freeipa

Clone
Source Code
GIT

beffa7b Move Custodia secrets handler to scripts

Authored and Committed by cheimes 4 years ago
raw patch tree parent
18 files changed. 642 lines added. 185 lines removed.
.gitignore
file modified
+4 -0
configure.ac
file modified
+1 -0
freeipa.spec.in
file modified
+4 -0
install/Makefile.am
file modified
+1 -0
install/custodia/Makefile.am
file added
+22
install/custodia/ipa-custodia-dmldap.in
file added
+8
install/custodia/ipa-custodia-pki-tomcat-wrapped.in
file added
+8
install/custodia/ipa-custodia-pki-tomcat.in
file added
+8
install/custodia/ipa-custodia-ra-agent.in
file added
+8
ipaplatform/base/paths.py
file modified
+1 -0
ipaserver/secrets/handlers/__init__.py
file added
+2
ipaserver/secrets/handlers/common.py
file added
+75
ipaserver/secrets/handlers/dmldap.py
file added
+63
ipaserver/secrets/handlers/nsscert.py
file added
+122
ipaserver/secrets/handlers/nsswrappedcert.py
file added
+114
ipaserver/secrets/handlers/pemfile.py
file added
+118
ipaserver/secrets/store.py
file modified
+82 -185
ipaserver/setup.py
file modified
+1 -0 
    Move Custodia secrets handler to scripts
    
    Implement the import and export handlers for Custodia keys as external
    scripts. It's a prerequisite to drop DAC override permission and proper
    SELinux rules for ipa-custodia.
    
    Except for DMLDAP,  handlers no longer run as root but as handler
    specific users with reduced privileges. The Dogtag-related handlers run
    as pkiuser, which also help with HSM support.
    
    The export and import handles are designed to be executed by sudo, too.
    In the future, ipa-custodia could be executed as an unprivileged process
    that runs the minimal helper scripts with higher privileges.
    
    Fixes: https://pagure.io/freeipa/issue/6888
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
file modified
+4 -0
file modified
+1 -0
file modified
+4 -0
file modified
+1 -0
file added
+22
file added
+8
file added
+8
file added
+8
file added
+8
file modified
+1 -0
file added
+2
file added
+75
file added
+63
file added
+122
file added
+114
file added
+118
file modified
+82 -185
file modified
+1 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.