Re: [Freeipa-devel] [PATCH 543] CA install: explicitly set dogtag_version to 10

2016-01-27 Thread Jan Cholasta 

On 26.1.2016 10:23, Martin Babinsky wrote:

On 01/26/2016 10:14 AM, Martin Babinsky wrote:

On 01/25/2016 08:56 AM, Alexander Bokovoy wrote:

On Mon, 25 Jan 2016, Jan Cholasta wrote:

Hi,

the attached patch fixes
.

Note that this is a 4.2-specific fix.

Honza

--
Jan Cholasta



From c2a0684c64538166809883a235bd131518b6e78f Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Mon, 25 Jan 2016 08:48:42 +0100
Subject: [PATCH] CA install: explicitly set dogtag_version to 10

When installing new CA master, explicitly set the dogtag_version
option to
10 in api.bootstrap() to prevent failures in code which expects the
value
to be 10 rather than the default value of 9.

https://fedorahosted.org/freeipa/ticket/5611
---
install/tools/ipa-ca-install | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/tools/ipa-ca-install
b/install/tools/ipa-ca-install
index 6564e4d..e8ccaef 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -162,7 +162,7 @@ def install_master(safe_options, options):

# override ra_plugin setting read from default.conf so that we have
# functional dogtag backend plugins during CA install
-api.bootstrap(in_server=True, ra_plugin='dogtag')
+api.bootstrap(in_server=True, ra_plugin='dogtag',
dogtag_version=10)
api.finalize()

dm_password = options.password
--

ACK.



Not so fast, I have this patch applied on top of ipa-4-2 and it does not
fix the crash described in the ticket.



See the end of CA install log (http://fpaste.org/314777/14537999/), it
seems that despite setting dogtag version to 10 in API initialization,
CA instance still thinks it needs to work with version 9.

It seems that dogtag.configured_constants() function is to blame:

"""
In [4]: from ipalib import api

In [5]: api.bootstrap(dogtag_version=10)

In [6]: api.finalize()

In [7]: dogtag.configured_constants()
Out[7]: ipapython.dogtag.Dogtag9Constants

In [8]: dogtag.configured_constants(api)
Out[8]: ipapython.dogtag.Dogtag10Constants
"""


Updated patch attached.

--
Jan Cholasta
From 0834afa2e1f38c211f94ea94c3f3ab1b9a24f428 Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Mon, 25 Jan 2016 08:48:42 +0100
Subject: [PATCH] CA install: explicitly set dogtag_version to 10

When installing new CA master, explicitly set the dogtag_version option to
10 in api.bootstrap() to prevent failures in code which expects the value
to be 10 rather than the default value of 9.

https://fedorahosted.org/freeipa/ticket/5611
---
 install/tools/ipa-ca-install| 2 +-
 ipaserver/install/cainstance.py | 6 +++---
 ipaserver/install/server/upgrade.py | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 6564e4d..e8ccaef 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -162,7 +162,7 @@ def install_master(safe_options, options):
 
 # override ra_plugin setting read from default.conf so that we have
 # functional dogtag backend plugins during CA install
-api.bootstrap(in_server=True, ra_plugin='dogtag')
+api.bootstrap(in_server=True, ra_plugin='dogtag', dogtag_version=10)
 api.finalize()
 
 dm_password = options.password
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index d9bf4f3..369902a 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -478,7 +478,7 @@ class CAInstance(DogtagInstance):
   self.http_proxy)
 self.step("restarting certificate server", self.restart_instance)
 self.step("migrating certificate profiles to LDAP",
-  migrate_profiles_to_ldap)
+  lambda: migrate_profiles_to_ldap(self.dogtag_constants))
 self.step("importing IPA certificate profiles",
   import_included_profiles)
 self.step("adding default CA ACL", ensure_default_caacl)
@@ -1768,7 +1768,7 @@ def import_included_profiles():
 conn.disconnect()
 
 
-def migrate_profiles_to_ldap():
+def migrate_profiles_to_ldap(dogtag_constants):
 """Migrate profiles from filesystem to LDAP.
 
 This must be run *after* switching to the LDAPProfileSubsystem
@@ -1783,7 +1783,7 @@ def migrate_profiles_to_ldap():
 api.Backend.ra_certprofile._read_password()
 api.Backend.ra_certprofile.override_port = 8443
 
-with open(dogtag.configured_constants().CS_CFG_PATH) as f:
+with open(dogtag_constants.CS_CFG_PATH) as f:
 cs_cfg = f.read()
 match = re.search(r'^profile\.list=(\S*)', cs_cfg, re.MULTILINE)
 profile_ids = match.group(1).split(',')
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 616fba5..2d97196 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -354,7 +354,7 @@ def

Re: [Freeipa-devel] [TEST][Patch 0020] Enabled recreation of test directory during ipa reinstallation

2016-01-27 Thread Oleg Fayans 
Hi guys,

Any chance this can be reviewed any time soon?

