[Freeipa-devel] [PATCH] 2 Addressing issues found in SUDO schema
$Subj JR, please give it a try. I will update the page accordingly... -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From d016c7c9d7f548550e14000f62741abf981c6529 Mon Sep 17 00:00:00 2001 From: Dmitri Pal d...@redhat.com Date: Fri, 24 Sep 2010 07:45:11 -0400 Subject: [PATCH] [SUDO] Addressing issues found in shema * Matching rule was incorrect * Added memberOf attribute to the command * Switched from groupOfUniqueNames to groupOfNames --- install/share/60sudo.ldif |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/install/share/60sudo.ldif b/install/share/60sudo.ldif index ff198aa26a7ef30c36656ccf4d44af477b1de673..f01ec227d794d6a966571fbe8a793fb967b12250 100644 --- a/install/share/60sudo.ldif +++ b/install/share/60sudo.ldif @@ -36,13 +36,13 @@ attributeTypes: (2.16.840.1.113730.3.8.7.9 NAME 'ipaSudoRunAsExtGroup' DESC 'Mul attributeTypes: (2.16.840.1.113730.3.8.7.10 NAME 'ipaSudoRunAsGroupCategory' DESC 'Additional classification for groups' SUP userCategory X-ORIGIN 'IPA v2' ) ## Attribute to store host mask -attributeTypes: (2.16.840.1.113730.3.8.7.11 NAME 'hostMask' DESC 'IP mask to identify a subnet.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch X-ORIGIN 'IPA v2' ) +attributeTypes: (2.16.840.1.113730.3.8.7.11 NAME 'hostMask' DESC 'IP mask to identify a subnet.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch X-ORIGIN 'IPA v2' ) ## Object class for SUDO rules objectClasses: (2.16.840.1.113730.3.8.8.1 NAME 'ipaSudoRule' SUP ipaAssociation STRUCTURAL MUST accessRuleType MAY ( externalUser $ externalHost $ hostMask $ memberCmd $ cmdCategory $ ipaSudoOpt $ ipaSudoRunAs $ ipaSudoRunAsExtUser $ ipaSudoRunAsUserCategory $ ipaSudoRunAsGroup $ ipaSudoRunAsExtGroup $ ipaSudoRunAsGroupCategory ) X-ORIGIN 'IPA v2' ) ## Object class for SUDO commands -objectClasses: (2.16.840.1.113730.3.8.8.2 NAME 'ipaSudoCmd' DESC 'IPA object class for SUDO command' STRUCTURAL MUST ( ipaUniqueID $ cn ) MAY ( description ) X-ORIGIN 'IPA v2' ) +objectClasses: (2.16.840.1.113730.3.8.8.2 NAME 'ipaSudoCmd' DESC 'IPA object class for SUDO command' STRUCTURAL MUST ( ipaUniqueID $ cn ) MAY ( memberOf $ description ) X-ORIGIN 'IPA v2' ) ## Object class for groups of the SUDO commands -objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA object class to store groups of SUDO commands' SUP groupOfUniqueNames MUST ( ipaUniqueID ) STRUCTURAL X-ORIGIN 'IPA v2' ) +objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA object class to store groups of SUDO commands' SUP groupOfNames MUST ( ipaUniqueID ) STRUCTURAL X-ORIGIN 'IPA v2' ) -- 1.5.5.6 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 543 fix whoami plugin
On 09/23/2010 10:38 PM, Rob Crittenden wrote: Use the principal from the request context. ipalib.util.get_current_principal() is designed to work from a client, not within the server. I should have noticed this earlier. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 543 fix whoami plugin
On 09/23/2010 10:38 PM, Rob Crittenden wrote: Use the principal from the request context. ipalib.util.get_current_principal() is designed to work from a client, not within the server. I should have noticed this earlier. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 536 throw and catch CertificateOperationError properly in replica preparer
On 09/20/2010 01:38 PM, Rob Crittenden wrote: Properly handle CertificateOperationErrors in replication prepration. The problem here was two-fold: the certs manager was raising an error it didn't know about and ipa-replica-prepare wasn't catching it. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Is this one still outstanding? ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 536 throw and catch CertificateOperationError properly in replica preparer
On 09/20/2010 01:38 PM, Rob Crittenden wrote: Properly handle CertificateOperationErrors in replication prepration. The problem here was two-fold: the certs manager was raising an error it didn't know about and ipa-replica-prepare wasn't catching it. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Restoring Services tab
