[Freeipa-devel] [freeipa PR#596][comment] spec file: support client-only build
URL: https://github.com/freeipa/freeipa/pull/596 Title: #596: spec file: support client-only build pvomacka commented: """ Client only build does not work on Fedora. So NACK. """ See the full comment at https://github.com/freeipa/freeipa/pull/596#issuecomment-286692657 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#588][+ack] CONFIGURE: Properly detect libpopt on el7
URL: https://github.com/freeipa/freeipa/pull/588 Title: #588: CONFIGURE: Properly detect libpopt on el7 Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#592][+ack] slapi plugins: fix CFLAGS
URL: https://github.com/freeipa/freeipa/pull/592 Title: #592: slapi plugins: fix CFLAGS Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#559][comment] WebUI: Certificate login
URL: https://github.com/freeipa/freeipa/pull/559 Title: #559: WebUI: Certificate login pvomacka commented: """ Removed in https://github.com/freeipa/freeipa/pull/585 once it will be pushed I will close this one again. """ See the full comment at https://github.com/freeipa/freeipa/pull/559#issuecomment-286490161 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#585][synchronized] Remove allow_constrained_delegation from gssproxy.conf
URL: https://github.com/freeipa/freeipa/pull/585 Author: pvomacka Title: #585: Remove allow_constrained_delegation from gssproxy.conf Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/585/head:pr585 git checkout pr585 From 51aeaec986dffddd563b24352842a20337a26bce Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Tue, 14 Mar 2017 17:44:01 +0100 Subject: [PATCH] Remove allow_constrained_delegation from gssproxy.conf The Apache process must not allowed to use constrained delegation to contact services because it is already allowed to impersonate users to itself. Allowing it to perform constrained delegation would let it impersonate any user against the LDAP service without authentication. https://pagure.io/freeipa/issue/6225 --- install/share/gssproxy.conf.template | 1 - 1 file changed, 1 deletion(-) diff --git a/install/share/gssproxy.conf.template b/install/share/gssproxy.conf.template index d703144..fbb158a 100644 --- a/install/share/gssproxy.conf.template +++ b/install/share/gssproxy.conf.template @@ -4,7 +4,6 @@ cred_store = keytab:$HTTP_KEYTAB cred_store = client_keytab:$HTTP_KEYTAB allow_protocol_transition = true - allow_constrained_delegation = true cred_usage = both euid = $HTTPD_USER -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#585][synchronized] Remove allow_constrained_delegation from gssproxy.conf
URL: https://github.com/freeipa/freeipa/pull/585 Author: pvomacka Title: #585: Remove allow_constrained_delegation from gssproxy.conf Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/585/head:pr585 git checkout pr585 From 70a70d1d76664602b907e9f93b29c5515b120931 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Tue, 14 Mar 2017 17:44:01 +0100 Subject: [PATCH] Remove allow_constrained_delegation from gssproxy.conf This change reverts option which undid privilege separation letting apache be able to both impersonate users and then contact any service. https://pagure.io/freeipa/issue/6225 --- install/share/gssproxy.conf.template | 1 - 1 file changed, 1 deletion(-) diff --git a/install/share/gssproxy.conf.template b/install/share/gssproxy.conf.template index d703144..fbb158a 100644 --- a/install/share/gssproxy.conf.template +++ b/install/share/gssproxy.conf.template @@ -4,7 +4,6 @@ cred_store = keytab:$HTTP_KEYTAB cred_store = client_keytab:$HTTP_KEYTAB allow_protocol_transition = true - allow_constrained_delegation = true cred_usage = both euid = $HTTPD_USER -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#585][opened] Remove allow_constrained_delegation from gssproxy.conf
URL: https://github.com/freeipa/freeipa/pull/585 Author: pvomacka Title: #585: Remove allow_constrained_delegation from gssproxy.conf Action: opened PR body: """ This change reverts option which breaks priviledge separation. https://pagure.io/freeipa/issue/6225 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/585/head:pr585 git checkout pr585 From 90d85c73daa272f31af1ca1bab7b2703564597d1 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Tue, 14 Mar 2017 17:44:01 +0100 Subject: [PATCH] Remove allow_constrained_delegation from gssproxy.conf This change reverts option which breaks priviledge separation. https://pagure.io/freeipa/issue/6225 --- install/share/gssproxy.conf.template | 1 - 1 file changed, 1 deletion(-) diff --git a/install/share/gssproxy.conf.template b/install/share/gssproxy.conf.template index d703144..fbb158a 100644 --- a/install/share/gssproxy.conf.template +++ b/install/share/gssproxy.conf.template @@ -4,7 +4,6 @@ cred_store = keytab:$HTTP_KEYTAB cred_store = client_keytab:$HTTP_KEYTAB allow_protocol_transition = true - allow_constrained_delegation = true cred_usage = both euid = $HTTPD_USER -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#577][synchronized] WebUI: Add support for AD users short name resolution
URL: https://github.com/freeipa/freeipa/pull/577 Author: pvomacka Title: #577: WebUI: Add support for AD users short name resolution Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/577/head:pr577 git checkout pr577 From bbb573aea93351157d485f560160949402447b59 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 13 Mar 2017 17:30:57 +0100 Subject: [PATCH] WebUI: Add support for management of user short name resolution https://pagure.io/freeipa/issue/6372 --- install/ui/src/freeipa/idviews.js | 4 install/ui/src/freeipa/serverconfig.js | 4 2 files changed, 8 insertions(+) diff --git a/install/ui/src/freeipa/idviews.js b/install/ui/src/freeipa/idviews.js index 25c043c..f383ab3 100644 --- a/install/ui/src/freeipa/idviews.js +++ b/install/ui/src/freeipa/idviews.js @@ -100,6 +100,10 @@ return { fields: [ 'cn', { +name: 'ipadomainresolutionorder', +tooltip: '@mc-opt:idview_mod:ipadomainresolutionorder:doc' +}, +{ $type: 'textarea', name: 'description' } diff --git a/install/ui/src/freeipa/serverconfig.js b/install/ui/src/freeipa/serverconfig.js index 2bc4e88..25f484a 100644 --- a/install/ui/src/freeipa/serverconfig.js +++ b/install/ui/src/freeipa/serverconfig.js @@ -56,6 +56,10 @@ return { 'ipausersearchfields', 'ipadefaultemaildomain', { +name: 'ipadomainresolutionorder', +tooltip: '@mc-opt:config_mod:ipadomainresolutionorder:doc' +}, +{ $type: 'entity_select', name: 'ipadefaultprimarygroup', other_entity: 'group', -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#577][comment] WebUI: Add support for AD users short name resolution
URL: https://github.com/freeipa/freeipa/pull/577 Title: #577: WebUI: Add support for AD users short name resolution pvomacka commented: """ @simo5 I changed the subject, do you have any suggestion what you would like to see in commit message? I think that this is quite easy and self-explanatory patch. """ See the full comment at https://github.com/freeipa/freeipa/pull/577#issuecomment-286404011 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#577][synchronized] WebUI: Add support for AD users short name resolution
URL: https://github.com/freeipa/freeipa/pull/577 Author: pvomacka Title: #577: WebUI: Add support for AD users short name resolution Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/577/head:pr577 git checkout pr577 From bbb573aea93351157d485f560160949402447b59 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 13 Mar 2017 17:30:57 +0100 Subject: [PATCH] WebUI: Add support for management of user short name resolution https://pagure.io/freeipa/issue/6372 --- install/ui/src/freeipa/idviews.js | 4 install/ui/src/freeipa/serverconfig.js | 4 2 files changed, 8 insertions(+) diff --git a/install/ui/src/freeipa/idviews.js b/install/ui/src/freeipa/idviews.js index 25c043c..f383ab3 100644 --- a/install/ui/src/freeipa/idviews.js +++ b/install/ui/src/freeipa/idviews.js @@ -100,6 +100,10 @@ return { fields: [ 'cn', { +name: 'ipadomainresolutionorder', +tooltip: '@mc-opt:idview_mod:ipadomainresolutionorder:doc' +}, +{ $type: 'textarea', name: 'description' } diff --git a/install/ui/src/freeipa/serverconfig.js b/install/ui/src/freeipa/serverconfig.js index 2bc4e88..25f484a 100644 --- a/install/ui/src/freeipa/serverconfig.js +++ b/install/ui/src/freeipa/serverconfig.js @@ -56,6 +56,10 @@ return { 'ipausersearchfields', 'ipadefaultemaildomain', { +name: 'ipadomainresolutionorder', +tooltip: '@mc-opt:config_mod:ipadomainresolutionorder:doc' +}, +{ $type: 'entity_select', name: 'ipadefaultprimarygroup', other_entity: 'group', -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#577][synchronized] WebUI: Add support for AD users short name resolution
URL: https://github.com/freeipa/freeipa/pull/577 Author: pvomacka Title: #577: WebUI: Add support for AD users short name resolution Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/577/head:pr577 git checkout pr577 From 128f628f2f322866f7c51c50926675871679 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 13 Mar 2017 17:30:57 +0100 Subject: [PATCH] WebUI: Add support for AD users short name resolution https://pagure.io/freeipa/issue/6372 --- install/ui/src/freeipa/idviews.js | 4 install/ui/src/freeipa/serverconfig.js | 4 2 files changed, 8 insertions(+) diff --git a/install/ui/src/freeipa/idviews.js b/install/ui/src/freeipa/idviews.js index 25c043c..f383ab3 100644 --- a/install/ui/src/freeipa/idviews.js +++ b/install/ui/src/freeipa/idviews.js @@ -100,6 +100,10 @@ return { fields: [ 'cn', { +name: 'ipadomainresolutionorder', +tooltip: '@mc-opt:idview_mod:ipadomainresolutionorder:doc' +}, +{ $type: 'textarea', name: 'description' } diff --git a/install/ui/src/freeipa/serverconfig.js b/install/ui/src/freeipa/serverconfig.js index 2bc4e88..25f484a 100644 --- a/install/ui/src/freeipa/serverconfig.js +++ b/install/ui/src/freeipa/serverconfig.js @@ -56,6 +56,10 @@ return { 'ipausersearchfields', 'ipadefaultemaildomain', { +name: 'ipadomainresolutionorder', +tooltip: '@mc-opt:config_mod:ipadomainresolutionorder:doc' +}, +{ $type: 'entity_select', name: 'ipadefaultprimarygroup', other_entity: 'group', -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#559][synchronized] WebUI: Certificate login
URL: https://github.com/freeipa/freeipa/pull/559 Author: pvomacka Title: #559: WebUI: Certificate login Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/559/head:pr559 git checkout pr559 From 4becb4747ecc098c495f8174c2396f848133cd65 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 9 Mar 2017 12:14:21 +0100 Subject: [PATCH 1/2] Support certificate login after installation and upgrade Add necessary steps which set SSSD and set SELinux boolean during installation or upgrade. Also create new endpoint in apache for login using certificates. https://pagure.io/freeipa/issue/6225 --- freeipa.spec.in | 1 + install/conf/ipa.conf| 33 +++-- install/share/gssproxy.conf.template | 1 + ipaclient/install/client.py | 20 ipaserver/install/httpinstance.py| 1 + ipaserver/install/server/upgrade.py | 5 + 6 files changed, 59 insertions(+), 2 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 6eb00ee..bc3f3fb 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -255,6 +255,7 @@ Requires: mod_wsgi Requires: mod_auth_gssapi >= 1.5.0 Requires: mod_nss >= 1.0.8-26 Requires: mod_session +Requires: mod_lookup_identity Requires: python-ldap >= 2.4.15 Requires: python-gssapi >= 1.2.0 Requires: acl diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 419d4e3..164231c 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -1,11 +1,16 @@ # -# VERSION 23 - DO NOT REMOVE THIS LINE +# VERSION 24 - DO NOT REMOVE THIS LINE # # This file may be overwritten on upgrades. # -ProxyRequests Off +# Load lookup_identity module in case it has not been loaded yet +# The module is used to search users according the certificate. + +LoadModule lookup_identity_module modules/mod_lookup_identity.so + +ProxyRequests Off #We use xhtml, a file format that the browser validates DirectoryIndex index.html @@ -70,6 +75,7 @@ WSGIScriptReloading Off SessionMaxAge 1800 GssapiSessionKey file:/etc/httpd/alias/ipasession.key + GssapiImpersonate On GssapiDelegCcacheDir /var/run/ipa/ccaches GssapiDelegCcachePerms mode:0660 gid:ipaapi GssapiUseS4U2Proxy on @@ -97,6 +103,29 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login" Allow from all +# Login with user certificate/smartcard configuration +# This configuration needs to be loaded after + + AuthType none + GssapiDelegCcacheDir /var/run/ipa/ccaches + GssapiDelegCcachePerms mode:0660 gid:ipaapi + NSSVerifyClient require + NSSUserName SSL_CLIENT_CERT + LookupUserByCertificate On + WSGIProcessGroup ipa + WSGIApplicationGroup ipa + GssapiImpersonate On + + GssapiUseSessions On + Session On + SessionCookieName ipa_session path=/ipa;httponly;secure; + SessionHeader IPASESSION + SessionMaxAge 1800 + GssapiSessionKey file:/etc/httpd/alias/ipasession.key + + Header unset Set-Cookie + + Satisfy Any Order Deny,Allow diff --git a/install/share/gssproxy.conf.template b/install/share/gssproxy.conf.template index fbb158a..d703144 100644 --- a/install/share/gssproxy.conf.template +++ b/install/share/gssproxy.conf.template @@ -4,6 +4,7 @@ cred_store = keytab:$HTTP_KEYTAB cred_store = client_keytab:$HTTP_KEYTAB allow_protocol_transition = true + allow_constrained_delegation = true cred_usage = both euid = $HTTPD_USER diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index 774eaaf..579d1aa 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -846,6 +846,9 @@ def configure_sssd_conf( sssdconfig.new_config() domain = sssdconfig.new_domain(cli_domain) +if options.on_master: +sssd_enable_service(sssdconfig, 'ifp') + if ( (options.conf_ssh and file_exists(paths.SSH_CONFIG)) or (options.conf_sshd and file_exists(paths.SSHD_CONFIG)) @@ -948,6 +951,23 @@ def configure_sssd_conf( return 0 +def sssd_enable_service(sssdconfig, service): +try: +sssdconfig.new_service(service) +except SSSDConfig.ServiceAlreadyExists: +pass +except SSSDConfig.ServiceNotRecognizedError: +root_logger.error( +"Unable to activate the %s service in SSSD config.", service) +root_logger.info( +"Please make sure you have SSSD built with %s support " +"installed.", service) +root_logger.info( +"Configure %s support manually in /etc/sssd/sssd.conf.", service) + +sssdconfig.activate_service(service) + + def change_ssh_config(filename, changes, sections): if not changes: return True diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 3e8fb0c..048f317 100644 --- a/ipaserver/install/ht
[Freeipa-devel] [freeipa PR#559][synchronized] WebUI: Certificate login
URL: https://github.com/freeipa/freeipa/pull/559 Author: pvomacka Title: #559: WebUI: Certificate login Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/559/head:pr559 git checkout pr559 From 94f431f7f1a8b235edea6eba51a87b1fcd5c6625 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 9 Mar 2017 12:14:21 +0100 Subject: [PATCH 1/2] Support certificate login after installation and upgrade Add necessary steps which set SSSD and set SELinux boolean during installation or upgrade. Also create new endpoint in apache for login using certificates. https://pagure.io/freeipa/issue/6225 --- freeipa.spec.in | 1 + install/conf/ipa.conf| 31 ++- install/share/gssproxy.conf.template | 1 + ipaclient/install/client.py | 20 ipaserver/install/httpinstance.py| 1 + ipaserver/install/server/upgrade.py | 5 + 6 files changed, 58 insertions(+), 1 deletion(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 6eb00ee..bc3f3fb 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -255,6 +255,7 @@ Requires: mod_wsgi Requires: mod_auth_gssapi >= 1.5.0 Requires: mod_nss >= 1.0.8-26 Requires: mod_session +Requires: mod_lookup_identity Requires: python-ldap >= 2.4.15 Requires: python-gssapi >= 1.2.0 Requires: acl diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 419d4e3..7ac67f5 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -4,8 +4,13 @@ # This file may be overwritten on upgrades. # -ProxyRequests Off +# Load lookup_identity module in case it has not been loaded yet +# The module is used to search users according the certificate. + +LoadModule lookup_identity_module modules/mod_lookup_identity.so + +ProxyRequests Off #We use xhtml, a file format that the browser validates DirectoryIndex index.html @@ -70,6 +75,7 @@ WSGIScriptReloading Off SessionMaxAge 1800 GssapiSessionKey file:/etc/httpd/alias/ipasession.key + GssapiImpersonate On GssapiDelegCcacheDir /var/run/ipa/ccaches GssapiDelegCcachePerms mode:0660 gid:ipaapi GssapiUseS4U2Proxy on @@ -97,6 +103,29 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login" Allow from all +# Login with user certificate/smartcard configuration +# This configuration needs to be loaded after + + AuthType none + GssapiDelegCcacheDir /var/run/ipa/ccaches + GssapiDelegCcachePerms mode:0660 gid:ipaapi + NSSVerifyClient require + NSSUserName SSL_CLIENT_CERT + LookupUserByCertificate On + WSGIProcessGroup ipa + WSGIApplicationGroup ipa + GssapiImpersonate On + + GssapiUseSessions On + Session On + SessionCookieName ipa_session path=/ipa;httponly;secure; + SessionHeader IPASESSION + SessionMaxAge 1800 + GssapiSessionKey file:/etc/httpd/alias/ipasession.key + + Header unset Set-Cookie + + Satisfy Any Order Deny,Allow diff --git a/install/share/gssproxy.conf.template b/install/share/gssproxy.conf.template index fbb158a..d703144 100644 --- a/install/share/gssproxy.conf.template +++ b/install/share/gssproxy.conf.template @@ -4,6 +4,7 @@ cred_store = keytab:$HTTP_KEYTAB cred_store = client_keytab:$HTTP_KEYTAB allow_protocol_transition = true + allow_constrained_delegation = true cred_usage = both euid = $HTTPD_USER diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index 774eaaf..579d1aa 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -846,6 +846,9 @@ def configure_sssd_conf( sssdconfig.new_config() domain = sssdconfig.new_domain(cli_domain) +if options.on_master: +sssd_enable_service(sssdconfig, 'ifp') + if ( (options.conf_ssh and file_exists(paths.SSH_CONFIG)) or (options.conf_sshd and file_exists(paths.SSHD_CONFIG)) @@ -948,6 +951,23 @@ def configure_sssd_conf( return 0 +def sssd_enable_service(sssdconfig, service): +try: +sssdconfig.new_service(service) +except SSSDConfig.ServiceAlreadyExists: +pass +except SSSDConfig.ServiceNotRecognizedError: +root_logger.error( +"Unable to activate the %s service in SSSD config.", service) +root_logger.info( +"Please make sure you have SSSD built with %s support " +"installed.", service) +root_logger.info( +"Configure %s support manually in /etc/sssd/sssd.conf.", service) + +sssdconfig.activate_service(service) + + def change_ssh_config(filename, changes, sections): if not changes: return True diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 3e8fb0c..048f317 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -53,6 +53,7 @@ httpd_can_
[Freeipa-devel] [freeipa PR#559][synchronized] WebUI: Certificate login
URL: https://github.com/freeipa/freeipa/pull/559 Author: pvomacka Title: #559: WebUI: Certificate login Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/559/head:pr559 git checkout pr559 From 41aafdf67613ce3cd98471d00d523c6c792c849d Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 9 Mar 2017 12:14:21 +0100 Subject: [PATCH 1/2] Support certificate login after installation and upgrade Add necessary steps which set SSSD and set SELinux boolean during installation or upgrade. Also create new endpoint in apache for login using certificates. https://pagure.io/freeipa/issue/6225 --- freeipa.spec.in | 1 + install/conf/ipa.conf| 30 +- install/share/gssproxy.conf.template | 1 + ipaclient/install/client.py | 20 ipaserver/install/httpinstance.py| 1 + ipaserver/install/server/upgrade.py | 5 + 6 files changed, 57 insertions(+), 1 deletion(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 6eb00ee..bc3f3fb 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -255,6 +255,7 @@ Requires: mod_wsgi Requires: mod_auth_gssapi >= 1.5.0 Requires: mod_nss >= 1.0.8-26 Requires: mod_session +Requires: mod_lookup_identity Requires: python-ldap >= 2.4.15 Requires: python-gssapi >= 1.2.0 Requires: acl diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 419d4e3..b4f2fb9 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -4,8 +4,13 @@ # This file may be overwritten on upgrades. # -ProxyRequests Off +# Load lookup_identity module in case it has not been loaded yet +# The module is used to search users according the certificate. + +LoadModule lookup_identity_module modules/mod_lookup_identity.so + +ProxyRequests Off #We use xhtml, a file format that the browser validates DirectoryIndex index.html @@ -70,6 +75,7 @@ WSGIScriptReloading Off SessionMaxAge 1800 GssapiSessionKey file:/etc/httpd/alias/ipasession.key + GssapiImpersonate On GssapiDelegCcacheDir /var/run/ipa/ccaches GssapiDelegCcachePerms mode:0660 gid:ipaapi GssapiUseS4U2Proxy on @@ -97,6 +103,28 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login" Allow from all +# Login with user certificate/smartcard configuration +# This configuration needs to be loaded after + + AuthType none + GssapiDelegCcacheDir /var/run/ipa/ccaches + GssapiDelegCcachePerms mode:0660 gid:ipaapi + NSSVerifyClient require + NSSUserName SSL_CLIENT_CERT + LookupUserByCertificate On + WSGIProcessGroup ipa + WSGIApplicationGroup ipa + + GssapiUseSessions On + Session On + SessionCookieName ipa_session path=/ipa;httponly;secure; + SessionHeader IPASESSION + SessionMaxAge 1800 + GssapiSessionKey file:/etc/httpd/alias/ipasession.key + + Header unset Set-Cookie + + Satisfy Any Order Deny,Allow diff --git a/install/share/gssproxy.conf.template b/install/share/gssproxy.conf.template index fbb158a..d703144 100644 --- a/install/share/gssproxy.conf.template +++ b/install/share/gssproxy.conf.template @@ -4,6 +4,7 @@ cred_store = keytab:$HTTP_KEYTAB cred_store = client_keytab:$HTTP_KEYTAB allow_protocol_transition = true + allow_constrained_delegation = true cred_usage = both euid = $HTTPD_USER diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index 774eaaf..579d1aa 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -846,6 +846,9 @@ def configure_sssd_conf( sssdconfig.new_config() domain = sssdconfig.new_domain(cli_domain) +if options.on_master: +sssd_enable_service(sssdconfig, 'ifp') + if ( (options.conf_ssh and file_exists(paths.SSH_CONFIG)) or (options.conf_sshd and file_exists(paths.SSHD_CONFIG)) @@ -948,6 +951,23 @@ def configure_sssd_conf( return 0 +def sssd_enable_service(sssdconfig, service): +try: +sssdconfig.new_service(service) +except SSSDConfig.ServiceAlreadyExists: +pass +except SSSDConfig.ServiceNotRecognizedError: +root_logger.error( +"Unable to activate the %s service in SSSD config.", service) +root_logger.info( +"Please make sure you have SSSD built with %s support " +"installed.", service) +root_logger.info( +"Configure %s support manually in /etc/sssd/sssd.conf.", service) + +sssdconfig.activate_service(service) + + def change_ssh_config(filename, changes, sections): if not changes: return True diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 3e8fb0c..048f317 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -53,6 +53,7 @@ httpd_can_network_connect='on',
[Freeipa-devel] [freeipa PR#139][synchronized] WebUI: Vault Management
