IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
7,730 Commits 11 Branches 60 Tags
c6afc489a1c9d86fd593bd47c4a8dae6d9a008d2
Commit Graph

7730 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Kosek
3b8a7883de Sudorule RunAsUser should work with external groups 
https://fedorahosted.org/freeipa/ticket/4600

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2014-10-02 11:06:47 +02:00
Petr Viktorin
3eca0ff2fe test_service_plugin: Do not lowercase memberof_role 
This adjusts the test for the change in commit 792c3f9c8c

Related ticket: https://fedorahosted.org/freeipa/ticket/4192
 2014-10-01 12:43:40 +02:00
Francesco Marella
f5b302be47 Refactor selinuxenabled check 
Ticket: https://fedorahosted.org/freeipa/ticket/4571
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
 2014-09-30 19:03:40 +02:00
Nathaniel McCallum
915837c14a Move OTP synchronization step to after counter writeback 
This prevents synchronization when an authentication collision occurs.

https://fedorahosted.org/freeipa/ticket/4493

Reviewed-By: Thierry bordaz (tbordaz) <tbordaz@redhat.com>
 2014-09-30 16:19:06 +02:00
Petr Viktorin
9ba33971fa VERSION,Makefile: Rename "pre" to "alpha" 
Last time (2.1) we used "Preview/Testing" for the pre-beta release,
but the Git tags were still named alpha_*.

Use "alpha", remove "pre".
 2014-09-30 13:24:26 +02:00
Tomas Babej
00457a9c10 idviews: Fix typo in upgrade handling of the Default Trust View 
Fixed missing comma. Also removes leading spaces from the ldif,
since this is not stripped by the updater.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-09-30 11:49:53 +02:00
Petr Vobornik
00d598bab0 webui: add link from host to idview 
https://fedorahosted.org/freeipa/ticket/4535

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-09-30 10:47:03 +02:00
Petr Vobornik
0e76bc1cb6 webui: list only not-applied hosts in "apply to host" dialog 
https://fedorahosted.org/freeipa/ticket/4535

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-09-30 10:47:03 +02:00
Petr Vobornik
2cc78acf9b webui: facet group labels for idview's facets 
https://fedorahosted.org/freeipa/ticket/4535

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-09-30 10:47:03 +02:00
Petr Vobornik
ae5a34cbbc webui: new ID views section 
https://fedorahosted.org/freeipa/ticket/4535

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-09-30 10:47:03 +02:00
Petr Vobornik
749101db74 webui: add simple link column support 
Usual link columns are link with primary key of current entity.

This patch allows to create a link to arbitrary non-nested entity.

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-09-30 10:47:03 +02:00
Petr Vobornik
8b0e2ed991 webui: allow to skip link widget link validation 
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-09-30 10:47:03 +02:00
Petr Vobornik
27196b92c6 webui: do not show internal facet name to user 
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-09-30 10:47:03 +02:00
Petr Vobornik
26bd309c96 webui: treat value as pkey in link widget 
Current default mechanism of a link widget assumes that pkeys of a current facet are pkeys for the link. It works for the only usage - in password policy. It's rather inflexible since it can't be used if the keys are in other attribute. This behavior is also bad in nested entities - creates a link to itself which is pointless.

This patch changes the default behavior to assume that the supplied value are the pkeys and that the last pkey is the value to display.

It also keeps the old method of overriding `other_pkeys` method so if the last and only pkey is the actual value to display then the method can tranform it into the pkeys which keeps compatibility with descendant widgets (`host_dnsrecord_entity_link_widget`, `dnsrecord_host_link_widget`).

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-09-30 10:47:03 +02:00
Petr Vobornik
15b6ed6705 webui: improve breadcrumb navigation 
Fixes issue when:
- user navigates to a nested facet
- refreshes browser
- uses breadcrumb navigation to go to parent entity page which requires a pkey. E.g. from automount keys to maps.

The old code relies on the facet, that user visited the parent facet before and therefore the facet has pkey stored. It fails after the browser reload.

Allows to specify a containing_facet. It allows breadcrumb navigation to return to a different facet than the 'default'.

