freeipa.git/ipaclient, branch cakeysfix FreeIPA patches ipa-client-install: remove extra space in pkinit_anchors definition 2017-05-02T11:46:55+00:00 Florence Blanc-Renaud flo@redhat.com 2017-05-02T08:22:22+00:00 26dbab1fd4384b8f3999b153c2d94220cf541ad2 ipa-client-install modifies /etc/krb5.conf and defines the following line: pkinit_anchors = FILE: /etc/ipa/ca.crt The extra space between FILE: and /etc/ipa/ca.crt break pkinit. https://pagure.io/freeipa/issue/6916 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
ipa-client-install modifies /etc/krb5.conf and defines the following line:
    pkinit_anchors = FILE: /etc/ipa/ca.crt

The extra space between FILE: and /etc/ipa/ca.crt break pkinit.

https://pagure.io/freeipa/issue/6916

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
vault: piped input for ipa vault-add fails 2017-04-28T11:19:51+00:00 Florence Blanc-Renaud flo@redhat.com 2017-04-27T16:20:06+00:00 d5c41ed4ad370c7d74296a830993a5bd3fd32e5f An exception is raised when using echo "Secret123\n" | ipa vault-add myvault This happens because the code is using (string).decode(sys.stdin.encoding) and sys.stdin.encoding is None when the input is read from a pipe. The fix is using the prompt_password method defined by Backend.textui, which gracefully handles this issue. https://pagure.io/freeipa/issue/6907 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
An exception is raised when using echo "Secret123\n" | ipa vault-add myvault

This happens because the code is using (string).decode(sys.stdin.encoding)
and sys.stdin.encoding is None when the input is read from a pipe.
The fix is using the prompt_password method defined by Backend.textui,
which gracefully handles this issue.

https://pagure.io/freeipa/issue/6907

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Correct PyPI package dependencies 2017-04-26T10:31:11+00:00 Christian Heimes cheimes@redhat.com 2017-04-10T08:00:23+00:00 26ab51ddf47f421f3404709052db89f08c05adaa * Remove unused install requires from ipapython * Add missing requirements to ipaserver * Correct dependencies for yubico otptoken * Add explicit dependency on cffi for csrgen * Python 2 uses python-ldap, Python 3 pyldap https://pagure.io/freeipa/issue/6875 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> 
* Remove unused install requires from ipapython
* Add missing requirements to ipaserver
* Correct dependencies for yubico otptoken
* Add explicit dependency on cffi for csrgen
* Python 2 uses python-ldap, Python 3 pyldap

https://pagure.io/freeipa/issue/6875

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Use entry_points for ipa CLI 2017-04-11T11:29:50+00:00 Christian Heimes cheimes@redhat.com 2017-04-07T13:03:08+00:00 bf67974459f093487a1c5a49234769803780ecbe Fix problem with hard-coded shebang in ipa command line tool by using a proper setuptools entry point for the console script. ipaclient is now an executable Python package, too. ``` $ python -m ipaclient ping ``` is equivalent to ``` $ ipa ping ``` Related: https://pagure.io/freeipa/issue/6653 Closes: https://pagure.io/freeipa/issue/6850 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Tomas Krizek <tkrizek@redhat.com> 
Fix problem with hard-coded shebang in ipa command line tool by using
a proper setuptools entry point for the console script. ipaclient is now
an executable Python package, too.

```
$ python -m ipaclient ping
```

is equivalent to

```
$ ipa ping
```

Related: https://pagure.io/freeipa/issue/6653
Closes: https://pagure.io/freeipa/issue/6850
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
csrgen: Beginnings of NSS database support 2017-04-03T07:46:30+00:00 Ben Lipton blipton@redhat.com 2017-01-30T15:51:11+00:00 a53e17830c3d4fd59a62248d4447491675c6a80e https://pagure.io/freeipa/issue/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
https://pagure.io/freeipa/issue/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
csrgen: Modify cert_get_requestdata to return a CertificationRequestInfo 2017-04-03T07:46:30+00:00 Ben Lipton blipton@redhat.com 2017-01-06T16:19:19+00:00 e7588ab2dc73e7f66ebc6cdcfb99470540e37731 Also modify cert_request to use this new format. Note, only PEM private keys are supported for now. NSS databases are not. https://pagure.io/freeipa/issue/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Also modify cert_request to use this new format. Note, only PEM private
keys are supported for now. NSS databases are not.

https://pagure.io/freeipa/issue/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
csrgen: Change to pure openssl config format (no script) 2017-04-03T07:46:30+00:00 Ben Lipton blipton@redhat.com 2017-03-21T21:23:46+00:00 136c6c3e2a4f77a27f435efd4a1cd95c9e089314 https://pagure.io/freeipa/issue/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
https://pagure.io/freeipa/issue/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
csrgen: Remove helper abstraction 2017-04-03T07:46:30+00:00 Ben Lipton blipton@redhat.com 2017-03-21T16:21:30+00:00 5420e9cfbe7803808b6e26d2dae64f2a6a50149a All requests now use the OpenSSL formatter. However, we keep Formatter a separate class so that it can be changed out for tests. https://pagure.io/freeipa/issue/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
All requests now use the OpenSSL formatter. However, we keep Formatter
a separate class so that it can be changed out for tests.

https://pagure.io/freeipa/issue/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Simplify KRA transport cert cache 2017-03-28T08:10:03+00:00 Christian Heimes cheimes@redhat.com 2017-03-17T09:44:38+00:00 abefb64bea8ea1b8487ad87716e4a335555d19dc In-memory cache causes problem in forking servers. A file based cache is good enough. It's easier to understand and avoids performance regression and synchronization issues when cert becomes out-of-date. https://pagure.io/freeipa/issue/6787 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
In-memory cache causes problem in forking servers. A file based cache is
good enough. It's easier to understand and avoids performance regression
and synchronization issues when cert becomes out-of-date.

https://pagure.io/freeipa/issue/6787
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Support certificate login after installation and upgrade 2017-03-14T14:13:43+00:00 Pavel Vomacka pvomacka@redhat.com 2017-03-09T11:14:21+00:00 75c592d3b9081474cae51c929e6af29c7a0eebb6 Add necessary steps which set SSSD and set SELinux boolean during installation or upgrade. Also create new endpoint in apache for login using certificates. https://pagure.io/freeipa/issue/6225 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com> 
Add necessary steps which set SSSD and set SELinux boolean during
installation or upgrade. Also create new endpoint in apache for
login using certificates.

https://pagure.io/freeipa/issue/6225

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>