[Freeipa-devel] [freeipa PR#4421][closed] [testing_master_latest] Nightly PR
URL: https://github.com/freeipa/freeipa/pull/4421 Author: freeipa-pr-ci Title: #4421: [testing_master_latest] Nightly PR Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4421/head:pr4421 git checkout pr4421 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4456][opened] [testing_master_latest] Nightly PR
URL: https://github.com/freeipa/freeipa/pull/4456 Author: freeipa-pr-ci Title: #4456: [testing_master_latest] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4456/head:pr4456 git checkout pr4456 From b9f0c8eedc1c1d22bd4d63c01a4d8b9604ff34d6 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 25 Mar 2020 23:00:07 + Subject: [PATCH] automated commit --- .freeipa-pr-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index abcf8c5b63..a58e059169 12 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -1 +1 @@ -ipatests/prci_definitions/gating.yaml \ No newline at end of file +ipatests/prci_definitions/nightly_latest.yaml \ No newline at end of file ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4455][opened] Set lookup_family_order = ipv6_first on IPv6-only clients
URL: https://github.com/freeipa/freeipa/pull/4455 Author: rcritten Title: #4455: Set lookup_family_order = ipv6_first on IPv6-only clients Action: opened PR body: """ Look at the IPs configured on the interface that the client connects to IPA with. If this interface has only IPv6 addresses configured the set the option lookup_family_order to ipv6_first. This will prefer IPv6 DNS names and will allow an IPv6-only client to be able to connect to a mixed IPv4/IPv6 IPA installation. https://pagure.io/freeipa/issue/8243 Signed-off-by: Rob Crittenden **NOTE:** I'm being conservative here and not using ipv6_only. This is an attempt to ensure that things will continue to work if the underlying network changes int he future. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4455/head:pr4455 git checkout pr4455 From e2bf2e55d55c3192778b1a1509783fde29d0c01d Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 25 Mar 2020 17:45:26 -0400 Subject: [PATCH] Set lookup_family_order = ipv6_first on IPv6-only clients Look at the IPs configured on the interface that the client connects to IPA with. If this interface has only IPv6 addresses configured the set the option lookup_family_order to ipv6_first. This will prefer IPv6 DNS names and will allow an IPv6-only client to be able to connect to a mixed IPv4/IPv6 IPA installation. https://pagure.io/freeipa/issue/8243 Signed-off-by: Rob Crittenden --- ipaclient/install/client.py | 18 ++ 1 file changed, 18 insertions(+) diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index 34b2d1a6e7..006cde0adf 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -956,6 +956,24 @@ def configure_sssd_conf( nss_service.set_option('memcache_timeout', 600) sssdconfig.save_service(nss_service) +family_order = None +try: +iface = get_server_connection_interface(cli_server[0]) +except RuntimeError as e: +logger.error("Cannot determine interface used to connect to " + "IPA. %s", e) +else: +try: +connect_ips = get_local_ipaddresses(iface) +except CalledProcessError as e: +logger.error("Cannot determine IP(s) used to connect to " + "IPA. %s", e) +else: +if all([ip.version == 6 for ip in connect_ips]): +family_order = 'ipv6_first' +if family_order: +domain.set_option('lookup_family_order', family_order) + domain.set_option('ipa_domain', cli_domain) domain.set_option('ipa_hostname', client_hostname) if cli_domain.lower() != cli_realm.lower(): ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4411][closed] [ipa-4-6] ipatests: fix KeyError in test_sssd
URL: https://github.com/freeipa/freeipa/pull/4411 Author: flo-renaud Title: #4411: [ipa-4-6] ipatests: fix KeyError in test_sssd Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4411/head:pr4411 git checkout pr4411 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4449][closed] [Backport][ipa-4-7] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
URL: https://github.com/freeipa/freeipa/pull/4449 Author: abbra Title: #4449: [Backport][ipa-4-7] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4449/head:pr4449 git checkout pr4449 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4452][closed] [Backport][ipa-4-6] ipatests: Skip test using paramiko when FIPS is enabled
URL: https://github.com/freeipa/freeipa/pull/4452 Author: tiran Title: #4452: [Backport][ipa-4-6] ipatests: Skip test using paramiko when FIPS is enabled Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4452/head:pr4452 git checkout pr4452 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4451][closed] [Backport][ipa-4-8] ipatests: Skip test using paramiko when FIPS is enabled
URL: https://github.com/freeipa/freeipa/pull/4451 Author: tiran Title: #4451: [Backport][ipa-4-8] ipatests: Skip test using paramiko when FIPS is enabled Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4451/head:pr4451 git checkout pr4451 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4450][closed] [Backport][ipa-4-8] po: fix LINGUAS to use whitespace separation
URL: https://github.com/freeipa/freeipa/pull/4450 Author: tiran Title: #4450: [Backport][ipa-4-8] po: fix LINGUAS to use whitespace separation Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4450/head:pr4450 git checkout pr4450 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4454][opened] Don't configure ntpd with -x
URL: https://github.com/freeipa/freeipa/pull/4454 Author: rcritten Title: #4454: Don't configure ntpd with -x Action: opened PR body: """ slew mode (-x) may break ntpd from starting if time slew is too great between the system and hardware clock. Slew mode is an unstable configuration choice and has many known drawbacks. https://pagure.io/freeipa/issue/8242 Signed-off-by: Rob Crittenden This applies **only** to the ipa-4-6 branch. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4454/head:pr4454 git checkout pr4454 From a1e8b53526379428668f1924fae751872bd1b003 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 20 Mar 2020 09:01:39 -0400 Subject: [PATCH] Don't configure ntpd with -x slew mode (-x) may break ntpd from starting if time slew is too great between the system and hardware clock. Slew mode is an unstable configuration choice and has many known drawbacks. https://pagure.io/freeipa/issue/8242 Signed-off-by: Rob Crittenden --- ipaclient/install/ntpconf.py | 2 +- ipaserver/install/ntpinstance.py | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/ipaclient/install/ntpconf.py b/ipaclient/install/ntpconf.py index e90ec068aa..21cfdc4c6f 100644 --- a/ipaclient/install/ntpconf.py +++ b/ipaclient/install/ntpconf.py @@ -80,7 +80,7 @@ #controlkey 8 """ -ntp_sysconfig = """OPTIONS="-x -p /var/run/ntpd.pid" +ntp_sysconfig = """OPTIONS="-p /var/run/ntpd.pid" # Set to 'yes' to sync hw clock after successful ntpdate SYNC_HWCLOCK=yes diff --git a/ipaserver/install/ntpinstance.py b/ipaserver/install/ntpinstance.py index 10997343c4..d38fd2e129 100644 --- a/ipaserver/install/ntpinstance.py +++ b/ipaserver/install/ntpinstance.py @@ -91,8 +91,7 @@ def __write_config(self): fd.write("{}\n".format(' '.join(fudge))) #read in memory, find OPTIONS, check/change it, then overwrite file -needopts = [ {'val':'-x', 'need':True}, - {'val':'-g', 'need':True} ] +needopts = [ {'val':'-g', 'need':True} ] fd = open(paths.SYSCONFIG_NTPD, "r") lines = fd.readlines() fd.close() ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4453][opened] [Backport][ipa-4-7] ipatests: Skip test using paramiko when FIPS is enabled
URL: https://github.com/freeipa/freeipa/pull/4453 Author: tiran Title: #4453: [Backport][ipa-4-7] ipatests: Skip test using paramiko when FIPS is enabled Action: opened PR body: """ This PR was opened automatically because PR #4442 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4453/head:pr4453 git checkout pr4453 From 94d850731f5855c44b16c4f6abf911c927e1fd0a Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Yusuf Date: Wed, 25 Mar 2020 13:13:26 +0530 Subject: [PATCH] ipatests: Skip test using paramiko when FIPS is enabled Test used paramiko to connect to the master from controller. Hence skip if FIPS is enabled Signed-off-by: Mohammad Rizwan Yusuf --- ipatests/test_integration/test_commands.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py index 0606aa1b69..a371dc6a3a 100644 --- a/ipatests/test_integration/test_commands.py +++ b/ipatests/test_integration/test_commands.py @@ -691,6 +691,9 @@ def test_ssh_from_controller(self): 3. add an ipa user 4. ssh from controller to master using the user created in step 3 """ +if self.master.is_fips_mode: # pylint: disable=no-member +pytest.skip("paramiko is not compatible with FIPS mode") + sssd_version = '' cmd_output = self.master.run_command(['sssd', '--version']) sssd_version = platform_tasks.\ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4452][opened] [Backport][ipa-4-6] ipatests: Skip test using paramiko when FIPS is enabled
URL: https://github.com/freeipa/freeipa/pull/4452 Author: tiran Title: #4452: [Backport][ipa-4-6] ipatests: Skip test using paramiko when FIPS is enabled Action: opened PR body: """ This PR was opened automatically because PR #4442 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4452/head:pr4452 git checkout pr4452 From f9d1c0dc814e5f8ad8f438e6cb88f82fba11588b Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Yusuf Date: Wed, 25 Mar 2020 13:13:26 +0530 Subject: [PATCH] ipatests: Skip test using paramiko when FIPS is enabled Test used paramiko to connect to the master from controller. Hence skip if FIPS is enabled Signed-off-by: Mohammad Rizwan Yusuf --- ipatests/test_integration/test_commands.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py index a14a324ec2..af8f22cdb5 100644 --- a/ipatests/test_integration/test_commands.py +++ b/ipatests/test_integration/test_commands.py @@ -734,6 +734,9 @@ def test_ssh_from_controller(self): 3. add an ipa user 4. ssh from controller to master using the user created in step 3 """ +if self.master.is_fips_mode: # pylint: disable=no-member +pytest.skip("paramiko is not compatible with FIPS mode") + sssd_version = '' cmd_output = self.master.run_command(['sssd', '--version']) sssd_version = platform_tasks.\ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4451][opened] [Backport][ipa-4-8] ipatests: Skip test using paramiko when FIPS is enabled
