Covers functionality of external entries for:
* users
* runAsUsers
* groups of RunAsUsers
* runAsGroups
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
The following attributes were missing from the list of default attributes:
* externalhost
* ipasudorunasextuser
* ipasudorunasextgroup
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Fields with default value, such as DNS Zone's idnsforwardpolicy, were
marked as dirty when no value was loaded and when default value of
input control was other than empty.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
This change has two motivations:
1. Clients don't have to parse the string.
2. Future token types may have new formats.
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This patch adds support for importing tokens using RFC 6030 key container
files. This includes decryption support. For sysadmin sanity, any tokens
which fail to add will be written to the output file for examination. The
main use case here is where a small subset of a large set of tokens fails
to validate or add. Using the output file, the sysadmin can attempt to
recover these specific tokens.
This code is implemented as a server-side script. However, it doesn't
actually need to run on the server. This was done because importing is an
odd fit for the IPA command framework:
1. We need to write an output file.
2. The operation may be long-running (thousands of tokens).
3. Only admins need to perform this task and it only happens infrequently.
https://fedorahosted.org/freeipa/ticket/4261
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Add missing Add, Modify, Removedefault permissions to:
- automountlocation (Add/Remove only; locations have
no data to modify)
- privilege
- sudocmdgroup (Modify only; the others were present)
Related to: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
For each SAN in a request there must be a matching service entry writable by
the requestor. Users can request certificates with SAN only if they have
"Request Certificate With SubjectAltName" permission.
https://fedorahosted.org/freeipa/ticket/3977
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Standard facets sets `facet` attribute to widgets. This one adds
similar, more generic `parent` attribute which should be used for going through
the hierarchy up to top.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Router is not able to create hash from facet state for custom
routes/facets. This patch refactors router methods into providers. It
allows to create additional route handlers, navigators and hash creators.
These providers are mapped to facets and therefore it's possible
to create router hash for any facet without any logic in the facet itself.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
One can access standard standalone facets with:
`navigation.show('facet_name')`
and completely custom facets with low level call:
`navigation.show_generic('/custom/hash', facet)``
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
`Facet` descendants don't have `container` attribute as opposite to
`facet.facet`. Therefore the registration will happen on every facet
visit.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Private groups don't have the 'ipausergroup' objectclass.
Add posixgroup to the objectclass filters to make
"--type group" permissions apply to all groups.
https://fedorahosted.org/freeipa/ticket/4372
Reviewed-By: Martin Kosek <mkosek@redhat.com>
