freeipa/ipaserver/plugins
Fraser Tweedale bdbb1c34a2 Remove "Request Certificate with SubjectAltName" permission
subjectAltName is required or relevant in most certificate use cases
(esp. TLS, where carrying DNS name in Subject DN CN attribute is
deprecated).  Therefore it does not really make sense to have a
special permission for this, over and above "request certificate"
permission.

Furthermore, we already do rigorously validate SAN contents again
the subject principal, and the permission is waived for self-service
requests or if the operator is a host principal.

So remove the permission, the associated virtual operation, and the
associated code in cert_request.

Fixes: https://fedorahosted.org/freeipa/ticket/6526
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-12-21 17:04:18 +01:00
..
__init__.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
aci.py wrap long line 2016-11-25 16:18:22 +01:00
automember.py allow 'value' output param in commands without primary key 2016-07-20 13:57:01 +02:00
automount.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
baseldap.py Generalize filter generation in LDAPSearch 2016-12-07 13:01:58 +01:00
baseuser.py Use constant for user and group patterns 2016-09-20 17:35:28 +02:00
batch.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
ca.py Fix regression in test suite 2016-12-13 17:25:59 +01:00
caacl.py caacl: fix regression in rule instantiation 2016-08-05 11:51:43 +02:00
cert.py Remove "Request Certificate with SubjectAltName" permission 2016-12-21 17:04:18 +01:00
certprofile.py certprofile-mod: correctly authorise config update 2016-12-14 18:08:33 +01:00
config.py fix missing translation string 2016-12-06 13:09:00 +01:00
delegation.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
dns.py Fix Python 3 bugs discovered by pylint 2016-11-25 16:18:22 +01:00
dnsserver.py help: Add dnsserver commands to help topic 'dns' 2016-07-22 13:52:09 +02:00
dogtag.py Configure Anonymous PKINIT on server install 2016-12-12 13:39:44 +01:00
domainlevel.py Check for conflict entries before raising domain level 2016-12-13 12:25:07 +01:00
group.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbac.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
hbacrule.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbacsvc.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbacsvcgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbactest.py Remove unused variables in the code 2016-09-27 13:35:58 +02:00
host.py Remove unused variables in the code 2016-09-27 13:35:58 +02:00
hostgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
idrange.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
idviews.py Pylint: remove unused variables in ipaserver package 2016-10-06 10:43:36 +02:00
internal.py WebUI: fix API Browser menu label 2016-10-11 17:24:43 +02:00
join.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
krbtpolicy.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
ldap2.py constants: remove CACERT 2016-11-29 14:50:51 +01:00
location.py DNS Location: add list of roles and DNS servers to location-show 2016-06-17 18:05:03 +02:00
migration.py Fix ipa migrate-ds when it finds a search reference 2016-11-17 01:01:05 +01:00
misc.py Make env and plugins commands local again 2016-12-02 13:00:06 +01:00
netgroup.py netgroup: avoid extraneous LDAP search when retrieving primary key from DN 2016-09-09 16:27:53 +02:00
otp.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otpconfig.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otptoken.py do not use keys() method when iterating through dictionaries 2016-10-12 10:38:52 +02:00
passwd.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
permission.py Fix permission-find with sizelimit set 2016-12-07 13:01:58 +01:00
ping.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
pkinit.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
privilege.py Remove unused variables in the code 2016-09-27 13:35:58 +02:00
pwpolicy.py pwpolicy: do not run klist on import 2016-10-24 14:11:08 +02:00
rabase.py Add CA argument to ra.request_certificate 2016-06-15 07:13:38 +02:00
radiusproxy.py prevent search for RADIUS proxy servers by secret 2016-07-21 10:49:10 +02:00
realmdomains.py ipautil: remove get_domain_name() 2016-11-29 14:50:51 +01:00
role.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
schema.py schema: Fix subtopic -> topic mapping 2016-07-15 14:02:17 +02:00
selfservice.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
selinuxusermap.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
server.py Break ipaplatform / ipalib import cycle of hell 2016-11-24 16:30:32 +01:00
serverrole.py Fix minor typos 2016-06-16 08:47:20 +02:00
serverroles.py Do not update result of *-config-show with empty server attributes 2016-06-21 13:07:24 +02:00
service.py x509: use python-cryptography to process certs 2016-11-10 10:21:47 +01:00
servicedelegation.py Fix regexp patterns in parameters to not enforce length 2016-09-20 17:35:28 +02:00
session.py session: do not initialize session manager on import 2016-06-30 14:09:24 +02:00
stageuser.py Pylint: remove unused variables in ipaserver package 2016-10-06 10:43:36 +02:00
sudo.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
sudocmd.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
sudocmdgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
sudorule.py sudorule: add SELinux transition examples to plugin doc 2016-09-23 14:59:43 +02:00
topology.py Fix regexp patterns in parameters to not enforce length 2016-09-20 17:35:28 +02:00
trust.py trustdomain-del: fix the way how subdomain is searched 2016-11-01 11:24:26 +01:00
user.py Pylint: remove unused variables in ipaserver package 2016-10-06 10:43:36 +02:00
vault.py Fix: container owner should be able to add vault 2016-08-18 13:02:38 +02:00
virtual.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
xmlserver.py Added new authentication method 2016-08-17 16:55:49 +02:00