gigi.git
3 years agofix: remove blank from translation string
INOPIAE [Tue, 28 Feb 2017 06:34:33 +0000 (07:34 +0100)]
fix: remove blank from translation string

Change-Id: I23396e9a4cec00aa46ff5ec58ed14f7c86eafefc

3 years agoupd: display "none" when there are no groups to be displayed
Felix Dörre [Tue, 28 Feb 2017 09:43:04 +0000 (10:43 +0100)]
upd: display "none" when there are no groups to be displayed

Change-Id: I6e5f6bef4f23faa5acb6db66a3ea6f6b4bdc73a6

3 years agofix: quick development-restart
Felix Dörre [Mon, 27 Feb 2017 23:02:59 +0000 (00:02 +0100)]
fix: quick development-restart

Change-Id: I29ea805efbf4abb74564bea1b819b5a8b8e9f4de

3 years agoupd: replace old main page with dashboard
INOPIAE [Wed, 22 Feb 2017 07:19:06 +0000 (08:19 +0100)]
upd: replace old main page with dashboard

fixes issue #121

Change-Id: Ia02c4f96b52471b8ea40210095eb2e9fece2a6d2

3 years agoupd: newer jenkins-config
Felix Dörre [Mon, 27 Feb 2017 20:36:36 +0000 (21:36 +0100)]
upd: newer jenkins-config

it still uses a fixed version of nre, to have it
generate TLS-keys and certs for gigi.

Content-wise changes include:
- test coverage report
- junit archiving
- comply with the new build procedure

Change-Id: I792157b66499d82263376c73ead4b90f60bf9391

3 years agoupd: licence consistent and AGPLv3
Felix Dörre [Mon, 27 Feb 2017 20:23:00 +0000 (21:23 +0100)]
upd: licence consistent and AGPLv3

Change-Id: I41cde9ce915a1500a1f4f92706ed196e9443bc2f

3 years agofix: CAA records on non-existing domains
Felix Dörre [Mon, 27 Feb 2017 20:03:12 +0000 (21:03 +0100)]
fix: CAA records on non-existing domains

Change-Id: Iad8984a5249595272203dbdf85590359683f1267

3 years agoupd: make system-keywords configurable
Felix Dörre [Mon, 27 Feb 2017 19:56:33 +0000 (20:56 +0100)]
upd: make system-keywords configurable

Change-Id: I95ac359fac48fbe8685606d5a1bd2895bdb0a4fc

3 years agoMerge "upd: terminology in API"
Benny Baumann [Mon, 27 Feb 2017 19:31:01 +0000 (20:31 +0100)]
Merge "upd: terminology in API"

3 years agoupd: terminology in database
Lucas Werkmeister [Sat, 25 Feb 2017 12:31:24 +0000 (13:31 +0100)]
upd: terminology in database

The userGroup enum is updated to remove all assurance terms, and also
remove the (unused) arbitrator role entirely.

Since PostgreSQL offers no way to rename or drop enum values, we create
a new enum, migrate the table to it and then drop the old enum.

Change-Id: I200c2b0463ded9d75b2e963d5a02bfc25326b357

3 years agoupd: terminology in API
Lucas Werkmeister [Mon, 27 Feb 2017 16:59:11 +0000 (17:59 +0100)]
upd: terminology in API

Change-Id: I6890eaf6fbbe3317a198ca5334afa92d8afa47e6

3 years agoMerge "fix: Somewhat sensibly split the wishlist document"
Lucas Werkmeister [Mon, 27 Feb 2017 19:16:07 +0000 (20:16 +0100)]
Merge "fix: Somewhat sensibly split the wishlist document"

3 years agofix: Somewhat sensibly split the wishlist document
Benny Baumann [Wed, 22 Feb 2017 20:44:38 +0000 (21:44 +0100)]
fix: Somewhat sensibly split the wishlist document

This is initial work for cleaning up this document to become the spec Gigi is based on

Change-Id: Ie73b567ad9df0de3bf89eeaebec5b229feb2cd4b

3 years agoupd: added links to imprint and data privacy in footer line
INOPIAE [Tue, 21 Feb 2017 21:27:28 +0000 (22:27 +0100)]
upd: added links to imprint and data privacy in footer line

fixes issue #120

Change-Id: I3d35c68ec3e4c714a492d3ad77382b5bf1919c3f

3 years agoupd: stray old terminology
Lucas Werkmeister [Sat, 25 Feb 2017 12:38:03 +0000 (13:38 +0100)]
upd: stray old terminology

Looks like I missed this in 08c94162.

Change-Id: I8a4f73dd71c17dcf3e64d9f706487d6ad2986849

3 years agoupd: replace SomeCA by variable
INOPIAE [Tue, 21 Feb 2017 19:45:18 +0000 (20:45 +0100)]
upd: replace SomeCA by variable

fixes issue #105

Change-Id: I979c5cb7f5b998694fa13b56420e4504bfd4020f

3 years agoupd: make Menu names more flexible
Felix Dörre [Fri, 24 Feb 2017 20:22:59 +0000 (21:22 +0100)]
upd: make Menu names more flexible

Change-Id: Iaf7301a0d4547891a61e9f02d8cf34fb1a4bdbd1

3 years agoupd: reword of rules.template and "Web of Trust"
INOPIAE [Tue, 21 Feb 2017 17:07:33 +0000 (18:07 +0100)]
upd: reword of rules.template and "Web of Trust"

Change-Id: I4c49316f99946e95915cc4ba27df16bdfea0b52d

3 years agoupd: replace MainPageNotLogin text to meet new criteria
INOPIAE [Tue, 21 Feb 2017 16:15:57 +0000 (17:15 +0100)]
upd: replace MainPageNotLogin text to meet new criteria

Change-Id: Icda90ca33f3896adbe4bbd9bd2830f45042aa222

3 years agoupd: terminology in code
Lucas Werkmeister [Wed, 22 Feb 2017 20:37:38 +0000 (21:37 +0100)]
upd: terminology in code

Renames Java types and members and form fields. Anything facing the
database is not touched by this change.

Also fixes a handful of typos.

Change-Id: Id19c3af4627b56ee90a85fe887bd5bcdb6c9f385

3 years agofix: XSS via Test Server Management interface
Benny Baumann [Tue, 21 Feb 2017 23:15:52 +0000 (00:15 +0100)]
fix: XSS via Test Server Management interface

Change-Id: Ie69eecb2f3a9a56c71ff979348cd1ae6e26c5c36

3 years agofix: Typo in field to exempt domains from pinging
Benny Baumann [Tue, 21 Feb 2017 22:46:13 +0000 (23:46 +0100)]
fix: Typo in field to exempt domains from pinging

Change-Id: Ia7c77aa1750324170dac71c17a888016ecfdceb9

3 years agochg: Reuse code in template merging/append
Benny Baumann [Tue, 21 Feb 2017 22:45:22 +0000 (23:45 +0100)]
chg: Reuse code in template merging/append

Change-Id: Ibcddd77c8915a9797431adf8ecd2bf94202c46b0

3 years agofix: typo in challenge
Felix Dörre [Tue, 21 Feb 2017 00:10:10 +0000 (01:10 +0100)]
fix: typo in challenge

Change-Id: I758d9d610b05a111381121e0bf46bd14febf5e4e

3 years agoupd: cleanup more references
Felix Dörre [Tue, 21 Feb 2017 00:07:38 +0000 (01:07 +0100)]
upd: cleanup more references

Change-Id: I132ad32bfe54e6714128ffea9cf2619a09c85885

3 years agoupd: remove old policies
Felix Dörre [Mon, 20 Feb 2017 23:58:32 +0000 (00:58 +0100)]
upd: remove old policies

Change-Id: I68df9fa720bf654d04308a76fb9652405ecc7ace

3 years agoupd: keep host names scalable and configurable
Felix Dörre [Sun, 19 Feb 2017 13:22:28 +0000 (14:22 +0100)]
upd: keep host names scalable and configurable

Change-Id: Ib942444b0fb525d94011dcf20ac656665f23a2bd

3 years agoupd: document variables in SprintfCommand more clearly
Felix Dörre [Sat, 18 Feb 2017 00:39:57 +0000 (01:39 +0100)]
upd: document variables in SprintfCommand more clearly

Change-Id: I4227c3f38cf811c5efddf0e5ff31775df16fe861

3 years agoupd: use a link-redirector for all external links.
Felix Dörre [Fri, 17 Feb 2017 20:14:44 +0000 (21:14 +0100)]
upd: use a link-redirector for all external links.

Change-Id: I4403040fb94e7b6779c14c64bc9398c8f81546b6

3 years agoupd: rename package name and all references to it
Felix Dörre [Wed, 15 Feb 2017 20:49:02 +0000 (21:49 +0100)]
upd: rename package name and all references to it

Change-Id: Ie1e938a864ad93732201643f42a83148dd2f137d

3 years agofix: ResultSet.getDate is often wrong as it fetches day-precision times
Felix Dörre [Wed, 8 Feb 2017 19:50:28 +0000 (20:50 +0100)]
fix: ResultSet.getDate is often wrong as it fetches day-precision times

Change-Id: Id9394b12663e78de96a3610590587d3f15096e15

3 years agoAdd a hint what the "Request reping" is used for on the email page
INOPIAE [Wed, 8 Feb 2017 08:27:58 +0000 (09:27 +0100)]
Add a hint what the "Request reping" is used for on the email page

fixes issue #56

Change-Id: I518082eb4c95beed01b846690264d174757790dd

3 years agoHighlight expired nucleus bonus verifications in points overview
INOPIAE [Wed, 8 Feb 2017 15:18:54 +0000 (16:18 +0100)]
Highlight expired nucleus bonus verifications in points overview

fixes issue #123

Change-Id: I796e0e2f81897c35307fcdc64255127f058696a2

3 years agoMerge "Temporarily disable SystemCallFilter"
Benny Baumann [Wed, 8 Feb 2017 09:20:17 +0000 (10:20 +0100)]
Merge "Temporarily disable SystemCallFilter"

3 years agofix: empty-variable "version" in development runs.
Felix Dörre [Wed, 8 Feb 2017 08:02:48 +0000 (09:02 +0100)]
fix: empty-variable "version" in development runs.

Change-Id: Ia0cdebab2e2b8f7733c59280086db8a72ab73941

3 years agoTemporarily disable SystemCallFilter
Lucas Werkmeister [Tue, 7 Feb 2017 23:36:51 +0000 (00:36 +0100)]
Temporarily disable SystemCallFilter

systemd applies drop-ins in lexicographical order (to be documented by
systemd/systemd#5262), hence the Z- prefix.

Change-Id: I589b9a4fae5cd5dd107f58f734558bfa31517f4b

3 years agoupd: enhance "CSRF-missing" test case exception for better debuging
Felix Dörre [Tue, 7 Feb 2017 09:17:38 +0000 (10:17 +0100)]
upd: enhance "CSRF-missing" test case exception for better debuging

Change-Id: I3dce9fb7da31987044b23dcf8310af44f64855fb

3 years agoupd: move external keywords to own class
Felix Dörre [Mon, 6 Feb 2017 22:46:29 +0000 (23:46 +0100)]
upd: move external keywords to own class

Change-Id: Iad887cf134103ed6d26aa32d1358c23de0eeebae

3 years agofix: display verify information only when verification token is known.
Felix Dörre [Mon, 6 Feb 2017 22:45:13 +0000 (23:45 +0100)]
fix: display verify information only when verification token is known.

Change-Id: I12ea06f13fddc3ad931751e9751f7d87fefd6c60

3 years agofix: make the pinger daemon keep cool when missing database connection
Felix Dörre [Thu, 19 Jan 2017 11:30:34 +0000 (12:30 +0100)]
fix: make the pinger daemon keep cool when missing database connection

Change-Id: Ic207edc3ab008ac765787146e9752bcd0f867f9b

3 years agofix: add ioctl to SystemCallFilter
Lucas Werkmeister [Fri, 27 Jan 2017 11:35:10 +0000 (12:35 +0100)]
fix: add ioctl to SystemCallFilter

Apparently Java needs this to read data from a socket, but only in some
circumstances (Felix says only HTTP domain check was broken, HTTPS check
worked fine).

Change-Id: Ia1b54ef364b282631b44a8313570dafae6b8c5d4

3 years agoupd: add more sandboxing directives to gigi-proxy.service
Lucas Werkmeister [Wed, 18 Jan 2017 13:06:39 +0000 (14:06 +0100)]
upd: add more sandboxing directives to gigi-proxy.service

Most notably, the set of permitted syscalls excludes fork and many file
system commands like unlink or rmdir.

Change-Id: I87827f6ed0025570288611cf257c6e3a01769593

3 years agoadd: fix own host name on certificate issue page
Felix Dörre [Tue, 10 Jan 2017 21:44:36 +0000 (22:44 +0100)]
add: fix own host name on certificate issue page

Change-Id: I7fa0e2df8afbe78017067ef8e80c9ecf3a07ca68

3 years agoadd: detect a quiz-admin directly in gigi
Felix Dörre [Tue, 3 Jan 2017 10:35:19 +0000 (11:35 +0100)]
add: detect a quiz-admin directly in gigi

Change-Id: I21854cbafae2a676db624b46975624f31a49d549

3 years agofix: restrict access to CATS-API even more
Felix Dörre [Fri, 30 Dec 2016 12:01:43 +0000 (13:01 +0100)]
fix: restrict access to CATS-API even more

Change-Id: Idb32bf7e12e0f2704541108afb9a5fcc3e0762a7

3 years agofix: greatly improve performance of often-executed ping-fetch-query
Felix Dörre [Fri, 23 Dec 2016 10:45:21 +0000 (11:45 +0100)]
fix: greatly improve performance of often-executed ping-fetch-query

Change-Id: Ic574b193f65f1fd362bf7451fe343e0caa788910

3 years agoadd: yet another nucleus test
Felix Dörre [Fri, 30 Dec 2016 10:13:37 +0000 (11:13 +0100)]
add: yet another nucleus test

Change-Id: I83cb4a944f8d9e26447535b0672f87a4344458e5

3 years agofix: counting of nucleus verifications
Felix Dörre [Fri, 30 Dec 2016 09:44:06 +0000 (10:44 +0100)]
fix: counting of nucleus verifications

Change-Id: I4a76e579049d822d3280ffc4570f5f2248cac9a4

3 years agofix: send password reset emails to the correct user
Felix Dörre [Thu, 29 Dec 2016 16:50:51 +0000 (17:50 +0100)]
fix: send password reset emails to the correct user

Change-Id: I6e88d9fd742255a30a9572f446a3d2b35fb0fcf0

3 years agoadd: Implement use of Cisco Umbrella 1 Million domain list
Felix Dörre [Fri, 23 Dec 2016 10:46:53 +0000 (11:46 +0100)]
add: Implement use of Cisco Umbrella 1 Million domain list

as source for high-financial-value-domains
Information about the list is available here:
http://s3-us-west-1.amazonaws.com/umbrella-static/index.html

Blogpost about it:
https://blog.opendns.com/2016/12/14/cisco-umbrella-1-million/

Change-Id: I5d8183f5dd09e3b033301cec59b3fa1e820f236c

3 years agofix: Exception when using TestManager functionality
Felix Dörre [Thu, 15 Dec 2016 09:20:39 +0000 (10:20 +0100)]
fix: Exception when using TestManager functionality

a constant date gets older than two years at some point in time

Change-Id: I804b06258d27f535a7e9af2dd75223f099170fd0

3 years agofix: generate correct urls to static resources
Felix Dörre [Thu, 8 Dec 2016 15:53:28 +0000 (16:53 +0100)]
fix: generate correct urls to static resources

Change-Id: Ibd337a102b6362fa601fc38aed68031677d3ad5d

4 years agoupd: enforce serverAuth EKU for SSL-pings
Felix Dörre [Sun, 27 Nov 2016 15:10:34 +0000 (16:10 +0100)]
upd: enforce serverAuth EKU for SSL-pings

Change-Id: Ia98447b476eb1e6b60c7471208c7cf965e482aea

4 years agoupd: in SSLPinger move serverAuth EKU OID to a constant
Felix Dörre [Sun, 27 Nov 2016 15:14:38 +0000 (16:14 +0100)]
upd: in SSLPinger move serverAuth EKU OID to a constant

Change-Id: Ic4714e6af8a00cc58e69de2def7e9dc1bbbaff05

4 years agofix: allow SSLPinger to process certs without EKU
Felix Dörre [Sun, 27 Nov 2016 00:06:41 +0000 (01:06 +0100)]
fix: allow SSLPinger to process certs without EKU

Change-Id: Ic4c8de9e4cf5ce617dcd5613296c473678596392

4 years agofix: send unsigned mail correctly
Felix Dörre [Tue, 22 Nov 2016 08:30:21 +0000 (09:30 +0100)]
fix: send unsigned mail correctly

Change-Id: I12c008ceab2e0bb7b97eb329141ef2ec82dc71f4

4 years agoupd: use try-with-resources to protect JDBC-Statement
Felix Dörre [Mon, 31 Oct 2016 09:52:52 +0000 (10:52 +0100)]
upd: use try-with-resources to protect JDBC-Statement

Change-Id: I5084448dc134d47da6aaa0dd6ed53b4aacb1c994

4 years agofix: correct SQL query for issuing repings.
Felix Dörre [Tue, 25 Oct 2016 10:26:12 +0000 (12:26 +0200)]
fix: correct SQL query for issuing repings.

Change-Id: Ibabc4851514b1ebe353c6feb1e369353728f6bae

4 years agoupd: use "PartOf" relation in gigi-proxy.service
Felix Dörre [Thu, 10 Nov 2016 11:36:36 +0000 (12:36 +0100)]
upd: use "PartOf" relation in gigi-proxy.service

This enables puppet to simply manage gigi-proxy.socket
by ensuring that a restart of gigi-proxy.socket will
also restart gigi-proxy.service.

Change-Id: I96a51f38cfb4c0f5d6b5efd7a8425d90a17534b6

4 years agofix: fixed date in testcases
Felix Dörre [Thu, 10 Nov 2016 17:59:15 +0000 (18:59 +0100)]
fix: fixed date in testcases

Change-Id: I29fbf97a27309a54ed4d36463799b92ccf8a6edd

4 years agoMerge "fix: resource leak in template fast-debug code"
Lucas Werkmeister [Sun, 16 Oct 2016 16:22:30 +0000 (18:22 +0200)]
Merge "fix: resource leak in template fast-debug code"

4 years agoMerge "add: email-management-api"
Benny Baumann [Sun, 16 Oct 2016 16:22:28 +0000 (18:22 +0200)]
Merge "add: email-management-api"

4 years agoMerge "upd: more realistic content-type for cert-downloads from API"
Lucas Werkmeister [Sun, 16 Oct 2016 16:20:53 +0000 (18:20 +0200)]
Merge "upd: more realistic content-type for cert-downloads from API"

4 years agofix: resource leak in template fast-debug code
Felix Dörre [Fri, 7 Oct 2016 22:19:04 +0000 (00:19 +0200)]
fix: resource leak in template fast-debug code

Change-Id: I570f997bb3e61d916ccc2dfd0ad23c8225ee9020

4 years agoadd: email-management-api
Felix Dörre [Mon, 3 Oct 2016 12:03:38 +0000 (14:03 +0200)]
add: email-management-api

Change-Id: I4f7ca7b68e9222520738fb329ba390b07fd74b10

4 years agoupd: more realistic content-type for cert-downloads from API
Felix Dörre [Mon, 3 Oct 2016 12:03:27 +0000 (14:03 +0200)]
upd: more realistic content-type for cert-downloads from API

Change-Id: I4ad6ee5c27d680cbf4750fe9d8c3a754c9a58590

4 years agoMerge "upd: improve digest explanation and make SHA512 default"
Benny Baumann [Sun, 9 Oct 2016 16:20:16 +0000 (18:20 +0200)]
Merge "upd: improve digest explanation and make SHA512 default"

4 years agoupd: improve digest explanation and make SHA512 default
Lucas Werkmeister [Mon, 3 Oct 2016 16:15:22 +0000 (18:15 +0200)]
upd: improve digest explanation and make SHA512 default

See #119.

Change-Id: Ia481947c3dff9b6a9770462185c5a12f0f1d996b

4 years agoupd: use same-protocol-prefixes for static-links
Felix Dörre [Mon, 3 Oct 2016 12:02:01 +0000 (14:02 +0200)]
upd: use same-protocol-prefixes for static-links

Change-Id: I0e556b4dde914e0c8eeaccb9c6e5c703225a46ff

4 years agoupd: change mail footer so it is recognized by at least thunderbird.
Felix Dörre [Thu, 29 Sep 2016 21:05:51 +0000 (23:05 +0200)]
upd: change mail footer so it is recognized by at least thunderbird.

note: significant whitespace at the end of line 5. This whitespace is
required for thunderbird to recognize the footer.

Change-Id: I3eff5903146a5b11ef522f0cb4dba1696dca2c9e

4 years agoMerge "fix: #112 use term “country”, not “state”"
Felix Dörre [Tue, 4 Oct 2016 08:07:55 +0000 (10:07 +0200)]
Merge "fix: #112 use term “country”, not “state”"

4 years agofix: #112 use term “country”, not “state”
Lucas Werkmeister [Tue, 27 Sep 2016 10:09:28 +0000 (12:09 +0200)]
fix: #112 use term “country”, not “state”

Continuation of a1618d1.

CertificateOwner.getById() has to be updated because users.country and
organisations.country now clash.

The User constructor is updated for consistency with the Organisation
constructor.

Change-Id: I0aeaf47fa8627ba5c4a5b35f15804e283e4a55b3

4 years agoupd: add Also= directive to gigi-proxy.service
Lucas Werkmeister [Mon, 3 Oct 2016 12:35:15 +0000 (14:35 +0200)]
upd: add Also= directive to gigi-proxy.service

When the service is installed/deinstalled, install/deinstall the
accompanying socket as well. (But not the other way around: you can
install the socket alone, so that the service will only be started
on-demand.)

See systemd.unit(5).

Change-Id: I3fd4af0617e1191c96af82ae1c6491feb9dfc654

4 years agoupd: make output of Find-Agent-info JSON-formatted
Felix Dörre [Fri, 23 Sep 2016 16:57:16 +0000 (18:57 +0200)]
upd: make output of Find-Agent-info JSON-formatted

Change-Id: I773aaff596314e83b63e8555ff8e85fce1c2cf55

4 years agoMerge branch 'libs/json/local'
Felix Dörre [Tue, 27 Sep 2016 23:21:32 +0000 (01:21 +0200)]
Merge branch 'libs/json/local'

Change-Id: Ie68cd2871a8abba4386d089f25da628ba69335cc

4 years agoupd: remove json-pointer feature
Felix Dörre [Tue, 27 Sep 2016 23:15:10 +0000 (01:15 +0200)]
upd: remove json-pointer feature

Change-Id: I7c19cbfbf4de25ca7545ae93f574d597b7d723dd

4 years agoadd: import org.json
Felix Dörre [Tue, 27 Sep 2016 14:12:24 +0000 (16:12 +0200)]
add: import org.json

Change-Id: Ia39786f4396e70551aac44ce99ebc664366b4b0a

4 years agoadd: import script for json.org
Felix Dörre [Tue, 27 Sep 2016 14:08:26 +0000 (16:08 +0200)]
add: import script for json.org

Change-Id: I2d67e7ce167e2ddc5a4a5d439835a0bc33861a30

4 years agoMerge "Fix error message"
Benny Baumann [Tue, 27 Sep 2016 18:21:21 +0000 (20:21 +0200)]
Merge "Fix error message"

4 years agoFix error message
Lucas Werkmeister [Tue, 27 Sep 2016 14:27:53 +0000 (16:27 +0200)]
Fix error message

Change-Id: Ice3d62d7f75165df86c6dce60dbc6d3e9c769918

4 years agoupd: make verification processes more consistent on failure
Felix Dörre [Thu, 22 Sep 2016 21:49:48 +0000 (23:49 +0200)]
upd: make verification processes more consistent on failure

Change-Id: I0a1dfd77fea5f9b365cc166196d0068607cc2b5d

4 years agofix: content of mail footer
Felix Dörre [Thu, 22 Sep 2016 21:47:58 +0000 (23:47 +0200)]
fix: content of mail footer

Change-Id: I866901be3862c3646ff7911ee698c1ad23f934a6

4 years agofix: S/MIME signature
Felix Dörre [Wed, 21 Sep 2016 11:22:21 +0000 (13:22 +0200)]
fix: S/MIME signature

See https://tools.ietf.org/html/rfc5751#section-3.1.1 for reference.

Change-Id: I9fcd558182395ec83cadb42c0d2bc5c785d49864

4 years agoMerge "add: support configuring SetUID behavior"
Benny Baumann [Tue, 20 Sep 2016 19:23:41 +0000 (21:23 +0200)]
Merge "add: support configuring SetUID behavior"

4 years agoadd: support configuring SetUID behavior
Lucas Werkmeister [Wed, 7 Sep 2016 13:03:47 +0000 (15:03 +0200)]
add: support configuring SetUID behavior

- It is now possible to skip the setuid step altogether by setting both
  UID and GID to the special value -1.
- The Java code now verifies that the values are in range for an
  unsigned 16-bit ID.
- The C code now verifies that the cast from jint to uid_t/gid_t does
  not overflow.
- The C code now skips setuid() or setgid() if the real and effective ID
  are already the desired ID.

The 16-bit limit is somewhat arbitrary. Some old UNIX systems, such as
PWB/UNIX, supported only 8-bit IDs (see for example
/usr/man/man2/getuid.2 in Henry Spencer’s tarball); Wikipedia claims
that some other UNIX systems used 15-bit values, but does not specify
which systems; Linux originally supported 16-bit IDs but then added
support for 32-bit IDs with new syscalls in Linux 2.4. On Debian
systems, the nobody user (default setuid target) is 65534, so we need to
allow at least 16-bit IDs, otherwise the default value is invalid.

Change-Id: I66600572016b18d5ff550560048cdf691dec85e8

4 years agoadd: javadoc to "Certificate"'s constructor
Felix Dörre [Sat, 17 Sep 2016 20:49:13 +0000 (22:49 +0200)]
add: javadoc to "Certificate"'s constructor

Change-Id: I7f35343fde31b7eb3edf41a133d3600dd56338d9

4 years agoupd: factor out default client certificate profile
Felix Dörre [Fri, 16 Sep 2016 12:58:05 +0000 (14:58 +0200)]
upd: factor out default client certificate profile

Change-Id: Ief1459b17cd820d0d635e89230904d2c46cd69b2

4 years agoadd: constant for "secure." server name
Felix Dörre [Fri, 16 Sep 2016 11:05:18 +0000 (13:05 +0200)]
add: constant for "secure." server name

Change-Id: I7cfac77e65cf965d9d7f04622e6c6322880b506e

4 years agoadd: test redirect after login
Felix Dörre [Thu, 15 Sep 2016 18:34:49 +0000 (20:34 +0200)]
add: test redirect after login

Change-Id: I3caf0a1641a1673e13d68a5c8b9ec4885729811b

4 years agofix: redirect-back after login
Felix Dörre [Thu, 15 Sep 2016 18:34:36 +0000 (20:34 +0200)]
fix: redirect-back after login

Change-Id: Ib416aed3f5c64909593172dcaa378fbcbd59c183

4 years agoadd: testcase for successful certificate login
Felix Dörre [Thu, 15 Sep 2016 09:36:16 +0000 (11:36 +0200)]
add: testcase for successful certificate login

Change-Id: Ie6efe2d2a5ab6e14ca3eee95db9c5e99e498b2ce

4 years agofix: deadlock possibility in "DatabaseConnection"
Felix Dörre [Thu, 15 Sep 2016 07:50:53 +0000 (09:50 +0200)]
fix: deadlock possibility in "DatabaseConnection"

Change-Id: I987cd3d9a0940f1fe3cf9289ec7512b785eca5df

4 years agofix: certlogin. There was a "toLower" needed instead of an "toUpper"
Felix Dörre [Thu, 15 Sep 2016 07:50:37 +0000 (09:50 +0200)]
fix: certlogin. There was a "toLower" needed instead of an "toUpper"

Change-Id: Ie233b6e920ec486a7e59d100681e86856bc7485c

4 years agofix: broken hyperlink formatting
INOPIAE [Thu, 15 Sep 2016 05:53:19 +0000 (07:53 +0200)]
fix: broken hyperlink formatting

Change-Id: I8209324d6fc9dbb8d5e1f0098155a3b3f3e60591

4 years agoMerge "upd: native Makefile improvements"
Felix Dörre [Wed, 14 Sep 2016 19:45:01 +0000 (21:45 +0200)]
Merge "upd: native Makefile improvements"

4 years agoMerge "upd: modified text displayed during certificate creation process"
Felix Dörre [Wed, 14 Sep 2016 19:44:56 +0000 (21:44 +0200)]
Merge "upd: modified text displayed during certificate creation process"

4 years agoadd: js-managed default values for certificate-issue-form
Felix Dörre [Sat, 10 Sep 2016 14:18:48 +0000 (16:18 +0200)]
add: js-managed default values for certificate-issue-form

Change-Id: I73713d708f5fdbd505f408b6b19a7a0f7fab813b

4 years agoupd: modified text displayed during certificate creation process
INOPIAE [Sat, 10 Sep 2016 11:11:15 +0000 (13:11 +0200)]
upd: modified text displayed during certificate creation process

Change-Id: Ic3038b764e213e6d904ff25c115818d9b4496f7a

4 years agofix: translation strings in "VerificationAgentEntered.templ"
Felix Dörre [Sun, 11 Sep 2016 18:44:25 +0000 (20:44 +0200)]
fix: translation strings in "VerificationAgentEntered.templ"

no need to start a translation string when there is nothing
to translate

Change-Id: I2922810f617f1d9e3ec451574134dbb947c474a3

4 years agoupd: use serials lowercase-only
Felix Dörre [Sun, 11 Sep 2016 08:46:54 +0000 (10:46 +0200)]
upd: use serials lowercase-only

Change-Id: Ia30c803c25f6b593086df614ce1d711c1be84ebf