Commit Graph

73 Commits

Author SHA1 Message Date
Christian Heimes
8f6502db03 Convert ipa-httpd-pwdreader into Python script
and use paths from ipaplatform.

Fixes: https://pagure.io/freeipa/issue/8401
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-07-30 11:38:25 +02:00
Christian Heimes
a18d406b56 Move ipa-epn systemd files and run RPM hooks
The init/systemd directory is for server only and not part of
CLIENT_ONLY builds.

It's necesary to run pre/post installation hooks to make systemd aware
of new files.

Fixes: https://pagure.io/freeipa/issue/8367
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-06-11 17:27:31 +02:00
Christian Heimes
cc84483411 Auto-generated ipa-epn files to gitignore
memcached has been removed a loooong time ago.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2020-06-10 16:16:13 +02:00
Peter Keresztes Schmidt
f2d854886f util: add unit test for pw hashing
Related: https://pagure.io/freeipa/issue/6857
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-06-08 12:54:19 +03:00
Christian Heimes
c1c6ee7d41 Add ipa-print-pac to gitignore
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-06-04 14:29:59 +02:00
Christian Heimes
1717b5b08f Improve Sphinx building and linting
Run sphinx-builder with -W (fail on error), --keep-going, and -j auto.
Auto-job scaling speeds up sphinx-builder a LOT.

Add make lint target to doc/Makefile. The -E and -a option ensure that
all files are always re-read and rewritten.

Add option to run sphinx-builder from a virtual env that mimics RTD
builds closer than Fedora packages.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: François Cami <fcami@redhat.com>
2020-04-22 09:47:14 +02:00
Alexander Bokovoy
92e36258ce Keep ipa.pot translation file in git for weblate
Weblate tool sends pull requests that update translations directly.
For this to work, we need to keep ipa.pot in the tree.

Fixes: https://pagure.io/freeipa/issue/8159
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-03-24 13:40:06 +01:00
Christian Heimes
080a5831ea Bootstrap Sphinx documentation
Run sphinx-quickstart and include sphinx dependencies.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
2020-03-21 07:40:33 +02:00
Christian Heimes
b88562b2c8 Cleanup SELinux policy
* Remove FC for /usr/libexec/ipa/com.redhat.idm.trust-fetch-domains. The
  file has been moved to oddjobs/ subdirectory a long time ago.
* Simplify FC for oddjob scripts. All com.redhat.idm.* and org.freeipa.*
  scripts are labeled as ipa_helper_exec_t.
* use miscfiles_read_generic_certs() instead of deprecated
  miscfiles_read_certs() to address the warning:

```
Warning: miscfiles_read_certs() has been deprecated, please use miscfiles_read_generic_certs() instead.
```

(Also add org.freeipa.server.trust-enable-agent to .gitignore)

Related: https://pagure.io/freeipa/issue/6891
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-03-12 07:46:59 +01:00
Christian Heimes
9288901f9b Integrate SELinux policy into build system
Hook up the new policy to autoconf and automake.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-03-05 09:57:00 +01:00
Alexander Bokovoy
814592cf22 ipa-client-samba: a tool to configure Samba domain member on IPA client
Introduces new utility to configure Samba on an IPA domain member.

The tool sets up Samba configuration and internal databases, creates
cifs/... Kerberos service and makes sure that a keytab for this service
contains the key with the same randomly generated password that is set
in the internal Samba databases.

Samba configuration is created by querying an IPA master about details
of trust to Active Directory configuration. All known identity ranges
added to the configuration to allow Samba to properly handle them
(read-only) via idmap_sss.

Resulting configuration allows connection with both NTLMSSP and Kerberos
authentication for IPA users. Access controls for the shared content
should be set by utilizing POSIX ACLs on the file system under a
specific share.

The utility is packaged as freeipa-client-samba package to allow pulling
in all required dependencies for Samba and cifs.ko (smb3.ko) kernel
module. This allows an IPA client to become both an SMB server and an
SMB client.

Fixes: https://pagure.io/freeipa/issue/3999
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2019-06-29 11:00:28 +03:00
Fraser Tweedale
df99680ead .gitignore: add ipa-cert-fix program
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2019-06-11 15:52:06 +10:00
Christian Heimes
beffa7bcda Move Custodia secrets handler to scripts
Implement the import and export handlers for Custodia keys as external
scripts. It's a prerequisite to drop DAC override permission and proper
SELinux rules for ipa-custodia.

Except for DMLDAP,  handlers no longer run as root but as handler
specific users with reduced privileges. The Dogtag-related handlers run
as pkiuser, which also help with HSM support.

The export and import handles are designed to be executed by sudo, too.
In the future, ipa-custodia could be executed as an unprivileged process
that runs the minimal helper scripts with higher privileges.

Fixes: https://pagure.io/freeipa/issue/6888
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-26 12:09:22 +02:00
Christian Heimes
81d0108afc Debian: auto-generate config files for oddjobd
The oddjobd config files are now auto-generated with automake to have
correct path to libexec on all platforms.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2019-04-24 14:08:20 +02:00
Christian Heimes
3f9e23f125 Add ExecStartPost hook to wait for Dogtag PKI
Dogtag PKI typically takes around 10 seconds to start and respond to
requests. Dogtag uses a simple systemd service, which means systemd is
unable to detect when Dogtag is ready. Commands like ``systemctl start``
and ``systemctl restart`` don't block and wait until the CA is up. There
have been various workarounds in Dogtag and IPA.

Systemd has an ExecStartPost hook to run programs after the main service
is started. The post hook blocks systemctl start and restart until all
post hooks report ready, too. The new ipa-pki-wait-running script polls
on port 8080 and waits until the CA subsystem returns ``running``.

Related: https://pagure.io/freeipa/issue/7916
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-24 09:09:28 +02:00
Christian Heimes
0a7c272618 GIT: ignore ipa-crlgen-manage
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2019-03-22 15:50:51 +01:00
Christian Heimes
a347c11650 Rename Python scripts and add dynamic shebang
All Python scripts are now generated from a template with a dynamic
shebang.

ipatests/i18n.py is no longer an executable script with shebang. The
module is not executed as script directly, but rather as

    $(PYTHON) ipatests/i18n.py

Fixes: https://pagure.io/freeipa/issue/7680
All Python scripts are now template files with a dynamic shebang line.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-08-23 14:49:06 +02:00
Pavel Vomacka
0f28c7e32e Include npm related files into Makefile and .gitignore
Extedned Makefile in install/ui
 - $ make clean-local removes npm related files in the install/ui directory
Add node_modules and package-lock.json into .gitignore

Fixes: https://pagure.io/freeipa/issue/7278
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-12-14 18:57:37 +01:00
Christian Heimes
7fbbf6689e Add make targets for fast linting and testing
Fast linting only needs modified files with pylint and diff with
pycodestyle. It's good enough to detect most code errors very fast. It
typically takes less than 10 seconds. A complete full pylint run uses
all CPU cores for several minutes. PEP 8 violations are typically
reported after 30 minutes to several hours on Travis CI.

Fast lintings uses git diff and git merge-base to find all modified
files in a branch or working tree. There is no easy way to find the
branch source. On Travis the information is provided by Travis. For
local development it's a new variable IPA_GIT_BRANCH in VERSION.m4.

Fast testing execute all unit tests that do not depend on ipalib.api.

In total it takes about 30-40 seconds (!) to execute linting, PEP 8 checks
and unittests for both Python 2 and 3.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2017-12-11 20:40:06 +01:00
Christian Heimes
a48f6511f6 Use namespace-aware meta importer for ipaplatform
Instead of symlinks and build-time configuration the ipaplatform module
is now able to auto-detect platforms on import time. The meta importer
uses the platform 'ID' from /etc/os-releases. It falls back to 'ID_LIKE'
on platforms like CentOS, which has ID=centos and ID_LIKE="rhel fedora".

The meta importer is able to handle namespace packages and the
ipaplatform package has been turned into a namespace package in order to
support external platform specifications.

https://fedorahosted.org/freeipa/ticket/6474

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2017-11-15 14:17:24 +01:00
Jan Cholasta
d5fc0ddd87 install: do not assume /etc/krb5.conf.d exists
Add `includedir /etc/krb5.conf.d` to /etc/krb5.conf only if
/etc/krb5.conf.d exists.

Do not rely on /etc/krb5.conf.d to enable the certauth plugin.

This fixes install on platforms which do not have /etc/krb5.conf.d.

https://pagure.io/freeipa/issue/6589

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
2017-06-28 15:44:51 +02:00
Christian Heimes
3a5b3be8b9 tox testing support for client wheel packages
Add tox infrastructure to test client wheel packages workflow:

* build client packages
* install client packages
* ipa-run-tests --ipaclient-unittests under Python 2 and 3
* pylint of client packages under Python 2 and 3
* placeholder packages work as expected

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-04-12 16:53:22 +02:00
Sumit Bose
c4156041fe IPA certauth plugin
This patch add a certauth plugin which allows the IPA server to support
PKINIT for certificates which do not include a special SAN extension
which contains a Kerberos principal but allow other mappings with the
help of SSSD's certmap library.

Related to https://pagure.io/freeipa/issue/4905

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
2017-03-27 09:52:57 +02:00
Christian Heimes
fe17d187f9 Constrain wheel package versions
The presence of IPA packages on PyPI revealed an interesting issue with
make wheel_bundle. pip gives final releases a higher precedence than our
development packages. make wheel_bundle downloads ipa 4.5.0 from PyPI
instead of using our own wheels.

Use a constraint file to enforce correct versions.

https://pagure.io/freeipa/issue/6468

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-03-22 15:16:25 +01:00
Christian Heimes
a30d31b0c6 Ignore ipapython/.DEFAULT_PLUGINS
https://pagure.io/freeipa/issue/6597

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2017-03-15 06:19:00 +00:00
Christian Heimes
d8343a96dd Clean / ignore make check artefact
In tree runs of make check leave some artifacts around. The patch adds
them to make clean and .gitignore.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-01-18 09:19:15 +01:00
Pavel Vomacka
e5686c0ccb Lowered the version of gettext
The lower version is needed while building on RHEL.
Also po/Rules-quot file is deleted and added to .gitignore.

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-12-09 14:01:06 +01:00
Christian Heimes
86295a8c2e Ignore backup~ files like config.h.in~
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-12-05 12:08:54 +01:00
Petr Spacek
4c133837d1 Build: remove ipa.pot from Git as it can be re-generated at any time
All the source files are in the very same repo so there is no point
in keeping the file in Git.

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
2016-11-22 16:14:50 +01:00
Petr Spacek
9ef5a7de78 Build: automatically generate list of files to be translated in configure
configure is easiest option how to automatically generate POTFILES.in.
Attempts to add it to po/Makefile* have big potential to create cyclic
depedencies and cause other trouble.

Given how rare operation adding a source file is, I think it is sufficient
to document that configure needs to be run again after adding a source file
with translatable strings.

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
2016-11-22 16:14:50 +01:00
Petr Spacek
d40c376ccc Build: support strip-po target for translations
The target was added to top-level Makefile.am as well so the maintainer
does not need to jump between directories when doing Zanata pull/push
and strip-po.

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
2016-11-22 16:14:50 +01:00
Petr Spacek
4842231074 Build: use standard infrastructure for translations
We now use standard framework generatedby "gettextize" utility.

It has two limitations which I do not consider sufficiently important
to invest into hand-made solution:

1. It can automatically gather strings only from files which have some
   file extension like .c or .py. Right now we do not have any
   translatable strings in Python files without extensions. Given that these
   files will be removed from source tree and replaced with entry points
   from setuptools I do not see a reason to invest into supporting this.

2. It does not automatically strip untranslated strings from po files.
   This is a manual step in mainteiner's in workflow anyway so I will
   add separate Makefile target for it later on.

This commit contains gettextize instrastructure + filled-in files
Makevars and POTFILES.in.

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
2016-11-22 16:14:50 +01:00
Christian Heimes
8346e1b067 Add install requirements to Python packages
https://fedorahosted.org/freeipa/ticket/6468

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-11-16 22:58:39 +01:00
Petr Spacek
a691b7d183 Build: IPA_VERSION_IS_GIT_SNAPSHOT re-generates version number on RPM build
This is a huge hack. rpms target will touch VERSION.m4 file. This change
is then detected by automake Makefiles which subsequently re-execute configure
and make.

We have to workaround fact that variables in new make targets
(executed after new configure) are different than original ones.

Also, we have to 'bake-in' precise snapshot version from Git to
VERSION.m4 inside of RPM tarball so the RPM does not depend on git
anymore.

All this magic slows build down a bit.
Do not enable IPA_VERSION_IS_GIT_SNAPSHOT if you want fastest possible builds.

The option IPA_VERSION_IS_GIT_SNAPSHOT is now enabled by default as it
was before we started the build system refactoring effort.

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
2016-11-11 10:41:38 +01:00
Tomas Krizek
9bb6d8643f gitignore: ignore tar ball
Add tar ball generated by build to gitignore.

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-11-10 09:33:01 +01:00
Petr Spacek
288d624336 Build: integrate init and init/systemd into build system
At the same time, I've renamed tmpfilesd config file to static name
"ipa.conf" instead of using package-specific name. It had no purpose
and just complicated build and packaging.

Variable substitution into configuration has to be done in Makefile
and not in Autoconf as documented in:
Autoconf v2.69 manual chapter 4.8.2 Installation Directory Variables:
  ... Most of these variables have values that rely on prefix or
  exec_prefix. ... Similarly, you should not rely on AC_CONFIG_FILES
  to replace bindir and friends in your shell scripts and other files;
  instead, let make manage their replacement.

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2016-11-09 13:08:32 +01:00
Petr Spacek
312e780041 Build: integrate daemons/dnssec into build system
https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2016-11-09 13:08:32 +01:00
Petr Spacek
8de11b091f Build: Makefiles for Python packages
This version builds only one version of Python packages. If you want to
build for Python 2 & 3 call configure twice using different --with-python
or specify PYTHON variable when calling make.

dist-hook is using SOURCES.txt file from egg-info.
According to Petr Viktorin this should be enough for our purposes
and avoids need to create plugins for setuptools.

Currently VPATH builds do not work for various reasons.
This should be fixed later on.

Most credit goes to these guys:
 Christian Heimes <cheimes@redhat.com>
 Petr Viktorin <pviktori@redhat.com>
 Kevin Brown <kevin@kevin-brown.com>

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2016-11-09 13:08:32 +01:00
Petr Spacek
0a17155e5b Build: replace hand-made Makefile with one generated by Automake
The neither build nor dist targets work completely. This is temporary
breakage enabling further work.

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2016-11-09 13:08:32 +01:00
Petr Spacek
c70a2873f8 Build: replace ipaplatform magic with symlinks generated by configure
The original approach with __path__ implemented
by 8f98fa1bd5 broke Pylint:
We decided to resort back to symlinks as it is easiest solution
which does not break pylint in weird ways.

This commit introduces configure --with-ipaplatform option.

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2016-10-24 13:30:12 +02:00
Petr Spacek
0d37619db4 Build: move translations from install/po/ to top-level po/
Translations are need for client as well. This move is done to remove
dependency between client and install subdirectories.

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2016-10-24 13:30:12 +02:00
Christian Heimes
4cd83fb51c Port all setup.py to setuptools
All setup.py files are now using setuptools through a common file
ipasetup.py. The file is auto-generated and contain all common
settings.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-10-20 18:43:37 +02:00
Christian Heimes
8f98fa1bd5 Replace ipaplatform's symlinks with a meta importer
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-10-20 10:42:00 +02:00
Petr Viktorin
840de9bb48 Split ipa-client/ into ipaclient/ (Python library) and client/ (C, scripts)
Make ipaclient a Python library like ipapython, ipalib, etc.
Use setup.py instead of autotools for installing it.

Move C client tools, Python scripts, and man pages, to client/.

Remove old, empty or outdated, boilerplate files (NEWS, README, AUTHORS).
Remove /setup-client.py (ipalib/setup.py should be used instead).

Update Makefiles and the spec file accordingly.

https://fedorahosted.org/freeipa/ticket/5638

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-01-27 12:09:02 +01:00
Jan Cholasta
500ee7e2b1 ipapython: port p11helper C code to Python
This replaces the binary _ipap11helper module with cffi-based Python code.

https://fedorahosted.org/freeipa/ticket/5596

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-01-21 10:21:32 +01:00
Jan Cholasta
7e56b4bbd7 ipapython: remove default_encoding_utf8
Replace the "import default_encoding_utf8" in ipalib/cli.py with equivalent
Python code.

https://fedorahosted.org/freeipa/ticket/5596

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2016-01-15 13:39:52 +01:00
Petr Viktorin
53b60546e4 Package ipapython, ipalib, ipaplatform, ipatests for Python 3
Running make with PYTHON=/usr/bin/python3 will build/install the
bits for Python 3.

Executable scripts in ipatests have symlinks Python version suffixes
as per Fedora guidelines. Suffix-less names point to the Python 2 versions.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-12-17 10:52:57 +01:00
Petr Spacek
848912ae31 add missing /ipaplatform/constants.py to .gitignore
Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-12-08 13:28:18 +01:00
Petr Vobornik
5f04da35df git ignore ipaplatform/__init__.py
This file is generated in `make version-update`

added in 9f049ca144

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-05-22 15:58:44 +02:00
Simo Sorce
c6afc489a1 Add asn1c generated code for keytab controls
Instead of manually encoding controls, use an actual asn1 compiler.
The file asn1/asn1c/ipa.asn1 will contain ipa modules. The generated code
is committed to the tree and built into a static library that is linked
to the code that uses it.

The first module implements the GetKeytabControl control.

Related:
https://fedorahosted.org/freeipa/ticket/4718
https://fedorahosted.org/freeipa/ticket/4728

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
2014-11-20 10:52:13 -05:00