summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* test_integration.config: Do not store the index in Domain and Host objectsPetr Viktorin2014-03-052-31/+35
| | | | | | | The index is a detail of the environment variable method of configuration, it should only be used there. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* test_integration.config: Use a more declarative approach to test-wide settingsPetr Viktorin2014-03-051-57/+50
| | | | | | | | The list of options was duplicated too many times. Consolidate. Part of the work for: https://fedorahosted.org/freeipa/ticket/3938 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* test_integration.config: Do not save the input environmentPetr Viktorin2014-03-052-36/+25
| | | | | | | | | | | | | Using the input environment saved in self._session_env outside of the config loading meant that methods of configuration other than environment variables wouldn't be possible. Restructure the roles/extra_roles to not depend on _session_env. Part of the work for: https://fedorahosted.org/freeipa/ticket/3938 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* test_integration.config: Fix crash in to_env when no replica is definedPetr Viktorin2014-03-051-4/+10
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* webui: Don't act on keyboard events which originated in different dialogPetr Vobornik2014-03-051-2/+33
| | | | | | | | | | | | | | | | | | Fixes issue when: 1. 2 dialogs are opened 2. top dialog's close button is focused 3. user presses enter to execute 'close' action 4. dialog is immediately closed (enter key is still pressed) 5. second dialog automatically receives focus (it's top dialog now) 6. user releases the key 7. second dialog reacts to keyup event - which is by default confirmation mixin's confirm event 8. UNDESIRED behavior occurs Now confirmation mixin remembers which keys were pressed and released and reacts only to those which originated there. https://fedorahosted.org/freeipa/ticket/4098 Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
* Typo in warning message where IPA realm and domain name differGabe2014-03-051-1/+1
| | | | | | | | Removed 'y' from warning message. https://fedorahosted.org/freeipa/ticket/4211 Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Test fixed modlist generation codePetr Viktorin2014-03-032-1/+17
| | | | | https://fedorahosted.org/freeipa/ticket/4138 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix modlist generation code not to generate empty replace mods.Jan Cholasta2014-03-031-3/+3
| | | | | https://fedorahosted.org/freeipa/ticket/4138 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* adtrustinstance: make sure to stop and disable winbind in uninstall()Alexander Bokovoy2014-02-281-2/+5
| | | | Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipaserver/dcerpc: catch the case of insuffient permissions when establishing ↵Alexander Bokovoy2014-02-271-2/+5
| | | | | | | | | | | | | | trust We attempt to delete the trust that might exist already. If there are not enough privileges to do so, we wouldn't be able to create trust at the next step and it will fail. However, failure to create trust will be due to the name collision as we already had the trust with the same name before. Thus, raise access denied exception here to properly indicate wrong access level instead of returning NT_STATUS_OBJECT_NAME_COLLISION. https://fedorahosted.org/freeipa/ticket/4202 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* trust: make sure we always discover topology of theAlexander Bokovoy2014-02-271-31/+6
| | | | | | | | | | forest trust Even though we are creating idranges for subdomains only in case there is algorithmic ID mapping in use, we still need to fetch list of subdomains for all other cases. https://fedorahosted.org/freeipa/ticket/4205
* trusts: Remove usage of deprecated LDAP APITomas Babej2014-02-271-2/+2
| | | | | | | | | Remove a reference to the old deprecated LDAP API invoked by the usage of trust_add method. https://fedorahosted.org/freeipa/ticket/4204 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipalib.plugins: Expose LDAPObjects' eligibility for permission --type in ↵Petr Viktorin2014-02-271-0/+2
| | | | | | | | JSON metadata https://fedorahosted.org/freeipa/ticket/4201 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* trustdomain_find: make sure we skip short entries when --pkey-only is specifiedAlexander Bokovoy2014-02-271-0/+2
| | | | | | | | | With --pkey-only only primary key is returned. It makes no sense to check and replace boolean values then. https://fedorahosted.org/freeipa/ticket/4196 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: Focus expand/collapse link in batch_error dialogPetr Vobornik2014-02-271-0/+2
| | | | | | | | Dialog loses focus when the links are clicked making the dialog uncontrollable by keyboard. This patch focuses the link again after expanding/collapsing the error list. Thus keeping the focus in a dialog https://fedorahosted.org/freeipa/ticket/4097 Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
* ipa-kdb: make sure we don't produce MS-PAC in case of authdata flag cleared ↵Alexander Bokovoy2014-02-261-0/+8
| | | | | | | | | | | | by admin When admin clears authdata flag for the service principal, KDC will pass NULL client pointer (service proxy) to the DAL driver. Make sure we bail out correctly. Reviewed-By: Tomáš Babej <tbabej@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* ipa-kdb: in case of delegation use original client's database entry, not the ↵Alexander Bokovoy2014-02-261-2/+7
