Hi,
On Thu, Jun 24, 2010 at 01:35:09AM +0400, Alexander Gordeev wrote:
supportedSASLMechanisms is an operational attribute so it's not returned
by openldap if not told explicitly. This change adds an explicit request
for this attribute.
Signed-off-by: Alexander Gordeev lasa...@lvk.cs.msu.su
On Thu, Jun 24, 2010 at 07:09:37AM -0400, Stephen Gallagher wrote:
On 06/24/2010 04:04 AM, Alexander Gordeev wrote:
Sumit Bosesb...@redhat.com пишет:
thank you for the patch. You are right adding an explicit attribute list
here. I have checked the related RFC 4512 and found in section 5.1:
On Thu, Jun 24, 2010 at 12:52:32PM +0400, Alexander Gordeev wrote:
В Thu, 24 Jun 2010 09:48:16 +0200
Sumit Bose sb...@redhat.com пишет:
On Thu, Jun 24, 2010 at 02:43:49AM +0400, Alexander Gordeev wrote:
В Wed, 23 Jun 2010 20:57:10 +0400
Alexander Gordeev lasa...@lvk.cs.msu.su пишет
Hi,
Thank you, I agree with this patch, but I would like to see if Simo has
some comments about it, e.g. if he knows about other attributes we want
to include. He is away from keyboard most of this week, so I don't
expect any comments from him before beginning of next week.
bye,
Sumit
On Thu,
On Fri, Jun 25, 2010 at 12:55:02PM +0400, Alexander Gordeev wrote:
Sorry, I didn't tell you that this log was from another machine, with
it's own key, and therefore I changed ldap_sasl_authid appropriately.
On desktopvm everything is the same i.e. auth fails in the same way.
Seems I'll
On Fri, Jun 25, 2010 at 02:35:19PM +0400, Alexander Gordeev wrote:
On Fri, 25 Jun 2010 11:25:22 +0200
Sumit Bose sb...@redhat.com wrote:
On Fri, Jun 25, 2010 at 12:55:02PM +0400, Alexander Gordeev wrote:
Sorry, I didn't tell you that this log was from another machine, with
it's own
On Fri, Jun 25, 2010 at 03:20:24PM +0400, Alexander Gordeev wrote:
On Fri, 25 Jun 2010 13:10:52 +0200
Sumit Bose sb...@redhat.com wrote:
On Fri, Jun 25, 2010 at 02:35:19PM +0400, Alexander Gordeev wrote:
On Fri, 25 Jun 2010 11:25:22 +0200
Sumit Bose sb...@redhat.com wrote
Hi,
Alexander Gordeev lasa...@lvk.cs.msu.su helped to find a bug in SASL
interactive callback which became visible with and OpenLDAP server. The
attached patch should fix it.
bye,
Sumit
From 9de4f6fddc0d1484ca554b3a3f9dab831106ff4e Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date
On Fri, Jul 02, 2010 at 10:29:47AM -0400, Dmitri Pal wrote:
Stephen Gallagher wrote:
On 07/02/2010 09:37 AM, Dmitri Pal wrote:
Nack
You are leaking entry in success scenario.
I suggest a little bit cleaner approach:
while((ret = krb5_kt_next_entry(context, keytab, entry,
On Fri, Mar 19, 2010 at 02:15:06PM +0100, Sumit Bose wrote:
On Fri, Mar 19, 2010 at 08:48:49AM -0400, Simo Sorce wrote:
On Fri, 19 Mar 2010 12:00:47 +0100
Sumit Bose sb...@redhat.com wrote:
On Thu, Mar 18, 2010 at 05:51:13PM -0400, Simo Sorce wrote:
Some time ago I added code
On Wed, Jul 07, 2010 at 08:46:42PM +0400, Eugene Indenbom wrote:
On 07/07/2010 04:43 PM, Stephen Gallagher wrote:
Sounds good. I just want a confirmation that it is in line with tevent
coding style to pass pointer to higher level state (hbac_ctx) into
sub-operations (hbac_get_host_info_send()
On Fri, Jul 09, 2010 at 01:38:05PM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/08/2010 10:43 AM, Stephen Gallagher wrote:
This patch replaces the patches in the threads Log TLS errors to
syslog and Add syslog messages for LDAP GSSAPI bind
Patch
Hi,
this patch fixes an inconsistency between the offline and the online
case. Now both cases return 'Access denied' if there are no HBAC rules
at all. This should fix #554.
bye,
Sumit
From ee0d15648902fe66d0bc95e95a5c72b941bb5dd0 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date
On Wed, Jul 21, 2010 at 04:43:41PM +0400, Eugene Indenbom wrote:
The patch attached fixes issues reported in tickets #565 and 567.
