summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* test_cert_plugin: Encode 'certificate' for comparison with 'usercertificate'Petr Viktorin2016-05-101-2/+2
| | | | | | | | | The 'certificate' option is Str, but 'usercertificate' is Bytes. Decode before comparing one with the other. Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipalib.cli: Improve reporting of binary values in the CLIPetr Viktorin2016-05-101-2/+3
| | | | | | | | | Make sure the base64-encoded value is a string, so it is printed without the b'' markers. Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix remaining relative import and enable Pylint checkPetr Viktorin2016-05-102-2/+1
| | | | | | | | Relative imports are not supported in Python 3. Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNS: Fix upgrade - master to forward zone transformationPetr Spacek2016-05-101-1/+3
| | | | | | | | | | | | | | | This happens when upgrading from IPA <= 4.0 to versions 4.3+. DNS caching might cause false positive in code which replaces master zone with forward zone. This will effectivelly delete the master zone without adding a replacement forward zone. Solution is to use skip_overlap_check option for dnsforwardzone_add command so zone existence check is skipped and the upgrade can proceed. https://fedorahosted.org/freeipa/ticket/5851 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Removed custom implementation of CalledProcessErrorAbhijeet Kasurde2016-05-101-15/+2
| | | | | | | | | | Removed custom class of CalledProcessError which was required for Python versions prior to 2.5 Fixes: https://fedorahosted.org/freeipa/ticket/5717 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* make: fail when ACI.txt or API.txt differs from values in source codeMartin Basti2016-05-061-1/+1
| | | | | | | | This regression was caused by commit 6acaf73b0c6f7301d5a5d4292a4f9926cc370867 before this commit make rpms failed when API.txt did not match api https://fedorahosted.org/freeipa/ticket/5865 Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* Switch /usr/bin/ipa to Python 3Petr Viktorin2016-05-062-1/+12
| | | | | | | | | | | | | When building RPMs with Python 3 support, /usr/bin/ipa will now use Python 3. The in-tree ipa command will also run on Python 3. When building with make install, $(PYTHON) is honored and it will still default to Python 2. Part of the work for https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* idviews: Add user certificate attribute to user ID overridesTomas Babej2016-05-065-8/+109
| | | | | | https://fedorahosted.org/freeipa/ticket/4955 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix added to ipa-compat-manage command line helpAbhijeet Kasurde2016-05-051-3/+3
| | | | | | | Minor fix in ipa-compat-manage command help message. Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* test_add_remove_cert_cmd: Use bytes for base64.b64encode()Petr Viktorin2016-05-051-1/+1
| | | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* certprofile plugin: Use binary mode for file with binary dataPetr Viktorin2016-05-051-1/+1
| | | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* radiusproxy plugin tests: Expect bytes, not text, for ipatokenradiussecretPetr Viktorin2016-05-051-2/+3
| | | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* range plugin tests: Use bytes with MockLDAP under Python 3Petr Viktorin2016-05-051-20/+28
| | | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipalib.rpc: Send base64-encoded data as string under Python 3Petr Viktorin2016-05-051-1/+4
| | | | | | | | | | Python 3's JSON library cannot deal with bytes, so decode base64-encoded data to string. Part of the work for https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* xmlrpc_test: Expect bytes rather than strings for binary attributesPetr Viktorin2016-05-053-8/+8
| | | | | | | | | | The attributes krbextradata, krbprincipalkey, and userpassword contain binary data. Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* radiusproxy plugin: Use str(error) rather than error.messagePetr Viktorin2016-05-051-1/+1
| | | | | | | | | | In Python 3, the "message" attribute has been removed in favor of calling str() on the error. Part of the work for https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* xmlrpc_test: Rename exception instance before working with itPetr Viktorin2016-05-051-8/+9
| | | | | | | | | | | | Python 3 unsets the exception variable at the end of an "except" block to prevent reference cycles and speed up garbage collection. Store the exception under a different name in order to use it later. Part of the work for https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* test_xmlrpc: Use absolute importsPetr Viktorin2016-05-052-6/+6
| | | | | | | | | | In Python 3, a module from the current package can be imported either with the absolute name or by using an explicit relative import. Part of the work for https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* fix stageuser tests (removal of has_keytab and has_password from find)Martin Basti2016-05-051-2/+5
