Re: [Freeipa-devel] [PATCH] Mozldap-specific code removed

[Martin Kosek]

On Fri, 2011-01-14 at 14:59 +0100, Jakub Hrozek wrote:
> On 01/14/2011 01:56 PM, Martin Kosek wrote:
> > IPA installation failed when mozldap-devel package was not installed.
> > This patch solves this:
> > 
> > Mozldap code removed from all sources and configure source script.
> > Now, IPA will compile even when package mozldap-devel is not
> > installed on the system.
> > 
> > https://fedorahosted.org/freeipa/ticket/756
> > 
> 
> Martin, I could not reproduce your build failure with the current master
> without the mozldap-devel package and I tried even in mock.
> 
> But the patch looks good to me. I tested it with a scratch koji build:
> http://koji.fedoraproject.org/koji/taskinfo?taskID=2721123
> 
> So even though the mozldap code removal ticket is not targeted for
> January, I think I can safely Ack it.

Hmm... When I tested the build with a clean repository I could compile
without mozldap-devel too.

Anyway, as you said - the patch remains valid.

Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] Unused value in initdefault_encoding_utf8

[Martin Kosek]

There is no use for return value of Py_InitModule3. Removing it
in this patch.

https://fedorahosted.org/freeipa/ticket/710

>From c151923f2ccec6dc044311a49060eac9400f3d04 Mon Sep 17 00:00:00 2001
From: Martin Kosek 
Date: Mon, 17 Jan 2011 12:49:16 +0100
Subject: [PATCH] Unused value in initdefault_encoding_utf8

There is no use for return value of Py_InitModule3. Removing it
in this patch.

https://fedorahosted.org/freeipa/ticket/710
---
 .../py_default_encoding/default_encoding_utf8.c|4 +---
 1 files changed, 1 insertions(+), 3 deletions(-)

diff --git a/ipapython/py_default_encoding/default_encoding_utf8.c b/ipapython/py_default_encoding/default_encoding_utf8.c
index 79101d993827bfe96e6b3f297d88cf16ec7e95c5..07adf28ec99fa1921f3ad6ed5552bed724c7d939 100644
--- a/ipapython/py_default_encoding/default_encoding_utf8.c
+++ b/ipapython/py_default_encoding/default_encoding_utf8.c
@@ -52,8 +52,6 @@ static PyMethodDef methods[] = {
 PyMODINIT_FUNC
 initdefault_encoding_utf8(void) 
 {
-PyObject* m;
-
 PyUnicode_SetDefaultEncoding("utf-8");
-m = Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8");
+Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8");
 }
-- 
1.7.3.4

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] Unused value in initdefault_encoding_utf8

[Jakub Hrozek]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/17/2011 01:00 PM, Martin Kosek wrote:
> There is no use for return value of Py_InitModule3. Removing it
> in this patch.
> 
> https://fedorahosted.org/freeipa/ticket/710
> 

Ack
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk00MoEACgkQHsardTLnvCUHMwCfQ/KnbJTKNJKx69vM7aa6STuT
lkwAni4d+Pl6s3kgmYCiroXbLAhric+1
=DG+k
-END PGP SIGNATURE-

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] error - Configuration of CA failed

[Dmitri Pal]

Виктор Сергеевич wrote:
> Hi ALL!!
>
> After added repo ipa-devel i'am have error:
>
> The following operations may take some minutes to complete.
> Please wait until the prompt is returned.
>
> Configuring ntpd
>   [1/4]: stopping ntpd
>   [2/4]: writing configuration
>   [3/4]: configuring ntpd to start on boot
>   [4/4]: starting ntpd
> done configuring ntpd.
> Configuring directory server for the CA: Estimated time 30 seconds
>   [1/3]: creating directory server user
>   [2/3]: creating directory server instance
>   [3/3]: restarting directory server
> done configuring pkids.
> Configuring certificate server: Estimated time 6 minutes
>   [1/16]: creating certificate server user
>   [2/16]: creating pki-ca instance
>   [3/16]: restarting certificate server
>   [4/16]: configuring certificate server instance
> root: CRITICAL failed to restart ca instance Command
> '/sbin/service pki-cad status' returned non-zero exit status 4
> Unexpected error - see ipaserver-install.log for details:
>  Configuration of CA failed
>
> Where I'am wrong?
>

Hello,

It seems that you are still hitting the CA issue. This issue indicates
that the CA packages that you are installing are not from the ipa-devel.
You need to manually remove the certificate system (pki-*) packages that
come from Fedora and use the ones that come from ipa-devel. The packages
that come from ipa-devel have this issue addressed. Alternatively you
can use beta repo with the  pki packages that come from Fedora but in
this case you need to implement the workaround (create a link) as
described in the beta readme.

Thank you
Dmitri


> Thanks
> 
>
> ___
> Freeipa-devel mailing list
> Freeipa-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] error - Configuration of CA failed

[John Dennis]

On 01/17/2011 03:33 AM, Виктор Сергеевич wrote:

Hi ALL!!

After added repo ipa-devel i'am have error:

> 2011-01-17 11:04:10,374 CRITICAL failed to restart ca instance 
Command '/sbin/service pki-cad status' returned non-zero exit status 4


Did you do a yum upgrade  and pull in the packages from the repo? It 
looks like you're running an old version because this issue has been 
fixed in the current repo.


