[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][upstream] 49 commits: Ticket 50095 - cleanup deprecated key.h includes

Timo Aaltonen gitlab at salsa.debian.org
Tue Feb 12 14:13:02 GMT 2019


Timo Aaltonen pushed to branch upstream at FreeIPA packaging / 389-ds-base


Commits:
174c4683 by Mark Reynolds at 2018-12-14T21:21:41Z
Ticket 50095 - cleanup deprecated key.h includes

Description:  key.h has been deprecated in favor of keyhi.h

https://pagure.io/389-ds-base/issue/50095

Reviewed by: mreynolds(one line commit rule)

- - - - -
07b367ea by Akshay Adhikari at 2018-12-17T07:45:12Z
Issue 49588 - Add py3 support for tickets : part-5

Description: Added py3 support by explicitly changing strings to bytes.
Fixed old legacy objects.

https://pagure.io/389-ds-base/issue/49588

Reviewed by: mreynolds (Thanks!)

- - - - -
8d51c979 by Ludwig Krispenz at 2018-12-18T12:43:55Z
Ticket 49574 - remove index subsystem

There is code for an indexing subsystem, which looks like it was intended
to provide special indexes for specific search filters (not vlv).
But it is not used and not documented and unclear if it ever worked or will
work. It only contains calls in search processing to check if something is defined
and so only provides a bit of overhead in searches.

We can remove this dead code. We can also remove the broker api for idl_xxx since it is not used
anywhere else.

- - - - -
4b53c312 by Anuj Borah at 2018-12-18T14:27:37Z
    Issue:  50082 - Port state test suite

    Description:  Port state test suite

    issue: https://pagure.io/389-ds-base/issue/50082

    Reviewed by: Mark Reynolds

- - - - -
00c3b7a9 by Simon Pichugin at 2018-12-18T19:15:43Z
Issue 50041 - Add basic plugin UI/CLI wrappers

Description: Add plugin UI tabs with basic data editing,
enable/disable and dynamic plugin switch.
Fix loading. Fix small CSS issues.

React. Add customCollapse element. Make customToolbar customizable.
Rework data flow in the component.

CLI. Put all the plugins to 'plugin' parser. Add wrappers for
all main plugins. Clean up plugin args (remove get_dn, generic enable and disable)

https://pagure.io/389-ds-base/issue/50041

Reviewed by: mreynolds, mhonek (Thanks!)

- - - - -
76847e82 by Thierry Bordaz at 2018-12-19T09:58:44Z
Ticket 50099 - In FIPS mode, the server can select an unsupported password storage scheme

Bug Description:
	When running in FIPS mode, DS selects SSHA512 as password storage schema else it selects PBKDF2_SHA256.
	The problem is that in FIPS mode it selects PBKDF2_SHA256 that is currently not supported by NSS.
	So DS fails to hash password
	The scheme selection is done in the early phase of DS startup (slapd_bootstrap_config).
	To determine it is in FIPS mode, DS calls PK11_IsFIPS that requires that NSS has been initialized.
	The problem is that during slapd_bootstrap_config, NSS is not yet initialized and PK11_IsFIPS returns
	PR_FALSE even in FIPS mode

Fix Description:
	The fix consists to check if NSS is initialized. If it is initialize, then rely on PK11_IsFIPS.
	If it is not initialized then retrieve the FIPS mode from the system, assuming that if system
	is in FIPS mode, then NSS will be in FIPS mode as well

https://pagure.io/389-ds-base/issue/50099

Reviewed by: Mark Reynolds (thanks Mark !)

