Ledger Nano X - The secure hardware wallet
SHARE
TWEET

FreeIPA patch adding URI to HBAC rule

a guest Feb 26th, 2016 30 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. diff --git a/ACI.txt b/ACI.txt
  2. index 24cb332..ecacc1c 100644
  3. --- a/ACI.txt
  4. +++ b/ACI.txt
  5. @@ -93,7 +93,7 @@ aci: (targetattr = "externalhost || memberhost || memberservice || memberuser")(
  6.  dn: cn=hbac,dc=ipa,dc=example
  7.  aci: (targetattr = "accessruletype || accesstime || cn || description || hostcategory || ipaenabledflag || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Modify HBAC Rule";allow (write) groupdn = "ldap:///cn=System: Modify HBAC Rule,cn=permissions,cn=pbac,dc=ipa,dc=example";)
  8.  dn: cn=hbac,dc=ipa,dc=example
  9. -aci: (targetattr = "accessruletype || accesstime || cn || createtimestamp || description || entryusn || externalhost || hostcategory || ipaenabledflag || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Read HBAC Rules";allow (compare,read,search) userdn = "ldap:///all";)
  10. +aci: (targetattr = "accessruletype || accesstime || cn || createtimestamp || description || entryusn || externalhost || hostcategory || ipaenabledflag || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || sourcehost || sourcehostcategory || url || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Read HBAC Rules";allow (compare,read,search) userdn = "ldap:///all";)
  11.  dn: cn=hbacservices,cn=hbac,dc=ipa,dc=example
  12.  aci: (targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Add HBAC Services";allow (add) groupdn = "ldap:///cn=System: Add HBAC Services,cn=permissions,cn=pbac,dc=ipa,dc=example";)
  13.  dn: cn=hbacservices,cn=hbac,dc=ipa,dc=example
  14. diff --git a/API.txt b/API.txt
  15. index e2976e0..5886e6a 100644
  16. --- a/API.txt
  17. +++ b/API.txt
  18. @@ -1656,7 +1656,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
  19.  output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
  20.  output: PrimaryKey('value', None, None)
  21.  command: hbacrule_add
  22. -args: 1,16,3
  23. +args: 1,17,3
  24.  arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
  25.  option: StrEnum('accessruletype', attribute=True, autofill=True, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=True, values=(u'allow', u'deny'))
  26.  option: Str('addattr*', cli_name='addattr', exclude='webui')
  27. @@ -1672,6 +1672,7 @@ option: Str('setattr*', cli_name='setattr', exclude='webui')
  28.  option: DeprecatedParam('sourcehost_host', attribute=True, cli_name='sourcehost_host', multivalue=False, required=False)
  29.  option: DeprecatedParam('sourcehost_hostgroup', attribute=True, cli_name='sourcehost_hostgroup', multivalue=False, required=False)
  30.  option: DeprecatedParam('sourcehostcategory', attribute=True, cli_name='sourcehostcategory', multivalue=False, required=False)
  31. +option: Str('url', attribute=True, cli_name='url', multivalue=False, required=False)
  32.  option: StrEnum('usercategory', attribute=True, cli_name='usercat', multivalue=False, required=False, values=(u'all',))
  33.  option: Str('version?', exclude='webui')
  34.  output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
  35. @@ -1748,7 +1749,7 @@ output: Output('result', <type 'bool'>, None)
  36.  output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
  37.  output: PrimaryKey('value', None, None)
  38.  command: hbacrule_find
  39. -args: 1,18,4
  40. +args: 1,19,4
  41.  arg: Str('criteria?', noextrawhitespace=False)
  42.  option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, query=True, required=False, values=(u'allow', u'deny'))
  43.  option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
  44. @@ -1766,6 +1767,7 @@ option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_n
  45.  option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, query=True, required=False)
  46.  option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, query=True, required=False)
  47.  option: Int('timelimit?', autofill=False, minvalue=0)
  48. +option: Str('url', attribute=True, autofill=False, cli_name='url', multivalue=False, query=True, required=False)
  49.  option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, query=True, required=False, values=(u'all',))
  50.  option: Str('version?', exclude='webui')
  51.  output: Output('count', <type 'int'>, None)
  52. @@ -1773,7 +1775,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list
  53.  output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
