summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Port all setup.py to setuptoolsChristian Heimes2016-10-2023-453/+383
| | | | | | | | | | | All setup.py files are now using setuptools through a common file ipasetup.py. The file is auto-generated and contain all common settings. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Replace ipaplatform's symlinks with a meta importerChristian Heimes2016-10-206-17/+37
| | | | | Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add fix for no-hbac-allow option in server installAbhijeet Kasurde2016-10-182-2/+3
| | | | | | | | | | | | This PR brings uniformity in option provided by no-hbac-allow and other options present in IPA server install script Fixes https://fedorahosted.org/freeipa/ticket/6357 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
* Reverted the essertion for replica uninstall returncodeOleg Fayans2016-10-181-5/+1
| | | | | | | | | | As the issue with ipa installer always returning 0 returncode was addressed, the test needs to be made aware of this change. https://fedorahosted.org/freeipa/ticket/6401 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Build: remove deprecated AC_STDC_HEADERS macroPetr Spacek2016-10-181-1/+0
| | | | | | | Interestingly, the new macro AC_HEADER_STDC is alredy present. Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Build: require Python >= 2.7Petr Spacek2016-10-181-1/+1
| | | | | | | | | The Python detection logic will be improved later when we start to use top-level configure.ac to manage build completely. For now simple bump is enough. Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Build: remove traces of mozldap libraryPetr Spacek2016-10-182-54/+7
| | | | | | | | | | | | | | Mozldap is not used for some time now. We can remove all traces of it. AFAIK the complex logic for OpenLDAP detection should not be necessary and -lldap_r -llber options should suffice. Unfortunatelly OpenLDAP package does not ship package config files so we have to hardcode flags. Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Build: modernize crypto library detectionPetr Spacek2016-10-183-10/+6
| | | | | | | | | | Use package config instead of checking headers. Package config is faster because it does not invoke compiler and guarantees proper linking flags because these are provided by package maintainer instead of hardcoded into build system. Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Build: modernize UUID library detectionPetr Spacek2016-10-181-4/+1
| | | | | | | | | | Use package config instead of checking headers. Package config is faster because it does not invoke compiler and guarantees proper linking flags because these are provided by package maintainer instead of hardcoded into build system. Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Build: modernize Kerberos library detectionPetr Spacek2016-10-181-5/+1
| | | | | | | | | | | | Use package config instead of checking headers. Package config is faster because it does not invoke compiler and guarantees proper linking flags because these are provided by package maintainer instead of hardcoded into build system. libkrad does not have package config file so we keep the old way here. Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Build: add missing KRB5_LIBS to daemons/ipa-otpdPetr Spacek2016-10-181-2/+2
| | | | | | | It was working accidentally because krb5 libs are part of OPENLDAP_LIBS. Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Move ipa.1 man fileChristian Heimes2016-10-174-44/+2
| | | | | | | | setuptools does not support data_files any more. The ipa(1) man page is now handled like the remaining man pages. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* cert: add revocation reason back to cert-find outputJan Cholasta2016-10-131-8/+9
| | | | | | | | | | | | | | | In commit c718ef058847bb39e78236e8af0ad69ac961bbcf some param values were accidentally removed from cert-find output. In commit 22d5f579bbd8bb452cf1bf620294ab6ade6e7c47 `serial_number_hex` and `revoked` were added back. Add back `revocation_reason` as well. Also, do not include `revoked` with --raw, as it's a virtual attribute. https://fedorahosted.org/freeipa/ticket/6269 Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* Move ipa-otpd to $libexecdir/ipaTimo Aaltonen2016-10-133-3/+4
| | | | | | This is more consistent with the other daemons. Reviewed-By: Martin Basti <mbasti@redhat.com>
* Purge obsolete firefox extensionTimo Aaltonen2016-10-1320-502/+2
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* CI: workaround: wait for dogtag before replica-prepareMartin Basti2016-10-131-0/+3
| | | | | | | | | | | In domain level 0 ipa-replica-prepare fails because dogtag is not ready so soon after final restart during installation (tests are too fast). Wait 30 seconds before ipa-replica-prepare is executed, to make sure that dogtag is ready. Remove this workaround when ticket is fixed. https://fedorahosted.org/freeipa/ticket/6274 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Test: disabled wrong client domain tests for domlevel 0Oleg Fayans2016-10-121-0/+1
