summaryrefslogtreecommitdiffstats
path: root/ipa-client
Commit message (Collapse)AuthorAgeFilesLines
* Fix memory leaks in ipa-joinJan Cholasta2014-11-052-11/+9
| | | | | | | | | Also remove dead code in ipa-join and add initializer to a variable in ipa-getkeytab to prevent false positives in static code analysis. https://fedorahosted.org/freeipa/ticket/4651 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Remove trivial path constants from modulesGabe2014-11-042-44/+35
| | | | | | https://fedorahosted.org/freeipa/ticket/4399 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Do not wait for new CA certificate to appear in LDAP in ipa-certupdateJan Cholasta2014-10-301-2/+4
| | | | | | | | | If new certificate is not available, reuse the old one, instead of waiting indefinitely for the new certificate to appear. https://fedorahosted.org/freeipa/ticket/4628 Reviewed-By: David Kupka <dkupka@redhat.com>
* Check LDAP instead of local configuration to see if IPA CA is enabledJan Cholasta2014-10-172-15/+38
| | | | | | | | The check is done using a new hidden command ca_is_enabled. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Add ipa-client-install switch --request-cert to request cert for the hostJan Cholasta2014-10-162-12/+97
| | | | | | | | | The certificate is stored in /etc/ipa/nssdb under the nickname "Local IPA host". https://fedorahosted.org/freeipa/ticket/4550 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix certmonger search for the CA cert in ipa-certupdate and ipa-cacert-manageJan Cholasta2014-09-301-0/+1
| | | | | | | | The search criteria did not include the CA agent name. https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Get server hostname from jsonrpc_uri in ipa-certupdateJan Cholasta2014-09-301-4/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Check if IPA client is configured in ipa-certupdateJan Cholasta2014-09-301-0/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4460 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Use /etc/ipa/nssdb to get nicknames of IPA certs installed in /etc/pki/nssdbJan Cholasta2014-09-302-95/+42
| | | | | | | | | Previously a list of nicknames was kept in /etc/pki/nssdb/ipa.txt. The file is removed now. https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Use NSSDatabase instead of direct certutil calls in client codeJan Cholasta2014-09-302-47/+17
| | | | | | https://fedorahosted.org/freeipa/ticket/4416 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Introduce NSS database /etc/ipa/nssdbJan Cholasta2014-09-302-62/+106
| | | | | | | | | | This is the new default NSS database for IPA. /etc/pki/nssdb is still maintained for backward compatibility. https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add 'host' setting into default.conf configuration file on client. Fix ↵David Kupka2014-09-262-4/+5
| | | | | | | | | | description in man page. 'host' setting specifies local hostname not the hostname of IPA server. https://fedorahosted.org/freeipa/ticket/4481 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* No longer generate a machine certificate on client installsRob Crittenden2014-09-051-66/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4449 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Allow user to force Kerberos realm during installation.David Kupka2014-09-052-21/+33
| | | | | | | | | User can set realm not matching one resolved from DNS. This is useful especially when DNS is missconfigured. https://fedorahosted.org/freeipa/ticket/4444 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use certmonger D-Bus API instead of messing with its files.David Kupka2014-09-051-5/+4
| | | | | | | | | | | | FreeIPA certmonger module changed to use D-Bus to communicate with certmonger. Using the D-Bus API should be more stable and supported way of using cermonger than tampering with its files. >=certmonger-0.75.13 is needed for this to work. https://fedorahosted.org/freeipa/ticket/4280 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa-client-install: Do not add already configured sources to nsswitch.conf ↵Tomas Babej2014-09-041-12/+18
| | | | | | | | | | | entries Makes sure that any new sources added are not already present in the entry. https://fedorahosted.org/freeipa/ticket/4508 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add client certificate update tool ipa-certupdate.Jan Cholasta2014-07-306-0/+236
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Get CA certs for system-wide store from cert store in ipa-client-install.Jan Cholasta2014-07-301-6/+8
| | | | | | | | | | All of the certificates and associated key policy are now stored in /etc/pki/ca-trust/source/ipa.p11-kit. Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Get CA certs for /etc/pki/nssdb from certificate store in ipa-client-install.Jan Cholasta2014-07-301-43/+120
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Get CA certs for /etc/ipa/ca.crt from certificate store in ipa-client-install.Jan Cholasta2014-07-301-26/+10
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Support multiple CA certificates in /etc/ipa/ca.crt in ipa-client-install.Jan Cholasta2014-07-301-45/+51
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Refactor CA certificate fetching code in ipa-client-install.Jan Cholasta2014-07-301-51/+37
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Remove certificate "External CA cert" from /etc/pki/nssdb on client uninstall.Jan Cholasta2014-07-301-3/+7
| | | | | | | This is a no longer used nickname for CA certificate on CA-less server installs. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Do not crash client basedn discovery when SSF not metMartin Kosek2014-07-291-4/+4
| | | | | | | | | | ipa-client-install runs anonymous search in non-rootdse space which may raise UNWILLING_TO_PERFORM error. This case was only covered for BIND, but not for the actual LDAP queries. https://fedorahosted.org/freeipa/ticket/4459 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Fix ipa-getkeytab for pre-4.0 serversNathaniel McCallum2014-07-251-17/+21
| | | | | | | | | | Also, make the error messages for this fallback case less scary and clean up some indentation issues in the nearby code which made this code difficult to read. https://fedorahosted.org/freeipa/ticket/4446 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix warning: Using uninitialized value ld.Lukas Slebodnik2014-07-141-1/+1
