freeipa.git/ipa-client/ipa-join.c, branch webui_isolate FreeIPA patches Split ipa-client/ into ipaclient/ (Python library) and client/ (C, scripts) 2016-01-27T11:09:02+00:00 Petr Viktorin pviktori@redhat.com 2016-01-14T13:15:49+00:00 840de9bb48b37508e11fc0514761161e7cd0f9ef Make ipaclient a Python library like ipapython, ipalib, etc. Use setup.py instead of autotools for installing it. Move C client tools, Python scripts, and man pages, to client/. Remove old, empty or outdated, boilerplate files (NEWS, README, AUTHORS). Remove /setup-client.py (ipalib/setup.py should be used instead). Update Makefiles and the spec file accordingly. https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Make ipaclient a Python library like ipapython, ipalib, etc.
Use setup.py instead of autotools for installing it.

Move C client tools, Python scripts, and man pages, to client/.

Remove old, empty or outdated, boilerplate files (NEWS, README, AUTHORS).
Remove /setup-client.py (ipalib/setup.py should be used instead).

Update Makefiles and the spec file accordingly.

https://fedorahosted.org/freeipa/ticket/5638

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Fix unchecked return value in ipa-join 2014-11-25T08:23:24+00:00 Jan Cholasta jcholast@redhat.com 2014-11-10T18:12:02+00:00 47a08f34980053400e1b52f016546b13a8626bd7 https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
https://fedorahosted.org/freeipa/ticket/4713

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Fix memory leaks in ipa-join 2014-11-05T14:28:27+00:00 Jan Cholasta jcholast@redhat.com 2014-11-05T08:59:08+00:00 ade02cdac48dd46b25a647898aff20790483717e Also remove dead code in ipa-join and add initializer to a variable in ipa-getkeytab to prevent false positives in static code analysis. https://fedorahosted.org/freeipa/ticket/4651 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
Also remove dead code in ipa-join and add initializer to a variable in
ipa-getkeytab to prevent false positives in static code analysis.

https://fedorahosted.org/freeipa/ticket/4651

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Add support for re-enrolling hosts using keytab 2013-03-12T14:13:09+00:00 Tomas Babej tbabej@redhat.com 2013-02-26T12:20:13+00:00 a38d93f65f87db1a0b9c34eb0ba1b6d9dca9e060 A host that has been recreated and does not have its host entry disabled or removed, can be re-enrolled using a previously backed up keytab file. A new option --keytab has been added to ipa-client-install. This can be used to specify path to the keytab and can be used instead of -p or -w options. A new option -f has been added to ipa-join. It forces client to join even if the host entry already exits. A new certificate, ssh keys are generated, ipaUniqueID stays the same. Design page: http://freeipa.org/page/V3/Client_install_using_keytab https://fedorahosted.org/freeipa/ticket/3374 
A host that has been recreated  and does not have its
host entry disabled or removed, can be re-enrolled using
a previously backed up keytab file.

A new option --keytab has been added to ipa-client-install. This
can be used to specify path to the keytab and can be used instead
of -p or -w options.

A new option -f has been added to ipa-join. It forces client to
join even if the host entry already exits. A new certificate,
ssh keys are generated, ipaUniqueID stays the same.

Design page: http://freeipa.org/page/V3/Client_install_using_keytab

https://fedorahosted.org/freeipa/ticket/3374
Do SSL CA verification and hostname validation. 2013-01-23T19:26:42+00:00 Rob Crittenden rcritten@redhat.com 2012-11-13T22:42:07+00:00 91f4af7e6af53e1c6bf17ed36cb2161863eddae4 






Reorder XML-RPC initialization in ipa-join to avoid segfault.
2012-12-07T14:41:44+00:00

Rob Crittenden
rcritten@redhat.com

2012-12-06T20:52:05+00:00

0d836cd6ee9d7b29808cbf36582eed71a5b6a32a

There were a number of code paths where we would try to call
xmlrpc_env_clean() without having first called xmlrpc_env_init()
Re-order the code so we always initialize the XML-RPC client first.

I also noticed a place where the return value of strdup() was not
being checked for NULL.

https://fedorahosted.org/freeipa/ticket/3275





There were a number of code paths where we would try to call
xmlrpc_env_clean() without having first called xmlrpc_env_init()
Re-order the code so we always initialize the XML-RPC client first.

