summaryrefslogtreecommitdiffstats
path: root/install
Commit message (Collapse)AuthorAgeFilesLines
* webui: send API version in RPC requestsPetr Vobornik2014-06-272-1/+6
| | | | | | | | | | | | | Currently there is an incorrect behavior that server doesn't send datetime and dnsname data in new format. This patch adds the version to each RPC request making the UI look as the latest client. Server then sends data in correct format. It also removes the "unknown version" warning from each RPC response. https://fedorahosted.org/freeipa/ticket/4394 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: fix detection of RPC commandPetr Vobornik2014-06-272-10/+10
| | | | | | | | | old detection did not work with the static version used for test and demonstration purposes. https://fedorahosted.org/freeipa/ticket/4357 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui-test: dns forward zone json dataPetr Vobornik2014-06-275-0/+158
| | | | | | | | | Fake API results for testing and presentation purposes of DNS Forward Zones. https://fedorahosted.org/freeipa/ticket/4357 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui-test: static metadata updatePetr Vobornik2014-06-273-1676/+3478
| | | | | | | | | Regular update of static metadata for testing and presentation purposes. It should also contain new DNS Forward Zones metadata. https://fedorahosted.org/freeipa/ticket/4357 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: dns forward zonesPetr Vobornik2014-06-272-1/+163
| | | | | | | | | | Add DNS Forward Zones Web UI. - pages under: Identity/DNS/DNS Forward Zones https://fedorahosted.org/freeipa/ticket/4357 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add confirmation for dns zone permission actionsPetr Vobornik2014-06-272-41/+11
| | | | | | All header actions should require confirmation. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Add /session/token_sync POST supportNathaniel McCallum2014-06-261-1/+7
| | | | | | | | | | | | | | | | | This HTTP call takes the following parameters: * user * password * first_code * second_code * token (optional) Using this information, the server will perform token synchronization. If the token is not specified, all tokens will be searched for synchronization. Otherwise, only the token specified will be searched. https://fedorahosted.org/freeipa/ticket/4218 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* webui: support otp in reset_password.htmlPetr Vobornik2014-06-262-2/+18
| | | | | | https://fedorahosted.org/freeipa/ticket/4262 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: rebase user password dialog on password dialog and add otp supportPetr Vobornik2014-06-263-153/+73
| | | | | | https://fedorahosted.org/freeipa/ticket/4262 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add placeholders to login screenPetr Vobornik2014-06-262-1/+10
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: placeholder attribute support in textbox and textareaPetr Vobornik2014-06-261-0/+8
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: support password change with OTP in login screenPetr Vobornik2014-06-262-8/+49
| | | | | | https://fedorahosted.org/freeipa/ticket/4262 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* keytab: Add new extended operation to get a keytab.Simo Sorce2014-06-263-1/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | This new extended operation allow to create new keys or retrieve existing ones. The new set of keys is returned as a ASN.1 structure similar to the one that is passed in by the 'set keytab' extended operation. Access to the operation is regulated through a new special ACI that allows 'retrieval' only if the user has access to an attribute named ipaProtectedOperation postfixed by the subtypes 'read_keys' and 'write_keys' to distinguish between creation and retrieval operation. For example for allowing retrieval by a specific user the following ACI is set on cn=accounts: (targetattr="ipaProtectedOperation;read_keys") ... ... userattr=ipaAllowedToPerform;read_keys#USERDN) This ACI matches only if the service object hosts a new attribute named ipaAllowedToPerform that holds the DN of the user attempting the operation. Resolves: https://fedorahosted.org/freeipa/ticket/3859 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* ipaplatform: Move paths from installers to paths moduleTomas Babej2014-06-2611-65/+76
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* sudorule: Enforce category ALL checks on dirsrv levelTomas Babej2014-06-252-5/+16
| | | | | | https://fedorahosted.org/freeipa/ticket/4341 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* sudorule: Make sure sudoRunAsGroup is dereferencing the correct attributeTomas Babej2014-06-252-4/+7
| | | | | | | | | Makes sure we dereference the correct attribute. Also adds object class checking. https://fedorahosted.org/freeipa/ticket/4324 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* sudorule: Allow using external groups as groups of runAsUsersTomas Babej2014-06-253-1/+5
| | | | | | | | | Adds a new attribute ipaSudoRunAsExtUserGroup and corresponding hooks sudorule plugin. https://fedorahosted.org/freeipa/ticket/4263 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* sudorule: Allow using hostmasks for setting allowed hostsTomas Babej2014-06-252-0/+4
| | | | | | | | | Adds a new --hostmasks option to sudorule-add-host and sudorule-remove-host commands, which allows setting a range of hosts specified by a hostmask. https://fedorahosted.org/freeipa/ticket/4274 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* webui: don't limit permission search in privilegesPetr Vobornik2014-06-251-2/+1
| | | | | | | | | | | | Search for privileges was limited to bindruletype==permission. There was no reason to do that. This patch removes the restriction. Related to: https://fedorahosted.org/freeipa/ticket/4079 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: fix field's default valuePetr Vobornik2014-06-251-1/+1
| | | | | | | | Fields with default value, such as DNS Zone's idnsforwardpolicy, were marked as dirty when no value was loaded and when default value of input control was other than empty. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* trusts: Allow reading system trust accounts by adtrust agentsTomas Babej2014-06-251-0/+8
| | | | Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Implement OTP token importingNathaniel McCallum2014-06-254-0/+63
