On Thu, 2014-06-26 at 10:37 +0200, Martin Kosek wrote:
> On 06/26/2014 04:29 AM, Nathaniel McCallum wrote:
> > On Mon, 2014-06-23 at 17:24 -0400, Nathaniel McCallum wrote:
> >> On Mon, 2014-06-23 at 14:35 -0400, Simo Sorce wrote:
> >>> ----- Original Message -----
> >>>> ----- Original Message -----
> >>>>>> Can you check if ipaProtectedOperation is in the aci attribute in the
> >>>>>> base tree object ?
> >>>>>> It should be there as excluded, and that should cause admin to not be
> >>>>>> able to retrieve keytabs.
> >>>>>
> >>>>> It was not. While running ipa-ldap-updater I got the following:
> >>>>> InvalidSyntax: ACL Syntax Error(-5):(targetattr=
> >>>>> \22ipaProtectedOperation;write_keys\22)(version 3.0; acl \22Admins are
> >>>>> allowed to rekey any entity\22; allow(write) groupdn =
> >>>>> \22ldap:///cn=admins: Invalid syntax.
> >>>>
> >>>> Uhmm I do not see anything obviously wrong with ACI instruction, it looks
> >>>> just like the one I replace, Ideas ?
> >>>> Do you have ipaProtectedOperation in the schema ?
> >>>>
> >>>> (I rebased patch 3 but will wait to send a patchset until we understand 
> >>>> (and
> >>>> fix) why this is failing to update.
> >>>
> >>> Ok, apparently it was a quoting issue in the .update files, hopefully 
> >>> that's
> >>> the only issue (I am at a conference today and do not have my test env. 
> >>> handy).
> >>>
> >>> The attached patches are rebased on the latest master.
> >>
> >> 0001: Line 555 has very wrong indentation.
> >>
> >> I don't see anything else wrong in the other patches. I've tested
> >> everything and it works as designed.
> >>
> >> I have CC'd everyone who was involved with review at any point on these
> >> patches. This serves as my public notice that I'd like to ACK the next
> >> round of patches. If anyone has anything else to add, please do it
> >> before tomorrow evening. Thanks!
> >>
> >> Nathaniel
> > 
> > ACK
> > 
> > Nathaniel
> 
> Pushed all 6 patches to master. Thanks for careful review!

Not sure what happened but the indentation issue I sent a patch for was
not fixed in the final push and instead of a tab now there are 4 spaces:

Attached find patch that fixes the issue as seen in master.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From dc0a99c688e697daefeca36d6773aa2b402ee715 Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Thu, 26 Jun 2014 13:49:33 -0400
Subject: [PATCH] Fix incorrect indentation

---
 daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index b0cdea315913dbfdce3dead7a2054b6fa917a9ae..ca021cac71da690a498fe3003fae1babb30456c1 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -1073,7 +1073,7 @@ static int encode_setkeytab_reply(struct ipapwd_keyset *kset,
 
     for (int i = 0; i < kset->num_keys; i++) {
         rc = ber_printf(ber, "{i}", (ber_int_t)kset->keys[i].key_data_type[0]);
-    if (rc == -1) {
+        if (rc == -1) {
             rc = LDAP_OPERATIONS_ERROR;
             LOG_FATAL("Failed to ber_printf the enctype");
             goto done;
-- 
1.9.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to