  54.  output: Output('truncated', <type 'bool'>, None)
  55.  command: hbacrule_mod
  56. -args: 1,18,3
  57. +args: 1,19,3
  58.  arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
  59.  option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=False, values=(u'allow', u'deny'))
  60.  option: Str('addattr*', cli_name='addattr', exclude='webui')
  61. @@ -1791,6 +1793,7 @@ option: Str('setattr*', cli_name='setattr', exclude='webui')
  62.  option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_name='sourcehost_host', multivalue=False, required=False)
  63.  option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, required=False)
  64.  option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, required=False)
  65. +option: Str('url', attribute=True, autofill=False, cli_name='url', multivalue=False, required=False)
  66.  option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, required=False, values=(u'all',))
  67.  option: Str('version?', exclude='webui')
  68.  output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
  69. diff --git a/VERSION b/VERSION
  70. index 7053bea..ccb4516 100644
  71. --- a/VERSION
  72. +++ b/VERSION
  73. @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
  74.  #                                                      #
  75.  ########################################################
  76.  IPA_API_VERSION_MAJOR=2
  77. -IPA_API_VERSION_MINOR=163
  78. -# Last change: jcholast - replica install: add remote connection check over API
  79. +IPA_API_VERSION_MINOR=164
  80. +# Last change: lhellebr - add URL to HBAC rule
  81. diff --git a/install/share/60basev2.ldif b/install/share/60basev2.ldif
  82. index 00712dd..4205958 100644
  83. --- a/install/share/60basev2.ldif
  84. +++ b/install/share/60basev2.ldif
  85. @@ -37,7 +37,8 @@ attributeTypes: (2.16.840.1.113730.3.8.3.11 NAME 'externalHost' DESC 'Multivalue
  86.  attributeTypes: (2.16.840.1.113730.3.8.3.12 NAME 'sourceHostCategory' DESC 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
  87.  attributeTypes: (2.16.840.1.113730.3.8.3.13 NAME 'accessRuleType' DESC 'The flag to represent if it is allow or deny rule.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
  88.  attributeTypes: (2.16.840.1.113730.3.8.3.14 NAME 'accessTime' DESC 'Access time' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
  89. -objectClasses: (2.16.840.1.113730.3.8.4.7 NAME 'ipaHBACRule' SUP ipaAssociation STRUCTURAL MUST accessRuleType MAY ( sourceHost $ sourceHostCategory $ serviceCategory $ memberService $ externalHost $ accessTime ) X-ORIGIN 'IPA v2' )
  90. +attributeTypes: (2.16.840.1.113730.3.8.3.21 NAME 'url' DESC 'Url of the source' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2')
  91. +objectClasses: (2.16.840.1.113730.3.8.4.7 NAME 'ipaHBACRule' SUP ipaAssociation STRUCTURAL MUST accessRuleType MAY ( sourceHost $ sourceHostCategory $ serviceCategory $ memberService $ externalHost $ accessTime $ url ) X-ORIGIN 'IPA v2' )
  92.  attributeTypes: (2.16.840.1.113730.3.8.3.15 NAME 'nisDomainName' DESC 'NIS domain name.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
  93.  objectClasses: (2.16.840.1.113730.3.8.4.8 NAME 'ipaNISNetgroup' DESC 'IPA version of NIS netgroup' SUP ipaAssociation STRUCTURAL MAY ( externalHost $ nisDomainName $ member $ memberOf ) X-ORIGIN 'IPA v2' )
  94.  attributeTypes: (1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount Map Name' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2307bis' )
  95. diff --git a/install/ui/src/freeipa/hbac.js b/install/ui/src/freeipa/hbac.js
  96. index 6161942..539849d 100644
  97. --- a/install/ui/src/freeipa/hbac.js
  98. +++ b/install/ui/src/freeipa/hbac.js
  99. @@ -52,7 +52,8 @@ var spec =  {
  100.                      label: '@i18n:status.label',
  101.                      formatter: 'boolean_status'
  102.                  },
  103. -                'description'
  104. +                'description',
  105. +       'url'
  106.              ],
  107.              actions: [
  108.                  'batch_disable',
  109. @@ -244,6 +245,11 @@ var add_hbacrule_details_facet_widgets = function (spec) {
  110.              $type: 'textarea',
  111.              name: 'description',
  112.              widget: 'general.description'
  113. +        },
  114. +        {
  115. +            $type: 'textarea',
  116. +            name: 'url',
  117. +            widget: 'general.url'
  118.          }
  119.      ];
  120.  