If you have done that then please provide us with the versions of 
ipa-server and pki-core currently installed on your system.


$ rpm -q ipa-server pki-core

--
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] admiyo-0149-jslint-cleanup

[Adam Young]

After this  patch is applied running,

jsl -conf jsl.conf

Will report no errors.  Running clean  is then  a requirement for 
committing patches to the javascript code base
From 9413ab9f577db6eaf7ba1ba2426747091699a9e1 Mon Sep 17 00:00:00 2001
From: Adam Young 
Date: Mon, 17 Jan 2011 10:10:00 -0500
Subject: [PATCH] jslint cleanup

---
 install/static/ipa.js  |3 ++-
 install/static/sudocmd.js  |2 +-
 install/static/sudocmdgroup.js |2 +-
 install/static/sudorule.js |2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/install/static/ipa.js b/install/static/ipa.js
index 6600328f64f09db3dff6dafa8e7b94ee721e0a45..48c116a8cd8f2ad148d9cb29b3abc52db808d9ef 100644
--- a/install/static/ipa.js
+++ b/install/static/ipa.js
@@ -480,7 +480,8 @@ IPA.get_member_attribute = function (obj_name, member)
 }
 return null;
 
-}
+};
+
 
 IPA.create_network_spinner = function(){
 return $('',{
diff --git a/install/static/sudocmd.js b/install/static/sudocmd.js
index ecc71a75d1aaa72e0a38332d31e7c46624326df5..e398ae8faca39fa826beb68105452dae531547d7 100644
--- a/install/static/sudocmd.js
+++ b/install/static/sudocmd.js
@@ -44,7 +44,7 @@ IPA.sudocmd = function () {
 that.add_facet(facet);
 
 facet = IPA.sudocmd_details_facet({
-'name': 'details',
+'name': 'details'
 });
 that.add_facet(facet);
 
diff --git a/install/static/sudocmdgroup.js b/install/static/sudocmdgroup.js
index 21a60d39be442ecf9567cea4641429b730b1e74c..6cb2b83dc3d2a6926f8e1e14ee5b2bd3b0e5c31a 100644
--- a/install/static/sudocmdgroup.js
+++ b/install/static/sudocmdgroup.js
@@ -50,7 +50,7 @@ IPA.sudocmdgroup = function () {
 that.add_facet(facet);
 
 facet = IPA.sudocmdgroup_details_facet({
-'name': 'details',
+'name': 'details'
 });
 that.add_facet(facet);
 
diff --git a/install/static/sudorule.js b/install/static/sudorule.js
index a7774337deb03a3450ef4fad349109df6ea35b1f..94f3247b2b4a1207e231c630ae61df31b0593a68 100644
--- a/install/static/sudorule.js
+++ b/install/static/sudorule.js
@@ -44,7 +44,7 @@ IPA.sudorule = function () {
 that.add_facet(facet);
 
 facet = IPA.sudorule_details_facet({
-'name': 'details',
+'name': 'details'
 });
 that.add_facet(facet);
 
-- 
1.7.3.4

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 680 ldap lockout

[Rob Crittenden]

Update kerberos password policy values on LDAP binds. This is so 
locked-out accounts in kerberos don't try things using LDAP instead.


On a failed bind this will update krbLoginFailedCount and 
krbLastFailedAuth and will potentially fail the bind altogether.


On a successful bind it will zero krbLoginFailedCount and set
krbLastSuccessfulAuth.

This will also enforce locked-out accounts.

See http://k5wiki.kerberos.org/wiki/Projects/Lockout for details on 
kerberos lockout.


ticket 343
>From 7c9aabdf43715550fc39da508a2f6f9a327b15a6 Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Mon, 17 Jan 2011 10:47:00 -0500
Subject: [PATCH] Update kerberos password policy values on LDAP binds.

On a failed bind this will update krbLoginFailedCount and krbLastFailedAuth
and will potentially fail the bind altogether.

On a successful bind it will zero krbLoginFailedCount and set
krbLastSuccessfulAuth.

This will also enforce locked-out accounts.

See http://k5wiki.kerberos.org/wiki/Projects/Lockout for details on
kerberos lockout.

ticket 343
---
 daemons/configure.ac   |1 +
 daemons/ipa-slapi-plugins/Makefile.am  |1 +
 daemons/ipa-slapi-plugins/ipa-lockout/Makefile.am  |   46 ++
 .../ipa-slapi-plugins/ipa-lockout/ipa_lockout.c|  618 
 .../ipa-lockout/lockout-conf.ldif  |   15 +
 ipa.spec.in|2 +
 ipaserver/install/dsinstance.py|4 +
 7 files changed, 687 insertions(+), 0 deletions(-)
 create mode 100644 daemons/ipa-slapi-plugins/ipa-lockout/Makefile.am
 create mode 100644 daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c
 create mode 100644 daemons/ipa-slapi-plugins/ipa-lockout/lockout-conf.ldif

diff --git a/daemons/configure.ac b/daemons/configure.ac
index 72ff750..ef6e97d 100644
--- a/daemons/configure.ac
+++ b/daemons/configure.ac
@@ -296,6 +296,7 @@ AC_CONFIG_FILES([
 ipa-kpasswd/Makefile
 ipa-slapi-plugins/Makefile
 ipa-slapi-plugins/ipa-enrollment/Makefile
+ipa-slapi-plugins/ipa-lockout/Makefile
 ipa-slapi-plugins/ipa-pwd-extop/Makefile
 ipa-slapi-plugins/ipa-winsync/Makefile
 ipa-slapi-plugins/ipa-version/Makefile
diff --git a/daemons/ipa-slapi-plugins/Makefile.am b/daemons/ipa-slapi-plugins/Makefile.am
index 1ae2351..25f50d5 100644
--- a/daemons/ipa-slapi-plugins/Makefile.am
+++ b/daemons/ipa-slapi-plugins/Makefile.am
@@ -2,6 +2,7 @@ NULL =
 
 SUBDIRS =			\
 	ipa-enrollment		\
+	ipa-lockout		\
 	ipa-modrdn		\
 	ipa-pwd-extop		\
 	ipa-uuid		\
diff --git a/daemons/ipa-slapi-plugins/ipa-lockout/Makefile.am b/daemons/ipa-slapi-plugins/ipa-lockout/Makefile.am
new file mode 100644
index 000..fea3fe6
--- /dev/null
+++ b/daemons/ipa-slapi-plugins/ipa-lockout/Makefile.am
@@ -0,0 +1,46 @@
+NULL =
+
+PLUGIN_COMMON_DIR=../common
+
+INCLUDES =			\
+	-I.			\
+	-I$(srcdir)		\
+	-I$(PLUGIN_COMMON_DIR)	\
+	-I/usr/include/dirsrv	\
+	-DPREFIX=\""$(prefix)"\" \
+	-DBINDIR=\""$(bindir)"\"\
+	-DLIBDIR=\""$(libdir)"\" \
+	-DLIBEXECDIR=\""$(libexecdir)"\"			\
+	-DDATADIR=\""$(datadir)"\"\
+	$(AM_CFLAGS)		\
+	$(LDAP_CFLAGS)	\
+	$(WARN_CFLAGS)		\
+	$(NULL)
+
+plugindir = $(libdir)/dirsrv/plugins
+plugin_LTLIBRARIES = 		\
+	libipa_lockout.la		\
+	$(NULL)
+
+libipa_lockout_la_SOURCES = 	\
+	ipa_lockout.c		\
+	$(NULL)
+
+libipa_lockout_la_LDFLAGS = -avoid-version
+
+libipa_lockout_la_LIBADD = 	\
+	$(LDAP_LIBS)		\
+	$(NULL)
+
+appdir = $(IPA_DATA_DIR)
+app_DATA =			\
+	lockout-conf.ldif		\
+	$(NULL)
+
+EXTRA_DIST =			\
+	$(app_DATA)		\
+	$(NULL)
+
+MAINTAINERCLEANFILES =		\
+	*~			\
+	Makefile.in
diff --git a/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c b/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c
new file mode 100644
index 000..674099d
--- /dev/null
+++ b/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c
@@ -0,0 +1,618 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ *
+ * Additional permission under GPLv3 section 7:
+ *
+ * In the following paragraph, "GPL" means the GNU General Public
+ * License, version 3 or any later version, and "Non-GPL Code" means
+ * code that is governed neither by the the GPL nor a license
+ * compatible with the GPL.
+ *
+ * You may link the code of this Program with Non-GPL Code and convey
+ * linked combinations includin

Re: [Freeipa-devel] [PATCH] 0055 Consolidate sudo data in one subtree

[JR Aquino]

ACK.

Please push.

On 1/14/11 3:03 PM, "Simo Sorce"  wrote:

>On Fri, 14 Jan 2011 17:33:31 -0500
>Dmitri Pal  wrote:
>
>> Simo Sorce wrote:
>> > Put all sudo data except the legacy ou=SUDOers into the cn=sudo
>> > subtree.
>> >
>> > Ticket: #773
>> >
>> > Simo.
>> >   
>> 
>> Does it include the compat plugin configuration?
>
>Everything I could find is included (compat plugin configuration was
>found).
>
>Simo.
>
>-- 
>Simo Sorce * Red Hat, Inc * New York
>
>___
>Freeipa-devel mailing list
>Freeipa-devel@redhat.com
>https://www.redhat.com/mailman/listinfo/freeipa-devel


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] Better output from ipactl command

[Simo Sorce]

The following 2 patches enhance the ipactl command output (also used in
the ipa init script).

The first patch fixes ticket #765, the second nis just for coherency
with other scripts like this.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From 3c510115dc4a47d0f1447fe06d1333411e5bee94 Mon Sep 17 00:00:00 2001
From: Simo Sorce 
Date: Mon, 17 Jan 2011 09:17:08 -0500
Subject: [PATCH 1/3] Add a way to print output from commands

Instead pof always capturing the output, make it possible to let
it go to the standard output pipes.
Use this in ipactl to let init scripts show their output.

