summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Pylint: remove unnecessary-semicolonMartin Basti2016-03-227-9/+8
| | | | | Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* Pylint: import max one module per lineMartin Basti2016-03-227-7/+12
| | | | | Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* Pylint: use list comprehension instead of iterationMartin Basti2016-03-222-5/+1
| | | | | | | | | Iteration over indexes without calling enumeration fuction is not pythonic and should not be used. In this case iteration can be replaced by list comprehension. Fixing this allows to enable pylint consider-using-enumerate check. Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* Pylint: enable reimported checkMartin Basti2016-03-228-12/+3
| | | | | | | Fixes current reimports and enables pylint check for them Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* Pylint: enable pointless-except checkMartin Basti2016-03-221-1/+0
| | | | | | | | This check can be enabled, there is no errors in current code, and it should stay in that way. Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* Pylint: fix definition of global variablesMartin Basti2016-03-224-8/+8
| | | | | | | | | | Global variables should be defined in the outer space, not just marked as global inside functions. Removes unused global variables Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* pylint: remove bare exceptMartin Basti2016-03-2225-57/+51
| | | | | | | Bare except should not be used. Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* spec: require python-cryptography newer than 0.9Martin Babinsky2016-03-211-2/+2
| | | | | | | | | | | When generating keys for custodia service, the key material is stored in python-cryptography's OpenSSL backend encoded as DER. This only works in python-cryptography 0.9 and newer so we need to make sure this version pulled in during RPM build and install. https://fedorahosted.org/freeipa/ticket/5744 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DS deadlock when memberof scopes topology plugin updatesThierry Bordaz2016-03-181-0/+2
| | | | | | | | | | | | | | | | | Topology plugin may merge (aka DEL) segments that would trigger internal search for groups owning that segment. The problem is that it is searching those groups into the full suffix and so need the schema compat map lock. If any other operation holding schema compat map lock need to access the page involved in the DEL, there is a deadlock. This fix is to prevent useless group searching if the target entry is a segment or is in compat tree. https://fedorahosted.org/freeipa/ticket/5637 Reviewed-By: Martin Basti <mbasti@redhat.com>
* sudo: Fix a typo in the --help output of sudocmdgroupJakub Hrozek2016-03-181-2/+2
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* spec: add conflict with bind-chroot to freeipa-server-dnsMartin Babinsky2016-03-181-0/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/5696 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* client: enable ChallengeResponseAuthentication in sshd_configMartin Basti2016-03-181-0/+1
| | | | | | | | | | | | In order to enable SSSD smart prompting and allow it to ask for 1FA and 2FA separately, ChallengeResponseAuthentication should be set to yes. This change will enable better processing of the 2FA value and it will also enable other features, like allow SSSD to make the 2FA option in some cases and have a way of informing user that 2FA is optional. https://fedorahosted.org/freeipa/ticket/5703 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* spec: Add missing dependencies to python*-ipalib packageMartin Basti2016-03-181-0/+8
| | | | | | | | | Standalone instalation of python*-ipalib packages does not pull all required packages and results into import errors. https://fedorahosted.org/freeipa/ticket/5680 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix broken trust warningsMartin Basti2016-03-161-1/+3
| | | | | | | | Warning should be shown only for parent entries of trust domain. Subdomains do not contain ipaNTSecurityIdentifier attribute at all. https://fedorahosted.org/freeipa/ticket/5737 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* certdb: never use the -r option of certutilJan Cholasta2016-03-161-10/+8
| | | | | | | | | | | | | | | The -r option makes certutil output certificates in DER. If there are multiple certificates sharing the same nickname, certutil will output them concatenated into a single blob. The blob is not a valid DER anymore and causes failures further in the code. Use the -a option instead to output the certificates in PEM and convert them to DER on demand. https://fedorahosted.org/freeipa/ticket/5117 https://fedorahosted.org/freeipa/ticket/5720 Reviewed-By: David Kupka <dkupka@redhat.com>
* Use platform path constant for SSSD log dirMartin Basti2016-03-162-1/+2
| | | | | | | The path to SSSD log directory is platform specific and should be in ipaplatform module. Reviewed-By: David Kupka <dkupka@redhat.com>
* Remove redundant parameters from CS.cfg in dogtaginstanceMartin Basti2016-03-161-8/+0
| | | | | | | | | | Bind DN is not used for client certificate authentication so they can be safely removed. https://fedorahosted.org/freeipa/ticket/5298 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* stageuser-activate: Normalize manager valueMartin Basti2016-03-161-10/+11
| | | | | | | | | Manager(s) were returned as list od DN, this commit fixes behavior and managers are returned as list of logins. https://fedorahosted.org/freeipa/ticket/5481 Reviewed-By: David Kupka <dkupka@redhat.com>
* only search for Kerberos SRV records when autodiscovery was requestedMartin Babinsky2016-03-141-3/+7
| | | | | | | | | | | When a list of servers is passed to ipa-client-{install,automount} the search of Kerberos and LDAP SRV records should be suppressed and the specified hostnames used directly as LDAP servers/KDCs. We thus should not performed search for KDCs when the autodiscovery was actually not requested. https://fedorahosted.org/freeipa/ticket/4305 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Workaround for ticket 5627Oleg Fayans2016-03-111-0/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/5723 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Made apply_common_fixes call at replica installation independent on domain_levelOleg Fayans2016-03-111-2/+2
| | | | | | | | | Besides added obligatory domain/realm-specific commandline options to replica installation https://fedorahosted.org/freeipa/ticket/5723 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Removed a constantly failing call to prepare_hostOleg Fayans2016-03-111-3/+0
| | | | | | | | | | | prepare_host is executed from within each of install_master, install_replica and install_client in tasks.py anyway, so no need to call it here also. Besindes this call kept failing when IntegrationTest wes initialized more than once during the test execution. https://fedorahosted.org/freeipa/ticket/5723 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Enabled setting domain level explicitly in test classOleg Fayans2016-03-112-7/+18
| | | | | | | | Needed for replica promotion tests https://fedorahosted.org/freeipa/ticket/5723 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Integration tests for replica promotion featureOleg Fayans2016-03-111-0/+223
| | | | | | | | http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan https://fedorahosted.org/freeipa/ticket/5723 Reviewed-By: Martin Basti <mbasti@redhat.com>
* WebUI test: ID viewsLenka Doudova2016-03-113-7/+184
| | | | | | Provides missing test coverage for ID views web UI. Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* Fix the man page part for shorter sentences, to avoid dual understanding, ↵Jérôme Fenal2016-03-101-13/+13
| | | | | | and punctuation, all spotted while translating to French. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* extdom: do not fail to process error case when no request is specifiedAlexander Bokovoy2016-03-101-1/+1
| | | | | | Coverity CID 13130 Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Add field for group id in user add dialogPavel Vomacka2016-03-102-2/+14
| | | | | | | | | | Add new field in user add dialog. This combo box lists all posix groups so user can choose one. It is also possible to fill a GID number which is not in the list. https://fedorahosted.org/freeipa/ticket/5505 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Nodes stay fixed after initial animation.Pavel Vomacka2016-03-101-0/+16
| | | | | | | | | | There is an animation of nodes layout after first load of graph or adding new node. Then all nodes of the graph are set to the fixed state. The node is set to fixed even after manual turn off of fixed state. https://fedorahosted.org/freeipa/ticket/5649 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add pan and zoom functionality to the topology graphPavel Vomacka2016-03-101-8/+109
| | | | | | | | | | Add zooming and panning functionality to the topology graph. Also the page rememberes the old setting of the graph position and size. So, after refreshing the graph has the same position and size as it had before. https://fedorahosted.org/freeipa/ticket/5502 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* krb5conf: use 'true' instead of 'yes' for forwardable optionMartin Basti2016-03-093-3/+3
| | | | | | | | | 'yes' is also valid value in krb5.conf but we should be consistent and use only 'true' as we do for other options. https://fedorahosted.org/freeipa/ticket/5518 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* SPEC: Remove unused build dependency on libwbclientLukas Slebodnik2016-03-092-2/+1
| | | | | | | | The string "wbclient" is not mentioned anywhere in source code and there isn't any issue with building freeipa packages without this package. Reviewed-By: Sumit Bose <sbose@redhat.com>
* Allow to specify Kerberos authz data type per userSimo Sorce2016-03-092-8/+10
| | | | | | | | | | | | Like for services setting the ipaKrbAuthzData attribute on a user object will allow us to control exactly what authz data is allowed for that user. Setting NONE would allow no authz data, while setting MS-PAC would allow only Active Directory compatible data. Signed-off-by: Simo Sorce <simo@redhat.com> Ticket: https://fedorahosted.org/freeipa/ticket/2579 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa-sam: Do not redefine LDAP_PAGE_SIZELukas Slebodnik2016-03-091-1/+0
| | | | | | | | | | | | | | | | The value of LDAP_PAGE_SIZE was changed in samba-4.4 and it caused warning because it's already defined in samba header files ipa_sam.c:114:0: warning: "LDAP_PAGE_SIZE" redefined #define LDAP_PAGE_SIZE 1024 In file included from /usr/include/samba-4.0/smbldap.h:24:0, from ipa_sam.c:31: /usr/include/samba-4.0/smb_ldap.h:81:0: note: this is the location of the previous definition #define LDAP_PAGE_SIZE 1000 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Configure 389ds with "default" cipher suiteMartin Basti2016-03-092-5/+5
| | | | | | | | | nsSSLCiphers: "default" provides only secure ciphers that should be used when connecting to DS https://fedorahosted.org/freeipa/ticket/5684 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* test_cert_plugin: use only first part of the hostname to construct short nameMartin Babinsky2016-03-081-1/+1
| | | | | | | | | | | The short hostname construction for the negative test case in test_cert_plugin::test_cert_find suite could not work when domain name was different as hostname of the test runner, leading to test failure. A more naive approach works better in this case. https://fedorahosted.org/freeipa/ticket/5688 Reviewed-By: Martin Basti <mbasti@redhat.com>
* CONFIGURE: Replace obsolete macrosLukas Slebodnik2016-03-084-5/+3
| | | | | | | | | The AC_PROG_LIBTOOL macro is obsoleted by since libtool-2.0 which is already in rhel6+ https://fedorahosted.org/FedoraReview/wiki/AutoTools Reviewed-By: Martin Basti <mbasti@redhat.com>
* Allow admins to disable preauth for SPNs.Simo Sorce2016-03-086-10/+32
| | | | | | | | | | | | | | | | Some legacy softare is not able to properly cope with preauthentication, allow the admins to disable the requirement to use preauthentication for all Service Principal Names if they so desire. IPA Users are excluded, for users, which use password of lessere entrpy, preauthentication is always required by default. This setting does NOT override explicit policies set on service principals or in the global policy, it only affects the default. Signed-off-by: Simo Sorce <simo@redhat.com> Ticket: https://fedorahosted.org/freeipa/ticket/3860 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Refactor test_group_plugin, use GroupTracker for testsFilip Skola2016-03-083-1165/+754
| | | | Reviewed-By: Milan Kubik <mkubik@redhat.com>
* Pylint: enable parallelismPetr Spacek2016-03-071-1/+1
| | | | | | | The config file specifies 8 cores but Pylint very quickly ends up with 3 cores so do not worry about overwhelming your system. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipalib: Fix user certificate docstringsTomas Babej2016-03-073-3/+3
| | | | Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* Remove unused arguments from update_ssh_keys methodMartin Basti2016-03-041-2/+4
| | | | | | | First argumet has been unused and can be safely removed, because server is not used for nsupdate anymore Reviewed-By: David Kupka <dkupka@redhat.com>
* fix suspicious except statementsMartin Basti2016-03-042-4/+4
| | | | | | | | | The "except ValueError as UnicodeDecodeError" looks very suspicious. Commit change except to catch both exceptions. https://fedorahosted.org/freeipa/ticket/5718 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* webui: fail nicely if cookies are disabledPetr Vobornik2016-03-031-6/+20
| | | | | | | | | | | Reworks also sessionStorage test because disablement of cookies might be connected with sessionStorage and localStorage. E.g. Chrome raises exception when *Storage is accessed with "Block sites from setting any data" settings set in "Content Settings/Cookies" section. https://fedorahosted.org/freeipa/ticket/4338 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* CI: allow customized DS install test to work with domain levelsMartin Basti2016-03-032-19/+13
| | | | | | | | | Test will use tasks methods instead of custom commands to be able work with domain levels. https://fedorahosted.org/freeipa/ticket/5606 Reviewed-By: Milan Kubik <mkubik@redhat.com>
* l10n: Remove Transifex configurationTomas Babej2016-03-031-8/+0
| | | | | | We're not using Transifex to manage our translations anymore. Reviewed-By: Martin Basti <mbasti@redhat.com>
* adtrustinstance: Make sure smb.conf existsTomas Babej2016-03-031-0/+5
| | | | | | | | | | The 'net' command fails unless smb.conf exists. Touch the file prior to any 'net' call to make sure we do not crash for this very reason. https://fedorahosted.org/freeipa/ticket/5687 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipalib.x809: Accept bytes for make_pemPetr Viktorin2016-03-031-0/+2
| | | | | | Part of the work for https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipapython.sysrestore: Use str methods instead of functions from the string ↵Petr Viktorin2016-03-031-6/+6
| | | | | | | | | | | | | module For historical reasons, the string module contained some functions that mirror methods of the str type. These are eremoved in Python 3. Use str methods instead. Part of the work for https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipadiscovery: Decode to unicode in ipacheckldap(), get_ipa_basedn()Petr Viktorin2016-03-031-7/+11
| | | | | | | | | | | ipacheckldap uses a schema-less connection with decode_attrs=False, so bytes need to be decoded manually. This was not a problem in Python2 where bytes and unicode could be mixed freely. Part of the work for https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
generated by cgit (git 2.34.1) at 2024-09-24 18:26:34 +0000