[Freeipa-devel] [freeipa PR#915][opened] [master only] Move tmpfiles.d configuration handling back to spec file

[martbab via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/915
Author: martbab
 Title: #915: [master only] Move tmpfiles.d configuration handling back to spec 
file
Action: opened

PR body:
"""
Since ipaapi user is now created during RPM install and not in runtime,
we may switch back to shipping tmpfiles.d configuration directly in RPMs
and not create it in runtime, which is a preferred way to handle drop-in
configuration anyway.

This also means that the drop-in config will be shipped in /usr/lib
instead of /etc according to Fedora packaging guidelines.

This partially reverts commit 38c66896de1769077cd5b057133606ec5eeaf62b.

https://pagure.io/freeipa/issue/7053
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/915/head:pr915
git checkout pr915
From cd76bf8b30e13b56548c0a1b2153f4f775d0ea5d Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Tue, 11 Jul 2017 14:10:28 +0200
Subject: [PATCH] Move tmpfiles.d configuration handling back to spec file

Since ipaapi user is now created during RPM install and not in runtime,
we may switch back to shipping tmpfiles.d configuration directly in RPMs
and not create it in runtime, which is a preferred way to handle drop-in
configuration anyway.

This also means that the drop-in config will be shipped in /usr/lib
instead of /etc according to Fedora packaging guidelines.

This partially reverts commit 38c66896de1769077cd5b057133606ec5eeaf62b.

https://pagure.io/freeipa/issue/7053
---
 configure.ac   |  1 +
 freeipa.spec.in|  3 ++-
 init/Makefile.am   |  2 +-
 init/tmpfilesd/Makefile.am | 20 
 init/tmpfilesd/ipa.conf.in |  3 +++
 install/share/Makefile.am  |  1 -
 install/share/ipa.conf.tmpfiles|  2 --
 ipaplatform/base/paths.py  |  1 -
 ipaplatform/base/tasks.py  |  8 
 ipaplatform/redhat/tasks.py| 21 -
 ipaserver/install/server/install.py| 10 --
 ipaserver/install/server/replicainstall.py |  3 ---
 ipaserver/install/server/upgrade.py|  4 
 13 files changed, 27 insertions(+), 52 deletions(-)
 create mode 100644 init/tmpfilesd/Makefile.am
 create mode 100644 init/tmpfilesd/ipa.conf.in
 delete mode 100644 install/share/ipa.conf.tmpfiles

diff --git a/configure.ac b/configure.ac
index c43759c5bb..f098eb1dac 100644
--- a/configure.ac
+++ b/configure.ac
@@ -558,6 +558,7 @@ AC_CONFIG_FILES([
 daemons/ipa-slapi-plugins/ipa-range-check/Makefile
 daemons/ipa-slapi-plugins/topology/Makefile
 init/systemd/Makefile
+init/tmpfilesd/Makefile
 init/Makefile
 install/Makefile
 install/certmonger/Makefile
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 72ce4ccc2c..1073987e98 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -1321,6 +1321,8 @@ fi
 %config(noreplace) %{_sysconfdir}/sysconfig/ipa-dnskeysyncd
 %config(noreplace) %{_sysconfdir}/sysconfig/ipa-ods-exporter
 %config(noreplace) %{_sysconfdir}/ipa/kdcproxy/kdcproxy.conf
+# NOTE: systemd specific section
+%{_tmpfilesdir}/ipa.conf
 %attr(644,root,root) %{_unitdir}/ipa-custodia.service
 %ghost %attr(644,root,root) %{etc_systemd_dir}/httpd.d/ipa.conf
 # END
@@ -1330,7 +1332,6 @@ fi
 %{_usr}/share/ipa/*.ldif
 %{_usr}/share/ipa/*.uldif
 %{_usr}/share/ipa/*.template
-%{_usr}/share/ipa/ipa.conf.tmpfiles
 %dir %{_usr}/share/ipa/advise
 %dir %{_usr}/share/ipa/advise/legacy
 %{_usr}/share/ipa/advise/legacy/*.template
diff --git a/init/Makefile.am b/init/Makefile.am
index bee4243912..8f4d1d0a8f 100644
--- a/init/Makefile.am
+++ b/init/Makefile.am
@@ -2,7 +2,7 @@
 #
 AUTOMAKE_OPTIONS = 1.7
 
-SUBDIRS = systemd
+SUBDIRS = systemd tmpfilesd
 
 dist_sysconfenv_DATA = 		\
 	ipa-dnskeysyncd		\
diff --git a/init/tmpfilesd/Makefile.am b/init/tmpfilesd/Makefile.am
new file mode 100644
index 00..7db2e9e0cd
--- /dev/null
+++ b/init/tmpfilesd/Makefile.am
@@ -0,0 +1,20 @@
+dist_noinst_DATA = \
+	ipa.conf.in
+
+systemdtmpfiles_DATA = \
+	ipa.conf
+
+CLEANFILES = $(systemdtmpfiles_DATA)
+
+%: %.in Makefile
+	sed -e 's|@localstatedir[@]|$(localstatedir)|g' '$(srcdir)/$@.in' >$@
+
+# create empty directories as needed
+# DESTDIR might not be set, in that case default to system root
+DESTDIR ?= /
+install-data-hook:
+	for conf in $(systemdtmpfiles_DATA); do \
+		systemd-tmpfiles --remove --create --boot   \
+--root $(DESTDIR)   \
+$(DESTDIR)$(systemdtmpfilesdir)/$${conf} || :;  \
+	done
diff --git a/init/tmpfilesd/ipa.conf.in b/init/tmpfilesd/ipa.conf.in
new file mode 100644
index 00..750e808edb
--- /dev/null
+++ b/init/tmpfilesd/ipa.conf.in
@@ -0,0 +1,3 @@
+d @localstatedir@/run/ipa 0711 root root
+d @localstatedir@/run/ipa/ccaches 0770 ipaapi ipaapi
+
diff --git 

[Freeipa-devel] [freeipa PR#914][opened] baseldap: fix format string

[MartinBasti via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/914
Author: MartinBasti
 Title: #914: baseldap: fix format string
Action: opened

PR body:
"""
Fixes missing type specification in format string.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/914/head:pr914
git checkout pr914
From 1e36f5c6786f2f2b88712d73e987d22ffd577c9a Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Wed, 12 Jul 2017 16:22:05 +0200
Subject: [PATCH] baseldap: fix format string

Fixes missing type specification in format string.
---
 ipaserver/plugins/baseldap.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py
index a6fc88b591..47bd184278 100644
--- a/ipaserver/plugins/baseldap.py
+++ b/ipaserver/plugins/baseldap.py
@@ -2406,7 +2406,7 @@ def exc_callback(self, keys, options, exc, call_func, *call_args,
 
 
 class BaseLDAPAddAttribute(BaseLDAPModAttribute):
-msg_summary = _('added attribute value to entry %(value)')
+msg_summary = _('added attribute value to entry %(value)s')
 
 def _update_attrs(self, update, entry_attrs):
 for name, value in entry_attrs.items():
@@ -2422,7 +2422,7 @@ def _update_attrs(self, update, entry_attrs):
 
 
 class BaseLDAPRemoveAttribute(BaseLDAPModAttribute):
-msg_summary = _('removed attribute values from entry %(value)')
+msg_summary = _('removed attribute values from entry %(value)s')
 
 def _update_attrs(self, update, entry_attrs):
 for name, value in entry_attrs.items():
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#912][closed] [4-5 only] replica install: drop-in IPA specific config to tmpfiles.d

[pvomacka via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/912
Author: martbab
 Title: #912: [4-5 only] replica install: drop-in IPA specific config to 
tmpfiles.d
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/912/head:pr912
git checkout pr912
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#913][closed] Passdb privates for ipa-4-5

[MartinBasti via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/913
Author: abbra
 Title: #913: Passdb privates for ipa-4-5
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/913/head:pr913
git checkout pr913
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#913][opened] Passdb privates for ipa-4-5

[abbra via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/913
Author: abbra
 Title: #913: Passdb privates for ipa-4-5
Action: opened

PR body:
"""
Here is a rebase/cherry-pick for ipa-4-5 branch of Samba API changes
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/913/head:pr913
git checkout pr913
From e34b67ba1484beeb66ba4537abfe7503bc97e37b Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy 
Date: Wed, 19 Apr 2017 15:16:15 +0300
Subject: [PATCH 1/2] ipa-sam: use own private structure, not ldapsam_privates

With Samba 4.7 access to ldapsam internal structures will not be
available for external applications. FreeIPA's ipasam module was using
those for own needs. Now it needs to migrate to proper own private
structure.

Given that we anyway need to implement many missing functions like
pdb_update_sam_account() callback with FreeIPA-specific logic,
piggybacking on ldapsam structures is not needed anymore.

Fixes https://pagure.io/freeipa/issue/6877

Reviewed-By: Martin Basti 
(cherry picked from commit 11d43a16035d9ce7970ddf757f17025289ec4854)
---
 daemons/ipa-sam/ipa_sam.c | 902 --
 server.m4 |   4 +
 2 files changed, 474 insertions(+), 432 deletions(-)

diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
index 59d92f37c9..fe9913d611 100644
--- a/daemons/ipa-sam/ipa_sam.c
+++ b/daemons/ipa-sam/ipa_sam.c
@@ -190,7 +190,19 @@ bool E_md4hash(const char *passwd, uint8_t p16[16]); /* available in libcliauth-
 const struct dom_sid global_sid_Builtin = { 1, 1, {0,0,0,0,0,5},
 	   {32,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
 
-struct ipasam_privates {
+/* With Samba 4.7 ldapsam_privates structure is not public anymore.
+ * FreeIPA needs to use own structure */
+
+struct ipasam_private {
+	struct smbldap_state *ldap_state;
+	/* Former statics */
+	LDAPMessage *result;
+	LDAPMessage *entry;
+
+	const char *domain_name;
+	struct dom_sid domain_sid;
+
+	char *domain_dn;
 	char *realm;
 	char *base_dn;
 	char *trust_dn;
@@ -204,7 +216,7 @@ struct ipasam_privates {
 };
 
 
-static NTSTATUS ipasam_get_domain_name(struct ldapsam_privates *ldap_state,
+static NTSTATUS ipasam_get_domain_name(struct ipasam_private *ipasam_state,
    TALLOC_CTX *mem_ctx,
    char **domain_name);
 
@@ -332,9 +344,35 @@ static bool strnequal(const char *s1, const char *s2, size_t n) {
 	return false;
 }
 
-static LDAP *priv2ld(struct ldapsam_privates *priv)
+static LDAP *_smbldap_get_ldap(struct smbldap_state *state) {
+#ifdef HAVE_SMBLDAP_GET_LDAP
+	return smbldap_get_ldap(state);
+#else
+	return state->ldap_struct;
+#endif
+
+}
+
+static bool _smbldap_get_paged_results(struct smbldap_state *state) {
+#ifdef HAVE_SMBLDAP_GET_LDAP
+	return smbldap_get_paged_results(state);
+#else
+	return state->paged_results;
+#endif
+}
+
+static void _smbldap_set_paged_results(struct smbldap_state *state,
+			   bool paged_results) {
+#ifdef HAVE_SMBLDAP_GET_LDAP
+	smbldap_set_paged_results(state, paged_results);
+#else
+	state->paged_results = paged_results;
+#endif
+}
+
+static LDAP *priv2ld(struct ipasam_private *priv)
 {
-	return priv->smbldap_state->ldap_struct;
+	return _smbldap_get_ldap(priv->ldap_state);
 }
 
 /*
@@ -508,8 +546,8 @@ static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods,
 const char **names,
 enum lsa_SidType *attrs)
 {
-	struct ldapsam_privates *ldap_state =
-		(struct ldapsam_privates *)methods->private_data;
+	struct ipasam_private *ipasam_state =
+		talloc_get_type_abort(methods->private_data, struct ipasam_private);
 	LDAPMessage *msg = NULL;
 	LDAPMessage *entry;
 	char *allsids = NULL;
@@ -526,7 +564,7 @@ static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods,
 	}
 
 	if (!sid_check_is_builtin(domain_sid) &&
-	 dom_sid_compare_domain(_state->domain_sid, domain_sid) != 0) {
+	 dom_sid_compare_domain(_state->domain_sid, domain_sid) != 0) {
 		result = NT_STATUS_INVALID_PARAMETER;
 		goto done;
 	}
@@ -570,8 +608,8 @@ static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods,
 			goto done;
 		}
 
-		rc = smbldap_search(ldap_state->smbldap_state,
-ldap_state->ipasam_privates->base_dn,
+		rc = smbldap_search(ipasam_state->ldap_state,
+ipasam_state->base_dn,
 LDAP_SCOPE_SUBTREE, filter, ldap_attrs, 0,
 );
 		smbldap_talloc_autofree_ldapmsg(mem_ctx, msg);
@@ -580,7 +618,7 @@ static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods,
 	if (rc != LDAP_SUCCESS)
 		goto done;
 
-	ld = ldap_state->smbldap_state->ldap_struct;
+	ld = priv2ld(ipasam_state);
 	num_mapped = 0;
 
 	for (entry = ldap_first_entry(ld, msg);
@@ -591,7 +629,7 @@ static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods,
 		const char *name;
 
 		if (!ldapsam_extract_rid_from_entry(ld, entry,
-		ldap_state->ipasam_privates->idmap_ctx,
+		ipasam_state->idmap_ctx,
 		

[Freeipa-devel] Re: IMPORTANT FreeIPA Travis-CI is broken in 4-5 branch

[Alexander Bokovoy via FreeIPA-devel]

On ke, 12 heinä 2017, Martin Babinsky via FreeIPA-devel wrote:

Hi List,

due to adding new Samba to freeipa-master COPR and pushing the ipasam-related
patches reflecting API changes only to master, the build of ipa-4-5 in
Travis-CI fails due to compiler errors[1].

This is a sign that 4-5 and master branches have diverged enough to warrant a
separate Docker image for 4-5 testing in Travis. I will try to prepare this
image and update .travis.yml on ipa-4-5 in order to unblock CI ASAP.

Instead of that, please merge ipasam patches to ipa-4-5, they are
designed for that.



I apologize for the inconvenience.

[1] https://travis-ci.org/freeipa/freeipa/jobs/252699010

--
Martin Babinsky
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org


--
/ Alexander Bokovoy
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] IMPORTANT FreeIPA Travis-CI is broken in 4-5 branch

[Martin Babinsky via FreeIPA-devel]

Hi List,

due to adding new Samba to freeipa-master COPR and pushing the ipasam-related
patches reflecting API changes only to master, the build of ipa-4-5 in
Travis-CI fails due to compiler errors[1].

This is a sign that 4-5 and master branches have diverged enough to warrant a
separate Docker image for 4-5 testing in Travis. I will try to prepare this
image and update .travis.yml on ipa-4-5 in order to unblock CI ASAP.

I apologize for the inconvenience.

[1] https://travis-ci.org/freeipa/freeipa/jobs/252699010

-- 
Martin Babinsky
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#912][opened] [4-5 only] replica install: drop-in IPA specific config to tmpfiles.d

[martbab via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/912
Author: martbab
 Title: #912: [4-5 only] replica install: drop-in IPA specific config to 
tmpfiles.d
Action: opened

PR body:
"""
While server installation and upgrade code configures the IPA specific
tmpfiles location and creates relevant directories, the replica
installer code path is covered incompletely and one step is missing.

https://pagure.io/freeipa/issue/7053
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/912/head:pr912
git checkout pr912
From d8933ead6569c71be606683d568664637c19a722 Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Tue, 11 Jul 2017 12:41:38 +0200
Subject: [PATCH] replica install: drop-in IPA specific config to tmpfiles.d

While server installation and upgrade code configures the IPA specific
tmpfiles location and creates relevant directories, the replica
installer code path is covered incompletely and one step is missing.

https://pagure.io/freeipa/issue/7053
---
 ipaserver/install/server/replicainstall.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 4f28de25bd..814925de15 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1515,6 +1515,9 @@ def install(installer):
 # remove the extracted replica file
 remove_replica_info_dir(installer)
 
+# Make sure the files we crated in /var/run are recreated at startup
+tasks.configure_tmpfiles()
+
 # Everything installed properly, activate ipa service.
 services.knownservices.ipa.enable()
 
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org