On 05.11.2015 18:27, Petr Vobornik wrote:
On 10/30/2015 09:31 AM, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/5144
Patch attached.
configure.jar is basically a signed zip which contains
preferences.html therefore also all references to preferences.html
should be removed.
ssbrowser.html:
Also whole section "Automatic Configuration of older versions" should
be removed.
and list item:
"""
<li>Import <a href="ca.crt">CA certificate</a>. Make sure you checked
all three checkboxes.</li>
"""
should be moved as a first item in the list in section <h2>Firefox<h2>
Thank you, updated patch attached.
From 5db38580da239a90079ddf838c92ea862f595863 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Tue, 27 Oct 2015 15:36:55 +0100
Subject: [PATCH] Drop configure.jar
Configure.jar used to be used with firefox version < 10 which is not
supported anymore, thus this can be removed.
https://fedorahosted.org/freeipa/ticket/5144
---
freeipa.spec.in | 4 --
install/html/ssbrowser.html | 25 +--------
install/share/Makefile.am | 1 -
install/share/preferences.html.template | 90 ------------------------------
ipaplatform/base/paths.py | 1 -
ipaserver/install/httpinstance.py | 26 ---------
ipaserver/install/ipa_replica_prepare.py | 5 --
ipaserver/install/server/replicainstall.py | 12 ----
8 files changed, 3 insertions(+), 161 deletions(-)
delete mode 100644 install/share/preferences.html.template
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 913f03926ef3d2bcdcfc51a6036f7c076a7fb7ef..6430b67d8ac8cd95fb2626bedd5f2c00de0b9913 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -466,13 +466,11 @@ mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d/
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
mkdir -p %{buildroot}%{_usr}/share/ipa/html/
/bin/touch %{buildroot}%{_usr}/share/ipa/html/ca.crt
-/bin/touch %{buildroot}%{_usr}/share/ipa/html/configure.jar
/bin/touch %{buildroot}%{_usr}/share/ipa/html/kerberosauth.xpi
/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb.con
/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb.js
/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb5.ini
/bin/touch %{buildroot}%{_usr}/share/ipa/html/krbrealm.con
-/bin/touch %{buildroot}%{_usr}/share/ipa/html/preferences.html
mkdir -p %{buildroot}%{_initrddir}
mkdir %{buildroot}%{_sysconfdir}/sysconfig/
install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_memcached
@@ -833,13 +831,11 @@ fi
%{_usr}/share/ipa/ipa-pki-proxy.conf
%{_usr}/share/ipa/kdcproxy.conf
%ghost %attr(0644,root,apache) %config(noreplace) %{_usr}/share/ipa/html/ca.crt
-%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/configure.jar
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/kerberosauth.xpi
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb.con
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb.js
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb5.ini
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krbrealm.con
-%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/preferences.html
%dir %{_usr}/share/ipa/updates/
%{_usr}/share/ipa/updates/*
%attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so
diff --git a/install/html/ssbrowser.html b/install/html/ssbrowser.html
index b88deac900fb1d5a1a5960741512593f9b7f3b15..325c2d393067c52fade653494c1917a9af51394f 100644
--- a/install/html/ssbrowser.html
+++ b/install/html/ssbrowser.html
@@ -10,18 +10,6 @@
$(document).ready(function() {
var domain = '.' + (IPA_DOMAIN || 'example.com');
$('.example-domain').text(domain);
-
- var browser = IPA.browser_config.get_browser();
- if (browser.mozilla) {
- var ff_config = $("#configurefirefox");
- var obj = $('<object/>', {
- type: 'text/html',
- 'class': 'browser-config'
- });
- obj.prop('data', 'jar:/ipa/errors/configure.jar!/preferences.html');
- obj.appendTo(ff_config);
- ff_config.show();
- }
});
}
@@ -63,6 +51,9 @@
<ol>
<li>
+ Import <a href="ca.crt">CA certificate</a>. Make sure you checked all three checkboxes.
+ </li>
+ <li>
In the address bar of Firefox, type <code>about:config</code> to display the list of current configuration options.
