summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* load RA backend plugins during standalone CA install on CA-less IPA masterMartin Babinsky2015-09-091-1/+3
| | | | | | | | | | CA-less IPA master has 'ra_plugin' set to 'none' in IPA config. When setting up Dogtag CA on the master we must override this setting in order to load dogtag backend plugins and succesfully complete CA installation. https://fedorahosted.org/freeipa/ticket/5288 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Using LDAPI to setup CA and KRA agents.Endi S. Dewata2015-09-073-92/+72
| | | | | | | | | | | The CA and KRA installation code has been modified to use LDAPI to create the CA and KRA agents directly in the CA and KRA database. This way it's no longer necessary to use the Directory Manager password or CA and KRA admin certificate. https://fedorahosted.org/freeipa/ticket/5257 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Decode script arguments using file system encodingJan Cholasta2015-09-075-4/+23
| | | | | | | | This mimics Python 3's behavior, where sys.argv is automatically decoded using file system encoding, as returned by sys.getfilesystemencoding(). This includes reimplementation of os.fsdecode() from Python 3. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use six.python_2_unicode_compatibleJan Cholasta2015-09-073-15/+23
| | | | | | | | | | | Rename __unicode__ to __str__ in classes which define it and use the six.python_2_unicode_compatible decorator on them to make them compatible with both Python 2 and 3. Additional changes were required for the ipapython.dnsutil.DNSName class, because it defined both __str__ and __unicode__. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use six.with_metaclass to specify metaclassesJan Cholasta2015-09-073-11/+7
| | | | | | | Metaclass specification is incompatible between Python 2 and 3. Use the six.with_metaclass helper to specify metaclasses. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Make ldap2 connection management thread-safe againJan Cholasta2015-09-042-41/+24
| | | | | | | | | | | This fixes the connection code in LDAPClient to not store the LDAP connection in an attribute of the object, which in combination with ldap2's per-thread connections lead to race conditions resulting in connection failures. ldap2 code was updated accordingly. https://fedorahosted.org/freeipa/ticket/5268 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5.Petr Spacek2015-09-031-3/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSSEC: Fix key metadata exportPetr Spacek2015-09-031-1/+1
| | | | | | | | | | Incorrect SQL join condition could lead to situation where metadata from ZSK and KSK were interchanged. https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* DNSSEC: Fix HSM synchronization in ipa-dnskeysyncd when running on DNSSEC ↵Petr Spacek2015-09-031-1/+1
| | | | | | | | | key master https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* DNSSEC: Fix deadlock in ipa-ods-exporter <-> ods-enforcerd interactionPetr Spacek2015-09-031-8/+31
| | | | | | | https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* DNSSEC: prevent ipa-ods-exporter from looping after service auto-restartPetr Spacek2015-09-031-0/+6
| | | | | | | | | | | | It might happen that systemd will restart the service even if there is no incomming connection to service socket. In that case we want to exit because HSM synchronization is done before socket.accept() and we want to synchronize HSM and DNS zones at the same time. https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* DNSSEC: remove ccache and keytab of ipa-ods-exporterMartin Basti2015-09-033-1/+9
| | | | | | | | | Reusing old ccache after reinstall causes authentication error. And prevents DNSSEC from working. Related to ticket: https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNSSEC: backup and restore opendnssec zone list fileMartin Basti2015-09-031-1/+5
| | | | | | | | | | When zone list is not restored after unninstall, this may slow down enbaling DNSSEC signing for zones and print unwanted errors into log after new installation. Related to: https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Installer: do not modify /etc/hosts before user agreementMartin Basti2015-09-034-18/+53
| | | | | | | | | https://fedorahosted.org/freeipa/ticket/4561 As side effect this also fixes: https://fedorahosted.org/freeipa/ticket/5266 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: fix traceback caused by cidictMartin Basti2015-09-031-1/+1
| | | | | | | | Traceback caused by recent py3 code migration. https://fedorahosted.org/freeipa/ticket/5283 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* certprofile: remove 'rename' optionFraser Tweedale2015-09-023-6/+4
| | | | | | | | | The initial fix of ticket 5247 rejected renames, but left the option behind for API compatibility. Remove the option now, according to the consensus that because it never worked, it is fine to remove it. Fixes: https://fedorahosted.org/freeipa/ticket/5247 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Backup: back up the hosts fileMartin Basti2015-09-021-0/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/5275 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* DNSSEC: remove "DNSSEC is experimental" warningsMartin Basti2015-09-022-20/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/5265 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Convert zip() result to list()Petr Viktorin2015-09-011-2/+2
| | | | | | | | | | In Python 3, zip() returns an iterator. To get a list, it must be explicitly converted. In most cases, zip() result is iterated over so this is not necessary. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Modernize use of range()Petr Viktorin2015-09-0122-46/+45
| | | | | | | | | | | | In Python 3, range() behaves like the old xrange(). The difference between range() and xrange() is usually not significant, especially if the whole result is iterated over. Convert xrange() usage to range() for small ranges. Use modern idioms in a few other uses of range(). Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.reraisePetr Viktorin2015-09-012-10/+4
| | | | | | | | The three-argument raise is going away in Python 3. Use the six.reraise helper instead. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use new-style raise syntaxPetr Viktorin2015-09-013-17/+17
| | | | | | | | | The form`raise Error, value` is deprecated in favor of `raise Error(value)`, and will be removed in Python 3. Use the new syntax. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use the print functionPetr Viktorin2015-09-0168-838/+954
