summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ipasam: replace trim_char() with trim_string()replace_private_samba_callsSumit Bose2012-08-311-2/+1
|
* ipasam: remove fetch_ldap_pw()Sumit Bose2012-08-311-10/+2
|
* ipasam: replace get_global_sam_sid()Sumit Bose2012-08-311-4/+12
|
* ipasam: add libsss_idmap context and replace string_to_sid()Sumit Bose2012-08-311-31/+87
|
* ipasam: Replace global_sid_BuiltinSumit Bose2012-08-311-1/+3
|
* ipasam: Replace sid_peek_check_rid()Sumit Bose2012-08-311-1/+17
|
* ipasam: Replace sid_check_is_our_sam()Sumit Bose2012-08-311-2/+1
|
* ipasam: Replace dom_sid_compare_domain()Sumit Bose2012-08-311-1/+27
|
* ipasam: Replace is_null_sid()Sumit Bose2012-08-311-1/+24
|
* ipasam: replace sid_compose()Sumit Bose2012-08-311-1/+14
|
* ipasam: replace sid_copy()Sumit Bose2012-08-311-1/+15
|
* Remove talloc_asprintf_strupper_m()Sumit Bose2012-08-311-3/+8
|
* Remove strlower_m()Sumit Bose2012-08-311-3/+1
|
* Replace strnequal()Sumit Bose2012-08-311-1/+16
|
* Remove sid_peek_rid()Sumit Bose2012-08-311-11/+18
|
* Remove nt_lm_owf_gen() and dependency to libcliauth.soSumit Bose2012-08-311-12/+59
|
* Make encode_ntlm_keys() publicSumit Bose2012-08-316-197/+242
|
* ipasam: cleanup explicit dependencies to samba libsSumit Bose2012-08-311-3/+0
|
* Fixes different behaviour of permission-mod and show.Tomas Babej2012-08-292-1/+88
| | | | | | | Both commands now produce the same output regarding the attributelevelrights. https://fedorahosted.org/freeipa/ticket/2875
* Password policy paging with proper sortingPetr Vobornik2012-08-292-3/+6
| | | | | | | | This patch adds option to disable sorting when paging. It allowed to enable paging in password policy with order of items untouched (they are sorted on server side by priority). Also fixing issue when paging is disabled and command summary = null. It displayed 'null' in facet footer. https://fedorahosted.org/freeipa/ticket/2677
* Successful action notificationPetr Vobornik2012-08-2915-81/+135
| | | | | | | | | | | | | | | | | | | User was not notified about success of actions executed from action list, action panel or facet cotrol bar. This patch adds IPA.notify_success(message) call. It creates a yellow notification area with supplied message in Web UI header in the middle of the green area (empty space of first level navigation). This area is displayed for 3s and then it fades out (800ms). It also fades out when it is clicked. This call is used(directly or indirectly) in: * search facets: delete, disable, enable actions * details facets: delete action * user details facet: reset password action * host details facet: unprovision, set OTP actions * service details facet: unprovision action * host and service details facet: request, revoke, restore certificates actions * group details facet: change to POSIX/external actions * dns zone details facet: add/remove permission actions https://fedorahosted.org/freeipa/ticket/2977
* Fix issue which broke setup of Web UI unit testsPetr Vobornik2012-08-291-1/+3
| | | | | | Web UI itself wasn't negatively affected. https://fedorahosted.org/freeipa/ticket/2897
* Revert change causing failure in test automationPetr Vobornik2012-08-291-3/+3
| | | | | | | | Move of click handler in patch for #2834 causes failure of automation tests. This patch reverts the problematic part. It should not affect function of fix for #2824. https://fedorahosted.org/freeipa/ticket/3014
* Restrict the SELinux user map user MLS value to 0-1023Rob Crittenden2012-08-292-1/+13
| | | | https://fedorahosted.org/freeipa/ticket/3001
* Update Contributors.txt fileMartin Kosek2012-08-281-8/+14
| | | | Update list of active developers working on IPA.