</li>
<li>
@@ -77,16 +68,6 @@
<li><strong> You are all set. </strong></li>
</ol>
- <h3>Automatic Configuration of older versions</h3>
- <p>You can configure older versions of Firefox (up to version 14) using signed code. Use <a href="browserconfig.html">Firefox configuration page</a> for newer versions.</p>
- <ol>
- <li>Import <a href="ca.crt">CA certificate</a>. Make sure you checked all three checkboxes.</li>
- <li>
- Click on "Configure Browser" button below.
- <div id="configurefirefox" style="display:none"></div>
- </li>
- </ol>
-
<h2>Chrome</h2>
<p>
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 7dae55fdb18d3db671b45c3166ed65fe8fc368a4..92508a9bab864fdfd3d299e52296f37580cabd2b 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -54,7 +54,6 @@ app_DATA = \
krb.con.template \
krb.js.template \
krbrealm.con.template \
- preferences.html.template \
smb.conf.template \
smb.conf.empty \
referint-conf.ldif \
diff --git a/install/share/preferences.html.template b/install/share/preferences.html.template
deleted file mode 100644
index 48bcc42bca592ddeae64f8971e5ff9954aac2725..0000000000000000000000000000000000000000
--- a/install/share/preferences.html.template
+++ /dev/null
@@ -1,90 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
- <title>Automatically set browser preferences</title>
- <style type="text/css">
- body {
- font-family:"Liberation Sans",Arial,Sans;
- font-size:11px;
- }
- .textblock {
- text-align: left;
- margin-top: 1.0em;
- font-size: 1.1em;
- }
- a {
- color: #1D85D5;
- font-weight: normal;
- text-decoration: none;
- text-transform: none;
- }
- </style>
-</head>
-<body>
-<form action="undefined" method="get">
-<input id="button" type=button onclick="setPreferences()" name="prefs" value="Configure Firefox">
-<div id="success" class="textblock" style="display: none;">
- <p>Browser configured.</p>
- <p>
- <a href="/ipa/ui" id="redirect_link" target="_top">Click here to return to the Web UI.</a>
- </p>
-</div>
-</form>
-
-<script type="text/javascript">
- function setPreferences() {
- var privilege, setIntPref, setCharPref, setBoolPref;
-
- if (typeof navigator.preference == 'undefined') {
- // From Firefox 4 and SeaMonkey 2.1, navigator.preference intefrace is dropped
- // Use new Gecko2 Services.jsm JavaScript code module instead.
- privilege = 'UniversalXPConnect';
- netscape.security.PrivilegeManager.enablePrivilege(privilege);
- Components.utils.import("resource://gre/modules/Services.jsm");
-
- setIntPref = function(par, val) {Services.prefs.setIntPref(par, val)};
- setCharPref = function(par, val) {Services.prefs.setCharPref(par, val)};
- setBoolPref = function(par, val) {Services.prefs.setBoolPref(par, val)};
- } else {
- privilege = 'UniversalPreferencesWrite';
- netscape.security.PrivilegeManager.enablePrivilege(privilege);
- setCharPref = function(par, val) {navigator.preference(par, val)};
- setBoolPref = setCharPref; // same function for bool and char and int
- setIntPref = setCharPref;
- }
-
- try {
-
- try {
- setIntPref('network.http.sendRefererHeader', 2);
- setBoolPref('network.negotiate-auth.using-native-gsslib', true);
- setCharPref('network.negotiate-auth.trusted-uris', '.$DOMAIN');
- setBoolPref('network.negotiate-auth.allow-proxies', true);
- } catch (e) {
- alert("Unable to store preferences: " + e);
- return;
- }
-
- netscape.security.PrivilegeManager.disablePrivilege(privilege);
-
- alert("Successfully configured Firefox for single sign-on.");
-
- var redirect_link = document.getElementById('redirect_link');
- redirect_link.href = "https://" + location.hostname + location.port + "/ipa/ui";
-
- var button = document.getElementById('button');
- button.style['display'] = "none";
-
- var successDiv = document.getElementById('success');