Fixes: https://fedorahosted.org/freeipa/ticket/765
---
 install/tools/ipactl |   28 ++--
 ipapython/ipautil.py |   27 +++
 ipaserver/install/service.py |   27 +++
 3 files changed, 48 insertions(+), 34 deletions(-)

diff --git a/install/tools/ipactl b/install/tools/ipactl
index 059b86049272dd97332e698fbb3d378e6fe8a11c..ee6783ed328235e09458665eadd9c53f9110a904 100755
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@@ -88,7 +88,7 @@ def ipa_start(serverid):
 
 try:
 print "Starting Directory Service"
-service.start('dirsrv', instance_name=serverid)
+service.start('dirsrv', instance_name=serverid, capture_output=False)
 except:
 emit_err("Failed to start Directory Service")
 return
@@ -99,7 +99,7 @@ def ipa_start(serverid):
 except:
 emit_err("Failed to read data from Directory Service")
 emit_err("Shutting down")
-service.stop('dirsrv', instance_name=serverid)
+service.stop('dirsrv', instance_name=serverid, capture_output=False)
 
 if len(svc_list) == 0:
 return
@@ -108,18 +108,18 @@ def ipa_start(serverid):
 svc_name = service.SERVICE_LIST[svc][0]
 try:
 print "Starting %s Service" % svc
-service.start(svc_name)
+service.start(svc_name, capture_output=False)
 except:
 emit_err("Failed to start %s Service" % svc)
 emit_err("Shutting down")
 for (order, svc) in sorted(svc_list):
 svc_name = service.SERVICE_LIST[svc][0]
 try:
-service.stop(svc_name)
+service.stop(svc_name, capture_output=False)
 except:
 pass
 try:
-service.stop('dirsrv', instance_name=serverid)
+service.stop('dirsrv', instance_name=serverid, capture_output=False)
 except:
 pass
 return
@@ -134,12 +134,12 @@ def ipa_stop(serverid):
 # and see if we can get anything. If not throw our hands up and just
 # exit
 try:
-service.start('dirsrv', instance_name=serverid)
+service.start('dirsrv', instance_name=serverid, capture_output=False)
 svc_list = get_config()
 except:
 emit_err("Failed to read data from Directory Service")
 emit_err("Shutting down")
-service.stop('dirsrv', instance_name=serverid)
+service.stop('dirsrv', instance_name=serverid, capture_output=False)
 
 if len(svc_list) == 0:
 return
@@ -148,13 +148,13 @@ def ipa_stop(serverid):
 svc_name = service.SERVICE_LIST[svc][0]
 try:
 print "Stopping %s Service" % svc
-service.stop(svc_name)
+service.stop(svc_name, capture_output=False)
 except:
 emit_err("Failed to stop %s Service" % svc)
 
 try:
 print "Stopping Directory Service"
-service.stop('dirsrv', instance_name=serverid)
+service.stop('dirsrv', instance_name=serverid, capture_output=False)
 except:
 emit_err("Failed to stop Directory Service")
 return
@@ -163,7 +163,7 @@ def ipa_stop(serverid):
 def ipa_restart(serverid):
 try:
 print "Restarting Directory Service"
-service.restart('dirsrv', instance_name=serverid)
+service.restart('dirsrv', instance_name=serverid, capture_output=False)
 except:
 emit_err("Failed to restart Directory Service")
 return
@@ -174,7 +174,7 @@ def ipa_restart(serverid):
 except:
 emit_err("Failed to read data from Directory Service")
 emit_err("Shutting down")
-service.stop('dirsrv', instance_name=serverid)
+service.stop('dirsrv', instance_name=serverid, capture_output=False)
 
 if len(svc_list) == 0:
 return
@@ -183,18 +183,18 @@ def ipa_restart(serverid):
 svc_name = service.SERVICE_LIST[svc][0]
 try:
 print "Restarting %s Service" % svc
-service.restart(svc_name)
+service.restart(svc_name, capture_output=False)
 except:
 emit_err("Failed to restart %s Service" % svc)
 emit_err("Shutting down")
 for (order, svc) in sorte

Re: [Freeipa-devel] [PATCH] 0055 Consolidate sudo data in one subtree

[Simo Sorce]

On Mon, 17 Jan 2011 16:28:52 +
JR Aquino  wrote:

> ACK.
> 
> Please push.
> 
> On 1/14/11 3:03 PM, "Simo Sorce"  wrote:
> 
> >On Fri, 14 Jan 2011 17:33:31 -0500
> >Dmitri Pal  wrote:
> >
> >> Simo Sorce wrote:
> >> > Put all sudo data except the legacy ou=SUDOers into the cn=sudo
> >> > subtree.
> >> >
> >> > Ticket: #773

Thanks,

pushed to master.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] fix selinux policies for ipa_kpasswd

[Simo Sorce]

The ipa_kpasswd daemon apparently can't listyend on udp due to an error
in the selinux policies.

The attached patch fixes it.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From b479417638507e1adc0ab71a72de9f57826a13e7 Mon Sep 17 00:00:00 2001
From: Simo Sorce 
Date: Mon, 17 Jan 2011 10:59:58 -0500
Subject: [PATCH 3/3] Fix selinux policies for ipa_kpasswd

Fixes: https://fedorahosted.org/freeipa/ticket/775
---
 selinux/ipa_kpasswd/ipa_kpasswd.te |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/selinux/ipa_kpasswd/ipa_kpasswd.te b/selinux/ipa_kpasswd/ipa_kpasswd.te
index 07312ce987304e5426790bcec54ccf15b40f2c81..292be7b89ddb8bf25ca956ad9c5fea0f5a399e02 100644
--- a/selinux/ipa_kpasswd/ipa_kpasswd.te
+++ b/selinux/ipa_kpasswd/ipa_kpasswd.te
@@ -75,5 +75,6 @@ optional_policy(`
  type kerberos_password_port_t;
 ')
 corenet_tcp_bind_kerberos_password_port(ipa_kpasswd_t)
+corenet_udp_bind_kerberos_password_port(ipa_kpasswd_t)
 ')
 
-- 
1.7.3.4

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] admiyo-0150-search-unit-tests

[Adam Young]

From eb83c2170a64aa9f760f25d1019bb9bf6f6238eb Mon Sep 17 00:00:00 2001
From: Adam Young 
Date: Mon, 17 Jan 2011 12:31:31 -0500
Subject: [PATCH] search unit tests
 Unit tests were by the hiding of the search, and elements from the action panel.