URL: https://github.com/freeipa/freeipa/pull/139 Author: pvomacka Title: #139: WebUI: Vault Management Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/139/head:pr139 git checkout pr139 From 5ae278199c0ae562647b7fba63b24de359a606a5 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 5 Oct 2016 09:54:24 +0200 Subject: [PATCH 01/15] Additional option to add and del operations can be set By setting the property 'additional_add_del_field' to the name of one of the fields which are on current details page, we choose field which value will be added to *_add_* and *_del_* commands in this format: {field_name: field_value} --field_name: field_value Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 22 ++ 1 file changed, 22 insertions(+) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index 7579bb0..d44f8c8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -421,6 +421,14 @@ IPA.association_table_widget = function (spec) { var that = IPA.table_widget(spec); +/** + * The value should be name of the field, which will be added to *_add_*, + * *_del_* commands as option: {fieldname: fieldvalue}. + * + * @property {String} fieldname + */ +that.additional_add_del_field = spec.additional_add_del_field; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -677,9 +685,22 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); + command.execute(); }; +that.join_additional_option = function(command) { +var add_opt = that.additional_add_del_field; +if (add_opt && typeof add_opt === 'string') { +var opt_field = that.entity.facet.get_field(add_opt); +var value; +if (opt_field) value = opt_field.get_value()[0]; + +command.set_option(add_opt, value); +} +}; + that.show_remove_dialog = function() { var selected_values = that.get_selected_values(); @@ -741,6 +762,7 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); command.execute(); }; From 0322f2e82f024a8f3da0ad33401caba8f8ea68bb Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 5 Oct 2016 10:09:20 +0200 Subject: [PATCH 02/15] Allow to set another other_entity name Association table's add, del commands needs as option list of cn of other_entity, which is added or deleted. There is a case (currently in vaults) that the name of option is different than the name of other_entity. In this situation we can set 'other_option_name' and put there the option name. This option name will be used instead of 'other_entity' name. Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 29 ++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index d44f8c8..02f990a 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -429,6 +429,22 @@ IPA.association_table_widget = function (spec) { */ that.additional_add_del_field = spec.additional_add_del_field; +/** + * Can be used in situations when the *_add_member command needs entity + * as a parameter, but parameter has different name than entity. + * i.e. vault_add_member --services=[values] ... this needs values from service + * entity, but option is called services, that we can set by setting + * this option in spec to other_option_name: 'services' + * + * @property {String} other_option_name + */ +that.other_option_name = spec.other_option_name; + +/** + * Entity which is added into member table. + * + * @property {String} other_entity + */ that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -683,9 +699,9 @@ IPA.association_table_widget = function (spec) { on_success: on_success, on_error: on_error }); -command.set_option(that.other_entity.name, values); that.join_additional_option(command); +that.handle_entity_option(command, values); command.execute(); }; @@ -701,6 +717,14 @@ IPA.association_table_widget = function (spec) { } }; +that.handle_entity_option = function(command, values) { +var option_name = th
[Freeipa-devel] [freeipa PR#577][synchronized] WebUI: Add support for AD users short name resolution
URL: https://github.com/freeipa/freeipa/pull/577 Author: pvomacka Title: #577: WebUI: Add support for AD users short name resolution Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/577/head:pr577 git checkout pr577 From 679d91c00243ca01bc04bc1d2e6b89654906414b Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 13 Mar 2017 17:30:57 +0100 Subject: [PATCH] WebUI: Add support for AD users short name resolution https://pagure.io/freeipa/issue/6372 --- install/ui/src/freeipa/idviews.js | 4 install/ui/src/freeipa/serverconfig.js | 4 2 files changed, 8 insertions(+) diff --git a/install/ui/src/freeipa/idviews.js b/install/ui/src/freeipa/idviews.js index 25c043c..322f80e 100644 --- a/install/ui/src/freeipa/idviews.js +++ b/install/ui/src/freeipa/idviews.js @@ -267,6 +267,10 @@ return { 'loginshell', 'homedirectory', { +name: 'ipadomainresolutionorder', +tooltip: '@mc-opt:idview_mod:ipadomainresolutionorder:doc' +}, +{ $type: 'sshkeys', name: 'ipasshpubkey', label: '@i18n:objects.sshkeystore.keys' diff --git a/install/ui/src/freeipa/serverconfig.js b/install/ui/src/freeipa/serverconfig.js index 2bc4e88..25f484a 100644 --- a/install/ui/src/freeipa/serverconfig.js +++ b/install/ui/src/freeipa/serverconfig.js @@ -56,6 +56,10 @@ return { 'ipausersearchfields', 'ipadefaultemaildomain', { +name: 'ipadomainresolutionorder', +tooltip: '@mc-opt:config_mod:ipadomainresolutionorder:doc' +}, +{ $type: 'entity_select', name: 'ipadefaultprimarygroup', other_entity: 'group', -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#139][synchronized] WebUI: Vault Management
URL: https://github.com/freeipa/freeipa/pull/139 Author: pvomacka Title: #139: WebUI: Vault Management Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/139/head:pr139 git checkout pr139 From fa1ff996452da2ec6dc114a62a0c69dc0218474d Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 5 Oct 2016 09:54:24 +0200 Subject: [PATCH 01/15] Additional option to add and del operations can be set By setting the property 'additional_add_del_field' to the name of one of the fields which are on current details page, we choose field which value will be added to *_add_* and *_del_* commands in this format: {field_name: field_value} --field_name: field_value Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 22 ++ 1 file changed, 22 insertions(+) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index 7579bb0..d44f8c8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -421,6 +421,14 @@ IPA.association_table_widget = function (spec) { var that = IPA.table_widget(spec); +/** + * The value should be name of the field, which will be added to *_add_*, + * *_del_* commands as option: {fieldname: fieldvalue}. + * + * @property {String} fieldname + */ +that.additional_add_del_field = spec.additional_add_del_field; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -677,9 +685,22 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); + command.execute(); }; +that.join_additional_option = function(command) { +var add_opt = that.additional_add_del_field; +if (add_opt && typeof add_opt === 'string') { +var opt_field = that.entity.facet.get_field(add_opt); +var value; +if (opt_field) value = opt_field.get_value()[0]; + +command.set_option(add_opt, value); +} +}; + that.show_remove_dialog = function() { var selected_values = that.get_selected_values(); @@ -741,6 +762,7 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); command.execute(); }; From f0fdd68f7f1cfdfba0660d0e99e0ac3b999d88ee Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 5 Oct 2016 10:09:20 +0200 Subject: [PATCH 02/15] Allow to set another other_entity name Association table's add, del commands needs as option list of cn of other_entity, which is added or deleted. There is a case (currently in vaults) that the name of option is different than the name of other_entity. In this situation we can set 'other_option_name' and put there the option name. This option name will be used instead of 'other_entity' name. Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 29 ++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index d44f8c8..02f990a 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -429,6 +429,22 @@ IPA.association_table_widget = function (spec) { */ that.additional_add_del_field = spec.additional_add_del_field; +/** + * Can be used in situations when the *_add_member command needs entity + * as a parameter, but parameter has different name than entity. + * i.e. vault_add_member --services=[values] ... this needs values from service + * entity, but option is called services, that we can set by setting + * this option in spec to other_option_name: 'services' + * + * @property {String} other_option_name + */ +that.other_option_name = spec.other_option_name; + +/** + * Entity which is added into member table. + * + * @property {String} other_entity + */ that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -683,9 +699,9 @@ IPA.association_table_widget = function (spec) { on_success: on_success, on_error: on_error }); -command.set_option(that.other_entity.name, values); that.join_additional_option(command); +that.handle_entity_option(command, values); command.execute(); }; @@ -701,6 +717,14 @@ IPA.association_table_widget = function (spec) { } }; +that.handle_entity_option = function(command, values) { +var option_name = th
[Freeipa-devel] [freeipa PR#559][synchronized] WebUI: Certificate login
URL: https://github.com/freeipa/freeipa/pull/559 Author: pvomacka Title: #559: WebUI: Certificate login Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/559/head:pr559 git checkout pr559 From 52e58f561fa04e2139efea7b7f9215ab56f0da19 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 9 Mar 2017 12:14:21 +0100 Subject: [PATCH 1/2] Support certificate login after installation and upgrade Add necessary steps which set SSSD and set SELinux boolean during installation or upgrade. Also create new endpoint in apache for login using certificates. https://pagure.io/freeipa/issue/6225 --- freeipa.spec.in | 1 + install/conf/ipa.conf | 24 +++- ipaclient/install/client.py | 20 ipaserver/install/httpinstance.py | 1 + ipaserver/install/server/upgrade.py | 5 + 5 files changed, 50 insertions(+), 1 deletion(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 6eb00ee..bc3f3fb 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -255,6 +255,7 @@ Requires: mod_wsgi Requires: mod_auth_gssapi >= 1.5.0 Requires: mod_nss >= 1.0.8-26 Requires: mod_session +Requires: mod_lookup_identity Requires: python-ldap >= 2.4.15 Requires: python-gssapi >= 1.2.0 Requires: acl diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 419d4e3..71330e1 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -4,8 +4,13 @@ # This file may be overwritten on upgrades. # -ProxyRequests Off +# Load lookup_identity module in case it has not been loaded yet +# The module is used to search users according the certificate. + +LoadModule lookup_identity_module modules/mod_lookup_identity.so + +ProxyRequests Off #We use xhtml, a file format that the browser validates DirectoryIndex index.html @@ -97,6 +102,23 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login" Allow from all +# Login with user certificate/smartcard configuration +# This configuration needs to be loaded after + + AuthType none + Require all granted + GssapiCredStore keytab:/var/lib/ipa/gssproxy/http.keytab + GssapiCredStore client_keytab:/var/lib/ipa/gssproxy/http.keytab + GssapiDelegCcacheDir /var/run/ipa/ccaches + GssapiDelegCcachePerms mode:0660 gid:ipaapi + GssapiImpersonate On + NSSVerifyClient require + NSSUserName SSL_CLIENT_CERT + LookupUserByCertificate On + WSGIProcessGroup ipa + WSGIApplicationGroup ipa + + Satisfy Any Order Deny,Allow diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index 774eaaf..579d1aa 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -846,6 +846,9 @@ def configure_sssd_conf( sssdconfig.new_config() domain = sssdconfig.new_domain(cli_domain) +if options.on_master: +sssd_enable_service(sssdconfig, 'ifp') + if ( (options.conf_ssh and file_exists(paths.SSH_CONFIG)) or (options.conf_sshd and file_exists(paths.SSHD_CONFIG)) @@ -948,6 +951,23 @@ def configure_sssd_conf( return 0 +def sssd_enable_service(sssdconfig, service): +try: +sssdconfig.new_service(service) +except SSSDConfig.ServiceAlreadyExists: +pass +except SSSDConfig.ServiceNotRecognizedError: +root_logger.error( +"Unable to activate the %s service in SSSD config.", service) +root_logger.info( +"Please make sure you have SSSD built with %s support " +"installed.", service) +root_logger.info( +"Configure %s support manually in /etc/sssd/sssd.conf.", service) + +sssdconfig.activate_service(service) + + def change_ssh_config(filename, changes, sections): if not changes: return True diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 3e8fb0c..048f317 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -53,6 +53,7 @@ httpd_can_network_connect='on', httpd_manage_ipa='on', httpd_run_ipa='on', +httpd_dbus_sssd='on', ) HTTPD_USER = constants.HTTPD_USER diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index b19c2f0..993835e 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -23,6 +23,7 @@ import SSSDConfig import ipalib.util import ipalib.errors +from ipaclient.install.client import sssd_enable_service from ipaplatform import services from ipaplatform.tasks import tasks from ipapython import ipautil, version, certdb @@ -1771,6 +1772,10 @@ def upgrade_configuration(): set_sssd_domain_option('ipa_server_mode', 'True') +sssdconfig = SSSDConfig.SSSDConfig() +sssdconfig.import_config() +sssd_enable_service(sssdconfig, 'ifp
[Freeipa-devel] [freeipa PR#559][comment] WebUI: Certificate login
URL: https://github.com/freeipa/freeipa/pull/559 Title: #559: WebUI: Certificate login pvomacka commented: """ @pvoborni thank you for review. Fixed all proposed changes. """ See the full comment at https://github.com/freeipa/freeipa/pull/559#issuecomment-285348733 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#559][synchronized] WebUI: Certificate login
URL: https://github.com/freeipa/freeipa/pull/559 Author: pvomacka Title: #559: WebUI: Certificate login Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/559/head:pr559 git checkout pr559 From bbf5e87ad89f8e8dd4e4172b18c0359039d31f4a Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 9 Mar 2017 12:14:21 +0100 Subject: [PATCH 1/2] Support certificate login after installation and upgrade Add necessary steps which set SSSD and set SELinux boolean during installation or upgrade. Also create new endpoint in apache for login using certificates. https://pagure.io/freeipa/issue/6225 --- freeipa.spec.in | 1 + install/conf/ipa.conf | 25 - ipaclient/install/client.py | 20 ipaserver/install/httpinstance.py | 1 + ipaserver/install/server/upgrade.py | 5 + 5 files changed, 51 insertions(+), 1 deletion(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index db591e0..af76a7d 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -255,6 +255,7 @@ Requires: mod_wsgi Requires: mod_auth_gssapi >= 1.5.0 Requires: mod_nss >= 1.0.8-26 Requires: mod_session +Requires: mod_lookup_identity Requires: python-ldap >= 2.4.15 Requires: python-gssapi >= 1.2.0 Requires: acl diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 419d4e3..f9c8f44 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -4,8 +4,13 @@ # This file may be overwritten on upgrades. # -ProxyRequests Off +# Load lookup_identity module in case it has not been loaded yet +# The module is used to search users according the certificate. + +LoadModule lookup_identity_module modules/mod_lookup_identity.so + +ProxyRequests Off #We use xhtml, a file format that the browser validates DirectoryIndex index.html @@ -97,6 +102,24 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login" Allow from all +# Login with user certificate/smartcard configuration +# This configuration needs to be loaded after + + AuthType none + Require all granted + GssapiCredStore keytab:/var/lib/ipa/gssproxy/http.keytab + GssapiCredStore client_keytab:/var/lib/ipa/gssproxy/http.keytab + GssapiDelegCcacheDir /var/run/ipa/ccaches + GssapiDelegCcachePerms mode:0660 gid:ipaapi + GssapiImpersonate On + NSSVerifyClient require + NSSOCSP On + NSSUserName SSL_CLIENT_CERT + LookupUserByCertificate On + WSGIProcessGroup ipa + WSGIApplicationGroup ipa + + Satisfy Any Order Deny,Allow diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index 774eaaf..579d1aa 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -846,6 +846,9 @@ def configure_sssd_conf( sssdconfig.new_config() domain = sssdconfig.new_domain(cli_domain) +if options.on_master: +sssd_enable_service(sssdconfig, 'ifp') + if ( (options.conf_ssh and file_exists(paths.SSH_CONFIG)) or (options.conf_sshd and file_exists(paths.SSHD_CONFIG)) @@ -948,6 +951,23 @@ def configure_sssd_conf( return 0 +def sssd_enable_service(sssdconfig, service): +try: +sssdconfig.new_service(service) +except SSSDConfig.ServiceAlreadyExists: +pass +except SSSDConfig.ServiceNotRecognizedError: +root_logger.error( +"Unable to activate the %s service in SSSD config.", service) +root_logger.info( +"Please make sure you have SSSD built with %s support " +"installed.", service) +root_logger.info( +"Configure %s support manually in /etc/sssd/sssd.conf.", service) + +sssdconfig.activate_service(service) + + def change_ssh_config(filename, changes, sections): if not changes: return True diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 0c2216e..b1f5986 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -53,6 +53,7 @@ httpd_can_network_connect='on', httpd_manage_ipa='on', httpd_run_ipa='on', +httpd_dbus_sssd='on', ) HTTPD_USER = constants.HTTPD_USER diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index b19c2f0..993835e 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -23,6 +23,7 @@ import SSSDConfig import ipalib.util import ipalib.errors +from ipaclient.install.client import sssd_enable_service from ipaplatform import services from ipaplatform.tasks import tasks from ipapython import ipautil, version, certdb @@ -1771,6 +1772,10 @@ def upgrade_configuration(): set_sssd_domain_option('ipa_server_mode', 'True') +sssdconfig = SSSDConfig.SSSDConfig() +sssdconfig.import_config() +sssd_enable_service(sssdconfi
[Freeipa-devel] [freeipa PR#559][synchronized] WebUI: Certificate login
URL: https://github.com/freeipa/freeipa/pull/559 Author: pvomacka Title: #559: WebUI: Certificate login Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/559/head:pr559 git checkout pr559 From bbf5e87ad89f8e8dd4e4172b18c0359039d31f4a Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 9 Mar 2017 12:14:21 +0100 Subject: [PATCH 1/2] Support certificate login after installation and upgrade Add necessary steps which set SSSD and set SELinux boolean during installation or upgrade. Also create new endpoint in apache for login using certificates. https://pagure.io/freeipa/issue/6225 --- freeipa.spec.in | 1 + install/conf/ipa.conf | 25 - ipaclient/install/client.py | 20 ipaserver/install/httpinstance.py | 1 + ipaserver/install/server/upgrade.py | 5 + 5 files changed, 51 insertions(+), 1 deletion(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index db591e0..af76a7d 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -255,6 +255,7 @@ Requires: mod_wsgi Requires: mod_auth_gssapi >= 1.5.0 Requires: mod_nss >= 1.0.8-26 Requires: mod_session +Requires: mod_lookup_identity Requires: python-ldap >= 2.4.15 Requires: python-gssapi >= 1.2.0 Requires: acl diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 419d4e3..f9c8f44 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -4,8 +4,13 @@ # This file may be overwritten on upgrades. # -ProxyRequests Off +# Load lookup_identity module in case it has not been loaded yet +# The module is used to search users according the certificate. + +LoadModule lookup_identity_module modules/mod_lookup_identity.so + +ProxyRequests Off #We use xhtml, a file format that the browser validates DirectoryIndex index.html @@ -97,6 +102,24 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login" Allow from all +# Login with user certificate/smartcard configuration +# This configuration needs to be loaded after + + AuthType none + Require all granted + GssapiCredStore keytab:/var/lib/ipa/gssproxy/http.keytab + GssapiCredStore client_keytab:/var/lib/ipa/gssproxy/http.keytab + GssapiDelegCcacheDir /var/run/ipa/ccaches + GssapiDelegCcachePerms mode:0660 gid:ipaapi + GssapiImpersonate On + NSSVerifyClient require + NSSOCSP On + NSSUserName SSL_CLIENT_CERT + LookupUserByCertificate On + WSGIProcessGroup ipa + WSGIApplicationGroup ipa + + Satisfy Any Order Deny,Allow diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index 774eaaf..579d1aa 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -846,6 +846,9 @@ def configure_sssd_conf( sssdconfig.new_config() domain = sssdconfig.new_domain(cli_domain) +if options.on_master: +sssd_enable_service(sssdconfig, 'ifp') + if ( (options.conf_ssh and file_exists(paths.SSH_CONFIG)) or (options.conf_sshd and file_exists(paths.SSHD_CONFIG)) @@ -948,6 +951,23 @@ def configure_sssd_conf( return 0 +def sssd_enable_service(sssdconfig, service): +try: +sssdconfig.new_service(service) +except SSSDConfig.ServiceAlreadyExists: +pass +except SSSDConfig.ServiceNotRecognizedError: +root_logger.error( +"Unable to activate the %s service in SSSD config.", service) +root_logger.info( +"Please make sure you have SSSD built with %s support " +"installed.", service) +root_logger.info( +"Configure %s support manually in /etc/sssd/sssd.conf.", service) + +sssdconfig.activate_service(service) + + def change_ssh_config(filename, changes, sections): if not changes: return True diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 0c2216e..b1f5986 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -53,6 +53,7 @@ httpd_can_network_connect='on', httpd_manage_ipa='on', httpd_run_ipa='on', +httpd_dbus_sssd='on', ) HTTPD_USER = constants.HTTPD_USER diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index b19c2f0..993835e 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -23,6 +23,7 @@ import SSSDConfig import ipalib.util import ipalib.errors +from ipaclient.install.client import sssd_enable_service from ipaplatform import services from ipaplatform.tasks import tasks from ipapython import ipautil, version, certdb @@ -1771,6 +1772,10 @@ def upgrade_configuration(): set_sssd_domain_option('ipa_server_mode', 'True') +sssdconfig = SSSDConfig.SSSDConfig() +sssdconfig.import_config() +sssd_enable_service(sssdconfi
[Freeipa-devel] [freeipa PR#559][synchronized] WebUI: Certificate login
URL: https://github.com/freeipa/freeipa/pull/559 Author: pvomacka Title: #559: WebUI: Certificate login Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/559/head:pr559 git checkout pr559 From b3b6fd6513df570639827c260c895a369322fca4 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 9 Mar 2017 12:14:21 +0100 Subject: [PATCH 1/2] Support certificate login after installation and upgrade Add necessary steps which set SSSD and set SELinux boolean during installation or upgrade. Also create new endpoint in apache for login using certificates. https://pagure.io/freeipa/issue/6225 --- freeipa.spec.in | 1 + install/conf/ipa.conf | 25 - ipaclient/install/client.py | 20 ipaserver/install/httpinstance.py | 1 + ipaserver/install/server/upgrade.py | 5 + 5 files changed, 51 insertions(+), 1 deletion(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index db591e0..af76a7d 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -255,6 +255,7 @@ Requires: mod_wsgi Requires: mod_auth_gssapi >= 1.5.0 Requires: mod_nss >= 1.0.8-26 Requires: mod_session +Requires: mod_lookup_identity Requires: python-ldap >= 2.4.15 Requires: python-gssapi >= 1.2.0 Requires: acl diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 419d4e3..44d07a1 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -4,8 +4,13 @@ # This file may be overwritten on upgrades. # -ProxyRequests Off +# Load lookup_identity module in case it has not been loaded yet +# The module is used to search users according the certificate. + +LoadModule lookup_identity_module modules/mod_lookup_identity.so + +ProxyRequests Off #We use xhtml, a file format that the browser validates DirectoryIndex index.html @@ -97,6 +102,24 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login" Allow from all +# Login with user certificate/smartcard configuration +# This configuration needs to be loaded after + + AuthType none + Require all granted + GssapiCredStore keytab:/var/lib/ipa/gssproxy/http.keytab + GssapiCredStore client_keytab:/var/lib/ipa/gssproxy/http.keytab + GssapiDelegCcacheDir /var/run/ipa/ccaches + GssapiDelegCcachePerms mode:0660 gid:ipaapi + GssapiImpersonate On + NSSVerifyClient require + NSSOCSP on + NSSUserName SSL_CLIENT_CERT + LookupUserByCertificate On + WSGIProcessGroup ipa + WSGIApplicationGroup ipa + + Satisfy Any Order Deny,Allow diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index 774eaaf..579d1aa 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -846,6 +846,9 @@ def configure_sssd_conf( sssdconfig.new_config() domain = sssdconfig.new_domain(cli_domain) +if options.on_master: +sssd_enable_service(sssdconfig, 'ifp') + if ( (options.conf_ssh and file_exists(paths.SSH_CONFIG)) or (options.conf_sshd and file_exists(paths.SSHD_CONFIG)) @@ -948,6 +951,23 @@ def configure_sssd_conf( return 0 +def sssd_enable_service(sssdconfig, service): +try: +sssdconfig.new_service(service) +except SSSDConfig.ServiceAlreadyExists: +pass +except SSSDConfig.ServiceNotRecognizedError: +root_logger.error( +"Unable to activate the %s service in SSSD config.", service) +root_logger.info( +"Please make sure you have SSSD built with %s support " +"installed.", service) +root_logger.info( +"Configure %s support manually in /etc/sssd/sssd.conf.", service) + +sssdconfig.activate_service(service) + + def change_ssh_config(filename, changes, sections): if not changes: return True diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 0c2216e..b1f5986 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -53,6 +53,7 @@ httpd_can_network_connect='on', httpd_manage_ipa='on', httpd_run_ipa='on', +httpd_dbus_sssd='on', ) HTTPD_USER = constants.HTTPD_USER diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index b19c2f0..993835e 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -23,6 +23,7 @@ import SSSDConfig import ipalib.util import ipalib.errors +from ipaclient.install.client import sssd_enable_service from ipaplatform import services from ipaplatform.tasks import tasks from ipapython import ipautil, version, certdb @@ -1771,6 +1772,10 @@ def upgrade_configuration(): set_sssd_domain_option('ipa_server_mode', 'True') +sssdconfig = SSSDConfig.SSSDConfig() +sssdconfig.import_config() +sssd_enable_service(sssdconfi