URL: https://github.com/freeipa/freeipa/pull/4451 Author: tiran Title: #4451: [Backport][ipa-4-8] ipatests: Skip test using paramiko when FIPS is enabled Action: opened PR body: """ This PR was opened automatically because PR #4442 was pushed to master and backport to ipa-4-8 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4451/head:pr4451 git checkout pr4451 From 1d2cc7610722bfc6451f20bdd3a736d0b41951ff Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Yusuf Date: Wed, 25 Mar 2020 13:13:26 +0530 Subject: [PATCH] ipatests: Skip test using paramiko when FIPS is enabled Test used paramiko to connect to the master from controller. Hence skip if FIPS is enabled Signed-off-by: Mohammad Rizwan Yusuf --- ipatests/test_integration/test_commands.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py index 32a21a7322..c92cad9471 100644 --- a/ipatests/test_integration/test_commands.py +++ b/ipatests/test_integration/test_commands.py @@ -803,6 +803,9 @@ def test_ssh_from_controller(self): 3. add an ipa user 4. ssh from controller to master using the user created in step 3 """ +if self.master.is_fips_mode: # pylint: disable=no-member +pytest.skip("paramiko is not compatible with FIPS mode") + sssd_version = '' cmd_output = self.master.run_command(['sssd', '--version']) sssd_version = platform_tasks.\ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4442][closed] ipatests: Skip test using paramiko when FIPS is enabled
URL: https://github.com/freeipa/freeipa/pull/4442 Author: mrizwan93 Title: #4442: ipatests: Skip test using paramiko when FIPS is enabled Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4442/head:pr4442 git checkout pr4442 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4445][closed] [backport][ipa-4-6] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
URL: https://github.com/freeipa/freeipa/pull/4445 Author: abbra Title: #4445: [backport][ipa-4-6] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4445/head:pr4445 git checkout pr4445 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4444][closed] [Backport][ipa-4-8] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
URL: https://github.com/freeipa/freeipa/pull/ Author: tiran Title: #: [Backport][ipa-4-8] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull//head:pr git checkout pr ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4450][opened] [Backport][ipa-4-8] po: fix LINGUAS to use whitespace separation
URL: https://github.com/freeipa/freeipa/pull/4450 Author: tiran Title: #4450: [Backport][ipa-4-8] po: fix LINGUAS to use whitespace separation Action: opened PR body: """ This PR was opened automatically because PR #4448 was pushed to master and backport to ipa-4-8 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4450/head:pr4450 git checkout pr4450 From 8973b547403558218701da84a8d2649554f24bcf Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Wed, 25 Mar 2020 11:04:59 +0100 Subject: [PATCH] po: fix LINGUAS to use whitespace separation The po/LINGUAS file contains a list of all avilable translations. According to the GNU gettext documentation it's is a whitespace separated list. Our LINGUAS file used newline separated list with inline comments. This conflicts with weblate automation. Fixes: https://pagure.io/freeipa/issue/8159 See: https://www.gnu.org/software/gettext/manual/html_node/po_002fLINGUAS.html Signed-off-by: Christian Heimes --- po/LINGUAS | 25 + 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/po/LINGUAS b/po/LINGUAS index 5811c744b4..bf8dcdf75c 100644 --- a/po/LINGUAS +++ b/po/LINGUAS @@ -1,24 +1 @@ -bn_IN # Bengali (India) -ca # Catalan -cs # Czech -de # German -en_GB # English (United Kingdom) -es # Spanish -eu # Basque -fr # French -hi # Hindi -hu # Hungarian -id # Indonesian -ja # Japanese -kn # Kannada -mr # Marathi -nl # Dutch -pa # Punjabi -pl # Polish -pt # Portuguese -pt_BR # Portuguese (Brazil) -ru # Russian -sk # Slovak -tg # Tajik -uk # Ukrainian -zh_CN # Chinese (China) +bn_IN ca cs de en_GB es eu fr hi hu id ja kn mr nl pa pl pt pt_BR ru sk tg uk zh_CN ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4448][closed] po: fix LINGUAS to use whitespace separation
URL: https://github.com/freeipa/freeipa/pull/4448 Author: tiran Title: #4448: po: fix LINGUAS to use whitespace separation Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4448/head:pr4448 git checkout pr4448 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4449][opened] [Backport][ipa-4-7] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
