David,
please consult the contents of your tech. report primarily with me, as I'm the
contact person for this. It might be good for other guys just in case they are
curious but please don't expect them to write any kind of extensive feedback,
as they are very busy with other work.
Thank you
Dne úterý 07 srpna 2012 08:12:44, Stephen Gallagher napsal(a):
On Tue, 2012-08-07 at 10:23 +0200, Jakub Hrozek wrote:
On Mon, Aug 06, 2012 at 12:48:14PM -0400, Stephen Gallagher wrote:
On Mon, 2012-08-06 at 18:11 +0200, Jakub Hrozek wrote:
https://fedorahosted.org/sssd/ticket/1459
Dne pátek 20 července 2012 16:36:57, Dmitri Pal napsal(a):
Hello,
Here is a bunch of patches for review:
Hi,
it took me a while but I finally finished the review.
Patch 1:
The unit test was not correct. The paths to files used in the unit test
were wrong. It used function exec instead of
Dne úterý 31 července 2012 14:06:57, Michal Zidek napsal(a):
On 07/31/2012 01:16 PM, Jan Zelený wrote:
Adding sssd-devel list back to CC
Dne čtvrtek 26 července 2012 18:14:40, Michal Zidek napsal(a):
On 07/26/2012 02:25 PM, Jan Zelený wrote:
Dne středa 25 července 2012 13:21:01, Michal
These three patches provide changes that reduce the amount of data retrieved
from IPA server in case this data is previously retrieved by HBAC access
provider.
#168: modify hbac_get_cached_rules() so it can be used out of the HBAC code
#169: use cache for HBAC rules
#170: use cache for host
Without this change, a process linking our PAM module would do the writing.
That could be potentially problematic because everych such process will
probably have its own selinux context. That would need rule in the policy for
every process that is linked with PAM modules.
With this change, the
Dne pátek 27 července 2012 09:49:57, Jan Zelený napsal(a):
Without this change, a process linking our PAM module would do the writing.
That could be potentially problematic because everych such process will
probably have its own selinux context. That would need rule in the policy
for every
Dne středa 25 července 2012 10:19:04, Simo Sorce napsal(a):
On Wed, 2012-07-25 at 08:54 +0200, Jan Zelený wrote:
#161 - Rename session provider to selinux provider
#162 - Move SELinux provider processing right after PAM_ACCT_MGMT
These patches are a proof of concept solving following
This member doesn't seem to be used any more. Please note that this patch is
build on top of my recent selinux patches.
JanFrom bc667cada53b1032a8936e90450cb1f77dd6f071 Mon Sep 17 00:00:00 2001
From: Jan Zeleny jzel...@redhat.com
Date: Thu, 26 Jul 2012 05:12:16 -0400
Subject: [PATCH 4/4] Remove
Dne středa 25 července 2012 13:21:01, Michal Zidek napsal(a):
Unit test for src/db/sysdb_ssh.c
Nack,
you are cleaning the directory TESTS_PATH but what if the directory existed
(and maybe wasn't empty) before? The least you should do is to exclude the
return code from ret variable.
Please use
Dne čtvrtek 26 července 2012 17:05:32, Jakub Hrozek napsal(a):
On Thu, Jul 26, 2012 at 11:18:22AM +0200, Jan Zelený wrote:
Dne středa 25 července 2012 10:19:04, Simo Sorce napsal(a):
On Wed, 2012-07-25 at 08:54 +0200, Jan Zelený wrote:
#161 - Rename session provider to selinux provider
#161 - Rename session provider to selinux provider
#162 - Move SELinux provider processing right after PAM_ACCT_MGMT
These patches are a proof of concept solving following ticket:
https://fedorahosted.org/sssd/ticket/1439
I realize that there might be some rough edges to sand off but right now
Dne středa 25 července 2012 10:34:15, Pavel Březina napsal(a):
On 07/24/2012 02:16 PM, Pavel Březina wrote:
On 24.7.2012 14:11, Simo Sorce wrote:
On Tue, 2012-07-24 at 12:21 +0200, Pavel Březina wrote:
+#include unistd.h
+#include bits/local_lim.h // HOST_NAME_MAX
+#include string.h
Dne pondělí 23 července 2012 09:46:07, Pavel Březina napsal(a):
On 07/20/2012 10:47 AM, Jakub Hrozek wrote:
On Thu, Jul 19, 2012 at 07:28:18PM +0200, Pavel Březina wrote:
On 19.7.2012 13:18, Jan Zelený wrote:
Dne pondělí 16 července 2012 16:01:46, Pavel Březina napsal(a):
Expects
Dne pondělí 23 července 2012 15:59:01, Jakub Hrozek napsal(a):
On Mon, Jul 23, 2012 at 09:08:52AM +0200, Jan Zelený wrote:
Dne pondělí 23 července 2012 08:16:30, Jan Zelený napsal(a):
Dne pátek 20 července 2012 21:19:08, Jakub Hrozek napsal(a):
On Fri, Jul 20, 2012 at 05:51:29PM +0200
Dne pátek 20 července 2012 11:48:49, Jakub Hrozek napsal(a):
There was a logic bug in sysdb_search_selinux_usermap_by_username that
resulted in returning the value the variable ret had after the last call
to sysdb_attrs_get_uint32_t, which in cases the last rule processed did
not have the
Dne pátek 20 července 2012 13:23:48, Jakub Hrozek napsal(a):
On Fri, Jul 20, 2012 at 12:30:16PM +0200, Jan Zelený wrote:
Dne pátek 20 července 2012 11:48:49, Jakub Hrozek napsal(a):
There was a logic bug in sysdb_search_selinux_usermap_by_username that
resulted in returning the value
#156
Added some debug messages
#157
The original priority patch had this condition in the wrong place, resulting
in hostCategory == all not being taken into account
#158
The function ipa_selinux_map_merge() is no longer necessary since more generic
function has been implemented and it is even
Dne pátek 20 července 2012 14:32:10, Jakub Hrozek napsal(a):
On Fri, Jul 20, 2012 at 01:55:59PM +0200, Jan Zelený wrote:
#156
Added some debug messages
This debug message is wrong:
+DEBUG(SSSDBG_TRACE_FUNC, (HBAC rule [%s] matched, moving
Dne pátek 20 července 2012 15:40:26, Jakub Hrozek napsal(a):
On Fri, Jul 20, 2012 at 03:06:38PM +0200, Jan Zelený wrote:
Dne pátek 20 července 2012 14:32:10, Jakub Hrozek napsal(a):
On Fri, Jul 20, 2012 at 01:55:59PM +0200, Jan Zelený wrote:
#156
Added some debug messages
Dne pátek 20 července 2012 17:46:33, Jakub Hrozek napsal(a):
On Fri, Jul 20, 2012 at 05:27:44PM +0200, Jan Zelený wrote:
Oh right, it's and HBAC attribute..
Can't you just include ipa_hbac_private.h, then?
I didn't exactly like that solution either so I moved those two constants
Dne pondělí 16 července 2012 16:01:46, Pavel Březina napsal(a):
Expects that patch from resolv_gethostbyname_send: talloc_strdup
hostname on state thread is applied.
Nack,
please don't use talloc_realloc () in sdap_sudo_get_hostnames_send(), it's
confusing. Allocating an array for three
Dne úterý 17 července 2012 16:27:40, Jakub Hrozek napsal(a):
On Tue, Jul 17, 2012 at 04:07:27PM +0200, Jan Zelený wrote:
Dne úterý 17 července 2012 15:53:48, Jakub Hrozek napsal(a):
On Tue, Jul 17, 2012 at 09:14:14AM +0200, Jan Zelený wrote:
Dne pondělí 16 července 2012 17:45:05, Jakub
Dne pondělí 16 července 2012 17:45:05, Jakub Hrozek napsal(a):
On Mon, Jul 16, 2012 at 04:20:23PM +0200, Jan Zelený wrote:
The functionality is now following:
When rule is being matched, its priority is determined as a combination
of user and host specificity (host taking preference
Dne úterý 17 července 2012 15:53:48, Jakub Hrozek napsal(a):
On Tue, Jul 17, 2012 at 09:14:14AM +0200, Jan Zelený wrote:
Dne pondělí 16 července 2012 17:45:05, Jakub Hrozek napsal(a):
On Mon, Jul 16, 2012 at 04:20:23PM +0200, Jan Zelený wrote:
The functionality is now following
The attribute is supposed to contain number of days since the epoch, not
the number of seconds.
