[SSSD] [sssd PR#699][comment] Fixes for MIT Kerberos 1.17 and valgind CI runs
URL: https://github.com/SSSD/sssd/pull/699 Title: #699: Fixes for MIT Kerberos 1.17 and valgind CI runs jhrozek commented: """ CI passed completely: http://vm-031.$ABC/logs/job/94/94/summary.html """ See the full comment at https://github.com/SSSD/sssd/pull/699#issuecomment-441171503 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#699][+Accepted] Fixes for MIT Kerberos 1.17 and valgind CI runs
URL: https://github.com/SSSD/sssd/pull/699 Title: #699: Fixes for MIT Kerberos 1.17 and valgind CI runs Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#686][comment] nss: use enumeration context as talloc parent for cache req result
URL: https://github.com/SSSD/sssd/pull/686 Title: #686: nss: use enumeration context as talloc parent for cache req result jhrozek commented: """ Thank you for the explanation, I think this works fine. """ See the full comment at https://github.com/SSSD/sssd/pull/686#issuecomment-440947096 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#680][comment] pytest: Add test case for Expired sudo rule
URL: https://github.com/SSSD/sssd/pull/680 Title: #680: pytest: Add test case for Expired sudo rule jhrozek commented: """ I'm sorry for the very long delay. Except for the extra import, I don't have any more comments. I'll leave it up to you whether you want to remove the import and resubmit or if you prefer I do it before pushing. Anyway, I'll push the patches later today to avoid blocking CI for development. """ See the full comment at https://github.com/SSSD/sssd/pull/680#issuecomment-440947866 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][comment] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697 Title: #697: RESPONDER: Log failures from bind() and listen() jhrozek commented: """ OK, patch updated. """ See the full comment at https://github.com/SSSD/sssd/pull/697#issuecomment-441027615 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][-Changes requested] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697 Title: #697: RESPONDER: Log failures from bind() and listen() Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#694][-Changes requested] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694 Title: #694: SSSCTL: user-show says that user is expired Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#699][opened] Fixes for MIT Kerberos 1.17 and valgind CI runs
URL: https://github.com/SSSD/sssd/pull/699
Author: sumit-bose
Title: #699: Fixes for MIT Kerberos 1.17 and valgind CI runs
Action: opened
PR body:
"""
None
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/699/head:pr699
git checkout pr699
From d03fb2e4661ca970d78239c75ea7d843186cf559 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 22 Nov 2018 11:33:20 +0100
Subject: [PATCH 1/3] BUILD: Accept krb5 1.17 for building the PAC plugin
---
src/external/pac_responder.m4 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/external/pac_responder.m4 b/src/external/pac_responder.m4
index e0685f0ce3..dc986a1b8a 100644
--- a/src/external/pac_responder.m4
+++ b/src/external/pac_responder.m4
@@ -18,7 +18,8 @@ then
Kerberos\ 5\ release\ 1.13* | \
Kerberos\ 5\ release\ 1.14* | \
Kerberos\ 5\ release\ 1.15* | \
-Kerberos\ 5\ release\ 1.16*)
+Kerberos\ 5\ release\ 1.16* | \
+Kerberos\ 5\ release\ 1.17*)
krb5_version_ok=yes
AC_MSG_RESULT([yes])
;;
From 2470d1f5ce1e499f7a8f80c58e29a13860434010 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 22 Nov 2018 11:36:57 +0100
Subject: [PATCH 2/3] tests: fix mocking krb5_creds in test_copy_ccache
To just test some ccache related functionality without talking to an
actual KDC to get the tickets some needed libkrb5 structs were mocked
based on tests from the MIT Kerberos source code. One struct member
(is_skey) was so far not regarded by libkrb5 for out test case. But a
recent fix for http://krbdev.mit.edu/rt/Ticket/Display.html?id=8718
changed this and we have to change the mocking.
---
src/tests/cmocka/test_copy_ccache.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tests/cmocka/test_copy_ccache.c b/src/tests/cmocka/test_copy_ccache.c
index 84225b6bff..7c76c00e8f 100644
--- a/src/tests/cmocka/test_copy_ccache.c
+++ b/src/tests/cmocka/test_copy_ccache.c
@@ -88,7 +88,7 @@ static int setup_ccache(void **state)
test_creds.times.starttime = ;
test_creds.times.endtime = ;
test_creds.times.renew_till = ;
-test_creds.is_skey = 1;
+test_creds.is_skey = 0;
test_creds.ticket_flags = ;
test_creds.addresses = addrs;
From f66a38e58b969294100b9ac93e83b4491a69d317 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 22 Nov 2018 12:12:00 +0100
Subject: [PATCH 3/3] tests: increase p11_child_timeout
With recent version of valgrind some tests failed during a CI run with a
timeout. To avoid this the related p11_child_timeout is increased for
the affected tests.
---
src/tests/cmocka/test_cert_utils.c | 2 +-
src/tests/cmocka/test_ssh_srv.c| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/tests/cmocka/test_cert_utils.c b/src/tests/cmocka/test_cert_utils.c
index 26fffb870c..ec5858b6e2 100644
--- a/src/tests/cmocka/test_cert_utils.c
+++ b/src/tests/cmocka/test_cert_utils.c
@@ -50,7 +50,7 @@
/* When run under valgrind with --trace-children=yes we have to increase the
* timeout not because p11_child needs much more time under valgrind but
* because of the way valgrind handles the children. */
-#define P11_CHILD_TIMEOUT 40
+#define P11_CHILD_TIMEOUT 80
/* TODO: create a certificate for this test */
const uint8_t test_cert_der[] = {
diff --git a/src/tests/cmocka/test_ssh_srv.c b/src/tests/cmocka/test_ssh_srv.c
index 93217a1979..d611bdcfff 100644
--- a/src/tests/cmocka/test_ssh_srv.c
+++ b/src/tests/cmocka/test_ssh_srv.c
@@ -223,7 +223,7 @@ static int ssh_test_setup(void **state)
* the timeout not because p11_child needs much more time under valgrind
* but because of the way valgrind handles the children. */
struct sss_test_conf_param ssh_params[] = {
-{ "p11_child_timeout", "40" },
+{ "p11_child_timeout", "80" },
{ NULL, NULL }, /* Sentinel */
};
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#700][comment] LDAP: Only authenticate the auth connection if we need to look up user information
URL: https://github.com/SSSD/sssd/pull/700 Title: #700: LDAP: Only authenticate the auth connection if we need to look up user information jhrozek commented: """ I chose this approach because it only touches the ldap auth code. The other approach I was considering was to not force off the authentication, but turn the skip_auth boolean into a tri-state (do_auth, skip_auth, auth_if_possible). Then the caller from the ldap auth code would select auth_if_possible if the DN is known and do_auth if the DN must be looked up. What auth_if_possible would do is to check if GSSAPI is the authentication method and only skip only the GSSAPI auth step. This would make it possible to use other authentication methods, whatever they might be in case the DN must be looked up. And even another approach might be to establish authenticated connection to look up the user, then close is and authenticate the user using a second connection. But currently the only use-case that doesn't work with the current approach is id_provider=proxy and auth_provider=ldap where the LDAP server is AD DC. In this case, you must look up the user, so the connection must be authenticated, but using TLS and GSSAPI together wouldn't work. And I'm not sure if this use-case is important enough to consider either two connections or touching the connection code. """ See the full comment at https://github.com/SSSD/sssd/pull/700#issuecomment-441025645 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#694][synchronized] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694
Author: thalman
Title: #694: SSSCTL: user-show says that user is expired
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/694/head:pr694
git checkout pr694
From 3d7d9c7a3a7bc05c76612c76b7b8ca31b1d6517a Mon Sep 17 00:00:00 2001
From: Tomas Halman
Date: Tue, 13 Nov 2018 12:21:16 +0100
Subject: [PATCH] SSSCTL: user-show says that user is expired
sssctl user-show says that user is expired if the user comes from files
provider. This is ok because files user's expiration time is always set
to 0 but we should print a better, less confusing message.
The same change apply to groups.
Resolves:
https://pagure.io/SSSD/sssd/issue/3858
---
src/tools/sssctl/sssctl_cache.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/src/tools/sssctl/sssctl_cache.c b/src/tools/sssctl/sssctl_cache.c
index 42a2a60fd3..e0d067cfbe 100644
--- a/src/tools/sssctl/sssctl_cache.c
+++ b/src/tools/sssctl/sssctl_cache.c
@@ -154,6 +154,11 @@ static errno_t get_attr_expire(TALLOC_CTX *mem_ctx,
return ret;
}
+if (is_files_provider(dom)) {
+*_value = "Never";
+return EOK;
+}
+
if (value < time(NULL)) {
*_value = "Expired";
return EOK;
@@ -179,6 +184,11 @@ static errno_t attr_initgr(TALLOC_CTX *mem_ctx,
return ret;
}
+if (is_files_provider(dom)) {
+*_value = "Never";
+return EOK;
+}
+
if (value < time(NULL)) {
*_value = "Expired";
return EOK;
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#700][comment] LDAP: Only authenticate the auth connection if we need to look up user information
URL: https://github.com/SSSD/sssd/pull/700 Title: #700: LDAP: Only authenticate the auth connection if we need to look up user information jhrozek commented: """ I chose this approach because it only touches the ldap auth code. The other approach I was considering was to not force off the authentication, but turn the skip_auth boolean into a tri-state (do_auth, skip_auth, auth_if_possible). Then the caller from the ldap auth code would select auth_if_possible if the DN is known and do_auth if the DN must be looked up. What auth_if_possible would do is to check if GSSAPI is the authentication method and only skip only the GSSAPI auth step. This would make it possible to use other authentication methods, whatever they might be in case the DN must be looked up. And even another approach might be to establish authenticated connection to look up the user, then close it and authenticate the user using a second connection. But currently the only use-case that doesn't work with the current approach is id_provider=proxy and auth_provider=ldap where the LDAP server is AD DC. In this case, you must look up the user, so the connection must be authenticated, but using TLS and GSSAPI together wouldn't work, so the only way you can make this setup work is to use a bind DN and password. And I'm not sure if this use-case is important enough to consider either two connections or touching the connection code. Moreover, this combination of proxy identity, ldap authentication and GSSAPI-authenticated binds didn't work in any of the previous SSSD versions. """ See the full comment at https://github.com/SSSD/sssd/pull/700#issuecomment-441025645 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#700][opened] LDAP: Only authenticate the auth connection if we need to look up user information
URL: https://github.com/SSSD/sssd/pull/700
Author: jhrozek
Title: #700: LDAP: Only authenticate the auth connection if we need to look up
user information
Action: opened
PR body:
"""
Related: https://pagure.io/SSSD/sssd/issue/3451
Commit add72860c7a7a2c418f4d8b6790b5caeaf7dfb7b initially addressed #3451
by using the full sdap_cli_connect() request during LDAP authentication.
This was a good idea as it addressed the case where the authentication
connection must also look up some user information (typically with
id_provider=proxy where you don't know the DN to bind as during
authentication), but this approach also broke the use-case of
id_provider=ldap and auth_provider=ldap with ldap_sasl_auth=gssapi.
This is because (for reason I don't know) AD doesn't like if you use both
GSSAPI and startTLS on the same connection. But the code would force TLS
during the authentication as a general measure to not transmit passwords in
the clear, but then, the connection would also see that
ldap_sasl_auth=gssapi is set and also bind with GSSAPI.
This patch checks if the user DN is already known and if yes, then doesn't
authenticate the connection as the connection will then only be used for
the user simple bind.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/700/head:pr700
git checkout pr700
From ee4a272240ee004e21941525dffc657b792c4689 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek
Date: Thu, 22 Nov 2018 12:51:14 +0100
Subject: [PATCH 1/2] LDAP: minor refactoring in auth_send() to conform to our
coding style
Related:
https://pagure.io/SSSD/sssd/issue/3451
A tevent _send() function should only return NULL on ENOMEM, otherwise
it should mark the request as failed but return the req pointer. This
was not much of an issue, before, but the next patch will add another
function call to the auth_send call which would make error handling
awkward.
---
src/providers/ldap/ldap_auth.c | 17 +++--
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index d40bc94148..c409353d91 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -636,6 +636,7 @@ static struct tevent_req *auth_send(TALLOC_CTX *memctx,
{
struct tevent_req *req;
struct auth_state *state;
+errno_t ret;
req = tevent_req_create(memctx, , struct auth_state);
if (!req) return NULL;
@@ -645,11 +646,11 @@ static struct tevent_req *auth_send(TALLOC_CTX *memctx,
if (sss_authtok_get_type(authtok) == SSS_AUTHTOK_TYPE_SC_PIN
|| sss_authtok_get_type(authtok) == SSS_AUTHTOK_TYPE_SC_KEYPAD) {
/* Tell frontend that we do not support Smartcard authentication */
-tevent_req_error(req, ERR_SC_AUTH_NOT_SUPPORTED);
+ret = ERR_SC_AUTH_NOT_SUPPORTED;
} else {
-tevent_req_error(req, ERR_AUTH_FAILED);
+ret = ERR_AUTH_FAILED;
}
-return tevent_req_post(req, ev);
+goto fail;
}
state->ev = ev;
@@ -663,13 +664,17 @@ static struct tevent_req *auth_send(TALLOC_CTX *memctx,
state->sdap_service = ctx->service;
}
-if (!auth_connect_send(req)) goto fail;
+if (auth_connect_send(req) == NULL) {
+ret = ENOMEM;
+goto fail;
+}
return req;
fail:
-talloc_zfree(req);
-return NULL;
+tevent_req_error(req, ret);
+tevent_req_post(req, ev);
+return req;
}
static struct tevent_req *auth_connect_send(struct tevent_req *req)
From ba016255fccea10519edef031bc6aac5e1c3222c Mon Sep 17 00:00:00 2001
From: Jakub Hrozek
Date: Thu, 22 Nov 2018 12:17:51 +0100
Subject: [PATCH 2/2] LDAP: Only authenticate the auth connection if we need to
look up user information
Related:
https://pagure.io/SSSD/sssd/issue/3451
Commit add72860c7a7a2c418f4d8b6790b5caeaf7dfb7b initially addressed #3451 by
using the full sdap_cli_connect() request during LDAP authentication. This
was a good idea as it addressed the case where the authentication connection
must also look up some user information (typically with id_provider=proxy
where you don't know the DN to bind as during authentication), but this
approach also broke the use-case of id_provider=ldap and auth_provider=ldap
with ldap_sasl_auth=gssapi.
This is because (for reason I don't know) AD doesn't like if you use
both GSSAPI and startTLS on the same connection. But the code would
force TLS during the authentication as a general measure to not transmit
passwords in the clear, but then, the connection would also see that
ldap_sasl_auth=gssapi is set and also bind with GSSAPI.
This patch checks if the user DN is already known and if yes, then
doesn't authenticate the connection as the connection will then only be
used for the user simple bind.
---
src/providers/ldap/ldap_auth.c | 43 +-
1 file changed, 32 insertions(+), 11 deletions(-)
diff
[SSSD] [sssd PR#694][comment] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694 Title: #694: SSSCTL: user-show says that user is expired thalman commented: """ Thanks for comments. PR updated. """ See the full comment at https://github.com/SSSD/sssd/pull/694#issuecomment-441025815 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][synchronized] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697
Author: jhrozek
Title: #697: RESPONDER: Log failures from bind() and listen()
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/697/head:pr697
git checkout pr697
From aae911ec5d4423ce0dfd6da3bb67a0c7e43e1ce2 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek
Date: Tue, 20 Nov 2018 12:16:44 +0100
Subject: [PATCH] RESPONDER: Log failures from bind() and listen()
We've seen reports from users where SSSD (for a reason which is not
known at the moment) couldn't bind to the created socket. This patch
just logs the errno which should help in debugging issues like that in
the future.
---
src/responder/common/responder_common.c | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 9081901a66..5792f3 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -847,15 +847,18 @@ int create_pipe_fd(const char *sock_name, int *_fd, mode_t umaskval)
}
if (bind(fd, (struct sockaddr *), sizeof(addr)) == -1) {
+ret = errno;
DEBUG(SSSDBG_FATAL_FAILURE,
- "Unable to bind on socket '%s'\n", sock_name);
-ret = EIO;
+ "Unable to bind on socket '%s' [%d]: %s\n",
+ sock_name, ret, sss_strerror(ret));
goto done;
}
+
if (listen(fd, 10) == -1) {
+ret = errno;
DEBUG(SSSDBG_FATAL_FAILURE,
- "Unable to listen on socket '%s'\n", sock_name);
-ret = EIO;
+ "Unable to listen on socket '%s' [%d]: %s\n",
+ sock_name, ret, sss_strerror(ret));
goto done;
}
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][comment] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697 Title: #697: RESPONDER: Log failures from bind() and listen() pbrezina commented: """ Ack. """ See the full comment at https://github.com/SSSD/sssd/pull/697#issuecomment-441056142 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#694][+Accepted] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694 Title: #694: SSSCTL: user-show says that user is expired Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][+Accepted] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697 Title: #697: RESPONDER: Log failures from bind() and listen() Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#694][comment] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694 Title: #694: SSSCTL: user-show says that user is expired pbrezina commented: """ Thank you. Ack. """ See the full comment at https://github.com/SSSD/sssd/pull/694#issuecomment-441055972 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#686][closed] nss: use enumeration context as talloc parent for cache req result
URL: https://github.com/SSSD/sssd/pull/686 Author: pbrezina Title: #686: nss: use enumeration context as talloc parent for cache req result Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/686/head:pr686 git checkout pr686 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#686][comment] nss: use enumeration context as talloc parent for cache req result
URL: https://github.com/SSSD/sssd/pull/686 Title: #686: nss: use enumeration context as talloc parent for cache req result jhrozek commented: """ So far I pushed the patch to master with 406b731ddfbeb62623640cc37a7adc76af0a4b22 but I suspect we'll do a 1-16 backport later.. """ See the full comment at https://github.com/SSSD/sssd/pull/686#issuecomment-441123827 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#686][+Pushed] nss: use enumeration context as talloc parent for cache req result
URL: https://github.com/SSSD/sssd/pull/686 Title: #686: nss: use enumeration context as talloc parent for cache req result Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#694][+Pushed] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694 Title: #694: SSSCTL: user-show says that user is expired Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#694][comment] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694 Title: #694: SSSCTL: user-show says that user is expired jhrozek commented: """ * master: 291071cb3c04eda7606d62bbff123a0a125c7d60 """ See the full comment at https://github.com/SSSD/sssd/pull/694#issuecomment-441124198 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#698][comment] Add support for EC keys
URL: https://github.com/SSSD/sssd/pull/698 Title: #698: Add support for EC keys jhrozek commented: """ While I can't say I understand every bit of the code completely, the code looks good, has tests and passes both CI (with some current rawhide caveats) and Coverity tests. --> ACK """ See the full comment at https://github.com/SSSD/sssd/pull/698#issuecomment-441122185 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#698][+Accepted] Add support for EC keys
URL: https://github.com/SSSD/sssd/pull/698 Title: #698: Add support for EC keys Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#694][closed] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694 Author: thalman Title: #694: SSSCTL: user-show says that user is expired Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/694/head:pr694 git checkout pr694 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][comment] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697 Title: #697: RESPONDER: Log failures from bind() and listen() jhrozek commented: """ * master: 75696ddc84ab08c8c885dacc7796ebc8afc429ec """ See the full comment at https://github.com/SSSD/sssd/pull/697#issuecomment-441124522 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][closed] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697 Author: jhrozek Title: #697: RESPONDER: Log failures from bind() and listen() Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/697/head:pr697 git checkout pr697 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][+Pushed] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697 Title: #697: RESPONDER: Log failures from bind() and listen() Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#680][+Accepted] pytest: Add test case for Expired sudo rule
URL: https://github.com/SSSD/sssd/pull/680 Title: #680: pytest: Add test case for Expired sudo rule Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#680][+Pushed] pytest: Add test case for Expired sudo rule
URL: https://github.com/SSSD/sssd/pull/680 Title: #680: pytest: Add test case for Expired sudo rule Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#680][closed] pytest: Add test case for Expired sudo rule
URL: https://github.com/SSSD/sssd/pull/680 Author: mrniranjan Title: #680: pytest: Add test case for Expired sudo rule Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/680/head:pr680 git checkout pr680 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#680][comment] pytest: Add test case for Expired sudo rule
URL: https://github.com/SSSD/sssd/pull/680 Title: #680: pytest: Add test case for Expired sudo rule jhrozek commented: """ I fixed the unused import and pushed the patches to master: 5c550e72ea9939139d2e9b0b7e3c6a534568d799 fa2106a7af9d70380c9694a1a15752f39531f6f0 a5133f3ab384c2e3f37081bb73fdf705edc45ee6 4dcef883255b25f3a38cd67bcef3a6d3eb7d1c26 ba87d78343a42e716a2ea32890b16f33c62002a2 6dcc34d09e0f583743dc4a74076eb30e505deed1 """ See the full comment at https://github.com/SSSD/sssd/pull/680#issuecomment-441123603 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#698][comment] Add support for EC keys
URL: https://github.com/SSSD/sssd/pull/698 Title: #698: Add support for EC keys jhrozek commented: """ * master: 3906e5f41a00063127e07f5ca696a25eea2e8bb7 4e627add38af409ec6a5023212677956babca1e7 41c4661b6fd237b156606bfd0d8ca3edd5a16795 ad3356d105835718f57edb7844e1fed911770610 d64d9cfbe9dc44db04b253aa08c05e645e10708a a7421b5260cd2edd07ec5c0fefd240e76c5a0f03 a0cdc3bdf0e7f8ef15997f269b6f1ca5cab85825 ef631f9e61e7a0e168cce9071470839a4c04114c 6286f8120ac9986b418f4f08f26d6808cf028a9b """ See the full comment at https://github.com/SSSD/sssd/pull/698#issuecomment-441124986 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#698][+Pushed] Add support for EC keys
URL: https://github.com/SSSD/sssd/pull/698 Title: #698: Add support for EC keys Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#698][closed] Add support for EC keys
URL: https://github.com/SSSD/sssd/pull/698 Author: sumit-bose Title: #698: Add support for EC keys Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/698/head:pr698 git checkout pr698 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#644][closed] When multiple UIDs exist, use the username provided by the user as the first lookup
URL: https://github.com/SSSD/sssd/pull/644 Author: joeFischetti Title: #644: When multiple UIDs exist, use the username provided by the user as the first lookup Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/644/head:pr644 git checkout pr644 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#644][+Rejected] When multiple UIDs exist, use the username provided by the user as the first lookup
URL: https://github.com/SSSD/sssd/pull/644 Title: #644: When multiple UIDs exist, use the username provided by the user as the first lookup Label: +Rejected ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
