IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
10,851 Commits 11 Branches 60 Tags
af998c4d30175fb3ecc148e1b3a7aca03ef9239a
Commit Graph

10851 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Basti
6bb5af7bea py3: get_memberofindirect: fix ByteWarnings 
DN must be converted to bytes as other variables adn lists contain bytes

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
 2017-02-08 15:41:39 +01:00
Martin Basti
d38540acd6 py3: DN: fix BytesWarning 
User repr() instead of str() for bytes, it has the same effect, but it
is proper way how to print bytes

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
 2017-02-08 15:41:39 +01:00
Martin Basti
ad1a5551d5 Tests: fix wait_for_replication task 
DS changed a format of replication status attribute. Now it is with
prefix "Error (x)" where x is the error code.

Both formats were kept to allow tests run on older and new
versions of DS.

Reviewed-By: Milan Kubik <mkubik@redhat.com>
 2017-02-08 14:15:53 +01:00
Martin Basti
4c84341b8b py3: send Decimal number as string instead of base64 encoded value 
for Decimal only from client to server direction uses __base64__
notation. Server replies with pure string for Decimal data, and also
server is able to parse string and create decimal values where needed.

without this we need ugly py3 code:
-        return {'__base64__': base64.b64encode(str(val))}
+        return {'__base64__': base64.b64encode(
+            str(val).encode('ascii')).decode('ascii')}

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2017-02-08 08:32:44 +01:00
Martin Basti
ab53d80883 py3: ipaldap: properly encode DNSName to bytes 
The encode method of LDAPClient didn't return DNSName as bytes but
string in py3. In py2 it returns non-unicode string so it can be encoded
safely by ascii as to_text() method returns only ascii characters.

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2017-02-08 08:32:44 +01:00
Martin Basti
a584758cfb py3: _convert_to_idna: fix bytes/unicode mistmatch 
ToASCII() returns bytes, it must be decoded to unicode

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2017-02-08 08:32:44 +01:00
Martin Basti
03d0a55e8a py3: DNS: get_record_entry_attrs: do not modify dict during iteration 
In py3 keys() doesn't return list but iterator so it must be transformed
to tuple otherwise iterator will be broken.

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2017-02-08 08:32:44 +01:00
Martin Basti
a3d3b0ad25 py3: _ptrrecord_precallaback: use bytes with labels 
DNS labels are bytes so bytes must be used for comparison

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2017-02-08 08:32:44 +01:00
Martin Basti
a93b2bea5c py3: remove_entry_from_group: attribute name must be string 
Do not encode attribute names

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2017-02-08 08:32:44 +01:00
Martin Basti
caa560ca79 py3: base64 encoding/decoding returns always bytes don't mix it 
Using unicode(bytes) call causes undesired side effect that is inserting
`b` character to result. This obviously causes issues with binary base64 data

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2017-02-08 08:32:44 +01:00
David Kupka
8e139d4b55 tests: Add tests for kerberos principal aliases in stageuser 
https://fedorahosted.org/freeipa/ticket/6623

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2017-02-07 13:58:48 +01:00
David Kupka
9382efde4f tests: kerberos_principal_aliases: Deduplicate tests 
https://fedorahosted.org/freeipa/ticket/6623

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2017-02-07 13:58:48 +01:00
David Kupka
c5c98af99d tests: Stageuser-{add,remove}-cert 
https://fedorahosted.org/freeipa/ticket/6623

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2017-02-07 13:58:48 +01:00
David Kupka
7b68cc5b08 tests: add-remove-cert: Use harcoded certificates instead of requesting them 
Requesting certificates for test purposes is not necessary as we allow to
upload arbitrary certificate to the user, host or service. Also requesting
certificate from dogtag takes some time and the test is slower for no good
reason.
More it's not posible to request certificate for stageuser even though it's
possible to upload certificates to stageusers now.

https://fedorahosted.org/freeipa/ticket/6623

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2017-02-07 13:58:48 +01:00
David Kupka
308c790ee9 ipalib.x509: Handle missing SAN gracefully 
When extension is not present None is returned instead of empty iterable
or exception thrown.

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2017-02-07 13:58:48 +01:00
David Kupka
7e2d185ba0 stageuser: Add stageuser-{add,remove}-principal 
https://fedorahosted.org/freeipa/ticket/6623

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2017-02-07 13:58:48 +01:00
David Kupka
9c0e86530e stageuser: Add stageuser-{add,remove}-cert 
Move {add,remove}-cert implementation from user to baseuser and inherit
{,stage}user-{add,remove}-cert from it.

https://fedorahosted.org/freeipa/ticket/6623

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2017-02-07 13:58:48 +01:00
Jan Cholasta
054c1e013a replica install: do not log host OTP 
Do not log the value of the --password option of ipa-client-install when it
is run from ipa-replica-install before replica promotion.

https://fedorahosted.org/freeipa/ticket/6633

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com>
 2017-02-07 13:57:48 +01:00
Martin Basti
bd83fdf516 pki-base: use pki-base-python2 as dependency 
pki-base provides pki-base-python2, but we should depend directly on
pki-base-python2 because in future pki-base may provide pki-base-python3
instead.

Source: cheimes@redhat.com

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2017-02-07 13:18:27 +01:00
Martin Basti
66fa0585aa pki: add missing depedency pki-base[-python3] 
FreeIPA server modules requires pki module

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2017-02-07 13:18:27 +01:00
Petr Čech
dc99d3c04e ipatests: nested netgroups (intg) 
Adds a test case for issue in SSSD that manifested in
an inability to resolve nested membership in netgroups

The test case tests for direct and indirect membership.

https://fedorahosted.org/freeipa/ticket/6439

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2017-02-07 11:56:14 +01:00
Martin Basti
91ab650ac4 py3: x509.py: return principal as unicode string 
X509 return principal as unicode string

https://fedorahosted.org/freeipa/ticket/4985
https://fedorahosted.org/freeipa/ticket/6640

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
 2017-02-07 11:36:38 +01:00
Fraser Tweedale
924794f62b Fix reference before assignment 
In 'store_session_cookie', if the server does not set the session
cookie for some reason, the 'session_cookie' variable does not get
assigned, resulting in UnboundLocalError.  Set an initial value of
'None'.

Fixes: https://fedorahosted.org/freeipa/ticket/6636
Reviewed-By: Martin Basti <mbasti@redhat.com>
 2017-02-06 17:28:39 +01:00
David Kupka
f4088b3a00 build: Add missing dependency on libxmlrpc{,_util} 
Change in libxmlrpc packaging uncovered missing linking  dependency in our
build system.

https://fedorahosted.org/freeipa/ticket/6637

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
 2017-02-06 17:18:26 +01:00
Jan Cholasta
89dfbab3ca tests: add test for PEM certificate files with leading text 
Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-02-06 14:59:46 +01:00
Florence Blanc-Renaud
066f5b7c90 ipa-kra-install must create directory if it does not exist 
ipa-kra-install creates an admin cert file in
/root/.dogtag/pki-tomcat/ca_admin.cert but does not check that the
parent directory exists. This situation can happen when uninstall + restore
has been run.

The fix creates the directory if not present.

https://fedorahosted.org/freeipa/ticket/6606

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-02-02 13:44:47 +01:00
Martin Basti
5de70e3199 py3: tests_xmlrpc: do not call str() on bytes 
Calling str() on bytes causes undesired side effect: it adds prefix "b"
to the result of conversion. The method decode() should be used instead.

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-02-02 13:43:16 +01:00
Fraser Tweedale
caca181d3b private_ccache: yield ccache name 
When using private_ccache, yield 'path' from the context manager.
This is cleaner than inspecting 'os.environ['KRB5CCNAME']' within
the context.

Part of: https://fedorahosted.org/freeipa/ticket/5011

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2017-01-31 18:45:32 +01:00
Martin Basti
980c8a5f9e py3: normalize_certificate: support both bytes and unicode 
https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-01-31 18:33:27 +01:00
Martin Basti
b8d6524d43 py3: strip_header: support both bytes and unicode 
Various method passed various bytes or unicode as parameter

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-01-31 18:33:27 +01:00
Martin Basti
47e76e16ef py3: fingerprint_hex_sha256: fix encoding/decoding 
https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-01-31 18:33:27 +01:00
Martin Basti
d5ab0637fe py3: fix CSR encoding inside framework 
csr must be in string because framework excpects only strings, so we
have to decode it back

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-01-31 18:33:27 +01:00
Martin Basti
1023cfebff Principal: validate type of input parameter 
Bytes are unsupported and we should raise a TypeError from Principal
__init__ method otherwise we get hard to debug result

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-01-31 18:33:27 +01:00
Martin Basti
deaf9ae247 Use dict comprehension 
Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-01-31 18:33:27 +01:00
Martin Basti
b37d18288d py3: can_read: attributelevelrights is already string 
Remove decode() as it causes error in py3 because the attribute is
already string not bytes

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-01-31 18:33:27 +01:00
Martin Basti
49333058c8 py3: get_effective_rights: values passed to ldap must be bytes 
Values passed to LDAP must be bytes

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-01-31 18:33:27 +01:00
Martin Basti
dd3d9f1ca6 py3: ipaldap: update encode/decode methods 
Update encoding/decoding accordingly to work under Py3

Removing functions that were used only once in code and give no real
improvements

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-01-31 18:33:27 +01:00
Martin Basti
aa036e5f33 py3: rpcserver fix undefined variable 
variable 'e' is valid only in except block in py3, so it must be
assigned to different variable for further usage

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-01-31 18:33:27 +01:00
Martin Basti
cca9aa43e1 py3: WSGI executioners must return bytes in list 
WSGI prints TypeError into error log when IPA doesn't return bytes in
list as result

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-01-31 18:33:27 +01:00
Martin Basti
35e135c4e3 py3: session: fix r/w ccache data 
ccache contains binary data, so it should be read and write in binary
mode

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-01-31 18:33:27 +01:00
Martin Basti
7e8eb53375 Py3: Fix undefined variable 
Variable 'e' has only local scope in except block in Py3

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-01-31 18:33:27 +01:00
Martin Basti
9739d0354a py3: rpcserver: decode input because json requires string 
json library parses string so input must be decoded

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-01-31 18:33:27 +01:00
Martin Basti
a9fec1de1a py3: session.py decode server name to str 
This fix is temporal because Memcache will be removed soon, so it is
more workaround than fix

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
 2017-01-31 18:33:27 +01:00
Martin Basti
f2ec44f270 Use proper logging for error messages 
https://fedorahosted.org/freeipa/ticket/6588r

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
 2017-01-31 10:44:42 +01:00
Martin Basti
38fd8b356d wait_for_entry: use only DN as parameter 
Using the whole entry is not needed as parameter because only DN is used
and it prevents easier usage of this function

https://fedorahosted.org/freeipa/ticket/6588

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
 2017-01-31 10:44:42 +01:00
Ben Lipton
a26cf0d791 tests: Add tests for CSR autogeneration 
This patch also contains some code changes to make the code easier to
test and to make the tests pass.

https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2017-01-31 10:20:28 +01:00
Ben Lipton
afd7c05d11 csrgen: Use data_sources option to define which fields are rendered 
This removes the ipa.syntaxrule and ipa.datarule macros in favor of
simple 'if' statements based on the data referenced in the rules. The
'if' statement for a syntax rule is generated based on the data rules it
contains.

The Subject DN should not be generated unless all data rules are in
place, so the ability to override the logical operator that combines
data_sources (from 'or' to 'and') is added.

https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2017-01-31 10:20:28 +01:00
Ben Lipton
f1a1c6eca1 csrgen: Add a CSR generation profile for user certificates 
https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2017-01-31 10:20:28 +01:00
Ben Lipton
fc58eff6a3 csrgen: Add CSR generation profile for caIPAserviceCert 
https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2017-01-31 10:20:28 +01:00
Ben Lipton
10ef594786 csrgen: Add code to generate scripts that generate CSRs 
Adds a library that uses jinja2 to format a script that, when run, will
build a CSR. Also adds a CLI command, 'cert-get-requestdata', that uses
this library and builds the script for a given principal. The rules are
read from json files in /usr/share/ipa/csr, but the rule provider is a
separate class so that it can be replaced easily.

https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2017-01-31 10:20:28 +01:00