Re: [Freeipa-devel] [PATCH 0166] Workaround: warning if CA did not start at end of upgrade instead of raising error

On 18/11/14 22:01, Martin Kosek wrote: On 11/18/2014 08:20 PM, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket/4676 Attached patches: * Version A: uses wget to get status of CA * Version B: write warning instead of raising exception (error is false positive, CA is running)

Re: [Freeipa-devel] [PATCHES] Fix getkeytab operation

On Tue, 18 Nov 2014, Simo Sorce wrote: On Tue, 18 Nov 2014 15:01:15 -0500 Nathaniel McCallum wrote: As I see it, we're setting out a new precedent. All new ASN.1 code will take this route (which is, indeed, better). So while it is small now, it won't stay small forever. Being that we are in th

[Freeipa-devel] [PATCH 0286] baseldap: Handle missing parent objects properly in *-find

Hi, When constructing a parent DN in LDAPSearch, we should always check that the parent object exists (hence use get_dn_if_exists), rather than search on unexistant containers (which can happen with get_dn). Replaces get_dn calls with get_dn_if_exists in *-find commands and makes sure proper erro

Re: [Freeipa-devel] [PATCH 0286] baseldap: Handle missing parent objects properly in *-find

On 11/19/2014 12:03 PM, Tomas Babej wrote: > Hi, > > When constructing a parent DN in LDAPSearch, we should always > check that the parent object exists (hence use get_dn_if_exists), > rather than search on unexistant containers (which can happen > with get_dn). > > Replaces get_dn calls with get

[Freeipa-devel] [PATCH] 486 Lower pki-ca requires to 10.1.2

pki-core build in our Copr is finished: https://copr.fedoraproject.org/coprs/mkosek/freeipa/build/60561/ If the patch is OK, it should be committed to ipa-4-1 branch and F21+ Fedora branches. When done, I will trigger SRPM build in Copr. -- Current Dogtag 10.2 and it's requirements are

Re: [Freeipa-devel] [PATCH 0286] baseldap: Handle missing parent objects properly in *-find

On 11/19/2014 12:24 PM, Martin Kosek wrote: > On 11/19/2014 12:03 PM, Tomas Babej wrote: >> Hi, >> >> When constructing a parent DN in LDAPSearch, we should always >> check that the parent object exists (hence use get_dn_if_exists), >> rather than search on unexistant containers (which can happen

Re: [Freeipa-devel] [PATCH 0164] Fix warning message should not contain CLI commands due WebUI

On 13.11.2014 16:49, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket/4647 Patch attached. The change looses information about the zone apex record. User also might not know what is the message about because it lacks context. CLI option name as context is the cause of thi

Re: [Freeipa-devel] [PATCH] 486 Lower pki-ca requires to 10.1.2

On Wed, 19 Nov 2014, Martin Kosek wrote: pki-core build in our Copr is finished: https://copr.fedoraproject.org/coprs/mkosek/freeipa/build/60561/ If the patch is OK, it should be committed to ipa-4-1 branch and F21+ Fedora branches. When done, I will trigger SRPM build in Copr. -- Cur

Re: [Freeipa-devel] [PATCH 0286] baseldap: Handle missing parent objects properly in *-find

On 11/19/2014 12:41 PM, Tomas Babej wrote: > > On 11/19/2014 12:24 PM, Martin Kosek wrote: >> On 11/19/2014 12:03 PM, Tomas Babej wrote: >>> Hi, >>> >>> When constructing a parent DN in LDAPSearch, we should always >>> check that the parent object exists (hence use get_dn_if_exists), >>> rather th

Re: [Freeipa-devel] [PATCH] 486 Lower pki-ca requires to 10.1.2

On 11/19/2014 12:52 PM, Alexander Bokovoy wrote: > On Wed, 19 Nov 2014, Martin Kosek wrote: >> pki-core build in our Copr is finished: >> >> https://copr.fedoraproject.org/coprs/mkosek/freeipa/build/60561/ >> >> If the patch is OK, it should be committed to ipa-4-1 branch and F21+ Fedora >> branche

Re: [Freeipa-devel] [PATCHES] 0656-0673 Switch the test suite to pytest

On 11/14/2014 09:55 AM, Petr Viktorin wrote: > On 10/29/2014 04:52 PM, Petr Viktorin wrote: >> On 10/29/2014 01:22 PM, Tomas Babej wrote: >>> >>> On 10/27/2014 04:38 PM, Petr Viktorin wrote: On 10/15/2014 02:58 PM, Petr Viktorin wrote: > This almost completes the switch to pytest. There a

Re: [Freeipa-devel] FreeIPA Copr repo plan

On Mon, Nov 10, 2014 at 12:07:46PM +0100, Martin Kosek wrote: > > 1) What Copr repos do we want to maintain and what should be the expectations? > My take: > > a) mkosek/freeipa: latest and greatest *released* FreeIPA. Built for F20+, > EPEL-7.0. Jan, this is the one you use in the FreeIPA CentOS

Re: [Freeipa-devel] [PATCH 0286] baseldap: Handle missing parent objects properly in *-find

On 11/19/2014 12:24 PM, Martin Kosek wrote: On 11/19/2014 12:03 PM, Tomas Babej wrote: Hi, When constructing a parent DN in LDAPSearch, we should always check that the parent object exists (hence use get_dn_if_exists), rather than search on unexistant containers (which can happen with get_dn).

Re: [Freeipa-devel] [PATCH 0286] baseldap: Handle missing parent objects properly in *-find

On 11/19/2014 12:51 PM, Martin Kosek wrote: On 11/19/2014 12:41 PM, Tomas Babej wrote: On 11/19/2014 12:24 PM, Martin Kosek wrote: On 11/19/2014 12:03 PM, Tomas Babej wrote: Hi, When constructing a parent DN in LDAPSearch, we should always check that the parent object exists (hence use get_d

Re: [Freeipa-devel] [PATCH 0165] --zonemgr options must be unicode

On 18.11.2014 12:43, David Kupka wrote: On 11/18/2014 12:07 PM, Martin Basti wrote: On 13/11/14 18:28, Martin Basti wrote: To allow IDNA zonemgr email, value must be unicode not ASCII Ticket: https://fedorahosted.org/freeipa/ticket/4724 Patch attached. Patch for ipa-4.0 added. Thanks, wor

Re: [Freeipa-devel] [PATCH 0286] baseldap: Handle missing parent objects properly in *-find

On 11/19/2014 12:51 PM, Martin Kosek wrote: > On 11/19/2014 12:41 PM, Tomas Babej wrote: >> On 11/19/2014 12:24 PM, Martin Kosek wrote: >>> On 11/19/2014 12:03 PM, Tomas Babej wrote: Hi, When constructing a parent DN in LDAPSearch, we should always check that the parent object

Re: [Freeipa-devel] [PATCH 0164] Fix warning message should not contain CLI commands due WebUI

On 19/11/14 12:45, Petr Vobornik wrote: On 13.11.2014 16:49, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket/4647 Patch attached. The change looses information about the zone apex record. User also might not know what is the message about because it lacks context. CLI o

Re: [Freeipa-devel] [PATCH] 373 Update Requires on pki-ca to 10.2.1-0.1

On 18.11.2014 23:29, Nathaniel McCallum wrote: On Tue, 2014-11-18 at 19:56 +0100, Jan Cholasta wrote: Hi, the attached patch fixes . ACK Shouldn't the version be 10.1.2-4 ? http://koji.fedoraproject.org/koji/buildinfo?buildID=594223 -- Petr Vo

Re: [Freeipa-devel] [PATCH] 373 Update Requires on pki-ca to 10.2.1-0.1

Dne 19.11.2014 v 13:55 Petr Vobornik napsal(a): On 18.11.2014 23:29, Nathaniel McCallum wrote: On Tue, 2014-11-18 at 19:56 +0100, Jan Cholasta wrote: Hi, the attached patch fixes . ACK Shouldn't the version be 10.1.2-4 ? http://koji.fedorapro

Re: [Freeipa-devel] [PATCH 0286] baseldap: Handle missing parent objects properly in *-find

On 11/19/2014 01:44 PM, Tomas Babej wrote: > > On 11/19/2014 12:51 PM, Martin Kosek wrote: >> On 11/19/2014 12:41 PM, Tomas Babej wrote: >>> On 11/19/2014 12:24 PM, Martin Kosek wrote: On 11/19/2014 12:03 PM, Tomas Babej wrote: > Hi, > > When constructing a parent DN in LDAPSearch

Re: [Freeipa-devel] [PATCH 0286] baseldap: Handle missing parent objects properly in *-find

Dne 19.11.2014 v 13:44 Tomas Babej napsal(a): On 11/19/2014 12:51 PM, Martin Kosek wrote: On 11/19/2014 12:41 PM, Tomas Babej wrote: On 11/19/2014 12:24 PM, Martin Kosek wrote: On 11/19/2014 12:03 PM, Tomas Babej wrote: Hi, When constructing a parent DN in LDAPSearch, we should always check

Re: [Freeipa-devel] [PATCHES] Fix getkeytab operation

On Wed, 19 Nov 2014 12:53:01 +0200 Alexander Bokovoy wrote: > On Tue, 18 Nov 2014, Simo Sorce wrote: > >On Tue, 18 Nov 2014 15:01:15 -0500 > >Nathaniel McCallum wrote: > > > >> As I see it, we're setting out a new precedent. All new ASN.1 code > >> will take this route (which is, indeed, better)

Re: [Freeipa-devel] [PATCH] 373 Update Requires on pki-ca to 10.2.1-0.1

On 19.11.2014 13:59, Jan Cholasta wrote: Dne 19.11.2014 v 13:55 Petr Vobornik napsal(a): On 18.11.2014 23:29, Nathaniel McCallum wrote: On Tue, 2014-11-18 at 19:56 +0100, Jan Cholasta wrote: Hi, the attached patch fixes . ACK Shouldn't the ve

Re: [Freeipa-devel] [PATCH 0078] Enable QR code display by default in otptoken-add

On 18.11.2014 18:27, Petr Vobornik wrote: On 18.11.2014 17:27, Nathaniel McCallum wrote: This patch still needs to land in 4.1.2, so is it okay as it is? I don't think the label is necessary but it doesn't hurt either, at least it's clear, so ACK. Pushed to: master: 3c900ba7a8d98a72ff4e040b6

Re: [Freeipa-devel] [PATCH] 373 Update Requires on pki-ca to 10.2.1-0.1

Dne 19.11.2014 v 14:07 Petr Vobornik napsal(a): On 19.11.2014 13:59, Jan Cholasta wrote: Dne 19.11.2014 v 13:55 Petr Vobornik napsal(a): On 18.11.2014 23:29, Nathaniel McCallum wrote: On Tue, 2014-11-18 at 19:56 +0100, Jan Cholasta wrote: Hi, the attached patch fixes

Re: [Freeipa-devel] [PATCH] 374 Fix wrong expiration date on renewed IPA CA certificates

On 11/19/2014 08:32 AM, Jan Cholasta wrote: Hi, the attached patch fixes . Honza ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Works for

[Freeipa-devel] [PATCH 0167] DNS: Raise proper exception instead UnicodeError

Ticket: https://fedorahosted.org/freeipa/ticket/4734 Patch attached. -- Martin Basti From 0af7b841365a9d37d4ea67c396ac53ece6982429 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 19 Nov 2014 14:51:20 +0100 Subject: [PATCH] Raise right exception if domain name is not valid Because of dns

Re: [Freeipa-devel] [PATCH 0286] baseldap: Handle missing parent objects properly in *-find

On 11/19/2014 02:03 PM, Jan Cholasta wrote: > Dne 19.11.2014 v 13:44 Tomas Babej napsal(a): >> >> On 11/19/2014 12:51 PM, Martin Kosek wrote: >>> On 11/19/2014 12:41 PM, Tomas Babej wrote: On 11/19/2014 12:24 PM, Martin Kosek wrote: > On 11/19/2014 12:03 PM, Tomas Babej wrote: >> Hi,

Re: [Freeipa-devel] [PATCH] 374 Fix wrong expiration date on renewed IPA CA certificates

Dne 19.11.2014 v 15:02 David Kupka napsal(a): On 11/19/2014 08:32 AM, Jan Cholasta wrote: Hi, the attached patch fixes . Honza ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat

Re: [Freeipa-devel] [PATCH 0164] Fix warning message should not contain CLI commands due WebUI

On 19.11.2014 13:47, Martin Basti wrote: On 19/11/14 12:45, Petr Vobornik wrote: On 13.11.2014 16:49, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket/4647 Patch attached. The change looses information about the zone apex record. User also might not know what is the messag

Re: [Freeipa-devel] [PATCH] 0673 Do not restore SELinux settings that were not backed up

On 18.11.2014 12:17, Petr Viktorin wrote: This fixes https://fedorahosted.org/freeipa/ticket/4678 ACK Pushed to: master: a14ce85357419f41f0994625d29d3f1af7a53d4c ipa-4-1: 1d7407c06caa06119635910d34213167d97125a0 -- Petr Vobornik ___ Freeipa-devel m

Re: [Freeipa-devel] [PATCH 0166] Workaround: warning if CA did not start at end of upgrade instead of raising error

On Wed, 19 Nov 2014 10:17:03 +0100 Martin Basti wrote: > On 18/11/14 22:01, Martin Kosek wrote: > > On 11/18/2014 08:20 PM, Martin Basti wrote: > >> Ticket: https://fedorahosted.org/freeipa/ticket/4676 > >> > >> Attached patches: > >> > >> * Version A: uses wget to get status of CA > >> * Version

[Freeipa-devel] [PATCH] 788 webui: fix potential XSS vulnerabilities

Escape user defined text to prevent XSS attacks. Extra precaution was taken to escape also parts which are unlikely to contain user-defined text. https://fedorahosted.org/freeipa/ticket/4742 resolves CVE-2014-7850 f21 blocker candidate, requires priority review. -- Petr Vobornik From 4b60ecf58

Re: [Freeipa-devel] [PATCHES] Fix getkeytab operation

On Wed, 2014-11-19 at 13:33 -0500, Simo Sorce wrote: > - Original Message - > > From: "Alexander Bokovoy" > [...] > > > Regarding the patchset itself: > > > > Patch 0001: fix 'wuld' in the commit message. The rest is fine. > > Fixed. > > > Patch 0002: > > - ticket number is missing in