freeipa.git - FreeIPA patches

	Commit message (Collapse)	Author	Age	Files	Lines
...
*	Make ipa-client-automount backwards compatible	Martin Kosek	2014-04-02	1	-1/+6
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	ipa-client-automount calls automountlocation-show command during the process. Unfortunately, FreeIPA commands are forward compatible only and thus fail the installer. Similarly to ipa-client-install, call XML-RPC interface directly with version fixed to 2.0 (command was already available at that version) to fix the failure. https://fedorahosted.org/freeipa/ticket/4290 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
*	Extending user plugin with inetOrgPerson fields	Adam Misnyovszki	2014-03-28	5	-11/+136
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	According to http://tools.ietf.org/html/rfc2798 ipa client and web ui extended with inetOrgPerson fields: - employeenumber - employeetype - preferredlanguage - departmentnumber carlicenseplate is now multivalued https://fedorahosted.org/freeipa/ticket/4165 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
*	Add requires for pki-core-10.1.1-1.fc20	Martin Kosek	2014-03-28	1	-1/+1
\| \| \| \| \| \|	Fixes PKI installation errors on Fedora 20. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
*	webui: replace IPA.command usage with rpc.command	Petr Vobornik	2014-03-27	25	-168/+189
\| \| \| \| \| \| \|	Replace all IPA.command, IPA.batch_command and IPA.concurrent_command usages by equivalents from rpc module. Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
*	webui: move RPC code from IPA module to its own module	Petr Vobornik	2014-03-27	2	-884/+930
\| \| \| \| \| \| \| \|	- moves RPC code from ipa.js to it's own module - part of ongoing effort where the ultimate goal is to get rid of ipa.js and IPA namespace Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
*	webui: make navigation module independent on app module	Petr Vobornik	2014-03-27	4	-109/+122
\| \| \| \| \| \| \| \| \| \| \| \|	When some module used 'freeipa/navigation' it pulled the entire Web UI because navigation depended on app. This patch splits the app into two modules: app and app_container. App specifies the entities which are part of final application. app_container module represents the application boot classes. Navigation now depends on app_container. Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
*	Add missing dependencies to freeipa-python package	Martin Kosek	2014-03-26	1	-1/+2
\| \| \| \| \| \| \| \| \|	python-pyasn1 and python-qrcode were imported by ipalib but not required by python subpackage. https://fedorahosted.org/freeipa/ticket/4275 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	ipatests: Do not depend on the case of the attributes when testing ID ranges	Tomas Babej	2014-03-26	1	-4/+11
\| \| \| \| \| \| \| \| \|	In test_trust.py, several tests did case sensitive search on the output of the ipa idrange-show command. This could cause false negatives. Part of: https://fedorahosted.org/freeipa/ticket/4267 Reviewed-By: Martin Kosek <mkosek@redhat.com>
*	webui: rename domNode to dom_node	Petr Vobornik	2014-03-26	5	-39/+39
\| \| \| \| \| \|	- unites domNode and dom_node usage to dom_node Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
*	Remove unused method is_master of CAInstance.	Jan Cholasta	2014-03-25	1	-15/+0
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Support exporting CSRs in dogtag-ipa-ca-renew-agent.	Jan Cholasta	2014-03-25	1	-0/+27
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Update certmonger configuration in ipa-upgradeconfig.	Jan Cholasta	2014-03-25	1	-57/+90
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Use the same certmonger configuration for both CA masters and clones.	Jan Cholasta	2014-03-25	2	-102/+48
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Merge restart_httpd functionality to renew_ra_cert.	Jan Cholasta	2014-03-25	2	-10/+12
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Merge restart_pkicad functionality to renew_ca_cert and remove restart_pkicad.	Jan Cholasta	2014-03-25	4	-93/+32
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Make the default dogtag-ipa-ca-renew-agent behavior depend on CA setup.	Jan Cholasta	2014-03-25	2	-5/+8
\| \| \| \| \| \| \|	On CA masters, a certificate is requested and stored to LDAP. On CA clones, the certificate is retrieved from LDAP. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Store information about which CA server is master for renewals in LDAP.	Jan Cholasta	2014-03-25	5	-3/+98
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Use dogtag-ipa-ca-renew-agent to track certificates on master CA.	Jan Cholasta	2014-03-25	4	-119/+51
\| \| \| \| \| \| \| \| \|	Before, dogtag-ipa-renew-agent was used to track the certificates and the certificates were stored to LDAP in renew_ca_cert and renew_ra_cert. Since dogtag-ipa-ca-renew-agent can store the certificates itself, the storage code was removed from renew_ca_cert and renew_ra_cert. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Support storing renewed certificates to LDAP in dogtag-ipa-ca-renew-agent.	Jan Cholasta	2014-03-25	1	-4/+127
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Remove dogtag-ipa-retrieve-agent-submit.	Jan Cholasta	2014-03-25	3	-94/+0
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Use dogtag-ipa-ca-renew-agent to retrieve renewed certificates from LDAP.	Jan Cholasta	2014-03-25	2	-16/+27
\| \| \| \| \| \|	Before, this was done by dogtag-ipa-retrieve-agent-submit. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Support retrieving renewed certificates from LDAP in dogtag-ipa-ca-renew-agent.	Jan Cholasta	2014-03-25	1	-2/+69
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Add function for parsing friendly name from certificate requests.	Jan Cholasta	2014-03-25	1	-0/+50
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Remove unused function get_subjectaltname from the cert plugin.	Jan Cholasta	2014-03-25	1	-14/+0
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Update pkcs10 module functions to always load CSRs and allow selecting format.	Jan Cholasta	2014-03-25	3	-29/+31
\| \| \| \| \| \|	This change makes the pkcs10 module more consistent with the x509 module. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Add new certmonger CA helper dogtag-ipa-ca-renew-agent.	Jan Cholasta	2014-03-25	3	-0/+83
\| \| \| \| \| \|	The helper will be used to handle CA-related certificate renewal requests. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Use certmonger D-Bus API to configure certmonger in CA install.	Jan Cholasta	2014-03-25	4	-22/+25
\| \| \| \| \| \|	Before, certmonger was configured by modifying its internal database directly. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Show progress when enabling SSL in DS in ipa-server-install output.	Jan Cholasta	2014-03-25	2	-7/+12
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Remove unused method export_ca_cert of dsinstance.	Jan Cholasta	2014-03-25	1	-5/+0
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Upload CA certificate from DS NSS database in CA-less server install.	Jan Cholasta	2014-03-25	2	-18/+7
\| \| \| \| \| \| \| \| \| \|	Before, the file provided in the --root-ca-file option was used directly for the upload. However, it is the same file which is imported to the NSS database, so the second code path is not necessary. Also removed now unused upload_ca_dercert method of dsinstance. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Use LDAP API to upload CA certificate instead of ldapmodify command.	Jan Cholasta	2014-03-25	3	-13/+18
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Do not create CA certificate files in CA-less server install.	Jan Cholasta	2014-03-25	1	-15/+4
\| \| \| \| \| \| \| \| \| \|	The files are created later by ipa-client-install, there's no need to do it twice. This also fixes a bug in CA-less, where the CA certificate is not removed from /etc/pki/nssdb after client uninstall, because it has a different nickname. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Move CACERT definition to a single place.	Jan Cholasta	2014-03-25	17	-23/+24
\| \| \| \|	Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	Fix certificate renewal scripts to work with separate CA DS instance.	Jan Cholasta	2014-03-25	3	-22/+44
\| \| \| \| \| \|	https://fedorahosted.org/freeipa/ticket/3805 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
*	permission plugin: Add 'top' to the list of object classes	Petr Viktorin	2014-03-25	1	-1/+3
\| \| \| \| \| \| \| \| \| \| \|	The 'top' objectclass is added by DS if not present. On every update the managed permission updater compared the object_class list with the state from LDAP, saw that there's an extra 'top' value, and tried deleting it. Add 'top' to the list to match the entry in LDAP. Reviewed-By: Martin Kosek <mkosek@redhat.com>
*	Add Object metadata and update plugin for managed permissions	Petr Viktorin	2014-03-25	3	-0/+180
\| \| \| \| \| \| \| \|	The default read permission is added for Netgroup as an example. Part of the work for: https://fedorahosted.org/freeipa/ticket/3566 Design: http://www.freeipa.org/page/V3/Managed_Read_permissions Reviewed-By: Martin Kosek <mkosek@redhat.com>
*	Allow modifying permissions with ":" in the name	Petr Viktorin	2014-03-25	4	-11/+63
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	The ":" character will be reserved for default permissions, so that users cannot create a permission with a name that will later be added as a default. Allow the ":" character modifying/deleting permissions, but not when creating them. Also do not allow the new name to contain ":" when renaming. ( modify/delete have unrelated restrictions on managed permissions) Reviewed-By: Martin Kosek <mkosek@redhat.com>
*	test_permission_plugin: Fix tests that make too broad assumptions	Petr Viktorin	2014-03-25	2	-44/+28
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	The test that searches with a limit of 1 assumes a specific order LDAP returns entries in. Future patches will change this order. Do not check the specific entry returned. The test that searched for --bindtype assumed that no anonymous permissions exist in a clean install. Again, this will be changed in future patches. Add a name to the bindtype test, and add a negatitive test to verify the filtering works. Reviewed-By: Martin Kosek <mkosek@redhat.com>
*	permission-find: Fix handling of the search term for legacy permissions	Petr Viktorin	2014-03-25	1	-17/+24
\| \| \| \| \| \| \|	Previously the search term was only applied to the name. Fix it so that it filters results based on any attribute. Reviewed-By: Martin Kosek <mkosek@redhat.com>
*	Allow indexing API object types by class	Petr Viktorin	2014-03-25	2	-4/+23
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	This allows code like: from ipalib.plugins.dns import dnszone_mod api.Command[dnszone_mod] This form should be preferred when getting specific objects because it ensures that the appropriate plugin is imported. https://fedorahosted.org/freeipa/ticket/4185 Reviewed-By: Martin Kosek <mkosek@redhat.com>
*	Proxy PKI clone /ca/ee/ca/profileSubmit URI	Martin Kosek	2014-03-25	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \|	PKI change done in ticket https://fedorahosted.org/pki/ticket/816 requires the PKI Clone's SSL Server certificate to be issued by it's associated PKI master. Allow this call on IPA master. https://fedorahosted.org/freeipa/ticket/4265 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
*	extdom: do not return results from the wrong domain	Sumit Bose	2014-03-25	1	-0/+12
\| \| \| \| \|	Resolves: https://fedorahosted.org/freeipa/ticket/4264 Reviewed-By: Tomas Babej <tbabej@redhat.com>
*	permission plugin: Do not add the ipapermissionv2 for output	Petr Viktorin	2014-03-24	3	-7/+6
\| \| \| \| \| \| \| \| \|	As with the flags, the objectclass should be returned as it is on the entry. https://fedorahosted.org/freeipa/ticket/4257 Reviewed-By: Martin Kosek <mkosek@redhat.com>
*	webui-ci: fix test_rebuild_membership_hosts on server without DNS	Petr Vobornik	2014-03-24	1	-19/+5
\| \| \| \| \| \| \|	Host adder dialog differs on installations with and without DNS. Previous test used values for adding hosts which were suitable only for IPA servers installed with DNS. Reviewed-By: Martin Kosek <mkosek@redhat.com>
*	ipatests: test_trust: Change expected home directories for posix users	Tomas Babej	2014-03-24	2	-4/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Information from the AD about the home directories is not leveraged at all, but is generated from the username and domain. Fix the assumptions in the tests. Also changes 'Subdomain Test User' to 'Subdomaintest User' to be more consistent. https://fedorahosted.org/freeipa/ticket/4184 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
*	fix typo in ipa -v migrate-ds	Gabe	2014-03-21	2	-2/+2
\| \| \| \| \| \| \| \|	Remove 'u' from .po files as it is a typo and has been removed from other files. https://fedorahosted.org/freeipa/ticket/2546 Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
*	permission CLI: rename --permissions to --right	Petr Viktorin	2014-03-21	3	-7/+8
\| \| \| \| \| \| \| \|	The old name is kept as a deprecated alias. https://fedorahosted.org/freeipa/ticket/4231 Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
*	cli: Add mechanism for deprecated option name aliases	Petr Viktorin	2014-03-21	2	-14/+30
\| \| \| \| \| \| \| \| \|	Add a new Param kwarg, deprecated_cli_aliases, that lists deprecated aliases. The aliases will appear in a "Deprecated options" in the help, and otherwise act as the normal variant. Preparation for: https://fedorahosted.org/freeipa/ticket/4231
*	cli: Show list of values in --help for all Enums	Petr Viktorin	2014-03-21	1	-4/+4
\| \| \| \| \| \|	Previously only the StrEnum param type had the list of values listed in the help. Extend the functionality to any kind of Enum.
*	cli: Clean up imports	Petr Viktorin	2014-03-21	1	-6/+3
\|