Re: [SSSD] Design Discussion: Domains, users and groups over D-Bus

On 16.01.2015 11:56, Pavel Březina wrote: > On 01/16/2015 11:55 AM, Jakub Hrozek wrote: >> On Fri, Jan 16, 2015 at 11:41:19AM +0100, Pavel Březina wrote: >>> On 01/16/2015 11:39 AM, Jakub Hrozek wrote: On Fri, Jan 16, 2015 at 11:29:27AM +0100, Pavel Březina wrote: > One more question - uid

Re: [SSSD] Design Discussion: Support for multiple D-Bus interfaces on single object path

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My opinion: I would suggest not exposing this concept/code struct outside of src/sbus/ Callers should just sbus_conn_add_interface(). If two interfaces have the same object path, it just works ... Internally when dispatching calls, the interface+path

Re: [SSSD] [PATCH] Implement type-safe getters for primitive types and their arrays

On 22.05.2014 14:00, Jakub Hrozek wrote: > On Thu, May 22, 2014 at 01:09:06PM +0200, Stef Walter wrote: >> On 21.05.2014 22:49, Jakub Hrozek wrote: >>> On Fri, May 16, 2014 at 01:09:12PM +0200, Lukas Slebodnik wrote: >>>> On (16/05/14 00:48), Jakub Hrozek wrote: >&

Re: [SSSD] [PATCH] Implement type-safe getters for primitive types and their arrays

On 21.05.2014 22:49, Jakub Hrozek wrote: > On Fri, May 16, 2014 at 01:09:12PM +0200, Lukas Slebodnik wrote: >> On (16/05/14 00:48), Jakub Hrozek wrote: >>> On Tue, May 13, 2014 at 07:04:22PM +0200, Stef Walter wrote: >>>> On 12.05.2014 23:27, Jakub Hrozek wrote: >

Re: [SSSD] [PATCH] IFP: Add a utility function to reply with an object path

On 21.05.2014 22:46, Jakub Hrozek wrote: > On Thu, May 15, 2014 at 09:04:34PM +0200, Jakub Hrozek wrote: >> On Thu, May 15, 2014 at 08:54:53PM +0200, Lukas Slebodnik wrote: >>> You forgot to fix coverity issue >>> https://lists.fedorahosted.org/pipermail/sssd-devel/2014-May/019503.html >>> >>> LS >

Re: [SSSD] [PATCH] SBUS: Fix warning declaration shadows a global declaration

On 16.05.2014 10:46, Lukas Slebodnik wrote: > ehlo, > > While I was testing some patches on epl6 I found a new warning. > > src/sbus/sssd_dbus_meta.c: In function 'sbus_meta_find_signal': > src/sbus/sssd_dbus_meta.c:43: warning: declaration of 'signal' shadows a > global > declaration > /usr/inc

Re: [SSSD] [PATCH] Implement type-safe getters for primitive types and their arrays

t;>From 5733ceac904342a7a979d0efe066afd9f093ebe9 Mon Sep 17 00:00:00 2001 >> From: Jakub Hrozek >> Date: Tue, 22 Apr 2014 21:50:28 +0200 >> Subject: [PATCH 3/6] IFP: Allow Set, Get and GetAll from DBus.Properties >> >> The InfoPipe will support all three of: >>DBus.Properties.Get

Re: [SSSD] [PATCH] Implement type-safe getters for primitive types and their arrays

ial patchset? > From d23886c484bc955bf4bc03998601aeec1650ce02 Mon Sep 17 00:00:00 2001 > From: Stef Walter > Date: Tue, 25 Feb 2014 18:31:03 +0100 > Subject: [PATCH 4/6] WIP properties Should I give this a better commit message? :) > +if prop.type == "s": > +o

Re: [SSSD] [PATCH] IFP: Add a utility function to reply with an object path

On 12.05.2014 17:09, Jakub Hrozek wrote: > On Sun, May 11, 2014 at 10:58:24PM +0200, Jakub Hrozek wrote: >> On Sun, 2014-05-11 at 19:18 +0200, Pavel Březina wrote: >>> On 05/11/2014 04:40 PM, Jakub Hrozek wrote: Hi, the attached patches add utility functions that allow the InfoPipe >

Re: [SSSD] [PATCH] IFP: Add GetUserAttrs call

On 09.05.2014 21:33, Jakub Hrozek wrote: > On Mon, 2014-05-05 at 11:25 +0200, Stef Walter wrote: >> On 02.05.2014 17:25, Jakub Hrozek wrote: >>>>> [PATCH 1/6] SBUS: two trivial style fixes SSIA >>>>> >>>>> [PATCH 2/6] SBUS: Add a conve

