[Freeipa-devel] [PATCHES] 170-171 Allow PKCS#12 files with empty password in install tools
Hi, the attached patches fix https://fedorahosted.org/freeipa/ticket/3897. Honza -- Jan Cholasta From 494773e32198ab3416a96a70afdc8c0477409d6b Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Wed, 25 Sep 2013 08:33:35 + Subject: [PATCH 1/2] Read passwords from stdin when importing PKCS#12 files with pk12util. This works around pk12util refusing to use empty password files, which prevents the use of PKCS#12 files with empty password. https://fedorahosted.org/freeipa/ticket/3897 --- install/tools/ipa-server-install| 9 +++-- ipaserver/install/certs.py | 22 -- ipaserver/install/installutils.py | 4 ++-- ipaserver/install/ipa_replica_prepare.py| 3 +-- ipaserver/install/ipa_server_certinstall.py | 5 ++--- 5 files changed, 20 insertions(+), 23 deletions(-) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 028cca0..18f3a0f 100644 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -882,8 +882,7 @@ def main(): confirm=False, validate=False) if options.http_pin is None: sys.exit(%s unlock password required % options.http_pkcs12) -http_pin_file = ipautil.write_tmp_file(options.http_pin) -http_pkcs12_info = (options.http_pkcs12, http_pin_file.name) +http_pkcs12_info = (options.http_pkcs12, options.http_pin) http_cert_name = installutils.check_pkcs12( http_pkcs12_info, ca_file, host_name) @@ -894,8 +893,7 @@ def main(): confirm=False, validate=False) if options.dirsrv_pin is None: sys.exit(%s unlock password required % options.dirsrv_pkcs12) -dirsrv_pin_file = ipautil.write_tmp_file(options.dirsrv_pin) -dirsrv_pkcs12_info = (options.dirsrv_pkcs12, dirsrv_pin_file.name) +dirsrv_pkcs12_info = (options.dirsrv_pkcs12, options.dirsrv_pin) dirsrv_cert_name = installutils.check_pkcs12( dirsrv_pkcs12_info, ca_file, host_name) @@ -906,8 +904,7 @@ def main(): confirm=False, validate=False) if options.pkinit_pin is None: sys.exit(%s unlock password required % options.pkinit_pkcs12) -pkinit_pin_file = ipautil.write_tmp_file(options.pkinit_pin) -pkinit_pkcs12_info = (options.pkinit_pkcs12, pkinit_pin_file.name) +pkinit_pkcs12_info = (options.pkinit_pkcs12, options.pkinit_pin) if not options.dm_password: dm_password = read_dm_password() diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index f1b92fd..9ee854e 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -176,14 +176,15 @@ class NSSDatabase(object): return root_nicknames def import_pkcs12(self, pkcs12_filename, db_password_filename, - pkcs_password_filename=None): + pkcs12_passwd=None): args = [/usr/bin/pk12util, -d, self.secdir, -i, pkcs12_filename, -k, db_password_filename, '-v'] -if pkcs_password_filename: -args = args + [-w, pkcs_password_filename] +if pkcs12_passwd is not None: +pkcs12_passwd = pkcs12_passwd + '\n' +args = args + [-w, /dev/stdin] try: -ipautil.run(args) +ipautil.run(args, stdin=pkcs12_passwd) except ipautil.CalledProcessError, e: if e.returncode == 17: raise RuntimeError(incorrect password for pkcs#12 file %s % @@ -770,9 +771,9 @@ class CertDB(object): def find_server_certs(self): return self.nssdb.find_server_certs() -def import_pkcs12(self, pkcs12_fname, passwd_fname=None): +def import_pkcs12(self, pkcs12_fname, pkcs12_passwd=None): return self.nssdb.import_pkcs12(pkcs12_fname, self.passwd_fname, -pkcs_password_filename=passwd_fname) +pkcs12_passwd=pkcs12_passwd) def export_pkcs12(self, pkcs12_fname, pkcs12_pwd_fname, nickname=None): if nickname is None: @@ -814,7 +815,7 @@ class CertDB(object): self.create_certdbs() self.load_cacert(cacert_fname) -def create_from_pkcs12(self, pkcs12_fname, pkcs12_pwd_fname, passwd=None, +def create_from_pkcs12(self, pkcs12_fname, pkcs12_passwd, passwd=None, ca_file=None): Create a new NSS database using the certificates in a PKCS#12 file. @@ -831,7 +832,7 @@ class CertDB(object): self.create_noise_file() self.create_passwd_file(passwd) self.create_certdbs() -self.import_pkcs12(pkcs12_fname, pkcs12_pwd_fname) +self.import_pkcs12(pkcs12_fname, pkcs12_passwd) server_certs = self.find_server_certs() if len(server_certs) == 0: raise RuntimeError(Could
[Freeipa-devel] [PATCHES] 0072-0074 Add automember rebuild membership to the web UI
Hello,
This patch set addresses ticket https://fedorahosted.org/freeipa/ticket/3928.
Patch 0072 hooks the new automember-rebuild command to the web UI (user and host
pages).
Patch 0073 adds some fixes to the web UI test driver, which are necessary for
patch 0074.
Patch 0074 adds web UI integration tests for the new feature.
The patch set applies on top of my patches 0068-0071
--
Regards,
Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.
From 917c0bbd3ac45ff307f899dd50d5d44fac68c6e9 Mon Sep 17 00:00:00 2001
From: Ana Krivokapic akriv...@redhat.com
Date: Wed, 25 Sep 2013 11:38:07 +0200
Subject: [PATCH] Add web UI integration tests for automember rebuild
Design: http://www.freeipa.org/page/V3/Automember_rebuild_membership
https://fedorahosted.org/freeipa/ticket/3928
---
ipatests/test_webui/test_automember.py | 213 +
1 file changed, 213 insertions(+)
diff --git a/ipatests/test_webui/test_automember.py b/ipatests/test_webui/test_automember.py
index f51e5d9b1fed593e1522307ab538020121fd95fa..dc664e49e25b4854cd182581e42a3250f32bdf1d 100644
--- a/ipatests/test_webui/test_automember.py
+++ b/ipatests/test_webui/test_automember.py
@@ -81,3 +81,216 @@ def test_crud(self):
# cleanup
self.delete(hostgroup.ENTITY, [hostgroup.DATA])
+
+def test_rebuild_membership_hosts(self):
+
+Test automember rebuild membership feature for hosts
+
+self.init_app()
+
+domain = self.config.get('ipa_domain')
+host1 = 'web1.%s' % domain
+host2 = 'web2.%s' % domain
+
+# Add a hostgroup
+self.add_record('hostgroup', {
+'pkey': 'webservers',
+'add': [
+('textbox', 'cn', 'webservers'),
+('textarea', 'description', 'webservers'),
+]
+})
+
+# Add a host
+self.add_record('host', {
+'pkey': host1,
+'add': [
+('textbox', 'hostname', 'web1'),
+('combobox', 'dnszone', domain),
+('checkbox', 'force', 'checked'),
+]
+})
+
+# Add another host
+self.add_record('host', {
+'pkey': host2,
+'add': [
+('textbox', 'hostname', 'web2'),
+('combobox', 'dnszone', domain),
+('checkbox', 'force', 'checked'),
+]
+})
+
+# Add an automember rule
+self.add_record(
+'automember',
+{'pkey': 'webservers', 'add': [('combobox', 'cn', 'webservers')]},
+facet='searchhostgroup'
+)
+
+# Add a condition for automember rule
+self.navigate_to_record('webservers')
+self.add_record(
+'automember',
+{'pkey': 'webservers', 'add': [
+('selectbox', 'key', 'fqdn'),
+('textbox', 'automemberinclusiveregex', '^web[1-9]+')
+]},
+facet='hostgrouprule',
+facet_btn_css_class='widget',
+navigate=False
+)
+
+# Assert that hosts are not members of hostgroup
+self.navigate_to_record('webservers', entity='hostgroup')
+self.click_on_link('Refresh')
+self.wait(1)
+self.assert_record(host1, negative=True)
+self.assert_record(host2, negative=True)
+
+# Rebuild membership for first host, using action on host details facet
+self.navigate_to_record(host1, entity='host')
+self.click_on_link('Rebuild auto membership')
+self.dialog_button_click('ok')
+
+# Assert that host is now a member of hostgroup
+self.navigate_to_record('webservers', entity='hostgroup')
+self.click_on_link('Refresh')
+self.wait(1)
+self.assert_record(host1)
+self.assert_record(host2, negative=True)
+
+# Remove host from hostgroup
+self.delete_record(host1)
+
+# Assert that host is not a member of hostgroup
+self.click_on_link('Refresh')
+self.wait(1)
+self.assert_record(host1, negative=True)
+self.assert_record(host2, negative=True)
+
+# Rebuild membership for all hosts, using action on hosts search facet
+self.navigate_by_menu('identity/host')
+self.navigate_by_breadcrumb('Hosts')
+self.check_option('fqdn')
+self.click_on_link('Rebuild auto membership')
+self.dialog_button_click('ok')
+
+# Assert that hosts are now members of hostgroup
+self.navigate_to_record('webservers', entity='hostgroup')
+self.click_on_link('Refresh')
+self.wait(1)
+self.assert_record(host1)
+self.assert_record(host2)
+
+# Delete hostgroup, hosts and automember rule
+self.delete('hostgroup', [{'pkey': 'webservers'}])
+self.navigate_by_menu('identity/host')
+self.delete('host', [{'pkey': host1}])
+self.delete('host',
Re: [Freeipa-devel] [DOC] Chapter 4 text
On 09/18/2013 05:10 PM, Martin Basti wrote:
Patch fix examples in chapter 4, adds new examples, fix out of date
information.
NOTE: Patch doesn't cover part 4.3 Logging with web UI
1. Table 4.1. Configuration Areas Per Tab is missing Trusts in IPA tab.
This menu item is visible only if ipa-adtrust-install was run.
2. 4.3.1. Supported Web Browsers doesn't match 2.1.3. Supported Web
Browsers. IMO 4.3.1 is correct. Can be fixed in your patch 0001.
3. trailing white space errors
I've noticed that some command examples starts with '$' or '#', others
with '[user@ipaserver ~]$' or '[root@ipaserver ~]#'. IMO we should pick
one sign ('$' or '#') and be consistent. Mixing short and long version
in the same kind of examples should be also avoided (see 4.1.1.1.1. and
4.1.1.1.2.).
--
Petr Vobornik
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [DOC] Chapter 4 screenshots
On 09/18/2013 05:07 PM, Martin Basti wrote: Patch adds new screen-shots for chapter 4 Basic Usage NOTE: Patch doesn't cover part 4.3 Logging with web UI ACK, but I would wait for mbasti 0004 and 0005. -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 459 Allow edit of ipakrbokasdelegate in Web UI when attrlevelrights are unknown
On 09/25/2013 02:17 PM, Ana Krivokapic wrote:
On 09/24/2013 04:31 PM, Petr Vobornik wrote:
Old host entries are missing object class with krbticketflags attribute.
Therefore UI does not receive attrlevelrights for it. This OC is added when
ipakrbokasdelegate(krbticketflags) is set.
This patch adds the usual hack for such cases.
https://fedorahosted.org/freeipa/ticket/3940
The patch works well. Could you please also add a regression test?
Test modified. Sadly, the test doesn't cover old entries after server
upgrade, which are the reason for the UI hack.
--
Petr Vobornik
From 5bc052344862ab089a1dbac062fb479a693d3aa9 Mon Sep 17 00:00:00 2001
From: Petr Vobornik pvobo...@redhat.com
Date: Tue, 24 Sep 2013 16:20:38 +0200
Subject: [PATCH] Allow edit of ipakrbokasdelegate in Web UI when
attrlevelrights are unknown
Old host entries are missing object class with krbticketflags attribute. Therefore UI does not receive attrlevelrights for it. This OC is added when ipakrbokasdelegate is set.
This patch adds the usual hack for such cases.
https://fedorahosted.org/freeipa/ticket/3940
---
install/ui/src/freeipa/host.js | 3 ++-
ipatests/test_webui/test_host.py | 4 +++-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/install/ui/src/freeipa/host.js b/install/ui/src/freeipa/host.js
index f4b1e249700cf352406519c25444c7c557242ad7..f5007538e8ad1ea2e372c194b129f6c668d31b3e 100644
--- a/install/ui/src/freeipa/host.js
+++ b/install/ui/src/freeipa/host.js
@@ -99,7 +99,8 @@ return {
{
name: 'ipakrbokasdelegate',
$type: 'checkbox',
-acl_param: 'krbticketflags'
+acl_param: 'krbticketflags',
+flags: ['w_if_no_aci']
}
]
},
diff --git a/ipatests/test_webui/test_host.py b/ipatests/test_webui/test_host.py
index cb697c5e032cf4cf0759419a625bde39234d749c..1d80c66f473199d21e9dd7d0fc9f8d2eb45bcbff 100644
--- a/ipatests/test_webui/test_host.py
+++ b/ipatests/test_webui/test_host.py
@@ -209,7 +209,8 @@ class test_host(host_tasks):
checked = ['checked']
self.init_app()
-self.navigate_to_record(pkey, entity=ENTITY)
+self.add_record(ENTITY, self.data)
+self.navigate_to_record(self.pkey)
if self.get_field_checked(name) == checked:
self.mod_record(ENTITY, mod) # uncheck
@@ -218,6 +219,7 @@ class test_host(host_tasks):
self.validate_fields([('checkbox', name, checked)])
self.mod_record(ENTITY, mod)
self.validate_fields([('checkbox', name, [])])
+self.delete_record(self.pkey, self.data.get('del'))
def test_associations(self):
--
1.8.3.1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 459 Allow edit of ipakrbokasdelegate in Web UI when attrlevelrights are unknown
On 09/25/2013 05:44 PM, Petr Vobornik wrote: On 09/25/2013 02:17 PM, Ana Krivokapic wrote: On 09/24/2013 04:31 PM, Petr Vobornik wrote: Old host entries are missing object class with krbticketflags attribute. Therefore UI does not receive attrlevelrights for it. This OC is added when ipakrbokasdelegate(krbticketflags) is set. This patch adds the usual hack for such cases. https://fedorahosted.org/freeipa/ticket/3940 The patch works well. Could you please also add a regression test? Test modified. Sadly, the test doesn't cover old entries after server upgrade, which are the reason for the UI hack. ACK! (There's an unused variable (pkey) at the start of the test_kerberos_flags() method - you may just remove it before pushing.) -- Regards, Ana Krivokapic Associate Software Engineer FreeIPA team Red Hat Inc. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0015] Add support for managing user auth types
On Mon, 2013-09-23 at 15:19 +0200, Petr Viktorin wrote:
Great, we're getting close!
Please send patches in `git format-patch` style (they include commit info).
I usually do, I don't know what happened this last time. Sorry! :)
Also, please bump the API revision in VERSION since API.txt was changed.
Fixed.
When adding the objectclass in user, it is possible that the user
doesn't exist. You should call handle_not_found in this case so the
appropriate error message is generated.
I ended up doing this for testing, squash in the patch if you want.
Fixed.
There's another test failure when trying to rename a manager user. I
didn't investigate in detail why that happens.
Does the failure happen without the patch? Is this just a standard make
check?
I'm attaching the tests I used, do they look OK?
Looks great!
Nathaniel
From 07a451da939e5c95f26347f62eaa406d08cc77e6 Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum npmccal...@redhat.com
Date: Wed, 18 Sep 2013 15:48:23 -0400
Subject: [PATCH] Add support for managing user auth types
https://fedorahosted.org/freeipa/ticket/3368
---
API.txt | 12
VERSION | 2 +-
install/updates/50-ipaconfig.update | 1 +
ipalib/plugins/config.py| 8
ipalib/plugins/user.py | 35 +--
5 files changed, 43 insertions(+), 15 deletions(-)
diff --git a/API.txt b/API.txt
index 761d1d175b5ce48bb6e27ce60e404f89790bfe6b..b49493f33af0f7d0192df8318bda12df94c9567b 100644
--- a/API.txt
+++ b/API.txt
@@ -495,7 +495,7 @@ args: 0,1,1
option: Str('version?', exclude='webui')
output: Output('result', None, None)
command: config_mod
-args: 0,24,3
+args: 0,25,3
option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('delattr*', cli_name='delattr', exclude='webui')
@@ -514,6 +514,7 @@ option: Int('ipasearchrecordslimit', attribute=True, autofill=False, cli_name='s
option: Int('ipasearchtimelimit', attribute=True, autofill=False, cli_name='searchtimelimit', minvalue=-1, multivalue=False, required=False)
option: Str('ipaselinuxusermapdefault', attribute=True, autofill=False, cli_name='ipaselinuxusermapdefault', multivalue=False, required=False)
option: Str('ipaselinuxusermaporder', attribute=True, autofill=False, cli_name='ipaselinuxusermaporder', multivalue=False, required=False)
+option: StrEnum('ipauserauthtype', attribute=True, autofill=False, cli_name='user_auth_type', csv=True, multivalue=True, required=False, values=(u'password',))
option: Str('ipauserobjectclasses', attribute=True, autofill=False, cli_name='userobjectclasses', csv=True, multivalue=True, required=False)
option: IA5Str('ipausersearchfields', attribute=True, autofill=False, cli_name='usersearch', multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
@@ -3498,7 +3499,7 @@ output: Entry('result', type 'dict', Gettext('A dictionary representing an LDA
output: Output('summary', (type 'unicode', type 'NoneType'), None)
output: Output('value', type 'unicode', None)
command: user_add
-args: 1,35,3
+args: 1,36,3
arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, required=True)
option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
@@ -3512,6 +3513,7 @@ option: Str('givenname', attribute=True, cli_name='first', multivalue=False, req
option: Str('homedirectory', attribute=True, cli_name='homedir', multivalue=False, required=False)
option: Str('initials', attribute=True, autofill=True, cli_name='initials', multivalue=False, required=False)
option: Str('ipasshpubkey', attribute=True, cli_name='sshpubkey', csv=True, multivalue=True, required=False)
+option: StrEnum('ipauserauthtype', attribute=True, cli_name='user_auth_type', csv=True, multivalue=True, required=False, values=(u'password',))
option: Str('krbprincipalname', attribute=True, autofill=True, cli_name='principal', multivalue=False, required=False)
option: Str('l', attribute=True, cli_name='city', multivalue=False, required=False)
option: Str('loginshell', attribute=True, cli_name='shell', multivalue=False, required=False)
@@ -3561,7 +3563,7 @@ output: Output('result', type 'bool', None)
output: Output('summary', (type 'unicode', type 'NoneType'), None)
output: Output('value', type 'unicode', None)
command: user_find
-args: 1,45,4
+args: 1,46,4
arg: Str('criteria?', noextrawhitespace=False)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('carlicense', attribute=True, autofill=False, cli_name='carlicense', multivalue=False, query=True, required=False)
@@ -3578,6 +3580,7 @@ option:
Re: [Freeipa-devel] [PATCH 0016] Add RADIUS proxy support to ipalib CLI
On Fri, 2013-09-20 at 12:38 -0400, Nathaniel McCallum wrote:
On Thu, 2013-09-12 at 16:48 -0400, Nathaniel McCallum wrote:
On Thu, 2013-09-05 at 00:06 -0400, Nathaniel McCallum wrote:
patch attached
Update for ./makeapi attached.
Version 3. This should fix all the current review issues, including the
use of the referential integrity plugin. I had to make one schema change
in order to make the referential integrity modification work. Note also
that the command name prefix is changed from radius to radiusproxy.
Version 4. This patch fixes my failure to increment the minor version
number in the VERSION file.
Nathaniel
From 58d6c5672fa3b8de1e71a3c5cbec7dc90434cbac Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum npmccal...@redhat.com
Date: Wed, 4 Sep 2013 23:45:00 -0400
Subject: [PATCH] Add RADIUS proxy support to ipalib CLI
https://fedorahosted.org/freeipa/ticket/3368
---
API.txt| 95 +++--
VERSION| 2 +-
install/share/70ipaotp.ldif| 2 +-
install/share/indices.ldif | 10 +++
install/share/referint-conf.ldif | 3 +
install/updates/10-70ipaotp.update | 2 +-
install/updates/20-indices.update | 7 ++
install/updates/25-referint.update | 1 +
install/updates/40-otp.update | 5 ++
ipalib/constants.py| 1 +
ipalib/plugins/config.py | 2 +-
ipalib/plugins/radiusproxy.py | 138 +
ipalib/plugins/user.py | 44 +++-
13 files changed, 298 insertions(+), 14 deletions(-)
create mode 100644 ipalib/plugins/radiusproxy.py
diff --git a/API.txt b/API.txt
index b49493f33af0f7d0192df8318bda12df94c9567b..e662cc53e84cc3cb66e78c444e12e615bf7e3a7f 100644
--- a/API.txt
+++ b/API.txt
@@ -514,7 +514,7 @@ option: Int('ipasearchrecordslimit', attribute=True, autofill=False, cli_name='s
option: Int('ipasearchtimelimit', attribute=True, autofill=False, cli_name='searchtimelimit', minvalue=-1, multivalue=False, required=False)
option: Str('ipaselinuxusermapdefault', attribute=True, autofill=False, cli_name='ipaselinuxusermapdefault', multivalue=False, required=False)
option: Str('ipaselinuxusermaporder', attribute=True, autofill=False, cli_name='ipaselinuxusermaporder', multivalue=False, required=False)
-option: StrEnum('ipauserauthtype', attribute=True, autofill=False, cli_name='user_auth_type', csv=True, multivalue=True, required=False, values=(u'password',))
+option: StrEnum('ipauserauthtype', attribute=True, autofill=False, cli_name='user_auth_type', csv=True, multivalue=True, required=False, values=(u'password', u'radius'))
option: Str('ipauserobjectclasses', attribute=True, autofill=False, cli_name='userobjectclasses', csv=True, multivalue=True, required=False)
option: IA5Str('ipausersearchfields', attribute=True, autofill=False, cli_name='usersearch', multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
@@ -2542,6 +2542,81 @@ option: Str('version?', exclude='webui')
output: Entry('result', type 'dict', Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
output: Output('summary', (type 'unicode', type 'NoneType'), None)
output: Output('value', type 'unicode', None)
+command: radiusproxy_add
+args: 1,11,3
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
+option: Str('addattr*', cli_name='addattr', exclude='webui')
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('description', attribute=True, cli_name='desc', multivalue=False, required=False)
+option: Int('ipatokenradiusretries', attribute=True, cli_name='retries', maxvalue=10, minvalue=0, multivalue=False, required=False)
+option: Password('ipatokenradiussecret', attribute=True, cli_name='secret', confirm=True, multivalue=False, required=True)
+option: Str('ipatokenradiusserver', attribute=True, cli_name='server', multivalue=True, required=True)
+option: Int('ipatokenradiustimeout', attribute=True, cli_name='timeout', minvalue=1, multivalue=False, required=False)
+option: Str('ipatokenusermapattribute', attribute=True, cli_name='userattr', multivalue=False, required=False)
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('setattr*', cli_name='setattr', exclude='webui')
+option: Str('version?', exclude='webui')
+output: Entry('result', type 'dict', Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('summary', (type 'unicode', type 'NoneType'), None)
+output: Output('value', type 'unicode', None)
+command: radiusproxy_del
+args: 1,2,3
+arg: Str('cn', attribute=True, cli_name='name', multivalue=True, primary_key=True, query=True, required=True)
+option: Flag('continue', autofill=True, cli_name='continue', default=False)
+option: Str('version?', exclude='webui')
[Freeipa-devel] [PATCH 0018] Ensure credentials structure is initialized
Patch attached.
From 856ec54787d188fb29592a1fb021a29fb8d83abb Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum npmccal...@redhat.com
Date: Wed, 25 Sep 2013 18:04:02 -0400
Subject: [PATCH] Ensure credentials structure is initialized
---
daemons/ipa-slapi-plugins/ipa-pwd-extop/auth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/auth.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/auth.c
index ae47bab33cc924f9feb3db05b6da5bc094c21914..cccddeb91d84b45aa23d13792725ff20d7af2c7f 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/auth.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/auth.c
@@ -352,7 +352,7 @@ bool ipapwd_do_otp_auth(Slapi_Entry *bind_entry, struct berval *creds)
/* Loop through each token and attempt to authenticate. */
for (i = 0; tokens tokens[i]; i++) {
-struct credentials credentials;
+struct credentials credentials = {};
/* Parse the token entry and the credentials. */
if (!credentials_parse(tokens[i], creds, credentials))
--
1.8.3.1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
