IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
15,753 Commits 11 Branches 60 Tags 60 MiB
Python 75.7%
JavaScript 10.9%
C 10.8%
Roff 1.1%
Makefile 0.4%
Other 1.1%
e5a9e46138
Go to file
Rob Crittenden e5a9e46138 get_directive: don't error out on substring mismatch 
This function is designed to retrieve a value from an
ini-like file. In particular PKI CS.cfg.

In an attempt to be more efficient a substring search,
using startswith(), is used before calling a regular
expression match.

The problem is that if the requested directive is a
substring of a different one then it will pass the
startswith() and fail the regular expression match
with a ValueError, assuming it is malformed.

There is no need for this. The caller must be able to
handle None as a response anyway. So continue if
no match is found.

This was seen when PKI dropped storing certificate blobs
in CS.cfg. The CA certificate is stored in ca.signing.cert.
If it isn't present then ca.signing.certnickname will match
the substring but not the directive. This should not be
treated as an error.

Fixes: https://pagure.io/freeipa/issue/9506

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2024-01-11 17:19:47 +01:00
.copr Adding auto COPR builds 2019-12-14 14:20:34 +02:00
.github Let GH auto-notify and auto-close stale PRs 2020-05-06 20:17:01 +02:00
asn1 fix minor spelling mistakes 2017-05-19 09:52:46 +02:00
client component: mail_from_realname config setting added to IPA-EPN 2023-07-26 09:01:37 -04:00
contrib Replace usage of #!/usr/bin/env python3 with #!/usr/bin/python3 2023-05-31 09:21:48 +02:00
daemons ipa-kdb: clarify user auth table mapping use of _AUTH_PASSWORD 2023-12-22 10:34:19 +01:00
doc Include supported migration scenarios in the ipa-to-ipa docs 2024-01-09 16:15:23 -05:00
init Fix ipa-ccache-sweeper activation timer and clean up service file 2022-08-29 18:28:42 +02:00
install Remove unused pki_theme_* params 2023-12-19 12:51:46 +01:00
ipaclient ipa-client-automount: Don't use deprecated ipadiscovery.IPADiscovery 2024-01-11 17:13:35 +01:00
ipalib pylint: fix errors 2024-01-09 08:40:47 +01:00
ipaplatform Use find_spec() in meta importer 2023-09-18 17:46:24 +02:00
ipapython get_directive: don't error out on substring mismatch 2024-01-11 17:19:47 +01:00
ipaserver Server affinity: Retain user-requested remote server 2024-01-11 17:15:53 +01:00
ipasphinx ipasphinx: Correct import of progress_message for Sphinx 6.1.0+ 2023-04-28 13:20:30 -04:00
ipatests get_directive: don't error out on substring mismatch 2024-01-11 17:19:47 +01:00
po Update translations to FreeIPA master state 2023-11-20 14:44:56 +01:00
pypi Cleanup shebang and executable bit 2018-07-05 19:46:42 +02:00
selinux Allow ipa-otpd to access USB devices for passkeys 2023-09-18 17:36:40 +02:00
util ipa_pwd: Remove unnecessary conditional 2021-01-15 10:01:28 +01:00
.freeipa-pr-ci.yaml ipatests: revert wrong commit on gating definition 2021-11-02 11:40:25 +01:00
.git-commit-template Commit template: use either Fixes or Related 2022-02-14 11:21:01 +02:00
.gitignore gitignore: add install/oddjob/org.freeipa.server.config-enable-sid 2022-08-16 13:07:03 +02:00
.lgtm.yml Fix lgtm file classification 2021-03-08 08:31:41 +01:00
.mailmap mailmap: add ftweedal 2020-11-11 14:08:35 +02:00
.readthedocs.yaml docs: add the readthedocs configuration 2022-05-04 09:36:40 +03:00
.tox-install.sh azure: Don't customize pip's builddir 2021-10-21 08:03:03 +02:00
.wheelconstraints.in pylint: updates related to deprecations 2024-01-09 08:40:47 +01:00
ACI.txt API: add new commands for passkey mappings 2023-06-01 08:20:37 +02:00
API.txt passkeyconfig: require-user-verification is a boolean 2023-06-01 08:20:37 +02:00
