| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5532
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Gabe Alford <redhatrises@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This import statement has been removed in commit
e4075b1fe26a608cd1f3778ee1f655a5f5700c65. This caused requests for service
certs to fail, since the validation functions from x509 module crashed with
NameError.
https://fedorahosted.org/freeipa/ticket/5561
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
| |
Enables check and removes extra pass statement from code.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enables check and fixes:
************* Module ipalib.session
ipalib/session.py:671: [C0112(empty-docstring), SessionAuthManager]
Empty class docstring)
ipalib/session.py:705: [C0112(empty-docstring),
SessionAuthManager.logout] Empty method docstring)
************* Module ipalib.cli
ipalib/cli.py:364: [C0112(empty-docstring), textui.print_entry] Empty
method docstring)
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enables check and fixes:
************* Module ipapython.log_manager
ipapython/log_manager.py:808: [C0303(trailing-whitespace), ] Trailing
whitespace)
************* Module ipachangeconf
contrib/RHEL4/ipachangeconf.py:28: [C0303(trailing-whitespace), ]
Trailing whitespace)
contrib/RHEL4/ipachangeconf.py:116: [C0303(trailing-whitespace), ]
Trailing whitespace)
************* Module ipalib.plugins.pwpolicy
ipalib/plugins/pwpolicy.py:174: [C0303(trailing-whitespace), ] Trailing
whitespace)
ipalib/plugins/pwpolicy.py:180: [C0303(trailing-whitespace), ] Trailing
whitespace)
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Wildcard imports should not be used.
Check for wildcard imports has been enabled in pylint.
Pylint note: options 'wildcard-import' causes too much false positive
results, so instead it I used 'unused-wildcard-import' option which has almost
the same effect.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
| |
This patch removes unused imports, alse pylint has been configured to
check unused imports.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5473
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Running make with PYTHON=/usr/bin/python3 will build/install the
bits for Python 3.
Executable scripts in ipatests have symlinks Python version suffixes
as per Fedora guidelines. Suffix-less names point to the Python 2 versions.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Check if the zone user wants to add is already resolvable and refuse to
create it if yes. --skip-overlap-check and --force options suppress this check.
https://fedorahosted.org/freeipa/ticket/5087
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ipautil.run function now returns an object with returncode and
output are accessible as attributes.
The stdout and stderr of all commands are logged (unless skip_output is given).
The stdout/stderr contents must be explicitly requested with a keyword
argument, otherwise they are None.
This is because in Python 3, the output needs to be decoded, and that can
fail if it's not decodable (human-readable) text.
The raw (bytes) output is always available from the result object,
as is "leniently" decoded output suitable for logging.
All calls are changed to reflect this.
A use of Popen in cainstance is changed to ipautil.run.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add server_conncheck command which calls ipa-replica-conncheck --replica
over oddjob.
https://fedorahosted.org/freeipa/ticket/5497
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3416
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
|
| |
|
|
|
|
|
| |
`ipa help topology` is improved.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
| |
https://www.redhat.com/archives/freeipa-devel/2015-November/msg00485.html
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
| |
Change CLI option, label and type to reflect that it is a only a DN
of the suffix.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Default ldap search limit is now 30 sec by default during upgrade.
Limits must be changed for the whole ldap2 connection, because this
connection is used inside update plugins and commands called from
upgrade.
Together with increasing the time limit, also size limit should be
unlimited during upgrade. With sizelimit=None we may get the
TimeExceeded exception from getting default value of the sizelimit from LDAP.
https://fedorahosted.org/freeipa/ticket/5267
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4286
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
| |
Objectclasses must be handled as case insensitive.
https://fedorahosted.org/freeipa/ticket/5456
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Python dns resolver append configured domain to queries which may lead
to false positive answer.
Exmaple: resolving "ipa.example.com" may return records for
"ipa.example.com.example.com" if domain is configured as "example.com"
https://fedorahosted.org/freeipa/ticket/5421
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To debug DNS issues other commands should be used like 'dig', 'host',
'nslookup' instead of command 'ipa dns-resolve'.
This command is executed on server side, what may not be helpful with
debugging clients.
'ipa dns-resolve' command is worse copy of host command, users should use
'host' command instead.
dns-resolve is removed from CLI
https://fedorahosted.org/freeipa/ticket/5466
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5472
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Profiles and the default CA ACL were not being added during replica
install from pre-4.2 servers. Update ipa-replica-install to add
these if they are missing.
Also update the caacl plugin to prevent deletion of the default CA
ACL and instruct the administrator to disable it instead.
To ensure that the cainstance installation can add profiles, supply
the RA certificate as part of the instance configuration.
Certmonger renewal setup is avoided at this point because the NSSDB
gets reinitialised later in installation procedure.
Also move the addition of the default CA ACL from dsinstance
installation to cainstance installation.
Fixes: https://fedorahosted.org/freeipa/ticket/5459
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Plugins should call self.api not the global one during upgrade
https://fedorahosted.org/freeipa/ticket/5472
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added commands:
* user-add-manager
* user-remove-manager
* stageuser-add-manager
* stageuser-remove-manager
Commit contains override of convert_attribute_members method in baseuser
class that ensures the managers will be returned in 'manager' attribute
due to backward compatibility instead of 'manager_user' as would be
expected.
https://fedorahosted.org/freeipa/ticket/5344
This patch also fixes: https://fedorahosted.org/freeipa/ticket/5387
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
| |
usser-add and stageuser-add contains common code that can be exported to
baseuser common postcallback
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
| |
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Relative name "record.zone" is being added into zone "zone.",
which is probably a mistake. User probably wanted to either specify
relative name "record" or use FQDN "record.zone.".
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
* ipa-csreplica-manage {connect|disconnect} - a user should use 'ipa
topologysegment-*' commands
* ipa-csreplica-manage del - a user should use ipa-replica-manage del
https://fedorahosted.org/freeipa/ticket/5405
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Added try-except block in dns plugin in order to provide user
friendly message to end user.
https://fedorahosted.org/freeipa/ticket/4811
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
| |
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
| |
The client XML-RPC implementation is tied to rpclib internals,
so with a change in Python it needs to be updated. And rpclib
changed in Python 3.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
| |
This workaround is unused in Python 2.7+.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
| |
IPA hasn't supported these pythons for a while now.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Added constants for domain levels
DOMAIN_LEVEL_0 = 0
DOMAIN_LEVEL_1 = 1
This allows to search for domain level easier in code.
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Makes sure that the first check that is performed when trustdomain-del
command is run is that the actual trusted domain exists. This is done to
prevent a subseqent error which might be misleading.
https://fedorahosted.org/freeipa/ticket/5389
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The trust_show command does not raise a properly formatted NotFound
error if the trust is not found, only a generic EmptyResult error
is raised.
This patch makes the trust_show tell us what actually could not be
found.
https://fedorahosted.org/freeipa/ticket/5389
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of searching for all zones to identify the correct reverse zone, we
will first ask the resolver to return the name of zone that should contain the
desired record and then see if IPA manages this zone.
This patch also removes a duplicate function in bindinstance.py that is not
used anywhere.
https://fedorahosted.org/freeipa/ticket/5200
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
| |
Python 3 doesn't provide ugettext/ungettext, since gettext/ngettext
work with (unicode) strings.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
| |
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
| |
In Python 3, the "message" property was removed in favor of calling str().
Add it to PublicMessage, since IPA code depends on it.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Python 3, the base64.b64decode function raises binascii.Error (a ValueError
subclass) when it finds incorrect padding. In Python 2 it raises TypeError.
Callers should usually handle ValueError; unless they are specifically
concerned with handling base64 padding issues).
In some cases, callers should handle ValueError:
- ipalib.pkcs10 (get_friendlyname, load_certificate_request): callers should
handle ValueError
- ipalib.x509 (load_certificate*, get_*): callers should handle ValueError
In other cases ValueError is handled:
- ipalib.parameters
- ipapython.ssh
- ipalib.rpc (json_decode_binary - callers already expect ValueError)
- ipaserver.install.ldapupdate
Elsewhere no error handling is done, because values come from trusted
sources, or are pre-validated:
- vault plugin
- ipaserver.install.cainstance
- ipaserver.install.certs
- ipaserver.install.ipa_otptoken_import
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Warning user that DNSSEC key master is not installed when commands
dnszone-add, dnszone-mod, dnszone-show when option dnssec=true
https://fedorahosted.org/freeipa/ticket/5290
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
