summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* realmdomains: Do not fail due the ValidationError when adding _kerberos TXT ↵Tomas Babej2015-10-121-2/+5
| | | | | | | | record https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* realmdomains: Issue a warning when automated management of realmdomains failedTomas Babej2015-10-122-5/+54
| | | | | | https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* realmdomains: Add validation that realmdomain being added is indeed from our ↵Tomas Babej2015-10-121-24/+76
| | | | | | | | realm https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* realmdomains: Minor style and wording improvementsTomas Babej2015-10-121-15/+60
| | | | | | https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* util: Add detect_dns_zone_realm_type helperTomas Babej2015-10-121-0/+55
| | | | | | https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fixed a timing issue with drill returning non-zero exitcodeOleg Fayans2015-10-091-0/+1
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* client referral support for trusted domain principalsAlexander Bokovoy2015-10-083-0/+123
| | | | | | https://fedorahosted.org/freeipa/ticket/3559 Reviewed-By: Sumit Bose <sbose@redhat.com>
* vault: select a server with KRA for vault operationsJan Cholasta2015-10-082-4/+21
| | | | | | | | This uses the same mechanism which is used for the CA. https://fedorahosted.org/freeipa/ticket/5302 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: always export KRA agent PEM fileJan Cholasta2015-10-084-9/+9
| | | | | | | | | Export the file even when KRA is not installed locally so that vault commands work on all IPA replicas. https://fedorahosted.org/freeipa/ticket/5302 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: fix KRA agent PEM file permissionsJan Cholasta2015-10-084-16/+45
| | | | | | | | This fixes CVE-2015-5284. https://fedorahosted.org/freeipa/ticket/5347 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Avoid ipa-dnskeysync-replica & ipa-ods-exporter crashes caused by exceeding ↵Petr Spacek2015-10-072-8/+4
| | | | | | | | | | | | | | | | LDAP limits ldap2 internally does LDAP search to find out what LDAP search limits should be used (!). The problem is that this internal search has hardcoded limits and throws LimitExceeded exception when DS is too slow. DNSSEC daemons do not need any abstractions from ldap2 so we are going to use ipaldap directly. This will avoid the unnecessary search and associated risks. https://fedorahosted.org/freeipa/ticket/5342 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Appease pylintPetr Viktorin2015-10-071-0/+2
| | | | | | Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipapython.ssh: Port to Python 3Petr Viktorin2015-10-072-12/+24
| | | | | | | | | Sort out the accepted types. Handle Python 3's stricter separation between bytes and unicode. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove uses of the `types` modulePetr Viktorin2015-10-0710-42/+29
| | | | | | | | | | | In Python 3, the types module no longer provide alternate names for built-in types, e.g. `types.StringType` can just be spelled `str`. NoneType is also removed; it needs to be replaced with type(None) Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.Stringio instead of StringIO.StringIOPetr Viktorin2015-10-074-10/+11
| | | | | | | | | The StringIO class was moved to the io module. (In Python 2, io.StringIO is available, but is Unicode-only.) Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.http_client instead of httplibPetr Viktorin2015-10-074-5/+30
| | | | | | | | The module was renamed in Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.configparser instead of ConfigParserPetr Viktorin2015-10-0714-25/+32
| | | | | | | | The module name was lowercased in Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.xmlrpc.client instead of xmlrpclibPetr Viktorin2015-10-079-37/+44
| | | | | | | | The module is renamed to xmlrpc.client in Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.urllib instead of urllib/urllib2/urlparsePetr Viktorin2015-10-0718-71/+77
| | | | | | | | In Python 3, these modules are reorganized. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use sys.maxsize instead of sys.maxintPetr Viktorin2015-10-072-9/+9
| | | | | | | | | | | | In Python 3, integers don't have a maximum. The number called "sys.maxint" is now "sys.maxsize" (defined as larger than the largest possible list/string index). The new spelling is also available in Python 2.7. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* test_dn: Split bytes and unicodePetr Viktorin2015-10-071-42/+67
| | | | | | Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipapython.dn: Use rich comparisonsPetr Viktorin2015-10-072-47/+94
| | | | | | | | __cmp__ and cmp were removed from Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* rpc: Don't use undocumented urllib functionsPetr Viktorin2015-10-071-3/+4
| | | | | | | | | | | | The "splittype" and "splithost" functions in urllib.parse are undocumented and reserved for internal use, see http://bugs.python.org/issue11009 Use urlsplit instead. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipap11helper: Port to Python 3Petr Viktorin2015-10-071-184/+94
| | | | | | | | | | | | | | | - Use PyLong instead of PyInt on Python 3 - Use PyBytes instead of PyString for binary strings - Use Py_TYPE(o) instead of o->py_type, and PyVarObject_HEAD_INIT instead of PyObject_HEAD_INIT - Use a helper function instead of Py_BuildValue("s#"), so that bytes are returned on Python 3 - Use new style module initialization on Python 3 - Use PyModule_AddIntConstant and PyModule_AddIntMacro for adding constants Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Update FreeIPA package descriptionGabe2015-10-061-29/+35
| | | | | | https://fedorahosted.org/freeipa/ticket/5284 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* httpinstance: Replace a hardcoded path to password.conf with HTTPD_PASSWORD_CONFTimo Aaltonen2015-10-051-1/+1
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* paths: Add GENERATE_RNDC_KEY.Timo Aaltonen2015-10-052-1/+2
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* Include ipatests/test_xmlrpc/data directory into distribution.Milan Kubík2015-10-051-0/+1
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipatests: configure Network Manager not to manage resolv.confMilan Kubík2015-10-022-1/+37
| | | | | | | | | For the duration of the test, makes resolv.conf unmanaged. If NetworkManager is not running, nothing is changed. https://fedorahosted.org/freeipa/ticket/5331 Reviewed-By: Martin Basti <mbasti@redhat.com>
* do not overwrite files with local users/groups when restoring authconfigMartin Babinsky2015-10-021-0/+12
| | | | | | | | | | the patch fixes regression in ipa-restore caused by overwriting /etc/passwd, /etc/shadow and fiends during restore of authconfig configuration files. These files are now excluded from authconfig backup dir. https://fedorahosted.org/freeipa/ticket/5328 Reviewed-By: David Kupka <dkupka@redhat.com>
* re-kinit after ipa-restore in backup/restore CI testsMartin Babinsky2015-10-021-0/+3
| | | | | | | | | | | In FreeIPA CI-tests the install_master task automatically performs kinit after successfull installation. This may break some backup/restore tests which perform backup into previously installed IPA master. In this case it is neccessary to re-kinit after restore. https://fedorahosted.org/freeipa/ticket/5326 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-server-install: mark master_password Knob as deprecatedMartin Babinsky2015-10-011-0/+1
| | | | | | | | | fixes a regression introduced during fixing https://fedorahosted.org/freeipa/ticket/5184 https://fedorahosted.org/freeipa/ticket/5335 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* install: fix ipa-server-install fail on missing --forwarderJan Cholasta2015-10-013-4/+13
| | | | | | https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Added a proper workaround for dnssec test failures in Beaker environmentOleg Fayans2015-10-011-3/+9
| | | | | | | | | | | | | | In beaker lab the situation when master and replica have ip addresses from different subnets is quite frequent. When a replica has ip from different subnet than master's, ipa-replica-prepare looks up a proper reverse zone to add a pointer record, and if it does not find it, it asks a user for permission to create it automatically. It breaks the tests adding the unexpected input. The workaround is to always create a reverse zone for a new replica. Corresponding ticket is https://fedorahosted.org/freeipa/ticket/5306 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: fix invocation of KRAInstance.create_instance()Jan Cholasta2015-10-011-1/+1
| | | | Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Replace StandardError with ExceptionRobert Kuska2015-09-3021-49/+49
| | | | | | | | StandardError was removed in Python3 and instead Exception should be used. Signed-off-by: Robert Kuska <rkuska@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* webui: improve performance of search in association dialogPetr Vobornik2015-09-301-5/+12
| | | | | | | | | | By adding no_members option to commands which supports it. It then skips memberof procession on the server side. https://fedorahosted.org/freeipa/ticket/5271 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix an integer underflow bug in libotpNathaniel McCallum2015-09-291-3/+3
| | | | | | | | | | Temporarily storing the offset time in an unsigned integer causes the value of the offset to underflow when a (valid) negative offset value is generated. Using a signed variable avoids this problem. https://fedorahosted.org/freeipa/ticket/5333 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Replica inst. fix: do not require -r, -a, -p options in unattended modeMartin Basti2015-09-292-7/+6
| | | | | | | | | | Previous patches for this ticket introduced error, that replica install requires to specify -r, -p and -a option in unattended mode. This options are not needed on replica side. https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Milan Kubík <mkubik@redhat.com>
* dnssec option missing in ipa-dns-install man pageGabe2015-09-253-0/+18
| | | | | | | | - Add DNSSEC option ipa-replica-install and ipa-server-install man page as well https://fedorahosted.org/freeipa/ticket/5300 Reviewed-By: Martin Basti <mbasti@redhat.com>
* CI: backup and restore with KRAMartin Basti2015-09-251-0/+77
| | | | Reviewed-By: Milan Kubík <mkubik@redhat.com>
* winsync-migrate: Properly handle collisions in the names of external groupsTomas Babej2015-09-231-3/+14
| | | | | | | | | | | | | Since the names of the external groups containing the migrated users must be stripped of characters which are not valid for use in group names, two different groups might be mapped to one during this process. Properly handle collisions in the names by adding an incremental numeric suffix. https://fedorahosted.org/freeipa/ticket/5319 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* winsync-migrate: Convert entity names to posix friendly stringsTomas Babej2015-09-232-3/+35
| | | | | | | | | | | | | | | | | | | | | | During the migration from winsync replicated users to their trusted identities, memberships are being preserved. However, trusted users are external and as such cannot be added as direct members to the IPA entities. External groups which encapsulate the migrated users are added as members to those entities instead. The name of the external group is generated from the type of the entity and its name. However, the entity's name can contain characters which are invalid for use in the group name. Adds a helper function to convert a given string to a string which would be valid for such use and leverages it in the winsync-migrate tool. https://fedorahosted.org/freeipa/ticket/5319 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* install: fix kdcproxy user home directoryJan Cholasta2015-09-233-2/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/5314 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* platform: add option to create home directory when adding userJan Cholasta2015-09-232-4/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/5314 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* destroy httpd ccache after stopping the serviceMartin Babinsky2015-09-231-0/+1
| | | | | | | | | This will force recreation of the file-based ccache after IPA restore and prevent a mismatch between cached and restored Kerberos keys. https://fedorahosted.org/freeipa/ticket/5296 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: create kdcproxy user during server installJan Cholasta2015-09-224-13/+18
| | | | | | | | | | This change makes kdcproxy user creation consistent with DS and CA user creation. Before, the user was created in the spec file, in %pre scriptlet of freeipa-server. https://fedorahosted.org/freeipa/ticket/5314 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Rewrap errors in get_principal to CCacheErrorMichael Simacek2015-09-224-8/+16
| | | | | | | | | Causes nicer error message when kerberos credentials are not available. https://fedorahosted.org/freeipa/ticket/5272 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipa-backup: Add mechanism to store empty directory structureTomas Babej2015-09-223-3/+51
| | | | | | | | | | | | | Certain subcomponents of IPA, such as Dogtag, cannot function if non-critical directories (such as log directories) have not been stored in the backup. This patch implements storage of selected empty directories, while preserving attributes and SELinux context. https://fedorahosted.org/freeipa/ticket/5297 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Move unattended option to the general help sectionJan Cholasta2015-09-221-10/+11
| | | | | | https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-03 00:28:47 +0000