Skip to content
Commits on Source (1131)
1,031 additional commits have been omitted to prevent performance issues.
Show whitespace changes
Inline Side-by-side
.gitignore
View file @ e3f69f4e
......@@ -127,12 +127,19 @@ makeapi
client/ipa-certupdate
client/ipa-client-automount
client/ipa-client-install
client/ipa-client-samba
daemons/dnssec/ipa-dnskeysyncd
daemons/dnssec/ipa-dnskeysync-replica
daemons/dnssec/ipa-ods-exporter
install/certmonger/dogtag-ipa-ca-renew-agent-submit
install/certmonger/ipa-server-guard
install/custodia/ipa-custodia-dmldap
install/custodia/ipa-custodia-pki-tomcat
install/custodia/ipa-custodia-pki-tomcat-wrapped
install/custodia/ipa-custodia-ra-agent
install/oddjob/com.redhat.idm.trust-fetch-domains
install/oddjob/etc/oddjobd.conf.d/ipa-server.conf
install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf
install/restart_scripts/renew_ca_cert
install/restart_scripts/renew_kdc_cert
install/restart_scripts/renew_ra_cert
......@@ -145,9 +152,11 @@ install/tools/ipa-advise
install/tools/ipa-backup
install/tools/ipa-cacert-manage
install/tools/ipa-ca-install
install/tools/ipa-cert-fix
install/tools/ipa-compat-manage
install/tools/ipa-csreplica-manage
install/tools/ipactl
install/tools/ipa-crlgen-manage
install/tools/ipa-custodia
install/tools/ipa-custodia-check
install/tools/ipa-dns-install
......@@ -159,6 +168,7 @@ install/tools/ipa-nis-manage
install/tools/ipa-otptoken-import
install/tools/ipa-pkinit-manage
install/tools/ipa-pki-retrieve-key
install/tools/ipa-pki-wait-running
install/tools/ipa-replica-conncheck
install/tools/ipa-replica-install
install/tools/ipa-replica-manage
......
.lgtm.yml 0 → 100644
View file @ e3f69f4e
---
# See https://lgtm.com/help/lgtm/customizing-file-classification
path_classifiers:
asn1:
- "asn1/.*"
asn1-autogenerated:
- "asn1/asn1c/.*"
ipaclient:
- client
- ipalcient
- util
ipalib:
- ipalib
- ipaplatform
- ipapython
ipaserver:
- ipaserver
ipatets:
- ipatests
daemons:
- daemons
install:
- install
extraction:
# https://lgtm.com/help/lgtm/cpp-extraction
cpp:
prepare:
packages:
- build-essential
- autoconf
- automake
- autopoint
- libtool
- gettext
- git
- python3-dev
- python3-distutils
- python3-lesscpy
- python3-setuptools
- python3-wheel
- nodejs
- uglifyjs
- systemd
- 389-ds-base-dev
- libssl-dev
- libsasl2-dev
- libldap2-dev
- libkrb5-dev
- libkrad-dev
- libini-config-dev
- libnss3-dev
- libsss-certmap-dev
- libsss-idmap-dev
- libsss-nss-idmap-dev
- libunistring-dev
- libxmlrpc-core-c3-dev
- samba-dev
- uuid-dev
configure:
command:
- ./autogen.sh --with-ipaplatform=debian
index:
build_command:
- make -j2 -s
# https://lgtm.com/help/lgtm/python-extraction
python:
prepare:
packages:
- build-essential
- autoconf
- automake
- autopoint
- libtool
- gettext
- git
- python3-dev
- python3-distutils
- python3-lesscpy
- python3-setuptools
- python3-wheel
- nodejs
- uglifyjs
- systemd
- 389-ds-base-dev
- libssl-dev
- libsasl2-dev
- libldap2-dev
- libkrb5-dev
- libkrad-dev
- libini-config-dev
- libnss3-dev
- libsss-certmap-dev
- libsss-idmap-dev
- libsss-nss-idmap-dev
- libunistring-dev
- libxmlrpc-core-c3-dev
- samba-dev
- uuid-dev
# extra dependencies for Python packages
- libaugeas-dev
- augeas-lenses
- libdbus-1-dev
- libffi-dev
- libxslt1-dev
- python3-libsss-nss-idmap
- python3-sss
after_prepare:
- ./autogen.sh --with-ipaplatform=debian
python_setup:
version: 3
setup_py: false
requirements:
- cffi
- cryptography
- custodia
- dbus-python
- dnspython
- jinja2
- jwcrypto
- lxml
- gssapi
- netaddr
- netifaces
- polib
- requests
- python-augeas
- pyasn1
- pyasn1-modules
- pytest
- pytest_multihost
- python-ldap
- python-yubico
- pyusb
- pyyaml
- qrcode
- six
before_index:
# Let LGTM pick up our packages
- export PYTHONPATH=$LGTM_SRC
index:
exclude:
# auto-generated files
- ipaclient/remote_plugins/2_114
- ipaclient/remote_plugins/2_156
- ipaclient/remote_plugins/2_164
- ipaclient/remote_plugins/2_49
# packaging helpers
- pypi
.mailmap
View file @ e3f69f4e
Ana Krivokapić <akrivoka@redhat.com> Ana Krivokapic <akrivoka@redhat.com>
Adam Misnyovszki <amisnyov@redhat.com> <amisnyov@redhat.com>
Amit Kumar <amitkuma@redhat.com> <amitkuma@redhat.com> <amitkuma@redhat.com>
Endi Sukma Dewata <edewata@redhat.com> System Administrator <root@dhcp-100-3-211.bos.redhat.com>
Endi Sukma Dewata <edewata@redhat.com>
Felipe Volpone <felipevolpone@gmail.com> Felipe Barreto <fbarreto@redhat.com>
Felipe Volpone <felipevolpone@gmail.com> felipe <fbarreto@localhost.localdomain>
Felipe Volpone <felipevolpone@gmail.com> Felipe Volpone <fbarreto@redhat.com>
Felipe Volpone <fbarreto@redhat.com>
Gabe Alford <redhatrises@gmail.com>
Ganna Kaihorodova <gkaihoro@redhat.com> <gkaihoro@example.com>
Jan Zelený <jzeleny@redhat.com>
......@@ -49,6 +54,7 @@ Rob Crittenden <rcritten@redhat.com> <rcrit@rhel1.greyoak.com>
Rob Crittenden <rcritten@redhat.com> rcritten <devnull@localhost>
Rob Crittenden <rcritten@redhat.com> <rcrit@thor.greyoak.com>
Rob Crittenden <rcritten@redhat.com> <rcrit@tove.greyoak.com>
Serhii Tsymbaliuk <stsymbal@redhat.com> <stsymbal@localhost.localdomain>
Simo Sorce <ssorce@redhat.com> <simo@redhat.com>
Sumit Bose <sbose@redhat.com> <sbose@ipa17-devel.ipa17.devel>
Sumit Bose <sbose@redhat.com> <sbose@ipa18-devel.ipa18.devel>
......
.test_runner_config.yaml
View file @ e3f69f4e
......@@ -28,6 +28,7 @@ steps:
builddep:
- rm -rf /var/cache/dnf/*
- "dnf makecache || :"
- dnf -y module enable nodejs:12
- dnf builddep -y ${builddep_opts} -D "with_wheels 1" --spec freeipa.spec.in --best --allowerasing --setopt=install_weak_deps=False
- dnf install -y gdb
- dnf update -y annobin
......@@ -50,14 +51,16 @@ steps:
install_packages:
- sed -i 's/%_install_langs \(.*\)/\0:fr/g' /etc/rpm/macros.image-language-conf
- dnf install -y ${container_working_dir}/dist/rpms/*.rpm --best --allowerasing
- dnf install -y firewalld
- systemctl --now enable firewalld
install_server:
- ipa-server-install -U --domain ${server_domain} --realm ${server_realm} -p ${server_password}
-a ${server_password} --setup-dns --setup-kra --auto-forwarders
- sed -ri "s/mode = production/mode = development/" /etc/ipa/default.conf
- systemctl restart httpd.service
- firewall-cmd --add-service={freeipa-ldap,freeipa-ldaps,dns}
lint:
- make PYTHON=/usr/bin/python2 V=0 lint
- make PYTHON=/usr/bin/python3 V=0 pylint
- make V=0 lint
webui_unit:
- dnf install -y npm
- cd ${container_working_dir}/install/ui/js/libs && make
......@@ -65,7 +68,7 @@ steps:
- cd ${container_working_dir}/install/ui && node_modules/grunt/bin/grunt --verbose test
tox:
# just run one pylint and one Python 3 target (time/coverage trade-off)
- tox -e py27,py36,pypi,pylint3
- tox -e py36,pypi,pylint3
prepare_tests:
- echo ${server_password} | kinit admin && ipa ping
- cp -r /etc/ipa/* ~/.ipa/
......@@ -79,6 +82,7 @@ steps:
- ipa-server-install --uninstall -U
# second uninstall to verify that --uninstall without installation works
- ipa-server-install --uninstall -U
- firewall-cmd --remove-service={freeipa-ldap,freeipa-ldaps,dns}
tests:
ignore:
- test_integration
......
