ef7814c7ad1ea5624f47e2881b3fca377a4bf35b Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 26 Jun 2013 13:11:35 +0200
Subject: [PATCH] Revert Implicitly activate the PAC responder for AD
provider
This reverts commit 7527ec8ab2b79ec576ace2da9e2c158b849adfa6.
---
src/monitor/monitor.c |3
On Wed, Jun 26, 2013 at 08:57:24AM -0400, Simo Sorce wrote:
On Wed, 2013-06-26 at 13:55 +0200, Jakub Hrozek wrote:
On Wed, Jun 26, 2013 at 01:15:00PM +0200, Sumit Bose wrote:
Hi,
with this patch the PAC responder is not started automatically if the AD
provider is configured
On Wed, Jun 26, 2013 at 06:10:55PM +0200, Mathieu Bouillaguet wrote:
Hello,
We are trying to setup Kerberos authentication for our linux VMs on an
Active Directory.
We use Red Hat 6.2, the sssd version is 1.5.1.-66.el6.
getent retrieve the domain users and groups.
If I try to ssh
.
bye,
Sumit
From f1173b35ef7efe04c6b2897b6cbf21a26fe6f2de Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 6 Jun 2013 17:22:55 +0200
Subject: [PATCH] Use forest for GC SRV lookups
---
src/providers/ad/ad_srv.c | 52 ++--
1 files changed
On Wed, Jun 26, 2013 at 06:47:00PM +0200, Jakub Hrozek wrote:
The attached patch should fix trouble we had with SRV discovery and
trusts.
We tried to use the GC address even for kinit which gave us errors like:
Realm not local to KDC while getting initial credentials.
This patch adds a
On Wed, Jun 26, 2013 at 11:37:04PM +0200, Jakub Hrozek wrote:
I'm sorry for this bug, I initially tested on a VM where I manually
created the domain-realm mappings but then forgot to remove them. The
attached patches install domain-realm mappings in the same way IPA
provider does.
If these
On Thu, Jun 27, 2013 at 01:44:41PM +0200, Jakub Hrozek wrote:
On Thu, Jun 27, 2013 at 09:53:42AM +0200, Sumit Bose wrote:
+static errno_t
+ipa_write_subdom_mappings(struct sss_domain_info *domain)
+{
+errno_t ret;
+
+ret = sss_write_domain_mappings(domain
On Thu, Jun 27, 2013 at 08:58:19AM -0400, Simo Sorce wrote:
On Thu, 2013-06-27 at 13:27 +0200, Jakub Hrozek wrote:
Hi,
during testing I found out that we mishandle UPNs for subdomain users
when using Kerberos authentication.
If there is no userPrincipal attribute we guess based on
On Thu, Jun 27, 2013 at 01:27:28PM +0200, Jakub Hrozek wrote:
Hi,
during testing I found out that we mishandle UPNs for subdomain users
when using Kerberos authentication.
If there is no userPrincipal attribute we guess based on username@REALM.
But for subdomain users the username is
On Thu, Jun 27, 2013 at 04:37:09PM +0200, Jakub Hrozek wrote:
On Thu, Jun 27, 2013 at 04:00:28PM +0200, Sumit Bose wrote:
On Thu, Jun 27, 2013 at 01:27:28PM +0200, Jakub Hrozek wrote:
Hi,
during testing I found out that we mishandle UPNs for subdomain users
when using Kerberos
On Thu, Jun 27, 2013 at 05:09:52PM +0200, Sumit Bose wrote:
On Thu, Jun 27, 2013 at 04:37:09PM +0200, Jakub Hrozek wrote:
On Thu, Jun 27, 2013 at 04:00:28PM +0200, Sumit Bose wrote:
On Thu, Jun 27, 2013 at 01:27:28PM +0200, Jakub Hrozek wrote:
Hi,
during testing I found out
On Thu, Jun 27, 2013 at 06:23:22PM +0200, Jakub Hrozek wrote:
On Thu, Jun 27, 2013 at 05:23:58PM +0200, Sumit Bose wrote:
On Thu, Jun 27, 2013 at 05:09:52PM +0200, Sumit Bose wrote:
On Thu, Jun 27, 2013 at 04:37:09PM +0200, Jakub Hrozek wrote:
On Thu, Jun 27, 2013 at 04:00:28PM +0200
Hi,
the following 8 patches contain some enhancements for libsss_idmap which
will allow to handle external mapping as well and would make is possible
to use the calls from the library more generally in the LDAP based ID
providers.
See commit messages for more details.
bye,
Sumit
On Fri, Jun 28, 2013 at 03:20:48PM +0200, Jakub Hrozek wrote:
On Fri, Jun 28, 2013 at 12:40:23PM +0200, Sumit Bose wrote:
and now with patches ...
On Fri, Jun 28, 2013 at 12:38:50PM +0200, Sumit Bose wrote:
Hi,
the following 8 patches contain some enhancements for libsss_idmap
On Fri, Jun 28, 2013 at 06:43:48PM +0200, Jakub Hrozek wrote:
Hi,
the attached patches implement
https://fedorahosted.org/sssd/ticket/1962. When a new option,
ipa_server_mode is set to True, then subdomain/trusted users are not
looked up using the extop plugin but AD ID context is
On Fri, Jun 28, 2013 at 09:23:27PM +0200, Jakub Hrozek wrote:
On Fri, Jun 28, 2013 at 08:59:38PM +0200, Sumit Bose wrote:
On Fri, Jun 28, 2013 at 06:43:48PM +0200, Jakub Hrozek wrote:
Hi,
the attached patches implement
https://fedorahosted.org/sssd/ticket/1962. When a new option
On Fri, Jun 28, 2013 at 09:53:42PM +0200, Jakub Hrozek wrote:
On Fri, Jun 28, 2013 at 09:37:44PM +0200, Sumit Bose wrote:
On Fri, Jun 28, 2013 at 09:23:27PM +0200, Jakub Hrozek wrote:
On Fri, Jun 28, 2013 at 08:59:38PM +0200, Sumit Bose wrote:
On Fri, Jun 28, 2013 at 06:43:48PM +0200
On Mon, Jul 01, 2013 at 09:32:45AM +0200, Jakub Hrozek wrote:
On Fri, 2013-06-28 at 10:39 -0400, Dmitri Pal wrote:
Also in 1.10 SSSD should support transitive trusts so if there is a
trust between the domains SSSD 1.10 should be able to authenticate users
from both domains.
You can
On Mon, Jul 01, 2013 at 06:04:57AM +, greg.lehm...@csiro.au wrote:
I missed this reply and had to go looking for it, so this is a bit late.
The RFE mentioned below does not sound like what I am after. We already have
the gidNumber attribute for users set in AD to what we need. In fact
Hi,
I came across this while testing other stuff. I think the issue was
introduced in 1.10, 1.9 looks fine.
bye,
Sumit
From b49edd8a0c16365f5243b8d2f076e54baeee4a27 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 7 Aug 2013 10:34:52 +0200
Subject: [PATCH] Fix memory context
Hi,
here is another fix for a use-after-free of variables allocated on a
temporary memory context.
bye,
Sumit
From 5b627108452d66aeeda1f8ee614de8ed44f1314f Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 7 Aug 2013 13:01:09 +0200
Subject: [PATCH] Fix memory context for hash
: Sumit Bose sb...@redhat.com
Date: Tue, 6 Aug 2013 11:10:42 +0200
Subject: [PATCH 1/4] IPA_SERVER_MODE: do not follow AD referrals
As in the plain AD provider we do not want to follow referrals send by
AD in the ipa_server_mode.
---
src/providers/ipa/ipa_subdomains.c |7 +++
1 files
On Thu, Aug 15, 2013 at 11:50:14AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
There was duplicated code in cc_file_check_existing() and in
cc_dir_check_existing(). I pulled them into the same function.
There are two changes made to the original code
1e54d2061d72d2f72c30d3fced9b43d4ec369a28 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 1 Aug 2013 12:40:24 +0200
Subject: [PATCH 1/6] PAC: if user entry already exists keep it
Currently the PAC responder deletes a user entry and recreates it if
some attributes seems to be different.
Two
17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 13 Aug 2013 17:59:11 +0200
Subject: [PATCH 1/2] ipa_s2n_get_user_done: free group_attrs as well
---
src/providers/ipa/ipa_s2n_exop.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/providers/ipa
On Sun, Aug 18, 2013 at 10:26:46PM +0200, Jakub Hrozek wrote:
There seems to be a logic bug in sysdb_master_domain_add_info(). We
first update the domain data with sysdb search results and then update
sysdb. I think it should be the other way around.
iirc the idea was to read the sysdb entry
On Mon, Aug 19, 2013 at 04:07:07PM +0200, Jakub Hrozek wrote:
On Thu, Aug 15, 2013 at 01:07:47PM +0200, Sumit Bose wrote:
Hi,
I wrote the following patches while testig the ipa_server_mode. While
the first three are needed fixes the fourth patch is an improvement
which might help
Hi,
this patch fixes a compiler warning in the latest master.
bye,
Sumit
From c34378b20536504cadf0a7df0a6aa5aa1ec82304 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 23 Aug 2013 10:13:02 +0200
Subject: [PATCH] check_cc_validity: make sure _valid is always set
On Fri, Aug 23, 2013 at 08:42:23AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri 23 Aug 2013 04:19:33 AM EDT, Sumit Bose wrote:
Hi,
this patch fixes a compiler warning in the latest master.
I made that change intentionally so that it would
From 571ba83cff5d719ff11c731aa7ddb0ab7a29dd2e Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 19 Aug 2013 17:15:47 +0200
Subject: [PATCH] ipa-server-mode: add IPA group memberships to AD users
When IPA trusts an AD domain the AD user or groups can be placed into
IPA groups e.g
On Mon, Aug 26, 2013 at 10:19:25AM +0200, Jakub Hrozek wrote:
Hi,
attached is a small patch I prepared when testing the PAC responder
patches. In my case, the user was a member of a well-known SID S-1-18-1
which didn't resolve into a domain and all his groups were skipped. I
think we should
On Mon, Aug 26, 2013 at 11:02:56AM +0200, Jakub Hrozek wrote:
On Fri, Aug 16, 2013 at 06:25:02PM +0200, Sumit Bose wrote:
Hi,
this series of patches contains improvements for the PAC responder
related to the support of UIDs and GIDs managed by AD.
The first patch is a fix for https
On Sat, Aug 24, 2013 at 06:42:21PM +0200, Jakub Hrozek wrote:
On Thu, Aug 22, 2013 at 12:25:28PM +0200, Jakub Hrozek wrote:
On Thu, Aug 22, 2013 at 12:06:33PM +0200, Jakub Hrozek wrote:
Hi,
the attached patch implements enumeration and cleanup for the IPA server
mode and also makes
On Thu, Aug 22, 2013 at 11:50:27AM +0200, Jakub Hrozek wrote:
On Mon, Aug 19, 2013 at 08:14:03AM -0400, Simo Sorce wrote:
On Mon, 2013-08-19 at 11:33 +0200, Sumit Bose wrote:
On Sun, Aug 18, 2013 at 10:26:46PM +0200, Jakub Hrozek wrote:
There seems to be a logic bug
On Mon, Aug 26, 2013 at 05:12:25PM +0200, Jakub Hrozek wrote:
An engineer from the BaseOS QE team found out that the SSSD does not
work at all on big endian architectures..
From d65c01d15839cf06928ef3fa080832e0b669849c Mon Sep 17 00:00:00 2001
From: Jakub Hrozek jhro...@redhat.com
Date: Mon,
On Mon, Aug 26, 2013 at 05:20:21PM +0200, Jakub Hrozek wrote:
On Fri, Aug 23, 2013 at 03:44:09PM +0200, Sumit Bose wrote:
Hi,
currently in ipa-server-mode only the AD groups memberships are
available. This patch adds the IPA group memberships to trusted AD
users.