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-09-30 10:47:03 +02:00
Tomas Babej
2a230b6cc1 idviews: Create Default Trust View for upgraded servers 
For upgraded servers with enabled AD trust support, we want to
ensure that Default Trust View entry is created.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
51816930a6 idviews: Make sure only regular IPA objects are allowed to be overriden 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
902655da59 idviews: Display the list of hosts when using --all 
Enumerating hosts is a potentially expensive operation (uses paged
search to list all the hosts the ID view applies to). Show the list
of the hosts only if explicitly asked for (or asked for --all).
Do not display with --raw, since this attribute does not exist in
LDAP.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
47268575c9 idviews: Catch errors on unsuccessful AD object lookup when resolving object name to anchor 
When resolving non-existent objects, domain validator will raise ValidationError. We need
to anticipate and properly handle this case.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
dbf8d97ecf idviews: Make sure the dict.get method is not abused for MUST attributes 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
13089eae52 idviews: Handle Default Trust View properly in the framework 
Make sure that:
1.) IPA users cannot be added to the Default Trust View
2.) Default Trust View cannot be deleted or renamed

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
b9425751b4 idviews: Add Default Trust View as part of adtrustinstall 
Add a Default Trust View, which is used by SSSD as default mapping for AD users.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
2131187ea9 idviews: Make description optional for the ID View object 
Description of any object should not be required.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
1d6f591cc5 idviews: Fix casing of ID Views to be consistent 
Replace all occurences of "ID view(s)" with "ID View(s)".

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
bba3769196 idviews: Update the referential plugin config to watch for ipaAssignedIDView 
We need the referential plugin config to watch for changes in the ID view
objects, since hosts refer to them in ipaAssignedIDView attribute.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
277b762d36 idviews: Add ipaOriginalUid 
For slapi-nis plugin, we need to cache the original uid value of the user in the override
object.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
8fb0e3a2b4 ipatests: Add xmlrpc tests for idviews plugin 
Add coverage for the ID views and ID overrides.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
3ff410d3a7 idviews: Resolve anchors to object names in idview-show 
When running idview-show, users will expect a proper object name instead of a object anchor.
Make sure the anchors are resolved to the object names unless --raw option was passed.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
c1f51cff02 idviews: Raise NotFound errors if object to override could not be found 
If the object user wishes to override cannot be found, we should properly raise a
NotFound error.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
961790e20a idviews: Change format of IPA anchor to include domain 
The old format of the IPA anchor, :IPA:<object_uuid> does not contain for the actual domain
of the object. Once IPA-IPA trusts are introduced, we will need this information to be kept
to be able to resolve the anchor.

Change the IPA anchor format to :IPA:<domain>:<object_uuid>

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
c6d50c456f idviews: Alter idoverride methods to work with splitted objects 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
cbf1ad84f1 idviews: Split the idoverride commands into iduseroverride and idgroupoverride 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
b4a13aeea8 idviews: Split the idoverride object into iduseroverride and idgroupoverride 
To be able to better deal with the conflicting user / group names, we split the
idoverride objects in the two types. This simplifies the implementation greatly,
as we no longer need to set proper objectclasses on each idoverride-mod operation.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
d03b09beb4 idviews: Support specifying object names instead of raw anchors only 
Improve usability of the ID overrides by allowing user to specify the common name of
the object he wishes to override. This is subsequently converted to the ipaOverrideAnchor,
which serves as a stable reference for the object.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
6a798f144f trusts: Add conversion from SID to object name 
Since SID is often used as a unique identifier for AD objects, we need to convert
a SID to actual object name in the AD.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
186c161ef5 idviews: Extend idview-show command to display assigned idoverrides and hosts 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
f3576bd94b idviews: Add ipa idview-apply and idview-unapply commands 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
6e94d23a92 hostgroup: Selected PEP8 fixes for the hostgroup plugin 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
ce42bf282f hostgroup: Remove redundant and star imports 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
936eaada89 hostgroup: Add helper that returns all members of a hostgroup 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
377ab0c4a6 idvies: Add managed permissions for idview and idoverride objects 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
b65b74890b idviews: Create basic idview plugin structure 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
f48a7bb730 ipalib: PEP8 fixes for host plugin 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
3e2e5a4d28 ipalib: Remove redundant and star imports from host plugin 
Also fixes incorrect error catching for UnicodeDecodeError.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
be36525dc5 idviews: Add ipaAssignedIDVIew reference to the host object 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
6b14030e90 idviews: Create container for ID views under cn=accounts 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Tomas Babej
16f3786d25 idviews: Add necessary schema for the ID views 
Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-30 10:42:06 +02:00
Jan Cholasta
98c5788c37 Add missing imports to ipapython.certdb 
https://fedorahosted.org/freeipa/ticket/4416

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-30 10:18:08 +02:00
Jan Cholasta
b1fe42df16 Do not crash in CAInstance.__init__ when default argument values are used 
https://fedorahosted.org/freeipa/ticket/3872

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-30 10:06:48 +02:00
Jan Cholasta
da24d8a6e7 Fix certmonger search for the CA cert in ipa-certupdate and ipa-cacert-manage 
The search criteria did not include the CA agent name.

https://fedorahosted.org/freeipa/ticket/3259

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2014-09-30 10:01:38 +02:00