freeipa.git - FreeIPA project

	Commit message (Collapse)	Author	Age	Files	Lines
...
*	Allow overriding NSS database path in RPCClient.	Jan Cholasta	2014-07-30	1	-2/+5
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Get CA certs for /etc/ipa/ca.crt from certificate store in ipa-client-install.	Jan Cholasta	2014-07-30	1	-26/+10
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Add function for writing list of certificates to a PEM file to ipalib.x509.	Jan Cholasta	2014-07-30	3	-12/+32
\| \| \| \| \| \| \| \| \| \|	Also rename load_certificate_chain_from_file to load_certificate_list_from_file. Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Support multiple CA certificates in /etc/ipa/ca.crt in ipa-client-install.	Jan Cholasta	2014-07-30	1	-45/+51
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Refactor CA certificate fetching code in ipa-client-install.	Jan Cholasta	2014-07-30	1	-51/+37
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Upload renewed CA cert to certificate store on renewal.	Jan Cholasta	2014-07-30	1	-7/+2
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Import CA certs from certificate store to HTTP NSS database on server install.	Jan Cholasta	2014-07-30	1	-0/+5
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Import CA certs from certificate store to DS NSS database on replica install.	Jan Cholasta	2014-07-30	2	-1/+29
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Add new add_cert method for adding certificates to NSSDatabase and CertDB.	Jan Cholasta	2014-07-30	2	-15/+13
\| \| \| \| \| \| \| \| \| \|	Replace all uses of NSSDatabase method add_single_pem_cert with add_cert and remove add_single_pem_cert. Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Rename CertDB method add_cert to import_cert.	Jan Cholasta	2014-07-30	1	-3/+3
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Upload CA chain from DS NSS database to certificate store on server update.	Jan Cholasta	2014-07-30	1	-16/+52
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Upload CA chain from DS NSS database to certificate store on server install.	Jan Cholasta	2014-07-30	1	-19/+17
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Add certificate store module ipalib.certstore.	Jan Cholasta	2014-07-30	1	-0/+397
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Add function for extracting extended key usage from certs to ipalib.x509.	Jan Cholasta	2014-07-30	1	-0/+22
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Add functions for extracting certificates fields in DER to ipalib.x509.	Jan Cholasta	2014-07-30	1	-0/+55
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Add permissions for certificate store.	Jan Cholasta	2014-07-30	4	-0/+89
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Configure attribute uniqueness for certificate store.	Jan Cholasta	2014-07-30	1	-0/+34
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Add container for certificate store.	Jan Cholasta	2014-07-30	3	-0/+11
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Add LDAP schema for certificate store.	Jan Cholasta	2014-07-30	4	-0/+11
\| \| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Add LDAP schema for wrapped cryptographic keys.	Jan Cholasta	2014-07-30	1	-0/+7
\| \| \| \| \| \| \| \| \| \|	This is part of the schema at <http://www.freeipa.org/page/V4/PKCS11_in_LDAP/Schema>. Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Fix trust flags in HTTP and DS NSS databases.	Jan Cholasta	2014-07-30	5	-17/+54
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Allow specifying trust flags in NSSDatabase and CertDB method trust_root_cert.	Jan Cholasta	2014-07-30	1	-4/+6
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Remove certificate "External CA cert" from /etc/pki/nssdb on client uninstall.	Jan Cholasta	2014-07-30	1	-3/+7
\| \| \| \| \| \| \|	This is a no longer used nickname for CA certificate on CA-less server installs. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Do not treat the IPA RA cert as CA cert in DS NSS database.	Jan Cholasta	2014-07-30	2	-10/+27
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Allow IPA master hosts to read and update IPA master information.	Jan Cholasta	2014-07-30	2	-0/+42
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Check that renewed certificates coming from LDAP are actually renewed.	Jan Cholasta	2014-07-30	1	-6/+32
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Do not use ldapi in certificate renewal scripts.	Jan Cholasta	2014-07-30	4	-82/+107
