IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
7,238 Commits 11 Branches 60 Tags
ff7b44e3b09b2e94fde66f918a6d1fb6db043d80
Commit Graph

7238 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Basti
ff7b44e3b0 Remove NSEC3PARAM record 
Revert 5b95be802c

Ticket: https://fedorahosted.org/freeipa/ticket/4413
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-07-02 14:54:41 +02:00
Martin Kosek
21e1e4ac3b Update X-ORIGIN for 4.0 
It was decided not to change the OID space for FreeIPA 4.0+ objectclasses.
However, we should still at least properly mark the X-ORIGIN to make
analyzing schema easier.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-07-01 13:57:06 +02:00
Martin Basti
c655aa2832 Fix ACI in DNS 
Added ACI for idnssecinlinesigning, dlvrecord, nsec3paramrecord,
tlsarecord

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-07-01 12:43:55 +02:00
Martin Basti
8e911fcabc DNSSEC: WebUI: add TLSA record 
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-07-01 12:37:08 +02:00
Martin Basti
12cb31575c DNSSEC: add TLSA record type 
Ticket: https://fedorahosted.org/freeipa/ticket/4328
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-07-01 12:37:08 +02:00
Petr Vobornik
99c5f0511f webui: focus invalid widget on validation error 
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-07-01 10:19:46 +02:00
Petr Vobornik
c693b28bab webui: fix required error notification in multivalued widget 
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-07-01 10:19:46 +02:00
Petr Vobornik
93de5db39e webui: show notification instead of modal dialog on validation error 
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-07-01 10:19:45 +02:00
Petr Viktorin
d1ede20680 Allow admins to write krbLoginFailedCount 
Without write access to this attribute, admins could not unlock users.

https://fedorahosted.org/freeipa/ticket/4409

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-07-01 10:02:02 +02:00
Martin Basti
152c8f210b Check normalization only for IDNA domains 
Backward compability with older IPA versions which allow to use uppper
case. Only IDNA domains will be checked.

https://fedorahosted.org/freeipa/ticket/4382

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-07-01 09:58:42 +02:00
Petr Viktorin
fdef2e1bd8 permission plugin: Ignore unparseable ACIs 
When manipulating a permission for an entry that has an ACI
that the parser cannot process, skip this ACI instead of
failing.

Add a test that manipulates permission in cn=accounts,
where there are complex ipaAllowedOperation-based ACIs.

Workaround for: https://fedorahosted.org/freeipa/ticket/4376

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-07-01 09:35:38 +02:00
Martin Kosek
5ff8e3d8b3 Remove python-cherrypy BuildRequires 
As FreeIPA Foreman Smartproxy was moved to separate repo,
python-cherrypy is no longer required as a build dependency.
 2014-07-01 09:25:42 +02:00
Rob Crittenden
54e4891fef Remove IPA Foreman Smart Proxy 
The code has been moved to its own, separate repository at
git://git.fedorahosted.org/git/freeipa-foreman-smartproxy.git

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-07-01 09:19:51 +02:00
Petr Viktorin
dfbd7170e9 install/ui/build: Build core.js 
The make-ui.sh script builds both app.js and core.js,
but only one was specified in the Makefile.
Correct the mistake.

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-06-30 18:17:28 +02:00
Martin Kosek
50c30c8401 Let Host Administrators use host-disable command 
Host Administrators could not write to service keytab attribute and
thus they could not run the host-disable command.

https://fedorahosted.org/freeipa/ticket/4284

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-06-30 14:59:27 +02:00
Tomas Babej
ffab09a7ef ipa-client-install: Restart nisdomain service instead of starting 
To ensure new NIS domain name is loaded after ipa-client-install
even in case when nisdomainname service is already running, we
need to restart the service rather than starting it.

https://fedorahosted.org/freeipa/ticket/4393

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-06-30 13:58:29 +02:00
Petr Vobornik
35d3f03843 webui: support unlock user command 
Call user-unlock command from Web UI.

It will unlock displayed user on current master.

https://fedorahosted.org/freeipa/ticket/4407

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-30 13:11:53 +02:00
Petr Vobornik
029649c05c webui-ci: fix action list action visibility and enablement assertion 
The new html structure was not addressed properly.

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-30 13:00:13 +02:00
Petr Vobornik
b36a3c693b webui: add sync_otp.html 
standalone page for OTP token synchronization. It reuses SyncOTPScreen
widget instead of reimplementing the logic as in other standalone pages.

https://fedorahosted.org/freeipa/ticket/4218

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-30 12:27:05 +02:00
Petr Vobornik
46a42de532 webui: layer for standalone pages which use WebUI framework 
Current compiled Web UI layer (app.js) contains every FreeIPA plugin and
not just the UI framework. It's not possible to start just a simple facet.

This commit creates a basis for a layer (core.js) which contains only
framework code and not entity related code.

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-30 12:27:05 +02:00
Petr Vobornik
c2c1131a7a webui: fix confirmation mixin origin check 
Current check is not enough.

https://fedorahosted.org/freeipa/ticket/4098

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-30 12:27:04 +02:00
Petr Vobornik
9dbeeb7556 webui: bind Login facet and OTP sync facet 
Simple plugin which handles transition from login facet to OTP sync facet
and vice versa.

https://fedorahosted.org/freeipa/ticket/4218

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-30 12:27:04 +02:00
Petr Vobornik
d9a7fcb5e1 webui: support global notifications in all containers 
Global notifications were limited to "main" container. Now they have their
own container which is displayed over other ones. It makes them usable
everywhere.

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-30 12:27:04 +02:00
Petr Vobornik
72a107c9d7 webui: add link pointing to OTP sync page to login 
https://fedorahosted.org/freeipa/ticket/4218

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-30 12:27:04 +02:00
Petr Vobornik
30b1256b62 webui: add OTP token synchronization 
New SyncOTPScreen widget and related facet.

https://fedorahosted.org/freeipa/ticket/4218

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-30 12:27:03 +02:00
Petr Vobornik
d159662ade webui: base class for LoginScreen-like facets 
LoginScreen has layout which can be reused for other facets/widgets,
e.g. for Sync OTP facet

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-30 12:27:03 +02:00
Petr Viktorin
36d261e843 Update translations 
Pull fresh translations from Transifex.
Update the POT file.

Thanks to all translators!
 2014-06-27 16:40:02 +02:00
Martin Kosek
bd29d3cbbc Fix objectClass casing in LDIF to prevent schema update error 
When a new objectclass was defined as "objectclass" and not
"objectClass", it made the schema updater skip some objectclasses.

https://fedorahosted.org/freeipa/ticket/4405

Reviewed-By: Rich Megginson <rmeggins@redhat.com>
 2014-06-27 16:29:57 +02:00
Martin Basti
aa2ef07b8c Upgrade special master zones to forward zones 
This upgrade is executed only if IPA version is older than 4.0
Requires detection if 'idnsforwardzone' objectclass is presented in
schema before schema is upgraded

Design: http://www.freeipa.org/page/V4/Forward_zones#Updates_and_Upgrades

Ticket: https://fedorahosted.org/freeipa/ticket/3210
Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-06-27 14:54:35 +02:00
Martin Basti
c1f3fd6831 Added upgrade step executed before schmema is upgraded 
Class PreSchemaUpdate is executed before ldap schema update

This is required by ticket: https://fedorahosted.org/freeipa/ticket/3210

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-06-27 14:54:35 +02:00
Petr Vobornik
5568e357d1 webui: extract rpc value from object envelope 
adapt Web UI to a newer style of encapsulation object data

https://fedorahosted.org/freeipa/ticket/4394

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-27 14:23:22 +02:00
Petr Vobornik
9aac0524c9 webui: send API version in RPC requests 
Currently there is an incorrect behavior that server doesn't send datetime
and dnsname data in new format.

This patch adds the version to each RPC request making the UI look as  the
latest client. Server then sends data in correct format. It also removes
the "unknown version" warning from each RPC response.

https://fedorahosted.org/freeipa/ticket/4394

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-27 14:23:21 +02:00
Petr Vobornik
59f66a156b webui: fix detection of RPC command 
old detection did not work with the static version used for test and
demonstration purposes.

https://fedorahosted.org/freeipa/ticket/4357

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-27 14:18:35 +02:00
Petr Vobornik
e6a373e930 webui-test: dns forward zone json data 
Fake API results for testing and presentation purposes of DNS Forward
Zones.

https://fedorahosted.org/freeipa/ticket/4357

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-27 14:18:35 +02:00
Petr Vobornik
db2666d276 webui-test: static metadata update 
Regular update of static metadata for testing and presentation purposes.
It should also contain new DNS Forward Zones metadata.

https://fedorahosted.org/freeipa/ticket/4357

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-27 14:18:34 +02:00
Petr Vobornik
c7c13965e3 webui-ci: dns forward zone tests 
Selenium CI sanity tests for DNS Forward Zones

https://fedorahosted.org/freeipa/ticket/4357

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-27 14:18:34 +02:00
Petr Vobornik
7a25168a3c webui: dns forward zones 
Add DNS Forward Zones Web UI.

- pages under: Identity/DNS/DNS Forward Zones

https://fedorahosted.org/freeipa/ticket/4357

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-27 14:18:34 +02:00
Petr Vobornik
8ca5793160 webui: add confirmation for dns zone permission actions 
All header actions should require confirmation.

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-27 14:18:33 +02:00
Martin Kosek
8568f66cff Add python-yubico to BuildRequires 
python-yubico needs to be on a machine to be able to build FreeIPA.
Without it, even ./makeapi and ./makeaci fails.
 2014-06-27 10:18:23 +02:00
Simo Sorce
d9d5967f7e Fix getkeytab code to always use implicit tagging. 
A mixture of implicit and explicit tagging was being used and this caused
a bug in retrieving the enctype number due to the way ber_scanf() loosely
treat sequences and explicit tagging.

The ASN.1 notation used to describe the getkeytab operation uses implicit
tagging, so by changing the code we simply follow to the specified encoding.

Resolves: https://fedorahosted.org/freeipa/ticket/4404

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-06-27 10:03:23 +02:00
Nathaniel McCallum
0d21937995 Add otptoken-sync command 
This command calls the token sync HTTP POST call in the server providing
the CLI interface to synchronization.

https://fedorahosted.org/freeipa/ticket/4260

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-06-26 16:15:18 +02:00
Nathaniel McCallum
2767fb584a Add the otptoken-add-yubikey command 
This command behaves almost exactly like otptoken-add except:
1. The new token data is written directly to a YubiKey
2. The vendor/model/serial fields are populated from the YubiKey

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-06-26 16:10:16 +02:00
Nathaniel McCallum
14b38b7704 Add /session/token_sync POST support 
This HTTP call takes the following parameters:
 * user
 * password
 * first_code
 * second_code
 * token (optional)

Using this information, the server will perform token synchronization.
If the token is not specified, all tokens will be searched for synchronization.
Otherwise, only the token specified will be searched.

https://fedorahosted.org/freeipa/ticket/4218

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-06-26 15:55:24 +02:00
Petr Vobornik
1c94edd3a0 rpcserver: fix local vs utc time comparison 
login_password did not work properly in timezones other than +0h because
local time was compared with utc time.

Bug introduced in:
https://fedorahosted.org/freeipa/ticket/4339

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-26 12:37:40 +02:00
Petr Vobornik
70c77e6a3c webui: support otp in reset_password.html 
https://fedorahosted.org/freeipa/ticket/4262

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-26 12:37:40 +02:00
Petr Vobornik
870db2f677 webui: rebase user password dialog on password dialog and add otp support 
https://fedorahosted.org/freeipa/ticket/4262

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-26 12:37:39 +02:00
Petr Vobornik
e3de467676 webui: add placeholders to login screen 
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-26 12:37:39 +02:00
Petr Vobornik
6e7d4ad468 webui: placeholder attribute support in textbox and textarea 
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-26 12:37:39 +02:00
Petr Vobornik
f9adc5a5f3 webui: support password change with OTP in login screen 
https://fedorahosted.org/freeipa/ticket/4262

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-26 12:37:39 +02:00
Petr Vobornik
2df6542232 ipa-passwd: add OTP support 
https://fedorahosted.org/freeipa/ticket/4262

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-06-26 12:37:38 +02:00