| | | | | | | If create_getkeytab_control fails variable uninitialized pointer 'ld' will be used. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix ipa-client-install --uninstall crashDavid Kupka2014-07-081-1/+4
| | | | | | | | Fix ipa-client-install crash when chronyd service fails to start. https://fedorahosted.org/freeipa/ticket/4273 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipa-client-install: Restart nisdomain service instead of startingTomas Babej2014-06-301-1/+3
| | | | | | | | | | To ensure new NIS domain name is loaded after ipa-client-install even in case when nisdomainname service is already running, we need to restart the service rather than starting it. https://fedorahosted.org/freeipa/ticket/4393 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix getkeytab code to always use implicit tagging.Simo Sorce2014-06-271-4/+4
| | | | | | | | | | | | | | A mixture of implicit and explicit tagging was being used and this caused a bug in retrieving the enctype number due to the way ber_scanf() loosely treat sequences and explicit tagging. The ASN.1 notation used to describe the getkeytab operation uses implicit tagging, so by changing the code we simply follow to the specified encoding. Resolves: https://fedorahosted.org/freeipa/ticket/4404 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Do not corrupt sshd_config in client install when trailing newline is missing.Jan Cholasta2014-06-261-25/+17
| | | | | | https://fedorahosted.org/freeipa/ticket/4373 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* man: Add -r option to ipa-getkeytab.1Simo Sorce2014-06-261-1/+7
| | | | | | Update the man page with the new ipa-getkeytab option. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* ipa-getkeytab: Add support for get_keytab extopSimo Sorce2014-06-261-5/+305
| | | | | | | | | | | | This new extended operation is tried by default and then the code falls back to the old method if it fails. The new method allows for server side password generation as well as retrieval of existing credentials w/o causing regeneration of keys on the server. Resolves: https://fedorahosted.org/freeipa/ticket/3859 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* ipa-getkeytab: Modularize ldap_set_keytab functionSimo Sorce2014-06-261-138/+181
| | | | | | Isolate parts that will be reused in following patches. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* ipaplatform: Move paths from installers to paths moduleTomas Babej2014-06-262-79/+78
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Pylint fixesTomas Babej2014-06-161-15/+15
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Move all filesystem paths to ipaplatform.paths moduleTomas Babej2014-06-162-5/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Remove redundant imports of ipaservicesTomas Babej2014-06-162-4/+2
| | | | | | | | Also fixes few incorrect imports. https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Change paths dependant on ipaservices to use ipaplatform.pathsTomas Babej2014-06-161-4/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Change service code in freeipa to use ipaplatform servicesTomas Babej2014-06-163-45/+47
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Change platform dependant code in freeipa to use ipaplatform tasksTomas Babej2014-06-163-12/+14
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Do not require custom Authconfig implementations from platform ↵Tomas Babej2014-06-161-63/+16
| | | | | | | | modules https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Moved Fedora 16 service implementations and refactored them as ↵Tomas Babej2014-06-161-1/+0
| | | | | | | | base Fedora module service implementations https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* admin tools: Log IPA versionPetr Viktorin2014-05-271-0/+1
| | | | | | | | | | | Add the IPA version, and vendor version if applicable, to the beginning of admintool logs -- both framework and indivitual tools that don't yet use the framework. This will make debugging easier. https://fedorahosted.org/freeipa/ticket/4219 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa-client-automount should not configure nsswitch.conf manuallyGabe2014-05-161-6/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/3733 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipa-client-automount: Use rpcclient, not xmlclient, for automountlocation_showPetr Viktorin2014-05-141-1/+1
| | | | | Fix for a regression in 66fb4d5e849a049e95d3ef4fcf2b86217488634d https://fedorahosted.org/freeipa/ticket/4290
* ipa-client-install: Configure sudo to use SSSD as data sourceTomas Babej2014-05-092-1/+86
| | | | | | | | | | | Makes ipa-client-install configure SSSD as the data provider for the sudo service by default. This behaviour can be disabled by using --no-sudo flag. https://fedorahosted.org/freeipa/ticket/3358 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa-client: Set NIS domain name in the installerTomas Babej2014-05-092-0/+71
| | | | | | | | | | | | | | | | Provides two new options for the ipa-client-install: --nisdomain: specifies the NIS domain name --no_nisdomain: flag to aviod setting the NIS domain name In case no --nisdomain is specified and --no_nisdomain flag was not set, the IPA domain is used. Manual pages updated. http://fedorahosted.org/freeipa/ticket/3202 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fixed various typos in ipa-client-install man pageThorsten Scherf2014-05-061-3/+3
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Add wait_for_dns option to default.conf.Petr Spacek2014-04-041-0/+9
| | | | | | | | | | | This option makes record changes in DNS tree synchronous. IPA calls will wait until new data are visible over DNS protocol or until timeout. It is intended only for testing. It should prevent tests from failing if there is bigger delay between changes in LDAP and DNS. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Make ipa-client-automount backwards compatibleMartin Kosek2014-04-021-1/+6
| | | | | | | | | | | | | | ipa-client-automount calls automountlocation-show command during the process. Unfortunately, FreeIPA commands are forward compatible only and thus fail the installer. Similarly to ipa-client-install, call XML-RPC interface directly with version fixed to 2.0 (command was already available at that version) to fix the failure. https://fedorahosted.org/freeipa/ticket/4290 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
generated by cgit (git 2.34.1) at 2024-09-27 16:21:26 +0000