Commit Graph

350 Commits

Author SHA1 Message Date
Jakub Hrozek
e1888f82c4 Remove some more mod_python references 2010-11-10 17:38:17 -05:00
Adam Young
a8637bdaa0 Label cleanup Also, addeed in the default shell field. 2010-11-10 16:16:28 -05:00
Simo Sorce
caa3f843da Use strongest keytype for master key 2010-11-09 15:01:43 -05:00
Rob Crittenden
fcf3cbbe8b Fix NotFound exception in ipa-nis-manage.
The signature of ldap2.get_entry() changed so normalize wasn't being
handled properly so the basedn was always being appended causing our
entry in cn=config to be not found.

ticket 414
2010-11-09 13:33:04 -05:00
Rob Crittenden
a3c4c7e891 Add some examples to ipa-replica-install.1
ticket 290
2010-11-09 13:32:10 -05:00
Rob Crittenden
c819b27f9e Rename 60sudo.ldif to 60ipasudo.ldif to not overwrite the 389-ds version.
This meant that the compat sudo schema was not available.

ticket 439
2010-11-09 13:30:45 -05:00
Jakub Hrozek
594adb9877 Log script options to logfile
Uses a new subclass IPAOptionParser in scripts instead of OptionParser
from the standard python library. IPAOptionParser uses its own IPAOption
class to store options, which adds a new 'sensitive' attribute.

https://fedorahosted.org/freeipa/ticket/393
2010-11-09 13:28:10 -05:00
Jakub Hrozek
2205620664 Rewrite the migration page using WSGI 2010-11-09 13:25:17 -05:00
Endi Sukma Dewata
440267a93e Renamed button.delete to button.remove in json_metadata.json. 2010-11-09 02:22:24 -05:00
Endi Sukma Dewata
90b421b834 Renamed button.deletes to button.remove. 2010-11-09 02:18:45 -05:00
Adam Young
1f9531bea2 delete to remove THe keyword delete is reserved in Javascript Using it breaks the WebUI on Chrome. This fixes replaces the word with delete. 2010-11-09 02:14:23 -05:00
Adam Young
cb739c10d0 link indications we had removed the decorations from links for previous ui approaches It is not long relevant, and hides the hyperlink underline in places where we want it to show 2010-11-09 01:42:03 -05:00
Adam Young
3c9fc345c1 Disable Enable user
UI updated to use the enable and disable methods, and to correctly report them
Implementation has a few shortcomings:
1.  Status is displayed in Browser alert dialog, not JQueryUI themed
2.  Upon completion of RPC, navigate back to the Search page.

Still, this is much less broken than before.

With whitespace cleanup,
using toLowerCase for testing true
and removde dual declaration of variables
2010-11-08 20:54:50 -05:00
Adam Young
2b0f3fbd42 sample data with rights and lock value 2010-11-08 20:46:55 -05:00
Endi S. Dewata
c854435a27 HBAC Access Time
IPA commands now can be defined in these classes:
 - ipa_command: a single IPA command
 - ipa_batch_command: a batch command for executing multiple commands
   on the server side using the new batch plugin

The dialog boxes for adding and removing entries have been refactored:
 - ipa_dialog: base class for dialog boxes
 - ipa_adder_dialog: generic adder dialog box
 - ipa_deleter_dialog: generic deleter dialog box
 - ipa_association_adder_dialog: adding entity association
 - ipa_association_deleter_dialog: removing entity association

Dialog boxes for adding/deleting HBAC users, hosts, services, and
sourcehosts are implemented using the association dialog boxes.

The dialog box for adding access time is implemented using ipa_dialog
and currently contains only a text field. This will be replaced with a
custom dialog box in a separate patch.

The dialog box for removing access time is implemented using the
generic deleter class because it's not an association. Removing multiple
access times is implemented using batch operations.

