summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* caacl: correctly handle full user principal nameFraser Tweedale2016-04-201-2/+2
| | | | | | | | The caacl HBAC request is correct when just the username is given, but the full 'user@REALM' form was not handled correctly. Fixes: https://fedorahosted.org/freeipa/ticket/5733 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add activate option to stage user details pagePavel Vomacka2016-04-151-0/+1
| | | | | | | | Add activate option to the action menu on stage user details page. https://fedorahosted.org/freeipa/ticket/5369 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Limit max username length to 255 in config-modMartin Basti2016-04-151-0/+1
| | | | | | | | This value is same as is used in user and stageuser commands. https://fedorahosted.org/freeipa/ticket/5774 Reviewed-By: David Kupka <dkupka@redhat.com>
* specify type of exceeded limit when warning about truncated search resultsMartin Babinsky2016-04-131-2/+5
| | | | | | | | | API commands inheriting from LDAPSearch should mention which limit was exceeded in the warning message sent with truncated results. https://fedorahosted.org/freeipa/ticket/5677 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* differentiate between limit types when LDAP search exceeds configured limitsMartin Babinsky2016-04-132-13/+7
| | | | | | | | | | | When LDAP search fails on exceeded limits, we should raise an specific exception for the type of limit raised (size, time, administrative) so that the consumer can distinguish between e.g. searches returning too many entries and those timing out. https://fedorahosted.org/freeipa/ticket/5677 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* host-del --updatedns: print warnings instead of errorMartin Basti2016-04-131-2/+24
| | | | | | | | When DNS records do not exist, print warnings instead of hard error https://fedorahosted.org/freeipa/ticket/5627 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* host_del: update help for --updatedns optionMartin Basti2016-04-131-1/+2
| | | | | | | | Clarify that dns removes only A, AAAA, PTR, SSHFP records of the host(s) managed by IPA DNS. https://fedorahosted.org/freeipa/ticket/5675 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* host_del: remove only A, AAAA, SSHFP, PTR recordsMartin Basti2016-04-131-21/+17
| | | | | | | | | only A, AAAA, SSHPF and PTR records are managed by IPA. The other records should be removed by user. https://fedorahosted.org/freeipa/ticket/5675 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* host_del: split removing A/AAAA and PTR records to separate functionsMartin Basti2016-04-131-10/+14
| | | | | | | | | This change is needed because A/AAAA and PTR record will be handled separately. https://fedorahosted.org/freeipa/ticket/5675 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* host_del: remove unneeded dnszone-show command callMartin Basti2016-04-131-18/+12
| | | | | | | | | This command has no effect in that block of code, dnsrecord_show is enough for detection if records exists. https://fedorahosted.org/freeipa/ticket/5675 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* host_del: replace dns-record find command with showMartin Basti2016-04-131-12/+17
| | | | | | | | | Due the configuration of dnsrecord_find, it works as dnsrecord-show, thus it can be replaced. https://fedorahosted.org/freeipa/ticket/5675 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* host_del: fix removal of host recordsMartin Basti2016-04-131-21/+10
| | | | | | | | | Originally only the first A/AAAA record is removed, and one other record. This commit fixes it and all records are removed. https://fedorahosted.org/freeipa/ticket/5675 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add missing pre_common_callback to stageuser_addMartin Basti2016-04-121-0/+2
| | | | | | | | | | This pre_callback contains method to preprocessing usercertificate that was not called during stageuser-add. This commit adds missing pre_common_callback call to stageuser_add. https://fedorahosted.org/freeipa/ticket/5759 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* otptoken-add: improve the robustness of QR code printingMartin Babinsky2016-03-241-7/+66
| | | | | | | | | | | The python-qrcode print_ascii() method does not work in terminals with non-UTF-8 encoding. When this is the case do not render QR code but print a warning instead. Also print a warning when the QR code size is greater that terminal width if the output is a tty. https://fedorahosted.org/freeipa/ticket/5700 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix: catch Exception instead of more specific exception typesMartin Basti2016-03-221-2/+2
| | | | | | | | Regression caused by commit 491447cc5ab8c5eff2be57d609201cefb79f7053, ValueErrori and AttributeError are too much specific for these cases, multiple types of exception can be raised. Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Pylint: remove unnecessary-semicolonMartin Basti2016-03-221-2/+2
| | | | | Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* Pylint: import max one module per lineMartin Basti2016-03-221-1/+2
| | | | | Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* pylint: remove bare exceptMartin Basti2016-03-224-10/+10
| | | | | | | Bare except should not be used. Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* sudo: Fix a typo in the --help output of sudocmdgroupJakub Hrozek2016-03-181-2/+2
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix broken trust warningsMartin Basti2016-03-161-1/+3
| | | | | | | | Warning should be shown only for parent entries of trust domain. Subdomains do not contain ipaNTSecurityIdentifier attribute at all. https://fedorahosted.org/freeipa/ticket/5737 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* stageuser-activate: Normalize manager valueMartin Basti2016-03-161-10/+11
| | | | | | | | | Manager(s) were returned as list od DN, this commit fixes behavior and managers are returned as list of logins. https://fedorahosted.org/freeipa/ticket/5481 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix the man page part for shorter sentences, to avoid dual understanding, ↵Jérôme Fenal2016-03-101-13/+13
| | | | | | and punctuation, all spotted while translating to French. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Allow admins to disable preauth for SPNs.Simo Sorce2016-03-081-1/+2
| | | | | | | | | | | | | | | | Some legacy softare is not able to properly cope with preauthentication, allow the admins to disable the requirement to use preauthentication for all Service Principal Names if they so desire. IPA Users are excluded, for users, which use password of lessere entrpy, preauthentication is always required by default. This setting does NOT override explicit policies set on service principals or in the global policy, it only affects the default. Signed-off-by: Simo Sorce <simo@redhat.com> Ticket: https://fedorahosted.org/freeipa/ticket/3860 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipalib: Fix user certificate docstringsTomas Babej2016-03-073-3/+3
| | | | Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* pylint: supress false positive no-member errorsMartin Basti2016-03-022-4/+10
| | | | | | | | | pylint 1.5 prints many false positive no-member errors which are supressed by this commit. https://fedorahosted.org/freeipa/ticket/5615 Reviewed-By: David Kupka <dkupka@redhat.com>
* Remove duplicated exceptMartin Basti2016-02-251-3/+0
| | | | | | Both exceptions have been catched before, so it is bacically dead code Reviewed-By: David Kupka <dkupka@redhat.com>
* Fixes minor issuesStanislav Laznicka2016-02-241-1/+1
| | | | | | | | | | | | | Fixes issues discovered by Coverity plugins/baseldap.py: possible undefined value in return certmonger.py: possible dereference of None value i18n.py: fixed always True bug (+ cosmetic change) https://fedorahosted.org/freeipa/ticket/5661 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Cosmetic changes to the codeStanislav Laznicka2016-02-241-3/+0
| | | | | | | | | | | | | | | Fixes some Coverity issues ipadiscovery.py: added assert should universe break plugins/dns.py: removed dead code dnssec/ldapkeydb.py: attribute assert in the proper object test_automount_plugin.py: fixed possible close() on None xmlrpc_test.py: Coverity does not like accessing None.__class__ https://fedorahosted.org/freeipa/ticket/5661 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Warn user if trust is brokenMartin Basti2016-02-231-0/+41
| | | | | | | | | | Detect missing ipaNTSecurityIdentifier and print message for a user, that the trust is broken as result of trust-show and trust-find commands. https://fedorahosted.org/freeipa/ticket/5665 Reviewed-By: Tomas Babej <tbabej@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* trusts: use ipaNTTrustPartner attribute to detect trust entriesMartin Basti2016-02-231-2/+5
| | | | | | | | | | | | | | Trust entries were found by presence of ipaNTSecurityIdentifier attribute. Unfortunately this attribute might not be there due the bug. As replacement for this, attribute ipaNTTrustPartner can be used. Note: other non trust entries located in cn=trusts subtree can be cross-realm principals. https://fedorahosted.org/freeipa/ticket/5665 Reviewed-By: Tomas Babej <tbabej@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* make lint: use config file and plugin for pylintMartin Basti2016-02-111-0/+4
| | | | | | | | | | | | | | | | | | | Our custom implementation of pylint checker is often broken by incompatible change on pylint side. Using supported solutions (config file, pylint plugins) should avoid this issue. The plugin adds missing (dynamic) member to classes in abstract syntax tree generated for pylint, instead of just ignoring missing members and all sub-members. This should improve pylint detection of typos and missing members in api. env and test config. make-lint python script has been removed, to run pylint execute 'make lint' https://fedorahosted.org/freeipa/ticket/5615 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fixed typo in service-addThorsten Scherf2016-02-021-1/+1
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add tool tips for Revert, Refresh, Undo, and Undo AllPavel Vomacka2016-01-271-2/+4
| | | | | | | | | | | | Add tool tips for buttons in detail view. New tooltips: Reload - Reload current settings from the server. Revert - Undo all unsaved changes. Undo - Undo this change. Undo all - Undo all changes in this field. https://fedorahosted.org/freeipa/ticket/5428 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Warn user when ipa *-find reach limitMartin Basti2016-01-271-1/+7
| | | | | | | | | Truncated entries were silently ignored, now a user receives warning. https://fedorahosted.org/freeipa/ticket/4022 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Gabe Alford <redhatrises@gmail.com>
* Don't index exceptions directlyPetr Viktorin2016-01-201-2/+2
| | | | | | | | | | In Python 3, exceptions don't behave as tuples of their arguments; instead of e[1] it's necessary to use e.args[1]. https://fedorahosted.org/freeipa/ticket/5623 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use explicit truncating divisionPetr Viktorin2016-01-203-6/+6
| | | | | | | | | | In Python 3, the truncating division operator, //, is needed to get C-style "int division". https://fedorahosted.org/freeipa/ticket/5623 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Loggger: Use warning instead of warn - dns pluginTomas Babej2016-01-191-1/+1
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* logger: Use warning instead of warnTomas Babej2016-01-184-12/+12
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix dns_is_enabled() API command to throw exceptions as appropriatePetr Spacek2016-01-081-6/+4
| | | | | | | | | | Previously the command returned False whenever an exception occured which caused installed to continue even when there was a problem with LDAP connection. https://fedorahosted.org/freeipa/ticket/5564 Reviewed-By: David Kupka <dkupka@redhat.com>
* webui: add examples to network address validator error messagePetr Vobornik2016-01-081-1/+1
| | | | | | | https://fedorahosted.org/freeipa/ticket/5532 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Gabe Alford <redhatrises@gmail.com>
* Enable pylint unnecessary-pass checkMartin Basti2015-12-233-8/+1
| | | | | | Enables check and removes extra pass statement from code. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Enable pylint trailing-whitespace checkMartin Basti2015-12-231-2/+2
| | | | | | | | | | | | | | | | | | | Enables check and fixes: ************* Module ipapython.log_manager ipapython/log_manager.py:808: [C0303(trailing-whitespace), ] Trailing whitespace) ************* Module ipachangeconf contrib/RHEL4/ipachangeconf.py:28: [C0303(trailing-whitespace), ] Trailing whitespace) contrib/RHEL4/ipachangeconf.py:116: [C0303(trailing-whitespace), ] Trailing whitespace) ************* Module ipalib.plugins.pwpolicy ipalib/plugins/pwpolicy.py:174: [C0303(trailing-whitespace), ] Trailing whitespace) ipalib/plugins/pwpolicy.py:180: [C0303(trailing-whitespace), ] Trailing whitespace) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove wildcard importsMartin Basti2015-12-2322-30/+235
| | | | | | | | | | | Wildcard imports should not be used. Check for wildcard imports has been enabled in pylint. Pylint note: options 'wildcard-import' causes too much false positive results, so instead it I used 'unused-wildcard-import' option which has almost the same effect. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove unused importsMartin Basti2015-12-2329-89/+68
| | | | | | | This patch removes unused imports, alse pylint has been configured to check unused imports. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* dns: do not add (forward)zone if it is already resolvable.David Kupka2015-12-141-5/+25
| | | | | | | | | Check if the zone user wants to add is already resolvable and refuse to create it if yes. --skip-overlap-check and --force options suppress this check. https://fedorahosted.org/freeipa/ticket/5087 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Refactor ipautil.runPetr Viktorin2015-12-141-3/+3
| | | | | | | | | | | | | | | | | | | | | The ipautil.run function now returns an object with returncode and output are accessible as attributes. The stdout and stderr of all commands are logged (unless skip_output is given). The stdout/stderr contents must be explicitly requested with a keyword argument, otherwise they are None. This is because in Python 3, the output needs to be decoded, and that can fail if it's not decodable (human-readable) text. The raw (bytes) output is always available from the result object, as is "leniently" decoded output suitable for logging. All calls are changed to reflect this. A use of Popen in cainstance is changed to ipautil.run. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* replica install: add remote connection check over APIJan Cholasta2015-12-111-1/+69
| | | | | | | | | | Add server_conncheck command which calls ipa-replica-conncheck --replica over oddjob. https://fedorahosted.org/freeipa/ticket/5497 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix minor typosYuri Chornoivan2015-12-072-2/+2
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* aci: add IPA servers host group 'ipaservers'Jan Cholasta2015-12-072-0/+32
| | | | | | | https://fedorahosted.org/freeipa/ticket/3416 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Extend topology helpPetr Vobornik2015-12-041-3/+52
| | | | | | | `ipa help topology` is improved. Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-25 11:36:16 +0000