On 01/21/2016 12:59 PM, Oleg Fayans wrote:
> 
> 
> 

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [TEST][Patch 0021] Fixed recent replica installation issues in the lab

2016-01-27 Thread Oleg Fayans 
Hi,

On 01/21/2016 04:41 PM, Petr Spacek wrote:
> Hello,
> 
> On 21.1.2016 13:42, Oleg Fayans wrote:
>> freeipa-ofayans-0021-Removed-ip-address-option-from-replica-installation.patch
>>
>>
>> From d7ab06a4dcddb919fda351b983d478f1b6968578 Mon Sep 17 00:00:00 2001
>> From: Oleg Fayans 
>> Date: Thu, 21 Jan 2016 13:30:02 +0100
>> Subject: [PATCH] Removed --ip-address option from replica installation
>>
>> Explicitly specifying ip-address of the replica messes up with the current
>> bind-dyndb-ldap logic, causing reverse zone not to be created.
>>
>> Enabled reverse-zone creation for the clients residing in different subnet 
>> from
>> master
>> ---
>>  ipatests/test_integration/tasks.py | 19 ---
>>  1 file changed, 12 insertions(+), 7 deletions(-)
>>
>> diff --git a/ipatests/test_integration/tasks.py 
>> b/ipatests/test_integration/tasks.py
>> index 
>> 6eb55501389c72b4c7aaa599fd4852d7e8f1f3c2..43ef78b0c55deed24a0444f0ac6c38ddb2517481
>>  100644
>> --- a/ipatests/test_integration/tasks.py
>> +++ b/ipatests/test_integration/tasks.py
>> @@ -69,6 +69,8 @@ def prepare_reverse_zone(host, ip):
>>  host.run_command(["ipa",
>>"dnszone-add",
>>zone], raiseonerr=False)
>> +return zone
>> +
>>  
>>  def prepare_host(host):
>>  if isinstance(host, Host):
>> @@ -319,11 +321,8 @@ def domainlevel(host):
>>  def replica_prepare(master, replica):
>>  apply_common_fixes(replica)
>>  fix_apache_semaphores(replica)
>> -prepare_reverse_zone(master, replica.ip)
>> -master.run_command(['ipa-replica-prepare',
>> -'-p', replica.config.dirman_password,
>> -'--ip-address', replica.ip,
>> -replica.hostname])
>> +master.run_command(['ipa-replica-prepare', '-p', 
>> replica.config.dirman_password,
>> +'--auto-reverse', replica.hostname])
> 
> I guess that you will need --ip-address option in cases where master's reverse
> record does not exist (yet).
And yo were right. Fixed

> 
> I would recommend you to test this in libvirt or somewhere without revere
> records, I suspect that it might blow up.
> 
>>  replica_bundle = master.get_file_contents(
>>  paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
>>  replica_filename = get_replica_filename(replica)
>> @@ -339,8 +338,7 @@ def install_replica(master, replica, setup_ca=True, 
>> setup_dns=False,
>>  # and replica installation would fail
>>  args = ['ipa-replica-install', '-U',
>>  '-p', replica.config.dirman_password,
>> -'-w', replica.config.admin_password,
>> -'--ip-address', replica.ip]
>> +'-w', replica.config.admin_password]
>>  if setup_ca:
>>  args.append('--setup-ca')
>>  if setup_dns:
>> @@ -380,6 +378,13 @@ def install_client(master, client, extra_args=()):
>>  client.collect_log(paths.IPACLIENT_INSTALL_LOG)
>>  
>>  apply_common_fixes(client)
>> +# Now, for the situations where a client resides in a different subnet 
>> from
>> +# master, we need to explicitly tell master to create a reverse zone for
>> +# the client and enable dynamic updates for this zone.
>> +allow_sync_ptr(master)
>> +zone = prepare_reverse_zone(master, client.ip)
>> +master.run_command(["ipa", "dnszone-mod", zone,
>> +"--dynamic-update=TRUE"], raiseonerr=False)
> 
> I'm not a big fan of ignoring exceptions here, it might be better to
> encapsulate the first command with try: except: and run the zone-mod only if
> the add worked as expected.
> 
> Also, logging an message that reverse zone was not added might be a good idea.
Agreed. Done.

> 
> HTH
> 
> Petr^2 Spacek
> 
> 
>>  
>>  client.run_command(['ipa-client-install', '-U',
>>  '--domain', client.domain.name,
> 

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
From b007307d6b15365d7d818e5336033982436fd581 Mon Sep 17 00:00:00 2001
From: Oleg Fayans 
Date: Wed, 27 Jan 2016 09:22:29 +0100
Subject: [PATCH] Removed --ip-address option from replica installation

Explicitly specifying ip-address of the replica messes up with the current
bind-dyndb-ldap logic, causing reverse zone not to be created.

Enabled reverse-zone creation for the clients residing in different subnet from
master
---
 ipatests/test_integration/tasks.py | 19 ++-
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index 6eb55501389c72b4c7aaa599fd4852d7e8f1f3c2..835228b4542af64e1e98739c5de56b834775c6b5 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -66,9 +66,12 @@ def check_arguments_are(slice, instanceof):
 
 def prepare_reverse_zone(host, ip):
 zone = get_reverse_zone_default(ip)
-host.run_command(["ipa",
+result =

Re: [Freeipa-devel] [PATCH 542] replica install: validate DS and HTTP server certificates

2016-01-27 Thread Martin Babinsky 

On 01/25/2016 08:29 AM, Jan Cholasta wrote:

Hi,

the attached patch fixes .

Honza




You may need to rebase the patch on top of ipa-4-2, otherwise ACK.

--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0409] Warn user when ipa *-find reach search limit

2016-01-27 Thread Petr Spacek 
On 26.1.2016 15:38, Gabe Alford wrote:
> On Tue, Jan 26, 2016 at 7:33 AM, Martin Basti  wrote:
> 
>>
>>
>> On 26.01.2016 15:17, Petr Spacek wrote:
>>
>>> On 26.1.2016 15:06, Martin Basti wrote:
>>>

 On 26.01.2016 15:00, Gabe Alford wrote:

> On Tue, Jan 26, 2016 at 6:56 AM, Martin Basti  > wrote:
>
>
>
>  On 26.01.2016 14:55, Petr Spacek wrote:
>
>  On 26.1.2016 14:02, Martin Basti wrote:
>
>  https://fedorahosted.org/freeipa/ticket/5634
>
>  Patch attached.
>
>  It works for me in API, CLI, and Web UI. The warning is shown
>  as expected.
>
>  Interestingly, Web UI behaves strangely when search limit is
>  hit. This needs
>  more investigation because it happens even without this patch
> :-)
>
>  I found different bug there, webUI passes sizelimit: 0
>  (unlimited), but this values is not passed to some searches inside
>  BaseldapSearch which raise error, I will file a ticket na provide
>  details there
>
>
> Works for me as well. However, it would be nice to have what
> ipasearchlimit
> is limited to in the error message as well. So something like:
>
 thanks for testing.

 "Search result has been truncated, the current search limit is set to 10.
> Please increase the search limit."
>
 Well this is not so easy to achieve in framework, I prefer not to add
 number
 there, it requires bigger change in framework or an extra ldap search.

> Does this also address https://fedorahosted.org/freeipa/ticket/4022?
>
 It should.

>>> Maybe we can use some generic phrase like:
>>> "Search result has been truncated to configured search limit."
>>> and avoid advice like 'increase search limit' which may not be possible
>>> to do,
>>> e.g. because user does not have permission to do that etc.
>>>
>>
> Sounds good.
> 
> 
> 
>> Updated patch attached.
>>
> 
> Ack from me.

Push it, the weird behavior in WebUI happens even without the patch :-)

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0399] ipa-getkeytab: Handle the possibility of not obtaining a result

2016-01-27 Thread Tomas Babej 


On 01/27/2016 05:03 PM, Martin Babinsky wrote:
> On 01/26/2016 05:48 PM, Tomas Babej wrote:
>> Hi,
>>
>> The ldap_result operation can time out, returning a NULL result,
>> which in turn causes the parsing operation to crash.
>>
>> https://fedorahosted.org/freeipa/ticket/5642
>>
>> Tomas
>>
>>
>>
> ACK
> 

Pushed to master: d53c2f6b806335507ffd5e78be42471b85a39bbf

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0399] ipa-getkeytab: Handle the possibility of not obtaining a result

2016-01-27 Thread Martin Babinsky 

On 01/26/2016 05:48 PM, Tomas Babej wrote:

Hi,

The ldap_result operation can time out, returning a NULL result,
which in turn causes the parsing operation to crash.

https://fedorahosted.org/freeipa/ticket/5642

Tomas




ACK

--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCHES] 0761-0769 More Python3 fixes

2016-01-27 Thread Petr Viktorin 
Hello,

Here is a mixed bag of Python 3 fixes.
They fix some tests, and they should enable you to use `python3
/usr/bin/ipa`.


-- 
Petr Viktorin
From 7d6bb7fe8d548e564d7bd941439fa405f0f92742 Mon Sep 17 00:00:00 2001
From: Petr Viktorin 
Date: Mon, 21 Sep 2015 13:22:17 +0200
Subject: [PATCH] test_parameters: Ignore bad error message in Python 3

The decimal error message is less clear than before.
(It's apparently the price to pay for speed -- Python3 uses
libmpdec as its Decimal implementation by default.)

Don't check for the exact error message.
---
 ipatests/test_ipalib/test_parameters.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ipatests/test_ipalib/test_parameters.py b/ipatests/test_ipalib/test_parameters.py
index b640f50dae4ebfb4f764e5ca9b2aa355fdfb6359..90c92a933fd8a66945e6752c5eab6ceb5026e9d5 100644
--- a/ipatests/test_ipalib/test_parameters.py
+++ b/ipatests/test_ipalib/test_parameters.py
@@ -1441,8 +1441,9 @@ class test_Decimal(ClassChecker):
 param = self.cls('my_number', precision=1)
 e = raises(ConversionError, param, '123456789012345678901234567890')
 
-assert str(e) == \
-"invalid 'my_number': quantize result has too many digits for current context"
+if six.PY2:
+assert str(e) == \
+"invalid 'my_number': quantize result has too many digits for current context"
 
 def test_exponential(self):
 """
-- 
2.5.0

From 5201e2c9cd56b9be3f5dfe9f2e7c6e251ba3931e Mon Sep 17 00:00:00 2001
From: Michael Simacek 
Date: Tue, 22 Sep 2015 10:29:32 +0200
Subject: [PATCH] Fix bytes/string handling in rpc

---
 ipalib/rpc.py | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index a165491adea5366a14a86d7c8bd6337e36fd1b44..56f20512dbe83646923537117e589d5b895fe9c4 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -349,7 +349,7 @@ def json_decode_binary(val):
 elif isinstance(val, list):
 return tuple(json_decode_binary(v) for v in val)
 else:
-if isinstance(val, six.string_types):
+if isinstance(val, bytes):
 try:
 return val.decode('utf-8')
 except UnicodeDecodeError:
@@ -400,7 +400,7 @@ def xml_loads(data, encoding='UTF-8'):
 
 class DummyParser(object):
 def __init__(self):
-self.data = ''
+self.data = b''
 
 def feed(self, data):
 self.data += data
@@ -575,7 +575,7 @@ class KerbTransport(SSLTransport):
 
 if token:
 extra_headers.append(
-('Authorization', 'negotiate %s' % base64.b64encode(token))
+('Authorization', 'negotiate %s' % base64.b64encode(token).decode('ascii'))
 )
 
