Skip to content

Commits on Source 180

80 additional commits have been omitted to prevent performance issues.
Show whitespace changes
Inline Side-by-side
.freeipa-pr-ci.yaml
View file @ f84b3f39
......@@ -13,7 +13,7 @@ topologies:
memory: 6700
jobs:
fedora-27/build:
fedora-28/build:
requires: []
priority: 100
job:
......@@ -21,189 +21,224 @@ jobs:
args:
git_repo: '{git_repo}'
git_refspec: '{git_refspec}'
template: &ci-master-f27
name: freeipa/ci-master-f27
version: 1.0.3
template: &ci-master-f28
name: freeipa/ci-master-f28
version: 0.1.5
timeout: 1800
topology: *build
fedora-27/simple_replication:
requires: [fedora-27/build]
fedora-28/simple_replication:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_simple_replication.py
template: *ci-master-f27
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-27/caless:
requires: [fedora-27/build]
fedora-28/caless:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
template: *ci-master-f27
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-27/external_ca:
requires: [fedora-27/build]
fedora-28/external_ca_1:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
test_suite: test_integration/test_external_ca.py::TestExternalCA test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall
template: *ci-master-f27
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_external_ca.py::TestExternalCA
template: *ci-master-f28
timeout: 3600
topology: *master_1repl_1client
fedora-28/external_ca_2:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-27/test_topologies:
requires: [fedora-27/build]
fedora-28/test_topologies:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_topologies.py
template: *ci-master-f27
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-27/test_sudo:
requires: [fedora-27/build]
fedora-28/test_sudo:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_sudo.py
template: *ci-master-f27
template: *ci-master-f28
timeout: 3600
topology: *master_1repl_1client
fedora-27/test_ipa_cli:
requires: [fedora-27/build]
fedora-28/test_commands:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
test_suite: test_integration/test_ipa_cli.py
template: *ci-master-f27
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_commands.py
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-27/test_kerberos_flags:
requires: [fedora-27/build]
fedora-28/test_kerberos_flags:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_kerberos_flags.py
template: *ci-master-f27
template: *ci-master-f28
timeout: 3600
topology: *master_1repl_1client
fedora-27/test_http_kdc_proxy:
requires: [fedora-27/build]
fedora-28/test_http_kdc_proxy:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_http_kdc_proxy.py
template: *ci-master-f27
template: *ci-master-f28
timeout: 3600
topology: *master_1repl_1client
fedora-27/test_forced_client_enrolment:
requires: [fedora-27/build]
fedora-28/test_forced_client_enrolment:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_forced_client_reenrollment.py
template: *ci-master-f27
template: *ci-master-f28
timeout: 3600
topology: *master_1repl_1client
fedora-27/test_advise:
requires: [fedora-27/build]
fedora-28/test_advise:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_advise.py
template: *ci-master-f27
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-27/test_testconfig:
requires: [fedora-27/build]
fedora-28/test_testconfig:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_testconfig.py
template: *ci-master-f27
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-27/test_service_permissions:
requires: [fedora-27/build]
fedora-28/test_service_permissions:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_service_permissions.py
template: *ci-master-f27
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-27/test_netgroup:
requires: [fedora-27/build]
fedora-28/test_netgroup:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_netgroup.py
template: *ci-master-f27
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-27/test_vault:
requires: [fedora-27/build]
fedora-28/test_vault:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_vault.py
template: *ci-master-f27
timeout: 3600
template: *ci-master-f28
timeout: 4500
topology: *master_1repl
fedora-27/test_authconfig:
requires: [fedora-27/build]
fedora-28/test_authconfig:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_authselect.py
template: *ci-master-f27
template: *ci-master-f28
timeout: 3600
topology: *master_1repl_1client
fedora-28/replica_promotion:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_replica_promotion.py::TestSubCAkeyReplication
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-28/dnssec:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_dnssec.py::TestInstallDNSSECFirst
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
.test_runner_config.yaml
View file @ f84b3f39
......@@ -28,7 +28,7 @@ steps:
builddep:
- rm -rf /var/cache/dnf/*
- "dnf makecache || :"
- dnf builddep -y ${builddep_opts} -D "with_wheels 1" --spec freeipa.spec.in --best --allowerasing
- dnf builddep -y ${builddep_opts} -D "with_wheels 1" --spec freeipa.spec.in --best --allowerasing --setopt=install_weak_deps=False
- dnf install -y gdb
cleanup:
- chown -R ${uid}:${gid} ${container_working_dir}
......@@ -47,6 +47,7 @@ steps:
configure:
- ./autogen.sh
install_packages:
- sed -i 's/%_install_langs \(.*\)/\0:fr/g' /etc/rpm/macros.image-language-conf
- dnf install -y ${container_working_dir}/dist/rpms/*.rpm --best --allowerasing
install_server:
- ipa-server-install -U --domain ${server_domain} --realm ${server_realm} -p ${server_password}
......
