summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* ipaplatform: Remove legacy redhat platform moduleTomas Babej2014-06-162-282/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Do not require custom Authconfig implementations from platform ↵Tomas Babej2014-06-166-155/+220
| | | | | | | | modules https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Move restore_context and check_selinux_status implementations ↵Tomas Babej2014-06-162-47/+59
| | | | | | | | to base fedora platform tasks https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Moved Fedora 16 service implementations and refactored them as ↵Tomas Babej2014-06-163-204/+215
| | | | | | | | base Fedora module service implementations https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Add base fedora platform moduleTomas Babej2014-06-164-0/+92
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Create default implementations for tasks that were missing themTomas Babej2014-06-161-0/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Move default implementations of tasks from service.py.inTomas Babej2014-06-162-37/+33
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Move service base platfrom related functionality to ↵Tomas Babej2014-06-164-386/+416
| | | | | | | | ipaplatform/base/service.py https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Create separate module for platform filesTomas Babej2014-06-165-0/+112
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* webui: expose krbprincipalexpirationPetr Vobornik2014-06-161-0/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/3306 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: move RPC result extraction logic to AdapterPetr Vobornik2014-06-168-92/+122
| | | | | | | | | | | | | | | It enables declarative extraction of values from partial results of a batch commands and also further extensibility in custom adapters. The default adapter has detection logic for this extraction so it can use bare record or extract data from normal or batch RPC command. Minor change of user plugin fixed: https://fedorahosted.org/freeipa/ticket/4355 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* ipalib.config: Don't autoconvert values to floatPetr Viktorin2014-06-164-9/+5
| | | | | | | | | | | | | | | | | | When api.env is loaded, strings that "look like" floats got auto-converted to floats. This is wrong, as the conversion to float can lose precision. Case in point: the api_version (e.g. '2.88') should never be interpreted as float. Do not automatically convert to float. We have two numeric options: startup_timeout and wait_for_dns. wait_for_dns is already converted to int when used in the code. Convert startup_timeout to float explicitly when used, so configuration that specified it with a decimal point continues to work. Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* ipalib.config: Only convert basedn to DNPetr Viktorin2014-06-161-1/+1
| | | | | | | | | The current code would convert values to DN if the key was a substring of 'basedn', e.g. 'base' or 'sed'. Only convert if we're actually dealing with 'basedn'. Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* Add support for managedBy to tokensNathaniel McCallum2014-06-167-26/+88
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This also constitutes a rethinking of the token ACIs after the introduction of SELFDN support. Admins, as before, have full access to all token permissions. Normal users have read/search/compare access to all of the non-secret data for tokens assigned to them, whether managed by them or not. Users can add tokens if, and only if, they will also manage this token. Managers can also read/search/compare tokens they manage. Additionally, they can write non-secret data to their managed tokens and delete them. When a normal user self-creates a token (the default behavior), then managedBy is automatically set. When an admin creates a token for another user (or no owner is assigned at all), then managed by is not set. In this second case, the token is effectively read-only for the assigned owner. This behavior enables two important other behaviors. First, an admin can create a hardware token and assign it to the user as a read-only token. Second, when the user is deleted, only his self-managed tokens are deleted. All other (read-only) tokens are instead orphaned. This permits the same token object to be reasigned to another user without loss of any counter data. https://fedorahosted.org/freeipa/ticket/4228 https://fedorahosted.org/freeipa/ticket/4259 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipalib.frontend: Do API version check before converting argumentsPetr Viktorin2014-06-133-22/+24
| | | | | | | | | | | | | This results in the proper message being shown if the client sends an option the server doesn't have yet. It also adds the check to commands that override run() but not __call__, such as `ipa ping`, and to commands run on the server. Adjust tests for these changes. https://fedorahosted.org/freeipa/ticket/3963 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix --ttl description for DNS zonesPetr Spacek2014-06-124-14/+14
| | | | | | | TTL specified in idnsZone object class affects all records at zone apex, not only SOA record. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* webui: add sudoorder field to sudo rule pagePetr Vobornik2014-06-121-0/+5
| | | | | | | part of https://fedorahosted.org/freeipa/ticket/2348 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* webui: control sudo rule deny command tables by category switchPetr Vobornik2014-06-123-61/+63
| | | | | | | | | `memberdenycmd_sudocmd` and `memberdenycmd_sudocmdgroup` tables are now enabled/disabled based on `cmdcategory` as well. https://fedorahosted.org/freeipa/ticket/4361 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* webui: handle "unknown" result of automember-default-group-showPetr Vobornik2014-06-121-0/+7
| | | | | | | | | Interface for setting default group is hidden when user doesn't have necessary rights or if there is some error while loading the state. https://fedorahosted.org/freeipa/ticket/4356 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* webui: fix SSH Key widget updatePetr Vobornik2014-06-121-1/+2
| | | | | | Update widget status text on update. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* Python-kerberos update in freeipa.spec.inMartin Basti2014-06-111-2/+1
| | | | | | | Remove duplicated entry in BuildRequires Minimal version 1.1-14 is required for ipapython Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* webui: handle back button when unauthenticatedPetr Vobornik2014-06-116-21/+52
