Re: [SSSD] [PATCH] Sanitize ldap attributes in the config file

On Fri, Nov 12, 2010 at 10:12:51AM -0500, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 https://fedorahosted.org/sssd/ticket/458 Previously, it was possible to perform a sort of LDAP filter injection with careful crafting of the ldap attributes in the config file.

Re: [SSSD] [PATCH] Sanitize ldap attributes in the config file

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/15/2010 07:01 AM, Sumit Bose wrote: On Fri, Nov 12, 2010 at 10:12:51AM -0500, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 https://fedorahosted.org/sssd/ticket/458 Previously, it was possible to perform a sort of

Re: [SSSD] [PATCH] Sanitize ldap attributes in the config file

On Mon, Nov 15, 2010 at 07:06:31AM -0500, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/15/2010 07:01 AM, Sumit Bose wrote: On Fri, Nov 12, 2010 at 10:12:51AM -0500, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1

Re: [SSSD] [PATCH] Sanitize ldap attributes in the config file

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/15/2010 07:34 AM, Sumit Bose wrote: ah, sorry, I should have read the context. But after reading it I still have comments: this 'if' is redundant If I remember correctly there is no debugging output in sss_filter_sanitize(), so I think

Re: [SSSD] [PATCH] Sanitize ldap attributes in the config file

On Mon, Nov 15, 2010 at 08:51:21AM -0500, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/15/2010 07:34 AM, Sumit Bose wrote: ah, sorry, I should have read the context. But after reading it I still have comments: this 'if' is redundant If I remember

Re: [SSSD] [PATCH] Properly document ldap_purge_cache_timeout

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/09/2010 01:20 PM, Sumit Bose wrote: On Tue, Nov 09, 2010 at 12:40:10PM -0500, Stephen Gallagher wrote: On 11/08/2010 04:25 AM, Sumit Bose wrote: Although it is quite a common pattern I think we should mention that a value of '0' disables

Re: [SSSD] [PATCH] Introduce pam_verbosity config option

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/09/2010 07:52 AM, Sumit Bose wrote: On Fri, Nov 05, 2010 at 10:01:45PM +0100, Sumit Bose wrote: On Thu, Nov 04, 2010 at 09:47:33AM -0400, Stephen Gallagher wrote: On 10/27/2010 07:57 AM, Sumit Bose wrote: Hi, this patch should fix ticket

[SSSD] [PATCHES] Fix const cast warnings

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fixes https://fedorahosted.org/sssd/ticket/656 These warnings appear on gcc-4.5.1-4.fc14.x86_64 with -Wcast-qual - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors.

Re: [SSSD] [PATCH] Introduce pam_verbosity config option

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/15/2010 11:58 AM, Stephen Gallagher wrote: On 11/09/2010 07:52 AM, Sumit Bose wrote: On Fri, Nov 05, 2010 at 10:01:45PM +0100, Sumit Bose wrote: On Thu, Nov 04, 2010 at 09:47:33AM -0400, Stephen Gallagher wrote: On 10/27/2010 07:57 AM, Sumit

Re: [SSSD] [PATCHES] Fix const cast warnings

On Mon, Nov 15, 2010 at 03:21:07PM -0500, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fixes https://fedorahosted.org/sssd/ticket/656 These warnings appear on gcc-4.5.1-4.fc14.x86_64 with -Wcast-qual The warnings are gone and all tests pass. ACK bye, Sumit

Re: [SSSD] [PATCH] Fix incorrect type comparison

On Mon, Nov 15, 2010 at 03:24:30PM -0500, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fixes https://fedorahosted.org/sssd/ticket/657 sss_cli_check_socket returns an enum sss_status result code, but we were assigning it to an enum nss_status variable before

Re: [SSSD] [PATCHES] Fix const cast warnings

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/15/2010 03:47 PM, Sumit Bose wrote: On Mon, Nov 15, 2010 at 03:21:07PM -0500, Stephen Gallagher wrote: Fixes https://fedorahosted.org/sssd/ticket/656 These warnings appear on gcc-4.5.1-4.fc14.x86_64 with -Wcast-qual The warnings are gone

Re: [SSSD] [PATCH] Fix incorrect type comparison

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/15/2010 03:48 PM, Sumit Bose wrote: On Mon, Nov 15, 2010 at 03:24:30PM -0500, Stephen Gallagher wrote: Fixes https://fedorahosted.org/sssd/ticket/657 sss_cli_check_socket returns an enum sss_status result code, but we were assigning it to

[SSSD] [PATCH] Log startup errors to syslog

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Some users are experiencing failures when restarting SSSD during an RPM upgrade. During RPM upgrade, the output from 'service sssd restart' is suppressed, so if there are failures to restart, there is no indication of why. This patch moves the

[SSSD] Slight process change in Trac

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For a while now, we've been informally following a policy of cloning bugs into other milestones if they need to be fixed in multiple places. I'd like to formalize this as part of the process. It makes tracking much easier. Since we're now doing this,

Re: [SSSD] Slight process change in Trac

On Mon, 15 Nov 2010 16:09:38 -0500 Stephen Gallagher sgall...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For a while now, we've been informally following a policy of cloning bugs into other milestones if they need to be fixed in multiple places. I'd like to formalize

Re: [SSSD] [PATCH] Log startup errors to syslog

On Mon, 15 Nov 2010 15:57:03 -0500 Stephen Gallagher sgall...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Some users are experiencing failures when restarting SSSD during an RPM upgrade. During RPM upgrade, the output from 'service sssd restart' is suppressed, so if

Re: [SSSD] [PATCHES] Support automatic Kerberos ticket renewal

On Mon, 15 Nov 2010 14:49:52 +0100 Sumit Bose sb...@redhat.com wrote: Hi, this series for patches add support for automatic Kerberos ticket renewal, see also trac ticket #369. There are several things I like to discuss: - in the ticket a separate process which should handle the renewal