summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ipa-kdb: Get/Store Master Key directly from LDAPSimo Sorce2011-08-265-12/+264
|
* ipa-kdb: add functions to change principalsSimo Sorce2011-08-263-1/+804
|
* ipa-kdb: add function to iterate over principalsSimo Sorce2011-08-261-1/+41
|
* ipa-kdb: add functions to delete principalsSimo Sorce2011-08-261-1/+121
|
* ipa-kdb: add function to free principalsSimo Sorce2011-08-261-1/+16
|
* ipa-kdb: functions to get principalSimo Sorce2011-08-264-35/+884
|
* ipa-kdb: add common utility ldap wrapper functionsSimo Sorce2011-08-263-0/+464
|
* ipa-kdb: implement get_time functionSimo Sorce2011-08-262-1/+6
|
* ipa-kdb: initialize module functionsSimo Sorce2011-08-263-6/+384
| | | | | Initialize module also on ipadb_create invocation. This is what kdb5_util expects.
* ipa-kdb: add exports fileSimo Sorce2011-08-262-1/+14
| | | | limit exported symbols only to the ones actually needed by krb5kdc
* ipa-kdb: Initial plugin skeletonSimo Sorce2011-08-266-0/+233
|
* ipa-pwd-extop: make encsalt parsing function commonSimo Sorce2011-08-263-91/+99
| | | | It is going to be used by the ipa-kdb module too.
* ipa-pwd-extop: Move encoding in common tooSimo Sorce2011-08-266-202/+174
| | | | Also to be used by ipa-kdb
* ipa-pwd-extop: Move encryption of keys in commonSimo Sorce2011-08-263-207/+244
| | | | This way we can reuse the same code from ipa-kdb later
* ipa-pwd-extop: Use common krb5 structs from kdb.hSimo Sorce2011-08-264-19/+14
| | | | This removes custom structures and allows easier sharing of code with ipa-kdb
* ipa-pwd-extop: re-indent code using old styleSimo Sorce2011-08-261-30/+30
|
* ipa-pwd-extop: Use the proper mkvno number in keysSimo Sorce2011-08-264-6/+6
| | | | | | | | Setting 0 will work as MIT KDCs assume the current master key when that is found. But it is a legacy compatibility mode and we should instead set the proper mkvno number on keys so changeing master key becomes possible w/o having to do a dump reload and stopping the service. This is especially important in replicated environments.
* ipa-pwd-extop: do not append mkvno to krbExtraDataSimo Sorce2011-08-261-9/+2
| | | | | mkvno is actually available as part of the key material. There is no need to store it in the krbExtraData field as it is unused there.
* ipa-pwd-extop: Remove unused variables and code to set themSimo Sorce2011-08-261-12/+0
|
* krbinstance: use helper function to get realm suffixSimo Sorce2011-08-261-5/+8
|
* ipa-pwd_extop: use endian.h instead of nih functionSimo Sorce2011-08-263-10/+8
|
* Fix build warningsSimo Sorce2011-08-264-14/+16
| | | | Some are actual bugs.
* ticket 1669 - improve i18n docstring extractionJohn Dennis2011-08-2431-914/+634
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch reverts the use of pygettext for i18n string extraction. It was originally introduced because the help documentation for commands are in the class docstring and module docstring. Docstrings are a Python construct whereby any string which immediately follows a class declaration, function/method declaration or appears first in a module is taken to be the documentation for that object. Python automatically assigns that string to the __doc__ variable associated with the object. Explicitly assigning to the __doc__ variable is equivalent and permitted. We mark strings in the source for i18n translation by embedding them in _() or ngettext(). Specialized extraction tools (e.g. xgettext) scan the source code looking for strings with those markers and extracts the string for inclusion in a translation catalog. It was mistakingly assumed one could not mark for translation Python docstrings. Since some docstrings are vital for our command help system some method had to be devised to extract docstrings for the translation catalog. pygettext has the ability to locate and extract docstrings and it was introduced to acquire the documentation for our commands located in module and class docstrings. However pygettext was too large a hammer for this task, it lacked any fined grained ability to extract only the docstrings we were interested in. In practice it extracted EVERY docstring in each file it was presented with. This caused a large number strings to be extracted for translation which had no reason to be translated, the string might have been internal code documentation never meant to be seen by users. Often the superfluous docstrings were long, complex and likely difficult to translate. This placed an unnecessary burden on our volunteer translators. Instead what is needed is some method to extract only those strings intended for translation. We already have such a mechanism and it is already widely used, namely wrapping strings intended for translation in calls to _() or _negettext(), i.e. marking a string for i18n translation. Thus the solution to the docstring translation problem is to mark the docstrings exactly as we have been doing, it only requires that instead of a bare Python docstring we instead assign the marked string to the __doc__ variable. Using the hypothetical class foo as an example. class foo(Command): ''' The foo command takes out the garbage. ''' Would become: class foo(Command): __doc__ = _('The foo command takes out the garbage.') But which docstrings need to be marked for translation? The makeapi tool knows how to iterate over every command in our public API. It was extended to validate every command's documentation and report if any documentation is missing or not marked for translation. That information was then used to identify each docstring in the code which needed to be transformed. In summary what this patch does is: * Remove the use of pygettext (modification to install/po/Makefile.in) * Replace every docstring with an explicit assignment to __doc__ where the rhs of the assignment is an i18n marking function. * Single line docstrings appearing in multi-line string literals (e.g. ''' or """) were replaced with single line string literals because the multi-line literals were introducing unnecessary whitespace and newlines in the string extracted for translation. For example: ''' The foo command takes out the garbage. ''' Would appear in the translation catalog as: "\n The foo command takes out the garbage.\n " The superfluous whitespace and newlines are confusing to translators and requires us to strip leading and trailing whitespace from the translation at run time. * Import statements were moved from below the docstring to above it. This was necessary because the i18n markers are imported functions and must be available before the the doc is parsed. Technically only the import of the i18n markers had to appear before the doc but stylistically it's better to keep all the imports together. * It was observed during the docstring editing process that the command documentation was inconsistent with respect to the use of periods to terminate a sentence. Some doc had a trailing period, others didn't. Consistency was enforced by adding a period to end of every docstring if one was missing.
* ticket 1706 - internationalize cli help frameworkJohn Dennis2011-08-241-7/+7
| | | | | | | | | In cli.py is a framework for printing out help information. The command documentation being displayed is internationalized, however the text generated by the help framework itself is not internationalized. The strings output by the help subsystem need to be internationalized.
* ticket 1705 - internationalize help topicsJohn Dennis2011-08-247-11/+9
| | | | | | | | | | | | * Wrap each topic description in _() * Replace the use of if 'topic' in dir(module) with the more Pythonic and efficient getattr(module, 'topic', None) * Make sure to invoke unicode on the value returned from _() otherwise you'll get a GettextFactory instance, not a string * Clean up trailing whitespace errors
* ticket 1707 - add documentation validation to makeapi toolJohn Dennis2011-08-241-4/+116
| | | | | | | | | | | | | | | | | Iterate over all API commands and perform the following validation: * Every command must have documentation and it must be marked for international translation * Every module hosting a command must have documentation and it must be marked for international translation * Every module topic must be marked for international translation For every error found emit a diagnostic. Emit a summary of total errors found. Return error flag if errors found, zero otherwise.
* Retrieve password/keytab state when modifying a host.Rob Crittenden2011-08-252-0/+7
| | | | ticket https://fedorahosted.org/freeipa/ticket/1714
* Modify serial associator to use batchPetr Vobornik2011-08-252-37/+44
| | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1688 The serial associator is used to execute a command multiple times with different parameters. This is used for adding/removing a user into/from multiple groups. It has some issues: Each command is executed one-by-one, so it could be slow. * If there's a failure the rest of the commands will not be executed. * This can be fixed by putting the commands into a batch and execute them at once.
* Fixed default map type in automount map adder dialog.Endi S. Dewata2011-08-253-65/+62
| | | | | | | The adder dialog for automount map has been modified to select the direct map by default. Ticket #1698
* Add option to only prompt once for passwords, use in entitle_registerRob Crittenden2011-08-244-5/+12
| | | | | | | | | A Password param always prompted to confirm the entered password. This doesn't make sense if you want to prompt for a password to another system like we do with entitlements. This adds a new boolean option to control the Password prompt parameter. https://fedorahosted.org/freeipa/ticket/1695
* Add label for HBAC services to show as membersRob Crittenden2011-08-241-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/1711
* Add additional pam ftp services to HBAC, and a ftp HBAC service groupRob Crittenden2011-08-242-0/+44
| | | | | | This adds proftpd, pure-ftpd, vsftpd and gssftp. https://fedorahosted.org/freeipa/ticket/1703
* Validation of details facet before update ↵Petr Vobornik2011-08-254-10/+43
| | | | | | | | https://fedorahosted.org/freeipa/ticket/1676 The ticket is a duplicate of server error, but it revealed few UI errors. Newly performs validation of details facet before update. If validation fails, notification dialog is shown and command isn't executed. Fixed integer minimum and maximum value checking. Read-only and non-writable fields are no longer considered required.
* Fixed command partial failure handling.Endi S. Dewata2011-08-241-39/+45
| | | | | | | When a command returns a partial failure it should be treated as a success but the failures should still be displayed. Ticket #1628
* Show error in adding associationsPetr Vobornik2011-08-242-23/+93
| | | | https://fedorahosted.org/freeipa/ticket/1628
* Change the way has_keytab is determined, also check for password.Rob Crittenden2011-08-2416-34/+185
| | | | | | | | | | | | | | | | | | | | We need an indicator to see if a keytab has been set on host and service entries. We also need a way to know if a one-time password is set on a host. This adds an ACI that grants search on userPassword and krbPrincipalKey so we can do an existence search on them. This way we can tell if the attribute is set and create a fake attribute accordingly. When a userPassword is set on a host a keytab is generated against that password so we always set has_keytab to False if a password exists. This is fine because when keytab gets generated for the host the password is removed (hence one-time). This adds has_keytab/has_password to the user, host and service plugins. ticket https://fedorahosted.org/freeipa/ticket/1538
* Fix thread deadlock by using pthreads library instead of NSPR.Rob Crittenden2011-08-242-14/+12
| | | | | | | The 389-ds team is in the process of exposing slapi_rwlock which we will switch to when it is available. https://fedorahosted.org/freeipa/ticket/1630
* Suppress 389-ds debug output when starting servicesRob Crittenden2011-08-241-12/+49
| | | | | | If the user wants the output they can pass the --debug flag to ipactl. https://fedorahosted.org/freeipa/ticket/1402
* Removed unnecessary HBAC/sudo rule category modification.Endi S. Dewata2011-08-236-134/+40
| | | | | | | | | | Since the Add/Delete links in the association table are disabled when the category is set to 'all', it's no longer necessary to check the category before showing the add/delete dialogs and modify the category before adding entries. Thus, the IPA.rule_association_table_widget is no longer needed. Ticket #1692
* Verify that the external CA certificate files are correct.Jan Cholasta2011-08-232-7/+60
| | | | ticket 1572
* Add subscription-manager dependency for RHEL.Jan Cholasta2011-08-231-0/+6
| | | | ticket 1664
* Improve sudorule documentationJr Aquino2011-08-231-0/+11
| | | | | | | | Added brief explanations for the various Sudo components in the top level doc. Added doc entries for RunAs User and RunAs Group. https://fedorahosted.org/freeipa/ticket/1657
* Updated add and delete association dialog titles.Endi S. Dewata2011-08-238-278/+187
| | | | | | | | | | The association table widget and facet have been modified to accept titles for the add and delete dialogs. The table and facet definitions have been modified to specify the appropriate titles. Some unused code have been removed. Ticket #1629
* Search for users in all the naming contexts present on the directory server.Jan Cholasta2011-08-221-14/+25
| | | | ticket 1655, 1656
* Fix wording in examples of delegation plugin.Rob Crittenden2011-08-191-5/+5
| | | | https://fedorahosted.org/freeipa/ticket/1013
* Do batch logging on successful commands too, not just failures.Rob Crittenden2011-08-191-1/+1
| | | | This was an oversight for previous logging patch, ticket 1598
* Uncheck checkboxes in association after deletionPetr Vobornik2011-08-194-18/+35
| | | | https://fedorahosted.org/freeipa/ticket/1639
* Log each command in a batch separately.Rob Crittenden2011-08-192-2/+31
| | | | | | | This also fixes command logging in general, it wasn't working in most cases as a regression in ticket 1322. https://fedorahosted.org/freeipa/ticket/1598
* Add option to install without the automatic redirect to the Web UI.Jan Cholasta2011-08-186-8/+18
| | | | ticket 1570
* Fix automountlocation-import conflictsMartin Kosek2011-08-181-2/+14
| | | | | | | | | Do not fail import operation with DuplicateEntry when imported maps/keys conflict with maps/keys pre-created by automountlocation-add command. Currently, this applies for map 'auto.direct' and key '/-'. https://fedorahosted.org/freeipa/ticket/1551
generated by cgit (git 2.34.1) at 2024-06-30 12:21:54 +0000