* Improves deletion of PTR records in ipa host-delTomas Babej2012-08-281-1/+6
| | | | | | | Command ipa host-del with --updatedns now can deal both with hosts which zones are in FQDN form with or without a trailing dot. https://fedorahosted.org/freeipa/ticket/2809
* Fix managedBy label for DNS zoneMartin Kosek2012-08-263-3/+16
| | | | | | | | | | | | Even though managedBy output parameter was only used for failed host managedBy memberships, it was defined in global baseldap.py classes. Incorrect label was then being displayed also for DNS zone per-zone permission attribute with the same name. Move managedBy output parameter to host plugin. Define proper managedBy output parameter in DNS plugin to improve clarity of this attribute. https://fedorahosted.org/freeipa/ticket/2946
* Ticket #2850 - Ipactl exception not handled wellJohn Dennis2012-08-272-6/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ticket #2850 - Ipactl exception not handled well There were various places in ipactl which intialized IpactlError with None as the msg. If you called str() on that exception all was well because ScriptError.__str__() converted a msg with None to the empty string (IpactlError is subclassed from ScriptError). But a few places directly access e.msg which will be None if initialized that way. It's hard to tell from the stack traces but I'm pretty sure it's those places which use e.msg directly which will cause the problems seen in the bug report. I do not believe it is ever correct to initialize an exception message to None, I don't even understand what that means. On the other hand initializing to the empty string is sensible and for that matter is the default for the class. This patch makes two fixes: 1) The ScriptError initializer will now convert a msg parameter of None to the empty string. 2) All places that initialized IpactlError's msg parameter to None removed the None initializer allowing the msg parameter to default to the empty string. I don't know how to test the fix for Ticket #2850 because it's not clear how it got into that state in the first place, but I do believe initialing the msg value to None is clearly wrong and should fix the problem.
* Don't generate password history error if history is set to 0.Rob Crittenden2012-08-271-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/2805
* Ask for admin password in ipa-adtrust-installAlexander Bokovoy2012-08-242-0/+46
| | | | | | | | | The credentials of the admin user will be used to obtain Kerberos ticket before configuring cross-realm trusts support and afterwards, to ensure that the ticket contains MS-PAC information required to actually add a trust with Active Directory domain via 'ipa trust-add --type=ad' command. https://fedorahosted.org/freeipa/ticket/2852
* Ticket #3008: DN objects hash differently depending on caseJohn Dennis2012-08-223-30/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because the attrs & values in DN's, RDN's and AVA's are comparison case- insensitive the hash value between two objects which compare as equal but differ in case must also yield the same hash value. This is critical when these objects are used as a dict key or in a set because dicts and sets use the object's __hash__ value in conjunction with the objects __eq__ method to lookup the object. The defect is the DN, RDN & AVA objects computed their hash from the case- preserving string representation thus two otherwise equal objects incorrectly yielded different hash values. The problem manifests itself when one of these objects is used as a key in a dict, for example a dn. dn1 = DN(('cn', 'Bob')) dn2 = DN(('cn', 'bob')) dn1 == dn2 --> True hash(dn1) == hash(dn2) --> False d = {} d[dn1] = x d[dn2] = y len(d) --> 2 The patch fixes the above by lower casing the string representation of the object prior to computing it's hash. The patch also corrects a spelling mistake and a bogus return value in ldapupdate.py which happened to be discovered while researching this bug.
* Adds dependency on samba4-winbind.Tomas Babej2012-08-221-0/+4
| | | | | Dependency on samba4-winbind has been added to the package freeipa-server-trust-ad.