New test data files for access times have been added.
2010-11-08 20:06:49 -05:00
Rob Crittenden
3bb0186199 Remove ipa-fix-CVE-2008-3274, it isn't needed any more.
ticket 331
2010-11-08 14:23:27 -05:00
Rob Crittenden
d76ead6cce Add additional default HBAC login services
ticket 307
2010-11-08 14:23:03 -05:00
Adam Young
90baf597dd Ticket Expiration
THis patch handles Kerberos ticket expiration in the UI.  Additionally it removes the mod_atuh_kerb authorization for elements in the static directory, cutting down on the number of round trips required for initializing the web app

Conflicts:

	install/static/ipa.js
2010-11-08 14:17:47 -05:00
Adam Young
29c9c70d46 Clear fields after add
This version corrects an error in the oriogianl patch cause  by matching
the wrong opening brace
2010-11-08 15:05:19 -05:00
Adam Young
9a785ed91c rights check
if the field does not have a 'w' for writable in its rights, disable it.
Merged with the HBAC/Widget changes
add and remove links are managed via permissions now
2010-11-05 16:41:07 -04:00
Rob Crittenden
db758c92cd Merge branch 'master' of ssh://rcritten@git.fedorahosted.org/git/freeipa 2010-11-04 15:13:08 -04:00
Nalin Dahyabhai
7b296f2623 add support for hostCategory and userCategory 2010-11-04 14:43:03 -04:00
Endi S. Dewata
d99ebc0f37 HBAC Details Page
The UI framework has been extended to include a collection of widgets:
 - ipa_widget: base class
 - ipa_text_widget: text field
 - ipa_radio_widget: radio button
 - ipa_textarea_widget: textarea
 - ipa_button_widget: button
 - ipa_column_widget: column for table
 - ipa_table_widget: table

These widgets can be used to create input controls. They can also be
extended to create custom controls.

The framework has also been enhanced to support custom layouts. This
can be used to change the look of the application without changing
the code. Initially this is only available in details section.

Layout consists of a collection of HTML templates. Each template is a
complete and valid HTML file representing a portion of a page. The
template will be loaded and initialized by the code, then filled with
the data from the server. The layouts are located in
install/static/layouts/<name> folder.

By default, if no templates are used, the fields in the details page
are rendered vertically using dd/dt/dd tags. For pages that require
different layout, a custom UI needs to be developed. There are two ways
to do that:
 - write a custom widget to generate the UI dynamically
 - create an HTML template and write the initialization code

For components that are quite complex or used frequently, it's might
be better to use the first method. For simple pages that are used only
in one location or need to support customization, the second method
might be preferable. Other benefits of templates:
 - cleaner code and UI separation
 - more flexibility in customization
 - new pages can be developed quickly and require less coding
 - multiple templates can be used with the same initialization code
 - easier to maintain

The HBAC details page has been implemented using both methods. By
default it will use custom widgets to generate the page. To use a
custom layout, add the following parameter to the URL, then reload
the page:

  &layout=<name>

Currently the only available layout is 'default' which produces the
same look as the custom widgets.

The HBAC details page is usable, but it still needs additional work.
The access time is not working yet. There is no undo button, hint,
or validation yet.

The table in the association facet has also been changed to use
ipa_association_widget which is derived from ipa_table_widget.

The Makefile has been updated to include the layouts. The unit tests
have been updated as well.
2010-11-04 14:22:32 -04:00
Rob Crittenden
05a16f50d7 Remove hardcoded domain value and replace with $SUFFIX 2010-11-04 13:55:46 -04:00
Rob Crittenden
65bf1c82a0 Use correct attribute name, nshostlocation, not location. 2010-11-03 17:37:35 -04:00
Rob Crittenden
656166dc46 Merge branch 'master' of ssh://rcritten@git.fedorahosted.org/git/freeipa 2010-11-03 17:37:07 -04:00
Adam Young
681ce7e534 jslint cleanup 2010-11-03 15:50:29 -04:00
Endi S. Dewata
f7a4c53e60 HBAC test data 2010-11-03 10:26:25 -04:00
Jan Zeleny
813b675268 Remove reference to ipa_webgui
Reference was removed from ipa-server-install(1) man page.
Ticket: #330
2010-11-03 10:25:07 -04:00
Rob Crittenden
813dfe5013 Use kerberos password policy.
This lets the KDC count password failures and can lock out accounts for
a period of time. This only works for KDC >= 1.8.

