summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/host.py
Commit message (Collapse)AuthorAgeFilesLines
* ipalib: move server-side plugins to ipaserverJan Cholasta2016-06-031-1284/+0
| | | | | | | | | | Move the remaining plugin code from ipalib.plugins to ipaserver.plugins. Remove the now unused ipalib.plugins package. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* ipalib: split off client-side plugin code into ipaclientJan Cholasta2016-06-031-19/+0
| | | | | | | | | | | Provide client-side overrides for command plugins which implement any of the client-side `interactive_prompt_callback`, `forward` or `output_for_cli` methods and move the methods from the original plugins to the overrides. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* Use root_logger for verify_host_resolvable()Petr Spacek2016-05-301-1/+1
| | | | | | | | | | After discussion with Martin Basti we decided to standardize on root_logger with hope that one day we will use root_logger.getLogger('module') to make logging prettier and tunable per module. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipalib: use relative imports for cross-plugin importsJan Cholasta2016-05-251-3/+3
| | | | | | | | | This will make it possible to move the plugin modules between ipalib, ipaclient and ipaserver without having to change the imports. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* ipalib: remove the unused `csv` argument of ParamJan Cholasta2016-05-251-2/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* Do not do extra search for ipasshpubkey to generate fingerprintsMartin Basti2016-04-261-5/+22
| | | | | | | | | | | | | | | | | | | | Host, user and idview commands do unnnecessary extra search for ipasshpubkey attribute to generate fingerprints. Note: Host and user plugins shows ipasshpubkey only when the attribute is changed, idviews show ipasshpubkey always. This behavior has been kept by this commit. common_pre/post_callbacks were fixed in [base|stage]user modules. common_callbacks requires the same arguments as pre/post_callbacks now (except baseuser_find.post_common_callback) Note2: in *-add commands there is no need for managing ipasshpubkey as this attribute should be shown always there. https://fedorahosted.org/freeipa/ticket/3376 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Performace: don't download password attributes in host/user-findMartin Basti2016-04-221-5/+0
| | | | | | | | | | | | For each entry in user/host-find was executed an extra search for password attributes what has significant impact on performance (for 2000 users there were 2000 additional searches) http://www.freeipa.org/page/V4/Performance_Improvements https://fedorahosted.org/freeipa/ticket/5281 Reviewed-By: David Kupka <dkupka@redhat.com>
* host-del --updatedns: print warnings instead of errorMartin Basti2016-04-131-2/+24
| | | | | | | | When DNS records do not exist, print warnings instead of hard error https://fedorahosted.org/freeipa/ticket/5627 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* host_del: update help for --updatedns optionMartin Basti2016-04-131-1/+2
| | | | | | | | Clarify that dns removes only A, AAAA, PTR, SSHFP records of the host(s) managed by IPA DNS. https://fedorahosted.org/freeipa/ticket/5675 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* host_del: remove only A, AAAA, SSHFP, PTR recordsMartin Basti2016-04-131-21/+17
| | | | | | | | | only A, AAAA, SSHPF and PTR records are managed by IPA. The other records should be removed by user. https://fedorahosted.org/freeipa/ticket/5675 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* host_del: split removing A/AAAA and PTR records to separate functionsMartin Basti2016-04-131-10/+14
| | | | | | | | | This change is needed because A/AAAA and PTR record will be handled separately. https://fedorahosted.org/freeipa/ticket/5675 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* host_del: remove unneeded dnszone-show command callMartin Basti2016-04-131-18/+12
| | | | | | | | | This command has no effect in that block of code, dnsrecord_show is enough for detection if records exists. https://fedorahosted.org/freeipa/ticket/5675 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* host_del: replace dns-record find command with showMartin Basti2016-04-131-12/+17
| | | | | | | | | Due the configuration of dnsrecord_find, it works as dnsrecord-show, thus it can be replaced. https://fedorahosted.org/freeipa/ticket/5675 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* host_del: fix removal of host recordsMartin Basti2016-04-131-21/+10
| | | | | | | | | Originally only the first A/AAAA record is removed, and one other record. This commit fixes it and all records are removed. https://fedorahosted.org/freeipa/ticket/5675 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipalib: Fix user certificate docstringsTomas Babej2016-03-071-1/+1
| | | | Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* Remove unused importsMartin Basti2015-12-231-1/+0
| | | | | | | This patch removes unused imports, alse pylint has been configured to check unused imports. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* aci: add IPA servers host group 'ipaservers'Jan Cholasta2015-12-071-0/+6
| | | | | | | https://fedorahosted.org/freeipa/ticket/3416 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Removed duplicate domain name validating functionStanislav Laznicka2015-12-021-1/+1