URL: https://github.com/freeipa/freeipa/pull/4449 Author: abbra Title: #4449: [Backport][ipa-4-7] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager Action: opened PR body: """ This PR was opened manually because PR #4417 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4449/head:pr4449 git checkout pr4449 From 7b8136353e5b378ee92deb1b484d7f8db88f3b0a Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 10 Jul 2018 18:05:19 +0300 Subject: [PATCH 1/8] Fix indentation levels Reviewed-By: Alexander Bokovoy Reviewed-By: Christian Heimes --- .../ipa-slapi-plugins/ipa-pwd-extop/common.c | 19 +-- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c index 61b46904ab..d3cd3a72b6 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c @@ -286,8 +286,8 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void) * slapi_pblock_destroy(pb) */ static int pwd_get_values(const Slapi_Entry *ent, const char *attrname, - Slapi_ValueSet** results, char** actual_type_name, - int *buffer_flags) + Slapi_ValueSet** results, char** actual_type_name, + int *buffer_flags) { int flags=0; int type_name_disposition = 0; @@ -560,7 +560,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) LOG_TRACE("No password policy, use defaults"); } break; - case IPA_CHANGETYPE_ADMIN: +case IPA_CHANGETYPE_ADMIN: /* The expiration date needs to be older than the current time * otherwise the KDC may not immediately register the password * as expired. The last password change needs to match the @@ -636,7 +636,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) } /* Searches the dn in directory, - * If found : fills in slapi_entry structure and returns 0 + * If found : fills in slapi_entry structure and returns 0 * If NOT found : returns the search result as LDAP_NO_SUCH_OBJECT */ int ipapwd_getEntry(const char *dn, Slapi_Entry **e2, char **attrlist) @@ -795,22 +795,21 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg, slapi_mods_add_mod_values(smods, LDAP_MOD_REPLACE, "krbPrincipalKey", svals); - /* krbLastPwdChange is used to tell whether a host entry has a - * keytab so don't set it on hosts. - */ +/* krbLastPwdChange is used to tell whether a host entry has a + * keytab so don't set it on hosts. */ if (!is_host) { - /* change Last Password Change field with the current date */ +/* change Last Password Change field with the current date */ ret = ipapwd_setdate(data->target, smods, "krbLastPwdChange", data->timeNow, false); if (ret != LDAP_SUCCESS) goto free_and_return; - /* set Password Expiration date */ +/* set Password Expiration date */ ret = ipapwd_setdate(data->target, smods, "krbPasswordExpiration", data->expireTime, (data->expireTime == 0)); if (ret != LDAP_SUCCESS) goto free_and_return; - } +} } if (nt && is_smb) { From 43cf34907159fae7cbab53aabe9ed037b91e5fab Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Fri, 6 Jul 2018 11:07:48 +0300 Subject: [PATCH 2/8] ipatests: allow changing sysaccount passwords as cn=Directory Manager Extend ldappasswd_sysaccount_change() helper to allow changing passwords as a cn=Directory Manager. Related to: https://pagure.io/freeipa/issue/7181 Signed-off-by: Alexander Bokovoy Reviewed-By: Alexander Bokovoy Reviewed-By: Christian Heimes --- ipatests/pytest_ipa/integration/tasks.py | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py index 831b48fcf7..caf576b80c 100755 --- a/ipatests/pytest_ipa/integration/tasks.py +++ b/ipatests/pytest_ipa/integration/tasks.py @@ -1689,15 +1689,23 @@ def ldappasswd_user_change(user, oldpw, newpw, master): master.run_command(args) -def ldappasswd_sysaccount_change(user, oldpw, newpw, master): +def ldappasswd_sysaccount_change(user, oldpw, newpw, master, use_dirman=False): container_sysaccounts = dict(DEFAULT_CONFIG)['container_sysaccounts'] basedn = master.domain.basedn userdn = "uid={},{},{}".format(user, container_sysaccounts, basedn) master_ldap_uri = "ldap://{}".format(master.hostname) -args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw, -'-s',
[Freeipa-devel] [freeipa PR#4432][closed] [Backport][ipa-4-6] WebUI: Fix notification area layout
URL: https://github.com/freeipa/freeipa/pull/4432 Author: flo-renaud Title: #4432: [Backport][ipa-4-6] WebUI: Fix notification area layout Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4432/head:pr4432 git checkout pr4432 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4440][closed] [Backport][ipa-4-8] ipatests: always skip additional input for group-add-member --external
URL: https://github.com/freeipa/freeipa/pull/4440 Author: abbra Title: #4440: [Backport][ipa-4-8] ipatests: always skip additional input for group-add-member --external Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4440/head:pr4440 git checkout pr4440 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4446][opened] Translations update from Weblate
URL: https://github.com/freeipa/freeipa/pull/4446 Author: weblate Title: #4446: Translations update from Weblate Action: opened PR body: """ Translations update from [Weblate](https://translate.fedoraproject.org/projects/freeipa/master/) for freeipa/master. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4446/head:pr4446 git checkout pr4446 From 9bdda77af1c1dff527935089c89fff5d43df8127 Mon Sep 17 00:00:00 2001 From: Weblate Date: Wed, 25 Mar 2020 10:44:27 +0100 Subject: [PATCH] Update translation files Updated by "Update LINGUAS file" hook in Weblate. Translation: freeipa/master Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/ --- po/LINGUAS | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/po/LINGUAS b/po/LINGUAS index 5811c744b4..4c91443ac6 100644 --- a/po/LINGUAS +++ b/po/LINGUAS @@ -1,5 +1,4 @@ -bn_IN # Bengali (India) -ca # Catalan +bn_IN ca cs de en_GB es eu fr hi hu id ja kn mr nl pa pl pt pt_BR ru sk tg uk zh_CNca # Catalan cs # Czech de # German en_GB # English (United Kingdom) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4441][closed] [backport][ipa-4-7] ipatests: always skip additional input for group-add-member --external