.test_runner_config_py3_temp.yaml
View file @ f84b3f39
......@@ -30,7 +30,7 @@ steps:
builddep:
- rm -rf /var/cache/dnf/*
- "dnf makecache || :"
- dnf builddep -y ${builddep_opts} --spec freeipa.spec.in --best --allowerasing
- dnf builddep -y ${builddep_opts} --spec freeipa.spec.in --best --allowerasing --setopt=install_weak_deps=False
- dnf install -y gdb
cleanup:
- chown -R ${uid}:${gid} ${container_working_dir}
......@@ -47,6 +47,7 @@ steps:
configure:
- ./autogen.sh
install_packages:
- sed -i 's/%_install_langs \(.*\)/\0:fr/g' /etc/rpm/macros.image-language-conf
- dnf install -y ${container_working_dir}/dist/rpms/*.rpm --best --allowerasing
- dnf install -y python3-mod_wsgi --best --allowerasing # Py3 temporary
install_server:
......
.travis_run_task.sh
View file @ f84b3f39
......@@ -38,7 +38,8 @@ if [[ "$TASK_TO_RUN" == "lint" ]]
then
if [[ "$TRAVIS_EVENT_TYPE" == "pull_request" ]]
then
git diff origin/$TRAVIS_BRANCH -U0 | pycodestyle --diff &> $PEP8_ERROR_LOG ||:
git diff origin/$TRAVIS_BRANCH -U0 | \
pycodestyle --ignore=W504 --diff &> $PEP8_ERROR_LOG ||:
fi
fi
......
API.txt
View file @ f84b3f39
......@@ -3962,7 +3962,7 @@ option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('description?', cli_name='desc')
option: Int('ipatokenradiusretries?', cli_name='retries')
option: Password('ipatokenradiussecret', cli_name='secret', confirm=True)
option: Str('ipatokenradiusserver+', cli_name='server')
option: Str('ipatokenradiusserver', cli_name='server')
option: Int('ipatokenradiustimeout?', cli_name='timeout')
option: Str('ipatokenusermapattribute?', cli_name='userattr')
option: Flag('raw', autofill=True, cli_name='raw', default=False)
......@@ -3987,7 +3987,7 @@ option: Str('cn?', autofill=False, cli_name='name')
option: Str('description?', autofill=False, cli_name='desc')
option: Int('ipatokenradiusretries?', autofill=False, cli_name='retries')
option: Password('ipatokenradiussecret?', autofill=False, cli_name='secret', confirm=True)
option: Str('ipatokenradiusserver*', autofill=False, cli_name='server')
option: Str('ipatokenradiusserver?', autofill=False, cli_name='server')
option: Int('ipatokenradiustimeout?', autofill=False, cli_name='timeout')
option: Str('ipatokenusermapattribute?', autofill=False, cli_name='userattr')
option: Flag('pkey_only?', autofill=True, default=False)
......@@ -4008,7 +4008,7 @@ option: Str('delattr*', cli_name='delattr')
option: Str('description?', autofill=False, cli_name='desc')
option: Int('ipatokenradiusretries?', autofill=False, cli_name='retries')
option: Password('ipatokenradiussecret?', autofill=False, cli_name='secret', confirm=True)
option: Str('ipatokenradiusserver*', autofill=False, cli_name='server')
option: Str('ipatokenradiusserver?', autofill=False, cli_name='server')
option: Int('ipatokenradiustimeout?', autofill=False, cli_name='timeout')
option: Str('ipatokenusermapattribute?', autofill=False, cli_name='userattr')
option: Flag('raw', autofill=True, cli_name='raw', default=False)
......@@ -4425,9 +4425,10 @@ output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: server_role_find/1
args: 1,8,4
args: 1,9,4
arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Flag('include_master', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('role_servrole?', autofill=False, cli_name='role')
option: Str('server_server?', autofill=False, cli_name='server')
......
BUILD.txt
View file @ f84b3f39
......@@ -7,7 +7,7 @@ For more information, see http://www.freeipa.org/page/Build
The quickest way to get the dependencies needed for building is:
# dnf builddep -b -D "with_python3 1" -D "with_wheels 1" -D "with_lint 1" --spec freeipa.spec.in --best --allowerasing
# dnf builddep -b -D "with_wheels 1" -D "with_lint 1" --spec freeipa.spec.in --best --allowerasing --setopt=install_weak_deps=False
TIP: For building with latest dependencies for freeipa master enable copr repo:
......
Contributors.txt
View file @ f84b3f39
......@@ -29,6 +29,7 @@ Developers:
Nalin Dahyabhai
Rishabh Dave
Don Davis
Nikhil Dehadrai
John Dennis
Jason Gerard DeRose
Günther Deschner
......@@ -71,6 +72,7 @@ Developers:
Peter Lacko
Stanislav Laznicka
Ade Lee
Stanislav Levin
Ben Lipton
Karl MacMillan
Niranjan Mallapadi
......@@ -81,17 +83,23 @@ Developers:
Kevin McCarthy
Mark McLoughlin
Rich Megginson
Sudhir Menon
Jim Meyering
Adam Misnyovszki
Takeshi MIZUTA
Anuja More
John Morris
Niranjan MR
Brian J. Murrell
Varun Mylaraiah
Marko Myllynen
Martin Nagy
Armando Neto
David O'Brien
Dmitri Pal
Jan Pazdziora
W. Michael Petullo
Pavel Picka
Gowrishankar Rajaiyan
realsobek
Michal Reznik
......@@ -102,6 +110,7 @@ Developers:
Lenka Ryznarova
Thorsten Scherf
shanyin
Kaleemullah Siddiqui
Michael Simacek
Lars Sjostrom
Filip Skola
......@@ -110,6 +119,7 @@ Developers:
Simo Sorce
Petr Špaček
David Spångberg
Justin Stephenson
Diane Trout
Fraser Tweedale
Petr Viktorin
......
VERSION.m4
View file @ f84b3f39
......@@ -20,8 +20,8 @@
# -> "1.0.0" #
########################################################
define(IPA_VERSION_MAJOR, 4)
define(IPA_VERSION_MINOR, 6)
define(IPA_VERSION_RELEASE, 90)
define(IPA_VERSION_MINOR, 7)
define(IPA_VERSION_RELEASE, 0)
########################################################
# For 'pre' releases the version will be #
......@@ -31,7 +31,7 @@ define(IPA_VERSION_RELEASE, 90)
# e.g. define(IPA_VERSION_PRE_RELEASE, rc1) #
# -> "1.0.0rc1" #
########################################################
define(IPA_VERSION_PRE_RELEASE, .pre2)
define(IPA_VERSION_PRE_RELEASE, )
########################################################
# To mark GIT snapshots this should be set to 'yes' #
......
client/Makefile.am
View file @ f84b3f39
......@@ -80,6 +80,7 @@ ipa_join_SOURCES = \
$(NULL)
ipa_join_LDADD = \
$(top_builddir)/util/libutil.la \
$(KRB5_LIBS) \
$(LDAP_LIBS) \
$(SASL_LIBS) \
......@@ -89,6 +90,7 @@ ipa_join_LDADD = \
$(NULL)
SUBDIRS = \
share \
man \
$(NULL)
......
client/ipa-client-automount
View file @ f84b3f39
......@@ -43,6 +43,8 @@ from six.moves.urllib.parse import urlsplit
from optparse import OptionParser # pylint: disable=deprecated-module
from ipaclient.install import ipachangeconf, ipadiscovery
from ipaclient.install.client import (CLIENT_NOT_CONFIGURED,
CLIENT_ALREADY_CONFIGURED)
from ipalib import api, errors
from ipalib.install import sysrestore
from ipalib.install.kinit import kinit_keytab
......@@ -189,7 +191,8 @@ def configure_autofs_sssd(fstore, statestore, autodiscover, options):
domain.add_provider('ipa', 'autofs')
try:
domain.get_option('ipa_automount_location')
sys.exit('An automount location is already configured')
print('An automount location is already configured')
sys.exit(CLIENT_ALREADY_CONFIGURED)
except SSSDConfig.NoOptionError:
domain.set_option('ipa_automount_location', options.location)
break
......@@ -252,17 +255,31 @@ def configure_autofs_common(fstore, statestore, options):
autofs.service_name, str(e))
def uninstall(fstore, statestore):
RESTORE_FILES=[
paths.SYSCONFIG_AUTOFS,
paths.NSSWITCH_CONF,
paths.AUTOFS_LDAP_AUTH_CONF,
paths.SYSCONFIG_NFS,
paths.IDMAPD_CONF,
]
STATES=['autofs', 'rpcidmapd', 'rpcgssd']
# automount only touches /etc/nsswitch.conf if LDAP is
# used. Don't restore it otherwise.
if (statestore.get_state('authconfig', 'sssd') or
(statestore.get_state('authselect', 'profile') == 'sssd')):
RESTORE_FILES.remove(paths.NSSWITCH_CONF)
if (not any(fstore.has_file(f) for f in RESTORE_FILES) or
not any(statestore.has_state(s) for s in STATES)):
print("IPA automount is not configured on this system")
return CLIENT_NOT_CONFIGURED
print("Restoring configuration")
if fstore.has_file(paths.SYSCONFIG_AUTOFS):
fstore.restore_file(paths.SYSCONFIG_AUTOFS)
if fstore.has_file(paths.NSSWITCH_CONF):
fstore.restore_file(paths.NSSWITCH_CONF)
if fstore.has_file(paths.AUTOFS_LDAP_AUTH_CONF):
fstore.restore_file(paths.AUTOFS_LDAP_AUTH_CONF)
if fstore.has_file(paths.SYSCONFIG_NFS):
fstore.restore_file(paths.SYSCONFIG_NFS)
if fstore.has_file(paths.IDMAPD_CONF):
fstore.restore_file(paths.IDMAPD_CONF)
for filepath in RESTORE_FILES:
if fstore.has_file(filepath):
fstore.restore_file(filepath)
if statestore.has_state('autofs'):
enabled = statestore.restore_state('autofs', 'enabled')
running = statestore.restore_state('autofs', 'running')
......@@ -382,7 +399,8 @@ def main():
try:
check_client_configuration()
except ScriptError as e:
sys.exit(e)
print(e.msg)
sys.exit(e.rval)
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
......@@ -412,7 +430,8 @@ def main():
ca_cert_path = paths.IPA_CA_CRT
if statestore.has_state('autofs'):
sys.exit('automount is already configured on this system.\n')
print('An automount location is already configured')
sys.exit(CLIENT_ALREADY_CONFIGURED)
autodiscover = False
ds = ipadiscovery.IPADiscovery()
......
client/ipa-getkeytab.c
View file @ f84b3f39
......@@ -43,14 +43,8 @@
#include "ipa_krb5.h"
#include "ipa_asn1.h"
#include "ipa-client-common.h"
#include "ipa_ldap.h"
#define DEFAULT_CA_CERT_FILE "/etc/ipa/ca.crt"
#define LDAP_SASL_EXTERNAL "EXTERNAL"
#define LDAP_SASL_GSSAPI "GSSAPI"
#define SCHEMA_LDAP "ldap://"
#define SCHEMA_LDAPS "ldaps://"
static int check_sasl_mech(const char *mech)
{
......@@ -178,42 +172,6 @@ static int ipa_server_to_uri(const char *servername, const char *mech,
return 0;
}
static int ipa_ldap_init(LDAP **ld, const char *ldap_uri)
{
int rc = 0;
rc = ldap_initialize(ld, ldap_uri);
return rc;
}
static int ipa_tls_ssl_init(LDAP *ld, const char *ldap_uri)
{
int ret = LDAP_SUCCESS;
int tls_hard = LDAP_OPT_X_TLS_HARD;
int tls_demand = LDAP_OPT_X_TLS_DEMAND;
if (strncmp(ldap_uri, SCHEMA_LDAP, sizeof(SCHEMA_LDAP) - 1) == 0) {
ret = ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &tls_demand);
if (ret != LDAP_OPT_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_X_TLS_REQUIRE_CERT\n"));
return ret;
}
ret = ldap_start_tls_s(ld, NULL, NULL);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to initialize STARTTLS session\n"));
return ret;
}
} else if (strncmp(ldap_uri, SCHEMA_LDAPS, sizeof(SCHEMA_LDAPS) - 1) == 0) {
ret = ldap_set_option(ld, LDAP_OPT_X_TLS, &tls_hard);
if (ret != LDAP_OPT_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_X_TLS\n"));
return ret;
}
}
return ret;
}
static int ipa_ldap_bind(const char *ldap_uri, krb5_principal bind_princ,
const char *bind_dn, const char *bind_pw,
const char *mech, const char *ca_cert_file,
......@@ -221,20 +179,12 @@ static int ipa_ldap_bind(const char *ldap_uri, krb5_principal bind_princ,
{
char *msg = NULL;
struct berval bv;
int version;
LDAP *ld;
int ret;
/* TODO: support referrals ? */
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ca_cert_file);
if (ret != LDAP_OPT_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_X_TLS_CERTIFICATE\n"));
return ret;
}
ret = ipa_ldap_init(&ld, ldap_uri);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to init connection to %s\n"), ldap_uri);
return ret;
}
......@@ -243,23 +193,7 @@ static int ipa_ldap_bind(const char *ldap_uri, krb5_principal bind_princ,
return LDAP_OPERATIONS_ERROR;
}
#ifdef LDAP_OPT_X_SASL_NOCANON
/* Don't do DNS canonicalization */
ret = ldap_set_option(ld, LDAP_OPT_X_SASL_NOCANON, LDAP_OPT_ON);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_X_SASL_NOCANON\n"));
goto done;
}
#endif
version = LDAP_VERSION3;
ret = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_PROTOCOL_VERSION\n"));
goto done;
}
ret = ipa_tls_ssl_init(ld, ldap_uri);
ret = ipa_tls_ssl_init(ld, ldap_uri, ca_cert_file);
if (ret != LDAP_OPT_SUCCESS) {
goto done;
}
......
client/ipa-join.c
View file @ f84b3f39
......@@ -39,13 +39,12 @@
#include "xmlrpc-c/client.h"
#include "ipa-client-common.h"
#include "ipa_ldap.h"
#define NAME "ipa-join"
#define JOIN_OID "2.16.840.1.113730.3.8.10.3"
#define CAFILE "/etc/ipa/ca.crt"
#define IPA_CONFIG "/etc/ipa/default.conf"
char * read_config_file(const char *filename);
......@@ -200,8 +199,6 @@ callRPC(char * user_agent,
static LDAP *
connect_ldap(const char *hostname, const char *binddn, const char *bindpw) {
LDAP *ld = NULL;
int ssl = LDAP_OPT_X_TLS_HARD;
int version = LDAP_VERSION3;
int ret;
int ldapdebug = 0;
char *uri;
......@@ -215,40 +212,23 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) {
}
}
if (ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, CAFILE) != LDAP_OPT_SUCCESS)
goto fail;
ret = asprintf(&uri, "ldaps://%s:636", hostname);
if (ret == -1) {
fprintf(stderr, _("Out of memory!"));
goto fail;
}
ret = ldap_initialize(&ld, uri);
free(uri);
ret = ipa_ldap_init(&ld, uri);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to initialize connection to ldap server: %s"),
ldap_err2string(ret));
goto fail;
}
if (ldap_set_option(ld, LDAP_OPT_X_TLS, &ssl) != LDAP_OPT_SUCCESS) {
fprintf(stderr, _("Unable to enable SSL in LDAP\n"));
goto fail;
}
/* Don't do DNS canonicalization */
ret = ldap_set_option(ld, LDAP_OPT_X_SASL_NOCANON, LDAP_OPT_ON);
ret = ipa_tls_ssl_init(ld, uri, DEFAULT_CA_CERT_FILE);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_X_SASL_NOCANON\n"));
goto fail;
}
ret = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP version\n"));
fprintf(stderr, _("Unable to enable SSL in LDAP\n"));
goto fail;
}
free(uri);
uri = NULL;
if (bindpw) {
bindpw_bv.bv_val = discard_const(bindpw);
......@@ -276,6 +256,9 @@ fail:
if (ld != NULL) {
ldap_unbind_ext(ld, NULL, NULL);
}
if (uri != NULL) {
free(uri);
}
return NULL;
}
......
client/man/ipa-client-automount.1
View file @ f84b3f39
......@@ -87,3 +87,7 @@ Files that will be configured when using the ldap automount client:
0 if the installation was successful
1 if an error occurred
2 if uninstalling and automount is not configured
3 if installing and automount already configured
client/share/Makefile.am 0 → 100644
View file @ f84b3f39
NULL =
appdir = $(IPA_DATA_DIR)/client
dist_app_DATA = \
freeipa.template \
$(NULL)
configure.ac
View file @ f84b3f39
......@@ -504,6 +504,7 @@ AC_CONFIG_FILES([
asn1/Makefile
asn1/asn1c/Makefile
client/Makefile
client/share/Makefile
client/man/Makefile
contrib/completion/Makefile
contrib/Makefile
......
daemons/ipa-otpd/queue.c
View file @ f84b3f39
......@@ -155,7 +155,7 @@ struct otpd_queue_item *otpd_queue_pop_msgid(struct otpd_queue *q, int msgid)
for (item = q->head, prev = &q->head;
item != NULL;
item = item->next, prev = &item->next) {
prev = &item->next, item = item->next) {
if (item->msgid == msgid) {
*prev = item->next;
if (q->head == NULL)
......
daemons/ipa-otpd/test.py
View file @ f84b3f39
#!/usr/bin/python3
#
# FreeIPA 2FA companion daemon
#
......
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
View file @ f84b3f39
......@@ -595,6 +595,7 @@ parse_req_done:
} else {
principal = slapi_ch_smprintf("root/admin@%s", krbcfg->realm);
}
if (principal)
ipapwd_set_extradata(pwdata.dn, principal, pwdata.timeNow);
/* Free anything that we allocated above */
......
daemons/ipa-slapi-plugins/topology/ipa-topology-conf.ldif 100755 → 100644
View file @ f84b3f39
File mode changed from 100755 to 100644