[Pkg-freeipa-devel] freeipa: Changes to 'debian-unstable'
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Mon Feb 11 22:05:07 UTC 2013
.tx/config | 2
API.txt | 383
Contributors.txt | 26
Makefile | 21
VERSION | 8
contrib/RHEL4/ipa-client-setup | 11
daemons/Makefile.am | 1
daemons/configure.ac | 46
daemons/ipa-kdb/Makefile.am | 3
daemons/ipa-kdb/ipa_kdb.c | 71
daemons/ipa-kdb/ipa_kdb.h | 13
daemons/ipa-kdb/ipa_kdb_audit_as.c | 17
daemons/ipa-kdb/ipa_kdb_common.c | 4
daemons/ipa-kdb/ipa_kdb_mspac.c | 1170
daemons/ipa-kdb/ipa_kdb_principals.c | 228
daemons/ipa-sam/Makefile.am | 66
daemons/ipa-sam/README | 1
daemons/ipa-sam/ipa_sam.c | 4155 +
daemons/ipa-sam/ipa_sam.h | 28
daemons/ipa-slapi-plugins/Makefile.am | 4
daemons/ipa-slapi-plugins/ipa-cldap/Makefile.am | 50
daemons/ipa-slapi-plugins/ipa-cldap/ipa-cldap-conf.ldif | 16
daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap.c | 240
daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap.h | 107
daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_netlogon.c | 349
daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_worker.c | 347
daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am | 74
daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa-extdom-extop-conf.ldif | 16
daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h | 154
daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c | 598
daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_extop.c | 236
daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_tests.c | 203
daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c | 120
daemons/ipa-slapi-plugins/ipa-modrdn/ipa_modrdn.c | 26
daemons/ipa-slapi-plugins/ipa-modrdn/modrdn-conf.ldif | 2
daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am | 3
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | 50
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h | 9
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c | 46
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c | 229
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c | 355
daemons/ipa-slapi-plugins/ipa-pwd-extop/pwd-extop-conf.ldif | 1
daemons/ipa-slapi-plugins/ipa-range-check/Makefile.am | 46
daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c | 524
daemons/ipa-slapi-plugins/ipa-range-check/range-check-conf.ldif | 16
daemons/ipa-slapi-plugins/ipa-sidgen/Makefile.am | 61
daemons/ipa-slapi-plugins/ipa-sidgen/ipa-sidgen-conf.ldif | 16
daemons/ipa-slapi-plugins/ipa-sidgen/ipa-sidgen-task-conf.ldif | 20
daemons/ipa-slapi-plugins/ipa-sidgen/ipa-sidgen-task-run.ldif | 10
daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen.c | 244
daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen.h | 108
daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen_common.c | 562
daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen_task.c | 351
daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c | 9
daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c | 91
debian/changelog | 3
debian/control | 6
debian/patches/fix-nss-include.diff | 2
debian/patches/fix-string-format.diff | 14
debian/patches/fix_dnsclient.py.patch | 25
debian/patches/no-test-lang.diff | 12
debian/patches/no-testcert.patch | 4
debian/patches/prefix.patch | 12
debian/patches/series | 1
dev/null |binary
doc/examples/examples.py | 9
freeipa.spec.in | 556
init/systemd/ipa.conf.tmpfiles | 1
install/Makefile.am | 8
install/certmonger/Makefile.am | 14
install/certmonger/dogtag-ipa-retrieve-agent-submit | 80
install/conf/Makefile.am | 3
install/conf/ca_renewal | 6
install/conf/ipa-pki-proxy.conf | 23
install/conf/ipa-rewrite.conf | 5
install/conf/ipa.conf | 24
install/configure.ac | 11
install/ffextension/Makefile.am | 23
install/ffextension/bootstrap.js | 88
install/ffextension/chrome.manifest | 4
install/ffextension/chrome/Makefile.am | 19
install/ffextension/chrome/content/Makefile.am | 17
install/ffextension/chrome/content/kerberosauth.js | 175
install/ffextension/chrome/content/kerberosauth_overlay.xul | 9
install/ffextension/install.rdf | 26
install/ffextension/locale/Makefile.am | 19
install/ffextension/locale/en-US/Makefile.am | 16
