summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Unload P11_Helper object's library when it is finalized in ipap11helperJan Cholasta2014-11-252-2/+12
| | | | | | https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Remove redefinition of LOG from ipa-otp-lasttokenJan Cholasta2014-11-251-3/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* copy_schema_to_ca: Fallback to old import location for ipaplatform.servicesPetr Viktorin2014-11-251-1/+5
| | | | | | | | | | This file is copied to older servers that might not have the ipaplatform refactoring. Import from the old location if the new one is not available. https://fedorahosted.org/freeipa/ticket/4763 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix error message for nonexistent members and add tests.David Kupka2014-11-242-1/+39
| | | | | | https://fedorahosted.org/freeipa/ticket/4643 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* webui: normalize idview tab labelsPetr Vobornik2014-11-241-3/+3
| | | | | | | | ID View tab labels are no longer redundant. https://fedorahosted.org/freeipa/ticket/4650 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* webui: use domain name instead of domain SID in idrange adder dialogPetr Vobornik2014-11-243-21/+19
| | | | | | | | It's more user friendly. Almost nobody remembers SIDs. https://fedorahosted.org/freeipa/ticket/4661 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix detection of encoding in zonemgr optionMartin Basti2014-11-241-7/+8
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4762 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use NSS protocol range API to set available TLS protocolsRob Crittenden2014-11-245-5/+27
| | | | | | | | | | | | | Protocols are configured as an inclusive range from SSLv3 through TLSv1.2. The allowed values in the range are ssl3, tls1.0, tls1.1 and tls1.2. This is overridable per client by setting tls_version_min and/or tls_version_max. https://fedorahosted.org/freeipa/ticket/4653 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Stop tracking certificates before restoring them in ipa-restoreJan Cholasta2014-11-211-2/+10
| | | | | | https://fedorahosted.org/freeipa/ticket/4727 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* ipa-restore: Check if directory is provided + better errors.David Kupka2014-11-211-4/+10
| | | | | | https://fedorahosted.org/freeipa/ticket/4683 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Use correct service name in cainstance.backup_configJan Cholasta2014-11-211-1/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4754 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* test_integration: Adjust tests for pytestPetr Viktorin2014-11-213-40/+30
| | | | | | | - Customize install() instead of setup_class() - Use pytest parametrization instead of test generators Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Integration tests: Port the BeakerLib plugin and log collection to pytestPetr Viktorin2014-11-216-295/+378
| | | | | | | | | | Move the IPA-specific log collection out of the Beakerlib plugin. Add the --logfile-dir option to tests and ipa-test-task, so that logs can be collected even if BeakerLib is not used. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Switch integration testing config to a fixturePetr Viktorin2014-11-213-60/+94
| | | | | | | | | The hack of storing the config on the class is left in; it would be too much work for too little gain at this time. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Switch ipa-run-tests to pytestPetr Viktorin2014-11-211-46/+10
| | | | | | https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Add local pytest plugin for --with-xunit and --logging-levelPetr Viktorin2014-11-212-0/+75
| | | | | | | | | | | The --with-xunit option ihas the same behavior as in nosetests: it's an alias for pytest's --junitxml=nosetests.py The --logging-level option enables direct IPA logging to stdout. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Switch make-test to pytestPetr Viktorin2014-11-211-60/+3
| | | | | | | | | | The unused capability to run on multiple Python versions is removed, and needed arguments are now listed in pytest.ini, leaving just a simple call to the actual test runner. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Integration tests: Port the ordering plugin to pytestPetr Viktorin2014-11-217-108/+146
| | | | | | | | Ordered integration tests may now be run with pytest. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Declarative tests: Switch to pytestPetr Viktorin2014-11-214-19/+55
| | | | | | | | | | Provide a local pytest plugin to generate tests. The Declarative tests can now only be run with pytest https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Declarative tests: Move cleanup to setup_class/teardown_classPetr Viktorin2014-11-211-19/+16
| | | | | | https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Configure pytest to run doctestsPetr Viktorin2014-11-213-0/+20
| | | | | | | | | | | | | | | | | | | The pytest.ini file needs to be in or above the directory py.test is called in. When in IPA project root, this invocation will find ./ipatests/pytest.ini: py.test ipatests/ but these will not (they're equivalent): py.test . py.test So pytest.ini must be in the project root. However, setupttols can't include files outside package directories, so we also need this file to be under ipatests/ Solve the problem by symlinking ./pytest.ini to ipatests/pytest.ini. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* test_ipapython: Use functions instead of classes in test generatorsPetr Viktorin2014-11-212-11/+11
| | | | | | | | | pytest's support for Nose-style test generators is not bulletproof; use a real function to please it. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* test_webui: Don't use __init__ for test classesPetr Viktorin2014-11-218-28/+24
| | | | | | https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* dogtag plugin: Don't use doctest syntax for non-doctest examplesPetr Viktorin2014-11-211-8/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Use setup_class/teardown_class in Declarative testsPetr Viktorin2014-11-214-22/+9
| | | | | | | | | | Pytest will consider each Declarative test individually, running setup/teardown for each one. Move the setup and teardown to the class level. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* test_automount_plugin: Fix test orderingPetr Viktorin2014-11-211-2/+2
| | | | | | | | | Nose ran the `test_a_*` and `test_a2_*` tests in opposite order than the source suggested. Fix this. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipatests.util.ClassChecker: Raise AttributeError in get_subclsPetr Viktorin2014-11-211-1/+1
| | | | | | | | Pytest considers NotImplementedError on attribute access an error. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* tests: Add configuration for pytestPetr Viktorin2014-11-211-0/+2
| | | | | | | | | | By default, pytest considers test classes only if they're named 'Test*'; Nose also allows 'test_*'. Configure pytest to allow the non-pep8 names as well. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* tests: Use PEP8-compliant setup/teardown method namesPetr Viktorin2014-11-2121-62/+56
| | | | | | | | | | | | The setUp/dearDown names are used in the unittest module, but there is no reason to use them in non-`unittest` test cases. Nose supports both styles (but mixing them can cause trouble when calling super()'s methods). Pytest only supports the new ones. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix: read_ip_addresses should return ipaddr objectMartin Basti2014-11-211-1/+1
| | | | | | | | Interactive prompt callback returns list of str instead of CheckedIPAddress instances. Ticket: https://fedorahosted.org/freeipa/ticket/4747 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use asn1c helpers to encode/decode the getkeytab controlSimo Sorce2014-11-207-396/+107
| | | | | | | | | | | Replaces manual encoding with automatically generated code. Fixes: https://fedorahosted.org/freeipa/ticket/4718 https://fedorahosted.org/freeipa/ticket/4728 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* Add asn1c generated code for keytab controlsSimo Sorce2014-11-2076-2/+12457
| | | | | | | | | | | | | | | | Instead of manually encoding controls, use an actual asn1 compiler. The file asn1/asn1c/ipa.asn1 will contain ipa modules. The generated code is committed to the tree and built into a static library that is linked to the code that uses it. The first module implements the GetKeytabControl control. Related: https://fedorahosted.org/freeipa/ticket/4718 https://fedorahosted.org/freeipa/ticket/4728 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* Fix filtering of enctypes in server code.Simo Sorce2014-11-201-17/+43
| | | | | | | | | | | The filtering was incorrect and would result in always discarding all values. Also make sure there are no duplicates in the list. Partial fix for: https://fedorahosted.org/freeipa/ticket/4718 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* Fix --{user,group}-ignore-attribute in migration plugin.David Kupka2014-11-201-6/+4
| | | | | | | | Ignore case in attribute names. https://fedorahosted.org/freeipa/ticket/4620 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix pk11helper module compiler warningsMartin Basti2014-11-204-10/+6
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: David Kupka <dkupka@redhat.com>
* restore: clear httpd ccache after restorePetr Vobornik2014-11-201-0/+2
| | | | | | | | | | so that httpd ccache won't contain old credentials which would make ipa CLI fail with error: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Decrypt integrity check failed) https://fedorahosted.org/freeipa/ticket/4726 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Restore file extended attributes and SELinux context in ipa-restoreJan Cholasta2014-11-201-0/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/4712 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add additional backup & restore checksPetr Viktorin2014-11-201-6/+35
| | | | | | https://fedorahosted.org/freeipa/ticket/3893 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Raise right exception if domain name is not validMartin Basti2014-11-201-8/+9
| | | | | | | | Because of dnspython implementation, in some cases UnicodeError is raised instead of DNS SyntaxError Ticket: https://fedorahosted.org/freeipa/ticket/4734 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* webui: fix potential XSS vulnerabilitiesPetr Vobornik2014-11-205-10/+13
| | | | | | | | | | | Escape user defined text to prevent XSS attacks. Extra precaution was taken to escape also parts which are unlikely to contain user-defined text. fixes CVE-2014-7850 https://fedorahosted.org/freeipa/ticket/4742 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Show warning instead of error if CA did not startMartin Basti2014-11-201-0/+4
| | | | | | | | This is just workaround, checking if CA is working raises false positive exception during upgrade Ticket: https://fedorahosted.org/freeipa/ticket/4676 Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Do not restore SELinux settings that were not backed upPetr Viktorin2014-11-192-1/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/4678 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix wrong expiration date on renewed IPA CA certificatesJan Cholasta2014-11-192-2/+4
| | | | | | | | | The expiration date was always set to the expiration date of the original certificate. https://fedorahosted.org/freeipa/ticket/4717 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix warning message should not contain CLI commandsMartin Basti2014-11-193-10/+12
| | | | | | | Message is now universal for both CLI and WebUI Ticket: https://fedorahosted.org/freeipa/ticket/4647 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Enable QR code display by default in otptoken-addNathaniel McCallum2014-11-195-6/+9
| | | | | | | | | | This is possible because python-qrcode's output now fits in a standard terminal. Also, update ipa-otp-import and otptoken-add-yubikey to disable QR code output as it doesn't make sense in these contexts. https://fedorahosted.org/freeipa/ticket/4703 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix: zonemgr must be unicode valueMartin Basti2014-11-191-0/+2
| | | | | | | | To support IDNA --zonemgr option must be unicode not ascii https://fedorahosted.org/freeipa/ticket/4724 Reviewed-By: David Kupka <dkupka@redhat.com>
* Add UTC date to GIT snapshot version generationSimo Sorce2014-11-181-2/+3
| | | | | | | | | This way make rpms will always generate new packages that can be installed on top fo older ones, regardless of alphabetic ordering of the GIT commit id. Also make sure version and date variables are immditely resolved, so they can't change during the build. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* Fix named working directory permissionsMartin Basti2014-11-184-8/+46
| | | | | | | | Just adding dir to specfile doesnt work, because is not guarantee the named is installed, during RPM installation. Ticket: https://fedorahosted.org/freeipa/ticket/4716 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Add help string on how to configure multiple DNS forwards for various cli toolsThorsten Scherf2014-11-143-3/+3
| | | | | | | | | | | | | | The man pages for various FreeIPA setup tools are more descriptive on how to configure multiple DNS forwarders than the corresponding cli help. This patch makes the cli help more verbose now for the following tools: * ipa-dns-install * ipa-replica-install * ipa-server-install https://fedorahosted.org/freeipa/ticket/4465 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Ensure users exist when assigning tokens to themNathaniel McCallum2014-11-131-2/+5
| | | | | | | https://fedorahosted.org/freeipa/ticket/4642 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-01 13:08:34 +0000