Thanks
JanFrom 1617a26db2be39de7dc1b34ed366640461e885c4 Mon Sep 17 00:00:00 2001
From: Jan Zeleny jzel...@redhat.com
Date: Mon, 16 Jul 2012 08:42:27 -0400
Subject: [PATCH] Fixed wrong number in
The functionality is now following:
When rule is being matched, its priority is determined as a combination
of user and host specificity (host taking preference).
After the rule is matched in provider, its host priority is stored
in sysdb for later usage.
When rules are matched in the
Patches #0001 - #0031:
Ack, without further comments
Patch #0032: Nack,
please change the big comment as follows:
+/* fetch only expired rules
+ * this is because sudo ask sssd two times - for defaults and for
rules + * when we refresh all expired rules (of this user)
Dne pátek 29 června 2012 15:33:14, Pavel Březina napsal(a):
On 29.6.2012 14:31, Jan Zelený wrote:
Patches #0001 - #0031:
Ack, without further comments
Patch #0032: Nack,
please change the big comment as follows:
+/* fetch only expired rules
+ * this is because sudo ask
Dne čtvrtek 28 června 2012 12:42:37, Pavel Březina napsal(a):
On 06/27/2012 04:28 PM, Jan Zelený wrote:
Ack to patches #0001-#0018. I haven't tested them yet though.
Thanks
Jan
I have found an issue in the timer API. I did not clear timeout after
the request has been completed which
Dne středa 27 června 2012 14:15:15, Stephen Gallagher napsal(a):
If for some reason we are unable to open the debug file from a child
process (as was the case during some of my testing on the AD provider),
we should log a message to the syslog to alert the admin that logs are
being dropped.
Dne středa 27 června 2012 14:16:20, Stephen Gallagher napsal(a):
We weren't guaranteeing that the cctype-specific callbacks were
initialized before using them.
This bug only presented itself for users who were logging in
without a ccacheFile attribute in the LDB (for example, first-time
Dne pondělí 25 června 2012 15:20:51, Stephen Gallagher napsal(a):
In addition to failing when option maps differ, we should also print
what we got versus what was expected.
This patch has made it easier to keep my WIP branches in sync with
master.
Obvious Ack
Jan
signature.asc
Description:
Dne pondělí 25 června 2012 15:17:27, Stephen Gallagher napsal(a):
Adds a useful DEBUG message if SASL binds fail. This was helpful in
tracking down issues while working on the Active Directory ID provider.
Nack,
you are comparing optret to LDAP_SUCCESS while you should be comparing it to
EOK.
Dne úterý 26 června 2012 18:22:15, Pavel Březina napsal(a):
On 06/26/2012 03:45 PM, Jan Zelený wrote:
Dne úterý 26 června 2012 10:08:15, Pavel Březina napsal(a):
On 06/21/2012 05:32 PM, Pavel Březina wrote:
On 3.6.2012 22:17, Pavel Březina wrote:
On 14.5.2012 22:37, Jakub Hrozek wrote
Dne úterý 26 června 2012 09:19:34, Rob Crittenden napsal(a):
Jan Zelený wrote:
Dne pondělí 25 června 2012 17:35:55, Rob Crittenden napsal(a):
Stephen Gallagher wrote:
On Fri, 2012-06-22 at 15:49 -0400, Stephen Gallagher wrote:
On Fri, 2012-06-22 at 16:12 +0200, Jan Zelený wrote:
Dne
Dne středa 27 června 2012 13:31:42, Pavel Březina napsal(a):
On 06/27/2012 11:05 AM, Jan Zelený wrote:
Dne úterý 26 června 2012 18:22:15, Pavel Březina napsal(a):
On 06/26/2012 03:45 PM, Jan Zelený wrote:
Dne úterý 26 června 2012 10:08:15, Pavel Březina napsal(a):
On 06/21/2012 05:32 PM
Ack to patches #0001-#0018. I haven't tested them yet though.
