summaryrefslogtreecommitdiffstats
path: root/ipapython
Commit message (Collapse)AuthorAgeFilesLines
* Add support for client failover to the ipa command-line.Rob Crittenden2010-08-161-0/+14
| | | | | | | | | | | | This adds a new global option to the ipa command, -f/--no-fallback. If this is included then just the server configured in /etc/ipa/default.conf is used. Otherwise that is tried first then all servers in DNS with the ldap SRV record are tried. Create a new Local() Command class for local-only commands. The help command is one of these. It shouldn't need a remote connection to execute. ticket #15
* Drop our own PKCS#10 ASN.1 decoder and use the one from python-nssRob Crittenden2010-07-291-0/+4
| | | | | | | | | | | | | | | This patch: - bumps up the minimum version of python-nss - will initialize NSS with nodb if a CSR is loaded and it isn't already init'd - will shutdown NSS if initialized in the RPC subsystem so we use right db - updated and added a few more tests Relying more on NSS introduces a bit of a problem. For NSS to work you need to have initialized a database (either a real one or no_db). But once you've initialized one and want to use another you have to close down the first one. I've added some code to nsslib.py to do just that. This could potentially have some bad side-effects at some point, it works ok now.
* Clean up crypto code, take advantage of new nss-python capabilitiesRob Crittenden2010-07-151-1/+0
| | | | | | | | This patch does the following: - drops our in-tree x509v3 parser to use the python-nss one - return more information on certificates - make an API change, renaming cert-get to cert-show - Drop a lot of duplicated code
* use NSS for SSL operationsJohn Dennis2010-06-153-259/+167
|
* gpg2 requires --batch to use the --passphrase* arguments.Rob Crittenden2010-05-271-2/+2
| | | | | | This was causing replica creation and installation to fail. 596446
* Add simple test to see if client is already configuredRob Crittenden2010-05-061-0/+8
| | | | | | | | | | | | If this ever gets out of sync the user can always remove /var/lib/ipa-client/sysrestore/*, they just need to understand the implications. One potential problem is with certmonger. If you install the client and then re-install without uninstalling then the subsequent certificate request by certmonger will fail because it will already be tracking a certificate in /etc/pki/nssdb of the same nickname and subject (the old cert).
* Handle CSRs whether they have NEW in the header or notRob Crittenden2010-05-031-7/+2
| | | | Also consolidate some duplicate code
* Make the installer/uninstaller more aware of its stateRob Crittenden2010-05-031-0/+11
| | | | | | | | | | | | | | We have had a state file for quite some time that is used to return the system to its pre-install state. We can use that to determine what has been configured. This patch: - uses the state file to determine if dogtag was installed - prevents someone from trying to re-install an installed server - displays some output when uninstalling - re-arranges the ipa_kpasswd installation so the state is properly saved - removes pkiuser if it was added by the installer - fetches and installs the CA on both masters and clients
* Accept unicode for sysrestoreMartin Nagy2010-04-231-2/+2
|
* Fix http(s)_request in dogtag. Was blowing up because of unicode strings.Pavel Zuna2010-03-301-0/+4
|
* Provide mechanism in ipautil.run() to not log all arguments.Rob Crittenden2010-03-191-1/+34
| | | | | | | This is primarily designed to not log passwords but it could have other uses. 567867
* Move the HTTP/S request code to a common libraryRob Crittenden2010-02-091-1/+78
| | | | | | | | This moves code that does HTTP and HTTPS requests into a common library that can be used by both the installer and the dogtag plugin. These functions are not generic HTTP/S clients, they are designed specifically to talk to dogtag, so use accordingly.
* Remove (un)wrap_binary_data cruft from */ipautil.pyJohn Dennis2010-01-281-62/+0
| | | | | | | | Remove SAFE_STRING_PATTERN, safe_string_re, needs_base64(), wrap_binary_data(), unwrap_binary_data() from both instances of ipautil.py. This code is no longer in use and the SAFE_STRING_PATTERN regular expression string was causing xgettext to abort because it wasn't a valid ASCII string.
