summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* FIX DNS wildcard records (RFC4592)Martin Basti2014-09-051-0/+22
| | | | | | | | | | Make validation more strict * DS, NS, DNAME owners should not be a wildcard domanin name * zone name should not be a wildcard domain name Ticket: https://fedorahosted.org/freeipa/ticket/4488 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Use certmonger D-Bus API instead of messing with its files.David Kupka2014-09-057-296/+285
| | | | | | | | | | | | FreeIPA certmonger module changed to use D-Bus to communicate with certmonger. Using the D-Bus API should be more stable and supported way of using cermonger than tampering with its files. >=certmonger-0.75.13 is needed for this to work. https://fedorahosted.org/freeipa/ticket/4280 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix dnsrecord-mod raise error if last record attr is removedMartin Basti2014-09-052-3/+10
| | | | | | Removing last record attribute causes output type validation error Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa-client-install: Do not add already configured sources to nsswitch.conf ↵Tomas Babej2014-09-041-12/+18
| | | | | | | | | | | entries Makes sure that any new sources added are not already present in the entry. https://fedorahosted.org/freeipa/ticket/4508 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Normalize external CA cert before passing it to pkispawnJan Cholasta2014-09-041-2/+12
| | | | | | https://fedorahosted.org/freeipa/ticket/4019 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add record(s) to /etc/host when IPA is configured as DNS server.David Kupka2014-09-031-1/+1
| | | | | | | | | | This is to avoid chicken-egg problem when directory server fails to start without resolvable hostname and named fails to provide hostname without directory server. https://fedorahosted.org/freeipa/ticket/4220 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Ensure ipaUserAuthTypeClass when needed on user creationNathaniel McCallum2014-09-031-13/+11
| | | | | | | | | Also, remove the attempt to load the objectClasses when absent. This never makes sense during an add operation. https://fedorahosted.org/freeipa/ticket/4455 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* permission plugin: Improve description of the target optionPetr Viktorin2014-09-031-1/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4521 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Make --target available in the CLIPetr Viktorin2014-09-031-1/+0
| | | | | | | This was left out by mistake when permissions were refactored. The API is already tested. https://fedorahosted.org/freeipa/ticket/4522
* freeipa.spec.in: Add python-backports-ssl_match_hostname to BuildRequiresPetr Viktorin2014-09-021-0/+1
| | | | | | | | | | This patch adds an explicit build dependency to python-backports-ssl_match_hostname. Without it, the build-time lint would fail. https://fedorahosted.org/freeipa/ticket/4515 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Pick new CA renewal master when deleting a replica.Jan Cholasta2014-09-022-3/+20
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add method for setting CA renewal master in LDAP to CAInstance.Jan Cholasta2014-09-021-3/+38
| | | | | | Allow checking and setting CA renewal master for non-local CA instances. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* CLIENT: Explicitly require python-backports-ssl_match_hostnameJakub Hrozek2014-09-021-0/+1
| | | | | | | | | | | | | | Without python-backports-ssl_match_hostname installed, an ipa-client installation could have failed with: from backports.ssl_match_hostname import match_hostname ImportError: No module named ssl_match_hostname This patch adds an explicit dependency to python-backports-ssl_match_hostname. https://fedorahosted.org/freeipa/ticket/4515 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Allow changing CA renewal master in ipa-csreplica-manage.Jan Cholasta2014-09-022-9/+33
| | | | | | https://fedorahosted.org/freeipa/ticket/4039 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaserver/dcerpc.py: Make sure trust is established only to forest root domainAlexander Bokovoy2014-09-012-0/+22
| | | | | | Part of https://fedorahosted.org/freeipa/ticket/4463 Reviewed-By: Sumit Bose <sbose@redhat.com>
* ipaserver/dcerpc.py: be more open to what domains can be seen through the ↵Alexander Bokovoy2014-09-011-1/+1
| | | | | | | | forest trust https://fedorahosted.org/freeipa/ticket/4463 Reviewed-By: Sumit Bose <sbose@redhat.com>
* ipaserver/dcerpc.py: Avoid hitting issue with transitive trusts on Windows ↵Alexander Bokovoy2014-09-011-3/+10
| | | | | | | | Server prior to 2012 http://msdn.microsoft.com/en-us/library/2a769a08-e023-459f-aebe-4fb3f595c0b7#id83 Reviewed-By: Sumit Bose <sbose@redhat.com>
* ipaserver/dcerpc.py: make PDC discovery more robustAlexander Bokovoy2014-09-011-5/+16
| | | | | | | | | | Certain operations against AD domain controller can only be done if its FSMO role is primary domain controller. We need to use writable DC and PDC when creating trust and updating name suffix routing information. https://fedorahosted.org/freeipa/ticket/4479 Reviewed-By: Sumit Bose <sbose@redhat.com>
* ipaserver/dcerpc.py: if search of a closest GC failed, try to find any GCAlexander Bokovoy2014-09-011-1/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/4458 Reviewed-By: Sumit Bose <sbose@redhat.com>
* ipa trust-add command should be interactiveGabe2014-08-251-1/+25
| | | | | | | | | - Make ipa trust-add command interactive for realm_admin and realm_passwd - Fix 'Active directory' typo to 'Active Directory' https://fedorahosted.org/freeipa/ticket/3034 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Change BuildRequires for JavaStephen Gallagher2014-08-201-1/+1
| | | | | | | | | Requiring a specific version of Java leads to breakages, like the one happening on nightly builds in Fedora Rawhide right now. We should use the more generic 'java' BuildRequires instead of the versioned one. Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* webui-ci: fix table widget addPetr Vobornik2014-08-201-1/+1
| | | | | | | | | | | | | add_table_record call used old selector for add button which caused 3 fails in CI: - ERROR: Test automember rebuild membership feature for hosts - ERROR: Test automember rebuild membership feature for users - ERROR: Basic CRUD: dns related to: https://fedorahosted.org/freeipa/ticket/4258 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: better error reportingPetr Vobornik2014-08-202-12/+14
| | | | | | | | | | | | On page: - styled to use proper line breaks - "centered" by .container class and not by huge padding Console: - proper line breaks - links in stack trace are clickable(Chrome) Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Convert external CA chain to PKCS#7 before passing it to pkispawn.Jan Cholasta2014-08-143-7/+22
| | | | | | https://fedorahosted.org/freeipa/ticket/4397 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Tests: host tests with dnsMartin Basti2014-08-111-0/+448
| | | | | | Test for: https://fedorahosted.org/freeipa/ticket/4164 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Allow to add host if AAAA record existsMartin Basti2014-08-113-7/+18
| | | | | | http://fedorahosted.org/freeipa/ticket/4164 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: test_trust: Add test to cover lookup of trusdomainsTomas Babej2014-08-071-5/+31
| | | | | | | | | | | | | Adds an integration tests that checks that all trustdomains are able to be found by trustdomain-find command right after the trust has been established. Also moves some code to allow easier adding common test cases for both POSIX and non-POSIX test classes. https://fedorahosted.org/freeipa/ticket/4208 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipa-adtrust-install does not re-add member in adtrust agents groupMartin Kosek2014-08-071-18/+21
| | | | | | | | | | | | When a CIFS service exists and adtrust agents group does not have it as a member attribute (for whatever reason), re-running ipa-adtrust-install does not fix the inconsistency. Make the installer more robust by being able to fix the inconsistency. https://fedorahosted.org/freeipa/ticket/4464 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add test for baseldap.entry_to_dict.Jan Cholasta2014-08-041-0/+49
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* webui-ci: fix reset password checkPetr Vobornik2014-07-311-3/+3
| | | | | | | | | After login, CI checks if password needs a reset by checking if reset password fields are displayed. This check failed since login facet was removed from DOM after successful auth. Weakening the selector fixes it. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* test_ipagetkeytab: Fix assertion in negative testPetr Viktorin2014-07-301-4/+2
| | | | | | | | | The ipagetkeytab command recently changed its failure output to accomodate pre-4.0 servers. Update the test to reflect this. Related: https://fedorahosted.org/freeipa/ticket/4446 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Do not crash client basedn discovery when SSF not metMartin Kosek2014-07-291-4/+4
| | | | | | | | | | ipa-client-install runs anonymous search in non-rootdse space which may raise UNWILLING_TO_PERFORM error. This case was only covered for BIND, but not for the actual LDAP queries. https://fedorahosted.org/freeipa/ticket/4459 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Verify otptoken timespan is validDavid Kupka2014-07-291-1/+30
| | | | | | | | | When creating or modifying otptoken check that token validity start is not after validity end. https://fedorahosted.org/freeipa/ticket/4244 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* test group: remove group from protected group.David Kupka2014-07-291-0/+67
| | | | | | Related to https://fedorahosted.org/freeipa/ticket/4448 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Fix group-remove-member crash when group is removed from a protected groupDavid Kupka2014-07-291-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4448 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Exclude attributelevelrights from --raw result processing in baseldap.Jan Cholasta2014-07-291-3/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/4371 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Check if /root/ipa.csr exists when installing server with external CA.Jan Cholasta2014-07-281-2/+14
| | | | | | | | Remove the file on uninstall. https://fedorahosted.org/freeipa/ticket/4303 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* FIX: named_enable_dnssec should verify if DNS is installedMartin Basti2014-07-281-0/+5
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Fix DNS upgrade plugin should check if DNS container existsMartin Basti2014-07-281-0/+4
| | | | | | | Fortunately this cause no error, because dnszone-find doesnt raise exception if there is no DNS container Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Update API.txtPetr Viktorin2014-07-281-2/+2
| | | | Additional fix for https://fedorahosted.org/freeipa/ticket/4323
* ipalib: idrange: Make non-implemented range types fail the validationTomas Babej2014-07-281-2/+3
| | | | | | | | | | The ipa-ipa-trust and ipa-ad-winsync ID Range types were allowed to pass the validation tests, however, they are not implemented nor checked by the 389 server plugin. https://fedorahosted.org/freeipa/ticket/4323 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* webui: remove remaining action-button-disabled occurrencesPetr Vobornik2014-07-282-39/+5
| | | | | | | | Buttons in hbactest check for 'action-button-disabled' but it's never set. https://fedorahosted.org/freeipa/ticket/4258 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: replace action_buttons with action_widgetPetr Vobornik2014-07-285-133/+88
| | | | | | | | | | Simplify code base by reuse of 'disable' feature of button_widget. All occurrences of action-button which were disabled/enabled were replaced by button-widget. https://fedorahosted.org/freeipa/ticket/4258 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: detach facet nodesPetr Vobornik2014-07-282-0/+10
| | | | | | | | | Detach/attach facet nodes when switching facets instead of hiding/showing. Keeps dom-tree more simple. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: internet explorer fixesPetr Vobornik2014-07-282-2/+8
| | | | | | | | | Fixed: 1. IE doesn't support value 'initial' in CSS rule. 2. setting innerHTML='' also destroys content of child nodes in LoginScreen in IE -> reattached buttons have no text. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: fix nested items creation in dropdown listPetr Vobornik2014-07-281-6/+8
| | | | | | Items nested in other items were created in root list instead of nested list. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: support wildcard attribute level rightsPetr Vobornik2014-07-281-9/+15
| | | | | | | | | Reproduction: * add 'extensibleObject' object class to target object https://fedorahosted.org/freeipa/ticket/4380 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Become IPA 4.0.1Martin Kosek2014-07-251-1/+1
|
* baseldap: return 'none' attr level right as unicode stringPetr Vobornik2014-07-251-1/+1
| | | | | | | | | Returning non-unicode causes serialization into base64 which causes havoc in Web UI. https://fedorahosted.org/freeipa/ticket/4454 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add TOTP watermark supportNathaniel McCallum2014-07-252-74/+88
| | | | | | | | | | | | | | | | This prevents the reuse of TOTP tokens by recording the last token interval that was used. This will be replicated as normal. However, this patch does not increase the number of writes to the database in the standard authentication case. This is because it also eliminates an unnecessary write during authentication. Hence, this patch should be write-load neutral with the existing code. Further performance enhancement is desired, but is outside the scope of this patch. https://fedorahosted.org/freeipa/ticket/4410 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-21 10:47:58 +0000