On 09/17/2010 03:55 PM, Adam Young wrote: On 09/17/2010 03:41 PM, Endi Sukma Dewata wrote: Hi, This patch is based on Adam's bbq-tabs-modal branch. The add.js has been modified to support adding new entry with dynamically generated pkey. The index.xhtml has been modified to include service.js. The service.js has been modified to use the new API to define the search, add, and details fields. Callbacks are used to add quick links and generate pkey dynamically. The webui.js has been modified to add the Services tab. Thanks! -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 2 Addressing issues found in SUDO schema
Looks like there was a typo in the hostMask. The others were correct. -attributeTypes: (2.16.840.1.113730.3.8.7.11 NAME 'hostMask' DESC 'IP mask to identify a subnet.' EQUALITY caseIgnoreIA5Match ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) +attributeTypes: (2.16.840.1.113730.3.8.7.11 NAME 'hostMask' DESC 'IP mask to identify a subnet.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) On Sep 24, 2010, at 4:47 AM, Dmitri Pal wrote: $Subj JR, please give it a try. I will update the page accordingly... -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/http://www.redhat.com/carveoutcosts/ 0001--SUDO-Addressing-issues-found-in-shema.patch ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] admiyo-freeipa-0043-Whoami-link.patch
Whoami link The 'logged in as' message in the header into an active hypoerlink that loads the details page for the current user. Also fixed a bug where, when reloading, the search page would fail due to scl being undefined ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-freeipa-0043-Whoami-link.patch
On 09/24/2010 10:53 AM, Adam Young wrote: Whoami link The 'logged in as' message in the header into an active hypoerlink that loads the details page for the current user. Also fixed a bug where, when reloading, the search page would fail due to scl being undefined ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Now with patch attached From ab53d6ef0cfef586163c1fabd80de7f839fa6172 Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Fri, 24 Sep 2010 10:47:40 -0400 Subject: [PATCH] Whoami link The 'logged in as' message in the header into an active hypoerlink that loads the details page for the current user. Also fixed a bug where, when reloading, the search page would fail due to scl being undefined. --- install/static/index.xhtml |2 +- install/static/ipa.css |3 ++- install/static/search.js |4 install/static/webui.js|8 +++- 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/install/static/index.xhtml b/install/static/index.xhtml index 3fcb5f6..062a4a7 100644 --- a/install/static/index.xhtml +++ b/install/static/index.xhtml @@ -40,7 +40,7 @@ img src=ipalogo.png / /span span id=loggedinas class=header-loggedinas -aLogged in as stronghardco...@freeip.org/strong/a +a href=#Logged in as stronghardco...@freeip.org/strong/a /span /div diff --git a/install/static/ipa.css b/install/static/ipa.css index 7e518b1..c562a20 100644 --- a/install/static/ipa.css +++ b/install/static/ipa.css @@ -14,7 +14,6 @@ body{ font: 62.5% Trebuchet MS, sans-serif; margin: 50px;} .input_link span.ui-icon {margin: 0 5px 0 0;position: absolute;left: .2em;top: 50%;margin-top: -8px;} - a { text-decoration: none; border: 0; @@ -39,10 +38,12 @@ div.header a { div.header a:link { text-decoration: none; +color: white; } div.header a:visited { text-decoration: none; +color: white; } div.header div.header-logo { diff --git a/install/static/search.js b/install/static/search.js index 7347dfc..6c88e41 100644 --- a/install/static/search.js +++ b/install/static/search.js @@ -23,6 +23,10 @@ function search_create(obj_name, scl, container) { +if (!scl){ +scl = []; +} + function find_on_click() { var filter = $(this).prev('input[type=text]').val(); var state = {}; diff --git a/install/static/webui.js b/install/static/webui.js index 153a609..14c0041 100644 --- a/install/static/webui.js +++ b/install/static/webui.js @@ -47,11 +47,17 @@ var nav_tabs_lists; /* main (document onready event handler) */ $(function() { +var whoami_pkey; + + function whoami_on_win(data, text_status, xhr) { $(window).bind('hashchange', window_hashchange); if (!data.error){ var whoami = data.result.result[0]; +whoami_pkey=whoami.uid[0]; $('#loggedinas').find('strong').text(whoami.krbprincipalname[0]); +$('#loggedinas a').fragment( +{'user-facet':'details', 'pkey':whoami_pkey},2); if (whoami.hasOwnProperty('memberof_rolegroup') whoami.memberof_rolegroup.length 0){ nav_tabs_lists = admin_tabs_lists; @@ -59,7 +65,7 @@ $(function() { }else{ nav_tabs_lists = self_serv_tabs_lists; -var state = {'user-pkey': whoami.uid[0], +var state = {'user-pkey':whoami_pkey , 'user-facet': jQuery.bbq.getState('user-facet') || 'details'}; $.bbq.pushState(state); -- 1.7.1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 544 add import to automount
Add ability to import automount files from the command-line. Support is fairly basic right now and will only work on the CLI. All the work is done on the client side. To continue past errors use the --continue option. Fixed a bug where direct mounts weren't always added properly. Added real user documentation to the plugin. rob freeipa-544-automount.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 536 throw and catch CertificateOperationError properly in replica preparer
Adam Young wrote: On 09/20/2010 01:38 PM, Rob Crittenden wrote: Properly handle CertificateOperationErrors in replication prepration. The problem here was two-fold: the certs manager was raising an error it didn't know about and ipa-replica-prepare wasn't catching it. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 541 convert ca_serialno
Adam Young wrote: On 09/23/2010 12:17 PM, Rob Crittenden wrote: The file format of ca_serialno changed between v1 and v2. We won't support direct upgrades of v1 to v2 but as a developer I install them both from time to time and its annoying to have the v2 install fail because of this file. This patch converts it to v2 style. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 542 remove bogus uninstall error
Adam Young wrote: On 09/23/2010 12:18 PM, Rob Crittenden wrote: Remove spurious error in server uninstaller about client uninstall failure. This was meant to catch the case where the client wasn't configured and it missed the most obvious one: the client was installed and is now uninstalled. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 545 ignore success exception
A call to search_ext() in ipa-replica-prepare was returning the exception ldap.SUCCESS. We actually got the right data back but this exception was confusing things. It should be ignored. rob freeipa-545-success.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 522 add some ldap2 Backend tests
Adam Young wrote: On 09/09/2010 04:38 PM, Rob Crittenden wrote: Add some tests for using the ldap2 Backend. Fix a logic problem in ldap2:get_schema() for determining if it can fetch the schema or not. Normally we only want to do this for servers but if you pass in your own connection it will use that. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 2 Addressing issues found in SUDO schema
JR Aquino wrote: Everything appears to be working now. Thanks Dmitri! Ack here too. Pushed to master. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] UI mockups for DNS, AUtomount, and Password Policy
I'm going to post these for comments before I sink too much more time into them: I've mocked up the pages under policy. http://admiyo.fedorapeople.org/ipa/jquery.ui/ Note: The default is the Dertails page of DNS. THis is just a develpoment thing, not something that will be part of the end produce Facets are using Tabs. There is some olor issue with the non-active facets, but they click fine. Something is wonky in the layouts of the dl tags used for the details page. His won't be a problem on the live site. I've include modal dialogs for delete. Password policy shows the graphics for field validations. IN the application The Undo button will be clickable and will reset the value of the field to its origianl value ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 545 ignore success exception
On 09/24/2010 03:34 PM, Rob Crittenden wrote: A call to search_ext() in ipa-replica-prepare was returning the exception ldap.SUCCESS. We actually got the right data back but this exception was confusing things. It should be ignored. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-freeipa-0043-Whoami-link.patch
