IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
1,008 Commits 11 Branches 60 Tags 60 MiB
47863ac169
Commit Graph

1008 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Crittenden
567bab9850 Fix error where usage wasn't being updated properly 2008-09-12 18:14:22 -04:00
Martin Nagy
b5ee09c097 Fix spelling. 2008-09-12 00:03:50 +02:00
Martin Nagy
f33c57e6f8 Fix the -G option of ipa-adduser. Don't add the user if one of the groups doesn't exist. Fixes: 459801 2008-09-11 23:39:28 +02:00
Martin Nagy
fa019e932d Ignore GSS exception when iterating through server list. Fixes: 459864 2008-09-11 23:38:41 +02:00
Martin Nagy
a9e8a72059 Try servers from ipa.conf even if we specified them on the command line. 2008-09-11 23:34:01 +02:00
Martin Nagy
7206a6d43c More strict input checks in ipa-pwpolicy and return non-zero when unsuccessful. Fixes: 461213, 461325, 461332, 461543 2008-09-11 23:34:01 +02:00
Martin Nagy
885103c321 Rework config.py and change cli tools. Maintain order of IPA servers from command line, config and DNS. Parse options before detecting IPA configuration. Don't ignore rest of the options if one is missing in ipa.conf. Drop the --usage options, we will rely on --help. Fixes: 458869, 459070, 458980, 459234 2008-09-11 23:34:01 +02:00
Simo Sorce
57669ba432 Add script to simplify operations to fix CVE 2008 3274 
Import all of change master key directly into the help fix,
allows for better control
 2008-09-10 15:07:42 -04:00
Simo Sorce
8e7c98eb7f CVE 2008 3274 related fixes 2008-09-10 15:07:33 -04:00
Simo Sorce
89ed5a0277 Add a tool to change the kerberos Master Key in case an admin wants to. 
This tool will dump and re-encrypt all keys, then reload and change
the master key in LDAP and in the stash file.
It will also restart the Directory Server and the the KDC
 2008-09-10 15:07:26 -04:00
Simo Sorce
86afc680cd Retrieve the kerberos configuration every time a new, it will be a bit slower 
but will allow for changing configurations without having to restart DS.
Password operations are slow and rare enough this is an acceptable compromise.
 2008-09-10 15:07:17 -04:00
Rob Crittenden
76bf420754 Display name as separate attributes instead of showing common name. 
We allow one to individually set first and last name but we do not
automatically update the common name so changes don't seem to happen.

451318
 2008-08-22 18:02:20 -04:00
Rob Crittenden
c7ee747ee5 Add options to display a subset of delegations and return 2 if none are found. 
452027
 2008-08-22 17:57:09 -04:00
Simo Sorce
2846083979 Add 2 features to ipa-getkeytab: 
1. Allow to specify the salt type along with the enctype
2. Allow to specify a password instead of forcing a random secret
 2008-08-21 11:04:59 -04:00
Simo Sorce
2659fb0eb4 Minor bugs found while testing stuff. 
- wrong import in certs.py makes ipa-replica-manage fail
- close the fs after the stash file is written so that the file is updated
  immediately and not when the fd is garbage collected
 2008-08-21 11:04:52 -04:00
Rob Crittenden
ff82c4c1e5 Limit the mod_rewrite rules to just /ipa 
459209
 2008-08-21 09:48:48 -04:00
Rob Crittenden
e9bde984e0 Add tool to manage IPA Search and User policy 
448624, 448625
 2008-08-20 17:39:46 -04:00
Simo Sorce
0c6aeee6f1 Fix segfault cause by empty target entry 2008-08-19 11:14:27 -04:00
Rob Crittenden
548c169c5a Create temporary files used in self-signed cert requests in a temporary directory and ensure that it gets cleaned up when we're done with it. 
458159
 2008-08-15 11:05:31 -04:00
Simo Sorce
c5b44f77a1 Comment out code that generates keys with a random salt, apparently this does not work as expected and generates faulty keys 2008-08-15 08:54:44 +02:00
Martin Nagy
828c9b9cdd Delete old mercurial files. 2008-08-15 08:54:37 +02:00
Rob Crittenden
4be5d862a6 When installing with an IPA-created CA generate the Firefox autoconfiguration files. 
458871
 2008-08-14 18:07:52 -04:00
Rob Crittenden
8edc9aa8aa Make Proxy directive wildcard match more specific so we can play nicer with other apps. 
459061
 2008-08-14 14:55:39 -04:00
Rob Crittenden
a013fe5cc2 Fix some copy/paste and other syntax errors from the validators commit. 
450613, 457124
 2008-08-14 14:55:35 -04:00
Simo Sorce
cee4b2cc1e Fix usage of mozldap libraries, 
thanks to W. Michael Petullo <mike@flyn.org> for finding the problem.
 2008-08-13 15:57:43 -04:00
Simo Sorce
44689b93c9 Remove unused stuff. 2008-08-13 15:57:35 -04:00
Simo Sorce
afad6d96ae apparently the "configure" target is never used 2008-08-13 15:57:28 -04:00
Simo Sorce
f5177e6b84 Install the ca.crt file early on so that we can always enforce SSL 
protected connections to other LDAP servers
Fix error reporting on replica creation.
 2008-08-13 15:36:57 -04:00
Simo Sorce
0d6b6fa084 Implement password operation checks and key material generation for the 
ldap add and modify operation performed on the userPassword attribute.

Add helper functions to reduce code duplication.

Do not enforce encrypted connections on ldap add/ldap mod for compatibility
reasons. (We cannot enforce people not to send the password in the clear
anyway, we can only refuse to accept it at the most which does not gain
you much if someone then re-send you the same password previously exposed)
 2008-08-12 14:48:41 -04:00
Simo Sorce
9648da8f5f Fix versioning for configure.ac and ipa-python/setup.py 
Fix make maintainer-clean

Also make RPM naming consistent by using a temp RELEASE file.
This one helps when testing builds using rpms.
Just 'echo X > RELEASE' to build a new rpms (X, X+1, X+2 ...)

Version 1.1.0 was released some times ago, bump up to 1.1.1
 2008-08-11 18:31:05 -04:00
Simo Sorce
0368d4329a Used the encrypt_file and decrypt_file utility functions to encrypt replica 
information. This way we do not risk to leave around sensitive data.
Set the destination host in the replica file too and do checks against
in ipa-replica-install
 2008-08-11 18:30:57 -04:00
Simo Sorce
5cbc453d89 Add encrypt_file and decrypt_file utility functions. 
We will use them to encrypt the replica file so that we can
transport it over more safely.
It contains sensitive data, by encrypting it we assure that
even if a distracted admin leaves it around it cannot be accessed
without knowing the access passphrase (usually the Directory Manager
password)

Along the way fix also ipautil.run which was buggy and not passing
in correctly stdin.

Add dependency for gnupg in spec file
 2008-08-11 18:30:50 -04:00
Simo Sorce
599fe1a0f5 Use larger set from which to choose chars for random passwords. 
Use SystemRandom() instead of Random() so that the randomicity
is non-deterministic.
 2008-08-11 18:30:40 -04:00
Simo Sorce
1b613fafa6 Treat Jan 1 1970 in krbPrincipalExpiration as a special date that means 
the account Never Expires
 2008-08-07 11:50:33 -04:00
Rob Crittenden
110f60da8e Change user and group validators to match shadow-utils 
This sets the regex to [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?

Also change the validators to return True/False

450613, 457124
 2008-08-07 11:21:33 -04:00
Martin Nagy
fbc74a0cb4 Fix few syntax errors. 2008-08-06 19:17:13 +02:00
Rob Crittenden
df2b40303f Fix python syntax error: missing colon. 2008-08-06 11:27:30 -04:00
Jason Gerard DeRose
4deb919ce4 Use % format string to fix nbsp problem in userlist.kid (fixes #453779) 2008-07-30 10:28:14 -04:00
Rob Crittenden
6efb547987 Shift search base for users and groups to "cn=accounts, baseDN" 
450552
 2008-07-29 11:33:51 -04:00
Rob Crittenden
bae3a2101f Fix encoding issue when manually loading templates for forms 
We used to manually load the template files for the edit pages using
turbogears.meta.load_kid_template(). Unfortunately this went through
the one code path where encoding was completely ignored. It ended up
defaulting to sys.getdefaultencoding() which is 'ascii'. So even though
most of the templates are loaded as 'utf-8' the few that really mattered
weren't.

The fix is to call kid.load_template() ourselves and set the encoding of
the class we just loaded to either the setting in the app.cfg file or
to the normal default value of 'utf-8'.

454076
 2008-07-29 11:32:02 -04:00
Rob Crittenden
cdba310f02 Change Title label to Job Title for clarity 
453780
 2008-07-29 11:24:52 -04:00
Rob Crittenden
f5f8e8d884 NSS 3.12 added a header to the certutil output we need to skip 
456694
 2008-07-28 09:55:49 -04:00
Rob Crittenden
cf06dd9f84 Don't assume that the Firefox autoconfig files exist. 
These are created by an object-signing cert and needs to be done
after the fact if a server is created with user-supplied PKCS#12 files.

452402
 2008-07-28 09:54:16 -04:00
Rob Crittenden
9f2ee29218 Specify --mandir to configure to fix building on CentOS 5.2 
456672
 2008-07-28 09:53:38 -04:00
Rob Crittenden
a19d27717a Move the self-signed CA serialno file to /var/lib/ipa to adhere to the FHS 
455064
 2008-07-25 09:05:14 -04:00
Simo Sorce
4d88900c22 Fix a stupidty introduced recently in a fix to a segfault. 2008-07-24 11:35:04 -04:00
Rob Crittenden
23fab304e9 Catch correct exception when trying to find the default IPA users group and return a more detailed error message. 
455092
 2008-07-23 10:05:32 -04:00
Martin Nagy
f7ca405716 Wrap up the raw_input() to user_input() for convenience and uniformity. 2008-07-23 10:05:06 -04:00
Nathan Kinder
72a3114a01 Cleaned up comments that were mangled by vim 2008-07-18 13:11:21 -04:00
Nathan Kinder
2301f60652 Re-base memberOf plug-in off of current FDS memberOf plug-in. Resolves: 452537, 453011, 443241, 439628 2008-07-18 13:11:19 -04:00