.test_runner_config_py3_temp.yaml deleted 100644 → 0
View file @ 4d268205
#
# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
#
# Configuration file for the test runner used in Travis CI
# This config file is temporal and will be used only for migration period
# from py2 to fully supported py3
container:
detach: true
hostname: master.ipa.test
working_dir: /freeipa
host:
binds:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /dev/urandom:/dev/random:ro
privileged: true
security_opt:
- label:disable
tmpfs:
- /tmp
- /run
server:
domain: ipa.test
password: Secret123
realm: IPA.TEST
steps:
build:
- make V=0 ${make_target} LOG_COMPILE='gdb -return-child-result -ex run -ex "thread apply all bt" -ex "quit" --args'
builddep:
- rm -rf /var/cache/dnf/*
- "dnf makecache || :"
- dnf builddep -y ${builddep_opts} --spec freeipa.spec.in --best --allowerasing --setopt=install_weak_deps=False
- dnf install -y gdb
- dnf update -y annobin
cleanup:
- chown -R ${uid}:${gid} ${container_working_dir}
- >
tar --ignore-failed-read -cvf ${container_working_dir}/var_log.tar
/var/log/dirsrv
/var/log/httpd
/var/log/ipa*
/var/log/krb5kdc.log
/var/log/pki
systemd_journal.log
`find daemons -name '*.log' -print`
- chown ${uid}:${gid} ${container_working_dir}/var_log.tar
configure:
- ./autogen.sh
install_packages:
- sed -i 's/%_install_langs \(.*\)/\0:fr/g' /etc/rpm/macros.image-language-conf
- dnf install -y ${container_working_dir}/dist/rpms/*.rpm --best --allowerasing
- dnf install -y python3-mod_wsgi --best --allowerasing # Py3 temporary
install_server:
- ipa-server-install -U --domain ${server_domain} --realm ${server_realm} -p ${server_password}
-a ${server_password} --setup-dns --auto-forwarders
- ipa-kra-install -p ${server_password}
lint:
- make PYTHON=/usr/bin/python2 V=0 lint
- make PYTHON=/usr/bin/python3 V=0 pylint
prepare_tests:
- echo ${server_password} | kinit admin && ipa ping
- cp -r /etc/ipa/* ~/.ipa/
- echo ${server_password} > ~/.ipa/.dmpw
- echo 'wait_for_dns=5' >> ~/.ipa/default.conf
run_tests:
- ipa-run-tests-3 ${tests_ignore} -k-test_dns_soa ${tests_verbose} ${path}
- '! grep -n -C5 BytesWarning /var/log/httpd/error_log'
tests:
verbose: true
ignore:
- test_integration
- test_webui
- test_ipapython/test_keyring.py
.tox-install.sh
View file @ e3f69f4e
......@@ -2,10 +2,11 @@
set -ex
FLAVOR="$1"
ENVPYTHON="$2"
ENVSITEPACKAGESDIR="$3"
# 3...end are package requirements
shift 3
ENVPYTHON="$(realpath "$2")"
ENVSITEPACKAGESDIR="$(realpath "$3")"
ENVDIR="$4"
# 4...end are package requirements
shift 4
TOXINIDIR="$(cd "$(dirname "$0")" && pwd)"
......@@ -25,10 +26,21 @@ if [ ! -f "${TOXINIDIR}/tox.ini" ]; then
exit 3
fi
if [ ! -d "${ENVDIR}" ]; then
echo "${ENVDIR}: no such directory"
exit 4
fi
# https://pip.pypa.io/en/stable/user_guide/#environment-variables
export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache"
mkdir -p "${PIP_CACHE_DIR}"
# /tmp could be mounted with noexec option.
# pip checks if path is executable and if not then doesn't set such
# permission bits
export PIP_BUILD="${ENVDIR}/pip_build"
rm -rf "${PIP_BUILD}"
DISTBUNDLE="${TOXINIDIR}/dist/bundle"
mkdir -p "${DISTBUNDLE}"
......
.travis.yml
View file @ e3f69f4e
......@@ -13,7 +13,7 @@ python:
cache: pip
env:
global:
- TEST_RUNNER_IMAGE="freeipa/freeipa-test-runner:master-latest"
- TEST_RUNNER_IMAGE="freeipa/freeipa-test-runner:ipa-4-8_f30"
PEP8_ERROR_LOG="pycodestyle_errors.log"
CI_RESULTS_LOG="ci_results_${TRAVIS_BRANCH}.log"
CI_BACKLOG_SIZE=5000
......@@ -24,28 +24,13 @@ env:
TEST_RUNNER_CONFIG=".test_runner_config.yaml"
- TASK_TO_RUN="webui-unit"
TEST_RUNNER_CONFIG=".test_runner_config.yaml"
- TASK_TO_RUN="run-tests"
PYTHON=/usr/bin/python2
TEST_RUNNER_CONFIG=".test_runner_config.yaml"
TESTS_TO_RUN="test_xmlrpc/test_[a-k]*.py"
- TASK_TO_RUN="run-tests"
PYTHON=/usr/bin/python2
TEST_RUNNER_CONFIG=".test_runner_config.yaml"
TESTS_TO_RUN="test_cmdline
test_install
test_ipaclient
test_ipalib
test_ipaplatform
test_ipapython
test_ipaserver
test_xmlrpc/test_[l-z]*.py"
- TASK_TO_RUN="run-tests"
PYTHON=/usr/bin/python3
TEST_RUNNER_CONFIG=".test_runner_config_py3_temp.yaml"
TEST_RUNNER_CONFIG=".test_runner_config.yaml"
TESTS_TO_RUN="test_xmlrpc/test_[a-k]*.py"
- TASK_TO_RUN="run-tests"
PYTHON=/usr/bin/python3
TEST_RUNNER_CONFIG=".test_runner_config_py3_temp.yaml"
TEST_RUNNER_CONFIG=".test_runner_config.yaml"
TESTS_TO_RUN="test_cmdline
test_install
test_ipaclient
......@@ -53,6 +38,7 @@ env:
test_ipaplatform
test_ipapython
test_ipaserver
test_ipatests_plugins
test_xmlrpc/test_[l-z]*.py"
- TASK_TO_RUN="tox"
TEST_RUNNER_CONFIG=".test_runner_config.yaml"
......
.travis_run_task.sh
View file @ e3f69f4e
......@@ -6,12 +6,7 @@
test_set=""
if [[ $PYTHON == "/usr/bin/python2" ]]
then
env_opt="--define 'with_python3 0'"
else
env_opt=""
fi
case "$TASK_TO_RUN" in
lint|tox)
......@@ -39,7 +34,7 @@ then
if [[ "$TRAVIS_EVENT_TYPE" == "pull_request" ]]
then
git diff origin/$TRAVIS_BRANCH -U0 | \
pycodestyle --ignore=W504 --diff &> $PEP8_ERROR_LOG ||:
pycodestyle --diff &> $PEP8_ERROR_LOG ||:
fi
fi
......@@ -55,7 +50,6 @@ docker pull $TEST_RUNNER_IMAGE
ipa-docker-test-runner -l $CI_RESULTS_LOG \
-c $TEST_RUNNER_CONFIG \
$developer_mode_opt \
--container-environment "PYTHON=$PYTHON" \
--container-environment "RPMBUILD_OPTS=$env_opt" \
--container-image $TEST_RUNNER_IMAGE \
--git-repo $TRAVIS_BUILD_DIR \
......
ACI.txt
View file @ e3f69f4e
......@@ -61,7 +61,7 @@ aci: (targetattr = "cn || description || ipacertprofilestoreissued")(targetfilte
dn: cn=certprofiles,cn=ca,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || description || entryusn || ipacertprofilestoreissued || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Read Certificate Profiles";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=ipaconfig,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || ipadefaultemaildomain || ipadefaultloginshell || ipadefaultprimarygroup || ipadomainresolutionorder || ipagroupobjectclasses || ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || ipamaxusernamelength || ipamigrationenabled || ipapwdexpadvnotify || ipasearchrecordslimit || ipasearchtimelimit || ipaselinuxusermapdefault || ipaselinuxusermaporder || ipauserauthtype || ipauserobjectclasses || ipausersearchfields || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaguiconfig)")(version 3.0;acl "permission:System: Read Global Configuration";allow (compare,read,search) userdn = "ldap:///all";)
aci: (targetattr = "cn || createtimestamp || entryusn || ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || ipadefaultemaildomain || ipadefaultloginshell || ipadefaultprimarygroup || ipadomainresolutionorder || ipagroupobjectclasses || ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || ipamaxhostnamelength || ipamaxusernamelength || ipamigrationenabled || ipapwdexpadvnotify || ipasearchrecordslimit || ipasearchtimelimit || ipaselinuxusermapdefault || ipaselinuxusermaporder || ipauserauthtype || ipauserobjectclasses || ipausersearchfields || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaguiconfig)")(version 3.0;acl "permission:System: Read Global Configuration";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=costemplates,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Add Group Password Policy costemplate";allow (add) groupdn = "ldap:///cn=System: Add Group Password Policy costemplate,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=costemplates,cn=accounts,dc=ipa,dc=example
......@@ -273,6 +273,8 @@ aci: (targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(obje
dn: cn=services,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "krbprincipalauthind || usercertificate")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Modify Services";allow (write) groupdn = "ldap:///cn=System: Modify Services,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=services,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || ipantsecurityidentifier || loginshell || modifytimestamp || objectclass || uid || uidnumber")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Read POSIX details of SMB services";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=services,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "createtimestamp || entryusn || ipakrbauthzdata || ipakrbprincipalalias || ipauniqueid || krbcanonicalname || krblastpwdchange || krbobjectreferences || krbpasswordexpiration || krbprincipalaliases || krbprincipalauthind || krbprincipalexpiration || krbprincipalname || managedby || memberof || modifytimestamp || objectclass || usercertificate")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Read Services";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=services,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Remove Services";allow (delete) groupdn = "ldap:///cn=System: Remove Services,cn=permissions,cn=pbac,dc=ipa,dc=example";)
......
API.txt
View file @ e3f69f4e
......@@ -1075,7 +1075,7 @@ args: 0,1,1
option: Str('version?')
output: Output('result')
command: config_mod/1
args: 0,27,3
args: 0,28,3
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('ca_renewal_master_server?', autofill=False)
......@@ -1089,6 +1089,7 @@ option: Str('ipagroupobjectclasses*', autofill=False, cli_name='groupobjectclass
option: IA5Str('ipagroupsearchfields?', autofill=False, cli_name='groupsearch')
option: IA5Str('ipahomesrootdir?', autofill=False, cli_name='homedirectory')
option: StrEnum('ipakrbauthzdata*', autofill=False, cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'nfs:NONE'])
option: Int('ipamaxhostnamelength?', autofill=False, cli_name='maxhostname')
option: Int('ipamaxusernamelength?', autofill=False, cli_name='maxusername')
option: Bool('ipamigrationenabled?', autofill=False, cli_name='enable_migration')
option: Int('ipapwdexpadvnotify?', autofill=False, cli_name='pwdexpnotify')
......@@ -4447,7 +4448,7 @@ option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('role_servrole?', autofill=False, cli_name='role')
option: Str('server_server?', autofill=False, cli_name='server')
option: Int('sizelimit?', autofill=False)
option: StrEnum('status?', autofill=False, cli_name='status', default=u'enabled', values=[u'enabled', u'configured', u'absent'])
option: StrEnum('status?', autofill=False, cli_name='status', default=u'enabled', values=[u'enabled', u'configured', u'hidden', u'absent'])
option: Int('timelimit?', autofill=False)
option: Str('version?')
output: Output('count', type=[<type 'int'>])
......@@ -4475,6 +4476,14 @@ option: Str('version?')
output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: server_state/1
args: 1,2,3
arg: Str('cn', cli_name='name')
option: StrEnum('state', values=[u'enabled', u'hidden'])
option: Str('version?')
output: Output('result', type=[<type 'bool'>])
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: service_add/1
args: 1,14,3
arg: Principal('krbcanonicalname', cli_name='canonical_principal')
......@@ -4528,6 +4537,22 @@ option: Str('version?')
output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: service_add_smb/1
args: 2,9,3
arg: Str('fqdn', cli_name='hostname')
arg: Str('ipantflatname?', cli_name='netbiosname')
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Bool('ipakrbokasdelegate?', cli_name='ok_as_delegate')
option: Bool('ipakrboktoauthasdelegate?', cli_name='ok_to_auth_as_delegate')
option: Flag('no_members', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('setattr*', cli_name='setattr')
option: Certificate('usercertificate*', cli_name='certificate')
option: Str('version?')
output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: service_allow_create_keytab/1
args: 1,8,3
arg: Principal('krbcanonicalname', cli_name='canonical_principal')
......@@ -4963,7 +4988,7 @@ output: Output('result', type=[<type 'dict'>])
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: ListOfPrimaryKeys('value')
command: stageuser_find/1
args: 1,54,4
args: 1,58,4
arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('carlicense*', autofill=False)
......@@ -4983,6 +5008,10 @@ option: Str('in_netgroup*', cli_name='in_netgroups')
option: Str('in_role*', cli_name='in_roles')
option: Str('in_sudorule*', cli_name='in_sudorules')
option: Str('initials?', autofill=False)
option: Str('ipanthomedirectory?', autofill=False, cli_name='smb_home_dir')
option: StrEnum('ipanthomedirectoryrive?', autofill=False, cli_name='smb_home_drive', values=[u'A:', u'B:', u'C:', u'D:', u'E:', u'F:', u'G:', u'H:', u'I:', u'J:', u'K:', u'L:', u'M:', u'N:', u'O:', u'P:', u'Q:', u'R:', u'S:', u'T:', u'U:', u'V:', u'W:', u'X:', u'Y:', u'Z:'])
option: Str('ipantlogonscript?', autofill=False, cli_name='smb_logon_script')
option: Str('ipantprofilepath?', autofill=False, cli_name='smb_profile_path')
option: Str('ipatokenradiusconfiglink?', autofill=False, cli_name='radius')
option: Str('ipatokenradiususername?', autofill=False, cli_name='radius_username')
option: StrEnum('ipauserauthtype*', autofill=False, cli_name='user_auth_type', values=[u'password', u'radius', u'otp'])
......@@ -5024,7 +5053,7 @@ output: ListOfEntries('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: Output('truncated', type=[<type 'bool'>])
command: stageuser_mod/1
args: 1,47,3
args: 1,51,3
arg: Str('uid', cli_name='login')
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
......@@ -5041,6 +5070,10 @@ option: Int('gidnumber?', autofill=False)
option: Str('givenname?', autofill=False, cli_name='first')
option: Str('homedirectory?', autofill=False, cli_name='homedir')
option: Str('initials?', autofill=False)
option: Str('ipanthomedirectory?', autofill=False, cli_name='smb_home_dir')
option: StrEnum('ipanthomedirectoryrive?', autofill=False, cli_name='smb_home_drive', values=[u'A:', u'B:', u'C:', u'D:', u'E:', u'F:', u'G:', u'H:', u'I:', u'J:', u'K:', u'L:', u'M:', u'N:', u'O:', u'P:', u'Q:', u'R:', u'S:', u'T:', u'U:', u'V:', u'W:', u'X:', u'Y:', u'Z:'])
option: Str('ipantlogonscript?', autofill=False, cli_name='smb_logon_script')
option: Str('ipantprofilepath?', autofill=False, cli_name='smb_profile_path')
option: Str('ipasshpubkey*', autofill=False, cli_name='sshpubkey')
option: Str('ipatokenradiusconfiglink?', autofill=False, cli_name='radius')
option: Str('ipatokenradiususername?', autofill=False, cli_name='radius_username')
......@@ -5762,10 +5795,12 @@ output: Output('result', type=[<type 'dict'>])
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: ListOfPrimaryKeys('value')
command: trust_fetch_domains/1
args: 1,5,4
args: 1,7,4
arg: Str('cn', cli_name='realm')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('realm_admin?', cli_name='admin')
option: Password('realm_passwd?', cli_name='password', confirm=False)
option: Str('realm_server?', cli_name='server')
option: Flag('rights', autofill=True, default=False)
option: Str('version?')