| | | | | | | | | In Python 3, `print` is no longer a statement. Call it as a function everywhere, and include the future import to remove the statement in Python 2 code as well. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use next() function on iteratorsPetr Viktorin2015-09-012-10/+10
| | | | | | | In Python 3, next() for iterators is a function rather than method. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Replace uses of map()Petr Viktorin2015-09-0118-35/+37
| | | | | | | | | | In Python 2, map() returns a list; in Python 3 it returns an iterator. Replace all uses by list comprehensions, generators, or for loops, as required. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.integer_types instead of (long, int)Petr Viktorin2015-09-017-18/+21
| | | | | Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.moves.input instead of raw_inputPetr Viktorin2015-09-012-5/+7
| | | | | | | | In Python 3, raw_input() was renamed to input(). Import the function from six.moves to get the right version. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Replace filter() calls with list comprehensionsPetr Viktorin2015-09-018-11/+10
| | | | | | | | In Python 3, filter() returns an iterator. Use list comprehensions instead. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use Python3-compatible dict method namesPetr Viktorin2015-09-0156-172/+182
| | | | | | | | | | | | | | | | | | | | | | Python 2 has keys()/values()/items(), which return lists, iterkeys()/itervalues()/iteritems(), which return iterators, and viewkeys()/viewvalues()/viewitems() which return views. Python 3 has only keys()/values()/items(), which return views. To get iterators, one can use iter() or a for loop/comprehension; for lists there's the list() constructor. When iterating through the entire dict, without modifying the dict, the difference between Python 2's items() and iteritems() is negligible, especially on small dicts (the main overhead is extra memory, not CPU time). In the interest of simpler code, this patch changes many instances of iteritems() to items(), iterkeys() to keys() etc. In other cases, helpers like six.itervalues are used. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.string_types instead of "basestring"Petr Viktorin2015-09-0122-71/+114
| | | | | Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove the unused pygettext scriptPetr Viktorin2015-09-011-819/+0
| | | | | | | IPA uses xgettext nowadays. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Add python-six to dependenciesPetr Viktorin2015-09-011-0/+2
| | | | | Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Don't use a tuple in function argumentsPetr Viktorin2015-09-011-1/+1
| | | | | | | This feature was removed in Python 3 to ease introspection. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove use of sys.exc_valuePetr Viktorin2015-09-013-6/+6
| | | | | | | sys.exc_value is deprecated since Python 1.5, and was removed in Python 3. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use %license instead of %doc for packaging the licenseRob Crittenden2015-08-311-5/+10
| | | | | | https://fedorahosted.org/freeipa/ticket/5227 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Integration tests for topology pluginOleg Fayans2015-08-283-21/+241
| | | | | Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
* install: Fix SASL mappings not added in ipa-server-installJan Cholasta2015-08-271-0/+1
| | | | | Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* cert renewal: Automatically update KRA agent PEM fileJan Cholasta2015-08-271-1/+11
| | | | | | https://fedorahosted.org/freeipa/ticket/5253 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* cert renewal: Include KRA users in Dogtag LDAP updateJan Cholasta2015-08-271-4/+9
| | | | | | https://fedorahosted.org/freeipa/ticket/5253 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix user tracker to reflect new user-del messageLenka Doudova2015-08-271-1/+1
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* Insure the admin_conn is disconnected on stopSimo Sorce2015-08-271-0/+7
| | | | | | | | If we stop or restart the server insure admin_conn gets reset or other parts may fail to properly connect/authenticate Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Simplify adding options in ipachangeconfSimo Sorce2015-08-271-0/+21
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Move sasl mappings creation to dsinstanceSimo Sorce2015-08-272-48/+51
| | | | | | | | | Sasl mappings can be created directly by the DS Instance, there is no reason to create them in the krbinstance as they do not depend on the kdc to be configured just to be created. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove custom utility function from krbinstanceSimo Sorce2015-08-271-21/+3
| | | | | | | | Remove the custom update_key_val_in_file() and instead use the common function config_replace_variables() available from ipautil. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipactl: Do not start/stop/restart single service multiple timesDavid Kupka2015-08-261-1/+16
| | | | | | | | | In case multiple services are provided by single system daemon it is not needed to start/stop/restart it mutiple time. https://fedorahosted.org/freeipa/ticket/5248 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: Limit size of data stored in vaultDavid Kupka2015-08-261-1/+20
| | | | | | https://fedorahosted.org/freeipa/ticket/5231 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: fix vault tests after default type changePetr Vobornik2015-08-261-2/+9
| | | | | | https://fedorahosted.org/freeipa/ticket/5251 Reviewed-By: Martin Basti <mbasti@redhat.com>
* certprofile: prevent rename (modrdn)Fraser Tweedale2015-08-261-2/+3
| | | | | Fixes: https://fedorahosted.org/freeipa/ticket/5247 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Removed clear text passwords from KRA install log.Endi S. Dewata2015-08-262-8/+10
| | | | | | | | | | The ipa-kra-install tool has been modified to use password files instead of clear text passwords when invoking pki tool such that the passwords are no longer visible in ipaserver-kra-install.log. https://fedorahosted.org/freeipa/ticket/5246 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* webui: add option to establish bidirectional trustPetr Vobornik2015-08-261-1/+12
| | | | | | https://fedorahosted.org/freeipa/ticket/5259 Reviewed-By: Tomas Babej <tbabej@redhat.com>
generated by cgit (git 2.34.1) at 2026-03-08 05:48:07 +0000