---
 install/static/test/entity_tests.js |   13 -
 1 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/install/static/test/entity_tests.js b/install/static/test/entity_tests.js
index a24f80810363b1630f3377e6af8a89e4be5bb03d..21fff48f8f46970c214862fe35e5b462b58d8d62 100644
--- a/install/static/test/entity_tests.js
+++ b/install/static/test/entity_tests.js
@@ -122,8 +122,8 @@ test('Testing ipa_facet_setup_views().', function() {
 );
 
 var li = views.first();
-ok(  li.hasClass('search-facet'),
-'Checking the search facet'
+ok(  li.children().first().hasClass('action-controls'),
+'Checking that first item in list is placement for controls'
 );
 
 li = li.next(); // skip action controls
@@ -148,11 +148,14 @@ test('Testing ipa_facet_setup_views().', function() {
 var pkey_input =  $('input[name=pkey]', action_panel);
 ok(pkey_input.length,'pkey input exists');
 var search_facets = $('li.search-facet', action_panel);
-equals(search_facets.length,1,'one search facet in action panel');
+equals(search_facets.length,0,'search facet should not show up  in action panel');
 var entity_facets = $('li.entity-facet', action_panel);
 /*No longer automatically adding details, so ony the assoc. facets */
-equals(entity_facets.length,3,'3 entity facets in action panel');
-
+equals(entity_facets.length,4,'4 hidden entity facets in action panel');
+entity_facets.each(function() {
+ok( $(this).hasClass('entity-facet-disabled'),
+'entity facets are disabled');
+});
 
 for ( var entity_facet = entity_facets.first();
   entity_facet.length;
-- 
1.7.3.4

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 0059 Add command to test if DNS is active

[Simo Sorce]

This patch implements the feature requested in ticket #600

The internal dns_is_enabled command returns whether the DNS service is
enable on at least one of the server in the domain.

The UI can use this command to determine whether to show the DNS
related configuration options.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From a466f0bfdd7ecbd2220c8445df2116dd8a0b9292 Mon Sep 17 00:00:00 2001
From: Simo Sorce 
Date: Mon, 17 Jan 2011 12:28:24 -0500
Subject: [PATCH] Provide API to check if IPA DNS is enabled on some server

Fixes: https://fedorahosted.org/freeipa/ticket/600
---
 API.txt   |5 +
 ipalib/plugins/dns.py |   25 +
 2 files changed, 30 insertions(+), 0 deletions(-)

diff --git a/API.txt b/API.txt
index c53ecbd0d867dd529566a8335ae086ac58b4425f..844e9534c620858aeb4cc23e22b60fab48790dc0 100644
--- a/API.txt
+++ b/API.txt
@@ -467,6 +467,11 @@ option: Str('version?', exclude='webui', flags=['no_option', 'no_output'])
 output: Output('summary', (, ), 'User-friendly description of action performed')
 output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 output: Output('value', , "The primary_key value of the entry, e.g. 'jdoe' for a user")
+command: dns_is_enabled
+args: 0,0,3
+output: Output('summary', (, ), 'User-friendly description of action performed')
+output: Output('result', , 'True means the operation was successful')
+output: Output('value', , "The primary_key value of the entry, e.g. 'jdoe' for a user")
 command: dns_resolve
 args: 1,0,3
 arg: Str('hostname', label=Gettext('Hostname', domain='ipa', localedir=None))
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index cf58098036f7056d20337b4d3b5f02b158b41360..e7dca5365a99ef34802d28a33c9ab0a4e811fe57 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -621,3 +621,28 @@ class dns_resolve(Command):
 return dict(result=True, value=query)
 
 api.register(dns_resolve)
+
+class dns_is_enabled(Command):
+"""
+Checks if any of the servers has the DNS service enabled.
+"""
+INTERNAL = True
+has_output = output.standard_value
+
+base_dn = 'cn=master,cn=ipa,cn=etc,%s' % api.env.basedn
+filter = '(&(objectClass=ipaConfigObject)(cn=DNS))'
+
+def execute(self, *args, **options):
+ldap = self.api.Backend.ldap2
+dns_enabled = False
+
+try:
+ent = ldap.find_entries(filter=filter, base_dn=base_dn)
+if len(e):
+dns_enabled = True
+except Exception, e:
+pass
+
+return dict(result=dns_enabled, value=u'')
+
+api.register(dns_is_enabled)
-- 
1.7.3.4

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 0059 Add command to test if DNS is active

[Adam Young]

On 01/17/2011 01:11 PM, Simo Sorce wrote:

This patch implements the feature requested in ticket #600

The internal dns_is_enabled command returns whether the DNS service is
enable on at least one of the server in the domain.

