- updates: add ACIs for RBCD self-management
This commit is contained in:
parent
2b116b1098
commit
e0b190c16d
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,39 @@
|
||||||
|
From f123b01d81696c52e9a4008d46e549864e4a8069 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
||||||
|
Date: Wed, 3 May 2023 10:47:19 +0300
|
||||||
|
Subject: [PATCH] updates: add ACIs for RBCD self-management
|
||||||
|
|
||||||
|
Fixes: https://pagure.io/freeipa/issue/9354
|
||||||
|
|
||||||
|
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
|
||||||
|
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
||||||
|
Reviewed-By: Julien Rische <jrische@redhat.com>
|
||||||
|
---
|
||||||
|
install/updates/73-service-rbcd.update | 5 +++++
|
||||||
|
install/updates/Makefile.am | 1 +
|
||||||
|
2 files changed, 6 insertions(+)
|
||||||
|
create mode 100644 install/updates/73-service-rbcd.update
|
||||||
|
|
||||||
|
diff --git a/install/updates/73-service-rbcd.update b/install/updates/73-service-rbcd.update
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000000..08a8b0f84a7
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/install/updates/73-service-rbcd.update
|
||||||
|
@@ -0,0 +1,5 @@
|
||||||
|
+dn: $SUFFIX
|
||||||
|
+add:aci: (targetattr = "memberPrincipal")(targattrfilters="add=objectclass:(objectclass=resourcedelegation)")(version 3.0;acl "permission:RBCD:Kerberos principals can manage resource-based constrained delegation for themselves";allow (write) userdn = "ldap:///self";)
|
||||||
|
+add:aci: (targetattr = "memberPrincipal")(targattrfilters="add=objectclass:(objectclass=resourcedelegation)")(version 3.0;acl "permission:RBCD:Managing principals can manage resource-based constrained delegation for other principals";allow (write) userattr = "managedby#GROUPDN" or userattr = "managedby#USERDN";)
|
||||||
|
+add:aci: (targetattr = "memberPrincipal")(targattrfilters="add=objectclass:(objectclass=resourcedelegation)")(version 3.0;acl "permission:RBCD:Delegated permission to manage resource-based constrained delegation for other principals";allow (write) userattr="ipaAllowedToPerform;write_delegation#GROUPDN" or userattr="ipaAllowedToPerform;write_delegation#USERDN" ;)
|
||||||
|
+
|
||||||
|
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
|
||||||
|
index fbc1b76ae4e..fd96831d8fd 100644
|
||||||
|
--- a/install/updates/Makefile.am
|
||||||
|
+++ b/install/updates/Makefile.am
|
||||||
|
@@ -66,6 +66,7 @@ app_DATA = \
|
||||||
|
73-subid.update \
|
||||||
|
73-winsync.update \
|
||||||
|
73-certmap.update \
|
||||||
|
+ 73-service-rbcd.update \
|
||||||
|
75-user-trust-attributes.update \
|
||||||
|
80-schema_compat.update \
|
||||||
|
81-externalmembers.update \
|
|
@ -223,7 +223,7 @@
|
||||||
|
|
||||||
Name: %{package_name}
|
Name: %{package_name}
|
||||||
Version: %{IPA_VERSION}
|
Version: %{IPA_VERSION}
|
||||||
Release: 4%{?rc_version:.%rc_version}%{?dist}
|
Release: 4%{?rc_version:.%rc_version}%{?dist}.1.alma.1
|
||||||
Summary: The Identity, Policy and Audit system
|
Summary: The Identity, Policy and Audit system
|
||||||
|
|
||||||
License: GPL-3.0-or-later
|
License: GPL-3.0-or-later
|
||||||
|
@ -272,6 +272,11 @@ Patch0022: 0022-ipatests-fix-test_topology.patch
|
||||||
Patch0023: 0023-ipatests-idm-api-related-tests.patch
|
Patch0023: 0023-ipatests-idm-api-related-tests.patch
|
||||||
Patch0024: 0024-ipatests-fixture-can-produce-IndexError.patch
|
Patch0024: 0024-ipatests-fixture-can-produce-IndexError.patch
|
||||||
Patch0025: 0025-Installer-activate-nss-and-pam-services-in-sssd.conf.patch
|
Patch0025: 0025-Installer-activate-nss-and-pam-services-in-sssd.conf.patch
|
||||||
|
|
||||||
|
# Patches were taken from:
|
||||||
|
# https://github.com/freeipa/freeipa/commit/f123b01d81696c52e9a4008d46e549864e4a8069
|
||||||
|
Patch0026: updates-add-ACIs-for-RBCD-self-management.patch
|
||||||
|
|
||||||
Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch
|
Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch
|
||||||
%endif
|
%endif
|
||||||
%endif
|
%endif
|
||||||
|
@ -1763,6 +1768,9 @@ fi
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Nov 07 2023 Eduard Abdullin <eabdullin@almalinux.org> - 4.10.2-4.1.alma.1
|
||||||
|
- updates: add ACIs for RBCD self-management
|
||||||
|
|
||||||
* Thu Aug 17 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-4
|
* Thu Aug 17 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-4
|
||||||
- Resolves: rhbz#2231847 RHEL 8.8 & 9.2 fails to create AD trust with STIG applied
|
- Resolves: rhbz#2231847 RHEL 8.8 & 9.2 fails to create AD trust with STIG applied
|
||||||
- Resolves: rhbz#2232056 Include latest test fixes in python3-ipatests
|
- Resolves: rhbz#2232056 Include latest test fixes in python3-ipatests
|
||||||
|
|
Loading…
Reference in New Issue