[Freeipa-devel] [PATCH] 062-065 Ticket 1466 Validate AAAA records as valid IPv6 prior to sending to server
This ticket was divided into 4 small almost independent patches. 1) 62-Added-support-of-custom-field-validators 2) 63-Added-validation-logic-to-multivalued-text-field - depends on 1 3) 64-Added-client-side-validation-of-A-and--DNS-recor - depends on 1 4) 65-Fixed-IPv6-validation-special-case-single-colon - minor fix Patch descriptions: 1) Added support of custom field validators Current validation logic supports only validation based on metadata. It can be extended only by overriding field's validation method. This approach requires creating subclasses of field for each different format of desired value. It's inconvenient for cases like adding the same validation logic to two different subclasses of field. This patch is adding support for creating custom validators. Validator is an object which contains validation logic. Validation is executed in a validate(value, context) method. This method checks if the value is valid and returns a validation result. Validation result is a simple object which contains valid property and an error message if valid is false. Field is extended by validators property. It can be set in spec object or later. It should contain instances of validators for the field. Validators are run in field's validation method. 2) Added validation logic to multivalued text field 3) Added client-side validation of A and DNS records 4) Fixed IPv6 validation special case: single colon IPv6 parsing was incorrectly evaluating ':' as a valid IPv6 address. All: https://fedorahosted.org/freeipa/ticket/1466 -- Petr Vobornik From 986cd0ce439ae1eca8a0e623546ca44107fa78a1 Mon Sep 17 00:00:00 2001 From: Petr Vobornik pvobo...@redhat.com Date: Mon, 2 Jan 2012 10:33:09 +0100 Subject: [PATCH 62/65] Added support of custom field validators Current validation logic supports only validation based on metadata. It can be extended only by overriding field's validation method. This approach requires creating subclasses of field for each different format of desired value. It's inconvenient for cases like adding the same validation logic to two different subclasses of field. This patch is adding support for creating custom validators. Validator is an object which contains validation logic. Validation is executed in a validate(value, context) method. This method checks if the value is valid and returns a validation result. Validation result is a simple object which contains valid property and an error message if valid is false. Field is extended by validators property. It can be set in spec object or later. It should contain instances of validators for the field. Validators are run in field's validation method. This patch is a prerequisite for: https://fedorahosted.org/freeipa/ticket/1466 --- install/ui/field.js | 140 --- 1 files changed, 88 insertions(+), 52 deletions(-) diff --git a/install/ui/field.js b/install/ui/field.js index 18a52c9b6344ace274601c95ed25f12774cf778f..fc6b75ddaebc940bb6b7aed8ec4e32693b335364 100644 --- a/install/ui/field.js +++ b/install/ui/field.js @@ -53,6 +53,7 @@ IPA.field = function(spec) { that.join = spec.join; that.metadata = spec.metadata; +that.validators = spec.validators || []; that.priority = spec.priority; @@ -74,6 +75,8 @@ IPA.field = function(spec) { that.tooltip = that.metadata.doc; } } + +that.validators.push(IPA.metadata_validator()); }; that.is_required = function() { @@ -98,71 +101,37 @@ IPA.field = function(spec) { that.validate_required = function() { var values = that.save(); -if (!values || !values.length || values[0] === '') { -if (that.is_required()) { -that.valid = false; -that.show_error(IPA.messages.widget.validation.required); -return false; -} +if (that.is_empty(values) that.is_required()) { +that.valid = false; +that.show_error(IPA.messages.widget.validation.required); +return false; } return true; }; -/*returns true and clears the error message if the field value passes - * the validation pattern. If the field value does not pass validation, - * displays the error message and returns false. */ +/** + * Returns true and clears the error message if the field value passes + * the validation pattern. If the field value does not pass validation, + * displays the error message and returns false. + */ that.validate = function() { that.hide_error(); that.valid = true; var values = that.save(); -if (!values) { -return that.valid; -} -if (values.length === 0) { + +if (that.is_empty(values)) { return that.valid; } + var value = values[0]; -if (!value) { -return
Re: [Freeipa-devel] [PATCH] 333 Reload UI when the user changes.
