freeipa

mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00

Author	SHA1	Message	Date
Jan Cholasta	4e49f39e1a	Fix memory leak in ipa-pwd-extop Also remove dead code and explicitly mark an ignored return value to prevent false positives in static code analysis. https://fedorahosted.org/freeipa/ticket/4651 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2014-11-05 15:28:27 +01:00
Jan Cholasta	9062dcada4	Fix various bugs in ipa-opt-counter and ipa-otp-lasttoken Fixes a wrong sizeof argument and unchecked return values. https://fedorahosted.org/freeipa/ticket/4651 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2014-11-05 15:28:27 +01:00
Jan Cholasta	701dde3cb3	Fix memory leaks in ipa-extdom-extop https://fedorahosted.org/freeipa/ticket/4651 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2014-11-05 15:28:27 +01:00
Jan Cholasta	08ee4a2e6f	Fix possible NULL dereference in ipa-kdb https://fedorahosted.org/freeipa/ticket/4651 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2014-11-05 15:28:27 +01:00
Jan Cholasta	2cf0f0a658	Fail if certmonger can't see new CA certificate in LDAP in ipa-cacert-manage This should not normally happen, but if it does, report an error instead of waiting idefinitely for the certificate to appear. https://fedorahosted.org/freeipa/ticket/4629 Reviewed-By: David Kupka <dkupka@redhat.com>	2014-11-05 15:26:42 +01:00
David Kupka	364d466fd7	Respect UID and GID soft static allocation. https://fedoraproject.org/wiki/Packaging:UsersAndGroups?rd=Packaging/UsersAndGroups#Soft_static_allocation https://fedorahosted.org/freeipa/ticket/4585 Reviewed-By: Martin Basti <mbasti@redhat.com>	2014-11-05 15:22:51 +01:00
Endi S. Dewata	0b08043c37	Fixed KRA backend. The KRA backend has been simplified since most of the tasks have been moved somewhere else. The transport certificate will be installed on the client, and it is not needed by KRA backend. The KRA agent's PEM certificate is now generated during installation due to permission issue. The kra_host() for now is removed since the current ldap_enable() cannot register the KRA service, so it is using the kra_host environment variable. The KRA installer has been modified to use Dogtag's CLI to create KRA agent and setup the client authentication. The proxy settings have been updated to include KRA's URLs. Some constants have been renamed for clarity. The DOGTAG_AGENT_P12 has been renamed to DOGTAG_ADMIN_P12 since file actually contains the Dogtag admin's certificate and private key and it can be used to access both CA and KRA. The DOGTAG_AGENT_PEM has been renamed to KRA_AGENT_PEM since it can only be used for KRA. The Dogtag dependency has been updated to 10.2.1-0.1. https://fedorahosted.org/freeipa/ticket/4503 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-11-04 16:33:16 +01:00
Martin Basti	e7edac30a1	Fix CI tests: install_adtrust IPA uses both named and named-pkcs11 service. If named is masked use named-pkcs11, instead of raising exception Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-11-04 16:23:41 +01:00
Gabe	7eca640ffa	Remove trivial path constants from modules https://fedorahosted.org/freeipa/ticket/4399 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-11-04 12:57:01 +01:00
Martin Basti	42724a4b22	Add bind-dyndb-ldap working dir to IPA specfile https://fedorahosted.org/freeipa/ticket/4657#comment:6 Reviewed-By: Petr Spacek <pspacek@redhat.com>	2014-10-31 15:04:53 +01:00
Jan Cholasta	35947c6e10	Do not wait for new CA certificate to appear in LDAP in ipa-certupdate If new certificate is not available, reuse the old one, instead of waiting indefinitely for the new certificate to appear. https://fedorahosted.org/freeipa/ticket/4628 Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-30 10:51:36 +01:00
Jan Cholasta	a649a84a1b	Handle profile changes in dogtag-ipa-ca-renew-agent To update the CA certificate in the Dogtag NSS database, the "ipa-cacert-manage renew" and "ipa-certupdate" commands temporarily change the profile of the CA certificate certmonger request, resubmit it and change the profile back to the original one. When something goes wrong while resubmitting the request, it needs to be modified and resubmitted again manually. This might fail with invalid cookie error, because changing the profile does not change the internal state of the request. Detect this in dogtag-ipa-ca-renew-agent and reset the internal state when profile is changed. https://fedorahosted.org/freeipa/ticket/4627 Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-29 15:06:05 +01:00
Petr Spacek	ac500003fd	Fix zone name to directory name conversion in BINDMgr. https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Martin Basti <mbasti@redhat.com>	2014-10-29 15:02:08 +01:00
Martin Basti	e971fad5c1	Fix dns zonemgr validation regression https://fedorahosted.org/freeipa/ticket/4663 Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-27 15:55:34 +01:00
Alexander Bokovoy	d6b28f29ec	Add ipaSshPubkey and gidNumber to the ACI to read ID user overrides https://fedorahosted.org/freeipa/ticket/4664 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-10-24 15:54:43 +02:00
Jan Cholasta	50e6633734	Do not check if port 8443 is available in step 2 of external CA install The port is never available in step 2 of external CA install, as Dogtag is already running. https://fedorahosted.org/freeipa/ticket/4660 Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-22 14:20:27 +02:00