\| \| \| \| \| \|	This prevents SELinux denials when accessing the ldapi socket. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Remove master ACIs when deleting a replica.	Jan Cholasta	2014-07-30	1	-0/+43
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Pick new CA renewal master when deleting a replica.	Jan Cholasta	2014-07-30	2	-3/+20
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Load sysupgrade.state on demand.	Jan Cholasta	2014-07-30	1	-1/+9
\| \| \| \| \| \| \|	This prevents SELinux denials when the sysupgrade module is imported in a confined process. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Alert user when externally signed CA is about to expire.	Jan Cholasta	2014-07-30	1	-1/+6
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Add CA certificate management tool ipa-cacert-manage.	Jan Cholasta	2014-07-30	6	-2/+376
\| \| \| \| \| \|	Part of https://fedorahosted.org/freeipa/ticket/3737 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Add permissions for CA certificate renewal.	Jan Cholasta	2014-07-30	2	-0/+27
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Add method for verifying CA certificates to NSSDatabase.	Jan Cholasta	2014-07-30	1	-0/+23
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Move external cert validation from ipa-server-install to installutils.	Jan Cholasta	2014-07-30	2	-42/+53
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Provide additional functions to ipapython.certmonger.	Jan Cholasta	2014-07-30	1	-0/+28
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Add method for setting CA renewal master in LDAP to CAInstance.	Jan Cholasta	2014-07-30	1	-3/+38
\| \| \| \| \| \|	Allow checking and setting CA renewal master for non-local CA instances. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Track CA certificate using dogtag-ipa-ca-renew-agent.	Jan Cholasta	2014-07-30	2	-9/+30
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Automatically update CA certificate in LDAP on renewal.	Jan Cholasta	2014-07-30	1	-0/+28
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Allow IPA master hosts to update CA certificate in LDAP.	Jan Cholasta	2014-07-30	1	-0/+2
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Support CA certificate renewal in dogtag-ipa-ca-renew-agent.	Jan Cholasta	2014-07-30	1	-2/+47
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Add function for checking if certificate is self-signed to ipalib.x509.	Jan Cholasta	2014-07-30	1	-0/+6
\| \| \| \|	Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	test_ipagetkeytab: Fix assertion in negative test	Petr Viktorin	2014-07-30	1	-4/+2
\| \| \| \| \| \| \| \| \|	The ipagetkeytab command recently changed its failure output to accomodate pre-4.0 servers. Update the test to reflect this. Related: https://fedorahosted.org/freeipa/ticket/4446 Reviewed-By: Martin Kosek <mkosek@redhat.com>
*	Do not crash client basedn discovery when SSF not met	Martin Kosek	2014-07-29	1	-4/+4
\| \| \| \| \| \| \| \| \| \|	ipa-client-install runs anonymous search in non-rootdse space which may raise UNWILLING_TO_PERFORM error. This case was only covered for BIND, but not for the actual LDAP queries. https://fedorahosted.org/freeipa/ticket/4459 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Verify otptoken timespan is valid	David Kupka	2014-07-29	1	-1/+30
\| \| \| \| \| \| \| \| \|	When creating or modifying otptoken check that token validity start is not after validity end. https://fedorahosted.org/freeipa/ticket/4244 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
*	test group: remove group from protected group.	David Kupka	2014-07-29	1	-0/+67
\| \| \| \| \| \|	Related to https://fedorahosted.org/freeipa/ticket/4448 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Fix group-remove-member crash when group is removed from a protected group	David Kupka	2014-07-29	1	-1/+1
\| \| \| \| \| \|	https://fedorahosted.org/freeipa/ticket/4448 Reviewed-By: Martin Kosek <mkosek@redhat.com>
*	Exclude attributelevelrights from --raw result processing in baseldap.	Jan Cholasta	2014-07-29	1	-3/+7
\| \| \| \| \| \|	https://fedorahosted.org/freeipa/ticket/4371 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Check if /root/ipa.csr exists when installing server with external CA.	Jan Cholasta	2014-07-28	1	-2/+14
\| \| \| \| \| \| \| \|	Remove the file on uninstall. https://fedorahosted.org/freeipa/ticket/4303 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	FIX: named_enable_dnssec should verify if DNS is installed	Martin Basti	2014-07-28	1	-0/+5
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>