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* Alias "unicode" to "str" under Python 3Jan Cholasta2015-09-171-0/+5
| | | | | | | | | The six way of doing this is to replace all occurences of "unicode" with "six.text_type". However, "unicode" is non-ambiguous and (arguably) easier to read. Also, using it makes the patches smaller, which should help with backporting. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Modernize use of range()Petr Viktorin2015-09-011-4/+4
| | | | | | | | | | | | In Python 3, range() behaves like the old xrange(). The difference between range() and xrange() is usually not significant, especially if the whole result is iterated over. Convert xrange() usage to range() for small ranges. Use modern idioms in a few other uses of range(). Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Replace uses of map()Petr Viktorin2015-09-011-3/+3
| | | | | | | | | | In Python 2, map() returns a list; in Python 3 it returns an iterator. Replace all uses by list comprehensions, generators, or for loops, as required. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Import 'reduce' from functoolsPetr Viktorin2015-08-121-0/+1
| | | | | | | The reduce function is no longer a built-in in Python 3. Importing it from functools works on both py2 and py3. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-121-3/+3
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* adjust search so that it works for non-admin usersPetr Vobornik2015-08-121-1/+1
| | | | | | | | | | | | | | | | Non-admin user can now search for: - hosts - hostgroups - netgroups - servers - services (Fixes ACI issue where search returns nothing when user does't have read rights for an attribute in search_attributes. https://fedorahosted.org/freeipa/ticket/5167 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* new commands to manage user/host/service certificatesMartin Babinsky2015-07-021-2/+25
| | | | | | | | | | | | A new group of commands is introduced that simplifies adding and removing binary certificates to entries. A general form of the command is ipa [user/host/service]-[add/remove]-cert [pkey] --certificate=[BASE64 BLOB] Part of http://www.freeipa.org/page/V4/User_Certificates and https://fedorahosted.org/freeipa/ticket/4238 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* reworked certificate normalization and revocationMartin Babinsky2015-07-021-70/+5
| | | | | | | | | | | Validation of certificate is now handled by `x509.validate_certificate'. Revocation of the host and service certificates was factored out to a separate function. Part of http://www.freeipa.org/page/V4/User_Certificates Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix: regression in host and service pluginMartin Basti2015-06-031-3/+7
| | | | | | | | | | | Test failures: * wrong error message * mod operation always delete usercertificates https://fedorahosted.org/freeipa/ticket/4238 Reviewed-By: Milan Kubik <mkubik@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* Support multiple host and service certificatesFraser Tweedale2015-06-021-49/+58
| | | | | | | | | | | | | | | | | | | | | | Update the framework to support multiple host and service certificates. host-mod and service-mod revoke existing certificates that are not included in the modified entry. Using addattr=certificate=... will result in no certificates being revoked. The existing behaviour of host-disable, host-del, service-disable and service-del (revoke existing certificate) is preserved but now applies to all certificates in the host or service entry. Also update host-show and service-show to write all the principal's certificates to the file given by the ``--out=FILE`` option. Part of: http://www.freeipa.org/page/V4/User_Certificates https://fedorahosted.org/freeipa/ticket/4238 Reviewed-By: Martin Basti <mbasti@redhat.com>
* speed up indirect member processingPetr Vobornik2015-04-271-1/+1
| | | | | | | | | | | | | | | the old implementation tried to get all entries which are member of group. That means also user. User can't have any members therefore this costly processing was unnecessary. New implementation reduces the search only to entries which have members. Also page size was removed to avoid paging by small pages(default size: 100) which is very slow for many members. https://fedorahosted.org/freeipa/ticket/4947 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* hosts: Display assigned ID view by default in host-find and show commandsTomas Babej2014-12-051-3/+18
| | | | | | | | | | Makes ipaassignedidview a default attribute and takes care about the conversion from the DN to the proper ID view name. https://fedorahosted.org/freeipa/ticket/4774 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* add --hosts and --hostgroup options to allow/retrieve keytab methodsPetr Vobornik2014-12-031-6/+22
| | | | | | | | | | | | | | | | | | `--hosts` and `--hostgroup` options added to: * service-allow-create-keytab * service-allow-retrieve-keytab * service-disallow-create-keytab * service-disallow-retrieve-keytab * host-allow-create-keytab * host-allow-retrieve-keytab * host-disallow-create-keytab * host-disallow-retrieve-keytab in order to allow hosts to retrieve keytab of their services or related hosts as described on http://www.freeipa.org/page/V4/Keytab_Retrieval design page https://fedorahosted.org/freeipa/ticket/4777 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* keytab manipulation permission managementPetr Vobornik2014-10-171-4/+112
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds new API: ipa host-allow-retrieve-keytab HOSTNAME --users=STR --groups STR ipa host-disallow-retrieve-keytab HOSTNAME --users=STR --groups STR ipa host-allow-create-keytab HOSTNAME --users=STR --groups STR ipa host-disallow-create-keytab HOSTNAME --users=STR --groups STR ipa service-allow-retrieve-keytab PRINCIPAL --users=STR --groups STR ipa service-disallow-retrieve-keytab PRINCIPAL --users=STR --groups STR ipa service-allow-create-keytab PRINCIPAL --users=STR --groups STR ipa service-disallow-create-keytab PRINCIPAL --users=STR --groups STR these methods add or remove user or group DNs in `ipaallowedtoperform` attr with `read_keys` and `write_keys` subtypes. service|host-mod|show outputs these attrs only with --all option as: Users allowed to retrieve keytab: user1 Groups allowed to retrieve keytab: group1 Users allowed to create keytab: user1 Groups allowed to create keytab: group1 Adding of object class is implemented as a reusable method since this code is used on many places and most likely will be also used in new features. Older code may be refactored later. https://fedorahosted.org/freeipa/ticket/4419 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Check LDAP instead of local configuration to see if IPA CA is enabledJan Cholasta2014-10-171-3/+3
| | | | | | | | The check is done using a new hidden command ca_is_enabled. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* ipalib: PEP8 fixes for host pluginTomas Babej2014-09-301-18/+22
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipalib: Remove redundant and star imports from host pluginTomas Babej2014-09-301-8/+8
| | | | | | | | | | Also fixes incorrect error catching for UnicodeDecodeError. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Add ipaAssignedIDVIew reference to the host objectTomas Babej2014-09-301-3/+6
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipalib: host_del: Extend LDAPDelete's takes_options instead of overridingTomas Babej2014-09-171-1/+1
| | | | | | | | | | | The host-del command did not accept --continue option, since the takes_options was overriden and did not take the options from LDAPDelete. Fix the behaviour. https://fedorahosted.org/freeipa/ticket/4473 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix: Add managed read permissions for compat tree and operational attrsPetr Viktorin2014-09-051-1/+1
| | | | | | | | | | | This is a fix for an earlier version, which was committed by mistake as: master: 418ce870bfbe13cea694a7b862cafe35c703f660 ipa-4-0: 3e2c86aeabbd2e3c54ad73a40803ef2bf5b0cb17 ipa-4-1: 9bcd88589e30d31d3f533cd42d2f816ef01b07c7 Thanks to Alexander Bokovoy for contributions https://fedorahosted.org/freeipa/ticket/4521
* Add managed read permissions for compat treePetr Viktorin2014-09-051-0/+10
| | | | | | https://fedorahosted.org/freeipa/ticket/4521 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* host permissions: Allow writing attributes needed for automatic enrollmentPetr Viktorin2014-06-231-1/+13
| | | | | | | | | | | - userclass added to existing Modify hosts permission - usercertificate, userpassword added to a new permissions https://fedorahosted.org/freeipa/ticket/4252 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Convert Host default permissions to managedPetr Viktorin2014-06-231-0/+66
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Update all remaining plugins to the new Registry APINathaniel McCallum2014-06-111-9/+12
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Make zonenames absolute in host pluginMartin Basti2014-06-111-2/+3
| | | | | | | This is fix for regression caused by IDNA patch, zone names must be absolute. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* move hostname validation from DNS to hostsMartin Basti2014-06-031-3/+11
| | | | | | | | | | Validator is no more used in dns plugin Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Modified dns related global functionsMartin Basti2014-06-031-2/+6
| | | | | | | | | | | * Modified functions to use DNSName type * Removed unused functions Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Allow primary keys to use different type than unicode.Jan Cholasta2014-04-181-1/+1
| | | | | | | | | | Also return list of primary keys instead of a single unicode CSV value from LDAPDelete-based commands. This introduces a new capability 'primary_key_types' for backward compatibility with old clients. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Add managed read permissions to hostPetr Viktorin2014-04-141-0/+26
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/3566 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Add permission_filter_objectclasses for explicit type filtersPetr Viktorin2014-02-201-0/+1
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4074 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Convert remaining frontend code to LDAPEntry API.Jan Cholasta2014-01-241-18/+17
|
* Change the way we determine if the host has a password set.Rob Crittenden2014-01-151-1/+1
| | | | | | | | | | When creating a host with a password we don't set a Kerberos principal or add the Kerberos objectclasses. Those get added when the host is enrolled. If one passed in --password= (so no password) then we incorrectly thought the user was in fact setting a password, so the principal and objectclasses weren't updated. https://fedorahosted.org/freeipa/ticket/4102
generated by cgit (git 2.34.1) at 2025-09-27 01:44:36 +0000