freeipa.git/ipaserver/plugins, branch coverity FreeIPA patches help: Add dnsserver commands to help topic 'dns' 2016-07-22T11:52:09+00:00 David Kupka dkupka@redhat.com 2016-07-15T09:55:19+00:00 34767ba25936700ba331fc5b7791ecd151083501 https://fedorahosted.org/freeipa/ticket/6069 Reviewed-By: Petr Spacek <pspacek@redhat.com> 
https://fedorahosted.org/freeipa/ticket/6069

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Host-del: fix behavior of --updatedns and PTR records 2016-07-22T11:40:05+00:00 Martin Basti mbasti@redhat.com 2016-07-21T11:18:34+00:00 8aba4f63439853d524e8b394b7919159c86d2a08 * target for ptr record must be absolute domain name * zone is detected using DNS system instead of random splitting of hostname https://fedorahosted.org/freeipa/ticket/6060 Reviewed-By: Petr Spacek <pspacek@redhat.com> 
* target for ptr record must be absolute domain name
* zone is detected using DNS system instead of random splitting of
hostname

https://fedorahosted.org/freeipa/ticket/6060

Reviewed-By: Petr Spacek <pspacek@redhat.com>
trust-add: handle `--all/--raw` options properly 2016-07-21T11:01:02+00:00 Martin Babinsky mbabinsk@redhat.com 2016-07-15T10:38:00+00:00 2234a774416309a44aecb84f27e6cf4c6a1a990f `trust-add` command did not handle these options correctly often resulting in internal errors or mangled output. This patch implements a behavior which is more in-line with the rest of the API commands. https://fedorahosted.org/freeipa/ticket/6059 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
`trust-add` command did not handle these options correctly often resulting in
internal errors or mangled output. This patch implements a behavior which is
more in-line with the rest of the API commands.

https://fedorahosted.org/freeipa/ticket/6059

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
prevent search for RADIUS proxy servers by secret 2016-07-21T08:49:10+00:00 Martin Babinsky mbabinsk@redhat.com 2016-07-21T07:42:01+00:00 66da08445370f7024a6a529a6659714c33b7525e radiusproxy-find should not allow search by proxy secret even for privileged users so we should hide it from CLI. https://fedorahosted.org/freeipa/ticket/6078 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
radiusproxy-find should not allow search by proxy secret even for privileged
users so we should hide it from CLI.

https://fedorahosted.org/freeipa/ticket/6078

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
expose `--secret` option in radiusproxy-* commands 2016-07-21T08:49:10+00:00 Martin Babinsky mbabinsk@redhat.com 2016-07-18T08:45:48+00:00 447feb7f37803b9bad8aab52841c4d1db293727a Option `--secret` was hidden from radiusproxy CLI preventing setting a secret on existing server or searching by secret. Since thin client implementation it was also not recognized by the interactive prompt code in CLI frontend since it never got there. https://fedorahosted.org/freeipa/ticket/6078 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Option `--secret` was hidden from radiusproxy CLI preventing setting a secret
on existing server or searching by secret. Since thin client implementation it
was also not recognized by the interactive prompt code in CLI frontend since
it never got there.

https://fedorahosted.org/freeipa/ticket/6078

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
allow 'value' output param in commands without primary key 2016-07-20T11:57:01+00:00 Martin Babinsky mbabinsk@redhat.com 2016-07-18T11:18:44+00:00 f0a61546f552d4df887617167f7dc1378cb95083 `PrimaryKey` output param works only for API objects that have primary keys, otherwise it expects None (nothing is associated with this param). Since the validation of command output was tightened durng thin client effort, some commands not honoring this contract began to fail output validation. A custom output was implemented for them to restore their functionality. It should however be considered as a fix for broken commands and not used further. https://fedorahosted.org/freeipa/ticket/6037 https://fedorahosted.org/freeipa/ticket/6061 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
`PrimaryKey` output param works only for API objects that have primary keys,
otherwise it expects None (nothing is associated with this param). Since the
validation of command output was tightened durng thin client effort, some
commands not honoring this contract began to fail output validation.

A custom output was implemented for them to restore their functionality. It
should however be considered as a fix for broken commands and not used
further.

https://fedorahosted.org/freeipa/ticket/6037
https://fedorahosted.org/freeipa/ticket/6061

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Show full error message for selinuxusermap-add-hostgroup 2016-07-20T11:13:05+00:00 Florence Blanc-Renaud flo@redhat.com 2016-07-20T09:02:30+00:00 90704df59dbe996ef1db58d7a11f826c008d08a3 While investigating the issue for selinuxusermap-add-hostgroup, we discovered that other commands were missing output. A first patch fixes most of the issues: freeipa-jcholast-677-frontend-copy-command-arguments-to-output-params-on-.patch This patch fixes servicedelegation CLI, where servicedelegation.takes_params was missing ipaallowedtarget_servicedelegationtarget, ipaallowedtoimpersonate and memberprincipal https://fedorahosted.org/freeipa/ticket/6026 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
While investigating the issue for selinuxusermap-add-hostgroup,
we discovered that other commands were missing output.
A first patch fixes most of the issues:
freeipa-jcholast-677-frontend-copy-command-arguments-to-output-params-on-.patch

This patch fixes servicedelegation CLI, where
servicedelegation.takes_params was missing
ipaallowedtarget_servicedelegationtarget, ipaallowedtoimpersonate and
memberprincipal

https://fedorahosted.org/freeipa/ticket/6026

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
schema: Fix subtopic -> topic mapping 2016-07-15T12:02:17+00:00 David Kupka dkupka@redhat.com 2016-07-14T08:15:59+00:00 92dea9b186611f7f1ba8aa5952b4cfdc363d75b8 https://fedorahosted.org/freeipa/ticket/6069 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
https://fedorahosted.org/freeipa/ticket/6069

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Preserve user principal aliases during rename operation 2016-07-15T11:51:03+00:00 Martin Babinsky mbabinsk@redhat.com 2016-07-01T16:09:04+00:00 2f02ffed03beac43b26e8521eff87b9489a746f9 When a MODRDN is performed on the user entry, the MODRDN plugin resets both krbPrincipalName and krbCanonicalName to the value constructed from uid. In doing so, hovewer, any principal aliases added to the krbPrincipalName are wiped clean. In this patch old aliases are fetched before the MODRDN operation takes place and inserted back after it is performed. This also preserves previous user logins which can be used further for authentication as aliases. https://fedorahosted.org/freeipa/ticket/6028 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com> 
When a MODRDN is performed on the user entry, the MODRDN plugin resets both
krbPrincipalName and krbCanonicalName to the value constructed from uid. In
doing so, hovewer, any principal aliases added to the krbPrincipalName are
wiped clean. In this patch old aliases are fetched before the MODRDN operation
takes place and inserted back after it is performed.

This also preserves previous user logins which can be used further for
authentication as aliases.

https://fedorahosted.org/freeipa/ticket/6028

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
host-find: do not show SSH key by default 2016-07-13T16:37:15+00:00 Martin Basti mbasti@redhat.com 2016-07-08T11:40:02+00:00 2874fdbfef1e191cf858dabdd34d5a0cbdc5ef16 Only function 'remove_sshpubkey_from_output_list_post' should be used in postcallbacks of *-find, otherwise only one entry will be cleaned up https://fedorahosted.org/freeipa/ticket/6043 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
Only function 'remove_sshpubkey_from_output_list_post' should be used in
postcallbacks of *-find, otherwise only one entry will be cleaned up

https://fedorahosted.org/freeipa/ticket/6043

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>