- successDiv.style['display'] = "block";
- } catch (e) {
- alert("Unable to apply recommended settings.\n\n" +
- "Click on the Certificate Authority link and select trust for all, " +
- "then reload this page and try again.\n\nThe error returned was: " + e);
- return;
- }
- }
-</script>
-
-</body>
-</html>
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 74d7a7d9726b4b43ea896c29a602938f73bdc2e4..6d591e64c465aed7dc8152bbefe7ae4cea407863 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -241,7 +241,6 @@ class BasePathNamespace(object):
FFEXTENSION = "/usr/share/ipa/ffextension"
IPA_HTML_DIR = "/usr/share/ipa/html"
CA_CRT = "/usr/share/ipa/html/ca.crt"
- CONFIGURE_JAR = "/usr/share/ipa/html/configure.jar"
KERBEROSAUTH_XPI = "/usr/share/ipa/html/kerberosauth.xpi"
KRB_CON = "/usr/share/ipa/html/krb.con"
KRB_JS = "/usr/share/ipa/html/krb.js"
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 53ccc24cc356b6b5027b58993374e5c6e759fd7e..053b2b380b8c926bff4d899ded66b7737ad54ff1 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -344,32 +344,6 @@ class HTTPInstance(service.Service):
self.import_ca_certs(db, self.ca_is_configured)
def __setup_autoconfig(self):
- target_fname = paths.PREFERENCES_HTML
- ipautil.copy_template_file(
- ipautil.SHARE_DIR + "preferences.html.template",
- target_fname, self.sub_dict)
- os.chmod(target_fname, 0o644)
-
- # The signing cert is generated in __setup_ssl
- db = certs.CertDB(self.realm, subject_base=self.subject_base)
- with open(db.passwd_fname) as pwdfile:
- pwd = pwdfile.read()
-
- # Setup configure.jar
- if db.has_nickname('Signing-Cert'):
- tmpdir = tempfile.mkdtemp(prefix="tmp-")
- target_fname = paths.CONFIGURE_JAR
- shutil.copy(paths.PREFERENCES_HTML, tmpdir)
- db.run_signtool(["-k", "Signing-Cert",
- "-Z", target_fname,
- "-e", ".html", "-p", pwd,
- tmpdir])
- shutil.rmtree(tmpdir)
- os.chmod(target_fname, 0o644)
- else:
- root_logger.warning('Object-signing certificate was not found; '
- 'therefore, configure.jar was not created.')
-
self.setup_firefox_extension(self.realm, self.domain)
def setup_firefox_extension(self, realm, domain):
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index 327deed772561f2b8403aa46cdd3398055703840..50aa2813662d2ac6ba779efdabca01c5d4e4a076 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -457,11 +457,6 @@ class ReplicaPrepare(admintool.AdminTool):
self.copy_info_file(CACERT, "ca.crt")
preferences_filename = paths.PREFERENCES_HTML
- if ipautil.file_exists(preferences_filename):
- self.copy_info_file(preferences_filename, "preferences.html")
- jar_filename = paths.CONFIGURE_JAR
- if ipautil.file_exists(jar_filename):
- self.copy_info_file(jar_filename, "configure.jar")
cacert_filename = paths.CACERT_PEM
if ipautil.file_exists(cacert_filename):
self.copy_info_file(cacert_filename, "cacert.pem")
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index b01df9526bb3a7dce7abca67f85fc54cd95f6218..5ce9eb7092b5349cc9db13b465b3d5b033538ab6 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -163,18 +163,6 @@ def install_http(config, auto_redirect, promote=False):
ca_is_configured=ipautil.file_exists(config.dir + "/cacert.p12"),
promote=promote)
- # Now copy the autoconfiguration files
- try:
- if ipautil.file_exists(config.dir + "/preferences.html"):
- shutil.copy(config.dir + "/preferences.html",
- paths.PREFERENCES_HTML)
- if ipautil.file_exists(config.dir + "/configure.jar"):
- shutil.copy(config.dir + "/configure.jar",
- paths.CONFIGURE_JAR)
- except Exception as e:
- print("error copying files: " + str(e))
- sys.exit(1)
-
http.setup_firefox_extension(config.realm_name, config.domain_name)
return http
--
2.4.3
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code