 def _auth_complete(self, response):
@@ -586,7 +586,7 @@ class KerbTransport(SSLTransport):
 k, _, v = field.strip().partition(' ')
 if k.lower() == 'negotiate':
 try:
-token = base64.b64decode(v)
+token = base64.b64decode(v.encode('ascii'))
 break
 # b64decode raises TypeError on invalid input
 except TypeError:
@@ -1068,12 +1068,12 @@ class JSONServerProxy(object):
 response = self.__transport.request(
 self.__host,
 self.__handler,
-json.dumps(payload),
+json.dumps(payload).encode('utf-8'),
 verbose=self.__verbose >= 3,
 )
 
 try:
-response = json_decode_binary(json.loads(response))
+response = json_decode_binary(json.loads(response.decode()))
 except ValueError as e:
 raise JSONError(str(e))
 
-- 
2.5.0

From a7ea3fa1096c5ef53564b0f28ad5d6e85f8a8f64 Mon Sep 17 00:00:00 2001
From: Petr Viktorin 
Date: Wed, 14 Oct 2015 15:02:51 +0200
Subject: [PATCH] ipaldap, ldapupdate: Encoding fixes for Python 3

---
 ipapython/ipaldap.py| 12 +---
 ipaserver/install/ldapupdate.py |  8 
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py
index 28bfcb5c2ee2140d38f17248fc9c90861cd251e4..45ab15bd4a0c3fefa17604419ef73a7d5eb3f77c 100644
--- a/ipapython/ipaldap.py
+++ b/ipapython/ipaldap.py
@@ -346,11 +346,17 @@ class LDAPEntry(collections.MutableMapping):
 return self._names[name]
 
 if self._conn.schema is not None:
+if six.PY2:
+encoded_name = name.encode('utf-8')
+else:
+encoded_name = name
 attrtype = self._conn.schema.get_obj(
-ldap.schema.AttributeType, name.encode('utf-8'))
+ldap.schema.AttributeType, encoded_name)
 if attrtype is not None:
 for altname in attrtype.names:
-altname = altname.decode('utf-8')
+

Re: [Freeipa-devel] [PATCH] 0760 - Split ipa-client/ into ipaclient/ and client/

2016-01-27 Thread Jan Cholasta 

On 25.1.2016 14:49, Petr Viktorin wrote:

On 01/25/2016 02:12 PM, Jan Cholasta wrote:

On 14.1.2016 17:49, Petr Viktorin wrote:

On 01/14/2016 11:09 AM, Jan Cholasta wrote:

On 14.1.2016 10:48, Petr Viktorin wrote:

On 01/14/2016 07:55 AM, Jan Cholasta wrote:

Hi,

On 13.1.2016 13:03, Martin Babinsky wrote:

On 01/13/2016 11:34 AM, Petr Viktorin wrote:

Hello,
I'm planning to port the ipa-client to Python 3, and I'm likely
to end
up shaking out some dusty corners of the codebase, rather than
doing the
minimal amount of work :)
So I'd like to get your opinions before I commit significant time to
this.


Here's a patch for review.
(I'm sending the full diff for applying; the result is nicer to look at
with `git show -C`)



[...]

client-tools/
- man/*
- *.c
- *.h
- all the automake stuff
- current contents of ipa-install (Python scripts that go in
/usr/sbin)


I would rather s/client-tools/client/, as this stuff goes into the
freeipa-*client* subpackage.


OK. It's just that there's no admintools/ or server/ either.

Putting the scripts into install/tools/ (or install/client/) is another
possibility.


Right. I guess we have to decide whether we want a directory layout
based on the component/subpackage or not. install/tools/ works for me
equally well.


I put the scripts in client/. IPA supports building just the client
bits, and that's easier if the server and client scripts are separate.


I'm not sure if this is what you are suggesting or not, but I would
like
the man page files to be in the same directory as the corresponding
source code files.


Do you mean not having the man/ subdirectory?


Yes. (I don't insist though.)


Even if you did insist, I think it would be better to ditch
install/tools/man/ and ipatests/man/ at the same time as client/man/, so
I'm leaving this for a potential future patch.


It could be done gradually (there already is /ipa.1 for /ipa), but OK.

The patch needs a rebase on top of master and ipa-4-3. Otherwise ACK.


Here are the rebased patches.


I filed a ticket for this and the rest of the py3 client effort: 
.


Pushed to:
master: 840de9bb48b37508e11fc0514761161e7cd0f9ef
ipa-4-3: 11f315bcfcc756d4ea8a16a87df1a1a4dd980250

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0409] Warn user when ipa *-find reach search limit

2016-01-27 Thread Martin Basti 



On 27.01.2016 09:16, Petr Spacek wrote:

On 26.1.2016 15:38, Gabe Alford wrote:

On Tue, Jan 26, 2016 at 7:33 AM, Martin Basti  wrote:



On 26.01.2016 15:17, Petr Spacek wrote:


On 26.1.2016 15:06, Martin Basti wrote:


On 26.01.2016 15:00, Gabe Alford wrote:


On Tue, Jan 26, 2016 at 6:56 AM, Martin Basti > wrote:



  On 26.01.2016 14:55, Petr Spacek wrote:

  On 26.1.2016 14:02, Martin Basti wrote:

  https://fedorahosted.org/freeipa/ticket/5634

  Patch attached.

  It works for me in API, CLI, and Web UI. The warning is shown
  as expected.