Eugene
Hi,
I agree with returning PAM_PERM_DENIED instead of PAM_SYSTEM_ERROR, but
I think you remove more entries from the cache then expected. The
response
On Wed, Jul 21, 2010 at 06:18:31PM +0400, Eugene Indenbom wrote:
On 07/21/2010 05:46 PM, Sumit Bose wrote:
On Wed, Jul 21, 2010 at 04:43:41PM +0400, Eugene Indenbom wrote:
The patch attached fixes issues reported in tickets #565 and 567.
Eugene
Hi,
I agree
On Wed, Jul 21, 2010 at 08:20:18PM +0400, Eugene Indenbom wrote:
On 07/21/2010 08:01 PM, Sumit Bose wrote:
On Wed, Jul 21, 2010 at 06:18:31PM +0400, Eugene Indenbom wrote:
On 07/21/2010 05:46 PM, Sumit Bose wrote:
On Wed, Jul 21, 2010 at 04:43:41PM +0400, Eugene Indenbom wrote:
The patch
42db546eb0dd302285d4d783d2fc19fbc9e9b93c Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 23 Jul 2010 15:45:46 +0200
Subject: [PATCH] Allow sssd clients to reconnect
Currently the PAM and NSS client just return an error if there are
problems on an open socket. This will lead to problems in long
On Wed, Jul 28, 2010 at 03:54:05PM -0400, Dmitri Pal wrote:
Simo Sorce wrote:
On Wed, 28 Jul 2010 13:10:08 -0400
Dmitri Pal d...@redhat.com wrote:
Hello,
On a discussion about the UI for HBAC rules it occured to me that
there is a use case that we currently do not support with
On Tue, Aug 17, 2010 at 12:10:56PM +0200, Andy Kannberg wrote:
Hi folks,
I'm new to the list, and new to SSSD in general.
I was wondering, is it allowed to post questions about installation /
configuration problems concerning SSSD on this list ?
Absolutely. Please send any SSSD related
On Wed, Aug 18, 2010 at 10:08:12AM +0200, Andy Kannberg wrote:
Goodmorning,
I did some digging, and this is the situation:
Upfront I must say that I do not know yet if Novell eDirectory is RFC2307
compliant, but a Novell Engineer is available today so I can ask him
straight away.
Anyway,
On Wed, Aug 18, 2010 at 02:37:10PM +0200, Andy Kannberg wrote:
Stephen,
Below is the log. I see messages with 'principal' and 'ssl'. Is that the
Kerberos principal which is referred to ?
Yes, but but the reason for the error is that your client cannot verify
the SSL certificate of the
On Wed, Aug 18, 2010 at 12:29:42PM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/13/2010 04:19 PM, Stephen Gallagher wrote:
The attached patches are applied atop the repository resulting after the
following command is run:
git filter-branch
On Wed, Sep 08, 2010 at 09:52:31AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/08/2010 09:50 AM, Sumit Bose wrote:
On Wed, Sep 08, 2010 at 09:33:04AM -0400, Stephen Gallagher wrote:
On 07/08/2010 12:57 PM, Stephen Gallagher wrote:
Just a reminder
there is a small chance that this patch will not display the
time when the password expires, but the time when the account expires. I
think we can neglect this case.
bye,
Sumit
From af82ea6bbcf7accb7d4b6d9290a776595acdd1ae Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 10 Sep 2010
On Fri, Sep 10, 2010 at 05:05:21PM +0200, Jakub Hrozek wrote:
On 09/10/2010 11:16 AM, Sumit Bose wrote:
rebased versions attached.
bye,
Sumit
Ack to both patches, but may I suggest that the attached patch be
squashed in? Perhaps it would make for a little more readable code.
yes, please
On Fri, Sep 17, 2010 at 11:21:40AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/17/2010 11:16 AM, Dmitri Pal wrote:
Stephen Gallagher wrote:
On 09/16/2010 05:05 PM, Stephen Gallagher wrote:
I've rewritten these patches. Now, instead of searching
On Tue, Sep 21, 2010 at 05:49:14PM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We rethought how we're going to build the ding-libs.
