summaryrefslogtreecommitdiffstats
path: root/ipaclient
Commit message (Collapse)AuthorAgeFilesLines
* Have all the scripts run in python 3 by defaultStanislav Laznicka2018-02-152-2/+2
| | | | | | | | | The Python 3 refactoring effort is finishing, it should be safe to turn all scripts to run in Python 3 by default. https://pagure.io/freeipa/issue/4985 Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Replace hard-coded paths with path constantsChristian Heimes2018-02-081-5/+5
| | | | | | | | | | | Several run() calls used hard-coded paths rather than pre-defined paths from ipaplatform.paths. The patch fixes all places that I was able to find with a simple search. The fix simplifies Darix's port of freeIPA on openSuSE. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Fixing translation problemsAleksei Slaikovskii2018-01-311-3/+3
| | | | | | | | | | | | | | | | | | | ipa rpc server did set the LANG environment variable on each request and it was not thread safe which led to unpredictable mixed languages output. Also, there were mistakes regarding setting the Accept-Language HTTP header. Now on each request we're setting the "languages" property in the context thread local variable and client is setting the Accept-Language HTTP header correctly. Also, as the server is caching the schema and the schema can be generated for several languages it's good to store different schema fingerprint for each language separately. pagure: https://pagure.io/freeipa/issue/7238 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
* LGTM: unnecessary else in for loopChristian Heimes2018-01-091-8/+7
| | | | | | | | for/else makes only sense when the for loop uses break, too. If the for loop simply returns on success, then else is not necessary. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* LGTM: Fix multiple use before assignmentChristian Heimes2018-01-091-7/+9
| | | | | | | | | | | - Move assignment before try/finally block - Add raise to indicate control flow change - Add default value https://pagure.io/freeipa/issue/7344 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* Log contents of files created or modified by IPAChangeConfRob Crittenden2018-01-041-0/+7
| | | | | | | | | | | This will show the status of the files during an installation. This is particularly important during a replica install where default.conf gets written several times. Fixes: https://pagure.io/freeipa/issue/7218 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* Vault: Add argument checks to encrypt/decryptChristian Heimes2017-12-191-6/+14
| | | | | | | | | | | Vault's encrypt and decrypt helper function take either symmetric or public/private key. Raise an exception if either both or none of them are passed down. See https://pagure.io/freeipa/issue/7326 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Felipe Volpone <fbarreto@redhat.com>
* Fix pylint warnings inconsistent-return-statementsChristian Heimes2017-12-182-0/+5
| | | | | | | | | | Add consistent return to all functions and methods that are covered by tox -e pylint[23]. I haven't checked if return None is always a good idea or if we should rather raise an error. See: https://pagure.io/freeipa/issue/7326 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa_certupdate: avoid classmethod and staticmethodFraser Tweedale2017-12-111-136/+134
| | | | | | | | | | | | | Because classmethod and staticmethod are just fancy ways of calling plain old functions, turn the classmethods and staticmethods of CertUpdate into plain old functions. This improves readability by making it clear that the behaviour of the routines cannot depend on instance or class variables. Part of: https://pagure.io/freeipa/issue/6577 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* CertUpdate: make it easy to invoke from other programsFraser Tweedale2017-12-111-25/+38
| | | | | | | | | | | | The guts of ipa-certupdate are useful to execute as part of other programs (e.g. as a first step of ipa-ca-install). Refactor ipa_certupdate.CertUpdate to make it easy to do that. In particular, make it possible to use an already-initialised API object. Part of: https://pagure.io/freeipa/issue/6577 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Support sqlite NSSDBChristian Heimes2017-11-161-8/+2
| | | | | | | | | | | Prepare CertDB and NSSDatabase to support sqlite DB format. NSSDatabase will automatically detect and use either old DBM or new SQL format. Old databases are not migrated yet. https://pagure.io/freeipa/issue/7049 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* x509: remove the strip_header() functionStanislav Laznicka2017-11-012-2/+3
| | | | | | | | We don't need the strip_header() function, to load an unknown x509 certificate, load_unknown_x509_certificate() should be used. Reviewed-By: Tibor Dudlak <tdudlak@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* csrgen_ffi: cast the DN value to unsigned char *Stanislav Laznicka2017-10-251-1/+2
| | | | | | | | cffi throws warnings during the implicit cast from char * to unsigned char * since the support of these casts is nearing its end of life. https://pagure.io/freeipa/issue/7131
* parameters: introduce CertificateSigningRequestStanislav Laznicka2017-10-251-3/+0
| | | | | | | | | | Previously, CSRs were handled as a Str parameter which brought trouble to Python 3 because of its more strict type requirements. We introduce a CertificateSigningRequest parameter which allows to use python-cryptography x509.CertificateSigningRequest to represent CSRs in the framework. https://pagure.io/freeipa/issue/7131
* csrgen: update docstring for py3Stanislav Laznicka2017-10-251-1/+1
| | | | https://pagure.io/freeipa/issue/7131
* csrgen: accept public key info as BytesStanislav Laznicka2017-10-252-3/+3
| | | | | | | | cert_get_requestdata() method is meant for internal use only and is never passed a file. Make its parameter public_key_info Bytes to better represent what's actually being passed to it. https://pagure.io/freeipa/issue/7131
* csrgen_ffi: pass bytes where "char *" is requiredStanislav Laznicka2017-10-251-4/+4
| | | | | | In Python 3, "char *" corresponds to bytes rather than string. https://pagure.io/freeipa/issue/7131
* py3: fix ipa cert-request --database ...Florence Blanc-Renaud2017-10-251-3/+3
| | | | | | Fix bytes vs str issues in ipa cert-request https://pagure.io/freeipa/issue/7148
* Use os.path.isfile() and isdir()Christian Heimes2017-10-201-14/+12
| | | | | | | | | | | Replace custom file_exists() and dir_exists() functions with proper functions from Python's stdlib. The change also gets rid of pylint's invalid bad-python3-import error, https://github.com/PyCQA/pylint/issues/1565 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* ipaclient.plugins.dns: Cast DNS name to unicodeAleksei Slaikovskii2017-10-201-1/+1
| | | | | | | | | | | | | | cmd.api.Command.dnsrecord_split_parts expects name to be unicode string and instead gets ascii. It leads to an error: ipa: ERROR: invalid 'name': must be Unicode text This commit's change is casting name's type to unicode so 'ipa dnsrecord-mod' will not fail with error above. https://pagure.io/freeipa/issue/7185 Reviewed-By: Tibor Dudlak <tdudlak@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* client: fix retrieving certs from HTTPStanislav Laznicka2017-09-131-1/+1
| | | | | | | | | We're applying bytes regex on the result of a command but were using decoded stdout instead of raw. https://pagure.io/freeipa/issue/7131 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
* uninstall: remove deprecation warningStanislav Laznicka2017-09-121-3/+1
| | | | | | | | | RawConfigParser.readfp() method is deprecated and throws DeprecationWarning in python 3 during uninstall. https://pagure.io/freeipa/issue/7131 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
* pylint: fix no-member in schema pluginStanislav Laznicka2017-09-081-1/+1
| | | | | | | | | The `module.register` member is added just a few lines before pylint warns there's none such thing. https://pagure.io/freeipa/issue/6874 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* csrgen: fix incorrect codec for pyasn BitStringStanislav Laznicka2017-09-081-1/+5
| | | | | | https://pagure.io/freeipa/issue/6874 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Remove unused variableStanislav Laznicka2017-09-011-1/+1
| | | | Reviewed-By: Felipe Volpone <fbarreto@redhat.com>
* csrgen: support openssl 1.0 and 1.1Alexander Bokovoy2017-08-311-2/+9
| | | | | | | | | | | | | Support both openssl 1.0 and 1.1 APIs where sk_* functions got prefixed with OPENSSL_ in the latter version. Since referencing a symbol from a dynamically loaded library generates exception, use the AttributeError exception to catch it and fall back to the older method. Fixes https://pagure.io/freeipa/issue/7110 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* py3: handle bytes in schema responseFraser Tweedale2017-08-291-4/+13
| | | | | | | | | | | | | | | If a server is running under py2 it could return a bytes value for the 'topic_topic' field in the schema response. A py3 client fails to handle this (in one place it applies 'str' to it, which raises BytesWarning; in other places it tries to serialise the schema to JSON which fails because of the bytes value). Handle the case where 'topic_topic' is not unicode, and handle bytes values when serialising the schema to JSON. Fixes: https://pagure.io/freeipa/issue/6809 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* py3: fix vault public key decodingFraser Tweedale2017-08-291-1/+1
| | | | | | Part of: https://pagure.io/freeipa/issue/7033 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Changing how commands handles error when it can't connect to IPA serverFelipe Volpone2017-08-111-5/+2
| | | | | | | | | Creating a method to check if ipa client is configured. Also, changing scripts to use it instead of duplicating the check. https://pagure.io/freeipa/issue/6261 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
* otptoken_yubikey.py: Removed traceback when package missing.Tibor Dudlák2017-08-111-0/+3
| | | | | | | | | IPA should suggest user to install dependent packages instead of throwing traceback. To work with IPA and Yubikey, packages libyubikey(not in official RHEL repo) and libusb are required. Resolves: https://pagure.io/freeipa/issue/6979 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
* Create a Certificate parameterStanislav Laznicka2017-07-272-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | Up until now, Bytes parameter was used for certificate parameters throughout the framework. However, the Bytes parameter does nothing special for certificates, like validation, so this had to be done for each of the parameters which were supposed to represent a certificate. This commit introduces a special Certificate parameter which takes care of certificate validation so this does not have to be done separately. It also makes sure that the certificates represented by this parameter are always converted to DER format so that we can work with them in a unified manner throughout the framework. This commit also makes it possible to pass bytes directly during instantiation of the Certificate parameter and they are still represented correctly after their conversion in the _convert_scalar() method. https://pagure.io/freeipa/issue/4985 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* x509: Make certificates represented as objectsStanislav Laznicka2017-07-277-39/+23
| | | | | | | | https://pagure.io/freeipa/issue/4985 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Split x509.load_certificate() into PEM/DER functionsStanislav Laznicka2017-07-273-4/+4
| | | | | | | | | | | | | Splitting the load_certificate() function into two separate helps us word the requirements for the input explicitly. It also makes our backend similar to the one of python-cryptography so eventually we can swap python-cryptography for IPA x509 module. https://pagure.io/freeipa/issue/4985 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* logging: do not use `ipa_log_manager` to create module-level loggersJan Cholasta2017-07-144-15/+15
| | | | | | | | Replace all `ipa_log_manager.log_mgr.get_logger` calls to create module-level loggers with `logging.getLogger` calls and deprecate `ipa_log_manager.log_mgr.get_logger`. Reviewed-By: Martin Basti <mbasti@redhat.com>
* logging: do not log into the root loggerJan Cholasta2017-07-143-359/+364
| | | | | | | Deprecate `ipa_log_manager.root_logger` and replace all calls to it with module-level logger calls. Reviewed-By: Martin Basti <mbasti@redhat.com>
* logging: remove object-specific loggersJan Cholasta2017-07-141-9/+11
| | | | | | | | | | Remove all object-specific loggers, with the exception of `Plugin.log`, which is now deprecated. Replace affected logger calls with module-level logger calls. Deprecate object-specific loggers in `ipa_log_manager.get_logger`. Reviewed-By: Martin Basti <mbasti@redhat.com>
* logging: port to standard Python loggingJan Cholasta2017-07-141-4/+9
| | | | | | | | | | Use the standard `logging` module to configure logging instead of the in-house `ipapython.log_manager` module and remove `ipapython.log_manager`. Disable the logging-not-lazy and logging-format-interpolation pylint checks. Reviewed-By: Martin Basti <mbasti@redhat.com>
* topology.py: Removes error message from dictionary.Tibor Dudlák2017-07-141-6/+5
| | | | | | | | IPA will not print error message header when maximum number of agreements per replica exceeded in topology. Resolves: https://pagure.io/freeipa/issue/6533 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: do not assume /etc/krb5.conf.d existsJan Cholasta2017-06-281-6/+10
| | | | | | | | | | | | | | | Add `includedir /etc/krb5.conf.d` to /etc/krb5.conf only if /etc/krb5.conf.d exists. Do not rely on /etc/krb5.conf.d to enable the certauth plugin. This fixes install on platforms which do not have /etc/krb5.conf.d. https://pagure.io/freeipa/issue/6589 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* py3: vault: data must be bytesMartin Basti2017-06-231-1/+1
| | | | | | | | Use bytes for vault data https://pagure.io/freeipa/issue/4985 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Remove network and broadcast address warningsMartin Basti2017-06-201-4/+0
| | | | | | | | | | We cannot reliably determine when an IP Address is network or broadcast. We allowed to use non-local IP addresses due container use cases, we don't know subnets of used IP addresses. https://pagure.io/freeipa/issue/4317 Reviewed-By: David Kupka <dkupka@redhat.com>
* Docstring+refactor of IPADiscovery.ipadnssearchkrbrealm()Stanislav Laznicka2017-06-151-3/+7
| | | | | | | Added a docstring and made a tiny miny refactor to IPADiscovery.ipadnssearchkrbrealm() Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipadiscovery: Return realm as a stringStanislav Laznicka2017-06-151-1/+7
| | | | | | | | | We don't have a use for realm as a bytes instance, return it as a string, otherwise there's a use of str() on bytes in py3. https://pagure.io/freeipa/issue/4985 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Disable pylint in get_help function because of type confusion.David Kreitschmann2017-06-151-1/+3
| | | | | Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Store help in Schema before writing to diskDavid Kreitschmann2017-06-151-1/+2
| | | | | | Signed-off-by: David Kreitschmann <david@kreitschmann.de> Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* sssd.py: Deprecating no-sssd option.Tibor Dudlák2017-06-081-0/+1
| | | | | Resolves: https://pagure.io/freeipa/issue/5860 Reviewed-By: Martin Basti <mbasti@redhat.com>
* client.py: Replace hardcoded 'admin' with options.principalTibor Dudlák2017-06-081-4/+11
| | | | | | Fixes: https://pagure.io/freeipa/issue/5406 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
* Only warn when specified server IP addresses don't match intfMartin Basti2017-06-061-1/+3
| | | | | | | | | | In containers local addresses differ from public addresses and we need a way to provide only public address to installers. https://pagure.io/freeipa/issue/2715 https://pagure.io/freeipa/issue/4317 Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
* ca/cert-show: check certificate_out in optionsStanislav Laznicka2017-05-242-5/+15
| | | | | | | | | | | | | | If --certificate-out was specified on the command line, it will appear among the options. If it was empty, it will be None. This check was done properly in the ca plugin. Lets' just unify how this is handled and improve user experience by announcing which option causes the failure. https://pagure.io/freeipa/issue/6885 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* server install: fix KDC PKINIT configurationJan Cholasta2017-05-191-0/+1
| | | | | | | | | | | | | | Set `pkinit_pool` in `kdc.conf` to a CA certificate bundle of all CAs known to IPA. Make sure `cacert.pem` is exported in all installation code paths. Use the KDC certificate itself as a PKINIT anchor in `login_password`. https://pagure.io/freeipa/issue/6831 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
generated by cgit (git 2.34.1) at 2025-08-31 23:34:19 +0000