API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 27th, 2016
88
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.21 KB | None | 0 0
raw download clone embed print report
  1. From db37d25bdc35fb54a8ff1a65c8dcb48f53e02525 Mon Sep 17 00:00:00 2001
  2. From: Lukas Hellebrandt <lhellebr@redhat.com>
  3. Date: Thu, 18 Feb 2016 18:43:59 +0100
  4. Subject: [PATCH] Adding URI to HBAC rule
  5.  
  6. ---
  7. ACI.txt | 2 +-
  8. API.txt | 12 +++++++++---
  9. VERSION | 8 ++++----
  10. install/share/60basev2.ldif | 4 +++-
  11. install/ui/src/freeipa/hbac.js | 24 ++++++++++++++++++++++--
  12. install/ui/test/data/ipa_init.json | 4 +++-
  13. ipalib/plugins/hbacrule.py | 10 ++++++++--
  14. ipalib/plugins/internal.py | 2 ++
  15. 8 files changed, 52 insertions(+), 14 deletions(-)
  16.  
  17. diff --git a/ACI.txt b/ACI.txt
  18. index 24cb332ce6e10c82a5bfab76d084fb6c0277800d..39f331264e3d724bae7d47a3bcbc9e42da93bbcd 100644
  19. --- a/ACI.txt
  20. +++ b/ACI.txt
  21. @@ -93,7 +93,7 @@ aci: (targetattr = "externalhost || memberhost || memberservice || memberuser")(
  22. dn: cn=hbac,dc=ipa,dc=example
  23. aci: (targetattr = "accessruletype || accesstime || cn || description || hostcategory || ipaenabledflag || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Modify HBAC Rule";allow (write) groupdn = "ldap:///cn=System: Modify HBAC Rule,cn=permissions,cn=pbac,dc=ipa,dc=example";)
  24. dn: cn=hbac,dc=ipa,dc=example
  25. -aci: (targetattr = "accessruletype || accesstime || cn || createtimestamp || description || entryusn || externalhost || hostcategory || ipaenabledflag || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Read HBAC Rules";allow (compare,read,search) userdn = "ldap:///all";)
  26. +aci: (targetattr = "accessruletype || accesstime || cn || createtimestamp || description || entryusn || externalhost || hostcategory || ipaenabledflag || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || schemeandhost || servicecategory || sourcehost || sourcehostcategory || url || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Read HBAC Rules";allow (compare,read,search) userdn = "ldap:///all";)
  27. dn: cn=hbacservices,cn=hbac,dc=ipa,dc=example
  28. aci: (targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Add HBAC Services";allow (add) groupdn = "ldap:///cn=System: Add HBAC Services,cn=permissions,cn=pbac,dc=ipa,dc=example";)
  29. dn: cn=hbacservices,cn=hbac,dc=ipa,dc=example
  30. diff --git a/API.txt b/API.txt
  31. index 3598b08198cae536754259f7463669052efa3f86..ab65e2dc63128dcde215084cd455c685a9287c0a 100644
  32. --- a/API.txt
  33. +++ b/API.txt
  34. @@ -1656,7 +1656,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
  35. output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
  36. output: PrimaryKey('value', None, None)
  37. command: hbacrule_add
  38. -args: 1,16,3
  39. +args: 1,18,3
  40. arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
  41. option: StrEnum('accessruletype', attribute=True, autofill=True, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=True, values=(u'allow', u'deny'))
  42. option: Str('addattr*', cli_name='addattr', exclude='webui')
  43. @@ -1667,11 +1667,13 @@ option: StrEnum('hostcategory', attribute=True, cli_name='hostcat', multivalue=F
  44. option: Bool('ipaenabledflag', attribute=True, cli_name='ipaenabledflag', multivalue=False, required=False)
  45. option: Flag('no_members', autofill=True, default=False, exclude='webui')
  46. option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
  47. +option: Str('schemeandhost', attribute=True, cli_name='schemeandhost', multivalue=False, required=False)
  48. option: StrEnum('servicecategory', attribute=True, cli_name='servicecat', multivalue=False, required=False, values=(u'all',))
  49. option: Str('setattr*', cli_name='setattr', exclude='webui')
  50. option: DeprecatedParam('sourcehost_host', attribute=True, cli_name='sourcehost_host', multivalue=False, required=False)
  51. option: DeprecatedParam('sourcehost_hostgroup', attribute=True, cli_name='sourcehost_hostgroup', multivalue=False, required=False)
  52. option: DeprecatedParam('sourcehostcategory', attribute=True, cli_name='sourcehostcategory', multivalue=False, required=False)
  53. +option: Str('url', attribute=True, cli_name='url', multivalue=False, required=False)
  54. option: StrEnum('usercategory', attribute=True, cli_name='usercat', multivalue=False, required=False, values=(u'all',))
  55. option: Str('version?', exclude='webui')
  56. output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
  57. @@ -1748,7 +1750,7 @@ output: Output('result', <type 'bool'>, None)
  58. output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
  59. output: PrimaryKey('value', None, None)
  60. command: hbacrule_find
  61. -args: 1,18,4
  62. +args: 1,20,4
  63. arg: Str('criteria?', noextrawhitespace=False)
  64. option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, query=True, required=False, values=(u'allow', u'deny'))
  65. option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
  66. @@ -1760,12 +1762,14 @@ option: Bool('ipaenabledflag', attribute=True, autofill=False, cli_name='ipaenab
  67. option: Flag('no_members', autofill=True, default=False, exclude='webui')
  68. option: Flag('pkey_only?', autofill=True, default=False)
  69. option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
  70. +option: Str('schemeandhost', attribute=True, autofill=False, cli_name='schemeandhost', multivalue=False, query=True, required=False)
  71. option: StrEnum('servicecategory', attribute=True, autofill=False, cli_name='servicecat', multivalue=False, query=True, required=False, values=(u'all',))
  72. option: Int('sizelimit?', autofill=False, minvalue=0)
  73. option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_name='sourcehost_host', multivalue=False, query=True, required=False)
  74. option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, query=True, required=False)
  75. option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, query=True, required=False)
  76. option: Int('timelimit?', autofill=False, minvalue=0)
  77. +option: Str('url', attribute=True, autofill=False, cli_name='url', multivalue=False, query=True, required=False)
  78. option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, query=True, required=False, values=(u'all',))
  79. option: Str('version?', exclude='webui')
  80. output: Output('count', <type 'int'>, None)
  81. @@ -1773,7 +1777,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list
  82. output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
  83. output: Output('truncated', <type 'bool'>, None)
  84. command: hbacrule_mod
  85. -args: 1,18,3
  86. +args: 1,20,3
  87. arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
  88. option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=False, values=(u'allow', u'deny'))
  89. option: Str('addattr*', cli_name='addattr', exclude='webui')
  90. @@ -1786,11 +1790,13 @@ option: Bool('ipaenabledflag', attribute=True, autofill=False, cli_name='ipaenab
  91. option: Flag('no_members', autofill=True, default=False, exclude='webui')
  92. option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
  93. option: Flag('rights', autofill=True, default=False)
  94. +option: Str('schemeandhost', attribute=True, autofill=False, cli_name='schemeandhost', multivalue=False, required=False)
  95. option: StrEnum('servicecategory', attribute=True, autofill=False, cli_name='servicecat', multivalue=False, required=False, values=(u'all',))
  96. option: Str('setattr*', cli_name='setattr', exclude='webui')
  97. option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_name='sourcehost_host', multivalue=False, required=False)
  98. option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, required=False)
  99. option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, required=False)
  100. +option: Str('url', attribute=True, autofill=False, cli_name='url', multivalue=False, required=False)
  101. option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, required=False, values=(u'all',))
  102. option: Str('version?', exclude='webui')
  103. output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
  104. diff --git a/VERSION b/VERSION
  105. index aedebd185821d42fa48608f4c5fdf9ff510ace3f..543a5241d9ee6f75a88d0d1486c93875821ab0a5 100644
  106. --- a/VERSION
  107. +++ b/VERSION
  108. @@ -16,12 +16,12 @@
  109. # #
  110. # e.g. IPA_VERSION_MAJOR=1 #
  111. # IPA_VERSION_MINOR=0 #
  112. -# IPA_VERSION_RELEASE=0 #
  113. +
  114. # -> "1.0.0" #
  115. ########################################################
  116. IPA_VERSION_MAJOR=4
  117. IPA_VERSION_MINOR=3
  118. -IPA_VERSION_RELEASE=90
  119. +IPA_VERSION_RELEASE=105
  120.  
