IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-15 10:51:56 -06:00
Code Issues Packages Projects Releases Wiki Activity
936 Commits 11 Branches 59 Tags 60 MiB
8edc9aa8aa
Commit Graph

936 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Crittenden
8edc9aa8aa Make Proxy directive wildcard match more specific so we can play nicer with other apps. 
459061
 2008-08-14 14:55:39 -04:00
Rob Crittenden
a013fe5cc2 Fix some copy/paste and other syntax errors from the validators commit. 
450613, 457124
 2008-08-14 14:55:35 -04:00
Simo Sorce
cee4b2cc1e Fix usage of mozldap libraries, 
thanks to W. Michael Petullo <mike@flyn.org> for finding the problem.
 2008-08-13 15:57:43 -04:00
Simo Sorce
44689b93c9 Remove unused stuff. 2008-08-13 15:57:35 -04:00
Simo Sorce
afad6d96ae apparently the "configure" target is never used 2008-08-13 15:57:28 -04:00
Simo Sorce
f5177e6b84 Install the ca.crt file early on so that we can always enforce SSL 
protected connections to other LDAP servers
Fix error reporting on replica creation.
 2008-08-13 15:36:57 -04:00
Simo Sorce
0d6b6fa084 Implement password operation checks and key material generation for the 
ldap add and modify operation performed on the userPassword attribute.

Add helper functions to reduce code duplication.

Do not enforce encrypted connections on ldap add/ldap mod for compatibility
reasons. (We cannot enforce people not to send the password in the clear
anyway, we can only refuse to accept it at the most which does not gain
you much if someone then re-send you the same password previously exposed)
 2008-08-12 14:48:41 -04:00
Simo Sorce
9648da8f5f Fix versioning for configure.ac and ipa-python/setup.py 
Fix make maintainer-clean

Also make RPM naming consistent by using a temp RELEASE file.
This one helps when testing builds using rpms.
Just 'echo X > RELEASE' to build a new rpms (X, X+1, X+2 ...)

Version 1.1.0 was released some times ago, bump up to 1.1.1
 2008-08-11 18:31:05 -04:00
Simo Sorce
0368d4329a Used the encrypt_file and decrypt_file utility functions to encrypt replica 
information. This way we do not risk to leave around sensitive data.
Set the destination host in the replica file too and do checks against
in ipa-replica-install
 2008-08-11 18:30:57 -04:00
Simo Sorce
5cbc453d89 Add encrypt_file and decrypt_file utility functions. 
We will use them to encrypt the replica file so that we can
transport it over more safely.
It contains sensitive data, by encrypting it we assure that
even if a distracted admin leaves it around it cannot be accessed
without knowing the access passphrase (usually the Directory Manager
password)

Along the way fix also ipautil.run which was buggy and not passing
in correctly stdin.

Add dependency for gnupg in spec file
 2008-08-11 18:30:50 -04:00
Simo Sorce
599fe1a0f5 Use larger set from which to choose chars for random passwords. 
Use SystemRandom() instead of Random() so that the randomicity
is non-deterministic.
 2008-08-11 18:30:40 -04:00
Simo Sorce
1b613fafa6 Treat Jan 1 1970 in krbPrincipalExpiration as a special date that means 
the account Never Expires
 2008-08-07 11:50:33 -04:00
Rob Crittenden
110f60da8e Change user and group validators to match shadow-utils 
This sets the regex to [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?

Also change the validators to return True/False

450613, 457124
 2008-08-07 11:21:33 -04:00
Martin Nagy
fbc74a0cb4 Fix few syntax errors. 2008-08-06 19:17:13 +02:00
Rob Crittenden
df2b40303f Fix python syntax error: missing colon. 2008-08-06 11:27:30 -04:00
Jason Gerard DeRose
4deb919ce4 Use % format string to fix nbsp problem in userlist.kid (fixes #453779) 2008-07-30 10:28:14 -04:00
Rob Crittenden
6efb547987 Shift search base for users and groups to "cn=accounts, baseDN" 
450552
 2008-07-29 11:33:51 -04:00
Rob Crittenden
bae3a2101f Fix encoding issue when manually loading templates for forms 
We used to manually load the template files for the edit pages using
turbogears.meta.load_kid_template(). Unfortunately this went through
the one code path where encoding was completely ignored. It ended up
defaulting to sys.getdefaultencoding() which is 'ascii'. So even though
most of the templates are loaded as 'utf-8' the few that really mattered
weren't.

The fix is to call kid.load_template() ourselves and set the encoding of
the class we just loaded to either the setting in the app.cfg file or
to the normal default value of 'utf-8'.

454076
 2008-07-29 11:32:02 -04:00
Rob Crittenden
cdba310f02 Change Title label to Job Title for clarity 
453780
 2008-07-29 11:24:52 -04:00
Rob Crittenden
f5f8e8d884 NSS 3.12 added a header to the certutil output we need to skip 
456694
 2008-07-28 09:55:49 -04:00
Rob Crittenden
cf06dd9f84 Don't assume that the Firefox autoconfig files exist. 
These are created by an object-signing cert and needs to be done
after the fact if a server is created with user-supplied PKCS#12 files.

