.git/make-lint, branch master Unnamed repository; edit this file 'description' to name the repository. Remove the unused ipalib.frontend.Property class 2014-02-21T10:58:00+00:00 Petr Viktorin pviktori@redhat.com 2013-01-16T15:26:37+00:00 eef5acd9d73c81133969521ed9fc7e82d5f180ab This class was built into the framework from its early days but it's not used anywhere. Remove it along with its tests https://fedorahosted.org/freeipa/ticket/3460 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
This class was built into the framework from its early days but it's
not used anywhere.
Remove it along with its tests

https://fedorahosted.org/freeipa/ticket/3460

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Use /usr/bin/python2 2014-01-03T08:46:05+00:00 Xiao-Long Chen chenxiaolong@cxl.epac.to 2013-11-27T13:53:57+00:00 5e96fbc22afa02f08f71513e7b59d3d5c6a1f9dc Part of the effort to port FreeIPA to Arch Linux, where Python 3 is the default. FreeIPA hasn't been ported to Python 3, so the code must be modified to run /usr/bin/python2 https://fedorahosted.org/freeipa/ticket/3438 Updated by pviktori@redhat.com 
Part of the effort to port FreeIPA to Arch Linux,
where Python 3 is the default.

FreeIPA hasn't been ported to Python 3, so the code must be modified to
run /usr/bin/python2

https://fedorahosted.org/freeipa/ticket/3438

Updated by pviktori@redhat.com
Make make-lint compatible with Pylint 1.0 2013-09-06T13:43:25+00:00 Petr Viktorin pviktori@redhat.com 2013-08-19T10:18:54+00:00 a9225be0fa7bb834cd78609603300d81dcc4d3c9 Pylint 1.0 was released[0] and it brings some incompatibilities, as well as a bug[1] that's triggered by FreeIPA code. This patch updates make-lint to be compatible with Pylint 1.0, while keeping support for version 0.26. [0] http://www.logilab.org/blogentry/163292 [1] https://bitbucket.org/logilab/pylint/issue/47 Ticket: https://fedorahosted.org/freeipa/ticket/3865 
Pylint 1.0 was released[0] and it brings some incompatibilities,
as well as a bug[1] that's triggered by FreeIPA code.

This patch updates make-lint to be compatible with Pylint 1.0,
while keeping support for version 0.26.

[0] http://www.logilab.org/blogentry/163292
[1] https://bitbucket.org/logilab/pylint/issue/47

Ticket: https://fedorahosted.org/freeipa/ticket/3865
Provide ipa-advise tool 2013-07-17T11:49:59+00:00 Tomas Babej tbabej@redhat.com 2013-06-10T12:43:24+00:00 c81849712f8888e6f12b7c2b7ebfcf5d2294addd Provides a pluggable framework for generating configuration scriptlets and instructions for various machine setups and use cases. Creates a new ipa-advise command, available to root user on the IPA server. Also provides an example configuration plugin, config-fedora-authconfig. https://fedorahosted.org/freeipa/ticket/3670 
Provides a pluggable framework for generating configuration
scriptlets and instructions for various machine setups and use
cases.

Creates a new ipa-advise command, available to root user
on the IPA server.

Also provides an example configuration plugin,
config-fedora-authconfig.

https://fedorahosted.org/freeipa/ticket/3670
Make an ipa-tests package 2013-06-17T17:22:50+00:00 Petr Viktorin pviktori@redhat.com 2013-05-21T11:40:27+00:00 c60142efda817f030a7495cd6fe4a19953e55afa Rename the 'tests' directory to 'ipa-tests', and create an ipa-tests RPM containing the test suite Part of the work for: https://fedorahosted.org/freeipa/ticket/3654 
Rename the 'tests' directory to 'ipa-tests', and create an ipa-tests RPM
containing the test suite

Part of the work for: https://fedorahosted.org/freeipa/ticket/3654
Use explicit loggers in ldap2 code 2013-03-01T15:59:42+00:00 Petr Viktorin pviktori@redhat.com 2013-01-17T12:07:17+00:00 a8c0bf0c85e5cc73a4d7035fdcf1386600911a9a This change makes it easier to see what is going on, in addition to getting rid of pylint exceptions. Also, make logging imports use explicit names instead of `import *`. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660 
This change makes it easier to see what is going on, in addition
to getting rid of pylint exceptions.

Also, make logging imports use explicit names instead of `import *`.

Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
Remove csv_separator and csv_skipspace Param arguments 2013-02-22T16:20:35+00:00 Petr Viktorin pviktori@redhat.com 2013-02-14T16:34:16+00:00 b4915bd2fde861279ba18acf940d7a5880a58ba6 These were never set to anything but the defaults. Part of work for https://fedorahosted.org/freeipa/ticket/3352 
These were never set to anything but the defaults.

Part of work for https://fedorahosted.org/freeipa/ticket/3352
Better logging for AdminTool and ipa-ldap-updater 2013-02-01T18:44:55+00:00 Petr Viktorin pviktori@redhat.com 2012-12-18T11:24:04+00:00 55cfd06e3a9cb730220836b07207f4e650de3a03 - Automatically add a "Logging and output options" group with the --quiet, --verbose, --log-file options. - Set up logging based on these options; details are in the setup_logging docstring and in the design document. - Don't bind log methods as individual methods of the class. This means one less linter exception. - Make the help for command line options consistent with optparse's --help and --version options. Design document: http://freeipa.org/page/V3/Logging_and_output 
- Automatically add a "Logging and output options" group with the --quiet,
    --verbose, --log-file options.
- Set up logging based on these options; details are in the setup_logging
    docstring and in the design document.
- Don't bind log methods as individual methods of the class. This means one
    less linter exception.
- Make the help for command line options consistent with optparse's --help and
    --version options.

Design document: http://freeipa.org/page/V3/Logging_and_output
Pylint cleanup. 2013-01-29T14:39:49+00:00 Jan Cholasta jcholast@redhat.com 2013-01-28T13:55:20+00:00 77bb4b517769f7707514b0f7e3da5762ff0f1cc4 Add more dynamic attribute info to IPATypeChecker in make-lint. Remove unnecessary pylint comments. Fix false positivies introduced by Pylint 0.26. https://fedorahosted.org/freeipa/ticket/3379 
Add more dynamic attribute info to IPATypeChecker in make-lint. Remove
unnecessary pylint comments. Fix false positivies introduced by Pylint 0.26.

https://fedorahosted.org/freeipa/ticket/3379
Compliant client side session cookie behavior 2012-12-10T17:45:09+00:00 John Dennis jdennis@redhat.com 2012-12-04T23:20:17+00:00 9269e5d6ddc85716d2b03c7763cf4b8e1ca67cad In summary this patch does: * Follow the defined rules for cookies when: - receiving a cookie (process the attributes) - storing a cookie (store cookie + attributes) - sending a cookie + validate the cookie domain against the request URL + validate the cookie path against the request URL + validate the cookie expiration + if valid then send only the cookie, no attribtues * Modifies how a request URL is stored during a XMLRPC request/response sequence. * Refactors a bit of the request/response logic to allow for making the decision whether to send a session cookie instead of full Kerberous auth easier. * The server now includes expiration information in the session cookie it sends to the client. The server always had the information available to prevent using an expired session cookie. Now that expiration timestamp is returned to the client as well and now the client will not send an expired session cookie back to the server. * Adds a new module and unit test for cookies (see below) Formerly we were always returning the session cookie no matter what the domain or path was in the URL. We were also sending the cookie attributes which are for the client only (used to determine if to return a cookie). The attributes are not meant to be sent to the server and the previous behavior was a protocol violation. We also were not checking the cookie expiration. Cookie library issues: We need a library to create, parse, manipulate and format cookies both in a client context and a server context. Core Python has two cookie libraries, Cookie.py and cookielib.py. Why did we add a new cookie module instead of using either of these two core Python libaries? Cookie.py is designed for server side generation but can be used to parse cookies on the client. It's the library we were using in the server. However when I tried to use it in the client I discovered it has some serious bugs. There are 7 defined cookie elements, it fails to correctly parse 3 of the 7 elements which makes it unusable because we depend on those elements. Since Cookie.py was designed for server side cookie processing it's not hard to understand how fails to correctly parse a cookie because that's a client side need. (Cookie.py also has an awkward baroque API and is missing some useful functionality we would have to build on top of it). cookielib.py is designed for client side. It's fully featured and obeys all the RFC's. It would be great to use however it's tightly coupled with another core library, urllib2.py. The http request and response objects must be urllib2 objects. But we don't use urllib2, rather we use httplib because xmlrpclib uses httplib. I don't see a reason why a cookie library should be so tightly coupled to a protocol library, but it is and that means we can't use it (I tried to just pick some isolated entrypoints for our use but I kept hitting interaction/dependency problems). I decided to solve the cookie library problems by writing a minimal cookie library that does what we need and no more than that. It is a new module in ipapython shared by both client and server and comes with a new unit test. The module has plenty of documentation, no need to repeat it here. Request URL issues: We also had problems in rpc.py whereby information from the request which is needed when we process the response is not available. Most important was the requesting URL. It turns out that the way the class and object relationships are structured it's impossible to get this information. Someone else must have run into the same issue because there was a routine called reconstruct_url() which attempted to recreate the request URL from other available information. Unfortunately reconstruct_url() was not callable from inside the response handler. So I decided to store the information in the thread context and when the request is received extract it from the thread context. It's perhaps not an ideal solution but we do similar things elsewhere so at least it's consistent. I removed the reconstruct_url() function because the exact information is now in the context and trying to apply heuristics to recreate the url is probably not robust. Ticket https://fedorahosted.org/freeipa/ticket/3022 
In summary this patch does:

* Follow the defined rules for cookies when:

  - receiving a cookie (process the attributes)

  - storing a cookie (store cookie + attributes)

  - sending a cookie

    + validate the cookie domain against the request URL

    + validate the cookie path against the request URL

    + validate the cookie expiration

    + if valid then send only the cookie, no attribtues

* Modifies how a request URL is stored during a XMLRPC
  request/response sequence.

* Refactors a bit of the request/response logic to allow for making
  the decision whether to send a session cookie instead of full
  Kerberous auth easier.

* The server now includes expiration information in the session cookie
  it sends to the client. The server always had the information
  available to prevent using an expired session cookie. Now that
  expiration timestamp is returned to the client as well and now the
  client will not send an expired session cookie back to the server.

* Adds a new module and unit test for cookies (see below)

Formerly we were always returning the session cookie no matter what
the domain or path was in the URL. We were also sending the cookie
attributes which are for the client only (used to determine if to
return a cookie). The attributes are not meant to be sent to the
server and the previous behavior was a protocol violation. We also
were not checking the cookie expiration.

Cookie library issues:

We need a library to create, parse, manipulate and format cookies both
in a client context and a server context. Core Python has two cookie
libraries, Cookie.py and cookielib.py. Why did we add a new cookie
module instead of using either of these two core Python libaries?

Cookie.py is designed for server side generation but can be used to
parse cookies on the client. It's the library we were using in the
server. However when I tried to use it in the client I discovered it
has some serious bugs. There are 7 defined cookie elements, it fails
to correctly parse 3 of the 7 elements which makes it unusable because
we depend on those elements. Since Cookie.py was designed for server
side cookie processing it's not hard to understand how fails to
correctly parse a cookie because that's a client side need. (Cookie.py
also has an awkward baroque API and is missing some useful
functionality we would have to build on top of it).

cookielib.py is designed for client side. It's fully featured and obeys
all the RFC's. It would be great to use however it's tightly coupled
with another core library, urllib2.py. The http request and response
objects must be urllib2 objects. But we don't use urllib2, rather we use
httplib because xmlrpclib uses httplib. I don't see a reason why a
cookie library should be so tightly coupled to a protocol library, but
it is and that means we can't use it (I tried to just pick some isolated
entrypoints for our use but I kept hitting interaction/dependency problems).

I decided to solve the cookie library problems by writing a minimal
cookie library that does what we need and no more than that. It is a
new module in ipapython shared by both client and server and comes
with a new unit test. The module has plenty of documentation, no need
to repeat it here.

Request URL issues:

We also had problems in rpc.py whereby information from the request
which is needed when we process the response is not available. Most
important was the requesting URL. It turns out that the way the class
and object relationships are structured it's impossible to get this
information. Someone else must have run into the same issue because
there was a routine called reconstruct_url() which attempted to
recreate the request URL from other available
information. Unfortunately reconstruct_url() was not callable from
inside the response handler. So I decided to store the information in
the thread context and when the request is received extract it from
the thread context. It's perhaps not an ideal solution but we do
similar things elsewhere so at least it's consistent. I removed the
reconstruct_url() function because the exact information is now in the
context and trying to apply heuristics to recreate the url is probably
not robust.

Ticket https://fedorahosted.org/freeipa/ticket/3022