summaryrefslogtreecommitdiffstats
path: root/ipa-client
Commit message (Collapse)AuthorAgeFilesLines
* Split ipa-client/ into ipaclient/ (Python library) and client/ (C, scripts)Petr Viktorin2016-01-2731-9366/+0
| | | | | | | | | | | | | | | | Make ipaclient a Python library like ipapython, ipalib, etc. Use setup.py instead of autotools for installing it. Move C client tools, Python scripts, and man pages, to client/. Remove old, empty or outdated, boilerplate files (NEWS, README, AUTHORS). Remove /setup-client.py (ipalib/setup.py should be used instead). Update Makefiles and the spec file accordingly. https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Added kpasswd_server directive in client krb5.confAbhijeet Kasurde2016-01-201-0/+4
| | | | | | | | | | While configuring ipa client using ipa-client-install can configure kpasswd_server explicitly using directive in client's krb5.conf https://fedorahosted.org/freeipa/ticket/5547 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Avoid builtins that were removed in Python 3Petr Viktorin2016-01-201-1/+1
| | | | | | | | | | | | - `file` was removed in favor of `open`. Switch to the new spelling. - `buffer` was removed in favor of a buffer protocol (and memoryview), and `reload` was moved to importlib. Both are used in py2-only blocks, so just placate PyLint. https://fedorahosted.org/freeipa/ticket/5623 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* logger: Use warning instead of warnTomas Babej2016-01-181-3/+3
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* Enable pylint expression-not-assigned checkMartin Basti2015-12-231-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enables check and fixes: ************* Module ipa-replica-conncheck install/tools/ipa-replica-conncheck:150: [W0106(expression-not-assigned), parse_options] Expression "(replica_group.add_option('-w', '--password', dest='password', sensitive=True, help='Password for the principal'), )" is assigned to nothing) ************* Module ipatests.test_xmlrpc.test_automount_plugin ipatests/test_xmlrpc/test_automount_plugin.py:437: [W0106(expression-not-assigned), test_automount_indirect.test_1a_automountmap_add_indirect] Expression "api.Command['automountmap_add_indirect'](self.locname, self.mapname, **self.map_kw)['result']" is assigned to nothing) ************* Module ipatests.test_ipaserver.test_otptoken_import ipatests/test_ipaserver/test_otptoken_import.py:128: [W0106(expression-not-assigned), test_otptoken_import.test_mini] Expression "[(t.id, t.options) for t in doc.getKeyPackages()]" is assigned to nothing) ************* Module ipatests.test_ipaserver.test_ldap ipatests/test_ipaserver/test_ldap.py:221: [W0106(expression-not-assigned), test_LDAPEntry.test_popitem] Expression "list(e) == []" is assigned to nothing) ************* Module ipa-client-install ipa-client/ipa-install/ipa-client-install:114: [W0106(expression-not-assigned), parse_options] Expression "(basic_group.add_option('-p', '--principal', dest='principal', help='principal to use to join the IPA realm'), )" is assigned to nothing) ipa-client/ipa-install/ipa-client-install:116: [W0106(expression-not-assigned), parse_options] Expression "(basic_group.add_option('-w', '--password', dest='password', sensitive=True, help='password to join the IPA realm (assumes bulk password unless principal is also set)'), )" is assigned to nothing) ipa-client/ipa-install/ipa-client-install:118: [W0106(expression-not-assigned), parse_options] Expression "(basic_group.add_option('-k', '--keytab', dest='keytab', help='path to backed up keytab from previous enrollment'), )" is assigned to nothing) ipa-client/ipa-install/ipa-client-install:120: [W0106(expression-not-assigned), parse_options] Expression "(basic_group.add_option('-W', dest='prompt_password', action='store_true', default=False, help='Prompt for a password to join the IPA realm'), )" is assigned to nothing) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove wildcard importsMartin Basti2015-12-231-1/+1
| | | | | | | | | | | Wildcard imports should not be used. Check for wildcard imports has been enabled in pylint. Pylint note: options 'wildcard-import' causes too much false positive results, so instead it I used 'unused-wildcard-import' option which has almost the same effect. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove unused importsMartin Basti2015-12-233-5/+0
| | | | | | | This patch removes unused imports, alse pylint has been configured to check unused imports. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa-client-install: create a temporary directory for ccache filesMartin Babinsky2015-12-141-3/+3
| | | | | | | | | | | gssapi.Credentials instantiation in ipautil.kinit_keytab() raises 'Bad format in credential cache' error when a name of an existing zero-length file is passed as a ccache parameter. Use temporary directory instead and let GSSAPI to create file-based ccache on demand. https://fedorahosted.org/freeipa/ticket/5528 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Refactor ipautil.runPetr Viktorin2015-12-141-18/+25
| | | | | | | | | | | | | | | | | | | | | The ipautil.run function now returns an object with returncode and output are accessible as attributes. The stdout and stderr of all commands are logged (unless skip_output is given). The stdout/stderr contents must be explicitly requested with a keyword argument, otherwise they are None. This is because in Python 3, the output needs to be decoded, and that can fail if it's not decodable (human-readable) text. The raw (bytes) output is always available from the result object, as is "leniently" decoded output suitable for logging. All calls are changed to reflect this. A use of Popen in cainstance is changed to ipautil.run. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Migrate wget references and usage to curlGabe2015-12-111-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/5458 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Removed duplicate domain name validating functionStanislav Laznicka2015-12-021-3/+6
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* Support sourcing the IPA server name from configSimo Sorce2015-11-274-6/+131
| | | | | | | | | | Use ding-libs to parse /etc/ipa/default.conf to find the IPA server to contact by default. Signed-off-by: Simo Sorce <simo@redhat.com> Ticket: https://fedorahosted.org/freeipa/ticket/2203 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* ipa-client-automount: Leverage IPAChangeConf to configure the domain for idmapdTomas Babej2015-11-261-5/+15
| | | | | | | | | | | | | Simple regexp substitution caused that the domain directive fell under an inapprorpiate section, if the domain directive was not present. Hence the idmapd.conf file was not properly parsed. Use IPAChangeConf to put the directive in its correct place even if it the domain directive is missing. https://fedorahosted.org/freeipa/ticket/5069 Reviewed-By: Gabe Alford <redhatrises@gmail.com>
* ipachangeconf: Add ability to preserve section caseTomas Babej2015-11-261-1/+4
| | | | | | | | | | The IPAChangeConf normallizes section names to lower case. There are cases where this behaviour might not be desirable, so provide a way to opt out. https://fedorahosted.org/freeipa/ticket/5069 Reviewed-By: Gabe Alford <redhatrises@gmail.com>
* ipa-getkeytab: do not return error when translations cannot be loadedMartin Basti2015-11-251-1/+1
| | | | | | | | Only warning is shown https://fedorahosted.org/freeipa/ticket/5483 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* install: drop support for Dogtag 9Jan Cholasta2015-11-252-7/+6
| | | | | | | | | | | Dogtag 9 CA and CA DS install and uninstall code was removed. Existing Dogtag 9 CA and CA DS instances are disabled on upgrade. Creating a replica of a Dogtag 9 IPA master is still supported. https://fedorahosted.org/freeipa/ticket/5197 Reviewed-By: David Kupka <dkupka@redhat.com>
* client install: do not corrupt OpenSSH config with Match sectionsJan Cholasta2015-11-201-2/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/5461 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa-client-install: Fix the "download the CA cert" queryFrançois Cami2015-11-111-1/+1
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipachangeconf: Remove reference to an old-style interfaceTomas Babej2015-11-101-1/+0
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipaplatform: Add SECURE_NFS_VAR to constantsTimo Aaltonen2015-11-041-1/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Add Firefox options to ipa-client-install man pageGabe2015-10-292-1/+7
| | | | | | | | - Update --configure-firefox description in ipa-client-install https://fedorahosted.org/freeipa/ticket/5375 Reviewed-By: Martin Basti <mbasti@redhat.com>
* default.conf.5: Fix a typoBenjamin Drung2015-10-221-1/+1
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix manpage-has-errors-from-man warning (found by Lintian)Benjamin Drung2015-10-222-20/+33
| | | | | | | | | See https://lintian.debian.org/tags/manpage-has-errors-from-man.html for an explanation. Issues found were ipa-client-install.1.gz 208: warning [p 5, 4.0i]: cannot adjust line default.conf.5.gz 50: warning: macro `np' not defined Reviewed-By: Martin Basti <mbasti@redhat.com>
* The delegation uris are not set, match message to code.Jan Pazdziora2015-10-131-1/+1
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Use six.moves.configparser instead of ConfigParserPetr Viktorin2015-10-071-1/+1
| | | | | | | | The module name was lowercased in Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.urllib instead of urllib/urllib2/urlparsePetr Viktorin2015-10-073-12/+13
| | | | | | | | In Python 3, these modules are reorganized. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Replace StandardError with ExceptionRobert Kuska2015-09-301-1/+1
| | | | | | | | StandardError was removed in Python3 and instead Exception should be used. Signed-off-by: Robert Kuska <rkuska@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Alias "unicode" to "str" under Python 3Jan Cholasta2015-09-171-0/+4
| | | | | | | | | The six way of doing this is to replace all occurences of "unicode" with "six.text_type". However, "unicode" is non-ambiguous and (arguably) easier to read. Also, using it makes the patches smaller, which should help with backporting. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Decode script arguments using file system encodingJan Cholasta2015-09-072-2/+2
| | | | | | | | This mimics Python 3's behavior, where sys.argv is automatically decoded using file system encoding, as returned by sys.getfilesystemencoding(). This includes reimplementation of os.fsdecode() from Python 3. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use new-style raise syntaxPetr Viktorin2015-09-011-1/+1
| | | | | | | | | The form`raise Error, value` is deprecated in favor of `raise Error(value)`, and will be removed in Python 3. Use the new syntax. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use the print functionPetr Viktorin2015-09-012-35/+39
| | | | | | | | | In Python 3, `print` is no longer a statement. Call it as a function everywhere, and include the future import to remove the statement in Python 2 code as well. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use Python3-compatible dict method namesPetr Viktorin2015-09-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | Python 2 has keys()/values()/items(), which return lists, iterkeys()/itervalues()/iteritems(), which return iterators, and viewkeys()/viewvalues()/viewitems() which return views. Python 3 has only keys()/values()/items(), which return views. To get iterators, one can use iter() or a for loop/comprehension; for lists there's the list() constructor. When iterating through the entire dict, without modifying the dict, the difference between Python 2's items() and iteritems() is negligible, especially on small dicts (the main overhead is extra memory, not CPU time). In the interest of simpler code, this patch changes many instances of iteritems() to items(), iterkeys() to keys() etc. In other cases, helpers like six.itervalues are used. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove use of sys.exc_valuePetr Viktorin2015-09-011-2/+2
| | | | | | | sys.exc_value is deprecated since Python 1.5, and was removed in Python 3. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Simplify adding options in ipachangeconfSimo Sorce2015-08-271-0/+21
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Port from python-krbV to python-gssapiMichael Simacek2015-08-263-10/+10
| | | | | | | | | | | | | | | | | | python-krbV library is deprecated and doesn't work with python 3. Replacing all it's usages with python-gssapi. - Removed Backend.krb and KRB5_CCache classes They were wrappers around krbV classes that cannot really work without them - Added few utility functions for querying GSSAPI credentials in krb_utils module. They provide replacements for KRB5_CCache. - Merged two kinit_keytab functions - Changed ldap plugin connection defaults to match ipaldap - Unified getting default realm Using api.env.realm instead of krbV call Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* client: Add description of --ip-address and --all-ip-addresses to man pageDavid Kupka2015-08-191-0/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4249 Reviewed-By: Martin Basti <mbasti@redhat.com>
* client: Add support for multiple IP addresses during installation.David Kupka2015-08-181-66/+223
| | | | | | https://fedorahosted.org/freeipa/ticket/4249 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-client-install: warn when IP used in --serverStanislav Laznicka2015-08-141-0/+19
| | | | | | | | | ipa-client-install fails when an IP address is passed to ipa-join instead of a FQDN https://fedorahosted.org/freeipa/ticket/4932 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-125-98/+98
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Modernize number literalsPetr Viktorin2015-07-313-7/+7
| | | | | | | | | | | | | | Use Python-3 compatible syntax, without breaking compatibility with py 2.7 - Octals literals start with 0o to prevent confusion - The "L" at the end of large int literals is not required as they use long on Python 2 automatically. - Using 'int' instead of 'long' for small numbers is OK in all cases except strict type checking checking, e.g. type(0). https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa-client-install: Do not (re)start certmonger and DBus daemons.David Kupka2015-07-201-56/+15
| | | | | | | | | | | | When DBus is present in the system it is always running. Starting of certmomger is handled in ipapython/certmonger.py module if necessary. Restarting is no longer needed since freeipa is not changing certmonger's files. https://fedorahosted.org/freeipa/ticket/5095 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* enable debugging of ntpd during client installationMartin Babinsky2015-07-202-4/+8
| | | | | | | | | | When installing IPA client in debug mode, the ntpd command spawned during initial time-sync with master KDC will also run in debug mode. https://fedorahosted.org/freeipa/ticket/4931 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove tuple unpacking from except clause ipa-client/ipaclient/ipachangeconf.pyChristian Heimes2015-07-141-2/+2
| | | | | | | | | | Python 3 doesn't support tuple unpacking in except clauses. All implicit tuple unpackings have been replaced with explicit unpacking of e.args. https://fedorahosted.org/freeipa/ticket/5120 Reviewed-By: Tomas Babej <tbabej@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipalib: Fix skip_version_check optionJan Cholasta2015-07-081-0/+3
| | | | | | | | | | | This reverts commit ea7f392bb98c1f1c4558ec5d6e84ee7a7c613474. The option can be either set in IPA config file or specified as 'ipa -e skip_version_check=1 [COMMAND]'. https://fedorahosted.org/freeipa/ticket/4768 Reviewed-By: Martin Basti <mbasti@redhat.com>
* FIX: Clear SSSD caches when uninstalling the clientMartin Basti2015-07-071-7/+12
| | | | | | https://fedorahosted.org/freeipa/ticket/5049 Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Clear SSSD caches when uninstalling the clientGabe2015-06-301-0/+13
| | | | | | https://fedorahosted.org/freeipa/ticket/5049 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
* increase NSS memcache timeout for IPA serverMartin Babinsky2015-06-301-0/+9
| | | | | | | | | Increasing memcache timeout to 600 seconds when configuring sssd on IPA server should improve performance when dealing with large groups in trusts. https://fedorahosted.org/freeipa/ticket/4964 Reviewed-By: Martin Basti <mbasti@redhat.com>
* vault: Move vaults to cn=vaults,cn=kraJan Cholasta2015-06-101-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: David Kupka <dkupka@redhat.com>
* Clarify host name output in ipa-client-installPetr Spacek2015-06-051-1/+1
| | | | | | Proposed by Tomas Capek Reviewed-By: Martin Basti <mbasti@redhat.com>
* Added vault plugin.Endi S. Dewata2015-05-251-0/+1
| | | | | | | | | A new plugin has been added to manage vaults. Test scripts have also been added to verify the functionality. https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-27 15:57:20 +0000