install/ffextension/locale/en-US/kerberosauth.properties | 4
install/html/Makefile.am | 2
install/html/browserconfig.html | 84
install/html/ffconfig.js | 116
install/html/ffconfig_page.js | 148
install/html/ipa_error.css | 6
install/html/jsl.conf | 131
install/html/ssbrowser.html | 26
install/html/unauthorized.html | 31
install/migration/migration.py | 5
install/po/LINGUAS | 19
install/po/Makefile.in | 34
install/po/README | 16
install/po/as.po | 7947 --
install/po/bn_IN.po | 7925 --
install/po/de.po | 7926 --
install/po/el.po | 7947 --
install/po/es.po | 5684 --
install/po/fa.po | 7923 --
install/po/fr.po | 6258 +-
install/po/gu.po | 7947 --
install/po/he.po | 7948 --
install/po/id.po | 7730 --
install/po/ipa.pot | 5177 +
install/po/it.po | 7947 --
install/po/ja.po | 8031 --
install/po/ja_JP.po | 7794 --
install/po/kn.po | 7775 --
install/po/ko.po | 7923 --
install/po/nl.po | 7943 --
install/po/pl.po | 7538 --
install/po/pt.po | 7947 --
install/po/pt_BR.po | 7947 --
install/po/ru.po | 7969 --
install/po/sv.po | 7947 --
install/po/tg.po | 347
install/po/uk.po | 7476 +-
install/po/zh_CN.po | 7862 --
install/po/zh_TW.po | 7924 --
install/restart_scripts/Makefile.am | 3
install/restart_scripts/renew_ca_cert | 115
install/restart_scripts/renew_ra_cert | 135
install/restart_scripts/restart_dirsrv | 29
install/restart_scripts/restart_httpd | 25
install/restart_scripts/restart_pkicad | 57
install/share/60basev2.ldif | 5
install/share/60basev3.ldif | 34
install/share/60ipadns.ldif | 1
install/share/60samba.ldif | 40
install/share/61kerberos-ipav3.ldif | 3
install/share/65ipasudo.ldif | 4
install/share/Makefile.am | 10
install/share/bind.named.conf.template | 1
install/share/bind.zone.db.template | 3
install/share/bootstrap-template.ldif | 31
install/share/certmap.conf.template | 23
install/share/copy-schema-to-ca.py | 84
install/share/default-aci.ldif | 18
install/share/default-smb-group.ldif | 8
install/share/delegation.ldif | 22
install/share/disable-betxn.ldif | 61
install/share/dna.ldif | 2
install/share/dns.ldif | 9
install/share/indices.ldif | 117
install/share/krb.js.template | 2
install/share/krb5.conf.template | 5
install/share/krb5.ini.template | 1
install/share/nis.uldif | 24
install/share/preferences.html.template | 24
install/share/referint-conf.ldif | 28
install/share/replica-acis.ldif | 5
install/share/replica-s4u2proxy.ldif | 5
install/share/schema_compat.uldif | 15
install/share/smb.conf.empty | 2
install/share/smb.conf.template | 29
install/share/unique-attributes.ldif | 18
install/share/upload-cacert.ldif | 7
install/tools/Makefile.am | 1
install/tools/ipa-adtrust-install | 372
install/tools/ipa-ca-install | 128
install/tools/ipa-compat-manage | 30
install/tools/ipa-compliance | 5
install/tools/ipa-csreplica-manage | 193
install/tools/ipa-dns-install | 76
install/tools/ipa-ldap-updater | 148
install/tools/ipa-managed-entries | 38
install/tools/ipa-nis-manage | 30
install/tools/ipa-replica-conncheck | 36
install/tools/ipa-replica-install | 368
install/tools/ipa-replica-manage | 512
install/tools/ipa-replica-prepare | 67
install/tools/ipa-server-certinstall | 22
install/tools/ipa-server-install | 360
install/tools/ipa-upgradeconfig | 490
install/tools/ipactl | 302
install/tools/man/Makefile.am | 1
install/tools/man/ipa-adtrust-install.1 | 112
install/tools/man/ipa-ca-install.1 | 3
install/tools/man/ipa-dns-install.1 | 11
install/tools/man/ipa-ldap-updater.1 | 1
install/tools/man/ipa-managed-entries.1 | 5
install/tools/man/ipa-replica-install.1 | 20
install/tools/man/ipa-replica-manage.1 | 45
install/tools/man/ipa-replica-prepare.1 | 17
install/tools/man/ipa-server-install.1 | 15
install/tools/man/ipa-upgradeconfig.8 | 9
install/ui/Makefile.am | 5
install/ui/README-LICENSE.txt | 566
install/ui/aci.js | 108
install/ui/add.js | 23
install/ui/association.js | 428
install/ui/automember.js | 4
install/ui/automount.js | 10
install/ui/certificate.js | 716
install/ui/details.js | 516
install/ui/dialog.js | 115
install/ui/dns.js | 258
install/ui/entity.js | 9
install/ui/facet.js | 1094
install/ui/field.js | 92