On 12/21/2011 05:07 PM, Petr Vobornik wrote: On 12/21/2011 02:37 AM, Endi Sukma Dewata wrote: New patch to fix infinite reload problem with test fixtures. ACK Was pushed to master by Endi. -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 334 Reload UI on server upgrade.
On 12/21/2011 05:07 PM, Petr Vobornik wrote: On 12/21/2011 03:09 AM, Endi Sukma Dewata wrote: The JSON server has been modified to return the version number in all responses. The UI has been modified to keep the version obtained during env operation and check the version returned in subsequent operations. If the version changes the UI will reload itself. Ticket #946 ACK Was pushed to master by Endi. -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] [ipa-2-1] 183 Make sure that install tools log
On Mon, 2012-01-02 at 19:35 +0300, Alexander Bokovoy wrote: On Mon, 02 Jan 2012, Martin Kosek wrote: This is a ipa-2-1 branch fix only. master branch use better and more sophisticated approach to fix logging (ticket 2022). When any log message is emitted before IPA install tools logging is configured, it may break and leave install tools log empty. This happens for example when ipa-server-install --ip-address=$IP_ADDRESS is run. This patch makes sure that logging is right in these cases. https://fedorahosted.org/freeipa/ticket/2214 This is a good start. However, we'll still get messages from --ip-address processing lost. What about adding a Handler class to buffer LogRecords? Set it in the root logger as the very first action in those three tools (ipa-dns-install, ipa-replica-prepare, ipa-server-install) that accept --ip-address option. When standard_logging_setup() is called, it would check for existing handlers and first pull in the records, then remove the handler, call basicSetup() and re-issue the LogRecords again? This way we'll get all the records recovered and will get around IPACheckedAddress limitations. That's a good idea! This way we won't miss any log before our logging setup. Updated patch attached. Martin From 18b2f9577ef8cf2001cfad396ee49a14f08d05ba Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Mon, 2 Jan 2012 16:49:59 +0100 Subject: [PATCH] Make sure that install tools log When any log message is emitted before IPA install tools logging is configured, it may break and leave install tools log empty. This happens for example when ipa-server-install --ip-address=$IP_ADDRESS is run. This patch makes sure that logging is right in these cases. https://fedorahosted.org/freeipa/ticket/2214 --- install/tools/ipa-ca-install |1 + install/tools/ipa-dns-install |1 + install/tools/ipa-replica-install |1 + install/tools/ipa-server-install |2 + ipaserver/install/installutils.py | 43 + 5 files changed, 48 insertions(+), 0 deletions(-) diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index 445b0621419b7aa5b4616e154d9f8193a5d517fb..c813659f34f4471132b83fd4159b69b76f5ce487 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -70,6 +70,7 @@ def get_dirman_password(): return installutils.read_password(Directory Manager (existing master), confirm=False, validate=False) def main(): +installutils.bootstrap_logging() safe_options, options, filename = parse_options() installutils.standard_logging_setup(/var/log/ipareplica-ca-install.log, options.debug) logging.debug('%s was invoked with argument %s and options: %s' % (sys.argv[0], filename, safe_options)) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index d81b6a2e804a815d5bece8426a286e3190f6dee3..25c1bb0cac251d098e3744afd7b7eeab32a3fe6b 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -82,6 +82,7 @@ def parse_options(): return safe_options, options def main(): +bootstrap_logging() safe_options, options = parse_options() if os.getegid() != 0: diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index dbc736764f38489df15900c4540a381764d0c261..7310d286292f571ef25b57b29d2a213f4bd855a1 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -286,6 +286,7 @@ def check_bind(): sys.exit(1) def main(): +installutils.bootstrap_logging() safe_options, options, filename = parse_options() installutils.standard_logging_setup(/var/log/ipareplica-install.log, options.debug) logging.debug('%s was invoked with argument %s and options: %s' % (sys.argv[0], filename, safe_options)) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 8f156e8dde7fbc4cfde00a0f6a2fc8e23403cc73..755f2772780010c62fdc642125107843bef61668 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -562,6 +562,8 @@ def main(): global installation_cleanup ds = None +bootstrap_logging() + safe_options, options = parse_options() if os.getegid() != 0: diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 0a36c354e1d2f901bfdef51c151d035ba8ee64ca..d0f611c611847d02f3d264d669a2e90689f5a87b 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -314,7 +314,47 @@ def port_available(port): return rv +class BufferingHandler(logging.Handler): +log_queue = [] + +def __init__(self): +logging.Handler.__init__(self) +self.level = logging.DEBUG + +def emit(self, record): +self.log_queue.append(record) + +def flush(self): +pass + +def bootstrap_logging(): + +Bootstrap logging and create
Re: [Freeipa-devel] [PATCH] [ipa-2-1] 183 Make sure that install tools log
On Tue, 03 Jan 2012, Martin Kosek wrote: This way we'll get all the records recovered and will get around IPACheckedAddress limitations. That's a good idea! This way we won't miss any log before our logging setup. Updated patch attached. Tried it on F16. With 2.1.4-3 there is no ipaserver-install.log, with the patch I'm getting all the proper logging. Good! ACK. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] [ipa-2-1] 183 Make sure that install tools log
On Tue, 2012-01-03 at 13:27 +0300, Alexander Bokovoy wrote: On Tue, 03 Jan 2012, Martin Kosek wrote: This way we'll get all the records recovered and will get around IPACheckedAddress limitations. That's a good idea! This way we won't miss any log before our logging setup. Updated patch attached. Tried it on F16. With 2.1.4-3 there is no ipaserver-install.log, with the patch I'm getting all the proper logging. Good! ACK. Pushed to ipa-2-1. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 066 Added support for memberof attribute in permission
The attribute was added to adder dialog and details facet. It uses entity select(group) widget. https://fedorahosted.org/freeipa/ticket/2101 Proper functionality of this patch depends on ticket #2100 - Rob's patch 912. Also fixing one label regression. -- Petr Vobornik From bf70f004ae6fffa28f8b968e92f8891d2f52abb4 Mon Sep 17 00:00:00 2001 From: Petr Vobornik pvobo...@redhat.com Date: Tue, 3 Jan 2012 10:57:59 +0100 Subject: [PATCH] Added support for memberof attribute in permission The attribute was added to adder dialog and details facet. It uses entity select (group) widget. https://fedorahosted.org/freeipa/ticket/2101 --- install/ui/aci.js | 28 ++-- 1 files changed, 26 insertions(+), 2 deletions(-) diff --git a/install/ui/aci.js b/install/ui/aci.js index 2176dc31005ae28a84333b0883611c483f60290e..7e4f80f4f479767d8372690d72fe4f4f1fb01df2 100644 --- a/install/ui/aci.js +++ b/install/ui/aci.js @@ -44,6 +44,11 @@ IPA.aci.permission_entity = function(spec) { widget: 'identity.cn' }, { +type: 'entity_select', +name: 'memberof', +widget: 'identity.memberof' +}, +{ type: 'rights', name: 'permissions', join: true, @@ -87,7 +92,15 @@ IPA.aci.permission_entity = function(spec) { type: 'details_table_section', name: 'identity', label: IPA.messages.objects.permission.identity, -widgets: ['cn'] +widgets: [ +'cn', +{ +type: 'entity_select', +name: 'memberof', +other_entity: 'group', +other_field: 'cn' +} +] }, { type: 'details_table_section', @@ -103,7 +116,7 @@ IPA.aci.permission_entity = function(spec) { { type: 'permission_target', container_factory: IPA.details_table_section, -label: IPA.messages.objects.permission.rights, +label: IPA.messages.objects.permission.target, name: 'target', show_target: false } @@ -130,6 +143,11 @@ IPA.aci.permission_entity = function(spec) { widget: 'general.permissions' }, { +type: 'entity_select', +name: 'memberof', +widget: 'general.memberof' +}, +{ type: 'select', name: 'target', widget: 'target.target' @@ -171,6 +189,12 @@ IPA.aci.permission_entity = function(spec) { { type: 'rights', name: 'permissions' +}, +{ +type: 'entity_select', +name: 'memberof', +other_entity: 'group', +other_field: 'cn' } ] }, -- 1.7.6.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Fwd: [PATCH] 912 Display the value of memberOf ACIs in permission plugin.
On 12/07/2011 12:22 AM, Rob Crittenden wrote: Resending as a [PATCH] I've created UI portion patch (#2101). The show command seems working well, but the mod command is not returning the memberof attribute after execution. It is needed for Web UI (if we want to support modification of memberof attr there). Otherwise we would have to call show command after each mod. I'm blaming it on these lines in permission.py:340: for r in result: if not r.startswith('member'): entry_attrs[r] = result[r] return dn -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 184 Add DNS check to conncheck port probe
It is pointless to report failures for all checked ports when the target hostname is not resolvable - user may get easily confused. This patch changes this behavior so that conncheck fails with a proper error and does not even continue to port probing part. https://fedorahosted.org/freeipa/ticket/1984 From 6852df3d4b47116927023fe9729fdb410df65b6d Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Tue, 3 Jan 2012 16:49:06 +0100 Subject: [PATCH] Add DNS check to conncheck port probe It is pointless to report failures for all checked ports when the target hostname is not resolvable - user may get easily confused. This patch changes this behavior so that conncheck fails with a proper error and does not even continue to port probing part. https://fedorahosted.org/freeipa/ticket/1984 --- install/tools/ipa-replica-conncheck |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index 8f8163619533e5c321c6c6d2903ecb6079230d4d..882d77d302bef0abd6a9d06d4cd783fcbafeefe0 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -235,6 +235,11 @@ class PortResponder(threading.Thread): self._stop_request = True def port_check(host, port_list): +ip = installutils.resolve_host(host) + +if ip is None: +raise RuntimeError(Port check failed! Unable to resolve host name '%s' % host) + failed_ports = [] for port in port_list: if ipautil.host_port_open(host, port.port, port.stream, CONNECT_TIMEOUT): -- 1.7.7.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0294 remove delegation from browser config
Adam Young wrote: Hold this patch until all of the S4U2 code is pushed, otherwise it will break the WebUI This will only affect newly installed servers. Should a new jar be generated on upgrades? rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 062-065 Ticket 1466 Validate AAAA records as valid IPv6 prior to sending to server
On 1/3/2012 3:06 AM, Petr Vobornik wrote: 1) 62-Added-support-of-custom-field-validators 2) 63-Added-validation-logic-to-multivalued-text-field - depends on 1 3) 64-Added-client-side-validation-of-A-and--DNS-recor - depends on 1 4) 65-Fixed-IPv6-validation-special-case-single-colon - minor fix ACK and pushed to master. There are some minor issues but they can be fixed later since they don't cause regression: 1. The IPv4 validator can take quads or integer, but it looks like according to RFC 1035 section 3.4.1 (http://tools.ietf.org/html/rfc1035) the A record should only take quads: A records cause no additional section processing. The RDATA section of an A line in a master file is an Internet address expressed as four decimal numbers separated by dots without any imbedded spaces (e.g., 10.2.0.52 or 192.0.5.6) 2. The DNS record adder dialog doesn't validate the A/ records. We might want to define some hidden fields, one field for each record type, then the field will only appear if you select the type from the drop-down list. This way each field can have its own validators. This solution is similar to permission target widget and will be the basis for ticket #2208. 3. The host adder dialog doesn't validate the IP address. 4. The widget_value_changed() in IPA.multivalued_field is not needed because it's identical to the one in IPA.field. 5. Existing problem, in the DNS Resource Records page the delete operation doesn't work. I think this will be addressed in #2094. 6. Existing problem, in the extract_child_value() in IPA.multivalued_text_widget if the value is an empty array the function will return the array itself instead of empty string. 7. Existing problem, in net.js:330 the error message should be for leading instead of trailing zeros. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel