summaryrefslogtreecommitdiffstats
path: root/ipapython
Commit message (Collapse)AuthorAgeFilesLines
...
* ipapython.nsslib: Remove NSSHTTPSPetr Viktorin2015-10-271-68/+0
| | | | | | This workaround is unused in Python 2.7+. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipapython.nsslib, ipalib.rpc: Remove code for Python 2.6 and belowPetr Viktorin2015-10-271-7/+1
| | | | | | IPA hasn't supported these pythons for a while now. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix more bytes/unicode issuesPetr Viktorin2015-10-222-3/+4
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Handle binascii.Error from base64.b64decode()Petr Viktorin2015-10-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In Python 3, the base64.b64decode function raises binascii.Error (a ValueError subclass) when it finds incorrect padding. In Python 2 it raises TypeError. Callers should usually handle ValueError; unless they are specifically concerned with handling base64 padding issues). In some cases, callers should handle ValueError: - ipalib.pkcs10 (get_friendlyname, load_certificate_request): callers should handle ValueError - ipalib.x509 (load_certificate*, get_*): callers should handle ValueError In other cases ValueError is handled: - ipalib.parameters - ipapython.ssh - ipalib.rpc (json_decode_binary - callers already expect ValueError) - ipaserver.install.ldapupdate Elsewhere no error handling is done, because values come from trusted sources, or are pre-validated: - vault plugin - ipaserver.install.cainstance - ipaserver.install.certs - ipaserver.install.ipa_otptoken_import Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Add function to extract CA certs for installSimo Sorce2015-10-151-2/+6
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Implement replica promotion functionalitySimo Sorce2015-10-151-3/+8
| | | | | | | | | | | | | | | | | | This patch implements a new flag --promote for the ipa-replica-install command that allows an administrative user to 'promote' an already joined client to become a full ipa server. The only credentials used are that of an administrator. This code relies on ipa-custodia being available on the peer master as well as a number of other patches to allow a computer account to request certificates for its services. Therefore this feature is marked to work only with domain level 1 and above servers. Ticket: https://fedorahosted.org/freeipa/ticket/2888 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Add ipa-custodia serviceSimo Sorce2015-10-156-0/+549
| | | | | | | | | | Add a customized Custodia daemon and enable it after installation. Generates server keys and loads them in LDAP autonomously on install or update. Provides client code classes too. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* admintool: Add error message with path to log on failure.David Kupka2015-10-151-0/+4
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipaldap: Remove extraneous `long` (included in six.int_types)Petr Viktorin2015-10-131-1/+1
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Alias long to int under Python 3Petr Viktorin2015-10-131-0/+5
| | | | | | In py3, the two types are unified under the name "int". Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipapython.ssh: Port to Python 3Petr Viktorin2015-10-071-6/+9
| | | | | | | | | Sort out the accepted types. Handle Python 3's stricter separation between bytes and unicode. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove uses of the `types` modulePetr Viktorin2015-10-071-15/+10
| | | | | | | | | | | In Python 3, the types module no longer provide alternate names for built-in types, e.g. `types.StringType` can just be spelled `str`. NoneType is also removed; it needs to be replaced with type(None) Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.http_client instead of httplibPetr Viktorin2015-10-072-2/+16
| | | | | | | | The module was renamed in Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.configparser instead of ConfigParserPetr Viktorin2015-10-073-10/+12
| | | | | | | | The module name was lowercased in Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.xmlrpc.client instead of xmlrpclibPetr Viktorin2015-10-073-5/+4
| | | | | | | | The module is renamed to xmlrpc.client in Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.urllib instead of urllib/urllib2/urlparsePetr Viktorin2015-10-074-8/+8
| | | | | | | | In Python 3, these modules are reorganized. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use sys.maxsize instead of sys.maxintPetr Viktorin2015-10-071-6/+6
| | | | | | | | | | | | In Python 3, integers don't have a maximum. The number called "sys.maxint" is now "sys.maxsize" (defined as larger than the largest possible list/string index). The new spelling is also available in Python 2.7. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipapython.dn: Use rich comparisonsPetr Viktorin2015-10-071-46/+71
| | | | | | | | __cmp__ and cmp were removed from Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipap11helper: Port to Python 3Petr Viktorin2015-10-071-184/+94
| | | | | | | | | | | | | | | - Use PyLong instead of PyInt on Python 3 - Use PyBytes instead of PyString for binary strings - Use Py_TYPE(o) instead of o->py_type, and PyVarObject_HEAD_INIT instead of PyObject_HEAD_INIT - Use a helper function instead of Py_BuildValue("s#"), so that bytes are returned on Python 3 - Use new style module initialization on Python 3 - Use PyModule_AddIntConstant and PyModule_AddIntMacro for adding constants Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Replace StandardError with ExceptionRobert Kuska2015-09-301-1/+1
| | | | | | | | StandardError was removed in Python3 and instead Exception should be used. Signed-off-by: Robert Kuska <rkuska@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* winsync-migrate: Convert entity names to posix friendly stringsTomas Babej2015-09-231-0/+23
| | | | | | | | | | | | | | | | | | | | | | During the migration from winsync replicated users to their trusted identities, memberships are being preserved. However, trusted users are external and as such cannot be added as direct members to the IPA entities. External groups which encapsulate the migrated users are added as members to those entities instead. The name of the external group is generated from the type of the entity and its name. However, the entity's name can contain characters which are invalid for use in the group name. Adds a helper function to convert a given string to a string which would be valid for such use and leverages it in the winsync-migrate tool. https://fedorahosted.org/freeipa/ticket/5319 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* install: Move unattended option to the general help sectionJan Cholasta2015-09-221-10/+11
| | | | | | https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* install: Support overriding knobs in subclassesJan Cholasta2015-09-222-94/+124
| | | | | | https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Use bytes instead of str where appropriateJan Cholasta2015-09-171-17/+17
| | | | | | Under Python 2, "str" and "bytes" are synonyms. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Alias "unicode" to "str" under Python 3Jan Cholasta2015-09-176-0/+23
| | | | | | | | | The six way of doing this is to replace all occurences of "unicode" with "six.text_type". However, "unicode" is non-ambiguous and (arguably) easier to read. Also, using it makes the patches smaller, which should help with backporting. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Decode script arguments using file system encodingJan Cholasta2015-09-071-0/+19
| | | | | | | | This mimics Python 3's behavior, where sys.argv is automatically decoded using file system encoding, as returned by sys.getfilesystemencoding(). This includes reimplementation of os.fsdecode() from Python 3. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use six.python_2_unicode_compatibleJan Cholasta2015-09-072-10/+13
| | | | | | | | | | | Rename __unicode__ to __str__ in classes which define it and use the six.python_2_unicode_compatible decorator on them to make them compatible with both Python 2 and 3. Additional changes were required for the ipapython.dnsutil.DNSName class, because it defined both __str__ and __unicode__. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use six.with_metaclass to specify metaclassesJan Cholasta2015-09-072-8/+5
| | | | | | | Metaclass specification is incompatible between Python 2 and 3. Use the six.with_metaclass helper to specify metaclasses. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Make ldap2 connection management thread-safe againJan Cholasta2015-09-041-23/+9
| | | | | | | | | | | This fixes the connection code in LDAPClient to not store the LDAP connection in an attribute of the object, which in combination with ldap2's per-thread connections lead to race conditions resulting in connection failures. ldap2 code was updated accordingly. https://fedorahosted.org/freeipa/ticket/5268 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* DNSSEC: Fix HSM synchronization in ipa-dnskeysyncd when running on DNSSEC ↵Petr Spacek2015-09-031-1/+1
| | | | | | | | | key master https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* Modernize use of range()Petr Viktorin2015-09-011-1/+1
| | | | | | | | | | | | In Python 3, range() behaves like the old xrange(). The difference between range() and xrange() is usually not significant, especially if the whole result is iterated over. Convert xrange() usage to range() for small ranges. Use modern idioms in a few other uses of range(). Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.reraisePetr Viktorin2015-09-012-10/+4
| | | | | | | | The three-argument raise is going away in Python 3. Use the six.reraise helper instead. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use the print functionPetr Viktorin2015-09-016-28/+38
| | | | | | | | | In Python 3, `print` is no longer a statement. Call it as a function everywhere, and include the future import to remove the statement in Python 2 code as well. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use next() function on iteratorsPetr Viktorin2015-09-011-5/+5
| | | | | | | In Python 3, next() for iterators is a function rather than method. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.integer_types instead of (long, int)Petr Viktorin2015-09-013-5/+5
| | | | | Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.moves.input instead of raw_inputPetr Viktorin2015-09-011-4/+5
