| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I've used code from ipalib/plugins/host.py to add support for random
password generation. The '--random' option is now available in user-add
and user-mod commands. If both the 'password' and 'random' options are
used the 'random' option will be ignored.
Two test cases were added to unit test's module test_user_plugin.py -
they test creating and modifying user with random password. Two fuzzy tests
were added: test for password(string that doesn't start or end with
whitespace and doesn't containt other whitespace than ' ') and for whatever
string(because of krbextradata).
I've slightly modified ipa_generate_password in order to make passwords for
users more user-friendly(reduce number of non-letters). It has two optional
parameters now - first one is string of characters that should be used for
generating the passwd and second one is length of password. If none
parameter is set default values will be used so there's no need to modify
other plugins that use random password generator.
https://fedorahosted.org/freeipa/ticket/1979
|
| |
|
|
|
|
|
|
| |
This patch works with assumption that user in self-service mode doesn't have rights for enrolling/un-enrolling himself to/from group, role, hbac rule, net group, sudo rule. He can only read the attributes. Therefore in self service mode all user association facets are set read only.
Checkingi and working with the actual rights would require significantly bigger effort.
https://fedorahosted.org/freeipa/ticket/1972
|
| |
|
|
|
|
|
| |
A recent CSS change inadvertently changes position of the combobox
search icon. This has been fixed now.
Ticket #388
|
| |
|
|
|
|
|
| |
A recent CSS change inadvertently changes position of the combobox
icon. This has been fixed now.
Ticket #388
|
| |
|
|
|
|
| |
The name of the Unmatched checkbox in HBAC Test has been corrected.
Ticket #388
|
| |
|
|
|
|
|
|
|
| |
Facets in ACI have new order:
* Roles: members, privileges, settings
* Privileges: permissions, settings, roles
* Permissions: settings, privileges
https://fedorahosted.org/freeipa/ticket/2104
|
| |
|
|
|
|
|
|
| |
- facet group headers, error dialog, non-scrollable tables, can manage long names
Size calculation of scrollable and non-scrollable tables was united. Now these types of tables differ only by style.
https://fedorahosted.org/freeipa/ticket/1821
|
| |
|
|
|
|
|
|
|
| |
When discovering IPA LDAP servers through DNS records, look through all
servers found until first success. A master might be not available or
denied access but replica may succeed.
Ticket #1827
https://fedorahosted.org/freeipa/ticket/1827
|
| | |
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The DNS records list page was not loaded correctly due to a recent
change in HBAC Test. The page has been updated to use the load_all()
to show all records in the zone.
Ticket #388
|
| | |
| |
| |
| |
| |
| |
| | |
The HBAC Test pages have been modified to validate required input
before executing the test.
Ticket #388
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The checkboxes in HBAC Test run page have been fixed to show/hide
matched or unmatched rules. The New Test button has been fixed to
deselect the inputs in all facets. The test data has been updated
as well.
Ticket #388
|
| | | |
|
| |/
|
|
|
|
|
|
| |
This will allow one to define what SELinux context a given user gets
on a given machine. A rule can contain a set of users and hosts or it
can point to an existing HBAC rule that defines them.
https://fedorahosted.org/freeipa/ticket/755
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tables columns have computed width. If value in one column is very long it widens the column and shortens others. This change causes that body columns are not aligned with header columns which makes the table less readable.
Applying 'word-break: break-all' style breaks the word to multiple lines and solves the problem.
Simililar problem is in details facet when displaying text values. Very long values widens the table and a horizontal slider is displayed, which is bad. Applying same solution.
In facet headers and breadcrumb navigation breaking the pkey looks bad - there should be only on line of pkey. To solve this, the pkey is limited to 63 characters (empirically measured). Long pkeys are cut. Uncut pkey is set as a title to avoid losing information.
Whole breadcrump could be about 140 chars (with current styles). 10 chars is reserved for entity link, 60 for pkey the rest (about 60) for parent pkeys. The assumtion is that the parent pkeys wouldn't be so long so they won't be cut anyway.
Column width calculation in tables was iproved. Now it counts with cell spacing, padding, border. It uses these assumtions:
cell-spacing: 2px
cell-padding: 6px th:right, left; td: left
cell-border: th:1px; td:0px
It would be better to get these measures dynamically. Right now it is good enough - better than previous calculation.
Result: data cells are aligned with their header. This alignment fails if vertical scrollbar is displayed (existing problem).
Also added padding to headers in association adder dialog.
https://fedorahosted.org/freeipa/ticket/1890
|
| | |
|
| | |
|
| |
|
|
|
| |
Allow to deref more than one attribute.
The attrs searched are the same for all deref attributes at this time.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Recover from connection failures in IPAdmin LDAP bind functions and
rather try reconnect in scope of a given timeout instead of giving
up after the first failed connection.
The recovery fixes ipa-ldap-updater on F-16 which always failed
because of a missing dirsrv socket.
https://fedorahosted.org/freeipa/ticket/2175
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The privilege was added after the permission causing the memberof to not
be generated.
