| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/730
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/432
|
|
|
|
|
|
|
| |
This patch increases robustness in PRE MOD password SLAPI module
by ensuring that an uninitialized pointer is not dereferenced.
https://fedorahosted.org/freeipa/ticket/719
|
|
|
|
|
|
|
|
| |
Omiting return value of calloc in ipa_pwd_extop.c could lead to
memory access issues when memory is full. This patch adds return
value check.
https://fedorahosted.org/freeipa/ticket/717
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/742
|
|
|
|
|
|
|
| |
This patch fixes a situation where an uninitialized pointer
is passed to free().
https://fedorahosted.org/freeipa/ticket/713
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
krb5_get_default_realm() and asprintf() return values were ignored.
This could lead to unhandled error issues or memory access
issues.
This patch adds return value checks to all such functions.
As a consequence, one new return value has been added to man page.
https://fedorahosted.org/freeipa/ticket/720
|
|
|
|
|
|
|
|
|
|
|
|
| |
krb5_init_context return value was not checked. This could lead
to unhandled error issues.
This patch moves the Kerberos context initialization to the
branch where it is needed and handles the error value in a way
that allows program exit in a standard way deallocating all
resources.
https://fedorahosted.org/freeipa/ticket/721
|
|
|
|
|
|
|
| |
Fix "--realm" parameter processing in ipa-rmkeytab. Also make sure
that memory allocated in this process is also freed.
https://fedorahosted.org/freeipa/ticket/711
|
|
|
|
|
|
|
|
| |
In some cases recently freed memory was used/freed again. This
patch introduces more consistency between functions
join_ldap/join_krb5 when dealing with affected variables.
https://fedorahosted.org/freeipa/ticket/709
|
|
|
|
| |
This was removed in several places where it should still be visible
|
|
|
|
|
|
| |
A section has been added to the SUDO command details page for managing
the association with SUDO command groups. New test data has been added
as well.
|
|
|
|
|
|
| |
All references to hbac in the UI have been replaced with hbacrule.
This is to match the hbacrule plugin. The test data and templates
have been renamed as well.
|
|
|
|
|
|
|
|
| |
The table widget now can be enabled/disabled. When disabled, the
checkboxes and links/buttons are grayed out and non functional.
The radio buttons in HBAC and SUDO details page have been modified
to enable/disable the corresponding tables.
|
|
|
|
|
|
|
| |
The radio buttons under the Run Commands section in the SUDO details
page have been changed from allow/deny/specified into all/specified,
and moved under the Allow commands subsection, matching the correct
usage of the cmdcategory attribute.
|
|
|
|
|
|
|
|
|
|
|
| |
The output problem was a missing label for failed managedby.
This also fixes a call to print_entry that was missing the flags argument.
Add a flag to specify whether a group can be a member of itself, defaulting
to False.
ticket 708
|
|
|
|
|
|
|
|
|
| |
Without this it is possible to prepare a replica for a host that doesn't
exist in DNS. The result when this replica file is installed is that
replication will fail because the master won't be able to communicate
to the replica by name.
ticket 680
|
| |
|
|
|
|
| |
ticket 739
|
|
|
|
|
|
|
|
|
| |
Flag parameters are always autofill by definition, causing unexpected
search results. This patch retypes them to Bool for search commands,
so that users have to/can enter the desired value manually.
Ticket #689
Ticket #701
|
|
|
|
| |
minor tweak to the header and gradient for the header
|
|
|
|
| |
ticket 314
|
|
|
|
| |
ticket 734
|
|
|
|
|
|
|
|
|
|
|
|
| |
We collected the failures but didn't report it back. This changes the
API of most delete commands so rather than returning a boolean it returns
a dict with the only current key as failed.
This also adds a new parameter flag, suppress_empty. This will try to
not print values that are empty if included. This makes the output of
the delete commands a bit prettier.
ticket 687
|
|
|
|
|
|
|
|
|
|
|
| |
It is possible to create an ACI with attributes and then try to set that
to None via a mod command later. We need to catch this and raise an exception.
If all attributes are set to None in an aci then the attr target is removed
from the ACI. This could result in an illegal ACI if there are no other
targets. Having no targets is a legal state, just not a legal final state.
ticket 647
|
|
|
|
|
| |
fixes issues from
https://fedorahosted.org/freeipa/ticket/507
|
|
|
|
| |
tweak the tabs padding
|
| |
|
|
|
|
|
| |
self service defaults to write permission, the only acceptable one.
By removing the checkbox, we stop sending invalid permissions
|
| |
|
| |
|
|
|
|
|
| |
Not sure if this is an openldap-client, pem-nss or python-ldap problem yet
but the installation is failing.
|
| |
|
| |
|
|
|
|
|
| |
This patch makes one group for all HBAC plugins and one group for all
sudo plugins.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The concept is now following:
topic: either a module or a group of modules containing registered
commands. All these commands will usually handle common entity
type (e.g. hbac rules)
subtopic: each topic can have a number of subtopics. In this case topic
is a group of modules and each module represents a subtopic.
grouping modules to topics is possible by assigning a 2-tuple to module
variable:
topic = ('topic-name','topic description')
The topic description has to be the same in all modules in the topic.
These are examples of commands now available in IPA help:
ipa help - display a list of all topics
ipa help hbac - display help for hbac topic
ipa help hbacrule - display help for a subtopic of hbac
ipa help hbacrule-add - display help for a particular command
https://fedorahosted.org/freeipa/ticket/410
|
|
|
|
|
|
| |
The renaming follows previous discussion on mailing list and it leads to
name compatibility with other plugins (e.g. sudorule). It is also
necessary for following changes in ipa help.
|
|
|
|
|
|
|
| |
Resolving the keytab isn't enough, this just creates a name. Try to
create a cursor into the keytab to see if it is a valid keytab.
ticket 654
|
|
|
|
|
|
|
| |
The option is renamed to --ip-address to be consistent with
ipa-replica-prepare.
https://fedorahosted.org/freeipa/ticket/655
|
|
|
|
|
|
| |
A new option to specify reverse zone creation for unattended installs
https://fedorahosted.org/freeipa/ticket/678
|
|
|
|
|
|
|
|
|
| |
Remove the LDAP_DEPRECATED constant and do not use functions that are
marked as deprecated in recent OpenLDAP releases. Also always define
WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that
depend on that constant.
https://fedorahosted.org/freeipa/ticket/576
|
|
|
|
|
|
|
| |
Do this by creating a common way to attach to the ldap server for each
instance.
Fixes: https://fedorahosted.org/freeipa/ticket/686
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/645
|
|
|
|
| |
valied request. https://fedorahosted.org/freeipa/ticket/691
|
|
|
|
| |
THis patch updates the metadata with the changes for the facet groups names. It is a large patch only in that the metadata is huge, but the change is trivial
|
|
|
|
|
| |
correctly nest the facet groups
change 'parent' to 'member of' for facet group
|
|
|
|
| |
THe client aread class is added after the create call. THe logic assumes that there are two divs under the tabs. THe records facet broke that assumption. THis fixes it
|