| | | | | | | | | | | | | | using browser history when unauthenticated causes transition to the original and/or preceding facets. But nothing works since all commands fail due to expired credentials in session. These changes make sure that user stays on login screen if he misses valid session credentials while he wants to switch to facet which requires authentication. https://fedorahosted.org/freeipa/ticket/4353 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: display only dialogs which belong to current facetPetr Vobornik2014-06-112-15/+144
| | | | | | | | | | | | | | Dialog instances no longer directly call IPA.opened_dialog methods. It's handled through events (decoupled from dialog's POV). IPA.open_dialogs with assistance of ApplicationController makes sure that there is only one dialog opened at the same time. It also makes sure to hide all dialogs, which are not global dialogs and did not originate from current facet, when switching facets. https://fedorahosted.org/freeipa/ticket/4348 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Make sure member* attrs are always granted together in read permissionsPetr Viktorin2014-06-1113-20/+43
| | | | | | | | | | | | | | Memberofindirect processing of an entry doesn't work if the user doesn't have rights to any one of these attributes: - member - memberuser - memberhost Add all of these to any read permission that specifies any of them. Add a check to makeaci that will enforce this for any future permissions. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Make 'permission' the default bind type for managed permissionsPetr Viktorin2014-06-119-23/+1
| | | | | | | | | | | This reduces typing (or copy/pasting), and draws a bit of attention to any non-default privileges (currently 'any' or 'anonymous'). Leaving the bindtype out by mistake isn't dangerous: by default a permission is not granted to anyone, since it is not included in any priviliges. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Add ACI.txtPetr Viktorin2014-06-113-0/+234
| | | | | | | | | | | | | The ACI.txt file is a list all managed permissions in ACI form. Similarly to API.txt, it ensures that changes are not made lightly, since modifications must be reflected in ACI.txt and committed to Git. Add a script, makeaci, which parallels makeapi: it recreates or validates ACI.txt. Call makeaci --validate before the build, just after API.txt is validated. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Add method to enumerate managed permission templatesPetr Viktorin2014-06-111-15/+30
| | | | | | This will ease writing audit and management scripts for managed permissions. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Sort rights when writing the ACIPetr Viktorin2014-06-111-1/+1
| | | | | | This makes the ACI independent on set/dict iteration order. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: simplify self-service menuPetr Vobornik2014-06-111-8/+2
| | | | | | | | there is only one top level item -> no point of having this level. This patch replaces top level with second menu level Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add idnsSecInlineSigning option to DNS zone details facetPetr Vobornik2014-06-111-0/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/3801 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: fix regression: enabled gid field on group addPetr Vobornik2014-06-113-3/+37
| | | | | | | | | | | | GID field should be enabled by default since the default group is posix. Was caused by option_widget_base not properly reporting value change while selecting the default value. It has to be notified with delay otherwise the event is consumed by FieldBinder. https://fedorahosted.org/freeipa/ticket/4325 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Update all remaining plugins to the new Registry APINathaniel McCallum2014-06-1131-274/+333
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Make zonenames absolute in host pluginMartin Basti2014-06-111-2/+3
| | | | | | | This is fix for regression caused by IDNA patch, zone names must be absolute. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* Add missing attributes to User managed permissionsPetr Viktorin2014-06-101-2/+3
| | | | | | | | | | - Add nsAccountLock to the Unlock user accounts permission - Add member to Read User Membership - Add userClass and preferredLanguage to Modify Users https://fedorahosted.org/freeipa/ticket/3697 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Convert User default permissions to managedPetr Viktorin2014-06-104-94/+91
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* managed perm updater: Handle case where we changed default ACIs in the pastPetr Viktorin2014-06-101-2/+18
| | | | | | | | | | | This handles the case where IPA's default ACIs changed in something else than just attribute lists. In this case we can narrow the set of ACIs we think the user might be upgrading from. Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Split long docstrings that were recently modifiedPetr Viktorin2014-06-104-52/+52
| | | | | | | | When the strings are changed again, translators will only need to re-translate the modified parts. See: https://fedorahosted.org/freeipa/ticket/3587 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: break long text in a code element in a modalPetr Vobornik2014-06-101-0/+5
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: fix layout of QR code on wide screensPetr Vobornik2014-06-101-0/+1
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: fix search box overlap in mobile modePetr Vobornik2014-06-101-0/+1
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: use propert alerts in header notification areaPetr Vobornik2014-06-103-22/+5
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: proper alerts in dialogsPetr Vobornik2014-06-103-6/+11
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: move radius proxy action panel commands to header actionsPetr Vobornik2014-06-101-8/+3
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: use normal buttons instead of link buttons in multivalued widgetPetr Vobornik2014-06-102-5/+4
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: move service action panel actions to action dropdownPetr Vobornik2014-06-102-29/+22
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: move host action panel actions to action dropdownPetr Vobornik2014-06-105-32/+23
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui-ci: assert_action_list_actionPetr Vobornik2014-06-101-1/+24
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: use dark color for facet titles without pkeyPetr Vobornik2014-06-102-1/+6
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: association adder dialog - change find label to filterPetr Vobornik2014-06-103-1/+10
| | | | | | also add filter placeholder Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: certificate search - select search attribute only when definedPetr Vobornik2014-06-101-1/+1
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
generated by cgit (git 2.34.1) at 2026-03-14 22:12:43 +0000