[Freeipa-devel] [freeipa PR#559][synchronized] WebUI: Certificate login
URL: https://github.com/freeipa/freeipa/pull/559 Author: pvomacka Title: #559: WebUI: Certificate login Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/559/head:pr559 git checkout pr559 From 31c53627081b46f043f9e0a544b9f8e0a072bfe2 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 9 Mar 2017 12:14:21 +0100 Subject: [PATCH 1/2] Support certificate login after installation and upgrade Add necessary steps which set SSSD and set SELinux boolean during installation or upgrade. Also create new endpoint in apache for login using certificates. https://pagure.io/freeipa/issue/6225 --- freeipa.spec.in | 1 + install/conf/ipa.conf | 25 - ipaclient/install/client.py | 20 ipaserver/install/httpinstance.py | 1 + ipaserver/install/server/upgrade.py | 5 + 5 files changed, 51 insertions(+), 1 deletion(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index db591e0..af76a7d 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -255,6 +255,7 @@ Requires: mod_wsgi Requires: mod_auth_gssapi >= 1.5.0 Requires: mod_nss >= 1.0.8-26 Requires: mod_session +Requires: mod_lookup_identity Requires: python-ldap >= 2.4.15 Requires: python-gssapi >= 1.2.0 Requires: acl diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 419d4e3..44d07a1 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -4,8 +4,13 @@ # This file may be overwritten on upgrades. # -ProxyRequests Off +# Load lookup_identity module in case it has not been loaded yet +# The module is used to search users according the certificate. + +LoadModule lookup_identity_module modules/mod_lookup_identity.so + +ProxyRequests Off #We use xhtml, a file format that the browser validates DirectoryIndex index.html @@ -97,6 +102,24 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login" Allow from all +# Login with user certificate/smartcard configuration +# This configuration needs to be loaded after + + AuthType none + Require all granted + GssapiCredStore keytab:/var/lib/ipa/gssproxy/http.keytab + GssapiCredStore client_keytab:/var/lib/ipa/gssproxy/http.keytab + GssapiDelegCcacheDir /var/run/ipa/ccaches + GssapiDelegCcachePerms mode:0660 gid:ipaapi + GssapiImpersonate On + NSSVerifyClient require + NSSOCSP on + NSSUserName SSL_CLIENT_CERT + LookupUserByCertificate On + WSGIProcessGroup ipa + WSGIApplicationGroup ipa + + Satisfy Any Order Deny,Allow diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index 774eaaf..579d1aa 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -846,6 +846,9 @@ def configure_sssd_conf( sssdconfig.new_config() domain = sssdconfig.new_domain(cli_domain) +if options.on_master: +sssd_enable_service(sssdconfig, 'ifp') + if ( (options.conf_ssh and file_exists(paths.SSH_CONFIG)) or (options.conf_sshd and file_exists(paths.SSHD_CONFIG)) @@ -948,6 +951,23 @@ def configure_sssd_conf( return 0 +def sssd_enable_service(sssdconfig, service): +try: +sssdconfig.new_service(service) +except SSSDConfig.ServiceAlreadyExists: +pass +except SSSDConfig.ServiceNotRecognizedError: +root_logger.error( +"Unable to activate the %s service in SSSD config.", service) +root_logger.info( +"Please make sure you have SSSD built with %s support " +"installed.", service) +root_logger.info( +"Configure %s support manually in /etc/sssd/sssd.conf.", service) + +sssdconfig.activate_service(service) + + def change_ssh_config(filename, changes, sections): if not changes: return True diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 0c2216e..b1f5986 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -53,6 +53,7 @@ httpd_can_network_connect='on', httpd_manage_ipa='on', httpd_run_ipa='on', +httpd_dbus_sssd='on', ) HTTPD_USER = constants.HTTPD_USER diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index b19c2f0..2d0c519 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -23,6 +23,7 @@ import SSSDConfig import ipalib.util import ipalib.errors +from ipaclient.client import sssd_enable_service from ipaplatform import services from ipaplatform.tasks import tasks from ipapython import ipautil, version, certdb @@ -1771,6 +1772,10 @@ def upgrade_configuration(): set_sssd_domain_option('ipa_server_mode', 'True') +sssdconfig = SSSDConfig.SSSDConfig() +sssdconfig.import_config() +sssd_enable_service(sssdconfig, 'ifp
[Freeipa-devel] [freeipa PR#559][opened] WebUI: Certificate login
URL: https://github.com/freeipa/freeipa/pull/559 Author: pvomacka Title: #559: WebUI: Certificate login Action: opened PR body: """ https://pagure.io/freeipa/issue/6225 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/559/head:pr559 git checkout pr559 From 23f356c60d951457b0052349934a6d6e0958de51 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Fri, 27 Jan 2017 10:13:26 +0100 Subject: [PATCH] WebUI: Certificate login --- freeipa.spec.in | 1 + install/conf/ipa.conf | 24 +++- install/ui/src/freeipa/auth.js| 4 +- install/ui/src/freeipa/widgets/LoginScreen.js | 73 ++- install/ui/src/freeipa/widgets/LoginScreenBase.js | 5 ++ ipaclient/install/client.py | 16 + ipaserver/install/httpinstance.py | 1 + 7 files changed, 119 insertions(+), 5 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index db591e0..af76a7d 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -255,6 +255,7 @@ Requires: mod_wsgi Requires: mod_auth_gssapi >= 1.5.0 Requires: mod_nss >= 1.0.8-26 Requires: mod_session +Requires: mod_lookup_identity Requires: python-ldap >= 2.4.15 Requires: python-gssapi >= 1.2.0 Requires: acl diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 419d4e3..1c1e874 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -4,8 +4,13 @@ # This file may be overwritten on upgrades. # -ProxyRequests Off +# Load lookup_identity module in case it has not been loaded yet +# The module is used to search users according the certificate. + +LoadModule lookup_identity_module modules/mod_lookup_identity.so + +ProxyRequests Off #We use xhtml, a file format that the browser validates DirectoryIndex index.html @@ -97,6 +102,23 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login" Allow from all +# Login with user certificate/smartcard configuration +# This configuration needs to be loaded after + + AuthType none + GssapiCredStore keytab:/var/lib/ipa/gssproxy/http.keytab + GssapiCredStore client_keytab:/var/lib/ipa/gssproxy/http.keytab + GssapiDelegCcacheDir /var/run/ipa/ccaches + GssapiDelegCcachePerms mode:0660 gid:ipaapi + GssapiImpersonate On + NSSVerifyClient require + NSSOCSP on + NSSUserName SSL_CLIENT_CERT + LookupUserByCertificate On + WSGIProcessGroup ipa + WSGIApplicationGroup ipa + + Satisfy Any Order Deny,Allow diff --git a/install/ui/src/freeipa/auth.js b/install/ui/src/freeipa/auth.js index 5e160a7..992b54a 100644 --- a/install/ui/src/freeipa/auth.js +++ b/install/ui/src/freeipa/auth.js @@ -111,7 +111,7 @@ auth.Auth = declare([Stateful, Evented], { * Enabled auth methods * @property {string[]} */ -auth_methods: ['kerberos', 'password'], +auth_methods: ['kerberos', 'password', 'certificate'], /** * Authenticated user's Kerberos principal @@ -249,4 +249,4 @@ auth.Auth = declare([Stateful, Evented], { auth.current = new auth.Auth(); return auth; -}); \ No newline at end of file +}); diff --git a/install/ui/src/freeipa/widgets/LoginScreen.js b/install/ui/src/freeipa/widgets/LoginScreen.js index 0096433..b99b517 100644 --- a/install/ui/src/freeipa/widgets/LoginScreen.js +++ b/install/ui/src/freeipa/widgets/LoginScreen.js @@ -19,10 +19,12 @@ */ define(['dojo/_base/declare', +'dojo/Deferred', 'dojo/dom-construct', 'dojo/dom-style', 'dojo/query', 'dojo/on', +'dojo/topic', '../ipa', '../auth', '../reg', @@ -31,7 +33,7 @@ define(['dojo/_base/declare', '../util', './LoginScreenBase' ], - function(declare, construct, dom_style, query, on, + function(declare, Deferred, construct, dom_style, query, on, topic, IPA, auth, reg, FieldBinder, text, util, LoginScreenBase) { @@ -55,11 +57,15 @@ define(['dojo/_base/declare', " have valid tickets (obtainable via kinit) and " + "configured" + " the browser correctly, then click Login. ", +cert_msg: " To login with Smart Card," + + " please make sure you have valid personal certificate. ", form_auth_failed: "Login failed due to an unknown reason. ", krb_auth_failed: "Authentication with Kerberos failed", +cert_auth_failed: "Authentication with personal certificate failed", + password_expired: "Your password has expired. Please enter a new password.", password_change_complete: "Password change complete", @@ -72,9 +78,12 @@ define(['dojo/_base/declare',
[Freeipa-devel] [freeipa PR#549][comment] WebUI: certmap match
URL: https://github.com/freeipa/freeipa/pull/549 Title: #549: WebUI: certmap match pvomacka commented: """ @pvoborni Yes, we should make a lint rule for leading spaces. """ See the full comment at https://github.com/freeipa/freeipa/pull/549#issuecomment-285061561 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#549][synchronized] WebUI: certmap match
URL: https://github.com/freeipa/freeipa/pull/549 Author: pvomacka Title: #549: WebUI: certmap match Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/549/head:pr549 git checkout pr549 From 5fb22584c08ee50afce10bdd4ba6572d7a6b00ae Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Tue, 7 Mar 2017 21:28:32 +0100 Subject: [PATCH 1/4] WebUI: Add possibility to turn of autoload when details.load is called When field on details facet has set 'autoload_value' to false, then it won't be loaded using that.load method of details facet. That means that field might stay unchanged even that loading of data was performed. Part of: https://pagure.io/freeipa/issue/6601 --- install/ui/src/freeipa/details.js | 3 ++- install/ui/src/freeipa/field.js | 8 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/install/ui/src/freeipa/details.js b/install/ui/src/freeipa/details.js index 9f0e632..87b355a 100644 --- a/install/ui/src/freeipa/details.js +++ b/install/ui/src/freeipa/details.js @@ -743,7 +743,8 @@ exp.details_facet = IPA.details_facet = function(spec, no_init) { var fields = that.fields.get_fields(); for (var i=0; i<fields.length; i++) { var field = fields[i]; -field.load(data); + +if (field.autoload_value) field.load(data); } that.policies.post_load(data); that.post_load.notify([data], that); diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index f410557..3c027bc 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -196,6 +196,14 @@ field.field = IPA.field = function(spec) { that.required = spec.required; /** + * Turns off loading value from command output on details pages. + * Used in certmap_match. + * @property {boolean} + */ +that.autoload_value = spec.autoload_value === undefined ? true : +spec.autoload_value; + +/** * read_only is set when widget is created * @readonly * @property {boolean} From 2e90e191342a4bcc1a787af414a1d0f3afec7772 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Tue, 7 Mar 2017 21:30:00 +0100 Subject: [PATCH 2/4] WebUI: Possibility to choose object when API call returns list of objects In case that API call returns array of objects which contains data, using 'object_index' attribute in adapter specification we can set which object should be used. It is possible to choose only one object specified by its index in array. Part of: https://pagure.io/freeipa/issue/6601 --- install/ui/src/freeipa/field.js | 13 + 1 file changed, 13 insertions(+) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index 3c027bc..ea548c0 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -819,6 +819,15 @@ field.Adapter = declare(null, { result_index: 0, /** + * When result of API call is an array of object this object index + * allows to specify exact object in array according to its position. + * Default value is null which means do not use object_index. + * + * @type {Number|null} + */ +object_index: null, + +/** * Name of the record which we want to extract from the result. * Used in dnslocations. * @type {String} @@ -849,6 +858,10 @@ field.Adapter = declare(null, { else if (dr.results) { var result = dr.results[this.result_index]; if (result) record = result[this.result_name]; +var res_type = typeof record; +var obj_in_type = typeof this.object_index; +if (res_type === 'object' && obj_in_type === 'number') +record = record[this.object_index]; } } return record; From 29d75b30edc2af4a4709b3d55b6d8cbc5855aed7 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Tue, 7 Mar 2017 21:30:45 +0100 Subject: [PATCH 3/4] WebUI: Add Adapter for certmap_match result table Result of certmap_match command is in the following format: [{domain: 'domain1', uid:[uid11,uid12,uid13]}, {domain: 'domain2', uid:[uid21, uid22, uid23},...] For correct displaying in table we need to reformat it to the following: [{domain: 'domain1', uid: 'uid11'}, {domain: 'domain1', uid: 'uid12'},... This can be done using this Adapter. Part of: https://pagure.io/freeipa/issue/6601 --- install/ui/src/freeipa/field.js | 79 + 1 file changed, 79 insertions(+) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index ea548c0..5df2f6c 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -1495,6 +1495,84 @@ field.AlternateAttrFieldAda
[Freeipa-devel] [freeipa PR#554][+ack] webui: fixes normalization of value in attributes widget
URL: https://github.com/freeipa/freeipa/pull/554 Title: #554: webui: fixes normalization of value in attributes widget Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#549][comment] WebUI: certmap match
URL: https://github.com/freeipa/freeipa/pull/549 Title: #549: WebUI: certmap match pvomacka commented: """ In last sync I changed string of clear button title. """ See the full comment at https://github.com/freeipa/freeipa/pull/549#issuecomment-285025740 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#549][synchronized] WebUI: certmap match
URL: https://github.com/freeipa/freeipa/pull/549 Author: pvomacka Title: #549: WebUI: certmap match Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/549/head:pr549 git checkout pr549 From 230fcbb463266a957da60b28ee4251361027 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Tue, 7 Mar 2017 21:28:32 +0100 Subject: [PATCH 1/4] WebUI: Add possibility to turn of autoload when details.load is called When field on details facet has set 'autoload_value' to false, then it won't be loaded using that.load method of details facet. That means that field might stay unchanged even that loading of data was performed. Part of: https://pagure.io/freeipa/issue/6601 --- install/ui/src/freeipa/details.js | 3 ++- install/ui/src/freeipa/field.js | 8 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/install/ui/src/freeipa/details.js b/install/ui/src/freeipa/details.js index 9f0e632..87b355a 100644 --- a/install/ui/src/freeipa/details.js +++ b/install/ui/src/freeipa/details.js @@ -743,7 +743,8 @@ exp.details_facet = IPA.details_facet = function(spec, no_init) { var fields = that.fields.get_fields(); for (var i=0; i<fields.length; i++) { var field = fields[i]; -field.load(data); + +if (field.autoload_value) field.load(data); } that.policies.post_load(data); that.post_load.notify([data], that); diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index 9f287dd..4a63242 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -196,6 +196,14 @@ field.field = IPA.field = function(spec) { that.required = spec.required; /** + * Turns off loading value from command output on details pages. + * Used in certmap_match. + * @property {boolean} + */ +that.autoload_value = spec.autoload_value === undefined ? true : +spec.autoload_value; + +/** * read_only is set when widget is created * @readonly * @property {boolean} From 82aae381d873a4fe3bebd50213f546276afe22ec Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Tue, 7 Mar 2017 21:30:00 +0100 Subject: [PATCH 2/4] WebUI: Possibility to choose object when API call returns list of objects In case that API call returns array of objects which contains data, using 'object_index' attribute in adapter specification we can set which object should be used. It is possible to choose only one object specified by its index in array. Part of: https://pagure.io/freeipa/issue/6601 --- install/ui/src/freeipa/field.js | 13 + 1 file changed, 13 insertions(+) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index 4a63242..3b6b97b 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -819,6 +819,15 @@ field.Adapter = declare(null, { result_index: 0, /** + * When result of API call is an array of object this object index + * allows to specify exact object in array according to its position. + * Default value is null which means do not use object_index. + * + * @type {Number|null} + */ + object_index: null, + +/** * Name of the record which we want to extract from the result. * Used in dnslocations. * @type {String} @@ -849,6 +858,10 @@ field.Adapter = declare(null, { else if (dr.results) { var result = dr.results[this.result_index]; if (result) record = result[this.result_name]; +var res_type = typeof record; +var obj_in_type = typeof this.object_index; +if (res_type === 'object' && obj_in_type === 'number') +record = record[this.object_index]; } } return record; From 7d30594f88572970ee3428234af9a49a5397b10f Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Tue, 7 Mar 2017 21:30:45 +0100 Subject: [PATCH 3/4] WebUI: Add Adapter for certmap_match result table Result of certmap_match command is in the following format: [{domain: 'domain1', uid:[uid11,uid12,uid13]}, {domain: 'domain2', uid:[uid21, uid22, uid23},...] For correct displaying in table we need to reformat it to the following: [{domain: 'domain1', uid: 'uid11'}, {domain: 'domain1', uid: 'uid12'},... This can be done using this Adapter. Part of: https://pagure.io/freeipa/issue/6601 --- install/ui/src/freeipa/field.js | 79 + 1 file changed, 79 insertions(+) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index 3b6b97b..dde2837 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -1462,6 +1462,84 @@ field.AlternateAttrFieldAda
[Freeipa-devel] [freeipa PR#300][comment] WebUI: Add support for custom table pagination size
URL: https://github.com/freeipa/freeipa/pull/300 Title: #300: WebUI: Add support for custom table pagination size pvomacka commented: """ @pvoborni Thank you for review. Proposed changes fixed. """ See the full comment at https://github.com/freeipa/freeipa/pull/300#issuecomment-285025154 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#300][synchronized] WebUI: Add support for custom table pagination size
URL: https://github.com/freeipa/freeipa/pull/300 Author: pvomacka Title: #300: WebUI: Add support for custom table pagination size Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/300/head:pr300 git checkout pr300 From 79e2cf9282a562384ac6710a0972477500ab440c Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 11 Aug 2016 15:51:33 +0200 Subject: [PATCH 1/3] Add javascript integer validator Javascript integer validator checks whether value entered into field is number and is not higher than Number.MAX_SAFE_INTEGER constant. Part of: https://fedorahosted.org/freeipa/ticket/5742 --- install/ui/src/freeipa/field.js | 34 ++ 1 file changed, 34 insertions(+) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index 9f287dd..f410557 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -971,6 +971,39 @@ field.validator = IPA.validator = function(spec) { }; /** + * Javascript integer validator + * + * It allows to insert only integer numbers which can be safely represented by + * Javascript. + * + * @class + * @alternateClassName IPA.integer_validator + * @extends IPA.validator + */ + field.integer_validator = IPA.integer_validator = function(spec) { + + var that = IPA.validator(spec); + + /** + * @inheritDoc + */ + that.validate = function(value) { + + if (!value.match(/^-?\d+$/)) { + return that.false_result(text.get('@i18n:widget.validation.integer')); + } + + if (!Number.isSafeInteger(parseInt(value, 10))) { + return that.false_result(text.get('@i18n:widget.validation.unsupported')); + } + + return that.true_result(); + }; + + return that; + }; + +/** * Metadata validator * * Validates value according to supplied metadata @@ -1710,6 +1743,7 @@ field.register = function() { v.register('metadata', field.metadata_validator); v.register('unsupported', field.unsupported_validator); v.register('same_password', field.same_password_validator); +v.register('integer', field.integer_validator); l.register('adapter', field.Adapter); l.register('object_adapter', field.ObjectAdapter); From 899219f77bc47f52b518f8cefd3fd5722f631782 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 11 Aug 2016 15:56:01 +0200 Subject: [PATCH 2/3] Make singleton from config module Also added general setter and getter for attributes of config. Part of: https://fedorahosted.org/freeipa/ticket/5742 --- install/ui/src/freeipa/config.js | 51 +++- 1 file changed, 45 insertions(+), 6 deletions(-) diff --git a/install/ui/src/freeipa/config.js b/install/ui/src/freeipa/config.js index 61922d4..3bf017b 100644 --- a/install/ui/src/freeipa/config.js +++ b/install/ui/src/freeipa/config.js @@ -20,14 +20,18 @@ -define([], function() { +define([ +'dojo/_base/declare', +'dojo/topic' +], +function(declare, topic) { /** * Application configuration * @class config * @singleton */ -var config = { +var config = declare([], { /** * Selector for application container node @@ -82,8 +86,43 @@ define([], function() { * Hide sections without any visible widget * @property {boolean} */ -hide_empty_sections: true -}; +hide_empty_sections: true, -return config; -}); \ No newline at end of file +/** + * Number of lines in table on table_facets + * @property {Integer} + */ +table_page_size: 20, + +/** + * Genereal setter for config values. + * @param item_name {string} + * @param value + * @param store {Boolean} sets whether the value will be stored into + * local storage + */ +set: function(item_name, value, store) { +if (!item_name) return; +this[item_name] = value; + +if (store) { +window.localStorage.setItem(item_name, value); +} +}, + +/** + * Genereal setter for config values. + * @param item_name {string} + */ +get: function(item_name) { +return this[item_name]; +}, + +constructor: function() { +var user_limit = window.localStorage.getItem('table_page_size'); +if (user_limit) this.table_page_size = user_limit; +} +}); + +return new config(); +}); From f9cfc6f18c92cf9e064caa8573259deaa8722550 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 11 Aug 2016 15:58:23 +0200 Subject: [PATCH 3/3] Add support for custom table pagination size New customization button opens dialog with
[Freeipa-devel] [freeipa PR#549][comment] WebUI: certmap match
URL: https://github.com/freeipa/freeipa/pull/549 Title: #549: WebUI: certmap match pvomacka commented: """ Rebased. PR #400 already merged. """ See the full comment at https://github.com/freeipa/freeipa/pull/549#issuecomment-284989778 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#549][synchronized] WebUI: certmap match
URL: https://github.com/freeipa/freeipa/pull/549 Author: pvomacka Title: #549: WebUI: certmap match Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/549/head:pr549 git checkout pr549 From 8bb768e9acfd4442deb579c43f0f90cf16dafb37 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 16 Jan 2017 13:59:16 +0100 Subject: [PATCH 1/8] WebUI: Add possibility to set field always writable If field will have set attribute 'always_writable' to true, then 'no_update' flag will be ingored. Used in command user-{add,remove}-certmap which needs to be writable in WebUI and also needs to be omitted from user-mod command. Part of: https://fedorahosted.org/freeipa/ticket/6601 --- install/ui/src/freeipa/field.js | 43 +++- install/ui/src/freeipa/widget.js | 35 ++-- 2 files changed, 52 insertions(+), 26 deletions(-) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index d70a778..9f287dd 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -484,7 +484,16 @@ field.field = IPA.field = function(spec) { writable = false; } -if (that.metadata.flags && array.indexOf(that.metadata.flags, 'no_update') > -1) { +// In case that field has set always_writable attribute, then +// 'no_update' flag is ignored in WebUI. It is done because of +// commands like user-{add,remove}-certmap. They operate with user's +// attribute, which cannot be changed using user-mod, but only +// using command user-{add,remove}-certmap. Therefore it has set +// 'no_update' flag, but we need to show 'Add', 'Remove' buttons in +// WebUI. +if (that.metadata.flags && +array.indexOf(that.metadata.flags, 'no_update') > -1 && +!that.always_writable) { writable = false; } } @@ -1259,6 +1268,37 @@ field.certs_field = IPA.certs_field = function(spec) { return that; }; + +/** + * Used along with custom_command_multivalued widget + * + * - by default has `w_if_no_aci` to workaround missing object class + * - by default has always_writable=true to workaround aci rights + * + * @class + * @alternateClassName IPA.custom_command_multivalued_field + * @extends IPA.field + */ +field.certmap_command_multivalued_field = function(spec) { + +spec = spec || {}; +spec.flags = spec.flags || ['w_if_no_aci']; + +var that = IPA.field(spec); + +/** + * Set field always writable in case that it is set to true + * @param Boolean always_writable + */ +that.always_writable = spec.always_writable === undefined ? true : +spec.always_writable; + +return that; +}; + + +IPA.custom_command_multivalued_field = field.custom_command_multivalued_field; + /** * SSH Keys Adapter * @class @@ -1652,6 +1692,7 @@ field.register = function() { f.register('checkbox', field.checkbox_field); f.register('checkboxes', field.field); f.register('combobox', field.field); +f.register('certmap_multivalued', field.certmap_command_multivalued_field); f.register('datetime', field.datetime_field); f.register('enable', field.enable_field); f.register('entity_select', field.field); diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js index 15f0126..b7028a9 100644 --- a/install/ui/src/freeipa/widget.js +++ b/install/ui/src/freeipa/widget.js @@ -1534,12 +1534,8 @@ IPA.custom_command_multivalued_widget = function(spec) { * Called on error of add command. Override point. */ that.on_error_add = function(xhr, text_status, error_thrown) { -that.adder_dialog.focus_first_element(); - -if (error_thrown.message) { -var msg = error_thrown.message; -IPA.notify(msg, 'error'); -} +that.adder_dialog.show(); +exp.focus_invalid(that.adder_dialog); }; /** @@ -1599,27 +1595,16 @@ IPA.custom_command_multivalued_widget = function(spec) { name: 'custom-add-dialog' }; -that.adder_dialog = IPA.dialog(spec); -that.adder_dialog.create_button({ -name: 'add', -label: '@i18n:buttons.add', -click: function() { -if (!that.adder_dialog.validate()) { -exp.focus_invalid(that.adder_dialog); -} -else { -that.add(that.adder_dialog); -} +spec.on_ok = function() { +if (!that.adder_dialog.validate()) { +exp.focus_invalid(that.adder_dialog); } -}); - -that.adder_dialog.create_button({ -name: 'cancel', -
[Freeipa-devel] [freeipa PR#549][edited] T6601 certmap match
URL: https://github.com/freeipa/freeipa/pull/549 Author: pvomacka Title: #549: T6601 certmap match Action: edited Changed field: title Original value: """ T6601 certmap match """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#549][opened] T6601 certmap match
URL: https://github.com/freeipa/freeipa/pull/549 Author: pvomacka Title: #549: T6601 certmap match Action: opened PR body: """ WebUI: add support for certmap match command. PR contains also certmap rule patches from pullrequest #400 (I will rebase once #400 will be merged) because they are necessary. It also requires PRs #398 and #516. https://pagure.io/freeipa/issue/6601 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/549/head:pr549 git checkout pr549 From 8bb768e9acfd4442deb579c43f0f90cf16dafb37 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 16 Jan 2017 13:59:16 +0100 Subject: [PATCH 1/8] WebUI: Add possibility to set field always writable If field will have set attribute 'always_writable' to true, then 'no_update' flag will be ingored. Used in command user-{add,remove}-certmap which needs to be writable in WebUI and also needs to be omitted from user-mod command. Part of: https://fedorahosted.org/freeipa/ticket/6601 --- install/ui/src/freeipa/field.js | 43 +++- install/ui/src/freeipa/widget.js | 35 ++-- 2 files changed, 52 insertions(+), 26 deletions(-) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index d70a778..9f287dd 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -484,7 +484,16 @@ field.field = IPA.field = function(spec) { writable = false; } -if (that.metadata.flags && array.indexOf(that.metadata.flags, 'no_update') > -1) { +// In case that field has set always_writable attribute, then +// 'no_update' flag is ignored in WebUI. It is done because of +// commands like user-{add,remove}-certmap. They operate with user's +// attribute, which cannot be changed using user-mod, but only +// using command user-{add,remove}-certmap. Therefore it has set +// 'no_update' flag, but we need to show 'Add', 'Remove' buttons in +// WebUI. +if (that.metadata.flags && +array.indexOf(that.metadata.flags, 'no_update') > -1 && +!that.always_writable) { writable = false; } } @@ -1259,6 +1268,37 @@ field.certs_field = IPA.certs_field = function(spec) { return that; }; + +/** + * Used along with custom_command_multivalued widget + * + * - by default has `w_if_no_aci` to workaround missing object class + * - by default has always_writable=true to workaround aci rights + * + * @class + * @alternateClassName IPA.custom_command_multivalued_field + * @extends IPA.field + */ +field.certmap_command_multivalued_field = function(spec) { + +spec = spec || {}; +spec.flags = spec.flags || ['w_if_no_aci']; + +var that = IPA.field(spec); + +/** + * Set field always writable in case that it is set to true + * @param Boolean always_writable + */ +that.always_writable = spec.always_writable === undefined ? true : +spec.always_writable; + +return that; +}; + + +IPA.custom_command_multivalued_field = field.custom_command_multivalued_field; + /** * SSH Keys Adapter * @class @@ -1652,6 +1692,7 @@ field.register = function() { f.register('checkbox', field.checkbox_field); f.register('checkboxes', field.field); f.register('combobox', field.field); +f.register('certmap_multivalued', field.certmap_command_multivalued_field); f.register('datetime', field.datetime_field); f.register('enable', field.enable_field); f.register('entity_select', field.field); diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js index 15f0126..b7028a9 100644 --- a/install/ui/src/freeipa/widget.js +++ b/install/ui/src/freeipa/widget.js @@ -1534,12 +1534,8 @@ IPA.custom_command_multivalued_widget = function(spec) { * Called on error of add command. Override point. */ that.on_error_add = function(xhr, text_status, error_thrown) { -that.adder_dialog.focus_first_element(); - -if (error_thrown.message) { -var msg = error_thrown.message; -IPA.notify(msg, 'error'); -} +that.adder_dialog.show(); +exp.focus_invalid(that.adder_dialog); }; /** @@ -1599,27 +1595,16 @@ IPA.custom_command_multivalued_widget = function(spec) { name: 'custom-add-dialog' }; -that.adder_dialog = IPA.dialog(spec); -that.adder_dialog.create_button({ -name: 'add', -label: '@i18n:buttons.add', -click: function() { -if (!that.adder_dialog.validate()) { -exp.focus_invalid(that.adder_dialog); -} -else { -t
[Freeipa-devel] [freeipa PR#400][comment] WebUI: Certificate Mapping
URL: https://github.com/freeipa/freeipa/pull/400 Title: #400: WebUI: Certificate Mapping pvomacka commented: """ @pvoborni Thanks for review. I removed the space :) """ See the full comment at https://github.com/freeipa/freeipa/pull/400#issuecomment-284796053 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#400][synchronized] WebUI: Certificate Mapping
URL: https://github.com/freeipa/freeipa/pull/400 Author: pvomacka Title: #400: WebUI: Certificate Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/400/head:pr400 git checkout pr400 From 4ec6844bec472e6a54352e0694cf1655d1df5a71 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 16 Jan 2017 13:59:16 +0100 Subject: [PATCH 1/4] WebUI: Add possibility to set field always writable If field will have set attribute 'always_writable' to true, then 'no_update' flag will be ingored. Used in command user-{add,remove}-certmap which needs to be writable in WebUI and also needs to be omitted from user-mod command. Part of: https://fedorahosted.org/freeipa/ticket/6601 --- install/ui/src/freeipa/field.js | 43 +++- install/ui/src/freeipa/widget.js | 35 ++-- 2 files changed, 52 insertions(+), 26 deletions(-) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index d70a778..9f287dd 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -484,7 +484,16 @@ field.field = IPA.field = function(spec) { writable = false; } -if (that.metadata.flags && array.indexOf(that.metadata.flags, 'no_update') > -1) { +// In case that field has set always_writable attribute, then +// 'no_update' flag is ignored in WebUI. It is done because of +// commands like user-{add,remove}-certmap. They operate with user's +// attribute, which cannot be changed using user-mod, but only +// using command user-{add,remove}-certmap. Therefore it has set +// 'no_update' flag, but we need to show 'Add', 'Remove' buttons in +// WebUI. +if (that.metadata.flags && +array.indexOf(that.metadata.flags, 'no_update') > -1 && +!that.always_writable) { writable = false; } } @@ -1259,6 +1268,37 @@ field.certs_field = IPA.certs_field = function(spec) { return that; }; + +/** + * Used along with custom_command_multivalued widget + * + * - by default has `w_if_no_aci` to workaround missing object class + * - by default has always_writable=true to workaround aci rights + * + * @class + * @alternateClassName IPA.custom_command_multivalued_field + * @extends IPA.field + */ +field.certmap_command_multivalued_field = function(spec) { + +spec = spec || {}; +spec.flags = spec.flags || ['w_if_no_aci']; + +var that = IPA.field(spec); + +/** + * Set field always writable in case that it is set to true + * @param Boolean always_writable + */ +that.always_writable = spec.always_writable === undefined ? true : +spec.always_writable; + +return that; +}; + + +IPA.custom_command_multivalued_field = field.custom_command_multivalued_field; + /** * SSH Keys Adapter * @class @@ -1652,6 +1692,7 @@ field.register = function() { f.register('checkbox', field.checkbox_field); f.register('checkboxes', field.field); f.register('combobox', field.field); +f.register('certmap_multivalued', field.certmap_command_multivalued_field); f.register('datetime', field.datetime_field); f.register('enable', field.enable_field); f.register('entity_select', field.field); diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js index 15f0126..b7028a9 100644 --- a/install/ui/src/freeipa/widget.js +++ b/install/ui/src/freeipa/widget.js @@ -1534,12 +1534,8 @@ IPA.custom_command_multivalued_widget = function(spec) { * Called on error of add command. Override point. */ that.on_error_add = function(xhr, text_status, error_thrown) { -that.adder_dialog.focus_first_element(); - -if (error_thrown.message) { -var msg = error_thrown.message; -IPA.notify(msg, 'error'); -} +that.adder_dialog.show(); +exp.focus_invalid(that.adder_dialog); }; /** @@ -1599,27 +1595,16 @@ IPA.custom_command_multivalued_widget = function(spec) { name: 'custom-add-dialog' }; -that.adder_dialog = IPA.dialog(spec); -that.adder_dialog.create_button({ -name: 'add', -label: '@i18n:buttons.add', -click: function() { -if (!that.adder_dialog.validate()) { -exp.focus_invalid(that.adder_dialog); -} -else { -that.add(that.adder_dialog); -} +spec.on_ok = function() { +if (!that.adder_dialog.validate()) { +exp.focus_invalid(that.adder_dialog); } -}); - -that.adder_dialog.create_button({ -name: 'cancel', -
[Freeipa-devel] [freeipa PR#504][comment] Add SHA256 fingerprints
URL: https://github.com/freeipa/freeipa/pull/504 Title: #504: Add SHA256 fingerprints pvomacka commented: """ @tomaskrizek so, inline comment is not possible to the line where file was not changed. So, please remove line 1979: delete command.options.all; . That should be enough to display fingerprints correctly. Thank you """ See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-283672713 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#504][comment] Add SHA256 fingerprints
URL: https://github.com/freeipa/freeipa/pull/504 Title: #504: Add SHA256 fingerprints pvomacka commented: """ @tomaskrizek actually you did almost all necessary steps. Just please check inline comments where is described one another change. And in general you do not have to add anything into json files as they are present just because of historical reasons and will be removed soon. """ See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-283672011 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#504][comment] Add SHA256 fingerprints
URL: https://github.com/freeipa/freeipa/pull/504 Title: #504: Add SHA256 fingerprints pvomacka commented: """ @stlaz , @tomaskrizek I will fix that today. """ See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-283662059 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#400][comment] WebUI: Certificate Mapping
URL: https://github.com/freeipa/freeipa/pull/400 Title: #400: WebUI: Certificate Mapping pvomacka commented: """ In last update I changed just line 33 in certmap.js file. """ See the full comment at https://github.com/freeipa/freeipa/pull/400#issuecomment-283661677 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#400][synchronized] WebUI: Certificate Mapping
URL: https://github.com/freeipa/freeipa/pull/400 Author: pvomacka Title: #400: WebUI: Certificate Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/400/head:pr400 git checkout pr400 From 740a6ed90575051107bae7c0987c62f981308fc9 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 16 Jan 2017 13:59:16 +0100 Subject: [PATCH 1/4] WebUI: Add possibility to set field always writable If field will have set attribute 'always_writable' to true, then 'no_update' flag will be ingored. Used in command user-{add,remove}-certmap which needs to be writable in WebUI and also needs to be omitted from user-mod command. Part of: https://fedorahosted.org/freeipa/ticket/6601 --- install/ui/src/freeipa/field.js | 43 +++- install/ui/src/freeipa/widget.js | 35 ++-- 2 files changed, 52 insertions(+), 26 deletions(-) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index d70a778..9f287dd 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -484,7 +484,16 @@ field.field = IPA.field = function(spec) { writable = false; } -if (that.metadata.flags && array.indexOf(that.metadata.flags, 'no_update') > -1) { +// In case that field has set always_writable attribute, then +// 'no_update' flag is ignored in WebUI. It is done because of +// commands like user-{add,remove}-certmap. They operate with user's +// attribute, which cannot be changed using user-mod, but only +// using command user-{add,remove}-certmap. Therefore it has set +// 'no_update' flag, but we need to show 'Add', 'Remove' buttons in +// WebUI. +if (that.metadata.flags && +array.indexOf(that.metadata.flags, 'no_update') > -1 && +!that.always_writable) { writable = false; } } @@ -1259,6 +1268,37 @@ field.certs_field = IPA.certs_field = function(spec) { return that; }; + +/** + * Used along with custom_command_multivalued widget + * + * - by default has `w_if_no_aci` to workaround missing object class + * - by default has always_writable=true to workaround aci rights + * + * @class + * @alternateClassName IPA.custom_command_multivalued_field + * @extends IPA.field + */ +field.certmap_command_multivalued_field = function(spec) { + +spec = spec || {}; +spec.flags = spec.flags || ['w_if_no_aci']; + +var that = IPA.field(spec); + +/** + * Set field always writable in case that it is set to true + * @param Boolean always_writable + */ +that.always_writable = spec.always_writable === undefined ? true : +spec.always_writable; + +return that; +}; + + +IPA.custom_command_multivalued_field = field.custom_command_multivalued_field; + /** * SSH Keys Adapter * @class @@ -1652,6 +1692,7 @@ field.register = function() { f.register('checkbox', field.checkbox_field); f.register('checkboxes', field.field); f.register('combobox', field.field); +f.register('certmap_multivalued', field.certmap_command_multivalued_field); f.register('datetime', field.datetime_field); f.register('enable', field.enable_field); f.register('entity_select', field.field); diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js index 15f0126..b7028a9 100644 --- a/install/ui/src/freeipa/widget.js +++ b/install/ui/src/freeipa/widget.js @@ -1534,12 +1534,8 @@ IPA.custom_command_multivalued_widget = function(spec) { * Called on error of add command. Override point. */ that.on_error_add = function(xhr, text_status, error_thrown) { -that.adder_dialog.focus_first_element(); - -if (error_thrown.message) { -var msg = error_thrown.message; -IPA.notify(msg, 'error'); -} +that.adder_dialog.show(); +exp.focus_invalid(that.adder_dialog); }; /** @@ -1599,27 +1595,16 @@ IPA.custom_command_multivalued_widget = function(spec) { name: 'custom-add-dialog' }; -that.adder_dialog = IPA.dialog(spec); -that.adder_dialog.create_button({ -name: 'add', -label: '@i18n:buttons.add', -click: function() { -if (!that.adder_dialog.validate()) { -exp.focus_invalid(that.adder_dialog); -} -else { -that.add(that.adder_dialog); -} +spec.on_ok = function() { +if (!that.adder_dialog.validate()) { +exp.focus_invalid(that.adder_dialog); } -}); - -that.adder_dialog.create_button({ -name: 'cancel', -
[Freeipa-devel] [freeipa PR#533][opened] WebUI: Change structure of Identity submenu
URL: https://github.com/freeipa/freeipa/pull/533 Author: pvomacka Title: #533: WebUI: Change structure of Identity submenu Action: opened PR body: """ Previously there were 'User Groups', 'Host Groups' and 'Netgroups' separately, now these three items are grouped into one named 'Groups' which has sidebar with three items mentioned above. This change allows us to move ID views into Identity submenu. https://pagure.io/freeipa/issue/6717 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/533/head:pr533 git checkout pr533 From 144b99bd9bff6e1679de60b2ce39f262c19a98a0 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 2 Mar 2017 10:31:48 +0100 Subject: [PATCH] WebUI: Change structure of Identity submenu Previously there were 'User Groups', 'Host Groups' and 'Netgroups' separately, now these three items are grouped into one named 'Groups' which has sidebar with three items mentioned above. This change allows us to move ID views into Identity submenu. https://pagure.io/freeipa/issue/6717 --- install/ui/src/freeipa/group.js| 16 +++- install/ui/src/freeipa/hostgroup.js| 6 +- install/ui/src/freeipa/navigation/menu_spec.js | 22 ++ install/ui/src/freeipa/netgroup.js | 6 +- ipaserver/plugins/internal.py | 5 + 5 files changed, 48 insertions(+), 7 deletions(-) diff --git a/install/ui/src/freeipa/group.js b/install/ui/src/freeipa/group.js index 7a6bc91..bf718ad 100644 --- a/install/ui/src/freeipa/group.js +++ b/install/ui/src/freeipa/group.js @@ -32,7 +32,17 @@ define([ './entity'], function(on, IPA, $, phases, reg) { -var exp = IPA.group = {}; +var exp = IPA.group = { +search_facet_group: { +name: 'search', +label: '@i18n:objects.group.group_categories', +facets: { +search_group: 'group_search', +search_hostgroup: 'hostgroup_search', +search_netgroup: 'netgroup_search' +} +} +}; var make_spec = function() { return { @@ -40,6 +50,10 @@ return { facets: [ { $type: 'search', +tab_label: '@i18n:objects.group.user_groups', +facet_groups: [IPA.group.search_facet_group], +tabs_in_sidebar: true, +disable_facet_tabs: false, columns: [ 'cn', 'gidnumber', diff --git a/install/ui/src/freeipa/hostgroup.js b/install/ui/src/freeipa/hostgroup.js index f0d6642..c38281c 100644 --- a/install/ui/src/freeipa/hostgroup.js +++ b/install/ui/src/freeipa/hostgroup.js @@ -38,6 +38,10 @@ return { facets: [ { $type: 'search', +tab_label: '@i18n:objects.hostgroup.host_group', +facet_groups: [IPA.group.search_facet_group], +tabs_in_sidebar: true, +disable_facet_tabs: false, columns: [ 'cn', 'description' @@ -105,4 +109,4 @@ exp.register = function() { phases.on('registration', exp.register); return exp; -}); \ No newline at end of file +}); diff --git a/install/ui/src/freeipa/navigation/menu_spec.js b/install/ui/src/freeipa/navigation/menu_spec.js index 7d121d9..0e717db 100644 --- a/install/ui/src/freeipa/navigation/menu_spec.js +++ b/install/ui/src/freeipa/navigation/menu_spec.js @@ -52,12 +52,27 @@ var nav = {}; } ] }, -{ entity: 'group' }, { entity: 'host' }, -{ entity: 'hostgroup' }, -{ entity: 'netgroup' }, { entity: 'service' }, { +entity: 'group', +label: '@i18n:objects.group.groups', +facet: 'search', +children: [ +{ +entity: 'hostgroup', +facet: 'search', +hidden: true +}, +{ +entity: 'netgroup', +facet: 'search', +hidden: true +} +] +}, +{ entity: 'idview' }, +{ name: 'automember', label: '@i18n:tabs.automember', children: [ @@ -201,7 +216,6 @@ var nav = {}; ] }, { entity: 'idrange' }, -{ entity: 'idview' }, { entity: 'realmdomains' }, { name: 'trusts', diff --git a/install/ui/src/freeipa/netgroup.js b/install/ui/src/freeipa/netgroup.js index d84aca2..3b32d41 100644 --- a/install/ui/src/freeipa/netg
[Freeipa-devel] [freeipa PR#400][comment] WebUI: Certificate Mapping
URL: https://github.com/freeipa/freeipa/pull/400 Title: #400: WebUI: Certificate Mapping pvomacka commented: """ Hi @flo-renaud Thank you for review. The issue about certificates is different and here is the fix: https://github.com/freeipa/freeipa/pull/519 """ See the full comment at https://github.com/freeipa/freeipa/pull/400#issuecomment-283045651 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#519][opened] WebUI: add sizelimit:0 to cert-find
URL: https://github.com/freeipa/freeipa/pull/519 Author: pvomacka Title: #519: WebUI: add sizelimit:0 to cert-find Action: opened PR body: """ It was not possible to get all arbitrary certificates which were added using {user|host|service|idview}-add-cert method. Adding sizelimit:0 to this cert-find command fix the issue. It set sizelimit to unlimited. https://pagure.io/freeipa/issue/6712 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/519/head:pr519 git checkout pr519 From d6c5c24a06fd4b8174fa09de1487dcc875538148 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Tue, 28 Feb 2017 14:00:35 +0100 Subject: [PATCH] WebUI: add sizelimit:0 to cert-find It was not possible to get all arbitrary certificates which were added using {user|host|service|idview}-add-cert method. Adding sizelimit:0 to this cert-find command fix the issue. It set sizelimit to unlimited. https://pagure.io/freeipa/issue/6712 --- install/ui/src/freeipa/host.js| 1 + install/ui/src/freeipa/idviews.js | 1 + install/ui/src/freeipa/service.js | 1 + install/ui/src/freeipa/user.js| 1 + 4 files changed, 4 insertions(+) diff --git a/install/ui/src/freeipa/host.js b/install/ui/src/freeipa/host.js index 87cf264..1dfe05e 100644 --- a/install/ui/src/freeipa/host.js +++ b/install/ui/src/freeipa/host.js @@ -494,6 +494,7 @@ IPA.host.details_facet = function(spec, no_init) { retry: false, options: { host: [ pkey ], +sizelimit: 0, all: true } }); diff --git a/install/ui/src/freeipa/idviews.js b/install/ui/src/freeipa/idviews.js index 1901863..25c043c 100644 --- a/install/ui/src/freeipa/idviews.js +++ b/install/ui/src/freeipa/idviews.js @@ -435,6 +435,7 @@ idviews.id_override_user_details_facet = function(spec) { retry: false, options: { idoverrideuser: [ pkey ], +sizelimit: 0, all: true } }); diff --git a/install/ui/src/freeipa/service.js b/install/ui/src/freeipa/service.js index a6607d2..2533ad0 100644 --- a/install/ui/src/freeipa/service.js +++ b/install/ui/src/freeipa/service.js @@ -475,6 +475,7 @@ IPA.service.details_facet = function(spec, no_init) { retry: false, options: { service: [ pkey ], +sizelimit: 0, all: true } }); diff --git a/install/ui/src/freeipa/user.js b/install/ui/src/freeipa/user.js index 7a08151..628cf8e 100644 --- a/install/ui/src/freeipa/user.js +++ b/install/ui/src/freeipa/user.js @@ -598,6 +598,7 @@ IPA.user.details_facet = function(spec, no_init) { retry: false, options: { user: [ pkey ], +sizelimit: 0, all: true } }); -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#400][comment] WebUI: Certificate Mapping
URL: https://github.com/freeipa/freeipa/pull/400 Title: #400: WebUI: Certificate Mapping pvomacka commented: """ Hello @flo-renaud and @pvoborni thank you for reviews, all proposed changes are done in last commits, please look at them. Thank you very much. """ See the full comment at https://github.com/freeipa/freeipa/pull/400#issuecomment-282792393 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#400][synchronized] WebUI: Certificate Mapping
URL: https://github.com/freeipa/freeipa/pull/400 Author: pvomacka Title: #400: WebUI: Certificate Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/400/head:pr400 git checkout pr400 From c2a6ce41c54cc976221ee6c83c7c1286b21e7ff3 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 16 Jan 2017 13:59:16 +0100 Subject: [PATCH 1/4] WebUI: Add possibility to set field always writable If field will have set attribute 'always_writable' to true, then 'no_update' flag will be ingored. Used in command user-{add,remove}-certmap which needs to be writable in WebUI and also needs to be omitted from user-mod command. Part of: https://fedorahosted.org/freeipa/ticket/6601 --- install/ui/src/freeipa/field.js | 43 +++- install/ui/src/freeipa/widget.js | 35 ++-- 2 files changed, 52 insertions(+), 26 deletions(-) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index d70a778..9f287dd 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -484,7 +484,16 @@ field.field = IPA.field = function(spec) { writable = false; } -if (that.metadata.flags && array.indexOf(that.metadata.flags, 'no_update') > -1) { +// In case that field has set always_writable attribute, then +// 'no_update' flag is ignored in WebUI. It is done because of +// commands like user-{add,remove}-certmap. They operate with user's +// attribute, which cannot be changed using user-mod, but only +// using command user-{add,remove}-certmap. Therefore it has set +// 'no_update' flag, but we need to show 'Add', 'Remove' buttons in +// WebUI. +if (that.metadata.flags && +array.indexOf(that.metadata.flags, 'no_update') > -1 && +!that.always_writable) { writable = false; } } @@ -1259,6 +1268,37 @@ field.certs_field = IPA.certs_field = function(spec) { return that; }; + +/** + * Used along with custom_command_multivalued widget + * + * - by default has `w_if_no_aci` to workaround missing object class + * - by default has always_writable=true to workaround aci rights + * + * @class + * @alternateClassName IPA.custom_command_multivalued_field + * @extends IPA.field + */ +field.certmap_command_multivalued_field = function(spec) { + +spec = spec || {}; +spec.flags = spec.flags || ['w_if_no_aci']; + +var that = IPA.field(spec); + +/** + * Set field always writable in case that it is set to true + * @param Boolean always_writable + */ +that.always_writable = spec.always_writable === undefined ? true : +spec.always_writable; + +return that; +}; + + +IPA.custom_command_multivalued_field = field.custom_command_multivalued_field; + /** * SSH Keys Adapter * @class @@ -1652,6 +1692,7 @@ field.register = function() { f.register('checkbox', field.checkbox_field); f.register('checkboxes', field.field); f.register('combobox', field.field); +f.register('certmap_multivalued', field.certmap_command_multivalued_field); f.register('datetime', field.datetime_field); f.register('enable', field.enable_field); f.register('entity_select', field.field); diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js index 15f0126..b7028a9 100644 --- a/install/ui/src/freeipa/widget.js +++ b/install/ui/src/freeipa/widget.js @@ -1534,12 +1534,8 @@ IPA.custom_command_multivalued_widget = function(spec) { * Called on error of add command. Override point. */ that.on_error_add = function(xhr, text_status, error_thrown) { -that.adder_dialog.focus_first_element(); - -if (error_thrown.message) { -var msg = error_thrown.message; -IPA.notify(msg, 'error'); -} +that.adder_dialog.show(); +exp.focus_invalid(that.adder_dialog); }; /** @@ -1599,27 +1595,16 @@ IPA.custom_command_multivalued_widget = function(spec) { name: 'custom-add-dialog' }; -that.adder_dialog = IPA.dialog(spec); -that.adder_dialog.create_button({ -name: 'add', -label: '@i18n:buttons.add', -click: function() { -if (!that.adder_dialog.validate()) { -exp.focus_invalid(that.adder_dialog); -} -else { -that.add(that.adder_dialog); -} +spec.on_ok = function() { +if (!that.adder_dialog.validate()) { +exp.focus_invalid(that.adder_dialog); } -}); - -that.adder_dialog.create_button({ -name: 'cancel', -
[Freeipa-devel] [freeipa PR#139][synchronized] WebUI: Vault Management
URL: https://github.com/freeipa/freeipa/pull/139 Author: pvomacka Title: #139: WebUI: Vault Management Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/139/head:pr139 git checkout pr139 From 18dc79dccc5e667a6de9d12136fa04eda9952628 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 5 Oct 2016 09:54:24 +0200 Subject: [PATCH 01/14] Additional option to add and del operations can be set By setting the property 'additional_add_del_field' to the name of one of the fields which are on current details page, we choose field which value will be added to *_add_* and *_del_* commands in this format: {field_name: field_value} --field_name: field_value Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 22 ++ 1 file changed, 22 insertions(+) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index 7579bb0..d44f8c8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -421,6 +421,14 @@ IPA.association_table_widget = function (spec) { var that = IPA.table_widget(spec); +/** + * The value should be name of the field, which will be added to *_add_*, + * *_del_* commands as option: {fieldname: fieldvalue}. + * + * @property {String} fieldname + */ +that.additional_add_del_field = spec.additional_add_del_field; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -677,9 +685,22 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); + command.execute(); }; +that.join_additional_option = function(command) { +var add_opt = that.additional_add_del_field; +if (add_opt && typeof add_opt === 'string') { +var opt_field = that.entity.facet.get_field(add_opt); +var value; +if (opt_field) value = opt_field.get_value()[0]; + +command.set_option(add_opt, value); +} +}; + that.show_remove_dialog = function() { var selected_values = that.get_selected_values(); @@ -741,6 +762,7 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); command.execute(); }; From 7cdeea860d1f2698773e8c1763829fed45f9b754 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 5 Oct 2016 10:09:20 +0200 Subject: [PATCH 02/14] Allow to set another other_entity name Association table's add, del commands needs as option list of cn of other_entity, which is added or deleted. There is a case (currently in vaults) that the name of option is different than the name of other_entity. In this situation we can set 'other_option_name' and put there the option name. This option name will be used instead of 'other_entity' name. Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 24 +--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index d44f8c8..63beeb8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -429,6 +429,17 @@ IPA.association_table_widget = function (spec) { */ that.additional_add_del_field = spec.additional_add_del_field; +/** + * Can be used in situations when the *_add_member command needs entity + * as a parameter, but parameter has different name than entity. + * i.e. vault_add_member --services=[values] ... this needs values from service + * entity, but option is called services, that we can set by setting + * this option in spec to other_option_name: 'services' + * + * @property other_option_name {String} + */ +that.other_option_name = spec.other_option_name; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -683,9 +694,9 @@ IPA.association_table_widget = function (spec) { on_success: on_success, on_error: on_error }); -command.set_option(that.other_entity.name, values); that.join_additional_option(command); +that.handle_entity_option(command, values); command.execute(); }; @@ -701,6 +712,14 @@ IPA.association_table_widget = function (spec) { } }; +that.handle_entity_option = function(command, values) { +var option_name = that.other_option_name; +if (!option_name) { +option_name = that.other_entity.name; +} +
[Freeipa-devel] [freeipa PR#139][comment] WebUI: Vault Management
URL: https://github.com/freeipa/freeipa/pull/139 Title: #139: WebUI: Vault Management pvomacka commented: """ @tiran Yes, rebased. """ See the full comment at https://github.com/freeipa/freeipa/pull/139#issuecomment-282060928 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#470][opened] WebUI: Size limit warning on details pages fixed
URL: https://github.com/freeipa/freeipa/pull/470 Author: pvomacka Title: #470: WebUI: Size limit warning on details pages fixed Action: opened PR body: """ Entity select fields accepted globally set size limit and in situations when there were more entries than global size limit allows then the "Truncated" warning shows up. Also only subset of items was shown. All entity select widgets now uses find methods with sizelimit set to 0 which says get all entries. This setting is configurable using search_all_entries attribute. https://fedorahosted.org/freeipa/ticket/6618 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/470/head:pr470 git checkout pr470 From 538285dbb7be937ce8eeae88a85d0b918f150911 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 30 Jan 2017 15:16:41 +0100 Subject: [PATCH] WebUI: Size limit warning on details pages fixed Entity select fields accepted globally set size limit and in situations when there were more entries than global size limit allows then the "Truncated" warning shows up. Also only subset of items was shown. All entity select widgets now uses find methods with sizelimit set to 0 which says get all entries. This setting is configurable using search_all_entries attribute. https://fedorahosted.org/freeipa/ticket/6618 --- install/ui/src/freeipa/widget.js | 5 + 1 file changed, 5 insertions(+) diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js index 6ad8aad..2d1d231 100644 --- a/install/ui/src/freeipa/widget.js +++ b/install/ui/src/freeipa/widget.js @@ -5003,6 +5003,8 @@ IPA.entity_select_widget = function(spec) { that.other_entity = IPA.get_entity(spec.other_entity); that.other_field = spec.other_field; that.label_field = spec.label_field || spec.other_field; +that.search_all_entries = spec.search_all_entries === undefined ? true : +spec.search_all_entries; that.options = spec.options || []; that.filter_options = spec.filter_options || {}; @@ -5018,6 +5020,9 @@ IPA.entity_select_widget = function(spec) { if (no_members) { cmd.set_option('no_members', true); } +if (that.search_all_entries) { +cmd.set_option('sizelimit', 0); +} return cmd; }; -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#331][synchronized] WebUI: don't change casing of Auth Indicators values
URL: https://github.com/freeipa/freeipa/pull/331 Author: pvomacka Title: #331: WebUI: don't change casing of Auth Indicators values Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/331/head:pr331 git checkout pr331 From ba9275309b1f69a4f5d0f9d478cbd3a6f78310be Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Tue, 13 Dec 2016 13:21:29 +0100 Subject: [PATCH 1/2] WebUI: Allow disabling lowering text in custom_checkbox_widget Add new attribute which keeps information whether each text added using custom_checkbox_widget shoud be transformed to lowercase. Part of: https://fedorahosted.org/freeipa/ticket/6308 --- install/ui/src/freeipa/widget.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js index 6ad8aad..bb3450e 100644 --- a/install/ui/src/freeipa/widget.js +++ b/install/ui/src/freeipa/widget.js @@ -2509,6 +2509,8 @@ IPA.custom_checkboxes_widget = function(spec) { var that = IPA.checkboxes_widget(spec); +that.set_value_to_lowercase = spec.set_value_to_lowercase || false; + that.add_dialog_title = spec.add_dialog_title || "@i18n:dialogs.add_custom_value"; that.add_field_label = spec.add_field_label || @@ -2626,7 +2628,7 @@ IPA.custom_checkboxes_widget = function(spec) { if (!value || value === '') continue; -value = value.toLowerCase(); +if (that.set_value_to_lowercase) value = value.toLowerCase(); that.values.push(value); } From a05d927a095fc17ed767f064cb032d52bbc95143 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Tue, 13 Dec 2016 13:25:48 +0100 Subject: [PATCH 2/2] WebUI: don't change casing of Auth Indicators values All values were previously converted to lowercase which was not coresponding with CLI behaviour. Now they stay as they are inserted. I also have to change the strings to lowercase because the otp and radius should be inserted as lowercase words. https://fedorahosted.org/freeipa/ticket/6308 --- install/ui/src/freeipa/host.js| 4 ++-- install/ui/src/freeipa/service.js | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/install/ui/src/freeipa/host.js b/install/ui/src/freeipa/host.js index 87cf264..5dc49b8 100644 --- a/install/ui/src/freeipa/host.js +++ b/install/ui/src/freeipa/host.js @@ -123,11 +123,11 @@ return { add_field_label: '@i18n:authtype.auth_indicator', options: [ { -label: '@i18n:authtype.otp', +label: 'otp', value: 'otp' }, { -label: '@i18n:authtype.type_radius', +label: 'radius', value: 'radius' } ], diff --git a/install/ui/src/freeipa/service.js b/install/ui/src/freeipa/service.js index a6607d2..68beb17 100644 --- a/install/ui/src/freeipa/service.js +++ b/install/ui/src/freeipa/service.js @@ -133,11 +133,11 @@ return { add_field_label: '@i18n:authtype.auth_indicator', options: [ { -label: '@i18n:authtype.otp', +label: 'otp', value: 'otp' }, { -label: '@i18n:authtype.type_radius', +label: 'radius', value: 'radius' } ], -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#400][synchronized] WebUI: Certificate Mapping
URL: https://github.com/freeipa/freeipa/pull/400 Author: pvomacka Title: #400: WebUI: Certificate Mapping Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/400/head:pr400 git checkout pr400 From f93be59c887ee313ae6c8a5e0e963ee857fee2fb Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 16 Jan 2017 13:59:16 +0100 Subject: [PATCH 1/3] WebUI: Add possibility to set widget always writable If widget will have set attribute 'always_writable' to true, then 'no_update' flag will be ingored. Used in command user-{add,remove}-certmap which needs to be writable in WebUI and also needs to be omitted from user-mod command. Part of: https://fedorahosted.org/freeipa/ticket/6601 --- install/ui/src/freeipa/field.js | 11 ++- install/ui/src/freeipa/widget.js | 2 ++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index d70a778..2d05ab1 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -484,7 +484,16 @@ field.field = IPA.field = function(spec) { writable = false; } -if (that.metadata.flags && array.indexOf(that.metadata.flags, 'no_update') > -1) { +// In case that widget has set always_writable attribute, then +// 'no_update' flag is ignored in WebUI. It is done because of +// commands like user-{add,remove}-certmap. They operate with user's +// attribute, which cannot be changed using user-mod, but only +// using command user-{add,remove}-certmap. Therefore it has set +// 'no_update' flag, but we need to show 'Add', 'Remove' buttons in +// WebUI. +if (that.metadata.flags && +array.indexOf(that.metadata.flags, 'no_update') > -1 && +that.widget && !that.widget.always_writable) { writable = false; } } diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js index 6ad8aad..e6dfef9 100644 --- a/install/ui/src/freeipa/widget.js +++ b/install/ui/src/freeipa/widget.js @@ -1516,6 +1516,8 @@ IPA.custom_command_multivalued_widget = function(spec) { var that = IPA.multivalued_widget(spec); +that.always_writable = spec.always_writable || true; + that.item_name = spec.item_name || ''; that.adder_dialog_spec = spec.adder_dialog_spec; From 751c6ff6cf1118e1f1794e0f7b680809ecd2fe77 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 16 Jan 2017 14:13:42 +0100 Subject: [PATCH 2/3] WebUI: Create non editable row widget for mutlivalued widget Old krb-principal widget is changed to general one. And used also for ipacertmapdata in user. This widget make every line non-editable. Part of: https://fedorahosted.org/freeipa/ticket/6601 --- install/ui/src/freeipa/host.js| 3 ++- install/ui/src/freeipa/service.js | 3 ++- install/ui/src/freeipa/user.js| 3 ++- install/ui/src/freeipa/widget.js | 29 +++-- 4 files changed, 25 insertions(+), 13 deletions(-) diff --git a/install/ui/src/freeipa/host.js b/install/ui/src/freeipa/host.js index 87cf264..023530a 100644 --- a/install/ui/src/freeipa/host.js +++ b/install/ui/src/freeipa/host.js @@ -93,7 +93,8 @@ return { name: 'krbprincipalname', item_name: 'principal', child_spec: { -$type: 'krb_principal' +$type: 'non_editable_row', +data_name: 'krb-principal' } }, { diff --git a/install/ui/src/freeipa/service.js b/install/ui/src/freeipa/service.js index a6607d2..adae347 100644 --- a/install/ui/src/freeipa/service.js +++ b/install/ui/src/freeipa/service.js @@ -81,7 +81,8 @@ return { name: 'krbprincipalname', item_name: 'principal', child_spec: { -$type: 'krb_principal' +$type: 'non_editable_row', +data_name: 'krb-principal' } }, { diff --git a/install/ui/src/freeipa/user.js b/install/ui/src/freeipa/user.js index 7a08151..a36b65a 100644 --- a/install/ui/src/freeipa/user.js +++ b/install/ui/src/freeipa/user.js @@ -192,7 +192,8 @@ return { name: 'krbprincipalname', item_name: 'principal', child_spec: { -$type: 'krb_principal' +
[Freeipa-devel] [freeipa PR#461][+ack] Bump required version of bind-dyndb-ldap to 11.0-2
URL: https://github.com/freeipa/freeipa/pull/461 Title: #461: Bump required version of bind-dyndb-ldap to 11.0-2 Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#432][+ack] build: Add missing dependency on libxmlrpc{, _util}
URL: https://github.com/freeipa/freeipa/pull/432 Title: #432: build: Add missing dependency on libxmlrpc{,_util} Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#400][edited] WebUI: Certificate Mapping
URL: https://github.com/freeipa/freeipa/pull/400 Author: pvomacka Title: #400: WebUI: Certificate Mapping Action: edited Changed field: body Original value: """ Add WebUI for certificate mapping """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#400][opened] WebUI: Certificate Mapping
URL: https://github.com/freeipa/freeipa/pull/400 Author: pvomacka Title: #400: WebUI: Certificate Mapping Action: opened PR body: """ Add WebUI for certificate mapping """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/400/head:pr400 git checkout pr400 From 0044846ee2c657179ec586b61ccec56876b3d6e2 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 16 Jan 2017 13:59:16 +0100 Subject: [PATCH 1/4] WebUI: Add possibility to set widget always writable If widget will have set attribute 'always_writable' to true, then 'no_update' flag will be ingored. Used in command user-{add,remove}-certmap which needs to be writable in WebUI and also needs to be omitted from user-mod command. Part of: https://fedorahosted.org/freeipa/ticket/6601 --- install/ui/src/freeipa/field.js | 11 ++- install/ui/src/freeipa/widget.js | 2 ++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index d70a778..2d05ab1 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -484,7 +484,16 @@ field.field = IPA.field = function(spec) { writable = false; } -if (that.metadata.flags && array.indexOf(that.metadata.flags, 'no_update') > -1) { +// In case that widget has set always_writable attribute, then +// 'no_update' flag is ignored in WebUI. It is done because of +// commands like user-{add,remove}-certmap. They operate with user's +// attribute, which cannot be changed using user-mod, but only +// using command user-{add,remove}-certmap. Therefore it has set +// 'no_update' flag, but we need to show 'Add', 'Remove' buttons in +// WebUI. +if (that.metadata.flags && +array.indexOf(that.metadata.flags, 'no_update') > -1 && +that.widget && !that.widget.always_writable) { writable = false; } } diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js index 6ad8aad..e6dfef9 100644 --- a/install/ui/src/freeipa/widget.js +++ b/install/ui/src/freeipa/widget.js @@ -1516,6 +1516,8 @@ IPA.custom_command_multivalued_widget = function(spec) { var that = IPA.multivalued_widget(spec); +that.always_writable = spec.always_writable || true; + that.item_name = spec.item_name || ''; that.adder_dialog_spec = spec.adder_dialog_spec; From 4adde09f3fbb7471d1ef2a0aacd4e92c8e66c280 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 16 Jan 2017 14:12:23 +0100 Subject: [PATCH 2/4] WebUI: Send option:false if checkbox is not checked A checkbox can have true (checked) as default value, then we need to send false in case that user uncheck the checkbox. Part of: https://fedorahosted.org/freeipa/ticket/6601 --- install/ui/src/freeipa/field.js | 12 1 file changed, 12 insertions(+) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index 2d05ab1..01411e4 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -1167,6 +1167,18 @@ field.checkbox_field = IPA.checkbox_field = function(spec) { return false; }; +/** Returns false when checkbox is not checked. + * Necessary for checkboxes which has true as default value. i.e. + * certmaprule_add + */ +that.get_value = function() { + +if(that.value.length === 0) { +that.value = [false]; +} +return that.value; +}; + return that; }; From caef2cbe531e83a9bade00a55eb75c76bb34ae63 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 16 Jan 2017 14:13:42 +0100 Subject: [PATCH 3/4] WebUI: Create non editable row widget for mutlivalued widget Old krb-principal widget is changed to general one. And used also for ipacertmapdata in user. This widget make every line non-editable. Part of: https://fedorahosted.org/freeipa/ticket/6601 --- install/ui/src/freeipa/host.js| 3 ++- install/ui/src/freeipa/service.js | 3 ++- install/ui/src/freeipa/user.js| 3 ++- install/ui/src/freeipa/widget.js | 26 -- 4 files changed, 22 insertions(+), 13 deletions(-) diff --git a/install/ui/src/freeipa/host.js b/install/ui/src/freeipa/host.js index 87cf264..023530a 100644 --- a/install/ui/src/freeipa/host.js +++ b/install/ui/src/freeipa/host.js @@ -93,7 +93,8 @@ return { name: 'krbprincipalname', item_name: 'principal', child_spec: { -$type: 'krb_principal' +