URL: https://github.com/freeipa/freeipa/pull/4441 Author: abbra Title: #4441: [backport][ipa-4-7] ipatests: always skip additional input for group-add-member --external Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4441/head:pr4441 git checkout pr4441 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4445][opened] [backport][ipa-4-6] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
URL: https://github.com/freeipa/freeipa/pull/4445 Author: abbra Title: #4445: [backport][ipa-4-6] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager Action: opened PR body: """ This PR was opened manually because PR #4417 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4445/head:pr4445 git checkout pr4445 From 607cb5d1010d50b959954886880e92356b8ffb7d Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 10 Jul 2018 18:05:19 +0300 Subject: [PATCH 1/8] Fix indentation levels Reviewed-By: Alexander Bokovoy Reviewed-By: Christian Heimes --- .../ipa-slapi-plugins/ipa-pwd-extop/common.c | 19 +-- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c index 61b46904ab..d3cd3a72b6 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c @@ -286,8 +286,8 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void) * slapi_pblock_destroy(pb) */ static int pwd_get_values(const Slapi_Entry *ent, const char *attrname, - Slapi_ValueSet** results, char** actual_type_name, - int *buffer_flags) + Slapi_ValueSet** results, char** actual_type_name, + int *buffer_flags) { int flags=0; int type_name_disposition = 0; @@ -560,7 +560,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) LOG_TRACE("No password policy, use defaults"); } break; - case IPA_CHANGETYPE_ADMIN: +case IPA_CHANGETYPE_ADMIN: /* The expiration date needs to be older than the current time * otherwise the KDC may not immediately register the password * as expired. The last password change needs to match the @@ -636,7 +636,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) } /* Searches the dn in directory, - * If found : fills in slapi_entry structure and returns 0 + * If found : fills in slapi_entry structure and returns 0 * If NOT found : returns the search result as LDAP_NO_SUCH_OBJECT */ int ipapwd_getEntry(const char *dn, Slapi_Entry **e2, char **attrlist) @@ -795,22 +795,21 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg, slapi_mods_add_mod_values(smods, LDAP_MOD_REPLACE, "krbPrincipalKey", svals); - /* krbLastPwdChange is used to tell whether a host entry has a - * keytab so don't set it on hosts. - */ +/* krbLastPwdChange is used to tell whether a host entry has a + * keytab so don't set it on hosts. */ if (!is_host) { - /* change Last Password Change field with the current date */ +/* change Last Password Change field with the current date */ ret = ipapwd_setdate(data->target, smods, "krbLastPwdChange", data->timeNow, false); if (ret != LDAP_SUCCESS) goto free_and_return; - /* set Password Expiration date */ +/* set Password Expiration date */ ret = ipapwd_setdate(data->target, smods, "krbPasswordExpiration", data->expireTime, (data->expireTime == 0)); if (ret != LDAP_SUCCESS) goto free_and_return; - } +} } if (nt && is_smb) { From af151ed1310739d5e3df8efdf2089deccc46d5ee Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Fri, 6 Jul 2018 11:07:48 +0300 Subject: [PATCH 2/8] ipatests: allow changing sysaccount passwords as cn=Directory Manager Extend ldappasswd_sysaccount_change() helper to allow changing passwords as a cn=Directory Manager. Related to: https://pagure.io/freeipa/issue/7181 Signed-off-by: Alexander Bokovoy Reviewed-By: Alexander Bokovoy Reviewed-By: Christian Heimes --- ipatests/pytest_ipa/integration/tasks.py | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py index 1db4fdd6d0..14c06a4c6f 100755 --- a/ipatests/pytest_ipa/integration/tasks.py +++ b/ipatests/pytest_ipa/integration/tasks.py @@ -1629,15 +1629,23 @@ def ldappasswd_user_change(user, oldpw, newpw, master): master.run_command(args) -def ldappasswd_sysaccount_change(user, oldpw, newpw, master): +def ldappasswd_sysaccount_change(user, oldpw, newpw, master, use_dirman=False): container_sysaccounts = dict(DEFAULT_CONFIG)['container_sysaccounts'] basedn = master.domain.basedn userdn = "uid={},{},{}".format(user, container_sysaccounts, basedn) master_ldap_uri = "ldap://{}".format(master.hostname) -args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw, -'-s',
[Freeipa-devel] [freeipa PR#4417][closed] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
URL: https://github.com/freeipa/freeipa/pull/4417 Author: rcritten Title: #4417: ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4417/head:pr4417 git checkout pr4417 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4444][opened] [Backport][ipa-4-8] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
URL: https://github.com/freeipa/freeipa/pull/ Author: tiran Title: #: [Backport][ipa-4-8] ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager Action: opened PR body: """ This PR was opened automatically because PR #4417 was pushed to master and backport to ipa-4-8 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull//head:pr git checkout pr From f1131c41d81b1cd368e2031a806c6ad3e97c4a78 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 10 Jul 2018 18:05:19 +0300 Subject: [PATCH 1/8] Fix indentation levels --- .../ipa-slapi-plugins/ipa-pwd-extop/common.c | 19 +-- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c index 61b46904ab..d3cd3a72b6 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c @@ -286,8 +286,8 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void) * slapi_pblock_destroy(pb) */ static int pwd_get_values(const Slapi_Entry *ent, const char *attrname, - Slapi_ValueSet** results, char** actual_type_name, - int *buffer_flags) + Slapi_ValueSet** results, char** actual_type_name, + int *buffer_flags) { int flags=0; int type_name_disposition = 0; @@ -560,7 +560,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) LOG_TRACE("No password policy, use defaults"); } break; - case IPA_CHANGETYPE_ADMIN: +case IPA_CHANGETYPE_ADMIN: /* The expiration date needs to be older than the current time * otherwise the KDC may not immediately register the password * as expired. The last password change needs to match the @@ -636,7 +636,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) } /* Searches the dn in directory, - * If found : fills in slapi_entry structure and returns 0 + * If found : fills in slapi_entry structure and returns 0 * If NOT found : returns the search result as LDAP_NO_SUCH_OBJECT */ int ipapwd_getEntry(const char *dn, Slapi_Entry **e2, char **attrlist) @@ -795,22 +795,21 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg, slapi_mods_add_mod_values(smods, LDAP_MOD_REPLACE, "krbPrincipalKey", svals); - /* krbLastPwdChange is used to tell whether a host entry has a - * keytab so don't set it on hosts. - */ +/* krbLastPwdChange is used to tell whether a host entry has a + * keytab so don't set it on hosts. */ if (!is_host) { - /* change Last Password Change field with the current date */ +/* change Last Password Change field with the current date */ ret = ipapwd_setdate(data->target, smods, "krbLastPwdChange", data->timeNow, false); if (ret != LDAP_SUCCESS) goto free_and_return; - /* set Password Expiration date */ +/* set Password Expiration date */ ret = ipapwd_setdate(data->target, smods, "krbPasswordExpiration", data->expireTime, (data->expireTime == 0)); if (ret != LDAP_SUCCESS) goto free_and_return; - } +} } if (nt && is_smb) { From d4e7dbc37621ddc0194c53b20374112b4107f013 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Fri, 6 Jul 2018 11:07:48 +0300 Subject: [PATCH 2/8] ipatests: allow changing sysaccount passwords as cn=Directory Manager Extend ldappasswd_sysaccount_change() helper to allow changing passwords as a cn=Directory Manager. Related to: https://pagure.io/freeipa/issue/7181 Signed-off-by: Alexander Bokovoy --- ipatests/pytest_ipa/integration/tasks.py | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py index 0b8eca1f31..ffb52783e7 100755 --- a/ipatests/pytest_ipa/integration/tasks.py +++ b/ipatests/pytest_ipa/integration/tasks.py @@ -1758,15 +1758,23 @@ def ldappasswd_user_change(user, oldpw, newpw, master): master.run_command(args) -def ldappasswd_sysaccount_change(user, oldpw, newpw, master): +def ldappasswd_sysaccount_change(user, oldpw, newpw, master, use_dirman=False): container_sysaccounts = dict(DEFAULT_CONFIG)['container_sysaccounts'] basedn = master.domain.basedn userdn = "uid={},{},{}".format(user, container_sysaccounts, basedn) master_ldap_uri = "ldap://{}".format(master.hostname) -args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw, -'-s', newpw, '-x', '-ZZ', '-H', master_ldap_uri] +if use_dirman: +args = [paths.LDAPPASSWD, '-D', +
[Freeipa-devel] [freeipa PR#4435][closed] SELinux: apache_manage_pid_files for F30
URL: https://github.com/freeipa/freeipa/pull/4435 Author: tiran Title: #4435: SELinux: apache_manage_pid_files for F30 Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4435/head:pr4435 git checkout pr4435 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4443][opened] [Backport][ipa-4-8] SELinux: apache_manage_pid_files for F30