I also noticed a place where the return value of strdup() was not
being checked for NULL.

https://fedorahosted.org/freeipa/ticket/3275







Use indexed format specifiers in i18n strings
2012-04-10T22:07:10+00:00

John Dennis
jdennis@redhat.com

2012-03-30T01:34:19+00:00

b8f1292e869c3c0d2301809054eb21a72f02b180

Translators need to reorder messages to suit the needs of the target
language. The conventional positional format specifiers (e.g. %s %d)
do not permit reordering because their order is tied to the ordering
of the arguments to the printf function. The fix is to use indexed
format specifiers.

https://fedorahosted.org/freeipa/ticket/2596





Translators need to reorder messages to suit the needs of the target
language. The conventional positional format specifiers (e.g. %s %d)
do not permit reordering because their order is tied to the ordering
of the arguments to the printf function. The fix is to use indexed
format specifiers.

https://fedorahosted.org/freeipa/ticket/2596







Add support defaultNamingContext and add --basedn to migrate-ds
2012-02-29T14:28:13+00:00

Rob Crittenden
rcritten@redhat.com

2012-01-30T21:29:32+00:00

e889b82599ddd939ed2a65b0011d5807c587cf05

There are two sides to this, the server and client side.

On the server side we attempt to add a defaultNamingContext on already
installed servers. This will fail on older 389-ds instances but the
failure is not fatal. New installations on versions of 389-ds that
support this attribute will have it already defined.

On the client side we need to look for both defaultNamingContext and
namingContexts. We still need to check that the defaultNamingContext
is an IPA server (info=IPAV2).

The migration change also takes advantage of this and adds a new
option which allows one to provide a basedn to use instead of trying
to detect it.

https://fedorahosted.org/freeipa/ticket/1919
https://fedorahosted.org/freeipa/ticket/2314





There are two sides to this, the server and client side.

On the server side we attempt to add a defaultNamingContext on already
installed servers. This will fail on older 389-ds instances but the
failure is not fatal. New installations on versions of 389-ds that
support this attribute will have it already defined.

On the client side we need to look for both defaultNamingContext and
namingContexts. We still need to check that the defaultNamingContext
is an IPA server (info=IPAV2).

The migration change also takes advantage of this and adds a new
option which allows one to provide a basedn to use instead of trying
to detect it.

https://fedorahosted.org/freeipa/ticket/1919
https://fedorahosted.org/freeipa/ticket/2314







localhost.localdomain clients refused to join
2012-01-23T03:01:40+00:00

Ondrej Hamada
ohamada@redhat.com

2012-01-20T12:44:48+00:00

f7b4eb6a0918c0b73d4b98f47dcd76fa4e8072f5

Machines with hostname 'localhost' or 'localhost.localdomain' are
refused from joining IPA domain and proper error message is shown.
The hostname check is done both in 'ipa-client-install' script and in
'ipa-join'.

https://fedorahosted.org/freeipa/ticket/2112





Machines with hostname 'localhost' or 'localhost.localdomain' are
refused from joining IPA domain and proper error message is shown.
The hostname check is done both in 'ipa-client-install' script and in
'ipa-join'.

https://fedorahosted.org/freeipa/ticket/2112







Require an HTTP Referer header in the server. Send one in ipa tools.
2011-12-12T22:36:45+00:00

Rob Crittenden
rcritten@redhat.com

2011-10-20T15:29:26+00:00

2d6eeb205e196cc6556f832555e74968619c0f1e

This is to prevent a Cross-Site Request Forgery (CSRF) attack where
a rogue server tricks a user who was logged into the FreeIPA
management interface into visiting a specially-crafted URL where
the attacker could perform FreeIPA oonfiguration changes with the
privileges of the logged-in user.

https://bugzilla.redhat.com/show_bug.cgi?id=747710





This is to prevent a Cross-Site Request Forgery (CSRF) attack where
a rogue server tricks a user who was logged into the FreeIPA
management interface into visiting a specially-crafted URL where
the attacker could perform FreeIPA oonfiguration changes with the
privileges of the logged-in user.

https://bugzilla.redhat.com/show_bug.cgi?id=747710