[Freeipa-devel] [PATCH] Handle error messages during Host operations

2011-01-06 Thread Martin Kosek
8e1db8fa88fa16226055e69b9dade832e94eae9e Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Thu, 6 Jan 2011 13:27:24 +0100 Subject: [PATCH] Handle error messages during Host operations Only a generic error message were displayed when a non-existing host was passed to host-del or host-disable

[Freeipa-devel] [PATCH] Use of pointer after free in ipa-join

2011-01-07 Thread Martin Kosek
: Martin Kosek mko...@redhat.com Date: Fri, 7 Jan 2011 15:17:59 +0100 Subject: [PATCH] Use of pointer after free in ipa-join In some cases recently freed memory was used/freed again. This patch introduces more consistency between functions join_ldap/join_krb5 when dealing with affected variables

Re: [Freeipa-devel] [PATCH] Use of pointer after free in ipa-join

2011-01-10 Thread Martin Kosek
On Fri, 2011-01-07 at 11:26 -0500, Adam Young wrote: Is there any chance that the point-to-a-pointer parameters will have valid values other than null passed in? Almost seems that by initializing them to null, you might be masking a memory leak. If not, then ACK Hello Adam, it is safe

[Freeipa-devel] [PATCH] Uninitialized pointer read in ipa-rmkeytab

2011-01-10 Thread Martin Kosek
Fix --realm parameter processing in ipa-rmkeytab. Also make sure that memory allocated in this process is freed. https://fedorahosted.org/freeipa/ticket/711 From 4de5774a8e16f47f3ff40da096ea7b8fa0693e96 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Mon, 10 Jan 2011 09:55:57

Re: [Freeipa-devel] [PATCH] Uninitialized pointer read in ipa-rmkeytab

2011-01-10 Thread Martin Kosek
point with the free method. Sending second patch with these issues fixed. Martin From e9c15b8265c263cb1702e0d724188ce2486c50ed Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Mon, 10 Jan 2011 09:55:57 +0100 Subject: [PATCH] Uninitialized pointer read in ipa-rmkeytab Fix --realm

Re: [Freeipa-devel] [PATCH] Uninitialized pointer read in ipa-rmkeytab

2011-01-10 Thread Martin Kosek
e08eb6553b391632683922b5adbdbfd831a59439 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Mon, 10 Jan 2011 09:55:57 +0100 Subject: [PATCH] Uninitialized pointer read in ipa-rmkeytab Fix --realm parameter processing in ipa-rmkeytab. Also make sure that memory allocated

[Freeipa-devel] [PATCH] Unchecked return value in ipa-getkeytab

2011-01-11 Thread Martin Kosek
://fedorahosted.org/freeipa/ticket/721 From 0c4aca1cd65bc95ce90c67c4c20914807d170ee6 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Tue, 11 Jan 2011 10:44:48 +0100 Subject: [PATCH] Unchecked return value in ipa-getkeytab krb5_init_context return value was not checked. This could

Re: [Freeipa-devel] [PATCH] Unchecked return value in ipa-getkeytab

2011-01-11 Thread Martin Kosek
On Tue, 2011-01-11 at 10:49 +0100, Martin Kosek wrote: krb5_init_context return value was not checked. This could lead to unhandled error issues. This patch moves the Kerberos context initialization to the branch where it is needed and handles the error value in a way that allows program

[Freeipa-devel] [PATCH] Uninitialized pointer read in ipa-enrollment

2011-01-11 Thread Martin Kosek
This patch fixes a situation where an uninitialized pointer is passed to free(). https://fedorahosted.org/freeipa/ticket/713 From 7d51aa458999454742935b0746b10433a02f9f2d Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Tue, 11 Jan 2011 16:19:31 +0100 Subject: [PATCH

[Freeipa-devel] [PATCH] Unchecked return value of calloc

2011-01-11 Thread Martin Kosek
Omitting return value of calloc in ipa_pwd_extop.c could lead to memory access issues when memory is full. This patch adds return value check. https://fedorahosted.org/freeipa/ticket/717 From 6444892240f796d5fc2bd6707a64fc731bc0c6eb Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com

[Freeipa-devel] [PATCH] Potential NULL dereference in ipapwd_prepost

2011-01-12 Thread Martin Kosek
This patch increases robustness in PRE MOD password SLAPI module by ensuring that an uninitialized pointer is not dereferenced. https://fedorahosted.org/freeipa/ticket/719 From 3e8ce075247a6b4e71cbca73d6c7be1b363c5abc Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Wed, 12

[Freeipa-devel] [PATCH] Potential memory leaks in ipa-getkeytab

2011-01-12 Thread Martin Kosek
This patch fixes 2 situations where a pointer to allocated error string could be overwritten - which could have resulted in a memory leak. https://fedorahosted.org/freeipa/ticket/714 From f502f98b82ccd51c3fecc363435d661162b9 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date

Re: [Freeipa-devel] [PATCH] Unchecked return values in ipa-join

2011-01-12 Thread Martin Kosek
On Wed, 2011-01-12 at 11:32 -0500, Rob Crittenden wrote: Jakub Hrozek wrote: On Tue, Jan 11, 2011 at 12:46:29PM +0100, Martin Kosek wrote: krb5_get_default_realm() and asprintf() return values were ignored. This could lead to unhandled error issues or memory access issues. This patch

Re: [Freeipa-devel] [PATCH] Potential memory leaks in ipa-getkeytab

2011-01-13 Thread Martin Kosek
On Wed, 2011-01-12 at 14:40 +0100, Jakub Hrozek wrote: Hash: SHA1 On 01/12/2011 02:25 PM, Martin Kosek wrote: This patch fixes 2 situations where a pointer to allocated error string could be overwritten - which could have resulted in a memory leak. https://fedorahosted.org/freeipa

[Freeipa-devel] [PATCH] Potential memory leaks in ipa-pwd-extop

2011-01-13 Thread Martin Kosek
Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Thu, 13 Jan 2011 11:12:36 +0100 Subject: [PATCH] Potential memory leaks in ipa-pwd-extop This patch fixes several potential memory leaks in ipa-pwd-extop SLAPI plugin. Common function ipapwd_gen_hashes() now cleans after itself when

[Freeipa-devel] [PATCH] Unitialized pointer read in ipa-join

2011-01-13 Thread Martin Kosek
This patch fixes a possible situation when krb5_kt_close() function is called with uninitialized keytab parameter. https://fedorahosted.org/freeipa/ticket/712 From b82b82a54f124ee5c881ff97cedcaf322cd2b855 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Thu, 13 Jan 2011 11:46

[Freeipa-devel] LUMA - LDAP browser and more

2011-01-13 Thread Martin Kosek
Hi there, I guess you all have your own ways, but I have found a useful GUI tool for browsing LDAP tree, schemas etc.: LUMA: http://luma.sourceforge.net It is much more effective for me when browsing IPA internal LDAP data structure than using classic ldapsearch CLI utility. Martin

[Freeipa-devel] [PATCH] Unchecked return values in SLAPI plugins

2011-01-14 Thread Martin Kosek
Return values weren't checked in several cases which could have lead to unhandled errors. https://fedorahosted.org/freeipa/ticket/722 From d7e0a194f4d57153feaf6fa239fe2e675e39f30d Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Fri, 14 Jan 2011 10:24:04 +0100 Subject: [PATCH

[Freeipa-devel] [PATCH] Mozldap-specific code removed

2011-01-14 Thread Martin Kosek
11604377cb03225f723fdd99da257e217260a9a5 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Fri, 14 Jan 2011 13:41:05 +0100 Subject: [PATCH] Mozldap-specific code removed Mozldap code removed from all sources and configure source script. Now, IPA will compile even when package

[Freeipa-devel] [PATCH] Unused value in initdefault_encoding_utf8

2011-01-17 Thread Martin Kosek
There is no use for return value of Py_InitModule3. Removing it in this patch. https://fedorahosted.org/freeipa/ticket/710 From c151923f2ccec6dc044311a49060eac9400f3d04 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Mon, 17 Jan 2011 12:49:16 +0100 Subject: [PATCH] Unused

[Freeipa-devel] [PATCH] Password generation and logging in ipa-server-install

2011-01-18 Thread Martin Kosek
is printed to server install log. https://fedorahosted.org/freeipa/ticket/731 From a669e023bd5956da93395b752fa1f888b30c8d5a Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Tue, 18 Jan 2011 12:31:16 +0100 Subject: [PATCH] Password generation and logging in ipa-server-install When

Re: [Freeipa-devel] [PATCH] Unused value in initdefault_encoding_utf8

2011-01-25 Thread Martin Kosek
On Mon, 2011-01-17 at 13:13 +0100, Jakub Hrozek wrote: On 01/17/2011 01:00 PM, Martin Kosek wrote: There is no use for return value of Py_InitModule3. Removing it in this patch. https://fedorahosted.org/freeipa/ticket/710 Ack Just a reminder that this patch is ready for push

[Freeipa-devel] [PATCH] 017 ACI plugin supports prefixes

2011-01-26 Thread Martin Kosek
2001 From: Martin Kosek mko...@redhat.com Date: Fri, 21 Jan 2011 09:20:01 +0100 Subject: [PATCH] ACI plugin supports prefixes When more than one plugin produce ACIs, they share common namespace of ACI name. This may lead to name collisions between the ACIs from different plugins. This patch

Re: [Freeipa-devel] [PATCH] 017 ACI plugin supports prefixes

2011-01-26 Thread Martin Kosek
On Wed, 2011-01-26 at 10:20 -0500, Dmitri Pal wrote: I took a quick look. Rob, I thought that there are different APIs for self and delegation. Is this is the case? ipa permission-... functions should never deal with self service or delegation acis They are just for the permission ACIs

Re: [Freeipa-devel] [PATCH] 017 ACI plugin supports prefixes

2011-01-26 Thread Martin Kosek
On Wed, 2011-01-26 at 10:36 -0500, Dmitri Pal wrote: Martin Kosek wrote: On Wed, 2011-01-26 at 10:20 -0500, Dmitri Pal wrote: I took a quick look. Rob, I thought that there are different APIs for self and delegation. Is this is the case? ipa permission-... functions should never

