freeipa.git/ipapython, branch webui-cleanup FreeIPA patches Drop our own PKCS#10 ASN.1 decoder and use the one from python-nss 2010-07-29T14:50:10+00:00 Rob Crittenden rcritten@redhat.com 2010-07-20T18:00:43+00:00 b7ca3d68c28b54500a2f908c4e2e6c89b2433461 This patch: - bumps up the minimum version of python-nss - will initialize NSS with nodb if a CSR is loaded and it isn't already init'd - will shutdown NSS if initialized in the RPC subsystem so we use right db - updated and added a few more tests Relying more on NSS introduces a bit of a problem. For NSS to work you need to have initialized a database (either a real one or no_db). But once you've initialized one and want to use another you have to close down the first one. I've added some code to nsslib.py to do just that. This could potentially have some bad side-effects at some point, it works ok now. 
This patch:
- bumps up the minimum version of python-nss
- will initialize NSS with nodb if a CSR is loaded and it isn't already
  init'd
- will shutdown NSS if initialized in the RPC subsystem so we use right db
- updated and added a few more tests

Relying more on NSS introduces a bit of a problem. For NSS to work you
need to have initialized a database (either a real one or no_db). But once
you've initialized one and want to use another you have to close down the
first one.  I've added some code to nsslib.py to do just that. This could
potentially have some bad side-effects at some point, it works ok now.
Clean up crypto code, take advantage of new nss-python capabilities 2010-07-15T14:51:49+00:00 Rob Crittenden rcritten@redhat.com 2010-06-24T15:40:02+00:00 8d2d7429beb6bf66cb3c4fc35a7a3dbb165a432c This patch does the following: - drops our in-tree x509v3 parser to use the python-nss one - return more information on certificates - make an API change, renaming cert-get to cert-show - Drop a lot of duplicated code 
This patch does the following:
- drops our in-tree x509v3 parser to use the python-nss one
- return more information on certificates
- make an API change, renaming cert-get to cert-show
- Drop a lot of duplicated code
use NSS for SSL operations 2010-06-15T19:03:36+00:00 John Dennis jdennis@redhat.com 2010-05-31T11:40:17+00:00 31027c6183e3df927b08f0f0b7f84ae7420c3e88 






gpg2 requires --batch to use the --passphrase* arguments.
2010-05-27T15:02:39+00:00

Rob Crittenden
rcritten@redhat.com

2010-05-27T15:02:39+00:00

c67b47f9f693d0209572b34a6cf7927dcbf22200

This was causing replica creation and installation to fail.

596446





This was causing replica creation and installation to fail.

596446







Add simple test to see if client is already configured
2010-05-06T21:17:16+00:00

Rob Crittenden
rcritten@redhat.com

2010-05-06T20:41:59+00:00

3bf7268d749f869d1d238caf2ee9a6c28ed40280

If this ever gets out of sync the user can always remove
/var/lib/ipa-client/sysrestore/*, they just need to understand the
implications.

One potential problem is with certmonger. If you install the client
and then re-install without uninstalling then the subsequent
certificate request by certmonger will fail because it will already
be tracking a certificate in /etc/pki/nssdb of the same nickname and
subject (the old cert).





If this ever gets out of sync the user can always remove
/var/lib/ipa-client/sysrestore/*, they just need to understand the
implications.

One potential problem is with certmonger. If you install the client
and then re-install without uninstalling then the subsequent
certificate request by certmonger will fail because it will already
be tracking a certificate in /etc/pki/nssdb of the same nickname and
subject (the old cert).







Handle CSRs whether they have NEW in the header or not
2010-05-03T23:58:08+00:00

Rob Crittenden
rcritten@redhat.com

2010-05-03T21:38:39+00:00

3ea044fb59bf6ada2c0e9b507c1d6c4dfd8aaa23

Also consolidate some duplicate code





Also consolidate some duplicate code







Make the installer/uninstaller more aware of its state
2010-05-03T19:41:18+00:00

Rob Crittenden
rcritten@redhat.com

2010-05-03T19:21:51+00:00

04e9056ec2b6e0360f3f3545fd638ecc17aaad2c

We have had a state file for quite some time that is used to return
the system to its pre-install state. We can use that to determine what
has been configured.

This patch:
- uses the state file to determine if dogtag was installed
- prevents someone from trying to re-install an installed server
- displays some output when uninstalling
- re-arranges the ipa_kpasswd installation so the state is properly saved
- removes pkiuser if it was added by the installer
- fetches and installs the CA on both masters and clients





We have had a state file for quite some time that is used to return
the system to its pre-install state. We can use that to determine what
has been configured.

This patch:
- uses the state file to determine if dogtag was installed
- prevents someone from trying to re-install an installed server
- displays some output when uninstalling
- re-arranges the ipa_kpasswd installation so the state is properly saved
- removes pkiuser if it was added by the installer
- fetches and installs the CA on both masters and clients







Accept unicode for sysrestore
2010-04-23T21:19:28+00:00

Martin Nagy
mnagy@redhat.com

2010-04-15T09:59:16+00:00

1340875165150144aba07f89df9e39b5ecb43832












Fix http(s)_request in dogtag. Was blowing up because of unicode strings.
2010-03-30T19:11:56+00:00

Pavel Zuna
pzuna@redhat.com

2010-03-30T14:11:17+00:00

9dd082eb338e7917744d00359ac6ba55b490caee












Provide mechanism in ipautil.run() to not log all arguments.
2010-03-19T13:59:24+00:00

Rob Crittenden
rcritten@redhat.com

2010-03-15T21:06:24+00:00

99da0d88f066826fc33562045d47f6cc760633b5

This is primarily designed to not log passwords but it could have other
uses.

567867





This is primarily designed to not log passwords but it could have other
uses.

567867