summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Tests: host tests with dnsMartin Basti2014-08-111-0/+448
| | | | | | Test for: https://fedorahosted.org/freeipa/ticket/4164 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Allow to add host if AAAA record existsMartin Basti2014-08-113-7/+18
| | | | | | http://fedorahosted.org/freeipa/ticket/4164 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Fix parsing of long nicknames in certutil -L output.Jan Cholasta2014-08-071-4/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4453 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: test_trust: Add test to cover lookup of trusdomainsTomas Babej2014-08-071-5/+31
| | | | | | | | | | | | | Adds an integration tests that checks that all trustdomains are able to be found by trustdomain-find command right after the trust has been established. Also moves some code to allow easier adding common test cases for both POSIX and non-POSIX test classes. https://fedorahosted.org/freeipa/ticket/4208 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipa-adtrust-install does not re-add member in adtrust agents groupMartin Kosek2014-08-071-18/+21
| | | | | | | | | | | | When a CIFS service exists and adtrust agents group does not have it as a member attribute (for whatever reason), re-running ipa-adtrust-install does not fix the inconsistency. Make the installer more robust by being able to fix the inconsistency. https://fedorahosted.org/freeipa/ticket/4464 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add test for baseldap.entry_to_dict.Jan Cholasta2014-08-041-0/+49
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* webui-ci: fix reset password checkPetr Vobornik2014-07-311-3/+3
| | | | | | | | | After login, CI checks if password needs a reset by checking if reset password fields are displayed. This check failed since login facet was removed from DOM after successful auth. Weakening the selector fixes it. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Enable NSS PKIX certificate path discovery and validation for Dogtag.Jan Cholasta2014-07-304-0/+27
| | | | | | Part of https://fedorahosted.org/freeipa/ticket/3737 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Update external CA cert in Dogtag NSS DB on IPA CA cert renewal.Jan Cholasta2014-07-301-9/+62
| | | | | | Part of https://fedorahosted.org/freeipa/ticket/3737 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Allow upgrading CA-less to CA-full using ipa-ca-install.Jan Cholasta2014-07-304-21/+227
| | | | | | Part of https://fedorahosted.org/freeipa/ticket/3737 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Allow adding CA certificates to certificate store in ipa-cacert-manage.Jan Cholasta2014-07-302-2/+78
| | | | | | Part of https://fedorahosted.org/freeipa/ticket/3737 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Update CS.cfg on IPA CA certificate chaining change in renew_ca_cert.Jan Cholasta2014-07-301-12/+38
| | | | | | Part of https://fedorahosted.org/freeipa/ticket/3737 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Allow changing chaining of the IPA CA certificate in ipa-cacert-manage.Jan Cholasta2014-07-302-5/+30
| | | | | | Part of https://fedorahosted.org/freeipa/ticket/3737 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add new NSSDatabase method get_cert for getting certs from NSS databases.Jan Cholasta2014-07-301-1/+13
| | | | | | Part of https://fedorahosted.org/freeipa/ticket/3737 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Allow multiple CA certificates in replica info files.Jan Cholasta2014-07-301-1/+15
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Export full CA chain to /etc/ipa/ca.crt in ipa-server-install.Jan Cholasta2014-07-301-0/+5
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add client certificate update tool ipa-certupdate.Jan Cholasta2014-07-307-0/+238
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Get up-to-date CA certificates from certificate store in ipa-replica-install.Jan Cholasta2014-07-301-10/+18
| | | | | | | | | Previously it used CA certificate from the replica info file directly. Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Get CA certs for system-wide store from cert store in ipa-client-install.Jan Cholasta2014-07-304-26/+100
| | | | | | | | | | All of the certificates and associated key policy are now stored in /etc/pki/ca-trust/source/ipa.p11-kit. Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add functions for DER encoding certificate extensions to ipalib.x509.Jan Cholasta2014-07-301-0/+25
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Get CA certs for /etc/pki/nssdb from certificate store in ipa-client-install.Jan Cholasta2014-07-302-43/+122
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Allow overriding NSS database path in RPCClient.Jan Cholasta2014-07-301-2/+5
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Get CA certs for /etc/ipa/ca.crt from certificate store in ipa-client-install.Jan Cholasta2014-07-301-26/+10
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add function for writing list of certificates to a PEM file to ipalib.x509.Jan Cholasta2014-07-303-12/+32
| | | | | | | | | | Also rename load_certificate_chain_from_file to load_certificate_list_from_file. Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Support multiple CA certificates in /etc/ipa/ca.crt in ipa-client-install.Jan Cholasta2014-07-301-45/+51
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Refactor CA certificate fetching code in ipa-client-install.Jan Cholasta2014-07-301-51/+37
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Upload renewed CA cert to certificate store on renewal.Jan Cholasta2014-07-301-7/+2
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Import CA certs from certificate store to HTTP NSS database on server install.Jan Cholasta2014-07-301-0/+5
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Import CA certs from certificate store to DS NSS database on replica install.Jan Cholasta2014-07-302-1/+29
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add new add_cert method for adding certificates to NSSDatabase and CertDB.Jan Cholasta2014-07-302-15/+13
| | | | | | | | | | Replace all uses of NSSDatabase method add_single_pem_cert with add_cert and remove add_single_pem_cert. Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Rename CertDB method add_cert to import_cert.Jan Cholasta2014-07-301-3/+3
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Upload CA chain from DS NSS database to certificate store on server update.Jan Cholasta2014-07-301-16/+52
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Upload CA chain from DS NSS database to certificate store on server install.Jan Cholasta2014-07-301-19/+17
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add certificate store module ipalib.certstore.Jan Cholasta2014-07-301-0/+397
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add function for extracting extended key usage from certs to ipalib.x509.Jan Cholasta2014-07-301-0/+22
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add functions for extracting certificates fields in DER to ipalib.x509.Jan Cholasta2014-07-301-0/+55
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add permissions for certificate store.Jan Cholasta2014-07-304-0/+89
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Configure attribute uniqueness for certificate store.Jan Cholasta2014-07-301-0/+34
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add container for certificate store.Jan Cholasta2014-07-303-0/+11
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add LDAP schema for certificate store.Jan Cholasta2014-07-304-0/+11
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add LDAP schema for wrapped cryptographic keys.Jan Cholasta2014-07-301-0/+7
| | | | | | | | | | This is part of the schema at <http://www.freeipa.org/page/V4/PKCS11_in_LDAP/Schema>. Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Fix trust flags in HTTP and DS NSS databases.Jan Cholasta2014-07-305-17/+54
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Allow specifying trust flags in NSSDatabase and CertDB method trust_root_cert.Jan Cholasta2014-07-301-4/+6
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Remove certificate "External CA cert" from /etc/pki/nssdb on client uninstall.Jan Cholasta2014-07-301-3/+7
| | | | | | | This is a no longer used nickname for CA certificate on CA-less server installs. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Do not treat the IPA RA cert as CA cert in DS NSS database.Jan Cholasta2014-07-302-10/+27
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Allow IPA master hosts to read and update IPA master information.Jan Cholasta2014-07-302-0/+42
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Check that renewed certificates coming from LDAP are actually renewed.Jan Cholasta2014-07-301-6/+32
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Do not use ldapi in certificate renewal scripts.Jan Cholasta2014-07-304-82/+107
| | | | | | This prevents SELinux denials when accessing the ldapi socket. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Remove master ACIs when deleting a replica.Jan Cholasta2014-07-301-0/+43
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Pick new CA renewal master when deleting a replica.Jan Cholasta2014-07-302-3/+20
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
generated by cgit (git 2.34.1) at 2024-10-06 21:30:00 +0000