Re: [Freeipa-devel] [PATCH] 026 HBAC plugin inconsistent output
Martin Kosek mko...@redhat.com wrote: This patch adds a proper summary text to HBAC command which is then printed out in CLI. Now, HBAC plugin output is consistent with other plugins. https://fedorahosted.org/freeipa/ticket/596 I believe API.txt should be updated (you change hbacrule_enable and hbacrule_disable return values), so NACK for now. Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Fixed type of argument in class help
On Wed, Feb 02, 2011 at 08:54:47AM +0100, Jan Zelený wrote: At Rob's suggestion I changed the argument type in class help, this is only oneliner, I think it can be pushed directly. Jan -takes_args = (Bytes('command?'),) +takes_args = (Str('command?'),) Nack, you also need to import Str from parameters. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Fix of a small typo
On Fri, Feb 04, 2011 at 06:41:41PM +0100, Jan Zeleny wrote: Trivial fix, can be pushed directly Jan Ack ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Fixed command delegation-show
On Fri, Feb 04, 2011 at 06:40:54PM +0100, Jan Zeleny wrote: Recent changes in permission prefixes influenced also delegations. The plugin has been updated accordingly, but this one line has been forgotten. Jan I think it is not needed, the only command preceding return from the function is is_delegation() that has the value of aciprefix hardcoded. Jakub ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 72 Set minimum for Kerberos policy max life and max renew
Fix #847 Pavel freeipa-pzuna-72-krbtpmin.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Fixed command delegation-show
Jakub Hrozek jhro...@redhat.com wrote: On Fri, Feb 04, 2011 at 06:40:54PM +0100, Jan Zeleny wrote: Recent changes in permission prefixes influenced also delegations. The plugin has been updated accordingly, but this one line has been forgotten. Jan I think it is not needed, the only command preceding return from the function is is_delegation() that has the value of aciprefix hardcoded. Jakub Sorry, withdrawing the patch. I originally made it because delegation-show didn't work for me, but it was probably only typo on the command line or something. The code is indeed ok. Thanks for catching that. Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 027 Support of user default email domain
On Fri, Feb 04, 2011 at 03:20:55PM +0100, Martin Kosek wrote: This patch fixes the default domain functionality for user email(s). This setting may be configured via: ipa config-mod --emaildomain=example.com Then, when user is added/modified and --mail option is passed, the default domain is appended if the passed attribute does not contain another domain already. https://fedorahosted.org/freeipa/ticket/598 Ack ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 73 Update config doc to reflect that 0 is not allowed for search time limit.
Fix #837 Pavel freeipa-pzuna-73-configdoc.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 72 Set minimum for Kerberos policy max life and max renew
On Mon, Feb 07, 2011 at 11:13:56AM +0100, Pavel Zuna wrote: Fix #847 Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Nack, please update API.txt ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 76 Fallback to default locale (en_US) if env. setting is corrupt.
This is a follow-up to my patches 69 and 71 (70 is garbage). It prevents a crash when user misconfigures his locale settings. Pavel freeipa-pzuna-76-deflocale.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 77 Update krbtpolicy doc to inform that restarting krb5kdc might be needed.
It seems that restarting krb5kdc is only needed when changes to the global policy are made. Per-user policies take effect immediately for newly requested tickets. Can someone please confirm? Fix #844 Pavel freeipa-pzuna-77-krbtpdoc.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 77 Update krbtpolicy doc to inform that restarting krb5kdc might be needed.
Pavel Zuna wrote: It seems that restarting krb5kdc is only needed when changes to the global policy are made. Per-user policies take effect immediately for newly requested tickets. Can someone please confirm? Yes, in testing this is the behavior. If the help could specify that a ipactl restart is required after global policy change, that would be great. Thanks Jenny Fix #844 Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel -- Jenny Galipeau jgali...@redhat.com Principal Software QA Engineer Red Hat, Inc. Security Engineering Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Removed unused code.
