IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
7,552 Commits 11 Branches 60 Tags
c1f51cff02b0ca1bb41447134c77e5f09544b114
Commit Graph

1502 Commits

Author SHA1 Message Date
Tomas Babej
c1f51cff02 idviews: Raise NotFound errors if object to override could not be found 
If the object user wishes to override cannot be found, we should properly raise a
NotFound error.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
961790e20a idviews: Change format of IPA anchor to include domain 
The old format of the IPA anchor, :IPA:<object_uuid> does not contain for the actual domain
of the object. Once IPA-IPA trusts are introduced, we will need this information to be kept
to be able to resolve the anchor.

Change the IPA anchor format to :IPA:<domain>:<object_uuid>

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
c6d50c456f idviews: Alter idoverride methods to work with splitted objects 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
cbf1ad84f1 idviews: Split the idoverride commands into iduseroverride and idgroupoverride 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
b4a13aeea8 idviews: Split the idoverride object into iduseroverride and idgroupoverride 
To be able to better deal with the conflicting user / group names, we split the
idoverride objects in the two types. This simplifies the implementation greatly,
as we no longer need to set proper objectclasses on each idoverride-mod operation.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
d03b09beb4 idviews: Support specifying object names instead of raw anchors only 
Improve usability of the ID overrides by allowing user to specify the common name of
the object he wishes to override. This is subsequently converted to the ipaOverrideAnchor,
which serves as a stable reference for the object.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
186c161ef5 idviews: Extend idview-show command to display assigned idoverrides and hosts 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
f3576bd94b idviews: Add ipa idview-apply and idview-unapply commands 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
6e94d23a92 hostgroup: Selected PEP8 fixes for the hostgroup plugin 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
ce42bf282f hostgroup: Remove redundant and star imports 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
936eaada89 hostgroup: Add helper that returns all members of a hostgroup 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
377ab0c4a6 idvies: Add managed permissions for idview and idoverride objects 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
b65b74890b idviews: Create basic idview plugin structure 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
f48a7bb730 ipalib: PEP8 fixes for host plugin 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
3e2e5a4d28 ipalib: Remove redundant and star imports from host plugin 
Also fixes incorrect error catching for UnicodeDecodeError.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
be36525dc5 idviews: Add ipaAssignedIDVIew reference to the host object 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
d83af7d38d baseldap: Properly handle the case of renaming object to the same name 
When renaming a object to the same name, errors.EmptyModList is raised.
This is not properly handled, and can cause other modifications in the
LDAPUpdate command to be ignored.

https://fedorahosted.org/freeipa/ticket/4548

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-09-29 15:24:58 +02:00
David Kupka
cd9a4cca1f Do not require description in UI. 
Description attribute is not required in LDAP schema so there is no reason to
require it in UI. Modified tests to reflect this change.

https://fedorahosted.org/freeipa/ticket/4387

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-29 12:53:43 +02:00
Martin Basti
3f8cfdab26 Remove --ip-address, --name-server otpions from DNS help 
Ticket: https://fedorahosted.org/freeipa/ticket/4149
Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-26 10:26:52 +02:00
Martin Basti
239adf9de4 DNS: autofill admin email 
Admins email (SOA RNAME) is autofilled with value 'hostmaster'. Bind
will automaticaly append zone part.

Part of ticket: https://fedorahosted.org/freeipa/ticket/4149

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-09-25 16:38:02 +02:00
Martin Basti
7bc17bb852 Deprecation of --name-server and --ip-address option in DNS 
Option --name-server is changing only SOA MNAME, this option has no more
effect to NS records

Option --ip-addres is just ignored

A warning message is sent after use these options

Part of ticket: https://fedorahosted.org/freeipa/ticket/4149

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-09-25 16:38:02 +02:00
Martin Basti
f846e0d1ef Fix DNS plugin to allow to add root zone 
Ticket: https://fedorahosted.org/freeipa/ticket/4149
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-09-25 16:38:02 +02:00
Martin Basti
7325983a48 DNS: remove --class option 
This option haven't been working, it is time to remove it.

Ticket: https://fedorahosted.org/freeipa/ticket/3414
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-09-25 12:08:22 +02:00
Martin Basti
2f1f122170 dnszone-remove-permission should raise error 
dnszone-remove-permission should raise NotFound error if permission was
not found (regression of 21c829ff).

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-25 09:58:47 +02:00
Tomas Babej
1f8f762b84 ipalib: host_del: Extend LDAPDelete's takes_options instead of overriding 
The host-del command did not accept --continue option, since the
takes_options was overriden and did not take the options from LDAPDelete.

Fix the behaviour.

https://fedorahosted.org/freeipa/ticket/4473

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-09-17 09:36:27 +02:00
Petr Viktorin
6ce44c4f05 permission plugin: Auto-add operational atttributes to read permissions 
The attributes entryusn, createtimestamp, and modifytimestamp
should be readable whenever thir entry is, i.e. when we allow reading
the objectclass.
Automatically add them to every read permission that includes objectclass.

https://fedorahosted.org/freeipa/ticket/4534

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-12 18:22:17 +02:00
Petr Vobornik
15e85db8f8 webui: add i18n for the rest of QR code strings 
https://fedorahosted.org/freeipa/ticket/4402

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-09-11 17:55:17 +02:00
Petr Vobornik
325bbf5bbf webui: add token from user page 
Add 'Add OTP Token' action to user action menu.

This option is disabled in self-service when viewing other users.

https://fedorahosted.org/freeipa/ticket/4402

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-09-11 17:55:17 +02:00
Petr Vobornik
475f6e293e webui: better otp token type label 
https://fedorahosted.org/freeipa/ticket/4402

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-09-11 17:55:17 +02:00
Nathaniel McCallum
9c50f9f957 Update qrcode support for newer python-qrcode 
This substantially reduces the FreeIPA dependencies and allows
QR codes to fit in a standard terminal.

https://fedorahosted.org/freeipa/ticket/4430

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-09-11 12:48:07 +02:00
Petr Viktorin
68d656f80a Fix: Add managed read permissions for compat tree and operational attrs 
This is a fix for an earlier version, which was committed by mistake as:
master: 418ce870bf
ipa-4-0: 3e2c86aeab
ipa-4-1: 9bcd88589e

Thanks to Alexander Bokovoy for contributions

https://fedorahosted.org/freeipa/ticket/4521
 2014-09-05 15:40:13 +02:00
Petr Viktorin
418ce870bf Add managed read permissions for compat tree 
https://fedorahosted.org/freeipa/ticket/4521

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-05 13:50:29 +02:00
Martin Basti
16ecbb1507 FIX DNS wildcard records (RFC4592) 
Make validation more strict

* DS, NS, DNAME owners should not be a wildcard domanin name
* zone name should not be a wildcard domain name

Ticket: https://fedorahosted.org/freeipa/ticket/4488
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-09-05 12:29:29 +02:00
Martin Basti
d0130195a9 DNS fix NS record coexistence validator 
NS can coexistent only with A, AAAA, DS, NS record

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-05 12:11:39 +02:00
Martin Basti
3be8ff6c46 DNSSEC: fix DS record validation 
Part of: https://fedorahosted.org/freeipa/ticket/3801

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-05 12:11:39 +02:00
Martin Basti
62a2559493 Fix dnsrecord-mod raise error if last record attr is removed 
Removing last record attribute causes output type validation error

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-09-05 10:34:11 +02:00
Nathaniel McCallum
e26b3e14eb Ensure ipaUserAuthTypeClass when needed on user creation 
Also, remove the attempt to load the objectClasses when absent. This
never makes sense during an add operation.

https://fedorahosted.org/freeipa/ticket/4455

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-09-03 13:13:16 +02:00
Petr Viktorin
c8aefc23a4 permission plugin: Improve description of the target option 
https://fedorahosted.org/freeipa/ticket/4521

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-03 12:57:04 +02:00
Petr Viktorin
4fbba3f7b8 permission plugin: Make --target available in the CLI 
This was left out by mistake when permissions were refactored.
The API is already tested.

https://fedorahosted.org/freeipa/ticket/4522
 2014-09-03 12:16:43 +02:00
Thorsten Scherf
a2eab057d4 pwpolicy-add: Added better error handling 
Make error message more meaningful when a password policy is added for a non
    existing group.

    https://fedorahosted.org/freeipa/ticket/4334

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-09-02 10:40:12 +02:00
Gabe
9415aba877 ipa trust-add command should be interactive 
- Make ipa trust-add command interactive for realm_admin and realm_passwd
- Fix 'Active directory' typo to 'Active Directory'

https://fedorahosted.org/freeipa/ticket/3034

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-08-25 12:32:29 +02:00
Petr Viktorin
a8ba6b3b8c service: Normalize service principal in get_dn 
This will make any lookup go through the normalization.

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-08-21 14:07:01 +02:00
Petr Viktorin
8fabd6dde1 Support delegating RBAC roles to service principals 
https://fedorahosted.org/freeipa/ticket/3164

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-08-21 14:07:01 +02:00
Petr Vobornik
27128bd8f5 webui: better authentication types description 
Tooltips were added to "User authentication types" and "Default user
authentication types" to describe their relationship and a meaning of
not-setting a value.

https://fedorahosted.org/freeipa/ticket/4471

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-08-21 10:47:08 +02:00
Petr Vobornik
cba5247f99 webui: improved info msgs on login/token sync/reset pwd pages 
- add info icons to distinguish and classify the messages.
- add info text for OTP fields
- fix login instruction inaccuracy related to position of login button

https://fedorahosted.org/freeipa/ticket/4470

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-08-20 19:28:06 +02:00
David Kupka
724391a71b Verify otptoken timespan is valid 
When creating or modifying otptoken check that token validity start is not after
validity end.

https://fedorahosted.org/freeipa/ticket/4244

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-07-29 17:09:29 +02:00
David Kupka
6119c21441 Fix group-remove-member crash when group is removed from a protected group 
https://fedorahosted.org/freeipa/ticket/4448

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-07-29 13:10:51 +02:00
Jan Cholasta
785e13dd1e Exclude attributelevelrights from --raw result processing in baseldap. 
https://fedorahosted.org/freeipa/ticket/4371

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-07-29 12:00:13 +02:00
Tomas Babej
e74307caa6 ipalib: idrange: Make non-implemented range types fail the validation 
The ipa-ipa-trust and ipa-ad-winsync ID Range types were allowed to
pass the validation tests, however, they are not implemented nor
checked by the 389 server plugin.

https://fedorahosted.org/freeipa/ticket/4323

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-07-28 12:18:23 +02:00
Petr Vobornik
c475c093c9 baseldap: return 'none' attr level right as unicode string 
Returning non-unicode causes serialization into base64 which causes havoc
in Web UI.

https://fedorahosted.org/freeipa/ticket/4454

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-07-25 13:27:33 +02:00