summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* httpinstance: Use full path via HTTPD_IPA_REWRITE_CONF for Include.Timo Aaltonen2015-11-041-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipaplatform: Add NAMED_USER to constantsTimo Aaltonen2015-11-042-1/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipaplatform: Add HTTPD_USER to constants, and use it.Timo Aaltonen2015-11-045-9/+13
| | | | | | https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* DNSSEC: remove sysrestore state after uninstallMartin Basti2015-11-031-0/+2
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix typo in ods-exporter uninstall to restore stateMartin Basti2015-11-031-1/+1
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fixed A record creation bugOleg Fayans2015-11-031-4/+3
| | | | | | | | | When creating an A record we used to provide full hostname as a record name, while we should have provided only the first part of the hostname https://fedorahosted.org/freeipa/ticket/5419 Reviewed-By: Martin Basti <mbasti@redhat.com>
* The test was made to be skipped if domainlevel is 0Oleg Fayans2015-11-031-0/+5
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* Updated the tests according to the new replica installation workflowOleg Fayans2015-11-033-10/+44
| | | | | | | | | | | As of 4.3 the replica installation is performed without preparing a gpg file on master, but rather enrolling a future replica as a client with subsequent promotion of the client. This required the corresponding change in the integration tests https://fedorahosted.org/freeipa/ticket/5379 Reviewed-By: Martin Basti <mbasti@redhat.com>
* fix broken translations after last po updatePetr Vobornik2015-11-024-10/+9
| | | | | Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* spec file: depend on Dogtag 10.2.6-12 for tomcat 8 upgradeAlexander Bokovoy2015-11-021-2/+2
| | | | | | | | | | Dogtag 10.2.6-12 includes automatic upgrade from Tomcat 7 to Tomcat 8. Otherwise FreeIPA is broken after upgrades. This affects Fedora 22 to Fedora 23 upgrades. https://bugzilla.redhat.com/show_bug.cgi?id=1274915 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Update .po filesPetr Vobornik2015-11-0218-172/+3499
| | | | | | https://fedorahosted.org/freeipa/ticket/5427 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa-csreplica-manage: disable connect/disconnect/del with domain level > 0Martin Basti2015-11-023-8/+36
| | | | | | | | | | * ipa-csreplica-manage {connect|disconnect} - a user should use 'ipa topologysegment-*' commands * ipa-csreplica-manage del - a user should use ipa-replica-manage del https://fedorahosted.org/freeipa/ticket/5405 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Remove 50-lockout-policy.update fileGabe2015-10-302-5/+0
| | | | | | | | | | | | Remove lockout policy update file because all currently supported versions have krbPwdMaxFailure defaulting to 6 and krbPwdLockoutDuration defaulting to 600. Keeping lockout policy update file prevents from creating a more scrict policy in environments subject to regulatory compliance https://fedorahosted.org/freeipa/ticket/5418 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* update list of managed servers when a suffix becomes managedLudwig Krispenz2015-10-304-30/+42
| | | | | | | when a suffix becomes managed for a host, the host needs to be added to the managed servers, otherwise connectivity check would fail Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
* reject agreement only if both ends are managedLudwig Krispenz2015-10-301-1/+2
| | | | | | | the creation or deletion of a replication agreemet is rejected if the servers are managed for the suffix. But bot endpoints need to checked Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
* DNSSEC: improve log messages in uninstallerPetr Spacek2015-10-301-1/+2
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSSEC: on uninstall, do not restore OpenDNSSEC kasp.db if backup failedPetr Spacek2015-10-301-4/+9
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* interactive installer does not ignore leading/trailing whitespaceGabe2015-10-291-2/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/5355 Reviewed-By: Martin Basti <mbasti@redhat.com>
* KRA: fix check that CA is installedMartin Basti2015-10-291-18/+24
| | | | | | https://fedorahosted.org/freeipa/ticket/5345 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Add Firefox options to ipa-client-install man pageGabe2015-10-292-1/+7
| | | | | | | | - Update --configure-firefox description in ipa-client-install https://fedorahosted.org/freeipa/ticket/5375 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Added user friendly error message for dnszone enable and disableAbhijeet Kasurde2015-10-292-4/+16
| | | | | | | | | | Added try-except block in dns plugin in order to provide user friendly message to end user. https://fedorahosted.org/freeipa/ticket/4811 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* silence pylint in Python 3-specific portion of ipalib/rpc.pyMartin Babinsky2015-10-271-1/+1
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* change pki-core required version for replica promotionPetr Vobornik2015-10-271-2/+2
| | | | | | | | | | | | Required PKI changes, namely: https://fedorahosted.org/pki/ticket/1414 https://fedorahosted.org/pki/ticket/1580 Are included in pki-core 10.2.6-5 reps. 10.2.6-10 10.2.7 does not exist yet. Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Check early if a CA is already installed locallySimo Sorce2015-10-272-3/+4
| | | | | | | | | | There is no reason to proceed if a CA is already installed, and the check does not involve a lot of setup, so do it early on. Ticket: https://fedorahosted.org/freeipa/ticket/5397 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipalib.rpc: Update for Python 3Petr Viktorin2015-10-271-6/+29
| | | | | | | | The client XML-RPC implementation is tied to rpclib internals, so with a change in Python it needs to be updated. And rpclib changed in Python 3. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* test_parameters: Alias long to int under Python 3Petr Viktorin2015-10-271-0/+1
| | | | | | In py3, the two types are unified under the name "int". Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipapython.secrets: Port to Python 3Petr Viktorin2015-10-272-2/+1
| | | | | | | | | | | StringIO was renamed in Python 3. The import was was unused, so remove it. Files need to be opened in binary mode if bytes are written to them. (For Python 2: on Linux, there's no practical difference between text and binary mode) Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipapython.nsslib: Remove NSSHTTPSPetr Viktorin2015-10-272-69/+1
| | | | | | This workaround is unused in Python 2.7+. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipapython.nsslib, ipalib.rpc: Remove code for Python 2.6 and belowPetr Viktorin2015-10-272-28/+13
| | | | | | IPA hasn't supported these pythons for a while now. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Domain levels: use constants rather than hardcoded valuesMartin Basti2015-10-278-18/+25
| | | | | | | | | | | Added constants for domain levels DOMAIN_LEVEL_0 = 0 DOMAIN_LEVEL_1 = 1 This allows to search for domain level easier in code. Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipatests: CA ACL and cert profile functional testMilan Kubík2015-10-272-0/+344
| | | | | | https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipatests: added unlock_principal_password and change_principalMilan Kubík2015-10-271-0/+40
| | | | | | | | | | | | | | | | The unlock_principal_password unlocks the (new) user by running ldappasswd as the user. change_principal is an context manager that changes identity for the supplied api object by disconnecting and reconnecting the rpcclient in and outside of requested kerberos context. This context manager allows to run tests that cannot be executed as an admin user which can for example override an CA ACL. https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipatests: CA ACL - added config templatesMilan Kubík2015-10-273-0/+148
| | | | | | https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* tests: add test to check the default ACLMilan Kubík2015-10-271-7/+128
| | | | | | | | | Also includes basic ACL manipulation and adding and removing members to/from the acl. https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipatests: Add initial CAACLTracker implementationMilan Kubík2015-10-272-0/+383
| | | | | | | | | | | | The patch implements the tracker for CA ACL feature. The basic CRUD checkers has been implemented. The methods for adding and removing the association of the resources with the ACL do not have the check methods. These will be provided as a separate test suite. https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipatests: add fuzzy instances for CA ACL DN and RDNMilan Kubík2015-10-271-0/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* handle cleaning of RUV in the topology pluginLudwig Krispenz2015-10-264-6/+107
| | | | | | | | | | After removing a server the replicaid needs to be cleared in the ruv entry and in the changelog. This was triggere by initiating a cleanallruv task in "ipa-replica-manage del", but the removal of a master already triggers a cleanup of segments and replication agreement by the topology plugin, so this could be handled by the plugin as well. Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
* Remove executable bit from ipa_kra_install.pyMartin Basti2015-10-261-0/+0
| | | | Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* trustdomain: Perform validation of the trust domain firstTomas Babej2015-10-261-1/+6
| | | | | | | | | | Makes sure that the first check that is performed when trustdomain-del command is run is that the actual trusted domain exists. This is done to prevent a subseqent error which might be misleading. https://fedorahosted.org/freeipa/ticket/5389 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* trusts: Make trust_show.get_dn raise properly formatted NotFoundTomas Babej2015-10-261-8/+24
| | | | | | | | | | | | | The trust_show command does not raise a properly formatted NotFound error if the trust is not found, only a generic EmptyResult error is raised. This patch makes the trust_show tell us what actually could not be found. https://fedorahosted.org/freeipa/ticket/5389 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa-replica-manage: fix undefined variableMartin Basti2015-10-231-1/+1
| | | | Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* always ask the resolver for the reverse zone when manipulating PTR recordsMartin Babinsky2015-10-222-35/+18
| | | | | | | | | | | | | Instead of searching for all zones to identify the correct reverse zone, we will first ask the resolver to return the name of zone that should contain the desired record and then see if IPA manages this zone. This patch also removes a duplicate function in bindinstance.py that is not used anywhere. https://fedorahosted.org/freeipa/ticket/5200 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix left-over Python 3 syntax errorsPetr Viktorin2015-10-221-2/+2
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Work around ipalib.text (i18n) str/unicode handlingPetr Viktorin2015-10-221-9/+18
| | | | | | | Python 3 doesn't provide ugettext/ungettext, since gettext/ngettext work with (unicode) strings. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix more bytes/unicode issuesPetr Viktorin2015-10-2212-69/+101
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipalib.messages: Add "message" property to PublicMessagePetr Viktorin2015-10-221-0/+5
| | | | | | | In Python 3, the "message" property was removed in favor of calling str(). Add it to PublicMessage, since IPA code depends on it. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipatest.util: Port to Python 3Petr Viktorin2015-10-222-5/+5
| | | | | | | - Allow bytes or str in Fuzzy - test_util: Fix indices in lists whose elements are unorderable in py3 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Handle binascii.Error from base64.b64decode()Petr Viktorin2015-10-227-11/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In Python 3, the base64.b64decode function raises binascii.Error (a ValueError subclass) when it finds incorrect padding. In Python 2 it raises TypeError. Callers should usually handle ValueError; unless they are specifically concerned with handling base64 padding issues). In some cases, callers should handle ValueError: - ipalib.pkcs10 (get_friendlyname, load_certificate_request): callers should handle ValueError - ipalib.x509 (load_certificate*, get_*): callers should handle ValueError In other cases ValueError is handled: - ipalib.parameters - ipapython.ssh - ipalib.rpc (json_decode_binary - callers already expect ValueError) - ipaserver.install.ldapupdate Elsewhere no error handling is done, because values come from trusted sources, or are pre-validated: - vault plugin - ipaserver.install.cainstance - ipaserver.install.certs - ipaserver.install.ipa_otptoken_import Reviewed-By: Tomas Babej <tbabej@redhat.com>
* DNSSEC: warn user if DNSSEC key master is not installedMartin Basti2015-10-223-0/+56
| | | | | | | | | Warning user that DNSSEC key master is not installed when commands dnszone-add, dnszone-mod, dnszone-show when option dnssec=true https://fedorahosted.org/freeipa/ticket/5290 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNSSEC: Remove service containers from LDAP after uninstallingMartin Basti2015-10-222-0/+16
| | | | | | | | | | The service containers are no needed there after uninstall anymore. Removing these service also allows to detect if DNSSEC master is installed on any replica for any user. https://fedorahosted.org/freeipa/ticket/5290 Reviewed-By: Petr Spacek <pspacek@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-03 09:16:52 +0000