.git, branch copyright Unnamed repository; edit this file 'description' to name the repository. Update Copyright header point to COPYING file 2015-05-08T14:49:25+00:00 Rob Crittenden rcritten@redhat.com 2015-05-08T02:40:19+00:00 4817bb13610e44ddefbb0f0c88643f0263d7d2d9 Point to a file containing the license rather than including it in every single source file. This will make it easier to manage the license in the future without another humongous commit. https://fedorahosted.org/ipsilon/ticket/126 Signed-off-by: Rob Crittenden <rcritten@redhat.com> 
Point to a file containing the license rather than including
it in every single source file. This will make it easier to
manage the license in the future without another humongous
commit.

https://fedorahosted.org/ipsilon/ticket/126

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Add db.conn.log option to suppress sql logs by default 2015-05-07T20:08:04+00:00 Rob Crittenden rcritten@redhat.com 2015-05-07T19:51:23+00:00 abcefb0f2eece549371f951b58144188d2ac9307 The Store logging is quite verbose with a flurry of init and destroy messages with each session. Setting db.conn.log to False (default) will suppress these. If one needs to do connection tracing it can be enabled. Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
The Store logging is quite verbose with a flurry of
init and destroy messages with each session. Setting
db.conn.log to False (default) will suppress these. If one
needs to do connection tracing it can be enabled.

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Fix ownership of config and state directories 2015-05-07T19:36:09+00:00 Nathan Kinder nkinder@redhat.com 2015-05-07T17:59:30+00:00 9520939c3f3bc4c292238dcf28f3e66a9b8201bc The recent RPM package restructing introduced some problems with the ownership of /etc/ipsilon and /var/lib/ipsilon. These were previously owned by the 'ipsilon' user, but the changes resulted in the ownership being set as root since the 'ipsilon' user was not yet created when the directories were installed. While discussing this problem, it was determined that we should have the ownership of these directories be root, but allow other users to traverse through them so they can access subdirectories that they have permissions on. Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
The recent RPM package restructing introduced some problems with
the ownership of /etc/ipsilon and /var/lib/ipsilon.  These were
previously owned by the 'ipsilon' user, but the changes resulted
in the ownership being set as root since the 'ipsilon' user was
not yet created when the directories were installed.

While discussing this problem, it was determined that we should
have the ownership of these directories be root, but allow other
users to traverse through them so they can access subdirectories
that they have permissions on.

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
pylint 1.4.3 version fixes 2015-05-07T18:44:20+00:00 Simo Sorce simo@redhat.com 2015-05-07T16:33:40+00:00 1bcc0d697dd37a9268641f0cbaa7e9e781552233 Pylint 1.4.3 completely stopped recognizing the star-args condition. In order to avoid pylint error with > 1.4.3 stop caring for star-args and add cmdline option to ignore those errors completly so older pylint versions are happy too. Also fix type() vs isinstance() checks, isinstance is generally a more correct approach to check for classes. In some 'admin' files the type() -> isinstance() fix required to invert the order in which ComplexList and MappingList are checked as the latter is a subclass of ComplexList, so it needs to be checked first otherwise the check for isinstance(option, ComplexList) matches for both and the code stops functioning properly. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
Pylint 1.4.3 completely stopped recognizing the star-args condition.
In order to avoid pylint error with > 1.4.3 stop caring for star-args
and add cmdline option to ignore those errors completly so older pylint
versions are happy too.

Also fix type() vs isinstance() checks, isinstance is generally a more
correct approach to check for classes.

In some 'admin' files the type() -> isinstance() fix required to invert
the order in which ComplexList and MappingList are checked as the latter
is a subclass of ComplexList, so it needs to be checked first otherwise
the check for isinstance(option, ComplexList) matches for both and the
code stops functioning properly.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Pull the GSSAPI principal out of the userattrs 2015-05-07T14:50:12+00:00 Rob Crittenden rcritten@redhat.com 2015-05-05T16:37:31+00:00 93d4e52712767fe955f3a44a60a6c6f0f909423b This was originally getting the principal from the user object itself which meant it was looking for it in the database. Look in the attributes instead which are stored in the user session. Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
This was originally getting the principal from the
user object itself which meant it was looking for
it in the database. Look in the attributes instead
which are stored in the user session.

