[Freeipa-devel] [freeipa PR#736][comment] Fixing the cert-request command comparing whole email address case-sensitively.
URL: https://github.com/freeipa/freeipa/pull/736 Title: #736: Fixing the cert-request command comparing whole email address case-sensitively. felipevolpone commented: """ I hope it's fine now """ See the full comment at https://github.com/freeipa/freeipa/pull/736#issuecomment-299296983 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#736][synchronized] Fixing the cert-request command comparing whole email address case-sensitively.
URL: https://github.com/freeipa/freeipa/pull/736 Author: felipevolpone Title: #736: Fixing the cert-request command comparing whole email address case-sensitively. Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/736/head:pr736 git checkout pr736 From b1077cf41709f9ac9c28181e71a8ff07daf87d15 Mon Sep 17 00:00:00 2001 From: Felipe VolponeDate: Thu, 4 May 2017 17:11:31 -0300 Subject: [PATCH] Fixing the cert-request comparing whole email address case-sensitively. Now, the cert-request command compares the domain part of the email case-insensitively. https://pagure.io/freeipa/issue/5919 --- ipaserver/plugins/cert.py| 31 +++--- ipatests/test_xmlrpc/test_cert_plugin.py | 37 2 files changed, 65 insertions(+), 3 deletions(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 9f90107..3a9747d 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -705,7 +705,9 @@ def execute(self, csr, all=False, raw=False, chain=False, **kw): # fail if any email addr from DN does not appear in ldap entry email_addrs = csr_obj.subject.get_attributes_for_oid( cryptography.x509.oid.NameOID.EMAIL_ADDRESS) -if len(set(email_addrs) - set(principal_obj.get('mail', []))) > 0: +csr_emails = [attr.value for attr in email_addrs] +if not _emails_are_valid(csr_emails, + principal_obj.get('mail', [])): raise errors.ValidationError( name='csr', error=_( @@ -791,8 +793,10 @@ def execute(self, csr, all=False, raw=False, chain=False, **kw): "match requested principal") % gn.name) elif isinstance(gn, cryptography.x509.general_name.RFC822Name): if principal_type == USER: -if principal_obj and gn.value not in principal_obj.get( -'mail', []): +gn_value = (gn.value if isinstance(gn.value, list) + else [gn.value]) +if not _emails_are_valid(gn_value, + principal_obj.get('mail', [])): raise errors.ValidationError( name='csr', error=_( @@ -860,6 +864,27 @@ def execute(self, csr, all=False, raw=False, chain=False, **kw): ) +def _emails_are_valid(csr_emails, principal_emails): +""" +Checks if any email address from certificate does not +appear in ldap entry, comparing the domain part case-insensitively. +""" + +if not any(principal_emails): +return False + +def lower_domain(email): +email_splited = email.split('@', 1) +email_splited[1] = email_splited[1].lower() + +return '@'.join(email_splited) + +principal_emails_lower = set(map(lower_domain, principal_emails)) +csr_emails_lower = set(map(lower_domain, csr_emails)) + +return csr_emails_lower.issubset(principal_emails_lower) + + def principal_to_principal_type(principal): if principal.is_user: return USER diff --git a/ipatests/test_xmlrpc/test_cert_plugin.py b/ipatests/test_xmlrpc/test_cert_plugin.py index 0b8277b..8039b9b 100644 --- a/ipatests/test_xmlrpc/test_cert_plugin.py +++ b/ipatests/test_xmlrpc/test_cert_plugin.py @@ -253,6 +253,43 @@ def test_00010_cleanup(self): res = api.Command['service_find'](self.service_princ) assert res['count'] == 0 +def test_00011_email_are_valid(self): +""" +Verify the different scenarios when checking if any email addr +from DN or SAN extension does not appear in ldap entry. +""" + +from ipaserver.plugins.cert import _emails_are_valid +from collections import namedtuple +NameAttr = namedtuple('NameAttr', 'value') + +subject_addrs = [NameAttr(u'a...@email.com')] +result = _emails_are_valid(subject_addrs, [], [u'a...@email.com']) +assert True is result, result + +san_addrs = [NameAttr(u'a...@email.com'), + NameAttr(u'anot...@email.com')] +result = _emails_are_valid([], san_addrs, [u'a...@email.com']) +assert True is result, result + +result = _emails_are_valid([], [], [u'a...@email.com']) +assert False is result, result + +subject_addrs = [NameAttr(u'a...@email.com')] +san_addrs = [NameAttr(u'a...@email.com')] +result = _emails_are_valid(subject_addrs, san_addrs, []) +assert False is result, result + +subject_addrs = [NameAttr(u'invalidEmailAddress')] +san_addrs = [NameAttr(u'va...@email.com')] +result = _emails_are_valid(subject_addrs, san_addrs,