This depends on freeipa-edewata-0094-Restructuring-details-page.patch. -- Endi S. Dewata From 14fbaabf3c283f43113d4ee87b4db87a88102a95 Mon Sep 17 00:00:00 2001 From: Endi S. Dewata edew...@redhat.com Date: Fri, 4 Feb 2011 11:48:09 -0600 Subject: [PATCH] Removed unused code. --- install/ui/details.js| 385 +++--- install/ui/test/details_tests.js | 45 - 2 files changed, 25 insertions(+), 405 deletions(-) diff --git a/install/ui/details.js b/install/ui/details.js index 7eb7c038ec561ec1f9f61058b3137f7c615c8ad7..6445c5a8700551a1b6d9675e10bb808a5f3ddeea 100644 --- a/install/ui/details.js +++ b/install/ui/details.js @@ -29,269 +29,7 @@ IPA.expand_icon = 'ui-icon-minus'; IPA.collapse_icon = 'ui-icon-plus'; -IPA.is_field_writable = function(rights){ -if (!rights){ -alert('no right'); -} -return rights.indexOf('w') -1; -}; - -IPA.details_field = function (spec) { - -spec = spec || {}; - -var that = IPA.widget(spec); - -that.load = spec.load || load; -that.save = spec.save || save; - -function load(record) { -that.record = record; -that.values = record[that.name]; -that.reset(); - -var param_info = IPA.get_param_info(that.entity_name, that.name); -if (param_info) { -if (param_info['primary_key']) { -that.read_only = true; -} -if ('no_update' in param_info['flags']) { -that.read_only = true; -} -} -} - -that.update = function() { - -if (!that.record) return; - -/* remove all dd tags i.e. all attribute values */ -$('dd', that.container).remove(); - -var multivalue = false; -var hint_span = null; -var dd; - -var param_info = IPA.get_param_info(that.entity_name, that.name); -if (param_info) { -if (param_info['multivalue'] || param_info['class'] == 'List') -multivalue = true; -var hint = param_info['doc']; -if (hint){ -hint_span = $('span /',{ -'class': 'attrhint', -'html': 'Hint: ' + hint}); -} -} - -var rights = 'rsc'; - -if (that.record.attributelevelrights){ -rights = that.record.attributelevelrights[this.name] || rights ; -} - -if (that.values) { -/* - Too much logic currently assumes an array. - This is true everywhere but ACIs. */ - -if (!(that.values instanceof Array)){ -that.values = [that.values]; -} - -dd = IPA.create_first_dd(that.name); -dd.append(that.create_value(that.values[0], hint_span, rights, 0)); -dd.appendTo(that.container); - -for (var i = 1; i that.values.length; ++i) { -dd = IPA.create_other_dd(that.name); -dd.append(that.create_value(that.values[i], hint_span, rights, i)); -dd.appendTo(that.container); -} - -if (multivalue IPA.is_field_writable(rights) ) { -dd = IPA.create_other_dd(that.name); -dd.append(IPA.details_field_create_add_link.call(that, that.name, rights, that.values.length)); -dd.appendTo(that.container); -} - -} else { -if (multivalue IPA.is_field_writable(rights)) { -dd = IPA.create_first_dd(that.name); -dd.append(IPA.details_field_create_add_link.call(that, that.name, rights, 0)); -dd.appendTo(that.container); - -} else { -dd = IPA.create_first_dd(that.name); -dd.append(that.create_value('', hint_span, rights, 0)); -dd.appendTo(that.container); -} -} -}; - - -/* creates a Remove link for deleting attribute values */ -function create_remove_link(attr, param_info){ -function remove_on_click(obj){ -var jobj = $(obj); -var attr = jobj.attr('title'); -var par = jobj.parent(); -var input = par.find('input'); -if (input.is('.strikethrough')){ -input.removeClass('strikethrough'); -jobj.text(Remove); -}else{ -input.addClass('strikethrough'); -jobj.text(Undo); -} -return (false); -} - -if (param_info){ -/* check if the param is required or of the Password type - * if it is, then we don't want people to be able to remove it */ -if ((param_info['required']) || -(param_info['class'] == 'Password')){ -return (''); -} -} -return $('a/',{ -href:jslink, -click: function (){return (remove_on_click(this));}, -
Re: [Freeipa-devel] [PATCH] Removed unused code.
On 02/07/2011 10:27 AM, Endi Sukma Dewata wrote: This depends on freeipa-edewata-0094-Restructuring-details-page.patch. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK: pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Hide initial status.
Previously all certificate Kerberos key statuses (valid, missing and revoked) will appear briefly at the same time during page load. This has been fixed by setting the initial style to hidden. -- Endi S. Dewata From afaa735fe055190809de1fcae17ed2d7bc64f47c Mon Sep 17 00:00:00 2001 From: Endi S. Dewata edew...@redhat.com Date: Mon, 7 Feb 2011 11:38:06 -0600 Subject: [PATCH] Hide initial status. Previously all certificate Kerberos key statuses (valid, missing and revoked) will appear briefly at the same time during page load. This has been fixed by setting the initial style to hidden. --- install/ui/certificate.js |9 ++--- install/ui/host.js|6 -- install/ui/service.js |6 -- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/install/ui/certificate.js b/install/ui/certificate.js index 6b100ed1c5beeb071f7d226900464cc6473490b4..3158d04883af8cb7eb1f9a0f02e936801f0ea358 100755 --- a/install/ui/certificate.js +++ b/install/ui/certificate.js @@ -414,7 +414,8 @@ function certificate_status_widget(spec) { that.widget_create(container); var div = $('div/', { -name: 'certificate-valid' +name: 'certificate-valid', +style: 'display: none;' }).appendTo(container); $('img/', { @@ -465,7 +466,8 @@ function certificate_status_widget(spec) { if (!that.is_selfsign()) { div = $('div/', { -name: 'certificate-revoked' +name: 'certificate-revoked', +style: 'display: none;' }).appendTo(container); $('img/', { @@ -504,7 +506,8 @@ function certificate_status_widget(spec) { } div = $('div/', { -name: 'certificate-missing' +name: 'certificate-missing', +style: 'display: none;' }).appendTo(container); $('img/', { diff --git a/install/ui/host.js b/install/ui/host.js index cc60fb51190462ea05fe273e3a8231c1fab0ab5d..f6af82cb15397cb2b19c69a56f0d9617c07ef3a0 100644 --- a/install/ui/host.js +++ b/install/ui/host.js @@ -226,7 +226,8 @@ function host_provisioning_status_widget(spec) { that.widget_create(container); var div = $('div/', { -name: 'kerberos-key-valid' +name: 'kerberos-key-valid', +style: 'display: none;' }).appendTo(container); $('img/', { @@ -250,7 +251,8 @@ function host_provisioning_status_widget(spec) { }).appendTo(content_div); div = $('div/', { -name: 'kerberos-key-missing' +name: 'kerberos-key-missing', +style: 'display: none;' }).appendTo(container); $('img/', { diff --git a/install/ui/service.js b/install/ui/service.js index 53a01d890574cd8fc321b2c0bd3e5f869bee..360386a1380ab6383e82942b746ceefa4d1e14da 100644 --- a/install/ui/service.js +++ b/install/ui/service.js @@ -223,7 +223,8 @@ function service_provisioning_status_widget(spec) { that.widget_create(container); var div = $('div/', { -'class': 'kerberos-key-valid' +name: 'kerberos-key-valid', +style: 'display: none;' }).appendTo(container); $('img/', { @@ -247,7 +248,8 @@ function service_provisioning_status_widget(spec) { }).appendTo(content_div); div = $('div/', { -name: 'kerberos-key-missing' +name: 'kerberos-key-missing', +style: 'display: none;' }).appendTo(container); $('img/', { -- 1.6.6.1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 701 fix uninstallation
The state file is read early on in the uninstall and then each service manages its own uninstallation, resetting state as it goes along. Finally we remove the shared 389-ds user but the state is still the original state at the start of the uninstall so everything basically gets reset. Re-read the state again fixes it. ticket 916 rob freeipa-rcrit-701-uninstall.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 702 add entitlement API
The entitlement plugin was being skipped completely if the python-rhsm package wasn't installed. We want to let it limp through if the package isn't installed but we're doing API validation. ticket 919 rob freeipa-rcrit-702-entitle.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Hide initial status.
On 02/07/2011 12:58 PM, Endi Sukma Dewata wrote: Previously all certificate Kerberos key statuses (valid, missing and revoked) will appear briefly at the same time during page load. This has been fixed by setting the initial style to hidden. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK and pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 701 fix uninstallation
On 02/07/2011 01:35 PM, Rob Crittenden wrote: The state file is read early on in the uninstall and then each service manages its own uninstallation, resetting state as it goes along. Finally we remove the shared 389-ds user but the state is still the original state at the start of the uninstall so everything basically gets reset. Re-read the state again fixes it. ticket 916 rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK . pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 026 HBAC plugin inconsistent output
On 02/07/2011 04:38 AM, Jan Zelený wrote: Martin Kosekmko...@redhat.com wrote: This patch adds a proper summary text to HBAC command which is then printed out in CLI. Now, HBAC plugin output is consistent with other plugins. https://fedorahosted.org/freeipa/ticket/596 I believe API.txt should be updated (you change hbacrule_enable and hbacrule_disable return values), so NACK for now. Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Can we Mark these as : ACK, needs API.txt update? There are going to be conflicts as different people modify the API. The ones that require API.txt updates just need to have the update done prior to check-in. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Read-only text widget's save() should return null.
Pushed under one-liner rule. -- Endi S. Dewata From 2d84ab075cb418139afe0697de67eea82eecc15a Mon Sep 17 00:00:00 2001 From: Endi S. Dewata edew...@redhat.com Date: Mon, 7 Feb 2011 13:12:30 -0600 Subject: [PATCH] Read-only text widget's save() should return null. --- install/ui/widget.js |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/install/ui/widget.js b/install/ui/widget.js index beb09a9d4511929a5dfe32da199b975466ef7525..eb2f70cfc0407d36fa6dd04ef7a4e9acb2f82853 100644 --- a/install/ui/widget.js +++ b/install/ui/widget.js @@ -352,7 +352,8 @@ IPA.text_widget = function(spec) { that.save = function() { if (that.read_only || !that.writable) { -return that.values; +return null; + } else { var input = $('input[name='+that.name+']', that.container); var value = $.trim(input.val()); -- 1.6.6.1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 73 Update config doc to reflect that 0 is not allowed for search time limit.
Pavel Zuna wrote: Fix #837 Pavel /me hesitantly asks... Doesn't this mean that 1 is illegal? doc=_('Max. amount of time (sec.) for a search ( 1 or -1 for unlimited)'), Neither is there any mention of zero being illegal. It may be implicit or self-evident, but I don't rely on that in doc. I'd be inclined to change it to ( 0, or -1 for unlimited) but remember, I'm not a coder :) cheers -- David O'Brien Red Hat Asia Pacific Pty Ltd +61 7 3514 8189 He who asks is a fool for five minutes, but he who does not ask remains a fool forever. ~ Chinese proverb ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 77 Update krbtpolicy doc to inform that restarting krb5kdc might be needed.
Dmitri Pal wrote: On 02/07/2011 06:46 PM, David O'Brien wrote: Jenny Galipeau wrote: Pavel Zuna wrote: It seems that restarting krb5kdc is only needed when changes to the global policy are made. Per-user policies take effect immediately for newly requested tickets. Can someone please confirm? Yes, in testing this is the behavior. If the help could specify that a ipactl restart is required after global policy change, that would be great. Thanks Jenny Please raise a suitable bugzilla to get this included in the user doc. So far I only have doc about restarting IPA services after ipa krbtpolicy-reset. Isn't it the same thing? I took changes to mean using krbtpolicy-mod and any others, not just -reset, which is the info I received last time. thanks Fix #844 Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel -- David O'Brien Red Hat Asia Pacific Pty Ltd +61 7 3514 8189 He who asks is a fool for five minutes, but he who does not ask remains a fool forever. ~ Chinese proverb ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel