summaryrefslogtreecommitdiffstats
path: root/ipapython
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove function ipapython.ipautil.host_exists()Petr Spacek2016-04-281-14/+0
| | | | | | | The function duplicated ipalib.util.verify_host_resolvable() in slightly incompatible way because it used NSS while rest of IPA is using only DNS. Reviewed-By: Martin Basti <mbasti@redhat.com>
* sysrestore: Iterate over a list of dict keysPetr Viktorin2016-04-281-1/+1
| | | | | | | | | | | In Python 3, dict.keys() returns a key view. It is not safe to delete dict keys when iterating over this view. Convert the keys to list first. Part of the work for https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Always set hostnameMartin Basti2016-04-261-12/+0
| | | | | | | | | | | This prevents cases when hostname on system is set inconsistently (transient and static hostname differs) and may cause IPA errors. This commit ensures that all hostnames are set properly. https://fedorahosted.org/freeipa/ticket/5794 Reviewed-By: David Kupka <dkupka@redhat.com>
* Use netifaces module instead of 'ip' commandMartin Basti2016-04-141-17/+18
| | | | | | | | | Netifaces allows to get addresses from local interfaces of the host in safer way than parsing output of the ip command. https://fedorahosted.org/freeipa/ticket/5591 Reviewed-By: David Kupka <dkupka@redhat.com>
* differentiate between limit types when LDAP search exceeds configured limitsMartin Babinsky2016-04-131-18/+50
| | | | | | | | | | | When LDAP search fails on exceeded limits, we should raise an specific exception for the type of limit raised (size, time, administrative) so that the consumer can distinguish between e.g. searches returning too many entries and those timing out. https://fedorahosted.org/freeipa/ticket/5677 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix: catch Exception instead of more specific exception typesMartin Basti2016-03-221-2/+2
| | | | | | | | Regression caused by commit 491447cc5ab8c5eff2be57d609201cefb79f7053, ValueErrori and AttributeError are too much specific for these cases, multiple types of exception can be raised. Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Pylint: remove unnecessary-semicolonMartin Basti2016-03-221-1/+1
| | | | | Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* Pylint: import max one module per lineMartin Basti2016-03-221-1/+2
| | | | | Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* pylint: remove bare exceptMartin Basti2016-03-224-18/+13
| | | | | | | Bare except should not be used. Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* certdb: never use the -r option of certutilJan Cholasta2016-03-161-10/+8
| | | | | | | | | | | | | | | The -r option makes certutil output certificates in DER. If there are multiple certificates sharing the same nickname, certutil will output them concatenated into a single blob. The blob is not a valid DER anymore and causes failures further in the code. Use the -a option instead to output the certificates in PEM and convert them to DER on demand. https://fedorahosted.org/freeipa/ticket/5117 https://fedorahosted.org/freeipa/ticket/5720 Reviewed-By: David Kupka <dkupka@redhat.com>
* ipapython.sysrestore: Use str methods instead of functions from the string ↵Petr Viktorin2016-03-031-6/+6
| | | | | | | | | | | | | module For historical reasons, the string module contained some functions that mirror methods of the str type. These are eremoved in Python 3. Use str methods instead. Part of the work for https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Move get_ipa_basedn from ipautil to ipadiscoveryPetr Viktorin2016-03-031-41/+0
| | | | | | | | The function wasn't used anywhere else. Part of the work for https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* pylint: supress false positive no-member errorsMartin Basti2016-03-023-4/+7
| | | | | | | | | pylint 1.5 prints many false positive no-member errors which are supressed by this commit. https://fedorahosted.org/freeipa/ticket/5615 Reviewed-By: David Kupka <dkupka@redhat.com>
* cookie parser: do not fail on cookie with empty valuePetr Vobornik2016-03-011-1/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/5709 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Move freeipa certmonger helpers to libexecdir.Timo Aaltonen2016-02-261-11/+2
| | | | | | | | | | | The scripts in this directory are simple python scripts, nothing arch-specific in them. Having them under libexec would simplify the code a bit too, since there would be no need to worry about lib vs lib64 (which also cause trouble on Debian). https://fedorahosted.org/freeipa/ticket/5586 Reviewed-By: David Kupka <dkupka@redhat.com>
* client: stop using /etc/pki/nssdbJan Cholasta2016-02-241-0/+29
| | | | | | | | | | Don't put any IPA certificates to /etc/pki/nssdb - IPA itself uses /etc/ipa/nssdb and IPA CA certificates are provided to the system using p11-kit. Remove leftovers on upgrade. https://fedorahosted.org/freeipa/ticket/5592 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fixes minor issuesStanislav Laznicka2016-02-241-4/+10
| | | | | | | | | | | | | Fixes issues discovered by Coverity plugins/baseldap.py: possible undefined value in return certmonger.py: possible dereference of None value i18n.py: fixed always True bug (+ cosmetic change) https://fedorahosted.org/freeipa/ticket/5661 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Cosmetic changes to the codeStanislav Laznicka2016-02-241-1/+1
| | | | | | | | | | | | | | | Fixes some Coverity issues ipadiscovery.py: added assert should universe break plugins/dns.py: removed dead code dnssec/ldapkeydb.py: attribute assert in the proper object test_automount_plugin.py: fixed possible close() on None xmlrpc_test.py: Coverity does not like accessing None.__class__ https://fedorahosted.org/freeipa/ticket/5661 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Py3: do not use dict.iteritems()Martin Basti2016-02-231-2/+2
| | | | | | | | | | Py3 does not support iter* methods, this commit replaces 2 occurencies of iteritems() to items(). The dictionaries there are not big, this is sufficient we do not need to use six. https://fedorahosted.org/freeipa/ticket/5623 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* p11helper: Port to Python 3Petr Viktorin2016-02-171-6/+5
| | | | | | | | | - Use binascii.hexlify instead of encode('hex') - Keep the library name as a text string instead of encoding to bytes https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipautil: Use mode 'w+' in write_tmp_filePetr Viktorin2016-02-171-1/+1
| | | | | | | | | Python defaults to 'w+b', but all callers in IPA write use text (as opposed to bytes). https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipautil.run, kernel_keyring: Encoding fixes for Python 3Petr Viktorin2016-02-172-5/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipaldap, ldapupdate: Encoding fixes for Python 3Petr Viktorin2016-02-171-4/+10
| | | | | | https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove workaround for CA running checkFraser Tweedale2016-01-211-22/+3
| | | | | | | | | | | | | A workaround was introduced for ticket #4676 that used wget to perform an (unauthenticated) https request to check the CA status. Later, wget was changed to curl (the request remained unauthenticated). Remove the workaround and use an http request (no TLS) to check the CA status. Also remove the now-unused unauthenticated_http_request method, and update specfile to remove ipalib dependency on curl. Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipapython: use python-cryptography instead of libcrypto in p11helperJan Cholasta2016-01-211-232/+108
| | | | | | | | Replace CFFI calls to libcrypto with equivalent python-cryptography code. https://fedorahosted.org/freeipa/ticket/5596 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipapython: port p11helper C code to PythonJan Cholasta2016-01-2110-2477/+1868
| | | | | | | | This replaces the binary _ipap11helper module with cffi-based Python code. https://fedorahosted.org/freeipa/ticket/5596 Reviewed-By: Martin Basti <mbasti@redhat.com>
* dnsutil: Rename __nonzero__ to __bool__Petr Viktorin2016-01-201-1/+3
| | | | | | | | | | In Python 3, this special method got renamed. Set both to the same function to keep compatibility. https://fedorahosted.org/freeipa/ticket/5623 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use print_function future definition wherever print() is usedPetr Viktorin2016-01-201-0/+2
| | | | | | | | | | | | Pylint considers `print` a statement if the __future__ import is not present, even if it's used like a function with one argument. Add the __future__ import to files `pylint --py3k` complains about. https://fedorahosted.org/freeipa/ticket/5623 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipapython: remove default_encoding_utf8Jan Cholasta2016-01-154-128/+1
| | | | | | | | | Replace the "import default_encoding_utf8" in ipalib/cli.py with equivalent Python code. https://fedorahosted.org/freeipa/ticket/5596 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Do not decode HTTP reason phrase from DogtagFraser Tweedale2016-01-131-12/+11
| | | | | | | | | | | | | | The HTTP reason phrase sent by Dogtag is assumed to be encoded in UTF-8, but the encoding used by Tomcat is dependent on system locale, causing decode errors in some locales. The reason phrase is optional and will not be sent in a future version of Tomcat[1], so do not bother decoding and returning it. [1] https://github.com/apache/tomcat/commit/707ab1c77f3bc189e1c3f29b641506db4c8bce37 Fixes: https://fedorahosted.org/freeipa/ticket/5578 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Allow to used mixed case for sysrestoreMartin Basti2016-01-081-0/+4
| | | | | | | | | | | | | This commit allows to use mixed case of keys for sysrestore, before this commit all keys were saved in lowercase what prevents to accesing them. Original usage of mixed case for sysretore key in opendssecinstance had to be changed to lowercase to prevent issues on already installed systems. https://fedorahosted.org/freeipa/ticket/5574 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* DNSSEC: ipa-dnskeysyncd: call ods-signer ldap-cleanup on zone removalPetr Spacek2016-01-071-0/+6
| | | | | | | | | | Command "ldap-cleanup <zone name>" is called to remove all key metadata from LDAP. This command is now called when disabling DNSSEC on a DNS zone. The stale metadata were causing problems when re-enabling DNSSEC on the same zone. https://fedorahosted.org/freeipa/ticket/5348 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSSEC: ipa-dnskeysyncd: Skip zones with old DNSSEC metadata in LDAPPetr Spacek2016-01-072-9/+31
| | | | | | | | | | This filtering is useful in cases where LDAP contains DNS zones which have old metadata objects and DNSSEC disabled. Such zones must be ignored to prevent errors while calling dnssec-keyfromlabel or rndc. https://fedorahosted.org/freeipa/ticket/5348 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSSEC: remove keys purged by OpenDNSSEC from master HSM from LDAPPetr Spacek2016-01-071-11/+61
