IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
11,383 Commits 11 Branches 60 Tags
f3537297bee2890c6b839750bb7a0a2cf904cdf9
Commit Graph

7 Commits

Author SHA1 Message Date
Martin Babinsky
cac7e49daa Refactor the role/attribute member reporting code 
The `config` object now hosts a generic method for updating the config
entry for desired server role configuration (if not empty). The
duplicated code in dns/trust/vaultconfig commands was replaced by a call
to a common method.

https://pagure.io/freeipa/issue/6937

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
 2017-05-26 16:11:40 +02:00
Christian Heimes
5197422ef6 Vault: Explicitly default to 3DES CBC 
The server-side plugin for IPA Vault relied on the fact that the default
oid for encryption algorithm is 3DES in CBC mode (DES-EDE3-CBC). Dogtag
10.4 has changed the default from 3DES to AES. Pass the correct
algorithm OID to KeyClient.archive_encrypted_data().

Closes: https://pagure.io/freeipa/issue/6899
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
 2017-04-28 08:25:03 +02:00
Stanislav Laznicka
5ab85b365a Moving ipaCert from HTTPD_ALIAS_DIR 
The "ipaCert" nicknamed certificate is not required to be
in /var/lib/ipa/radb NSSDB anymore as we were keeping a copy
of this file in a separate file anyway. Remove it from there
and track only the file. Remove the IPA_RADB_DIR as well as
it is not required anymore.

https://fedorahosted.org/freeipa/ticket/5695
https://fedorahosted.org/freeipa/ticket/6680

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2017-03-01 09:43:41 +00:00
Martin Basti
6b7d6417d4 Fix: container owner should be able to add vault 
With recent change in DS (CVE fix), ds is not returging DuplicatedEntry
error in case that user is not permitted by ACI to write, but ACIError instead.

Is safe to ignore ACI error in container, because it will be raised
again later if user has no access to container.

https://fedorahosted.org/freeipa/ticket/6159

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2016-08-18 13:02:38 +02:00
Martin Babinsky
c2af032c03 Migrate management framework plugins to use Principal parameter 
All plugins will now use this parameter and common code for all operations on
Kerberos principals.  Additional semantic validators and normalizers were
added to determine or append a correct realm so that the previous behavior is
kept intact.

https://fedorahosted.org/freeipa/ticket/3864

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-07-01 09:37:25 +02:00
Martin Babinsky
5f7086e718 Server Roles: make *config-show consume relevant roles/attributes 
This patch modifies config objects so that the roles/attributes relevant to
the configuration are shown in the output:

* config-{show,mod} will show list of all IPA masters, CA servers and CA
  renewal master

* dnsconfig-{show,mod} will list all DNS server and DNS key master

* trustconfig-{show,mod} will list all AD trust controllers and agents

* vaultconfig-show will list all Key Recovery Agents

http://www.freeipa.org/page/V4/Server_Roles
https://fedorahosted.org/freeipa/ticket/5181

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
 2016-06-13 17:50:54 +02:00
Jan Cholasta
6e44557b60 ipalib: move server-side plugins to ipaserver 
Move the remaining plugin code from ipalib.plugins to ipaserver.plugins.

Remove the now unused ipalib.plugins package.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
 2016-06-03 09:00:34 +02:00