install/ui/group.js | 142
install/ui/hbac.js | 56
install/ui/hbactest.js | 27
install/ui/host.js | 415
install/ui/idrange.js | 162
install/ui/ie.css | 23
install/ui/images/Makefile.am | 4
install/ui/images/ui-bg_flat_8_225314_40x100.png |binary
install/ui/images/ui-bg_glass_40_5e5e5e_1x400.png |binary
install/ui/images/ui-icons_ededed_256x240.png |binary
install/ui/images/ui-icons_ffcf29_256x240.png |binary
install/ui/index.html | 21
install/ui/ipa.css | 301
install/ui/ipa.js | 774
install/ui/jquery-ui.css | 121
install/ui/jquery-ui.js | 888
install/ui/jquery.js | 8378 ---
install/ui/jquery.ordered-map.js | 61
install/ui/jsl.conf | 3
install/ui/login.html | 7
install/ui/login.js | 16
install/ui/navigation.js | 5
install/ui/netgroup.js | 13
install/ui/policy.js | 27
install/ui/reset_password.html | 66
install/ui/reset_password.js | 163
install/ui/rule.js | 3
install/ui/search.js | 213
install/ui/selinux.js | 56
install/ui/serverconfig.js | 22
install/ui/service.js | 269
install/ui/sudo.js | 59
install/ui/test/aci_tests.js | 5
install/ui/test/all_tests.html | 1
install/ui/test/data/dnszone_details_refresh.json | 119
install/ui/test/data/group_show.json | 8
install/ui/test/data/idrange_add.json | 34
install/ui/test/data/idrange_find.json | 32
install/ui/test/data/idrange_find_pkeys.json | 17
install/ui/test/data/idrange_get_records.json | 40
install/ui/test/data/idrange_mod.json | 43
install/ui/test/data/idrange_show.json | 44
install/ui/test/data/ipa_init.json | 147
install/ui/test/data/ipa_init_commands.json |26835 +++++-----
install/ui/test/data/ipa_init_objects.json | 7121 --
install/ui/test/data/trust_add.json | 9
install/ui/test/data/trust_find_pkeys.json | 17
install/ui/test/data/trust_show.json | 67
install/ui/test/data/user_details_refresh.json | 12
install/ui/test/data/user_mod.json | 12
install/ui/test/index.html | 1
install/ui/test/ipa_tests.js | 4
install/ui/test/jsl.conf | 3
install/ui/test/utils_tests.html | 24
install/ui/test/utils_tests.js | 136
install/ui/test/widget_tests.js | 2
install/ui/trust.js | 183
install/ui/user.js | 451
install/ui/webui.js | 10
install/ui/widget.js | 720
install/updates/10-60basev3.update | 6
install/updates/10-bind-schema.update | 9
install/updates/10-config.update | 5
install/updates/10-enable-betxn.update | 49
install/updates/10-schema_compat.update | 15
install/updates/10-selinuxusermap.update | 5
install/updates/10-uniqueness.update | 16
install/updates/20-indices.update | 98
install/updates/21-ca_renewal_container.update | 8
install/updates/25-referint.update | 13
install/updates/40-delegation.update | 25
install/updates/40-dns.update | 18
install/updates/40-replication.update | 4
install/updates/50-ipaconfig.update | 4
install/updates/50-nis.update | 23
install/updates/55-pbacmemberof.update | 8
install/updates/60-trusts.update | 68
install/updates/61-trusts-s4u2proxy.update | 7
install/updates/62-ranges.update | 36
install/updates/Makefile.am | 8
ipa-client/ipa-getkeytab.c | 381
ipa-client/ipa-install/Makefile.am | 1
ipa-client/ipa-install/ipa-client-automount | 478
ipa-client/ipa-install/ipa-client-install | 1515
ipa-client/ipa-join.c | 23
ipa-client/ipaclient/ipachangeconf.py | 188
ipa-client/ipaclient/ipadiscovery.py | 324
ipa-client/ipaclient/ntpconf.py | 80
ipa-client/man/Makefile.am | 1
ipa-client/man/default.conf.5 | 89
ipa-client/man/ipa-client-automount.1 | 89
ipa-client/man/ipa-client-install.1 | 27
ipa-client/man/ipa-getkeytab.1 | 2
ipa-client/man/ipa-join.1 | 2
ipa-client/man/ipa-rmkeytab.1 | 2
ipa.1 | 2
ipalib/__init__.py | 2
ipalib/aci.py | 26
ipalib/cli.py | 11
ipalib/config.py | 5
ipalib/constants.py | 82
ipalib/crud.py | 2
ipalib/dn.py | 1337
ipalib/encoder.py | 205
ipalib/errors.py | 162
ipalib/frontend.py | 68
ipalib/output.py | 4
ipalib/parameters.py | 163
ipalib/plugable.py | 2
ipalib/plugins/aci.py | 99
ipalib/plugins/automember.py | 31
ipalib/plugins/automount.py | 60
ipalib/plugins/baseldap.py | 840
ipalib/plugins/batch.py | 11
ipalib/plugins/cert.py | 26
ipalib/plugins/config.py | 82
ipalib/plugins/delegation.py | 1
ipalib/plugins/dns.py | 438
ipalib/plugins/entitle.py | 41
ipalib/plugins/group.py | 180
ipalib/plugins/hbacrule.py | 28
ipalib/plugins/host.py | 77
ipalib/plugins/hostgroup.py | 11
ipalib/plugins/idrange.py | 497
ipalib/plugins/internal.py | 87
ipalib/plugins/krbtpolicy.py | 5
ipalib/plugins/migration.py | 113
ipalib/plugins/netgroup.py | 14
ipalib/plugins/passwd.py | 5
ipalib/plugins/permission.py | 223
ipalib/plugins/pkinit.py | 7
ipalib/plugins/pwpolicy.py | 74
ipalib/plugins/selfservice.py | 5
ipalib/plugins/selinuxusermap.py | 132
ipalib/plugins/service.py | 92
ipalib/plugins/sudorule.py | 31
ipalib/plugins/trust.py | 484
ipalib/plugins/user.py | 142
ipalib/plugins/virtual.py | 11
ipalib/rpc.py | 384
ipalib/session.py | 52
ipalib/util.py | 211
ipalib/x509.py | 44
ipapython/README | 3
ipapython/admintool.py | 232
ipapython/certmonger.py | 103
ipapython/config.py | 76
ipapython/cookie.py | 679
ipapython/dn.py | 1658
ipapython/dnsclient.py | 469
ipapython/dogtag.py | 292
ipapython/entity.py | 63
ipapython/ipa_log_manager.py | 9
ipapython/ipautil.py | 874
ipapython/kernel_keyring.py | 102
ipapython/log_manager.py | 2
ipapython/nsslib.py | 98
ipapython/platform/base.py | 116
ipapython/platform/fedora16.py | 161
ipapython/platform/fedora18.py | 113
ipapython/platform/redhat.py | 123
ipapython/platform/systemd.py | 54
ipapython/services.py.in | 18
ipapython/ssh.py | 199
ipapython/sysrestore.py | 60
ipaserver/conn.py | 69
ipaserver/dcerpc.py | 715
ipaserver/install/Makefile.am | 1
ipaserver/install/adtrustinstance.py | 811
ipaserver/install/bindinstance.py | 339
ipaserver/install/cainstance.py | 956
ipaserver/install/certs.py | 55
ipaserver/install/dsinstance.py | 121
ipaserver/install/httpinstance.py | 138
ipaserver/install/installutils.py | 342
ipaserver/install/ipa_ldap_updater.py | 196
ipaserver/install/krbinstance.py | 34
ipaserver/install/ldapupdate.py | 802
ipaserver/install/ntpinstance.py | 4
ipaserver/install/plugins/Makefile.am | 4
ipaserver/install/plugins/adtrust.py | 119
ipaserver/install/plugins/baseupdate.py | 11
ipaserver/install/plugins/dns.py | 90
ipaserver/install/plugins/fix_replica_agreements.py | 115
ipaserver/install/plugins/fix_replica_memberof.py | 82
ipaserver/install/plugins/rename_managed.py | 159
ipaserver/install/plugins/update_anonymous_aci.py | 81
ipaserver/install/plugins/update_services.py | 95
ipaserver/install/plugins/updateclient.py | 50
ipaserver/install/plugins/upload_cacrt.py | 56
ipaserver/install/replication.py | 494
ipaserver/install/service.py | 204
ipaserver/install/sysupgrade.py | 47
ipaserver/install/upgradeinstance.py | 19
ipaserver/ipaldap.py | 162
ipaserver/ipautil.py | 141
ipaserver/plugins/dogtag.py | 90
ipaserver/plugins/join.py | 8
ipaserver/plugins/ldap2.py | 1161
ipaserver/plugins/selfsign.py | 14
ipaserver/plugins/xmlserver.py | 4
ipaserver/rpcserver.py | 449
make-lint | 11
make-testcert | 5
makeapi | 1
selinux/ipa_dogtag/ipa_dogtag.fc | 2
selinux/ipa_dogtag/ipa_dogtag.te | 30
selinux/ipa_httpd/ipa_httpd.te | 20
tests/i18n.py | 161
tests/test_cmdline/test_cli.py | 10
tests/test_cmdline/test_ipagetkeytab.py | 2
tests/test_install/0_reset.update | 2
tests/test_install/test_updates.py | 238
tests/test_ipalib/test_dn.py | 1085
tests/test_ipalib/test_encoder.py | 149
tests/test_ipalib/test_errors.py | 17
tests/test_ipalib/test_frontend.py | 25
tests/test_ipalib/test_parameters.py | 118
tests/test_ipalib/test_util.py | 11
tests/test_ipalib/test_x509.py | 2
tests/test_ipapython/test_cookie.py | 478
tests/test_ipapython/test_dn.py | 1937
tests/test_ipapython/test_keyring.py | 147
tests/test_ipapython/test_ssh.py | 76
tests/test_ipaserver/httptest.py | 52
tests/test_ipaserver/install/test_adtrustinstance.py | 59
tests/test_ipaserver/test_changepw.py | 107
tests/test_ipaserver/test_ldap.py | 11
tests/test_ipaserver/test_rpcserver.py | 16
tests/test_xmlrpc/objectclasses.py | 14
tests/test_xmlrpc/test_attr.py | 69
tests/test_xmlrpc/test_automember_plugin.py | 141
tests/test_xmlrpc/test_automount_plugin.py | 230
tests/test_xmlrpc/test_baseldap_plugin.py | 159
tests/test_xmlrpc/test_batch_plugin.py | 80
tests/test_xmlrpc/test_cert.py | 2
