Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Branch: otp
Commits on Jan 9, 2014
  1. Add HOTP token support

    Nathaniel McCallum authored
  2. Update ACIs to permit users to add/delete their own tokens

    Nathaniel McCallum authored
  3. Migrate ipa-pwd-extop to use libotp

    Nathaniel McCallum authored
  4. Add OTP sync plugin

    Nathaniel McCallum authored
    This plugin adds an extended operation for synchronizing tokens. This
    operation is availalbe both with and without bind. In the latter case,
    the first factor is required. This operation can also be performed
    on a per-token or per-user level. In the latter case, we will attempt
    to find the token automatically.
    Thanks to Mark Reynolds for helping me with this patch.
  5. Add OTP last token plugin

    Nathaniel McCallum authored
    This plugin prevents the deletion or deactivation of the last
    valid token for a user. This prevents the user from migrating
    back to single factor authentication once OTP has been enabled.
    Thanks to Mark Reynolds for helping me with this patch.
  6. Add libotp internal library for slapi plugins

    Nathaniel McCallum authored
  7. Add rpmbuild/ to .gitignore

    Nathaniel McCallum authored
Commits on Jan 8, 2014
  1. Enable building in C99 mode

    Nathaniel McCallum authored
    C99 is supported on all compilers we target and
    provides some useful features, including:
      * Standard struct initializers
      * Compound literals
      * For-loop declarations
      * Standard bool type
      * Variable arrays (use with caution)
      * Too many others to mention...
  2. @mkosek

    Revert restart scripts file permissions change

    mkosek authored
    Previous commit accidentally added executable permission to
    restart_pkicad and stop_pkicad.
  3. @jcholast @mkosek

    PKI service restart after CA renewal failed

    jcholast authored mkosek committed
    Fix both the service restart procedure and registration of old
    pki-cad well known service name.
    This patch was adapted from original patch of Jan Cholasta 178 to
    fix ticket 4092.
Commits on Jan 7, 2014
  1. @encukou @mkosek

    Allow anonymous and all permissions

    encukou authored mkosek committed
    Disallow adding permissions with non-default bindtype to privileges
  2. @encukou @mkosek

    Use new registration API in the privilege plugin

    encukou authored mkosek committed
Commits on Jan 3, 2014
  1. @encukou @mkosek

    cli.print_attribute: Convert values to strings

    encukou authored mkosek committed
    When output_for_cli was called directly, rather than for values
    received through XML or JSON API, joining multiple values failed
    on non-strings such as DN objects.
    Convert output to strings before printing it out.
  2. @mkosek

    Increase Java stack size on s390 platforms

    mkosek authored
    As reported in,
    the default stack trace needs to be also increased on s390 platforms
    to prevent rhino segfault.
  3. @chenxiaolong @mkosek

    Use /usr/bin/python2

    chenxiaolong authored mkosek committed
    Part of the effort to port FreeIPA to Arch Linux,
    where Python 3 is the default.
    FreeIPA hasn't been ported to Python 3, so the code must be modified to
    run /usr/bin/python2
    Updated by
Commits on Dec 20, 2013
  1. @tbabej @encukou

    Fix incorrect path in error message on sysrestore failure

    tbabej authored encukou committed
    On sysrestore failure, user is prompted out to remove the sysrestore
    file. However, the path to the sysrestore file mentioned in the
    sentence is not correct.
  2. @jcholast @encukou
Commits on Dec 18, 2013
  1. @encukou

    Add OTP support to ipalib CLI

    Nathaniel McCallum authored encukou committed
Commits on Dec 17, 2013
  1. @encukou

    permission_find: Do not fail for ipasearchrecordslimit=-1

    encukou authored
    ipasearchrecordslimit can be -1, which means unlimited.
    The permission_find post_callback failed in this case in legacy
    permission handling.
    Do not fail in this case.
Commits on Dec 16, 2013
  1. @jcholast @encukou

    Convert remaining backend code to LDAPEntry API.

    jcholast authored encukou committed
Commits on Dec 13, 2013
  1. @encukou

    Remove default from the ipapermlocation option

    encukou authored
    The value from my machine ended up wired into API.txt,
    so builds on other machines would fail.
    Correct the mistake.
  2. @mkosek

    Increase Java stack size on PPC platforms

    mkosek authored
    Wit the default stack size, rhino segfaulted on PPC platforms.
  3. @pvoborni @mkosek

    Increase stack size for Web UI builder

    pvoborni authored mkosek committed
    Web UI build fails on some architectures or configuration due to
    StackOverflow. This patch increases the stack size to solve it.
    512k is usually enough but we encountered fail on ppc64 even with 2m,
    therefore the 8m. The build is single threaded so it shouldn't waste
    much memory.
  4. @encukou @mkosek
  5. @encukou @mkosek
  6. @encukou @mkosek
  7. @encukou @mkosek

    Roll back ACI changes on failed permission updates

    encukou authored mkosek committed
  8. @encukou @mkosek

    Verify ACIs are added correctly in tests

    encukou authored mkosek committed
    To double-check the ACIs are correct, this uses different code
    than the new permission plugin: the aci_show command.
    A new option, location, is added to the command to support
    these checks.
  9. @encukou @mkosek
  10. @encukou @mkosek
  11. @encukou @mkosek

    Add tests for permission plugin with older clients

    encukou authored mkosek committed
    These tests use an old API version, which triggers
    backwards-compatible behavior in the plugin.
  12. @encukou @mkosek

    Allow Declarative test classes to specify the API version

    encukou authored mkosek committed
    This makes it possible to test behavior with older clients.
  13. @encukou @mkosek

    Allow sets for initialization of frozenset-typed Param keywords

    encukou authored mkosek committed
    Lists and tuples are already allowed for convenience; it is easier to write
    (1, 2, 3) or [1, 2, 3] than frozenset([1, 2, 3]).
    This allows the set literal syntax, {1, 2, 3}, as well.
Commits on Dec 11, 2013
  1. @mkosek

    trust: fix get_dn() to distinguish creating and re-adding trusts

    Alexander Bokovoy authored mkosek committed
    Latest support for subdomains introduced regression that masked
    difference between newly added trust and re-added one.
    Additionally, in case no new subdomains were found, the code was
    returning None instead of an empty list which later could confuse
    trustdomain-find command.
  2. @tbabej @mkosek

    ipa-cldap: Cut NetBIOS name after 15 characters

    tbabej authored mkosek committed
    The CLDAP DS plugin uses the uppercased first segment of the fully
    qualified hostname as the NetBIOS name. We need to limit its size
    to 15 characters.
Something went wrong with that request. Please try again.