  121. @@ -259,6 +265,10 @@ var add_hbacrule_details_facet_widgets = function (spec) {
  122.                  {
  123.                      $type: 'textarea',
  124.                      name: 'description'
  125. +                },
  126. +                {
  127. +                    $type: 'textarea',
  128. +                    name: 'url'
  129.                  }
  130.              ]
  131.          }
  132. @@ -503,4 +513,4 @@ exp.register = function() {
  133.  phases.on('registration', exp.register);
  134.  
  135.  return exp;
  136. -});
  137. \ No newline at end of file
  138. +});
  139. diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json
  140. index 852b953..ad12f77 100644
  141. --- a/install/ui/test/data/ipa_init.json
  142. +++ b/install/ui/test/data/ipa_init.json
  143. @@ -353,7 +353,8 @@
  144.                              "specified_hosts": "Specified Hosts and Groups",
  145.                              "specified_services": "Specified Services and Groups",
  146.                              "specified_users": "Specified Users and Groups",
  147. -                            "user": "Who"
  148. +                            "user": "Who",
  149. +                            "url": "URL"
  150.                          },
  151.                          "hbacsvc": {},
  152.                          "hbacsvcgroup": {
  153. diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py
  154. index 54487ed..6569aa8 100644
  155. --- a/ipalib/plugins/hbacrule.py
  156. +++ b/ipalib/plugins/hbacrule.py
  157. @@ -137,7 +137,7 @@ class hbacrule(LDAPObject):
  158.          'description', 'usercategory', 'hostcategory',
  159.          'servicecategory', 'ipaenabledflag',
  160.          'memberuser', 'sourcehost', 'memberhost', 'memberservice',
  161. -        'externalhost',
  162. +        'externalhost','url',
  163.      ]
  164.      uuid_attribute = 'ipauniqueid'
  165.      rdn_attribute = 'ipauniqueid'
  166. @@ -157,7 +157,7 @@ class hbacrule(LDAPObject):
  167.                  'externalhost', 'hostcategory', 'ipaenabledflag',
  168.                  'ipauniqueid', 'memberhost', 'memberservice', 'memberuser',
  169.                  'servicecategory', 'sourcehost', 'sourcehostcategory',
  170. -                'usercategory', 'objectclass', 'member',
  171. +                'usercategory', 'objectclass', 'member', 'url',
  172.              },
  173.          },
  174.          'System: Add HBAC Rule': {
  175. @@ -275,6 +275,9 @@ class hbacrule(LDAPObject):
  176.              label=_('Service Groups'),
  177.              flags=['no_create', 'no_update', 'no_search'],
  178.          ),
  179. +   Str('url?',
  180. +       label=_('URL'),
  181. +   ),
  182.          external_host_param,
  183.      )
  184.  
  185. diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py
  186. index 7156d4f..99b55b6 100644
  187. --- a/ipalib/plugins/internal.py
  188. +++ b/ipalib/plugins/internal.py
  189. @@ -498,6 +498,7 @@ class i18n_messages(Command):
  190.                  "specified_services": _("Specified Services and Groups"),
  191.                  "specified_users": _("Specified Users and Groups"),
  192.                  "user": _("Who"),
  193. +                "url": _("URL"),
  194.              },
  195.              "hbacsvc": {
  196.              },
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top