summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add /session/token_sync POST supportsync-tokenNathaniel McCallum2014-06-264-9/+126
| | | | | | | | | | | | | This HTTP call takes the following parameters: * user * password * first_code * second_code * token (optional) Using this information, the server will perform token synchronization. If the token is not specified, all tokens will be searched for synchronization. Otherwise, only the token specified will be searched.
* webui: add sync_otp.htmlPetr Vobornik2014-06-263-0/+69
| | | | | | | standalone page for OTP token synchronization. It reuses SyncOTPScreen widget instead of reimplementing the logic as in other standalone pages. https://fedorahosted.org/freeipa/ticket/4218
* webui: layer for standalone pages which use WebUI frameworkPetr Vobornik2014-06-268-14/+65
| | | | | | | | Current compiled Web UI layer (app.js) contains every FreeIPA plugin and not just the UI framework. It's not possible to start just a simple facet. This commit creates a basis for a layer (core.js) which contains only framework code and not entity related code.
* webui: fix confirmation mixin origin checkPetr Vobornik2014-06-261-1/+4
| | | | | | Current check is not enough. https://fedorahosted.org/freeipa/ticket/4098
* webui: bind Login facet and OTP sync facetPetr Vobornik2014-06-264-3/+66
| | | | | | | Simple plugin which handles transition from login facet to OTP sync facet and vice versa. https://fedorahosted.org/freeipa/ticket/4218
* webui: support global notifications in all containersPetr Vobornik2014-06-263-2/+11
| | | | | | Global notifications were limited to "main" container. Now they have their own container which is displayed over other ones. It makes them usable everywhere.
* webui: add link pointing to OTP sync page to loginPetr Vobornik2014-06-264-0/+19
| | | | https://fedorahosted.org/freeipa/ticket/4218
* webui: add OTP token synchronizationPetr Vobornik2014-06-266-1/+356
| | | | | | New SyncOTPScreen widget and related facet. https://fedorahosted.org/freeipa/ticket/4218
* webui: base class for LoginScreen-like facetsPetr Vobornik2014-06-262-267/+345
| | | | | LoginScreen has layout which can be reused for other facets/widgets, e.g. for Sync OTP facet
* rpcserver: fix local vs utc time comparisonPetr Vobornik2014-06-261-1/+1
| | | | | | | | | | login_password did not work properly in timezones other than +0h because local time was compared with utc time. Bug introduced in: https://fedorahosted.org/freeipa/ticket/4339 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: support otp in reset_password.htmlPetr Vobornik2014-06-262-2/+18
| | | | | | https://fedorahosted.org/freeipa/ticket/4262 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: rebase user password dialog on password dialog and add otp supportPetr Vobornik2014-06-264-155/+75
| | | | | | https://fedorahosted.org/freeipa/ticket/4262 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add placeholders to login screenPetr Vobornik2014-06-263-1/+13
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: placeholder attribute support in textbox and textareaPetr Vobornik2014-06-261-0/+8
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: support password change with OTP in login screenPetr Vobornik2014-06-262-8/+49
| | | | | | https://fedorahosted.org/freeipa/ticket/4262 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* ipa-passwd: add OTP supportPetr Vobornik2014-06-263-4/+14
| | | | | | https://fedorahosted.org/freeipa/ticket/4262 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* rpcserver: add otp support to change_password handlerPetr Vobornik2014-06-261-4/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/4262 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* ldap2: add otp support to modify_passwordPetr Vobornik2014-06-261-3/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4262 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Do not corrupt sshd_config in client install when trailing newline is missing.Jan Cholasta2014-06-261-25/+17
| | | | | | https://fedorahosted.org/freeipa/ticket/4373 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* man: Add -r option to ipa-getkeytab.1Simo Sorce2014-06-261-1/+7
| | | | | | Update the man page with the new ipa-getkeytab option. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* ipa-getkeytab: Add support for get_keytab extopSimo Sorce2014-06-263-60/+383
| | | | | | | | | | | | This new extended operation is tried by default and then the code falls back to the old method if it fails. The new method allows for server side password generation as well as retrieval of existing credentials w/o causing regeneration of keys on the server. Resolves: https://fedorahosted.org/freeipa/ticket/3859 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* ipa-getkeytab: Modularize ldap_set_keytab functionSimo Sorce2014-06-261-138/+181
| | | | | | Isolate parts that will be reused in following patches. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* keytab: Add new extended operation to get a keytab.Simo Sorce2014-06-265-1/+594
| | | | | | | | | | | | | | | | | | | | | | | | | | | This new extended operation allow to create new keys or retrieve existing ones. The new set of keys is returned as a ASN.1 structure similar to the one that is passed in by the 'set keytab' extended operation. Access to the operation is regulated through a new special ACI that allows 'retrieval' only if the user has access to an attribute named ipaProtectedOperation postfixed by the subtypes 'read_keys' and 'write_keys' to distinguish between creation and retrieval operation. For example for allowing retrieval by a specific user the following ACI is set on cn=accounts: (targetattr="ipaProtectedOperation;read_keys") ... ... userattr=ipaAllowedToPerform;read_keys#USERDN) This ACI matches only if the service object hosts a new attribute named ipaAllowedToPerform that holds the DN of the user attempting the operation. Resolves: https://fedorahosted.org/freeipa/ticket/3859 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* keytabs: Expose and modify key encoding functionSimo Sorce2014-06-263-10/+28
