[PATCH] 0140 Allow ':' to appear in ACL expressions
by Fraser Tweedale
With current ACL parsing, if you have a ':' in a group name (as
occurs with FreeIPA permissions, which matter for upcoming external
principal support) you are stuffed. This commit fixes that.
It is really a band aid - the existing parsing code is poor and
should be replaced with a nice combinatorial parser... but who has
the time for that right now? ¯\_(ツ)_/¯
Note that if there is a ':' in any of the ACL descriptions/comments
(the final field) this change breaks it. We don't have any
occurrences of that in our codebase.
Thanks,
Fraser
7 years, 11 months
[PATCH] 0139 Merge duplicate authz plugin code into superclass
by Fraser Tweedale
The attached patch merges some duplicate authz manager code into the
existing AAclAuthz superclass.
It simplifies things if we end up adding a new authz manager as part
of external authentication / GSS-API support. But it's a nice
refactor to do anyway :)
Thanks,
Fraser
7 years, 11 months
[PATCH] 0138 Move AuthToken key constants to IAuthToken
by Fraser Tweedale
The attached patch moves some string constants from AuthToken to
IAuthToken. External authentication support will bring a new
implementation of IAuthToken so moving these to the interface
simplifies things.
Thanks,
Fraser
7 years, 11 months
[PATCH] 878 Fixed problem with pki user-cert-add.
by Endi Sukma Dewata
Previously the pki user-cert-add fails to check whether the server
has a CA subsystem when it's invoked over SSL. That is because the
CLI tries to establish a new but improperly set up SSL connection.
Now the CLI has been modified to use the existing server
connection.
https://fedorahosted.org/pki/ticket/1517
Pushed to master and 10.3 branch under trivial/one-liner rule.
--
Endi S. Dewata
8 years
[pki-devel][PATCH]
by John Magne
Ticket: TPS throws "err=6" when attempting to format and e : https://fedorahosted.org/pki/ticket/2544
Fix tested on standard card, it does what it is supposed to do. It checks first to make sure the lifecycle
state needs to be changed before attempting to do so. This will prevent any cards that return an error when
one tries to over write the value with the same value it had before.
8 years
[PATCH] 339-340 fixes for new Key REST logic
by Ade Lee
Patch 340:
commit 0e1c6e0634f5d3b3d4b8a3d7293b23f1953cf542
Author: Ade Lee <alee(a)redhat.com>
Date: Mon Nov 21 17:42:11 2016 -0500
Fix bug in getting secrets from approved request
When request was approved and retrieved through the rest
interface, the corresponding volatile requests object was not
created due to the new flow. This makes sure the volatile request
is created.
Patch 339:
commit 2e37a2fe6173a9968fd76fb7ff93e7cc188aa700
Author: Ade Lee <alee(a)redhat.com>
Date: Mon Nov 21 12:01:09 2016 -0500
Add python-client code for key resource changes
8 years