Thanks
Jan
I have found an issue in the timer API. I did not clear timeout after
the request has been completed which cause SIGABRT in talloc function.
Patches are attached.
Ack to the fix, another part of review coming:
Dne pondělí 25 června 2012 17:35:55, Rob Crittenden napsal(a):
Stephen Gallagher wrote:
On Fri, 2012-06-22 at 15:49 -0400, Stephen Gallagher wrote:
On Fri, 2012-06-22 at 16:12 +0200, Jan Zelený wrote:
Dne pátek 22 června 2012 09:41:37, Rob Crittenden napsal(a):
Jan Zelený wrote:
Dne
Dne úterý 26 června 2012 10:08:15, Pavel Březina napsal(a):
On 06/21/2012 05:32 PM, Pavel Březina wrote:
On 3.6.2012 22:17, Pavel Březina wrote:
On 14.5.2012 22:37, Jakub Hrozek wrote:
On Mon, May 14, 2012 at 06:39:30PM +0200, Pavel Březina wrote:
On 9.5.2012 17:07, Pavel Březina wrote:
Dne pondělí 25 června 2012 09:04:05, Stephen Gallagher napsal(a):
There is no longer any real advantage to building against libunistring
by default. This patch switches SSSD's build to use glib2 instead, which
will exist already on all platforms that SSSD is known to compile on.
This will
Dne pondělí 25 června 2012 09:30:58, Stephen Gallagher napsal(a):
On Mon, 2012-06-25 at 15:28 +0200, Jan Zelený wrote:
Dne pondělí 25 června 2012 09:04:05, Stephen Gallagher napsal(a):
There is no longer any real advantage to building against libunistring
by default. This patch switches
This patch modifies behavior of SSSD when putting together content of
user config file for pam_selinux. SSSD will now pick only the first user map in
the priority list which matches to the user logging in. Other maps are
ignored.
https://fedorahosted.org/sssd/ticket/1360
Rob, please confirm that
Dne pátek 22 června 2012 09:15:15, Rob Crittenden napsal(a):
Jan Zelený wrote:
This patch modifies behavior of SSSD when putting together content of
user config file for pam_selinux. SSSD will now pick only the first user
map in the priority list which matches to the user logging in. Other
Dne pátek 22 června 2012 15:27:14, Jan Zelený napsal(a):
Dne pátek 22 června 2012 09:15:15, Rob Crittenden napsal(a):
Jan Zelený wrote:
This patch modifies behavior of SSSD when putting together content of
user config file for pam_selinux. SSSD will now pick only the first user
map
Dne pátek 22 června 2012 09:41:37, Rob Crittenden napsal(a):
Jan Zelený wrote:
Dne pátek 22 června 2012 09:15:15, Rob Crittenden napsal(a):
Jan Zelený wrote:
This patch modifies behavior of SSSD when putting together content of
user config file for pam_selinux. SSSD will now pick only
Dne čtvrtek 21 června 2012 12:23:30, Sumit Bose napsal(a):
On Thu, Jun 21, 2012 at 04:57:35AM -0400, Jan Zeleny wrote:
- Original Message -
On Tue, 2012-06-19 at 17:15 +0200, Jan Zelený wrote:
This patch fixes an issue which resulted in a need to initialize
responder
Dne pondělí 18 června 2012 16:34:23, Sumit Bose napsal(a):
On Sun, Jun 17, 2012 at 06:47:05PM -0400, Simo Sorce wrote:
On Sun, 2012-06-17 at 11:38 +0200, Sumit Bose wrote:
On Thu, Jun 14, 2012 at 04:00:32PM +0200, Jan Zelený wrote:
First I'd like to point out that I could not try full
This patch fixes an issue which resulted in a need to initialize
responder with data from local domain, otherwise it would not correctly
detect requests for subdomains. Similar situation can occur if new
subdomain is added at runtime.