Re: [SSSD] [PATCH] libsss_dbus

On 06.05.2014 09:06, Pavel Březina wrote: > On 05/06/2014 06:58 AM, Stef Walter wrote: >> On 06.05.2014 01:51, Dmitri Pal wrote: >>> On 05/05/2014 12:28 PM, Pavel Březina wrote: >>>> On 05/05/2014 06:17 PM, Sumit Bose wrote: >>>>> On Mon, May 05,

Re: [SSSD] [PATCH] libsss_dbus

> On Mon, May 05, 2014 at 05:08:39PM +0200, Pavel Březina wrote: >>>>>> On 05/05/2014 02:06 PM, Stef Walter wrote: >>>>>>> On 01.05.2014 17:39, Pavel Březina wrote: >>>>>>>> https://fedorahosted.org/sssd/ticket/2254 >>>>>>

Re: [SSSD] [PATCH] libsss_dbus

On 01.05.2014 17:39, Pavel Březina wrote: > https://fedorahosted.org/sssd/ticket/2254 > > Lukáš already did first round of review for build and packaging stuff. > Thank you, I hope I have fixed all your concerns. There might be some > more since I moved the library into libsss_dbus and libsss_dbus

[SSSD] FYI: OTP joins in Active Directory

Dmitri was asking me OTP joins work against Active Directory, and how realmd and adcli accomplish them: http://stef.thewalter.net/2014/05/how-to-join-active-directory-domains.html Cheers, Stef ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.o

Re: [SSSD] [PATCH] IFP: Add GetUserAttrs call

On 02.05.2014 17:25, Jakub Hrozek wrote: >>> [PATCH 1/6] SBUS: two trivial style fixes SSIA >>> >>> [PATCH 2/6] SBUS: Add a convenience function Adds a convenience >>> function that constructs a DBusError internally and as such can be >>> used to mark an sbus request as failed without having to cre

Re: [SSSD] [PATCH] IFP: Add GetUserAttrs call

On 24.04.2014 13:24, Jakub Hrozek wrote: > On Thu, Apr 24, 2014 at 12:59:45PM +0200, Stef Walter wrote: >>> [PATCH 3/6] IFP: Add utility functions Adds a number of utility >>> functions, most importanly ifp_req_create(). The ifp_req is a >>> structure that will be pas

Re: [SSSD] [PATCH] IFP: Add GetUserAttrs call

On 23.04.2014 22:43, Jakub Hrozek wrote: > Hi, > > the attached patches upstream functionality that mod_lookup_identity > has been using for a while, but which we couldn't push to master due > to the pending sbus changes. Now that these are accepted, it's time > to merge the DBus methods themselve

Re: [SSSD] Discussion: OpenLMI provider + D-Bus responder

On 17.02.2014 18:40, Sumit Bose wrote: > On Mon, Feb 17, 2014 at 03:41:42PM +0100, Jakub Hrozek wrote: >> On Fri, Feb 14, 2014 at 11:00:08AM +0100, Pavel Březina wrote: >>> On 02/13/2014 06:38 PM, Jakub Hrozek wrote: On Thu, Feb 13, 2014 at 02:14:01PM +0100, Pavel Březina wrote: > Hi folks

Re: [SSSD] [PATCH] First batch of infrastructure patches for review

On 13.01.2014 22:52, Simo Sorce wrote: > On Mon, 2014-01-13 at 22:43 +0100, Jakub Hrozek wrote: >> ACK to the approach especially considering the future work! >> >> I'm thinking about one aspect that might be just my personal >> preference >> so I'd like to hear other opinions. I'm completely addic

Re: [SSSD] [PATCH] Warnings and -Werror from ./configure

On 10.01.2014 14:36, Lukas Slebodnik wrote: > On (10/01/14 13:38), Stef Walter wrote: >> On 10.01.2014 10:26, Jakub Hrozek wrote: >>> On Thu, Jan 09, 2014 at 09:26:40PM +0100, Stef Walter wrote: >>>> diff --git a/configure.ac b/configure.ac >>>>

Re: [SSSD] [PATCH] Don't pass user input as a printf format string argument

On 10.01.2014 12:11, Jakub Hrozek wrote: > On Thu, Jan 09, 2014 at 09:32:00PM +0100, Stef Walter wrote: >> On 08.01.2014 23:27, Jakub Hrozek wrote: >>> On Wed, Jan 08, 2014 at 09:02:52PM +0100, Stef Walter wrote: >>>> On 08.01.2014 17:59, Simo Sorce wrote: >>&