On 09/24/2010 07:57 PM, Adam Young wrote: On 09/24/2010 06:57 PM, Endi Sukma Dewata wrote: - Adam Youngayo...@redhat.com wrote: On 09/24/2010 10:53 AM, Adam Young wrote: Whoami link The 'logged in as' message in the header into an active hypoerlink that loads the details page for the current user. Also fixed a bug where, when reloading, the search page would fail due to scl being undefined NACK. There's a small problem, it should use user-pkey instead of pkey: diff --git a/install/static/webui.js b/install/static/webui.js index b537938..a3d354b 100644 --- a/install/static/webui.js +++ b/install/static/webui.js @@ -57,7 +57,7 @@ $(function() { whoami_pkey=whoami.uid[0]; $('#loggedinas').find('strong').text(whoami.krbprincipalname[0]); $('#loggedinas a').fragment( -{'user-facet':'details', 'pkey':whoami_pkey},2); +{'user-facet':'details', 'user-pkey':whoami_pkey},2); if (whoami.hasOwnProperty('memberof_rolegroup') whoami.memberof_rolegroup.length 0){ nav_tabs_lists = admin_tabs_lists; -- Endi S. Dewata Fixed ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-develF Forgot that crucial git add step before committing. Fix is in this patch. From 30ed462dc79a63c064de7ff37fd63a536fbd0137 Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Fri, 24 Sep 2010 10:47:40 -0400 Subject: [PATCH] Whoami link The 'logged in as' message in the header into an active hypoerlink that loads the details page for the current user. Also fixed a bug where, when reloading, the search page would fail due to scl being undefined. Fixed a typo replaced{'user-facet':'details', 'pkey':whoami_pkey},2); with{'user-facet':'details', 'user-pkey':whoami_pkey},2); --- install/static/index.xhtml |2 +- install/static/ipa.css |3 ++- install/static/search.js |4 install/static/webui.js|9 +++-- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/install/static/index.xhtml b/install/static/index.xhtml index 3fcb5f6..062a4a7 100644 --- a/install/static/index.xhtml +++ b/install/static/index.xhtml @@ -40,7 +40,7 @@ img src=ipalogo.png / /span span id=loggedinas class=header-loggedinas -aLogged in as stronghardco...@freeip.org/strong/a +a href=#Logged in as stronghardco...@freeip.org/strong/a /span /div diff --git a/install/static/ipa.css b/install/static/ipa.css index 7e518b1..c562a20 100644 --- a/install/static/ipa.css +++ b/install/static/ipa.css @@ -14,7 +14,6 @@ body{ font: 62.5% Trebuchet MS, sans-serif; margin: 50px;} .input_link span.ui-icon {margin: 0 5px 0 0;position: absolute;left: .2em;top: 50%;margin-top: -8px;} - a { text-decoration: none; border: 0; @@ -39,10 +38,12 @@ div.header a { div.header a:link { text-decoration: none; +color: white; } div.header a:visited { text-decoration: none; +color: white; } div.header div.header-logo { diff --git a/install/static/search.js b/install/static/search.js index 7347dfc..6c88e41 100644 --- a/install/static/search.js +++ b/install/static/search.js @@ -23,6 +23,10 @@ function search_create(obj_name, scl, container) { +if (!scl){ +scl = []; +} + function find_on_click() { var filter = $(this).prev('input[type=text]').val(); var state = {}; diff --git a/install/static/webui.js b/install/static/webui.js index 153a609..b8c1d45 100644 --- a/install/static/webui.js +++ b/install/static/webui.js @@ -37,7 +37,7 @@ var admin_tabs_lists = [ ]; -var self_serv_tabs_lists = +var self_serv_tabs_lists = [ ['identity', 'IDENTITY', [ ['user', 'Users', ipa_entity_setup; @@ -47,11 +47,16 @@ var nav_tabs_lists; /* main (document onready event handler) */ $(function() { +var whoami_pkey; + function whoami_on_win(data, text_status, xhr) { $(window).bind('hashchange', window_hashchange); if (!data.error){ var whoami = data.result.result[0]; +whoami_pkey=whoami.uid[0]; $('#loggedinas').find('strong').text(whoami.krbprincipalname[0]); +$('#loggedinas a').fragment( +{'user-facet':'details', 'user-pkey':whoami_pkey},2); if (whoami.hasOwnProperty('memberof_rolegroup') whoami.memberof_rolegroup.length 0){ nav_tabs_lists = admin_tabs_lists; @@ -59,7 +64,7 @@ $(function() { }else{ nav_tabs_lists = self_serv_tabs_lists; -var state = {'user-pkey': whoami.uid[0], +var state = {'user-pkey':whoami_pkey , 'user-facet': jQuery.bbq.getState('user-facet') ||
Re: [Freeipa-devel] [PATCH] admiyo-freeipa-0043-Whoami-link.patch
- Adam Young ayo...@redhat.com wrote: Fixed admiyo-freeipa-0043-3-Whoami-link.patch ACK, sorry didn't see this one before replying. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel