summaryrefslogtreecommitdiffstats
path: root/ipapython
Commit message (Collapse)AuthorAgeFilesLines
* Add function to extract CA certs for installSimo Sorce2015-10-011-2/+6
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Implement replica promotion functionalitySimo Sorce2015-10-011-3/+8
| | | | | | | | | | | | | | | | | This patch implements a new flag --promote for the ipa-replica-install command that allows an administrative user to 'promote' an already joined client to become a full ipa server. The only credentials used are that of an administrator. This code relies on ipa-custodia being available on the peer master as well as a number of other patches to allow a computer account to request certificates for its services. Therefore this feature is marked to work only with domain level 1 and above servers. Ticket: https://fedorahosted.org/freeipa/ticket/2888 Signed-off-by: Simo Sorce <simo@redhat.com>
* Add ipa-custodia serviceSimo Sorce2015-10-016-0/+549
| | | | | | | | | Add a customized Custodia daemon and enable it after installation. Generates server keys and loads them in LDAP autonomously on install or update. Provides client code classes too. Signed-off-by: Simo Sorce <simo@redhat.com>
* Replace StandardError with ExceptionRobert Kuska2015-09-301-1/+1
| | | | | | | | StandardError was removed in Python3 and instead Exception should be used. Signed-off-by: Robert Kuska <rkuska@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* winsync-migrate: Convert entity names to posix friendly stringsTomas Babej2015-09-231-0/+23
| | | | | | | | | | | | | | | | | | | | | | During the migration from winsync replicated users to their trusted identities, memberships are being preserved. However, trusted users are external and as such cannot be added as direct members to the IPA entities. External groups which encapsulate the migrated users are added as members to those entities instead. The name of the external group is generated from the type of the entity and its name. However, the entity's name can contain characters which are invalid for use in the group name. Adds a helper function to convert a given string to a string which would be valid for such use and leverages it in the winsync-migrate tool. https://fedorahosted.org/freeipa/ticket/5319 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* install: Move unattended option to the general help sectionJan Cholasta2015-09-221-10/+11
| | | | | | https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* install: Support overriding knobs in subclassesJan Cholasta2015-09-222-94/+124
| | | | | | https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Use bytes instead of str where appropriateJan Cholasta2015-09-171-17/+17
| | | | | | Under Python 2, "str" and "bytes" are synonyms. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Alias "unicode" to "str" under Python 3Jan Cholasta2015-09-176-0/+23
| | | | | | | | | The six way of doing this is to replace all occurences of "unicode" with "six.text_type". However, "unicode" is non-ambiguous and (arguably) easier to read. Also, using it makes the patches smaller, which should help with backporting. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Decode script arguments using file system encodingJan Cholasta2015-09-071-0/+19
| | | | | | | | This mimics Python 3's behavior, where sys.argv is automatically decoded using file system encoding, as returned by sys.getfilesystemencoding(). This includes reimplementation of os.fsdecode() from Python 3. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use six.python_2_unicode_compatibleJan Cholasta2015-09-072-10/+13
| | | | | | | | | | | Rename __unicode__ to __str__ in classes which define it and use the six.python_2_unicode_compatible decorator on them to make them compatible with both Python 2 and 3. Additional changes were required for the ipapython.dnsutil.DNSName class, because it defined both __str__ and __unicode__. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use six.with_metaclass to specify metaclassesJan Cholasta2015-09-072-8/+5
| | | | | | | Metaclass specification is incompatible between Python 2 and 3. Use the six.with_metaclass helper to specify metaclasses. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Make ldap2 connection management thread-safe againJan Cholasta2015-09-041-23/+9
| | | | | | | | | | | This fixes the connection code in LDAPClient to not store the LDAP connection in an attribute of the object, which in combination with ldap2's per-thread connections lead to race conditions resulting in connection failures. ldap2 code was updated accordingly. https://fedorahosted.org/freeipa/ticket/5268 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* DNSSEC: Fix HSM synchronization in ipa-dnskeysyncd when running on DNSSEC ↵Petr Spacek2015-09-031-1/+1
| | | | | | | | | key master https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* Modernize use of range()Petr Viktorin2015-09-011-1/+1
| | | | | | | | | | | | In Python 3, range() behaves like the old xrange(). The difference between range() and xrange() is usually not significant, especially if the whole result is iterated over. Convert xrange() usage to range() for small ranges. Use modern idioms in a few other uses of range(). Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.reraisePetr Viktorin2015-09-012-10/+4
| | | | | | | | The three-argument raise is going away in Python 3. Use the six.reraise helper instead. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use the print functionPetr Viktorin2015-09-016-28/+38
| | | | | | | | | In Python 3, `print` is no longer a statement. Call it as a function everywhere, and include the future import to remove the statement in Python 2 code as well. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use next() function on iteratorsPetr Viktorin2015-09-011-5/+5
| | | | | | | In Python 3, next() for iterators is a function rather than method. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.integer_types instead of (long, int)Petr Viktorin2015-09-013-5/+5
| | | | | Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.moves.input instead of raw_inputPetr Viktorin2015-09-011-4/+5
| | | | | | | | In Python 3, raw_input() was renamed to input(). Import the function from six.moves to get the right version. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Replace filter() calls with list comprehensionsPetr Viktorin2015-09-011-1/+1
| | | | | | | | In Python 3, filter() returns an iterator. Use list comprehensions instead. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use Python3-compatible dict method namesPetr Viktorin2015-09-0111-49/+54
| | | | | | | | | | | | | | | | | | | | | | Python 2 has keys()/values()/items(), which return lists, iterkeys()/itervalues()/iteritems(), which return iterators, and viewkeys()/viewvalues()/viewitems() which return views. Python 3 has only keys()/values()/items(), which return views. To get iterators, one can use iter() or a for loop/comprehension; for lists there's the list() constructor. When iterating through the entire dict, without modifying the dict, the difference between Python 2's items() and iteritems() is negligible, especially on small dicts (the main overhead is extra memory, not CPU time). In the interest of simpler code, this patch changes many instances of iteritems() to items(), iterkeys() to keys() etc. In other cases, helpers like six.itervalues are used. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.string_types instead of "basestring"Petr Viktorin2015-09-015-28/+38
| | | | | Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Port from python-krbV to python-gssapiMichael Simacek2015-08-262-24/+15
| | | | | | | | | | | | | | | | | | python-krbV library is deprecated and doesn't work with python 3. Replacing all it's usages with python-gssapi. - Removed Backend.krb and KRB5_CCache classes They were wrappers around krbV classes that cannot really work without them - Added few utility functions for querying GSSAPI credentials in krb_utils module. They provide replacements for KRB5_CCache. - Merged two kinit_keytab functions - Changed ldap plugin connection defaults to match ipaldap - Unified getting default realm Using api.env.realm instead of krbV call Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Added try/except block for user_input in ipautilAbhijeet Kasurde2015-08-191-17/+29
| | | | | | | | | | Added error handling for function user_input in order to handle EOFError in ipautil.py https://fedorahosted.org/freeipa/ticket/3406 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Prohibit deletion of predefined profilesFraser Tweedale2015-08-181-3/+5
| | | | | | | | | | | Deletion of predefined profiles, including the default profile, should not be allowed. Detect this case and raise an error. Also update the predefined profiles collection to use namedtuple, making it easier to access the various components. Fixes: https://fedorahosted.org/freeipa/ticket/5198 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Use absolute importsPetr Viktorin2015-08-125-7/+10
| | | | | | | In Python 3, implicit relative imports will not be supported. Use fully-qualified imports everywhere. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Replace dict.has_key with the 'in' operatorPetr Viktorin2015-08-124-8/+9
| | | | | | | | | The deprecated has_key method will be removed from dicts in Python 3. For custom dict-like classes, has_key() is kept on Python 2, but disabled for Python 3. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-1211-37/+37
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Add profile for DNP3 / IEC 62351-8 certificatesFraser Tweedale2015-08-111-0/+1
| | | | | | | | | | | The DNP3 smart-grid standard uses certificate with the IEC 62351-8 IECUserRoles extension. Add a profile for DNP3 certificates which copies the IECUserRoles extension from the CSR, if present. Also update cert-request to accept CSRs containing this extension. Fixes: https://fedorahosted.org/freeipa/ticket/4752 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Port from python-kerberos to python-gssapiMichael Simacek2015-08-051-17/+0
| | | | | | | | | | | | kerberos library doesn't support Python 3 and probably never will. python-gssapi library is Python 3 compatible. https://fedorahosted.org/freeipa/ticket/5147 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Modernize number literalsPetr Viktorin2015-07-313-8/+8
| | | | | | | | | | | | | | Use Python-3 compatible syntax, without breaking compatibility with py 2.7 - Octals literals start with 0o to prevent confusion - The "L" at the end of large int literals is not required as they use long on Python 2 automatically. - Using 'int' instead of 'long' for small numbers is OK in all cases except strict type checking checking, e.g. type(0). https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use Exception class instead of StandardErrorNiranjan Mallapadi2015-07-271-2/+2
| | | | | | | | In except clause, use of "," is not recommended (PEP 3110) Signed-off-by: Niranjan Mallapadi <mrniranjan@fedoraproject.org> Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* cermonger: Use private unix socket when DBus SystemBus is not available.David Kupka2015-07-201-43/+94
| | | | | | https://fedorahosted.org/freeipa/ticket/5095 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Py3: replace tab with spaceMartin Basti2015-07-171-1/+1
| | | | | | python3 does not allow to mix spaces and tabs Reviewed-By: Christian Heimes <cheimes@redhat.com>
* sysrestore: copy files instead of moving them to avoind SELinux issuesMartin Basti2015-07-171-2/+6
| | | | | | | | Copying files restores SELinux context. https://fedorahosted.org/freeipa/ticket/4923 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Replace file() with open()Christian Heimes2015-07-141-6/+4
| | | | | | | | | The open() function is the recommended way to open a file. In Python 3 the file type is gone, but open() still works the same. The patch is related to https://fedorahosted.org/freeipa/ticket/5127 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Allow to run subprocess with suplementary groupsMartin Basti2015-07-071-5/+21
| | | | | | | | | | Param suplementary_groups allows to specify list of group names to be used for subprocess. suplementary_groups param requires runas param to be specified. Required for ticket: https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipa-replica-manage del: relax segment deletement check if topology is ↵Petr Vobornik2015-07-031-2/+9
| | | | | | | | disconnected https://fedorahosted.org/freeipa/ticket/5072 Reviewed-By: David Kupka <dkupka@redhat.com>
* ipalib: Load ipaserver plugins when api.env.in_server is TrueJan Cholasta2015-07-011-1/+0
| | | | | | | https://fedorahosted.org/freeipa/ticket/3090 https://fedorahosted.org/freeipa/ticket/5073 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* topology: check topology in ipa-replica-manage delPetr Vobornik2015-06-291-0/+73
| | | | | | | | | | | | ipa-replica-manage del now: - checks the whole current topology(before deletion), reports issues - simulates deletion of server and checks the topology again, reports issues Asks admin if he wants to continue with the deletion if any errors are found. https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Fix logging setup in server and replica installJan Cholasta2015-06-121-1/+16
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Update PKCS#11 mechanism constants for AES key wrapping to PKCS#11 v2.40.Petr Spacek2015-06-111-2/+2
| | | | | | | SoftHSM 2.0.0rc1 was updates to these new constants to avoid collision with Blowfish mechanisms. Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Allow setting usage in CLI toolsJan Cholasta2015-06-101-4/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Add support for positional arguments in CLI toolsJan Cholasta2015-06-101-34/+106
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Handle Knob cli_name and cli_aliases values consistentlyJan Cholasta2015-06-101-5/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Introduce installer framework ipapython.installJan Cholasta2015-06-087-1/+1082
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Move private_ccache from ipaserver to ipapythonJan Cholasta2015-06-081-0/+24
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add profile_id parameter to 'request_certificate'Fraser Tweedale2015-06-041-0/+2
| | | | | | | | | | | | Add the profile_id parameter to the 'request_certificate' function and update call sites. Also remove multiple occurrences of the default profile ID 'caIPAserviceCert'. Part of: https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Import included profiles during install or upgradeFraser Tweedale2015-06-041-2/+5
| | | | | | | | | | | | Add a default service profile template as part of FreeIPA and format and import it as part of installation or upgrade process. Also remove the code that modifies the old (file-based) `caIPAserviceCert' profile. Fixes https://fedorahosted.org/freeipa/ticket/4002 Reviewed-By: Martin Basti <mbasti@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-02 07:23:40 +0000