Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Bump up to 1.1.1release-1-1-1 | Simo Sorce | 2008-09-10 | 1 | -1/+1 |
| | |||||
* | Add script to simplify operations to fix CVE 2008 3274 Import all of change ↵ | Simo Sorce | 2008-09-10 | 3 | -0/+520 |
| | | | | master key directly into the help fix, allows for better control | ||||
* | CVE 2008 3274 related fixes | Simo Sorce | 2008-09-10 | 2 | -3/+9 |
| | |||||
* | Add a tool to change the kerberos Master Key in case an admin wants to. This ↵ | Simo Sorce | 2008-09-10 | 2 | -0/+384 |
| | | | | tool will dump and re-encrypt all keys, then reload and change the master key in LDAP and in the stash file. It will also restart the Directory Server and the the KDC | ||||
* | Add encrypt_file and decrypt_file utility functions. We will use them to ↵ | Simo Sorce | 2008-09-10 | 2 | -2/+65 |
| | | | | | | | | | encrypt the replica file so that we can transport it over more safely. It contains sensitive data, by encrypting it we assure that even if a distracted admin leaves it around it cannot be accessed without knowing the access passphrase (usually the Directory Manager password) Along the way fix also ipautil.run which was buggy and not passing in correctly stdin. Add dependency for gnupg in spec file | ||||
* | Wrap up the raw_input() to user_input() for convenience and uniformity. | Martin Nagy | 2008-09-10 | 9 | -189/+118 |
| | |||||
* | Comment out code that generates keys with a random salt, apparently this ↵ | Simo Sorce | 2008-09-10 | 1 | -0/+4 |
| | | | | does not work as expected and generates faulty keys | ||||
* | Treat Jan 1 1970 in krbPrincipalExpiration as a special date that means the ↵ | Simo Sorce | 2008-09-10 | 1 | -3/+5 |
| | | | | account Never Expires | ||||
* | Retrieve the kerberos configuration every time a new, it will be a bit ↵ | Simo Sorce | 2008-09-10 | 1 | -246/+235 |
| | | | | slower but will allow for changing configurations without having to restart DS. Password operations are slow and rare enough this is an acceptable compromise. | ||||
* | In openvz we found out some interfaces may return a null pointer here. Skip ↵ | Simo Sorce | 2008-09-10 | 1 | -0/+4 |
| | | | | them if no address is provided or we later get a segfault because we dereference a null pointer. | ||||
* | Fix typo in inet type | Simo Sorce | 2008-09-10 | 1 | -1/+1 |
| | |||||
* | slapi_pw_find_sv() expects an array, make sure we have a NULL terminated one ↵ | Simo Sorce | 2008-09-10 | 1 | -5/+9 |
| | | | | to avoid potential segfaults Avoid leaking memory too. | ||||
* | Must index uidnumber and gidnumber and any attribute that dna plugin is ↵ | Simo Sorce | 2008-09-10 | 1 | -0/+19 |
| | | | | going to generate or that we need to search on. | ||||
* | Index the memberof attribute | Rob Crittenden | 2008-09-10 | 1 | -0/+8 |
| | | | | 450951 | ||||
* | Fix uninizialized counter, was causing allocation to fail and command to ↵ | Simo Sorce | 2008-09-10 | 1 | -0/+1 |
| | | | | return in case any encryption type was explicitly requested | ||||
* | Move version to 1.1.0 in preparation for new patch releaserelease-1-1-0 | Simo Sorce | 2008-06-11 | 1 | -1/+1 |
| | |||||
* | Let DS encode the password, this will allow IPA -> AD password | Simo Sorce | 2008-06-11 | 1 | -10/+4 |
| | | | | synchronization to work again. | ||||
* | Ensure that the realm name is upper-case. | Rob Crittenden | 2008-06-09 | 1 | -3/+4 |
| | | | | 449182 | ||||
* | Ignore empty values when converting a multi-valued form field back to a ↵ | Rob Crittenden | 2008-06-09 | 1 | -1/+2 |
| | | | | | | list. This will prevent validation errors when validate.UniqueList() is executed. 449785 | ||||
* | When an LDAP connection fails, display the host one is trying to connect to. | Rob Crittenden | 2008-06-09 | 1 | -2/+4 |
| | | | | 450111 | ||||
* | Add our own SIGTERM handler so we can do clean shutdowns. | Rob Crittenden | 2008-06-09 | 1 | -2/+13 |
| | | | | | | Also fix foreground mode. 450211 | ||||
* | Make it clear which packages are being configured and which aren't. | Rob Crittenden | 2008-06-09 | 1 | -3/+15 |
| | | | | 450175 | ||||
* | Add sbin_t directory read permissions | Rob Crittenden | 2008-06-05 | 1 | -0/+1 |
| | | | | 449760 | ||||
* | Fix typo | Rob Crittenden | 2008-06-05 | 1 | -1/+1 |
| | | | | 450077 | ||||
* | Under some conditions rl may not have been initialized so the config may ↵ | Rob Crittenden | 2008-06-04 | 1 | -0/+3 |
| | | | | | | | | | | | | | | error out with: UnboundLocalError: "local variable 'rl' referenced before assignment" This is caught and ignored but the result is that the records in DNS may not be used at all. Initializing rl to zero fixes this. I also convert the server list into a set to make each entry unique (and back to a list because that is what we are supposed to return) 433506 | ||||
* | Fix import for version | Rob Crittenden | 2008-06-04 | 2 | -2/+2 |
| | |||||
* | Add -p/--password option so the DM password can be passed on the command-line. | Rob Crittenden | 2008-06-04 | 2 | -5/+13 |
| | | | | | | The import for version moved from ipaserver to ipa, fix that as well. 449858 | ||||
* | Don't make the search criteria lower-case so one can do case-sensitive ↵ | Rob Crittenden | 2008-06-04 | 1 | -1/+0 |
| | | | | | | searches (such as looking for HTTP principals) 449975 | ||||
* | Fix some minor man page issues. | Rob Crittenden | 2008-06-04 | 3 | -11/+18 |
| | | | | 438771 | ||||
* | Fix some formatting issues and correct the example. | Rob Crittenden | 2008-06-04 | 1 | -28/+32 |
| | | | | 443009 | ||||
* | Fix typo and reorder -q|--quiet so it displays nicer. popt isn't putting it ↵ | Rob Crittenden | 2008-06-04 | 1 | -2/+2 |
| | | | | | | on a separate line so moving it up front makes it easier to find. 443014 | ||||
* | Fix issue of double logging in ipa_error.log. | Rob Crittenden | 2008-06-03 | 6 | -4/+60 |
| | | | | | | | | | | | We open the log in ipa_webgui and this was being inherited by TurboGears which uses the same log so everything was getting logged twice. Shut down the log in ipa_webgui at the last possible moment. This will not catch configuration errors. Add a Not Found template. Only print a traceback on 500 errors. | ||||
* | Move version.py to the common ipa directory instead of being server-based so ↵ | Rob Crittenden | 2008-06-03 | 7 | -26/+37 |
| | | | | | | it can be used by the client tool. Fix the client tool imports to fail more gracefully. | ||||
* | Fix some minor man page issues. | Rob Crittenden | 2008-06-03 | 3 | -2/+4 |
| | | | | 438771 | ||||
* | Don't prompt regarding previous DS installations in unattended mode. | Rob Crittenden | 2008-05-30 | 1 | -2/+4 |
| | | | | 449150 | ||||
* | Try to clear up messages prompting for domain and IPA server when DNS ↵ | Rob Crittenden | 2008-05-30 | 1 | -4/+4 |
| | | | | discovery fails to find them. | ||||
* | Fedora DS 1.1.1 exposes a public task api. In order for ipa-1-0 to build ↵ | Rich Megginson | 2008-05-30 | 1 | -47/+90 |
| | | | | against this, ipa-memberof.c needs to be able to use the public api or the private one. | ||||
* | Add two now options, --addattr and --setattr, to allow arbitrary attributes ↵ | Rob Crittenden | 2008-05-30 | 4 | -4/+87 |
| | | | | | | | | | to be added and set when a new user or group is created. Make the user password not mandatory and add new option, -P, to prompt for a password interactively. 449006 | ||||
* | Make check_inst() a standalone function in bindinstance. | Rob Crittenden | 2008-05-30 | 2 | -10/+10 |
| | | | | | | | | | | | | | When an install instance is created that contains a pointer to a sysrestore point it loads in the current configuration when instantiated. If an instance is instantiated but not used then changes may occur to the system state that it is unaware of. So one needs to take care in the order that things are done to avoid losing information. When bind was setup it was overwriting all data in sysrestore.state and leaving just a [named] section. This caused problems at uninstall. 448173 | ||||
* | Actually pass along the verbose option to IPAClient. | Rob Crittenden | 2008-05-29 | 17 | -17/+17 |
| | | | | 443987 | ||||
* | Fix typo in log statement | Rob Crittenden | 2008-05-29 | 1 | -1/+1 |
| | | | | 448948 | ||||
* | Make ipa_kpasswd listen on each single interface explicitly | Simo Sorce | 2008-05-29 | 1 | -66/+173 |
| | | | | | instead of 0.0.0.0, this allows us to reply to a UDP request by using the right source address to build the kerberos reply. | ||||
* | Use openldap libraries by default as mozldap libs seem to break | Simo Sorce | 2008-05-29 | 2 | -3/+3 |
| | | | | ldap_extended_operation() somehow and ipa_kpasswd stops working | ||||
* | Fix crash bug in ipa_kpasswd | Simo Sorce | 2008-05-29 | 1 | -2/+3 |
| | |||||
* | Now that admin is in the common users tree make the nss_ldap | Simo Sorce | 2008-05-29 | 2 | -4/+4 |
| | | | | | configuration look at the specific tree where users are and not search the full server. | ||||
* | Fix the case where domain != lower(REALM) | Simo Sorce | 2008-05-29 | 5 | -38/+69 |
| | | | | | add the domain to the ipa.conf file for apps that need to know This should fix a bug in the replica setup | ||||
* | Set default logging level to INFO (still logs to Apache) | Rob Crittenden | 2008-05-28 | 2 | -24/+63 |
| | | | | Add function entry log for the core IPA XML-RPC functions. | ||||
* | Add python-configobj as a Requires and do some other specfile cleanups. | Rob Crittenden | 2008-05-28 | 1 | -5/+13 |
| | | | | 432814 | ||||
* | Use a value that is explicitly 64bit on all architectures | Simo Sorce | 2008-05-23 | 1 | -13/+13 |
| | |||||
* | Move admin into cn=users,cn=accounts | Simo Sorce | 2008-05-23 | 3 | -5/+5 |
| | | | | | | | After some deep thinking I think the advantages of keeping all posix enabled user accounts under cn=users,cn=accounts overweight a perceived better protection of the admin account by keeping it in a separate tree. |