[Freeipa-devel] [freeipa PR#764][opened] Basic uninstaller for the CA
URL: https://github.com/freeipa/freeipa/pull/764 Author: rcritten Title: #764: Basic uninstaller for the CA Action: opened PR body: """ This in response to watching users flounder with repeated failed replica installations and ipa-ca-install attempts that require a complete uninstall. Review it with whatever priority you desire. This is meant ONLY to be able to re-try an installation if the CA cloning fails for some reason. It is not intended to be used to remove the CA as a service on a given master. This is to avoid having to stand up a whole new master just because the CA installation failed. https://pagure.io/freeipa/issue/6595 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/764/head:pr764 git checkout pr764 From da470e73eb3100777e983cc31a3566390e66efc2 Mon Sep 17 00:00:00 2001 From: Rob CrittendenDate: Thu, 4 May 2017 14:45:49 -0400 Subject: [PATCH] Basic uninstaller for the CA This is meant ONLY to be able to re-try an installation if the CA cloning fails for some reason. It is not intended to be used to remove the CA as a service on a given master. This is to avoid having to stand up a whole new master just because the CA installation failed. https://pagure.io/freeipa/issue/6595 --- install/tools/ipa-ca-install| 72 - ipaserver/install/cainstance.py | 10 -- 2 files changed, 79 insertions(+), 3 deletions(-) diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index 60261aa..97e9959 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -24,6 +24,7 @@ import shutil import tempfile from ipalib.install.kinit import kinit_keytab +from ipapython.dn import DN from ipapython import ipautil from ipaserver.install import installutils @@ -31,12 +32,14 @@ from ipaserver.install.installutils import create_replica_config from ipaserver.install.installutils import check_creds, ReplicaConfig from ipaserver.install import dsinstance, ca from ipaserver.install import cainstance, service +from ipaserver.install import krainstance from ipapython import version -from ipalib import api +from ipalib import api, errors from ipalib.constants import DOMAIN_LEVEL_0 from ipapython.config import IPAOptionParser from ipapython.ipa_log_manager import root_logger, standard_logging_setup from ipaplatform.paths import paths +from ipaplatform import services log_file_name = paths.IPAREPLICA_CA_INSTALL_LOG REPLICA_INFO_TOP_DIR = None @@ -44,6 +47,8 @@ REPLICA_INFO_TOP_DIR = None def parse_options(): usage = "%prog [options] REPLICA_FILE" parser = IPAOptionParser(usage=usage, version=version.VERSION) +parser.add_option("--uninstall", dest="uninstall", action="store_true", + default=False, help="uninstall the CA") parser.add_option("-d", "--debug", dest="debug", action="store_true", default=False, help="gather extra debugging information") parser.add_option("-p", "--password", dest="password", sensitive=True, @@ -254,6 +259,67 @@ def install(safe_options, options, filename): pass +def uninstall(options): +# Uninstaller meant only for blown replica installations. + +# Does NOT remove replication agreements or the ipaca backend. + +ca_instance = cainstance.CAInstance(api.env.realm) + +if not cainstance.is_ca_installed_locally(): +ca_instance.print_msg( +"CA does not appear to be installed on this host." +) + +kra = krainstance.KRAInstance(api.env.realm) +if kra.is_installed(): +sys.exit("Cannot deal with KRA at this time.") + +if options.unattended: +ca_instance.print_msg( +"Ignoring unattended uninstall request.\n" +) +ca_instance.print_msg( +"This is for failed installs only, do not use otherwise." +) +if not ipautil.user_input("Are you sure you want to continue with the " + "uninstall procedure?", False): +ca_instance.print_msg("Aborting uninstall operation.") +sys.exit(0) + +# Note that I'm completely ignoring the replication agreement so it +# doesn't matter what domain level this is. This is based on the +# (bad) assumption that this is only being executed to fix a blown +# install and not to remove the CA as a component. + +# TODO: Figure out what is going on with serial # ranges + +ca_instance.print_msg("Shutting down CA") +ca_instance.stop_instance() + +try: +ca.uninstall() +except Exception as e: +root_logger.debug("CA uninstall failed with %s", e) + +# certmonger is stopped as a side-effect of unintalling the CA +cmonger = services.knownservices.certmonger +cmonger.start() + +ca_instance.print_msg("Removing CA from list of services") +dn = DN(('cn', 'CA'), ('cn', api.env.host), ('cn', 'masters'), +
[Freeipa-devel] [freeipa PR#763][edited] Dogtag fail
URL: https://github.com/freeipa/freeipa/pull/763 Author: stlaz Title: #763: Dogtag fail Action: edited Changed field: title Original value: """ Dogtag fail """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#763][opened] Dogtag fail
URL: https://github.com/freeipa/freeipa/pull/763 Author: stlaz Title: #763: Dogtag fail Action: opened PR body: """ **Make CA/KRA fail when they don't start** Since all the services throw exceptions when we're unable to start/restart them, CA/KRA should not be an exception to it. **Fix wrong message on Dogtag instances stop** https://pagure.io/freeipa/issue/6766 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/763/head:pr763 git checkout pr763 From c3ab7b00b28bd349119371a214a3a3a22ab4c133 Mon Sep 17 00:00:00 2001 From: Stanislav LaznickaDate: Thu, 4 May 2017 14:58:46 +0200 Subject: [PATCH 1/2] Make CA/KRA fail when they don't start Since all the services throw exceptions when we're unable to start/restart them, CA/KRA should not be an exception to it. https://pagure.io/freeipa/issue/6766 --- ipaserver/install/dogtaginstance.py | 16 ++-- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py index 356358a..f79031b 100644 --- a/ipaserver/install/dogtaginstance.py +++ b/ipaserver/install/dogtaginstance.py @@ -156,22 +156,10 @@ def clean_pkispawn_files(self): ignore_errors=True) def restart_instance(self): -try: -self.restart('pki-tomcat') -except Exception: -self.log.debug(traceback.format_exc()) -self.log.critical( -"Failed to restart the Dogtag instance." -"See the installation log for details.") +self.restart('pki-tomcat') def start_instance(self): -try: -self.start('pki-tomcat') -except Exception: -self.log.debug(traceback.format_exc()) -self.log.critical( -"Failed to restart the Dogtag instance." -"See the installation log for details.") +self.start('pki-tomcat') def stop_instance(self): try: From fd1b004ea772fff154199f79a2750eaf45fab14e Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Thu, 4 May 2017 15:00:33 +0200 Subject: [PATCH 2/2] Fix wrong message on Dogtag instances stop https://pagure.io/freeipa/issue/6766 --- ipaserver/install/dogtaginstance.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py index f79031b..831d996 100644 --- a/ipaserver/install/dogtaginstance.py +++ b/ipaserver/install/dogtaginstance.py @@ -167,7 +167,7 @@ def stop_instance(self): except Exception: self.log.debug(traceback.format_exc()) self.log.critical( -"Failed to restart the Dogtag instance." +"Failed to stop the Dogtag instance." "See the installation log for details.") def enable_client_auth_to_db(self, config): -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#761][synchronized] Fixing adding authenticator indicators to host
URL: https://github.com/freeipa/freeipa/pull/761 Author: felipevolpone Title: #761: Fixing adding authenticator indicators to host Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/761/head:pr761 git checkout pr761 From ac19e97b02c65a4728239a134e5d2bc39a08672f Mon Sep 17 00:00:00 2001 From: Felipe VolponeDate: Thu, 4 May 2017 09:51:07 -0300 Subject: [PATCH] Fixing adding authenticator indicators to host The check for krbprincipalaux in the entries is now made case-insensitively. https://pagure.io/freeipa/issue/6911 --- ipaserver/plugins/host.py | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index dcadd54..15bd25d 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -920,7 +920,7 @@ def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): else: _entry_attrs = ldap.get_entry(dn, ['objectclass']) obj_classes = _entry_attrs['objectclass'] -if 'ieee802device' not in obj_classes: +if 'ieee802device' not in [item.lower() for item in obj_classes]: obj_classes.append('ieee802device') entry_attrs['objectclass'] = obj_classes @@ -940,7 +940,7 @@ def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): else: _entry_attrs = ldap.get_entry(dn, ['objectclass']) obj_classes = entry_attrs['objectclass'] = _entry_attrs['objectclass'] -if 'ipasshhost' not in obj_classes: +if 'ipasshhost' not in [item.lower() for item in obj_classes]: obj_classes.append('ipasshhost') update_krbticketflags(ldap, entry_attrs, attrs_list, options, True) @@ -949,14 +949,16 @@ def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): if 'objectclass' not in entry_attrs: entry_attrs_old = ldap.get_entry(dn, ['objectclass']) entry_attrs['objectclass'] = entry_attrs_old['objectclass'] -if 'krbticketpolicyaux' not in entry_attrs['objectclass']: +if 'krbticketpolicyaux' not in [item.lower() for item in +entry_attrs['objectclass']]: entry_attrs['objectclass'].append('krbticketpolicyaux') if 'krbprincipalauthind' in entry_attrs: if 'objectclass' not in entry_attrs: entry_attrs_old = ldap.get_entry(dn, ['objectclass']) entry_attrs['objectclass'] = entry_attrs_old['objectclass'] -if 'krbprincipalaux' not in entry_attrs['objectclass']: +if 'krbprincipalaux' not in [item.lower() for item in + entry_attrs['objectclass']]: entry_attrs['objectclass'].append('krbprincipalaux') add_sshpubkey_to_attrs_pre(self.context, attrs_list) -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#761][comment] Fixing adding authenticator indicators to host
URL: https://github.com/freeipa/freeipa/pull/761 Title: #761: Fixing adding authenticator indicators to host pvoborni commented: """ I'd fix it on all places in host-mod: ``` 885 raise errors.ACIError(info=msg) 886 obj_classes = entry_attrs_old['objectclass'] 887: if 'krbprincipalaux' not in obj_classes: 888 obj_classes.append('krbprincipalaux') 889 entry_attrs['objectclass'] = obj_classes ... 921 _entry_attrs = ldap.get_entry(dn, ['objectclass']) 922 obj_classes = _entry_attrs['objectclass'] 923: if 'ieee802device' not in obj_classes: 924 obj_classes.append('ieee802device') 925 entry_attrs['objectclass'] = obj_classes ... 941 _entry_attrs = ldap.get_entry(dn, ['objectclass']) 942 obj_classes = entry_attrs['objectclass'] = _entry_attrs['objectclass'] 943: if 'ipasshhost' not in obj_classes: 944 obj_classes.append('ipasshhost') ``` so that the plugin would be consistent. Rest of framework can be fixed other time. """ See the full comment at https://github.com/freeipa/freeipa/pull/761#issuecomment-299172235 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#753][closed] Check CA status: add HTTP timeout
URL: https://github.com/freeipa/freeipa/pull/753 Author: MartinBasti Title: #753: Check CA status: add HTTP timeout Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/753/head:pr753 git checkout pr753 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#753][comment] Check CA status: add HTTP timeout
