summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Add ipa-custodia serviceSimo Sorce2015-10-1521-4/+763
| | | | | | | | | | Add a customized Custodia daemon and enable it after installation. Generates server keys and loads them in LDAP autonomously on install or update. Provides client code classes too. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* topology: add realm suffix to master entry on updatePetr Vobornik2015-10-151-0/+5
| | | | | | Realm suffix was set only during installation but not on update. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* admintool: Add error message with path to log on failure.David Kupka2015-10-151-0/+4
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* tests: Add tests for idoverride object integrityTomas Babej2015-10-141-2/+173
| | | | | | | | | | | As far as IPA objects are concerned, ID overrides are supposed to be removed when the respective user/group is removed. Adds a couple of tests to ensure this behaviour is covered. https://fedorahosted.org/freeipa/ticket/5322 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* idoverride: Ignore ValidationErrors when converting the anchorTomas Babej2015-10-141-24/+33
| | | | | | | | | | | When converting the anchor to a human readable form, SID validation may fail, i.e. if the domain is no longer trusted. Ignore such cases and pass along the anchor in the raw format. https://fedorahosted.org/freeipa/ticket/5322 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* remove ID overrides when deleting a userMartin Babinsky2015-10-141-0/+6
| | | | | | | | patch fixes a regression introduced during user-del refactoring https://fedorahosted.org/freeipa/ticket/5365 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipa-adtrust-install: Print complete SRV recordsPetr Spacek2015-10-141-3/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/5358 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fixes disappearing automember expressionsStanislav Laznicka2015-10-141-2/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/5353 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Replace tab with space in test_user_plugin.pyMartin Basti2015-10-141-2/+2
| | | | | | Mixing tabs and spaces is not allowed in python3 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Remove bind configuration detected questionGabe2015-10-132-11/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/5351 Reviewed-By: Martin Basti <mbasti@redhat.com>
* vault: fix private service vault creationJan Cholasta2015-10-132-3/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/5361 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* ipaldap: Remove extraneous `long` (included in six.int_types)Petr Viktorin2015-10-131-1/+1
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Alias long to int under Python 3Petr Viktorin2015-10-133-0/+7
| | | | | | In py3, the two types are unified under the name "int". Reviewed-By: Tomas Babej <tbabej@redhat.com>
* rpc: Name argument to KerberosErrorPetr Viktorin2015-10-131-1/+1
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipalib.parameters: Require bytes for Bytes.patternPetr Viktorin2015-10-132-2/+4
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipalib.parameters: Handle 0-prefixed octal format of intsPetr Viktorin2015-10-132-0/+4
| | | | | | | | | | In Python 2, numbers prfixed with '0' are parsed as octal, e.g. '020' -> 16. In Python 3, the prefix is '0o'. Handle the old syntax for IPA's parameter conversion to keep backwards compatibility. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* test_keyring: Use str(e) instead of e.message for exceptionsPetr Viktorin2015-10-131-1/+1
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Add `message` property to IPA's errors and warnings under Python 3Petr Viktorin2015-10-131-0/+12
| | | | | | | | Python 3 removes the "message" attribute from exceptions, in favor of just calling str(). Add it back for IPA's own exception types. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipalib.aci: Port to Python 3Petr Viktorin2015-10-133-14/+16
| | | | | | | | | - Don't encode under Python 3, where shlex would choke on bytes - Sort the attrs dictionary in export_to_string, so the tests are deterministic. (The iteration order of dicts was always unspecified, but was always the same in practice under CPython 2.) Reviewed-By: Tomas Babej <tbabej@redhat.com>
* test_ipalib.test_frontend: Port unbound method tests to Python 3Petr Viktorin2015-10-131-4/+16
| | | | | | | Python 3 uses plain function objects instead of unbound methods. So, what was Class.method.__func__ is now just Class.method. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Rename caught exception for use outside the except: block.Petr Viktorin2015-10-132-6/+4
| | | | | | | | | | | | | | In Python 3, the variable with the currently handled exception is unset at the end of the except block. (This is done to break reference cycles, since exception instances now carry tracebacks, which contain all locals.) Fix this in baseldap's error handler. Use a simpler structure for the ipatests.raises utility that only uses the exception inside the except block. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* x509: Port to Python 3Petr Viktorin2015-10-132-16/+14
| | | | | | | | | | | | In python 3 , `bytes` has the buffer interface, and `buffer` was removed. Also, invalid padding in base64-encoded data raises a ValueError rather than TypeError. In tests, use pytest.assert_raises for more correct exception assertions. Also, get rid of unused imports in the tests Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Do not compare types that are not comparable in Python 3Petr Viktorin2015-10-133-6/+12
| | | | | | | | | | In Python 3, different types are generally not comparable (except for equality), and None can't be compared to None. Fix cases of these comparisons. In ipatest.util, give up on sorting lists if the sorting raises a TypeError. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* comment: Add Documentation string to deduplicate functionDavid Kupka2015-10-131-0/+3
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* The delegation uris are not set, match message to code.Jan Pazdziora2015-10-131-1/+1
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* CI Test: add setup_kra options into install scriptsMartin Basti2015-10-122-11/+27
| | | | | | https://fedorahosted.org/freeipa/ticket/5302 Reviewed-By: Milan Kubik <mkubik@redhat.com>
* upgrade: make sure ldap2 is connected in export_kra_agent_pemJan Cholasta2015-10-121-0/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/5360 Reviewed-By: Ales 'alich' Marecek <amarecek@redhat.com>
* schema: do not derive ipaVaultPublicKey from ipaPublicKeyJan Cholasta2015-10-121-1/+2
| | | | | | | | | This is a workaround for DS bug: https://bugzilla.redhat.com/show_bug.cgi?id=1267782 https://fedorahosted.org/freeipa/ticket/5359 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* CI TEST: VaultMartin Basti2015-10-121-0/+205
| | | | | | | | Simple CI test for vault feature, including testing with replica Covers https://fedorahosted.org/freeipa/ticket/5302 Reviewed-By: Milan Kubik <mkubik@redhat.com>
* tests: Amend result assertions in realmdomains testsTomas Babej2015-10-121-8/+68
| | | | | | | | | | * Nonexistent domains have to be added/deleted with force * Warning messages are emitted * Some error messages have been altered https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* realmdomains: Do not fail due the ValidationError when adding _kerberos TXT ↵Tomas Babej2015-10-121-2/+5
| | | | | | | | record https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* realmdomains: Issue a warning when automated management of realmdomains failedTomas Babej2015-10-122-5/+54
| | | | | | https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* realmdomains: Add validation that realmdomain being added is indeed from our ↵Tomas Babej2015-10-121-24/+76
| | | | | | | | realm https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* realmdomains: Minor style and wording improvementsTomas Babej2015-10-121-15/+60
| | | | | | https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* util: Add detect_dns_zone_realm_type helperTomas Babej2015-10-121-0/+55
| | | | | | https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fixed a timing issue with drill returning non-zero exitcodeOleg Fayans2015-10-091-0/+1
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* client referral support for trusted domain principalsAlexander Bokovoy2015-10-083-0/+123
| | | | | | https://fedorahosted.org/freeipa/ticket/3559 Reviewed-By: Sumit Bose <sbose@redhat.com>
* vault: select a server with KRA for vault operationsJan Cholasta2015-10-082-4/+21
| | | | | | | | This uses the same mechanism which is used for the CA. https://fedorahosted.org/freeipa/ticket/5302 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: always export KRA agent PEM fileJan Cholasta2015-10-084-9/+9
| | | | | | | | | Export the file even when KRA is not installed locally so that vault commands work on all IPA replicas. https://fedorahosted.org/freeipa/ticket/5302 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: fix KRA agent PEM file permissionsJan Cholasta2015-10-084-16/+45
| | | | | | | | This fixes CVE-2015-5284. https://fedorahosted.org/freeipa/ticket/5347 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Avoid ipa-dnskeysync-replica & ipa-ods-exporter crashes caused by exceeding ↵Petr Spacek2015-10-072-8/+4
| | | | | | | | | | | | | | | | LDAP limits ldap2 internally does LDAP search to find out what LDAP search limits should be used (!). The problem is that this internal search has hardcoded limits and throws LimitExceeded exception when DS is too slow. DNSSEC daemons do not need any abstractions from ldap2 so we are going to use ipaldap directly. This will avoid the unnecessary search and associated risks. https://fedorahosted.org/freeipa/ticket/5342 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Appease pylintPetr Viktorin2015-10-071-0/+2
| | | | | | Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipapython.ssh: Port to Python 3Petr Viktorin2015-10-072-12/+24
| | | | | | | | | Sort out the accepted types. Handle Python 3's stricter separation between bytes and unicode. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove uses of the `types` modulePetr Viktorin2015-10-0710-42/+29
| | | | | | | | | | | In Python 3, the types module no longer provide alternate names for built-in types, e.g. `types.StringType` can just be spelled `str`. NoneType is also removed; it needs to be replaced with type(None) Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.Stringio instead of StringIO.StringIOPetr Viktorin2015-10-074-10/+11
| | | | | | | | | The StringIO class was moved to the io module. (In Python 2, io.StringIO is available, but is Unicode-only.) Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.http_client instead of httplibPetr Viktorin2015-10-074-5/+30
| | | | | | | | The module was renamed in Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.configparser instead of ConfigParserPetr Viktorin2015-10-0714-25/+32
| | | | | | | | The module name was lowercased in Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.xmlrpc.client instead of xmlrpclibPetr Viktorin2015-10-079-37/+44
| | | | | | | | The module is renamed to xmlrpc.client in Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.urllib instead of urllib/urllib2/urlparsePetr Viktorin2015-10-0718-71/+77
| | | | | | | | In Python 3, these modules are reorganized. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use sys.maxsize instead of sys.maxintPetr Viktorin2015-10-072-9/+9
| | | | | | | | | | | | In Python 3, integers don't have a maximum. The number called "sys.maxint" is now "sys.maxsize" (defined as larger than the largest possible list/string index). The new spelling is also available in Python 2.7. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
generated by cgit (git 2.34.1) at 2025-10-01 03:08:01 +0000