Re: [Freeipa-devel] [PATCH] 017 ACI plugin supports prefixes

2011-01-26 Thread Martin Kosek
On Wed, 2011-01-26 at 10:56 -0500, Rob Crittenden wrote: Dmitri Pal wrote: Martin Kosek wrote: On Wed, 2011-01-26 at 10:20 -0500, Dmitri Pal wrote: I took a quick look. Rob, I thought that there are different APIs for self and delegation. Is this is the case? ipa permission

[Freeipa-devel] [PATCH] 018 ipa permission-mod --rename does not work

2011-01-27 Thread Martin Kosek
unnoticed. https://fedorahosted.org/freeipa/ticket/814 From 20cc98eb705c033100f8418152b4d8025efa2af5 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Thu, 27 Jan 2011 12:17:10 +0100 Subject: [PATCH] ipa permission-mod --rename does not work This patch fixes nonfunctional rename

Re: [Freeipa-devel] [PATCH] Fixed permission lookup

2011-01-27 Thread Martin Kosek
On Thu, 2011-01-27 at 11:15 +0100, Jan Zelený wrote: Lookup based on --filter wasn't implemented at all. It did't show until now, because of bug sitting on top of it which was resulting in internal error. This patch fixes the bug and adds the filtering functionality.

Re: [Freeipa-devel] [PATCH] Fixed permission lookup

2011-01-28 Thread Martin Kosek
On Thu, 2011-01-27 at 15:41 +0100, Jan Zelený wrote: Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Martin Kosekmko...@redhat.com wrote: On Thu, 2011-01-27 at 11:15 +0100, Jan Zelený wrote: Lookup based on --filter wasn't implemented at all. It did't show until now,

Re: [Freeipa-devel] [PATCH] Fixed permission lookup

2011-01-28 Thread Martin Kosek
On Fri, 2011-01-28 at 09:21 +0100, Martin Kosek wrote: On Thu, 2011-01-27 at 15:41 +0100, Jan Zelený wrote: Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Martin Kosekmko...@redhat.com wrote: On Thu, 2011-01-27 at 11:15 +0100, Jan Zelený wrote: Lookup based

[Freeipa-devel] [PATCH] 019 modifyprivilegemembership permission has nestedgroup OC

2011-01-28 Thread Martin Kosek
modifyprivilegemembership permission object class in LDAP should be groupofnames, not nestedgroup. https://fedorahosted.org/freeipa/ticket/858 From 3d488962ea23d60cfdbf60b4f520d85575d3cdd2 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Fri, 28 Jan 2011 11:14:24 +0100 Subject

Re: [Freeipa-devel] [PATCH] Fixed permission lookup

2011-01-28 Thread Martin Kosek
On Fri, 2011-01-28 at 13:01 +0100, Jan Zelený wrote: Martin Kosek mko...@redhat.com wrote: On Fri, 2011-01-28 at 09:21 +0100, Martin Kosek wrote: On Thu, 2011-01-27 at 15:41 +0100, Jan Zelený wrote: Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Martin Kosekmko

Re: [Freeipa-devel] [PATCH] 695 rename permissions and privileges

2011-01-31 Thread Martin Kosek
On Mon, 2011-01-31 at 11:03 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2011-01-28 at 18:48 -0500, Rob Crittenden wrote: Rob Crittenden wrote: Rename permissions and privileges to more human-readable names. I'm also dropping description from permissions since it seems

Re: [Freeipa-devel] [PATCH] 696 fix modifying delegation

2011-02-01 Thread Martin Kosek
On Mon, 2011-01-31 at 13:12 -0500, Rob Crittenden wrote: Modifying membergroup in a delegation was failing because of an inconsnstent use of the cli name and the attribute name and also because the aci plugin was not always treating memberof as a special kind of filter. ticket 869 rob

[Freeipa-devel] [PATCH] 021 Permission rename test failing

2011-02-01 Thread Martin Kosek
From: Martin Kosek mko...@redhat.com Date: Tue, 1 Feb 2011 12:31:54 +0100 Subject: [PATCH] Permission rename test failing This patch fixes test for Permission plugin - mainly permission-mod part. Description field that the tests expected and which was removed in ticket 792 was removed from the tests

Re: [Freeipa-devel] [PATCH] 697 Add new schema to store information about permissions.

2011-02-01 Thread Martin Kosek
On Mon, 2011-01-31 at 22:18 -0500, Rob Crittenden wrote: Rob Crittenden wrote: There are some permissions we can't display because they are stored outside of the basedn (such as the replication permissions). We are adding a new attribute to store extra information to make this clear, in

Re: [Freeipa-devel] [PATCH] 697 Add new schema to store information about permissions.

2011-02-01 Thread Martin Kosek
On Tue, 2011-02-01 at 09:07 -0500, Rob Crittenden wrote: Martin Kosek wrote: 2) In delegation.ldif: ipapermission object class is missing for removeentitlements and modifyentitlements (it has been added for addentitlements though) This was on purpose, I should have been clearer. Patch

Re: [Freeipa-devel] [PATCH] 697 Add new schema to store information about permissions.

2011-02-01 Thread Martin Kosek
On Tue, 2011-02-01 at 14:57 -0500, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On Tue, 2011-02-01 at 09:07 -0500, Rob Crittenden wrote: Martin Kosek wrote: 2) In delegation.ldif: ipapermission object class is missing for removeentitlements and modifyentitlements

[Freeipa-devel] [PATCH] 022 Inconsistent error message for ipa group-detach

2011-02-02 Thread Martin Kosek
00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Wed, 2 Feb 2011 15:29:38 +0100 Subject: [PATCH] Inconsistent error message for ipa group-detach When attempting to detach a private group that doesn't exist, the error message returned is not consistent with the error returned by the other

[Freeipa-devel] [PATCH] 023 ipa-server-install inconsistent capitalization

2011-02-02 Thread Martin Kosek
5d26538f0fde0cc801a805d54c0c34ee7ba7f754 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Wed, 2 Feb 2011 16:24:30 +0100 Subject: [PATCH] ipa-server-install inconsistent capitalization A cosmetic patch to IPA server installation output aimed to make capitalization in installer output

[Freeipa-devel] [PATCH] 024 Typos in freeIPA messages

2011-02-02 Thread Martin Kosek
This patch fixes several reported typos in IPA messages and in comments. https://fedorahosted.org/freeipa/ticket/848 From 9fe64c02a30b165b41268f8f8631bbd0bcf48602 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Wed, 2 Feb 2011 17:15:35 +0100 Subject: [PATCH] Typos in freeIPA

Re: [Freeipa-devel] [PATCH] 024 Typos in freeIPA messages

2011-02-02 Thread Martin Kosek
On Wed, 2011-02-02 at 11:20 -0500, Rob Crittenden wrote: Martin Kosek wrote: This patch fixes several reported typos in IPA messages and in comments. https://fedorahosted.org/freeipa/ticket/848 Can you add the user that submitted the original patch for this to Contributors.txt

[Freeipa-devel] [PATCH] 025 Detection of v1 server during ipa-client-install

2011-02-03 Thread Martin Kosek
client may get to the ipa-join step. --no-check-certificate had to be added as V1 server automatically redirects the request to self-signed secure connection. https://fedorahosted.org/freeipa/ticket/553 From d3282093128b34158ceae6264cf4c53fd49130d0 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko

[Freeipa-devel] [PATCH] 027 Support of user default email domain

2011-02-04 Thread Martin Kosek
already. https://fedorahosted.org/freeipa/ticket/598 From 77b0c8902c654735540b8e6921d4bd117e06c4b9 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Fri, 4 Feb 2011 15:12:34 +0100 Subject: [PATCH] Support of user default email domain This patch fixes the default domain

Re: [Freeipa-devel] [PATCH] 025 Detection of v1 server during ipa-client-install

2011-02-09 Thread Martin Kosek
On Fri, 2011-02-04 at 09:05 +0100, Jan Zelený wrote: Martin Kosek mko...@redhat.com wrote: When v2 IPA client is trying to join an IPA v1 server a strange exception is printed out to the user. This patch detects this by catching an XML-RPC error reported by ipa-join binary called

Re: [Freeipa-devel] [PATCH] 026 HBAC plugin inconsistent output

2011-02-09 Thread Martin Kosek
On Mon, 2011-02-07 at 10:38 +0100, Jan Zelený wrote: Martin Kosek mko...@redhat.com wrote: This patch adds a proper summary text to HBAC command which is then printed out in CLI. Now, HBAC plugin output is consistent with other plugins. https://fedorahosted.org/freeipa/ticket/596 I

[Freeipa-devel] [PATCH] 028 Extend API validator

2011-02-10 Thread Martin Kosek
this issue and ensures that also the last command in API.txt is checked (it was not before this patch). https://fedorahosted.org/freeipa/ticket/868 From 0bc2f66f81bc1ea38ad25f711d832433fca1c12b Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Thu, 10 Feb 2011 12:56:49 +0100

[Freeipa-devel] [PATCH] 029 ipa-dns-install does not exit on error

2011-02-10 Thread Martin Kosek
This patch fixes behavior of ipa-dns-install, which does not exit when an invalid configuration of /etc/hosts is detected. https://fedorahosted.org/freeipa/ticket/736 From 0c75da337003e0660679534928a70b6b7317c3e8 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Thu, 10 Feb

[Freeipa-devel] [PATCH] 030 Fix return codes for ipactl

2011-02-10 Thread Martin Kosek
This patch fixes ipactl to return non-zero value when something goes wrong. https://fedorahosted.org/freeipa/ticket/894 From 9142d27922d5d355b6e6921b9a03b01e6c98d2a5 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Thu, 10 Feb 2011 15:42:36 +0100 Subject: [PATCH] Fix return

Re: [Freeipa-devel] [PATCH] 029 ipa-dns-install does not exit on error

2011-02-10 Thread Martin Kosek
On Thu, 2011-02-10 at 13:58 -0500, Rob Crittenden wrote: Martin Kosek wrote: This patch fixes behavior of ipa-dns-install, which does not exit when an invalid configuration of /etc/hosts is detected. https://fedorahosted.org/freeipa/ticket/736 I'm not positive but was the address info

Re: [Freeipa-devel] [PATCH] 719 permission for cn=ipaconfig

2011-02-14 Thread Martin Kosek
On Mon, 2011-02-14 at 14:37 +0100, Jan Zelený wrote: Rob Crittenden rcrit...@redhat.com wrote: Add permission and privilege for updating the IPA configuration in cn=ipaconfig. ticket 950 rob I'm not quite sure how does the patch work. In particular, I wonder about these two

Re: [Freeipa-devel] [PATCH] 025 Detection of v1 server during ipa-client-install

2011-02-14 Thread Martin Kosek
On Mon, 2011-02-14 at 12:00 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2011-02-04 at 09:05 +0100, Jan Zelený wrote: Martin Kosekmko...@redhat.com wrote: When v2 IPA client is trying to join an IPA v1 server a strange exception is printed out to the user. This patch

[Freeipa-devel] [PATCH] 031 Remove WebUI identifiers from global namespace

2011-02-15 Thread Martin Kosek
From e22a16fe897bcd61d231091a05c87dd77e8c349d Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Mon, 14 Feb 2011 16:43:19 +0100 Subject: [PATCH] Remove WebUI identifiers from global namespace Many WebUI identifiers were defined in a global namespace. This is not a good programming

Re: [Freeipa-devel] [PATCH] Fix setattr mail bug in user plugin.

2011-02-15 Thread Martin Kosek
ACK. Martin On Tue, 2011-02-15 at 16:18 +0100, Pavel Zuna wrote: The email normalizer expects a list or tuple, but when using setattr it gets a string and interates on it as if it was a list/tuple. Before patch: [root@ipadev freeipa]# ./ipa user-mod testuser --setattr

Re: [Freeipa-devel] [PATCH] 725 fix service validator

2011-02-15 Thread Martin Kosek
On Tue, 2011-02-15 at 12:39 -0500, Rob Crittenden wrote: The kerberos service validator wasn't enforcing that the server name be not blank. ticket 961. rob ACK. All service tests pass. Martin ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH] Reword help for the user module

2011-02-16 Thread Martin Kosek
On Wed, 2011-02-16 at 09:13 +0100, Jan Zelený wrote: The first part of the ticket has already been solved, hence it is not a part of this patch. https://fedorahosted.org/freeipa/ticket/351 Jan NACK Just a minor issue - s/this modules/this module/ Martin

Re: [Freeipa-devel] [PATCH] Reword help for the user module

2011-02-16 Thread Martin Kosek
On Wed, 2011-02-16 at 09:43 +0100, Jan Zelený wrote: Martin Kosek mko...@redhat.com wrote: On Wed, 2011-02-16 at 09:13 +0100, Jan Zelený wrote: The first part of the ticket has already been solved, hence it is not a part of this patch. https://fedorahosted.org/freeipa/ticket/351

[Freeipa-devel] [PATCH] 032 Service/Host disable command output clarification

2011-02-16 Thread Martin Kosek
:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Wed, 16 Feb 2011 10:35:49 +0100 Subject: [PATCH] Service/Host disable command output clarification When a service/host is disabled, the resulting summary message states that a Kerberos key was disabled. However, Kerberos key may not have been

Re: [Freeipa-devel] [PATCH] 026 HBAC plugin inconsistent output

2011-02-16 Thread Martin Kosek
On Mon, 2011-02-14 at 10:37 -0500, Rob Crittenden wrote: Jan Zelený wrote: Martin Kosekmko...@redhat.com wrote: On Mon, 2011-02-07 at 10:38 +0100, Jan Zelený wrote: Martin Kosekmko...@redhat.com wrote: This patch adds a proper summary text to HBAC command which is then printed out in

Re: [Freeipa-devel] [PATCH] 031 Remove WebUI identifiers from global namespace

2011-02-17 Thread Martin Kosek
as possible. I know that since you have worked on WebUI for a long time, you have a pretty clear picture what it should look like. I hope this patch version is consistent with the plan. Martin From 90fbbcbf5d5eeaad317666f2c347b90c21786b54 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date

Re: [Freeipa-devel] [PATCH] 49 Fixed user-add help

2011-02-17 Thread Martin Kosek
On Thu, 2011-02-17 at 08:55 -0500, Jan Zeleny wrote: Sending updated patch Jan - Original Message - From: Jan Zelený jzel...@redhat.com To: freeipa-devel@redhat.com Sent: Thursday, February 17, 2011 1:29:28 PM Subject: [Freeipa-devel] [PATCH] 49 Fixed user-add help

Re: [Freeipa-devel] [PATCH] 736 hard limit for # of batch requests

2011-02-22 Thread Martin Kosek
On Mon, 2011-02-21 at 11:48 -0500, Rob Crittenden wrote: Set a hard limit of 256 for the # of commands in a batch request we'll handle. ticket 984 rob ACK. Works for me. Tested by custom JSON command via curl. Martin ___ Freeipa-devel

Re: [Freeipa-devel] [PATCH] 728 default roles

2011-02-22 Thread Martin Kosek
On Tue, 2011-02-22 at 13:14 +0100, Jan Zelený wrote: Rob Crittenden rcrit...@redhat.com wrote: Jakub Hrozek wrote: On Mon, Feb 21, 2011 at 10:11:38AM -0500, Rob Crittenden wrote: Rob Crittenden wrote: Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On

Re: [Freeipa-devel] [PATCH] 728 default roles

2011-02-22 Thread Martin Kosek
On Tue, 2011-02-22 at 09:22 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Tue, 2011-02-22 at 13:14 +0100, Jan Zelený wrote: Rob Crittendenrcrit...@redhat.com wrote: Jakub Hrozek wrote: On Mon, Feb 21, 2011 at 10:11:38AM -0500, Rob Crittenden wrote: Rob Crittenden wrote: Jakub

[Freeipa-devel] [PATCH] 034 Entitlements ACIs not visible to Permission plugin

2011-02-22 Thread Martin Kosek
This patch fixes Entitlements privileges and ACIs. There were missing descriptions or the ACIs could not be processed by Permissino plugin because of missing prefix. https://fedorahosted.org/freeipa/ticket/997 From 2b088549da0b3c8beb4451d09e337b1dfa8ee9ce Mon Sep 17 00:00:00 2001 From: Martin

Re: [Freeipa-devel] [PATCH] 034 Entitlements ACIs not visible to Permission plugin

2011-02-22 Thread Martin Kosek
On Tue, 2011-02-22 at 15:46 +0100, Martin Kosek wrote: This patch fixes Entitlements privileges and ACIs. There were missing descriptions or the ACIs could not be processed by Permissino plugin because of missing prefix. https://fedorahosted.org/freeipa/ticket/997 I just want to add

[Freeipa-devel] [PATCH] 035 IPA replica/server install does not check for a client

2011-02-24 Thread Martin Kosek
/ticket/1002 From 4a613d47417123402e2d7c1d05dafb992b0fc03a Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Thu, 24 Feb 2011 13:02:27 +0100 Subject: [PATCH] IPA replica/server install does not check for a client When IPA replica or server is configured it does not check

Re: [Freeipa-devel] [PATCH] 78 Use ldapi: instead of unsecured ldap: in ipa core tools.

2011-03-03 Thread Martin Kosek
On Mon, 2011-02-28 at 18:15 +, JR Aquino wrote: On 2/25/11 9:27 AM, Pavel Zůna pz...@redhat.com wrote: On 2011-02-25 18:12, JR Aquino wrote: On 2/25/11 5:58 AM, Pavel Zunapz...@redhat.com wrote: On 02/23/2011 11:53 PM, Simo Sorce wrote: On Wed, 23 Feb 2011 23:41:33 +0100

Re: [Freeipa-devel] [PATCH] 745 restart dogtag DS instance after install

2011-03-03 Thread Martin Kosek
On Thu, 2011-03-03 at 09:30 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Wed, 2011-03-02 at 16:51 -0500, Rob Crittenden wrote: The dogtag team tells me we should restart their LDAP backend right after installation. In some configurations not doing this can cause problems (using

Re: [Freeipa-devel] [PATCH] 78 Use ldapi: instead of unsecured ldap: in ipa core tools.

2011-03-03 Thread Martin Kosek
On Thu, 2011-03-03 at 15:29 +0100, Martin Kosek wrote: On Mon, 2011-02-28 at 18:15 +, JR Aquino wrote: On 2/25/11 9:27 AM, Pavel Zůna pz...@redhat.com wrote: On 2011-02-25 18:12, JR Aquino wrote: On 2/25/11 5:58 AM, Pavel Zunapz...@redhat.com wrote: On 02/23/2011 11

[Freeipa-devel] [PATCH] 037 Improve error handling and return status codes in ipactl

2011-03-07 Thread Martin Kosek
or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055 From 212c8ea217a75a1b18c4e335709f8a29242d88e3 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Mon, 7 Mar 2011 17:35:17

[Freeipa-devel] [PATCH] 038 ipa-dns-install script fails

2011-03-08 Thread Martin Kosek
This patch fixes a typo in class Service, function __get_conn which causes ipa-dns-install script to fail every time. https://fedorahosted.org/freeipa/ticket/1065 From 80172708559e4a545f0acf39967ef6fdd3e07dbf Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Tue, 8 Mar 2011 14

Re: [Freeipa-devel] [PATCH] 748 always stop tracking cert on client uninstall

2011-03-08 Thread Martin Kosek
On Fri, 2011-03-04 at 13:14 -0500, Rob Crittenden wrote: certmonger stop_tracking() is robust enough to do the right thing if no certificate exists so go ahead and always call it. If the certificate failed to be issued for some reason the request will still in certmonger after uninstalling.

Re: [Freeipa-devel] [PATCH] 749 use hostname consistently in ipa-client-install

2011-03-08 Thread Martin Kosek
On Mon, 2011-03-07 at 11:52 -0500, Rob Crittenden wrote: Nalin Dahyabhai wrote: On Fri, Mar 04, 2011 at 05:59:26PM -0500, Rob Crittenden wrote: If a hostname was provided it wasn't used to configure either certmonger or sssd. This resulted in a non-working configuration. [snip] @@

Re: [Freeipa-devel] [PATCH] 751 dogtag replication

2011-03-10 Thread Martin Kosek
On Thu, 2011-03-10 at 00:10 -0500, Rob Crittenden wrote: The replication between dogtag servers wasn't using TLS or SSL. This uses a new option to pkisilent to create replication agreements that use TLS. The SSL cert we will use is the same as the main 389-ds instance via symbolic link.

Re: [Freeipa-devel] Wrong timeout parameter in ipapython

2011-03-14 Thread Martin Kosek
On Fri, 2011-03-11 at 11:37 +0100, Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/11/2011 11:20 AM, Sylvain Baubeau wrote: Yes, I'm using IPv4. It's even worse as the constant 'io.PR_AF_INET' (whose value is 2) is used in this case :) Right.. Thank you

[Freeipa-devel] [PATCH] 039 Wait for Directory Server ports to open

2011-03-14 Thread Martin Kosek
this issue by waiting for both secure and insecure Directory Server ports to open after every restart. https://fedorahosted.org/freeipa/ticket/1076 From 06c10624c26c365aaef547d726b7944915116d2b Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Mon, 14 Mar 2011 17:56:17 +0100 Subject

Re: [Freeipa-devel] [PATCH] admiyo-0213-Domain-to-Realm

2011-03-15 Thread Martin Kosek
On Mon, 2011-03-14 at 15:28 -0400, Adam Young wrote: Even though my name is on the patch, Simo wrote it and is the author in the patch. Patch looks good. Installation and replication with a realm different to domain name works like a charm now. Martin

Re: [Freeipa-devel] [PATCH] 752 fix SELinux AVCs

2011-03-15 Thread Martin Kosek
On Tue, 2011-03-15 at 14:10 -0400, Rob Crittenden wrote: Pavel Zuna wrote: On 03/14/2011 09:33 PM, Rob Crittenden wrote: Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance. This fixes 2 AVCS: * One because we are enabling port 7390 because an SSL port must be

Re: [Freeipa-devel] [PATCH] 039 Wait for Directory Server ports to open

2011-03-15 Thread Martin Kosek
On Tue, 2011-03-15 at 18:25 +, JR Aquino wrote: On Mar 15, 2011, at 11:05 AM, Pavel Zuna wrote: On 03/14/2011 06:03 PM, Martin Kosek wrote: I know this is a 2.1 ticket, but the patch is probably also a solution of #1047 - a 2.0.5 bucket critical bug. When Directory

Re: [Freeipa-devel] [PATCH] 754 ensure hostnames are lower-case

2011-03-17 Thread Martin Kosek
On Wed, 2011-03-16 at 18:05 -0400, Rob Crittenden wrote: If a hostname has mixed-case in /etc/hosts or a mixed-case name is passed into either the client or host installer we need to prevent installation. The hostname should be lower-case otherwise all sorts of odd problems will happen.

Re: [Freeipa-devel] [PATCH] 754 ensure hostnames are lower-case

2011-03-17 Thread Martin Kosek
On Thu, 2011-03-17 at 10:24 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Wed, 2011-03-16 at 18:05 -0400, Rob Crittenden wrote: If a hostname has mixed-case in /etc/hosts or a mixed-case name is passed into either the client or host installer we need to prevent installation

Re: [Freeipa-devel] Determine KDC for a website

2011-03-18 Thread Martin Kosek
On Thu, 2011-03-17 at 20:03 -0400, Adam Young wrote: I'm trying to figure out what should happen in the following case; A user goes to a website that they've never visited before. The site is using Kerberos, and thus the browser gets back a Negotiate response. At this point, the

Re: [Freeipa-devel] [PATCH] 755 upgrade IPA on installation

2011-03-18 Thread Martin Kosek
On Thu, 2011-03-17 at 17:10 -0400, Rob Crittenden wrote: Re-enable ldapi code in ipa-ldap-updater and remove the searchbase restriction when run in --upgrade mode. This allows us to autobind giving root Directory Manager powers. This also: * corrects the ipa-ldap-updater man page *

Re: [Freeipa-devel] [PATCH] 755 upgrade IPA on installation

2011-03-21 Thread Martin Kosek
On Fri, 2011-03-18 at 11:21 -0400, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On Thu, 2011-03-17 at 17:10 -0400, Rob Crittenden wrote: Re-enable ldapi code in ipa-ldap-updater and remove the searchbase restriction when run in --upgrade mode. This allows us to autobind

[Freeipa-devel] [PATCH] 040 Prevent stacktrace when DNS AAAA record is added

2011-03-22 Thread Martin Kosek
Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Tue, 22 Mar 2011 11:00:06 +0100 Subject: [PATCH] Prevent stacktrace when DNS record is added This patch fixes a stacktrace that is printed out when a IPv6 record with subnet prefix length (e.g. /64) is added. The same error

[Freeipa-devel] [PATCH] 043 Inconsistent error message for duplicate user

2011-03-28 Thread Martin Kosek
Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Mon, 28 Mar 2011 16:27:42 +0200 Subject: [PATCH] Inconsistent error message for duplicate user When duplicate user is added an inconsistent error message to the rest of the framework is printed. This patch changes this to standard

Re: [Freeipa-devel] [PATCH] admiyo-0215-Fixed-labels-for-sudo-and-hbac-rules

2011-03-29 Thread Martin Kosek
On Mon, 2011-03-28 at 16:49 -0400, Adam Young wrote: Putting these two patches togetehr because the first changes labels from the server, and the second is only for test data. The second is a separate patch becasue there are other changes from older server side updates. Patch 215: ACK

Re: [Freeipa-devel] [PATCH] 041 Replica installation fails for self-signed server

2011-03-30 Thread Martin Kosek
On Tue, 2011-03-29 at 16:42 -0400, Rob Crittenden wrote: Martin Kosek wrote: When IPA server was configured as self-signed (--selfsign option) the replica always failed to install. https://fedorahosted.org/freeipa/ticket/1122 Why not just make install_ca return (None, None) instead

Re: [Freeipa-devel] [PATCH] 758 make CA retrieval during discovery non-fatal

2011-03-30 Thread Martin Kosek
On Tue, 2011-03-29 at 13:36 -0400, Rob Crittenden wrote: This makes the CA retrieval during IPA discovery non-fatal. If we can't get the CA cert then this likely isn't an IPA server so we should just return. ticket 1135 rob ACK from me. I also tried to at least partially simulate the

[Freeipa-devel] [PATCH] 045 Add DNS record modification command

2011-03-30 Thread Martin Kosek
have been added to the CLI test suite. https://fedorahosted.org/freeipa/ticket/1137 From 9c9e193c1d76a4c51c496ec3f76d18a4a9dd2b4b Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Wed, 30 Mar 2011 17:07:17 +0200 Subject: [PATCH] Add DNS record modification command The DNS record

Re: [Freeipa-devel] [PATCH] 045 Add DNS record modification command

2011-03-31 Thread Martin Kosek
On Wed, 2011-03-30 at 16:52 -0400, Adam Young wrote: On 03/30/2011 11:13 AM, Martin Kosek wrote: Since this is a new-feature type patch it should be pushed only to master. --- The DNS record plugin does not support modification of a record. One can only add A type addresses to a DNS

Re: [Freeipa-devel] [PATCH] admiyo-0217-define-entities-using-builder-and-more-declarative

2011-03-31 Thread Martin Kosek
On Wed, 2011-03-30 at 12:40 -0400, Adam Young wrote: On 03/28/2011 05:17 PM, Adam Young wrote: On 03/28/2011 04:56 PM, Adam Young wrote: To give a little more context: we are llong to split out the logic used to define the views of the entities from the reusable portion of the

Re: [Freeipa-devel] [PATCH] 759 cache get_ipa_config() output in request context

2011-03-31 Thread Martin Kosek
On Wed, 2011-03-30 at 10:23 -0400, Rob Crittenden wrote: Some requests generate multiple calls to get_ipa_config(). This patch caches the return value for this in the request context. ticket 1023 rob ACK. Tested with user mail config attribute ipadefaultemaildomain. Martin

Re: [Freeipa-devel] [PATCH] 760 don't crash when calculating indirect

2011-03-31 Thread Martin Kosek
On Wed, 2011-03-30 at 10:46 -0400, Rob Crittenden wrote: Rob Crittenden wrote: This prevents an internal error when calculating direct vs indirect membership. ticket 1133 I accidentally included a change from another patch. Updated patch attached. rob I think it is OK. But I

Re: [Freeipa-devel] [PATCH] 761 Sort entries on *-find commands

2011-03-31 Thread Martin Kosek
On Wed, 2011-03-30 at 17:14 -0400, Rob Crittenden wrote: Sort output on find commands based on the baseldap LDAPSearch class. A couple tests had to be modified to match the new order. ticket 794 rob The patch works fine except the case when entries are being added in post_callback.

[Freeipa-devel] [PATCH] 046 Improve DNS PTR record validation

2011-04-01 Thread Martin Kosek
strings in the DNS plugin were prepared for localization. https://fedorahosted.org/freeipa/ticket/1129 From fb899d2039f090529f44eb1513a518819c0cba67 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Fri, 1 Apr 2011 12:01:39 +0200 Subject: [PATCH] Improve DNS PTR record validation

[Freeipa-devel] [PATCH] 047 Need force option in DNS zone adder dialog

2011-04-01 Thread Martin Kosek
1ff64df338e0ca25ce28cf354eb99e4659f5c951 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Fri, 1 Apr 2011 17:09:07 +0200 Subject: [PATCH] Need force option in DNS zone adder dialog When adding a new DNS zone in the WebUI, IPA server will verify whether the nameserver is in DNS

Re: [Freeipa-devel] [PATCH] 042 Password policy commands do not include cospriority

2011-04-04 Thread Martin Kosek
On Fri, 2011-04-01 at 13:51 -0400, Rob Crittenden wrote: Martin Kosek wrote: Target branches: master, ipa-2-0 --- Most of the pwpolicy_* commands do include cospriority in the result and potentially in the attribute rights (--all --rights). Especially when --raw output is requested

Re: [Freeipa-devel] [PATCH] 764 update ipa-client-install man page

2011-04-05 Thread Martin Kosek
I don't think it is a good idea to have this option in ipa-client-install --help at all. Since it is not intended to be used by the user and we just use it in our scripts why would we want to have it in ipa-client-install --help or man pages? We could just hide it using

  1   2   3   4   5   6   7   8   9   10   >