Petr Vobornik	09808c92c0	build: increase java stack size for all arches Gradually new arches which need a bigger stack size for web ui build appear. It's safer to increase the stack size for every architecture and avoid possible future issues. Reason: build fail on armv7hl Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-10-22 13:55:28 +02:00
Martin Basti	5e1172f560	fix forwarder validation errors Fix tests, validation in dnsconfig mod, wuser warning Reviewed-By: Petr Spacek <pspacek@redhat.com>	2014-10-21 15:55:09 +02:00
Alexander Bokovoy	20761f7fcd	Default to use TLSv1.0 and TLSv1.1 on the IPA server side We only will be changing the setting on the install. For modifying existing configurations please follow instructions at https://access.redhat.com/solutions/1232413 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-10-21 15:54:02 +02:00
Martin Basti	3eec7e1f53	fix DNSSEC restore named state Reviewed-By: Petr Spacek <pspacek@redhat.com>	2014-10-21 15:52:47 +02:00
Alexander Bokovoy	eb4d559f3b	updater: enable uid uniqueness plugin for posixAccounts https://fedorahosted.org/freeipa/ticket/4636 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-10-21 13:46:55 +02:00
Jan Cholasta	2a4ba3d3cc	DNSSEC: remove container_dnssec_keys Reviewed-By: Martin Basti <mbasti@redhat.com>	2014-10-21 12:23:39 +02:00
Martin Basti	10725033c6	DNSSEC: change link to ipa page Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Martin Basti	49547a54dd	DNSSEC: add files to backup Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Petr Spacek	276e69de87	DNSSEC: add ipa dnssec daemons Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Martin Basti	5556b7f50e	DNSSEC: ACI Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Martin Basti	d673ebe4a1	DNSSEC: upgrading Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Martin Basti	21aef21fb5	DNSSEC: uninstallation Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Martin Basti	e798bad646	DNSSEC: installation Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Martin Basti	8f2f5dfbdf	DNSSEC: modify named service to support dnssec Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Martin Basti	ca030a089f	DNSSEC: validate forwarders Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Martin Basti	30bc3a55cf	DNSSEC: platform paths and services Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Martin Basti	9101cfa60f	DNSSEC: opendnssec services Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Martin Basti	eb54814741	DNSSEC: DNS key synchronization daemon Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Martin Basti	bcce86554f	DNSSEC: add ipapk11helper module Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Martin Basti	9184d9a1bb	DNSSEC: schema Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Martin Basti	c909690c8a	DNSSEC: dependencies Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Martin Basti	78018dd67d	Add mask, unmask methods for service This patch allows mask and unmask services in IPA Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2014-10-21 12:23:03 +02:00
Tomas Babej	b6b19e0cb8	spec: Bump SSSD requires to 1.12.2 https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-10-21 10:34:03 +02:00
Petr Vobornik	34d3f99aae	webui: update combobox input on list click Change event of combobox is not triggered when there is only one value. Calling it's handler even for option's 'click' event makes sure that value of input gets always updated. https://fedorahosted.org/freeipa/ticket/4655 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>	2014-10-21 10:32:46 +02:00
Petr Vobornik	41a7d0bf47	webui: do not show closed dialog Fixes issues when dialog is not removed from `IPA.opened_dialogs` registry when dialog.close() is called while the dialog is not shown, i.e., while other dialog is shown. Without it, the dialog is could be incorrectly displayed. New dialog's property `opened` handles whether dialog is intended to be opened. How to test: Add new host with IP address outside of managed reverse zones to get error 4304. https://fedorahosted.org/freeipa/ticket/4656 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>	2014-10-21 10:29:53 +02:00
Sumit Bose	43f8de0c76	extdom: remove unused dependency to libsss_idmap https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>	2014-10-21 10:17:54 +02:00
Sumit Bose	0ee8fe11ae	extdom: add support for sss_nss_getorigbyname() https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>	2014-10-21 10:17:54 +02:00
Alexander Bokovoy	85ce380759	Change ipaOverrideTarget OID to avoid conflict with DNSSEC feature	2014-10-21 10:47:02 +03:00
Martin Basti	c655b7bf76	Remove ipaContainer, ipaOrderedContainer objectclass https://fedorahosted.org/freeipa/ticket/4646 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-10-20 16:58:16 +02:00
Alexander Bokovoy	bd98ab0356	Support idviews in compat tree Reviewed-By: Tomas Babej <tbabej@redhat.com>	2014-10-20 16:47:49 +02:00
Tomas Babej	1cc11ebf53	Bump 4.2 development version to 4.1.99 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-10-20 13:39:51 +02:00
Petr Vobornik	df1ed11b48	webui: do not offer ipa users to Default Trust View https://fedorahosted.org/freeipa/ticket/4616 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>	2014-10-20 12:29:10 +02:00
Petr Vobornik	01a9e7ef9e	webui: hide (un)apply buttons for Default Trust View Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>	2014-10-20 12:25:22 +02:00
Petr Vobornik	d3f46d4e78	webui: hide applied to hosts tab for Default Trust View because applying Default Trust view on hosts is not allowed https://fedorahosted.org/freeipa/ticket/4615 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>	2014-10-20 12:25:22 +02:00

1 2 3 4 5 ...

7683 Commits