  121. ########################################################
  122. # For 'alpha' releases the version will be #
  123. @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
  124. # #
  125. ########################################################
  126. IPA_API_VERSION_MAJOR=2
  127. -IPA_API_VERSION_MINOR=165
  128. -# Last change: mbasti - limit ipamaxusernamelength value to 255
  129. +IPA_API_VERSION_MINOR=166
  130. +# Last change: lhellebr - add URL to HBAC rule
  131. diff --git a/install/share/60basev2.ldif b/install/share/60basev2.ldif
  132. index 00712ddda2c548b7f7924a012f3f68499f2f01da..ff30b7ea0bd04b783d19048c1745c1486807d834 100644
  133. --- a/install/share/60basev2.ldif
  134. +++ b/install/share/60basev2.ldif
  135. @@ -37,7 +37,9 @@ attributeTypes: (2.16.840.1.113730.3.8.3.11 NAME 'externalHost' DESC 'Multivalue
  136. attributeTypes: (2.16.840.1.113730.3.8.3.12 NAME 'sourceHostCategory' DESC 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
  137. attributeTypes: (2.16.840.1.113730.3.8.3.13 NAME 'accessRuleType' DESC 'The flag to represent if it is allow or deny rule.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
  138. attributeTypes: (2.16.840.1.113730.3.8.3.14 NAME 'accessTime' DESC 'Access time' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
  139. -objectClasses: (2.16.840.1.113730.3.8.4.7 NAME 'ipaHBACRule' SUP ipaAssociation STRUCTURAL MUST accessRuleType MAY ( sourceHost $ sourceHostCategory $ serviceCategory $ memberService $ externalHost $ accessTime ) X-ORIGIN 'IPA v2' )
  140. +attributeTypes: (2.16.840.1.113730.3.8.11.74 NAME 'schemeAndHost' DESC 'Schema and host part of the URI' EQUALITY caseIgnoretMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3')
  141. +attributeTypes: (2.16.840.1.113730.3.8.11.73 NAME 'url' DESC 'Path part of URI (prefix)' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3')
  142. +objectClasses: (2.16.840.1.113730.3.8.4.7 NAME 'ipaHBACRule' SUP ipaAssociation STRUCTURAL MUST accessRuleType MAY ( sourceHost $ sourceHostCategory $ serviceCategory $ memberService $ externalHost $ accessTime $ schemeAndHost $ url) X-ORIGIN 'IPA v2' )
  143. attributeTypes: (2.16.840.1.113730.3.8.3.15 NAME 'nisDomainName' DESC 'NIS domain name.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
  144. objectClasses: (2.16.840.1.113730.3.8.4.8 NAME 'ipaNISNetgroup' DESC 'IPA version of NIS netgroup' SUP ipaAssociation STRUCTURAL MAY ( externalHost $ nisDomainName $ member $ memberOf ) X-ORIGIN 'IPA v2' )
  145. attributeTypes: (1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount Map Name' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2307bis' )
  146. diff --git a/install/ui/src/freeipa/hbac.js b/install/ui/src/freeipa/hbac.js
  147. index 6161942b93fce654830330fdbdf6853ce9e428ff..c56ded20ec0064e586fa01b169fa82f86d5ac549 100644
  148. --- a/install/ui/src/freeipa/hbac.js
  149. +++ b/install/ui/src/freeipa/hbac.js
  150. @@ -52,7 +52,9 @@ var spec = {
  151. label: '@i18n:status.label',
  152. formatter: 'boolean_status'
  153. },
  154. - 'description'
  155. + 'description',
  156. + 'schemeandhost',
  157. + 'url'
  158. ],
  159. actions: [
  160. 'batch_disable',
  161. @@ -244,6 +246,16 @@ var add_hbacrule_details_facet_widgets = function (spec) {
  162. $type: 'textarea',
  163. name: 'description',
  164. widget: 'general.description'
  165. + },
  166. + {
  167. + $type: 'textarea',
  168. + name: 'schemeandhost',
  169. + widget: 'general.schemeandhost'
  170. + },
  171. + {
  172. + $type: 'textarea',
  173. + name: 'url',
  174. + widget: 'general.url'
  175. }
  176. ];
  177.  