tests/test_xmlrpc/test_config_plugin.py | 121
tests/test_xmlrpc/test_delegation_plugin.py | 51
tests/test_xmlrpc/test_dns_plugin.py | 507
tests/test_xmlrpc/test_group_plugin.py | 275
tests/test_xmlrpc/test_hbac_plugin.py | 36
tests/test_xmlrpc/test_hbacsvcgroup_plugin.py | 16
tests/test_xmlrpc/test_host_plugin.py | 226
tests/test_xmlrpc/test_hostgroup_plugin.py | 58
tests/test_xmlrpc/test_krbtpolicy.py | 23
tests/test_xmlrpc/test_nesting.py | 171
tests/test_xmlrpc/test_netgroup_plugin.py | 155
tests/test_xmlrpc/test_permission_plugin.py | 367
tests/test_xmlrpc/test_ping_plugin.py | 52
tests/test_xmlrpc/test_privilege_plugin.py | 77
tests/test_xmlrpc/test_pwpolicy_plugin.py | 22
tests/test_xmlrpc/test_range_plugin.py | 368
tests/test_xmlrpc/test_replace.py | 17
tests/test_xmlrpc/test_role_plugin.py | 87
tests/test_xmlrpc/test_selfservice_plugin.py | 3
tests/test_xmlrpc/test_selinuxusermap_plugin.py | 241
tests/test_xmlrpc/test_service_plugin.py | 89
tests/test_xmlrpc/test_sudocmd_plugin.py | 22
tests/test_xmlrpc/test_sudocmdgroup_plugin.py | 102
tests/test_xmlrpc/test_sudorule_plugin.py | 60
tests/test_xmlrpc/test_user_plugin.py | 920
tests/test_xmlrpc/xmlrpc_test.py | 18
tests/util.py | 4
util/ipa_krb5.c | 512
util/ipa_krb5.h | 38
util/ipa_pwd.c | 2
util/ipa_pwd.h | 11
util/ipa_pwd_ntlm.c | 213
475 files changed, 79852 insertions(+), 215381 deletions(-)
New commits:
commit adefd18b30c82144293a9d8169c5af2ed5fbedac
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Mon Feb 11 11:32:52 2013 +0200
add build-deps
diff --git a/debian/control b/debian/control
index e2872ec..3a2ee75 100644
--- a/debian/control
+++ b/debian/control
@@ -15,8 +15,10 @@ Build-Depends: quilt, debhelper (>= 9), dh-autoreconf,
libpopt-dev,
libsasl2-dev,
libssl-dev,
+ libtalloc-dev,
libxmlrpc-c3-dev,
python-all-dev,
+ python-dnspython,
python-kerberos,
python-krbv,
python-ldap,
@@ -31,7 +33,11 @@ Build-Depends: quilt, debhelper (>= 9), dh-autoreconf,
python-support,
# server
389-ds-base-dev (>= 1.1.3),
+ libndr-dev,
+ libndr-standard-dev,
+ libsamba-util-dev,
libsvrcore-dev,
+ libtevent-dev,
uuid-dev,
selinux-policy-dev,
# tests
commit 946505344849107efbcc71576e7b24539b6cc93f
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Mon Feb 11 10:54:32 2013 +0200
refresh patches
diff --git a/debian/changelog b/debian/changelog
index d391aa7..12895f8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,7 +11,6 @@ freeipa (3.1.2-1) UNRELEASED; urgency=low
* Migrate to source format 3.0 (quilt).
* Migrate to dh.
* Fix dependencies.
- * Add fix_dnsclient.py.patch, we don't use autconfig.
* Add add_debian.py.patch, platform support code.
* Add no-testcert.patch to not fail make-testcert.
* Bump compat and debhelper build-depends to 9.
diff --git a/debian/patches/fix-nss-include.diff b/debian/patches/fix-nss-include.diff
index 33ede3d..1dac070 100644
--- a/debian/patches/fix-nss-include.diff
+++ b/debian/patches/fix-nss-include.diff
@@ -1,6 +1,6 @@
--- a/util/ipa_pwd.c
+++ b/util/ipa_pwd.c
-@@ -25,10 +25,10 @@
+@@ -27,10 +27,10 @@
#include <stdio.h>
#include <time.h>
#include <ctype.h>
diff --git a/debian/patches/fix-string-format.diff b/debian/patches/fix-string-format.diff
index 2ad7e27..e38b32e 100644
--- a/debian/patches/fix-string-format.diff
+++ b/debian/patches/fix-string-format.diff
@@ -10,7 +10,7 @@ Subject: [PATCH] Fix -Wformat-security warnings
--- a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
+++ b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
-@@ -317,7 +317,7 @@
+@@ -317,7 +317,7 @@ free_and_return:
if (krbLastPwdChange) slapi_ch_free_string(&krbLastPwdChange);
@@ -19,7 +19,7 @@ Subject: [PATCH] Fix -Wformat-security warnings
slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
free(principal);
-@@ -344,7 +344,7 @@
+@@ -344,7 +344,7 @@ ipaenrollment_extop(Slapi_PBlock *pb)
if (slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &oid ) != 0) {
errMesg = "Could not get OID and value from request.\n";
rc = LDAP_OPERATIONS_ERROR;
@@ -28,7 +28,7 @@ Subject: [PATCH] Fix -Wformat-security warnings
goto free_and_return;
}
-@@ -357,7 +357,7 @@
+@@ -357,7 +357,7 @@ ipaenrollment_extop(Slapi_PBlock *pb)
rc = LDAP_OPERATIONS_ERROR;
free_and_return:
@@ -39,7 +39,7 @@ Subject: [PATCH] Fix -Wformat-security warnings
return SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
-@@ -519,7 +519,7 @@
+@@ -545,7 +545,7 @@ free_and_return:
if (targetEntry) slapi_entry_free(targetEntry);
if (ber) ber_free(ber, 1);
@@ -48,7 +48,7 @@ Subject: [PATCH] Fix -Wformat-security warnings
slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
return SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
-@@ -1089,7 +1089,7 @@
+@@ -1115,7 +1115,7 @@ free_and_return:
if (rc == LDAP_SUCCESS)
errMesg = NULL;
@@ -57,7 +57,7 @@ Subject: [PATCH] Fix -Wformat-security warnings
slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL);
return SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
-@@ -1116,7 +1116,7 @@
+@@ -1142,7 +1142,7 @@ static int ipapwd_extop(Slapi_PBlock *pb
if (slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &oid) != 0) {
errMesg = "Could not get OID value from request.\n";
rc = LDAP_OPERATIONS_ERROR;
@@ -66,7 +66,7 @@ Subject: [PATCH] Fix -Wformat-security warnings
goto free_and_return;
} else {
LOG("Received extended operation request with OID %s\n", oid);
-@@ -1139,7 +1139,7 @@
+@@ -1165,7 +1165,7 @@ static int ipapwd_extop(Slapi_PBlock *pb
free_and_return:
if (krbcfg) free_ipapwd_krbcfg(&krbcfg);
diff --git a/debian/patches/fix_dnsclient.py.patch b/debian/patches/fix_dnsclient.py.patch
deleted file mode 100644
index c44e6b0..0000000
--- a/debian/patches/fix_dnsclient.py.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Author: Timo Aaltonen <tjaalton at ubuntu.com>
-Date: Fri Oct 28 15:44:52 2011 +0300
-
- Add fix_dnsclient.py.patch, we don't use authconfig.
-
---- a/ipapython/dnsclient.py
-+++ b/ipapython/dnsclient.py
-@@ -18,7 +18,7 @@
- import socket
- import sys
-
--import acutil
-+#import acutil
-
- DNS_C_IN = 1
- DNS_C_CS = 2
-@@ -456,7 +456,7 @@
- qdata = dnsFormatQuery(query, qclass, qtype)
- if not qdata:
- return []
-- answer = acutil.res_send(qdata)
-+ answer = None
- if not answer:
- return []
- return dnsParseResults(answer)
diff --git a/debian/patches/no-test-lang.diff b/debian/patches/no-test-lang.diff
index 32ac348..ac87a72 100644
--- a/debian/patches/no-test-lang.diff
+++ b/debian/patches/no-test-lang.diff
@@ -1,11 +1,11 @@
--- a/Makefile
+++ b/Makefile
-@@ -92,7 +92,7 @@
+@@ -92,7 +92,7 @@ client-dirs:
+
+ lint: bootstrap-autogen
./make-lint $(LINT_OPTIONS)
+- $(MAKE) -C install/po validate-src-strings
++# $(MAKE) -C install/po validate-src-strings
- test:
-- $(MAKE) -C install/po test_lang
-+# $(MAKE) -C install/po test_lang
- # ./make-testcert
- ./make-test
+ test:
diff --git a/debian/patches/no-testcert.patch b/debian/patches/no-testcert.patch
index cbcbbb8..907d92c 100644
--- a/debian/patches/no-testcert.patch
+++ b/debian/patches/no-testcert.patch
@@ -7,10 +7,10 @@ they need a working certificate server running
--- a/Makefile
+++ b/Makefile
-@@ -93,7 +93,7 @@
+@@ -96,7 +96,7 @@ lint: bootstrap-autogen
+
test:
- $(MAKE) -C install/po test_lang
- ./make-testcert
+# ./make-testcert
./make-test
diff --git a/debian/patches/prefix.patch b/debian/patches/prefix.patch
index dfb4199..8669958 100644
--- a/debian/patches/prefix.patch
+++ b/debian/patches/prefix.patch
@@ -5,18 +5,18 @@ use the debian layout when installing python modules
--- a/Makefile
+++ b/Makefile
-@@ -137,7 +137,7 @@
+@@ -140,7 +140,7 @@ server-install: server
if [ "$(DESTDIR)" = "" ]; then \
- python setup.py install; \
+ $(PYTHON) setup.py install; \
else \
-- python setup.py install --root $(DESTDIR); \
-+ python setup.py install --root $(DESTDIR) --install-layout=deb; \
+- $(PYTHON) setup.py install --root $(DESTDIR); \
++ $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb; \
fi
archive:
--- a/ipapython/Makefile
+++ b/ipapython/Makefile
-@@ -14,7 +14,7 @@
+@@ -14,7 +14,7 @@ install:
if [ "$(DESTDIR)" = "" ]; then \
python setup.py install; \
else \
@@ -27,7 +27,7 @@ use the debian layout when installing python modules
(cd $$subdir && $(MAKE) $@) || exit 1; \
--- a/ipapython/py_default_encoding/Makefile
+++ b/ipapython/py_default_encoding/Makefile
-@@ -9,7 +9,7 @@
+@@ -9,7 +9,7 @@ install:
if [ "$(DESTDIR)" = "" ]; then \
python setup.py install; \
else \
diff --git a/debian/patches/series b/debian/patches/series
index 59ab1f7..66033ee 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,3 @@
-fix_dnsclient.py.patch
add_debian.py.patch
no-testcert.patch
prefix.patch
commit 8a788d79d1c6db16a36c68f92795ed178ad8cf08
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Wed Feb 6 17:41:34 2013 +0200
bump the version
diff --git a/debian/changelog b/debian/changelog
index a60e27b..d391aa7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-freeipa (2.2.0-1) UNRELEASED; urgency=low
+freeipa (3.1.2-1) UNRELEASED; urgency=low
[ Michele Baldessari ]
* Initial release (Closes: #12345)
commit 64de33a772255e6c8a921a6463ca1c751e25512d
Author: Rob Crittenden <rcritten at redhat.com>
Date: Wed Jan 23 15:32:16 2013 -0500
Become IPA 3.1.2
diff --git a/VERSION b/VERSION
index 5cc5ec1..72d06f6 100644
--- a/VERSION
+++ b/VERSION
@@ -20,7 +20,7 @@
########################################################
IPA_VERSION_MAJOR=3
IPA_VERSION_MINOR=1
-IPA_VERSION_RELEASE=1
+IPA_VERSION_RELEASE=2
########################################################
# For 'pre' releases the version will be #
commit d764dbabbd8c9ae1ff984424ddf613932923c766
Author: Rob Crittenden <rcritten at redhat.com>
Date: Tue Jan 22 17:06:04 2013 -0500
Update anonymous access ACI to protect secret attributes.
Update anonymous access ACI so that no users besides Trust Admins
users can read AD Trust key attributes (ipaNTTrustAuthOutgoing,
ipaNTTrustAuthIncoming). The change is applied both for updated
IPA servers and new installations.
diff --git a/install/share/default-aci.ldif b/install/share/default-aci.ldif
index f3ed395..3e6c100 100644
--- a/install/share/default-aci.ldif
+++ b/install/share/default-aci.ldif
@@ -3,7 +3,7 @@
dn: $SUFFIX
changetype: modify
add: aci
-aci: (target != "ldap:///idnsname=*,cn=dns,$SUFFIX")(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || userPKCS12 || ipaNTHash")(version 3.0; acl "Enable Anonymous access"; allow (read, search, compare) userdn = "ldap:///anyone";)
+aci: (target != "ldap:///idnsname=*,cn=dns,$SUFFIX")(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || userPKCS12 || ipaNTHash || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming")(version 3.0; acl "Enable Anonymous access"; allow (read, search, compare) userdn = "ldap:///anyone";)
aci: (targetattr = "memberOf || memberHost || memberUser")(version 3.0; acl "No anonymous access to member information"; deny (read,search,compare) userdn != "ldap:///all";)
aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || krbTicketFlags || ipaUniqueId || memberOf || serverHostName || enrolledBy || ipaNTHash")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";)
aci: (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)
diff --git a/ipaserver/install/plugins/Makefile.am b/ipaserver/install/plugins/Makefile.am
index d29103a..a0c62ca 100644
--- a/ipaserver/install/plugins/Makefile.am
+++ b/ipaserver/install/plugins/Makefile.am
@@ -9,6 +9,7 @@ app_PYTHON = \
dns.py \
updateclient.py \
update_services.py \
+ update_anonymous_aci.py \
$(NULL)
EXTRA_DIST = \
diff --git a/ipaserver/install/plugins/update_anonymous_aci.py b/ipaserver/install/plugins/update_anonymous_aci.py
new file mode 100644
index 0000000..2b7446a
--- /dev/null
+++ b/ipaserver/install/plugins/update_anonymous_aci.py
@@ -0,0 +1,81 @@
+# Authors:
+# Rob Crittenden <rcritten at redhat.com>
+#
+# Copyright (C) 2013 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from copy import deepcopy
+from ipaserver.install.plugins import FIRST, LAST
+from ipaserver.install.plugins.baseupdate import PostUpdate
+#from ipalib.frontend import Updater
+#from ipaserver.install.plugins import baseupdate
+from ipalib import api
+from ipalib.aci import ACI
+from ipalib.plugins import aci
+from ipapython.ipa_log_manager import *
+
+class update_anonymous_aci(PostUpdate):
+ """
+ Update the Anonymous ACI to ensure that all secrets are protected.
