freeipa

mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00

Author	SHA1	Message	Date
Martin Basti	ee6e634c28	DNSSEC: Test: DLV record Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2014-06-20 16:46:03 +02:00
Martin Basti	7cdc4178b0	DNSSEC: DLVRecord type added Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2014-06-20 16:46:02 +02:00
Martin Basti	4c88fdd904	Tests: tests for NSEC3PARAM records Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2014-06-20 15:41:40 +02:00
Martin Basti	cbc64454b0	Tests: remove unused records from tests Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2014-06-20 15:41:40 +02:00
Martin Basti	4d90d3d572	DNSSEC: webui update DNSSEC attributes Removed SIG, KEY, RRSIG, NSEG record types Added NSEC3PARAM record type Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2014-06-20 15:41:40 +02:00
Martin Basti	5b95be802c	DNSSEC: added NSEC3PARAM record type Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2014-06-20 15:41:40 +02:00
Martin Basti	48865aed5f	DNSSEC: remove unsuported records Removed SIG, NSEC, KEy, RRSIG records Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2014-06-20 15:41:39 +02:00
Martin Basti	9f5e77f686	Fix handle python-dns UnicodeError Reviewed-By: Jan Cholasta <jcholast@redhat.com>	2014-06-20 13:28:53 +02:00
Martin Basti	11c250a612	Tests DNS: forward zones design: http://www.freeipa.org/page/V4/Forward_zones Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2014-06-20 13:14:45 +02:00
Martin Basti	727f5f3373	Create BASE zone class Zones and forward zones have a lot of common code, this patch remove duplications by creating a DNSBase class and its subclasses design: http://www.freeipa.org/page/V4/Forward_zones Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2014-06-20 13:14:45 +02:00
Martin Basti	266015c3e2	Prevent commands to modify different type of a zone Commands dnsforwardzone-* can modify only forward zones Commands dnszone-* can modify only (master) zones Commands dnsrecord-* can work only with master zones design: http://www.freeipa.org/page/V4/Forward_zones Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2014-06-20 13:14:45 +02:00
Martin Basti	49068ade92	Separate master and forward DNS zones Forward zones are stored in idnsforwadzone objectclasses. design: http://www.freeipa.org/page/V4/Forward_zones Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2014-06-20 13:14:45 +02:00
Petr Spacek	e821576129	Clarify LDAPClient docstrings about get_entry, get_entries and find_entries Reviewed-By: Martin Basti <mbasti@redhat.com>	2014-06-20 12:38:58 +02:00
Petr Viktorin	18744d1833	Fix: Allow read access to masters, but not their services, to auth'd users Fixes commit `b243da415e` A bad version of the patch was sent and pushed. Part of the work for: https://fedorahosted.org/freeipa/ticket/3566 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-06-19 17:13:03 +02:00
Petr Viktorin	b243da415e	Allow read access to masters, but not their services, to auth'd users The ipa host-del command checks if the host to be deleted is an IPA master by looking up the entry in cn=masters. If the entry is not accessible, host-del would proceed to delete the host. Thus we need to allow reading the master entries to at least those that can delete hosts. Since the host information is also available via DNS, it makes no sense be extremely secretive about it. Part of the work for: https://fedorahosted.org/freeipa/ticket/3566 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-06-19 16:46:29 +02:00
Nathaniel McCallum	8b2f4443dc	Periodically refresh global ipa-kdb configuration Before this patch, ipa-kdb would load global configuration on startup and never update it. This means that if global configuration is changed, the KDC never receives the new configuration until it is restarted. This patch enables caching of the global configuration with a timeout of 60 seconds. https://fedorahosted.org/freeipa/ticket/4153 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2014-06-19 14:50:32 +02:00
Petr Viktorin	49e83256b4	Convert Password Policy default permissions to managed Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-06-18 14:56:43 +02:00
Petr Viktorin	ca465e8ae7	Convert COSTemplate default permissions to managed Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-06-18 14:56:42 +02:00
Petr Viktorin	83cb982858	Add $REALM to variables supported by the managed permission updater This will allow converting password policy permissions Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-06-18 14:56:42 +02:00
Petr Viktorin	700ac6c116	Remove the update_dns_permissions plugin This plugin created permissions that the managed permission updater would remove right away. Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-06-18 14:45:51 +02:00
Petr Viktorin	853b6ef4ce	Convert DNS default permissions to managed Convert the existing default permissions. The Read permission is split between Read DNS Entries and Read DNS Configuration. Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-06-18 14:45:50 +02:00
Petr Viktorin	16ee6847e4	managed permission updater: Add mechanism to replace SYSTEM permissions The "Read DNS Entries" permission, which was marked SYSTEM (no associated ACI), can now be converted to a regular managed permission. Add a mechanism for the updater to replace old SYSTEM permissions. This cannot be done in an update file because we do not want to replace V2 permissions with the same name. Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-06-18 14:45:50 +02:00
