freeipa.git/ipalib/plugins, branch kdc-fixes FreeIPA patches Fix incorrect type comparison in trust-fetch-domains 2015-08-06T08:16:30+00:00 Tomas Babej tbabej@redhat.com 2015-08-05T15:31:47+00:00 7688bbcc33eb24a86ede7dc12ea9c64a27006aa8 Value needs to be unpacked from the list and converted before comparison. https://fedorahosted.org/freeipa/ticket/5182 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
Value needs to be unpacked from the list and converted before comparison.

https://fedorahosted.org/freeipa/ticket/5182

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Fix otptoken-remove-managedby command summary 2015-08-05T10:27:48+00:00 Fraser Tweedale ftweedal@redhat.com 2015-08-05T05:50:07+00:00 e28a45072004d93ced9bf81b3810fbd2652664b5 Reviewed-By: Tomas Babej <tbabej@redhat.com> 
Reviewed-By: Tomas Babej <tbabej@redhat.com>
store certificates issued for user entries as userCertificate;binary 2015-08-04T11:57:33+00:00 Martin Babinsky mbabinsk@redhat.com 2015-08-03T11:36:29+00:00 3257ac6b876e9e62cae58060c96c525ff0df1ae3 This patch forces the user management CLI command to store certificates as userCertificate;binary attribute. The code to retrieve of user information was modified to enable outputting of userCertificate;binary attribute to the command line. The modification also fixes https://fedorahosted.org/freeipa/ticket/5173 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
This patch forces the user management CLI command to store certificates as
userCertificate;binary attribute. The code to retrieve of user information was
modified to enable outputting of userCertificate;binary attribute to the
command line.

The modification also fixes https://fedorahosted.org/freeipa/ticket/5173

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
user-show: add --out option to save certificates to file 2015-07-31T14:11:17+00:00 Fraser Tweedale ftweedal@redhat.com 2015-07-24T13:31:26+00:00 896783bae817ef16ca1cb31a0c434fe863287cc3 Add the --out option to user-show, bringing it into line with host-show and service-show with the ability to save the user's certificate(s) to a file. https://fedorahosted.org/freeipa/ticket/5171 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Add the --out option to user-show, bringing it into line with
host-show and service-show with the ability to save the user's
certificate(s) to a file.

https://fedorahosted.org/freeipa/ticket/5171

Reviewed-By: Martin Basti <mbasti@redhat.com>
certprofile-import: do not require profileId in profile data 2015-07-31T14:00:57+00:00 Christian Heimes cheimes@redhat.com 2015-07-23T15:48:56+00:00 a4ade199aa594307cdd6bc43d1729cc42e92fd1e certprofile-import no longer requires profileId in profile data. Instead the profile ID from the command line is taken and added to the profile data internally. If profileId is set in the profile, then it still has to match the CLI option. https://fedorahosted.org/freeipa/ticket/5090 Reviewed-By: Martin Basti <mbasti@redhat.com> 
certprofile-import no longer requires profileId in profile data. Instead
the profile ID from the command line is taken and added to the profile
data internally.

If profileId is set in the profile, then it still has to match the CLI
option.

https://fedorahosted.org/freeipa/ticket/5090

Reviewed-By: Martin Basti <mbasti@redhat.com>
Validate vault's file parameters 2015-07-31T13:33:49+00:00 Christian Heimes cheimes@redhat.com 2015-07-30T13:48:40+00:00 8e28ddd8fab40e985756729f23e8f352d2dab071 A user can pass file names for password, public and private key files to the vault plugin. The plugin attempts to read from these files. If any file can't be, an internal error was raised. The patch wraps all reads and turns any IOError and UnicodeError into a ValidationError. https://fedorahosted.org/freeipa/ticket/5155 Reviewed-By: Martin Basti <mbasti@redhat.com> 
A user can pass file names for password, public and private key files to
the vault plugin. The plugin attempts to read from these files. If any
file can't be, an internal error was raised. The patch wraps all reads
and turns any IOError and UnicodeError into a ValidationError.

https://fedorahosted.org/freeipa/ticket/5155

Reviewed-By: Martin Basti <mbasti@redhat.com>
Modernize number literals 2015-07-31T13:22:19+00:00 Petr Viktorin pviktori@redhat.com 2015-07-15T14:38:06+00:00 b8c46f2a32d0d8c2dc6ef0867f85f63cf076a004 Use Python-3 compatible syntax, without breaking compatibility with py 2.7 - Octals literals start with 0o to prevent confusion - The "L" at the end of large int literals is not required as they use long on Python 2 automatically. - Using 'int' instead of 'long' for small numbers is OK in all cases except strict type checking checking, e.g. type(0). https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Use Python-3 compatible syntax, without breaking compatibility with py 2.7

- Octals literals start with 0o to prevent confusion
- The "L" at the end of large int literals is not required as they use
  long on Python 2 automatically.
- Using 'int' instead of 'long' for small numbers is OK in all cases except
  strict type checking checking, e.g. type(0).

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
ULC: Fix stageused-add --from-delete command 2015-07-29T15:06:54+00:00 Martin Basti mbasti@redhat.com 2015-07-23T08:52:54+00:00 cea52ce186d9341f126ef6a9ac5f0287c4f16ada Nonexistent method was used to move deleted user to staged area. Minor fixes added: * handle not found error * return new DN https://fedorahosted.org/freeipa/ticket/5145 Reviewed-By: David Kupka <dkupka@redhat.com> 
Nonexistent method was used to move deleted user to staged area.
Minor fixes added:
 * handle not found error
 * return new DN

https://fedorahosted.org/freeipa/ticket/5145

Reviewed-By: David Kupka <dkupka@redhat.com>
otptoken: use ipapython.nsslib instead of Python's ssl module 2015-07-27T15:25:57+00:00 Christian Heimes cheimes@redhat.com 2015-07-07T13:10:28+00:00 3c974c157f332bd8f4db48eba52d2b760c0c1e77 The otptoken plugin is the only module in FreeIPA that uses Python's ssl module instead of NSS. The patch replaces ssl with NSSConnection. It uses the default NSS database to lookup trust anchors. NSSConnection uses NSS for hostname matching. The package python-backports-ssl_match_hostname is no longer required. https://fedorahosted.org/freeipa/ticket/5068 Reviewed-By: Martin Basti <mbasti@redhat.com> 
The otptoken plugin is the only module in FreeIPA that uses Python's ssl
module instead of NSS. The patch replaces ssl with NSSConnection. It
uses the default NSS database to lookup trust anchors. NSSConnection
uses NSS for hostname matching. The package
python-backports-ssl_match_hostname is no longer required.

https://fedorahosted.org/freeipa/ticket/5068

Reviewed-By: Martin Basti <mbasti@redhat.com>
certprofile-import: improve profile format documentation 2015-07-27T15:21:16+00:00 Christian Heimes cheimes@redhat.com 2015-07-23T16:22:19+00:00 2596adb312700a6133a4405851af9aec62941cd9 The certprofile-import plugin expects a raw Dogtag config file. The XML format is not supported. --help gives a hint about the correct file format. https://fedorahosted.org/freeipa/ticket/5089 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> 
The certprofile-import plugin expects a raw Dogtag config file. The XML
format is not supported. --help gives a hint about the correct file format.

https://fedorahosted.org/freeipa/ticket/5089

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>