[Pkg-freeipa-devel] freeipa: Changes to 'upstream-unstable'

Timo Aaltonen tjaalton-guest at alioth.debian.org
Mon Jun 17 19:23:07 UTC 2013


 Makefile                                                      |    2 
 VERSION                                                       |    2 
 daemons/Makefile.am                                           |    1 
 daemons/configure.ac                                          |  136 
 daemons/ipa-kdb/ipa_kdb.c                                     |   38 
 daemons/ipa-kdb/ipa_kdb.h                                     |   13 
 daemons/ipa-kdb/ipa_kdb_principals.c                          |   28 
 daemons/ipa-otpd/Makefile.am                                  |   21 
 daemons/ipa-otpd/bind.c                                       |  144 
 daemons/ipa-otpd/forward.c                                    |  124 
 daemons/ipa-otpd/internal.h                                   |  153 
 daemons/ipa-otpd/ipa-otpd.socket.in                           |   11 
 daemons/ipa-otpd/ipa-otpd at .service.in                         |    9 
 daemons/ipa-otpd/main.c                                       |  340 ++
 daemons/ipa-otpd/parse.c                                      |  176 +
 daemons/ipa-otpd/query.c                                      |  253 +
 daemons/ipa-otpd/queue.c                                      |  183 +
 daemons/ipa-otpd/stdio.c                                      |  205 +
 daemons/ipa-otpd/test.py                                      |   61 
 daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_netlogon.c      |   67 
 daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_worker.c        |   30 
 daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_extop.c |    2 
 daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am           |   48 
 daemons/ipa-slapi-plugins/ipa-pwd-extop/auth.c                |  398 ++
 daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c              | 1237 +++++++
 daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c            |  291 +
 daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c       |  109 
 daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h              |   42 
 daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c       | 1107 ------
 daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c     |  291 -
 daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c      | 1349 --------
 daemons/ipa-slapi-plugins/ipa-pwd-extop/otp.c                 |  180 +
 daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c             | 1642 ++++++++++
 daemons/ipa-slapi-plugins/ipa-pwd-extop/t_hotp.c              |   82 
 daemons/ipa-slapi-plugins/ipa-pwd-extop/t_totp.c              |  103 
 daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen_common.c      |    2 
 freeipa.spec.in                                               |    9 
 init/systemd/freeipa-systemd-upgrade                          |    1 
 install/html/ssbrowser.html                                   |   12 
 install/share/60basev3.ldif                                   |    2 
 install/share/70ipaotp.ldif                                   |   28 
 install/share/Makefile.am                                     |    1 
 install/share/copy-schema-to-ca.py                            |    1 
 install/share/default-aci.ldif                                |   10 
 install/tools/ipa-ca-install                                  |   13 
 install/tools/ipa-dns-install                                 |    5 
 install/tools/ipa-replica-install                             |   19 
 install/tools/ipa-server-install                              |   19 
 install/tools/ipa-upgradeconfig                               |   30 
 install/ui/src/freeipa/_base/metadata_provider.js             |   62 
 install/ui/src/freeipa/aci.js                                 |    2 
 install/ui/src/freeipa/association.js                         |  144 
 install/ui/src/freeipa/automember.js                          |    2 
 install/ui/src/freeipa/certificate.js                         |    2 
 install/ui/src/freeipa/details.js                             |   27 
 install/ui/src/freeipa/dns.js                                 |   58 
 install/ui/src/freeipa/entity.js                              |   25 
 install/ui/src/freeipa/facet.js                               |  164 
 install/ui/src/freeipa/field.js                               |    2 
 install/ui/src/freeipa/hbactest.js                            |    2 
 install/ui/src/freeipa/ipa.js                                 |    2 
 install/ui/src/freeipa/metadata.js                            |   65 
 install/ui/src/freeipa/search.js                              |   87 
 install/ui/src/freeipa/sudo.js                                |   14 
 install/ui/src/freeipa/text.js                                |    2 
 install/ui/src/freeipa/widget.js                              |    4 
 install/ui/test/aci_tests.js                                  |    2 
 install/ui/test/data/ipa_init.json                            |   12 
 install/ui/test/data/ipa_init_commands.json                   |   11 
 install/ui/test/details_tests.js                              |   10 
 install/ui/test/entity_tests.js                               |    8 
 install/updates/10-60basev3.update                            |    4 
 install/updates/10-70ipaotp.update                            |   25 
 install/updates/40-otp.update                                 |    9 
 install/updates/50-7_bit_check.update                         |    6 
 install/updates/Makefile.am                                   |    5 
 ipa-client/ipa-install/ipa-client-install                     |   11 
 ipalib/cli.py                                                 |   26 
 ipalib/constants.py                                           |    1 
 ipalib/frontend.py                                            |   37 
 ipalib/plugable.py                                            |   10 
 ipalib/plugins/dns.py                                         |   56 
 ipalib/plugins/hbactest.py                                    |    4 
 ipalib/plugins/idrange.py                                     |   60 
 ipalib/plugins/internal.py                                    |   12 
 ipalib/plugins/ping.py                                        |    2 
 ipalib/rpc.py                                                 |    2 
 ipapython/platform/fedora16/service.py                        |    1 
 ipapython/version.py.in                                       |   17 
 ipaserver/install/adtrustinstance.py                          |   50 
 ipaserver/install/dsinstance.py                               |   21 
 ipaserver/install/installutils.py                             |   22 
 ipaserver/install/krbinstance.py                              |    1 
 ipaserver/install/otpdinstance.py                             |   25 
 ipaserver/install/plugins/update_anonymous_aci.py             |   25 
 ipaserver/install/service.py                                  |   17 
 tests/test_cmdline/test_cli.py                                |   67 
 tests/test_xmlrpc/test_range_plugin.py                        |  144 
 98 files changed, 7042 insertions(+), 3355 deletions(-)