| | | | | | | | | | | Make it available outside of the encoding.c file for use in a follow-up patch. Add option to not pass a password and generate a random key instead. Related: https://fedorahosted.org/freeipa/ticket/3859 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* keytabs: Modularize setkeytab operationSimo Sorce2014-06-261-477/+611
| | | | | | | | | In preparation of adding another function to avoid code duplication. Related: https://fedorahosted.org/freeipa/ticket/3859 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* ipaplatform: Move paths from installers to paths moduleTomas Babej2014-06-2615-148/+199
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Fix misspelled path constantTomas Babej2014-06-252-2/+2
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Fix build warningsTomas Babej2014-06-251-5/+1
| | | | | | | | | | The newly created ipaplatform subdirectories base and fedora were mentioned multiple times in the specfile, which produced build warnings. Part of: https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Drop the base authconfig classTomas Babej2014-06-252-106/+34
| | | | | | | | | | As authconfig is a distro-specific tool there is no incentive for implying that other platforms should implement any authconfig implementation of their own. Part of: https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Document the platform tasks APITomas Babej2014-06-252-6/+72
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* sudorule: Refactor add and remove external_post_callbackTomas Babej2014-06-254-85/+156
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: test_sudo: Expect root listed out if no RunAsUser availableTomas Babej2014-06-251-2/+2
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: test_sudo: Do not expect enumeration of runasuser groupsTomas Babej2014-06-251-1/+1
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: test_sudo: Fix assertions not assuming runasgroupcat set to ALLTomas Babej2014-06-251-10/+10
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: test_sudo: Add coverage for category ALL validationTomas Babej2014-06-251-9/+184
| | | | | | | | | | | Makes sure sudorules behave correctly both when adding new entries with corresponding category set to ALL, and when setting the category to all when corresponding entries exist. The only exception of deny commands with cmdcategory ALL is covered as well. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: test_sudo: Add coverage for external entriesTomas Babej2014-06-251-0/+87
| | | | | | | | | | Covers functionality of external entries for: * users * runAsUsers * groups of RunAsUsers * runAsGroups Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: test_sudo: Add tests for allowing hosts via hostmasksTomas Babej2014-06-251-0/+36
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* sudorule: Enforce category ALL checks on dirsrv levelTomas Babej2014-06-252-5/+16
| | | | | | https://fedorahosted.org/freeipa/ticket/4341 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* sudorule: Fix the order of the parameters to have less chaotic outputTomas Babej2014-06-251-11/+11
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* sudorule: Make sure all the relevant attributes are checked when setting ↵Tomas Babej2014-06-251-12/+41
| | | | | | | | category to ALL https://fedorahosted.org/freeipa/ticket/4341 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* sudorule: Allow adding deny commands when command category set to ALLTomas Babej2014-06-251-6/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/4340 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* sudorule: Include externalhost and ipasudorunasextgroup in the list of ↵Tomas Babej2014-06-251-1/+2
| | | | | | | | | | | | default attributes The following attributes were missing from the list of default attributes: * externalhost * ipasudorunasextuser * ipasudorunasextgroup Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* sudorule: Make sure sudoRunAsGroup is dereferencing the correct attributeTomas Babej2014-06-252-4/+7
| | | | | | | | | Makes sure we dereference the correct attribute. Also adds object class checking. https://fedorahosted.org/freeipa/ticket/4324 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* sudorule: Allow using external groups as groups of runAsUsersTomas Babej2014-06-255-7/+57
| | | | | | | | | Adds a new attribute ipaSudoRunAsExtUserGroup and corresponding hooks sudorule plugin. https://fedorahosted.org/freeipa/ticket/4263 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* sudorule: Allow using hostmasks for setting allowed hostsTomas Babej2014-06-255-4/+86
| | | | | | | | | Adds a new --hostmasks option to sudorule-add-host and sudorule-remove-host commands, which allows setting a range of hosts specified by a hostmask. https://fedorahosted.org/freeipa/ticket/4274 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* sudorule: PEP8 fixes in sudorule.pyTomas Babej2014-06-251-52/+104
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Fix incompatible DNS permissionMartin Basti2014-06-251-1/+30
| | | | | | | | | dns(forward)zone-add/remove-permission can work with permissions with relative zone name Ticket:https://fedorahosted.org/freeipa/ticket/4383 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* webui: don't limit permission search in privilegesPetr Vobornik2014-06-251-2/+1
| | | | | | | | | | | | Search for privileges was limited to bindruletype==permission. There was no reason to do that. This patch removes the restriction. Related to: https://fedorahosted.org/freeipa/ticket/4079 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: fix field's default valuePetr Vobornik2014-06-251-1/+1
| | | | | | | | Fields with default value, such as DNS Zone's idnsforwardpolicy, were marked as dirty when no value was loaded and when default value of input control was other than empty. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui-ci: adjust tests to dns changesPetr Vobornik2014-06-252-2/+2
| | | | | | All DNS Zone names must be fully qualified. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
generated by cgit (git 2.34.1) at 2025-08-28 14:10:54 +0000