On (15/04/16 16:39), Sumit Bose wrote: >On Thu, Apr 14, 2016 at 04:30:24PM +0200, Lukas Slebodnik wrote: > >... > >> >> >From 62a3c79d7923dceb2c92c1b2d31388afd744a8ac Mon Sep 17 00:00:00 2001 >> >From: Sumit Bose <sb...@redhat.com> >> >Date: Wed, 10 Feb 2016 14:59:06 +0100 >> >Subject: [PATCH 4/8] AD: process PAC during initgroups request >> > >> >If there is a recently attached PAC blob in the cached user entry the >> >PAC data is used to update the group memberships data of the user. If >> >there is no PAC attached or if it is too old the other configured >> >methods will be used. >> >--- >> > Makefile.am | 20 ++ >> > src/providers/ad/ad_id.c | 52 ++- >> > src/providers/ad/ad_pac.c | 666 >> > ++++++++++++++++++++++++++++++++++++++ >> > src/providers/ad/ad_pac.h | 82 +++++ >> > src/providers/ad/ad_pac_common.c | 86 +++++ >> > src/tests/cmocka/test_ad_common.c | 346 +++++++++++++++++++- >> > 6 files changed, 1243 insertions(+), 9 deletions(-) >> > create mode 100644 src/providers/ad/ad_pac.c >> > create mode 100644 src/providers/ad/ad_pac.h >> > create mode 100644 src/providers/ad/ad_pac_common.c >> > >> I assume (I didn't try to bisect) this patch broke a build >> with disabled pac responder and missing header file gen_ndr/krb5pac.h > >The attached patch should fix it in the sense that already configure >will fail if the NDR krb5pac library is not available. To proceed in >this case either --with-samba=no can be used which will basically >disable the build of the IPA and AD provider and the PAC responder. Or >on platforms like Debian and S.u.S.E where the different NDR libraries >are in separate packages the related libndr-krb5pac-devel can be >installed. > >This follows the logic we already use for the NDR NBT library we use to >parse the CLDAP response in the AD provider. And since the PAC >processing code is now in the AD provider as well I think NDR krb5pac >should be handled the same way. > >While testing with --with-samba=no I found that some tests cannot be >build in the case as well. Since they are related to the AD and IPA >provider which are not build as well the patch just skip them in this >case. Please let me know if you think that this is not a good idea. Then >I can try to make the tests still buildable with some #ifdef in the >code. > >Sumit >
>From 479a74d45d8e15a34f83d17625db7e6c5417cd41 Mon Sep 17 00:00:00 2001 >From: Sumit Bose <sb...@redhat.com> >Date: Fri, 15 Apr 2016 12:41:35 +0200 >Subject: [PATCH] build: move ndr_krb5pac check to the other Samba checks > >--- > Makefile.am | 7 ++++--- > src/external/pac_responder.m4 | 14 ++++++-------- > src/external/samba.m4 | 12 +++++++++++- > 3 files changed, 21 insertions(+), 12 deletions(-) > ACK LS _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
