freeipa.git/ipaclient/plugins, branch replica_kdc FreeIPA patches dns: fix `dnsrecord_add` interactive mode 2017-03-08T14:52:41+00:00 Jan Cholasta jcholast@redhat.com 2017-02-23T13:21:59+00:00 1e912f5b83166154806e0382f3f028d0eac81731 `dnsrecord_add` interactive mode might prompt for value of non-existent arguments `a_part_create_reverse` and `aaaa_part_create_reverse`. This happens because `dnsrecord_add` extra flags are incorrectly defined as parts of the respective DNS records. Remove extra flags from DNS record parts to fix the interactive mode on old clients talking to new servers. Skip non-existent arguments in the interactive mode to fix new clients talking to old servers. https://fedorahosted.org/freeipa/ticket/6457 Reviewed-By: Martin Basti <mbasti@redhat.com> 
`dnsrecord_add` interactive mode might prompt for value of non-existent
arguments `a_part_create_reverse` and `aaaa_part_create_reverse`. This
happens because `dnsrecord_add` extra flags are incorrectly defined as
parts of the respective DNS records.

Remove extra flags from DNS record parts to fix the interactive mode on old
clients talking to new servers. Skip non-existent arguments in the
interactive mode to fix new clients talking to old servers.

https://fedorahosted.org/freeipa/ticket/6457

Reviewed-By: Martin Basti <mbasti@redhat.com>
Vault: port key wrapping to python-cryptography 2017-03-02T13:22:11+00:00 Christian Heimes cheimes@redhat.com 2017-02-25T12:09:11+00:00 ed7a03a1af8b556247b929635e2972be4f2b32e4 https://fedorahosted.org/freeipa/ticket/6650 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
https://fedorahosted.org/freeipa/ticket/6650

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Remove NSSConnection from otptoken plugin 2017-03-01T09:43:41+00:00 Stanislav Laznicka slaznick@redhat.com 2017-01-03T12:31:01+00:00 2a9d1fb7d9dda0299c6f7cd75a715182d15e04df Replace NSSConnection with httplib.HTTPSConenction to be able to remove NSSConnection for good. https://fedorahosted.org/freeipa/ticket/5695 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Replace NSSConnection with httplib.HTTPSConenction to be able to remove
NSSConnection for good.

https://fedorahosted.org/freeipa/ticket/5695

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
csrgen: Support encrypted private keys 2017-02-28T09:02:49+00:00 Ben Lipton blipton@redhat.com 2017-02-09T01:56:37+00:00 ada91c20588046bb147fc701718d3da4d2c080ca https://fedorahosted.org/freeipa/ticket/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
csrgen: Allow overriding the CSR generation profile 2017-02-28T09:02:49+00:00 Ben Lipton blipton@redhat.com 2017-02-04T15:25:42+00:00 4350dcdea22fd2284836315d0ae7d38733a7620e In case users want multiple CSR generation profiles that work with the same dogtag profile, or in case the profiles are not named the same, this flag allows specifying an alternative CSR generation profile. https://fedorahosted.org/freeipa/ticket/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
In case users want multiple CSR generation profiles that work with the
same dogtag profile, or in case the profiles are not named the same,
this flag allows specifying an alternative CSR generation profile.

https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
csrgen: Automate full cert request flow 2017-02-28T09:02:49+00:00 Ben Lipton blipton@redhat.com 2016-08-22T14:46:02+00:00 39a5d9c5aae77687f67d9be02457733bdfb99ead Allows the `ipa cert-request` command to generate its own CSR. It no longer requires a CSR passed on the command line, instead it creates a config (bash script) with `cert-get-requestdata`, then runs it to build a CSR, and submits that CSR. Example usage (NSS database): $ ipa cert-request --principal host/test.example.com --profile-id caIPAserviceCert --database /tmp/certs Example usage (PEM private key file): $ ipa cert-request --principal host/test.example.com --profile-id caIPAserviceCert --private-key /tmp/key.pem https://fedorahosted.org/freeipa/ticket/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Allows the `ipa cert-request` command to generate its own CSR. It no
longer requires a CSR passed on the command line, instead it creates a
config (bash script) with `cert-get-requestdata`, then runs it to build
a CSR, and submits that CSR.

Example usage (NSS database):
$ ipa cert-request --principal host/test.example.com --profile-id caIPAserviceCert --database /tmp/certs

Example usage (PEM private key file):
$ ipa cert-request --principal host/test.example.com --profile-id caIPAserviceCert --private-key /tmp/key.pem

https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
DNS: dns-update-system-record can create nsupdate file 2017-02-15T11:20:55+00:00 Martin Basti mbasti@redhat.com 2017-01-27T12:42:19+00:00 7eb2ef61905a5c6ddf04237f0aa84e7585e1186d Added option --out <path> creates a file with IPA DNS data in nsupdate format. https://fedorahosted.org/freeipa/ticket/6585 Reviewed-By: Tomas Krizek <tkrizek@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Added option --out <path> creates a file with IPA DNS data in nsupdate
format.

https://fedorahosted.org/freeipa/ticket/6585

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
tests: Add tests for CSR autogeneration 2017-01-31T09:20:28+00:00 Ben Lipton blipton@redhat.com 2016-09-08T22:29:46+00:00 a26cf0d7910dd4c0a4da08682b4be8d3d94ba520 This patch also contains some code changes to make the code easier to test and to make the tests pass. https://fedorahosted.org/freeipa/ticket/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
This patch also contains some code changes to make the code easier to
test and to make the tests pass.

https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
csrgen: Add code to generate scripts that generate CSRs 2017-01-31T09:20:28+00:00 Ben Lipton blipton@redhat.com 2016-07-05T18:19:35+00:00 10ef5947860f5098182b1f95c08c1158e2da15f9 Adds a library that uses jinja2 to format a script that, when run, will build a CSR. Also adds a CLI command, 'cert-get-requestdata', that uses this library and builds the script for a given principal. The rules are read from json files in /usr/share/ipa/csr, but the rule provider is a separate class so that it can be replaced easily. https://fedorahosted.org/freeipa/ticket/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Adds a library that uses jinja2 to format a script that, when run, will
build a CSR. Also adds a CLI command, 'cert-get-requestdata', that uses
this library and builds the script for a given principal. The rules are
read from json files in /usr/share/ipa/csr, but the rule provider is a
separate class so that it can be replaced easily.

https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
py3: decode bytes for json.loads() 2017-01-24T12:25:47+00:00 Martin Basti mbasti@redhat.com 2017-01-12T15:20:43+00:00 18337bf7f7c31a47fe0c7280f82fca043b548bd5 In py 3.5 json.loads requires to have string as input, all bytes must be decoded. Note: python 3.6 supports bytes for json.loads() https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
In py 3.5 json.loads requires to have string as input, all bytes must be
decoded.

Note: python 3.6 supports bytes for json.loads()

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>