The solution is to ask for a list of subdomains in case there
Pushed to master under oneliner rule
Jan
From 5b8bbdac82152992c2c119ca9546a0d6d738bbaf Mon Sep 17 00:00:00 2001
From: Jan Zeleny jzel...@redhat.com
Date: Fri, 15 Jun 2012 11:07:46 -0400
Subject: [PATCH] Fixed debug message in sdap_save_group()
---
src/providers/ldap/sdap_async_groups.c |2
Discovered by Marko, no ticket filed
Thanks
Jan
From fafb635e90b2d3bfcb22232ead51bdb393ecf84e Mon Sep 17 00:00:00 2001
From: Jan Zeleny jzel...@redhat.com
Date: Fri, 15 Jun 2012 14:26:20 -0400
Subject: [PATCH] Fix possible segfault in sdap_save_group()
---
src/providers/ldap/sdap_async_groups.c
We only support the DIR cache on Kerberos 1.10 and higher. We need to
make sure we still build and run on older systems.
Patch 0001: Minor fix for building on little-endian RHEL 5 systems.
(Building for ppc was broken)
Patch 0002: Conditionalize DIR cache
Couple comments:
I see
On 06/13/2012 05:14 PM, Jan Zelený wrote:
One part of the matching was to check whether domain part of fully
qualified name is a name of a domain or any of its subdomains. The
problem is that at the time of first request we don't yet have lists of
subdomains.
Yeah, that's
On 06/14/2012 12:50 PM, Jan Zelený wrote:
Before proposing the patch, I was going through the original review
thread looking exactly for this kind of information but it wasn't clear
to me if the domain matching is completely necessary. I think I
understand it now, thanks
First I'd like to point out that I could not try full functionality since
there are some pieces missing on the server side. That said, I have couple
minor comments for some patches.
Patch #0001:
In
On Thu, Jun 07, 2012 at 11:47:35AM +0200, Jan Zelený wrote:
On Thu, May 31, 2012 at 09:17:18PM +0200, Jan Zeleny wrote:
At this moment we will support only asterisk, designating all
services.
https://fedorahosted.org/sssd/ticket/1360
Thanks
Jan
Nack, you
On Wed, 2012-06-13 at 14:00 +0200, Jan Zelený wrote:
On Tue, 2012-06-12 at 09:33 -0400, Stephen Gallagher wrote:
On Tue, 2012-06-12 at 15:29 +0200, Jan Zelený wrote:
On Tue, 2012-06-12 at 08:28 -0400, Simo Sorce wrote:
On Tue, 2012-06-12 at 07:37 -0400, Stephen Gallagher wrote
On Wed, 2012-06-13 at 11:32 +0200, Jan Zelený wrote:
There was an issue with ghost members in nested groups. Consider a
scenario with two groups A and B, B being member of A and having some
ghost members. In such case SSSD stored both groups, then added
membership between them
One part of the matching was to check whether domain part of fully
qualified name is a name of a domain or any of its subdomains. The
problem is that at the time of first request we don't yet have lists of
subdomains.
One solution would be to issue a request to data provider, asking for a
list of
On Mon, 2012-06-11 at 13:35 +0200, Jan Zelený wrote:
Sending patches in two parts. These first five are (I believe) ready
for a complete review. I will send three more in a [PRELIMINARY]
thread as well, since they require some discussion.
Patch 0001: Fix the debug levels
On Mon, 2012-06-11 at 21:19 -0400, Stephen Gallagher wrote:
New patches attached, along with the results of my (limited)
performance
testing.
These patches split the option into two, so it can be enabled for
initgroups or group lookups separately. The testing I did on group
lookups
https://fedorahosted.org/sssd/ticket/920
Nack,
please follow our coding guidelines:
http://www.freeipa.org/page/Coding_Style
In particular, I'm referring to the line length.
Thanks
Jan
signature.asc
Description: This is a digitally signed message part.
https://fedorahosted.org/sssd/ticket/1294
Nack,
in general we don't like using the exit() function.
Also as I understand it, the intended solution was to change debug levels of
some DEBUG calls to the new format. See the bugzilla linked with the ticket.
Thanks
Jan
signature.asc
Description:
On Tue, 2012-06-12 at 08:28 -0400, Simo Sorce wrote:
On Tue, 2012-06-12 at 07:37 -0400, Stephen Gallagher wrote:
On Tue, 2012-06-12 at 10:50 +0200, Jan Zelený wrote:
On Mon, 2012-06-11 at 21:19 -0400, Stephen Gallagher wrote:
New patches attached, along with the results of my
Sending patches in two parts. These first five are (I believe) ready for
a complete review. I will send three more in a [PRELIMINARY] thread as
well, since they require some discussion.
Patch 0001: Fix the debug levels for some sysdb user and group lookups.
Success was too noisy and
This is the second set of patches. These aren't quite ready for a
complete review. They are functional, but they need some discussion.
These patches attempt to implement
https://fedorahosted.org/sssd/ticket/1367.
For details on the magic filters, see
On Sun, 2012-06-10 at 15:32 -0400, Stephen Gallagher wrote:
This is the second set of patches. These aren't quite ready for a
complete review. They are functional, but they need some discussion.
These patches attempt to implement
https://fedorahosted.org/sssd/ticket/1367.
For
On Fri, Jun 01, 2012 at 09:32:09AM +0200, Jan Zelený wrote:
On Thu, May 31, 2012 at 05:26:56PM -0400, Simo Sorce wrote:
On Thu, 2012-05-31 at 22:09 +0200, Jan Zeleny wrote:
https://fedorahosted.org/sssd/ticket/1318
Tested with getent, works fine.
Ack.
Simo
On Thu, May 31, 2012 at 09:35:49PM +0200, Jan Zeleny wrote:
Jakub Hrozek jhro...@redhat.com wrote:
On Wed, May 30, 2012 at 12:34:26PM +0200, Jan Zelený wrote:
This functionality will be utilized by PAC responder once it lands in
the master branch. One round of review already done
On Wed, Jun 06, 2012 at 09:40:44AM +0200, Sumit Bose wrote:
On Wed, Jun 06, 2012 at 08:03:28AM +0200, Jakub Hrozek wrote:
On Tue, Jun 05, 2012 at 06:34:20PM +0200, Sumit Bose wrote:
On Mon, Jun 04, 2012 at 02:49:48PM +0200, Sumit Bose wrote:
On Mon, Jun 04, 2012 at 02:15:37PM +0200,
On Mon, Jun 04, 2012 at 05:11:51PM +0200, Sumit Bose wrote:
On Mon, Jun 04, 2012 at 02:04:38PM +0200, Jakub Hrozek wrote:
On Fri, Jun 01, 2012 at 01:10:32PM +0200, Sumit Bose wrote:
Hi,
I found a missing 'u' in the idmap code. This patch fixes the typo
and adds a test.
On Thu, May 31, 2012 at 09:17:18PM +0200, Jan Zeleny wrote:
At this moment we will support only asterisk, designating all
services.
https://fedorahosted.org/sssd/ticket/1360
Thanks
Jan
Nack, you need to initialize services to NULL, otherwise if any
operation before the strdup
No ticket attached, I just found this when trying to track down another issue.
Thanks
Jan
From 5d1a2243885e57464b039baff3d9b89cfdf5492b Mon Sep 17 00:00:00 2001
From: Jan Zeleny jzel...@redhat.com
Date: Mon, 4 Jun 2012 13:21:29 -0400
Subject: [PATCH] Fixed setting of debug level in test suite
On Thu, May 31, 2012 at 05:26:56PM -0400, Simo Sorce wrote:
On Thu, 2012-05-31 at 22:09 +0200, Jan Zeleny wrote:
https://fedorahosted.org/sssd/ticket/1318
Tested with getent, works fine.
Ack.
Simo.
The new parameter is missing from the configAPI
New patch attached. Based
On 29.5.2012 17:20, Jan Cholasta wrote:
Hi,
the attached patches fix issues in sss_ssh_knownhostsproxy:
[PATCH 1/2] SSH: Supress error message output in sss_ssh_knownhostsproxy
[PATCH 2/2] SSH: Don't abort connection in sss_ssh_knownhostsproxy when
DNS records are missing
On Tue, May 29, 2012 at 10:56:51AM +0200, Jan Zelený wrote:
On Mon, May 28, 2012 at 05:11:07PM +0200, Jan Zelený wrote:
The first patch (#131) adds the functionality and updates all parts
of code which use it.
The second patch (#132) utilizes the exclusion when retrieving data
This functionality will be utilized by PAC responder once it lands in the
master branch. One round of review already done by Sumit. Also the patch has
been tested together with the PAC responder.
The query is performed only if there is missing information in the
cache. That means this should be
On Mon, May 28, 2012 at 05:11:07PM +0200, Jan Zelený wrote:
The first patch (#131) adds the functionality and updates all parts of
code which use it.
The second patch (#132) utilizes the exclusion when retrieving data for
initgroups.
This breaks nested group processing in the IPA
Attached patch contains some changes that I'd like to propose. All
modifications are based on spec file for Fedora rawhide.
Thanks
Jan
From 88f8c4139aaa3b0ffbf20401e897eec90247e58c Mon Sep 17 00:00:00 2001
From: Jan Zeleny jzel...@redhat.com
Date: Mon, 28 May 2012 16:54:34 +0200
Subject: [PATCH]
The first patch (#131) adds the functionality and updates all parts of code
which use it.
The second patch (#132) utilizes the exclusion when retrieving data for
initgroups.
If you have any suggestions where else to use this functionality, please let
me know, I'll be happy to create patches
On Wed, 2012-05-23 at 12:03 +0200, Jan Zelený wrote:
On Thu, May 10, 2012 at 10:57:23PM +0200, Jan Zeleny wrote:
The sysdb upgrade script will segfault if any users in the database are
lacking memberOf links. This can happen if a user was requested via
getpwnam() or getpwuid() without
There was an issue when IPA provider didn't set PAM_SUCCESS when
successfully finished loading SELinux user maps. This lead to the map
not being read in the responder.
Thanks
Jan
From c0e205dbdc154ff36297857182b1da161476bb4c Mon Sep 17 00:00:00 2001
From: Jan Zeleny jzel...@redhat.com
Date: Tue,
The SSSD team is proud to announce the 0.3 beta1 (0.2.91) release of ding-libs
utility library.
It can be downloaded from
https://fedorahosted.org/sssd/wiki/Releases#DING-LIBSReleases
== Highlights ==
* extensive changes in libini_config (merging config section, better handling
of
metadata)
On 05/11/2012 04:21 PM, Dmitri Pal wrote:
On 05/11/2012 10:04 AM, Stephen Gallagher wrote:
Patch 0001: The unit tests for libini_config need to be able to validate
specific permissions on some sample data. However, 'make distcheck'
always removes the 'write' permissions on data in the
On 5/11/12 10:22 AM, Stephen Gallagher wrote:
On Fri, 2012-05-11 at 10:19 -0400, Braden McDaniel wrote:
As I mentioned at the top of the thread, I changed the local group GID
on the Fedora 16 installation to 989 (from 990) to match the Fedora 17
installation. Things appear to be working
On Fri, 2012-05-11 at 09:41 +0200, Jan Zelený wrote:
On Fri, 2012-05-11 at 09:10 +0200, Jan Zelený wrote:
On Fri, 2012-05-11 at 08:38 +0200, Jan Zelený wrote:
I guess SSSD cache is probably the reason why you still have the
old GID. Try running sss_cache -G to invalidate all
A patch by Yuri Chornoivan. I had to look up supercede vs. supersede but
it seems Yuri is right.
https://bugzilla.redhat.com/show_bug.cgi?id=821088
Ack
Jan
signature.asc
Description: This is a digitally signed message part.
___
sssd-devel
https://fedorahosted.org/sssd/ticket/1332
Obvious Ack,
Jan
signature.asc
Description: This is a digitally signed message part.
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
On Sun, May 13, 2012 at 04:18:39PM -0500, Ariel Barria wrote:
https://fedorahosted.org/sssd/ticket/1332
+if ( fd 0 ){
Thanks for the patch Ariel, but would you also mind amending the
whitespace? We don't put whitespace between brackets and the expression
inside, but we do put
On Thu, 2012-05-10 at 11:15 +0200, Jakub Hrozek wrote:
On Wed, May 09, 2012 at 07:19:29PM -0400, Stephen Gallagher wrote:
On Wed, 2012-05-09 at 22:20 +0200, Jakub Hrozek wrote:
Nack, the way ldap_get_dn is used leaks memory:
+DEBUG(SSSDBG_TRACE_INTERNAL,
+
On 05/14/2012 07:13 AM, Stephen Gallagher wrote:
On Mon, 2012-05-14 at 09:19 +0200, Jan Zelený wrote:
On 05/11/2012 04:21 PM, Dmitri Pal wrote:
On 05/11/2012 10:04 AM, Stephen Gallagher wrote:
Patch 0001: The unit tests for libini_config need to be able to
validate specific permissions
On Fri, 2012-05-11 at 08:38 +0200, Jan Zelený wrote:
I guess SSSD cache is probably the reason why you still have the old GID.
Try running sss_cache -G to invalidate all groups and if you have
queried SSSD for that group in last few minutes, wait for the client
in-memory cache to expire
On Fri, 2012-05-11 at 09:10 +0200, Jan Zelený wrote:
On Fri, 2012-05-11 at 08:38 +0200, Jan Zelený wrote:
I guess SSSD cache is probably the reason why you still have the old
GID. Try running sss_cache -G to invalidate all groups and if you
have queried SSSD for that group in last
On Thu, 2012-05-03 at 13:08 +0200, Jan Zelený wrote:
On Tue, 2012-05-01 at 19:16 +0200, Jan Zeleny wrote:
- rename the option to pwd_expiration_warning
- move the option from PAM responder to domains
- if pwd_expiration_warning == 0, don't apply the filter at all
- default
i'm trying to configure sssd on precise pangolin and I can list all users
and groups with
getent passwd
getent group
but if I try to get info for one user I don't get anything
getent passwd testuser
id testuser
I've configured and double checked all settings regarding ldap, even
On Tue, 2012-05-01 at 19:16 +0200, Jan Zeleny wrote:
- rename the option to pwd_expiration_warning
- move the option from PAM responder to domains
- if pwd_expiration_warning == 0, don't apply the filter at all
- default value for Kerberos: 7 days
- default value for LDAP: don't apply
On Fri, Apr 27, 2012 at 01:47:51PM -0400, Stephen Gallagher wrote:
These patches are built atop Sumit's recent patch Allow different SID
representations in libidmap. I added the manpage as a single patch near
the end because it was just too much trouble to do it piecemeal
throughout the
Nack,
please add ldap_group_objectsid to man page and API definition
Patch 0002: Add option to enable id-mapping
Ack
Nack, please add ldap_id_mapping to man page
Never mind those man page comments, I just noticed they are in the last patch.
However there is still the missing
On Wed, 2012-04-25 at 15:41 +0200, Jan Zelený wrote:
Stephen Gallagher sgall...@redhat.com wrote:
On Mon, 2012-04-23 at 16:22 +0200, Jan Zelený wrote:
Hi,
I'm sending a patch set that removes support for fake user entries
and add
ghost attribute instead:
Jan
On Wed, Apr 18, 2012 at 03:22:03PM +0200, Jan Zelený wrote:
On Fri, Apr 13, 2012 at 08:24:18AM +0200, Jan Zelený wrote:
On Thu, Apr 12, 2012 at 09:52:14PM +0200, Jan Zeleny wrote:
Jakub Hrozek jhro...@redhat.com wrote:
On Tue, Apr 10, 2012 at 12:38:31AM -0400, Jakub Hrozek
1 - 100 of 378 matches
Mail list logo