There currently is no way to unlock a locked account across a replica. MIT
Kerberos 1.9 is adding support for doing so. Once that is available unlock
will be added.

The concept of a "global" password policy has changed. When we were managing
the policy using the IPA password plugin it was smart enough to search up
the tree looking for a policy. The KDC is not so smart and relies on the
krbpwdpolicyreference to find the policy. For this reason every user entry
requires this attribute. I've created a new global_policy entry to store
the default password policy. All users point at this now. The group policy
works the same and can override this setting.

As a result the special "GLOBAL" name has been replaced with global_policy.
This policy works like any other and is the default if a name is not
provided on the command-line.

ticket 51
2010-11-01 14:15:42 -04:00
Adam Young
aff2816d20 group_remove_memeber.json
meta data for testing and developmemt
2010-10-29 23:55:45 -04:00
Adam Young
6df16f3a10 delete associations
Uses code very similar to the search code for deleting associations
Had to modify how we were configuring for bulk so that the logic for delete matched the logic for enroll

Fixed unit test and removed the 'new' from the associator call
2010-10-29 17:12:55 -04:00
Rob Crittenden
c1dfb50ee9 Remove group nesting from the HBAC service groups
ticket 389
2010-10-28 17:34:34 -04:00
Simo Sorce
4f8e4482b3 pwd-plugin: Always use a special salt by default.
This should make renamed users able to keep using old credentials as the salt
is not derived from the principal name but is always a random quantity.

https://fedorahosted.org/freeipa/ticket/412
2010-10-28 17:18:03 -04:00
Endi S. Dewata
de3cc334ed Dialog boxes for AJAX, HTTP, and IPA errors.
The ipa_cmd() has been modified to identity the type of the error
it has received and display the error using the right dialog box.
The dialog box can be customized further to display the appropriate
amount of information for each type of error.
2010-10-28 13:11:51 -04:00
Endi S. Dewata
528145d5df Framework for custom UI
This patch introduces a new framework for implementing custom UI.
It consists of the following classes:

Main:
 - IPA: global namespace and object repository
 - ipa_entity: base class for entities
 - ipa_facet: base class for facets

Add dialog:
 - ipa_add_dialog: default add dialog
 - ipa_add_field: the fields used in the dialog

Search facet:
 - ipa_search_facet: default search facet
 - ipa_search_column: the columns in the search result

Details facet:
 - ipa_details_facet: default details facet
 - ipa_details_section: the sections in the details facet
 - ipa_details_field: the fields in the details facet

Association facet:
 - ipa_association_facet: default association facet
 - ipa_association_config: the association configurations

To use this framework, create a class extending the ipa_entity (e.g.
ipa_hbac). Use the create_* methods to create add dialog, search facet,
details facet, and association facet. The fields/columns for the dialog
and facets can be specified using the init() function. Custom UI can be
defined by overwriting the base methods (e.g. setup, save, load).
The entity must be added into the repository using IPA.add_entity().

The original ipa_entity_setup() has been generalized by moving facet-
specific codes into the corresponding facet. Some facet names are still
hard-coded. This will be fixed in follow-up patches.