This patch
On Mon, Aug 26, 2013 at 09:17:29PM +0200, Jakub Hrozek wrote:
On Mon, Aug 26, 2013 at 06:18:05PM +0200, Sumit Bose wrote:
On Mon, Aug 26, 2013 at 05:20:21PM +0200, Jakub Hrozek wrote:
On Fri, Aug 23, 2013 at 03:44:09PM +0200, Sumit Bose wrote:
Hi,
currently in ipa-server-mode
wrote:
On Mon, Aug 26, 2013 at 06:18:05PM +0200, Sumit Bose wrote:
On Mon, Aug 26, 2013 at 05:20:21PM +0200, Jakub Hrozek wrote:
On Fri, Aug 23, 2013 at 03:44:09PM +0200, Sumit Bose wrote:
Hi,
currently in ipa-server-mode only the AD groups memberships
On Wed, Aug 28, 2013 at 04:17:15PM +0200, Jakub Hrozek wrote:
On Tue, Aug 27, 2013 at 01:11:14PM +0200, Jakub Hrozek wrote:
On Tue, Aug 27, 2013 at 12:34:27PM +0200, Sumit Bose wrote:
On Mon, Aug 26, 2013 at 10:16:34PM +0200, Jakub Hrozek wrote:
On Mon, Aug 26, 2013 at 04:02:59PM -0400
On Wed, Aug 28, 2013 at 11:59:59AM +0200, Jakub Hrozek wrote:
On Mon, Aug 26, 2013 at 04:16:54PM +0200, Sumit Bose wrote:
On Sat, Aug 24, 2013 at 06:42:21PM +0200, Jakub Hrozek wrote:
On Thu, Aug 22, 2013 at 12:25:28PM +0200, Jakub Hrozek wrote:
On Thu, Aug 22, 2013 at 12:06:33PM +0200
On Tue, Aug 27, 2013 at 11:18:23AM +0200, Jakub Hrozek wrote:
On Mon, Aug 26, 2013 at 04:34:14PM +0200, Sumit Bose wrote:
On Thu, Aug 22, 2013 at 11:50:27AM +0200, Jakub Hrozek wrote:
On Mon, Aug 19, 2013 at 08:14:03AM -0400, Simo Sorce wrote:
On Mon, 2013-08-19 at 11:33 +0200, Sumit
On Sun, Sep 01, 2013 at 05:34:23PM -0400, Simo Sorce wrote:
The test named test_ss_idmap, takes quite long on my machine (as in
minutes) although the machine is completely idle. Any idea what causes
it ? Any way to avoid it ?
sorry, I cannot reproduce this
$ /usr/bin/time ./sss_idmap-tests
On Mon, Sep 02, 2013 at 01:18:36AM +0200, steve wrote:
Hi
1.11.0
In one config this works:
krb5_keytab = /etc/krb5.keytab
but this doesn't:
ldap_krb5_keytab = /etc/krb5.keytab
What should I be using and what's the difference?
ldap_krb5_keytab is used by the LDAP provider to
On Mon, Sep 02, 2013 at 02:20:42PM +0200, Jakub Hrozek wrote:
On Mon, Sep 02, 2013 at 01:27:17PM +0200, Pavel Březina wrote:
Hi,
I just noticed that 'ř' character from my name got somehow messed up
during push. I'd like to get this fixed.
I know I could just play nice with the ASCII
On Mon, Sep 02, 2013 at 05:43:06PM +0200, Lukas Slebodnik wrote:
ehlo,
I tested some patches on RHEL6. and there is newly introduced warning.
gcc version 4.4.7
src/providers/krb5/krb5_utils.c:193: warning: declaration of 'rewind' shadows
a
global declaration
/usr/include/stdio.h:754:
On Mon, Sep 02, 2013 at 07:12:51PM +0200, Lukas Slebodnik wrote:
ehlo,
I checked some manual pages, where [ug]?id types are used and each manual page
suggest to include header file sys/types.h. This header file was indirectly
included in some files on linux, but it is not portable.
man
On Mon, Sep 02, 2013 at 10:55:55PM +0200, Jakub Hrozek wrote:
On Mon, Sep 02, 2013 at 03:20:12PM -0400, Simo Sorce wrote:
On Mon, 2013-09-02 at 19:18 +0200, Lukas Slebodnik wrote:
ehlo,
Some platforms can have defined SIZE_T_MAX.
It is better to use conditional build.
Two
On Mon, Sep 02, 2013 at 07:04:22PM +0200, Lukas Slebodnik wrote:
ehlo
Patches are attached.
I haven't tested to patches so far but already have some comments.
bye,
Sumit
LS
From 6e3b789f4b24198b2ec4b40fb09e8b97e578044a Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik lsleb...@redhat.com
Hi,
this issue was discovered by a user and as far as I can see it was
always there. Feel free to apply it to older branches as well.
bye,
Sumit
From 1d0f9a79a0e0f58082ab28725515af378a19524e Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 2 Sep 2013 17:35:23 +0200
Subject
From a5b1a0530ceb0e858d5c7e849a85e884f55e1487 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 2 Sep 2013 17:37:35 +0200
Subject: [PATCH] expand_ccname_template: fixes and tests
---
src/providers/krb5/krb5_utils.c | 17 +
src/tests/krb5_utils-tests.c
On Tue, Sep 03, 2013 at 01:22:22PM +0200, Pavel Březina wrote:
On 09/03/2013 12:57 PM, Sumit Bose wrote:
Hi,
this issue was discovered by a user and as far as I can see it was
always there. Feel free to apply it to older branches as well.
bye,
Sumit
Hi,
/* If the resolver is set
On Wed, Sep 04, 2013 at 08:50:47AM +0200, Jakub Hrozek wrote:
On Tue, Aug 20, 2013 at 10:32:35PM +0200, Lukas Slebodnik wrote:
On (20/08/13 14:17), Jakub Hrozek wrote:
On Tue, Aug 20, 2013 at 02:00:35PM +0200, Lukas Slebodnik wrote:
ehlo,
I have a question about struct pam_auth_req
On Tue, Sep 03, 2013 at 02:07:29PM -0400, Simo Sorce wrote:
On Tue, 2013-09-03 at 15:25 +0200, Pavel Březina wrote:
On 09/03/2013 01:27 PM, Sumit Bose wrote:
Hi,
while looking at expand_ccname_template() becasue of shadowing rewind()
I realized that there a some issues with some
On Tue, Sep 03, 2013 at 10:07:13PM -0400, Simo Sorce wrote:
After the recent patches to explicitly enable the KEYRING type in SSSD I
realized that the code that manipulates ccaches had grown too much, and,
most importantly, was doing unnecessary operations already performed in
an abstract way
On Thu, Sep 05, 2013 at 09:16:02AM -0400, Simo Sorce wrote:
On Thu, 2013-09-05 at 13:47 +0200, Sumit Bose wrote:
On Tue, Sep 03, 2013 at 10:07:13PM -0400, Simo Sorce wrote:
After the recent patches to explicitly enable the KEYRING type in SSSD I
realized that the code that manipulates
On Tue, Sep 03, 2013 at 10:07:13PM -0400, Simo Sorce wrote:
After the recent patches to explicitly enable the KEYRING type in SSSD I
realized that the code that manipulates ccaches had grown too much, and,
most importantly, was doing unnecessary operations already performed in
an abstract way
On Fri, Sep 06, 2013 at 09:20:58AM -0400, Simo Sorce wrote:
On Fri, 2013-09-06 at 15:04 +0200, Sumit Bose wrote:
On Tue, Sep 03, 2013 at 10:07:13PM -0400, Simo Sorce wrote:
After the recent patches to explicitly enable the KEYRING type in SSSD I
realized that the code that manipulates
On Tue, Sep 03, 2013 at 10:52:14PM -0400, Simo Sorce wrote:
Attached an untested possible alternative for #2071
The other option is the last patch of my previous patchset in the thread
named: [SSSD] [PATCHES] Simplify credential krb5 cache manipulation.
Let's discuss if any of these
On Mon, Sep 09, 2013 at 01:41:39PM +0200, Jakub Hrozek wrote:
On Mon, Sep 09, 2013 at 01:25:30PM +0200, Sumit Bose wrote:
On Tue, Sep 03, 2013 at 10:52:14PM -0400, Simo Sorce wrote:
Attached an untested possible alternative for #2071
The other option is the last patch of my previous
On Mon, Sep 09, 2013 at 11:42:19AM -0400, Simo Sorce wrote:
On Mon, 2013-09-09 at 12:17 +0200, Sumit Bose wrote:
I think this is wrong, the first argument of setresuid() is the real
UID
the second the effective. To retain the real and change the effective
one the line should read
On Tue, Sep 10, 2013 at 10:13:10AM +0200, Lukas Slebodnik wrote:
ehlo,
clang found a warning in simo's krb5 refactoring patches.
src/providers/krb5/krb5_utils.c:850:9: warning: variable 'ret' is used
uninitialized whenever
'if' condition is false [-Wsometimes-uninitialized]
if
On Fri, Sep 13, 2013 at 12:41:41PM -0400, Simo Sorce wrote:
I wonder if it wouldn't make sense to delay commits to stable branches
until the time to release comes ?
Would it make it easier or harder to review and apply changes only at
release time ?
I think it would be harder. Since some
fd2e8098aa53603172a6070ea423cecc7b4230c5 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 17 Sep 2013 12:31:45 +0200
Subject: [PATCH] Do not set HAVE_SYSTEMD_LOGIN if libsystemd-login is not
available
Even if HAVE_SYSTEMD_LOGIN is set to 0 #ifdef will still see it as
defined.
---
src/external/systemd.m4
On Wed, Sep 18, 2013 at 07:07:46PM +0200, Lukas Slebodnik wrote:
On (12/09/13 16:55), Michal Židek wrote:
On 09/12/2013 02:03 PM, Lukas Slebodnik wrote:
On (11/09/13 17:05), Michal Židek wrote:
Patches 1-4 and 9:
These patches use the SAFEALIGN macros where it is appropriate. I
split them
must
be created manually. Since the patches were working well in my tests I
decided to send the functional part first and send the tests later.
bye,
Sumit
From 821366b9010540956639ff7831ff5ea52bddd291 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 20 Sep 2013 12:12:03 +0200
On Mon, Sep 23, 2013 at 09:42:14AM +0200, Jakub Hrozek wrote:
On Sun, Sep 22, 2013 at 05:42:34PM +0200, Jakub Hrozek wrote:
On Fri, Sep 20, 2013 at 02:08:24PM +0200, Sumit Bose wrote:
Hi,
with the following two patches offline authentication in the AD provider
is working again
On Wed, Sep 25, 2013 at 11:12:02AM +0200, Jakub Hrozek wrote:
Hi,
the attached patch fixes
https://fedorahosted.org/sssd/ticket/2079
I also opened https://fedorahosted.org/freeipa/ticket/3947 to stop
setting the dns_discovery_domain parameter from the IPA installer
completely.
From
67857f5b40662c8b32d2d854ebffa07ef05d7fe3 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 25 Sep 2013 13:42:24 +0200
Subject: [PATCH 1/3] IPA: store forest name for forest member domains
In order to fix https://fedorahosted.org/sssd/ticket/2093 the name of
the forest must be known for a member domain of the forest
On Thu, Sep 26, 2013 at 07:39:32PM +0200, Jakub Hrozek wrote:
On Thu, Sep 26, 2013 at 06:26:54PM +0200, Sumit Bose wrote:
On Wed, Sep 25, 2013 at 12:57:01PM +0200, Jakub Hrozek wrote:
On Wed, Sep 25, 2013 at 11:53:36AM +0200, Sumit Bose wrote:
On Wed, Sep 25, 2013 at 11:12:02AM +0200
On Thu, Sep 26, 2013 at 07:24:03PM +0200, Jakub Hrozek wrote:
On Thu, Sep 26, 2013 at 11:22:06AM +0200, Sumit Bose wrote:
Hi,
the first two attached patches should fix
https://fedorahosted.org/sssd/ticket/2093 and make
https://fedorahosted.org/sssd/ticket/2080 invalid. The third fixes
On Thu, Sep 26, 2013 at 10:27:07PM +0200, Jakub Hrozek wrote:
On Thu, Sep 26, 2013 at 10:11:21PM +0200, Jakub Hrozek wrote:
On Thu, Sep 26, 2013 at 09:45:12PM +0200, Sumit Bose wrote:
On Thu, Sep 26, 2013 at 07:24:03PM +0200, Jakub Hrozek wrote:
On Thu, Sep 26, 2013 at 11:22:06AM +0200
On Thu, Sep 26, 2013 at 10:16:50PM +0200, Jakub Hrozek wrote:
On Thu, Sep 26, 2013 at 04:01:17PM +0200, Jakub Hrozek wrote:
On Thu, Sep 26, 2013 at 02:15:42PM +0200, Jakub Hrozek wrote:
Hi,
the attached patches implement ticket #2070 where subdomain users have
POSIX attributes and
Hi,
this patch fixes a copy-n-paste error in the init code of the AD
provider.
bye,
Sumit
From 1211ee75a25db259fe5a680f702e5acb0f597c91 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 2 Oct 2013 18:21:42 +0200
Subject: [PATCH] AD: properly intitialize GC from ad_server
On Wed, Oct 02, 2013 at 04:06:40PM +0200, steve wrote:
On Wed, 2013-10-02 at 11:04 +0200, Sumit Bose wrote:
On Tue, Oct 01, 2013 at 08:42:54AM +0200, steve wrote:
Hi
After a lot of trial and error, I came up with this:
I had a look at the log files you send.
About
On Wed, Oct 02, 2013 at 06:31:14PM +0200, steve wrote:
On Wed, 2013-10-02 at 18:27 +0200, Sumit Bose wrote:
Hi,
this patch fixes a copy-n-paste error in the init code of the AD
provider.
Hi
Does this patch fix:
https://lists.fedorahosted.org/pipermail/sssd-devel/2013-October/016904
);
--
1.7.7.6
From e7263a273d6f0aa1d4ec83a9f9bcbd32d65e23c8 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 9 Oct 2013 15:21:48 +0200
Subject: [PATCH 2/5] idmap: fix a memory leak if a collision is detected
---
src/lib/idmap/sss_idmap.c | 13 +++--
1 files changed, 7
Hi,
I found this while testing the cifs-utils plugin I opened
https://fedorahosted.org/sssd/ticket/2116 to make sure all affected
versions will be fixed.
bye,
Sumit
From 25250b69421f67884e530d7bf9a38e5de10e3d7a Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 9 Oct 2013 18
On Thu, Oct 10, 2013 at 12:27:46AM -0400, Dmitri Pal wrote:
Hello,
I came across an interesting behavior that is IMO worth sharing with
other developers.
It turns out that fmemopen() fails with error 22 EINVAL if the buffer
passed in is of length 0.
Imagine situation: I have a file in
you do that integration? For me as a gentoo user that is currently an
unknown-area :)
Sure no problem.
Regards, Ben
2013/10/9 Sumit Bose sb...@redhat.com
On Mon, Oct 07, 2013 at 12:22:13PM +0200, Benjamin Franzke wrote:
2013/10/7 Sumit Bose sb...@redhat.com
On Thu, Oct 03, 2013
On Thu, Oct 10, 2013 at 02:49:13PM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/10/2013 02:13 PM, Jakub Hrozek wrote:
Hi,
if an entry is removed from LDAP and searched by SID, the SID
lookup code doesn't handle ENOENT and doesn't remove the
On Thu, Oct 10, 2013 at 02:41:54PM +0200, Benjamin Franzke wrote:
Thanks for your review!
snip
The patch with your concers fixed is attached.
Thank you for the new version. I only have two comments left:
+if (handle == NULL || errmsg == NULL) {
+*errmsg = strerror(EINVAL);
you
On Fri, Oct 11, 2013 at 12:53:48PM +0200, Benjamin Franzke wrote:
2013/10/11 Sumit Bose sb...@redhat.com
On Thu, Oct 10, 2013 at 02:41:54PM +0200, Benjamin Franzke wrote:
Thanks for your review!
snip
The patch with your concers fixed is attached.
Thank you for the new
On Fri, Oct 11, 2013 at 08:53:11AM -0400, Simo Sorce wrote:
On Fri, 2013-10-11 at 11:09 +0300, Nikolai Kondrashov wrote:
On 10/10/2013 11:27 PM, Simo Sorce wrote:
On Thu, 2013-10-10 at 15:46 -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On
On Fri, Oct 11, 2013 at 03:36:13PM +0200, Lukas Slebodnik wrote:
On (11/10/13 12:53), Benjamin Franzke wrote:
2013/10/11 Sumit Bose sb...@redhat.com
On Thu, Oct 10, 2013 at 02:41:54PM +0200, Benjamin Franzke wrote:
Thanks for your review!
snip
The patch with your concers fixed
On Fri, Oct 11, 2013 at 05:08:17PM -0400, Dmitri Pal wrote:
On 10/11/2013 07:47 AM, Sumit Bose wrote:
On Fri, Oct 11, 2013 at 12:53:48PM +0200, Benjamin Franzke wrote:
2013/10/11 Sumit Bose sb...@redhat.com
On Thu, Oct 10, 2013 at 02:41:54PM +0200, Benjamin Franzke wrote:
Thanks
On Sat, Oct 12, 2013 at 06:21:26AM +0200, Benjamin Franzke wrote:
Hi Dmitri,
2013/10/11 Dmitri Pal d...@redhat.com
On 10/11/2013 07:47 AM, Sumit Bose wrote:
On Fri, Oct 11, 2013 at 12:53:48PM +0200, Benjamin Franzke wrote:
2013/10/11 Sumit Bose sb...@redhat.com
On Thu, Oct 10
On Mon, Oct 14, 2013 at 11:16:41AM +0200, Lukas Slebodnik wrote:
ehlo,
This patch fixes warning reported by clang static analyzer.
Simple patch is attached.
LS
From 3c910455b63348e52026d9d61870ed44380e44e2 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik lsleb...@redhat.com
Date: Mon, 14
the notes in this thread,
to ensure they are all included now.
Thanks a lot.
ACK
bye,
Sumit
2013/10/14 Sumit Bose sb...@redhat.com
On Sat, Oct 12, 2013 at 06:21:26AM +0200, Benjamin Franzke wrote:
Hi Dmitri,
2013/10/11 Dmitri Pal d...@redhat.com
On 10/11/2013 07:47 AM
and now with the patch included :-)
On Mon, Oct 14, 2013 at 01:08:39PM +0200, Sumit Bose wrote:
Hi,
as promised I created the spec file changes to include the cifs-utils
plugin into the sssd-client package on Fedora and RHEL platforms where
recent cifs-utils are available.
bye,
Sumit
On Mon, Oct 14, 2013 at 01:37:01PM +0200, Sumit Bose wrote:
On Mon, Oct 14, 2013 at 01:15:02PM +0200, Benjamin Franzke wrote:
Hi Sumit,
Should the spec file also include an /etc/alternatives integration, like
cifs-utils has?
http://pkgs.fedoraproject.org/cgit/cifs-utils.git/tree/cifs
On Mon, Oct 14, 2013 at 05:51:40PM +0200, Lukas Slebodnik wrote:
On (14/10/13 16:48), Sumit Bose wrote:
On Mon, Oct 14, 2013 at 01:37:01PM +0200, Sumit Bose wrote:
On Mon, Oct 14, 2013 at 01:15:02PM +0200, Benjamin Franzke wrote:
Hi Sumit,
Should the spec file also include an /etc
On Mon, Oct 14, 2013 at 01:05:22PM +0200, Sumit Bose wrote:
On Mon, Oct 14, 2013 at 11:00:44AM +0200, Benjamin Franzke wrote:
Oh, sorry, I shared an old branch between my devel machine and the testing
virtual machine, where i did some other changes, which i merged later on,
which caused
On Tue, Oct 15, 2013 at 10:38:51AM +0200, Lukas Slebodnik wrote:
On (15/10/13 10:30), Sumit Bose wrote:
On Mon, Oct 14, 2013 at 05:51:40PM +0200, Lukas Slebodnik wrote:
On (14/10/13 16:48), Sumit Bose wrote:
On Mon, Oct 14, 2013 at 01:37:01PM +0200, Sumit Bose wrote:
On Mon, Oct 14, 2013
Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 16 Oct 2013 10:45:52 +0200
Subject: [PATCH] IPA server mode: properly initialize ext_groups
---
src/providers/ipa/ipa_subdomains.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/providers/ipa
On Thu, Oct 17, 2013 at 10:59:47AM +0200, Pavel Březina wrote:
https://fedorahosted.org/sssd/ticket/2092
From d363ac390df58435a8cf83098a1407689f1f5db4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= pbrez...@redhat.com
Date: Thu, 17 Oct 2013 10:20:56 +0200
Subject: [PATCH]
On Thu, Oct 17, 2013 at 01:11:43PM +0200, Benjamin Franzke wrote:
According to asprintf(3) the content off errmsg is undefined
on error, lets set it to NULL.
Thanks for the patch. ACK
bye,
Sumit
___
sssd-devel mailing list
On Thu, Oct 17, 2013 at 01:33:41PM +0200, Jakub Hrozek wrote:
On Thu, Oct 17, 2013 at 01:23:02PM +0200, Sumit Bose wrote:
On Thu, Oct 17, 2013 at 10:59:47AM +0200, Pavel Březina wrote:
https://fedorahosted.org/sssd/ticket/2092
From d363ac390df58435a8cf83098a1407689f1f5db4 Mon Sep 17 00
On Mon, Oct 21, 2013 at 11:03:25AM +0200, Jakub Hrozek wrote:
Another small bug I found when looking for #1020945
From b1d04686f085e25f10dde82f1e19c89278883001 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek jhro...@redhat.com
Date: Sun, 20 Oct 2013 19:24:04 +0200
Subject: [PATCH] NSS: Check
if the backend was offline before.
If the patch are accepted I will send corresponding ones to FreeIPA to
send the signal if 'ipa trust-add' is run as root.
bye,
Sumit
From 93ca2029e95ccef3b43dcc5620b168e8844e2ced Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 21 Oct 2013 13:37:37 +0200
Hi,
this patch tries to fix https://fedorahosted.org/sssd/ticket/2126 . Se
commit message for details.
bye,
Sumit
From 2e9b617c2b0e08f3f34ea3de44d5f47c758b7f9d Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 18 Oct 2013 15:54:22 +0200
Subject: [PATCH
801 - 900 of 3319 matches
Mail list logo