On Wed, 2012-06-13 at 15:48 +0200, Jakub Hrozek wrote: > [PATCH 01/11] Two small krb5_child fixes > ssia > > [PATCH 02/11] Provide more debugging in krb5_child and ldap_child > I started this patch before Nick did, maybe it would still be useful, at > least the parts that get rid of level-9 DEBUG messages. > > [PATCH 03/11] Allow redefining the KRB5_CHILD path > The krb5-child-test will want to run the child from the build directory. > > [PATCH 04/11] Split parse_krb5_child_response so it can be reused > krb5-child-test will be another consumer. It also makes the code more > readable by splitting a huge function. > > [PATCH 05/11] Add a krb5_child test tool > https://fedorahosted.org/sssd/ticket/1127 > > [PATCH 06/11] Residual util functions > Kerberos credential caches can be specified by TYPE:RESIDUAL. This pa > tch adds a couple of utilities to support parsing if ccache locations, > checking types etc. > > [PATCH 07/11] Handle trailing slash in the ccname template > With the DIR cache support, it's perfectly legal to specify a ccname > directory that ends with a slash. The create_dir function did not han dle > that situation correctly. The unit test is included in the DIR: cache > patch, because it uses the cc_dir_create() function. > > [PATCH 08/11] Add a credential cache back end structure > To be able to add support for new credential cache types easily, this > patch creates a new structure sss_krb5_cc_be that defines common with > a credential cache, such as create, check if used or remove. > > [PATCH 09/11] Add support for storing credential caches in the DIR: back end > https://fedorahosted.org/sssd/ticket/974 > > Please note that only the TGTs acquired by the krb5_child have changed, > the ldap_child still puts its ccache into /var/lib/sss/db. > > The cc_dir_remove() function is a little odd, I tried to use the krb5 > API directly, but I think I found a bug in libkrb5. For a subsidiary > cache that does not exist (DIR::/no/such/path), the following code would > segfault: > > krb5_cc_resolve(context, location, &ccache); // returns EOK > krberr = krb5_cc_destroy(context, ccache); // KRB5_FCC_NOFILE > if (krberr) { > if (ccache) krb5_cc_close(context, ccache); // SIGSEGV > } > > [PATCH 10/11] Use Kerberos context in KRB5_DEBUG > Passing Kerberos context to sss_krb5_get_error_message will allow us to > get better error messages. This patch technically belong earlier, but > rebasing would be hard at this point. > > [PATCH 11/11] Switch Kerberos cache default to DIR > Just switches the defaults.
Nack. First impressions: unit tests are failing: Running suite(s): krb5_utils 86%: Checks: 15, Failures: 2, Errors: 0 ../src/tests/krb5_utils-tests.c:341:F:create_dir:test_illegal_patterns:0: cc_file_create allowed illegal pattern '/./' in filename [/dev/shm/tests_krb5_utils/priv_ccdir/abc/./ccfile]. ../src/tests/krb5_utils-tests.c:389:F:create_dir:test_cc_dir_create:0: Cannot remove /dev/shm/tests_krb5_utils/priv_ccdir: (null) Also, the tests don't clean up after themselves, so subsequent reruns give back: Could not create empty directory [tests_krb5_utils]. Please remove [tests_krb5_utils]. FAIL: krb5-utils-tests I'll continue looking at the patches themselves while this is addressed.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
