Commit Graph

6297 Commits

Author SHA1 Message Date
Timo Aaltonen
397986d19a Don't search platform path
Don't use Python.h from the platform specific path
2013-09-16 17:35:22 +02:00
Timo Aaltonen
afce2f8162 Use /usr/bin/python as fallback python path 2013-09-16 17:35:22 +02:00
Petr Vobornik
5c4a72de59 Fix redirection on deletion of last dns record entry
https://fedorahosted.org/freeipa/ticket/3907
2013-09-16 13:56:25 +02:00
Ana Krivokapic
7c22b852c7 Follow tmpfiles.d packaging guidelines
https://fedorahosted.org/freeipa/ticket/3881
2013-09-16 13:33:13 +02:00
Ana Krivokapic
15cc9740c0 Do not show unexpected error in ipa-ldap-updater
Prevent showing of unfriendly "Unexpected error" message, when providing
incorrect DM password to ipa-ldap-updater.

https://fedorahosted.org/freeipa/ticket/3825
2013-09-16 12:35:36 +02:00
Simo Sorce
5157fd450f Add Delegation Info to MS-PAC
https://fedorahosted.org/freeipa/ticket/3442
2013-09-13 18:03:53 +02:00
Jan Cholasta
e380acdc1c Fix nsslapdPlugin object class after initial replication.
This is a workaround for <https://fedorahosted.org/389/ticket/47490>.

https://fedorahosted.org/freeipa/ticket/3915
2013-09-10 09:49:43 +02:00
Ana Krivokapic
a70b08e9ae Do not crash if DS is down during server uninstall
DS is contacted during server uninstallation, in order to obtain information
about replication agreements. If DS is unavailable, warn and continue with
uninstallation.

https://fedorahosted.org/freeipa/ticket/3867
2013-09-09 17:24:04 +02:00
Ana Krivokapic
66242e6ab0 Fix invocations of FileError in ipa-client-install
Some of the FileErrors in ipa-client-install were raised incorrectly
(without the 'reason' argument), which resulted in bad error messages
during ipa-client-install.

https://fedorahosted.org/freeipa/ticket/3758
2013-09-09 14:20:17 +02:00
Ana Krivokapic
28144e358c Replace ntpdate calls with ntpd
Due to the upcoming deprecation of the ntpdate program (targeted for Fedora 20),
replace ntpdate calls with ntpd.

https://fedorahosted.org/freeipa/ticket/3797
2013-09-09 13:37:32 +02:00
Petr Viktorin
a9225be0fa Make make-lint compatible with Pylint 1.0
Pylint 1.0 was released[0] and it brings some incompatibilities,
as well as a bug[1] that's triggered by FreeIPA code.

This patch updates make-lint to be compatible with Pylint 1.0,
while keeping support for version 0.26.

[0] http://www.logilab.org/blogentry/163292
[1] https://bitbucket.org/logilab/pylint/issue/47

Ticket: https://fedorahosted.org/freeipa/ticket/3865
2013-09-06 15:43:25 +02:00
Petr Viktorin
85b974d1bc Remove __all__ specifications in ipaclient and ipaserver.install
The __all__ list does not cause submodules to be imported, e.g.
one would still have to `import ipaclient.ipachangeconf` rather than
just `import ipaclient` to use `ipaclient.ipachangeconf`.

Even if they did do anything, the lists were incomplete, and (since
`import *` is not used on these modules) unnecessary.

Pylint 1.0 reports undeclared names in __all__ as a warning.
2013-09-06 15:42:33 +02:00
Petr Spacek
0924177ab0 Add timestamps to named debug logs in /var/named/data/named.run 2013-09-06 15:39:36 +02:00
Ana Krivokapic
95483d3b9f Add option to ipa-client-install to configure automount
Add the --automount-location option to ipa-client-install. If the option is
used, ipa-client-automount is called at the end of ipa-client-install.

https://fedorahosted.org/freeipa/ticket/3740
2013-09-05 12:43:52 +02:00
Petr Vobornik
f312d72510 Fix RUV search scope in ipa-replica-manage
The search had an incorrect scope and therefore it didn't find any RUV.

This issue prevented removing of replica.

https://fedorahosted.org/freeipa/ticket/3876
2013-09-04 12:46:29 +02:00
Ana Krivokapic
7959f3ee1e Add warning when uninstalling active replica
Add a warning when trying to uninstall a replica that has active replication
agreements.

https://fedorahosted.org/freeipa/ticket/3867
2013-09-04 11:07:32 +02:00
Ana Krivokapic
de7b1f86dc Create DS user and group during ipa-restore
ipa-restore would fail if DS user did not exist. Check for presence of DS
user and group and create them if needed.

https://fedorahosted.org/freeipa/ticket/3856
2013-09-02 16:28:37 +02:00
Ana Krivokapic
f40cb4c031 Add integration tests for forced client re-enrollment
Add integration tests for the forced client re-enrollment feature:
http://www.freeipa.org/page/V3/Forced_client_re-enrollment#Test_Plan

https://fedorahosted.org/freeipa/ticket/3832
2013-09-02 12:29:36 +02:00
Jakub Hrozek
ec08458b65 EXTDOM: Do not overwrite domain_name for INP_SID 2013-08-29 15:30:38 +02:00
Sumit Bose
5c357b462d CLDAP: make sure an empty reply is returned on any error
If ipa_cldap_decode() reply is not initialized.

Fixes https://fedorahosted.org/freeipa/ticket/3885
2013-08-29 15:28:18 +02:00
Rob Crittenden
3940a574f9 Re-order NULL check in ipa_lockout.
There is no risk of crash here as slapi_valueset_first_value() can handle
the case where the valueset is NULL, but there is no point in calling that
if we know there are no values.

https://fedorahosted.org/freeipa/ticket/3880
2013-08-29 15:26:46 +02:00
Petr Viktorin
f742520760 Add man pages for testing tools
Add man pages for ipa-run-tests, ipa-test-task, and ipa-test-config.

https://fedorahosted.org/freeipa/ticket/3855 (part 5)
2013-08-29 15:18:34 +02:00
Tomas Babej
a3d489443c Log proper error message when defaultNamingContext not found 2013-08-29 14:05:20 +02:00
Jan Cholasta
7c66912824 Fix service-disable in CA-less install.
https://fedorahosted.org/freeipa/ticket/3886
2013-08-29 10:18:32 +02:00
Petr Viktorin
9b200c7c72 Add CA-less install tests
Differences from the test plan at
http://www.freeipa.org/index.php?title=V3/CA-less_install&oldid=6669 are:
- The following tests are included in all applicable positive
  install tests, rather than being standalone test cases:
  - Verify CA certificate stored in LDAP
  - Verify CA PEM file created by IPA server install
  - Verify that IPA server install does not configure certmonger
  - Verify CA PEM file created by IPA replica install
  - Verify that IPA replica install does not configure certmonger
  - Verify CA PEM file created by IPA client install
- PKI setup is done only once for each test class
- Master installation is done once for the IPA command tests, and
  once for the certinstall tests
- Certificates are compared after base64 decoding to avoid failures
  from formatting mismatches
- Minor changes necessary for automation (e.g. adding --unattended
  and --password options, correcting error messages)
- Web UI tests are not included here

https://fedorahosted.org/freeipa/ticket/3830
2013-08-28 20:14:46 +02:00
Ana Krivokapic
196c4b5f53 Fix tests which fail after ipa-adtrust-install
Some unit tests were failing after ipa-adtrust-install has been run on the
IPA server, due to missing attributes ('ipantsecurityidentifier') and
objectclasses ('ipantuserattrs' and 'ipantgroupattrs'). This patch detects if
ipa-adtrust-install has been run, and adds missing attributes and objectclasses
where appropriate.

https://fedorahosted.org/freeipa/ticket/3852
2013-08-28 16:45:57 +02:00
Petr Viktorin
fed7e7b231 Add missing license header to ipa-test-config 2013-08-28 14:40:18 +02:00
Petr Vobornik
92569b712c Update idrange search facet after trust creation
Adding a trust creates a range -> range search facet should be marked as expired.

https://fedorahosted.org/freeipa/ticket/3874
2013-08-28 14:23:42 +02:00
Simo Sorce
bea533c69a kdb-princ: Fix memory leak
If we do not store the keys in the entry we need to free the array before
continuing or the data is leaked.

CoverityID: 11910

Fixes:
https://fedorahosted.org/freeipa/ticket/3884
2013-08-28 12:42:56 +02:00
Simo Sorce
f96257397e kdb-mspac: Fix out of bounds memset
This memset was harmless as the following data is then set again, but an
optimizing compiler might conceivably reorder instructions causing issues.

CoverityID: 11909

Fixes:
https://fedorahosted.org/freeipa/ticket/3883
2013-08-28 12:42:56 +02:00
Simo Sorce
b29ce20705 pwd-plugin: Fix ignored return error
CoverityID: 11904

Also remove 'inline', the compiler can do it on its own if needed.

Fixes:
https://fedorahosted.org/freeipa/ticket/3882
2013-08-28 12:42:56 +02:00
Jan Cholasta
3c9261699a Fix ipa-server-certinstall usage string.
https://fedorahosted.org/freeipa/ticket/3869
2013-08-28 10:20:42 +02:00
Jan Cholasta
fc8f0ae3ad Add --dirman-password option to ipa-server-certinstall.
https://fedorahosted.org/freeipa/ticket/3869
2013-08-28 10:20:41 +02:00
Jan Cholasta
5a8e326aeb Fix nsSaslMapping object class before configuring SASL mappings.
This is a workaround for <https://fedorahosted.org/389/ticket/47490>.

https://fedorahosted.org/freeipa/ticket/3778
2013-08-27 18:43:20 +02:00
Tomas Babej
e68bef0b1c Fix incorrect error message occurence when re-adding the trust
You cannot re-add the trust and modify the range in the process.
The check in the code was malfunctioning since it assumed that
range_size parameter has default value. However, default value
is assigned only later in the add_range function.

https://fedorahosted.org/freeipa/ticket/3870
2013-08-27 17:01:37 +02:00
Ana Krivokapic
1749cce3f7 Add integration tests for Kerberos Flags
Add integration tests for the Kerberos Flags feature:
http://www.freeipa.org/page/V3/Kerberos_Flags#Test_Plan
(except the web UI tests).

https://fedorahosted.org/freeipa/ticket/3831
2013-08-27 12:45:12 +02:00
Tomas Babej
ab6a6e27d8 Make CS.cfg edits with CA instance stopped
This patch makes sure that all edits to CS.cfg configuration file
are performed while pki-tomcatd service is stopped.

Introduces a new contextmanager stopped_service for handling
a general problem of performing a task that needs certain service
being stopped.

https://fedorahosted.org/freeipa/ticket/3804
2013-08-26 16:21:36 +02:00
Tomas Babej
6961cf2e77 Perform dirsrv tuning at platform level
When configuring the 389 Directory Server instance, we tune it
so that number of file descriptors available to the DS is increased
from the default 1024 to 8192.

There are platform specific steps that need to be conducted
differently on systemd compatible platforms and sysV compatible
platforms.

systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd
sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv
      set ulimit - nofile 8192 in /etc/security/limits.conf

https://fedorahosted.org/freeipa/ticket/3823
2013-08-26 13:07:17 +02:00
Petr Vobornik
34342b9a97 Show human-readable error name in error dialog title
Fixes RPC server's JSON encoding of exception's name.

It allows to show the name in Web UI's error dialog title.
2013-08-26 13:05:36 +02:00
Tomas Babej
edf92f7650 Remove redundant shebangs
Remove redundant shebangs from files that are not used as scripts.

https://fedorahosted.org/freeipa/ticket/3853
2013-08-26 13:03:32 +02:00
Petr Vobornik
278c87cc62 Web UI integration tests: ID range types
https://fedorahosted.org/freeipa/ticket/3834
2013-08-22 15:23:56 +02:00
Petr Vobornik
0584caf56a Web UI Integration tests: Kerberos Flags
Tests according to: http://www.freeipa.org/page/V3/Kerberos_Flags

https://fedorahosted.org/freeipa/ticket/3831
2013-08-22 15:23:56 +02:00
Petr Vobornik
8e8afe0519 Web UI integration tests: CA-less
Test cases according to: http://www.freeipa.org/page/V3/CA-less_install

https://fedorahosted.org/freeipa/ticket/3830
2013-08-22 15:23:56 +02:00
Petr Vobornik
e61c2e3441 Hide 'New Certificate' action on CA-less install
This action calls cert-request command which is not available on CA-less installs. Thus this action won't be enabled and therefore there is no reason to keep it visible.

https://fedorahosted.org/freeipa/ticket/3363
2013-08-22 15:23:56 +02:00
Petr Vobornik
ca0d959df8 Add base-id, range-size and range-type options to trust-add dialog
https://fedorahosted.org/freeipa/ticket/3049
2013-08-22 15:23:56 +02:00
Ana Krivokapic
c318213250 Fix broken replica installation
Make sure the subject base parameter is correctly passed and used during the
creation of the DS instance on a replica.

https://fedorahosted.org/freeipa/ticket/3868
2013-08-20 16:36:13 +02:00
Jan Cholasta
78cf94a52c Ask for PKCS#12 password interactively in ipa-server-certinstall.
https://fedorahosted.org/freeipa/ticket/3641
2013-08-20 16:18:59 +02:00
Jan Cholasta
02be7acd15 Add --pin option to ipa-server-certinstall.
Hide the unnecessary --dirsrv_pin and --http_pin options.

https://fedorahosted.org/freeipa/ticket/3869
2013-08-20 16:18:59 +02:00
Jan Cholasta
1669253238 Untrack old and track new cert with certmonger in ipa-server-certinstall.
https://fedorahosted.org/freeipa/ticket/3641
2013-08-20 16:18:59 +02:00
Jan Cholasta
f2c3ae36f9 Replace only the cert instead of the whole NSS DB in ipa-server-certinstall.
https://fedorahosted.org/freeipa/ticket/3641
2013-08-20 16:18:59 +02:00