[Freeipa-devel] [PATCH] 0039 Prohibit deletion of included profiles

2015-08-13 Thread Fraser Tweedale
The attached patch fixes https://fedorahosted.org/freeipa/ticket/5198 Thanks, Fraser From 0dd316bf0cbab7b6701bd69f142e82b30bee25b8 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale ftwee...@redhat.com Date: Thu, 13 Aug 2015 02:32:54 -0400 Subject: [PATCH] Prohibit deletion of included profiles

Re: [Freeipa-devel] [PATCH 0002] Port from python-krbV to python-gssapi

2015-08-13 Thread Michael Šimáček
On 2015-08-03 09:25, Jan Cholasta wrote: Dne 31.7.2015 v 20:20 Simo Sorce napsal(a): On Fri, 2015-07-31 at 16:41 +0200, Michael Šimáček wrote: On 2015-07-31 07:52, Jan Cholasta wrote: Hi Michael, Dne 29.7.2015 v 10:09 Michael Šimáček napsal(a): Hi, this is the first attempt to port FreeIPA

Re: [Freeipa-devel] Topology Plugin design questions

2015-08-13 Thread Ludwig Krispenz
On 08/10/2015 10:54 AM, Oleg Fayans wrote: Hi Ludwig, It seems the Design page for the topology plugin is a bit outdated. 1. It still operates with the terms like plugin version (http://www.freeipa.org/page/V4/Manage_replication_topology#Check_for_modify_operation), although it was generally

Re: [Freeipa-devel] [PATCH] 0039 Prohibit deletion of included profiles

2015-08-13 Thread Alexander Bokovoy
On Thu, 13 Aug 2015, Fraser Tweedale wrote: The attached patch fixes https://fedorahosted.org/freeipa/ticket/5198 Thanks, Fraser From 0dd316bf0cbab7b6701bd69f142e82b30bee25b8 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale ftwee...@redhat.com Date: Thu, 13 Aug 2015 02:32:54 -0400 Subject:

Re: [Freeipa-devel] [PATCH] 0039 Prohibit deletion of included profiles

2015-08-13 Thread Fraser Tweedale
On Thu, Aug 13, 2015 at 09:53:35AM +0300, Alexander Bokovoy wrote: On Thu, 13 Aug 2015, Fraser Tweedale wrote: The attached patch fixes https://fedorahosted.org/freeipa/ticket/5198 Thanks, Fraser From 0dd316bf0cbab7b6701bd69f142e82b30bee25b8 Mon Sep 17 00:00:00 2001 From: Fraser

Re: [Freeipa-devel] Topology Plugin design questions

2015-08-13 Thread Petr Vobornik
On 08/13/2015 09:55 AM, Ludwig Krispenz wrote: On 08/10/2015 10:54 AM, Oleg Fayans wrote: Hi Ludwig, It seems the Design page for the topology plugin is a bit outdated. 1. It still operates with the terms like plugin version

Re: [Freeipa-devel] [PATCH] 0039 Prohibit deletion of included profiles

2015-08-13 Thread Alexander Bokovoy
On Thu, 13 Aug 2015, Fraser Tweedale wrote: On Thu, Aug 13, 2015 at 09:53:35AM +0300, Alexander Bokovoy wrote: On Thu, 13 Aug 2015, Fraser Tweedale wrote: The attached patch fixes https://fedorahosted.org/freeipa/ticket/5198 Thanks, Fraser From 0dd316bf0cbab7b6701bd69f142e82b30bee25b8 Mon Sep

Re: [Freeipa-devel] [PATCH] 910 add permission: System: Manage User Certificates

2015-08-13 Thread Petr Vobornik
On 08/13/2015 05:28 AM, Fraser Tweedale wrote: On Wed, Aug 12, 2015 at 02:56:54PM +0200, Petr Vobornik wrote: usercertificate attr was moved from System Modify Users to this new permission. https://fedorahosted.org/freeipa/ticket/5177 Note: hosts have permission System: Manage Host

[Freeipa-devel] [PATCH 0060] user-undel: Fix error messages.

2015-08-13 Thread David Kupka
https://fedorahosted.org/freeipa/ticket/5207 Requires patch freeipa-jcholast-471.1. -- David Kupka From 3fbef326a6235297b95703edd2e77f8e7ab4e446 Mon Sep 17 00:00:00 2001 From: David Kupka dku...@redhat.com Date: Thu, 13 Aug 2015 08:11:38 +0200 Subject: [PATCH] user-undel: Fix error messages.

Re: [Freeipa-devel] [PATCH] 0039 Prohibit deletion of included profiles

2015-08-13 Thread Alexander Bokovoy
On Thu, 13 Aug 2015, Fraser Tweedale wrote: On Thu, Aug 13, 2015 at 12:01:09PM +0300, Alexander Bokovoy wrote: On Thu, 13 Aug 2015, Fraser Tweedale wrote: On Thu, Aug 13, 2015 at 09:53:35AM +0300, Alexander Bokovoy wrote: On Thu, 13 Aug 2015, Fraser Tweedale wrote: The attached patch fixes

Re: [Freeipa-devel] [PATCH] 0039 Prohibit deletion of included profiles

2015-08-13 Thread Fraser Tweedale
On Thu, Aug 13, 2015 at 12:31:27PM +0300, Alexander Bokovoy wrote: On Thu, 13 Aug 2015, Fraser Tweedale wrote: On Thu, Aug 13, 2015 at 12:01:09PM +0300, Alexander Bokovoy wrote: On Thu, 13 Aug 2015, Fraser Tweedale wrote: On Thu, Aug 13, 2015 at 09:53:35AM +0300, Alexander Bokovoy wrote: On

Re: [Freeipa-devel] [PATCH 019] Asymmetric vault: validate public key in client

2015-08-13 Thread Petr Vobornik
On 07/23/2015 08:38 PM, Christian Heimes wrote: The ipa vault commands now load the public keys in order to verify them. The validation also prevents a user from accidentally sending her private keys to the server. The patch fixes #5142 and #5142. $ ./ipa vault-add AsymmetricVault --desc

Re: [Freeipa-devel] [PATCH 019] Asymmetric vault: validate public key in client

2015-08-13 Thread Christian Heimes
On 2015-08-13 12:10, Petr Vobornik wrote: On 07/23/2015 08:38 PM, Christian Heimes wrote: The ipa vault commands now load the public keys in order to verify them. The validation also prevents a user from accidentally sending her private keys to the server. The patch fixes #5142 and #5142. $

Re: [Freeipa-devel] [PATCH] 0038 cert-request: remove allowed extensions check

2015-08-13 Thread Jan Cholasta
Hi, On 13.8.2015 07:54, Fraser Tweedale wrote: The attached patch fixes https://fedorahosted.org/freeipa/ticket/5205 Simo wrote this some time ago in a (private) discussion about CSR extensions: On 23.1.2014 18:58, Simo Sorce wrote: Regardless of which tool we use, I really think we need

Re: [Freeipa-devel] [PATCH 019] Asymmetric vault: validate public key in client

2015-08-13 Thread Christian Heimes
On 2015-08-13 14:05, Petr Vobornik wrote: On 08/13/2015 12:38 PM, Christian Heimes wrote: On 2015-08-13 12:10, Petr Vobornik wrote: On 07/23/2015 08:38 PM, Christian Heimes wrote: The ipa vault commands now load the public keys in order to verify them. The validation also prevents a user

Re: [Freeipa-devel] [PATCH] 371 Added support for changing vault encryption.

2015-08-13 Thread Martin Basti
On 08/04/2015 01:20 AM, Endi Sukma Dewata wrote: The vault-mod command has been modified to support changing vault encryption attributes (i.e. type, password, public/private keys) in addition to normal attributes (i.e. description). Changing the encryption requires retrieving the stored secret

Re: [Freeipa-devel] [patch]-pytest-multihost-Return File Attributes to sftp.put

2015-08-13 Thread Niranjan
Tomas Babej wrote: On 08/13/2015 01:55 PM, Niranjan wrote: Greetings, This patch is regarding pytest-multihost plugin. Including a patch to return FileAttributes for sftp.put function used in the function. Current put_file function in transport.py in ParamikoTransport Class

Re: [Freeipa-devel] [patch]-pytest-multihost-Return File Attributes to sftp.put

2015-08-13 Thread Martin Basti
On 08/13/2015 01:55 PM, Niranjan wrote: Greetings, This patch is regarding pytest-multihost plugin. Including a patch to return FileAttributes for sftp.put function used in the function. Current put_file function in transport.py in ParamikoTransport Class doesn't return any value. So when

[Freeipa-devel] [PATCHES 0056-0057] improve backing-up of DNSSEC-related files

2015-08-13 Thread Martin Babinsky
PATCH 0056 just fixes a typo in ipaplatform/paths PATCH 0057 addresses https://fedorahosted.org/freeipa/ticket/5159 -- Martin^3 Babinsky From 9835537bdf46305177bba949f9f87313a6dd337e Mon Sep 17 00:00:00 2001 From: Martin Babinsky mbabi...@redhat.com Date: Thu, 13 Aug 2015 15:05:36 +0200

Re: [Freeipa-devel] [patch]-pytest-multihost-Return File Attributes to sftp.put

2015-08-13 Thread Niranjan
Martin Basti wrote: On 08/13/2015 01:55 PM, Niranjan wrote: Greetings, This patch is regarding pytest-multihost plugin. Including a patch to return FileAttributes for sftp.put function used in the function. Current put_file function in transport.py in ParamikoTransport Class doesn't

Re: [Freeipa-devel] [PATCH 019] Asymmetric vault: validate public key in client

2015-08-13 Thread Petr Vobornik
On 08/13/2015 12:38 PM, Christian Heimes wrote: On 2015-08-13 12:10, Petr Vobornik wrote: On 07/23/2015 08:38 PM, Christian Heimes wrote: The ipa vault commands now load the public keys in order to verify them. The validation also prevents a user from accidentally sending her private keys to

Re: [Freeipa-devel] [patch]-pytest-multihost-Return File Attributes to sftp.put

2015-08-13 Thread Tomas Babej
On 08/13/2015 01:55 PM, Niranjan wrote: Greetings, This patch is regarding pytest-multihost plugin. Including a patch to return FileAttributes for sftp.put function used in the function. Current put_file function in transport.py in ParamikoTransport Class doesn't return any value. So

Re: [Freeipa-devel] [PATCH 0002] TEST: Stageuser plugin

2015-08-13 Thread Martin Basti
On 08/11/2015 10:57 AM, Lenka Doudova wrote: On 08/11/2015 10:06 AM, thierry bordaz wrote: On 08/04/2015 01:37 PM, Lenka Doudova wrote: Dne 30.7.2015 v 16:10 Martin Basti napsal(a): On 30/07/15 16:09, Martin Basti wrote: On 29/07/15 16:10, Martin Basti wrote: On 29/07/15 15:29, Lenka

[Freeipa-devel] [PATCH] 0195 harden trust-fetch-domains oddjobd script

2015-08-13 Thread Alexander Bokovoy
Hi, see commit message for details. -- / Alexander Bokovoy From 96f4623730f764c73ce4544d0788e8782fecaa99 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Thu, 13 Aug 2015 17:18:57 +0300 Subject: [PATCH] trusts: harden trust-fetch-domains oddjobd-based script When

Re: [Freeipa-devel] [PATCH] 0030 Add permission for bypassing CA ACL enforcement

2015-08-13 Thread Martin Babinsky
On 08/13/2015 05:46 AM, Fraser Tweedale wrote: On Tue, Aug 04, 2015 at 03:21:29PM +1000, Fraser Tweedale wrote: The attached patch fixes https://fedorahosted.org/freeipa/ticket/5099. Thanks, Fraser Ping; this patch needs review. ACK -- Martin^3 Babinsky -- Manage your subscription for

Re: [Freeipa-devel] [PATCH] 374 Fixed vault container ownership.

2015-08-13 Thread Martin Basti
On 08/10/2015 09:45 PM, Endi Sukma Dewata wrote: The vault-add command has been fixed such that if the user/service private vault container does not exist yet it will be created and owned by the user/service instead of the vault creator. https://fedorahosted.org/freeipa/ticket/5194 I

Re: [Freeipa-devel] [PATCH] 0038 cert-request: remove allowed extensions check

2015-08-13 Thread Ade Lee
Fraser, Continuing the discussion started previously, the question is whether IPA should check for the presence of certain extensions. There seem to be two kinds of problems which could be encountered here: 1. User could include a CSR which includes an extension that is not valid for the

Re: [Freeipa-devel] [PATCH 471] ULC: Prevent preserved users from being assigned membership

2015-08-13 Thread Martin Basti
On 08/12/2015 02:20 PM, Jan Cholasta wrote: On 12.8.2015 12:22, Jan Cholasta wrote: Hi, the attached patch fixes https://fedorahosted.org/freeipa/ticket/5170. Honza Fixed broken user_show on preserved user. Updated patch attached. Pushed to: master:

Re: [Freeipa-devel] [PATCH] First part of integration tests for Topology Plugin

2015-08-13 Thread Tomas Babej
On 08/13/2015 05:06 PM, Martin Basti wrote: On 08/11/2015 03:36 PM, Oleg Fayans wrote: Hi Martin, On 08/11/2015 02:02 PM, Martin Basti wrote: NACK, comments inline. On 11/08/15 13:25, Oleg Fayans wrote: Hi Martin, Thanks for the review! On 08/10/2015 07:08 PM, Martin Basti wrote:

Re: [Freeipa-devel] [PATCH] 374 Fixed vault container ownership.

2015-08-13 Thread Endi Sukma Dewata
On 8/13/2015 9:18 AM, Martin Basti wrote: The vault-add command has been fixed such that if the user/service private vault container does not exist yet it will be created and owned by the user/service instead of the vault creator. https://fedorahosted.org/freeipa/ticket/5194 I cannot apply

Re: [Freeipa-devel] [PATCH] First part of integration tests for Topology Plugin

2015-08-13 Thread Martin Basti
On 08/11/2015 03:36 PM, Oleg Fayans wrote: Hi Martin, On 08/11/2015 02:02 PM, Martin Basti wrote: NACK, comments inline. On 11/08/15 13:25, Oleg Fayans wrote: Hi Martin, Thanks for the review! On 08/10/2015 07:08 PM, Martin Basti wrote: Thank you for patch, I have a few nitpicks: 1) On

Re: [Freeipa-devel] [PATCH 019] Asymmetric vault: validate public key in client

2015-08-13 Thread Petr Vobornik
On 08/13/2015 02:12 PM, Christian Heimes wrote: On 2015-08-13 14:05, Petr Vobornik wrote: On 08/13/2015 12:38 PM, Christian Heimes wrote: On 2015-08-13 12:10, Petr Vobornik wrote: On 07/23/2015 08:38 PM, Christian Heimes wrote: The ipa vault commands now load the public keys in order to

Re: [Freeipa-devel] [PATCH] 371 Added support for changing vault encryption.

2015-08-13 Thread Endi Sukma Dewata
On 8/13/2015 8:06 AM, Martin Basti wrote: The vault-mod command has been modified to support changing vault encryption attributes (i.e. type, password, public/private keys) in addition to normal attributes (i.e. description). Changing the encryption requires retrieving the stored secret with the

Re: [Freeipa-devel] [PATCH] Added try/except for error handling ipautil

2015-08-13 Thread Abhijeet Kasurde
On 08/13/2015 07:08 PM, Martin Basti wrote: On 08/10/2015 01:47 PM, Abhijeet Kasurde wrote: Hi All, This patch fixes bug - https://fedorahosted.org/freeipa/ticket/3406 Thanks, Abhijeet Kasurde Hello, thank you for the patch 1) -except ValueError: +except

Re: [Freeipa-devel] [PATCH] 369 Added CLI param and ACL for vault service operations.

2015-08-13 Thread Endi Sukma Dewata
On 8/13/2015 6:00 AM, Petr Vobornik wrote: On 08/11/2015 08:42 AM, Jan Cholasta wrote: On 10.8.2015 21:12, Endi Sukma Dewata wrote: On 8/4/2015 10:32 AM, Endi Sukma Dewata wrote: Martin, I do not think going on with business as usual is the right thing to do here. We know this is going to