[Pkg-freeipa-devel] freeipa: Changes to 'upstream-unstable'
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Mon Jun 17 19:23:07 UTC 2013
Makefile | 2
VERSION | 2
daemons/Makefile.am | 1
daemons/configure.ac | 136
daemons/ipa-kdb/ipa_kdb.c | 38
daemons/ipa-kdb/ipa_kdb.h | 13
daemons/ipa-kdb/ipa_kdb_principals.c | 28
daemons/ipa-otpd/Makefile.am | 21
daemons/ipa-otpd/bind.c | 144
daemons/ipa-otpd/forward.c | 124
daemons/ipa-otpd/internal.h | 153
daemons/ipa-otpd/ipa-otpd.socket.in | 11
daemons/ipa-otpd/ipa-otpd at .service.in | 9
daemons/ipa-otpd/main.c | 340 ++
daemons/ipa-otpd/parse.c | 176 +
daemons/ipa-otpd/query.c | 253 +
daemons/ipa-otpd/queue.c | 183 +
daemons/ipa-otpd/stdio.c | 205 +
daemons/ipa-otpd/test.py | 61
daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_netlogon.c | 67
daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_worker.c | 30
daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_extop.c | 2
daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am | 48
daemons/ipa-slapi-plugins/ipa-pwd-extop/auth.c | 398 ++
daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c | 1237 +++++++
daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c | 291 +
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | 109
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h | 42
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c | 1107 ------
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c | 291 -
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c | 1349 --------
daemons/ipa-slapi-plugins/ipa-pwd-extop/otp.c | 180 +
daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c | 1642 ++++++++++
daemons/ipa-slapi-plugins/ipa-pwd-extop/t_hotp.c | 82
daemons/ipa-slapi-plugins/ipa-pwd-extop/t_totp.c | 103
daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen_common.c | 2
freeipa.spec.in | 9
init/systemd/freeipa-systemd-upgrade | 1
install/html/ssbrowser.html | 12
install/share/60basev3.ldif | 2
install/share/70ipaotp.ldif | 28
install/share/Makefile.am | 1
install/share/copy-schema-to-ca.py | 1
install/share/default-aci.ldif | 10
install/tools/ipa-ca-install | 13
install/tools/ipa-dns-install | 5
install/tools/ipa-replica-install | 19
install/tools/ipa-server-install | 19
install/tools/ipa-upgradeconfig | 30
install/ui/src/freeipa/_base/metadata_provider.js | 62
install/ui/src/freeipa/aci.js | 2
install/ui/src/freeipa/association.js | 144
install/ui/src/freeipa/automember.js | 2
install/ui/src/freeipa/certificate.js | 2
install/ui/src/freeipa/details.js | 27
install/ui/src/freeipa/dns.js | 58
install/ui/src/freeipa/entity.js | 25
install/ui/src/freeipa/facet.js | 164
install/ui/src/freeipa/field.js | 2
install/ui/src/freeipa/hbactest.js | 2
install/ui/src/freeipa/ipa.js | 2
install/ui/src/freeipa/metadata.js | 65
install/ui/src/freeipa/search.js | 87
install/ui/src/freeipa/sudo.js | 14
install/ui/src/freeipa/text.js | 2
install/ui/src/freeipa/widget.js | 4
install/ui/test/aci_tests.js | 2
install/ui/test/data/ipa_init.json | 12
install/ui/test/data/ipa_init_commands.json | 11
install/ui/test/details_tests.js | 10
install/ui/test/entity_tests.js | 8
install/updates/10-60basev3.update | 4
install/updates/10-70ipaotp.update | 25
install/updates/40-otp.update | 9
install/updates/50-7_bit_check.update | 6
install/updates/Makefile.am | 5
ipa-client/ipa-install/ipa-client-install | 11
ipalib/cli.py | 26
ipalib/constants.py | 1
ipalib/frontend.py | 37
ipalib/plugable.py | 10
ipalib/plugins/dns.py | 56
ipalib/plugins/hbactest.py | 4
ipalib/plugins/idrange.py | 60
ipalib/plugins/internal.py | 12
ipalib/plugins/ping.py | 2
ipalib/rpc.py | 2
ipapython/platform/fedora16/service.py | 1
ipapython/version.py.in | 17
ipaserver/install/adtrustinstance.py | 50
ipaserver/install/dsinstance.py | 21
ipaserver/install/installutils.py | 22
ipaserver/install/krbinstance.py | 1
ipaserver/install/otpdinstance.py | 25
ipaserver/install/plugins/update_anonymous_aci.py | 25
ipaserver/install/service.py | 17
tests/test_cmdline/test_cli.py | 67
tests/test_xmlrpc/test_range_plugin.py | 144
98 files changed, 7042 insertions(+), 3355 deletions(-)
New commits:
commit 3def81da5b892f39292d20909a4a3255375ff784
Author: Martin Kosek <mkosek at redhat.com>
Date: Fri Jun 7 09:52:36 2013 +0200
Become 3.2.1
diff --git a/VERSION b/VERSION
index 08c2bf1..60b1d5f 100644
--- a/VERSION
+++ b/VERSION
@@ -20,7 +20,7 @@
########################################################
IPA_VERSION_MAJOR=3
IPA_VERSION_MINOR=2
-IPA_VERSION_RELEASE=0
+IPA_VERSION_RELEASE=1
########################################################
# For 'pre' releases the version will be #
commit dfcb07a8b3027820d4d8810e0b650059789e9adf
Author: Ana Krivokapic <akrivoka at redhat.com>
Date: Thu Jun 6 12:52:08 2013 +0200
Prevent error when running IPA commands with su/sudo
https://fedorahosted.org/freeipa/ticket/3685
diff --git a/ipalib/plugable.py b/ipalib/plugable.py
index fe09d3a..aaa0dea 100644
--- a/ipalib/plugable.py
+++ b/ipalib/plugable.py
@@ -490,6 +490,11 @@ class API(DictProxy):
stream=sys.stderr,
level=level,
format=LOGGING_FORMAT_STDERR)])
+
+ if not parser:
+ parser = self.build_global_parser()
+ object.__setattr__(self, 'parser', parser)
+
# Add file handler:
if self.env.mode in ('dummy', 'unit_test'):
return # But not if in unit-test mode
@@ -503,7 +508,6 @@ class API(DictProxy):
log.error('Could not create log_dir %r', log_dir)
return
-
level = 'info'
if self.env.debug:
level = 'debug'
@@ -516,10 +520,6 @@ class API(DictProxy):
log.error('Cannot open log file %r: %s', self.env.log, e)
return
- if not parser:
- parser = self.build_global_parser()
- object.__setattr__(self, 'parser', parser)
-
def build_global_parser(self, parser=None, context=None):
"""
Add global options to an optparse.OptionParser instance.
commit 08a487f3e4d258f84dd20330e0a45c9b5f4094f0
Author: Tomas Babej <tbabej at redhat.com>
Date: Wed Jun 5 15:48:35 2013 +0200
Manage ipa-otpd.socket by IPA
Adds a new simple service called OtpdInstance, that manages
ipa-otpd.socket service. Added to server/replica installer
and ipa-upgradeconfig script.
https://fedorahosted.org/freeipa/ticket/3680
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 2722202..e93e30b 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -35,6 +35,7 @@ from ipapython import ipautil
from ipaserver.install import dsinstance, installutils, krbinstance, service
from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
from ipaserver.install import memcacheinstance
+from ipaserver.install import otpdinstance
from ipaserver.install.replication import replica_conn_check, ReplicationManager
from ipaserver.install.installutils import (HostnameLocalhost, resolve_host,
ReplicaConfig, expand_replica_info, read_replica_info ,get_host_name,
@@ -672,6 +673,11 @@ def main():
krb = install_krb(config, setup_pkinit=options.setup_pkinit)
http = install_http(config, auto_redirect=options.ui_redirect)
+
+ otpd = otpdinstance.OtpdInstance()
+ otpd.create_instance('OTPD', config.host_name, config.dirman_password,
+ ipautil.realm_to_suffix(config.realm_name))
+
if CA:
CA.configure_certmonger_renewal()
CA.import_ra_cert(dir + "/ra.p12")
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 4a2ac17..853b4a8 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -49,6 +49,7 @@ from ipaserver.install import ntpinstance
from ipaserver.install import certs
from ipaserver.install import cainstance
from ipaserver.install import memcacheinstance
+from ipaserver.install import otpdinstance
from ipaserver.install import sysupgrade
from ipaserver.install import service, installutils
@@ -513,6 +514,7 @@ def uninstall():
krbinstance.KrbInstance(fstore).uninstall()
dsinstance.DsInstance(fstore=fstore).uninstall()
memcacheinstance.MemcacheInstance().uninstall()
+ otpdinstance.OtpdInstance().uninstall()
ipaservices.restore_network_configuration(fstore, sstore)
fstore.restore_all_files()
try:
@@ -1108,11 +1110,15 @@ def main():
# generated
ds.add_cert_to_service()
- # Create a HTTP instance
-
memcache = memcacheinstance.MemcacheInstance()
- memcache.create_instance('MEMCACHE', host_name, dm_password, ipautil.realm_to_suffix(realm_name))
+ memcache.create_instance('MEMCACHE', host_name, dm_password,
+ ipautil.realm_to_suffix(realm_name))
+ otpd = otpdinstance.OtpdInstance()
+ otpd.create_instance('OTPD', host_name, dm_password,
+ ipautil.realm_to_suffix(realm_name))
+
+ # Create a HTTP instance
http = httpinstance.HTTPInstance(fstore)
if options.http_pkcs12:
http.create_instance(
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 8e9357f..4e92169 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -48,6 +48,7 @@ from ipaserver.install import bindinstance
from ipaserver.install import service
from ipaserver.install import cainstance
from ipaserver.install import certs
+from ipaserver.install import otpdinstance
from ipaserver.install import sysupgrade
@@ -925,17 +926,23 @@ def main():
uninstall_selfsign(ds, http)
- memcache = memcacheinstance.MemcacheInstance()
- memcache.ldapi = True
- memcache.realm = api.env.realm
- try:
- if not memcache.is_configured():
- # 389-ds needs to be running to create the memcache instance
- # because we record the new service in cn=masters.
- ds.start()
- memcache.create_instance('MEMCACHE', fqdn, None, ipautil.realm_to_suffix(api.env.realm))
- except ipalib.errors.DuplicateEntry:
- pass
+ simple_service_list = (
+ (memcacheinstance.MemcacheInstance(), 'MEMCACHE'),
+ (otpdinstance.OtpdInstance(), 'OTPD'),
+ )
+
+ for service, ldap_name in simple_service_list:
+ service.ldapi = True
+ try:
+ if not service.is_configured():
+ # 389-ds needs to be running to create the memcache instance
+ # because we record the new service in cn=masters.
+ ds.start()
+ service.create_instance(ldap_name, fqdn, None,
+ ipautil.realm_to_suffix(api.env.realm),
+ realm=api.env.realm)
+ except ipalib.errors.DuplicateEntry:
+ pass
cleanup_kdc(fstore)
setup_firefox_extension(fstore)
diff --git a/ipapython/platform/fedora16/service.py b/ipapython/platform/fedora16/service.py
index dac8c00..d45f629 100644
--- a/ipapython/platform/fedora16/service.py
+++ b/ipapython/platform/fedora16/service.py
@@ -53,6 +53,7 @@ system_units['pki_cad'] = system_units['pki-cad']
# Our PKI instance is pki-tomcatd at pki-tomcat.service
system_units['pki-tomcatd'] = 'pki-tomcatd at pki-tomcat.service'
system_units['pki_tomcatd'] = system_units['pki-tomcatd']
+system_units['ipa-otpd'] = 'ipa-otpd.socket'
class Fedora16Service(systemd.SystemdService):
def __init__(self, service_name):
diff --git a/ipaserver/install/otpdinstance.py b/ipaserver/install/otpdinstance.py
new file mode 100644
index 0000000..2eed3f8
--- /dev/null
+++ b/ipaserver/install/otpdinstance.py
@@ -0,0 +1,25 @@
+# Authors: Tomas Babej <tbabej at redhat.com>
+#
+# Copyright (C) 2013 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import service
+
+
+class OtpdInstance(service.SimpleServiceInstance):
+ def __init__(self):
+ service.SimpleServiceInstance.__init__(self, "ipa-otpd")
\ No newline at end of file
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 8f4a7db..f3cd189 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -40,14 +40,15 @@ DISABLED = 3
# The service name as stored in cn=masters,cn=ipa,cn=etc. In the tuple
# the first value is the *nix service name, the second the start order.
SERVICE_LIST = {
- 'KDC':('krb5kdc', 10),
- 'KPASSWD':('kadmin', 20),
- 'DNS':('named', 30),
- 'MEMCACHE':('ipa_memcached', 39),
- 'HTTP':('httpd', 40),
- 'CA':('%sd' % dogtag.configured_constants().PKI_INSTANCE_NAME, 50),
- 'ADTRUST':('smb', 60),
- 'EXTID':('winbind', 70)
+ 'KDC': ('krb5kdc', 10),
+ 'KPASSWD': ('kadmin', 20),
+ 'DNS': ('named', 30),
+ 'MEMCACHE': ('ipa_memcached', 39),
+ 'HTTP': ('httpd', 40),
+ 'CA': ('%sd' % dogtag.configured_constants().PKI_INSTANCE_NAME, 50),
+ 'ADTRUST': ('smb', 60),
+ 'EXTID': ('winbind', 70),
+ 'OTPD': ('ipa-otpd', 80),
}
def print_msg(message, output_fd=sys.stdout):
commit b1cb3ade03346113ab6ce6862dbd2a60070e59ca
Author: Tomas Babej <tbabej at redhat.com>
Date: Mon Jun 3 09:56:08 2013 +0200
Do not check userPassword with 7-bit plugin
Default list of attributes that are checked with 7-bit plugin
for being 7-bit clean includes userPassword. Consecutively, one
is unable to set passwords that contain non-ascii characters.
https://fedorahosted.org/freeipa/ticket/3640
diff --git a/install/updates/50-7_bit_check.update b/install/updates/50-7_bit_check.update
new file mode 100644
index 0000000..b9ea8a9
--- /dev/null
+++ b/install/updates/50-7_bit_check.update
@@ -0,0 +1,6 @@
+# Remove userPassword from the list of attributes checked by 7-bit plugin
+# Replace argument value 'userPassword' with 'mail' to avoid the need to
+# shift the whole argument array. Attribute 'mail' is already listed
+# in pluginarg1, so it is conveniently used as valid value placeholder.
+dn: cn=7-bit check,cn=plugins,cn=config
+replace:nsslapd-pluginarg2:userpassword::mail
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index 787a51c..5336f62 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -35,6 +35,7 @@ app_DATA = \
40-automember.update \
40-otp.update \
45-roles.update \
+ 50-7_bit_check.update \
50-lockout-policy.update \
50-groupuuid.update \
50-hbacservice.update \
commit efed0643c90f0cc31540351744dd431e6a122a17
Author: Martin Kosek <mkosek at redhat.com>
Date: Thu Jun 6 08:34:13 2013 +0200
Remove redundant u'' character
One Python's unicode marking character was being printed by RPC plugin
which then appeared in ipa-client-install output. This patch removes
it.
diff --git a/ipalib/plugins/ping.py b/ipalib/plugins/ping.py
index e9dc28f..0743758 100644
--- a/ipalib/plugins/ping.py
+++ b/ipalib/plugins/ping.py
@@ -45,7 +45,7 @@ EXAMPLES:
Ping an IPA server verbosely:
ipa -v ping
ipa: INFO: trying https://ipa.example.com/ipa/xml
- ipa: INFO: Forwarding 'ping' to server u'https://ipa.example.com/ipa/xml'
+ ipa: INFO: Forwarding 'ping' to server 'https://ipa.example.com/ipa/xml'
-----------------------------------------------------
IPA server version 2.1.9. API version 2.20
-----------------------------------------------------
diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index 077d99e..36daa83 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -697,7 +697,7 @@ class xmlclient(Connectible):
'%s.forward(): %r not in api.Command' % (self.name, name)
)
server = getattr(context, 'request_url', None)
- self.info('Forwarding %r to server %r', name, server)
+ self.info("Forwarding '%s' to server '%s'", name, server)
command = getattr(self.conn, name)
params = [args, kw]
try:
commit 6f41dd8e991e7601a1dd5692807245ac42b960c6
Author: Petr Vobornik <pvoborni at redhat.com>
Date: Mon Jun 3 15:14:20 2013 +0200
Fix regression: missing facet tab group labels
Currently there is only empty space between facet tabs and facet title.
It's a regression caused by recent refactoring.
https://fedorahosted.org/freeipa/ticket/3688
diff --git a/install/ui/src/freeipa/entity.js b/install/ui/src/freeipa/entity.js
index 1896f90..22efd47 100644
--- a/install/ui/src/freeipa/entity.js
+++ b/install/ui/src/freeipa/entity.js
@@ -240,18 +240,23 @@ exp.entity_builder =IPA.entity_builder = function(entity) {
];
that.facet_group = function(spec) {
- spec.entity = entity;
- if (spec instanceof Object) {
- var factory = spec.$factory || IPA.facet_group;
- facet_group = factory(spec);
- } else {
- facet_group = IPA.facet_group({ name: spec });
- }
- if (facet_group.label == undefined) {
- facet_group.label = text.get('@i18n:facet_groups.'+facet_group.name);
+ if (typeof spec === 'string') {
+ spec = { name: spec };
}
+ var preop = function(spec) {
+
+ spec.entity = entity;
+ spec.label = spec.label || '@i18n:facet_groups.'+spec.name;
+ return spec;
+ };
+
+ var facet_group = builder.build('', spec, {}, {
+ $factory: IPA.facet_group,
+ $pre_ops: [preop]
+ });
+
entity.add_facet_group(facet_group);
return that;
diff --git a/install/ui/src/freeipa/facet.js b/install/ui/src/freeipa/facet.js
index 80e8671..ad53b80 100644
--- a/install/ui/src/freeipa/facet.js
+++ b/install/ui/src/freeipa/facet.js
@@ -909,7 +909,7 @@ exp.facet_header = IPA.facet_header = function(spec) {
if (!data) return;
var result = data.result.result;
if (!that.facet.disable_facet_tabs) {
- var pkey = that.facet.pkey;
+ var pkey = that.facet.get_pkey();
var facet_groups = that.facet.entity.facet_groups.values;
for (var i=0; i<facet_groups.length; i++) {
commit e3ef78c67e276157777c96f8f63c84806f5ca9e4
Author: Tomas Babej <tbabej at redhat.com>
Date: Thu May 9 14:47:29 2013 +0200
Incorporate interactive prompts in idrange-add
In idrange-add command, ensure that RID base is prompted for
in the interactive mode if domain SID or domain name was
specified.
If domain name nor SID was specified, make sure rid base is
prompted for if secondary rid base was specified and vice versa.
https://fedorahosted.org/freeipa/ticket/3602
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index d548794..2a5415d 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -361,6 +361,41 @@ class idrange_add(LDAPCreate):
msg_summary = _('Added ID range "%(value)s"')
+ def interactive_prompt_callback(self, kw):
+ """
+ Ensure that rid-base is prompted for when dom-sid is specified.
+
+ Also ensure that secondary-rid-base is prompted for when rid-base is
+ specified and vice versa, in case that dom-sid was not specified.
+ """
+
+ # dom-sid can be specified using dom-sid or dom-name options
+
+ # it can be also set using --setattr or --addattr, in these cases
+ # we will not prompt, but raise an ValidationError later
+
+ dom_sid_set = any(dom_id in kw for dom_id in
+ ('ipanttrusteddomainname', 'ipanttrusteddomainsid'))
+
+ rid_base_set = 'ipabaserid' in kw
+ secondary_rid_base_set = 'ipasecondarybaserid' in kw
+
+ # Prompt for RID base if domain SID / name was given
+ if dom_sid_set and not rid_base_set:
+ value = self.prompt_param(self.params['ipabaserid'])
+ kw.update(dict(ipabaserid=value))
+
+ if not dom_sid_set:
+ # Prompt for secondary RID base if RID base was given
+ if rid_base_set and not secondary_rid_base_set:
+ value = self.prompt_param(self.params['ipasecondarybaserid'])
+ kw.update(dict(ipasecondarybaserid=value))
+
+ # Symetrically, prompt for RID base if secondary RID base was given
+ if not rid_base_set and secondary_rid_base_set:
+ value = self.prompt_param(self.params['ipabaserid'])
+ kw.update(dict(ipabaserid=value))
+
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
@@ -414,9 +449,9 @@ class idrange_add(LDAPCreate):
entry_attrs['ipabaserid'],
entry_attrs['ipasecondarybaserid'],
entry_attrs['ipaidrangesize']):
- raise errors.ValidationError(name='ID Range setup',
- error=_("Primary RID range and secondary RID range"
- " cannot overlap"))
+ raise errors.ValidationError(name='ID Range setup',
+ error=_("Primary RID range and secondary RID range"
+ " cannot overlap"))
entry_attrs['objectclass'].append('ipadomainidrange')
commit 47d868bd7559e23ce2b844d9bd1d9dde20b85452
Author: Tomas Babej <tbabej at redhat.com>
Date: Thu May 9 15:36:41 2013 +0200
Add prompt_param method to avoid code duplication
Extracted common code from ipalib/plugins/cli.py and
ipalib/plugins/dns.py that provided way to prompt user
for the value of specific attribute.
Added prompt_param method to Command class in ipalib/frontend.py
Done as part of https://fedorahosted.org/freeipa/ticket/3602
diff --git a/ipalib/cli.py b/ipalib/cli.py
index c4b4492..5f02e92 100644
--- a/ipalib/cli.py
+++ b/ipalib/cli.py
@@ -1178,11 +1178,13 @@ class cli(backend.Executioner):
``self.env.prompt_all`` is ``True``, this method will prompt for any
params that have a missing values, even if the param is optional.
"""
+
honor_alwaysask = True
for param in cmd.params():
if param.alwaysask and param.name in kw:
honor_alwaysask = False
break
+
for param in cmd.params():
if (param.required and param.name not in kw) or \
(param.alwaysask and honor_alwaysask) or self.env.prompt_all:
@@ -1196,19 +1198,16 @@ class cli(backend.Executioner):
)
else:
default = cmd.get_default_of(param.name, **kw)
- error = None
- while True:
- if error is not None:
- self.Backend.textui.print_prompt_attribute_error(unicode(param.label),
- unicode(error))
- raw = self.Backend.textui.prompt(param.label, default, optional=param.alwaysask or not param.required)
- try:
- value = param(raw, **kw)
- if value is not None:
- kw[param.name] = value
- break
- except (ValidationError, ConversionError), e:
- error = e.error
+ optional = param.alwaysask or not param.required
+
+ value = cmd.prompt_param(param,
+ default=default,
+ optional=optional,
+ kw=kw)
+
+ if value is not None:
+ kw[param.name] = value
+
elif param.password and kw.get(param.name, False) is True:
kw[param.name] = self.Backend.textui.prompt_password(
param.label, param.confirm
diff --git a/ipalib/frontend.py b/ipalib/frontend.py
index 0331dc5..427f682 100644
--- a/ipalib/frontend.py
+++ b/ipalib/frontend.py
@@ -22,19 +22,18 @@ Base classes for all front-end plugins.
"""
import re
-import inspect
from distutils import version
from ipapython.version import API_VERSION
from ipapython.ipa_log_manager import root_logger
-from base import lock, check_name, NameSpace
+from base import NameSpace
from plugable import Plugin, is_production_mode
-from parameters import create_param, parse_param_spec, Param, Str, Flag, Password
+from parameters import create_param, Param, Str, Flag, Password
from output import Output, Entry, ListOfEntries
-from text import _, ngettext
+from text import _
from errors import (ZeroArgumentError, MaxArgumentError, OverlapError,
- RequiresRoot, VersionError, RequirementError, OptionError, InvocationError)
-from constants import TYPE_ERROR
+ VersionError, OptionError, InvocationError,
+ ValidationError, ConversionError)
from ipalib import messages
@@ -560,6 +559,32 @@ class Command(HasParam):
if name in params:
yield(name, params[name])
+ def prompt_param(self, param, default=None, optional=False, kw=dict(),
+ label=None):
+ """
+ Prompts the user for the value of given parameter.
+
+ Returns the parameter instance.
+ """
+
+ if label is None:
+ label = param.label
+
+ while True:
+ raw = self.Backend.textui.prompt(label, default, optional=optional)
+
+ # Backend.textui.prompt does not fill in the default value,
+ # we have to do it ourselves
+ if not raw.strip():
+ raw = default
+
+ try:
+ return param(raw, **kw)
+ except (ValidationError, ConversionError), e:
+ # Display error and prompt again
+ self.Backend.textui.print_prompt_attribute_error(unicode(label),
+ unicode(e.error))
+
def normalize(self, **kw):
"""
Return a dictionary of normalized values.
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index fbc4452..621d60e 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -759,26 +759,16 @@ class DNSRecord(Str):
return tuple(self._convert_dnsrecord_extra(extra) for extra in self.extra)
- def __get_part_param(self, backend, part, output_kw, default=None):
+ def __get_part_param(self, cmd, part, output_kw, default=None):
name = self.part_name_format % (self.rrtype.lower(), part.name)
label = self.part_label_format % (self.rrtype, unicode(part.label))
optional = not part.required
- while True:
- try:
- raw = backend.textui.prompt(label,
- optional=optional,
- default=default)
- if not raw.strip():
- raw = default
-
- output_kw[name] = part(raw)
- break
- except (errors.ValidationError, errors.ConversionError), e:
- backend.textui.print_prompt_attribute_error(
- unicode(label), unicode(e.error))
-
- def prompt_parts(self, backend, mod_dnsvalue=None):
+ output_kw[name] = cmd.prompt_param(part,
+ optional=optional,
+ label=label)
+
+ def prompt_parts(self, cmd, mod_dnsvalue=None):
mod_parts = None
if mod_dnsvalue is not None:
mod_parts = self._get_part_values(mod_dnsvalue)
@@ -793,18 +783,17 @@ class DNSRecord(Str):
else:
default = None
- self.__get_part_param(backend, part, user_options, default)
+ self.__get_part_param(cmd, part, user_options, default)
return user_options
- def prompt_missing_parts(self, backend, kw, prompt_optional=False):
+ def prompt_missing_parts(self, cmd, kw, prompt_optional=False):
user_options = {}
if self.parts is None:
return user_options
for part in self.parts:
name = self.part_name_format % (self.rrtype.lower(), part.name)
- label = self.part_label_format % (self.rrtype, unicode(part.label))
if name in kw:
continue
@@ -814,7 +803,7 @@ class DNSRecord(Str):
continue
default = part.get_default(**kw)
- self.__get_part_param(backend, part, user_options, default)
+ self.__get_part_param(cmd, part, user_options, default)
return user_options
@@ -2395,7 +2384,7 @@ class dnsrecord_add(LDAPCreate):
# it can be used to fill all required params by itself
new_kw = {}
for rrparam in self.obj.iterate_rrparams_by_parts(kw, skip_extra=True):
- user_options = rrparam.prompt_missing_parts(self.Backend, kw,
+ user_options = rrparam.prompt_missing_parts(self, kw,
prompt_optional=False)
new_kw.update(user_options)
kw.update(new_kw)
@@ -2437,7 +2426,7 @@ class dnsrecord_add(LDAPCreate):
continue
ok = True
- user_options = param.prompt_parts(self.Backend)
+ user_options = param.prompt_parts(self)
kw.update(user_options)
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
@@ -2698,7 +2687,7 @@ class dnsrecord_mod(LDAPUpdate):
mod_value = self.Backend.textui.prompt_yesno(
_("Modify %(name)s '%(value)s'?") % dict(name=param.label, value=rec_value), default=False)
if mod_value is True:
- user_options = param.prompt_parts(self.Backend, mod_dnsvalue=rec_value)
+ user_options = param.prompt_parts(self, mod_dnsvalue=rec_value)
kw[param.name] = [rec_value]
kw.update(user_options)
commit 6b2c9f05a0e6980606699f45a23635771322a6a1
Author: Tomas Babej <tbabej at redhat.com>
Date: Thu May 9 14:50:52 2013 +0200
Remove redundant check for env.interactive
Fixed as part of
https://fedorahosted.org/freeipa/ticket/3602
diff --git a/ipalib/cli.py b/ipalib/cli.py
index 84dea2e..c4b4492 100644
--- a/ipalib/cli.py
+++ b/ipalib/cli.py
@@ -1043,7 +1043,6 @@ class cli(backend.Executioner):
"""Get the keyword arguments for a Command"""
if self.env.interactive:
self.prompt_interactively(cmd, kw)
- if self.env.interactive:
try:
callbacks = cmd.get_callbacks('interactive_prompt')
except AttributeError:
commit 4ec1de1a65f1fabe7f5b26b4c4487deec5cea0cf
Author: Tomas Babej <tbabej at redhat.com>
Date: Mon Jun 3 12:06:06 2013 +0200
Use private ccache in ipa install tools
All installers that handle Kerberos auth, have been altered to use
private ccache, that is ipa-server-install, ipa-dns-install,
ipa-replica-install, ipa-ca-install.
https://fedorahosted.org/freeipa/ticket/3666
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 2046b5f..475fe2b 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -28,9 +28,9 @@ from ipapython import services as ipaservices
from ipaserver.install import installutils, service
from ipaserver.install import certs
-from ipaserver.install.installutils import HostnameLocalhost
-from ipaserver.install.installutils import ReplicaConfig, expand_replica_info, read_replica_info
-from ipaserver.install.installutils import get_host_name, BadHostError
+from ipaserver.install.installutils import (HostnameLocalhost, ReplicaConfig,
+ expand_replica_info, read_replica_info, get_host_name, BadHostError,
+ private_ccache)
from ipaserver.install import dsinstance, cainstance, bindinstance
from ipaserver.install.replication import replica_conn_check
from ipapython import version
@@ -216,9 +216,10 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up.
if __name__ == '__main__':
try:
- installutils.run_script(main, log_file_name=log_file_name,
- operation_name='ipa-ca-install',
- fail_message=fail_message)
+ with private_ccache():
+ installutils.run_script(main, log_file_name=log_file_name,
+ operation_name='ipa-ca-install',
+ fail_message=fail_message)
finally:
# always try to remove decrypted replica file
try:
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index e12a046..47bc31b 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -258,5 +258,6 @@ def main():
return 0
if __name__ == '__main__':
- installutils.run_script(main, log_file_name=log_file_name,
- operation_name='ipa-dns-install')
+ with private_ccache():
+ installutils.run_script(main, log_file_name=log_file_name,
+ operation_name='ipa-dns-install')
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 2c28f37..2722202 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -36,9 +36,9 @@ from ipaserver.install import dsinstance, installutils, krbinstance, service
from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
from ipaserver.install import memcacheinstance
from ipaserver.install.replication import replica_conn_check, ReplicationManager
-from ipaserver.install.installutils import HostnameLocalhost, resolve_host
-from ipaserver.install.installutils import ReplicaConfig, expand_replica_info, read_replica_info
-from ipaserver.install.installutils import get_host_name, BadHostError
+from ipaserver.install.installutils import (HostnameLocalhost, resolve_host,
+ ReplicaConfig, expand_replica_info, read_replica_info ,get_host_name,
+ BadHostError, private_ccache)
from ipaserver.plugins.ldap2 import ldap2
from ipaserver.install import cainstance
from ipalib import api, errors, util
@@ -731,9 +731,10 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up.
if __name__ == '__main__':
try:
- installutils.run_script(main, log_file_name=log_file_name,
- operation_name='ipa-replica-install',
- fail_message=fail_message)
+ with private_ccache():
+ installutils.run_script(main, log_file_name=log_file_name,
+ operation_name='ipa-replica-install',
+ fail_message=fail_message)
finally:
# always try to remove decrypted replica file
try:
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 992da90..4a2ac17 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -1226,6 +1226,7 @@ def main():
if __name__ == '__main__':
success = False
+
try:
# FIXME: Common option parsing, logging setup, etc should be factored
# out from all install scripts
@@ -1235,8 +1236,10 @@ if __name__ == '__main__':
else:
log_file_name = "/var/log/ipaserver-install.log"
- installutils.run_script(main, log_file_name=log_file_name,
- operation_name='ipa-server-install')
+ # Use private ccache
+ with private_ccache():
+ installutils.run_script(main, log_file_name=log_file_name,
+ operation_name='ipa-server-install')
success = True
finally:
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index bc28dec..919089a 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -28,6 +28,7 @@ import shutil
from ConfigParser import SafeConfigParser, NoOptionError
import traceback
import textwrap
+from contextlib import contextmanager
from dns import resolver, rdatatype
from dns.exception import DNSException
@@ -755,3 +756,24 @@ def check_pkcs12(pkcs12_info, ca_file, hostname):
(pkcs12_filename, e))
return server_cert_name
+
+
+ at contextmanager
+def private_ccache():
+
+ (desc, path) = tempfile.mkstemp(prefix='krbcc')
+ os.close(desc)
+
+ original_value = os.environ.get('KRB5CCNAME', None)
+
+ os.environ['KRB5CCNAME'] = path
+
+ yield
+
+ if original_value is not None:
+ os.environ['KRB5CCNAME'] = original_value
+ else:
+ os.environ.pop('KRB5CCNAME')
+
+ if os.path.exists(path):
+ os.remove(path)
commit cce255848e2499c1a8b2a71420c626e1f8b987dd
Author: Petr Vobornik <pvoborni at redhat.com>
Date: Wed May 29 13:06:11 2013 +0200
Make ssbrowser.html work in IE 10
Manual configuration page for other browsers (ssbrowser.html) doesn't work in IE 10 - error page is displayed.
This patch is conditioning creation of Firefox configuration object so that configure.jar is requested only in Firefox. IE doesn't request it and so it does not fail.
https://fedorahosted.org/freeipa/ticket/3645
diff --git a/install/html/ssbrowser.html b/install/html/ssbrowser.html
index 2afb0fa..72fd573 100644
--- a/install/html/ssbrowser.html
+++ b/install/html/ssbrowser.html
@@ -16,7 +16,14 @@
$('.example-domain').text(domain);
if ($.browser.mozilla) {
- $("#configurefirefox").show();
+ var ff_config = $("#configurefirefox");
+ var obj = $('<object/>', {
+ type: 'text/html',
+ 'class': 'browser-config'
+ });
+ obj.prop('data', 'jar:/ipa/errors/configure.jar!/preferences.html');
+ obj.appendTo(ff_config);
+ ff_config.show();
}
});
</script>
@@ -72,8 +79,7 @@
<ul>
<li>1. Import <a href="ca.crt">CA certificate</a>. Make sure you checked all three checkboxes.</li>
<li>2. Click on "Configure Browser" button below.</li>
- <li id="configurefirefox" style="display:none"><object data="jar:/ipa/errors/configure.jar!/preferences.html"
More information about the Pkg-freeipa-devel
mailing list