| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Use a little stricter compilation flags, in particular -Wall and treat
implicit function declarations as errors.
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Consolidate the common logging macros into common/util.h and use them
in SLAPI plugins instead of calling slapi_log_error() directly.
https://fedorahosted.org/freeipa/ticket/408
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SUDO Commands and Command Groups pages have been added under
SUDO Rules tab.
Similar to HBAC navigation issue, these entities do not have their
own tab, so an exception has been added to the navigation code
to read sudo-entity parameter to determine the entity being viewed.
Fixing this issue will require framework changes.
New test data for these operations have been added.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the queries for action panel were done globally. Since each
entity container has its own action panel, the queries will return multiple
results. This is fixed by qualifying the query to run within the entity
container.
The query has also been moved into ipa_facet.get_action_panel(). Entities
that do not have their own entity container (e.g. HBAC services and service
groups) will need to override this method to get the action panel from the
right entity container (e.g. HBAC rules).
The facet.setup_views() has been renamed to facet.create_action_panel().
New test data for SUDO rules have been added.
|
|
|
|
|
| |
Kerberos binaries may be in /usr/kerberos/*bin or /usr/*bin, let PATH
sort it out.
|
|
|
|
| |
ticket 405
|
|
|
|
|
|
|
|
| |
This changes the system limits for the dirsrv user as well as
configuring DS to allow by default 8192 max files and 64 reserved
files (for replication indexes, etc..).
Fixes: https://fedorahosted.org/freeipa/ticket/464
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change the way we specify the id ranges to force uid and gid ranges to always
be the same. Add option to specify a maximum id.
Change DNA configuration to use shared ranges so that masters and replicas can
actually share the same overall range in a safe way.
Configure replicas so that their default range is depleted. This will force
them to fetch a range portion from the master on the first install.
fixes: https://fedorahosted.org/freeipa/ticket/198
|
|
|
|
|
|
|
| |
Script wsgi.py checks if Apache is compiled with MPM=Prefork
and if not, it refuses to run.
https://fedorahosted.org/freeipa/ticket/252
|
|
|
|
|
| |
Only if more than one CPU is available
Only if supported by the installed krb5kdc
|
|
|
|
|
|
|
| |
Instead of print and return, use sys.exit() to quit scripts with an
error message and a non zero return code.
https://fedorahosted.org/freeipa/ticket/425
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
When installing IPA client, the install script used detected domain name
of the machine instead of that given by administrator (in case one was
given)
https://fedorahosted.org/freeipa/ticket/363
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/245
|
| |
|
|
|
|
|
|
|
| |
The UUID plugin handles adding ipaUniqueId for us as well as the access
control for it.
ticket 250
|
|
|
|
|
| |
To be consistent with the details page, the rule type in the HBAC
add dialog box has been converted into radio buttons.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The support for host enrollment via one-time-password has been added.
When submitted, the OTP will be used to set the host's userpassword.
Previously each IPA command can only have one JSON test data file.
The ipa_cmd() has been modifies to accept an optional command name.
When used with static files, it will pull the test data whose name
is the same as the command name.
The batch.json has been renamed to ipa_init.json for UI initialization.
Some test data have been added for operations against specific hosts.
|
|
|
|
|
|
| |
This also returns the rights for cospriority if the policy is for a group.
ticket 449
|
| |
|
|
|
|
| |
fixes the spacing and width for the top and second row of tabs
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The search and details pages for SUDO Rule have been added. Codes
that are shared with HBAC have been moved to rule.js.
The following methods were renamed for consistency:
- ipa_details_load() -> ipa_details_refresh()
- ipa_details_display() -> ipa_details_load()
The ipa_details_cache has been removed because the cache is now
stored in each widget.
The index.xhtml has been removed. All references to it has been
changed to index.html.
The Unselect All checkbox has been fixed. Unnecessary parameter
'container' has been removed.
The unit test has been updated and new test data has been added.
|
|
|
|
|
|
| |
This will allow others to provision on behalf of the host.
ticket 280
|
|
|
|
|
|
|
|
|
| |
Disable any services when its host is disabled.
This also adds displaying the certificate attributes (subject, etc)
a bit more universal and centralized in a single function.
ticket 297
|
| |
|
|
|
|
| |
then close' https://fedorahosted.org/freeipa/ticket/471
|
|
|
|
| |
also removed language on html, as the same page should be used for all languages.
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/440
|
| |
|
| |
|
|
|
|
|
| |
altough the kdc certificate name is not tied to the fqdn we create separate
certs for each KDC so that renewal of each of them is done separately.
|
| |
|
|
|
|
|
|
| |
leave it disabled for now
we can change this default once we will have some restriction on what services
this principal can get tickets for.
|
| |
|
|
|
|
|
| |
This patch adds support only for the selfsign case.
Replica support is also still missing at this stage.
|
|
|
|
| |
Also use the realm name as nickname for the CA certificate
|
|
|
|
| |
and user-find [whoami] tostreamline the init process, and also allow us to add a call to enumerate the plugins.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The service and host details pages have been modified to display Kerberos
key provisioning status and to provide a way to unprovision. The host
enrollment via OTP has not been implemented yet.
The ipa_details_field has been modified to remove any old <dd> tags it
created in the previous load operation. This is to support other widgets
that need to perform load operation without removing <dd> tags.
The certificate_status_panel has been converted into a widget. The host
entity has been rewritten using the new framework.
The unit tests has been updated.
|
| |
|
|
|
|
|
| |
if exactly one entity is selected, it enables the entity-facet links in the
action panel, and sets the pkey in bbq to the pkey of the selected
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The additions to the search widget have to go one level deeper, as
'container' has both the action panel and the client area
Conflicts:
install/static/hbac.js
install/static/hbacsvc.js
install/static/hbacsvcgroup.js
|
|
|
|
|
|
|
|
| |
from html providing you just set
that.use_static_files = true;
in the IPA definition section
|
|
|
|
|
|
| |
Making all of the page elements based on the font size.
Also, set the font to the defauklt for the browser.
By default, most brosers have Font set to 16px.
|
|
|
|
| |
No longer wastes %20 of the the page in the entity container.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The HBAC details page has been enhanced to support Undo and Reset operations.
The functionality is implemented in the base widget class so the behavior
will be more consistent across widgets. A <span> tag now used to define the
field boundary in the HTML doc. The tag contains the visual representation
of the field which include the input tag and optionally the undo link.
The Update method on HBAC details page has been modified so that it executes
several operations using a batch command. The operations being executed
depends on the changes made to the fields. These operations may include:
- removing access time if access time is changed to any time
- removing memberships if member category is changed to all
- modifying rule attributes if description or rule type is changed
- enabling/disabling the rule if rule status is changed
The behavior of the Add & Remove buttons also has been changed such that
it adjust the category attribute properly in addition to adding the
memberships using batch command. For example, if category is initially
set to all, adding a new member will also change the category to empty.
The ipa_command have been modified to store the on_success and on_error
handlers as properties. When the command is executed as a part of batch
operation, the result of each command will be passed to the appropriate
handler.
The unit tests and test data have been updated as well.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The DS guys decided not to expose the DS inetrnal functions used to generate
UUIDs for DS. This means the interface is not guaranteed to be available.
Switch the ipa_uuid plugin to use the system libuuid plugin instead.
NOTE: This causes once again a change in the tring format used for UUIDs.
fixes: https://fedorahosted.org/freeipa/ticket/465
|