URL: https://github.com/freeipa/freeipa/pull/753 Title: #753: Check CA status: add HTTP timeout MartinBasti commented: """ master: * 20f7689079328aeef42b62a359b303f531db5666 http_request: add timeout option * 05984f171b0b41681254c95380a0598e4208a201 ca_status: add HTTP timeout 30 seconds ipa-4-5: * 48bb3cb69c000cea3f28bd5b44072d0fe9caa7a2 http_request: add timeout option * 68ce9aa2addb6048333e723f771132f5da7dd38f ca_status: add HTTP timeout 30 seconds """ See the full comment at https://github.com/freeipa/freeipa/pull/753#issuecomment-299167248 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#753][+pushed] Check CA status: add HTTP timeout
URL: https://github.com/freeipa/freeipa/pull/753 Title: #753: Check CA status: add HTTP timeout Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#753][+ack] Check CA status: add HTTP timeout
URL: https://github.com/freeipa/freeipa/pull/753 Title: #753: Check CA status: add HTTP timeout Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#671][synchronized] Slim down dependencies
URL: https://github.com/freeipa/freeipa/pull/671 Author: tiran Title: #671: Slim down dependencies Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/671/head:pr671 git checkout pr671 From de75aafdb0de58e57d452b1bc6b69d60d56dfd50 Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Wed, 29 Mar 2017 11:20:21 +0200 Subject: [PATCH] Slim down dependencies * Make jinja2 an optional dependency and csrgen an optional plugin * Make otptoken_yubikey an optional plugin Signed-off-by: Christian Heimes --- ipaclient/plugins/csrgen.py | 10 -- ipaclient/plugins/otptoken_yubikey.py | 11 --- ipaclient/setup.py| 3 +-- tox.ini | 4 ++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/ipaclient/plugins/csrgen.py b/ipaclient/plugins/csrgen.py index 568a79f..d18a90c 100644 --- a/ipaclient/plugins/csrgen.py +++ b/ipaclient/plugins/csrgen.py @@ -6,8 +6,6 @@ import six -from ipaclient import csrgen -from ipaclient import csrgen_ffi from ipalib import api from ipalib import errors from ipalib import output @@ -18,6 +16,14 @@ from ipalib.text import _ from ipapython import dogtag +try: +import jinja2 # pylint: disable=unused-import +except ImportError: +raise errors.SkipPluginModule(reason=_("jinja2 is not installed.")) +else: +from ipaclient import csrgen +from ipaclient import csrgen_ffi + if six.PY3: unicode = str diff --git a/ipaclient/plugins/otptoken_yubikey.py b/ipaclient/plugins/otptoken_yubikey.py index 759b722..9993ec8 100644 --- a/ipaclient/plugins/otptoken_yubikey.py +++ b/ipaclient/plugins/otptoken_yubikey.py @@ -20,15 +20,20 @@ import os import six -import usb.core -import yubico from ipalib import _, api, IntEnum -from ipalib.errors import NotFound +from ipalib.errors import NotFound, SkipPluginModule from ipalib.frontend import Command, Method, Object from ipalib.plugable import Registry from ipalib.util import classproperty +try: +import usb.core +import yubico +except ImportError: +# python-yubico depends on pyusb +raise SkipPluginModule(reason=_("python-yubico is not installed.")) + if six.PY3: unicode = str diff --git a/ipaclient/setup.py b/ipaclient/setup.py index 0140fd5..ac947e7 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -50,11 +50,9 @@ ], }, install_requires=[ -"cffi", "cryptography", "ipalib", "ipapython", -"jinja2", "qrcode", "six", ], @@ -66,6 +64,7 @@ extras_require={ "install": ["ipaplatform"], "otptoken_yubikey": ["python-yubico", "pyusb"], +"csrgen": ["cffi", "jinja2"], }, zip_safe=False, ) diff --git a/tox.ini b/tox.ini index ccface9..931b125 100644 --- a/tox.ini +++ b/tox.ini @@ -13,7 +13,7 @@ changedir={envdir} setenv= HOME={envtmpdir} deps= -ipaclient +ipaclient[csrgen] ipatests commands= {envbindir}/ipa --help @@ -22,7 +22,7 @@ commands= [testenv:pylint2] basepython=python2.7 deps= -ipaclient[otptoken_yubikey] +ipaclient[csrgen,otptoken_yubikey] pylint commands= {envpython} -m pylint \ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#756][comment] Added plugins directory to paclient subpackages
URL: https://github.com/freeipa/freeipa/pull/756 Title: #756: Added plugins directory to paclient subpackages olivergs commented: """ I also opened this https://bugzilla.redhat.com/show_bug.cgi?id=1446744 """ See the full comment at https://github.com/freeipa/freeipa/pull/756#issuecomment-299146326 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#716][comment] Fix minor typos