| | | | | | | | | proxy https://fedorahosted.org/freeipa/ticket/4195 Reviewed-By: Tomáš Babej <tbabej@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* bindinstance: make sure zone manager is initialized in add_master_dns_recordsAlexander Bokovoy2014-02-261-0/+1
| | | | | | | | | Bind instance is configured using a short-circuited way when replica is set up. Make sure required properties are in place for that. https://fedorahosted.org/freeipa/ticket/4186 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Update API.txtPetr Viktorin2014-02-251-2/+2
| | | | | This fixes commit be7b1b94e300b137c34bab80df3dc91195259c89 https://fedorahosted.org/freeipa/ticket/4163
* Remove NULLS from constants.pyNathaniel McCallum2014-02-253-12/+14
| | | | | | | | | | In the parameters system, we have been checking for a positive list of values which get converted to None. The problem is that this method can in some cases throw warnings when type coercion doesn't work (particularly, string to unicode). Instead, any values that evaluate to False that are neither numeric nor boolean should be converted to None. Reviewed-By: Jan Pazdziora <jpazdziora@redhat.com>
* Certificate search max_serial_number problem fixedAdam Misnyovszki2014-02-251-0/+2
| | | | | | | | Maximum serial number field now accepts only positive numbers https://fedorahosted.org/freeipa/ticket/4163 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipatests: Fix incorrect order of operations when restoring backupTomas Babej2014-02-251-1/+1
| | | | | | | | | | When restoring files from backup, we do use an incorrect order of operations - we first restore SELinux context and then copy the files from backup, when we need to do the exact opposite. https://fedorahosted.org/freeipa/ticket/4133 Reviewed-By: Jan Pazdziora <jpazdziora@redhat.com>
* Always use real entry DNs for memberOf in ldap2.Jan Cholasta2014-02-241-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4192 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Make all ipatokenTOTP attributes mandatoryNathaniel McCallum2014-02-211-1/+1
| | | | | | | | Originally we made them all optional as a workaround for the lack of SELFDN support in 389DS. However, with the advent of SELFDN, this hack is no longer necessary. This patch updates TOTP to match HOTP in this regard. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Clarify error message about missing DNS component in ipa-replica-prepare.Petr Spacek2014-02-211-2/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/4188 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use super() properly to avoid an exceptionNathaniel McCallum2014-02-211-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4099 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* permission plugin: Do not assume attribute-level rights for new attributes ↵Petr Viktorin2014-02-211-7/+10
| | | | | | | | | | | | | are present With the --all --raw options, the code assumed attribute-level rights were set on ipaPermissionV2 attributes, even on permissions that did not have the objectclass. Add a check that the data is present before using it. https://fedorahosted.org/freeipa/ticket/4121 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Remove the unused ipalib.frontend.Property classPetr Viktorin2014-02-215-127/+23
| | | | | | | | | | This class was built into the framework from its early days but it's not used anywhere. Remove it along with its tests https://fedorahosted.org/freeipa/ticket/3460 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* libotp: do not call internal search for NULL dnAlexander Bokovoy2014-02-211-1/+6
| | | | Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* Teach ipa-pwd-extop to respect global ipaUserAuthType settingsNathaniel McCallum2014-02-217-406/+398
| | | | | | https://fedorahosted.org/freeipa/ticket/4105 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add OTP sync support to ipa-pwd-extopNathaniel McCallum2014-02-219-970/+373
| | | | Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add OTP last token pluginNathaniel McCallum2014-02-218-0/+225
| | | | | | | | | | This plugin prevents the deletion or deactivation of the last valid token for a user. This prevents the user from migrating back to single factor authentication once OTP has been enabled. Thanks to Mark Reynolds for helping me with this patch. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add HOTP supportNathaniel McCallum2014-02-218-22/+69
| | | | Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add --force option to ipactlAdam Misnyovszki2014-02-202-48/+67
| | | | | | | | | | | | | | | | If an error occurs in the start up sequence in ipactl start/restart, all the services are stopped. Using the --force option prevents stopping of services that have successfully started, just skips the services which can not be started. ipactl status now shows stopped services also, if the directory server is running. With the contribution of Ana Krivokapic https://fedorahosted.org/freeipa/ticket/3509 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* .mailmap: use correct name format for AdamMartin Kosek2014-02-201-0/+1
| | | | | Name should be First-Name Last-Name. Map all Adam's contributions to this preferred format.