The UI can use this command to determine whether to show the DNS
related configuration options.

Simo.



___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Will this show up in the metadata call?  If not, it can't be used by the 
webUI yet.  Not reason for a NACK, but indicates more work to be done 
afterwards.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 681 set default maxint

[Rob Crittenden]

Set a default for maxint that matches what xmlrpclib can handle. Also 
handle marshalling errors from xmlrpclib so users don't get a backtrace.


This was discovered by a typo in a dns serial number which exceeded 4 
bytes. To test try something like:


$ ipa dnszone-add --name-server=192.168.122.214 
--admin-email=t...@example.com --serial=20100101010 --refresh=300 
--retry=300 --expire=120 --minimum=3000 --maximum=9200 --ttl=100 newzone


ticket 770

rob
>From 87f53c60c0962dd9848a83c36b636f77cb7cfd9e Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Mon, 17 Jan 2011 16:23:53 -0500
Subject: [PATCH] Set the default Int maxvalue to the maximum XML-RPC can handle.

Also handle marshalling errors thrown by xmlrpclib more gracefully.

ticket 770
---
 ipalib/errors.py |   14 ++
 ipalib/parameters.py |3 ++-
 ipalib/rpc.py|4 +++-
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/ipalib/errors.py b/ipalib/errors.py
index fd23d99..1d491fa 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -420,6 +420,20 @@ class JSONError(PublicError):
 format = _('Invalid JSON-RPC request: %(error)s')
 
 
+class XMLRPCMarshallError(PublicError):
+"""
+**910** Raised when the XML-RPC lib cannot marshall the request
+
+For example:
+
+>>> raise XMLRPCMarshallError(error='int exceeds XML-RPC limits')
+Traceback (most recent call last):
+  ...
+XMLRPCMarshallError: error marshalling data for XML-RPC transport: int exceeds XML-RPC limits
+"""
+
+errno = 910
+format = _('error marshalling data for XML-RPC transport: %(error)s')
 
 ##
 # 1000 - 1999: Authentication errors
diff --git a/ipalib/parameters.py b/ipalib/parameters.py
index 78eacde..0d6c690 100644
--- a/ipalib/parameters.py
+++ b/ipalib/parameters.py
@@ -109,6 +109,7 @@ from errors import PasswordMismatch
 from constants import NULLS, TYPE_ERROR, CALLABLE_ERROR
 from text import Gettext, FixMe
 import csv
+from xmlrpclib import MAXINT
 
 
 class DefaultFrom(ReadOnly):
@@ -1002,7 +1003,7 @@ class Int(Number):
 
 kwargs = Param.kwargs + (
 ('minvalue', int, None),
-('maxvalue', int, None),
+('maxvalue', int, int(MAXINT)),
 )
 
 def __init__(self, name, *rules, **kw):
diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index dd85076..3457640 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -38,7 +38,7 @@ import errno
 from xmlrpclib import Binary, Fault, dumps, loads, ServerProxy, Transport, ProtocolError
 import kerberos
 from ipalib.backend import Connectible
-from ipalib.errors import public_errors, PublicError, UnknownError, NetworkError, KerberosError
+from ipalib.errors import public_errors, PublicError, UnknownError, NetworkError, KerberosError, XMLRPCMarshallError
 from ipalib import errors
 from ipalib.request import context
 from ipapython import ipautil, dnsclient
@@ -373,3 +373,5 @@ class xmlclient(Connectible):
 raise NetworkError(uri=server, error=e.errmsg)
 except socket.error, e:
 raise NetworkError(uri=server, error=str(e))
+except (OverflowError, TypeError), e:
+raise XMLRPCMarshallError(error=str(e))
-- 
1.7.3.4

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 0060 fix ipa-join, prevent it crashing

[Simo Sorce]

Fix a ipa-join segfault due to improper handling of NULL credentials.

Fixes ticket #783.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From 16ee251376ed9817ceb59b57b64ce5f0720f43e9 Mon Sep 17 00:00:00 2001
From: Simo Sorce 
Date: Mon, 17 Jan 2011 18:42:21 -0500
Subject: [PATCH] Do not try to dereference bindpw if it is null

Fixes: https://fedorahosted.org/freeipa/ticket/783
---
 ipa-client/ipa-join.c |9 +++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
index d23348954d85b68a362ce3bbebc4180fce4005c3..86b1bd122064ebe4832225cfa2bc65f80a69da00 100644
--- a/ipa-client/ipa-join.c
+++ b/ipa-client/ipa-join.c
@@ -213,8 +213,13 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) {
 goto fail;
 }
 
-bindpw_bv.bv_val = discard_const(bindpw);
-bindpw_bv.bv_len = strlen(bindpw);
+if (bindpw) {
+bindpw_bv.bv_val = discard_const(bindpw);
+bindpw_bv.bv_len = strlen(bindpw);
+} else {
+bindpw_bv.bv_val = NULL;
+bindpw_bv.bv_len = 0;
+}
 
 ret = ldap_sasl_bind_s(ld, binddn, LDAP_SASL_SIMPLE, &bindpw_bv,
NULL, NULL, NULL);
-- 
1.7.3.4

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] admiyo-0149-jslint-cleanup

[Endi Sukma Dewata]

On 1/17/2011 10:12 PM, Adam Young wrote:

After this patch is applied running,

jsl -conf jsl.conf

Will report no errors. Running clean is then a requirement for
committing patches to the javascript code base


ACK and pushed to master.

--
Endi S. Dewata

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] admiyo-0150-search-unit-tests

[Endi Sukma Dewata]

On 1/18/2011 12:32 AM, Adam Young wrote:




ACK and pushed to master.

--
Endi S. Dewata

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] New certificate and Kerberos key status behavior.

[Endi Sukma Dewata]

Hi,

The attached patch is a further adjustment for item #3 of this bug:
https://fedorahosted.org/freeipa/ticket/670

The status panel for certificates and Kerberos keys has been
modified to display only the current status with the relevant buttons.
New icons have been added to replace the red/yellow/green bullets.

--
Endi S. Dewata
From 4ea3d5942f1ce387b3ad957bb6fbf4f1dc285dc0 Mon Sep 17 00:00:00 2001
From: Endi S. Dewata 
Date: Mon, 17 Jan 2011 20:43:43 +0700
Subject: [PATCH] New certificate and Kerberos key status behavior.

The status panel for certificates and Kerberos keys has been
modified to display only the current status with the relevant buttons.
New icons have been added to replace the red/yellow/green bullets.
---
 install/static/Makefile.am|2 +
 install/static/caution.png|  Bin 0 -> 438 bytes
 install/static/certificate.js |  139 +---
 install/static/check.png  |  Bin 0 -> 3209 bytes
 install/static/host.js|   82 
 install/static/ipa.css|   12 ++--
 install/static/service.js |   58 ++---
 7 files changed, 170 insertions(+), 123 deletions(-)
 create mode 100755 install/static/caution.png
 create mode 100755 install/static/check.png

diff --git a/install/static/Makefile.am b/install/static/Makefile.am
index c1a5a75550a7e8f43654fef533690667d9ea9db7..998c4ffe5c98eb8ff9f1df5e09a1ebf5e67e9ffc 100644
--- a/install/static/Makefile.am
+++ b/install/static/Makefile.am
@@ -11,6 +11,8 @@ app_DATA =  \
 	aci.js\
 	add.js\
 	associate.js			\
+	caution.png			\
+	check.png			\
 	ipa_logo_180x50.png		\
 	ipa.js\
 	ipa.css\
diff --git a/install/static/caution.png b/install/static/caution.png
new file mode 100755
index ..ce7a68ad960852235b2cb4815cf502cc74939e85
GIT binary patch
literal 438
zcmV;n0ZIOeP))V@2l(BEA!$e^WZ7y=;-e5?*IP!@!Lu8+ClW=aQEw&_2-54>#OwScek^Y{{8jp
z*DLkrAouGU($doN;V1w9|CiLGF#rGnj7da6RCwA{$k!HvFc3x22|^Ge9Ti)^-g}P<
z|NmD+6I9N_%v~EYk?Y9;@}I9|Xi#jIpl_id{DTDR`g-w$`yTl|I`qD9TGe<)y8yQy
zTfBJSNoc0ePsUMzO{)(PP2La&IF;eyE(7OcGR7*J#_!T>Ik1JBLdd8y8xx{*VFKzj
gdKJy1jhYKE072_0N6_SRw*UYD07*qoM6N<$f(cRaw*UYD

literal 0
HcmV?d1

diff --git a/install/static/certificate.js b/install/static/certificate.js
index e81d3a784e7e53b58dec2ae5b3103b5b33a26f98..63db76fc03b0fd09d06265ebe8fe19968d7ecdc4 100755
--- a/install/static/certificate.js
+++ b/install/static/certificate.js
@@ -413,96 +413,132 @@ function certificate_status_widget(spec) {
 
 that.widget_create(container);
 
-var table = $('', {
-'class': 'certificate-status'
+var dd = $('', {
+'class': 'first'
 }).appendTo(container);
 
-var tr = $('').appendTo(table);
+var div = $('', {
+name: 'certificate-valid'
+}).appendTo(dd);
+
+$('', {
+src: 'check.png',
+style: 'float: left;',
+'class': 'status-icon'
+}).appendTo(div);
 
-var td = $('').appendTo(tr);
+var content_div = $('', {
+style: 'float: left;'
+}).appendTo(div);
 
-$('', {
-'class': 'status-icon status-valid'
-}).appendTo(td);
+content_div.append('Valid Certificate Present:');
 
-td = $('').appendTo(tr);
-td.append('Valid Certificate Present:');
-
-td = $('').appendTo(tr);
+content_div.append(' ');
 
 $('', {
 'type': 'button',
 'name': 'get',
 'value': 'Get'
-}).appendTo(td);
+}).appendTo(content_div);
 
-td.append(' ');
+content_div.append(' ');
 
 if (!that.is_selfsign()) {
 $('', {
 'type': 'button',
 'name': 'revoke',
 'value': 'Revoke'
-}).appendTo(td);
+}).appendTo(content_div);
 
-td.append(' ');
+content_div.append(' ');
 }
 
 $('', {
 'type': 'button',
 'name': 'view',
 'value': 'View'
-}).appendTo(td);
+}).appendTo(content_div);
+
+content_div.append(' ');
+
+$('', {
+'type': 'button',
+'name': 'create',
+'value': 'New Certificate'
+}).appendTo(content_div);
 
 if (!that.is_selfsign()) {
-tr = $('').appendTo(table);
+div = $('', {
+name: 'certificate-revoked'
+}).appendTo(dd);
 
-td = $('').appendTo(tr);
-$('', {
-'class': 'status-icon status-revoked'
-}).appendTo(td);
+$('', {
+src: 'caution.png',
+style: 'float: left;',
+'class': 'status-icon'
+}).appendTo(div);
 
-td = $('').appendTo(tr);
-td.append('Certificate Revoked:');
+

[Freeipa-devel] [PATCH] CSS class for buttons without icons.

[Endi Sukma Dewata]

Hi,

The attached patch addresses item #5 of this bug:
https://fedorahosted.org/freeipa/ticket/670

A new CSS class has been added for buttons without icons. The
IPA.button() has been modified to use this class if there is
no icons specified.

--
Endi S. Dewata
From 4b7234f363313710ef82b7874d8abfcdb88dc54f Mon Sep 17 00:00:00 2001
From: Endi S. Dewata 
Date: Tue, 18 Jan 2011 07:10:41 +0700
Subject: [PATCH] CSS class for buttons without icons.

A new CSS class has been added for buttons without icons. The
IPA.button() has been modified to use this class if there is
no icons specified.
---
 install/static/details.js |   10 --
 install/static/ipa.css|7 +++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/install/static/details.js b/install/static/details.js
index 5c6bc83a2c3aac36f2c81619a05d85bc852289cb..aad77a9c4a5ff3b05fa3def8c7c300e12d1fcd67 100644
--- a/install/static/details.js
+++ b/install/static/details.js
@@ -699,12 +699,18 @@ IPA.button = function(spec) {
 id: spec.id,
 html: spec.label,
 title: spec.title || spec.label,
-'class': 'ui-state-default ui-corner-all input_link'
+'class': 'ui-state-default ui-corner-all'
 });
 
 if (spec.click) button.click(spec.click);
 if (spec['class']) button.addClass(spec['class']);
-if (spec.icon) button.append(' ');
+
+if (spec.icon) {
+button.addClass('input_link');
+button.append(' ');
+} else {
+button.addClass('button-without-icon');
+}
 
 return button;
 };
diff --git a/install/static/ipa.css b/install/static/ipa.css
index 518e8aa266bb8a25f8335d81e383dcb629a35a0d..66b0509e254a9d222e31387bc2e1406e01b9e9e4 100644
--- a/install/static/ipa.css
+++ b/install/static/ipa.css
@@ -52,6 +52,13 @@ body{
 top: 50%;
 }
 
+.button-without-icon {
+padding: .4em 1em .4em 1em;
+text-decoration: none;
+position: relative;
+cursor: pointer;
+}
+
 /*    Header    */
 div.header {
 background-color:#0C3B00;
-- 
1.6.6.1

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] Unprovision message and buttons adjustments.

[Endi Sukma Dewata]

Hi,

The message and buttons in the unprovision dialog box have been
updated according to the latest spec.

--
Endi S. Dewata
From e0e62d8c324ce2e91cbed59a4559c31eb7379f61 Mon Sep 17 00:00:00 2001
From: Endi S. Dewata 
Date: Tue, 18 Jan 2011 14:29:59 +0700
Subject: [PATCH] Unprovision message and buttons adjustments.

The message and buttons in the unprovision dialog box have been
updated according to the latest spec.
---
 install/static/host.js|8 ++--
 install/static/service.js |8 ++--
 2 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/install/static/host.js b/install/static/host.js
index 9751abbe84ef8f26d2c9e32f2024e78ef431a6e9..e3ed5e50a8801f75e0bdd94bc316e721a99f5de8 100644
--- a/install/static/host.js
+++ b/install/static/host.js
@@ -322,8 +322,8 @@ function host_provisioning_status_widget(spec) {
 
 dialog.create = function() {
 dialog.container.append(
-'To confirm your intention to unprovision this host, '+
-'click the "Unprovision" button.');
+'Are you sure you want to unprovision this host?'
+);
 };
 
 dialog.add_button('Unprovision', function() {
@@ -338,10 +338,6 @@ function host_provisioning_status_widget(spec) {
 );
 });
 
-dialog.add_button('Cancel', function() {
-dialog.close();
-});
-
 dialog.init();
 
 dialog.open(that.container);
diff --git a/install/static/service.js b/install/static/service.js
index fb99b74d55c1764b33156e3f70298d131ddc45fb..50cd80784073032f6f054720e0fbcaa8e6638c6e 100644
--- a/install/static/service.js
+++ b/install/static/service.js
@@ -343,8 +343,8 @@ function service_provisioning_status_widget(spec) {
 
 dialog.create = function() {
 dialog.container.append(
-'To confirm your intention to unprovision this service, '+
-'click the "Unprovision" button.');
+'Are you sure you want to unprovision this service?'
+);
 };
 
 dialog.add_button('Unprovision', function() {
@@ -360,10 +360,6 @@ function service_provisioning_status_widget(spec) {
 );
 });
 
-dialog.add_button('Cancel', function() {
-dialog.close();
-});
-
 dialog.init();
 
 dialog.open(that.container);
-- 
1.6.6.1

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel