Re: [SSSD] [PATCH] mmap_cache: Check data->name value in client code

2013-08-15 Thread Michal Židek
On 08/15/2013 07:16 PM, Simo Sorce wrote: On Thu, 2013-08-15 at 18:38 +0200, Michal Židek wrote: +case SSS_MC_GROUP: +*_offset = offsetof(struct sss_mc_pwd_data, strs); +ret = EOK; +break; This should use 'struct sss_mc_grp_data'. Simo. Ah, sure, but I checked t

Re: [SSSD] [PATCH] mmap_cache: Check data->name value in client code

2013-08-15 Thread Michal Židek
On 08/15/2013 06:38 PM, Michal Židek wrote: On 08/15/2013 05:31 PM, Simo Sorce wrote: On Thu, 2013-08-15 at 17:08 +0200, Michal Židek wrote: +static size_t sss_mc_get_strs_offset(struct sss_mc_ctx *mcc) +{ +if (mcc->type == SSS_MC_PASSWD) { +return offsetof(struct sss_mc_pwd_data, s

Re: [SSSD] [PATCH] mmap_cache: Check data->name value in client code

2013-08-15 Thread Simo Sorce
On Thu, 2013-08-15 at 18:38 +0200, Michal Židek wrote: > +case SSS_MC_GROUP: > +*_offset = offsetof(struct sss_mc_pwd_data, strs); > +ret = EOK; > +break; This should use 'struct sss_mc_grp_data'. Simo. -- Simo Sorce * Red Hat, Inc * New York ___

Re: [SSSD] [PATCH] mmap_cache: Store corrupted mmap cache before reset

2013-08-15 Thread Michal Židek
On 08/15/2013 11:01 AM, Lukas Slebodnik wrote: On (14/08/13 18:50), Michal Židek wrote: On 08/14/2013 04:39 PM, Lukas Slebodnik wrote: On (12/08/13 17:47), Michal Židek wrote: Hello, I think it could be useful to store the corrupted memory cache before reset. We have very little info about wh

Re: [SSSD] [PATCH] mmap_cache: Check data->name value in client code

2013-08-15 Thread Michal Židek
On 08/15/2013 05:31 PM, Simo Sorce wrote: On Thu, 2013-08-15 at 17:08 +0200, Michal Židek wrote: +static size_t sss_mc_get_strs_offset(struct sss_mc_ctx *mcc) +{ +if (mcc->type == SSS_MC_PASSWD) { +return offsetof(struct sss_mc_pwd_data, strs); +} + +return offsetof(struct ss

Re: [SSSD] [PATCH] KRB5: Refactor cc_*_check_existing

2013-08-15 Thread Simo Sorce
On Thu, 2013-08-15 at 11:50 -0400, Stephen Gallagher wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > There was duplicated code in cc_file_check_existing() and in > cc_dir_check_existing(). I pulled them into the same function. > > There are two changes made to the original code here:

[SSSD] ssh client correctly denied access but sees "connection closed by IP"

2013-08-15 Thread Sophit4
SSH Server is running on a RHEL 6.4 system with version sssd-1.9.2-82.7.el6_4.x86_64. I'm using access_provider = ldap in sssd.conf and ldap_access_filter = memberOf=cn=GoodUsers,ou=x,ou=y,o=z This is working as intended but remote ssh users not in group GoodUsers are simply disconnected with no

[SSSD] [PATCH] KRB5: Refactor cc_*_check_existing

2013-08-15 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 There was duplicated code in cc_file_check_existing() and in cc_dir_check_existing(). I pulled them into the same function. There are two changes made to the original code here: 1) Fixes a use-after-free bug in cc_file_check_existing(). In the origina

Re: [SSSD] [PATCH] mmap_cache: Check data->name value in client code

2013-08-15 Thread Simo Sorce
On Thu, 2013-08-15 at 17:08 +0200, Michal Židek wrote: > +static size_t sss_mc_get_strs_offset(struct sss_mc_ctx *mcc) > +{ > +if (mcc->type == SSS_MC_PASSWD) { > +return offsetof(struct sss_mc_pwd_data, strs); > +} > + > +return offsetof(struct sss_mc_grp_data, strs); > +} Can

Re: [SSSD] [PATCH] mmap_cache: Check data->name value in client code

2013-08-15 Thread Michal Židek
On 08/15/2013 10:58 AM, Lukas Slebodnik wrote: On (14/08/13 20:32), Michal Židek wrote: On 08/14/2013 08:13 PM, Simo Sorce wrote: On Wed, 2013-08-14 at 19:41 +0200, Michal Židek wrote: +strs_offset = offsetof(struct sss_mc_grp_data, strs); data = (struct sss_mc_grp_data *)re

Re: [SSSD] [PATCH] Remove include recursion

2013-08-15 Thread Simo Sorce
On Thu, 2013-08-15 at 08:54 +0200, Lukas Slebodnik wrote: > ehlo, > > Header file proxy.h included itself. > It is harmless, because we have in header files conditional build. > > #ifndef __PROXY_H__ > #define __PROXY_H__ > .. snip .. > #endif > > On the other side it does not make sense. > > S

Re: [SSSD] [PATCH] mmap_cache: Check data->name value in client code

2013-08-15 Thread Simo Sorce
On Thu, 2013-08-15 at 10:58 +0200, Lukas Slebodnik wrote: > On (14/08/13 20:32), Michal Židek wrote: > >On 08/14/2013 08:13 PM, Simo Sorce wrote: > >>On Wed, 2013-08-14 at 19:41 +0200, Michal Židek wrote: > >>> > >>>+strs_offset = offsetof(struct sss_mc_grp_data, strs); > >>> data

[SSSD] [PATCHES] Fixes and improvements for ipa_server_mode

2013-08-15 Thread Sumit Bose
Hi, I wrote the following patches while testig the ipa_server_mode. While the first three are needed fixes the fourth patch is an improvement which might help to avoid an additional request to the LDAP server. bye, Sumit From 416e41b55514b34519fb3b8df91cf26e3e4fca73 Mon Sep 17 00:00:00 2001 From:

[SSSD] [PATCHES] fill_initgr: add original primary GID if available

2013-08-15 Thread Sumit Bose
Hi, the attached patches should fix https://fedorahosted.org/sssd/ticket/2027, i.e. always show that and AD user is a member of it's primary AD group, even for subdomains. The first patch in this series just fixes a typo I came across while working at #2027. bye, Sumit From 9a7272c4f0d875d036bef

Re: [SSSD] [PATCH] mmap_cache: Store corrupted mmap cache before reset

2013-08-15 Thread Lukas Slebodnik
On (14/08/13 18:50), Michal Židek wrote: >On 08/14/2013 04:39 PM, Lukas Slebodnik wrote: >>On (12/08/13 17:47), Michal Židek wrote: >>>Hello, >>> >>>I think it could be useful to store the corrupted memory cache >>>before reset. We have very little info about what was really >>>wrong in the cache w

Re: [SSSD] [PATCH] mmap_cache: Check data->name value in client code

2013-08-15 Thread Lukas Slebodnik
On (14/08/13 20:32), Michal Židek wrote: >On 08/14/2013 08:13 PM, Simo Sorce wrote: >>On Wed, 2013-08-14 at 19:41 +0200, Michal Židek wrote: >>> >>>+strs_offset = offsetof(struct sss_mc_grp_data, strs); >>> data = (struct sss_mc_grp_data *)rec->data; >>>+/* Integrity check