| | | | | | | | In Python 3, raw_input() was renamed to input(). Import the function from six.moves to get the right version. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Replace filter() calls with list comprehensionsPetr Viktorin2015-09-011-1/+1
| | | | | | | | In Python 3, filter() returns an iterator. Use list comprehensions instead. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use Python3-compatible dict method namesPetr Viktorin2015-09-0111-49/+54
| | | | | | | | | | | | | | | | | | | | | | Python 2 has keys()/values()/items(), which return lists, iterkeys()/itervalues()/iteritems(), which return iterators, and viewkeys()/viewvalues()/viewitems() which return views. Python 3 has only keys()/values()/items(), which return views. To get iterators, one can use iter() or a for loop/comprehension; for lists there's the list() constructor. When iterating through the entire dict, without modifying the dict, the difference between Python 2's items() and iteritems() is negligible, especially on small dicts (the main overhead is extra memory, not CPU time). In the interest of simpler code, this patch changes many instances of iteritems() to items(), iterkeys() to keys() etc. In other cases, helpers like six.itervalues are used. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.string_types instead of "basestring"Petr Viktorin2015-09-015-28/+38
| | | | | Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Port from python-krbV to python-gssapiMichael Simacek2015-08-262-24/+15
| | | | | | | | | | | | | | | | | | python-krbV library is deprecated and doesn't work with python 3. Replacing all it's usages with python-gssapi. - Removed Backend.krb and KRB5_CCache classes They were wrappers around krbV classes that cannot really work without them - Added few utility functions for querying GSSAPI credentials in krb_utils module. They provide replacements for KRB5_CCache. - Merged two kinit_keytab functions - Changed ldap plugin connection defaults to match ipaldap - Unified getting default realm Using api.env.realm instead of krbV call Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Added try/except block for user_input in ipautilAbhijeet Kasurde2015-08-191-17/+29
| | | | | | | | | | Added error handling for function user_input in order to handle EOFError in ipautil.py https://fedorahosted.org/freeipa/ticket/3406 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Prohibit deletion of predefined profilesFraser Tweedale2015-08-181-3/+5
| | | | | | | | | | | Deletion of predefined profiles, including the default profile, should not be allowed. Detect this case and raise an error. Also update the predefined profiles collection to use namedtuple, making it easier to access the various components. Fixes: https://fedorahosted.org/freeipa/ticket/5198 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Use absolute importsPetr Viktorin2015-08-125-7/+10
| | | | | | | In Python 3, implicit relative imports will not be supported. Use fully-qualified imports everywhere. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Replace dict.has_key with the 'in' operatorPetr Viktorin2015-08-124-8/+9
| | | | | | | | | The deprecated has_key method will be removed from dicts in Python 3. For custom dict-like classes, has_key() is kept on Python 2, but disabled for Python 3. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-1211-37/+37
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Add profile for DNP3 / IEC 62351-8 certificatesFraser Tweedale2015-08-111-0/+1
| | | | | | | | | | | The DNP3 smart-grid standard uses certificate with the IEC 62351-8 IECUserRoles extension. Add a profile for DNP3 certificates which copies the IECUserRoles extension from the CSR, if present. Also update cert-request to accept CSRs containing this extension. Fixes: https://fedorahosted.org/freeipa/ticket/4752 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Port from python-kerberos to python-gssapiMichael Simacek2015-08-051-17/+0
| | | | | | | | | | | | kerberos library doesn't support Python 3 and probably never will. python-gssapi library is Python 3 compatible. https://fedorahosted.org/freeipa/ticket/5147 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Modernize number literalsPetr Viktorin2015-07-313-8/+8
| | | | | | | | | | | | | | Use Python-3 compatible syntax, without breaking compatibility with py 2.7 - Octals literals start with 0o to prevent confusion - The "L" at the end of large int literals is not required as they use long on Python 2 automatically. - Using 'int' instead of 'long' for small numbers is OK in all cases except strict type checking checking, e.g. type(0). https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use Exception class instead of StandardErrorNiranjan Mallapadi2015-07-271-2/+2
| | | | | | | | In except clause, use of "," is not recommended (PEP 3110) Signed-off-by: Niranjan Mallapadi <mrniranjan@fedoraproject.org> Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* cermonger: Use private unix socket when DBus SystemBus is not available.David Kupka2015-07-201-43/+94
| | | | | | https://fedorahosted.org/freeipa/ticket/5095 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-01 04:18:20 +0000