Commit Graph

6220 Commits

Author SHA1 Message Date
Petr Vobornik
92569b712c Update idrange search facet after trust creation
Adding a trust creates a range -> range search facet should be marked as expired.

https://fedorahosted.org/freeipa/ticket/3874
2013-08-28 14:23:42 +02:00
Simo Sorce
bea533c69a kdb-princ: Fix memory leak
If we do not store the keys in the entry we need to free the array before
continuing or the data is leaked.

CoverityID: 11910

Fixes:
https://fedorahosted.org/freeipa/ticket/3884
2013-08-28 12:42:56 +02:00
Simo Sorce
f96257397e kdb-mspac: Fix out of bounds memset
This memset was harmless as the following data is then set again, but an
optimizing compiler might conceivably reorder instructions causing issues.

CoverityID: 11909

Fixes:
https://fedorahosted.org/freeipa/ticket/3883
2013-08-28 12:42:56 +02:00
Simo Sorce
b29ce20705 pwd-plugin: Fix ignored return error
CoverityID: 11904

Also remove 'inline', the compiler can do it on its own if needed.

Fixes:
https://fedorahosted.org/freeipa/ticket/3882
2013-08-28 12:42:56 +02:00
Jan Cholasta
3c9261699a Fix ipa-server-certinstall usage string.
https://fedorahosted.org/freeipa/ticket/3869
2013-08-28 10:20:42 +02:00
Jan Cholasta
fc8f0ae3ad Add --dirman-password option to ipa-server-certinstall.
https://fedorahosted.org/freeipa/ticket/3869
2013-08-28 10:20:41 +02:00
Jan Cholasta
5a8e326aeb Fix nsSaslMapping object class before configuring SASL mappings.
This is a workaround for <https://fedorahosted.org/389/ticket/47490>.

https://fedorahosted.org/freeipa/ticket/3778
2013-08-27 18:43:20 +02:00
Tomas Babej
e68bef0b1c Fix incorrect error message occurence when re-adding the trust
You cannot re-add the trust and modify the range in the process.
The check in the code was malfunctioning since it assumed that
range_size parameter has default value. However, default value
is assigned only later in the add_range function.

https://fedorahosted.org/freeipa/ticket/3870
2013-08-27 17:01:37 +02:00
Ana Krivokapic
1749cce3f7 Add integration tests for Kerberos Flags
Add integration tests for the Kerberos Flags feature:
http://www.freeipa.org/page/V3/Kerberos_Flags#Test_Plan
(except the web UI tests).

https://fedorahosted.org/freeipa/ticket/3831
2013-08-27 12:45:12 +02:00
Tomas Babej
ab6a6e27d8 Make CS.cfg edits with CA instance stopped
This patch makes sure that all edits to CS.cfg configuration file
are performed while pki-tomcatd service is stopped.

Introduces a new contextmanager stopped_service for handling
a general problem of performing a task that needs certain service
being stopped.

https://fedorahosted.org/freeipa/ticket/3804
2013-08-26 16:21:36 +02:00
Tomas Babej
6961cf2e77 Perform dirsrv tuning at platform level
When configuring the 389 Directory Server instance, we tune it
so that number of file descriptors available to the DS is increased
from the default 1024 to 8192.

There are platform specific steps that need to be conducted
differently on systemd compatible platforms and sysV compatible
platforms.

systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd
sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv
      set ulimit - nofile 8192 in /etc/security/limits.conf

https://fedorahosted.org/freeipa/ticket/3823
2013-08-26 13:07:17 +02:00
Petr Vobornik
34342b9a97 Show human-readable error name in error dialog title
Fixes RPC server's JSON encoding of exception's name.

It allows to show the name in Web UI's error dialog title.
2013-08-26 13:05:36 +02:00
Tomas Babej
edf92f7650 Remove redundant shebangs
Remove redundant shebangs from files that are not used as scripts.

https://fedorahosted.org/freeipa/ticket/3853
2013-08-26 13:03:32 +02:00
Petr Vobornik
278c87cc62 Web UI integration tests: ID range types
https://fedorahosted.org/freeipa/ticket/3834
2013-08-22 15:23:56 +02:00
Petr Vobornik
0584caf56a Web UI Integration tests: Kerberos Flags
Tests according to: http://www.freeipa.org/page/V3/Kerberos_Flags

https://fedorahosted.org/freeipa/ticket/3831
2013-08-22 15:23:56 +02:00
Petr Vobornik
8e8afe0519 Web UI integration tests: CA-less
Test cases according to: http://www.freeipa.org/page/V3/CA-less_install

https://fedorahosted.org/freeipa/ticket/3830
2013-08-22 15:23:56 +02:00
Petr Vobornik
e61c2e3441 Hide 'New Certificate' action on CA-less install
This action calls cert-request command which is not available on CA-less installs. Thus this action won't be enabled and therefore there is no reason to keep it visible.

https://fedorahosted.org/freeipa/ticket/3363
2013-08-22 15:23:56 +02:00
Petr Vobornik
ca0d959df8 Add base-id, range-size and range-type options to trust-add dialog
https://fedorahosted.org/freeipa/ticket/3049
2013-08-22 15:23:56 +02:00
Ana Krivokapic
c318213250 Fix broken replica installation
Make sure the subject base parameter is correctly passed and used during the
creation of the DS instance on a replica.

https://fedorahosted.org/freeipa/ticket/3868
2013-08-20 16:36:13 +02:00
Jan Cholasta
78cf94a52c Ask for PKCS#12 password interactively in ipa-server-certinstall.
https://fedorahosted.org/freeipa/ticket/3641
2013-08-20 16:18:59 +02:00
Jan Cholasta
02be7acd15 Add --pin option to ipa-server-certinstall.
Hide the unnecessary --dirsrv_pin and --http_pin options.

https://fedorahosted.org/freeipa/ticket/3869
2013-08-20 16:18:59 +02:00
Jan Cholasta
1669253238 Untrack old and track new cert with certmonger in ipa-server-certinstall.
https://fedorahosted.org/freeipa/ticket/3641
2013-08-20 16:18:59 +02:00
Jan Cholasta
f2c3ae36f9 Replace only the cert instead of the whole NSS DB in ipa-server-certinstall.
https://fedorahosted.org/freeipa/ticket/3641
2013-08-20 16:18:59 +02:00
Jan Cholasta
809123ab02 Ignore empty mod error when updating DS SSL config in ipa-server-certinstall.
https://fedorahosted.org/freeipa/ticket/3641
2013-08-20 16:18:59 +02:00
Jan Cholasta
59c4aba883 Remove unused NSSDatabase and CertDB method find_root_cert_from_pkcs12.
https://fedorahosted.org/freeipa/ticket/3641
2013-08-20 16:18:59 +02:00
Jan Cholasta
2b08168df4 Port ipa-server-certinstall to the admintool framework.
Change the log file path from /var/log/ipa/default.log to admintool's default
path.

https://fedorahosted.org/freeipa/ticket/3641
2013-08-20 16:18:59 +02:00
Jan Cholasta
ce711ddad8 Make PKCS#12 handling in ipa-server-certinstall closer to what other tools do.
In particular, PKCS#12 validation and server certificate selection is now done
the same way as in ipa-server-install and ipa-replica-prepare.

https://fedorahosted.org/freeipa/ticket/3641
2013-08-20 16:18:59 +02:00
Nathaniel McCallum
fb95f379f0 Bypass ipa-replica-conncheck ssh tests when ssh is not installed
https://fedorahosted.org/freeipa/ticket/3777
2013-08-15 20:06:18 +02:00
Petr Vobornik
ed3791d2f3 Removal of deprecated selenium tests
Tests were deprecated by new FreeIPA 3.3 Web UI integration tests (ticket #3744).

https://fedorahosted.org/freeipa/ticket/3857
2013-08-15 13:17:40 +02:00
Alexander Bokovoy
1fa0f77878 Remove systemd upgrader as it is not used anymore 2013-08-15 08:49:15 +02:00
Petr Viktorin
7804a74826 Allow API plugin registration via a decorator
This makes plugin registration easier to read, less error-prone, and,
for many Plugins in a single module, faster to write.

Functionally, the decorator is equivalent to current plugin
registration. However, in the future this style will allow cleaner
semantics.

As an example, and to exercise the new syntax to prevent regressions,
the ping plugin is converted to this style.
2013-08-14 12:08:27 +02:00
Petr Viktorin
a8d2ec6677 Allow freeipa-tests to work with older paramiko versions
The integration testing framework used Paramiko SFTP files as
context managers. This feature is only available in Paramiko 1.10+.
Use an explicit context manager so that we don't rely on the feature.
2013-08-13 15:42:48 +02:00
Martin Kosek
b1474a53c0 Fix selected minor issues in the spec file and license
This patch fixes:
- too long description for server-trust-ad subpackage
- adds (noreplace) flag %{_sysconfdir}/tmpfiles.d/ipa.conf to avoid
  overwriting potential user changes
- changes permissions on default_encoding_utf8.so to prevent it
  pollute python subpackage Provides.
- wrong address in GPL v2 license preamble in 2 distributed files

https://fedorahosted.org/freeipa/ticket/3855
2013-08-13 15:31:46 +02:00
Martin Kosek
ba5311b7ba Remove rpmlint warnings in spec file
Specifically:
- combination of spaces and tabs in one line
- using macros in comments
- using "egrep" instead of "grep -E"

https://fedorahosted.org/freeipa/ticket/3855
2013-08-13 15:31:46 +02:00
Martin Kosek
b9ec4d1a67 Prevent *.pyo and *.pyc multilib problems
Differences in the python byte code fails in a build validation
(rpmdiff) done on difference architecture of the same package.

This patch:
 1) Ensures that timestamps of generated *.pyo and *.pyc files match
 2) Python integer literals greater or equal 2^32 and lower than 2^64
    are converted to long right away to prevent different type of
    the integer on architectures with different size of int

https://fedorahosted.org/freeipa/ticket/3858
2013-08-13 15:31:46 +02:00
Ana Krivokapic
b561e85e4a Fix handling of CSS files in sync.sh script 2013-08-13 12:44:17 +02:00
Petr Vobornik
006c4eabd9 Hide delete button in multivalued widget if attr is not writable
https://fedorahosted.org/freeipa/ticket/3799
2013-08-13 12:42:09 +02:00
Petr Vobornik
ff6f958d96 Make ssh_widget not-editable if attr is readonly
https://fedorahosted.org/freeipa/ticket/3800
2013-08-13 12:41:48 +02:00
Tomas Babej
69394bab5a Remove support for IPA deployments with no persistent search
Drops the code from ipa-server-install, ipa-dns-install and the
BindInstance itself. Also changed ipa-upgradeconfig script so
that it does not set zone_refresh to 0 on upgrades, as the option
is deprecated.

https://fedorahosted.org/freeipa/ticket/3632
2013-08-09 12:14:42 +02:00
Martin Kosek
49a621a257 Bump 3.4 development version to 3.3.90 2013-08-08 17:25:43 +02:00
Ana Krivokapic
da2605c942 Handle --subject option in ipa-server-install
Properly handle --subject option of ipa-server-install, making sure this
value gets passed to certmap.conf. Introduce a new template variable
$SUBJECT_BASE for this purpose.

Also make sure that this value is preserved on upgrades.

https://fedorahosted.org/freeipa/ticket/3783
2013-08-08 16:52:48 +02:00
Martin Kosek
f988e422eb Become 3.3.0 2013-08-08 15:03:05 +02:00
Martin Kosek
e57a9ae7d8 Add requires for slapi-nis and SSSD
Require slapi-nis 0.47.7 and sssd 1.11.0-0.1.beta2 required for core
features of 3.3.0 release.
2013-08-08 15:00:57 +02:00
Martin Kosek
e6654110c4 Become 3.3.0 Beta 2 2013-08-07 14:18:18 +02:00
Martin Kosek
f5ef2fb146 Increase default SASL buffer size
Default SASL buffer size was too small and could lead for example to
migration errors.

https://fedorahosted.org/freeipa/ticket/3826
2013-08-07 14:13:56 +02:00
Ana Krivokapic
6e28e709ed Add new command compat-is-enabled
Add a new API command 'compat-is-enabled' which can be used to determine
whether Schema Compatibility plugin is configured to serve trusted domain
users and groups. The new command is not visible in IPA CLI.

https://fedorahosted.org/freeipa/ticket/3671
https://fedorahosted.org/freeipa/ticket/3672
2013-08-07 09:18:43 +02:00
Ana Krivokapic
efe5a96725 Enable running API commands in ipa-advise plugins
https://fedorahosted.org/freeipa/ticket/3671
https://fedorahosted.org/freeipa/ticket/3672
2013-08-07 09:18:43 +02:00
Ana Krivokapic
fc3f3c90b9 Add ipa-advise plugins for legacy clients
Old versions of SSSD do not directly support cross-realm trusts between IPA
and AD. This patch introduces plugins for the ipa-advise tool, which should
help with configuring an old version of SSSD (1.5-1.8) to gain access to
resources in trusted domain.

Since the configuration steps differ depending on whether the platform includes
the authconfig tool, two plugins are needed:

* config-redhat-sssd-before-1-9 - provides configuration for Red Hat based
  systems, as these system include the autconfig utility
* config-generic-sssd-before-1-9 - provides configuration for other platforms

https://fedorahosted.org/freeipa/ticket/3671
https://fedorahosted.org/freeipa/ticket/3672
2013-08-07 09:18:42 +02:00
Alexander Bokovoy
7ae58f0ca9 Rename slapi-nis configuration variable 2013-08-06 16:31:09 +02:00
Tomas Babej
453d88f886 Wrap lines in the list of available advices
Now the list of available advices is neatly formatted:

-------------------------
List of available advices
-------------------------
    config-fedora-authconfig : Authconfig instructions for configuring Fedora
                               18/19 client with IPA server without use of SSSD.

The advice header printing has been reformatted to conform with the changes.
2013-08-06 15:54:48 +02:00