| | | | | | | | | | Key purging has to be only only after key metadata purging so ipa-dnskeysyncd on replices does not fail while dereferencing non-existing keys. https://fedorahosted.org/freeipa/ticket/5334 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSSEC: add debug mode to ldapkeydb.pyPetr Spacek2016-01-071-2/+52
| | | | | | | | | | | | ldapkeydb.py can be executed directly now. In that case it will print out key metadata as obtained using IPA LDAP API. Kerberos credential cache has to be filled with principal posessing appropriate access rights before the script is execured. https://fedorahosted.org/freeipa/ticket/5348 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSSEC: remove obsolete TODO notePetr Spacek2016-01-071-1/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/5348 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSSEC: Make sure that current key state in LDAP matches key state in BINDPetr Spacek2016-01-071-1/+5
| | | | | | | | | | | | | We have to explicitly specify "none" value to prevent dnssec-keyfromlabel utility from using current time for keys without "publish" and "activate" timestamps. Previously this lead to situation where key was in (intermediate) state "generated" in OpenDNSSEC but BIND started to use this key for signing. https://fedorahosted.org/freeipa/ticket/5348 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Enable pylint trailing-whitespace checkMartin Basti2015-12-231-1/+1
| | | | | | | | | | | | | | | | | | | Enables check and fixes: ************* Module ipapython.log_manager ipapython/log_manager.py:808: [C0303(trailing-whitespace), ] Trailing whitespace) ************* Module ipachangeconf contrib/RHEL4/ipachangeconf.py:28: [C0303(trailing-whitespace), ] Trailing whitespace) contrib/RHEL4/ipachangeconf.py:116: [C0303(trailing-whitespace), ] Trailing whitespace) ************* Module ipalib.plugins.pwpolicy ipalib/plugins/pwpolicy.py:174: [C0303(trailing-whitespace), ] Trailing whitespace) ipalib/plugins/pwpolicy.py:180: [C0303(trailing-whitespace), ] Trailing whitespace) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove wildcard importsMartin Basti2015-12-235-5/+5
| | | | | | | | | | | Wildcard imports should not be used. Check for wildcard imports has been enabled in pylint. Pylint note: options 'wildcard-import' causes too much false positive results, so instead it I used 'unused-wildcard-import' option which has almost the same effect. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove unused importsMartin Basti2015-12-2315-39/+10
| | | | | | | This patch removes unused imports, alse pylint has been configured to check unused imports. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* installer: Propagate option values from components instead of copying them.David Kupka2015-12-211-3/+18
| | | | | | https://fedorahosted.org/freeipa/ticket/5556 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Package ipapython, ipalib, ipaplatform, ipatests for Python 3Petr Viktorin2015-12-173-27/+23
| | | | | | | | | | Running make with PYTHON=/usr/bin/python3 will build/install the bits for Python 3. Executable scripts in ipatests have symlinks Python version suffixes as per Fedora guidelines. Suffix-less names point to the Python 2 versions. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* dns: Handle SERVFAIL in check if domain already exists.Petr Spacek2015-12-161-6/+5
| | | | | | | | In cases where domain is already delegated to IPA prior installation we might get timeout or SERVFAIL. The answer depends on the recursive server we are using for the check. Reviewed-By: David Kupka <dkupka@redhat.com>
* ipautil: remove unused import causing cyclic import in testsJan Cholasta2015-12-151-1/+0
| | | | https://fedorahosted.org/freeipa/ticket/5551
* dns: Check if domain already exists.David Kupka2015-12-141-1/+17
| | | | | | | | | Raise an error when the domain already exists. This can be overriden using --force or --allow-zone-overlap options. https://fedorahosted.org/freeipa/ticket/3681 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* dns: do not add (forward)zone if it is already resolvable.David Kupka2015-12-141-2/+93
| | | | | | | | | Check if the zone user wants to add is already resolvable and refuse to create it if yes. --skip-overlap-check and --force options suppress this check. https://fedorahosted.org/freeipa/ticket/5087 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipautil: allow redirecting command output to standard output in run()Jan Cholasta2015-12-141-2/+13
| | | | | | https://fedorahosted.org/freeipa/ticket/5527 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Refactor ipautil.runPetr Viktorin2015-12-145-63/+179
| | | | | | | | | | | | | | | | | | | | | The ipautil.run function now returns an object with returncode and output are accessible as attributes. The stdout and stderr of all commands are logged (unless skip_output is given). The stdout/stderr contents must be explicitly requested with a keyword argument, otherwise they are None. This is because in Python 3, the output needs to be decoded, and that can fail if it's not decodable (human-readable) text. The raw (bytes) output is always available from the result object, as is "leniently" decoded output suitable for logging. All calls are changed to reflect this. A use of Popen in cainstance is changed to ipautil.run. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* install: Run all validators at once.David Kupka2015-12-081-12/+19
| | | | Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* custodia: do not modify memberPrincipal on key updateJan Cholasta2015-12-071-2/+1
| | | | | | | https://fedorahosted.org/freeipa/ticket/5401 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-01 13:12:47 +0000