+ """
+ order = FIRST
+
+ def execute(self, **options):
+ aciname = u'Enable Anonymous access'
+ aciprefix = u'none'
+ ldap = self.obj.backend
+
+ (dn, entry_attrs) = ldap.get_entry(api.env.basedn, ['aci'])
+
+ acistrs = entry_attrs.get('aci', [])
+ acilist = aci._convert_strings_to_acis(entry_attrs.get('aci', []))
+ rawaci = aci._find_aci_by_name(acilist, aciprefix, aciname)
+
+ attrs = rawaci.target['targetattr']['expression']
+
+ update_attrs = deepcopy(attrs)
+
+ needed_attrs = []
+ for attr in ('ipaNTTrustAuthOutgoing', 'ipaNTTrustAuthIncoming'):
+ if attr not in attrs:
+ needed_attrs.append(attr)
+
+ update_attrs.extend(needed_attrs)
+ if len(attrs) == len(update_attrs):
+ root_logger.debug("Anonymous ACI already update-to-date")
+ return (False, False, [])
+ else:
+ root_logger.debug("New Anonymous ACI attributes needed: %s",
+ needed_attrs)
+
+ for tmpaci in acistrs:
+ candidate = ACI(tmpaci)
+ if rawaci.isequal(candidate):
+ acistrs.remove(tmpaci)
+ break
+
+ rawaci.target['targetattr']['expression'] = update_attrs
+ acistrs.append(unicode(rawaci))
+ entry_attrs['aci'] = acistrs
+
+ try:
+ ldap.update_entry(dn, entry_attrs)
+ except Exception, e:
+ root_logger.error("Failed to update Anonymous ACI: %s" % e)
+
+ return (False, False, [])
+
+api.register(update_anonymous_aci)
commit 0a38d9af4e05a5c8e22f25ca39133402aad9948e
Author: Rob Crittenden <rcritten at redhat.com>
Date: Wed Jan 16 13:20:14 2013 -0500
Don't initialize NSS if we don't have to, clean up unused cert refs
Check to see if NSS is initialized before trying to do so again.
If we are temporarily creating a certificate be sure to delete it in order
to remove references to it and avoid NSS shutdown issues.
In the certificate load validator shut down NSS if we end up initializing
it. I'm not entirely sure why but this prevents a later shutdown issue
if we are passed the --ca-cert-file option.
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index bd299f9..f068c9d 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -48,6 +48,7 @@ try:
from ipapython.dn import DN
from ipapython.ssh import SSHPublicKey
from ipalib.rpc import delete_persistent_client_session_data
+ import nss.nss as nss
import SSSDConfig
from ConfigParser import RawConfigParser
from optparse import SUPPRESS_HELP, OptionGroup, OptionValueError
@@ -77,10 +78,15 @@ def parse_options():
if not os.path.isabs(value):
raise OptionValueError("%s option '%s' is not an absolute file path" % (opt, value))
+ initialized = nss.nss_is_initialized()
try:
cert = x509.load_certificate_from_file(value)
except Exception, e:
raise OptionValueError("%s option '%s' is not a valid certificate file" % (opt, value))
+ else:
+ del(cert)
+ if not initialized:
+ nss.nss_shutdown()
parser.values.ca_cert_file = value
@@ -1372,6 +1378,8 @@ def get_ca_cert_from_file(url):
except Exception, e:
raise errors.FileError(reason =
u"cannot write certificate file '%s': %s" % (CACERT, e))
+ else:
+ del(cert)
def get_ca_cert_from_http(url, ca_file, warn=True):
'''
@@ -1478,6 +1486,8 @@ def validate_new_ca_cert(existing_ca_cert, ca_file, ask, override=False):
root_logger.debug(
"Existing CA cert and Retrieved CA cert are identical")
os.remove(ca_file)
+ del(existing_ca_cert)
+ del(new_ca_cert)
def get_ca_cert(fstore, options, server, basedn):
diff --git a/ipalib/x509.py b/ipalib/x509.py
index f8a1357..4f81fb5 100644
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -91,18 +91,18 @@ def load_certificate(data, datatype=PEM, dbdir=None):
data = strip_header(data)
data = base64.b64decode(data)
- if dbdir is None:
- if 'in_tree' in api.env:
- if api.env.in_tree:
- dbdir = api.env.dot_ipa + os.sep + 'alias'
+ if not nss.nss_is_initialized():
+ if dbdir is None:
+ if 'in_tree' in api.env:
+ if api.env.in_tree:
+ dbdir = api.env.dot_ipa + os.sep + 'alias'
+ else:
+ dbdir = "/etc/httpd/alias"
+ nss.nss_init(dbdir)
else:
- dbdir = "/etc/httpd/alias"
- nss.nss_init(dbdir)
+ nss.nss_init_nodb()
else:
- nss.nss_init_nodb()
- else:
- nss.nss_init(dbdir)
-
+ nss.nss_init(dbdir)
return nss.Certificate(buffer(data))
@@ -139,7 +139,9 @@ def get_subject(certificate, datatype=PEM, dbdir=None):
"""
nsscert = load_certificate(certificate, datatype, dbdir)
- return nsscert.subject
+ subject = nsscert.subject
+ del(nsscert)
+ return subject
def get_issuer(certificate, datatype=PEM, dbdir=None):
"""
@@ -147,14 +149,18 @@ def get_issuer(certificate, datatype=PEM, dbdir=None):
"""
nsscert = load_certificate(certificate, datatype, dbdir)
- return nsscert.issuer
+ issuer = nsscert.issuer
+ del(nsscert)
+ return issuer
More information about the Pkg-freeipa-devel
mailing list