New commits:
commit 3def81da5b892f39292d20909a4a3255375ff784
Author: Martin Kosek <mkosek at redhat.com>
Date:   Fri Jun 7 09:52:36 2013 +0200

    Become 3.2.1

diff --git a/VERSION b/VERSION
index 08c2bf1..60b1d5f 100644
--- a/VERSION
+++ b/VERSION
@@ -20,7 +20,7 @@
 ########################################################
 IPA_VERSION_MAJOR=3
 IPA_VERSION_MINOR=2
-IPA_VERSION_RELEASE=0
+IPA_VERSION_RELEASE=1
 
 ########################################################
 # For 'pre' releases the version will be               #

commit dfcb07a8b3027820d4d8810e0b650059789e9adf
Author: Ana Krivokapic <akrivoka at redhat.com>
Date:   Thu Jun 6 12:52:08 2013 +0200

    Prevent error when running IPA commands with su/sudo
    
    https://fedorahosted.org/freeipa/ticket/3685

diff --git a/ipalib/plugable.py b/ipalib/plugable.py
index fe09d3a..aaa0dea 100644
--- a/ipalib/plugable.py
+++ b/ipalib/plugable.py
@@ -490,6 +490,11 @@ class API(DictProxy):
                                           stream=sys.stderr,
                                           level=level,
                                           format=LOGGING_FORMAT_STDERR)])
+
+        if not parser:
+            parser = self.build_global_parser()
+        object.__setattr__(self, 'parser', parser)
+
         # Add file handler:
         if self.env.mode in ('dummy', 'unit_test'):
             return  # But not if in unit-test mode
@@ -503,7 +508,6 @@ class API(DictProxy):
                 log.error('Could not create log_dir %r', log_dir)
                 return
 
-
         level = 'info'
         if self.env.debug:
             level = 'debug'
@@ -516,10 +520,6 @@ class API(DictProxy):
             log.error('Cannot open log file %r: %s', self.env.log, e)
             return
 
-        if not parser:
-            parser = self.build_global_parser()
-        object.__setattr__(self, 'parser', parser)
-
     def build_global_parser(self, parser=None, context=None):
         """
         Add global options to an optparse.OptionParser instance.

commit 08a487f3e4d258f84dd20330e0a45c9b5f4094f0
Author: Tomas Babej <tbabej at redhat.com>
Date:   Wed Jun 5 15:48:35 2013 +0200

    Manage ipa-otpd.socket by IPA
    
    Adds a new simple service called OtpdInstance, that manages
    ipa-otpd.socket service. Added to server/replica installer
    and ipa-upgradeconfig script.
    
    https://fedorahosted.org/freeipa/ticket/3680

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 2722202..e93e30b 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -35,6 +35,7 @@ from ipapython import ipautil
 from ipaserver.install import dsinstance, installutils, krbinstance, service
 from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
 from ipaserver.install import memcacheinstance
+from ipaserver.install import otpdinstance
 from ipaserver.install.replication import replica_conn_check, ReplicationManager
 from ipaserver.install.installutils import (HostnameLocalhost, resolve_host,
         ReplicaConfig, expand_replica_info, read_replica_info ,get_host_name,
@@ -672,6 +673,11 @@ def main():
 
     krb = install_krb(config, setup_pkinit=options.setup_pkinit)
     http = install_http(config, auto_redirect=options.ui_redirect)
+
+    otpd = otpdinstance.OtpdInstance()
+    otpd.create_instance('OTPD', config.host_name, config.dirman_password,
+                         ipautil.realm_to_suffix(config.realm_name))
+
     if CA:
         CA.configure_certmonger_renewal()
         CA.import_ra_cert(dir + "/ra.p12")
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 4a2ac17..853b4a8 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -49,6 +49,7 @@ from ipaserver.install import ntpinstance
 from ipaserver.install import certs
 from ipaserver.install import cainstance
 from ipaserver.install import memcacheinstance
+from ipaserver.install import otpdinstance
 from ipaserver.install import sysupgrade
 
 from ipaserver.install import service, installutils
@@ -513,6 +514,7 @@ def uninstall():
     krbinstance.KrbInstance(fstore).uninstall()
     dsinstance.DsInstance(fstore=fstore).uninstall()
     memcacheinstance.MemcacheInstance().uninstall()
+    otpdinstance.OtpdInstance().uninstall()
     ipaservices.restore_network_configuration(fstore, sstore)
     fstore.restore_all_files()
     try:
@@ -1108,11 +1110,15 @@ def main():
     # generated
     ds.add_cert_to_service()
 
-    # Create a HTTP instance
-
     memcache = memcacheinstance.MemcacheInstance()
-    memcache.create_instance('MEMCACHE', host_name, dm_password, ipautil.realm_to_suffix(realm_name))
+    memcache.create_instance('MEMCACHE', host_name, dm_password,
+                             ipautil.realm_to_suffix(realm_name))
 
+    otpd = otpdinstance.OtpdInstance()
+    otpd.create_instance('OTPD', host_name, dm_password,
+                         ipautil.realm_to_suffix(realm_name))
+
+    # Create a HTTP instance
     http = httpinstance.HTTPInstance(fstore)
     if options.http_pkcs12:
         http.create_instance(
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 8e9357f..4e92169 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -48,6 +48,7 @@ from ipaserver.install import bindinstance
 from ipaserver.install import service
 from ipaserver.install import cainstance
 from ipaserver.install import certs
+from ipaserver.install import otpdinstance
 from ipaserver.install import sysupgrade
 
 
@@ -925,17 +926,23 @@ def main():
 
     uninstall_selfsign(ds, http)
 
-    memcache = memcacheinstance.MemcacheInstance()
-    memcache.ldapi = True
-    memcache.realm = api.env.realm
-    try:
-        if not memcache.is_configured():
-            # 389-ds needs to be running to create the memcache instance
-            # because we record the new service in cn=masters.
-            ds.start()
-            memcache.create_instance('MEMCACHE', fqdn, None, ipautil.realm_to_suffix(api.env.realm))
-    except ipalib.errors.DuplicateEntry:
-        pass
+    simple_service_list = (
+        (memcacheinstance.MemcacheInstance(), 'MEMCACHE'),
+        (otpdinstance.OtpdInstance(), 'OTPD'),
+    )
+
+    for service, ldap_name in simple_service_list:
+        service.ldapi = True
+        try:
+            if not service.is_configured():
+                # 389-ds needs to be running to create the memcache instance
+                # because we record the new service in cn=masters.
+                ds.start()
+                service.create_instance(ldap_name, fqdn, None,
+                                        ipautil.realm_to_suffix(api.env.realm),
+                                        realm=api.env.realm)
+        except ipalib.errors.DuplicateEntry:
+            pass
 
     cleanup_kdc(fstore)
     setup_firefox_extension(fstore)
diff --git a/ipapython/platform/fedora16/service.py b/ipapython/platform/fedora16/service.py
index dac8c00..d45f629 100644
--- a/ipapython/platform/fedora16/service.py
+++ b/ipapython/platform/fedora16/service.py
@@ -53,6 +53,7 @@ system_units['pki_cad'] = system_units['pki-cad']
 # Our PKI instance is pki-tomcatd at pki-tomcat.service
 system_units['pki-tomcatd'] = 'pki-tomcatd at pki-tomcat.service'
 system_units['pki_tomcatd'] = system_units['pki-tomcatd']
+system_units['ipa-otpd'] = 'ipa-otpd.socket'
 
 class Fedora16Service(systemd.SystemdService):
     def __init__(self, service_name):
diff --git a/ipaserver/install/otpdinstance.py b/ipaserver/install/otpdinstance.py
new file mode 100644
index 0000000..2eed3f8
--- /dev/null
+++ b/ipaserver/install/otpdinstance.py
@@ -0,0 +1,25 @@
+# Authors: Tomas Babej <tbabej at redhat.com>
+#
+# Copyright (C) 2013  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import service
+
+
+class OtpdInstance(service.SimpleServiceInstance):
+    def __init__(self):
+        service.SimpleServiceInstance.__init__(self, "ipa-otpd")
\ No newline at end of file
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 8f4a7db..f3cd189 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -40,14 +40,15 @@ DISABLED = 3
 # The service name as stored in cn=masters,cn=ipa,cn=etc. In the tuple
 # the first value is the *nix service name, the second the start order.
 SERVICE_LIST = {
-    'KDC':('krb5kdc', 10),
-    'KPASSWD':('kadmin', 20),
-    'DNS':('named', 30),
-    'MEMCACHE':('ipa_memcached', 39),
-    'HTTP':('httpd', 40),
-    'CA':('%sd' % dogtag.configured_constants().PKI_INSTANCE_NAME, 50),
-    'ADTRUST':('smb', 60),
-    'EXTID':('winbind', 70)
+    'KDC': ('krb5kdc', 10),
+    'KPASSWD': ('kadmin', 20),
+    'DNS': ('named', 30),
+    'MEMCACHE': ('ipa_memcached', 39),
+    'HTTP': ('httpd', 40),
+    'CA': ('%sd' % dogtag.configured_constants().PKI_INSTANCE_NAME, 50),
+    'ADTRUST': ('smb', 60),
+    'EXTID': ('winbind', 70),
+    'OTPD': ('ipa-otpd', 80),
 }
 
 def print_msg(message, output_fd=sys.stdout):

commit b1cb3ade03346113ab6ce6862dbd2a60070e59ca
Author: Tomas Babej <tbabej at redhat.com>
Date:   Mon Jun 3 09:56:08 2013 +0200

    Do not check userPassword with 7-bit plugin
    
    Default list of attributes that are checked with 7-bit plugin
    for being 7-bit clean includes userPassword. Consecutively, one
    is unable to set passwords that contain non-ascii characters.
    
    https://fedorahosted.org/freeipa/ticket/3640

diff --git a/install/updates/50-7_bit_check.update b/install/updates/50-7_bit_check.update
new file mode 100644
index 0000000..b9ea8a9
--- /dev/null
+++ b/install/updates/50-7_bit_check.update
@@ -0,0 +1,6 @@
+# Remove userPassword from the list of attributes checked by 7-bit plugin
+# Replace argument value 'userPassword' with 'mail' to avoid the need to
+# shift the whole argument array. Attribute 'mail' is already listed
+# in pluginarg1, so it is conveniently used as valid value placeholder.
+dn: cn=7-bit check,cn=plugins,cn=config
+replace:nsslapd-pluginarg2:userpassword::mail
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index 787a51c..5336f62 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -35,6 +35,7 @@ app_DATA =				\
 	40-automember.update		\
 	40-otp.update			\
 	45-roles.update			\
+	50-7_bit_check.update	        \
 	50-lockout-policy.update	\
 	50-groupuuid.update		\
 	50-hbacservice.update		\

commit efed0643c90f0cc31540351744dd431e6a122a17
Author: Martin Kosek <mkosek at redhat.com>
Date:   Thu Jun 6 08:34:13 2013 +0200

    Remove redundant u'' character
    
    One Python's unicode marking character was being printed by RPC plugin
    which then appeared in ipa-client-install output. This patch removes
    it.

diff --git a/ipalib/plugins/ping.py b/ipalib/plugins/ping.py
index e9dc28f..0743758 100644
--- a/ipalib/plugins/ping.py
+++ b/ipalib/plugins/ping.py
@@ -45,7 +45,7 @@ EXAMPLES:
  Ping an IPA server verbosely:
    ipa -v ping
    ipa: INFO: trying https://ipa.example.com/ipa/xml
-   ipa: INFO: Forwarding 'ping' to server u'https://ipa.example.com/ipa/xml'
+   ipa: INFO: Forwarding 'ping' to server 'https://ipa.example.com/ipa/xml'
    -----------------------------------------------------
    IPA server version 2.1.9. API version 2.20
    -----------------------------------------------------
diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index 077d99e..36daa83 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -697,7 +697,7 @@ class xmlclient(Connectible):
                 '%s.forward(): %r not in api.Command' % (self.name, name)
             )
         server = getattr(context, 'request_url', None)
-        self.info('Forwarding %r to server %r', name, server)
+        self.info("Forwarding '%s' to server '%s'", name, server)
         command = getattr(self.conn, name)
         params = [args, kw]
         try:

commit 6f41dd8e991e7601a1dd5692807245ac42b960c6
Author: Petr Vobornik <pvoborni at redhat.com>
Date:   Mon Jun 3 15:14:20 2013 +0200

    Fix regression: missing facet tab group labels
    
    Currently there is only empty space between facet tabs and facet title.
    
    It's a regression caused by recent refactoring.
    
    https://fedorahosted.org/freeipa/ticket/3688

diff --git a/install/ui/src/freeipa/entity.js b/install/ui/src/freeipa/entity.js
index 1896f90..22efd47 100644
--- a/install/ui/src/freeipa/entity.js
+++ b/install/ui/src/freeipa/entity.js
@@ -240,18 +240,23 @@ exp.entity_builder =IPA.entity_builder = function(entity) {
     ];
 
     that.facet_group = function(spec) {
-        spec.entity = entity;
-        if (spec instanceof Object) {
-            var factory = spec.$factory || IPA.facet_group;
-            facet_group = factory(spec);
-        } else {
-            facet_group = IPA.facet_group({ name: spec });
-        }
 
-        if (facet_group.label == undefined) {
-            facet_group.label = text.get('@i18n:facet_groups.'+facet_group.name);
+        if (typeof spec === 'string') {
+            spec = { name: spec };
         }
 
+        var preop = function(spec) {
+
+            spec.entity = entity;
+            spec.label = spec.label || '@i18n:facet_groups.'+spec.name;
+            return spec;
+        };
+
+        var facet_group = builder.build('', spec, {}, {
+            $factory: IPA.facet_group,
+            $pre_ops: [preop]
+        });
+
         entity.add_facet_group(facet_group);
 
         return that;
diff --git a/install/ui/src/freeipa/facet.js b/install/ui/src/freeipa/facet.js
index 80e8671..ad53b80 100644
--- a/install/ui/src/freeipa/facet.js
+++ b/install/ui/src/freeipa/facet.js
@@ -909,7 +909,7 @@ exp.facet_header = IPA.facet_header = function(spec) {
         if (!data) return;
         var result = data.result.result;
         if (!that.facet.disable_facet_tabs) {
-            var pkey = that.facet.pkey;
+            var pkey = that.facet.get_pkey();
 
             var facet_groups = that.facet.entity.facet_groups.values;
             for (var i=0; i<facet_groups.length; i++) {

commit e3ef78c67e276157777c96f8f63c84806f5ca9e4
Author: Tomas Babej <tbabej at redhat.com>
Date:   Thu May 9 14:47:29 2013 +0200

    Incorporate interactive prompts in idrange-add
    
    In idrange-add command, ensure that RID base is prompted for
    in the interactive mode if domain SID or domain name was
    specified.
    
    If domain name nor SID was specified, make sure rid base is
    prompted for if secondary rid base was specified and vice versa.
    
    https://fedorahosted.org/freeipa/ticket/3602

diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index d548794..2a5415d 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -361,6 +361,41 @@ class idrange_add(LDAPCreate):
 
     msg_summary = _('Added ID range "%(value)s"')
 
+    def interactive_prompt_callback(self, kw):
+        """
+        Ensure that rid-base is prompted for when dom-sid is specified.
+
+        Also ensure that secondary-rid-base is prompted for when rid-base is
+        specified and vice versa, in case that dom-sid was not specified.
+        """
+
+        # dom-sid can be specified using dom-sid or dom-name options
+
+        # it can be also set using --setattr or --addattr, in these cases
+        # we will not prompt, but raise an ValidationError later
+
+        dom_sid_set = any(dom_id in kw for dom_id in
+                          ('ipanttrusteddomainname', 'ipanttrusteddomainsid'))
+
+        rid_base_set = 'ipabaserid' in kw
+        secondary_rid_base_set = 'ipasecondarybaserid' in kw
+
+        # Prompt for RID base if domain SID / name was given
+        if dom_sid_set and not rid_base_set:
+            value = self.prompt_param(self.params['ipabaserid'])
+            kw.update(dict(ipabaserid=value))
+
+        if not dom_sid_set:
+            # Prompt for secondary RID base if RID base was given
+            if rid_base_set and not secondary_rid_base_set:
+                value = self.prompt_param(self.params['ipasecondarybaserid'])
+                kw.update(dict(ipasecondarybaserid=value))
+
+            # Symetrically, prompt for RID base if secondary RID base was given
+            if not rid_base_set and secondary_rid_base_set:
+                value = self.prompt_param(self.params['ipabaserid'])
+                kw.update(dict(ipabaserid=value))
+
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
         assert isinstance(dn, DN)
 
@@ -414,9 +449,9 @@ class idrange_add(LDAPCreate):
                     entry_attrs['ipabaserid'],
                     entry_attrs['ipasecondarybaserid'],
                     entry_attrs['ipaidrangesize']):
-                       raise errors.ValidationError(name='ID Range setup',
-                           error=_("Primary RID range and secondary RID range"
-                               " cannot overlap"))
+                        raise errors.ValidationError(name='ID Range setup',
+                            error=_("Primary RID range and secondary RID range"
+                                    " cannot overlap"))
 
             entry_attrs['objectclass'].append('ipadomainidrange')
 

commit 47d868bd7559e23ce2b844d9bd1d9dde20b85452
Author: Tomas Babej <tbabej at redhat.com>
Date:   Thu May 9 15:36:41 2013 +0200

    Add prompt_param method to avoid code duplication
    
    Extracted common code from ipalib/plugins/cli.py and
    ipalib/plugins/dns.py that provided way to prompt user
    for the value of specific attribute.
    
    Added prompt_param method to Command class in ipalib/frontend.py
    
    Done as part of https://fedorahosted.org/freeipa/ticket/3602

diff --git a/ipalib/cli.py b/ipalib/cli.py
index c4b4492..5f02e92 100644
--- a/ipalib/cli.py
+++ b/ipalib/cli.py
@@ -1178,11 +1178,13 @@ class cli(backend.Executioner):
         ``self.env.prompt_all`` is ``True``, this method will prompt for any
         params that have a missing values, even if the param is optional.
         """
+
         honor_alwaysask = True
         for param in cmd.params():
             if param.alwaysask and param.name in kw:
                 honor_alwaysask = False
                 break
+
         for param in cmd.params():
             if (param.required and param.name not in kw) or \
                 (param.alwaysask and honor_alwaysask) or self.env.prompt_all:
@@ -1196,19 +1198,16 @@ class cli(backend.Executioner):
                     )
                 else:
                     default = cmd.get_default_of(param.name, **kw)
-                    error = None
-                    while True:
-                        if error is not None:
-                            self.Backend.textui.print_prompt_attribute_error(unicode(param.label),
-                                                                             unicode(error))
-                        raw = self.Backend.textui.prompt(param.label, default, optional=param.alwaysask or not param.required)
-                        try:
-                            value = param(raw, **kw)
-                            if value is not None:
-                                kw[param.name] = value
-                            break
-                        except (ValidationError, ConversionError), e:
-                            error = e.error
+                    optional = param.alwaysask or not param.required
+
+                    value = cmd.prompt_param(param,
+                                             default=default,
+                                             optional=optional,
+                                             kw=kw)
+
+                    if value is not None:
+                        kw[param.name] = value
+
             elif param.password and kw.get(param.name, False) is True:
                 kw[param.name] = self.Backend.textui.prompt_password(
                     param.label, param.confirm
diff --git a/ipalib/frontend.py b/ipalib/frontend.py
index 0331dc5..427f682 100644
--- a/ipalib/frontend.py
+++ b/ipalib/frontend.py
@@ -22,19 +22,18 @@ Base classes for all front-end plugins.
 """
 
 import re
-import inspect
 from distutils import version
 
 from ipapython.version import API_VERSION
 from ipapython.ipa_log_manager import root_logger
-from base import lock, check_name, NameSpace
+from base import NameSpace
 from plugable import Plugin, is_production_mode
-from parameters import create_param, parse_param_spec, Param, Str, Flag, Password
+from parameters import create_param, Param, Str, Flag, Password
 from output import Output, Entry, ListOfEntries
-from text import _, ngettext
+from text import _
 from errors import (ZeroArgumentError, MaxArgumentError, OverlapError,
-    RequiresRoot, VersionError, RequirementError, OptionError, InvocationError)
-from constants import TYPE_ERROR
+    VersionError, OptionError, InvocationError,
+    ValidationError, ConversionError)
 from ipalib import messages
 
 
@@ -560,6 +559,32 @@ class Command(HasParam):
             if name in params:
                 yield(name, params[name])
 
+    def prompt_param(self, param, default=None, optional=False, kw=dict(),
+                     label=None):
+        """
+        Prompts the user for the value of given parameter.
+
+        Returns the parameter instance.
+        """
+
+        if label is None:
+            label = param.label
+
+        while True:
+            raw = self.Backend.textui.prompt(label, default, optional=optional)
+
+            # Backend.textui.prompt does not fill in the default value,
+            # we have to do it ourselves
+            if not raw.strip():
+                raw = default
+
+            try:
+                return param(raw, **kw)
+            except (ValidationError, ConversionError), e:
+                # Display error and prompt again
+                self.Backend.textui.print_prompt_attribute_error(unicode(label),
+                                                             unicode(e.error))
+
     def normalize(self, **kw):
         """
         Return a dictionary of normalized values.
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index fbc4452..621d60e 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -759,26 +759,16 @@ class DNSRecord(Str):
 
         return tuple(self._convert_dnsrecord_extra(extra) for extra in self.extra)
 
-    def __get_part_param(self, backend, part, output_kw, default=None):
+    def __get_part_param(self, cmd, part, output_kw, default=None):
         name = self.part_name_format % (self.rrtype.lower(), part.name)
         label = self.part_label_format % (self.rrtype, unicode(part.label))
         optional = not part.required
 
-        while True:
-            try:
-                raw = backend.textui.prompt(label,
-                                            optional=optional,
-                                            default=default)
-                if not raw.strip():
-                    raw = default
-
-                output_kw[name] = part(raw)
-                break
-            except (errors.ValidationError, errors.ConversionError), e:
-                backend.textui.print_prompt_attribute_error(
-                        unicode(label), unicode(e.error))
-
-    def prompt_parts(self, backend, mod_dnsvalue=None):
+        output_kw[name] = cmd.prompt_param(part,
+                                           optional=optional,
+                                           label=label)
+
+    def prompt_parts(self, cmd, mod_dnsvalue=None):
         mod_parts = None
         if mod_dnsvalue is not None:
             mod_parts = self._get_part_values(mod_dnsvalue)
@@ -793,18 +783,17 @@ class DNSRecord(Str):
             else:
                 default = None
 
-            self.__get_part_param(backend, part, user_options, default)
+            self.__get_part_param(cmd, part, user_options, default)
 
         return user_options
 
-    def prompt_missing_parts(self, backend, kw, prompt_optional=False):
+    def prompt_missing_parts(self, cmd, kw, prompt_optional=False):
         user_options = {}
         if self.parts is None:
             return user_options
 
         for part in self.parts:
             name = self.part_name_format % (self.rrtype.lower(), part.name)
-            label = self.part_label_format % (self.rrtype, unicode(part.label))
 
             if name in kw:
                 continue
@@ -814,7 +803,7 @@ class DNSRecord(Str):
                 continue
 
             default = part.get_default(**kw)
-            self.__get_part_param(backend, part, user_options, default)
+            self.__get_part_param(cmd, part, user_options, default)
 
         return user_options
 
@@ -2395,7 +2384,7 @@ class dnsrecord_add(LDAPCreate):
             # it can be used to fill all required params by itself
             new_kw = {}
             for rrparam in self.obj.iterate_rrparams_by_parts(kw, skip_extra=True):
-                user_options = rrparam.prompt_missing_parts(self.Backend, kw,
+                user_options = rrparam.prompt_missing_parts(self, kw,
                                                             prompt_optional=False)
                 new_kw.update(user_options)
             kw.update(new_kw)
@@ -2437,7 +2426,7 @@ class dnsrecord_add(LDAPCreate):
                 continue
             ok = True
 
-        user_options = param.prompt_parts(self.Backend)
+        user_options = param.prompt_parts(self)
         kw.update(user_options)
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
@@ -2698,7 +2687,7 @@ class dnsrecord_mod(LDAPUpdate):
                 mod_value = self.Backend.textui.prompt_yesno(
                         _("Modify %(name)s '%(value)s'?") % dict(name=param.label, value=rec_value), default=False)
                 if mod_value is True:
-                    user_options = param.prompt_parts(self.Backend, mod_dnsvalue=rec_value)
+                    user_options = param.prompt_parts(self, mod_dnsvalue=rec_value)
                     kw[param.name] = [rec_value]
                     kw.update(user_options)
 

commit 6b2c9f05a0e6980606699f45a23635771322a6a1
Author: Tomas Babej <tbabej at redhat.com>
Date:   Thu May 9 14:50:52 2013 +0200

    Remove redundant check for env.interactive
    
    Fixed as part of
    https://fedorahosted.org/freeipa/ticket/3602

diff --git a/ipalib/cli.py b/ipalib/cli.py
index 84dea2e..c4b4492 100644
--- a/ipalib/cli.py
+++ b/ipalib/cli.py
@@ -1043,7 +1043,6 @@ class cli(backend.Executioner):
         """Get the keyword arguments for a Command"""
         if self.env.interactive:
             self.prompt_interactively(cmd, kw)
-        if self.env.interactive:
             try:
                 callbacks = cmd.get_callbacks('interactive_prompt')
             except AttributeError:

commit 4ec1de1a65f1fabe7f5b26b4c4487deec5cea0cf
Author: Tomas Babej <tbabej at redhat.com>
Date:   Mon Jun 3 12:06:06 2013 +0200

    Use private ccache in ipa install tools
    
    All installers that handle Kerberos auth, have been altered to use
    private ccache, that is ipa-server-install, ipa-dns-install,
    ipa-replica-install, ipa-ca-install.
    
    https://fedorahosted.org/freeipa/ticket/3666

diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 2046b5f..475fe2b 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -28,9 +28,9 @@ from ipapython import services as ipaservices
 
 from ipaserver.install import installutils, service
 from ipaserver.install import certs
-from ipaserver.install.installutils import HostnameLocalhost
-from ipaserver.install.installutils import ReplicaConfig, expand_replica_info, read_replica_info
-from ipaserver.install.installutils import get_host_name, BadHostError
+from ipaserver.install.installutils import (HostnameLocalhost, ReplicaConfig,
+        expand_replica_info, read_replica_info, get_host_name, BadHostError,
+        private_ccache)
 from ipaserver.install import dsinstance, cainstance, bindinstance
 from ipaserver.install.replication import replica_conn_check
 from ipapython import version
@@ -216,9 +216,10 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up.
 
 if __name__ == '__main__':
     try:
-        installutils.run_script(main, log_file_name=log_file_name,
-                operation_name='ipa-ca-install',
-                fail_message=fail_message)
+        with private_ccache():
+            installutils.run_script(main, log_file_name=log_file_name,
+                    operation_name='ipa-ca-install',
+                    fail_message=fail_message)
     finally:
         # always try to remove decrypted replica file
         try:
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index e12a046..47bc31b 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -258,5 +258,6 @@ def main():
     return 0
 
 if __name__ == '__main__':
-    installutils.run_script(main, log_file_name=log_file_name,
-        operation_name='ipa-dns-install')
+    with private_ccache():
+        installutils.run_script(main, log_file_name=log_file_name,
+            operation_name='ipa-dns-install')
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 2c28f37..2722202 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -36,9 +36,9 @@ from ipaserver.install import dsinstance, installutils, krbinstance, service
 from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
 from ipaserver.install import memcacheinstance
 from ipaserver.install.replication import replica_conn_check, ReplicationManager
-from ipaserver.install.installutils import HostnameLocalhost, resolve_host
-from ipaserver.install.installutils import ReplicaConfig, expand_replica_info, read_replica_info
-from ipaserver.install.installutils import get_host_name, BadHostError
+from ipaserver.install.installutils import (HostnameLocalhost, resolve_host,
+        ReplicaConfig, expand_replica_info, read_replica_info ,get_host_name,
+        BadHostError, private_ccache)
 from ipaserver.plugins.ldap2 import ldap2
 from ipaserver.install import cainstance
 from ipalib import api, errors, util
@@ -731,9 +731,10 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up.
 
 if __name__ == '__main__':
     try:
-        installutils.run_script(main, log_file_name=log_file_name,
-                operation_name='ipa-replica-install',
-                fail_message=fail_message)
+        with private_ccache():
+            installutils.run_script(main, log_file_name=log_file_name,
+                    operation_name='ipa-replica-install',
+                    fail_message=fail_message)
     finally:
         # always try to remove decrypted replica file
         try:
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 992da90..4a2ac17 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -1226,6 +1226,7 @@ def main():
 
 if __name__ == '__main__':
     success = False
+
     try:
         # FIXME: Common option parsing, logging setup, etc should be factored
         # out from all install scripts
@@ -1235,8 +1236,10 @@ if __name__ == '__main__':
         else:
             log_file_name = "/var/log/ipaserver-install.log"
 
-        installutils.run_script(main, log_file_name=log_file_name,
-            operation_name='ipa-server-install')
+        # Use private ccache
+        with private_ccache():
+            installutils.run_script(main, log_file_name=log_file_name,
+                                    operation_name='ipa-server-install')
         success = True
 
     finally:
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index bc28dec..919089a 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -28,6 +28,7 @@ import shutil
 from ConfigParser import SafeConfigParser, NoOptionError
 import traceback
 import textwrap
+from contextlib import contextmanager
 
 from dns import resolver, rdatatype
 from dns.exception import DNSException
@@ -755,3 +756,24 @@ def check_pkcs12(pkcs12_info, ca_file, hostname):
                 (pkcs12_filename, e))
 
         return server_cert_name
+
+
+ at contextmanager
+def private_ccache():
+
+    (desc, path) = tempfile.mkstemp(prefix='krbcc')
+    os.close(desc)
+
+    original_value = os.environ.get('KRB5CCNAME', None)
+
+    os.environ['KRB5CCNAME'] = path
+
+    yield
+
+    if original_value is not None:
+        os.environ['KRB5CCNAME'] = original_value
+    else:
+        os.environ.pop('KRB5CCNAME')
+
+    if os.path.exists(path):
+        os.remove(path)

commit cce255848e2499c1a8b2a71420c626e1f8b987dd
Author: Petr Vobornik <pvoborni at redhat.com>
Date:   Wed May 29 13:06:11 2013 +0200

    Make ssbrowser.html work in IE 10
    
    Manual configuration page for other browsers (ssbrowser.html) doesn't work in IE 10 - error page is displayed.
    
    This patch is conditioning creation of Firefox configuration object so that configure.jar is requested only in Firefox. IE doesn't request it and so it does not fail.
    
    https://fedorahosted.org/freeipa/ticket/3645

diff --git a/install/html/ssbrowser.html b/install/html/ssbrowser.html
index 2afb0fa..72fd573 100644
--- a/install/html/ssbrowser.html
+++ b/install/html/ssbrowser.html
@@ -16,7 +16,14 @@
             $('.example-domain').text(domain);
 
             if ($.browser.mozilla) {
-                $("#configurefirefox").show();
+                var ff_config = $("#configurefirefox");
+                var obj = $('<object/>', {
+                    type: 'text/html',
+                    'class': 'browser-config'
+                });
+                obj.prop('data', 'jar:/ipa/errors/configure.jar!/preferences.html');
+                obj.appendTo(ff_config);
+                ff_config.show();
             }
         });
     </script>
@@ -72,8 +79,7 @@
             <ul>
                 <li>1. Import <a href="ca.crt">CA certificate</a>. Make sure you checked all three checkboxes.</li>
                 <li>2. Click on "Configure Browser" button below.</li>
-                <li id="configurefirefox" style="display:none"><object data="jar:/ipa/errors/configure.jar!/preferences.html"



More information about the Pkg-freeipa-devel mailing list