| | | | | | | | These tests are only relevant for domain level 1 https://fedorahosted.org/freeipa/ticket/6382 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Tests: Certificate revocationLenka Doudova2016-10-121-5/+75
| | | | | | | | | Providing tests for certificate revocation to replace deleted tests from test_cert_find. https://fedorahosted.org/freeipa/ticket/6349 Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* Tests: Remove invalid certplugin testsLenka Doudova2016-10-121-74/+1
| | | | | | | | | | | A bunch of certplugin tests were testing number of revoked certificates with various revocation reasons. Since existence of revoked certificates often depends on other parts of IdM than IPA, it is not really valid to check their presence unless creation of revoked certificate is intentionally tested. https://fedorahosted.org/freeipa/ticket/6349 Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* UnsafeIPAddress: Implement __(g|s)etstate__ and to ensure proper (un)picklingDavid Kupka2016-10-121-0/+22
| | | | | | | | | | Missing attributes in instance created by pickle.load cause AttributeError in second part of ipa-server-install --external-ca. https://fedorahosted.org/freeipa/ticket/6385 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* do not use keys() method when iterating through dictionariesMartin Babinsky2016-10-126-11/+11
| | | | | | | | | pylint-1.6.4-1.fc26.noarch reports "C0201(consider-iterating-dictionary)" when building FreeIPA, we have to fix these errors https://fedorahosted.org/freeipa/ticket/6391 Reviewed-By: Martin Basti <mbasti@redhat.com>
* remove trailing newlines form python modulesMartin Babinsky2016-10-1224-27/+0
| | | | | | | | | pylint-1.6.4-1.fc26.noarch reports these, hence they should be fixed in order to build FreeIPA with this version https://fedorahosted.org/freeipa/ticket/6391 Reviewed-By: Martin Basti <mbasti@redhat.com>
* WebUI: fix API Browser menu labelPavel Vomacka2016-10-113-1/+3
| | | | | | | | | The label of API Browser is now in translatable strings and it has uppercase B at the beginnig of second word. https://fedorahosted.org/freeipa/ticket/6384 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Tests: print what was expected from callables in xmlrpc_testsPetr Spacek2016-10-111-14/+22
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* Pylint: fix the rest of unused local variablesMartin Basti2016-10-1114-101/+53
| | | | Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* Pylint: remove unused variables in testsMartin Basti2016-10-118-58/+41
| | | | Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* Add tooltip to all fields in DNS record adder dialogPavel Vomacka2016-10-111-0/+15
| | | | | | In case that option is not documented or the doc string is the same as label, then no tooltip is shown. Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNS: Improve field descriptions for SRV recordsPetr Spacek2016-10-112-5/+9
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNS: Support URI resource record typePetr Spacek2016-10-119-15/+174
| | | | | | https://fedorahosted.org/freeipa/ticket/6344 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix ipa-cacert-manage man pageFlorence Blanc-Renaud2016-10-111-1/+3
| | | | | | | | | | | | | | When the admin runs ipa-cacert-manage install, he should also run ipa-certupdate on master/replicas/clients in order to update the certificates databases. The man page should mention this requirement, and also clarify that "install" command does not replace IPA CA but rather installs an additional trusted CA. https://fedorahosted.org/freeipa/ticket/6381 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Tests: Fix failing test_ipalib/test_parametersLenka Doudova2016-10-111-1/+1
| | | | | | | | | | | Parameters test fails because of KeyError caused by improper manipulation with kwargs in Param.__init__ method. During initialization, if kwargs['required'] or kwargs['multivalue'] is None, it is delete from dictionary and hence the missing key. Small change of the condition prevents this from happening. Partially fixes https://fedorahosted.org/freeipa/ticket/6292 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Fix compatibility with python-dns 1.15.0Petr Spacek2016-10-111-8/+7
| | | | | | | | | | | From https://github.com/rthalley/dnspython/issues/214: The FreeIPA code is directly invoking the TXT RR constructor instread of calling dns.rdata.from_text(), which is how dnspython would like you to do this kind of thing. https://fedorahosted.org/freeipa/ticket/6390 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add commentary about CA deletion to plugin docFraser Tweedale2016-10-061-8/+13
| | | | | | | | | | | Add commentary to 'ca' plugin documentation to explain what happens when a CA gets deleted - namely, that its signing cert gets revoked and its private key deleted. Also break the docstring up into smaller chunks to aid translation. Fixes: https://fedorahosted.org/freeipa/ticket/6256 Reviewed-By: Martin Basti <mbasti@redhat.com>
* spec: require Dogtag >= 10.3.5-6Fraser Tweedale2016-10-061-2/+2
| | | | | | | | | Require Dogtag 10.3.5-6, which is the first release that implements revocation of lightweight CA signing certificates upon deletion. Part of: https://fedorahosted.org/freeipa/ticket/6256 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa: check if provided config file existsTomas Krizek2016-10-061-2/+11
| | | | | | | | | | | Add a parser check to verify config file supplied to the ipa command exists. Previously, invalid file paths would not results in any error and would just silently proceed with default config. https://fedorahosted.org/freeipa/ticket/6114 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa: allow relative paths for config fileTomas Krizek2016-10-061-14/+1
| | | | | | | | | Remove unnecessary check for absolute file paths for config file. https://fedorahosted.org/freeipa/ticket/6114 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Tests: Remove silent deleting and creating entries by trackerLenka Doudova2016-10-064-7/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/6123 Reviewed-By: Milan Kubik <mkubik@redhat.com>
* Pylint: remove unused variables in ipaserver packageMartin Basti2016-10-0614-124/+78
| | | | Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Pylint: remove unused variables from installers and scriptsMartin Basti2016-10-0630-234/+111
| | | | Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Add iSecStore.spanChristian Heimes2016-10-061-0/+3
| | | | | | | | In the future Custodia is going to make CSStore.span an abstract method. Closes: https://fedorahosted.org/freeipa/ticket/6365 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Properly handle LDAP socket closures in ipa-otpdNathaniel McCallum2016-10-062-13/+10
| | | | | | | | | | | | | | In at least one case, when an LDAP socket closes, a read event is fired rather than an error event. Without this patch, ipa-otpd silently ignores this event and enters a state where all bind auths fail. To remedy this problem, we pass error events along the same path as read events. Should the actual read fail, we exit. https://bugzilla.redhat.com/show_bug.cgi?id=1377858 https://fedorahosted.org/freeipa/ticket/6368 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Make installer quit more nicely on external CA installationStanislav Laznicka2016-10-061-1/+1
| | | | | | | | | | cainstance.__spawn_instance() exits in rather weird manner on successful external CA install. This masks the weird implementation from the user. :-& https://fedorahosted.org/freeipa/ticket/6230 Reviewed-By: David Kupka <dkupka@redhat.com>
* ipatests: Implement tests with CSRs requesting SANMilan Kubík2016-10-042-2/+303
| | | | | | | | | The patch implements several test cases testing the enforcement of CA ACLs on certificate requests with subject alternative names. https://fedorahosted.org/freeipa/ticket/6366 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipatests: Fix name property on a service trackerMilan Kubík2016-10-041-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/6366 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipatests: provide context manager for keytab usage in RPC testsMilan Kubík2016-10-041-5/+67
| | | | | | https://fedorahosted.org/freeipa/ticket/6366 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Raise errors from service.py:_ldap_mod() by defaultPetr Spacek2016-10-041-2/+2
| | | | | | | | | This is to prevent situations when installer prints CRITICAL Failed to load ....ldif and continues just to crash later on because of non-existing LDAP container or so on. Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix test_util.test_assert_deepequal testStanislav Laznicka2016-10-041-5/+17
| | | | | | | | | | The test would be failing because recent pretty-print changes that caused the inner members of a dictionary to be printed in a different order. https://fedorahosted.org/freeipa/ticket/6373 Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
* mod_nss: use more robust quoting of NSSNickname directiveMartin Babinsky2016-10-032-12/+33
| | | | | | | | | | The code which handles configuration of mod_nss module must be more robust when handling NSS nicknames generated from subject names containing quoted RDN values. https://fedorahosted.org/freeipa/ticket/5809 Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
* Move character escaping function to ipautilMartin Babinsky2016-10-032-27/+29
| | | | | | | | | | Functions `escape_seq` and `unescape_seq` have a generic use-case so it makes sense to move them from `kerberos` to ipautil module so that other modules can reuse them more readily. https://fedorahosted.org/freeipa/ticket/5809 Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
* Fix: find OSCP certificate testMartin Basti2016-09-301-1/+3
| | | | | | | | Test should check if any OSCP certificate has been returned https://fedorahosted.org/freeipa/ticket/6359 Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-29 05:19:08 +0000