summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Add tests for permission plugin with older clientsPetr Viktorin2013-12-131-0/+1127
| | | | | These tests use an old API version, which triggers backwards-compatible behavior in the plugin.
* Allow Declarative test classes to specify the API versionPetr Viktorin2013-12-131-1/+2
| | | | This makes it possible to test behavior with older clients.
* Allow sets for initialization of frozenset-typed Param keywordsPetr Viktorin2013-12-131-1/+1
| | | | | | Lists and tuples are already allowed for convenience; it is easier to write (1, 2, 3) or [1, 2, 3] than frozenset([1, 2, 3]). This allows the set literal syntax, {1, 2, 3}, as well.
* trust: fix get_dn() to distinguish creating and re-adding trustsAlexander Bokovoy2013-12-111-2/+2
| | | | | | | | | | | Latest support for subdomains introduced regression that masked difference between newly added trust and re-added one. Additionally, in case no new subdomains were found, the code was returning None instead of an empty list which later could confuse trustdomain-find command. https://fedorahosted.org/freeipa/ticket/4067
* ipa-cldap: Cut NetBIOS name after 15 charactersTomas Babej2013-12-112-1/+6
| | | | | | | | The CLDAP DS plugin uses the uppercased first segment of the fully qualified hostname as the NetBIOS name. We need to limit its size to 15 characters. https://fedorahosted.org/freeipa/ticket/4028
* test_webui: Allow False values in configuration for no_ca, no_dns, has_trustsPetr Viktorin2013-12-101-3/+3
| | | | | | | | | | | | The driver only checked if the corresponding value was in the config, so no_dns: False had the same effect as no_dns: True Change the check to take the value into consideration. This makes false-y values like False (from YAML) and empty string (from environment) work as if the value was not specified.
* Regression test for user_status crashPetr Viktorin2013-12-101-0/+25
| | | | https://fedorahosted.org/freeipa/ticket/4066
* Fix internal error in the user-status command.Jan Cholasta2013-12-101-3/+3
| | | | https://fedorahosted.org/freeipa/ticket/4066
* Consolidate .gitignore entriesMartin Kosek2013-12-102-83/+59
| | | | | | | | Clean up the .gitignore file: - Remove no longer used .gitignore entries, like .bzr files - Do not repeat autotools generated files over and over again - Whitelist existent Makefiles in the repository - Better separate the .gitignore entries
* ipa-client-install: Always pass hostname to the ipa-joinTomas Babej2013-12-091-4/+4
| | | | | | | | | | | The ipa-client-install script and ipa-join use different methods of resolving the hostname, the former uses gethostbyaddr() call, while the latter reads the "uinfo.nodename". This can result ipa-client-install failures in case of broken PTR records. https://fedorahosted.org/freeipa/ticket/4027
* Allow kernel keyring CCACHE when supportedMartin Kosek2013-12-094-1/+35
| | | | | | | Server and client installer should allow kernel keyring ccache when supported. https://fedorahosted.org/freeipa/ticket/4013
* Fix license in some Web UI filesPetr Vobornik2013-12-094-20/+17
| | | | | | Modified web ui files had incorrect GPLv2 headers instead of GPLv3 ones. All of the affected code is of FreeIPA origin.
* Remove CFLAGS duplication.Jan Cholasta2013-12-0616-18/+3
| | | | https://fedorahosted.org/freeipa/ticket/3896
* Fix compilation error in ipa-cldap.Jan Cholasta2013-12-061-1/+3
| | | | https://fedorahosted.org/freeipa/ticket/3896
* Add stricter default CFLAGS to Makefile.Jan Cholasta2013-12-061-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/3896
* Include LDFLAGS provided by rpmbuild in global LDFLAGS in the spec file.Jan Cholasta2013-12-062-1/+2
| | | | | | Remove explicitly specified hardening flags from LDFLAGS in ipa-otpd. https://fedorahosted.org/freeipa/ticket/3896
* Prefer user CFLAGS/CPPFLAGS over those provided by rpmbuild in the spec file.Jan Cholasta2013-12-061-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3896
* test_integration: Log external hostname in Host.ldap_connectPetr Viktorin2013-12-061-1/+1
| | | | This may make debugging easier if the address is set incorrectly.
* test_integration: Support external names for hostsPetr Viktorin2013-12-062-7/+16
| | | | | | | | | | | | The framework had a concept of external hostnames, which the controller uses to contact the test machines, but they were not loaded from configuration. Load external names from configuration. This makes tests pass in setups where internal and external hostnames are different, and the internal hostnames are not initially resolvable from the controller.
* Fix license tag in python setup filesSimo Sorce2013-12-052-2/+2
| | | | | | Apparently when we relicensed to GPLv3 we missed these two spots. The actual boilerplate was changed in these files but not the license tag passed to python setup.
* Clarify error message about IPv6 socket creation in ipa-cldap pluginPetr Spacek2013-12-031-1/+2
| | | | https://fedorahosted.org/freeipa/ticket/4056
* Add tests for the radiusproxy pluginPetr Viktorin2013-12-032-0/+397
|
* Add RADIUS proxy support to ipalib CLINathaniel McCallum2013-12-0310-18/+330
| | | | https://fedorahosted.org/freeipa/ticket/3368
* migrate-ds added --ca-cert-file=FILE optionMartin Basti2013-12-023-5/+25
| | | | | | | FILE is used to specify CA certificate for DS connection when TLS is required (ldaps://...). Ticket: https://fedorahosted.org/freeipa/ticket/3243
* Changed CLI to allow to use FILE as optional paramMartin Basti2013-12-021-5/+7
|
* Own /usr/share/ipa/ui/js/ in the spec file.Jan Cholasta2013-12-021-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/4010
* Use hardening flags for ipa-optd.Jan Cholasta2013-12-022-1/+5
| | | | https://fedorahosted.org/freeipa/ticket/4010
* subdomains: Use AD admin credentials when trust is being establishedAlexander Bokovoy2013-11-292-17/+38
| | | | | | | | | | | | | | | | | | | | When AD administrator credentials passed, they stored in realm_passwd, not realm_password in the options. When passing credentials to ipaserver.dcerpc.fetch_domains(), make sure to normalize them. Additionally, force Samba auth module to use NTLMSSP in case we have credentials because at the point when trust is established, KDC is not yet ready to issue tickets to a service in the other realm due to MS-PAC information caching effects. The logic is a bit fuzzy because credentials code makes decisions on what to use based on the smb.conf parameters and Python bindings to set parameters to smb.conf make it so that auth module believes these parameters were overidden by the user through the command line and ignore some of options. We have to do calls in the right order to force NTLMSSP use instead of Kerberos. Fixes https://fedorahosted.org/freeipa/ticket/4046
* Make Expression field required when adding automember conditionAna Krivokapic2013-11-271-2/+4
| | | | https://fedorahosted.org/freeipa/ticket/4053
* Remove unused method get_api of the ldap2 plugin.Jan Cholasta2013-11-271-3/+0
| | | | https://fedorahosted.org/freeipa/ticket/3971
* Refactor indirect membership processing.Jan Cholasta2013-11-271-182/+67
| | | | | | A single LDAP search is now used instead of one search per member. https://fedorahosted.org/freeipa/ticket/3971
* Support searches with paged results control in LDAPClient.Jan Cholasta2013-11-272-18/+61
| | | | https://fedorahosted.org/freeipa/ticket/3971
* Add wrapper for result3 to IPASimpleLDAPObject.Jan Cholasta2013-11-271-0/+5
| | | | https://fedorahosted.org/freeipa/ticket/3971
* Move IPA specific code from LDAPClient to the ldap2 plugin.Jan Cholasta2013-11-272-212/+211
| | | | https://fedorahosted.org/freeipa/ticket/3971
* Add server/protocol type to rpcserver logsPetr Viktorin2013-11-261-4/+17
| | | | | | Add the server class name, such as [xmlserver] or [jsonserver_kerb] to the server logs. This will allow easier debugging of problems specific to a protocol or server class.
* Make jsonserver_kerb start a cookie-based sessionPetr Viktorin2013-11-261-1/+10
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/3299
* Switch client to JSON-RPCPetr Viktorin2013-11-2618-176/+329
| | | | | | | | | | | | | | | | | | | | | | | | | | | Modify ipalib.rpc to support JSON-RPC in addition to XML-RPC. This is done by subclassing and extending xmlrpclib, because our existing code relies on xmlrpclib internals. The URI to use is given in the new jsonrpc_uri env variable. When it is not given, it is generated from xmlrpc_uri by replacing /xml with /json. The rpc_json_uri env variable existed before, but was unused, undocumented and not set the install scripts. This patch removes it in favor of jsonrpc_uri (for consistency with xmlrpc_uri). Add the rpc_protocol env variable to control the protocol IPA uses. rpc_protocol defaults to 'jsonrpc', but may be changed to 'xmlrpc'. Make backend.Executioner and tests use the backend specified by rpc_protocol. For compatibility with unwrap_xml, decoding JSON now gives tuples instead of lists. Design: http://freeipa.org/page/V3/JSON-RPC Ticket: https://fedorahosted.org/freeipa/ticket/3299
* Add krbticketPolicyAux objectclass if neededSimo Sorce2013-11-262-0/+35
| | | | | | When modifying ticket flags add the objectclass to the object if it is missing. https://fedorahosted.org/freeipa/ticket/3901
* Remove changelog from the specPetr Viktorin2013-11-261-732/+3
| | | | | | | | The project's history is kept in Git. We used the spec changelog for changes to the spec itself, which doesn't make much sense. Downstreams like Fedora use their own changelog anyway. A single entry is left for tools that expect a changelog.
* trusts: Always stop and disable smb service on uninstallTomas Babej2013-11-261-8/+7
| | | | https://fedorahosted.org/freeipa/ticket/4042
* Improve LDAPEntry.__repr__ for freshly created entriesPetr Viktorin2013-11-261-1/+3
| | | | | | | Creating a LDAPEntry from dict does not set the raw entries, to display everything we need to combine the underlying data. https://fedorahosted.org/freeipa/ticket/4015
* Remove mod_ssl port workaround.Jan Cholasta2013-11-263-12/+15
| | | | https://fedorahosted.org/freeipa/ticket/4021
* trusts: Do not pass base-id to the subdomain rangesTomas Babej2013-11-221-0/+5
| | | | | | | | | | | | | | | For trusted domains base id is calculated using a murmur3 hash of the domain Security Identifier (SID). During trust-add we create ranges for forest root domain and other forest domains. Since --base-id explicitly overrides generated base id for forest root domain, its value should not be passed to other forest domains' ranges -- their base ids must be calculated based on their SIDs. In case base id change for non-root forest domains is required, it can be done manually through idrange-mod command after the trust is established. https://fedorahosted.org/freeipa/ticket/4041
* Break long doc string in the Host pluginPetr Viktorin2013-11-214-81/+387
| | | | | | Also split the translations in French and Ukraininan Part of https://fedorahosted.org/freeipa/ticket/3587
* Add ConcatenatedLazyText objectPetr Viktorin2013-11-213-2/+94
| | | | | | | | This object will allow splitting large translatable strings into more pieces, so translators don't have to re-translate the entire text when a small part changes. https://fedorahosted.org/freeipa/ticket/3587
* Update translations from TransifexPetr Viktorin2013-11-2117-734/+541
|
* ipa-client-install: Publish CA certificate to systemwide storeTomas Babej2013-11-203-3/+88
| | | | | | | | | | | During the installation, copy the CA certificate to the systemwide store (/etc/pki/ca-trust/source/anchors/ipa-ca.crt) and update the systemwide CA database. This allows browsers to access IPA WebUI without warning out of the box. https://fedorahosted.org/freeipa/ticket/3504
* platform: Add Fedora 19 platform fileTomas Babej2013-11-203-0/+69
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3504
* WebUI: Add userClass attribute to user and host pagesAna Krivokapic2013-11-192-2/+9
| | | | | | | | | Add userClass attribute to: - user and host adder dialogs - user and host detail facets Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems https://fedorahosted.org/freeipa/ticket/3590
* Add userClass attribute for usersAna Krivokapic2013-11-195-11/+71
| | | | | | | | | This new freeform user attribute will allow provisioning systems to add custom tags for user objects which can be later used for automember rules or for additional local interpretation. Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems https://fedorahosted.org/freeipa/ticket/3588
generated by cgit (git 2.34.1) at 2024-05-03 08:05:16 +0000