  Interestingly, Web UI behaves strangely when search limit is
  hit. This needs
  more investigation because it happens even without this patch
:-)

  I found different bug there, webUI passes sizelimit: 0
  (unlimited), but this values is not passed to some searches inside
  BaseldapSearch which raise error, I will file a ticket na provide
  details there


Works for me as well. However, it would be nice to have what
ipasearchlimit
is limited to in the error message as well. So something like:


thanks for testing.

"Search result has been truncated, the current search limit is set to 10.

Please increase the search limit."


Well this is not so easy to achieve in framework, I prefer not to add
number
there, it requires bigger change in framework or an extra ldap search.


Does this also address https://fedorahosted.org/freeipa/ticket/4022?


It should.


Maybe we can use some generic phrase like:
"Search result has been truncated to configured search limit."
and avoid advice like 'increase search limit' which may not be possible
to do,
e.g. because user does not have permission to do that etc.


Sounds good.




Updated patch attached.


Ack from me.

Push it, the weird behavior in WebUI happens even without the patch :-)


Pushed to master: 9a945b201eab40dff7781d3240f046b648644779

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0031] ipatests: fix the install of external ca

2016-01-27 Thread Martin Basti 



On 27.01.2016 11:02, Martin Babinsky wrote:

On 01/19/2016 05:56 PM, Milan Kubík wrote:

On 01/19/2016 05:31 PM, Milan Kubík wrote:

Patch attached.




This actually has a ticket opened. Patch with fixed commit message. ;)

--
Milan Kubik




ACK


Pushed to:
master: 8f6fb7b4eaa74e9478f946a3be862e2d02158f6d
ipa-4-3: 7454db09185ee0131c2f85c7922bc2af374db766

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [TEST][Patch 0021] Fixed recent replica installation issues in the lab

2016-01-27 Thread Oleg Fayans 
Sorry, trailing whitespace detected. This version passes lint

On 01/27/2016 09:23 AM, Oleg Fayans wrote:
> Hi,
> 
> On 01/21/2016 04:41 PM, Petr Spacek wrote:
>> Hello,
>>
>> On 21.1.2016 13:42, Oleg Fayans wrote:
>>> freeipa-ofayans-0021-Removed-ip-address-option-from-replica-installation.patch
>>>
>>>
>>> From d7ab06a4dcddb919fda351b983d478f1b6968578 Mon Sep 17 00:00:00 2001
>>> From: Oleg Fayans 
>>> Date: Thu, 21 Jan 2016 13:30:02 +0100
>>> Subject: [PATCH] Removed --ip-address option from replica installation
>>>
>>> Explicitly specifying ip-address of the replica messes up with the current
>>> bind-dyndb-ldap logic, causing reverse zone not to be created.
>>>
>>> Enabled reverse-zone creation for the clients residing in different subnet 
>>> from
>>> master
>>> ---
>>>  ipatests/test_integration/tasks.py | 19 ---
>>>  1 file changed, 12 insertions(+), 7 deletions(-)
>>>
>>> diff --git a/ipatests/test_integration/tasks.py 
>>> b/ipatests/test_integration/tasks.py
>>> index 
>>> 6eb55501389c72b4c7aaa599fd4852d7e8f1f3c2..43ef78b0c55deed24a0444f0ac6c38ddb2517481
>>>  100644
>>> --- a/ipatests/test_integration/tasks.py
>>> +++ b/ipatests/test_integration/tasks.py
>>> @@ -69,6 +69,8 @@ def prepare_reverse_zone(host, ip):
>>>  host.run_command(["ipa",
>>>"dnszone-add",
>>>zone], raiseonerr=False)
>>> +return zone
>>> +
>>>  
>>>  def prepare_host(host):
>>>  if isinstance(host, Host):
>>> @@ -319,11 +321,8 @@ def domainlevel(host):
>>>  def replica_prepare(master, replica):
>>>  apply_common_fixes(replica)
>>>  fix_apache_semaphores(replica)
>>> -prepare_reverse_zone(master, replica.ip)
>>> -master.run_command(['ipa-replica-prepare',
>>> -'-p', replica.config.dirman_password,
>>> -'--ip-address', replica.ip,
>>> -replica.hostname])
>>> +master.run_command(['ipa-replica-prepare', '-p', 
>>> replica.config.dirman_password,
>>> +'--auto-reverse', replica.hostname])
>>
>> I guess that you will need --ip-address option in cases where master's 
>> reverse
>> record does not exist (yet).
> And yo were right. Fixed
> 
>>
>> I would recommend you to test this in libvirt or somewhere without revere
>> records, I suspect that it might blow up.
>>
>>>  replica_bundle = master.get_file_contents(
>>>  paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
>>>  replica_filename = get_replica_filename(replica)
>>> @@ -339,8 +338,7 @@ def install_replica(master, replica, setup_ca=True, 
>>> setup_dns=False,
>>>  # and replica installation would fail
>>>  args = ['ipa-replica-install', '-U',
>>>  '-p', replica.config.dirman_password,
>>> -'-w', replica.config.admin_password,
>>> -'--ip-address', replica.ip]
>>> +'-w', replica.config.admin_password]
>>>  if setup_ca:
>>>  args.append('--setup-ca')
>>>  if setup_dns:
>>> @@ -380,6 +378,13 @@ def install_client(master, client, extra_args=()):
>>>  client.collect_log(paths.IPACLIENT_INSTALL_LOG)
>>>  
>>>  apply_common_fixes(client)
>>> +# Now, for the situations where a client resides in a different subnet 
>>> from
>>> +# master, we need to explicitly tell master to create a reverse zone 
>>> for
>>> +# the client and enable dynamic updates for this zone.
>>> +allow_sync_ptr(master)
>>> +zone = prepare_reverse_zone(master, client.ip)
>>> +master.run_command(["ipa", "dnszone-mod", zone,
>>> +"--dynamic-update=TRUE"], raiseonerr=False)
>>
>> I'm not a big fan of ignoring exceptions here, it might be better to
>> encapsulate the first command with try: except: and run the zone-mod only if
>> the add worked as expected.
>>
>> Also, logging an message that reverse zone was not added might be a good 
>> idea.
> Agreed. Done.
> 
>>
>> HTH
>>
>> Petr^2 Spacek
>>
>>
>>>  
>>>  client.run_command(['ipa-client-install', '-U',
>>>  '--domain', client.domain.name,
>>
> 
> 
> 

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
From e70daf4ed9dfbac7e8ea75cb8e9ab0f2af12ad48 Mon Sep 17 00:00:00 2001
From: Oleg Fayans 
Date: Wed, 27 Jan 2016 11:09:03 +0100
Subject: [PATCH] Removed --ip-address option from replica installation

Explicitly specifying ip-address of the replica messes up with the current
bind-dyndb-ldap logic, causing reverse zone not to be created.

Enabled reverse-zone creation for the clients residing in different subnet from
master
---
 ipatests/test_integration/tasks.py | 20 +++-
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index 6eb55501389c72b4c7aaa599fd4852d7e8f1f3c2..b8b7fcfcbbb1dc6723491194cdbbd68c54ec 100644
--- a/ipatests/test_integration/tasks.py
+++

[Freeipa-devel] [PATCH] 950 webui: remove moot error from webui build

2016-01-27 Thread Petr Vobornik 

add module 'libs/d3' to a list of modules provided by third party libraries

it is provided by d3 library in libs directory

https://fedorahosted.org/freeipa/ticket/5641
--
Petr Vobornik
From c62297be98972fbd1ea5c0903fb5263e7130ebdb Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Wed, 27 Jan 2016 14:57:30 +0100
Subject: [PATCH] webui: remove moot error from webui build

add module 'libs/d3' to a list of modules provided by third party libraries

it is provided by d3 library in libs directory

https://fedorahosted.org/freeipa/ticket/5641
---
 install/ui/src/webui.profile.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/install/ui/src/webui.profile.js b/install/ui/src/webui.profile.js
index 6fd9d912c9e24bf785626a66a834383c61cfb4a5..1d7a6cc845952eb89b177d4510c8188a16e7dbf8 100644
--- a/install/ui/src/webui.profile.js
+++ b/install/ui/src/webui.profile.js
@@ -108,7 +108,8 @@ var profile = (function(){
 "dojo/query",
 "dojo/string",
 "dojo/NodeList-dom",
-"dojo/promise/all"
+"dojo/promise/all",
+"libs/d3"
 ]
 }
 ],
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0031] ipatests: fix the install of external ca

2016-01-27 Thread Martin Babinsky 

On 01/19/2016 05:56 PM, Milan Kubík wrote:

On 01/19/2016 05:31 PM, Milan Kubík wrote:

Patch attached.




This actually has a ticket opened. Patch with fixed commit message. ;)

--
Milan Kubik




ACK

--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 540] cert renewal: import all external CA certs on IPA CA cert renewal

2016-01-27 Thread Tomas Babej 


On 01/27/2016 08:06 AM, Martin Babinsky wrote:
> On 01/25/2016 08:19 AM, Jan Cholasta wrote:
>> On 22.1.2016 12:28, Jan Cholasta wrote:
>>> On 22.1.2016 10:34, Martin Babinsky wrote:
 On 01/21/2016 10:27 AM, Jan Cholasta wrote:
> Hi,
>
> the attached patch fixes
> .
>
> Honza
>
>
>
 ACK
>>>
>>> Self-NACK. Doesn't work with external CA install.
>>>
>>
>> Updated patches attached.
>>
> ACK
> 

Pushed to master: eaafeddf769c25bd44b490ae18ffb58e97df4963
Pushed to ipa-4-2: 2314fa66fd7fe543209292660d4f7f9611cdedb2

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 543] CA install: explicitly set dogtag_version to 10

2016-01-27 Thread Tomas Babej 


On 01/27/2016 12:10 PM, Martin Babinsky wrote:
> On 01/27/2016 09:27 AM, Jan Cholasta wrote:
>> On 26.1.2016 10:23, Martin Babinsky wrote:
>>> On 01/26/2016 10:14 AM, Martin Babinsky wrote:
 On 01/25/2016 08:56 AM, Alexander Bokovoy wrote:
> On Mon, 25 Jan 2016, Jan Cholasta wrote:
>> Hi,
>>
>> the attached patch fixes
>> .
>>
>> Note that this is a 4.2-specific fix.
>>
>> Honza
>>
>> -- 
>> Jan Cholasta
>
>> From c2a0684c64538166809883a235bd131518b6e78f Mon Sep 17 00:00:00
>> 2001
>> From: Jan Cholasta 
>> Date: Mon, 25 Jan 2016 08:48:42 +0100
>> Subject: [PATCH] CA install: explicitly set dogtag_version to 10
>>
>> When installing new CA master, explicitly set the dogtag_version
>> option to
>> 10 in api.bootstrap() to prevent failures in code which expects the
>> value
>> to be 10 rather than the default value of 9.
>>
>> https://fedorahosted.org/freeipa/ticket/5611
>> ---
>> install/tools/ipa-ca-install | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/install/tools/ipa-ca-install
>> b/install/tools/ipa-ca-install
>> index 6564e4d..e8ccaef 100755
>> --- a/install/tools/ipa-ca-install
>> +++ b/install/tools/ipa-ca-install
>> @@ -162,7 +162,7 @@ def install_master(safe_options, options):
>>
>> # override ra_plugin setting read from default.conf so that we
>> have
>> # functional dogtag backend plugins during CA install
>> -api.bootstrap(in_server=True, ra_plugin='dogtag')
>> +api.bootstrap(in_server=True, ra_plugin='dogtag',
>> dogtag_version=10)
>> api.finalize()
>>
>> dm_password = options.password
>> -- 
> ACK.
>

 Not so fast, I have this patch applied on top of ipa-4-2 and it does
 not
 fix the crash described in the ticket.

>>>
>>> See the end of CA install log (http://fpaste.org/314777/14537999/), it
>>> seems that despite setting dogtag version to 10 in API initialization,
>>> CA instance still thinks it needs to work with version 9.
>>>
>>> It seems that dogtag.configured_constants() function is to blame:
>>>
>>> """
>>> In [4]: from ipalib import api
>>>
>>> In [5]: api.bootstrap(dogtag_version=10)
>>>
>>> In [6]: api.finalize()
>>>
>>> In [7]: dogtag.configured_constants()
>>> Out[7]: ipapython.dogtag.Dogtag9Constants
>>>
>>> In [8]: dogtag.configured_constants(api)
>>> Out[8]: ipapython.dogtag.Dogtag10Constants
>>> """
>>
>> Updated patch attached.
>>
> 
> ACK
> 

Pushed to ipa-4-2: 7c78a1f1a4637d0b736b976822646f51926aa214

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 540] cert renewal: import all external CA certs on IPA CA cert renewal

2016-01-27 Thread Jan Cholasta 

On 27.1.2016 14:41, Tomas Babej wrote:



On 01/27/2016 08:06 AM, Martin Babinsky wrote:

On 01/25/2016 08:19 AM, Jan Cholasta wrote:

On 22.1.2016 12:28, Jan Cholasta wrote:

On 22.1.2016 10:34, Martin Babinsky wrote:

On 01/21/2016 10:27 AM, Jan Cholasta wrote:

Hi,

the attached patch fixes
.

Honza




ACK


Self-NACK. Doesn't work with external CA install.



Updated patches attached.


ACK



Pushed to master: eaafeddf769c25bd44b490ae18ffb58e97df4963
Pushed to ipa-4-2: 2314fa66fd7fe543209292660d4f7f9611cdedb2


It seems you forgot ipa-4-3.

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 540] cert renewal: import all external CA certs on IPA CA cert renewal

2016-01-27 Thread Tomas Babej 


On 01/27/2016 02:53 PM, Jan Cholasta wrote:
> On 27.1.2016 14:41, Tomas Babej wrote:
>>
>>
>> On 01/27/2016 08:06 AM, Martin Babinsky wrote:
>>> On 01/25/2016 08:19 AM, Jan Cholasta wrote:
 On 22.1.2016 12:28, Jan Cholasta wrote:
> On 22.1.2016 10:34, Martin Babinsky wrote:
>> On 01/21/2016 10:27 AM, Jan Cholasta wrote:
>>> Hi,
>>>
>>> the attached patch fixes
>>> .
>>>
>>> Honza
>>>
>>>
>>>
>> ACK
>
> Self-NACK. Doesn't work with external CA install.
>

 Updated patches attached.

>>> ACK
>>>
>>
>> Pushed to master: eaafeddf769c25bd44b490ae18ffb58e97df4963
>> Pushed to ipa-4-2: 2314fa66fd7fe543209292660d4f7f9611cdedb2
> 
> It seems you forgot ipa-4-3.
> 

Yep, thanks. Pushed to ipa-4-3: 659c5ae7e649c1f03ac9f93c1b5369f037811d7d

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] webui: 949 crash nicely if sessionStorage is not available

2016-01-27 Thread Tomas Babej 
On 01/26/2016 06:59 PM, Tomas Babej wrote:
> ACK
> 
> On 01/26/2016 06:57 PM, Petr Vobornik wrote:
>> https://fedorahosted.org/freeipa/ticket/5643
>>
>>
> 

Pushed to master: 6e1eb5bc8f83faa38203bd308896d0b15f359b24

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0002 Add support for user parameter for /ipa/ui/reset_password.html

2016-01-27 Thread Petr Vobornik 

On 01/25/2016 03:10 PM, Pavel Vomacka wrote:

Hello again,

another patch is ready for reviewing. Now it is the patch which adds
support for user parameter for /ipa/ui/reset_password.html page. That
means that you can prefill username field by using url parameter
'user'. Here is the ticket link:
https://fedorahosted.org/freeipa/ticket/5001 .

Pavel Vomacka Intern




ACK

Pushed to master: 3a0985b7889bb604184a2a9fa42261efa194d032
--
Petr Vobornik

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] New tool tips for Refresh, Revert, Undo and Undo All buttons

2016-01-27 Thread Petr Vobornik 

On 01/25/2016 01:55 PM, Pavel Vomacka wrote:

Hello everyone,

I just made a patch for the
https://fedorahosted.org/freeipa/ticket/5428 ticket. The patch adds
tool tips to the buttons in detail views. The text of new tool tips
is written in the comment of the ticket.

Pavel Vomacka Intern



ACK

Pushed to master: d5674b1490939551a0040a4d88ebc6f9437e74d9
--
Petr Vobornik

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0128] ipalib/cli.py: pythonify Collector class

2016-01-27 Thread Martin Babinsky 

On 01/18/2016 06:43 PM, Martin Babinsky wrote:

A little patch that should make some future pylint errors disappear.



Attaching updated patch that does not promote direct molestation of 
instance dictionaries.


--
Martin^3 Babinsky
From fdb04f6a15c6a8983706916c52bfee407cb1509c Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Mon, 18 Jan 2016 18:35:52 +0100
Subject: [PATCH] ipalib/cli.py: pythonify Collector class

The implementation of Collector class is hard for pylint to chew and unwieldy.
This patch rewrites the class to a more readable and pythonic form.
---
 ipalib/cli.py | 22 --
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/ipalib/cli.py b/ipalib/cli.py
index 136e0aeb8b876b2fe021f08e49a85a0fdeb4b21b..02a09d14b717640284361e453507b38c1172529d 100644
--- a/ipalib/cli.py
+++ b/ipalib/cli.py
@@ -972,20 +972,30 @@ cli_application_commands = (
 
 class Collector(object):
 def __init__(self):
-object.__setattr__(self, '_Collector__options', {})
+self.__dict__.update(options={})
+self.options = {}  # shut up pylint
 
 def __setattr__(self, name, value):
-if name in self.__options:
-v = self.__options[name]
+if name in dir(self):
+object.__setattr__(self, name, value)
+else:
+self.__setitem__(name, value)
+
+def __getitem__(self, item):
+return self.options[item]
+
+def __setitem__(self, key, value):
+if key in self.options:
+v = self.options[key]
 if type(v) is tuple:
 value = v + (value,)
 else:
 value = (v, value)
-self.__options[name] = value
-object.__setattr__(self, name, value)
+self.options[key] = value
 
 def __todict__(self):
-return dict(self.__options)
+return self.options
+
 
 class CLIOptionParserFormatter(optparse.IndentedHelpFormatter):
 def format_argument(self, name, help_string):
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 950 webui: remove moot error from webui build

2016-01-27 Thread Gabe Alford 
Ack. Works as expected.

Gabe

On Wed, Jan 27, 2016 at 7:39 AM, Petr Vobornik  wrote:

> add module 'libs/d3' to a list of modules provided by third party libraries
>
> it is provided by d3 library in libs directory
>
> https://fedorahosted.org/freeipa/ticket/5641
> --
> Petr Vobornik
>
> --
> Manage your subscription for the Freeipa-devel mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
>
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 155] ipa-kdb: get_authz_data_types() make sure entry can be NULL

2016-01-27 Thread Tomas Babej 


On 01/06/2016 12:15 PM, Sumit Bose wrote:
> Hi,
> 
> this patch fixes and issue found by Simo when he called
> get_authz_data_types() with the second argument being NULL.
> This function determines which type of authorization data should be
> added to the Kerberos ticket. There are global default and it is
> possible to configure this per service as well. The second argument is
> the data base entry of a service. If no service is given it makes sens
> to return the global defaults and most parts of get_authz_data_types()
> handle this case well and this patch fixes the remain issue and adds a
> test for this as well.
> 
> Please note that currently get_authz_data_types() is used in a code path
> where the service entry is expected to be not NULL and it turned out
> that in Simo's case it will be non-NULL as well. Nevertheless the patch
> makes the code more robust and makes the future use of
> get_authz_data_types() more safe.
> 
> bye,
> Sumit
> 
> 
> 

ACK, thanks.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 155] ipa-kdb: get_authz_data_types() make sure entry can be NULL

2016-01-27 Thread Tomas Babej 


On 01/27/2016 04:04 PM, Tomas Babej wrote:
> 
> 
> On 01/06/2016 12:15 PM, Sumit Bose wrote:
>> Hi,
>>
>> this patch fixes and issue found by Simo when he called
>> get_authz_data_types() with the second argument being NULL.
>> This function determines which type of authorization data should be
>> added to the Kerberos ticket. There are global default and it is
>> possible to configure this per service as well. The second argument is
>> the data base entry of a service. If no service is given it makes sens
>> to return the global defaults and most parts of get_authz_data_types()
>> handle this case well and this patch fixes the remain issue and adds a
>> test for this as well.
>>
>> Please note that currently get_authz_data_types() is used in a code path
>> where the service entry is expected to be not NULL and it turned out
>> that in Simo's case it will be non-NULL as well. Nevertheless the patch
>> makes the code more robust and makes the future use of
>> get_authz_data_types() more safe.
>>
>> bye,
>> Sumit
>>
>>
>>
> 
> ACK, thanks.
> 

It is worth noting I added a commit message for the patch, based on the
Sumit's summary here.

Pushed to master: 45b0148fcce3fded5cea52b6fadd50114358ba25

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 950 webui: remove moot error from webui build

2016-01-27 Thread Petr Vobornik 

On 01/27/2016 04:01 PM, Gabe Alford wrote:

Ack. Works as expected.


Thanks for review.

Pushed to:
master: e668b06231553457df64eb43bef8918b21b4ebdc
ipa-4-3: b9573f968a13d1373020be91a50786db81c1f1a3



Gabe

On Wed, Jan 27, 2016 at 7:39 AM, Petr Vobornik  wrote:


add module 'libs/d3' to a list of modules provided by third party libraries

it is provided by d3 library in libs directory

https://fedorahosted.org/freeipa/ticket/5641
--
Petr Vobornik

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code






--
Petr Vobornik

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code