Re: [Freeipa-devel] [PATCH] 1 Convert boolean to TRUE/FALSE when writing to LDAP
On Mon, 2011-06-27 at 15:50 +0300, Alexander Bokovoy wrote: Hi, my first patch :) -- attempts to fix https://fedorahosted.org/freeipa/ticket/1259 Minor difference for IPA is that IPA command line tools are now reporting nsAccountLock in upper case (TRUE/FALSE instead of True/False previously). This does not affect functionality as far as I can see, and Web UI works fine. Ack. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 0002 Minor typos in examples
Hi, while reading through the code and examples, few typos were identified and fixed. Really minor patch. -- / Alexander Bokovoy From 178f2da439d1cc1299bb79bf563019ce4877804f Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Mon, 27 Jun 2011 14:58:52 +0300 Subject: [PATCH] Minor typos in the examples --- doc/examples/examples.py |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/examples/examples.py b/doc/examples/examples.py index 6711492c75fb34f23ce5688ed51e4d96851305e6..a969c898bcf8a6829b83898bd2d68400ae939ff3 100644 --- a/doc/examples/examples.py +++ b/doc/examples/examples.py @@ -152,7 +152,7 @@ class exshowuser(Command): # the 'no_display' flag is supported by the Command.output_for_cli # method, but you can always use your own if you plan # to override it - I'll show you how later. -output.Output('result', dict, 'user entry whithout DN'), +output.Output('result', dict, 'user entry without DN'), output.Output('dn', unicode, 'DN of the user entry', ['no_display']), ) @@ -322,7 +322,7 @@ class exuser(Object): # we don't want to damage your user entries - adding, deleting, modifying is a # bit more complicated and will be covered later in this file. -# Methods are automatically associtad with a parent Object based on class +# Methods are automatically associated with a parent Object based on class # names. They can then access their parent Object using self.obj. # Simply said, Methods are just Commands associated with an Object. -- 1.7.5.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] winsync enables disabled users in AD
From ad129b4b2e3fac09b997b52178ceee400c8894ac Mon Sep 17 00:00:00 2001 From: Rich Megginson rmegg...@redhat.com Date: Fri, 24 Jun 2011 19:38:13 -0600 Subject: [PATCH 1/3] winsync enables disabled users in AD https://fedorahosted.org/freeipa/ticket/1379 winsync enables disabled users in AD when the AD entry changes This was likely broken when ipa switched from using CoS/groups for account inactivation to using nsAccountLock directly. The code that handled the account sync in the from AD direction was broken, but was never found before now because it had not been used. The fix is to correctly set or remove nsAccountLock. --- .../ipa-slapi-plugins/ipa-winsync/ipa-winsync.c|8 +--- 1 files changed, 5 insertions(+), 3 deletions(-) diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c index 2644a01..5a27321 100644 --- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c +++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c @@ -890,11 +890,13 @@ sync_acct_disable( (!ad_is_enabled (ipaconfig-inactivated_group_dn == NULL))) { char *attrtype = NULL; char *attrval = NULL; +size_t attrvallen = 0; attrtype = nsAccountLock; if (ad_is_enabled) { attrval = NULL; /* will delete the value */ } else { -attrval = true; +attrval = TRUE; +attrvallen = 4; } if (update_entry) { @@ -903,7 +905,7 @@ sync_acct_disable( (ad_is_enabled) ? enabled : disabled, slapi_entry_get_dn_const(ds_entry)); } else { /* do mod */ -struct berval tmpbval = {0, NULL}; +struct berval tmpbval = {attrvallen, attrval}; Slapi_Mod *smod = slapi_mod_new(); slapi_mod_init(smod, 1); /* one element */ slapi_mod_set_type(smod, attrtype); @@ -911,8 +913,8 @@ sync_acct_disable( slapi_mod_set_operation(smod, LDAP_MOD_DELETE|LDAP_MOD_BVALUES); } else { slapi_mod_set_operation(smod, LDAP_MOD_REPLACE|LDAP_MOD_BVALUES); +slapi_mod_add_value(smod, tmpbval); } -slapi_mod_add_value(smod, tmpbval); slapi_mods_add_ldapmod(smods, slapi_mod_get_ldapmod_passout(smod)); slapi_mod_free(smod); -- 1.7.1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] modify user deleted in AD crashes winsync
From 258323b6f0eb8342aba1cd08d5abadfcb8547aa2 Mon Sep 17 00:00:00 2001 From: Rich Megginson rmegg...@redhat.com Date: Fri, 24 Jun 2011 19:42:47 -0600 Subject: [PATCH 2/3] modify user deleted in AD crashes winsync https://fedorahosted.org/freeipa/ticket/1382 crash in winsync if replaying a MOD and user does not exist in AD If the AD entry is deleted before the deletion can be synced back to IPA, and in the meantime an operation is performed on the corresponding entry in IPA that should be synced to AD, winsync attempts to get the AD entry and it is empty. This just means the operation will not go through, and the entry will be deleted when the sync from AD happens. The IPA winsync plugin needs to handle the case when the ad_entry is NULL. --- .../ipa-slapi-plugins/ipa-winsync/ipa-winsync.c|9 - 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c index 5a27321..4b81a2e 100644 --- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c +++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c @@ -787,6 +787,13 @@ sync_acct_disable( return; /* not supported */ } +if (!ad_entry) { +LOG(-- sync_acct_disable - the AD entry corresponding to [%s] +is NULL - skipping\n, +slapi_entry_get_dn_const(ds_entry)); +return; +} + /* get the account lock state of the ds entry */ if (0 == ipa_check_account_lock(ds_entry, isvirt)) { ds_is_enabled = 0; @@ -1113,7 +1120,7 @@ do_force_sync( LOG(do_force_sync - forcing sync of AD entry [%s] with DS entry [%s]\n, -slapi_entry_get_dn_const(ad_entry), +ad_entry ? slapi_entry_get_dn_const(ad_entry) : (none), slapi_entry_get_dn_const(ds_entry)); find_and_add_mod(ds_entry, smods, objectClass, ntUser, (size_t)6, do_modify); -- 1.7.1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] memory leak in ipa_winsync_get_new_ds_user_dn_cb
From a8e83da54c5db48af93c369597c31673578f294a Mon Sep 17 00:00:00 2001 From: Rich Megginson rmegg...@redhat.com Date: Fri, 24 Jun 2011 19:44:05 -0600 Subject: [PATCH 3/3] memory leak in ipa_winsync_get_new_ds_user_dn_cb The new_dn_string passed into this function is malloc'd. It must be freed before we reassign the value. --- .../ipa-slapi-plugins/ipa-winsync/ipa-winsync.c|1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c index 4b81a2e..48c45c1 100644 --- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c +++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c @@ -404,6 +404,7 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry, } ldap_rdn2str(ldn[0], rdn, LDAP_DN_FORMAT_LDAPV3); +slapi_ch_free_string(new_dn_string); *new_dn_string = slapi_ch_smprintf(%s,%s, rdn, slapi_sdn_get_dn(ds_suffix)); ldap_dnfree(ldn); ldap_memfree(rdn); -- 1.7.1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 33 oneliner correct typo in ipasudorunas_group
Adam Young wrote: On 06/24/2011 05:27 PM, JR Aquino wrote: https://fedorahosted.org/freeipa/ticket/1326 In case I haven't sent this out before. ~ Jr Aquino, GCIH | Information Security Specialist Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117 T: +1 805.690.3478 jr.aqu...@citrixonline.com http://www.citrixonline.com ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK pushed to master and ipa-2-0 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] One liner to fix permissions-add page
1. diff --git a/install/ui/aci.js b/install/ui/aci.js 2. index 077cbeb..1a95af0 100644 3. --- a/install/ui/aci.js 4. +++ b/install/ui/aci.js 5. @@ -393,6 +393,7 @@ IPA.target_section = function(spec) { 6. spec = spec || {}; 7. 8. var that = IPA.details_section(spec); 9. + that.section = true; 10. that.undo = typeof spec.undo == 'undefined' ? true : spec.undo; 11. 12. that.filter_text = IPA.text_widget({name: 'filter', undo: that.undo}); Pushed to master under the one line rule. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 809 entitle_register using uuid unsupported
Document registering to an entitlement server with a UUID as not implemented. It was my understanding that we would be able to pass in an existing UUID when registering to connect to an existing registration (for the case where IPA is re-installed). This is supported in the REST API but not python-rhsm. I've filed an RFE to get this added but for now this is a way to not do major surgery to the API and still be at least somewhat user-friendly. https://fedorahosted.org/freeipa/ticket/1216 rob From 088f447912f97601718711210651b9f694e314ff Mon Sep 17 00:00:00 2001 From: Rob Crittenden rcrit...@redhat.com Date: Mon, 27 Jun 2011 14:38:42 -0400 Subject: [PATCH] Document registering to an entitlement server with a UUID as not implemented. It was my understanding that we would be able to pass in an existing UUID when registering to connect to an existing registration (for the case where IPA is re-installed). This is supported in the REST API but not python-rhsm. https://fedorahosted.org/freeipa/ticket/1216 --- ipalib/plugins/entitle.py |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/ipalib/plugins/entitle.py b/ipalib/plugins/entitle.py index ab7dd456ff76b677561bbcb45ab3769d82150505..952365a8350d8ab69df49fa6cd42b3f19dba1c8c 100644 --- a/ipalib/plugins/entitle.py +++ b/ipalib/plugins/entitle.py @@ -487,7 +487,7 @@ class entitle_register(LDAPCreate): takes_options = LDAPCreate.takes_options + ( Str('ipaentitlementid?', label='UUID', -doc=_('Enrollment UUID'), +doc=_('Enrollment UUID (not implemented)'), flags=['no_create', 'no_update'], ), Password('password', @@ -515,6 +515,9 @@ class entitle_register(LDAPCreate): os.environ['LANG'] = 'en_US' locale.setlocale(locale.LC_ALL, '') +if 'ipaentitlementid' in options: +raise errors.ValidationError(name='ipaentitlementid', error='Registering to specific UUID is not supported yet.') + try: registrations = api.Command['entitle_find']() raise errors.AlreadyRegisteredError() -- 1.7.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0249-optional-uid.
On 06/24/2011 03:09 PM, Endi Sukma Dewata wrote: On 6/24/2011 1:26 PM, Adam Young wrote: The old code on dialog.js:325-331 can be removed. It would be nice to set the focus to the input field automatically once you 'click to show'. But this might require adding focus() to all widgets. This can be done later. Other than that it's ACKed. removed commented out code and Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 0253-validate-required-fields
From e4d2a842be230516aaebff0ec34ee1707b3fcd03 Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Mon, 27 Jun 2011 15:57:40 -0400 Subject: [PATCH] validate required fields https://fedorahosted.org/freeipa/ticket/1329 overides required with optional. --- install/ui/add.js|4 install/ui/widget.js |8 2 files changed, 12 insertions(+), 0 deletions(-) diff --git a/install/ui/add.js b/install/ui/add.js index eb4484346ae1f8c7743431b822cb20910ac9c60f..50b6124c094c60f18c32897da603331db8c6a161 100644 --- a/install/ui/add.js +++ b/install/ui/add.js @@ -116,6 +116,10 @@ IPA.add_dialog = function (spec) { var fields = that.fields.values; for (var i=0; ifields.length; i++) { +fields[i].validate(); +} + +for (i=0; ifields.length; i++) { field = fields[i]; if (!field.valid) return; diff --git a/install/ui/widget.js b/install/ui/widget.js index 38826ee9d64515a8fd88604e2fcf2812ca314f91..344d701c2a72bb11307d0bd4b3f2cb7f3ca268bd 100644 --- a/install/ui/widget.js +++ b/install/ui/widget.js @@ -39,6 +39,8 @@ IPA.widget = function(spec) { that.disabled = spec.disabled; that.hidden = spec.hidden; that.conditional = spec.conditional; +that.optional = spec.optional || false; + // read_only is set during initialization that.read_only = spec.read_only; @@ -79,6 +81,12 @@ IPA.widget = function(spec) { var values = that.save(); if (!values || !values.length) { +if (that.param_info +that.param_info.required +!that.optional) { +that.valid = false; +that.show_error('required field'); +} return; } -- 1.7.5.2 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0244-service-host-entity-select
On 06/18/2011 09:26 PM, Adam Young wrote: ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK and pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0253-validate-required-fields
On 6/27/2011 3:58 PM, Adam Young wrote: Since the optional attribute is now added into IPA.widget, the following line on dialog.js:347 is no longer needed: field.optional = field_spec.optional || false; Other than that it's ACKed. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 192 Fixed undo all problem.
The IPA.multivalued_text_widget has been modified such that the 'undo all' will appear only if at least one of the values is dirty. Ticket #1109 -- Endi S. Dewata From 4b53e340d94465a87077c93852731e2f72d6ad95 Mon Sep 17 00:00:00 2001 From: Endi S. Dewata edew...@redhat.com Date: Mon, 27 Jun 2011 17:31:55 -0500 Subject: [PATCH] Fixed undo all problem. The IPA.multivalued_text_widget has been modified such that the 'undo all' will appear only if at least one of the values is dirty. Ticket #1109 --- install/ui/widget.js | 59 ++--- 1 files changed, 36 insertions(+), 23 deletions(-) diff --git a/install/ui/widget.js b/install/ui/widget.js index 38826ee9d64515a8fd88604e2fcf2812ca314f91..96265d984190d3e4341b80970b87ba78ac8f02de 100644 --- a/install/ui/widget.js +++ b/install/ui/widget.js @@ -141,12 +141,13 @@ IPA.widget = function(spec) { } } }; + /** * This function compares the original values and the * values entered in the UI. If the values have changed * it will return true. */ -that.test_dirty = function(){ +that.test_dirty = function() { if (that.read_only) { return false; @@ -233,8 +234,8 @@ IPA.widget = function(spec) { }; that.reset = function() { -that.set_dirty(false); that.update(); +that.set_dirty(false); }; that.update = function() { @@ -320,6 +321,7 @@ IPA.widget = function(spec) { that.widget_reset = that.reset; that.widget_save = that.save; that.widget_set_dirty = that.set_dirty; +that.widget_test_dirty = that.test_dirty; return that; }; @@ -452,35 +454,40 @@ IPA.multivalued_text_widget = function(spec) { } }; -that.super_test_dirty = that.test_dirty; - -that.test_dirty = function(index){ +that.test_dirty = function(index) { if (index === undefined) { -return that.super_test_dirty(); +return that.widget_test_dirty(); } + var row = that.get_row(index); -var return_value = false; +var input = $('input[name='+that.name+']', row); -$('input[name='+that.name+']', row).each(function() { -var input = $(this); -if (input.is('.strikethrough')) return_value = true; -var value = input.val(); +if (input.is('.strikethrough')) { +return true; +} -if (value !== that.values[index]){ -return_value = true; -} -}); -return return_value; +var value = input.val(); +if (value !== that.values[index]) { +return true; +} + +return false; }; that.set_dirty = function(dirty, index) { -that.widget_set_dirty(dirty); +that.dirty = dirty; + if (that.undo) { if (dirty) { that.show_undo(index); } else { that.hide_undo(index); } + +if (index !== undefined) { +// update undo all +that.set_dirty(that.test_dirty()); +} } }; @@ -628,7 +635,7 @@ IPA.multivalued_text_widget = function(spec) { var index = that.row_index(row); // uncross removed value input.removeClass('strikethrough'); -that.set_dirty( that.test_dirty(index), index); +that.set_dirty(that.test_dirty(index), index); if (that.undo) { if (index that.values.length) { remove_link.css('display', 'inline'); @@ -647,7 +654,8 @@ IPA.multivalued_text_widget = function(spec) { remove_link.css('display', 'none'); } else { // remove new value -row.remove(); +that.remove_row(index); +that.set_dirty(that.test_dirty()); } return false; }); @@ -656,12 +664,13 @@ IPA.multivalued_text_widget = function(spec) { var index = that.row_index(row); if (index that.values.length) { // restore old value -that.reset(index); input.removeClass('strikethrough'); remove_link.css('display', 'inline'); +that.reset(index); } else { // remove new value -row.remove(); +that.remove_row(index); +that.set_dirty(that.test_dirty()); } }); } @@ -671,6 +680,10 @@ IPA.multivalued_text_widget = function(spec) { that.get_row(index).remove(); }; +that.remove_rows = function() { +that.get_rows().remove(); +}; + that.get_row = function(index) {
Re: [Freeipa-devel] 0245-entity-select-undo
On 06/20/2011 01:34 PM, Endi Sukma Dewata wrote: On 6/18/2011 8:46 PM, Adam Young wrote: ACK and pushed to master. The set_dirty() invocation in reset() is no longer needed. This can be fixed later. Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] 0241-enforce-proper-capitalization-with-stylesheet.
Have not pushed this yet. SHould I considere it ACKed and push it, or should we re-think it? On 06/17/2011 07:48 PM, Adam Young wrote: THis is how hyphenation is supposed to work. We should remove the hyphenation in the cases that you have enumerated below. The capitailzationg of Days and Hours units is fine. Agreed on the field label class. On 06/17/2011 06:03 PM, Endi Sukma Dewata wrote: On 6/17/2011 4:00 PM, Adam Young wrote: Please take a look at the following capitalization. If these are considered OK feel free to push. Host-group = Host-group (the g is not capitalized) Max lifetime (days) = Max Lifetime (Days) (unit is capitalized) Min lifetime (hours) = Min Lifetime (Hours) (unit is capitalized) Usually the term time to live is hyphenated. Currently in our code it's not, so the capitalization will look like this: SOA time to live = SOA Time To Live But suppose it's changed later, it will look like this: SOA time-to-live = SOA Time-to-live (to-live is not capitalized) The fields in HBAC Rule and SUDO Rule details page are not capitalized because it's using a table instead of dl/dt/dd. This can be addressed in a separate patch. We might want to define a 'field-label' CSS class. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0220-update-ipa-init
On 04/01/2011 11:58 AM, Adam Young wrote: ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACKed by edewata and Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0253-validate-required-fields
On 06/27/2011 07:40 PM, Endi Sukma Dewata wrote: On 6/27/2011 3:58 PM, Adam Young wrote: Since the optional attribute is now added into IPA.widget, the following line on dialog.js:347 is no longer needed: field.optional = field_spec.optional || false; Other than that it's ACKed. Line removed and Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 192 Fixed undo all problem.
On 06/27/2011 07:42 PM, Endi Sukma Dewata wrote: The IPA.multivalued_text_widget has been modified such that the 'undo all' will appear only if at least one of the values is dirty. Ticket #1109 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK . Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0244-service-host-entity-select
On Mon, 2011-06-27 at 17:43 -0400, Adam Young wrote: On 06/18/2011 09:26 PM, Adam Young wrote: ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK and pushed to master Usually the ack should come for another developer, or am I missing something ? -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel