summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Add new add_cert method for adding certificates to NSSDatabase and CertDB.Jan Cholasta2014-07-302-15/+13
| | | | | | | | | | Replace all uses of NSSDatabase method add_single_pem_cert with add_cert and remove add_single_pem_cert. Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Rename CertDB method add_cert to import_cert.Jan Cholasta2014-07-301-3/+3
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Upload CA chain from DS NSS database to certificate store on server update.Jan Cholasta2014-07-301-16/+52
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Upload CA chain from DS NSS database to certificate store on server install.Jan Cholasta2014-07-301-19/+17
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add certificate store module ipalib.certstore.Jan Cholasta2014-07-301-0/+397
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add function for extracting extended key usage from certs to ipalib.x509.Jan Cholasta2014-07-301-0/+22
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add functions for extracting certificates fields in DER to ipalib.x509.Jan Cholasta2014-07-301-0/+55
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add permissions for certificate store.Jan Cholasta2014-07-304-0/+89
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Configure attribute uniqueness for certificate store.Jan Cholasta2014-07-301-0/+34
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add container for certificate store.Jan Cholasta2014-07-303-0/+11
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add LDAP schema for certificate store.Jan Cholasta2014-07-304-0/+11
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add LDAP schema for wrapped cryptographic keys.Jan Cholasta2014-07-301-0/+7
| | | | | | | | | | This is part of the schema at <http://www.freeipa.org/page/V4/PKCS11_in_LDAP/Schema>. Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Fix trust flags in HTTP and DS NSS databases.Jan Cholasta2014-07-305-17/+54
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Allow specifying trust flags in NSSDatabase and CertDB method trust_root_cert.Jan Cholasta2014-07-301-4/+6
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Remove certificate "External CA cert" from /etc/pki/nssdb on client uninstall.Jan Cholasta2014-07-301-3/+7
| | | | | | | This is a no longer used nickname for CA certificate on CA-less server installs. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Do not treat the IPA RA cert as CA cert in DS NSS database.Jan Cholasta2014-07-302-10/+27
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Allow IPA master hosts to read and update IPA master information.Jan Cholasta2014-07-302-0/+42
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Check that renewed certificates coming from LDAP are actually renewed.Jan Cholasta2014-07-301-6/+32
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Do not use ldapi in certificate renewal scripts.Jan Cholasta2014-07-304-82/+107
| | | | | | This prevents SELinux denials when accessing the ldapi socket. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Remove master ACIs when deleting a replica.Jan Cholasta2014-07-301-0/+43
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Pick new CA renewal master when deleting a replica.Jan Cholasta2014-07-302-3/+20
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Load sysupgrade.state on demand.Jan Cholasta2014-07-301-1/+9
| | | | | | | This prevents SELinux denials when the sysupgrade module is imported in a confined process. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Alert user when externally signed CA is about to expire.Jan Cholasta2014-07-301-1/+6
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add CA certificate management tool ipa-cacert-manage.Jan Cholasta2014-07-306-2/+376
| | | | | | Part of https://fedorahosted.org/freeipa/ticket/3737 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add permissions for CA certificate renewal.Jan Cholasta2014-07-302-0/+27
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add method for verifying CA certificates to NSSDatabase.Jan Cholasta2014-07-301-0/+23
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Move external cert validation from ipa-server-install to installutils.Jan Cholasta2014-07-302-42/+53
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Provide additional functions to ipapython.certmonger.Jan Cholasta2014-07-301-0/+28
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add method for setting CA renewal master in LDAP to CAInstance.Jan Cholasta2014-07-301-3/+38
| | | | | | Allow checking and setting CA renewal master for non-local CA instances. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Track CA certificate using dogtag-ipa-ca-renew-agent.Jan Cholasta2014-07-302-9/+30
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Automatically update CA certificate in LDAP on renewal.Jan Cholasta2014-07-301-0/+28
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Allow IPA master hosts to update CA certificate in LDAP.Jan Cholasta2014-07-301-0/+2
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Support CA certificate renewal in dogtag-ipa-ca-renew-agent.Jan Cholasta2014-07-301-2/+47
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add function for checking if certificate is self-signed to ipalib.x509.Jan Cholasta2014-07-301-0/+6
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* test_ipagetkeytab: Fix assertion in negative testPetr Viktorin2014-07-301-4/+2
| | | | | | | | | The ipagetkeytab command recently changed its failure output to accomodate pre-4.0 servers. Update the test to reflect this. Related: https://fedorahosted.org/freeipa/ticket/4446 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Do not crash client basedn discovery when SSF not metMartin Kosek2014-07-291-4/+4
| | | | | | | | | | ipa-client-install runs anonymous search in non-rootdse space which may raise UNWILLING_TO_PERFORM error. This case was only covered for BIND, but not for the actual LDAP queries. https://fedorahosted.org/freeipa/ticket/4459 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Verify otptoken timespan is validDavid Kupka2014-07-291-1/+30
| | | | | | | | | When creating or modifying otptoken check that token validity start is not after validity end. https://fedorahosted.org/freeipa/ticket/4244 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* test group: remove group from protected group.David Kupka2014-07-291-0/+67
| | | | | | Related to https://fedorahosted.org/freeipa/ticket/4448 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Fix group-remove-member crash when group is removed from a protected groupDavid Kupka2014-07-291-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4448 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Exclude attributelevelrights from --raw result processing in baseldap.Jan Cholasta2014-07-291-3/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/4371 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Check if /root/ipa.csr exists when installing server with external CA.Jan Cholasta2014-07-281-2/+14
| | | | | | | | Remove the file on uninstall. https://fedorahosted.org/freeipa/ticket/4303 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* FIX: named_enable_dnssec should verify if DNS is installedMartin Basti2014-07-281-0/+5
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Fix DNS upgrade plugin should check if DNS container existsMartin Basti2014-07-281-0/+4
| | | | | | | Fortunately this cause no error, because dnszone-find doesnt raise exception if there is no DNS container Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Update API.txtPetr Viktorin2014-07-281-2/+2
| | | | Additional fix for https://fedorahosted.org/freeipa/ticket/4323
* ipalib: idrange: Make non-implemented range types fail the validationTomas Babej2014-07-281-2/+3
| | | | | | | | | | The ipa-ipa-trust and ipa-ad-winsync ID Range types were allowed to pass the validation tests, however, they are not implemented nor checked by the 389 server plugin. https://fedorahosted.org/freeipa/ticket/4323 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* webui: add bounce url to reset_password.htmlPetr Vobornik2014-07-281-0/+24
| | | | | | | | | | | | | | | | | | | | reset_password.html now redirects browser to URL specified in 'redirect' uri component (if present). The component has to be URI encoded. ie (in browser console): $ encodeURIComponent('http://pvoborni.fedorapeople.org/doc/#!/guide/Debugging') --> "http%3A%2F%2Fpvoborni.fedorapeople.org%2Fdoc%2F%23!%2Fguide%2FDebugging" --> https://my.freeipa.server/ipa/ui/reset_password.html?redirect=http%3A%2F%2Fpvoborni.fedorapeople.org%2Fdoc%2F%23!%2Fguide%2FDebugging https://fedorahosted.org/freeipa/ticket/4440 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: remove remaining action-button-disabled occurrencesPetr Vobornik2014-07-282-39/+5
| | | | | | | | Buttons in hbactest check for 'action-button-disabled' but it's never set. https://fedorahosted.org/freeipa/ticket/4258 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: replace action_buttons with action_widgetPetr Vobornik2014-07-285-133/+88
| | | | | | | | | | Simplify code base by reuse of 'disable' feature of button_widget. All occurrences of action-button which were disabled/enabled were replaced by button-widget. https://fedorahosted.org/freeipa/ticket/4258 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: detach facet nodesPetr Vobornik2014-07-282-0/+10
| | | | | | | | | Detach/attach facet nodes when switching facets instead of hiding/showing. Keeps dom-tree more simple. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: internet explorer fixesPetr Vobornik2014-07-282-2/+8
| | | | | | | | | Fixed: 1. IE doesn't support value 'initial' in CSS rule. 2. setting innerHTML='' also destroys content of child nodes in LoginScreen in IE -> reattached buttons have no text. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-02 13:25:40 +0000