* Add ACI to allow regenerating ipaNTHash from ipasamAlexander Bokovoy2012-08-221-1/+2
| | | | | | ACI was lacking to allow actually writing MagicRegen into ipaNTHash attribute, Part 2 of https://fedorahosted.org/freeipa/ticket/3016
* Fix ipasam ipaNThash magic regen to actually fetch updated passwordAlexander Bokovoy2012-08-221-13/+9
| | | | | | | With this change ipasam is able to ask for ipaNTHash generation and if corresponding Kerberos key is available, will be able to retrieve generated ipaNTHash. Part 1 of https://fedorahosted.org/freeipa/ticket/3016
* Recover from invalid cached kerberos credentials in ipasamAlexander Bokovoy2012-08-221-37/+77
| | | | | | | | | | | | | | | | When developing and testing in the same environment, multiple re-installs may be needed. This means previously issued and cached Kerberos credentials will become invalid upon new install. ipasam passdb module for Samba uses Kerberos authentication when talking to IPA LDAP server. Obtained Kerberos credentials are cached during their lifetime. However, the ccache is not removed automatically and if IPA setup is made again, cached credentials are used, only to discover that they are invalid. With this change invalid correctly obtained cached credentials are recognized and, if LDAP SASL bind fails, new credentials are requested from the KDC. https://fedorahosted.org/freeipa/ticket/3009
* Use libsamba-security instead of libsecuritySumit Bose2012-08-222-2/+2
| | | | | In samba4-beta6 the name of a library was changed from libsecurity to libsamba-security.
* Range Web UIPetr Vobornik2012-08-2114-3/+401
| | | | | | | | | | | Range web UI was implemented. It consist of: * new menu item - 'ranges' in 'IPA Server' tab * new search page * new details page https://fedorahosted.org/freeipa/ticket/2894
* Fix client-only buildMartin Kosek2012-08-171-1/+1
| | | | | | Client-only build unconditionally touched some files from freeipa-server package and thus the installation crashed. Fix spec file to enable client-only builds like "make client-rpms".
* Read DM password from option in external CA installMartin Kosek2012-08-171-1/+4
| | | | | | | | ipa-server-install with external CA could not be run in an unattended mode as DM password was required to decipher answer cache. https://fedorahosted.org/freeipa/ticket/2793
* Bump bind-dyndb-ldap version in spec fileMartin Kosek2012-08-171-1/+5
| | | | | | The updated version of the BIND LDAP plugin includes completed support of DNS zone transfers. With the new version, users will be able to configure slave DNS servers for IPA master DNS server.
* Become IPA v3 beta 2 (3.0.0.pre2)Rob Crittenden2012-08-151-1/+1
|
* Ignore lint errors if pysssd_murmur and samba4 support not installed when ↵Alexander Bokovoy2012-08-151-2/+2
| | | | | | | building client code. Since ipalib.plugins.trust has both client-side and server-side code, this is the only way to properly handle linting errors.
* trust CLI: add ID range for new trusted domainSumit Bose2012-08-153-2/+66
|
* extdom: read ranges from LDAPSumit Bose2012-08-151-0/+72
|
* Ticket #2584 - Installation fails when CN is set in certificate subject baseJohn Dennis2012-08-161-14/+13
| | | | | | | | | | | | | | | | | | It is illegal to have more than one CN attribute in a certificate subject. The subject command line arg is actually inserting a dn between a leading RDN with a CN attribute and a suffix. The final subject must have only CN attribute therefore the subject command line arg must not contain CN. The patch modifies the subject validation to prohibit CN. It also improves the error messages to clearly indicate which command line parameter caused the failure and why. While fixing the above it discovered the logic used for subject validation with an external CA was flawed. DN objects were not being used when they should be (certificate subject and issuer fields are dn syntax). That code was also fixed so that the comparisions between subjects and issuers were performed with DN objects. While fixing this it was noted the object type relationship between IPA DN objects and x509 DN objects was awkward, ticket 3003 was opened to address this.
* Validate default user in ordered list when using setattr, require MLSRob Crittenden2012-08-162-11/+24
| | | | | | The MLS was optional in the format, it should be required. https://fedorahosted.org/freeipa/ticket/2984
* Raise proper exception when given a bad DN attribute.Rob Crittenden2012-08-161-1/+4
|
* Use DN object for Directory Manager in ipa-replica-manage connect commandRob Crittenden2012-08-161-1/+1
|
* Convert PKCS#11 subject to string before passing to ipapython.DNRob Crittenden2012-08-151-1/+1
|
* Add internationalization to DCE RPC codeAlexander Bokovoy2012-08-141-10/+20
| | | | https://fedorahosted.org/freeipa/ticket/2964
generated by cgit (git 2.34.1) at 2025-08-28 21:51:51 +0000