From ae19cce7adcb08cc192a9a2b320a09ab10269f52 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Wed, 13 Jun 2012 17:44:36 +0200 Subject: Trust Web UI This patch adds Web UI for trusts. Navigation path is IPA Server/Trust. It allows to add, deleted and show trust. Mod command doesn't have defined input options so update of a trust is not supported yet. Adder dialog supports two ways if adding a trust: 1) adding with domain name, admin name and admin password. 2) adding with domain name, shared secret Search page shows only list of realm names which are trusts' cns. Details page is read only. It contains following attributes: * Realm name (cn) * Domain NetBIOS name (ipantflatname) * Domain Security Identifier (ipanttrusteddomainsid) * Trust direction (trustdirection) * Trust type (trusttype) trust_output_params also defines 'Trust status' param. This param is not return by show command as well so it's commented out in code until it's fixed in plugin code. Fields in details pages are using labels defined in internal.py. It is temporary solution until including of command.has_output_params will be added to metadata. https://fedorahosted.org/freeipa/ticket/2829 --- install/ui/test/data/ipa_init.json | 14 + install/ui/test/data/ipa_init_commands.json | 405 +++++++++++++++++++++++++++- install/ui/test/data/ipa_init_objects.json | 182 ++++++++++++- install/ui/test/data/trust_add.json | 9 + install/ui/test/data/trust_find_pkeys.json | 17 ++ install/ui/test/data/trust_show.json | 67 +++++ 6 files changed, 691 insertions(+), 3 deletions(-) create mode 100644 install/ui/test/data/trust_add.json create mode 100644 install/ui/test/data/trust_find_pkeys.json create mode 100644 install/ui/test/data/trust_show.json (limited to 'install/ui/test') diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json index 9bb36bb74..6621fe56f 100644 --- a/install/ui/test/data/ipa_init.json +++ b/install/ui/test/data/ipa_init.json @@ -410,6 +410,19 @@ "specified_users": "Specified Users and Groups", "user": "Who" }, + "trust": { + "account": "Account", + "admin_account": "Administrative account", + "details": "Trust Settings", + "domain": "Domain", + "establish_using": "Establish using", + "ipantflatname": "Domain NetBIOS name", + "ipanttrusteddomainsid": "Domain Security Identifier", + "preshared_password": "Pre-shared password", + "trustdirection": "Trust direction", + "truststatus": "Trust status", + "trusttype": "Trust type" + }, "user": { "account": "Account Settings", "account_status": "Account Status", @@ -429,6 +442,7 @@ "invalid_password": "The password or username you entered is incorrect.", "new_password": "New Password", "new_password_required": "New password is required", + "password": "Password", "password_change_complete": "Password change complete", "password_must_match": "Passwords must match", "reset_failure": "Password reset was not successful.", diff --git a/install/ui/test/data/ipa_init_commands.json b/install/ui/test/data/ipa_init_commands.json index c5fd18afc..3a2d2612d 100644 --- a/install/ui/test/data/ipa_init_commands.json +++ b/install/ui/test/data/ipa_init_commands.json @@ -2099,7 +2099,9 @@ "type": "unicode", "values": [ "AllowLMhash", - "AllowNThash" + "AllowNThash", + "KDC:Disable Last Success", + "KDC:Disable Lockout" ] }, { @@ -8110,6 +8112,219 @@ } ] }, + "entitle_consume": { + "takes_args": [ + { + "class": "Int", + "doc": "Quantity", + "flags": [], + "label": "Quantity", + "maxvalue": 2147483647, + "minvalue": 1, + "name": "quantity", + "required": true, + "type": "int" + } + ], + "takes_options": [ + { + "class": "Int", + "default": 1, + "doc": "Quantity", + "flags": [ + "no_option", + "no_output" + ], + "label": "Quantity", + "maxvalue": 2147483647, + "minvalue": 1, + "name": "hidden", + "required": true, + "type": "int" + }, + { + "name": "all" + }, + { + "name": "raw" + }, + { + "name": "version" + } + ] + }, + "entitle_find": { + "takes_args": [], + "takes_options": [ + { + "class": "Int", + "doc": "Time limit of search in seconds", + "flags": [ + "no_display" + ], + "label": "Time Limit", + "maxvalue": 2147483647, + "name": "timelimit", + "type": "int" + }, + { + "class": "Int", + "doc": "Maximum number of entries returned", + "flags": [ + "no_display" + ], + "label": "Size Limit", + "maxvalue": 2147483647, + "name": "sizelimit", + "type": "int" + }, + { + "name": "all" + }, + { + "name": "raw" + }, + { + "name": "version" + } + ] + }, + "entitle_get": { + "name": "entitle_get", + "takes_args": [], + "takes_options": [ + { + "name": "all" + }, + { + "name": "raw" + }, + { + "name": "version" + } + ] + }, + "entitle_import": { + "takes_args": [ + { + "class": "File", + "doc": "", + "flags": [], + "label": "", + "multivalue": true, + "name": "usercertificate", + "type": "unicode" + } + ], + "takes_options": [ + { + "name": "setattr" + }, + { + "name": "addattr" + }, + { + "class": "Str", + "default": "IMPORTED", + "doc": "Enrollment UUID", + "flags": [ + "no_update", + "no_create" + ], + "label": "UUID", + "name": "uuid", + "noextrawhitespace": true, + "type": "unicode" + } + ] + }, + "entitle_register": { + "takes_args": [ + { + "class": "Str", + "doc": "Username", + "flags": [], + "label": "Username", + "name": "username", + "noextrawhitespace": true, + "required": true, + "type": "unicode" + } + ], + "takes_options": [ + { + "name": "setattr" + }, + { + "name": "addattr" + }, + { + "class": "Str", + "doc": "Enrollment UUID (not implemented)", + "flags": [ + "no_update", + "no_create" + ], + "label": "UUID", + "name": "ipaentitlementid", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Password", + "doc": "Registration password", + "flags": [], + "label": "Password", + "name": "password", + "noextrawhitespace": true, + "required": true, + "type": "unicode" + }, + { + "name": "all" + }, + { + "name": "raw" + }, + { + "name": "version" + } + ] + }, + "entitle_status": { + "name": "entitle_status", + "takes_args": [], + "takes_options": [] + }, + "entitle_sync": { + "takes_args": [], + "takes_options": [ + { + "class": "Int", + "default": 1, + "doc": "Quantity", + "flags": [ + "no_option", + "no_output" + ], + "label": "Quantity", + "maxvalue": 2147483647, + "minvalue": 1, + "name": "hidden", + "required": true, + "type": "int" + }, + { + "name": "all" + }, + { + "name": "raw" + }, + { + "name": "version" + } + ] + }, "env": { "name": "env", "takes_args": [ @@ -15784,6 +15999,194 @@ } ] }, + "trust_add": { + "takes_args": [], + "takes_options": [ + { + "class": "StrEnum", + "default": "ad", + "doc": "Trust type (ad for Active Directory, default)", + "flags": [], + "label": "Trust type (ad for Active Directory, default)", + "name": "trust_type", + "required": true, + "type": "unicode", + "values": [ + "ad" + ] + }, + { + "class": "Str", + "doc": "Active Directory domain administrator", + "flags": [], + "label": "Active Directory domain administrator", + "name": "realm_admin", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Password", + "doc": "Active directory domain adminstrator's password", + "flags": [], + "label": "Active directory domain adminstrator's password", + "name": "realm_passwd", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Domain controller for the Active Directory domain (optional)", + "flags": [], + "label": "Domain controller for the Active Directory domain (optional)", + "name": "realm_server", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Password", + "doc": "Shared secret for the trust", + "flags": [], + "label": "Shared secret for the trust", + "name": "trust_secret", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "name": "all" + }, + { + "name": "raw" + }, + { + "name": "version" + } + ] + }, + "trust_del": { + "takes_args": [], + "takes_options": [ + { + "class": "Flag", + "doc": "Continuous mode: Don't stop on errors.", + "flags": [], + "label": "", + "name": "continue", + "required": true, + "type": "bool" + } + ] + }, + "trust_find": { + "takes_args": [], + "takes_options": [ + { + "attribute": true, + "class": "Str", + "doc": "Realm name", + "flags": [], + "label": "Realm name", + "name": "cn", + "noextrawhitespace": true, + "primary_key": true, + "query": true, + "type": "unicode" + }, + { + "class": "Int", + "doc": "Time limit of search in seconds", + "flags": [ + "no_display" + ], + "label": "Time Limit", + "maxvalue": 2147483647, + "name": "timelimit", + "type": "int" + }, + { + "class": "Int", + "doc": "Maximum number of entries returned", + "flags": [ + "no_display" + ], + "label": "Size Limit", + "maxvalue": 2147483647, + "name": "sizelimit", + "type": "int" + }, + { + "name": "all" + }, + { + "name": "raw" + }, + { + "name": "version" + }, + { + "class": "Flag", + "doc": "Results should contain primary key attribute only (\"realm\")", + "flags": [], + "label": "Primary key only", + "name": "pkey_only", + "type": "bool" + } + ] + }, + "trust_mod": { + "takes_args": [], + "takes_options": [ + { + "name": "setattr" + }, + { + "name": "addattr" + }, + { + "name": "delattr" + }, + { + "class": "Flag", + "doc": "Display the access rights of this entry (requires --all). See ipa man page for details.", + "flags": [], + "label": "Rights", + "name": "rights", + "required": true, + "type": "bool" + }, + { + "name": "all" + }, + { + "name": "raw" + }, + { + "name": "version" + } + ] + }, + "trust_show": { + "takes_args": [], + "takes_options": [ + { + "class": "Flag", + "doc": "Display the access rights of this entry (requires --all). See ipa man page for details.", + "flags": [], + "label": "Rights", + "name": "rights", + "required": true, + "type": "bool" + }, + { + "name": "all" + }, + { + "name": "raw" + }, + { + "name": "version" + } + ] + }, "user_add": { "takes_args": [], "takes_options": [ diff --git a/install/ui/test/data/ipa_init_objects.json b/install/ui/test/data/ipa_init_objects.json index c4adfd743..25db686ce 100644 --- a/install/ui/test/data/ipa_init_objects.json +++ b/install/ui/test/data/ipa_init_objects.json @@ -580,7 +580,9 @@ "type": "unicode", "values": [ "AllowLMhash", - "AllowNThash" + "AllowNThash", + "KDC:Disable Last Success", + "KDC:Disable Lockout" ] }, { @@ -817,8 +819,28 @@ "ipagroupobjectclasses", "ipagroupsearchfields", "ipahomesrootdir", + "ipakrbprincipalalias", "ipamaxusernamelength", "ipamigrationenabled", + "ipantdomainguid", + "ipantfallbackprimarygroup", + "ipantflatname", + "ipanthash", + "ipanthomedirectory", + "ipanthomedirectorydrive", + "ipantlogonscript", + "ipantprofilepath", + "ipantsecurityidentifier", + "ipantsupportedencryptiontypes", + "ipanttrustattributes", + "ipanttrustauthincoming", + "ipanttrustauthoutgoing", + "ipanttrustdirection", + "ipanttrusteddomainsid", + "ipanttrustforesttrustinfo", + "ipanttrustpartner", + "ipanttrustposixoffset", + "ipanttrusttype", "ipapermissiontype", "ipapwdexpadvnotify", "ipasearchrecordslimit", @@ -3915,6 +3937,67 @@ ], "uuid_attribute": "" }, + "entitle": { + "aciattrs": [ + "ipaentitlementid", + "ipauniqueid", + "usercertificate", + "userpkcs12" + ], + "attribute_members": {}, + "bindable": false, + "container_dn": "cn=entitlements,cn=etc", + "default_attributes": [ + "ipaentitlement" + ], + "hidden_attributes": [ + "objectclass", + "aci" + ], + "label": "Entitlements", + "label_singular": "Entitlement", + "methods": [ + "consume", + "find", + "import", + "register", + "sync" + ], + "name": "entitle", + "object_class": [ + "ipaobject", + "ipaentitlement" + ], + "object_class_config": null, + "object_name": "entitlement", + "object_name_plural": "entitlements", + "parent_object": "", + "rdn_attribute": "", + "relationships": { + "member": [ + "Member", + "", + "no_" + ], + "memberindirect": [ + "Indirect Member", + null, + "no_indirect_" + ], + "memberof": [ + "Member Of", + "in_", + "not_in_" + ], + "memberofindirect": [ + "Indirect Member Of", + null, + "not_in_indirect_" + ] + }, + "takes_params": [], + "uuid_attribute": "ipaentitlementid" + }, "group": { "aciattrs": [ "businesscategory", @@ -6063,6 +6146,7 @@ }, "service": { "aciattrs": [ + "ipakrbprincipalalias", "ipauniqueid", "krbcanonicalname", "krbextradata", @@ -6125,7 +6209,8 @@ "krbticketpolicyaux", "ipaobject", "ipaservice", - "pkiuser" + "pkiuser", + "ipakrbprincipal" ], "object_class_config": null, "object_name": "service", @@ -6807,6 +6892,99 @@ ], "uuid_attribute": "ipauniqueid" }, + "trust": { + "aciattrs": [ + "cn", + "ipantflatname", + "ipantsupportedencryptiontypes", + "ipanttrustattributes", + "ipanttrustauthincoming", + "ipanttrustauthoutgoing", + "ipanttrustdirection", + "ipanttrusteddomainsid", + "ipanttrustforesttrustinfo", + "ipanttrustpartner", + "ipanttrustposixoffset", + "ipanttrusttype", + "objectclass" + ], + "attribute_members": {}, + "bindable": false, + "container_dn": "cn=trusts", + "default_attributes": [ + "cn", + "ipantflatname", + "ipanttrusteddomainsid", + "ipanttrusttype", + "ipanttrustattributes", + "ipanttrustdirection", + "ipanttrustpartner", + "ipantauthtrustoutgoing", + "ipanttrustauthincoming", + "ipanttrustforesttrustinfo", + "ipanttrustposixoffset", + "ipantsupportedencryptiontypes" + ], + "hidden_attributes": [ + "objectclass", + "aci" + ], + "label": "Trusts", + "label_singular": "Trust", + "methods": [ + "add_ad", + "del", + "find", + "mod", + "show" + ], + "name": "trust", + "object_class": [ + "ipaNTTrustedDomain" + ], + "object_class_config": null, + "object_name": "trust", + "object_name_plural": "trusts", + "parent_object": "", + "primary_key": "cn", + "rdn_attribute": "", + "relationships": { + "member": [ + "Member", + "", + "no_" + ], + "memberindirect": [ + "Indirect Member", + null, + "no_indirect_" + ], + "memberof": [ + "Member Of", + "in_", + "not_in_" + ], + "memberofindirect": [ + "Indirect Member Of", + null, + "not_in_indirect_" + ] + }, + "takes_params": [ + { + "class": "Str", + "doc": "Realm name", + "flags": [], + "label": "Realm name", + "name": "cn", + "noextrawhitespace": true, + "primary_key": true, + "required": true, + "type": "unicode" + } + ], + "uuid_attribute": "" + }, "user": { "aciattrs": [ "audio", diff --git a/install/ui/test/data/trust_add.json b/install/ui/test/data/trust_add.json new file mode 100644 index 000000000..707eed27d --- /dev/null +++ b/install/ui/test/data/trust_add.json @@ -0,0 +1,9 @@ +{ + "error": null, + "id": null, + "result": { + "result": {}, + "summary": "Added Active Directory trust for realm \"ad.test\"", + "value": "ad.test" + } +} \ No newline at end of file diff --git a/install/ui/test/data/trust_find_pkeys.json b/install/ui/test/data/trust_find_pkeys.json new file mode 100644 index 000000000..353170c77 --- /dev/null +++ b/install/ui/test/data/trust_find_pkeys.json @@ -0,0 +1,17 @@ +{ + "error": null, + "id": null, + "result": { + "count": 1, + "result": [ + { + "cn": [ + "ad.test" + ], + "dn": "cn=ad.test,cn=ad,cn=trusts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com" + } + ], + "summary": "1 trust matched", + "truncated": false + } +} \ No newline at end of file diff --git a/install/ui/test/data/trust_show.json b/install/ui/test/data/trust_show.json new file mode 100644 index 000000000..fa5ce3a0d --- /dev/null +++ b/install/ui/test/data/trust_show.json @@ -0,0 +1,67 @@ +{ + "error": null, + "id": null, + "result": { + "result": { + "attributelevelrights": { + "aci": "rscwo", + "cn": "rscwo", + "ipantflatname": "rscwo", + "ipantsupportedencryptiontypes": "rscwo", + "ipanttrustattributes": "rscwo", + "ipanttrustauthincoming": "rscwo", + "ipanttrustauthoutgoing": "rscwo", + "ipanttrustdirection": "rscwo", + "ipanttrusteddomainsid": "rscwo", + "ipanttrustforesttrustinfo": "rscwo", + "ipanttrustpartner": "rscwo", + "ipanttrustposixoffset": "rscwo", + "ipanttrusttype": "rscwo", + "nsaccountlock": "rscwo" + }, + "cn": [ + "ad.test" + ], + "dn": "cn=ad.test,cn=ad,cn=trusts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com", + "ipantflatname": [ + "AD" + ], + "ipanttrustattributes": [ + "136" + ], + "ipanttrustauthincoming": [ + { + "__base64__": "AQAAAAwAAAAwAAAAgKOs1XFQzQECAAAAEgAAAGEAYQBhAEEAQQBBADEAMQAxAAAA" + } + ], + "ipanttrustauthoutgoing": [ + { + "__base64__": "AQAAAAwAAAAwAAAAgKOs1XFQzQECAAAAEgAAAGEAYQBhAEEAQQBBADEAMQAxAAAA" + } + ], + "ipanttrustdirection": [ + "3" + ], + "ipanttrusteddomainsid": [ + "S-1-5-21-2085708479-1865276630-1146473440" + ], + "ipanttrustpartner": [ + "ad.test" + ], + "ipanttrusttype": [ + "2" + ], + "objectclass": [ + "ipaNTTrustedDomain" + ], + "trustdirection": [ + "Two-way trust" + ], + "trusttype": [ + "Active Directory domain" + ] + }, + "summary": null, + "value": "ad.test" + } +} \ No newline at end of file -- cgit