......@@ -6045,7 +6080,7 @@ output: Output('result', type=[<type 'bool'>])
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: user_find/1
args: 1,57,4
args: 1,61,4
arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('carlicense*', autofill=False)
......@@ -6065,6 +6100,10 @@ option: Str('in_netgroup*', cli_name='in_netgroups')
option: Str('in_role*', cli_name='in_roles')
option: Str('in_sudorule*', cli_name='in_sudorules')
option: Str('initials?', autofill=False)
option: Str('ipanthomedirectory?', autofill=False, cli_name='smb_home_dir')
option: StrEnum('ipanthomedirectoryrive?', autofill=False, cli_name='smb_home_drive', values=[u'A:', u'B:', u'C:', u'D:', u'E:', u'F:', u'G:', u'H:', u'I:', u'J:', u'K:', u'L:', u'M:', u'N:', u'O:', u'P:', u'Q:', u'R:', u'S:', u'T:', u'U:', u'V:', u'W:', u'X:', u'Y:', u'Z:'])
option: Str('ipantlogonscript?', autofill=False, cli_name='smb_logon_script')
option: Str('ipantprofilepath?', autofill=False, cli_name='smb_profile_path')
option: Str('ipatokenradiusconfiglink?', autofill=False, cli_name='radius')
option: Str('ipatokenradiususername?', autofill=False, cli_name='radius_username')
option: StrEnum('ipauserauthtype*', autofill=False, cli_name='user_auth_type', values=[u'password', u'radius', u'otp'])
......@@ -6109,7 +6148,7 @@ output: ListOfEntries('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: Output('truncated', type=[<type 'bool'>])
command: user_mod/1
args: 1,48,3
args: 1,52,3
arg: Str('uid', cli_name='login')
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
......@@ -6126,6 +6165,10 @@ option: Int('gidnumber?', autofill=False)
option: Str('givenname?', autofill=False, cli_name='first')
option: Str('homedirectory?', autofill=False, cli_name='homedir')
option: Str('initials?', autofill=False)
option: Str('ipanthomedirectory?', autofill=False, cli_name='smb_home_dir')
option: StrEnum('ipanthomedirectoryrive?', autofill=False, cli_name='smb_home_drive', values=[u'A:', u'B:', u'C:', u'D:', u'E:', u'F:', u'G:', u'H:', u'I:', u'J:', u'K:', u'L:', u'M:', u'N:', u'O:', u'P:', u'Q:', u'R:', u'S:', u'T:', u'U:', u'V:', u'W:', u'X:', u'Y:', u'Z:'])
option: Str('ipantlogonscript?', autofill=False, cli_name='smb_logon_script')
option: Str('ipantprofilepath?', autofill=False, cli_name='smb_profile_path')
option: Str('ipasshpubkey*', autofill=False, cli_name='sshpubkey')
option: Str('ipatokenradiusconfiglink?', autofill=False, cli_name='radius')
option: Str('ipatokenradiususername?', autofill=False, cli_name='radius_username')
......@@ -6905,11 +6948,13 @@ default: server_role/1
default: server_role_find/1
default: server_role_show/1
default: server_show/1
default: server_state/1
default: service/1
default: service_add/1
default: service_add_cert/1
default: service_add_host/1
default: service_add_principal/1
default: service_add_smb/1
default: service_allow_create_keytab/1
default: service_allow_retrieve_keytab/1
default: service_del/1
......
Contributors.txt
View file @ e3f69f4e
......@@ -4,140 +4,153 @@ The following people have contributed to the FreeIPA project.
(Listed in alphabetical order within category)
Developers:
Timo Aaltonen
Gabe Alford
Jr Aquino
Tomáš Babej
Martin Babinsky
Kyle Baker
Felipe Barreto
Jan Barta
Martin Bašti
Sylvain Baubeau
Florence Blanc-Renaud
Abhijeet Kasurde
Adam Misnyovszki
Adam Williamson
Adam Young
Ade Lee
Aleksei Slaikovskii
Ales 'alich' Marecek
Alex Zeleznikov
Alexander Bokovoy
Thierry Bordaz
Sumit Bose
François Cami
Petr Čech
Xiao-Long Chen
Jan Cholasta
Yuri Chornoivan
Alexander Koksharov
Alexander Scheel
Alexey Slaykovsky
Amit Kumar
Ana Krivokapić
Andrew Wnuk
Anuja More
Armando Neto
Ben Lipton
Benjamin Drung
Brian Cook
Rob Crittenden
Frank Cusack
Nalin Dahyabhai
Rishabh Dave
Brian J. Murrell
Christian Heimes
Christian Hermann
David Kreitschmann
David Kupka
David O'Brien
David Spångberg
Diane Trout
Diogo Nunes
Dmitri Pal
Don Davis
Nikhil Dehadrai
John Dennis
Jason Gerard DeRose
Günther Deschner
Endi Sukma Dewata
Lenka Doudova
Benjamin Drung
Patrice Duc-Jacquet
Tibor Dudlák
Lewis Eason
Drew Erny
Oleg Fayans
Jérôme Fenal
Endi Sukma Dewata
Fabiano Fidêncio
Stephen Gallagher
René Genz
James Groffen
Oliver Gutierrez
Ondřej Hamada
Robbie Harwood
Nick Hatch
Christian Heimes
Jakub Hrozek
Felipe Volpone
Filip Skola
Florence Blanc-Renaud
Francesco Marella
Francisco Trivino
François Cami
Frank Cusack
Fraser Tweedale
Gabe Alford
Ganna Kaihorodova
Abhijeet Kasurde
Nathan Kinder
Krzysztof Klimonda
Alexander Koksharov
Nikolai Kondrashov
Martin Košek
David Kreitschmann
Ludwig Krispenz
Ana Krivokapić
Tomáš Křížek
Milan Kubík
Amit Kumar
German Parente
Gowrishankar Rajaiyan
Günther Deschner
Ian Kumlien
David Kupka
Robert Kuska
Ian Pilcher
Jakub Hrozek
James Groffen
Jan Barta
Jan Cholasta
Jan Pazdziora
Jan Zelený
Jason Gerard DeRose
Jason Woods
Jérôme Fenal
Jim Meyering
John Dennis
John L
Peter Lacko
Stanislav Laznicka
Ade Lee
Stanislav Levin
Ben Lipton
John Morris
Jr Aquino
Justin Stephenson
Kaleemullah Siddiqui
Karl MacMillan
Niranjan Mallapadi
Ales 'alich' Marecek
Francesco Marella
Nathaniel McCallum
William Jon McCann
Kevin McCarthy
Krzysztof Klimonda
Kyle Baker
Lars Sjostrom
Lenka Doudova
Lenka Ryznarova
Lewis Eason
Lubomír Rintel
Ludwig Krispenz
Lukáš Slebodník
Lynn Root
Mark McLoughlin
Rich Megginson
Sudhir Menon
Jim Meyering
Adam Misnyovszki
Takeshi MIZUTA
Anuja More
John Morris
Niranjan MR
Brian J. Murrell
Varun Mylaraiah
Marko Myllynen
Martin Babinsky
Martin Bašti
Martin Košek
Martin Nagy
Armando Neto
David O'Brien
Dmitri Pal
Jan Pazdziora
W. Michael Petullo
Pavel Picka
Orion Poplawski
Gowrishankar Rajaiyan
realsobek
Michal Reznik
Lubomír Rintel
Matt Rogers
Lynn Root
Pete Rowley
Lenka Ryznarova
Alexander Scheel
Thorsten Scherf
shanyin
Kaleemullah Siddiqui
Michael Simacek
Lars Sjostrom
Filip Skola
Aleksei Slaikovskii
Lukáš Slebodník
Simo Sorce
Michal Reznik
Michal Židek
Milan Kubík
Mohammad Rizwan Yusuf
Nalin Dahyabhai
Nathan Kinder
Nathaniel McCallum
Nick Hatch
Nikhil Dehadrai
Nikolai Kondrashov
Niranjan Mallapadi
Niranjan MR
Oleg Fayans
Oleg Kozlov
Oliver Gutierrez
Ondřej Hamada
Orion Poplawski
Patrice Duc-Jacquet
Pavel Picka
Pavel Vomáčka
Pavel Zůna
Pete Rowley
Peter Keresztes Schmidt
Peter Lacko
Petr Čech
Petr Špaček
David Spångberg
Justin Stephenson
Diane Trout
Serhii Tsymbaliuk
Fraser Tweedale
Petr Viktorin
Petr Voborník
Felipe Volpone
Pavel Vomáčka
Andrew Wnuk
realsobek
René Genz
Rich Megginson
Rishabh Dave
Rob Crittenden
Robbie Harwood
Robert Kuska
Sergey Orlov
Serhii Tsymbaliuk
shanyin
Simo Sorce
Stanislav Laznicka
Stanislav Levin
Stephen Gallagher
sudharsanomprakash
Sudhir Menon
Sumedh Sidhaye
Sumit Bose
Sylvain Baubeau
Takeshi MIZUTA
Theodor van Nahl
Thierry Bordaz
Thomas Woerner
Jason Woods
Adam Young
Mohammad Rizwan Yusuf
Jan Zelený
Alex Zeleznikov
Michal Židek
Pavel Zůna
Thorsten Scherf
Tibor Dudlák
Timo Aaltonen
Tomáš Babej
Tomáš Křížek
Varun Mylaraiah
W. Michael Petullo
William Brown
William Jon McCann
Xiao-Long Chen
Yuri Chornoivan
Documentation:
Gabe Alford
......@@ -161,26 +174,38 @@ Testing:
Yi Zhang
Translators:
A S Alam
Abhijeet Kasurde
Alex
Alexander Bokovoy
Andi Chandler
Andrew Martynov
A S Alam
Brian Curtich
David Kreitschmann
dominique
Emilio Herrera
Gundachandru
Héctor Daniel Cabrera
Jake Li
Jérôme Fenal
Josef Hruška
Marco Aurélio Krause
Martin Bašti
Martin Kosek
Martin Liu
Olesya Gerasimenko
Omar Berroterán S.
Paul Ritter
Pavel Borecki
Pavel Vomacka
Piotr Drąg
Robert Antoni Buj Gelonch
Sankarshan Mukhopadhyay
Teguh DC
Tomas Babej
Yuri Chornoivan
Zdenek
zhenglei
Wiki, Solution and Idea Contributors:
James Hogarth
......
Makefile.am
View file @ e3f69f4e
......@@ -13,6 +13,16 @@ endif
IPACLIENT_SUBDIRS = ipaclient ipalib ipaplatform ipapython
PYTHON_SUBDIRS = $(IPACLIENT_SUBDIRS) $(IPATESTS_SUBDIRS) $(IPASERVER_SUBDIRS)
PYTHON_SCRIPT_SUBDIRS = \
$(top_builddir) \
$(top_builddir)/client \
$(top_builddir)/daemons/dnssec \
$(top_builddir)/install/certmonger \
$(top_builddir)/install/oddjob \
$(top_builddir)/install/restart_scripts \
$(top_builddir)/install/tools \
$(NULL)
IPA_PLACEHOLDERS = freeipa ipa ipaserver ipatests
SUBDIRS = asn1 util client contrib po pypi $(PYTHON_SUBDIRS) $(SERVER_SUBDIRS)
......@@ -79,6 +89,8 @@ clean-local:
rm -rf "$(top_builddir)/.tox"
rm -rf "$(top_srcdir)/__pycache__"
rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz
rm -rf "$(top_srcdir)/cov-int"
rm -f "$(top_srcdir)/freeipa.tgz"
# convenience targets for RPM build
.PHONY: rpmroot rpmdistdir version-update _dist-version-bakein _rpms-prep \
......@@ -169,7 +181,7 @@ endif WITH_PYLINT
if WITH_JSLINT
JSLINT_TARGET = jslint
endif WITH_JSLINT
lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET)
lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET) rpmlint yamllint
.PHONY: devcheck
devcheck: all
......@@ -182,39 +194,21 @@ endif
if ! WITH_JSLINT
@echo "ERROR: jslint not available"; exit 1
endif
if ! WITH_PYTHON2
@echo "ERROR: python2 not available"; exit 1
endif
@ # run all linters, tests, and check with Python 2
PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON2) ipatests/ipa-run-tests \
--ipaclient-unittests
$(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check
$(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint
if WITH_PYTHON3
@ # just tests, aci, api and pylint on Python 3
PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON3) ipatests/ipa-run-tests \
PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON) ipatests/ipa-run-tests \
--ipaclient-unittests
$(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) acilint apilint polint pylint jslint check
else
@echo "WARNING: python3 not available"
endif
$(MAKE) $(AM_MAKEFLAGS) acilint apilint polint pylint jslint rpmlint yamllint check
@echo "All tests passed."
.PHONY: fastcheck fasttest fastlint
fastcheck:
if WITH_PYTHON2
@$(MAKE) -j1 $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) \
fastlint fasttest apilint acilint
endif
if WITH_PYTHON3
@$(MAKE) -j1 $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) \
fastlint fasttest apilint acilint
endif
@$(MAKE) -j1 $(AM_MAKEFLAGS) fastlint rpmlint yamllint fasttest apilint acilint
fasttest: $(GENERATED_PYTHON_FILES) ipasetup.py
@ # --ignore doubles speed of total test run compared to pytest.skip()
@ # on module.
PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON3) ipatests/ipa-run-tests \
PATH=$(abspath ipatests):$$PATH PYTHONPATH=$(abspath $(top_srcdir)) \
$(PYTHON) ipatests/ipa-run-tests \
--skip-ipaapi \
--ignore $(abspath $(top_srcdir))/ipatests/test_integration \
--ignore $(abspath $(top_srcdir))/ipatests/test_xmlrpc
......@@ -226,8 +220,19 @@ endif
@echo "Fast linting with $(PYTHON) from branch '$(GIT_BRANCH)'"
@MERGEBASE=$$(git merge-base --fork-point $(GIT_BRANCH)); \
FILES=$$(git diff --name-only --diff-filter=d $${MERGEBASE} \
PYFILES=$$(git diff --name-only --diff-filter=d $${MERGEBASE} \
| grep -E '\.py$$' ); \
INFILES=$$(git diff --name-only --diff-filter=d $${MERGEBASE} \
| grep -E '\.in$$' \
| xargs -n1 file 2>/dev/null | grep Python \
| cut -d':' -f1; ); \
if [ -n "$${PYFILES}" ] && [ -n "$${INFILES}" ]; then \
FILES="$$( printf $${PYFILES}\\n$${INFILES} )" ; \
elif [ -n "$${PYFILES}" ]; then \
FILES="$${PYFILES}" ; \
else \
FILES="$${INFILES}" ; \
fi ; \
if [ -n "$${FILES}" ]; then \
echo -e "Fast linting files:\n$${FILES}\n"; \
echo "pycodestyle"; \
......@@ -266,6 +271,22 @@ polint:
$(MAKE) -C $(srcdir)/po PYTHON=$(PYTHON) \
validate-src-strings validate-po test-gettext
.PHONY: rpmlint
rpmlint: freeipa.spec
rpmlint ./$<
YAML_FILES = \
$(top_srcdir)/.travis.yml \
$(top_srcdir)/.lgtm.yml \
$(wildcard $(top_srcdir)/.*.yaml) \
$(wildcard $(top_srcdir)/ipatests/prci_definitions/*.yaml)
.PHONY: yamllint
yamllint: $(YAML_FILES)
@for YAML in $^; do \
$(PYTHON) -c "import yaml; f = open('$${YAML}'); yaml.safe_load(f); f.close()" || exit 1; \
done
# Run pylint for all python files. Finds all python files/packages, skips
# folders rpmbuild, freeipa-* and dist. Skip (match, but don't print) .*,
# *.in, *~. Finally print all python files, including scripts that do not
......@@ -274,9 +295,7 @@ polint:
.PHONY: pylint
if WITH_PYLINT
pylint: $(GENERATED_PYTHON_FILES) ipasetup.py
@# build CLI scripts
$(MAKE) -C $(top_builddir)/install/tools
pylint: $(GENERATED_PYTHON_FILES) ipasetup.py python_scripts
FILES=`find $(top_srcdir) \
-type d -exec test -e '{}/__init__.py' \; -print -prune -o \
-path './rpmbuild' -prune -o \
......@@ -383,10 +402,41 @@ python_install:
$(MAKE) $(AM_MAKEFLAGS) -C $${dir} install || exit 1; \
done
.PHONY: python_scripts
python_scripts:
for dir in $(PYTHON_SCRIPT_SUBDIRS); do \
$(MAKE) $(AM_MAKEFLAGS) -C $${dir} python_scripts_sub || exit 1; \
done
.PHONY:
strip-po:
$(MAKE) -C po strip-po
.PHONY: cov-scan
cov-scan:
$(MAKE) clean
@# analyse C code with workaround for missing _Float types
@# https://stackoverflow.com/questions/50434236/coverity-scan-fails-to-build-stdlib-h-with-gnu-source-defined
cov-build --dir cov-int $(MAKE) all \
CFLAGS="-D_Float32=float -D_Float32x=double -D_Float64=double -D_Float64x='long double' -D_Float128='long double'"
@# remove build directories and analyse Python
rm -rf ipa*/build
cov-build --dir cov-int --no-command \
$(foreach d,$(PYTHON_SUBDIRS),--fs-capture-search $(d))
@# analyze JS files
cov-build --dir cov-int --no-command --fs-capture-search install/ui
@# compress and upload
tar czvf freeipa.tgz cov-int
if [ -n "$${COVERITY_SCAN_TOKEN}" ]; then \
curl --progress-bar --output /dev/null \
--form token=$${COVERITY_SCAN_TOKEN} \
--form email=scan@mg.freeipa.org \
--form file=@freeipa.tgz \
--form version="$(VERSION)" \
--form description="FreeIPA" \
"https://scan.coverity.com/builds?project=freeipa%2Ffreeipa"; \
fi
PYTHON_SHEBANG = \
ipa \
makeaci \
......
Makefile.pythonscripts.am
View file @ e3f69f4e
# special handling of Python scripts with auto-generated shebang line
$(PYTHON_SHEBANG):%: %.in Makefile
$(AM_V_GEN)sed -e 's|@PYTHONSHEBANG[@]|#!$(PYTHON) -E|g' $< > $@
$(AM_V_GEN)sed -e 's|^#!/usr/bin/python3.*|#!$(PYTHON) -E|g' $< > $@
$(AM_V_GEN)chmod +x $@
.PHONY: python_scripts_sub
python_scripts_sub: $(PYTHON_SHEBANG)
README.md
View file @ e3f69f4e
......@@ -75,5 +75,5 @@ Please see the file called COPYING.
https://pagure.io/freeipa/issues
* If you want to participate in actively developing IPA please
subscribe to the freeipa-devel mailing list at
https://www.redhat.com/mailman/listinfo/freeipa-devel/ or join
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/ or join
us in IRC at <irc://irc.freenode.net/freeipa>
VERSION.m4
View file @ e3f69f4e
......@@ -20,14 +20,17 @@
# -> "1.0.0" #
########################################################
define(IPA_VERSION_MAJOR, 4)
define(IPA_VERSION_MINOR, 7)
define(IPA_VERSION_RELEASE, 2)
define(IPA_VERSION_MINOR, 8)
define(IPA_VERSION_RELEASE, 1)
########################################################
# For 'pre' releases the version will be #
# #
# <MAJOR>.<MINOR>.<RELEASE><PRE_RELEASE> #
# #
# pre releases start with RELEASE 90. After pre1 has #
# been released, RELEASE is bumpled to 91, and so on #
# #
# e.g. define(IPA_VERSION_PRE_RELEASE, rc1) #
# -> "1.0.0rc1" #
########################################################
......@@ -83,8 +86,8 @@ define(IPA_DATA_VERSION, 20100614120000)
# #
########################################################
define(IPA_API_VERSION_MAJOR, 2)
define(IPA_API_VERSION_MINOR, 230)
# Last change: Added `automember-find-orphans' command
define(IPA_API_VERSION_MINOR, 233)
# Last change: Added service_add_smb command
########################################################
......
client/Makefile.am
View file @ e3f69f4e
......@@ -43,6 +43,7 @@ sbin_SCRIPTS = \
ipa-certupdate \
ipa-client-automount \
ipa-client-install \
ipa-client-samba \
$(NULL)
ipa_getkeytab_SOURCES = \
......@@ -92,6 +93,7 @@ ipa_join_LDADD = \
SUBDIRS = \
share \
man \
sysconfig \
$(NULL)
noinst_HEADERS = \
......@@ -101,6 +103,7 @@ EXTRA_DIST = \
ipa-certupdate.in \
ipa-client-automount.in \
ipa-client-install.in \
ipa-client-samba.in \
$(NULL)
install-data-hook:
......
client/ipa-certupdate.in
View file @ e3f69f4e
@PYTHONSHEBANG@
#!/usr/bin/python3
# Authors: Jan Cholasta <jcholast@redhat.com>
#
# Copyright (C) 2014 Red Hat
......
client/ipa-client-automount.in
View file @ e3f69f4e
@PYTHONSHEBANG@
#!/usr/bin/python3
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2012 Red Hat
# Copyright (C) 2012, 2019 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
......@@ -21,523 +21,7 @@
#
# Configure the automount client for ldap.
from __future__ import print_function
from ipaclient.install.ipa_client_automount import main
import logging
import sys
import os
import time
import tempfile
import gssapi
try:
from xml.etree import cElementTree as etree
except ImportError:
from xml.etree import ElementTree as etree
import SSSDConfig
# pylint: disable=import-error
from six.moves.urllib.parse import urlsplit
# pylint: enable=import-error
from optparse import OptionParser # pylint: disable=deprecated-module
from ipaclient.install import ipachangeconf, ipadiscovery
from ipaclient.install.client import (CLIENT_NOT_CONFIGURED,
CLIENT_ALREADY_CONFIGURED)
from ipalib import api, errors
from ipalib.install import sysrestore
from ipalib.install.kinit import kinit_keytab
from ipalib.util import check_client_configuration
from ipapython import ipautil
from ipapython.ipa_log_manager import standard_logging_setup
from ipapython.dn import DN
from ipaplatform.constants import constants
from ipaplatform.tasks import tasks
from ipaplatform import services
from ipaplatform.paths import paths
from ipapython.admintool import ScriptError
logger = logging.getLogger(os.path.basename(__file__))
def parse_options():
usage = "%prog [options]\n"
parser = OptionParser(usage=usage)
parser.add_option("--server", dest="server", help="FQDN of IPA server")
parser.add_option("--location", dest="location", help="Automount location",
default="default")
parser.add_option("-S", "--no-sssd", dest="sssd",
action="store_false", default=True,
help="Do not configure the client to use SSSD for automount")
parser.add_option("--debug", dest="debug", action="store_true",
default=False, help="enable debugging")
parser.add_option("-U", "--unattended", dest="unattended",
action="store_true", default=False,
help="unattended installation never prompts the user")
parser.add_option("--uninstall", dest="uninstall", action="store_true",
default=False, help="Unconfigure automount")
options, args = parser.parse_args()
return options, args
def wait_for_sssd():
"""
It takes a bit for sssd to get going, lets loop until it is
serving data.
This function returns nothing.
"""
n = 0
found = False
time.sleep(1)
while n < 10 and not found:
try:
ipautil.run([paths.GETENT, "passwd", "admin@%s" % api.env.realm])
found = True
except Exception:
time.sleep(1)
n = n + 1
# This should never happen but if it does, may as well warn the user
if not found:
err_msg = ("Unable to find 'admin' user with "
"'getent passwd admin@%s'!" % api.env.realm)
logger.debug('%s', err_msg)
print(err_msg)
print("This may mean that sssd didn't re-start properly after the configuration changes.")
def configure_xml(fstore):
authconf = paths.AUTOFS_LDAP_AUTH_CONF
fstore.backup_file(authconf)
try:
tree = etree.parse(authconf)
except IOError as e:
logger.debug('Unable to open file %s', e)
logger.debug('Creating new from template')
tree = etree.ElementTree(
element=etree.Element('autofs_ldap_sasl_conf')
)
element = tree.getroot()
if element.tag != 'autofs_ldap_sasl_conf':
raise RuntimeError('Invalid XML root in file %s' % authconf)
element.set('usetls', 'no')
element.set('tlsrequired', 'no')
element.set('authrequired', 'yes')
element.set('authtype', 'GSSAPI')
element.set('clientprinc', 'host/%s@%s' % (api.env.host, api.env.realm))
try:
tree.write(authconf, xml_declaration=True, encoding='UTF-8')
except IOError as e:
print("Unable to write %s: %s" % (authconf, e))
else:
print("Configured %s" % authconf)
def configure_nsswitch(fstore, options):
"""
Point automount to ldap in nsswitch.conf. This function is for non-SSSD
setups only
"""
fstore.backup_file(paths.NSSWITCH_CONF)
conf = ipachangeconf.IPAChangeConf("IPA Installer")
conf.setOptionAssignment(':')
nss_value = ' files ldap'
opts = [{'name':'automount', 'type':'option', 'action':'set', 'value':nss_value},
{'name':'empty', 'type':'empty'}]
conf.changeConf(paths.NSSWITCH_CONF, opts)
print("Configured %s" % paths.NSSWITCH_CONF)
def configure_autofs_sssd(fstore, statestore, autodiscover, options):
try:
sssdconfig = SSSDConfig.SSSDConfig()
sssdconfig.import_config()
domains = sssdconfig.list_active_domains()
except Exception as e:
sys.exit(e)
try:
sssdconfig.new_service('autofs')
except SSSDConfig.ServiceAlreadyExists:
pass
except SSSDConfig.ServiceNotRecognizedError:
logger.error("Unable to activate the Autofs service in SSSD config.")
logger.info(
"Please make sure you have SSSD built with autofs support "
"installed.")
logger.info(
"Configure autofs support manually in /etc/sssd/sssd.conf.")
sys.exit("Cannot create the autofs service in sssd.conf")
sssdconfig.activate_service('autofs')
domain = None
for name in domains:
domain = sssdconfig.get_domain(name)
try:
provider = domain.get_option('id_provider')
except SSSDConfig.NoOptionError:
continue
if provider == "ipa":
domain.add_provider('ipa', 'autofs')
try:
domain.get_option('ipa_automount_location')
print('An automount location is already configured')
sys.exit(CLIENT_ALREADY_CONFIGURED)
except SSSDConfig.NoOptionError:
domain.set_option('ipa_automount_location', options.location)
break
if domain is None:
sys.exit('SSSD is not configured.')
sssdconfig.save_domain(domain)
sssdconfig.write(paths.SSSD_CONF)
statestore.backup_state('autofs', 'sssd', True)
sssd = services.service('sssd', api)
sssd.restart()
print("Restarting sssd, waiting for it to become available.")
wait_for_sssd()
def configure_autofs(fstore, statestore, autodiscover, server, options):
"""
fstore: the FileStore to back up files in
options.server: the IPA server to use
options.location: the Automount location to use
"""
if not autodiscover:
ldap_uri = "ldap://%s" % server
else:
ldap_uri = "ldap:///%s" % api.env.basedn
search_base = str(DN(('cn', options.location), api.env.container_automount, api.env.basedn))
replacevars = {
'MAP_OBJECT_CLASS': 'automountMap',
'ENTRY_OBJECT_CLASS': 'automount',
'MAP_ATTRIBUTE': 'automountMapName',
'ENTRY_ATTRIBUTE': 'automountKey',
'VALUE_ATTRIBUTE': 'automountInformation',
'SEARCH_BASE': search_base,
'LDAP_URI': ldap_uri,
}
ipautil.backup_config_and_replace_variables(fstore,
paths.SYSCONFIG_AUTOFS, replacevars=replacevars)
tasks.restore_context(paths.SYSCONFIG_AUTOFS)
statestore.backup_state('autofs', 'sssd', False)
print("Configured %s" % paths.SYSCONFIG_AUTOFS)
def configure_autofs_common(fstore, statestore, options):
autofs = services.knownservices.autofs
statestore.backup_state('autofs', 'enabled', autofs.is_enabled())
statestore.backup_state('autofs', 'running', autofs.is_running())
try:
autofs.restart()
print("Started %s" % autofs.service_name)
except Exception as e:
logger.error("%s failed to restart: %s", autofs.service_name, e)
try:
autofs.enable()
except Exception as e:
print("Failed to configure automatic startup of the %s daemon" % (autofs.service_name))
logger.error("Failed to enable automatic startup of the %s daemon: %s",
autofs.service_name, str(e))
def uninstall(fstore, statestore):
RESTORE_FILES=[
paths.SYSCONFIG_AUTOFS,
paths.NSSWITCH_CONF,
paths.AUTOFS_LDAP_AUTH_CONF,
paths.SYSCONFIG_NFS,
paths.IDMAPD_CONF,
]
STATES=['autofs', 'rpcidmapd', 'rpcgssd']
# automount only touches /etc/nsswitch.conf if LDAP is
# used. Don't restore it otherwise.
if (statestore.get_state('authconfig', 'sssd') or
(statestore.get_state('authselect', 'profile') == 'sssd')):
RESTORE_FILES.remove(paths.NSSWITCH_CONF)
if (not any(fstore.has_file(f) for f in RESTORE_FILES) or
not any(statestore.has_state(s) for s in STATES)):
print("IPA automount is not configured on this system")
return CLIENT_NOT_CONFIGURED
print("Restoring configuration")
for filepath in RESTORE_FILES:
if fstore.has_file(filepath):
fstore.restore_file(filepath)
if statestore.has_state('autofs'):
enabled = statestore.restore_state('autofs', 'enabled')
running = statestore.restore_state('autofs', 'running')
sssd = statestore.restore_state('autofs', 'sssd')
autofs = services.knownservices.autofs
if not enabled:
autofs.disable()
if not running:
autofs.stop()
if sssd:
try:
sssdconfig = SSSDConfig.SSSDConfig()
sssdconfig.import_config()
sssdconfig.deactivate_service('autofs')
domains = sssdconfig.list_active_domains()
for name in domains:
domain = sssdconfig.get_domain(name)
try:
provider = domain.get_option('id_provider')
except SSSDConfig.NoOptionError:
continue
if provider == "ipa":
domain.remove_option('ipa_automount_location')
domain.remove_provider('autofs')
break
sssdconfig.save_domain(domain)
sssdconfig.write(paths.SSSD_CONF)
sssd = services.service('sssd', api)
sssd.restart()
wait_for_sssd()
except Exception as e:
print('Unable to restore SSSD configuration: %s' % str(e))
logger.debug('Unable to restore SSSD configuration: %s',
str(e))
if statestore.has_state('rpcidmapd'):
enabled = statestore.restore_state('rpcidmapd', 'enabled')
running = statestore.restore_state('rpcidmapd', 'running')
rpcidmapd = services.knownservices.rpcidmapd
if not enabled:
rpcidmapd.disable()
if not running:
rpcidmapd.stop()
if statestore.has_state('rpcgssd'):
enabled = statestore.restore_state('rpcgssd', 'enabled')
running = statestore.restore_state('rpcgssd', 'running')
rpcgssd = services.knownservices.rpcgssd
if not enabled:
rpcgssd.disable()
if not running:
rpcgssd.stop()
return 0
def configure_nfs(fstore, statestore):
"""
Configure secure NFS
"""
replacevars = {
constants.SECURE_NFS_VAR: 'yes',
}
ipautil.backup_config_and_replace_variables(fstore,
paths.SYSCONFIG_NFS, replacevars=replacevars)
tasks.restore_context(paths.SYSCONFIG_NFS)
print("Configured %s" % paths.SYSCONFIG_NFS)
# Prepare the changes
# We need to use IPAChangeConf as simple regexp substitution
# does not cut it here
conf = ipachangeconf.IPAChangeConf("IPA automount installer")
conf.case_insensitive_sections = False
conf.setOptionAssignment(" = ")
conf.setSectionNameDelimiters(("[", "]"))
changes = [conf.setOption('Domain', api.env.domain)]
section_with_changes = [conf.setSection('General', changes)]
# Backup the file and apply the changes
fstore.backup_file(paths.IDMAPD_CONF)
conf.changeConf(paths.IDMAPD_CONF, section_with_changes)
tasks.restore_context(paths.IDMAPD_CONF)
print("Configured %s" % paths.IDMAPD_CONF)
rpcidmapd = services.knownservices.rpcidmapd
statestore.backup_state('rpcidmapd', 'enabled', rpcidmapd.is_enabled())
statestore.backup_state('rpcidmapd', 'running', rpcidmapd.is_running())
try:
rpcidmapd.restart()
print("Started %s" % rpcidmapd.service_name)
except Exception as e:
logger.error("%s failed to restart: %s", rpcidmapd.service_name, e)
try:
rpcidmapd.enable()
except Exception as e:
print("Failed to configure automatic startup of the %s daemon" % (rpcidmapd.service_name))
logger.error("Failed to enable automatic startup of the %s daemon: %s",
rpcidmapd.service_name, str(e))
rpcgssd = services.knownservices.rpcgssd
statestore.backup_state('rpcgssd', 'enabled', rpcgssd.is_enabled())
statestore.backup_state('rpcgssd', 'running', rpcgssd.is_running())
try:
rpcgssd.restart()
print("Started %s" % rpcgssd.service_name)
except Exception as e:
logger.error("%s failed to restart: %s", rpcgssd.service_name, e)
try:
rpcgssd.enable()
except Exception as e:
print("Failed to configure automatic startup of the %s daemon" % (rpcgssd.service_name))
logger.error("Failed to enable automatic startup of the %s daemon: %s",
rpcgssd.service_name, str(e))
def main():
try:
check_client_configuration()
except ScriptError as e:
print(e.msg)
sys.exit(e.rval)
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
options, _args = parse_options()
standard_logging_setup(
paths.IPACLIENT_INSTALL_LOG, verbose=False, debug=options.debug,
filemode='a', console_format='%(message)s')
cfg = dict(
context='cli_installer',
confdir=paths.ETC_IPA,
in_server=False,
debug=options.debug,
verbose=0,
)
# Bootstrap API early so that env object is available
api.bootstrap(**cfg)
if options.uninstall:
return uninstall(fstore, statestore)
ca_cert_path = None
if os.path.exists(paths.IPA_CA_CRT):
ca_cert_path = paths.IPA_CA_CRT
if statestore.has_state('autofs'):
print('An automount location is already configured')
sys.exit(CLIENT_ALREADY_CONFIGURED)
autodiscover = False
ds = ipadiscovery.IPADiscovery()
if not options.server:
print("Searching for IPA server...")
ret = ds.search(ca_cert_path=ca_cert_path)
logger.debug('Executing DNS discovery')
if ret == ipadiscovery.NO_LDAP_SERVER:
logger.debug('Autodiscovery did not find LDAP server')
s = urlsplit(api.env.xmlrpc_uri)
server = [s.netloc]
logger.debug('Setting server to %s', s.netloc)
else:
autodiscover = True
if not ds.servers:
sys.exit('Autodiscovery was successful but didn\'t return a server')
logger.debug('Autodiscovery success, possible servers %s',
','.join(ds.servers))
server = ds.servers[0]
else:
server = options.server
logger.debug("Verifying that %s is an IPA server", server)
ldapret = ds.ipacheckldap(server, api.env.realm, ca_cert_path)
if ldapret[0] == ipadiscovery.NO_ACCESS_TO_LDAP:
print("Anonymous access to the LDAP server is disabled.")
print("Proceeding without strict verification.")
print("Note: This is not an error if anonymous access has been explicitly restricted.")
elif ldapret[0] == ipadiscovery.NO_TLS_LDAP:
logger.warning("Unencrypted access to LDAP is not supported.")
elif ldapret[0] != 0:
sys.exit('Unable to confirm that %s is an IPA server' % server)
if not autodiscover:
print("IPA server: %s" % server)
logger.debug('Using fixed server %s', server)
else:
print("IPA server: DNS discovery")
logger.debug('Configuring to use DNS discovery')
print("Location: %s" % options.location)
logger.debug('Using automount location %s', options.location)
ccache_dir = tempfile.mkdtemp()
ccache_name = os.path.join(ccache_dir, 'ccache')
try:
try:
host_princ = str('host/%s@%s' % (api.env.host, api.env.realm))
kinit_keytab(host_princ, paths.KRB5_KEYTAB, ccache_name)
os.environ['KRB5CCNAME'] = ccache_name
except gssapi.exceptions.GSSError as e:
sys.exit("Failed to obtain host TGT: %s" % e)
# Finalize API when TGT obtained using host keytab exists
api.finalize()
# Now we have a TGT, connect to IPA
try:
api.Backend.rpcclient.connect()
except errors.KerberosError as e:
sys.exit('Cannot connect to the server due to ' + str(e))
try:
# Use the RPC directly so older servers are supported
api.Backend.rpcclient.forward(
'automountlocation_show',
ipautil.fsdecode(options.location),
version=u'2.0',
)
except errors.VersionError as e:
sys.exit('This client is incompatible: ' + str(e))
except errors.NotFound:
sys.exit("Automount location '%s' does not exist" % options.location)
except errors.PublicError as e:
sys.exit("Cannot connect to the server due to generic error: %s" % str(e))
finally:
os.remove(ccache_name)
os.rmdir(ccache_dir)
if not options.unattended and not ipautil.user_input("Continue to configure the system with these values?", False):
sys.exit("Installation aborted")
try:
if not options.sssd:
configure_nsswitch(fstore, options)
configure_nfs(fstore, statestore)
if options.sssd:
configure_autofs_sssd(fstore, statestore, autodiscover, options)
else:
configure_xml(fstore)
configure_autofs(fstore, statestore, autodiscover, server, options)
configure_autofs_common(fstore, statestore, options)
except Exception as e:
logger.debug('Raised exception %s', e)
print("Installation failed. Rolling back changes.")
uninstall(fstore, statestore)
return 1
return 0
try:
if not os.geteuid()==0:
sys.exit("\nMust be run as root\n")
sys.exit(main())
except SystemExit as e:
sys.exit(e)
except RuntimeError as e:
sys.exit(e)
except (KeyboardInterrupt, EOFError):
sys.exit(1)
if __name__ == '__main__':
main()
client/ipa-client-install.in
View file @ e3f69f4e
@PYTHONSHEBANG@
#!/usr/bin/python3
# Authors: Simo Sorce <ssorce@redhat.com>
# Karl MacMillan <kmacmillan@mentalrootkit.com>
#
......
client/ipa-client-samba.in 0 → 100755
View file @ e3f69f4e
#!/usr/bin/python3
#
# Copyright (C) 2019 FreeIPA Contributors see COPYING for license
#
# Configure the Samba suite to operate as domain member in IPA domain
import os
import sys
from ipaclient.install import ipa_client_samba
try:
if not os.geteuid() == 0:
sys.exit("\nMust be run as root\n")
sys.exit(ipa_client_samba.run())
except SystemExit as e:
sys.exit(e)
except RuntimeError as e:
sys.exit(e)
except (KeyboardInterrupt, EOFError):
sys.exit(1)