Re: [SSSD] [PATCH] Warnings and -Werror from ./configure

On 10.01.2014 10:26, Jakub Hrozek wrote: > On Thu, Jan 09, 2014 at 09:26:40PM +0100, Stef Walter wrote: >> diff --git a/configure.ac b/configure.ac >> index f89de6e..9156dfa 100644 >> --- a/configure.ac >> +++ b/configure.ac >> @@ -325,7 +325,7 @@ SSS_WARNINGS=

Re: [SSSD] [PATCH] Update .gitignore

On 10.01.2014 10:34, Jakub Hrozek wrote: > On Thu, Jan 09, 2014 at 09:24:27PM +0100, Stef Walter wrote: >> Although I'm now using srcdir != builddir like a good boy ... here's a >> patch which updates .gitignore for completeness. >> >> Cheers, >> >&g

[SSSD] [PATCH] util: Fix const cast failures when building with -Werror

((const))’ qualifier from pointer target type [-Werror=cast-qual] ret = sss_authtok_set(ts->authtoken, type, (uint8_t *)data, len); ^ Cheers, Stef >From 437920c6188212b07ad93a3f7e378189a4aeb781 Mon Sep 17 00:00:00 2001 From: Stef Walter

Re: [SSSD] [PATCH] Don't pass user input as a printf format string argument

On 08.01.2014 23:27, Jakub Hrozek wrote: > On Wed, Jan 08, 2014 at 09:02:52PM +0100, Stef Walter wrote: >> On 08.01.2014 17:59, Simo Sorce wrote: >>> On Wed, 2014-01-08 at 11:21 +0100, Stef Walter wrote: >>>> On 07.01.2014 22:21, Simo Sorce wrote: >>>>&g

Re: [SSSD] [PATCH] Warnings and -Werror from ./configure

On 09.01.2014 21:22, Stef Walter wrote: > Hey guys, > > The other day Stephen suggested that instead of complaining (heh heh) I > should submit some patches for moving some of bashrc_sssd into > ./configure to make stuff in there more useful. > > Here we are. Here we are f

[SSSD] [PATCH] Update .gitignore

Although I'm now using srcdir != builddir like a good boy ... here's a patch which updates .gitignore for completeness. Cheers, Stef >From 75fd929e23f477080c7b61abf1a551899bbc0615 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 7 Jan 2014 13:22:04 +0100 Subject: [PATC

[SSSD] [PATCH] Warnings and -Werror from ./configure

Hey guys, The other day Stephen suggested that instead of complaining (heh heh) I should submit some patches for moving some of bashrc_sssd into ./configure to make stuff in there more useful. Here we are. Do these changes need to get squirreled away into an m4 file? If so which one? Patch 0002

Re: [SSSD] [PATCH] Don't pass user input as a printf format string argument

On 08.01.2014 17:59, Simo Sorce wrote: > On Wed, 2014-01-08 at 11:21 +0100, Stef Walter wrote: >> On 07.01.2014 22:21, Simo Sorce wrote: >>> Sorry I forgot another, I think you should either set errno on errors, >>> or return an errno_t instead of -1. Just returning -1 f

Re: [SSSD] [PATCH] Don't pass user input as a printf format string argument

On 07.01.2014 22:21, Simo Sorce wrote: > On Tue, 2014-01-07 at 21:31 +0100, Stef Walter wrote: >> On 07.01.2014 20:34, Simo Sorce wrote: >>> Ok fine, makes sense once explained (need this explanation in the >>> docs/headers), but then use a different name. >>>

Re: [SSSD] [PATCH] Don't pass user input as a printf format string argument

to have that somewhere. Updated header documentation as requested, and made other fixes from your earlier review. Cheers, Stef >From 0e6af5dac2f6413011dea2b26fc2dfc162306cef Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 7 Jan 2014 14:44:11 +0100 Subject: [PATCH 1/2] util: A safe printf f

Re: [SSSD] [PATCH] Don't pass user input as a printf format string argument

l. I'd much rather not put this sorta thing in general purpose library like ding-libs. > 3. can you change from 'callback' to 'copy_fn' ? Sure. > On the code, looks mostly ok except the incompleteness of the printf > function, however: > > O

Re: [SSSD] [PATCH] Don't pass user input as a printf format string argument

On 07.01.2014 14:57, Stef Walter wrote: > On 07.01.2014 14:07, Stef Walter wrote: >> Anyhow, here's a patch which aims to make the full_name_format printf >> handling both correct and safe. > > ... > >> I'll be happy to split the patch into two, if de

Re: [SSSD] [PATCH] Don't pass user input as a printf format string argument

On 07.01.2014 14:07, Stef Walter wrote: > Anyhow, here's a patch which aims to make the full_name_format printf > handling both correct and safe. ... > I'll be happy to split the patch into two, if desired. One which adds > safe-printf.[ch] + tests, and the second which fix

[SSSD] [PATCH] Don't pass user input as a printf format string argument

s full_name_format to build it's LoginFormats property. Once sssd is on the system DBus bus, realmd might be able to ask sssd for this directly... >From 974a8a7ecb9a41da0f56dbfc847db53420f11d2b Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 7 Jan 2014 13:24:27 +0100 Subject: [PAT

Re: [SSSD] Fix linker errors during 'make check'

On 07.01.2014 10:32, Stef Walter wrote: > On Fedora a 20 box got the following linker errors during 'make check'. My problems were the result of my config.site file not being read properly ... and thus my configure options being ignored. Sorry for the

[SSSD] Fix linker errors during 'make check'

/../../../../lib64/libkrb5.so: undefined reference to `krb5int_clear_error@krb5support_0_MIT' >From 03af4560413b3c47c70c7348607f9f7c9ee35078 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 7 Jan 2014 10:04:24 +0100 Subject: [PATCH] Fix libkrb5support.so dependencies in tests Otherwise 'make check

Re: [SSSD] [PATCH] realmd tag attribute to SSSDConfig

Thanks. Attached is a rebased patch. Stef On 23.05.2013 18:16, Lukas Slebodnik wrote: > On (23/05/13 17:58), Stef Walter wrote: >> I'd like to add tags to the domains in sssd.conf from realmd. sssd >> ignores unknown attributes, but SSSDConfig needs to be told about them.

[SSSD] [PATCH] realmd tag attribute to SSSDConfig

>From 6a3a505e68916704a83d2bdd8f6036fa9146c355 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Thu, 23 May 2013 17:41:51 +0200 Subject: [PATCH] Add a domain config attribute for realmd realmd needs to be able to tag various domains with basic info when it configures a domain. --- src/config/SSSDConfigTes

Re: [SSSD] the full_name_format default value

On 13.05.2013 10:19, Jakub Hrozek wrote: > Hi Stef and the list, > > I was about to close SSSD upstream ticket #1917 but I wanted to check if > we're all on the same page. Sorry for copying the whole devel list, but > I know there's already been quite some discussions about how to handle > the ful

[SSSD] Announcing realmd 0.13

= Marius Vollmer (4): Fixes. Export the Service interface. Implement support for Service.Cancel() method Make Example Provider cancellable Nuno Araujo (1): Fix the build with automake 1.13 Piotr Drąg (1): Updated Polish translation Stef Walter (35): Fix

Re: [SSSD] Unexpected behavior with 'simple_allow_users ='

On 11/02/2012 01:57 PM, Dmitri Pal wrote: > First let us define a general rule about how we treat the cases: > X = > Is it treated as X being undefined or X having an empty value. > It should be a general documented rule for the application. > > Current behavior is to ignore and I think it is the r

Re: [SSSD] Unexpected behavior with 'simple_allow_users ='

ariable] New patch attached. Thanks for the review. Stef >From 776acf7f0d7609bb2fc35cfc102a7189b05c14ac Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 16 Oct 2012 11:43:05 +0200 Subject: [PATCH] Recognize empty string lists in the 'simple' access provider * The simple access p

Re: [SSSD] [PATCH] failover: Protect against empty host names

On 10/15/12 06:30, Michal Židek wrote: Added new parameter to split_on_separator that allows to skip empty values. I think this may break the work around I mentioned here: https://lists.fedorahosted.org/pipermail/sssd-devel/2012-October/011906.html Stef ___

[SSSD] Unexpected behavior with 'simple_allow_users ='

fixing, I'll do more testing on it. Cheers, Stef >From fbbfa251feb4a219d250f9c9b8f5373422f82ab8 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 16 Oct 2012 11:43:05 +0200 Subject: [PATCH] Recognize empty string lists in the 'simple' access provider * The simple access

[SSSD] realmd: Faster discovery, generic kerberos discovery

Some more patches for realmd. The first patch is one that makes the discovery of kerberos realms much faster: https://bugs.freedesktop.org/show_bug.cgi?id=53956 In particular discovery of IPA is harder to do in a fixed amount of time. We actually try to connect to the server to retrieve its cert

[SSSD] realmd: Support enrolling in a specific OU

I've implemented support in realmd for enrolling in a specific OU when joining Active Directory. More details here in this bug: https://bugs.freedesktop.org/show_bug.cgi?id=53889 Anyone interested in reviewing or trying this feature out? I'd be happy to help you test it or get setup with realmd.

[SSSD] Refactoring the realmd DBus interface

Stephen did a quick review of the realmd DBus interface yesterday. Thanks Stephen! One of the main things he pointed out was that the realmd interface needed to be more extensible in order to be useful for non-kerberos realms in the future, like LDAP or others. Notes about some of the changes:

[SSSD] Review of the realmd dbus interface

Are any of you interested in reviewing the realmd DBus interface, and making sure I'm not screwing up in an obvious way? By the time Fedora 18 releases I'd like to have this interface be stable. Obviously new properties and methods can be added later, but I'd like to try and not change the current

[SSSD] [PATCH] Re: Problem limiting etypes to keytab

On 07/05/2012 05:21 PM, Stephen Gallagher wrote: > On Thu, 2012-07-05 at 10:47 +0200, Stef Walter wrote: >> On 07/04/2012 06:01 PM, Stef Walter wrote: >>> 1) Rewrite the way we kinit with a keytab. Use krb5_init_creds_init() >>> + krb5_init_creds_set_keytab() + kr

Re: [SSSD] Problem limiting etypes to keytab

On 07/04/2012 06:01 PM, Stef Walter wrote: > 1) Rewrite the way we kinit with a keytab. Use krb5_init_creds_init() > + krb5_init_creds_set_keytab() + krb5_init_creds_get() instead of > just krb5_get_init_creds_keytab(). Hmmm, this doesn't seem to be an option. We don't

[SSSD] Problem limiting etypes to keytab

As you may have seen on the krb5 mailing list [1], there was a problem with my patch [2] to limit the enctypes requested to those in the keytab. This patch to krb5 was to help sssd work with keytabs generated by samba (which has no AES support) when used with AD running on Windows 2008 or later (w

[SSSD] [PATCH] Fix crash for interface without addresses

sssd_be git master crashes when an interface without addresses is present. Cheers, Stef >From e92d514204685735912d93f2306eb7c513151614 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 4 Jul 2012 13:29:25 +0200 Subject: [PATCH 1/2] Fix crash when interface doesn't have an address

Re: [SSSD] [PATCHES] Add Active Directory identity, auth and chpass providers to SSSD

On 07/02/2012 06:02 PM, Simo Sorce wrote: > 1. > You should never allow to set a domain that differs from the realm name > in the AD provider, it is always assumed realm = domain in AD. > > In AD both the realm and the domain are case insensitive however MIT > libs needs to use the Realm all upper

Re: [SSSD] [PATCH] Fixed subdomain-related issue in re_expression matching

On 06/14/2012 12:50 PM, Jan Zelený wrote: > Before proposing the patch, I was going through the original review thread > looking exactly for this kind of information but it wasn't clear to me if the > domain matching is completely necessary. I think I understand it now, thanks > for the clarific

Re: [SSSD] [PATCH] Fixed subdomain-related issue in re_expression matching

On 06/13/2012 05:14 PM, Jan Zelený wrote: > One part of the matching was to check whether domain part of fully > qualified name is a name of a domain or any of its subdomains. The > problem is that at the time of first request we don't yet have lists of > subdomains. Yeah, that's an interesting pr

Re: [SSSD] [PATCH] Per-domain re_expression and full_name_format

as orig. > Again, if it is not, that would be a bug in sss_parse_name(). But I don't think that's the case. A regular expression can easily produce a name but no domain. Cheers, Stef >From 72bd382751c2240df49b90d6f3e8977b780fcc26 Mon Sep 17 00:00:00 2001 From: Stef Walter Date

[SSSD] [PATCH] Clearer docs for use_fully_qualified_names

Patch adds clearer documentation use_fully_qualified_names. Previously only contained warning about side effect. Cheers, Stef >From d4bc714d9857821647b4ef4bd9f2f6da3123d10c Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 9 May 2012 13:29:14 +0200 Subject: [PATCH] Clearer documentation

Re: [SSSD] [PATCH] Per-domain re_expression and full_name_format

On 04/24/2012 11:43 AM, Jakub Hrozek wrote: > On Tue, Apr 24, 2012 at 08:36:32AM +0200, Stef Walter wrote: >> On 04/23/2012 09:00 PM, Simo Sorce wrote: >>> Doesn't this end up running potentially the same regex over and over for >>> each domain we have configured

Re: [SSSD] [PATCH] Use keytab to select etypes for krb5_get_init_creds_keytab()

hed. Stef >From 1639a631caa8257794090c1c3b7ad11ab2439c81 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 10 Apr 2012 22:20:53 +0200 Subject: [PATCH] Limit krb5_get_init_creds_keytab() to etypes in keytab * Load the enctypes for the keys in the keytab and pass them to krb5_get_in

Re: [SSSD] [PATCH] Use keytab to select etypes for krb5_get_init_creds_keytab()

On 05/07/2012 11:52 AM, Stef Walter wrote: > It seems that when using krb5_get_init_creds_keytab(), if we don't have > a keytab entry with a key using the first valid etype offered by the > server, then the authentication fails. Errr, forgot to add [PATCH], here we go.

[SSSD] Use keytab to select etypes for krb5_get_init_creds_keytab()

o this patch. But posting it here for what it's worth. Cheers, Stef [1] https://bugzilla.redhat.com/show_bug.cgi?id=811375 >From 84b9ab048bb62582f01610c4d1a2928569344b92 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 10 Apr 2012 22:20:53 +0200 Subject: [PATCH] Limit krb5_ge

[SSSD] [PATCH] Remove erroneous failure message in find_principal_in_keytab

find_principal_in_keytab output failure debug lines in cases where there really is a failure. So the patch quiets this down and fine tunes things. Cheers, Stef >From 10e14066740a9d352146779514551ab1796d545f Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Mon, 7 May 2012 10:41:24 +0200 Subject: [PATCH

Re: [SSSD] [PATCH] If canon'ing principals, write ccache with updated default principal

le() could lose the > krb5_principal argument and always use the one in the creds". Updated krb5_child.c. Didn't change signature of create_ccache_file() as its called with NULL creds sometimes. New patch attached, Cheers, Stef >From 214f1938d3996055259fb50929c43b8719f31b2d Mon Sep

[SSSD] [PATCH] If canon'ing principals, write ccache with updated default principal

h which fixes the problem. An alternate patch would be to use krb5_get_init_creds_opt_set_out_ccache() instead of writing the credential cache in sssd code. Cheers, Stef >From 3c59af5d61fa0eb0618acb3f097c51b04234e077 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 11 Apr 2012 12:12:57 +02

Re: [SSSD] [PATCH] execv and exec_child don't return

On 04/24/2012 12:35 PM, Jakub Hrozek wrote: > On Tue, Apr 24, 2012 at 12:07:09PM +0200, Stef Walter wrote: >> execv, excvp and exec_child never return 0 or EOK. So we don't need to >> handle that case. Patch clears out a bit of code. >> >> Cheers, >> >&g

Re: [SSSD] [PATCH] execv and exec_child don't return

On 04/24/2012 12:42 PM, Sumit Bose wrote: > Chances are that some static code analysis tools or -D_FORTIFY_SOURCE=2 > might complain about an unchecked return value. Currently we mostly try > to make those tools happy, even if the code becomes a bit redundant. > > Have you checked if -D_FORTIFY_SO

[SSSD] [PATCH] execv and exec_child don't return

execv, excvp and exec_child never return 0 or EOK. So we don't need to handle that case. Patch clears out a bit of code. Cheers, Stef >From 8ee06f9aa45c63d2a56793d62570dc21c66616a1 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 24 Apr 2012 11:32:04 +0200 Subject: [PATCH 1/2] exec

Re: [SSSD] [PATCH] Per-domain re_expression and full_name_format

On 04/23/2012 09:00 PM, Simo Sorce wrote: > Doesn't this end up running potentially the same regex over and over for > each domain we have configured ? > Wouldn't it make sense to detect how many different regexes we actually > have (in the default case just one, the same for all domains) and just

[SSSD] [PATCH] Per-domain re_expression and full_name_format

nother character. Cheers, Stef >From 69b61433de586d9cb2fc07afe1bed9205e85cfdc Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 11 Apr 2012 15:02:10 +0200 Subject: [PATCH] Make re_expression and full_name_format per domain options * Allows different user/domain qualified names for diffe