Add a new task to regenerate memberof for existing PBAC to fix upgrades.
https://fedorahosted.org/freeipa/ticket/2058
https://fedorahosted.org/freeipa/ticket/2059
https://fedorahosted.org/freeipa/ticket/2060
https://fedorahosted.org/freeipa/ticket/2061
|
| |
|
|
|
|
|
|
|
| |
The value stored in certmonger is not guaranteed to be normalized
nor is the value passed-in (could be a relative path and may or not
contain trailing slash). We do direct string compares so they need
to match exactly or we won't find the request.
https://fedorahosted.org/freeipa/ticket/1942
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If "make rpms" fails it doesn't clean up the rpmbuild directory it created.
The next make-lint will also fail because it finds files under rpmbuild.
make-lint is invoked by "make rpms", a vicous cycle.
The patch contains two sets of changes
Include "rpmbuild" in the IGNORE_PATHS list of make-lint.
Fix the Makefile to use $(RPMBUILD) consistently, there were a number
of hardcoded uses of "rpmbuild" as a direcotry.
|
| | |
|
| |
|
|
|
|
|
|
| |
Created format method for getting translated messages for boolean values - IPA.boolean_format.
Used in hosts, sudo rules, hbac rules and hbac test.
https://fedorahosted.org/freeipa/ticket/2027
|
| |
|
|
|
|
|
| |
Hard-coded labels in HBAC Test have been moved into internal.py to
allow translation.
Ticket #388
|
| |
|
|
|
|
|
| |
The tables in HBAC Test have been modified to expand according to
window size. Hard-coded CSS codes have been moved into ipa.css.
Ticket #388
|
| |
|
|
|
|
|
| |
A text field has been added for specifying external user, host, and
service for HBAC testing.
Ticket #388
|
| |
|
|
|
|
| |
The search filter in HBAC Test has been fixed to work properly.
Ticket #388.
|
| |
|
|
|
|
|
| |
The Back, Next, and New Test buttons in HBAC Test have been fixed
to work properly.
Ticket #388
|
| |
|
|
|
|
|
|
|
|
| |
Summarize entered IPA server configuration so that user can examine
it and stop the installation process in case of error. Before this
patch, user had to know which question is the last one and check
the values he entered in various places during the interactive
wizard.
https://fedorahosted.org/freeipa/ticket/1083
|
| |
|
|
|
|
|
|
|
|
| |
This is the initial implementation of HBAC Test page. Currently it
can select user, source/target group, service, rules, and execute
the test. Other functionalities to be implemented include the search
filter, external users/hosts, back/next buttons, validation, styling,
and internalization.
Ticket #388
|
| |
|
|
|
|
|
|
|
| |
The load() in IPA.facet has been modified to accept the complete
data returned by the server instead of just the result. This is
needed by HBAC Test to access other attributes returned in the
test result.
Ticket #388
|
| |
|
|
|
|
|
|
|
|
|
| |
The current code assumes that an entity will always have a corresponding
LDAPObject on the server, so it looks for the metadata in a fixed location.
This assumption doesn't work for HBAC Test since it is a Command, not an
LDAPObject, so the metadata has to be obtained from a different location.
A new method get_default_metadata() has been added to allow each entity
to find the metadata from the correct location.
Ticket #388
|
| |
|
|
|
|
|
|
|
| |
The table widget has been modified to support single-valued attribute
using radio buttons needed by some facets in HBAC Test. The widget now
uses 'pagination' flag to determine whether to show the pagination
control. The test data has also been updated.
Ticket #388
|
| |
|
|
|
|
|
|
|
| |
The json_metadata command has been modified to accept some new
options and return the commands metadata. The API.txt has been
updated as well. The UI has been modified to use commands metadata
instead of methods metadata.
Ticket #388
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to check presence of nss_ldap or nss-pam-ldapd when installing
client with '--no-sssd' option there was added code into ipa-client-install.
Checking is based on existence of one of nss_ldap configuration files.
This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with
pam_ldap module and hence the presence of it is checked by looking for
'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against
existence of 'nslcd.conf' file. All this checking is done by function
nssldap_exists(). Because both modules are maintained by two different
functions, the function returns tuple containing return code and dictionary
structure - its key is name of target function and value is list of existing
configuration files. Files to check are specified inside the
nssldap_exists() function. nssldap_exists() also returns True if any of
the mandatory files was found, otherwise returns False.
In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf() were slightly modified. They accept one more
parameter which is list of existing files. They are not checking existence
of above mentioned files anymore.
https://fedorahosted.org/freeipa/ticket/2063
|
| |
|
|
|
|
|
|
|
| |
This makes no changes to the functionality in the command-line or
GUI because these all have defaults anyway. This is mostly to show
them properly in the UI and prevent someone from trying to erase the
value (and getting a nasty schema error in response).
https://fedorahosted.org/freeipa/ticket/2015
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/1874
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/2001
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
JavaScript &= and |= are bitwise operators. They are shortened version of:
foo = foo & bar
foo = foo | bar
In some places they were used as shortened version of logical operation and assignment.
foo = foo && bar
It lead to type conversion to Number which is wrong (0 !== false).
This patch replaces such occurances with full version of logical operation and asignment.
https://fedorahosted.org/freeipa/ticket/2040
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/2040
|
