| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
cert-request supports adding service principals that don't exist.
If add is requested for other principal types, the error message
just says "the principal doesn't exist".
Add a new error type with better error message to explain that 'add'
is not supported for host or user principals.
Fixes: https://fedorahosted.org/freeipa/ticket/5991
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple issues fixed:
- when untracking a certificate, the path to the NSS directory must be
exactly identical (no trailing /), otherwise the request is not found
and the old certificate is still tracked.
- when a cert is issued by a 3rd party CA, no need to track it
- the server_cert should not be found using cdb.find_server_certs()[0][0]
because this function can return multiple server certificates. For
instance, /etc/httpd/alias contains ipaCert, Server-Cert and Signing-Cert
with the trust flags u,u,u. This leads to trying to track ipaCert (which is
already tracked).
The workaround is looking for server certs before and after the import,
and extract server-cert as the certificate in the second list but not in the
first list.
https://fedorahosted.org/freeipa/ticket/4785
https://fedorahosted.org/freeipa/ticket/4786
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Some imports were not possible in old versions of IPA. This caused
import exceptions on the script start.
https://fedorahosted.org/freeipa/ticket/6003
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
| |
WebUI counterpart of: https://fedorahosted.org/freeipa/ticket/5588
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/5588
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The confirmation of revoke and remove the certificate hold action is simplier
and more consistent with another parts of WebUI.
Part of: https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the installer did not reinitialize resolver so queries for
records created using --ip-address option might not be answered. This led
to incorrect results during 'Updating DNS system records' phase at the
end of installation.
This is kind of hack but right now we do not have enough time to extend
python-dns's interface with resolver_reinit() method.
https://fedorahosted.org/freeipa/ticket/5962
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the default context rather the server context for code not running
inside the server.
This prevents the affected code from attempting to initialize the session
manager.
https://fedorahosted.org/freeipa/ticket/5988
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not initialize the plugins for all in-server API instances, as they are
used only in the server context.
This prevents code using in-server API instances from attempting to
initialize the session manager.
https://fedorahosted.org/freeipa/ticket/5988
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Removes the side effect of attempting to connect to memcached when the
session module is imported, which caused user visible warnings and/or
SELinux AVC denials.
https://fedorahosted.org/freeipa/ticket/5988
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The module is used only on the server, so there's no need to have it in
ipalib, which is shared by client and server.
https://fedorahosted.org/freeipa/ticket/5988
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Strings which are used by widget which shows authentication indicators were moved.
Therefore the change in string paths.
Part of: https://fedorahosted.org/freeipa/ticket/5872
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Also move strings which are connected with authentication indicators to authtype dict.
This place is more general than have them in service dict. It's nicer when these strings are
not used only on service page.
Part of: https://fedorahosted.org/freeipa/ticket/5872
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/433
Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
It is hard to translate whole dosctring again and again aftear each
minor change. This split will make life for translators easier. (Just note: dosctring was
changed and that is the reason why I'm sending this, because translators
must translate it again anyway)
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
|
|
|
|
|
|
|
| |
The incorrect api was used, and CA record updated was duplicated.
https://fedorahosted.org/freeipa/ticket/5966
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
|
| |
Test ipatests/test_ipalib/test_frontend.py::test_Command::test_validate fails due to attributes that are no longer present, therefore assertion for these values was removed.
https://fedorahosted.org/freeipa/ticket/5987
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test fails were caused mainly by assertion between unicode and nonunicode string, or due to changes in code related to thin client.
Fixes:
test_Command::test_default_from_chaining
test_Command::test_args_options_2_params
test_Command::test_params_2_args_options
test_Command::test_validate_output_per_type
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
|
|
|
|
|
|
|
| |
Since DNS configuration is no longer needed for running trust tests, this method's contents are removed. Method is left empty as reference for others, should they have issues with DNS configuration.
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
|
|
|
|
|
|
|
|
|
| |
If the version of the remote server is higher than the local version, don't
allow installing a replica of it.
https://fedorahosted.org/freeipa/ticket/5983
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Use in-server API so that the commands don't try to fetch API schema and
fail.
https://fedorahosted.org/freeipa/ticket/5995
Reviewed-By: Milan Kubik <mkubik@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The previous fix in commit a77e21cbca05be422fe5826857cfba7e0ba6e71f made
some Bool arguments appear as Flag on the client. This change fixes that.
https://fedorahosted.org/freeipa/ticket/6009
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
| |
Add possibility to add, remove, view, get and download custom certificates on ID override user page.
https://fedorahosted.org/freeipa/ticket/5926
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
| |
Some strings in the testsuite are unicode which wasn't reflected in the tests. This patch fixes the problem by changing concerned strings to unicode.
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
|
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/5905
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5761
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Add general class for multivalued widget which uses special commands which
are performed immediately.
Part of: https://fedorahosted.org/freeipa/ticket/5108
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
All certificates which are not issued by IPA CA are grey and not clickable. That's
because these certificates are not maintained by IPA CA.
Part of: https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
and add support for adapters.
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The certificate widget is used for each certificate in certs_widget. It allows to
view, get, download, revoke and restore certificate.
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Certs widget is based on multivalued widget and adds ability to add new certificate
and delete it. Each line is cert_widget.
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
| |
These two actions are not available any more. So that code is never called.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Method calling in actions is moved to another function - these calls may be used
by another functions, not only by actions.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Removed old layout created using html tables. Now table layout is made by div
and modern css styling.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Object adapter changes data to more useful format. Single value is reachable
as single value, property with more values is transformed to array.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
By specifying correct attribute when creating command it turn off showing activity icon
when webui waits for response from the server.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This widget can be used as notification that some other widget is working.
It shows spinner and cover the other widget by specified color.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Adds methods which are able to enable and disable options according to the name of option
and methods which set or get whole item list.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Every single widget which is in multivalued widget can now have custom action menu
and the delete button is included in this custom action menu.
Part of this ticket:
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Command cert-find with parameter sizelimit set to 0 no longer returns 0
certificates but returns all.
More precise ConversionError is returned when parameter is not
convertible to its type.
https://fedorahosted.org/freeipa/ticket/5381
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we were checking content of DNS before actually adding DNS
records for replicas. This is causing cycle in logic and adds weird
corner cases to the installer which can blow up on DNS timeout or so.
The check was completely unnecessary because the installer knows IP
addresses and name of the machine. Removal of the check makes
the installer more reliable.
https://fedorahosted.org/freeipa/ticket/5962
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes scenarios where IPA server is not able to resolve own name
and option --ip-address was not specified by the user.
This partially reverts changes from commit
dc405005f537cf278fd6ddfe6b87060bd13d9a67
https://fedorahosted.org/freeipa/ticket/5962
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5962
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The LDAP*ReverseMember methods would always return the whole LDAP
object even though --all is not specified.
Also had to fix some tests as objectClass will not be returned by
default now.
https://fedorahosted.org/freeipa/ticket/5892
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
| |
While the code was really dead, it should serve a purpose elsewhere.
This reverts commit c56d65b064e1e0410c03cf1206816cad4d8d86cc.
https://fedorahosted.org/freeipa/ticket/5892
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
| |
Fix Flag arguments appearing as Bool on the client.
https://fedorahosted.org/freeipa/ticket/6009
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'issuer' option of cert-find was recently changed from Str to
DNParam, however, 'ra.find' expects a string and throws when it
receives a DN.
When constructing the dict that gets passed to 'ra.find', turn
DNParams into strings.
Part of: https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|