URL: https://github.com/freeipa/freeipa/pull/4443 Author: abbra Title: #4443: [Backport][ipa-4-8] SELinux: apache_manage_pid_files for F30 Action: opened PR body: """ This PR was opened automatically because PR #4435 was pushed to master and backport to ipa-4-8 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4443/head:pr4443 git checkout pr4443 From d602e7711735fccac6e5bc568fb8253d7aef439b Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Tue, 24 Mar 2020 16:07:54 +0100 Subject: [PATCH] SELinux: apache_manage_pid_files for F30 SELinux policy on F30 doesn't have the interface apache_manage_pid_files(). Define the interface conditionally. Fixes: https://pagure.io/freeipa/issue/8241 Signed-off-by: Christian Heimes --- selinux/ipa.if | 27 +++ 1 file changed, 27 insertions(+) diff --git a/selinux/ipa.if b/selinux/ipa.if index 44c0a93662..cefae5d902 100644 --- a/selinux/ipa.if +++ b/selinux/ipa.if @@ -365,3 +365,30 @@ interface(`ipa_custodia_stream_connect',` allow $1 ipa_custodia_t:unix_stream_socket { connectto }; ') + + +## +## Manage apache pid objects. +## The interface is defined by selinux-policy since Fedora 31 and is +## conditionally defined here for Fedora 30. +## See https://pagure.io/freeipa/issue/8241. +## +## +## +## Domain allowed access. +## +## +# + +ifndef(`apache_manage_pid_files',` + interface(`apache_manage_pid_files',` + gen_require(` + type httpd_var_run_t; + ') + + files_search_pids($1) + manage_dirs_pattern($1, httpd_var_run_t, httpd_var_run_t) + manage_files_pattern($1, httpd_var_run_t, httpd_var_run_t) + manage_sock_files_pattern($1, httpd_var_run_t, httpd_var_run_t) + ') +') ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4434][closed] [backport][ipa-4-8] prepare translations to use Weblate
URL: https://github.com/freeipa/freeipa/pull/4434 Author: abbra Title: #4434: [backport][ipa-4-8] prepare translations to use Weblate Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4434/head:pr4434 git checkout pr4434 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4442][opened] ipatests: Skip test using paramiko when FIPS is enabled
URL: https://github.com/freeipa/freeipa/pull/4442 Author: mrizwan93 Title: #4442: ipatests: Skip test using paramiko when FIPS is enabled Action: opened PR body: """ Test used paramiko to connect to the master from controller. IF FIPS mode is enable, it fails because of get_fingerprint() method returns MD5 fingerprint. Hence skip if FIPS is enabled Signed-off-by: Mohammad Rizwan Yusuf """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4442/head:pr4442 git checkout pr4442 From a2be87aa0d24af4180b851bee5a323998a1cc4a7 Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Yusuf Date: Wed, 25 Mar 2020 13:13:26 +0530 Subject: [PATCH] ipatests: Skip test using paramiko when FIPS is enabled Test used paramiko to connect to the master from controller. IF FIPS mode is enable, it fails because of get_fingerprint() method returns MD5 fingerprint. Hence skip if FIPS is enabled Signed-off-by: Mohammad Rizwan Yusuf --- ipatests/test_integration/test_commands.py | 6 ++ 1 file changed, 6 insertions(+) diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py index 8a5d4c0710..c054956dd5 100644 --- a/ipatests/test_integration/test_commands.py +++ b/ipatests/test_integration/test_commands.py @@ -689,6 +689,12 @@ def test_ssh_from_controller(self): 3. add an ipa user 4. ssh from controller to master using the user created in step 3 """ +# Test used paramiko to connect to the master from controller. +# IF FIPS mode is enable, it fails because of get_fingerprint() +# method returns MD5 fingerprint. Hence skip if FIPS is enabled +if self.master.is_fips_mode: # pylint: disable=no-member +pytest.skip("paramiko is not compatible with FIPS mode") + sssd_version = '' cmd_output = self.master.run_command(['sssd', '--version']) sssd_version = platform_tasks.\ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4437][closed] [Backport][ipa-4-7] ipatests: provide AD admin password when trying to establish trust
URL: https://github.com/freeipa/freeipa/pull/4437 Author: wladich Title: #4437: [Backport][ipa-4-7] ipatests: provide AD admin password when trying to establish trust Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4437/head:pr4437 git checkout pr4437 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4436][closed] [Backport][ipa-4-8] ipatests: provide AD admin password when trying to establish trust
URL: https://github.com/freeipa/freeipa/pull/4436 Author: wladich Title: #4436: [Backport][ipa-4-8] ipatests: provide AD admin password when trying to establish trust Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4436/head:pr4436 git checkout pr4436 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4441][opened] [backport][ipa-4-7] ipatests: always skip additional input for group-add-member --external
URL: https://github.com/freeipa/freeipa/pull/4441 Author: abbra Title: #4441: [backport][ipa-4-7] ipatests: always skip additional input for group-add-member --external Action: opened PR body: """ 'ipa group-add-member groupname --external some-object' will attempt to ask interactive questions about other optional parameters (users and groups) if only external group member was specified. This leads to a timeout in the tests as there is no input provided. Do not wait for the entry that would never come by using 'ipa -n'. Related: https://pagure.io/freeipa/issue/8236 Signed-off-by: Alexander Bokovoy Reviewed-By: Florence Blanc-Renaud Reviewed-By: Sergey Orlov """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4441/head:pr4441 git checkout pr4441 From 5f49888243b89b1f1302280e78bb1ec0a65c3280 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 23 Mar 2020 23:04:04 +0200 Subject: [PATCH] ipatests: always skip additional input for group-add-member --external 'ipa group-add-member groupname --external some-object' will attempt to ask interactive questions about other optional parameters (users and groups) if only external group member was specified. This leads to a timeout in the tests as there is no input provided. Do not wait for the entry that would never come by using 'ipa -n'. Related: https://pagure.io/freeipa/issue/8236 Signed-off-by: Alexander Bokovoy Reviewed-By: Florence Blanc-Renaud Reviewed-By: Sergey Orlov --- ipatests/test_integration/test_sssd.py | 11 +-- 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/ipatests/test_integration/test_sssd.py b/ipatests/test_integration/test_sssd.py index d60bab82e8..1e5f0da2c1 100644 --- a/ipatests/test_integration/test_sssd.py +++ b/ipatests/test_integration/test_sssd.py @@ -10,6 +10,7 @@ from contextlib import contextmanager import pytest +import subprocess import textwrap from ipatests.test_integration.base import IntegrationTest @@ -18,7 +19,6 @@ from ipaplatform.osinfo import osinfo from ipaplatform.paths import paths from ipapython.dn import DN -from ipalib import errors class TestSSSDWithAdTrust(IntegrationTest): @@ -265,9 +265,8 @@ def test_ext_grp_with_ldap(self): self.master.run_command( ['ipa', 'group-add-member', '--group', ext_group, user]) self.master.run_command([ -'ipa', 'group-add-member', '--external', -self.users['ad']['name'], ext_group, -'--users=', '--groups=']) +'ipa', '-n', 'group-add-member', '--external', +self.users['ad']['name'], ext_group]) tasks.clear_sssd_cache(self.master) tasks.clear_sssd_cache(client) try: @@ -291,11 +290,11 @@ def test_external_group_member_mismatch(self, user_origin): master.run_command(['ipa', 'group-add', '--external', 'ext-ipatest']) try: -master.run_command(['ipa', 'group-add-member', +master.run_command(['ipa', '-n', 'group-add-member', 'ext-ipatest', '--external', self.users[user_origin]['name']]) -except errors.ValidationError: +except subprocess.CalledProcessError: # Only 'ipa' origin should throw a validation error assert user_origin == 'ipa' finally: ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4440][opened] [Backport][ipa-4-8] ipatests: always skip additional input for group-add-member --external
URL: https://github.com/freeipa/freeipa/pull/4440 Author: abbra Title: #4440: [Backport][ipa-4-8] ipatests: always skip additional input for group-add-member --external Action: opened PR body: """ This PR was opened automatically because PR #4420 was pushed to master and backport to ipa-4-8 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4440/head:pr4440 git checkout pr4440 From bf2ca1c0c4e747501b8c6b1fa20f2a4c4a4f487f Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 23 Mar 2020 23:04:04 +0200 Subject: [PATCH] ipatests: always skip additional input for group-add-member --external 'ipa group-add-member groupname --external some-object' will attempt to ask interactive questions about other optional parameters (users and groups) if only external group member was specified. This leads to a timeout in the tests as there is no input provided. Do not wait for the entry that would never come by using 'ipa -n'. Related: https://pagure.io/freeipa/issue/8236 Signed-off-by: Alexander Bokovoy --- ipatests/test_integration/test_sssd.py | 11 +-- 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/ipatests/test_integration/test_sssd.py b/ipatests/test_integration/test_sssd.py index 872863a737..8e2f62c083 100644 --- a/ipatests/test_integration/test_sssd.py +++ b/ipatests/test_integration/test_sssd.py @@ -11,6 +11,7 @@ import re import pytest +import subprocess import textwrap from ipatests.test_integration.base import IntegrationTest @@ -19,7 +20,6 @@ from ipaplatform.osinfo import osinfo from ipaplatform.paths import paths from ipapython.dn import DN -from ipalib import errors class TestSSSDWithAdTrust(IntegrationTest): @@ -318,9 +318,8 @@ def test_ext_grp_with_ldap(self): self.master.run_command( ['ipa', 'group-add-member', '--group', ext_group, user]) self.master.run_command([ -'ipa', 'group-add-member', '--external', -self.users['ad']['name'], ext_group, -'--users=', '--groups=']) +'ipa', '-n', 'group-add-member', '--external', +self.users['ad']['name'], ext_group]) tasks.clear_sssd_cache(self.master) tasks.clear_sssd_cache(client) try: @@ -344,11 +343,11 @@ def test_external_group_member_mismatch(self, user_origin): master.run_command(['ipa', 'group-add', '--external', 'ext-ipatest']) try: -master.run_command(['ipa', 'group-add-member', +master.run_command(['ipa', '-n', 'group-add-member', 'ext-ipatest', '--external', self.users[user_origin]['name']]) -except errors.ValidationError: +except subprocess.CalledProcessError: # Only 'ipa' origin should throw a validation error assert user_origin == 'ipa' finally: ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#4420][closed] ipatests: always skip additional input for group-add-member --external
URL: https://github.com/freeipa/freeipa/pull/4420 Author: abbra Title: #4420: ipatests: always skip additional input for group-add-member --external Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4420/head:pr4420 git checkout pr4420 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org