summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Pass empty options as empty arrays for supported dns record types.dns-recordsAlexander Bokovoy2011-08-151-0/+2
| | | | https://fedorahosted.org/freeipa/ticket/1632
* Fixed problem with buttons in enrollment dialog.Endi S. Dewata2011-08-151-20/+20
| | | | | | | The panel for selection buttons (i.e. ">>" and "<<") has been re- positioned to avoid being covered by the adder-dialog-right panel. Ticket #1626
* Fixed link style in dialog box.Endi S. Dewata2011-08-151-1/+1
| | | | | | | | The general link style defined in ipa.css was overriden by a more specific rule in jquery-ui.css. So the style has been modified to include the more specific rule. Ticket #1623
* transifex translation adjustmentJohn Dennis2011-08-124-2422/+5443
| | | | | | | | | | | | Pull the new translations for Spanish (es) and Ukrainian (uk) Update the LINGUAS file to add comment showing the friendly name for the language abbreviation. The make target msg-stats which produces a report about the state of the translations no longer maintained it's column alignment due to larger numbers so the formating was tweaked to maintain column alignment.
* Update pki-ca versionMartin Kosek2011-08-121-2/+3
| | | | | | | Bump minimal pki-ca version in spec file to get fix for ipa cert-request command. https://fedorahosted.org/freeipa/ticket/1578
* Update 389-ds-base versionMartin Kosek2011-08-111-2/+6
| | | | | | | | | Bump minimal 389-ds-base version in spec file to get in recent Directory Server bug fixes. https://fedorahosted.org/freeipa/ticket/1513 https://fedorahosted.org/freeipa/ticket/1525 https://fedorahosted.org/freeipa/ticket/1552
* Fix client enrollmentMartin Kosek2011-08-112-3/+30
| | | | | | | | Enable GSSAPI credentials delegation in xmlrpc-c/curl to fix client enrollment. The unconditional GSSAPI was previously dropped from curl because of CVE-2011-2192. https://fedorahosted.org/freeipa/ticket/1452
* Fixed problem clicking 3rd level tabs.Endi S. Dewata2011-08-111-3/+3
| | | | | | The 3rd level tabs were partially covered by the content panel, so only the top portion can be clicked. The content panel has been repositioned to avoid the problem.
* Fixed broken links in ipa_error.css and ipa_migration.css.Endi S. Dewata2011-08-117-8/+13
| | | | | | | Some of the images that were previously deleted are actually needed by ipa_error.css and ipa_migration.css, so they have been restored. Ticket #1564
* Ensure network configuration file has proper permissionsgssapi-delegateAlexander Bokovoy2011-08-101-0/+10
| | | | | | | | | | As network configuration file is created as temporary file, it has stricter permissions than we need for the target system configuration file. Ensure permissions are properly reset before installing file. If permissions are not re-set, system may have no networking enabled after reboot. https://fedorahosted.org/freeipa/ticket/1606
* Fixed DNS zone adder dialog.Endi S. Dewata2011-08-102-38/+187
| | | | | | | The DNS zone adder dialog has been modified to use radio buttons to select whether to enter a zone name or a reverse zone IP network. Ticket #1575
* Fixed host adder dialog.Endi S. Dewata2011-08-102-17/+155
| | | | | | | | | | | | | | | | The host adder dialog has been modified to show separate fields for hostname and DNS zone. The hostname is a text field and the DNS zone is an editable drop-down list. The fields will have the following behavior: - If the user types a dot into the hostname field, the cursor will automatically move into the DNS zone field. - If the user pastes an FQDN into the hostname field, the value will automatically be split into hostname and DNS zone. - If the user selects a value from the drop-down list, it will only change the DNS zone, not the hostname. Ticket #1457
* Fixed error after login on IEEndi S. Dewata2011-08-092-14/+63
| | | | | | | | | | | The IE does not resend the request body during negotiation, so after after a successful authentication the server could not find the JSON request to parse. The Web UI has been modified to detect this error and resend the initialization request. Ticket #1540
* Ask for reverse DNS zone information in attended install right after asking ↵Jan Cholasta2011-08-092-34/+33
| | | | | | for DNS forwarders, so that DNS configuration is done in one place. ticket 1522
* Fix idnsUpdatePolicy for reverse zone recordMartin Kosek2011-08-091-1/+2
| | | | | | | Make sure that idnsUpdatePolicy for reverse zone does not contain double trailing "dot" after server installation. https://fedorahosted.org/freeipa/ticket/1591
* Redirection after changing browser configurationPetr Vobornik2011-08-083-14/+40
| | | | | | | | https://fedorahosted.org/freeipa/ticket/1502 Added redirection link. CSS styling of configuration page. Some CSS cleaning.
* Fixed facet group labels.Endi S. Dewata2011-08-087-35/+35
| | | | | | | | The facet group labels have been modified according to UXD spec. Some facet groups will have more descriptive labels. Some others will not have any labels because the facet tab is self-explanatory. Ticket #1423, #1561
* Fixed 3rd level tab style.Endi S. Dewata2011-08-081-19/+40
| | | | The 3rd level tab style has been adjusted according to UXD input.
* Improve dnszone-add error messageMartin Kosek2011-08-081-1/+7
| | | | | | | Check that NS address passed in dnszone-add is a domain name and not an IP address. Make this clear also the parameter help. https://fedorahosted.org/freeipa/ticket/1567
* Fixed adding host without DNS reverse zonePetr Vobornik2011-08-056-67/+163
| | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1481 Shows status dialog instead of error dialog (error 4304 is treated like success). Refactored error dialog. Added generic message dialog (IPA.message_dialog) Modified core tests to work with dialog.
* Linked entries in HBAC/sudo details page.Endi S. Dewata2011-08-044-34/+14
| | | | | | | The association tables in HBAC/sudo details page have been modified to link the entries to the appropriate details page. Ticket #1535
* Re-arrange CA configuration code to reduce the number of restarts.Rob Crittenden2011-08-035-44/+18
| | | | | | | | Ade Lee from the dogtag team looked at the configuration code and determined that a number of restarts were not needed and recommended re-arranging other code to reduce the number of restarts to one. https://fedorahosted.org/freeipa/ticket/1555
* Improve error message in ipactlMartin Kosek2011-08-041-1/+22
| | | | | | | | | | | | If a hostname configured in /etc/ipa/default.conf is changed and is different from the one stored in LDAP in cn=ipa,cn=etc,$SUFFIX ipactl gives an unintelligible error. This patch improves the error message and also offers a list of configured master so that the hostname setting in IPA configuration can be easily fixed. https://fedorahosted.org/freeipa/ticket/1558
* Resizable adder dialog box.Endi S. Dewata2011-08-023-63/+137
| | | | | | | | | The tables in the adder dialog have been modified to expand according to the size of the dialog. This patch also fixes the problem with row height on IE. Ticket #1542
* Fixed misaligned search icon.Endi S. Dewata2011-08-021-1/+2
| | | | | | | The magnifier icon for the search field has been fixed to display properly in all browsers. Ticket #1541
* Fixed missing icons.Endi S. Dewata2011-08-022-48/+64
| | | | | | | The Makefile.am and the spec file have been fixed to include all icons in the install/ui folder. Ticket #1559
* Hide continue option from automountkey-delMartin Kosek2011-08-022-1/+9
| | | | | | | This option makes no sense for automount keys. This should be removed in future versions. https://fedorahosted.org/freeipa/ticket/1529
* Fixed certificate buttons.Endi S. Dewata2011-08-023-11/+5
| | | | | | | The certificate buttons including Get, View, Revoke, Restore for hosts and services have been fixed to use the correct entity name. Ticket #1556
* Don't set the password expiration to the current timeSimo Sorce2011-07-311-11/+14
| | | | This fixes a regression in the previous patch in ticket #1526.
* Make proper LDAP configuration reporting for ipa-client-installAlexander Bokovoy2011-07-281-18/+29
| | | | Ticket https://fedorahosted.org/freeipa/ticket/1369
* use other_entity for adder columnsAdam Young2011-07-292-2/+6
| | | | | delay creation of the table until the columns have been set https://fedorahosted.org/freeipa/ticket/1544
* Modify /etc/sysconfig/network on a client when IPA manages hostnameAlexander Bokovoy2011-07-292-5/+62
| | | | https://fedorahosted.org/freeipa/ticket/1368
* Fix date order in changelog.Rob Crittenden2011-07-281-1/+1
|
* Deprecated managing users and runas user/group in sudorule add/modRob Crittenden2011-07-292-15/+27
| | | | | | | | We have helpers to manage these values so they shouldn't be available via add/mod. There is no logic behind them to do the right thing. https://fedorahosted.org/freeipa/ticket/1307 https://fedorahosted.org/freeipa/ticket/1320
* Add hbactest command. https://fedorahosted.org/freeipa/ticket/386Alexander Bokovoy2011-07-285-1/+554
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | HBAC rules control who can access what services on what hosts and from where. You can use HBAC to control which users or groups on a source host can access a service, or group of services, on a target host. Since applying HBAC rules implies use of a production environment, this plugin aims to provide simulation of HBAC rules evaluation without having access to the production environment. Test user coming from source host to a service on a named host against existing enabled rules. ipa hbactest --user= --srchost= --host= --service= [--rules=rules-list] [--nodetail] [--enabled] [--disabled] --user, --srchost, --host, and --service are mandatory, others are optional. If --rules is specified simulate enabling of the specified rules and test the login of the user using only these rules. If --enabled is specified, all enabled HBAC rules will be added to simulation If --disabled is specified, all disabled HBAC rules will be added to simulation If --nodetail is specified, do not return information about rules matched/not matched. If both --rules and --enabled are specified, apply simulation to --rules _and_ all IPA enabled rules. If no --rules specified, simulation is run against all IPA enabled rules. EXAMPLES: 1. Use all enabled HBAC rules in IPA database to simulate: $ ipa hbactest --user=a1a --srchost=foo --host=bar --service=ssh -------------------- Access granted: True -------------------- notmatched: my-second-rule notmatched: my-third-rule notmatched: myrule matched: allow_all 2. Disable detailed summary of how rules were applied: $ ipa hbactest --user=a1a --srchost=foo --host=bar --service=ssh --nodetail -------------------- Access granted: True -------------------- 3. Test explicitly specified HBAC rules: $ ipa hbactest --user=a1a --srchost=foo --host=bar --service=ssh --rules=my-second-rule,myrule --------------------- Access granted: False --------------------- notmatched: my-second-rule notmatched: myrule 4. Use all enabled HBAC rules in IPA database + explicitly specified rules: $ ipa hbactest --user=a1a --srchost=foo --host=bar --service=ssh --rules=my-second-rule,myrule --enabled -------------------- Access granted: True -------------------- notmatched: my-second-rule notmatched: my-third-rule notmatched: myrule matched: allow_all 5. Test all disabled HBAC rules in IPA database: $ ipa hbactest --user=a1a --srchost=foo --host=bar --service=ssh --disabled --------------------- Access granted: False --------------------- notmatched: new-rule 6. Test all disabled HBAC rules in IPA database + explicitly specified rules: $ ipa hbactest --user=a1a --srchost=foo --host=bar --service=ssh --rules=my-second-rule,myrule --disabled --------------------- Access granted: False --------------------- notmatched: my-second-rule notmatched: my-third-rule notmatched: myrule 7. Test all (enabled and disabled) HBAC rules in IPA database: $ ipa hbactest --user=a1a --srchost=foo --host=bar --service=ssh --enabled --disabled -------------------- Access granted: True -------------------- notmatched: my-second-rule notmatched: my-third-rule notmatched: myrule notmatched: new-rule matched: allow_all Only rules existing in IPA database are tested. They may be in enabled or disabled disabled state. Specifying them through --rules option explicitly enables them only in simulation run. Specifying non-existing rules will not grant access and report non-existing rules in output.
* Clean up existing DN object usageJohn Dennis2011-07-295-24/+19
|
* Set minimum version of pki-ca to 9.0.10 to pick up new ipa cert profileRob Crittenden2011-07-291-2/+6
| | | | | | | The caIPAserviceCert.cfg was updated to set the client cert flag on server certs we issue. https://fedorahosted.org/freeipa/ticket/1434
* When setting a host password don't set krbPasswordExpiration.Rob Crittenden2011-07-291-8/+12
| | | | | | | This can cause problems if a host is enrolled, unenrolled and a password set. The password will be marked as expired like all new passwords are. https://fedorahosted.org/freeipa/ticket/1526
* Added association facets for HBAC and sudo.Endi S. Dewata2011-07-282-80/+94
| | | | | | | The HBAC service, HBAC service group, sudo command and sudo command group have been modified to show the associations as facets. Ticket #1536
* Fixed missing memberof definition in HBAC service.Endi S. Dewata2011-07-281-1/+4
| | | | | | | The HBAC service class has been modified to define the memberof relationship with HBAC service group. Ticket #1546
* Fixed problem unprovisioning service.Endi S. Dewata2011-07-281-1/+1
| | | | | | | The IPA.service_provisioning_status_widget has been modified to execute the disable command with the right entity name. Ticket #1543
* Fix message in test case for checking minimum valuesRob Crittenden2011-07-281-1/+1
|
* dns section header i18n.Adam Young2011-07-283-3/+7
| | | | https://fedorahosted.org/freeipa/ticket/1493
* Fixed missing section header in sudo command group.Endi S. Dewata2011-07-281-1/+1
| | | | | | | The sudo command group details page has been fixed to use the correct label name. Ticket #1537.
* removing setters setup and initAdam Young2011-07-2829-1878/+1191
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | change widget and widget unit tests to hold on to entity, not entity name. Replacing entity_name with entity.name in most places. The one exception is columns for table_widget. Widgets that refer to other entities have to have late resolution of the entity object, due to circular dependencies. cleanup entity assignment. removed template and layout, merged setup into create adder dialogs adjust height for external removed init from widget, isection, association, facet, host and service Make unit tests use factory. fix functional tests to click find link correctly. tweak to activation test, but still broken. moved initialization code to the end use --all for hbacrule find, so the type shows up now fixed dns exception code and exception handling for get_entity replace metadata look up with value from entity. fixed author lines removed duplicate columns in managed by facets. tweak to nav fix in order to initialize tab. more defensive code update metadata for true false one line init for entity_name in widget move init code to end of constructor functions moved constants to start of function for adder_dialog external fields for dialogs initialized at dialog creation sudo sections: move add fields and columns to widget definition. The parameter validation in IPA.column ...This is precondition checking. Note that it merely throws an exception if the entity_name is not set. I want this stuff at the top of the function so that it is obvious to people looking to use them what is required. I added a comment to make this clear, but I'd like to keep precondition checking at the top of the function. decreased the scope of the pkey_name and moved the initiailzation fof columns into the setup_column function for association_tables return false at the end of click handler removed blank labels in sudo command section fix radio buttons for sudo category fixed table side for adder dialogs with external fields comments for future direction with add_columns https://fedorahosted.org/freeipa/ticket/1451 https://fedorahosted.org/freeipa/ticket/1462 https://fedorahosted.org/freeipa/ticket/1493 https://fedorahosted.org/freeipa/ticket/1497 https://fedorahosted.org/freeipa/ticket/1532 https://fedorahosted.org/freeipa/ticket/1534
* Make AVA, RDN & DN comparison case insensitive. No need for lowercase ↵John Dennis2011-07-272-140/+211
| | | | | | | | | | | | | | | | | | | | | | | | | | normalization. Replace deepcopy with constructor (i.e. type call) Can now "clone" with configuration changes by passing object of the same type to it's constructor, e.g. dn1 = DN(('cn', 'foo')) dn2 = DN(dn1) dn2 = DN(dn1, first_key_match=False) Remove pairwise grouping for RDN's. Had previously removed it for DN's, left it in for RDN's because it seemed to make sense because of the way RDN's work but consistency is a higher goal. Add keyword constructor parameters to pass configuration options. Make first_key_match a configuration keyword. Updated documentation. Updated unit test. FWIW, I noticed the unittest is now running 2x faster, not sure why, removal of deepcopy? Anyway, hard to argue with performance doubling.
* Fix invalid issuer in unit testsMartin Kosek2011-07-274-8/+14
| | | | | | | Fix several test failures when issuer does not match the one generated by make-testcert (CN=Certificate Authority,O=<realm>). https://fedorahosted.org/freeipa/ticket/1527
* Fixed hard-coded label in Find button.Endi S. Dewata2011-07-281-1/+1
| | | | | The IPA.adder_dialog has been modified to use translated label for the Find button.
* Fixed hard-coded labels in sudo rules.Endi S. Dewata2011-07-281-6/+10
| | | | | | | The sudo rule interface has been modified to remove unused labels and use translated dialog box title. Ticket #1518
* Fixed problem setting host OTP.Endi S. Dewata2011-07-281-10/+14
| | | | | | | | The handler for host 'Set OTP' button has been modified to obtain the primary key from the entity and return false to stop the normal event processing. Ticket #1511
generated by cgit (git 2.34.1) at 2024-04-25 16:38:16 +0000