[Freeipa-devel] [freeipa PR#390][opened] WebUI: Fix Coverity JS bugs
URL: https://github.com/freeipa/freeipa/pull/390 Author: pvomacka Title: #390: WebUI: Fix Coverity JS bugs Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/390/head:pr390 git checkout pr390 From 8b35a9710d8476903f00c57e63b8f734a344235c Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 11 Jan 2017 17:13:19 +0100 Subject: [PATCH 1/2] Coverity: Fix possibility of access to attribute of undefined --- install/ui/src/freeipa/widgets/APIBrowserWidget.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/ui/src/freeipa/widgets/APIBrowserWidget.js b/install/ui/src/freeipa/widgets/APIBrowserWidget.js index 2164df2..ff1c8ee 100644 --- a/install/ui/src/freeipa/widgets/APIBrowserWidget.js +++ b/install/ui/src/freeipa/widgets/APIBrowserWidget.js @@ -253,7 +253,7 @@ widgets.APIBrowserWidget = declare([Stateful, Evented], { // switch widget if (widget && !widget.el) widget.render(); -if (this.current_details_w !== widget) { +if (widget && this.current_details_w !== widget) { this.details_el.empty(); this.details_el.append(widget.el); } From 9b07762989f53adeb6dbad92f61622946cf52509 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 11 Jan 2017 17:14:01 +0100 Subject: [PATCH 2/2] Coverity: removed useless semicolon which ends statement earlier --- install/ui/src/freeipa/widgets/LoginScreen.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/ui/src/freeipa/widgets/LoginScreen.js b/install/ui/src/freeipa/widgets/LoginScreen.js index 29a5efc..0096433 100644 --- a/install/ui/src/freeipa/widgets/LoginScreen.js +++ b/install/ui/src/freeipa/widgets/LoginScreen.js @@ -339,10 +339,10 @@ define(['dojo/_base/declare', set_login_aside_text: function() { var aside = ""; if (this.password_enabled()) { -aside += ""+this.form_auth_msg;+""; +aside += ""+this.form_auth_msg+""; } if (this.kerberos_enabled()) { -aside += ""+this.kerberos_msg;+""; +aside += ""+this.kerberos_msg+""; } this.set('aside', aside); }, -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#368][opened] WebUI: fix incorrect behavior of ESC button on combobox
URL: https://github.com/freeipa/freeipa/pull/368 Author: pvomacka Title: #368: WebUI: fix incorrect behavior of ESC button on combobox Action: opened PR body: """ When combobox is opened then ESC key should close it. There was a bug that ESC key closed also the dialog. It was caused by bad keyboard event handling. The CB was closed by keydown event and the dialog by keyup. Therefore the propagating of keyup and keydown event is stopped when CB is opened (when the event is fired on CB element). https://fedorahosted.org/freeipa/ticket/6388 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/368/head:pr368 git checkout pr368 From b719aa6b98d1706794ec570b539dc9198fe04905 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 4 Jan 2017 12:21:57 +0100 Subject: [PATCH 1/2] WebUI: add default on_cancel function in adder_dialog Adder dialog is mixed with confirmation_mixin. That mixin calls on_cancel method when closing dialog using ESC key. Previously the on_cancel method was not defined, therefore dialog was not correctly closed. This was the root cause of the bug, that adder dialog cannot be opened after closing it using ESC. Now the default function for on_cancel is dialog.close. So dialog is correctly closed. https://fedorahosted.org/freeipa/ticket/6388 --- install/ui/src/freeipa/add.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/install/ui/src/freeipa/add.js b/install/ui/src/freeipa/add.js index 6221085..b93bd34 100644 --- a/install/ui/src/freeipa/add.js +++ b/install/ui/src/freeipa/add.js @@ -36,6 +36,8 @@ IPA.entity_adder_dialog = function(spec) { var that = IPA.dialog(spec); +that.on_cancel = that.close; + IPA.confirm_mixin().apply(that); /** @property {string} method="add" API method for add command */ From 065a1db42f2b6000e0f54ecfebd65570facd7892 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 4 Jan 2017 12:28:55 +0100 Subject: [PATCH 2/2] WebUI: fix incorrect behavior of ESC button on combobox When combobox is opened then ESC key should close it. There was a bug that ESC key closed also the dialog. It was caused by bad keyboard event handling. The CB was closed by keydown event and the dialog by keyup. Therefore the propagating of keyup and keydown event is stopped when CB is opened (when the event is fired on CB element). https://fedorahosted.org/freeipa/ticket/6388 --- install/ui/src/freeipa/widget.js | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js index 041eaa2..6159410 100644 --- a/install/ui/src/freeipa/widget.js +++ b/install/ui/src/freeipa/widget.js @@ -4611,7 +4611,7 @@ IPA.combobox_widget = function(spec) { that.list_container = $('', { 'class': 'combobox-widget-list', css: { 'z-index': that.z_index, 'display':'none' }, -keydown: that.on_list_container_keydown +keyup: that.on_list_container_keyup }).appendTo(that.input_container); var div = $('', { @@ -4723,7 +4723,7 @@ IPA.combobox_widget = function(spec) { } }; -that.on_list_container_keydown = function(e) { +that.on_list_container_keyup = function(e) { // close on ESCAPE and consume event to prevent unwanted // behaviour like closing dialog if (e.which == keys.ESCAPE) { @@ -4756,11 +4756,16 @@ IPA.combobox_widget = function(spec) { e.preventDefault(); that.select_next(); that.list.focus(); +} else if (key === keys.ESCAPE) { +e.stopPropagation(); } }; that.list_on_keydown = function(e) { -if (e.which === keys.TAB) { +if (e.which === keys.ESCAPE) { +e.stopPropagation(); +return false; +} else if (e.which === keys.TAB) { e.preventDefault(); if (that.searchable) { that.filter.focus(); -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#139][comment] WebUI: Vault Management
URL: https://github.com/freeipa/freeipa/pull/139 Title: #139: WebUI: Vault Management pvomacka commented: """ @mbasti-rh Both bugs fixed, thank you. Back to the difference between My User Vault and User Vault. I forgot to mention that My User Vault shows only vaults which are created for the user (who is logged in) and where that user is in Member or Owner group. I think that it is consistent with CLI, or not? """ See the full comment at https://github.com/freeipa/freeipa/pull/139#issuecomment-268269736 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#139][synchronized] WebUI: Vault Management
URL: https://github.com/freeipa/freeipa/pull/139 Author: pvomacka Title: #139: WebUI: Vault Management Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/139/head:pr139 git checkout pr139 From 2364407f3b7a26e046d78e7eaae147d327a36af0 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 5 Oct 2016 09:54:24 +0200 Subject: [PATCH 01/14] Additional option to add and del operations can be set By setting the property 'additional_add_del_field' to the name of one of the fields which are on current details page, we choose field which value will be added to *_add_* and *_del_* commands in this format: {field_name: field_value} --field_name: field_value Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 22 ++ 1 file changed, 22 insertions(+) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index 7579bb0..d44f8c8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -421,6 +421,14 @@ IPA.association_table_widget = function (spec) { var that = IPA.table_widget(spec); +/** + * The value should be name of the field, which will be added to *_add_*, + * *_del_* commands as option: {fieldname: fieldvalue}. + * + * @property {String} fieldname + */ +that.additional_add_del_field = spec.additional_add_del_field; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -677,9 +685,22 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); + command.execute(); }; +that.join_additional_option = function(command) { +var add_opt = that.additional_add_del_field; +if (add_opt && typeof add_opt === 'string') { +var opt_field = that.entity.facet.get_field(add_opt); +var value; +if (opt_field) value = opt_field.get_value()[0]; + +command.set_option(add_opt, value); +} +}; + that.show_remove_dialog = function() { var selected_values = that.get_selected_values(); @@ -741,6 +762,7 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); command.execute(); }; From bf1b9f872f5592987f824e2e1cbafe75152837a8 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 5 Oct 2016 10:09:20 +0200 Subject: [PATCH 02/14] Allow to set another other_entity name Association table's add, del commands needs as option list of cn of other_entity, which is added or deleted. There is a case (currently in vaults) that the name of option is different than the name of other_entity. In this situation we can set 'other_option_name' and put there the option name. This option name will be used instead of 'other_entity' name. Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 24 +--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index d44f8c8..63beeb8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -429,6 +429,17 @@ IPA.association_table_widget = function (spec) { */ that.additional_add_del_field = spec.additional_add_del_field; +/** + * Can be used in situations when the *_add_member command needs entity + * as a parameter, but parameter has different name than entity. + * i.e. vault_add_member --services=[values] ... this needs values from service + * entity, but option is called services, that we can set by setting + * this option in spec to other_option_name: 'services' + * + * @property other_option_name {String} + */ +that.other_option_name = spec.other_option_name; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -683,9 +694,9 @@ IPA.association_table_widget = function (spec) { on_success: on_success, on_error: on_error }); -command.set_option(that.other_entity.name, values); that.join_additional_option(command); +that.handle_entity_option(command, values); command.execute(); }; @@ -701,6 +712,14 @@ IPA.association_table_widget = function (spec) { } }; +that.handle_entity_option = function(command, values) { +var option_name = that.other_option_name; +if (!option_name) { +option_name = that.other_entity.name; +} +
[Freeipa-devel] [freeipa PR#342][+ack] [4.3] password policy: Add explicit default password policy for hosts and services
URL: https://github.com/freeipa/freeipa/pull/342 Title: #342: [4.3] password policy: Add explicit default password policy for hosts and services Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#344][+ack] [4.4] password policy: Add explicit default password policy for hosts and services
URL: https://github.com/freeipa/freeipa/pull/344 Title: #344: [4.4] password policy: Add explicit default password policy for hosts and services Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#338][+ack] password policy: Add explicit default password policy for hosts and services
URL: https://github.com/freeipa/freeipa/pull/338 Title: #338: password policy: Add explicit default password policy for hosts and services Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#331][opened] WebUI: don't change casing of Auth Indicators values
URL: https://github.com/freeipa/freeipa/pull/331 Author: pvomacka Title: #331: WebUI: don't change casing of Auth Indicators values Action: opened PR body: """ All values were previously converted to lowercase which was not coresponding with CLI behaviour. Now they stay as they are inserted. I also have to change the strings to lowercase because the otp and radius should be inserted as lowercase words. https://fedorahosted.org/freeipa/ticket/6308 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/331/head:pr331 git checkout pr331 From a0dd61fdd6f04a2e1079e9e9b1996c0547bb1742 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Tue, 13 Dec 2016 13:21:29 +0100 Subject: [PATCH 1/2] WebUI: Allow disabling lowering text in custom_checkbox_widget Add new attribute which keeps information whether each text added using custom_checkbox_widget shoud be transformed to lowercase. Part of: https://fedorahosted.org/freeipa/ticket/6308 --- install/ui/src/freeipa/widget.js | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js index 041eaa2..7965d9f 100644 --- a/install/ui/src/freeipa/widget.js +++ b/install/ui/src/freeipa/widget.js @@ -2509,6 +2509,9 @@ IPA.custom_checkboxes_widget = function(spec) { var that = IPA.checkboxes_widget(spec); +that.set_value_to_lowercase = spec.set_value_to_lowercase === undefined +? true : spec.set_value_to_lowercase; + that.add_dialog_title = spec.add_dialog_title || "@i18n:dialogs.add_custom_value"; that.add_field_label = spec.add_field_label || @@ -2626,7 +2629,7 @@ IPA.custom_checkboxes_widget = function(spec) { if (!value || value === '') continue; -value = value.toLowerCase(); +if (that.set_value_to_lowercase) value = value.toLowerCase(); that.values.push(value); } From e40d717ebfc8dac544d646951b22f3747ff2aad4 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Tue, 13 Dec 2016 13:25:48 +0100 Subject: [PATCH 2/2] WebUI: don't change casing of Auth Indicators values All values were previously converted to lowercase which was not coresponding with CLI behaviour. Now they stay as they are inserted. I also have to change the strings to lowercase because the otp and radius should be inserted as lowercase words. https://fedorahosted.org/freeipa/ticket/6308 --- install/ui/src/freeipa/host.js| 1 + install/ui/src/freeipa/service.js | 5 +++-- ipaserver/plugins/internal.py | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/install/ui/src/freeipa/host.js b/install/ui/src/freeipa/host.js index 87cf264..a54cb8f 100644 --- a/install/ui/src/freeipa/host.js +++ b/install/ui/src/freeipa/host.js @@ -119,6 +119,7 @@ return { $type: 'custom_checkboxes', label: '@i18n:authtype.auth_indicators', name: 'krbprincipalauthind', +set_value_to_lowercase: false, add_dialog_title: '@i18n:authtype.custom_auth_ind_title', add_field_label: '@i18n:authtype.auth_indicator', options: [ diff --git a/install/ui/src/freeipa/service.js b/install/ui/src/freeipa/service.js index a6607d2..a86205a 100644 --- a/install/ui/src/freeipa/service.js +++ b/install/ui/src/freeipa/service.js @@ -129,16 +129,17 @@ return { $type: 'custom_checkboxes', label: '@i18n:authtype.auth_indicators', name: 'krbprincipalauthind', +set_value_to_lowercase: false, add_dialog_title: '@i18n:authtype.custom_auth_ind_title', add_field_label: '@i18n:authtype.auth_indicator', options: [ { label: '@i18n:authtype.otp', -value: 'otp' +value: 'OTP' }, { label: '@i18n:authtype.type_radius', -value: 'radius' +value: 'RADIUS' } ], tooltip: { diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py index 6107a14..74c264e 100644 --- a/ipaserver/plugins/internal.py +++ b/ipaserver/plugins/internal.py @@ -201,10 +201,10 @@ class i18n_messages(Command): "auth_indicator": _("Authentica
[Freeipa-devel] [freeipa PR#327][comment] WebUI: RPC refactoring
URL: https://github.com/freeipa/freeipa/pull/327 Title: #327: WebUI: RPC refactoring pvomacka commented: """ Patch 84: Yes, that is really good idea, but as you said - we don't have usecase for it right now. But I created a ticket to not forget about it. https://fedorahosted.org/freeipa/ticket/6553 Patch 101: I changed the name of event to 'set-activity-event', now it accepts one parameter which is new text of activity widget. But it can be extended in the future to accept more parameters and set more attributes. I think that creating new method "that.set_text" or something similar can lead to calling that method instead of using topics (events). That's the reason why I left the setting of text in anonymous function (event listener). """ See the full comment at https://github.com/freeipa/freeipa/pull/327#issuecomment-266419398 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#327][comment] WebUI: RPC refactoring
URL: https://github.com/freeipa/freeipa/pull/327 Title: #327: WebUI: RPC refactoring pvomacka commented: """ The last comment from pvoborni: "patch 84: Looks good, works fine, it just needed rebase(I could provide that). Idea, but that doesn't have to be implemented, or sometime in future, right now it is not useful: What about providing the rpc object in the event, and having unique id for each rpc call so that we could track all rpc which are executed. patch 101: 1. It's event name but the property name looks like that it contains a text: that.change_text = 'change-activity-text'; Should it be rather: that.change_text_event. Or even, why does it compare previous text? Does it matter? Wouldn't be better to have 'set-activity' event. And then the handler would call something new set_text method: set_text(new_activity) that.dots = 0 that.text = new_activity that.make_step() -- Petr Vobornik" """ See the full comment at https://github.com/freeipa/freeipa/pull/327#issuecomment-266417734 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#327][opened] WebUI: RPC refactoring
URL: https://github.com/freeipa/freeipa/pull/327 Author: pvomacka Title: #327: WebUI: RPC refactoring Action: opened PR body: """ Moved from ML ( https://www.redhat.com/archives/freeipa-devel/2016-November/msg00338.html ) to PR. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/327/head:pr327 git checkout pr327 From 6f83cd83c29ff7e419f6c0f294fb84abc404d8c2 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 28 Jul 2016 15:29:23 +0200 Subject: [PATCH 1/2] Refactoring of rpc module The rpc module is now separated from display layer. There are two new global topics: - 'rpc-start' for showing the widget which indicates execution of rpc calls - 'rpc-end' for hiding the widget which indicates execution of rpc calls. These two global topics replace the original methods IPA.display_activity_icon() and IPA.hide_activity_icon(). There is also new property of a command (notify_globally), which allows to turn off the widget which indicates network activity. Instead of classic activity indicator there can be called custom function at the beginning and at the end of network activity. There are also changes in internal communication in rpc.js module. There are four new events, two for calling on_success and on_error methods and two for calling custom functions at the beginning and at the end of network activity. https://fedorahosted.org/freeipa/ticket/6144 --- install/ui/src/freeipa/certificate.js | 60 + install/ui/src/freeipa/ipa.js | 55 ++-- install/ui/src/freeipa/plugins/login.js | 2 +- install/ui/src/freeipa/rpc.js | 85 +++-- install/ui/src/freeipa/widget.js| 16 +++-- install/ui/src/freeipa/widgets/SyncOTPScreen.js | 7 +- 6 files changed, 152 insertions(+), 73 deletions(-) diff --git a/install/ui/src/freeipa/certificate.js b/install/ui/src/freeipa/certificate.js index 9ab4002..4666b1a 100755 --- a/install/ui/src/freeipa/certificate.js +++ b/install/ui/src/freeipa/certificate.js @@ -780,19 +780,35 @@ IPA.cert.request_action = function(spec) { IPA.cert.perform_revoke = function(spec, sn, revocation_reason, cacn) { -spec.hide_activity_icon = spec.hide_activity_icon || false; +/** + * Sets whether activity notification box will be shown + * during executing command or not. + */ +spec.notify_globally = spec.notify_globally === undefined ? true : +spec.notify_globally; + + +/** + * Specifies function which will be called before command execution starts. + */ +spec.start_handler = spec.start_handler || null; + +/** + * Specifies function which will be called after command execution ends. + */ +spec.end_handler = spec.end_handler || null; rpc.command({ entity: 'cert', method: 'revoke', -hide_activity_icon: spec.hide_activity_icon, args: [ sn ], options: { revocation_reason: revocation_reason, cacn: cacn }, -notify_activity_start: spec.notify_activity_start, -notify_activity_end: spec.notify_activity_end, +notify_globally: spec.notify_globally, +start_handler: spec.start_handler, +end_handler: spec.end_handler, on_success: spec.on_success, on_error: spec.on_error }).execute(); @@ -906,6 +922,25 @@ IPA.cert.remove_hold_action = function(spec) { IPA.cert.perform_remove_hold = function(spec, sn, cacn) { +/** + * Sets whether activity notification box will be shown + * during executing command or not. + */ +spec.notify_globally = spec.notify_globally === undefined ? true : +spec.notify_globally; + + +/** + * Specifies function which will be called before command execution starts. + */ +spec.start_handler = spec.start_handler || null; + +/** + * Specifies function which will be called after command execution ends. + */ +spec.end_handler = spec.end_handler || null; + + rpc.command({ entity: 'cert', method: 'remove_hold', @@ -913,7 +948,10 @@ IPA.cert.perform_remove_hold = function(spec, sn, cacn) { options: { cacn: cacn }, -on_success: spec.on_success +on_success: spec.on_success, +notify_globally: spec.notify_globally, +start_handler: spec.start_handler, +end_handler: spec.end_handler }).execute(); }; @@ -1409,11 +1447,11 @@ IPA.cert.cert_widget = function(spec) { on_ok: function() { var command_spec = { -hide_activity_icon: true, -notify_activity_end: function() { +notify_globally: false, +end_handler: function() {
[Freeipa-devel] [freeipa PR#325][opened] WebUI: Hide incorrectly shown buttons on hosts tab in ID Views
URL: https://github.com/freeipa/freeipa/pull/325 Author: pvomacka Title: #325: WebUI: Hide incorrectly shown buttons on hosts tab in ID Views Action: opened PR body: """ There was missing default value for evaluator adapter. In that case the adapter variable could be undefined and it crashes on building adapter. Therefore it did not evaluate all evaluators. That is the reason why 'Delete' and 'Add' buttons were incorrectly shown. Default value is now set to empty object. https://fedorahosted.org/freeipa/ticket/6546 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/325/head:pr325 git checkout pr325 From b7d617e0c44562401c55ef7ce22867e1b2ef7885 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 12 Dec 2016 09:44:40 +0100 Subject: [PATCH] WebUI: Hide incorrectly shown buttons on hosts tab in ID Views There was missing default value for evaluator adapter. In that case the adapter variable could be undefined and it crashes on building adapter. Therefore it did not evaluate all evaluators. That is the reason why 'Delete' and 'Add' buttons were incorrectly shown. Default value is now set to empty object. https://fedorahosted.org/freeipa/ticket/6546 --- install/ui/src/freeipa/details.js | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ui/src/freeipa/details.js b/install/ui/src/freeipa/details.js index e274e6f..9f0e632 100644 --- a/install/ui/src/freeipa/details.js +++ b/install/ui/src/freeipa/details.js @@ -1647,6 +1647,7 @@ exp.value_state_evaluator = IPA.value_state_evaluator = function(spec) { spec.name = spec.name || 'value_state_evaluator'; spec.event = spec.event || 'post_load'; +spec.adapter = spec.adapter || {}; var that = IPA.state_evaluator(spec); -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#139][synchronized] WebUI: Vault Management
URL: https://github.com/freeipa/freeipa/pull/139 Author: pvomacka Title: #139: WebUI: Vault Management Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/139/head:pr139 git checkout pr139 From f18390bcda9ab82eb7c47ec3befcae3918ced57f Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 5 Oct 2016 09:54:24 +0200 Subject: [PATCH 01/14] Additional option to add and del operations can be set By setting the property 'additional_add_del_field' to the name of one of the fields which are on current details page, we choose field which value will be added to *_add_* and *_del_* commands in this format: {field_name: field_value} --field_name: field_value Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 22 ++ 1 file changed, 22 insertions(+) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index 7579bb0..d44f8c8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -421,6 +421,14 @@ IPA.association_table_widget = function (spec) { var that = IPA.table_widget(spec); +/** + * The value should be name of the field, which will be added to *_add_*, + * *_del_* commands as option: {fieldname: fieldvalue}. + * + * @property {String} fieldname + */ +that.additional_add_del_field = spec.additional_add_del_field; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -677,9 +685,22 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); + command.execute(); }; +that.join_additional_option = function(command) { +var add_opt = that.additional_add_del_field; +if (add_opt && typeof add_opt === 'string') { +var opt_field = that.entity.facet.get_field(add_opt); +var value; +if (opt_field) value = opt_field.get_value()[0]; + +command.set_option(add_opt, value); +} +}; + that.show_remove_dialog = function() { var selected_values = that.get_selected_values(); @@ -741,6 +762,7 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); command.execute(); }; From 5d10b12c76bc3463d21ed8af3fdaef6d3731774a Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 5 Oct 2016 10:09:20 +0200 Subject: [PATCH 02/14] Allow to set another other_entity name Association table's add, del commands needs as option list of cn of other_entity, which is added or deleted. There is a case (currently in vaults) that the name of option is different than the name of other_entity. In this situation we can set 'other_option_name' and put there the option name. This option name will be used instead of 'other_entity' name. Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 24 +--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index d44f8c8..63beeb8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -429,6 +429,17 @@ IPA.association_table_widget = function (spec) { */ that.additional_add_del_field = spec.additional_add_del_field; +/** + * Can be used in situations when the *_add_member command needs entity + * as a parameter, but parameter has different name than entity. + * i.e. vault_add_member --services=[values] ... this needs values from service + * entity, but option is called services, that we can set by setting + * this option in spec to other_option_name: 'services' + * + * @property other_option_name {String} + */ +that.other_option_name = spec.other_option_name; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -683,9 +694,9 @@ IPA.association_table_widget = function (spec) { on_success: on_success, on_error: on_error }); -command.set_option(that.other_entity.name, values); that.join_additional_option(command); +that.handle_entity_option(command, values); command.execute(); }; @@ -701,6 +712,14 @@ IPA.association_table_widget = function (spec) { } }; +that.handle_entity_option = function(command, values) { +var option_name = that.other_option_name; +if (!option_name) { +option_name = that.other_entity.name; +} +
[Freeipa-devel] [freeipa PR#307][synchronized] Lowered the version of gettext
URL: https://github.com/freeipa/freeipa/pull/307 Author: pvomacka Title: #307: Lowered the version of gettext Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/307/head:pr307 git checkout pr307 From 1c49b0d070044b05bb15a17c23c47b18b952d6ff Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 7 Dec 2016 12:16:56 +0100 Subject: [PATCH] Lowered the version of gettext The lower version is needed while building on RHEL. Also po/Rules-quot file is deleted and added to .gitignore. https://fedorahosted.org/freeipa/ticket/6418 --- .gitignore| 1 + configure.ac | 2 +- po/Rules-quot | 58 -- 3 files changed, 2 insertions(+), 59 deletions(-) delete mode 100644 po/Rules-quot diff --git a/.gitignore b/.gitignore index a9c71e4..6dcda76 100644 --- a/.gitignore +++ b/.gitignore @@ -12,6 +12,7 @@ /po/POTFILES /po/POTFILES.in /po/remove-potcdate.sed +/po/Rules-quot /po/stamp-po # In-tree build files diff --git a/configure.ac b/configure.ac index 6e31b29..c02a672 100644 --- a/configure.ac +++ b/configure.ac @@ -299,7 +299,7 @@ AC_CONFIG_COMMANDS([po/POTFILES.in], > po/POTFILES.in && dnl cd "${find_start_pwd}"]) AC_SUBST(GETTEXT_DOMAIN, [ipa]) -AM_GNU_GETTEXT_VERSION([0.19.8]) +AM_GNU_GETTEXT_VERSION([0.18.2]) AM_GNU_GETTEXT([external]) dnl integrate our custom hacks into gettextize infrastructure diff --git a/po/Rules-quot b/po/Rules-quot deleted file mode 100644 index baf6528..000 --- a/po/Rules-quot +++ /dev/null @@ -1,58 +0,0 @@ -# This file, Rules-quot, can be copied and used freely without restrictions. -# Special Makefile rules for English message catalogs with quotation marks. - -DISTFILES.common.extra1 = quot.sed boldquot.sed en@quot.header en@boldquot.header insert-header.sin Rules-quot - -.SUFFIXES: .insert-header .po-update-en - -e...@quot.po-create: - $(MAKE) e...@quot.po-update -e...@boldquot.po-create: - $(MAKE) e...@boldquot.po-update - -e...@quot.po-update: e...@quot.po-update-en -e...@boldquot.po-update: e...@boldquot.po-update-en - -.insert-header.po-update-en: - @lang=`echo $@ | sed -e 's/\.po-update-en$$//'`; \ - if test "$(PACKAGE)" = "gettext-tools" && test "$(CROSS_COMPILING)" != "yes"; then PATH=`pwd`/../src:$$PATH; GETTEXTLIBDIR=`cd $(top_srcdir)/src && pwd`; export GETTEXTLIBDIR; fi; \ - tmpdir=`pwd`; \ - echo "$$lang:"; \ - ll=`echo $$lang | sed -e 's/@.*//'`; \ - LC_ALL=C; export LC_ALL; \ - cd $(srcdir); \ - if $(MSGINIT) $(MSGINIT_OPTIONS) -i $(DOMAIN).pot --no-translator -l $$lang -o - 2>/dev/null \ - | $(SED) -f $$tmpdir/$$lang.insert-header | $(MSGCONV) -t UTF-8 | \ - { case `$(MSGFILTER) --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \ - '' | 0.[0-9] | 0.[0-9].* | 0.1[0-8] | 0.1[0-8].*) \ - $(MSGFILTER) $(SED) -f `echo $$lang | sed -e 's/.*@//'`.sed \ - ;; \ - *) \ - $(MSGFILTER) `echo $$lang | sed -e 's/.*@//'` \ - ;; \ - esac } 2>/dev/null > $$tmpdir/$$lang.new.po \ - ; then \ - if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \ - rm -f $$tmpdir/$$lang.new.po; \ - else \ - if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \ - :; \ - else \ - echo "creation of $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \ - exit 1; \ - fi; \ - fi; \ - else \ - echo "creation of $$lang.po failed!" 1>&2; \ - rm -f $$tmpdir/$$lang.new.po; \ - fi - -en@quot.insert-header: insert-header.sin - sed -e '/^#/d' -e 's/HEADER/en@quot.header/g' $(srcdir)/insert-header.sin > en@quot.insert-header - -en@boldquot.insert-header: insert-header.sin - sed -e '/^#/d' -e 's/HEADER/en@boldquot.header/g' $(srcdir)/insert-header.sin > en@boldquot.insert-header - -mostlyclean: mostlyclean-quot -mostlyclean-quot: - rm -f *.insert-header -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#303][comment] Add python-pyasn1-modules into dependencies
URL: https://github.com/freeipa/freeipa/pull/303 Title: #303: Add python-pyasn1-modules into dependencies pvomacka commented: """ Added, I also added more information into commit message. """ See the full comment at https://github.com/freeipa/freeipa/pull/303#issuecomment-264845609 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#303][synchronized] Add python-pyasn1-modules into dependencies
URL: https://github.com/freeipa/freeipa/pull/303 Author: pvomacka Title: #303: Add python-pyasn1-modules into dependencies Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/303/head:pr303 git checkout pr303 From f20e47fd6d6e54f4d67e9b1dfd756cfea1f5915f Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Fri, 2 Dec 2016 17:09:48 +0100 Subject: [PATCH] Add python-pyasn1-modules into dependencies Python-pyasn1-modules is needed because of this import: from pyasn1_modules import rfc2459 in ipalib/x509.py. Python-pyasn1-modules is required only by python-ldap package, but it would be good to not rely on another package and rather say explicitely that this package is necessary. https://fedorahosted.org/freeipa/ticket/6398 --- freeipa.spec.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/freeipa.spec.in b/freeipa.spec.in index 15c3e68..cba40c2 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -102,6 +102,7 @@ BuildRequires: python-ldap BuildRequires: python-nss BuildRequires: python-netaddr BuildRequires: python-pyasn1 +BuildRequires: python-pyasn1-modules BuildRequires: python-dns BuildRequires: python-six BuildRequires: python-libsss_nss_idmap @@ -515,6 +516,7 @@ Requires: python-netaddr Requires: python-libipa_hbac Requires: python-qrcode-core >= 5.0.0 Requires: python-pyasn1 +Requires: python-pyasn1-modules Requires: python-dateutil Requires: python-yubico >= 1.2.3 Requires: python-sss-murmur @@ -564,6 +566,7 @@ Requires: python3-netaddr Requires: python3-libipa_hbac Requires: python3-qrcode-core >= 5.0.0 Requires: python3-pyasn1 +Requires: python3-pyasn1-modules Requires: python3-dateutil Requires: python3-yubico >= 1.2.3 Requires: python3-sss-murmur -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#307][opened] Lowered the version of gettext
URL: https://github.com/freeipa/freeipa/pull/307 Author: pvomacka Title: #307: Lowered the version of gettext Action: opened PR body: """ The lower version is needed while building on RHEL. Also regenerated Rules-quot file. https://fedorahosted.org/freeipa/ticket/6418 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/307/head:pr307 git checkout pr307 From 5afa4bc62419d3bc14ab2d70c4f3f6bb95125c78 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Fri, 25 Nov 2016 15:02:14 +0100 Subject: [PATCH] Lowered the version of gettext The lower version is needed while building on RHEL. Also regenerated Rules-quot file. https://fedorahosted.org/freeipa/ticket/6418 --- configure.ac | 2 +- po/Rules-quot | 15 ++- 2 files changed, 3 insertions(+), 14 deletions(-) diff --git a/configure.ac b/configure.ac index 66e6e9b..5674d27 100644 --- a/configure.ac +++ b/configure.ac @@ -299,7 +299,7 @@ AC_CONFIG_COMMANDS([po/POTFILES.in], > po/POTFILES.in && dnl cd "${find_start_pwd}"]) AC_SUBST(GETTEXT_DOMAIN, [ipa]) -AM_GNU_GETTEXT_VERSION([0.19.8]) +AM_GNU_GETTEXT_VERSION([0.18.2]) AM_GNU_GETTEXT([external]) dnl integrate our custom hacks into gettextize infrastructure diff --git a/po/Rules-quot b/po/Rules-quot index baf6528..d2ac20d 100644 --- a/po/Rules-quot +++ b/po/Rules-quot @@ -1,4 +1,3 @@ -# This file, Rules-quot, can be copied and used freely without restrictions. # Special Makefile rules for English message catalogs with quotation marks. DISTFILES.common.extra1 = quot.sed boldquot.sed en@quot.header en@boldquot.header insert-header.sin Rules-quot @@ -15,23 +14,13 @@ e...@boldquot.po-update: e...@boldquot.po-update-en .insert-header.po-update-en: @lang=`echo $@ | sed -e 's/\.po-update-en$$//'`; \ - if test "$(PACKAGE)" = "gettext-tools" && test "$(CROSS_COMPILING)" != "yes"; then PATH=`pwd`/../src:$$PATH; GETTEXTLIBDIR=`cd $(top_srcdir)/src && pwd`; export GETTEXTLIBDIR; fi; \ + if test "$(PACKAGE)" = "gettext-tools"; then PATH=`pwd`/../src:$$PATH; GETTEXTLIBDIR=`cd $(top_srcdir)/src && pwd`; export GETTEXTLIBDIR; fi; \ tmpdir=`pwd`; \ echo "$$lang:"; \ ll=`echo $$lang | sed -e 's/@.*//'`; \ LC_ALL=C; export LC_ALL; \ cd $(srcdir); \ - if $(MSGINIT) $(MSGINIT_OPTIONS) -i $(DOMAIN).pot --no-translator -l $$lang -o - 2>/dev/null \ - | $(SED) -f $$tmpdir/$$lang.insert-header | $(MSGCONV) -t UTF-8 | \ - { case `$(MSGFILTER) --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \ - '' | 0.[0-9] | 0.[0-9].* | 0.1[0-8] | 0.1[0-8].*) \ - $(MSGFILTER) $(SED) -f `echo $$lang | sed -e 's/.*@//'`.sed \ - ;; \ - *) \ - $(MSGFILTER) `echo $$lang | sed -e 's/.*@//'` \ - ;; \ - esac } 2>/dev/null > $$tmpdir/$$lang.new.po \ - ; then \ + if $(MSGINIT) -i $(DOMAIN).pot --no-translator -l $$lang -o - 2>/dev/null | sed -f $$tmpdir/$$lang.insert-header | $(MSGCONV) -t UTF-8 | $(MSGFILTER) sed -f `echo $$lang | sed -e 's/.*@//'`.sed 2>/dev/null > $$tmpdir/$$lang.new.po; then \ if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \ rm -f $$tmpdir/$$lang.new.po; \ else \ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#303][opened] Add python-pyasn1-modules into dependencies
URL: https://github.com/freeipa/freeipa/pull/303 Author: pvomacka Title: #303: Add python-pyasn1-modules into dependencies Action: opened PR body: """ Python-pyasn1-modules is required by python-ldap package, but it would be good to not rely on another package and rather say explicitely, that this package is necessary. https://fedorahosted.org/freeipa/ticket/6398 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/303/head:pr303 git checkout pr303 From bb8c03adc779b920495dbdc977843632f3ac378b Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Fri, 2 Dec 2016 17:09:48 +0100 Subject: [PATCH] Add python-pyasn1-modules into dependencies Python-pyasn1-modules is required by python-ldap package, but it would be good to not rely on another package and rather say explicitely, that this package is necessary. https://fedorahosted.org/freeipa/ticket/6398 --- freeipa.spec.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/freeipa.spec.in b/freeipa.spec.in index 15c3e68..e206a96 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -515,6 +515,7 @@ Requires: python-netaddr Requires: python-libipa_hbac Requires: python-qrcode-core >= 5.0.0 Requires: python-pyasn1 +Requires: python-pyasn1-modules Requires: python-dateutil Requires: python-yubico >= 1.2.3 Requires: python-sss-murmur @@ -564,6 +565,7 @@ Requires: python3-netaddr Requires: python3-libipa_hbac Requires: python3-qrcode-core >= 5.0.0 Requires: python3-pyasn1 +Requires: python3-pyasn1-modules Requires: python3-dateutil Requires: python3-yubico >= 1.2.3 Requires: python3-sss-murmur -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#300][opened] WebUI: Add support for custom table pagination size
URL: https://github.com/freeipa/freeipa/pull/300 Author: pvomacka Title: #300: WebUI: Add support for custom table pagination size Action: opened PR body: """ New customization button opens dialog with field for setting the number of lines in tables. After saving the new value there is new topic which starts refreshing current table facet (if shown) and set all other facets expired. Therefore all tables are immediately regenerated. https://fedorahosted.org/freeipa/ticket/5742 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/300/head:pr300 git checkout pr300 From 609b978137ba0593bbdd87444789fdf3c2838b6e Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 11 Aug 2016 15:51:33 +0200 Subject: [PATCH 1/3] Add javascript integer validator Javascript integer validator checks whether value entered into field is number and is not higher than Number.MAX_SAFE_INTEGER constant. Part of: https://fedorahosted.org/freeipa/ticket/5742 --- install/ui/src/freeipa/field.js | 34 ++ 1 file changed, 34 insertions(+) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index d70a778..97e5559 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -962,6 +962,39 @@ field.validator = IPA.validator = function(spec) { }; /** + * Javascript integer validator + * + * It allows to insert only integer numbers which can be safely represented by + * Javascript. + * + * @class + * @alternateClassName IPA.metadata_validator + * @extends IPA.validator + */ + field.integer_validator = IPA.integer_validator = function(spec) { + + var that = IPA.validator(spec); + + /** + * @inheritDoc + */ + that.validate = function(value) { + + if (!value.match(/^-?\d+$/)) { + return that.false_result(text.get('@i18n:widget.validation.integer')); + } + + if (!Number.isSafeInteger(parseInt(value, 10))) { + return that.false_result(text.get('@i18n:widget.validation.unsupported')); + } + + return that.true_result(); + }; + + return that; + }; + +/** * Metadata validator * * Validates value according to supplied metadata @@ -1669,6 +1702,7 @@ field.register = function() { v.register('metadata', field.metadata_validator); v.register('unsupported', field.unsupported_validator); v.register('same_password', field.same_password_validator); +v.register('integer', field.integer_validator); l.register('adapter', field.Adapter); l.register('object_adapter', field.ObjectAdapter); From 8967ef45cff3cf26b5693aa06f58173df624baba Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 11 Aug 2016 15:56:01 +0200 Subject: [PATCH 2/3] Make singleton from config module Also added general setter and getter for attributes of config. Part of: https://fedorahosted.org/freeipa/ticket/5742 --- install/ui/src/freeipa/config.js | 51 +++- 1 file changed, 45 insertions(+), 6 deletions(-) diff --git a/install/ui/src/freeipa/config.js b/install/ui/src/freeipa/config.js index 61922d4..3bf017b 100644 --- a/install/ui/src/freeipa/config.js +++ b/install/ui/src/freeipa/config.js @@ -20,14 +20,18 @@ -define([], function() { +define([ +'dojo/_base/declare', +'dojo/topic' +], +function(declare, topic) { /** * Application configuration * @class config * @singleton */ -var config = { +var config = declare([], { /** * Selector for application container node @@ -82,8 +86,43 @@ define([], function() { * Hide sections without any visible widget * @property {boolean} */ -hide_empty_sections: true -}; +hide_empty_sections: true, -return config; -}); \ No newline at end of file +/** + * Number of lines in table on table_facets + * @property {Integer} + */ +table_page_size: 20, + +/** + * Genereal setter for config values. + * @param item_name {string} + * @param value + * @param store {Boolean} sets whether the value will be stored into + * local storage + */ +set: function(item_name, value, store) { +if (!item_name) return; +this[item_name] = value; + +if (store) { +window.localStorage.setItem(item_name, value); +} +}, + +/** + * Genereal setter for config values. + * @param item_name {string} + */ +get: function(item_name) { +return this[item_name]; +}, + +constructor: function() { +var user_limit = window.localStorage.getItem('table_page_size'); +if (use
[Freeipa-devel] [freeipa PR#297][opened] Adjustments for setup requirements v2
URL: https://github.com/freeipa/freeipa/pull/297 Author: pvomacka Title: #297: Adjustments for setup requirements v2 Action: opened PR body: """ Remove setup requirement on wheel since it triggers download. https://fedorahosted.org/freeipa/ticket/6468 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/297/head:pr297 git checkout pr297 From b43f78cc1ef639839cf7c500b23fe0feae69d8ac Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 1 Dec 2016 19:38:22 +0100 Subject: [PATCH] Adjustments for setup requirements v2 Remove setup requirement on wheel since it triggers download. https://fedorahosted.org/freeipa/ticket/6468 --- ipalib/setup.py| 3 --- ipaserver/setup.py | 3 --- 2 files changed, 6 deletions(-) diff --git a/ipalib/setup.py b/ipalib/setup.py index 36b06fc..4239f0c 100644 --- a/ipalib/setup.py +++ b/ipalib/setup.py @@ -44,9 +44,6 @@ "python-nss", "six", ], -setup_requires=[ -"wheel", -], extras_require={ "install": ["ipaplatform"], }, diff --git a/ipaserver/setup.py b/ipaserver/setup.py index 528b901..1f1b424 100755 --- a/ipaserver/setup.py +++ b/ipaserver/setup.py @@ -68,9 +68,6 @@ # "python-SSSDConfig", # "samba-python", ], -setup_requires=[ -"wheel", -], entry_points={ 'custodia.authorizers': [ 'IPAKEMKeys = ipaserver.secrets.kem:IPAKEMKeys', -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#263][+ack] Backwards compatibility with setuptools 0.9.8
URL: https://github.com/freeipa/freeipa/pull/263 Title: #263: Backwards compatibility with setuptools 0.9.8 Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#263][comment] Backwards compatibility with setuptools 0.9.8
URL: https://github.com/freeipa/freeipa/pull/263 Title: #263: Backwards compatibility with setuptools 0.9.8 pvomacka commented: """ I'm able to build FreeIPA on Fedora and it also fixes bugs in building on RHEL, so it works for me. But I don't see any ticket in the commit. Do we have any ticket for this? """ See the full comment at https://github.com/freeipa/freeipa/pull/263#issuecomment-263315538 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#190][+ack] [4.4] Fix tests install dom0
URL: https://github.com/freeipa/freeipa/pull/190 Title: #190: [4.4] Fix tests install dom0 Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#166][comment] WebUI: services without canonical name are shown correctly
URL: https://github.com/freeipa/freeipa/pull/166 Title: #166: WebUI: services without canonical name are shown correctly pvomacka commented: """ I forgot to improve AlternateAttrFieldAdapter comment. Fixed now. """ See the full comment at https://github.com/freeipa/freeipa/pull/166#issuecomment-257240513 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#166][synchronized] WebUI: services without canonical name are shown correctly
URL: https://github.com/freeipa/freeipa/pull/166 Author: pvomacka Title: #166: WebUI: services without canonical name are shown correctly Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/166/head:pr166 git checkout pr166 From ffaa0458ecc872bf8d5a82499bb7820e304cb935 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 17 Oct 2016 14:33:07 +0200 Subject: [PATCH] WebUI: services without canonical name are shown correctly There is a change introduced in 4.4 that new services have canonical name. The old ones didn't have it, therefore these services were not correctly displayed in WebUI. This patch adds support for this type of services. Service name is taken from 'krbprincipalname' attribute in case that 'krbcanonicalname' attribute is not present in server response. https://fedorahosted.org/freeipa/ticket/6397 --- install/ui/src/freeipa/field.js | 41 ++ install/ui/src/freeipa/service.js | 52 ++- 2 files changed, 92 insertions(+), 1 deletion(-) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index 3088e22..d70a778 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -1361,6 +1361,46 @@ field.ObjectAdapter = declare([field.Adapter], { /** + * Custom adapter for fields which handles situations when there is no value + * for attribute (name) of the field and we want to use alternative attribute + * from response. We can set the alternative attribute name to the 'alt_attr' + * attribute of the adapter. + * This adapter is used i.e. in table in search facet for services. Handles + * situations where older services don't have canonical name. + * + * @class + * @extends field.Adapter + */ +field.AlternateAttrFieldAdapter = declare([field.Adapter], { +/** + * In case that the value is not get using field name then use alternative + * name. + * @param {Object} data Object which contains the record or the record + * @param {string} [attribute] attribute name - overrides `context.param` + * @param {Mixed} [def_val] default value - overrides `context.default_value` + * @returns {Array} attribute value + */ +load: function(data, attribute, def_val) { +var record = this.get_record(data); +var value = null; +var attr = attribute || this.context.param; +var def = def_val || this.context.default_value; +if (record) { +value = this.get_value(record, attr); +if (util.is_empty(value) && this.context.adapter.alt_attr) { +value = this.get_value(record, this.context.adapter.alt_attr); +} +} +if (util.is_empty(value) && !util.is_empty(def)) { +value = util.normalize_value(def); +} +value = rpc.extract_objects(value); +return value; +} +}); + + +/** * Field for enabling/disabling entity * * - expects radio widget @@ -1632,6 +1672,7 @@ field.register = function() { l.register('adapter', field.Adapter); l.register('object_adapter', field.ObjectAdapter); +l.register('alternate_attr_field_adapter', field.AlternateAttrFieldAdapter); }; phases.on('registration', field.register); diff --git a/install/ui/src/freeipa/service.js b/install/ui/src/freeipa/service.js index 30e336c..a6607d2 100644 --- a/install/ui/src/freeipa/service.js +++ b/install/ui/src/freeipa/service.js @@ -58,7 +58,16 @@ return { facets: [ { $type: 'search', -columns: [ 'krbcanonicalname' ] +$factory: IPA.service.search_facet, +columns: [ +{ +name: 'krbcanonicalname', +adapter: { +$type: 'alternate_attr_field_adapter', +alt_attr: 'krbprincipalname' +} +} +] }, { $type: 'details', @@ -403,6 +412,47 @@ return { } };}; + +/** + * Custom search facet for services. It has alternative primary key, in case + * that the service doesn't have canonical name. + */ +IPA.service.search_facet = function(spec) { +spec = spec || {}; + +spec.alternative_pkey = spec.alternative_pkey || 'krbprincipalname'; + +var that = IPA.search_facet(spec); + +that.alternative_pkey = spec.alternative_pkey; + +that.get_records_map = function(data) { + +var records_map = $.ordered_map(); + +var result = data.result.result; +var pkey_name = that.managed_entity.metadata.primary_key || +that.primary_key_name; +var adapter = builder.build('adapter', 'adapter', {context: that}); + +for (var i=0; i<result.length; i++) { +var record = result[