They will now all be built from a single tarball (and a single SRPM, by
extension) and produce independent shared libraries
On Thu, Sep 23, 2010 at 01:03:39PM +0200, Sumit Bose wrote:
Hi,
I've found two minor issues in ding-libs which are fixed by the attacked
patches.
bye,
Sumit
Sorry, the first patch was incomplete, new version attached.
bye,
Sumit
From 9ee67d2ed2f9600591de3c76d0509c9a4a19d64f Mon Sep 17
e2349df11976339882ada658ce98c479adfcced0 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 24 Sep 2010 09:54:45 +0200
Subject: [PATCH 1/2] Suppress some 'may be used uninitialized' warnings
---
src/providers/krb5/krb5_common.c |4 +++-
src/providers/ldap/sdap_access.c |2 +-
src
On Fri, Sep 24, 2010 at 07:20:02AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/24/2010 05:32 AM, Sumit Bose wrote:
Hi,
some of the compiler flags used to build Fedora packages, e.g.
'-Wp,-D_FORTIFY_SOURCE=2' produces some extra warnings which
adds a missing include file and 0002 makes hash_example pass
valgrind without errors.
bye,
Sumit
From 56add86543006afc497d5a05368549a1293bf5c0 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 28 Sep 2010 17:24:57 +0200
Subject: [PATCH 1/3] dhash: add stddef.h to dhash.h
size_t
On Tue, Sep 28, 2010 at 06:27:29PM -0400, Dmitri Pal wrote:
Stephen Gallagher wrote:
First, a little overview on netgroups. Netgroups in LDAP can contain two
attributes:
1) nistNetgroupTriple - Contains a literal triple of (host, username,
domain)
2) memberNisNetgroup - The name (or
On Thu, Sep 30, 2010 at 08:28:37AM -0400, Dmitri Pal wrote:
Sumit Bose wrote:
On Tue, Sep 28, 2010 at 06:27:29PM -0400, Dmitri Pal wrote:
Stephen Gallagher wrote:
First, a little overview on netgroups. Netgroups in LDAP can contain two
attributes:
1) nistNetgroupTriple
On Thu, Sep 30, 2010 at 10:19:04AM -0400, Dmitri Pal wrote:
Simo Sorce wrote:
On Thu, 30 Sep 2010 14:53:56 +0200
Sumit Bose sb...@redhat.com wrote:
would assume that most of the LDAP servers will have name rather
than a DN. So at some point you need to do a lookup. I think
On Mon, Oct 04, 2010 at 12:02:50PM +0200, Jan Zelený wrote:
I'm sending a patch solving ticket #599 for review. After I tried some other
solutions, this one seemed to be the most simple one which didn't cause any
problems.
My only concern was whether monitoring the LDAP socket will be
On Mon, Oct 04, 2010 at 05:34:20PM +0200, Jan Zelený wrote:
Sumit Bose sb...@redhat.com wrote:
On Mon, Oct 04, 2010 at 12:02:50PM +0200, Jan Zelený wrote:
I'm sending a patch solving ticket #599 for review. After I tried some
other solutions, this one seemed to be the most simple one
On Tue, Oct 05, 2010 at 04:21:01PM +0200, Sumit Bose wrote:
Hi,
this series of patches continue the work Stephen has started in
[PATCHES] Support for netgroups in the NSS client and responder.
We decided to try to be as compatible to nss_ldap as possible, i.e. we
do not any group
Hi,
the three attached patches fixes some compiler warnings, which might
occur with a high warning level like -Wextra.
bye,
Sumit
From 0d444f1bff11b3837611988f4226b86f9ce34d0d Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 5 Oct 2010 14:46:14 +0200
Subject: [PATCH 1/3] Use
dbdabb06258be56e229d1ac8b18538f7203a78d1 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 7 Oct 2010 15:41:12 +0200
Subject: [PATCH] Do not remove man pages in released tar balls
---
Makefile.am |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index
On Fri, Oct 08, 2010 at 05:12:32PM +0200, Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/08/2010 02:32 PM, Stephen Gallagher wrote:
On 10/08/2010 08:09 AM, Jakub Hrozek wrote:
On 10/08/2010 01:13 PM, Stephen Gallagher wrote:
On 10/08/2010 05:25 AM, Jakub Hrozek
Hi,
currently we distribute the generated man pages with the released tar
balls. This patch replaces them with the XML source files.
bye,
Sumit
From cd5030b718984904c077dff6470843d8cc3cc344 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 11 Oct 2010 17:42:07 +0200
Subject
Hi,
by chance I came across these two defines which are not used (anymore).
bye,
Sumit
From 1c4eb185d276d32bea80387d4053ad54be6249c1 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 12 Oct 2010 10:17:46 +0200
Subject: [PATCH] Remove unused defines
---
Makefile.am |2
it is not needed anymore).
To avoid surprises we should check for the latest version of libdhash.
bye,
Sumit
From 47d9ad70d126a4c3a92b750c330978980d559fcb Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 13 Oct 2010 07:56:49 +0200
Subject: [PATCH] Raise the required version
On Fri, Oct 15, 2010 at 02:13:05PM +0200, Jan Zelený wrote:
I'm sending a patch which is resolving ticket #533 by implementing a hash
table into the PAM responder.
For testing I followed this approach:
0) Configure sssd to use RH LDAP and KRB
1) Activate shaping on the host computer
tc
On Tue, Oct 19, 2010 at 03:24:55PM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If there is a problem with reopening the logs, it can be an audit
trail issue. Make sure we log this in the syslog. Previously we were
trying to write this to the debug log that
On Tue, Oct 19, 2010 at 04:28:09PM -0400, Simo Sorce wrote:
On Tue, 19 Oct 2010 16:06:22 -0400
Stephen Gallagher sgall...@redhat.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/18/2010 03:16 PM, Jakub Hrozek wrote:
We used strtol() on a number of places to convert
Hi,
with this patch only enabled IPA HABC rules are loaded and saved in
sysdb. This fixes ticket #530.
bye,
Sumit
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
Hi,
as requested by ticket #568 this patch adds the option ldap_deref to
sssd.conf. This option controls how aliases are dereferenced.
bye,
Sumit
From 1684765a913ded1a47e18121d34bc04ee2d7e46f Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 21 Oct 2010 10:13:46 +0200
Subject
On Thu, Oct 21, 2010 at 11:03:06AM +0200, Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/21/2010 10:19 AM, Sumit Bose wrote:
Hi,
as requested by ticket #568 this patch adds the option ldap_deref to
sssd.conf. This option controls how aliases are dereferenced
Hi,
just a typo.
bye,
Sumit
From cc0048b61087124537ff6139a8e51a2b84bc7253 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 21 Oct 2010 16:14:47 +0200
Subject: [PATCH] Fix a typo in dhash.h
---
dhash/dhash.h |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff
Hi,
I've found a few places where we do not free the error message returned
by ldap_parse_result(). This patch should fix this.
bye,
Sumit
From 4b1ef24cdc4c8857cb0f7bd754c29ffeb16263f1 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 22 Oct 2010 11:53:51 +0200
Subject
On Fri, Oct 22, 2010 at 08:10:10AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/20/2010 05:34 AM, Sumit Bose wrote:
Hi,
there two patches add netgroups support for the proxy provider as
requested in ticket #630.
Nack.
If ctx
d819922fa1906e5c8c3f65fa171fab11fffb8798 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 22 Oct 2010 12:01:23 +0200
Subject: [PATCH 1/3] Remove all nss requests after a reconnect
Currently we do not handle the open nss request after a reconnect and
wait until they timeout
#495.
bye,
Sumit
From 60ec43e64c9c034b93d7525bacbe02c51c6199cb Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 21 Oct 2010 18:23:15 +0200
Subject: [PATCH] Allow authentication for referrals
---
src/providers/ldap/sdap_async_connection.c | 193
1
Hi,
this patch add some comments about ding-libs to BUILD.txt and should fix
ticket #651.
bye,
Sumit
From eca2860f86fe8528c9e4e4b77eb5d847926fd0fd Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 26 Oct 2010 18:39:40 +0200
Subject: [PATCH] Mention ding-libs in BUILD.txt
On Tue, Oct 26, 2010 at 02:00:37PM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/26/2010 12:43 PM, Sumit Bose wrote:
Hi,
this patch add some comments about ding-libs to BUILD.txt and should fix
ticket #651.
Nack.
Please remove the section
? Second, if offline_credentials_expiration is set, the
'Authenticated with cached credentials' messages is always display. Is
this acceptable or shall we introduce a threshold parameter here?
bye,
Sumit
From 95c73eda59c1acfe32206327752cf40fa99058f3 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb
from different targets, but it didn't worked correctly.
This patch should fix it.
bye,
Sumit
From 83ff7b918f676cc20055361fc8fbe2e95ee3f24e Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 29 Oct 2010 17:53:12 +0200
Subject: [PATCH] Store krb5 auth context for other targets
On Sun, Oct 31, 2010 at 03:34:44PM +0100, Moritz Baumann wrote:
I have filed a bug report at:
https://bugzilla.redhat.com/show_bug.cgi?id=648150
ddiff -Nur sssd-1.4.0/src/providers/ldap/sdap_async_netgroups.c
sssd-1.4.0.patch/src/providers/ldap/sdap_async_netgroups.c
---
Hi,
these two patches make the use of the ldap_search_base option optional
and should fix ticket #558.
bye,
Sumit
From fd7f7085335f2731ded5ee5cd4923561b693893d Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 2 Nov 2010 09:35:00 +0100
Subject: [PATCH 1/2] Use namingContext
Hi,
please find attached the backports to the 1.2 series of the fixes for
ticket #654.
bye,
Sumit
From f0fe4c2c5fe705d48f6910ef131c8da95cc6427d Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 22 Oct 2010 12:01:23 +0200
Subject: [PATCH 1/3] Remove all nss requests after
On Wed, Nov 03, 2010 at 08:48:21AM -0400, Simo Sorce wrote:
On Tue, 2 Nov 2010 22:39:45 +0100
Sumit Bose sb...@redhat.com wrote:
memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com /para
para
Default: the value
On Thu, Nov 04, 2010 at 09:47:33AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/27/2010 07:57 AM, Sumit Bose wrote:
Hi,
this patch should fix ticket #604, but maybe we want to add some more
levels to pam_verbosity and also handle other messages
On Fri, Nov 05, 2010 at 05:15:08PM -0400, Simo Sorce wrote:
On Fri, 05 Nov 2010 16:18:19 -0400
Stephen Gallagher sgall...@redhat.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
One of SSSD's intended primary use-cases is that of the laptop user.
We support cached, offline
On Fri, Nov 05, 2010 at 08:59:02AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This option was missing from the manpage.
Also, this patch allows cache cleanup to be disabled entirely by setting
it to zero.
- --
Stephen Gallagher
RHCE
On Fri, Nov 05, 2010 at 10:01:45PM +0100, Sumit Bose wrote:
On Thu, Nov 04, 2010 at 09:47:33AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/27/2010 07:57 AM, Sumit Bose wrote:
Hi,
this patch should fix ticket #604, but maybe we want to add
On Tue, Nov 09, 2010 at 12:40:10PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/08/2010 04:25 AM, Sumit Bose wrote:
Although it is quite a common pattern I think we should mention that a
value of '0' disables this feature.
Agreed. New patch
On Fri, Nov 05, 2010 at 11:35:52AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/28/2010 09:11 PM, Stephen Gallagher wrote:
On 10/28/2010 08:50 PM, Stephen Gallagher wrote:
This is the first part of a fix for
On Thu, Nov 11, 2010 at 12:04:23PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/10/2010 10:07 AM, Sumit Bose wrote:
I have only minor comment, please find them below ...
Why do you create a tmp_ctx on the two cases above and just use NULL
On Fri, Nov 12, 2010 at 10:12:51AM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
https://fedorahosted.org/sssd/ticket/458
Previously, it was possible to perform a sort of LDAP filter injection
with careful crafting of the ldap attributes in the config file.
On Mon, Nov 15, 2010 at 07:06:31AM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/15/2010 07:01 AM, Sumit Bose wrote:
On Fri, Nov 12, 2010 at 10:12:51AM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
https
On Mon, Nov 15, 2010 at 08:51:21AM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/15/2010 07:34 AM, Sumit Bose wrote:
ah, sorry, I should have read the context. But after reading it I still
have comments:
this 'if' is redundant
If I remember
On Mon, Nov 15, 2010 at 03:21:07PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Fixes https://fedorahosted.org/sssd/ticket/656
These warnings appear on gcc-4.5.1-4.fc14.x86_64 with -Wcast-qual
The warnings are gone and all tests pass.
ACK
bye,
Sumit
On Mon, Nov 15, 2010 at 03:24:30PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Fixes https://fedorahosted.org/sssd/ticket/657
sss_cli_check_socket returns an enum sss_status result code, but we were
assigning it to an enum nss_status variable before
On Tue, Nov 16, 2010 at 04:12:40PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/16/2010 04:09 PM, Stephen Gallagher wrote:
We weren't decrementing the count of in-progress authentication
request child processes when they completed successfully. With
On Wed, Nov 17, 2010 at 10:15:25AM +0100, Sumit Bose wrote:
On Thu, Nov 11, 2010 at 09:05:57AM -0500, Stephen Gallagher wrote:
...
+/* Kill all of our known children manually */
+DLIST_FOR_EACH(svc, mt_ctx-svc_list) {
+if (svc-pid == 0) {
+/* The local
On Wed, Nov 17, 2010 at 02:32:39PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/17/2010 04:22 AM, Sumit Bose wrote:
Can you call 'client_ctx-auth_ctx-running--;' directly after
'proxy_child_recv()' ?
Sure, I just moved the decrement
On Wed, Nov 17, 2010 at 02:58:17PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/17/2010 02:38 PM, Sumit Bose wrote:
On Wed, Nov 17, 2010 at 02:32:39PM -0500, Stephen Gallagher wrote:
On 11/17/2010 04:22 AM, Sumit Bose wrote:
Can you call
On Thu, Nov 11, 2010 at 09:05:57AM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Previously, there was a race-condition where the monitor might
terminate before its children.
Resolves https://fedorahosted.org/sssd/ticket/555
ACK
bye,
Sumit
- --
On Wed, Nov 17, 2010 at 10:08:13PM +0100, Sumit Bose wrote:
On Thu, Nov 11, 2010 at 09:05:57AM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Previously, there was a race-condition where the monitor might
terminate before its children.
Resolves https
On Wed, Nov 17, 2010 at 08:36:54AM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think this finally solves:
https://bugzilla.redhat.com/show_bug.cgi?id=606887
killproc only sends SIGTERM, but doesn't check whether the process
actually exited before
On Wed, Nov 17, 2010 at 04:07:24PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
During a discussion today about how to represent the HBAC grammar in the
FreeIPA GUI, it became apparent that there was a limitation in the
grammar. Specifically, it's not
Hi,
this patch fixes a issue where we would return success instead of
ENOMEM.
bye,
Sumit
From e2371828cb357d5f362ae2948010b6d67e40a21b Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 17 Nov 2010 12:54:42 +0100
Subject: [PATCH] Add missing error code
---
src/util/sss_krb5
On Thu, Nov 18, 2010 at 07:37:46AM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/17/2010 04:33 PM, Sumit Bose wrote:
On Wed, Nov 17, 2010 at 10:08:13PM +0100, Sumit Bose wrote:
On Thu, Nov 11, 2010 at 09:05:57AM -0500, Stephen Gallagher wrote
it
is not possilbe to implement the 'try' option anthentication would fail
if the server does not support FAST.
bye,
Sumit
From 4d221d5029120db0584654fb1ca717a27f3a18d8 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 18 Nov 2010 12:41:18 +0100
Subject: [PATCH 1/2] Refactor krb5_child
On Mon, Nov 15, 2010 at 11:48:03PM -0500, Simo Sorce wrote:
On Mon, 15 Nov 2010 14:49:52 +0100
Sumit Bose sb...@redhat.com wrote:
Hi,
this series for patches add support for automatic Kerberos ticket
renewal, see also trac ticket #369.
There are several things I like to discuss
Hi,
this patch should fix trac ticket #659.
bye,
Sumit
From 8998459802a142b8b55de8b91393c5ff010a44ce Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 5 Nov 2010 21:38:45 +0100
Subject: [PATCH] Use a more efficient host search filter
---
src/providers/ipa/ipa_access.c
Hi,
I've found a misleading statement in the man page, this patch should
fix it.
bye,
Sumit
From 50b6278ed287528a53b0b702730ca3c044b356d4 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 19 Nov 2010 10:38:32 +0100
Subject: [PATCH] Fix man page
Currently sssd does
Hi,
this patch fixes the offline detection in the LDAP auth and chapss
providers as reported in trac ticket #642.
bye,
Sumit
From ae9805f6397e6aa05273e8dc8150c787ef72a2fa Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 19 Nov 2010 14:33:05 +0100
Subject: [PATCH] Fix offline
On Fri, Nov 19, 2010 at 01:47:58PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Fixes https://fedorahosted.org/sssd/ticket/665
ACK.
bye,
Sumit
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value
On Fri, Nov 19, 2010 at 02:23:21PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All errnum values passed into this function throughout the code
are PAM error codes, but we were passing them through strerror()
to print them, which is only meaningful for ERRNO
On Sat, Nov 20, 2010 at 12:25:02AM +0100, Jan Zeleny wrote:
After some complications I finally made the patch solving ticket #533
(different
ccache files during multiple simultaneous logins of the same user). It is
based
on Simo's idea to determine the ccache file name in advance and
On Sat, Nov 20, 2010 at 03:33:31PM -0500, Simo Sorce wrote:
Had some spare time today and wanted to fix this issue.
The attached patch instruments nss and pam clients to use a pthread
mutex to prevent multiple threads from stomping on each other.
The patch is quite simple and basic
Hi,
these two patches fixes some typos in the code.
bye,
Sumit
From eb10a81f5f1921b95e15a2b3a04e5720b3deac6e Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 19 Nov 2010 21:10:57 +0100
Subject: [PATCH 1/2] fix typo in get_server_status()
---
src/providers/fail_over.c
Hi,
I have found this patch useful for testing, but it might be useful for
other cases, too.
bye,
Sumit
From 52a39100797a134041085093e7d0b6a7595b224e Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 19 Nov 2010 21:09:47 +0100
Subject: [PATCH] Add SIGUSR2 to reset offline
On Mon, Nov 22, 2010 at 06:49:20AM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/22/2010 06:33 AM, Sumit Bose wrote:
Hi,
I have found this patch useful for testing, but it might be useful for
other cases, too.
You have a misspelling
On Mon, Nov 22, 2010 at 09:23:01AM -0500, Simo Sorce wrote:
On Mon, 22 Nov 2010 10:46:02 +0100
Sumit Bose sb...@redhat.com wrote:
Protecting a whole PAM task like authentication with a mutex can lead
to DOS situation when a user logs into a threaded application with his
username
On Mon, Nov 22, 2010 at 10:49:04AM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/22/2010 04:03 AM, Sumit Bose wrote:
On Fri, Nov 19, 2010 at 02:23:21PM -0500, Stephen Gallagher wrote:
All errnum values passed into this function throughout the code
On Mon, Nov 22, 2010 at 11:35:04AM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/22/2010 05:57 AM, Sumit Bose wrote:
Hi,
this patch resets the status of all failover services and the
went_offline time if we receive a reset_offline request. Before
On Thu, Nov 25, 2010 at 03:19:02PM +0100, Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
https://fedorahosted.org/sssd/ticket/691
In this version of patch, I only allowed the fallback in Kerberos where
I also switched from TCP do UDP as the default search protocol.
The
301 - 400 of 3319 matches
Mail list logo