freeipa/ipaserver/plugins
Alexander Bokovoy a57f613314 trust: detect and error out when non-AD trust with IPA domain name exists
Quite often users choose wrong type of trust on Active Directory side
when setting up a trust to freeIPA. The trust type supported by freeIPA
is just a normal forest trust to another Active Directory. However,
some people follow old internet recipes that force using a trust to MIT
Kerberos realm.

This is a wrong type of trust. Unfortunately, when someone used MIT
Kerberos realm trust, there is no way to programmatically remote the
trust from freeIPA side. As result, we have to detect such situation and
report an error.

To do proper reporting, we need reuse some constants and trust type
names we use in IPA CLI/Web UI. These common components were moved to
a separate ipaserver/dcerpc_common.py module that is imported by both
ipaserver/plugins/trust.py and ipaserver/dcerpc.py.

Fixes https://pagure.io/freeipa/issue/7264

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
2017-12-07 21:18:51 +02:00
..
__init__.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
aci.py logging: do not log into the root logger 2017-07-14 15:55:59 +02:00
automember.py allow 'value' output param in commands without primary key 2016-07-20 13:57:01 +02:00
automount.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
baseldap.py Collect group membership without a size limit 2017-10-04 10:22:10 +02:00
baseuser.py Don't allow OTP or RADIUS in FIPS mode 2017-11-08 08:32:00 +01:00
batch.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
ca.py x509: Make certificates represented as objects 2017-07-27 10:28:58 +02:00
caacl.py Conditionally import pyhbac 2017-04-03 13:08:52 +02:00
cert.py Fix cert-find for CA-less installations 2017-11-10 10:09:57 +01:00
certmap.py Create a Certificate parameter 2017-07-27 10:28:58 +02:00
certprofile.py Reuse self.api when executing ca_enabled_check 2017-01-11 15:26:20 +01:00
config.py Don't allow OTP or RADIUS in FIPS mode 2017-11-08 08:32:00 +01:00
delegation.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
dns.py Fix dict iteration bug in dnsrecord_show 2017-11-27 11:46:54 +01:00
dnsserver.py dnsserver.py: dnsserver-find no longer returns internal server error 2017-06-15 13:51:06 +02:00
dogtag.py Use TLS for the cert-find operation 2017-09-18 11:44:08 +02:00
domainlevel.py Check for conflict entries before raising domain level 2016-12-13 12:25:07 +01:00
group.py Remove the message attribute from exceptions 2017-10-06 09:19:46 +02:00
hbac.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
hbacrule.py Allow renaming of the HBAC rule objects 2017-03-27 19:08:26 +02:00
hbacsvc.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbacsvcgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbactest.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
host.py Unify storing certificates in LDAP 2017-08-25 09:40:15 +02:00
hostgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
idrange.py fix minor spelling mistakes 2017-05-19 09:52:46 +02:00
idviews.py Changing idoverrideuser-* to treat objectClass case insensitively 2017-09-12 18:00:03 +02:00
internal.py WebUI: Add hyphenate versions of Host(Role) Based strings 2017-08-22 10:38:10 +02:00
join.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
krbtpolicy.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
ldap2.py Update to python-ldap 3.0.0 2017-12-06 16:54:04 +01:00
location.py DNS Location: add list of roles and DNS servers to location-show 2016-06-17 18:05:03 +02:00
migration.py py3: remove relative import 2017-08-29 12:55:25 +02:00
misc.py Make env and plugins commands local again 2016-12-02 13:00:06 +01:00
netgroup.py netgroup: avoid extraneous LDAP search when retrieving primary key from DN 2016-09-09 16:27:53 +02:00
otp.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otpconfig.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otptoken.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
passwd.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
permission.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
ping.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
pkinit.py pkinit: don't fail when no pkinit servers found 2017-09-12 15:59:20 +02:00
privilege.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
pwpolicy.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
rabase.py rabase.get_certificate: make serial number arg mandatory 2017-03-07 13:24:16 +01:00
radiusproxy.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
realmdomains.py ipautil: remove get_domain_name() 2016-11-29 14:50:51 +01:00
role.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
schema.py Fixing param-{find,show} and output-{find,show} commands 2017-10-17 13:42:11 +02:00
selfservice.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
selinuxusermap.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
server.py Uninstall: fix BytesWarning exception 2017-08-25 09:42:51 +02:00
serverrole.py Fix minor typos 2016-06-16 08:47:20 +02:00
serverroles.py Fix ipa config-mod --ca-renewal-master 2017-09-05 14:13:46 +02:00
service.py Unify storing certificates in LDAP 2017-08-25 09:40:15 +02:00
servicedelegation.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
session.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
stageuser.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
sudo.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
sudocmd.py sudocmd: fix unsupported assignment 2017-09-08 15:42:07 +02:00
sudocmdgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
sudorule.py Allow renaming of the sudorule objects 2017-03-27 19:08:26 +02:00
topology.py Fix regexp patterns in parameters to not enforce length 2016-09-20 17:35:28 +02:00
trust.py trust: detect and error out when non-AD trust with IPA domain name exists 2017-12-07 21:18:51 +02:00
user.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
vault.py Refactor the role/attribute member reporting code 2017-05-26 16:11:40 +02:00
virtual.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
whoami.py whoami.py: Type error when running tests 2017-07-07 14:44:42 +02:00
xmlserver.py Added new authentication method 2016-08-17 16:55:49 +02:00