mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 00:31:56 -06:00
045b6e6ed9
dogtag opens its NSS database in read/write mode so we need to be very careful during renewal that we don't also open it up read/write. We basically need to serialize access to the database. certmonger does the majority of this work via internal locking from the point where it generates a new key/submits a rewewal through the pre_save and releases the lock after the post_save command. This lock is held per NSS database so we're save from certmonger. dogtag needs to be shutdown in the pre_save state so certmonger can safely add the certificate and we can manipulate trust in the post_save command. Fix a number of bugs in renewal. The CA wasn't actually being restarted at all due to a naming change upstream. In python we need to reference services using python-ish names but the service is pki-cad. We need a translation for non-Fedora systems as well. Update the CA ou=People entry when he CA subsystem certificate is renewed. This certificate is used as an identity certificate to bind to the DS instance. https://fedorahosted.org/freeipa/ticket/3292 https://fedorahosted.org/freeipa/ticket/3322 |
||
|---|---|---|
| .. | ||
| platform | ||
| py_default_encoding | ||
| test | ||
| __init__.py | ||
| admintool.py | ||
| certdb.py | ||
| certmonger.py | ||
| compat.py | ||
| config.py | ||
| cookie.py | ||
| dn.py | ||
| dogtag.py | ||
| entity.py | ||
| ipa_log_manager.py | ||
| ipa.conf | ||
| ipautil.py | ||
| ipavalidate.py | ||
| kernel_keyring.py | ||
| log_manager.py | ||
| Makefile | ||
| MANIFEST.in | ||
| nsslib.py | ||
| README | ||
| services.py.in | ||
| setup.py.in | ||
| ssh.py | ||
| sysrestore.py | ||
| version.py.in | ||
This is a set of libraries common to IPA clients and servers though mostly
geared currently towards command-line tools.
A brief overview:
config.py - identify the IPA server domain and realm. It uses python-dns to
try to detect this information first and will fall back to
/etc/ipa/default.conf if that fails.
ipautil.py - helper functions
entity.py - entity is the main data type. User and Group extend this class
(but don't add anything currently).
ipavalidate.py - basic data validation routines