| | | | | | | | | User tests has been fixed, but stageuser tests was forgotten, this commit fixes it. https://fedorahosted.org/freeipa/ticket/5281 Reviewed-By: David Kupka <dkupka@redhat.com>
* Updated ipa command man pageAbhijeet Kasurde2016-05-031-7/+3
| | | | | | | | | Updated references and ipa command example in IPA man page https://fedorahosted.org/freeipa/ticket/5871 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Test fix: Cleanup for host certificateLenka Doudova2016-05-032-1/+17
| | | | | | | This fix provides means to remove certificates from host that were added during tests, but not removed. Ticket: https://fedorahosted.org/freeipa/ticket/5839 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa_kdb: add krbPrincipalAuthInd handlingMatt Rogers2016-05-022-2/+174
| | | | | | | | | | Store and retrieve the authentication indicator "require_auth" string in the krbPrincipalAuthInd attribute. Skip storing auth indicators to krbExtraData. https://fedorahosted.org/freeipa/ticket/5782 Reviewed-By: Sumit Bose <sbose@redhat.com>
* spec: Add python-sssdconfig dependency for python-ipatests packageMilan KubĂ­k2016-04-291-0/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/5843 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa-nis-manage: mention return code 3 in man pagePetr Spacek2016-04-291-0/+2
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-nis-manage: Replace text references to compat plugin with NISPetr Spacek2016-04-291-2/+2
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* Auto-detect default value for --forward-policy option in installersPetr Spacek2016-04-286-5/+25
| | | | | | | | | | | | | Forward policy defaults to 'first' if no IP address belonging to a private or reserved ranges is detected on local interfaces (RFC 6303). Defaults to only if a private IP address is detected. This prevents problems with BIND automatic empty zones because conflicting zones cannot be disabled unless forwarding policy == only. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add function ipapython.dnsutil.inside_auto_empty_zone()Petr Spacek2016-04-281-0/+25
| | | | | | | | It allows to test if given DNS name belongs to an automatic empty zone. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use shared sanity check and tests ipapython.dnsutil.is_auto_empty_zone()Petr Spacek2016-04-281-2/+14
| | | | | | https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Move function is_auto_empty_zone() into ipapython.dnsutilPetr Spacek2016-04-282-7/+7
| | | | | | | | | | I'm going to extend this so it is better to have it in module. At the same time it is now using shared assert_absolute_dnsname() helper. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add assert_absolute_dnsname() helper to ipapython.dnsutilPetr Spacek2016-04-281-0/+19
| | | | | | | | | Sanity check for zone names and such should be the same everywhere. This new function will be a replacement for ad-hoc checks. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Move automatic empty zone list into ipapython.dnsutil and make it reusablePetr Spacek2016-04-282-53/+60
| | | | | | https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Extend installers with --forward-policy optionPetr Spacek2016-04-289-7/+32
| | | | | | | | | This option specified forward policy for global forwarders. The value is put inside /etc/named.conf. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove function ipapython.ipautil.host_exists()Petr Spacek2016-04-282-18/+8
| | | | | | | The function duplicated ipalib.util.verify_host_resolvable() in slightly incompatible way because it used NSS while rest of IPA is using only DNS. Reviewed-By: Martin Basti <mbasti@redhat.com>
* Moved password check from clean_dangling_ruvStanislav Laznicka2016-04-281-10/+2
| | | | | | | | The proper password check is now done elsewhere https://fedorahosted.org/freeipa/ticket/4987 Reviewed-By: Martin Basti <mbasti@redhat.com>
* abort-clean/list/clean-ruv now work for both suffixesStanislav Laznicka2016-04-282-29/+100
| | | | | | | | | | The rid passed to abort-clean-ruv and clean-ruv is now searched for in both ipaca and domain trees as well as list-ruv now displays both RUVs and CS-RUVs https://fedorahosted.org/freeipa/ticket/4987 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-replica-manage refactoringStanislav Laznicka2016-04-281-28/+38
| | | | | | | | | | | get_ruv does not call sys.exit anymore, instead it raises RuntimeError for better error handling Also removed duplicit code from abort_clean_ruv https://fedorahosted.org/freeipa/ticket/4987 Reviewed-By: Martin Basti <mbasti@redhat.com>
* replica-manage: fail nicely when DM psswd requiredStanislav Laznicka2016-04-281-1/+5
| | | | | | | | | Some commands do not allow anonymous bind and would fail with misleading message. https://fedorahosted.org/freeipa/ticket/4987 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Added fix for notifying user about locked user account in WebUIAbhijeet Kasurde2016-04-284-2/+24
| | | | | | | | | | | | User in now notified about "Locked User account" message instead of "The password or username you entered is incorrect" or any generic error message Fixes : https://fedorahosted.org/freeipa/ticket/5076 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* sysrestore: Iterate over a list of dict keysPetr Viktorin2016-04-281-1/+1
| | | | | | | | | | | In Python 3, dict.keys() returns a key view. It is not safe to delete dict keys when iterating over this view. Convert the keys to list first. Part of the work for https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com>
* dns plugin: Fix zone normalization under Python 3Petr Viktorin2016-04-281-1/+3
| | | | | | | | | | | | | | In Python 3, str.encode('ascii') converts to bytes, and str() (nicknamed unicode() in IPA) returns the string representation of an object, which is b'...' for bytes. So, unicode('...'.encode('ascii')) results in "b'...'". Change the code to only call encode() for the error. Part of the work for https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Makefile: replace perl with sedPetr Spacek2016-04-281-6/+6
| | | | | | | Perl was missing in BuildRequires anyway and it is used only on one place, all other places are using sed. Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* Added warning to user for Internet ExplorerAbhijeet Kasurde2016-04-281-0/+1
| | | | | | | | | | | As Internet Explorer is not a supported browser anymore, browser Kerberos configuration page shows warning to user about the same. Fixes : https://fedorahosted.org/freeipa/ticket/5656 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Tasks: raise NotImplementedError for not implemented methodsMartin Basti2016-04-261-15/+15
| | | | | | | | | | | | Is safer to raise error than trying to find what is wrong with method that is not correctly overriden The new method set_hostname has been added which should be overriden on other platforms. https://fedorahosted.org/freeipa/ticket/5794 Reviewed-By: David Kupka <dkupka@redhat.com>
* Log errors from backup_and_replace hostname to loggerMartin Basti2016-04-261-2/+5
| | | | | | | | Without logging errors to logger is hard to debug issue from logfile. https://fedorahosted.org/freeipa/ticket/5794 Reviewed-By: David Kupka <dkupka@redhat.com>
* Remove unused hostname variablesMartin Basti2016-04-261-3/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/5794 Reviewed-By: David Kupka <dkupka@redhat.com>
* Remove deprecated hostname restoration from Fedora18Martin Basti2016-04-263-14/+1
| | | | | | | | This is not needed on new Fedora, because restore will not be effective. https://fedorahosted.org/freeipa/ticket/5794 Reviewed-By: David Kupka <dkupka@redhat.com>
* Always set hostnameMartin Basti2016-04-266-64/+36
| | | | | | | | | | | This prevents cases when hostname on system is set inconsistently (transient and static hostname differs) and may cause IPA errors. This commit ensures that all hostnames are set properly. https://fedorahosted.org/freeipa/ticket/5794 Reviewed-By: David Kupka <dkupka@redhat.com>
* Do not do extra search for ipasshpubkey to generate fingerprintsMartin Basti2016-04-266-35/+115
| | | | | | | | | | | | | | | | | | | | Host, user and idview commands do unnnecessary extra search for ipasshpubkey attribute to generate fingerprints. Note: Host and user plugins shows ipasshpubkey only when the attribute is changed, idviews show ipasshpubkey always. This behavior has been kept by this commit. common_pre/post_callbacks were fixed in [base|stage]user modules. common_callbacks requires the same arguments as pre/post_callbacks now (except baseuser_find.post_common_callback) Note2: in *-add commands there is no need for managing ipasshpubkey as this attribute should be shown always there. https://fedorahosted.org/freeipa/ticket/3376 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Performace: don't download password attributes in host/user-findMartin Basti2016-04-225-11/+11
| | | | | | | | | | | | For each entry in user/host-find was executed an extra search for password attributes what has significant impact on performance (for 2000 users there were 2000 additional searches) http://www.freeipa.org/page/V4/Performance_Improvements https://fedorahosted.org/freeipa/ticket/5281 Reviewed-By: David Kupka <dkupka@redhat.com>
* BUILD: Remove detection of libcheckLukas Slebodnik2016-04-222-12/+1
| | | | | | | | | | The unit test framework check has not been used in freeipa for long time (if ever) but there was still conditional check for this framework. It just produced confusing warning: Without the 'CHECK' library, you will be unable to run all tests in the 'make check' suite Reviewed-By: Petr Spacek <pspacek@redhat.com>
generated by cgit (git 2.34.1) at 2024-07-02 16:44:27 +0000