from link buttons to have the same height
  for disabled and enabled button

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-08-21 14:10:35 +02:00
Petr Vobornik
500db900e5 webui: convert widget.less indentation to spaces 
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-08-21 14:10:35 +02:00
Petr Vobornik
af83c37ef1 webui: better authentication types description 
Tooltips were added to "User authentication types" and "Default user
authentication types" to describe their relationship and a meaning of
not-setting a value.

https://fedorahosted.org/freeipa/ticket/4471

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-08-21 10:47:08 +02:00
Petr Vobornik
c1290a768c webui: tooltip support 
Allow to set 'tooltip' attribute in spec. It displays info icon
with Bootstrap's tooltip near field's label.

https://fedorahosted.org/freeipa/ticket/4471

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-08-21 10:47:08 +02:00
Petr Vobornik
9554b5109c webui: rename tooltip to title 
- use title for input's elements 'title' attribute
- tooltip for Bootstrap's tooltip component

https://fedorahosted.org/freeipa/ticket/4471

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-08-21 10:47:08 +02:00
Petr Vobornik
b37854051d webui: login screen - improved button switching 
- added cancel button to reset password view of login screen
- re-implemented buttons hiding mechanism
- switching between 'Reset Password' and 'Reset Password and Login' according to presence of value in OTP field

https://fedorahosted.org/freeipa/ticket/4470

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-08-20 19:28:06 +02:00
Petr Vobornik
68647276ed webui: improved info msgs on login/token sync/reset pwd pages 
- add info icons to distinguish and classify the messages.
- add info text for OTP fields
- fix login instruction inaccuracy related to position of login button

https://fedorahosted.org/freeipa/ticket/4470

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-08-20 19:28:06 +02:00
Petr Vobornik
6f8dc9dba4 webui: display expired session notification in a more visible area 
The notification is a primary information of the page. It should be more highlighted.

https://fedorahosted.org/freeipa/ticket/4470

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-08-20 19:28:06 +02:00
Petr Vobornik
23413e9daa webui: better error reporting 
On page:
- styled to use proper line breaks
- "centered" by .container class and not by huge padding

Console:
- proper line breaks
- links in stack trace are clickable(Chrome)

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-08-20 10:42:57 +02:00
Jan Cholasta
359dfe58b9 Convert external CA chain to PKCS#7 before passing it to pkispawn. 
https://fedorahosted.org/freeipa/ticket/4397

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-08-14 10:06:27 +02:00
Jan Cholasta
044c5c833a Enable NSS PKIX certificate path discovery and validation for Dogtag. 
Part of https://fedorahosted.org/freeipa/ticket/3737

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
03b29b4c8e Update external CA cert in Dogtag NSS DB on IPA CA cert renewal. 
Part of https://fedorahosted.org/freeipa/ticket/3737

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
d27e77adc5 Allow upgrading CA-less to CA-full using ipa-ca-install. 
Part of https://fedorahosted.org/freeipa/ticket/3737

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
8bbdfff102 Allow adding CA certificates to certificate store in ipa-cacert-manage. 
Part of https://fedorahosted.org/freeipa/ticket/3737

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
1b8a1e5564 Update CS.cfg on IPA CA certificate chaining change in renew_ca_cert. 
Part of https://fedorahosted.org/freeipa/ticket/3737

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
18aa3216e0 Allow changing chaining of the IPA CA certificate in ipa-cacert-manage. 
Part of https://fedorahosted.org/freeipa/ticket/3737

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
f1e186d7d8 Export full CA chain to /etc/ipa/ca.crt in ipa-server-install. 
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
2b7a7c356c Get up-to-date CA certificates from certificate store in ipa-replica-install. 
Previously it used CA certificate from the replica info file directly.

Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
9e223e6fd4 Upload renewed CA cert to certificate store on renewal. 
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
586373cf07 Add permissions for certificate store. 
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
fd80cc1c59 Configure attribute uniqueness for certificate store. 
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
1c612ad3e1 Add container for certificate store. 
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
25c10bc161 Add LDAP schema for certificate store. 
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
61f166da5d Add LDAP schema for wrapped cryptographic keys. 
This is part of the schema at
<http://www.freeipa.org/page/V4/PKCS11_in_LDAP/Schema>.

Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
d2bf0b8b54 Fix trust flags in HTTP and DS NSS databases. 
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
52f72ec058 Do not treat the IPA RA cert as CA cert in DS NSS database. 
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
1778f0ebc9 Allow IPA master hosts to read and update IPA master information. 
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
61159b7ff2 Check that renewed certificates coming from LDAP are actually renewed. 
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
7086183519 Do not use ldapi in certificate renewal scripts. 
This prevents SELinux denials when accessing the ldapi socket.

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
d1386be4d5 Pick new CA renewal master when deleting a replica. 
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
031096324d Alert user when externally signed CA is about to expire. 
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
ba3c7b4a89 Add CA certificate management tool ipa-cacert-manage. 
Part of https://fedorahosted.org/freeipa/ticket/3737

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
2c43a3d0d5 Move external cert validation from ipa-server-install to installutils. 
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
2f6990c256 Track CA certificate using dogtag-ipa-ca-renew-agent. 
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
9393c3978e Automatically update CA certificate in LDAP on renewal. 
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
73d8db6d92 Allow IPA master hosts to update CA certificate in LDAP. 
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
35857026e6 Support CA certificate renewal in dogtag-ipa-ca-renew-agent. 
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-07-30 16:04:21 +02:00
Jan Cholasta
1313537736 Check if /root/ipa.csr exists when installing server with external CA. 
Remove the file on uninstall.

https://fedorahosted.org/freeipa/ticket/4303

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-07-28 19:28:27 +02:00
Martin Basti
42d035f64c FIX: named_enable_dnssec should verify if DNS is installed 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-07-28 17:42:38 +02:00
Petr Vobornik
8288135b5b webui: add bounce url to reset_password.html 
reset_password.html now redirects browser to URL specified in 'redirect'
uri component (if present).

The component has to be URI encoded. ie (in browser console):

$ encodeURIComponent('http://pvoborni.fedorapeople.org/doc/#!/guide/Debugging')

-->
"http%3A%2F%2Fpvoborni.fedorapeople.org%2Fdoc%2F%23!%2Fguide%2FDebugging"

-->

https://my.freeipa.server/ipa/ui/reset_password.html?redirect=http%3A%2F%2Fpvoborni.fedorapeople.org%2Fdoc%2F%23!%2Fguide%2FDebugging

https://fedorahosted.org/freeipa/ticket/4440

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-07-28 10:36:08 +02:00
Petr Vobornik
ac7df79a43 webui: remove remaining action-button-disabled occurrences 
Buttons in hbactest check for 'action-button-disabled' but it's never set.

https://fedorahosted.org/freeipa/ticket/4258

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-07-28 10:24:21 +02:00
Petr Vobornik
3966417779 webui: replace action_buttons with action_widget 
Simplify code base by reuse of 'disable' feature of button_widget. All
occurrences of action-button which were disabled/enabled were replaced
by button-widget.

https://fedorahosted.org/freeipa/ticket/4258

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-07-28 10:24:21 +02:00
Petr Vobornik
9aed114d82 webui: detach facet nodes 
Detach/attach facet nodes when switching facets instead of
hiding/showing.

Keeps dom-tree more simple.

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-07-28 10:21:37 +02:00
Petr Vobornik
fb975bba20 webui: internet explorer fixes 
Fixed:
1. IE doesn't support value 'initial' in CSS rule.
2. setting innerHTML='' also destroys content of child nodes in
LoginScreen in IE -> reattached buttons have no text.

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-07-28 10:20:15 +02:00
Petr Vobornik
4059aa12a4 webui: fix nested items creation in dropdown list 
Items nested in other items were created in root list instead of nested list.

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-07-28 10:18:44 +02:00
Petr Vobornik
855c59c7fc webui: support wildcard attribute level rights 
Reproduction:
* add 'extensibleObject' object class to target object

https://fedorahosted.org/freeipa/ticket/4380

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-07-28 10:13:24 +02:00