| | | | | | | | | | | | | | | | | | | | This patch adds support for importing tokens using RFC 6030 key container files. This includes decryption support. For sysadmin sanity, any tokens which fail to add will be written to the output file for examination. The main use case here is where a small subset of a large set of tokens fails to validate or add. Using the output file, the sysadmin can attempt to recover these specific tokens. This code is implemented as a server-side script. However, it doesn't actually need to run on the server. This was done because importing is an odd fit for the IPA command framework: 1. We need to write an output file. 2. The operation may be long-running (thousands of tokens). 3. Only admins need to perform this task and it only happens infrequently. https://fedorahosted.org/freeipa/ticket/4261 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Convert Sudo Command Group default permissions to managedPetr Viktorin2014-06-241-27/+0
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Convert Sudo Command default permissions to managedPetr Viktorin2014-06-241-27/+0
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Convert Service default permissions to managedPetr Viktorin2014-06-241-55/+0
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Convert SELinux User Map default permissions to managedPetr Viktorin2014-06-241-30/+0
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Convert Role default permissions to managedPetr Viktorin2014-06-241-44/+0
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Convert the Modify privilege membership permission to managedPetr Viktorin2014-06-241-9/+0
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Convert Netgroup default permissions to managedPetr Viktorin2014-06-241-44/+0
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Convert Hostgroup default permissions to managedPetr Viktorin2014-06-241-44/+0
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Convert HBAC Service Group default permissions to managedPetr Viktorin2014-06-241-26/+0
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Convert HBAC Service default permissions to managedPetr Viktorin2014-06-241-16/+0
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Convert HBAC Rule default permissions to managedPetr Viktorin2014-06-241-32/+0
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Convert Group default permissions to managedPetr Viktorin2014-06-243-54/+0
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Convert Automount default permissions to managedPetr Viktorin2014-06-242-83/+0
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Support requests with SAN in cert-request.Jan Cholasta2014-06-241-0/+15
| | | | | | | | | | For each SAN in a request there must be a matching service entry writable by the requestor. Users can request certificates with SAN only if they have "Request Certificate With SubjectAltName" permission. https://fedorahosted.org/freeipa/ticket/3977 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Allow SAN in IPA certificate profile.Jan Cholasta2014-06-241-1/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/3977 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: plugin APIPetr Vobornik2014-06-233-2/+63
| | | | | | | | | new `extend` module should serve as a stable API for plugin authors. It should expose the most commonly used global calls. https://fedorahosted.org/freeipa/ticket/4345 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add parent link to widgets in ContainerMixinPetr Vobornik2014-06-232-0/+3
| | | | | | | | Standard facets sets `facet` attribute to widgets. This one adds similar, more generic `parent` attribute which should be used for going through the hierarchy up to top. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: generic routingPetr Vobornik2014-06-234-259/+538
| | | | | | | | | | | Router is not able to create hash from facet state for custom routes/facets. This patch refactors router methods into providers. It allows to create additional route handlers, navigators and hash creators. These providers are mapped to facets and therefore it's possible to create router hash for any facet without any logic in the facet itself. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: support standalone facets in navigation modulePetr Vobornik2014-06-231-4/+18
| | | | | | | | | One can access standard standalone facets with: `navigation.show('facet_name')` and completely custom facets with low level call: `navigation.show_generic('/custom/hash', facet)`` Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: fix excessive registration of state change event listenersPetr Vobornik2014-06-231-1/+1
| | | | | | | | `Facet` descendants don't have `container` attribute as opposite to `facet.facet`. Therefore the registration will happen on every facet visit. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Convert Host default permissions to managedPetr Viktorin2014-06-232-110/+1
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Allow anonymous read access to virtual operation entriesPetr Viktorin2014-06-203-8/+1
| | | | | | | | | | These entries are the same in all IPA installations, so there's no need to hide them. Also remove the ipaVirtualOperation objectclass, since it is no longer needed. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* DNSSEC: WebUI add DLV record typeMartin Basti2014-06-201-1/+15
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* DNSSEC: DLVRecord type addedMartin Basti2014-06-202-2/+3
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* DNSSEC: webui update DNSSEC attributesMartin Basti2014-06-201-87/+11
| | | | | | | | Removed SIG, KEY, RRSIG, NSEG record types Added NSEC3PARAM record type Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* DNSSEC: added NSEC3PARAM record typeMartin Basti2014-06-202-2/+3
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Separate master and forward DNS zonesMartin Basti2014-06-201-0/+1
| | | | | | | | | Forward zones are stored in idnsforwadzone objectclasses. design: http://www.freeipa.org/page/V4/Forward_zones Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix: Allow read access to masters, but not their services, to auth'd usersPetr Viktorin2014-06-191-1/+1
| | | | | | | | | | Fixes commit b243da415ecb2c28b5aa9bc563595efe35a40987 A bad version of the patch was sent and pushed. Part of the work for: https://fedorahosted.org/freeipa/ticket/3566 Reviewed-By: Martin Kosek <mkosek@redhat.com>
generated by cgit (git 2.34.1) at 2024-11-13 00:31:15 +0000