Tomas Babej	637ef11109	sudorule: Allow unsetting sudoorder After setting sudoorder, you are unable to unset it, since the check for uniqueness of order of sudorules is applied incorrectly. Fix the behaviour and cover it in the test suite. https://fedorahosted.org/freeipa/ticket/4360 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2014-06-18 12:59:25 +02:00
Petr Viktorin	d868fc5566	Fix self argument in tasks Reviewed-By: Tomáš Babej <tbabej@redhat.com>	2014-06-16 19:48:21 +02:00
Tomas Babej	3b4ab8b4f2	ipaplatform: Move hardcoded paths from Fedora platform files to path namespace Part of: https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:21 +02:00
Tomas Babej	8a5e2a8166	ipaplatform: Contain all the tasks in the TaskNamespace https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:21 +02:00
Tomas Babej	f0d0640a46	ipaplatform: Pylint fixes https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:21 +02:00
Tomas Babej	c8aa00806b	ipaplatform: Link to platform module during build time https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:21 +02:00
Tomas Babej	6906eed27e	ipaplatform: Let fedora path module use PathNamespace class https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:20 +02:00
Tomas Babej	3bb9e1bbd5	ipaplatform: Change makefiles to accomodate for new platform package https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:20 +02:00
Tomas Babej	a9a4bc0848	ipaplatform: Remove remnants of the ipapython/platform https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:20 +02:00
Tomas Babej	4d2ef43f28	ipaplatform: Move all filesystem paths to ipaplatform.paths module https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:20 +02:00
Tomas Babej	c7edd7b68c	ipaplatform: Remove redundant imports of ipaservices Also fixes few incorrect imports. https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:20 +02:00
Tomas Babej	c011bccf45	ipaplatform: Change paths dependant on ipaservices to use ipaplatform.paths https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:19 +02:00
Tomas Babej	49fcd42f8f	ipaplatform: Change service code in freeipa to use ipaplatform services https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:19 +02:00
Tomas Babej	926f8647d2	ipaplatform: Change platform dependant code in freeipa to use ipaplatform tasks https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:19 +02:00
Tomas Babej	a7c2327a36	ipaplatform: Move Fedora-specific implementations of tasks to fedora base platform file https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:18 +02:00
Tomas Babej	3edfabb4c4	ipaplatform: Remove legacy redhat platform module https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:18 +02:00
Tomas Babej	5f31f2d35f	ipaplatform: Do not require custom Authconfig implementations from platform modules https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:18 +02:00
Tomas Babej	6a4cd8a4e3	ipaplatform: Move restore_context and check_selinux_status implementations to base fedora platform tasks https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:18 +02:00
Tomas Babej	c465eb842f	ipaplatform: Moved Fedora 16 service implementations and refactored them as base Fedora module service implementations https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:17 +02:00
Tomas Babej	c368aae048	ipaplatform: Add base fedora platform module https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:17 +02:00
Tomas Babej	3fcaf81c64	ipaplatform: Create default implementations for tasks that were missing them https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:17 +02:00
Tomas Babej	1d0623ce1c	ipaplatform: Move default implementations of tasks from service.py.in https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:17 +02:00
Tomas Babej	0b974007de	ipaplatform: Move service base platfrom related functionality to ipaplatform/base/service.py https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:17 +02:00
Tomas Babej	1fc7b04858	ipaplatform: Create separate module for platform files https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>	2014-06-16 19:48:17 +02:00
Petr Vobornik	4de9c5fc51	webui: expose krbprincipalexpiration https://fedorahosted.org/freeipa/ticket/3306 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>	2014-06-16 15:47:27 +02:00
Petr Vobornik	5a428608be	webui: move RPC result extraction logic to Adapter It enables declarative extraction of values from partial results of a batch commands and also further extensibility in custom adapters. The default adapter has detection logic for this extraction so it can use bare record or extract data from normal or batch RPC command. Minor change of user plugin fixed: https://fedorahosted.org/freeipa/ticket/4355 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>	2014-06-16 15:41:38 +02:00
Petr Viktorin	521df77744	ipalib.config: Don't autoconvert values to float When api.env is loaded, strings that "look like" floats got auto-converted to floats. This is wrong, as the conversion to float can lose precision. Case in point: the api_version (e.g. '2.88') should never be interpreted as float. Do not automatically convert to float. We have two numeric options: startup_timeout and wait_for_dns. wait_for_dns is already converted to int when used in the code. Convert startup_timeout to float explicitly when used, so configuration that specified it with a decimal point continues to work. Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>	2014-06-16 13:38:54 +02:00
Petr Viktorin	da64c891e9	ipalib.config: Only convert basedn to DN The current code would convert values to DN if the key was a substring of 'basedn', e.g. 'base' or 'sed'. Only convert if we're actually dealing with 'basedn'. Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>	2014-06-16 13:38:53 +02:00

1 2 3 4 5 ...

7113 Commits