Re: [Freeipa-devel] [PATCHES] 366-372 Additional Coverity fixes

On Mon, 24 Nov 2014, Jan Cholasta wrote: From bf1132192a9a0ac3ee41f24c56de6e911af51b78 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Mon, 10 Nov 2014 18:10:27 + Subject: [PATCH 4/8] Fix unchecked return value in ipa-kdb https://fedorahosted.org/freeipa/ticket/4713 --- daemons/ipa-kdb/ip

Re: [Freeipa-devel] [PATCHES] 366-372 Additional Coverity fixes

On Mon, 24 Nov 2014, Jan Cholasta wrote: From fef20b5966b4a49cc8c230437cf8f06899b51840 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Mon, 24 Nov 2014 13:57:10 + Subject: [PATCH] Fix memory leak in GetKeytabControl asn1 code https://fedorahosted.org/freeipa/ticket/4713 --- asn1/ipa_asn1.

Re: [Freeipa-devel] [PATCHES] 366-372 Additional Coverity fixes

On Tue, 11 Nov 2014, Jan Cholasta wrote: From c2a03a9e062df5691431babeb55119dbda6b2c67 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Mon, 10 Nov 2014 17:20:18 + Subject: [PATCH 1/7] Remove redefinition of LOG from ipa-otp-lasttoken https://fedorahosted.org/freeipa/ticket/4713 --- daemo

Re: [Freeipa-devel] [PATCHES] 366-372 Additional Coverity fixes

On Tue, 11 Nov 2014, Jan Cholasta wrote: From 10b309f53852665050465df8aa44290dfe232291 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Mon, 10 Nov 2014 17:33:23 + Subject: [PATCH 2/7] Unload P11_Helper object's library when it is finalized in ipap11helper https://fedorahosted.org/freeipa

Re: [Freeipa-devel] [PATCHES] 366-372 Additional Coverity fixes

On Tue, 11 Nov 2014, Jan Cholasta wrote: Dne 10.11.2014 v 19:25 Jan Cholasta napsal(a): Hi, the attached patches provide additional fixes for . I'm not 100% sure if the fixes for ipa-sam and ipa-kdb are correct, please check them carefully. Honza

Re: [Freeipa-devel] [PATCH] 0675 copy_schema_to_ca: Fallback to old import location for ipaplatform.services

On 11/24/2014 04:39 PM, Petr Viktorin wrote: > This fixes a regression from the ipaplatform refactoring. > > https://fedorahosted.org/freeipa/ticket/4763 Tomas Babej acked this one via different communication channel :-) To avoid waiting for fixing mail and get this in upcoming 4.1.2, I just pus

Re: [Freeipa-devel] [PATCHES] 366-372 Additional Coverity fixes

Dne 25.11.2014 v 09:19 Alexander Bokovoy napsal(a): On Tue, 11 Nov 2014, Jan Cholasta wrote: Dne 10.11.2014 v 19:25 Jan Cholasta napsal(a): Hi, the attached patches provide additional fixes for . I'm not 100% sure if the fixes for ipa-sam and ipa-

Re: [Freeipa-devel] Releasing FreeIPA 4.1.2

On 11/20/2014 01:09 PM, Martin Kosek wrote: > Hello, > > We seem to have enough content to release 4.1.2 that will be required to fix > some of the Fedora 21 blockers: > > https://bugzilla.redhat.com/show_bug.cgi?id=1165856 > https://bugzilla.redhat.com/show_bug.cgi?id=1165261 > > and Freeze exc

Re: [Freeipa-devel] [PATCH] 1111 Use NSS protocol range setter

Dne 24.11.2014 v 15:59 Rob Crittenden napsal(a): Jan Cholasta wrote: Dne 21.11.2014 v 16:09 Rob Crittenden napsal(a): Jan Cholasta wrote: Hi, Dne 20.11.2014 v 23:26 Rob Crittenden napsal(a): Use new capability in python-nss-0.16 to use the NSS protocol range setter. This lets us enable TLSv1

Re: [Freeipa-devel] Releasing FreeIPA 4.1.2

On Tue, 25 Nov 2014, Martin Kosek wrote: On 11/20/2014 01:09 PM, Martin Kosek wrote: Hello, We seem to have enough content to release 4.1.2 that will be required to fix some of the Fedora 21 blockers: https://bugzilla.redhat.com/show_bug.cgi?id=1165856 https://bugzilla.redhat.com/show_bug.cgi?

Re: [Freeipa-devel] [PATCH] 0033 Use singular in help metavars + update man pages.

On 11/24/2014 03:59 PM, Martin Basti wrote: On 24/11/14 15:54, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4695 IMO this is one of two reasonable ways how to fix this ticket. The other one is to change just the manual page but it seems more consistent to use singular for metavars

Re: [Freeipa-devel] [PATCH] 0033 Use singular in help metavars + update man pages.

On 11/25/2014 09:51 AM, David Kupka wrote: On 11/24/2014 03:59 PM, Martin Basti wrote: On 24/11/14 15:54, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4695 IMO this is one of two reasonable ways how to fix this ticket. The other one is to change just the manual page but it seems

Re: [Freeipa-devel] RFE - Number of thoughts on FreeIPA

On 25.11.2014 04:09, Simo Sorce wrote: > On Tue, 25 Nov 2014 08:31:33 +1030 > William B wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Hi, >> >> I have been using FreeIPA for some time now. I have done a lot of >> testing for the project, and have a desire to see FreeIPA do we

Re: [Freeipa-devel] RFE - Number of thoughts on FreeIPA

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thank you both for your responses. I have done some rearranging to allow my responses to make sense. > > > > Hi William, good news is, Dogtag, DNS and NTP are all optional > > components, you can install a FreeIPa server withouth the CA and > > wit

Re: [Freeipa-devel] Gaps in upstream tests

On 7.11.2014 14:41, Martin Kosek wrote: > FreeIPA team will soon grow with a new member focusing on upstream QE tests. I > would like to collect ideas what are the biggest gaps in the current upstream > test suite from your POV. > > Existing requests are tracked here: > https://fedorahosted.org/fr

Re: [Freeipa-devel] Releasing FreeIPA 4.1.2

On 11/25/2014 09:36 AM, Alexander Bokovoy wrote: > On Tue, 25 Nov 2014, Martin Kosek wrote: >> On 11/20/2014 01:09 PM, Martin Kosek wrote: >>> Hello, >>> >>> We seem to have enough content to release 4.1.2 that will be required to fix >>> some of the Fedora 21 blockers: >>> >>> https://bugzilla.red

Re: [Freeipa-devel] [PATCH] 0170 AD Trust: improve trust validation

On 11/24/2014 02:23 PM, Alexander Bokovoy wrote: > Hi, > > Trust validation requires AD DC to contact IPA server to verify that > trust account actually works. It can fail due to DNS or firewall issue > or if AD DC was able to resolve IPA master(s) via SRV records, it still > may contact a replica

Re: [Freeipa-devel] [PATCH] 1111 Use NSS protocol range setter

On 11/25/2014 09:35 AM, Jan Cholasta wrote: > Dne 24.11.2014 v 15:59 Rob Crittenden napsal(a): ... >>> 2) Configure mod_nss to also support TLS 1.2. It should be done on both >>> server install and upgrade. This requires a new version of mod_nss. >> >> mod_nss 1.0.10 in F-21 and rawhide should both

Re: [Freeipa-devel] Releasing FreeIPA 4.1.2

On 11/25/2014 10:56 AM, Martin Kosek wrote: > On 11/25/2014 09:36 AM, Alexander Bokovoy wrote: >> On Tue, 25 Nov 2014, Martin Kosek wrote: >>> On 11/20/2014 01:09 PM, Martin Kosek wrote: Hello, We seem to have enough content to release 4.1.2 that will be required to fix so

Re: [Freeipa-devel] [PATCH] 0033 Use singular in help metavars + update man pages.

On 11/25/2014 09:57 AM, David Kupka wrote: On 11/25/2014 09:51 AM, David Kupka wrote: On 11/24/2014 03:59 PM, Martin Basti wrote: On 24/11/14 15:54, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4695 IMO this is one of two reasonable ways how to fix this ticket. The other one is

[Freeipa-devel] [PATCH 0172] Fix zonemgr option encoding detection

Ticket: https://fedorahosted.org/freeipa/ticket/4766 Patch attached. -- Martin Basti From 4ab01f6f91d03aeeb2a1257296815e804f069cad Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Tue, 25 Nov 2014 14:03:27 +0100 Subject: [PATCH] Fix zonemgr option encoding detection Ticket: https://fedorahost

Re: [Freeipa-devel] [PATCH] 787 webui: add radius fields to user page

On 11/13/2014 02:29 PM, Petr Vobornik wrote: > add --radius=ID --radius-username=radiusUserName to Web UI > > https://fedorahosted.org/freeipa/ticket/4686 > > > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/

Re: [Freeipa-devel] [PATCH 0172] Fix zonemgr option encoding detection

Hi, Dne 25.11.2014 v 14:07 Martin Basti napsal(a): Ticket: https://fedorahosted.org/freeipa/ticket/4766 Patch attached. Thanks, ACK. Hopefully it's correct this time. Pushed to: master: c13862104ab64cda81c86c51b849c8d01c3c9187 ipa-4-1: e457a3e615b695cfd98e7d54594e5a3663562b06 Honza -- Jan

Re: [Freeipa-devel] [PATCH 0172] Fix zonemgr option encoding detection

Hi, Dne 25.11.2014 v 14:07 Martin Basti napsal(a): Ticket: https://fedorahosted.org/freeipa/ticket/4766 Patch attached. Thanks, ACK. Hopefully it's correct this time. Pushed to: master: c13862104ab64cda81c86c51b849c8d01c3c9187 ipa-4-1: e457a3e615b695cfd98e7d54594e5a3663562b06 Honza -- Jan

Re: [Freeipa-devel] [PATCH] drop archeological feature :)

On 11/24/2014 07:10 PM, Simo Sorce wrote: > Getting through krbinstancepy I discovered we are still doing this > thing with the master key that has been unnecessary for a few years now. > > Stop doing that. > > I haven't really tested this yet ... but ... what could possibly go > wrong ? :-D > > S

Re: [Freeipa-devel] [PATCH] drop archeological feature :)

On Tue, 25 Nov 2014 14:26:40 +0100 Tomas Babej wrote: > > On 11/24/2014 07:10 PM, Simo Sorce wrote: > > Getting through krbinstancepy I discovered we are still doing this > > thing with the master key that has been unnecessary for a few years > > now. > > > > Stop doing that. > > > > I haven't r

Re: [Freeipa-devel] [PATCH] 0033 Use singular in help metavars + update man pages.

On 25/11/14 13:16, David Kupka wrote: On 11/25/2014 09:57 AM, David Kupka wrote: On 11/25/2014 09:51 AM, David Kupka wrote: On 11/24/2014 03:59 PM, Martin Basti wrote: On 24/11/14 15:54, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4695 IMO this is one of two reasonable ways ho

Re: [Freeipa-devel] [PATCH] 0033 Use singular in help metavars + update man pages.

On 11/25/2014 03:23 PM, Martin Basti wrote: On 25/11/14 13:16, David Kupka wrote: On 11/25/2014 09:57 AM, David Kupka wrote: On 11/25/2014 09:51 AM, David Kupka wrote: On 11/24/2014 03:59 PM, Martin Basti wrote: On 24/11/14 15:54, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/46

[Freeipa-devel] FereIPA 4.1.2 build for CentOS

Hello, I checked the dependencies of FreeIPA 4.1.2 on top of 4.1.1, it missed certmonger and python-nss build. certmonger build went fine, but python-nss failed: http://copr-be.cloud.fedoraproject.org/results/mkosek/freeipa/epel-7-x86_64/python-nss-0.16.0-0.fc20/build.log John, what would be yo

Re: [Freeipa-devel] [PATCH 0079] Catch USBError during YubiKey location

On 11/13/2014 07:39 AM, Nathaniel McCallum wrote: > On Mon, 2014-11-10 at 09:08 +0100, Martin Kosek wrote: >> On 11/10/2014 08:31 AM, Alexander Bokovoy wrote: >>> On Mon, 10 Nov 2014, Jan Cholasta wrote: Hi, Dne 7.11.2014 v 16:51 Nathaniel McCallum napsal(a): > https://fedorahost

Re: [Freeipa-devel] [PATCH 0074] Make token window sizes configurable

On 11/18/2014 08:26 PM, Petr Vobornik wrote: On 13.11.2014 08:53, Martin Kosek wrote: On 11/13/2014 08:51 AM, Nathaniel McCallum wrote: On Thu, 2014-11-13 at 08:48 +0100, Martin Kosek wrote: On 11/12/2014 11:37 PM, Nathaniel McCallum wrote: On Mon, 2014-11-10 at 08:28 +0100, Martin Kosek wrot

[Freeipa-devel] [PATCH 0309] Fix crash caused by interaction between forward and master zones

Hello, Fix crash caused by interaction between forward and master zones. LDAP modifications made to idnsName=sub, idnsName=example.com, cn=dns object were incorrectly processed using update_zone() in cases where forward zone sub.example.com. existed in LDAP as object idnsName=sub.example.com, cn=

[Freeipa-devel] [PATCH 0310] Fix misleading error message about forward zones on reconnect

Hello, Fix misleading error message about forward zones on reconnect. Previously the plugin could log 'already exist' error after successful reconnection to LDAP for each active forward zone. Now it prints message: forward zone 'fw.example.com': loaded -- Petr^2 Spacek From d5335dcf75e4d35177f

Re: [Freeipa-devel] [PATCH 0309] Fix crash caused by interaction between forward and master zones

On 25/11/14 18:11, Petr Spacek wrote: Hello, Fix crash caused by interaction between forward and master zones. LDAP modifications made to idnsName=sub, idnsName=example.com, cn=dns object were incorrectly processed using update_zone() in cases where forward zone sub.example.com. existed in LDAP

Re: [Freeipa-devel] [PATCH 0310] Fix misleading error message about forward zones on reconnect

On 25/11/14 18:27, Petr Spacek wrote: Hello, Fix misleading error message about forward zones on reconnect. Previously the plugin could log 'already exist' error after successful reconnection to LDAP for each active forward zone. Now it prints message: forward zone 'fw.example.com': loaded

Re: [Freeipa-devel] [PATCH 0308] Improve detection of BIND 9 isc__errno2result header file

On 12/11/14 16:11, Petr Spacek wrote: Hello, Improve detection of BIND 9 isc__errno2result header file. This header file is not in standard distribution so normal isc-config.sh detection is not enough. With this patch, ./configure should work even without explicit CFLAGS and it should also de

Re: [Freeipa-devel] [PATCH 0228] Drop unnecessary #define _BSD_SOURCE

On 12/11/14 16:34, Petr Spacek wrote: On 25.2.2014 15:05, Lukas Slebodnik wrote: On (25/02/14 09:54), Petr Spacek wrote: On 24.2.2014 18:56, Lukas Slebodnik wrote: On (24/02/14 16:48), Petr Spacek wrote: Hello, Drop unnecessary #define _BSD_SOURCE. -- Petr^2 Spacek >From 1b5105e3ab92f2a898

Re: [Freeipa-devel] Meaning of "Needs UI design" field in Trac?

On Tue, Nov 25, 2014 at 10:13:59AM +1000, Fraser Tweedale wrote: > On Mon, Nov 24, 2014 at 09:23:50AM +0100, Martin Kosek wrote: > > On 11/24/2014 08:39 AM, Fraser Tweedale wrote: > > > Hi all, > > > > > > The precise meaning and usage of the "Needs UI design" field in Trac > > > is not clear to m

Re: [Freeipa-devel] Meaning of "Needs UI design" field in Trac?

On 11/26/2014 07:40 AM, Fraser Tweedale wrote: > On Tue, Nov 25, 2014 at 10:13:59AM +1000, Fraser Tweedale wrote: >> On Mon, Nov 24, 2014 at 09:23:50AM +0100, Martin Kosek wrote: >>> On 11/24/2014 08:39 AM, Fraser Tweedale wrote: Hi all, The precise meaning and usage of the "Needs UI