summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ipaserver/dcerpc.py: populate forest trust information using realmdomainsAlexander Bokovoy2013-10-041-18/+95
| | | | | | | | Use realmdomains information to prepopulate forest trust info. As result, all additional domains should now be enabled from the beginning, unless they really conflict with existing DNS domains on AD side. https://fedorahosted.org/freeipa/ticket/3919
* ipatests.test_cmdline.test_help: Re-raise unexpected exceptions on failurePetr Viktorin2013-10-031-1/+2
| | | | | | If an exception is expected, but another one is raised, the CLITestContext raised a generic AssertionError. Pass through the original exception instead
* ipatests.test_integration.host: Add logging to ldap_connect()Petr Vobornik2013-10-031-2/+4
|
* ipatests.beakerlib_plugin: Add argument of generated tests to test captionsPetr Viktorin2013-10-032-1/+9
| | | | | | | | | | | To differentiate between individual tests in BeakerLib output, the argument needs to be added to the test name. Since Nose doesn't provide a way to get the argument in a plugin, a `test_argument` attribute must be added to the test function to support this, simlarly to how `description` is used to set individual "docstrings". Add test_argument to the generated tests in the CA-less suite.
* ipatests.order_plugin: Exclude test generators from the orderPetr Viktorin2013-10-031-1/+14
| | | | | | | Ordered test generators were not announced in plugin hooks, so e.g. the Beakerlib or collect plugin did not announce them. Exclude test generators from ordering.
* ipatests.beakerlib_plugin: Warn instead of failing when some logs are missingPetr Viktorin2013-10-031-2/+1
|
* ipatests.test_integration.test_caless: Fix mkdir_recursive callPetr Viktorin2013-10-031-1/+1
|
* test_integration: Add OpenSSHTransport, used if paramiko is not availablePetr Viktorin2013-10-032-2/+140
| | | | | | | | | | This adds a transport that uses /usr/bin/ssh calls to communicate with remote hosts. This transport is a bit slower and buffers output more than paramiko, so it is only used if paramiko is not available, or forced with an environment variable. https://fedorahosted.org/freeipa/ticket/3890
* test_integration.host: Move transport-related functionality to a new modulePetr Viktorin2013-10-034-214/+371
| | | | | | | | | | | | | | | This will make it possible to use a different mechanism for cases like - Paramiko is not available - Hosts without SSH servers (e.g. Windows) Add BaseHost, Transport & Command base classes that define the interface and common functionality, and Host, ParamikoTransport & SSHCommand with specific details. The {get,put}_file_contents methods are left on Host for convenience; all other Transport methods must be now accessed through the transport. Part of the work for https://fedorahosted.org/freeipa/ticket/3890
* Do not set DNS discovery domain in server modeMartin Kosek2013-10-031-1/+2
| | | | | | | In server mode, the discovery domain should be left unset in all cases as the DNS discovery is only driven by the AD domains. https://fedorahosted.org/freeipa/ticket/3947
* Use FQDN when creating MSDCS SRV recordsMartin Kosek2013-10-031-4/+11
| | | | | | | When IPA server hostname is outside of default DNS domain, instead of relative domain name, FQDN should be used. https://fedorahosted.org/freeipa/ticket/3908
* Warn user about realm-domain mismatch in install scriptsTomas Babej2013-10-034-1/+31
| | | | | | | | | | | | | | If the IPA server is setup with non-matching domain and realm names, it will not be able to estabilish trust with the Active Directory. Adds warnings to the ipa-server-install and warning to the ipa-adtrust-install (which has to be confirmed). Man pages for the ipa-server-install and ipa-adtrust-install were updated with the relevant notes. https://fedorahosted.org/freeipa/ticket/3924
* Do not add trust to AD in case of IPA realm-domain mismatchTomas Babej2013-10-031-0/+13
| | | | | | | | Make sure that trust-add command fails when admin attempts to add an Active Directory trust when the realm name and the domain name of the IPA server do not match. https://fedorahosted.org/freeipa/ticket/3923
* Fix enablement of automount map type selectorPetr Vobornik2013-10-032-1/+37
| | | | | | Map type radio used old way of defining that its value should not be used in add command. Recent patch related to 'enable' attribute hardened/fixed the behavior of radio widgets so they are disabled in UI as well when enabled==false. Automount did not reflect this change. https://fedorahosted.org/freeipa/ticket/3954
* Use correct super-calls in get_args() methodsPetr Viktorin2013-10-022-24/+21
| | | | | | | | | | The get_args methods in ipalib.crud and ipalib.plugins.baseldap used super() calls that skipped some of the classes in the inheritance chain, and contained code that reimplemented some of the skipped functionality. This made it difficult to customize the get_args behavior. Use proper super() calls.
* Ensure credentials structure is initializedNathaniel McCallum2013-10-021-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3953
* CLDAP: do not read IPA domain from hostnameSumit Bose2013-09-271-47/+25
| | | | | | | | | | | | Currently the CLDAP plugin determines the IPA domain name by reading the current host name and splitting of the domain part. But since an IPA server does not have to be in a DNS domain which has the same name as the IPA domain this may fail. The domain name was used to search the ipaNTDomainAttrs object, but since this object is unique in the tree it is sufficient to use the objectclass in the search filter. Now the IPA domain can be read from the ipaNTDomainAttrs object as well. Fixes https://fedorahosted.org/freeipa/ticket/3941
* Allow edit of ipakrbokasdelegate in Web UI when attrlevelrights are unknownPetr Vobornik2013-09-262-3/+5
| | | | | | | | Old host entries are missing object class with krbticketflags attribute. Therefore UI does not receive attrlevelrights for it. This OC is added when ipakrbokasdelegate is set. This patch adds the usual hack for such cases. https://fedorahosted.org/freeipa/ticket/3940
* Raise an error when updating CIDict with duplicate keysPetr Viktorin2013-09-252-3/+34
| | | | | | | | | Updating a CIDict with data like {'A': 1, 'a': 2} would lead to data loss since only one of the items would get to the CIDict. This can result in non-obvious bugs similar to this one in python-ldap: https://bugzilla.redhat.com/show_bug.cgi?id=1007820 Raise an error in this case; any resolution must be done by the caller.
* Add missing dict methods to CIDictPetr Viktorin2013-09-252-21/+115
| | | | | | | | | | | | | Make the CIDict interface match standard dict (except view* methods). Add __contains__, __iter__, clear. Add keyword and iterable support for __init__, update. Also add values() and itervalues(). Previously the dict versions were used; the new ones guarantee that the order matches keys(). Mark view* methods as not implemented. CIDict.copy() now returns a CIDict. Test the above additions, and fromkeys() which worked but wasn't tested.
* Convert test_ipautil from unittest to nosePetr Viktorin2013-09-251-169/+153
|
* Move tests to test directoriesPetr Viktorin2013-09-256-311/+282
| | | | | | | | Nose doesn't pick up directories that don't begin with 'test'. Rename ipatests/test_ipaserver/install to test_install so that it's run. Also, merge test_ipautil.py from ipapython/test into tests/test_ipapython, so the whole test suite is in one place.
* ipa-sam: report supported enctypes based on Kerberos realm configurationAlexander Bokovoy2013-09-201-12/+117
| | | | | | | | | | | | | | | | | | | We store Kerberos realm configuration in cn=REALM,cn=kerberos,$SUFFIX. Along other configuration options, this container has list of default supported encryption types, in krbDefaultEncSaltTypes. Fetch krbDefaultEncSaltTypes value on ipa-sam initialization and convert discovered list to the mask of supported encryption types according to security.idl from Samba: typedef [public,bitmap32bit] bitmap { KERB_ENCTYPE_DES_CBC_CRC = 0x00000001, KERB_ENCTYPE_DES_CBC_MD5 = 0x00000002, KERB_ENCTYPE_RC4_HMAC_MD5 = 0x00000004, KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 = 0x00000008, KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = 0x00000010 } kerb_EncTypes; Part of https://fedorahosted.org/freeipa/ticket/3898
* ipa-sam: do not leak LDAPMessage on ipa-sam initializationAlexander Bokovoy2013-09-201-2/+7
| | | | | | | | We used to handle some of code paths to free memory allocated by the LDAP library but there are few more unhandled. In addition, search result wasn't freed on successful initialization, leaking for long time. https://fedorahosted.org/freeipa/ticket/3913
* ipa-sam: do not modify objectclass when trust object already createdAlexander Bokovoy2013-09-203-41/+81
| | | | | | | | | | | When trust is established, last step done by IPA framework is to set encryption types associated with the trust. This operation fails due to ipa-sam attempting to modify object classes in trust object entry which is not allowed by ACI. Additionally, wrong handle was used by dcerpc.py code when executing SetInformationTrustedDomain() against IPA smbd which prevented even to reach the point where ipa-sam would be asked to modify the trust object.
* Use getent admin@domain for nss check in ipa-client-installTomas Babej2013-09-201-2/+2
| | | | | | | | Use 'getent admin@domain' rather than 'getent admin@REALM' to check if nss is working properly since admin@REALM check fails in case the domain and the realm name does not match. https://fedorahosted.org/freeipa/ticket/3906
* Fix -Wformat-security warningsKrzysztof Klimonda2013-09-162-7/+7
|
* Don't exclude symlinks when loading pluginsNick Hatch2013-09-161-1/+1
|
* Don't search platform pathTimo Aaltonen2013-09-161-1/+1
| | | | Don't use Python.h from the platform specific path
* Use /usr/bin/python as fallback python pathTimo Aaltonen2013-09-161-1/+1
|
* Fix redirection on deletion of last dns record entryPetr Vobornik2013-09-162-2/+21
| | | | https://fedorahosted.org/freeipa/ticket/3907
* Follow tmpfiles.d packaging guidelinesAna Krivokapic2013-09-161-3/+6
| | | | https://fedorahosted.org/freeipa/ticket/3881
* Do not show unexpected error in ipa-ldap-updaterAna Krivokapic2013-09-161-0/+2
| | | | | | | Prevent showing of unfriendly "Unexpected error" message, when providing incorrect DM password to ipa-ldap-updater. https://fedorahosted.org/freeipa/ticket/3825
* Add Delegation Info to MS-PACSimo Sorce2013-09-131-2/+160
| | | | https://fedorahosted.org/freeipa/ticket/3442
* Fix nsslapdPlugin object class after initial replication.Jan Cholasta2013-09-104-11/+13
| | | | | | This is a workaround for <https://fedorahosted.org/389/ticket/47490>. https://fedorahosted.org/freeipa/ticket/3915
* Do not crash if DS is down during server uninstallAna Krivokapic2013-09-091-23/+41
| | | | | | | | DS is contacted during server uninstallation, in order to obtain information about replication agreements. If DS is unavailable, warn and continue with uninstallation. https://fedorahosted.org/freeipa/ticket/3867
* Fix invocations of FileError in ipa-client-installAna Krivokapic2013-09-091-10/+12
| | | | | | | | Some of the FileErrors in ipa-client-install were raised incorrectly (without the 'reason' argument), which resulted in bad error messages during ipa-client-install. https://fedorahosted.org/freeipa/ticket/3758
* Replace ntpdate calls with ntpdAna Krivokapic2013-09-091-14/+12
| | | | | | | Due to the upcoming deprecation of the ntpdate program (targeted for Fedora 20), replace ntpdate calls with ntpd. https://fedorahosted.org/freeipa/ticket/3797
* Make make-lint compatible with Pylint 1.0Petr Viktorin2013-09-061-4/+17
| | | | | | | | | | | | | Pylint 1.0 was released[0] and it brings some incompatibilities, as well as a bug[1] that's triggered by FreeIPA code. This patch updates make-lint to be compatible with Pylint 1.0, while keeping support for version 0.26. [0] http://www.logilab.org/blogentry/163292 [1] https://bitbucket.org/logilab/pylint/issue/47 Ticket: https://fedorahosted.org/freeipa/ticket/3865
* Remove __all__ specifications in ipaclient and ipaserver.installPetr Viktorin2013-09-062-5/+0
| | | | | | | | | | | The __all__ list does not cause submodules to be imported, e.g. one would still have to `import ipaclient.ipachangeconf` rather than just `import ipaclient` to use `ipaclient.ipachangeconf`. Even if they did do anything, the lists were incomplete, and (since `import *` is not used on these modules) unnecessary. Pylint 1.0 reports undeclared names in __all__ as a warning.
* Add timestamps to named debug logs in /var/named/data/named.runPetr Spacek2013-09-061-0/+1
|
* Add option to ipa-client-install to configure automountAna Krivokapic2013-09-052-1/+32
| | | | | | | Add the --automount-location option to ipa-client-install. If the option is used, ipa-client-automount is called at the end of ipa-client-install. https://fedorahosted.org/freeipa/ticket/3740
* Fix RUV search scope in ipa-replica-managePetr Vobornik2013-09-042-1/+11
| | | | | | | | The search had an incorrect scope and therefore it didn't find any RUV. This issue prevented removing of replica. https://fedorahosted.org/freeipa/ticket/3876
* Add warning when uninstalling active replicaAna Krivokapic2013-09-041-5/+31
| | | | | | | Add a warning when trying to uninstall a replica that has active replication agreements. https://fedorahosted.org/freeipa/ticket/3867
* Create DS user and group during ipa-restoreAna Krivokapic2013-09-024-52/+59
| | | | | | | ipa-restore would fail if DS user did not exist. Check for presence of DS user and group and create them if needed. https://fedorahosted.org/freeipa/ticket/3856
* Add integration tests for forced client re-enrollmentAna Krivokapic2013-09-021-0/+278
| | | | | | | Add integration tests for the forced client re-enrollment feature: http://www.freeipa.org/page/V3/Forced_client_re-enrollment#Test_Plan https://fedorahosted.org/freeipa/ticket/3832
* EXTDOM: Do not overwrite domain_name for INP_SIDJakub Hrozek2013-08-291-2/+0
|
* CLDAP: make sure an empty reply is returned on any errorSumit Bose2013-08-291-1/+2
| | | | | | If ipa_cldap_decode() reply is not initialized. Fixes https://fedorahosted.org/freeipa/ticket/3885
* Re-order NULL check in ipa_lockout.Rob Crittenden2013-08-291-2/+1
| | | | | | | | There is no risk of crash here as slapi_valueset_first_value() can handle the case where the valueset is NULL, but there is no point in calling that if we know there are no values. https://fedorahosted.org/freeipa/ticket/3880
* Add man pages for testing toolsPetr Viktorin2013-08-298-1/+405
| | | | | | Add man pages for ipa-run-tests, ipa-test-task, and ipa-test-config. https://fedorahosted.org/freeipa/ticket/3855 (part 5)
generated by cgit (git 2.34.1) at 2025-09-03 20:52:12 +0000