452402
 2008-07-28 09:54:16 -04:00
Rob Crittenden
9f2ee29218 Specify --mandir to configure to fix building on CentOS 5.2 
456672
 2008-07-28 09:53:38 -04:00
Rob Crittenden
a19d27717a Move the self-signed CA serialno file to /var/lib/ipa to adhere to the FHS 
455064
 2008-07-25 09:05:14 -04:00
Simo Sorce
4d88900c22 Fix a stupidty introduced recently in a fix to a segfault. 2008-07-24 11:35:04 -04:00
Rob Crittenden
23fab304e9 Catch correct exception when trying to find the default IPA users group and return a more detailed error message. 
455092
 2008-07-23 10:05:32 -04:00
Martin Nagy
f7ca405716 Wrap up the raw_input() to user_input() for convenience and uniformity. 2008-07-23 10:05:06 -04:00
Nathan Kinder
72a3114a01 Cleaned up comments that were mangled by vim 2008-07-18 13:11:21 -04:00
Nathan Kinder
2301f60652 Re-base memberOf plug-in off of current FDS memberOf plug-in. Resolves: 452537, 453011, 443241, 439628 2008-07-18 13:11:19 -04:00
Simo Sorce
67f62709f8 In openvz we found out some interfaces may return a null pointer here. 
Skip them if no address is provided or we later get a segfault because
we dereference a null pointer.
 2008-07-15 16:16:33 -04:00
Simo Sorce
4b4e0e1516 fix typo 2008-07-15 16:16:33 -04:00
Rob Crittenden
6980b07303 Rework the way SSL certificates are imported from PKCS#12 files. 
Add the ability to provide PKCS#12 files during initial installation
Add the ability to provide PKCS#12 files when preparing a replica
Correct some issues with ipa-server-certinstall

452402
 2008-07-14 09:06:52 -04:00
Martin Nagy
b95c05f5c6 Fix attribute parsing so that you can add a DN or an attribute with a '=' character in it. Fixes #454630 2008-07-09 16:54:19 -04:00
Simo Sorce
66aa3581fc Make sure we have the right prototypes when using openldap libs 2008-07-09 16:51:18 -04:00
Simo Sorce
f86c8420b1 Admin must be able to add/delete too 2008-07-09 16:50:54 -04:00
Rob Crittenden
3f85a011c6 Be more exacting when deleting a group. 
453222
 2008-07-07 10:23:38 -04:00
Simo Sorce
aead1f652e If krbPasswordExpiration or krbLastPwdChange are not present on the entry 
we might segfault trying a direct strcmp(), check they are not NULL.
Also fix a couple of memleaks.
 2008-07-07 10:01:29 -04:00
Simo Sorce
79df2465a7 After the rework of the code that binds to specific interfaces to 
correctly support multihomed server, we need to add a couple of
SELinux lines to the policy file. (lines suggested by Dan Walsh)
 2008-07-07 10:01:20 -04:00
Rob Crittenden
469fc7663c Add documentation for -v/--verbose option 
451117
 2008-07-03 15:26:27 -04:00
Rob Crittenden
fb9f92c9f3 Merge branch 'master' of ssh://rcritten@git.fedorahosted.org/git/freeipa 2008-07-03 15:20:36 -04:00
Rob Crittenden
1bd0a868a2 NSS_DIR is already fetched into a variable, use that instead. 
451098
 2008-07-03 15:20:19 -04:00
Simo Sorce
675df04806 Make sure we listen only on the krb5 port and therefore disable krb4 support 2008-07-02 15:24:36 -04:00
Rob Crittenden
e9196e2d93 Properly convert the realm to a DS instance name 
451014
 2008-07-01 15:07:00 -04:00
Rob Crittenden
ec597b0ef1 Ensure correct permissions and file ownership of Apache NSS database 
451098
 2008-07-01 15:06:59 -04:00
Martin Nagy
6cce2f45e8 Fix some small issues that caused compiler warnings, like uninitialized or unused variables or missing krb5 prototypes. 2008-06-30 14:17:10 -04:00
Simo Sorce
f5d9dd647f slapi_pw_find_sv() expects an array, make sure we have a NULL terminated 
one to avoid potential segfaults
Avoid leaking memory too.
 2008-06-30 14:13:25 -04:00
Simo Sorce
2dc64eddd4 Fix make all 2008-06-16 14:28:41 -04:00
Simo Sorce
798d345e13 Very ugly fix to configure to make it actually find a 
correctly installed slapi-plugin.h file
 2008-06-16 13:52:26 -04:00
Simo Sorce
d2bd1b29a0 Must index uidnumber and gidnumber and any attribute that dna plugin is going 
to generate or that we need to search on.
 2008-06-12 19:06:38 -04:00
Simo Sorce
24f0f632b6 Fix uninizialized counter, was causing allocation to fail and command to 
return in case any encryption type was explicitly requested
 2008-06-12 19:06:30 -04:00
Simo Sorce
9c34dde165 Change default. 
By default increment by one  but set the maximum value to one million.

when installing a replica change values to start from 1 million +1 and
cap it to 2 million and so on for any other replica.
 2008-06-12 19:05:45 -04:00