freeipa.git - FreeIPA patches

diff options

author	Fraser Tweedale <ftweedal@redhat.com>	2016-11-15 14:02:54 +1000
committer	Martin Basti <mbasti@redhat.com>	2016-12-14 18:08:33 +0100
commit	fec4c32ff15a96736740cf7d2f713a21af0b227e (patch)
tree	f6966c603ef45eadb460ccfe71299469443feabb /daemons
parent	397f2be9dfd6475127742c0b710b37b443d97d67 (diff)
download	freeipa-fec4c32ff15a96736740cf7d2f713a21af0b227e.tar.gz freeipa-fec4c32ff15a96736740cf7d2f713a21af0b227e.tar.xz freeipa-fec4c32ff15a96736740cf7d2f713a21af0b227e.zip

certprofile-mod: correctly authorise config update

Certificate profiles consist of an FreeIPA object, and a corresponding Dogtag configuration object. When updating profile configuration, changes to the Dogtag configuration are not properly authorised, allowing unprivileged operators to modify (but not create or delete) profiles. This could result in issuance of certificates with fraudulent subject naming information, improper key usage, or other badness. Update certprofile-mod to ensure that the operator has permission to modify FreeIPA certprofile objects before modifying the Dogtag configuration. https://fedorahosted.org/freeipa/ticket/6560 Reviewed-By: Jan Cholasta <jcholast@redhat.com>

Diffstat (limited to 'daemons')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: