| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not validate values of command arguments on the client and let the
server handle validation.
This will make the client more lightweight by not having it to carry
validation code and metadata with itself for the price of increasing
network traffic in case the validation fails.
Types of the arguments are still validated on both the client and the
server.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Include keyword arguments of exceptions in RPC responses. This is limited
to JSON-RPC, as XML-RPC does not support additional data in error
responses.
Include keyword arguments of messages in RPC responses.
Include keyword arguments of exceptions in batch command result.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Do not set the `value`, `index` and `rule` arguments when raising
ConversionError and ValidationError. The arguments are unused and are not
specified consistently accross the framework and plugins.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When unable to parse JSON response from the server, properly raise
JSONError not to cause a crash.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
| |
Variable msg may not exists in the last except context, and even it
contains improper value because it is not related to catched exception
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This prevents validation failures on architectures where integer is less
than 32 bits.
https://fedorahosted.org/freeipa/ticket/5894
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This might happen when the command is called directly in Python,
e.g. in installers and so on.
Pylint pylint-1.5.5-1.fc24.noarch caught this.
https://fedorahosted.org/freeipa/ticket/5838
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Make sure the base64-encoded value is a string, so it is printed
without the b'' markers.
Part of the work for: https://fedorahosted.org/freeipa/ticket/4985
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4955
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4985
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Python 3's JSON library cannot deal with bytes, so decode
base64-encoded data to string.
Part of the work for https://fedorahosted.org/freeipa/ticket/4985
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
In Python 3, the "message" attribute has been removed in favor of
calling str() on the error.
Part of the work for https://fedorahosted.org/freeipa/ticket/4985
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
User in now notified about "Locked User account" message instead of
"The password or username you entered is incorrect" or any generic error
message
Fixes : https://fedorahosted.org/freeipa/ticket/5076
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Python 3, str.encode('ascii') converts to bytes, and str()
(nicknamed unicode() in IPA) returns the string representation
of an object, which is b'...' for bytes.
So, unicode('...'.encode('ascii')) results in "b'...'".
Change the code to only call encode() for the error.
Part of the work for https://fedorahosted.org/freeipa/ticket/4985
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Host, user and idview commands do unnnecessary extra search for
ipasshpubkey attribute to generate fingerprints.
Note: Host and user plugins shows ipasshpubkey only when the attribute
is changed, idviews show ipasshpubkey always. This behavior has been
kept by this commit.
common_pre/post_callbacks were fixed in [base|stage]user modules.
common_callbacks requires the same arguments as pre/post_callbacks now
(except baseuser_find.post_common_callback)
Note2: in *-add commands there is no need for managing ipasshpubkey as
this attribute should be shown always there.
https://fedorahosted.org/freeipa/ticket/3376
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For each entry in user/host-find was executed an extra search for password
attributes what has significant impact on performance (for 2000 users
there were 2000 additional searches)
http://www.freeipa.org/page/V4/Performance_Improvements
https://fedorahosted.org/freeipa/ticket/5281
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5773
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
The caacl HBAC request is correct when just the username is given,
but the full 'user@REALM' form was not handled correctly.
Fixes: https://fedorahosted.org/freeipa/ticket/5733
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- User is now notified about "Kerberos Principal expiration" message instead of
"Wrong username or password" message.
- User is also notified about "Invalid password" message instead of
generic error message.
https://fedorahosted.org/freeipa/ticket/5077
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
| |
Add activate option to the action menu on stage user details page.
https://fedorahosted.org/freeipa/ticket/5369
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
| |
This value is same as is used in user and stageuser commands.
https://fedorahosted.org/freeipa/ticket/5774
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
API commands inheriting from LDAPSearch should mention which limit was
exceeded in the warning message sent with truncated results.
https://fedorahosted.org/freeipa/ticket/5677
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When LDAP search fails on exceeded limits, we should raise an specific
exception for the type of limit raised (size, time, administrative) so that
the consumer can distinguish between e.g. searches returning too many entries
and those timing out.
https://fedorahosted.org/freeipa/ticket/5677
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
| |
When DNS records do not exist, print warnings instead of hard error
https://fedorahosted.org/freeipa/ticket/5627
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Clarify that dns removes only A, AAAA, PTR, SSHFP records of the host(s) managed by IPA DNS.
https://fedorahosted.org/freeipa/ticket/5675
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
only A, AAAA, SSHPF and PTR records are managed by IPA. The other
records should be removed by user.
https://fedorahosted.org/freeipa/ticket/5675
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This change is needed because A/AAAA and PTR record will be handled
separately.
https://fedorahosted.org/freeipa/ticket/5675
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This command has no effect in that block of code, dnsrecord_show is
enough for detection if records exists.
https://fedorahosted.org/freeipa/ticket/5675
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Due the configuration of dnsrecord_find, it works as dnsrecord-show,
thus it can be replaced.
https://fedorahosted.org/freeipa/ticket/5675
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Originally only the first A/AAAA record is removed, and one other record. This commit fixes it
and all records are removed.
https://fedorahosted.org/freeipa/ticket/5675
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This pre_callback contains method to preprocessing usercertificate that
was not called during stageuser-add. This commit adds missing
pre_common_callback call to stageuser_add.
https://fedorahosted.org/freeipa/ticket/5759
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The python-qrcode print_ascii() method does not work in terminals with
non-UTF-8 encoding. When this is the case do not render QR code but print a
warning instead. Also print a warning when the QR code size is greater that
terminal width if the output is a tty.
https://fedorahosted.org/freeipa/ticket/5700
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
| |
Regression caused by commit 491447cc5ab8c5eff2be57d609201cefb79f7053,
ValueErrori and AttributeError are too much specific for these cases, multiple types of
exception can be raised.
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
| |
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
| |
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Fixes current reimports and enables pylint check for them
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Bare except should not be used.
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
Warning should be shown only for parent entries of trust domain. Subdomains do not contain ipaNTSecurityIdentifier attribute at all.
https://fedorahosted.org/freeipa/ticket/5737
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Manager(s) were returned as list od DN, this commit fixes behavior and
managers are returned as list of logins.
https://fedorahosted.org/freeipa/ticket/5481
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
and punctuation, all spotted while translating to French.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some legacy softare is not able to properly cope with preauthentication,
allow the admins to disable the requirement to use preauthentication for
all Service Principal Names if they so desire. IPA Users are excluded,
for users, which use password of lessere entrpy, preauthentication is
always required by default.
This setting does NOT override explicit policies set on service principals
or in the global policy, it only affects the default.
Signed-off-by: Simo Sorce <simo@redhat.com>
Ticket: https://fedorahosted.org/freeipa/ticket/3860
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
| |
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The "except ValueError as UnicodeDecodeError" looks very suspicious.
Commit change except to catch both exceptions.
https://fedorahosted.org/freeipa/ticket/5718
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
| |
Part of the work for https://fedorahosted.org/freeipa/ticket/5638
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
| |
Call the add_message() method of Command from anywhere in the implementation
of a command to add a message to the result of the command.
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
| |
Add context which is valid for the duration of command call. The context
is accessible using the `context` attribute of Command and Object plugins.
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