[Freeipa-devel] [freeipa PR#166][comment] WebUI: services without canonical name are shown correctly
URL: https://github.com/freeipa/freeipa/pull/166 Title: #166: WebUI: services without canonical name are shown correctly pvomacka commented: """ Thank you for review. I moved the adapter into field.js and also renamed it. Proposed name looks better. """ See the full comment at https://github.com/freeipa/freeipa/pull/166#issuecomment-257239069 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#166][synchronized] WebUI: services without canonical name are shown correctly
URL: https://github.com/freeipa/freeipa/pull/166 Author: pvomacka Title: #166: WebUI: services without canonical name are shown correctly Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/166/head:pr166 git checkout pr166 From e79637055b8f96b707fe10d13d40420ca0ef5b95 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 17 Oct 2016 14:33:07 +0200 Subject: [PATCH] WebUI: services without canonical name are shown correctly There is a change introduced in 4.4 that new services have canonical name. The old ones didn't have it, therefore these services were not correctly displayed in WebUI. This patch adds support for this type of services. Service name is taken from 'krbprincipalname' attribute in case that 'krbcanonicalname' attribute is not present in server response. https://fedorahosted.org/freeipa/ticket/6397 --- install/ui/src/freeipa/field.js | 35 ++ install/ui/src/freeipa/service.js | 52 ++- 2 files changed, 86 insertions(+), 1 deletion(-) diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index 3088e22..f07e6f0 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -1361,6 +1361,40 @@ field.ObjectAdapter = declare([field.Adapter], { /** + * Custom adapter for column in table in search facet. + * This adapter handles situations where older services don't have canonical + * name. Therefore the adapter has to take value from + */ +field.AlternateAttrFieldAdapter = declare([field.Adapter], { +/** + * In case that the value is not get using field name then use alternative + * name. + * @param {Object} data Object which contains the record or the record + * @param {string} [attribute] attribute name - overrides `context.param` + * @param {Mixed} [def_val] default value - overrides `context.default_value` + * @returns {Array} attribute value + */ +load: function(data, attribute, def_val) { +var record = this.get_record(data); +var value = null; +var attr = attribute || this.context.param; +var def = def_val || this.context.default_value; +if (record) { +value = this.get_value(record, attr); +if (util.is_empty(value) && this.context.adapter.alt_attr) { +value = this.get_value(record, this.context.adapter.alt_attr); +} +} +if (util.is_empty(value) && !util.is_empty(def)) { +value = util.normalize_value(def); +} +value = rpc.extract_objects(value); +return value; +} +}); + + +/** * Field for enabling/disabling entity * * - expects radio widget @@ -1632,6 +1666,7 @@ field.register = function() { l.register('adapter', field.Adapter); l.register('object_adapter', field.ObjectAdapter); +l.register('alternate_attr_field_adapter', field.AlternateAttrFieldAdapter); }; phases.on('registration', field.register); diff --git a/install/ui/src/freeipa/service.js b/install/ui/src/freeipa/service.js index 30e336c..a6607d2 100644 --- a/install/ui/src/freeipa/service.js +++ b/install/ui/src/freeipa/service.js @@ -58,7 +58,16 @@ return { facets: [ { $type: 'search', -columns: [ 'krbcanonicalname' ] +$factory: IPA.service.search_facet, +columns: [ +{ +name: 'krbcanonicalname', +adapter: { +$type: 'alternate_attr_field_adapter', +alt_attr: 'krbprincipalname' +} +} +] }, { $type: 'details', @@ -403,6 +412,47 @@ return { } };}; + +/** + * Custom search facet for services. It has alternative primary key, in case + * that the service doesn't have canonical name. + */ +IPA.service.search_facet = function(spec) { +spec = spec || {}; + +spec.alternative_pkey = spec.alternative_pkey || 'krbprincipalname'; + +var that = IPA.search_facet(spec); + +that.alternative_pkey = spec.alternative_pkey; + +that.get_records_map = function(data) { + +var records_map = $.ordered_map(); + +var result = data.result.result; +var pkey_name = that.managed_entity.metadata.primary_key || +that.primary_key_name; +var adapter = builder.build('adapter', 'adapter', {context: that}); + +for (var i=0; i<result.length; i++) { +var record = result[i]; +var pkey = adapter.load(record, pkey_name)[0]; +if (pkey === undefined && that.alternative_pkey) { +pkey = adapter.load(record, that.alternative_pkey)[0]; +} +if (that.filter_
[Freeipa-devel] [freeipa PR#136][+ack] Fix KRA install tests
URL: https://github.com/freeipa/freeipa/pull/136 Title: #136: Fix KRA install tests Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#139][comment] WebUI: Vault Management
URL: https://github.com/freeipa/freeipa/pull/139 Title: #139: WebUI: Vault Management pvomacka commented: """ Fixed PEP8 errors. """ See the full comment at https://github.com/freeipa/freeipa/pull/139#issuecomment-256271405 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#139][synchronized] WebUI: Vault Management
URL: https://github.com/freeipa/freeipa/pull/139 Author: pvomacka Title: #139: WebUI: Vault Management Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/139/head:pr139 git checkout pr139 From 0e038b2e6297e1045008d8aacccfcba067d6e7ab Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 5 Oct 2016 09:54:24 +0200 Subject: [PATCH 01/13] Additional option to add and del operations can be set By setting the property 'additional_add_del_field' to the name of one of the fields which are on current details page, we choose field which value will be added to *_add_* and *_del_* commands in this format: {field_name: field_value} --field_name: field_value Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 22 ++ 1 file changed, 22 insertions(+) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index 7579bb0..d44f8c8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -421,6 +421,14 @@ IPA.association_table_widget = function (spec) { var that = IPA.table_widget(spec); +/** + * The value should be name of the field, which will be added to *_add_*, + * *_del_* commands as option: {fieldname: fieldvalue}. + * + * @property {String} fieldname + */ +that.additional_add_del_field = spec.additional_add_del_field; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -677,9 +685,22 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); + command.execute(); }; +that.join_additional_option = function(command) { +var add_opt = that.additional_add_del_field; +if (add_opt && typeof add_opt === 'string') { +var opt_field = that.entity.facet.get_field(add_opt); +var value; +if (opt_field) value = opt_field.get_value()[0]; + +command.set_option(add_opt, value); +} +}; + that.show_remove_dialog = function() { var selected_values = that.get_selected_values(); @@ -741,6 +762,7 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); command.execute(); }; From 3f665d1ecff23515c68ff872e7d2fa23f570b0d6 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 5 Oct 2016 10:09:20 +0200 Subject: [PATCH 02/13] Allow to set another other_entity name Association table's add, del commands needs as option list of cn of other_entity, which is added or deleted. There is a case (currently in vaults) that the name of option is different than the name of other_entity. In this situation we can set 'other_option_name' and put there the option name. This option name will be used instead of 'other_entity' name. Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 24 +--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index d44f8c8..63beeb8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -429,6 +429,17 @@ IPA.association_table_widget = function (spec) { */ that.additional_add_del_field = spec.additional_add_del_field; +/** + * Can be used in situations when the *_add_member command needs entity + * as a parameter, but parameter has different name than entity. + * i.e. vault_add_member --services=[values] ... this needs values from service + * entity, but option is called services, that we can set by setting + * this option in spec to other_option_name: 'services' + * + * @property other_option_name {String} + */ +that.other_option_name = spec.other_option_name; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -683,9 +694,9 @@ IPA.association_table_widget = function (spec) { on_success: on_success, on_error: on_error }); -command.set_option(that.other_entity.name, values); that.join_additional_option(command); +that.handle_entity_option(command, values); command.execute(); }; @@ -701,6 +712,14 @@ IPA.association_table_widget = function (spec) { } }; +that.handle_entity_option = function(command, values) { +var option_name = that.other_option_name; +if (!option_name) { +option_name = that.other_entity.name; +} +
[Freeipa-devel] [freeipa PR#185][opened] TESTS: Update group type name
URL: https://github.com/freeipa/freeipa/pull/185 Author: pvomacka Title: #185: TESTS: Update group type name Action: opened PR body: """ As the group type has been changed from 'normal' to 'nonposix' we need to update this information also in tests. https://fedorahosted.org/freeipa/ticket/6334 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/185/head:pr185 git checkout pr185 From 828037fded701447ef8cd6cb9da1765a316c35f0 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Thu, 20 Oct 2016 15:25:13 +0200 Subject: [PATCH] TESTS: Update group type name As the group type has been changed from 'normal' to 'nonposix' we need to update this information also in tests. https://fedorahosted.org/freeipa/ticket/6334 --- ipatests/test_webui/data_group.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipatests/test_webui/data_group.py b/ipatests/test_webui/data_group.py index 9d79d18..517f98f 100644 --- a/ipatests/test_webui/data_group.py +++ b/ipatests/test_webui/data_group.py @@ -26,7 +26,7 @@ 'add': [ ('textbox', 'cn', PKEY), ('textarea', 'description', 'test-group desc'), -('radio', 'type', 'normal'), +('radio', 'type', 'nonposix'), ], 'mod': [ ('textarea', 'description', 'test-group desc modified'), -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#139][comment] WebUI: Vault Management
URL: https://github.com/freeipa/freeipa/pull/139 Title: #139: WebUI: Vault Management pvomacka commented: """ @mbasti-rh 2) fixed 3) I filled a ticket: https://fedorahosted.org/freeipa/ticket/6388 4) Tests added 5) Fixed 6) Fixed 7) Salt added 8) Field for public key added 9) Warning added 10) Transport certificate is now visible in WebUI 11) Information added into adder dialog The issue with showing error in case that KRA is not installed is also fixed. """ See the full comment at https://github.com/freeipa/freeipa/pull/139#issuecomment-256062716 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#139][synchronized] WebUI: Vault Management
URL: https://github.com/freeipa/freeipa/pull/139 Author: pvomacka Title: #139: WebUI: Vault Management Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/139/head:pr139 git checkout pr139 From 0e038b2e6297e1045008d8aacccfcba067d6e7ab Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 5 Oct 2016 09:54:24 +0200 Subject: [PATCH 01/13] Additional option to add and del operations can be set By setting the property 'additional_add_del_field' to the name of one of the fields which are on current details page, we choose field which value will be added to *_add_* and *_del_* commands in this format: {field_name: field_value} --field_name: field_value Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 22 ++ 1 file changed, 22 insertions(+) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index 7579bb0..d44f8c8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -421,6 +421,14 @@ IPA.association_table_widget = function (spec) { var that = IPA.table_widget(spec); +/** + * The value should be name of the field, which will be added to *_add_*, + * *_del_* commands as option: {fieldname: fieldvalue}. + * + * @property {String} fieldname + */ +that.additional_add_del_field = spec.additional_add_del_field; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -677,9 +685,22 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); + command.execute(); }; +that.join_additional_option = function(command) { +var add_opt = that.additional_add_del_field; +if (add_opt && typeof add_opt === 'string') { +var opt_field = that.entity.facet.get_field(add_opt); +var value; +if (opt_field) value = opt_field.get_value()[0]; + +command.set_option(add_opt, value); +} +}; + that.show_remove_dialog = function() { var selected_values = that.get_selected_values(); @@ -741,6 +762,7 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); command.execute(); }; From 3f665d1ecff23515c68ff872e7d2fa23f570b0d6 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Wed, 5 Oct 2016 10:09:20 +0200 Subject: [PATCH 02/13] Allow to set another other_entity name Association table's add, del commands needs as option list of cn of other_entity, which is added or deleted. There is a case (currently in vaults) that the name of option is different than the name of other_entity. In this situation we can set 'other_option_name' and put there the option name. This option name will be used instead of 'other_entity' name. Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 24 +--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index d44f8c8..63beeb8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -429,6 +429,17 @@ IPA.association_table_widget = function (spec) { */ that.additional_add_del_field = spec.additional_add_del_field; +/** + * Can be used in situations when the *_add_member command needs entity + * as a parameter, but parameter has different name than entity. + * i.e. vault_add_member --services=[values] ... this needs values from service + * entity, but option is called services, that we can set by setting + * this option in spec to other_option_name: 'services' + * + * @property other_option_name {String} + */ +that.other_option_name = spec.other_option_name; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -683,9 +694,9 @@ IPA.association_table_widget = function (spec) { on_success: on_success, on_error: on_error }); -command.set_option(that.other_entity.name, values); that.join_additional_option(command); +that.handle_entity_option(command, values); command.execute(); }; @@ -701,6 +712,14 @@ IPA.association_table_widget = function (spec) { } }; +that.handle_entity_option = function(command, values) { +var option_name = that.other_option_name; +if (!option_name) { +option_name = that.other_entity.name; +} +
[Freeipa-devel] [freeipa PR#158][comment] WebUI: update Patternfly and Bootstrap
URL: https://github.com/freeipa/freeipa/pull/158 Title: #158: WebUI: update Patternfly and Bootstrap pvomacka commented: """ I added minimized patternfly and boostrap javascript files instead of classic ones. """ See the full comment at https://github.com/freeipa/freeipa/pull/158#issuecomment-254518940 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#166][opened] WebUI: services without canonical name are shown correctly
URL: https://github.com/freeipa/freeipa/pull/166 Author: pvomacka Title: #166: WebUI: services without canonical name are shown correctly Action: opened PR body: """ There is a change introduced in 4.4 that new services have canonical name. The old ones didn't have it, therefore these services were not correctly displayed in WebUI. This patch adds support for this type of services. Service name is taken from 'krbprincipalname' attribute in case that 'krbcanonicalname' attribute is not present in server response. https://fedorahosted.org/freeipa/ticket/6397 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/166/head:pr166 git checkout pr166 From 581ab0ea485dad118fc6ffebf8708e198e7025be Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 17 Oct 2016 14:33:07 +0200 Subject: [PATCH] WebUI: services without canonical name are shown correctly There is a change introduced in 4.4 that new services have canonical name. The old ones didn't have it, therefore these services were not correctly displayed in WebUI. This patch adds support for this type of services. Service name is taken from 'krbprincipalname' attribute in case that 'krbcanonicalname' attribute is not present in server response. https://fedorahosted.org/freeipa/ticket/6397 --- install/ui/src/freeipa/service.js | 92 ++- 1 file changed, 90 insertions(+), 2 deletions(-) diff --git a/install/ui/src/freeipa/service.js b/install/ui/src/freeipa/service.js index 30e336c..f8d3fbd 100644 --- a/install/ui/src/freeipa/service.js +++ b/install/ui/src/freeipa/service.js @@ -28,11 +28,12 @@ define([ './reg', './rpc', './text', +'./util', './details', './search', './association', './entity'], -function(declare, field_mod, builder, IPA, $, phases, reg, rpc, text) { +function(declare, field_mod, builder, IPA, $, phases, reg, rpc, text, util) { var exp =IPA.service = {}; @@ -58,7 +59,16 @@ return { facets: [ { $type: 'search', -columns: [ 'krbcanonicalname' ] +$factory: IPA.service.search_facet, +columns: [ +{ +name: 'krbcanonicalname', +adapter: { +$type: 'service_adapter', +alt_attr: 'krbprincipalname' +} +} +] }, { $type: 'details', @@ -403,6 +413,82 @@ return { } };}; + +/** + * Custom search facet for services. It has alternative primary key, in case + * that the service doesn't have canonical name. + */ +IPA.service.search_facet = function(spec) { +spec = spec || {}; + +spec.alternative_pkey = spec.alternative_pkey || 'krbprincipalname'; + +var that = IPA.search_facet(spec); + +that.alternative_pkey = spec.alternative_pkey; + +that.get_records_map = function(data) { + +var records_map = $.ordered_map(); + +var result = data.result.result; +var pkey_name = that.managed_entity.metadata.primary_key || +that.primary_key_name; +var adapter = builder.build('adapter', 'adapter', {context: that}); + +for (var i=0; i<result.length; i++) { +var record = result[i]; +var pkey = adapter.load(record, pkey_name)[0]; +if (pkey === undefined && that.alternative_pkey) { +pkey = adapter.load(record, that.alternative_pkey)[0]; +} +if (that.filter_records(records_map, pkey, record)) { +records_map.put(pkey, record); +} +} + +return records_map; +}; + +return that; +}; + + +/** + * Custom adapter for column in table in search facet. + * This adapter handles situations where older services don't have canonical + * name. Therefore the adapter has to take value from + * + */ +IPA.service.SearchTableColumnFieldAdapter = declare([field_mod.Adapter], { +/** + * In case that the value is not get using field name then use alternative + * name. + * @param {Object} data Object which contains the record or the record + * @param {string} [attribute] attribute name - overrides `context.param` + * @param {Mixed} [def_val] default value - overrides `context.default_value` + * @returns {Array} attribute value + */ +load: function(data, attribute, def_val) { +var record = this.get_record(data); +var value = null; +var attr = attribute || this.context.param; +var def = def_val || this.context.default_value; +if (record) { +value = this.get_value(record, attr); +if (util.is_empty(value) && this.context.adapter.alt_attr) { +value
[Freeipa-devel] [freeipa PR#156][+ack] cert: add revocation reason back to cert-find output
URL: https://github.com/freeipa/freeipa/pull/156 Title: #156: cert: add revocation reason back to cert-find output Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#156][comment] cert: add revocation reason back to cert-find output
URL: https://github.com/freeipa/freeipa/pull/156 Title: #156: cert: add revocation reason back to cert-find output pvomacka commented: """ Ah, OK, then it works correctly. ACK """ See the full comment at https://github.com/freeipa/freeipa/pull/156#issuecomment-253441752 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#158][comment] WebUI: update Patternfly and Bootstrap
URL: https://github.com/freeipa/freeipa/pull/158 Title: #158: WebUI: update Patternfly and Bootstrap pvomacka commented: """ @redhatrises Thank you for the comment and the link. I agree that it would be really nice, but unfortunately there is no PatternFly package in Fedora. Anyway, I would be happy to do a review of a PatternFly package. """ See the full comment at https://github.com/freeipa/freeipa/pull/158#issuecomment-253262288 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#156][comment] cert: add revocation reason back to cert-find output
URL: https://github.com/freeipa/freeipa/pull/156 Title: #156: cert: add revocation reason back to cert-find output pvomacka commented: """ I found one difference in output of cert-find command before and after this patch, it behaves differently only with --raw option. In output of the command without your commit there is following line: revoked: True . With your changes this line is missing. Tried using this command (the same behaviour is in API): ipa cert-find --user='test_user' --raw (--all) Would it be possible to keep there also this information? """ See the full comment at https://github.com/freeipa/freeipa/pull/156#issuecomment-253252364 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#154][+ack] [ipa-4-4] Rebase: Tests: Fix cert revocation tests
URL: https://github.com/freeipa/freeipa/pull/154 Title: #154: [ipa-4-4] Rebase: Tests: Fix cert revocation tests Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#140][comment] Tests: Fix cert revocation tests
URL: https://github.com/freeipa/freeipa/pull/140 Title: #140: Tests: Fix cert revocation tests pvomacka commented: """ Works correctly. ACK """ See the full comment at https://github.com/freeipa/freeipa/pull/140#issuecomment-253139511 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#140][+ack] Tests: Fix cert revocation tests
URL: https://github.com/freeipa/freeipa/pull/140 Title: #140: Tests: Fix cert revocation tests Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#144][+ack] Pylint: remove unused values - the last part
URL: https://github.com/freeipa/freeipa/pull/144 Title: #144: Pylint: remove unused values - the last part Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#144][comment] Pylint: remove unused values - the last part
URL: https://github.com/freeipa/freeipa/pull/144 Title: #144: Pylint: remove unused values - the last part pvomacka commented: """ ACK. """ See the full comment at https://github.com/freeipa/freeipa/pull/144#issuecomment-252929696 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code