summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Fail on topology disconnect/last role removalStanislav Laznicka2016-08-171-2/+3
| | | | | | | | | | Disconnecting topology/removing last-role-host during server uninstallation should raise error rather than just being logged if the appropriate ignore settings are not present. https://fedorahosted.org/freeipa/ticket/6168 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* compat: Fix ping command callDavid Kupka2016-08-171-1/+1
| | | | | | | | Remove extra argument from client.forward call. https://fedorahosted.org/freeipa/ticket/6095 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* schema check: Check current client language against cached oneDavid Kupka2016-08-171-1/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/6204 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* schema cache: Read schema instead of rewriting it when SchemaUpToDateDavid Kupka2016-08-171-22/+24
| | | | | | https://fedorahosted.org/freeipa/ticket/6048 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* client: Do not create instance just to check isinstanceDavid Kupka2016-08-173-12/+11
| | | | | | | | | Checking that classes are idenical gives the same result and avoids unnecessary instantiation. https://fedorahosted.org/freeipa/ticket/6048 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* schema cache: Store API schema cache in memoryDavid Kupka2016-08-171-23/+28
| | | | | | | | | | Read whole cache into memory and keep it there for lifetime of api object. This removes the need to repetitively open/close the cache and speeds up every access to it. https://fedorahosted.org/freeipa/ticket/6048 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* schema cache: Read server info only onceDavid Kupka2016-08-171-10/+19
| | | | | | | | | Do not open/close the file with every access to plugins. Extensive access to filesystem may cause significant slowdown. https://fedorahosted.org/freeipa/ticket/6048 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* frontent: Add summary class property to CommandOverrideDavid Kupka2016-08-171-0/+6
| | | | | | | | Avoid creating instance of overriden command to get its summary. https://fedorahosted.org/freeipa/ticket/6048 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Access data for help separatelyDavid Kupka2016-08-171-19/+18
| | | | | | | | | | To avoid the need to read all data for a plugin from cache and actualy use the separately stored help data it must be requested and returned separately. https://fedorahosted.org/freeipa/ticket/6048 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* schema cache: Do not read fingerprint and format from cacheDavid Kupka2016-08-171-26/+5
| | | | | | | | | | Fingerprint can be obtained from schema filename of from ServerInfo instance. Use FORMAT in path to avoid openening schema just to read its format. https://fedorahosted.org/freeipa/ticket/6048 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* schema cache: Do not reset ServerInfo dirty flagDavid Kupka2016-08-171-1/+2
| | | | | | | | | Once dirty flag is set to True it must not be set back to False. Otherwise changes are not written back to file. https://fedorahosted.org/freeipa/ticket/6048 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Set servers list as default facet in topology facet groupPavel Vomacka2016-08-171-1/+1
| | | | | | | | | | Since there is a new warning about only one CA server, the default facet of topology facet group is set to servers list where the warning is. So the warning will be shown right after clicking on Topology section. Part of: https://fedorahosted.org/freeipa/ticket/5828 Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
* Add warning about only one existing CA serverPavel Vomacka2016-08-173-1/+76
| | | | | | | | | | It is not safe to have only one CA server in topology. Therefore there is a check and in case that there is only one CA server a warning is shown. The warning is shown after each refreshing of servers facet. https://fedorahosted.org/freeipa/ticket/5828 Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
* cert: do not crash on invalid data in cert-findJan Cholasta2016-08-171-4/+24
| | | | | | | https://fedorahosted.org/freeipa/ticket/6150 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* cert: speed up cert-findJan Cholasta2016-08-171-182/+216
| | | | | | | | | | | | Use issuer+serial rather than raw DER blob to identify certificates in cert-find's intermediate result. Restructure the code to make it (hopefully) easier to follow. https://fedorahosted.org/freeipa/ticket/6098 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* DNS: allow to add forward zone to already broken sub-domainPetr Spacek2016-08-171-1/+1
| | | | | | | | | | Errors during DNS resolution might indicate that forwarder is the necessary configuration which is missing. Now we disallow adding a forwarder only if the zone is normally resolvable without the forwarder. https://fedorahosted.org/freeipa/ticket/6062 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove sys.exit from install modules and scriptsStanislav Laznicka2016-08-1611-152/+149
| | | | | | | | | sys.exit() calls sometimes make it hard to find bugs and mask code that does not always work properly. https://fedorahosted.org/freeipa/ticket/5750 Reviewed-By: Martin Basti <mbasti@redhat.com>
* server upgrade: do not start BIND if it was not running before the upgradePetr Spacek2016-08-161-1/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/6206 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNS server upgrade: do not fail when DNS server did not respondPetr Spacek2016-08-161-2/+12
| | | | | | | | | | | | | | | | | | | | Previously, update_dnsforward_emptyzones failed with an exeception if DNS query failed for some reason. Now the error is logged and upgrade continues. I assume that this is okay because the DNS query is used as heuristics of last resort in the upgrade logic and failure to do so should not have catastrophics consequences: In the worst case, the admin needs to manually change forwarding policy from 'first' to 'only'. In the end I have decided not to auto-start BIND because BIND depends on GSSAPI for authentication, which in turn depends on KDC ... Alternative like reconfiguring BIND to use LDAPI+EXTERNAL and reconfiguring DS to accept LDAP external bind from named user are too complicated. https://fedorahosted.org/freeipa/ticket/6205 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix for integration tests replication layoutsGanna Kaihorodova2016-08-161-1/+10
| | | | | | | | | Domain level 0 doesn't allow to create replica file on CA-less master, testcases were skipped with Domain level 0 [https://fedorahosted.org/freeipa/ticket/6134] Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Additional coverity fixes.Simo Sorce2016-08-164-16/+6
| | | | | | | | | This are manual fixes for patches submitted upstream, and should be picked up once a new asn1c is available. They will be overridden if the code is regenerated before then. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Regenerate asn1 codeSimo Sorce2016-08-1642-472/+1931
| | | | | | | | Regenerate the code with asn1c 0.9.27, this allows us to pick up a few fixes for problems identified by coverity as well as other general bugfixes. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Silence sshd messages during installBen Lipton2016-08-161-7/+3
| | | | | | | | | | | Fix for accidentally pushed commit c15ba1f9e8c7d236586d46271fce7c3950b509da During install we call sshd with no config file, sometimes leading to it complaining about missing files or bad config options. Since we're just looking for the return code to see if the options are correct, we can discard these error messages. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipatests: Fix wrong fixture in kerberos principal alias testMilan Kubík2016-08-161-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/6197 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix malformed or missing docstrings in ipalib/messagesLenka Doudova2016-08-161-3/+12
| | | | | | | | | | Some of the docstrings in ipalib/messages.py are malformed or missing entirely. This causes test_ipalib/test_messages to fail due to non-matching regex. https://fedorahosted.org/freeipa/ticket/6215 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Tests: test_ipalib/test_output fails due to change of Output behaviourLenka Doudova2016-08-161-4/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/6189 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Tests: Add data attribute to messagesLenka Doudova2016-08-161-9/+12
| | | | | | | | | Tests test_ipalib/test_messages.py are failing because messages now contain also 'data' attribute, which is not yet reflected in tests. https://fedorahosted.org/freeipa/ticket/6185 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Don't show --force-ntpd option in replica installStanislav Laznicka2016-08-111-2/+2
| | | | | | | | | | | Always run the client installation script with --no-ntp option so that it does not show the message about --force-ntpd option that does not exist in ipa-replica-install. The time synchronization is done elsewhere anyway. https://fedorahosted.org/freeipa/ticket/6046 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Test URIs in certificate.Peter Lacko2016-08-111-13/+37
| | | | | | | | | Test that CRL URI and OCSP URI are present and correct in generated certificate. https://fedorahosted.org/freeipa/ticket/5881 Reviewed-By: Lenka Doudova <ldoudova@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* ca-less tests: fix getting cert in pem format from nssdbPetr Vobornik2016-08-101-3/+3
| | | | | | | | | | | | usage of ipautil.run in get_pem methond of ca-less tests was not refactored when the ipautil.run was refactored in 099cf98307d4b2f0ace5d5e28754f264808bf59d This results in failure of all CA-less test. https://fedorahosted.org/freeipa/ticket/6177 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Removed objectclass from LDAP*ReverseMember based testsStanislav Laznicka2016-08-102-8/+0
| | | | | | | | | Some tests were broken because of the recent changes in baseldap (#5892) as they were wrongly expecting an objectclass attribute. https://fedorahosted.org/freeipa/ticket/6198 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Call hostnamectl set-hostname only if --hostname option is usedPetr Spacek2016-08-105-27/+16
| | | | | | | | | | This commit also splits hostname backup and configuration into two separate functions. This allows us to backup hostname without setting it at the same time. https://fedorahosted.org/freeipa/ticket/6071 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* server-install: Fix --hostname option to always override api.env valuesPetr Spacek2016-08-101-8/+5
| | | | | | | | | | Attempts to compare local hostname with user-provided values are error prone as we found out in #5794. This patch removes comparison and makes the env values deterministic. https://fedorahosted.org/freeipa/ticket/6071 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* client: add missing output params to client-side commandsJan Cholasta2016-08-102-0/+30
| | | | | | | | | | | | Add output params for the otptoken-add-yubikey, vault-add, vault-mod, vault-archive and vault-retrieve commands. This fixes the commands not having any output in CLI. https://fedorahosted.org/freeipa/ticket/6182 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* parameters: move the `confirm` kwarg to ParamJan Cholasta2016-08-103-9/+3
| | | | | | | | | | | | | | | | | | | Whether a parameter is treated like password is determined by the `password` class attribute defined in the Param class. Whether the CLI will asks for confirmation of a password parameter depends on the value of the `confirm` kwarg of the Password class. Move the `confirm` kwarg from the Password class to the Param class, so that it can be used by any Param subclass which has the `password` class attribute set to True. This fixes confirmation of the --key option of otptoken-add, which is a Bytes subclass with `password` set to True. https://fedorahosted.org/freeipa/ticket/6174 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* client: RPM require initscripts to get *-domainname.servicePetr Spacek2016-08-101-0/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4831 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa-backup: backup /etc/tmpfiles.d/dirsrv-<instance>.confMartin Basti2016-08-092-3/+7
| | | | | | | | | | This file allows daemon tmpfiles.d to re-create the dirs in volatile directories like /var/run or /var/lock. Without this file Dirsrv will not start. https://fedorahosted.org/freeipa/ticket/6165 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix unicode characters in ca and domain addersPavel Vomacka2016-08-091-1/+3
| | | | | | | | | | | | Topology graph didn't show plus icons correctly. There is a problem with uglifying of javascript code. It does not leave unicode character written in hexadecimal format unchanged. Therefore this workaround which inserts needed character using Javascript function and uglifiyng does not affect it. https://fedorahosted.org/freeipa/ticket/6175 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix ipa-caalc-add-service error messageTomas Krizek2016-08-091-1/+1
| | | | | | | | | When service is not found in ipa-caalc-add-service command, return the entire principal name of the service instead of the first character. https://fedorahosted.org/freeipa/ticket/6171 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Revert "spec: add conflict with bind-chroot to freeipa-server-dns"Jan Cholasta2016-08-091-3/+0
| | | | | | | | | | | Remove the conflict, as bind-chroot caused issue only on systems with older bind and bind-chroot - e.g. RHEL 6. This reverts commit 3ab63fa6ba60947b1452c2108c4cf7637f4aacdb. https://fedorahosted.org/freeipa/ticket/5696 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Improvements for the ipa-cacert-manage man and helpStanislav Laznicka2016-08-092-14/+26
| | | | | | | | | | | | The man page for ipa-cacert-manage didn't mention that some options are only applicable to the install some to the renew subcommand. Also fixed a few missing articles. https://fedorahosted.org/freeipa/ticket/6013 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
* ipa-kdb: Fix unit test after packaging changes in krb5Lukas Slebodnik2016-08-091-0/+2
| | | | | | | Resolves: https://fedorahosted.org/freeipa/ticket/6173 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa-kdb: Allow to build with samba 4.5Lukas Slebodnik2016-08-092-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | daemons/ipa-kdb/ipa_kdb_mspac.c: In function 'filter_logon_info': daemons/ipa-kdb/ipa_kdb_mspac.c:1536:19: error: 'struct PAC_LOGON_INFO' has no member named 'res_group_dom_sid' if (info->info->res_group_dom_sid != NULL && ^~ daemons/ipa-kdb/ipa_kdb_mspac.c:1537:19: error: 'struct PAC_LOGON_INFO' has no member named 'res_groups'; did you mean 'resource_groups'? info->info->res_groups.count != 0) { ^~ mv -f .deps/ipa_kdb_delegation.Tpo .deps/ipa_kdb_delegation.Plo Makefile:806: recipe for target 'ipa_kdb_mspac.lo' failed make[3]: *** [ipa_kdb_mspac.lo] Error 1 make[3]: *** Waiting for unfinished jobs.... Related change in samba https://github.com/samba-team/samba/commit/4406cf792a599724f55777a45efb6367a9bd92b2 Resolves: https://fedorahosted.org/freeipa/ticket/6173 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add jslint into MakefilePavel Vomacka2016-08-092-1/+8
| | | | | | | | | | | | | Also put jsl into dependencies. The patch also split lint target into more smaller targets. The purpose of this change is to add possibility to run only fast jslint by using make jslint and don't waste time with pylint, which can take a lot of time. https://fedorahosted.org/freeipa/ticket/6161 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-pwd-extop: Fix warning assignment discards ‘const’ qualifier from ↵Lukas Slebodnik2016-08-081-1/+1
| | | | | | | | | | | | pointer ipa_pwd_extop.c: In function ‘ipapwd_chpwop’: ipa_pwd_extop.c:337:13: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers] target_dn = slapi_sdn_get_ndn(target_sdn); ^ Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
* ipa_pwd_extop: Fix warning declaration shadows previous localLukas Slebodnik2016-08-081-1/+0
| | | | | | | | | | | | ipa_pwd_extop.c:397:19: warning: declaration of ‘target_sdn’ shadows a previous local [-Wshadow] Slapi_DN *target_sdn; ^~~~~~~~~~ ipa_pwd_extop.c:212:16: note: shadowed declaration is here Slapi_DN *target_sdn = NULL; ^~~~~~~~~~ Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
* Use existing HostKey config to test sshdBen Lipton2016-08-081-3/+7
| | | | | | | | | | Prevents sshd from producing warning messages on package upgrade because not all of the default host key files (/etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key) are present. Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fixed incorrect domainlevel determination in testsOleg Fayans2016-08-051-0/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/6167 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Update ipa-replica-install documentationTomas Krizek2016-08-052-2/+2
| | | | | | | | | Update the ipa-replica-install man page and help to reflect that replica_file is optional instead of mandatory. https://fedorahosted.org/freeipa/ticket/6164 Reviewed-By: Martin Basti <mbasti@redhat.com>
* caacl: fix regression in rule instantiationFraser Tweedale2016-08-051-6/+11
| | | | | | | | | | | The Principal refactor causes service collections ('memberservice_service' attribute) to return Principal objects where previously it returned strings, but the HBAC machinery used for CA ACL enforcement only handles strings. Update the code to stringify service Principal objects when adding them to HBAC rules. Fixes: https://fedorahosted.org/freeipa/ticket/6146 Reviewed-By: Martin Basti <mbasti@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-30 02:27:03 +0000