Some global variables have been removed because their function has been
replaced by the object repository:
 - ipa_entity_add_list
 - ipa_entity_search_list
 - ipa_entity_details_list
 - window_hash_cache

Some functions and variables have been moved into IPA namespace:
 - ipa_json_url -> IPA.json_url
 - ipa_use_static_files -> IPA.use_static_files
 - ipa_ajax_options -> IPA.ajax_options
 - ipa_objs -> IPA.metadata
 - ipa_messages -> IPA.messages
 - ipa_dialog -> IPA.error_dialog
 - ipa_init() -> IPA.init()

Initially the HBAC and Service entities have been rewritten to use the
new framework. The DNS is partially converted, the ipa_records_facet
is used to define custom records facet.

Other entities can still work using the old framework. The old framework
has been modified to be a wrapper for the new framework. Eventually all
entities will be converted to use the new framework.

Some unit tests have been modified to use the new framework.
2010-10-28 09:28:17 -04:00
Simo Sorce
c51ce61e4d UUIDs: remove uuid python plugin and let DS always autogenerate
merge in remove uuid
2010-10-28 07:58:31 -04:00
Simo Sorce
874dc15c5d ipa-modrdn: Enable plugin to handle krbPrincipalName on renames 2010-10-28 07:58:31 -04:00
Adam Young
97bcbdec2f Field Errors Uses the pattern field of the metat data to see if the input for a given field is valid. If not, displays a red box with the contents of pattern_msg
To test this, I artificially modified the meta data for the Group description field
2010-10-28 03:06:28 -04:00
Adam Young
43212caf5d association header
header was missing on the association pages.
2010-10-26 20:03:42 -04:00
Rob Crittenden
6abc4186b4 Change SUDO command attr to be case sensitive
* Fixed comments
* Added attribute
* Fixed objectclass
2010-10-26 13:23:10 -04:00
Adam Young
d866399bee dns work
without the details change
including changes from Reviewboard https://fedorahosted.org/reviewboard/r/96/

Fixed pages that use unspecified (krb ticket policy, config)
Facet name comes out of the facet, not hard coded.
2010-10-25 15:55:40 -04:00
Adam Young
88c88d9504 sample data for DNS 2010-10-25 11:47:19 -04:00
Rob Crittenden
9726941e3d Disallow writes on serverHostName and memberOf
serverHostName because this is tied to the FQDN so should only be changed
on a host rename (which we don't do).

memberOf because the plugin should do this. Directly manging this attribute
would be pretty dangerous and confusing.

Also remove a redundant aci granting the admins group write access to
users and groups. They have it with through the "admins can modify any
entry" aci.

tickets 300, 304
2010-10-22 21:41:01 -04:00
Adam Young
ae76022df5 Multivalue fixes
Strikethrough is now a toggle
undo resets value to blank for new entries.
2010-10-22 19:51:54 -04:00
Simo Sorce
9018b601cd ipa-uuid: enable plugin in IPA 2010-10-22 17:22:46 -04:00
Adam Young
4f7f400043 password dialog
added a modal dialog for resetting the password.
Made the whoami varaible global, as anything dependant on the principal will require access to it.
2010-10-20 10:54:51 -04:00
Endi S. Dewata
2c5f3cfd60 Host certificate management
The service certificate management UI has been generalized and moved
into certificate.js. The host details page is now using the same code
to manage certificates. The host.py has been modified to return host
certificate info.

The Get/Revoke/View buttons behavior has been modified such that they
are visible only if there is a valid certificate. The Get dialog box
has been fixed to show the correct certificate header and footer.

The ipa.css has been modified to store the style of the status bullets.
New unit tests for certificate has been added. The test data has been
modified to include sample host certificate.
2010-10-20 09:33:44 -04:00
Adam Young
df97bce349 Remove size limits.
Now use the system wide settings instead of hardcoded size limits.
2010-10-19 21:46:31 -04:00
Adam Young
d8b4e68221 removing icons
We'll later replace them with a new scheme.  For now, this is the simplest UI
The intention is to look unfinished, so people don't comment on how poor it looks.
2010-10-19 17:55:36 -04:00