Commit Graph

9406 Commits

Author SHA1 Message Date
Timo Aaltonen
44a774c3cb freeipa-client: Add /etc/ipa/nssdb, rework /etc/pki/nssdb handling. 2015-09-24 11:31:48 +03:00
Timo Aaltonen
75fd43a8ef control: Bump python-nss depends. 2015-09-24 05:57:51 +03:00
Timo Aaltonen
b2bc83332c control: Bump certmonger depends. 2015-09-24 05:51:36 +03:00
Timo Aaltonen
26e6614bbd bump sssd dependencies 2015-09-24 05:45:01 +03:00
Timo Aaltonen
560b11f44a control: Server needs newer python-ldap, bump build-dep too. 2015-09-24 05:33:56 +03:00
Timo Aaltonen
70ea426d96 control: Drop dogtag-pki-server-theme from server depends, it's not needed. 2015-09-24 05:08:33 +03:00
Timo Aaltonen
b94a04aafd control: Bump 389-ds-base, pki-ca depends. 2015-09-24 05:08:00 +03:00
Timo Aaltonen
868b5eaa20 control: Bump Depends on slapi-nis for CVE fixes. 2015-09-24 05:02:49 +03:00
Timo Aaltonen
3b6b7f287a wrap-and-sort -s 2015-09-24 04:52:32 +03:00
Timo Aaltonen
ac78bc5dbd freeipa-{server,client}.install: Add new files. 2015-09-24 04:51:14 +03:00
Timo Aaltonen
8b6c61b1a1 control: Add libsofthsm2-dev to build-depends and softhsm2 to server depends. 2015-09-05 07:06:18 +03:00
Timo Aaltonen
975dfdd861 control: Add gnupg-agent to python-freeipa depends, and change gnupg to gnupg2. 2015-09-03 22:21:26 +03:00
Timo Aaltonen
b9367b7da8 control: Bump libsss-nss-idmap-dev build-dep. 2015-04-24 06:49:49 +03:00
Timo Aaltonen
0c665ab1c3 Merge branch 'master' into master-next 2015-04-09 23:51:46 +03:00
Timo Aaltonen
244e2a207b releasing package freeipa version 4.0.5-5 2015-04-09 17:27:11 +03:00
Timo Aaltonen
ee71be0e10 client.dirs,postrm: Drop removing /etc/pki/nssdb from postrm and let dpkg handle it. (Closes: #781114) 2015-04-09 17:13:38 +03:00
Timo Aaltonen
781bdc9196 control: Drop selinux-policy-dev from build-depends, not needed anymore. 2015-04-09 14:39:34 +03:00
Timo Aaltonen
88ba78bd91 control: Add python-usb to build-depends and to python-freeipa depends. 2015-04-09 14:29:41 +03:00
Timo Aaltonen
70a71bcee0 disable dnssec, refresh patches 2015-04-02 14:09:36 +03:00
Timo Aaltonen
ce7d0703ea Merge branch 'experimental' into master-next 2015-04-02 13:03:54 +03:00
Timo Aaltonen
d76d671b13 Merge branch 'master' into master-next 2015-04-02 13:01:20 +03:00
Timo Aaltonen
ddd86a9a66 releasing package freeipa version 4.0.5-4 2015-04-02 10:54:14 +03:00
Timo Aaltonen
13eccb0520 control: Add systemd to build-depends. 2015-04-02 10:07:42 +03:00
Timo Aaltonen
c45905e465 dont-check-for-systemd-pc.diff: Dropped, not needed anymore. 2015-04-02 10:06:18 +03:00
Timo Aaltonen
48ec7738c1 add-a-clear-openssl-exception.diff: Add a clear OpenSSL exception. (Closes: #772136) 2015-04-02 08:48:04 +03:00
Petr Vobornik
1b46faded4 Become IPA 4.1.4 2015-03-26 15:28:46 +01:00
Alexander Bokovoy
93302a8c28 slapi-nis: require 0.54.2 for CVE-2015-0283 fixes
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2015-03-26 14:59:29 +01:00
Sumit Bose
fd8e796873 extdom: fix wrong realloc size
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
2015-03-26 14:58:37 +01:00
Alexander Bokovoy
447c5c7b0d fix Makefile.am for daemons
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
2015-03-26 14:58:37 +01:00
Martin Babinsky
d7863f3e1e show the exception message thrown by dogtag._parse_ca_status during install
https://fedorahosted.org/freeipa/ticket/4885

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2015-03-26 14:46:56 +01:00
Timo Aaltonen
c69b6d0ffd freeipa-client.postrm: Purge /etc/pki if empty. (Closes: #781114) 2015-03-25 14:48:23 +02:00
Martin Babinsky
3284cbf773 migrate-ds: print out failed attempts when no users/groups are migrated
This patch should fix both https://fedorahosted.org/freeipa/ticket/4846 and
https://fedorahosted.org/freeipa/ticket/4952.

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2015-03-23 13:08:41 +01:00
Jan Cholasta
f0a49b962c upload_cacrt: Fix empty cACertificate in cn=CAcert
https://fedorahosted.org/freeipa/ticket/4565

Reviewed-By: David Kupka <dkupka@redhat.com>
2015-03-19 14:39:22 +00:00
Jan Cholasta
6e672109ea client: Fix ca_is_enabled calls
The command was added in API version 2.107. Old IPA servers may crash with
NetworkError on ca_is_enabled, handle this case gracefully.

https://fedorahosted.org/freeipa/ticket/4565

Reviewed-By: David Kupka <dkupka@redhat.com>
2015-03-19 14:39:22 +00:00
Jan Cholasta
ad77613be6 client-install: Do not crash on invalid CA certificate in LDAP
When CA certificates in LDAP are corrupted, use the otherwise acquired CA
certificates from before.

https://fedorahosted.org/freeipa/ticket/4565

Reviewed-By: David Kupka <dkupka@redhat.com>
2015-03-19 14:39:22 +00:00
Jan Cholasta
4154c8893f certstore: Make certificate retrieval more robust
https://fedorahosted.org/freeipa/ticket/4565

Reviewed-By: David Kupka <dkupka@redhat.com>
2015-03-19 14:39:22 +00:00
Sumit Bose
179be3c222 extdom: fix memory leak
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2015-03-18 17:02:09 +00:00
Sumit Bose
c55632374d extdom: return LDAP_NO_SUCH_OBJECT to the client
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2015-03-18 17:00:53 +00:00
Sumit Bose
ec7a55a056 extdom: make nss buffer configurable
The get*_r_wrapper() calls expect a maximum buffer size to avoid memory
shortage if too many threads try to allocate buffers e.g. for large
groups. With this patch this size can be configured by setting
ipaExtdomMaxNssBufSize in the plugin config object
cn=ipa_extdom_extop,cn=plugins,cn=config.

Related to https://fedorahosted.org/freeipa/ticket/4908

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2015-03-18 12:40:55 +01:00
Sumit Bose
5bd4b7a09d extdom: handle ERANGE return code for getXXYYY_r() calls
The getXXYYY_r() calls require a buffer to store the variable data of
the passwd and group structs. If the provided buffer is too small ERANGE
is returned and the caller can try with a larger buffer again.

Cmocka/cwrap based unit-tests for get*_r_wrapper() are added.

Resolves https://fedorahosted.org/freeipa/ticket/4908

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2015-03-18 12:40:55 +01:00
Sumit Bose
cc6fc3728c Add configure check for cwrap libraries
Currently only nss-wrapper is checked, checks for other crwap libraries
can be added e.g. as

AM_CHECK_WRAPPER(uid_wrapper, HAVE_UID_WRAPPER)

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2015-03-18 12:40:55 +01:00
Martin Babinsky
41ca3fb499 ipa-dns-install: use STARTTLS to connect to DS
BindInstance et al. now use STARTTLS to set up secure connection to DS during
ipa-dns-install. This fixes https://fedorahosted.org/freeipa/ticket/4933

Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-03-18 12:32:57 +01:00
Nathan Kinder
80aeb445e2 Timeout when performing time sync during client install
We use ntpd now to sync time before fetching a TGT during client
install.  Unfortuantely, ntpd will hang forever if it is unable to
reach the NTP server.

This patch adds the ability for commands run via ipautil.run() to
have an optional timeout.  This capability is used by the NTP sync
code that is run during ipa-client-install.

Ticket: https://fedorahosted.org/freeipa/ticket/4842
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-03-16 15:55:26 +01:00
Gabe
169a37d1a8 ipa-replica-prepare can only be created on the first master
https://fedorahosted.org/freeipa/ticket/4944

Reviewed-By: Martin Kosek <mkosek@redhat.com>
2015-03-13 14:46:45 +01:00
Timo Aaltonen
f3e37256c0 control: Add systemd-sysv to server depends. (Closes: #780386) 2015-03-13 15:11:26 +02:00
Timo Aaltonen
dd9ca7dccc further deps 2015-03-13 15:10:05 +02:00
Martin Basti
939fd3dd6c Fix dead code in ipap11helper module
https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2015-03-11 14:32:20 +01:00
Martin Basti
5f191e85e9 DNS: remove NSEC3PARAM from records
NSEC3PARAM is configurable only from zone commands. This patch removes
this record type from DNS records.

Ticket: https://fedorahosted.org/freeipa/ticket/4930
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2015-03-09 15:22:32 +01:00
Martin Basti
d89fca7ea9 DNS fix: do not show part options for unsupported records
Do not show parts options in help output, if record is marked as unsupported.

Ticket: https://fedorahosted.org/freeipa/ticket/4930
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2015-03-09 15:22:32 +01:00
Martin Basti
56f0eb443c DNS fix: do not traceback if unsupported records are in LDAP
Show records which are unsupported, if they are in LDAP.
Those records are not editable, and web UI doesnt show them.

Fixes traceback caused by --structured option

Ticket: https://fedorahosted.org/freeipa/ticket/4930
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2015-03-09 15:22:32 +01:00