URL: https://github.com/freeipa/freeipa/pull/716 Title: #716: Fix minor typos stlaz commented: """ Except for the one change I pointed out, this is all OK with me. The only thing I am not sure is whether we can go changing the doc texts in `ipaclient/remote_plugins/2_*/*.py` since these are kept for backward compatibility but I hope someone can clear this out for me. If you could possibly remove the change at the line I noted, I will ACK this as soon as we can be sure about those changes in the `remote_plugins/` directory. """ See the full comment at https://github.com/freeipa/freeipa/pull/716#issuecomment-299122208 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#762][opened] fix managed-entries printing IPA not installed
URL: https://github.com/freeipa/freeipa/pull/762 Author: stlaz Title: #762: fix managed-entries printing IPA not installed Action: opened PR body: """ ipa-managed-entries would print "IPA is not configured on this system." even though this is not true if run as a normal user. Add check for root running the script. https://pagure.io/freeipa/issue/6928 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/762/head:pr762 git checkout pr762 From 85deb5f7323fbeb490ae3d2195811b80a1844ad8 Mon Sep 17 00:00:00 2001 From: Stanislav LaznickaDate: Thu, 4 May 2017 09:42:36 +0200 Subject: [PATCH] fix managed-entries printing IPA not installed ipa-managed-entries would print "IPA is not configured on this system." even though this is not true if run as a normal user. Add check for root running the script. https://pagure.io/freeipa/issue/6928 --- install/tools/ipa-managed-entries | 3 +++ 1 file changed, 3 insertions(+) diff --git a/install/tools/ipa-managed-entries b/install/tools/ipa-managed-entries index 731dcc3..4aceee5 100755 --- a/install/tools/ipa-managed-entries +++ b/install/tools/ipa-managed-entries @@ -20,6 +20,7 @@ from __future__ import print_function +import os import re import sys from optparse import OptionParser # pylint: disable=deprecated-module @@ -193,4 +194,6 @@ def main(): return retval if __name__ == '__main__': +if not os.geteuid() == 0: +sys.exit("\nMust be run as root\n") installutils.run_script(main, operation_name='ipa-managed-entries') -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#756][comment] Added plugins directory to paclient subpackages
URL: https://github.com/freeipa/freeipa/pull/756 Title: #756: Added plugins directory to paclient subpackages MartinBasti commented: """ Opened issue: https://pagure.io/freeipa/issue/6927 """ See the full comment at https://github.com/freeipa/freeipa/pull/756#issuecomment-299116620 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#726][comment] Add check for directory name
URL: https://github.com/freeipa/freeipa/pull/726 Title: #726: Add check for directory name stlaz commented: """ Obviously we can't push this until the tests pass. """ See the full comment at https://github.com/freeipa/freeipa/pull/726#issuecomment-299112001 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#757][comment] ca, kra install: validate DM password
URL: https://github.com/freeipa/freeipa/pull/757 Title: #757: ca, kra install: validate DM password stlaz commented: """ There will be no more sys.exits. This patchset shall not be ACKed until all have been removed. """ See the full comment at https://github.com/freeipa/freeipa/pull/757#issuecomment-29913 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#761][comment] Fixing adding authenticator indicators to host
URL: https://github.com/freeipa/freeipa/pull/761 Title: #761: Fixing adding authenticator indicators to host stlaz commented: """ ``` * Module ipaserver.plugins.host ipaserver/plugins/host.py:887: [C0303(trailing-whitespace), ] Trailing whitespace) ``` \+ wrong author in the commit """ See the full comment at https://github.com/freeipa/freeipa/pull/761#issuecomment-299104113 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code