diff options
| author | Nathaniel McCallum <npmccallum@redhat.com> | 2014-11-13 02:42:55 -0500 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2015-02-12 10:31:24 +0100 |
| commit | 9549a5984b5b1d7106035d8126a3ead915b2129b (patch) | |
| tree | d05a9db3eab30231d8949a40fd2c9190f2f9276d | |
| parent | c438d9be9152d64408e8e39ba4ebe696d0d4fe94 (diff) | |
| download | freeipa-9549a5984b5b1d7106035d8126a3ead915b2129b.tar.gz freeipa-9549a5984b5b1d7106035d8126a3ead915b2129b.tar.xz freeipa-9549a5984b5b1d7106035d8126a3ead915b2129b.zip | |
Expose the disabled User Auth Type
Additionally, fix a small bug in ipa-kdb so that the disabled User
Auth Type is properly handled.
https://fedorahosted.org/freeipa/ticket/4720
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
| -rw-r--r-- | API.txt | 2 | ||||
| -rw-r--r-- | VERSION | 4 | ||||
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_principals.c | 13 | ||||
| -rw-r--r-- | install/ui/src/freeipa/serverconfig.js | 1 | ||||
| -rw-r--r-- | install/ui/test/data/ipa_init.json | 1 | ||||
| -rw-r--r-- | ipalib/plugins/config.py | 2 | ||||
| -rw-r--r-- | ipalib/plugins/internal.py | 1 |
7 files changed, 14 insertions, 10 deletions
@@ -533,7 +533,7 @@ option: Int('ipasearchrecordslimit', attribute=True, autofill=False, cli_name='s option: Int('ipasearchtimelimit', attribute=True, autofill=False, cli_name='searchtimelimit', minvalue=-1, multivalue=False, required=False) option: Str('ipaselinuxusermapdefault', attribute=True, autofill=False, cli_name='ipaselinuxusermapdefault', multivalue=False, required=False) option: Str('ipaselinuxusermaporder', attribute=True, autofill=False, cli_name='ipaselinuxusermaporder', multivalue=False, required=False) -option: StrEnum('ipauserauthtype', attribute=True, autofill=False, cli_name='user_auth_type', csv=True, multivalue=True, required=False, values=(u'password', u'radius', u'otp')) +option: StrEnum('ipauserauthtype', attribute=True, autofill=False, cli_name='user_auth_type', csv=True, multivalue=True, required=False, values=(u'password', u'radius', u'otp', u'disabled')) option: Str('ipauserobjectclasses', attribute=True, autofill=False, cli_name='userobjectclasses', csv=True, multivalue=True, required=False) option: IA5Str('ipausersearchfields', attribute=True, autofill=False, cli_name='usersearch', multivalue=False, required=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=112 -# Last change: tbabej - change ipaassignedidview to Str +IPA_API_VERSION_MINOR=113 +# Last change: npmccallum - expose disabled user auth type diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index 9d43ebc66..828ba760c 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -324,17 +324,18 @@ static enum ipadb_user_auth ipadb_get_user_auth(struct ipadb_context *ipactx, enum ipadb_user_auth ua = IPADB_USER_AUTH_NONE; const struct ipadb_global_config *gcfg = NULL; - /* Get the user's user_auth settings. */ - ipadb_parse_user_auth(ipactx->lcontext, lentry, &ua); - /* Get the global user_auth settings. */ gcfg = ipadb_get_global_config(ipactx); if (gcfg != NULL) gua = gcfg->user_auth; - /* If the disabled flag is set, ignore everything else. */ - if ((ua | gua) & IPADB_USER_AUTH_DISABLED) - return IPADB_USER_AUTH_DISABLED; + /* Get the user's user_auth settings if not disabled. */ + if ((gua & IPADB_USER_AUTH_DISABLED) == 0) + ipadb_parse_user_auth(ipactx->lcontext, lentry, &ua); + + /* Filter out the disabled flag. */ + gua &= ~IPADB_USER_AUTH_DISABLED; + ua &= ~IPADB_USER_AUTH_DISABLED; /* Determine which user_auth policy is active: user or global. */ if (ua == IPADB_USER_AUTH_NONE) diff --git a/install/ui/src/freeipa/serverconfig.js b/install/ui/src/freeipa/serverconfig.js index d134c8882..efe180569 100644 --- a/install/ui/src/freeipa/serverconfig.js +++ b/install/ui/src/freeipa/serverconfig.js @@ -78,6 +78,7 @@ return { name: 'ipauserauthtype', flags: ['w_if_no_aci'], options: [ + { label: '@i18n:authtype.type_disabled', value: 'disabled' }, { label: '@i18n:authtype.type_password', value: 'password' }, { label: '@i18n:authtype.type_radius', value: 'radius' }, { label: '@i18n:authtype.type_otp', value: 'otp' } diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json index bbe334b7d..036543129 100644 --- a/install/ui/test/data/ipa_init.json +++ b/install/ui/test/data/ipa_init.json @@ -53,6 +53,7 @@ "type_otp": "Two factor authentication (password + OTP)", "type_password": "Password", "type_radius": "Radius", + "type_disabled": "Disable per-user override", "user_tooltip": "Per-user setting, overwrites the global setting if any option is checked." }, "buttons": { diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py index 077ef2c42..6267313d5 100644 --- a/ipalib/plugins/config.py +++ b/ipalib/plugins/config.py @@ -228,7 +228,7 @@ class config(LDAPObject): cli_name='user_auth_type', label=_('Default user authentication types'), doc=_('Default types of supported user authentication'), - values=(u'password', u'radius', u'otp'), + values=(u'password', u'radius', u'otp', u'disabled'), csv=True, ), ) diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py index b85f2d077..e04e84340 100644 --- a/ipalib/plugins/internal.py +++ b/ipalib/plugins/internal.py @@ -195,6 +195,7 @@ class i18n_messages(Command): "type_otp": _("Two factor authentication (password + OTP)"), "type_password": _("Password"), "type_radius": _("Radius"), + "type_disabled": _("Disable per-user override"), "user_tooltip": _("Per-user setting, overwrites the global setting if any option is checked."), }, "buttons": { |