Platforms tested: F27

Flag Day: no

Doc impact: no

- - - - -
ecdf6d8d by Thierry Bordaz at 2018-12-19T13:34:55Z
Ticket 50099 - extend error messages

- - - - -
14890380 by Anuj Borah at 2018-12-21T05:50:33Z
Issue: 48064

Bug Description: CI test - disk_monitoring

Fix Description: Scripts are ported

https://pagure.io/389-ds-base/issue/48064

Reviewed by: Simon Pichugin

- - - - -
ad1b78ea by Mark Reynolds at 2018-12-21T15:08:02Z
Ticket 50056 - Fix UI bugs (part 2)

Description: Fix issues with deleting SASL mappings, loading the
             replicated suffix dropdown select lists, improve root
             dn password change validation, improved docs in dscreate
             template for suffixes, hide password values in console
             logging, remove ssca directory whenremoivnign the last
             instance, and issues with audit fail logging in UI.

https://pagure.io/389-ds-base/issue/50056

Reviewed by: vashirov(Thanks!)

- - - - -
4bb89f16 by Anuj Borah at 2019-01-03T03:42:42Z
Issue: 49761

Bug Description:Fix CI test suite issues

Fix Description: Ported test scrips

https://pagure.io/389-ds-base/issue/49761

Reviewed by: Mark Reynolds and spichugi

- - - - -
01df5d52 by Simon Pichugin at 2019-01-03T16:05:06Z
Issue 49938 - lib389 - Clean up CLI logging

Description: We set DEBUG log level if self.verbose is true.
So we should properly log the information through self.log.debug
when it is necessary.

https://pagure.io/389-ds-base/issue/49938

Reviewed by: mreynolds (Thanks!)

- - - - -
a3d35b9d by Viktor Ashirov at 2019-01-04T10:48:28Z
Issue 48064 - Fix various issues in disk monitoring test suite

Bug Description:
1. Some tests were hanging after disk monitoring test suite was executed,
because we didn't do a proper cleanup: log directories were still
mounted after test has ended.
2. Deprecation warnings from re module.

Fix Description:
1. Change scope of the fixture to 'module' instead of 'function'.
Split setup fixture to have a separate fixture for log reset for each
test.
2. Use raw strings for re functions' parameters.

https://pagure.io/389-ds-base/issue/48064

Reviewed by: mreynolds and spichugi (Thanks!)

- - - - -
3a1628f6 by Mark Reynolds at 2019-01-04T16:42:52Z
Ticket 49999 - rpm.mk dist-bz2 should clean cockpit_dist first

Description:  make -f rpm.mk dist-bz2 should always generate this directory
              from scratch:

                  src/cockpit/389-console/cockpit_dist

https://pagure.io/389-ds-base/issue/49999

Reviewed by: spichugi & mreynolds

- - - - -
ff00b074 by Thierry Bordaz at 2019-01-07T08:40:04Z
Ticket 50117 - after certain failed import operation, impossible to replay an import operation

Bug Description:
	At the beginning of an import, a flag is set to mark the target backend is busy.
	Then import tests if there are pending operations. If such operations exist the import can not proceed and fails.
	The problem is that in such case of pending operations, the import fails without resetting the busy flag.
	It let the backend busy (until next reboot) and prevent new import.

Fix Description:
	It needs to reset the busy flag if there are pending operations

https://pagure.io/389-ds-base/issue/50117

Reviewed by: Mark Reynolds, William Brown

Platforms tested: F27

Flag Day: no

Doc impact: no

- - - - -
f574332f by Barbora Smejkalová at 2019-01-07T11:09:32Z
Issue 49618 - Set nsslapd-cachememsize to custom value

Description:
Added function for getting available memory.
Added test case to set nsslapd-cachememsize to custom value above 3805132804 bytes. Test is skipped if available memory is lower than we want to set.

https://pagure.io/389-ds-base/issue/49618

Reviewed by: vashirov, spichugi (Thanks!)

- - - - -
410d3bb9 by William Brown at 2019-01-08T03:55:55Z
Ticket 50128 - NS Stress fails without ipv6

Bug Description: Docker for osx doesn't support ipv6, which
means that in ipv4 only environments this test fails.

We aren't trying to test ipv4/ipv6 here, only that NS handles
load, so swapping to ipv4 is not a change to the test

Fix Description: Change the PR_AF_INET6 to PR_AF_INET

https://pagure.io/389-ds-base/issue/50128

Author: William Brown <william at blackhats.net.au>

Review by: ???

- - - - -
f03ea8ec by Barbora Smejkalová at 2019-01-08T13:53:26Z
Issue 50091 - shadowWarning is not generated if passwordWarning is lower than 86400 seconds (1 day).

Description:
Added test case to check if shadowWarning attribute is generated when passwordWarning is set to lower value than 84600 seconds.

https://pagure.io/389-ds-base/issue/50091

Reviewed by: vashirov, amsharma, spichugi, firstyear (Thank you!)

- - - - -
d97514a9 by Anuj Borah at 2019-01-08T13:56:30Z
Issue: 50101 -  Port fourwaymmr Test TET suit to python3

Port fourwaymmr Test TET suit to python3

https://pagure.io/389-ds-base/issue/50101

Reviewed by: Simon Pichugin

- - - - -
a9ed1e6a by William Brown at 2019-01-08T22:39:45Z
Issue 50122 - Selinux test for presence

Description:  Selinux is not present on all systems. Trying to
import python-selinux when it's not available fails, but we
can not guarantee that the with_selinux flag to defaults is
correct because some systems build with selinux but may not
have it enabled. We should check if we can access the tools
instead, and skip them (with warnings) if we can't make changes

https://pagure.io/389-ds-base/issue/50122

Reviewed by: mreynolds

- - - - -
07b5532e by Matúš Honěk at 2019-01-09T08:30:42Z
Ticket 50134 - fixup-memberof.pl does not respect protocol requested

Bug Description:
fixup-memberof.pl tries with StartTLS even though LDAP was specified.

Fix Description:
Fix protocol assignment to $info, probably missed during a previous code porting.

https://pagure.io/389-ds-base/issue/50134

Author: mhonek

Review by: mreynolds, firstyear (thanks!)

- - - - -
c1cc0acd by Marc Muehlfeld at 2019-01-09T13:56:33Z
Issue 50130 - Building RPMs on RHEL8 fails

Description: Due to an incorrect path in a "mv" command in
             389-ds-base.spec.in, building RPMs on RHEL8 failed

https://pagure.io/389-ds-base/issue/50130

Reviewed by: vashirov & wibrown

- - - - -
50e290dc by William Brown at 2019-01-09T23:13:23Z
Ticket 50126 - Incorrect usage of sudo in test

Bug Description:

Sudo is assumed to be present and working in passwordless
mode with basictest.

Fix Description:

We can not make this assumption, that sudo is installed (docker)
or in passwordless mode. As a result for this test to work, we should
run the suite as "sudo py.test" or "dirsrv". Potentially we may need
to update defaults.inf for people who want to run the tests as
their own user ID.

https://pagure.io/389-ds-base/issue/50126

Author: William Brown <william at blackhats.net.au>

Review by: ???

- - - - -
83223d5f by Ludwig Krispenz at 2019-01-10T10:39:59Z
Ticket 50078 - cannot add cenotaph in read only consumer

Bug: For modrdn operations a cenotaph entry is created to be used in later conflict
     resolution procedures, this is done by an internal add operation and
     fails on hubs and consumers

Fix: Add the "bypass referral" flag to the internal add operation to allow it

Reviewed by: Thierry, thanks

- - - - -
a4632aa6 by Mark Reynolds at 2019-01-10T17:49:10Z
Ticket 50056 - dsctl db2ldif throws an exception

Description: dsctl db2ldif throws an exception because of a typo in
             a parameter name.

https://pagure.io/389-ds-base/issue/50056

Reviewed by: mreynolds(one line commit rule)

- - - - -
e31057e2 by Simon Pichugin at 2019-01-10T23:39:37Z
Issue 50145 - Add a verbose option to the backup tools

Bug description: RHDS 9 does not require a -q option to not log debugging messages.
-q also suppresses the output that had been included before when doing an import.

Fix description:
Make -q option less verbose by removing error log messages
and add -V option which enables Verbose DEBUG output.

https://pagure.io/389-ds-base/issue/50145

Reviewed by: mreynolds (Thanks!)

- - - - -
4b8b470f by William Brown at 2019-01-11T00:42:34Z
Ticket 50122 - Fix incorrect path spec

Bug Description: Due to human error, I missed a path spec in
a change I made

Fix Description: Fix the path

https://pagure.io/389-ds-base/issue/50122

Author: William Brown <william at blackhats.net.au>

Review by: ???

- - - - -
55045dab by Matúš Honěk at 2019-01-11T13:40:00Z
Ticket 50138 - db2bak.pl -P LDAPS does not work when nsslapd-securePort is missing

Bug Description:
When nsslapd-securePort is not set in dse.ldif, DSUtil (in case of LDAPS)
interpolates ldapmodify (and other) call to a URI ending only with a colon
because obtained securePort is just an empty string. The very same turns out to
happen for the nsslapd-port.

Fix Description:
Hardcode the default ports, which is a short variant of omitting the
colon and port, and which would be chosen by the OpenLDAP utils any way.

https://pagure.io/389-ds-base/issue/50138

Author: mhonek

Review by: mreynolds (thanks!)

- - - - -
c1f96bd3 by Mark Reynolds at 2019-01-11T16:23:32Z
Ticket 49994 - Adjust dsconf backend usage

Description:  Slightly rearrange the backend usage to move create/delete
              to main subcommands instead of being under suffix.

https://pagure.io/389-ds-base/issue/49994

Reviewed by: spichugi & firstyear(Thanks!!)

- - - - -
9f433e82 by William Brown at 2019-01-13T22:39:04Z
Update .gitignore to hide extra files

Description: Add a small number of files to gitignore

- - - - -
b5e4fca0 by William Brown at 2019-01-13T22:39:04Z
Ticket 50136 - Allow resetting passwords on the CLI

Bug Description: This allows resetting passwords on the CLI for
accounts, as well as allowing accounts to self-change their
passwords.

Fix Description: Add reset and change password functions, and
fix a number of issues with non-DM bind in the server, regrissions
in tls enable during tests.

https://pagure.io/389-ds-base/issue/50136

Author: William Brown <william at blackhats.net.au>

Review by: ???

- - - - -
7096094e by Mark Reynolds at 2019-01-14T14:56:37Z
Ticket 50077 - RFE - improve automember plugin to work with modify ops

Description:

Previously automember was only invoked for ADD operations.  This enhancement
allows it to work with modify operations, and it will also maintain the
correct memberships.  So if a modify changes which groups the user would
belong to, it will add the user to the new group, and remove them from the
old group.

https://pagure.io/389-ds-base/issue/50077

Reviewed by: spichugi & firstyear (Thanks!!)

- - - - -
a8fa9a99 by Mark Reynolds at 2019-01-14T15:10:20Z
Ticket 49984 - python installer add option to create suffix entry

Description:  Making the top suffix entry should be optional, and
              not the fixed default behavior.  Added a new option:

                 create_suffix_entry   True/False

https://pagure.io/389-ds-base/issue/49984

Reviewed by: ?

- - - - -
0666b520 by William Brown at 2019-01-15T00:03:37Z
Ticket  50123 - with_tmpfiles_d is associated to systemd

Description: with_tmpfiles_d does not operate unless it's
part of a systemd install. This moves the configure check
and operation to within the "with_systemd" code.

https://pagure.io/389-ds-base/issue/50123

Reviewed by: vashirov (Thanks!)

- - - - -
ca13f42d by Mark Reynolds at 2019-01-15T03:53:10Z
Ticket 50153 - Increase default max logs

Bug Description:  The errors & audit logs default to max number of logs to 1.
                  This prevents the max log size rotation policy from working.
                  This is documented in the docs, but the problem is that this
                  can allow the server to fill up the FS on /var under certain
                  conditions.

Fix Description:  Change the default max number of logs to "2".  This is still
                  a small value, and it allows the rotation policy to be effective.

https://pagure.io/389-ds-base/issue/50153

Reviewed by: spichugi & firstyear (Thanks!!)

- - - - -
8bac1e29 by Marc Muehlfeld at 2019-01-15T14:26:24Z
Ticket 50161 - Fixed some descriptions in "dsconf backend --help"

Description: - Help for "suffix" was no longer correct
             - Help for "create" changed to "Create a backend database"
             - Changed descriptions to start with a capital letter for consistency

https://pagure.io/389-ds-base/issue/50161

Reviewed by: mhonek, mreynolds

- - - - -
ff9387bb by Thierry Bordaz at 2019-01-15T16:57:30Z
Ticket 49972 - use-after-free in case of several parallel krb authentication

Bug Description:
	When several threads (RA) authenticates to the same host and at the same time
	There is a good chance they will share the same credential cache.
	If one authentication fails, the thread will clear the cache (krb5_cc_destroy)
	although others threads may still use it.

Fix Description:
	The best approach is to drop using krb5 function and use gssapi.
	It is a quite intrusive change and a simplest temporary fix will serialize
	all krb5 calls.

	During initialization of the interaction structure (sasl), if using gssapi mechanism,
	the calls to krb5 functions are serialized with a lock.
	Then the lock is released for the authentication and cleanup.
	Cleanup needs to be serialized as well as it calls krb5_cc_destroy.

	The fix consist to acquire the lock over initialization/authentication/cleanup.
	So only one RA can authenticate at the same time.

https://pagure.io/389-ds-base/issue/49972

Reviewed by: Robbie Harwood, William Brown (many thanks for your reviews !!)

Platforms tested: F27 & F28

Flag Day: no

Doc impact: no

- - - - -
eae696f1 by Mark Reynolds at 2019-01-15T18:46:06Z
Ticket 50077 - Fix compiler warnings in automember rebuild task

https://pagure.io/389-ds-base/issue/50077

Reviewed by: mreynolds(one line commit rule)

- - - - -
58be90b8 by Mark Reynolds at 2019-01-15T18:55:18Z
Ticket 49540 - FIx compiler warning in ldif2ldbm

https://pagure.io/389-ds-base/issue/49540

Reviewed by: mreynolds(one line commit rule)

- - - - -
bf34abab by Mark Reynolds at 2019-01-15T19:06:51Z
Ticket - Fix compiler warning in init.c

https://pagure.io/389-ds-base/issue/49574

Reviewed by: mreynolds(one line commit rule)

- - - - -
e0485033 by Mark Reynolds at 2019-01-15T19:40:39Z
Fix compiler warning in snmp main()

Reviewed by: mreynolds(one line commit rule)

- - - - -
ada2dfdd by Simon Pichugin at 2019-01-16T10:26:48Z
Issue 50152 - Replace os.getenv('HOME') with os.path.expanduser

Description: When HOME env var is not set, the call will fail with an exception.
Instead of HOME we can use expanduser method. The expanduser will do the right thing
and get home directory on all platforms from either env vars or password database.

https://pagure.io/389-ds-base/issue/50152

Reviewed by: mreynolds, wibrown (Thanks!)

- - - - -
68e08801 by Mark Reynolds at 2019-01-16T17:36:59Z
Ticket 50165 - Fix dscreate issues

Description:  There were some recent regressions about selinux in dscreate.

              - When skipping labelling of default port an error message was incorrectly logged
              - restorecon was not using the correct path

https://pagure.io/389-ds-base/issue/50165

Reviewed by: firstyear & mhonek (Thanks!!)

- - - - -
c57528b1 by Mark Reynolds at 2019-01-16T18:08:41Z
Ticket 50169 - lib389 changed hardcoded systemctl path

Description:  Currently the server is using "/usr/bin/systemctl", but
              this fails on Debian.  There is no need for a path anyway
              so jsut strip it.

https://pagure.io/389-ds-base/issue/50169

Reviewed by: mhonek(Thanks!)

- - - - -
7f3f9786 by German Parente at 2019-01-17T13:17:35Z
Fix for ticket 50059: If an object is nsds5replica, it must be cn=replica

Bug Description:

We should enforce that if an object is of type nsds5replica, it must be named cn=replica.
This has caused some confusion where people have misconfigured their system by trying alternate names.

Fix Description:

Check that rdn of replica dn is exactly REPLICA_RDN

https://pagure.io/389-ds-base/issue/50059

Author: German Parente <gparente at redhat.com>

Review by: ???

- - - - -
b6ed4534 by Mark Reynolds at 2019-01-17T13:33:00Z
Ticket 50164 - Add test for dscreate

Description:  Add a simple test in basic suite to make sure dscreate works,
              also moved setup/remove tests from lib389 and moved them inside
              dirsrvtests directory

https://pagure.io/389-ds-base/issue/50164

Reviewed by: ?

- - - - -
d23ef6d3 by William Brown at 2019-01-17T23:11:21Z
Ticket 50125 - perl fix ups for tmpfiles

Bug Description: I missed updating the perl tools during the tmpfiles
fix.

Fix Description: Change the name in dscreate.pm

https://pagure.io/389-ds-base/issue/50125

Author: William Brown <william at blackhats.net.au>

Review by: vashirov (Thanks!)

- - - - -
e08b20cc by German Parente at 2019-01-18T08:48:20Z
Merge #50079 `Fix for ticket 50059: If an object is nsds5replica, it must be cn=replica`
- - - - -
0be01490 by Simon Pichugin at 2019-01-31T14:45:22Z
Issue 50041 - CLI and WebUI - Add memberOf plugin functionality

Description: Add the main functionality to memberOf plugin tab.
Increase the eslint max line length from 80 to 100.
Rework plugin properties to be more compact.
Eslint webpack config. Add react-bootstrap-typeahead for
multivalued attributes. Fix the word 'successfully' typos.

https://pagure.io/389-ds-base/issue/50041

Reviewed by: mreynolds, wibrown (Thanks!)

- - - - -
92909976 by Mark Reynolds at 2019-01-31T14:46:11Z
Bump version to 1.4.0.21

- - - - -


28 changed files:

- .gitignore
- Makefile.am
- VERSION.sh
- configure.ac
- + dirsrvtests/tests/suites/automember_plugin/automember_mod_test.py
- dirsrvtests/tests/suites/basic/basic_test.py
- dirsrvtests/tests/suites/config/regression_test.py
- + dirsrvtests/tests/suites/disk_monitoring/disk_monitoring_test.py
- + dirsrvtests/tests/suites/fourwaymmr/__init__.py
- + dirsrvtests/tests/suites/fourwaymmr/fourwaymmr_test.py
- dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py
- + dirsrvtests/tests/suites/replication/regression_nsslapd_plugin_binddn_tracking_test.py
- dirsrvtests/tests/suites/setup_ds/__init__.py
- src/lib389/lib389/tests/instance/setup_test.py → dirsrvtests/tests/suites/setup_ds/dscreate_test.py
- src/lib389/lib389/tests/instance/remove_test.py → dirsrvtests/tests/suites/setup_ds/remove_test.py
- + dirsrvtests/tests/suites/stat/__init__.py
- + dirsrvtests/tests/suites/stat/mmt_state_test.py
- + dirsrvtests/tests/suites/vlv/regression_test.py
- dirsrvtests/tests/tickets/ticket48252_test.py
- dirsrvtests/tests/tickets/ticket48266_test.py
- dirsrvtests/tests/tickets/ticket48325_test.py
- dirsrvtests/tests/tickets/ticket48759_test.py
- dirsrvtests/tests/tickets/ticket48906_test.py
- dirsrvtests/tests/tickets/ticket49020_test.py
- dirsrvtests/tests/tickets/ticket49039_test.py
- dirsrvtests/tests/tickets/ticket49121_test.py
- dirsrvtests/tests/tickets/ticket49180_test.py
- dirsrvtests/tests/tickets/ticket49287_test.py


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/compare/b43380f77d70b0b78f75a22c694b57fb5ee8811e...92909976b6b741a8932c8b6db42fa9ba660c1520

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/compare/b43380f77d70b0b78f75a22c694b57fb5ee8811e...92909976b6b741a8932c8b6db42fa9ba660c1520
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20190212/fc70a816/attachment-0001.html>


More information about the Pkg-freeipa-devel mailing list