Import Upstream version 4.12.4

ipaserver/advise/base.py

@@ -451,13 +451,14 @@ class IpaAdvise(admintool.AdminTool):
 
     @classmethod
     def add_options(cls, parser):
-        super(IpaAdvise, cls).add_options(parser)
+        super(IpaAdvise, cls).add_options(parser, debug_option=True)
 
     def validate_options(self):
         super(IpaAdvise, self).validate_options(needs_root=False)
         installutils.check_server_configuration()
 
         if len(self.args) > 1:
+            # pylint: disable=raising-bad-type, #4772
             raise self.option_parser.error("You can only provide one "
                                            "positional argument.")
 

ipaserver/advise/plugins/legacy_clients.py

@@ -94,7 +94,7 @@ class config_redhat_sssd_before_1_9(config_base_legacy_client):
     Legacy client configuration for Red Hat based systems, using SSSD.
     """
     description = ('Instructions for configuring a system with an old version '
-                   'of SSSD (1.5-1.8) as a FreeIPA client. This set of '
+                   'of SSSD (1.5-1.8) as a IPA client. This set of '
                    'instructions is targeted for platforms that include '
                    'the authconfig utility, which are all Red Hat based '
                    'platforms.')
@@ -129,7 +129,7 @@ class config_generic_linux_sssd_before_1_9(config_base_legacy_client):
     using SSSD.
     """
     description = ('Instructions for configuring a system with an old version '
-                   'of SSSD (1.5-1.8) as a FreeIPA client. This set of '
+                   'of SSSD (1.5-1.8) as a IPA client. This set of '
                    'instructions is targeted for linux systems that do not '
                    'include the authconfig utility.')
 
@@ -184,7 +184,7 @@ class config_redhat_nss_pam_ldapd(config_base_legacy_client):
     using nss-pam-ldapd.
     """
     description = ('Instructions for configuring a system with nss-pam-ldapd '
-                   'as a FreeIPA client. This set of instructions is targeted '
+                   'as a IPA client. This set of instructions is targeted '
                    'for platforms that include the authconfig utility, which '
                    'are all Red Hat based platforms.')
 
@@ -352,7 +352,7 @@ class config_redhat_nss_ldap(config_base_legacy_client):
     using nss-ldap.
     """
     description = ('Instructions for configuring a system with nss-ldap '
-                   'as a FreeIPA client. This set of instructions is targeted '
+                   'as a IPA client. This set of instructions is targeted '
                    'for platforms that include the authconfig utility, which '
                    'are all Red Hat based platforms.')
 

ipaserver/advise/plugins/smart_card_auth.py

@@ -97,7 +97,7 @@ class config_server_for_smart_card_auth(common_smart_card_auth_config):
     """
 
     description = ("Instructions for enabling Smart Card authentication on "
-                   " a single FreeIPA server. Includes Apache configuration, "
+                   " a single IPA server. Includes Apache configuration, "
                    "enabling PKINIT on KDC and configuring WebUI to accept "
                    "Smart Card auth requests. To enable the feature in the "
                    "whole topology you have to run the script on each master")
@@ -149,7 +149,7 @@ class config_server_for_smart_card_auth(common_smart_card_auth_config):
         self.log.exit_on_predicate(
             '[ -z "$ipaca_records" ]',
             [
-                'Can not resolve ipa-ca records for ${domain_name}',
+                f'Can not resolve ipa-ca records for {ipa_domain_name}',
                 'Please make sure to update your DNS infrastructure with ',
                 'ipa-ca record pointing to IP addresses of IPA CA masters'
             ])
@@ -244,11 +244,11 @@ class config_server_for_smart_card_auth(common_smart_card_auth_config):
 @register()
 class config_client_for_smart_card_auth(common_smart_card_auth_config):
     """
-    Configures smart card authentication on FreeIPA client
+    Configures smart card authentication on IPA client
     """
 
     description = ("Instructions for enabling Smart Card authentication on "
-                   " a single FreeIPA client. Configures Smart Card daemon, "
+                   " a single IPA client. Configures Smart Card daemon, "
                    "set the system-wide trust store and configures SSSD to "
                    "allow smart card logins to desktop")
 
@@ -306,8 +306,9 @@ class config_client_for_smart_card_auth(common_smart_card_auth_config):
         shared_lib = self.pkcs11_shared_lib
 
         self.log.commands_on_predicate(
-            'modutil -dbdir {} -list | grep -q {}'.format(
-                nssdb, module_name),
+            'modutil -dbdir {nssdb} -list | grep -q {module_name} || '
+            'p11-kit list-modules | grep -i {module_name} -q'.format(
+                nssdb=nssdb, module_name=module_name),
             [
                 'echo "{} PKCS#11 module already configured"'.format(
                     module_name)