| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
| |
adapt Web UI to a newer style of encapsulation object data
https://fedorahosted.org/freeipa/ticket/4394
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently there is an incorrect behavior that server doesn't send datetime
and dnsname data in new format.
This patch adds the version to each RPC request making the UI look as the
latest client. Server then sends data in correct format. It also removes
the "unknown version" warning from each RPC response.
https://fedorahosted.org/freeipa/ticket/4394
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
| |
old detection did not work with the static version used for test and
demonstration purposes.
https://fedorahosted.org/freeipa/ticket/4357
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Fake API results for testing and presentation purposes of DNS Forward
Zones.
https://fedorahosted.org/freeipa/ticket/4357
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Regular update of static metadata for testing and presentation purposes.
It should also contain new DNS Forward Zones metadata.
https://fedorahosted.org/freeipa/ticket/4357
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
| |
Selenium CI sanity tests for DNS Forward Zones
https://fedorahosted.org/freeipa/ticket/4357
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Add DNS Forward Zones Web UI.
- pages under: Identity/DNS/DNS Forward Zones
https://fedorahosted.org/freeipa/ticket/4357
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
All header actions should require confirmation.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
| |
python-yubico needs to be on a machine to be able to build FreeIPA.
Without it, even ./makeapi and ./makeaci fails.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A mixture of implicit and explicit tagging was being used and this caused
a bug in retrieving the enctype number due to the way ber_scanf() loosely
treat sequences and explicit tagging.
The ASN.1 notation used to describe the getkeytab operation uses implicit
tagging, so by changing the code we simply follow to the specified encoding.
Resolves: https://fedorahosted.org/freeipa/ticket/4404
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This command calls the token sync HTTP POST call in the server providing
the CLI interface to synchronization.
https://fedorahosted.org/freeipa/ticket/4260
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
| |
This command behaves almost exactly like otptoken-add except:
1. The new token data is written directly to a YubiKey
2. The vendor/model/serial fields are populated from the YubiKey
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This HTTP call takes the following parameters:
* user
* password
* first_code
* second_code
* token (optional)
Using this information, the server will perform token synchronization.
If the token is not specified, all tokens will be searched for synchronization.
Otherwise, only the token specified will be searched.
https://fedorahosted.org/freeipa/ticket/4218
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
login_password did not work properly in timezones other than +0h because
local time was compared with utc time.
Bug introduced in:
https://fedorahosted.org/freeipa/ticket/4339
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4262
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4262
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
| |
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
| |
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4262
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4262
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4262
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4262
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4373
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
| |
Update the man page with the new ipa-getkeytab option.
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This new extended operation is tried by default and then the code falls
back to the old method if it fails. The new method allows for server
side password generation as well as retrieval of existing credentials
w/o causing regeneration of keys on the server.
Resolves:
https://fedorahosted.org/freeipa/ticket/3859
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
|
|
|
| |
Isolate parts that will be reused in following patches.
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This new extended operation allow to create new keys or retrieve
existing ones. The new set of keys is returned as a ASN.1 structure
similar to the one that is passed in by the 'set keytab' extended
operation.
Access to the operation is regulated through a new special ACI that
allows 'retrieval' only if the user has access to an attribute named
ipaProtectedOperation postfixed by the subtypes 'read_keys' and
'write_keys' to distinguish between creation and retrieval operation.
For example for allowing retrieval by a specific user the following ACI
is set on cn=accounts:
(targetattr="ipaProtectedOperation;read_keys") ...
... userattr=ipaAllowedToPerform;read_keys#USERDN)
This ACI matches only if the service object hosts a new attribute named
ipaAllowedToPerform that holds the DN of the user attempting the
operation.
Resolves:
https://fedorahosted.org/freeipa/ticket/3859
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Make it available outside of the encoding.c file for use in a follow-up
patch. Add option to not pass a password and generate a random key
instead.
Related:
https://fedorahosted.org/freeipa/ticket/3859
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
|
|
|
|
|
|
| |
In preparation of adding another function to avoid code duplication.
Related:
https://fedorahosted.org/freeipa/ticket/3859
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The newly created ipaplatform subdirectories base and fedora were
mentioned multiple times in the specfile, which produced build
warnings.
Part of: https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
As authconfig is a distro-specific tool there is no incentive for
implying that other platforms should implement any authconfig
implementation of their own.
Part of: https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Makes sure sudorules behave correctly both when adding new entries
with corresponding category set to ALL, and when setting the
category to all when corresponding entries exist.
The only exception of deny commands with cmdcategory ALL is
covered as well.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Covers functionality of external entries for:
* users
* runAsUsers
* groups of RunAsUsers
* runAsGroups
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4341
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
| |
category to ALL
https://fedorahosted.org/freeipa/ticket/4341
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4340
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
default attributes
The following attributes were missing from the list of default attributes:
* externalhost
* ipasudorunasextuser
* ipasudorunasextgroup
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Makes sure we dereference the correct attribute. Also adds object class
checking.
https://fedorahosted.org/freeipa/ticket/4324
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Adds a new attribute ipaSudoRunAsExtUserGroup and corresponding hooks
sudorule plugin.
https://fedorahosted.org/freeipa/ticket/4263
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Adds a new --hostmasks option to sudorule-add-host and sudorule-remove-host
commands, which allows setting a range of hosts specified by a hostmask.
https://fedorahosted.org/freeipa/ticket/4274
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|