* Replace /etc/ipa/ipa.conf with /etc/ipa/default.confRob Crittenden2009-12-013-13/+14
| | | | | | | The new framework uses default.conf instead of ipa.conf. This is useful also because Apache uses a configuration file named ipa.conf. This wipes out the last vestiges of the old ipa.conf from v1.
* Add option to have ipautil.run() not raise an exceptionRob Crittenden2009-11-301-3/+3
| | | | | | | There are times where a caller will want to determine the course of action based on the returncode instead of relying on it != 0. This also lets the caller get the contents of stdout and stderr.
* Require current versions of python-nss & python-lxmlJohn Dennis2009-11-231-1/+1
| | | | | | ipa.spec.in | 3 ++- ipapython/nsslib.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-)
* along with stdout, stderr also log the initial commandJohn Dennis2009-11-231-2/+3
| | | | | | | | | | | | Signed-off-by: John Dennis <jdennis@redhat.com> along with stdout,stderr also log the initial command This implements better logging of external commands. Formerly we were just outputting stdout and stderr without labeling which was which. We also omitted the initial command and it's arguments. This made it difficult when reviewing the logs to know what the command was and what was stdout vs. stderr. This patch fixes that.
* Add option to the installer for uid/gid starting numbers.Rob Crittenden2009-08-271-1/+9
| | | | | | | | | | | | This also adds a new option to the template system. If you include eval(string) in a file that goes through the templater then the string in the eval will be evaluated by the Python interpreter. This is used so one can do $UIDSTART+1. If any errors occur during the evaluation the original string is is returned, eval() and all so it is up to the developer to make sure the evaluation passes. The default value for uid and gid is now a random value between 1,000,000 and (2^31 - 1,000,000)
* Clean up additional issues discovered with pylint and pycheckerRob Crittenden2009-08-203-15/+7
|
* Clean up some problems discovered with pylint and pycheckerRob Crittenden2009-08-125-26/+24
| | | | | Much of this is formatting to make pylint happy but it also fixes some real bugs.
* Allow replicas of an IPA server using an internal dogtag server as the CARob Crittenden2009-07-151-4/+6
| | | | | | | | This involves creating a new CA instance on the replica and using pkisilent to create a clone of the master CA. Also generally fixes IPA to work with the latest dogtag SVN tip. A lot of changes to ports and configuration have been done recently.
* Add a local implementation of httplib.SSLFile and httplib.FakeSocketrcrit2009-07-012-2/+188
| | | | | | | Python 2.6 changed its internal implementation which makes it difficult to override in a way that is backwards compatible. 508953
* Raise an exception if the certificate chain is not returned from the CARob Crittenden2009-05-211-6/+15
|
* Fix a comment and some typosRob Crittenden2009-05-131-1/+1
|
* Fix breakage on python 2.4 with missing object subclassRob Crittenden2009-05-051-1/+1
|
* A class for dealing with a temporary NSS certificate databaseRob Crittenden2009-05-041-0/+150
|
* Utilities for dealing with dogtagRob Crittenden2009-04-241-0/+41
|
* Handle GSSAPI exceptions more gracefullyRob Crittenden2009-04-201-7/+9
|
* Implement an installer for the Dogtag certificate system.Rob Crittenden2009-04-031-0/+150
| | | | | | | | | | | | | | | The CA is currently not automatically installed. You have to pass in the --ca flag to install it. What works: - installation - unistallation - cert/ra plugins can issue and retrieve server certs What doesn't work: - self-signed CA is still created and issues Apache and DS certs - dogtag and python-nss not in rpm requires - requires that CS be in the "pre" install state from pkicreate
* Fixed problems in ipapython/test/Jason Gerard DeRose2009-02-093-129/+2
|
* Rename ipa-python directory to ipapython so it is a real python libraryRob Crittenden2009-02-0917-0/+3303
We used to install it as ipa, now installing it as ipapython. The rpm is still ipa-python.