* Add tests for multivalued filtersPetr Viktorin2014-02-201-0/+216
| | | | Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Add permission_filter_objectclasses for explicit type filtersPetr Viktorin2014-02-2010-14/+30
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4074 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permissions: Use multivalued targetfilterPetr Viktorin2014-02-207-234/+296
| | | | | | | | | | | | | | | | Change the target filter to be multivalued. Make the `type` option on permissions set location and an (objectclass=...) targetfilter, instead of location and target. Make changing or unsetting `type` remove existing (objectclass=...) targetfilters only, and similarly, changing/unsetting `memberof` to remove (memberof=...) only. Update tests Part of the work for: https://fedorahosted.org/freeipa/ticket/4074 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission-mod: Do not copy member attributes to new entryPetr Viktorin2014-02-201-1/+3
| | | | | Fixes: https://fedorahosted.org/freeipa/ticket/4178 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* .mailmap: Remove spurious Kyle Baker linePetr Viktorin2014-02-201-1/+0
| | | | <kbaker@redhat.com> is another person, entirely unrelated to FreeIPA.
* ipactl can not restart ipa services if current status is stoppedMisnyovszki Adam2014-02-191-2/+12
| | | | | | | | | | | | | | fixed by starting the directory server when restarting if it is not currently running to enable fetching running services later restart didn't check that also added a check, that if the directory server started at the beginning, there is no need to restart it https://fedorahosted.org/freeipa/ticket/4050 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Add support to ipa-kdb for keyless principalsNathaniel McCallum2014-02-192-0/+21
| | | | | | https://fedorahosted.org/freeipa/ticket/3779 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Improve error message on failed Kerberos authenticationAna Krivokapic2014-02-181-2/+2
| | | | | | | | | | | When ipa client installation fails due to failed Kerberos authentication, make sure that the message about the failed authentication is displayed last. This makes it clear to the user that this was the reason for failed installation. https://fedorahosted.org/freeipa/ticket/3573 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Modify DNS tests with LOC records to workaround bug in python-dns.Petr Spacek2014-02-181-5/+5
| | | | | | | | | | | Older versions of dnspython have problems with implicit values for size and h/v precision so our tests use explicit value. See https://github.com/rthalley/dnspython/issues/47 This change is necessary because we want to test if data visible over DNS protocol matches data visible over LDAP. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Fix regular expression for LOC records in DNS.Petr Spacek2014-02-181-8/+13
| | | | | | | | | | | - Fractional parts of integers are not mandatory. - Expressions containing only size or only size + horizontal precision are allowed. - N/S/W/E handling was fixed. See RFC 1876 section 3 for details. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipa-join usage instructions are incorrectGabe2014-02-181-1/+1
| | | | | | | | Parameter -s for ipa-join has hostame instead of hostname https://fedorahosted.org/freeipa/ticket/3250 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* tests: Move zone enable/disable tests to end of test_dns_plugin.pyPetr Spacek2014-02-141-72/+74
| | | | | | | | This prevents the test suite from hitting limitations in bind-dyndb-ldap 4.0. For details see https://fedorahosted.org/bind-dyndb-ldap/ticket/127 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add libotp internal library for slapi pluginsNathaniel McCallum2014-02-148-0/+970
| | | | Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Enable building in C99 modeNathaniel McCallum2014-02-143-3/+3
| | | | | | | | | | | | | C99 is supported on all compilers we target and provides some useful features, including: * Standard struct initializers * Compound literals * For-loop declarations * Standard bool type * Variable arrays (use with caution) * Too many others to mention... Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa-kdb: validate that an OTP user has tokensNathaniel McCallum2014-02-143-25/+135
| | | | | | | | | | | | This handles the case where a user is configured for OTP in ipaUserAuthType, but the user has not yet created any tokens. Until the user creates tokens, the user should still be able to log in via password. This logic already exists in LDAP, but ipa-kdb needs to perform the same validation to know what data to return to the KDC. https://fedorahosted.org/freeipa/ticket/4154 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-04 21:55:44 +0000