  178. @@ -259,6 +271,14 @@ var add_hbacrule_details_facet_widgets = function (spec) {
  179. {
  180. $type: 'textarea',
  181. name: 'description'
  182. + },
  183. + {
  184. + $type: 'textarea',
  185. + name: 'schemeandhost'
  186. + },
  187. + {
  188. + $type: 'textarea',
  189. + name: 'url'
  190. }
  191. ]
  192. }
  193. @@ -503,4 +523,4 @@ exp.register = function() {
  194. phases.on('registration', exp.register);
  195.  
  196. return exp;
  197. -});
  198. \ No newline at end of file
  199. +});
  200. diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json
  201. index 1b9b69ff909a9668c1e1867008459d25d5e062a9..bdc98afc4fa750e6fd951e5753c6f83db9a79ba0 100644
  202. --- a/install/ui/test/data/ipa_init.json
  203. +++ b/install/ui/test/data/ipa_init.json
  204. @@ -354,7 +354,9 @@
  205. "specified_hosts": "Specified Hosts and Groups",
  206. "specified_services": "Specified Services and Groups",
  207. "specified_users": "Specified Users and Groups",
  208. - "user": "Who"
  209. + "user": "Who",
  210. + "schemeandhost": "Scheme and host part of URI",
  211. + "url": "Path part of URI (prefix)"
  212. },
  213. "hbacsvc": {},
  214. "hbacsvcgroup": {
  215. diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py
  216. index 54487eded21637bcd9d78179ad51c4abdedfc561..79be7fec8c87080ffa424efb53e2a3e79b3268fd 100644
  217. --- a/ipalib/plugins/hbacrule.py
  218. +++ b/ipalib/plugins/hbacrule.py
  219. @@ -137,7 +137,7 @@ class hbacrule(LDAPObject):
  220. 'description', 'usercategory', 'hostcategory',
  221. 'servicecategory', 'ipaenabledflag',
  222. 'memberuser', 'sourcehost', 'memberhost', 'memberservice',
  223. - 'externalhost',
  224. + 'externalhost','schemeandhost','url',
  225. ]
  226. uuid_attribute = 'ipauniqueid'
  227. rdn_attribute = 'ipauniqueid'
  228. @@ -157,7 +157,7 @@ class hbacrule(LDAPObject):
  229. 'externalhost', 'hostcategory', 'ipaenabledflag',
  230. 'ipauniqueid', 'memberhost', 'memberservice', 'memberuser',
  231. 'servicecategory', 'sourcehost', 'sourcehostcategory',
  232. - 'usercategory', 'objectclass', 'member',
  233. + 'usercategory', 'objectclass', 'member', 'schemeandhost', 'url',
  234. },
  235. },
  236. 'System: Add HBAC Rule': {
  237. @@ -275,6 +275,12 @@ class hbacrule(LDAPObject):
  238. label=_('Service Groups'),
  239. flags=['no_create', 'no_update', 'no_search'],
  240. ),
  241. + Str('schemeandhost?',
  242. + label=_('Scheme and host part of URI'),
  243. + ),
  244. + Str('url?',
  245. + label=_('Path part of URI (prefix)'),
  246. + ),
  247. external_host_param,
  248. )
  249.  
  250. diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py
  251. index 54871f76de99d92f0f23129b4d636cc4fccfbb8b..4dcce84f9b39f66c99b3f0b2129e3f75c4adc784 100644
  252. --- a/ipalib/plugins/internal.py
  253. +++ b/ipalib/plugins/internal.py
  254. @@ -499,6 +499,8 @@ class i18n_messages(Command):
  255. "specified_services": _("Specified Services and Groups"),
  256. "specified_users": _("Specified Users and Groups"),
  257. "user": _("Who"),
  258. + "schemeandhost": _("Scheme and host part of URI"),
  259. + "url": _("Path part of URI (prefix)"),
  260. },
  261. "hbacsvc": {
  262. },
  263. --
  264. 2.4.3
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!