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Enable Kerberos NameID testing in testnameid 2015-05-07T14:44:51+00:00 Rob Crittenden rcritten@redhat.com 2015-05-05T15:27:14+00:00 dfa2d200b460cc852ec10a8780fe3966dc0d5906 Since there is now an easy way to stand up a KDC in the tests go ahead and enable it so the Kerberos NameID can be tested. Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Since there is now an easy way to stand up a KDC in the
tests go ahead and enable it so the Kerberos NameID can be
tested.

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Configure a KDC, add test for GSSAPI/Kerberos 2015-05-07T14:44:45+00:00 Rob Crittenden rcritten@redhat.com 2015-04-28T14:52:55+00:00 b34a4553cf8c60453fbef245d7d844a30339c734 Using nss_wrappers so we can control host names we can setup a KDC and test GSSAPI, including fallback to forms-based auth. This also means that fetch_page() needs to handle 401 a bit better, so it can re-try a failed authentication or fall back to forms-based auth. Note for posterity: if gss_localname() fails this is likely due to using the wrong krb5.conf in Apache, so pass in all environment variables. The KDC setup code was based heavily on the tests in the gssproxy project. https://fedorahosted.org/ipsilon/ticket/116 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Using nss_wrappers so we can control host names we can
setup a KDC and test GSSAPI, including fallback to
forms-based auth.

This also means that fetch_page() needs to handle 401
a bit better, so it can re-try a failed authentication or
fall back to forms-based auth.

Note for posterity: if gss_localname() fails this is likely
due to using the wrong krb5.conf in Apache, so pass in all
environment variables.

The KDC setup code was based heavily on the tests in the
gssproxy project.

https://fedorahosted.org/ipsilon/ticket/116

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Use python logging in install / log cherrypy at right severity 2015-05-07T14:44:23+00:00 Rob Crittenden rcritten@redhat.com 2015-04-21T22:19:17+00:00 aa5dc3b417db962a075a092d0d3528010c1059f7 This replaces the print statements in the installer code with a python logger so we can log all output to the installer log and a subset of it to stdout in one step without duplication. The cherrypy.log.error() logs to the "error" log at a severity of logging.INFO by default. Set an appropriate log level for these as well. https://fedorahosted.org/ipsilon/ticket/35 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
This replaces the print statements in the installer code with
a python logger so we can log all output to the installer log
and a subset of it to stdout in one step without duplication.

The cherrypy.log.error() logs to the "error" log at a severity
of logging.INFO by default. Set an appropriate log level for
these as well.

https://fedorahosted.org/ipsilon/ticket/35

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Remove unnecessary lines from infoldap plugin 2015-05-07T14:44:22+00:00 Rob Crittenden rcritten@redhat.com 2015-05-06T15:35:50+00:00 1e2cb84b570cfaa5d2de9d5830a752100cac236c These three lines were ostensibly storing various elements of configuration but were in fact creating a new dict each time, wiping out all previous elements. Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
These three lines were ostensibly storing various elements
of configuration but were in fact creating a new dict
each time, wiping out all previous elements.

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
SSSD info plugin is immutable if not preconfigured 2015-05-06T19:18:31+00:00 Simo Sorce simo@redhat.com 2015-05-06T15:47:46+00:00 e6a3656ab71faea8669af50ceeaf4d9a91fe0142 The SSSD info plugin configures SSSD and modules in Apache as root during installation. This cannot be done in the UI so we must not allow users to modify the state if it was not "preconfigured" during install. If it has been configured then users are allowed to enable/disable the plugin. This is controlled by a value stored in the info_config table, preconfigured. The plugin configuration is hidden from the UI by overridding the get_config_object() method. https://fedorahosted.org/ipsilon/ticket/111 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
The SSSD info plugin configures SSSD and modules in
Apache as root during installation. This cannot be
done in the UI so we must not allow users to modify
the state if it was not "preconfigured" during
install.

If it has been configured then users are allowed
to enable/disable the plugin.

This is controlled by a value stored in the
info_config table, preconfigured.

The plugin configuration is hidden from the UI by
overridding the get_config_object() method.

https://fedorahosted.org/ipsilon/ticket/111

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>