autogen.sh build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches 2010-11-29 11:39:55 -05:00
BUILD.txt BUILD.txt: remove redundant dnf-builddep option 2022-07-05 14:26:52 +02:00
CODE_OF_CONDUCT.md Changing Django's CoC to reflect FreeIPA CoC 2018-03-26 09:51:25 +02:00
configure.ac Tolerate absence of PAC ticket signature depending of server capabilities 2023-05-24 13:20:38 +02:00
Contributors.txt Update list of contributors 2023-10-03 14:57:20 +02:00
COPYING Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
COPYING.openssl Add a clear OpenSSL exception. 2015-02-23 16:25:54 +01:00
freeipa.doap.rdf Adding modified DOAP file 2018-06-22 11:02:40 -04:00
freeipa.spec.in Use ssl.match_hostname from urllib3 as it was removed from Python 3.12 2023-07-19 08:27:30 +02:00
gpgkey-0E63D716D76AC080A4A33513F40800B6298EB963.asc spec: verify upstream source signature 2023-04-18 08:32:54 +02:00
ipa.in Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
ipasetup.py.in pylint: replace deprecated distutils module 2023-01-10 08:30:58 +01:00
make-doc Make an ipa-tests package 2013-06-17 19:22:50 +02:00
make-test Use pytest conftest.py and drop pytest.ini 2017-01-05 17:37:02 +01:00
makeaci.in Warn for permissions with read/write/search/compare and no attrs 2022-07-15 16:59:15 +02:00
makeapi.in doc: allow notes on Param API Reference pages 2023-03-29 10:53:25 +02:00
Makefile.am fastlint: Correct concatenation of file lists 2023-03-24 11:49:23 +01:00
Makefile.python.am Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb 2017-03-15 13:48:23 +01:00
Makefile.pythonscripts.am ipa-scripts: fix all ipa command line scripts to operate with -I 2019-09-19 10:44:09 -04:00
makerpms.sh Fix unnecessary usrmerge assumptions 2019-04-17 13:56:05 +02:00
pylint_plugins.py pylint: updates related to deprecations 2024-01-09 08:40:47 +01:00
pylintrc pylint: disable new checks 2024-01-09 08:40:47 +01:00
README.md Update IRC links to point to Libera.chat 2021-05-27 18:26:28 +03:00
server.m4 kdb: Use krb5_pac_full_sign_compat() when available 2023-05-24 13:20:38 +02:00
tox.ini Tox: use sitepackages 2024-01-09 08:40:47 +01:00
VERSION.m4 Bump to IPA 4.12 2023-08-21 16:39:16 +02:00

README.md

FreeIPA Server

FreeIPA allows Linux administrators to centrally manage identity, authentication and access control aspects of Linux and UNIX systems by providing simple to install and use command line and web based management tools.

FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks.

FreeIPA can seamlessly integrate into an Active Directory environment via cross-realm Kerberos trust or user synchronization.

Benefits

FreeIPA:

  • Allows all your users to access all the machines with the same credentials and security settings
  • Allows users to access personal files transparently from any machine in an authenticated and secure way
  • Uses an advanced grouping mechanism to restrict network access to services and files only to specific users
  • Allows central management of security mechanisms like passwords, SSH Public Keys, SUDO rules, Keytabs, Access Control Rules
  • Enables delegation of selected administrative tasks to other power users
  • Integrates into Active Directory environments

Components

The FreeIPA project provides unified installation and management tools for the following components:

Project Website

Releases, announcements and other information can be found on the IPA server project page at http://www.freeipa.org/ .

Documentation

The most up-to-date documentation can be found at http://freeipa.org/page/Documentation .

Quick Start

To get started quickly, start here: http://www.freeipa.org/page/Quick_Start_Guide

For developers

Licensing

Please see the file called COPYING.

Contacts