[SSSD] [sssd PR#699][comment] Fixes for MIT Kerberos 1.17 and valgind CI runs
URL: https://github.com/SSSD/sssd/pull/699 Title: #699: Fixes for MIT Kerberos 1.17 and valgind CI runs jhrozek commented: """ CI passed completely: http://vm-031.$ABC/logs/job/94/94/summary.html """ See the full comment at https://github.com/SSSD/sssd/pull/699#issuecomment-441171503 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#699][+Accepted] Fixes for MIT Kerberos 1.17 and valgind CI runs
URL: https://github.com/SSSD/sssd/pull/699 Title: #699: Fixes for MIT Kerberos 1.17 and valgind CI runs Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#686][comment] nss: use enumeration context as talloc parent for cache req result
URL: https://github.com/SSSD/sssd/pull/686 Title: #686: nss: use enumeration context as talloc parent for cache req result jhrozek commented: """ Thank you for the explanation, I think this works fine. """ See the full comment at https://github.com/SSSD/sssd/pull/686#issuecomment-440947096 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#680][comment] pytest: Add test case for Expired sudo rule
URL: https://github.com/SSSD/sssd/pull/680 Title: #680: pytest: Add test case for Expired sudo rule jhrozek commented: """ I'm sorry for the very long delay. Except for the extra import, I don't have any more comments. I'll leave it up to you whether you want to remove the import and resubmit or if you prefer I do it before pushing. Anyway, I'll push the patches later today to avoid blocking CI for development. """ See the full comment at https://github.com/SSSD/sssd/pull/680#issuecomment-440947866 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][comment] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697 Title: #697: RESPONDER: Log failures from bind() and listen() jhrozek commented: """ OK, patch updated. """ See the full comment at https://github.com/SSSD/sssd/pull/697#issuecomment-441027615 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][-Changes requested] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697 Title: #697: RESPONDER: Log failures from bind() and listen() Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#694][-Changes requested] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694 Title: #694: SSSCTL: user-show says that user is expired Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#699][opened] Fixes for MIT Kerberos 1.17 and valgind CI runs
URL: https://github.com/SSSD/sssd/pull/699 Author: sumit-bose Title: #699: Fixes for MIT Kerberos 1.17 and valgind CI runs Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/699/head:pr699 git checkout pr699 From d03fb2e4661ca970d78239c75ea7d843186cf559 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 22 Nov 2018 11:33:20 +0100 Subject: [PATCH 1/3] BUILD: Accept krb5 1.17 for building the PAC plugin --- src/external/pac_responder.m4 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/external/pac_responder.m4 b/src/external/pac_responder.m4 index e0685f0ce3..dc986a1b8a 100644 --- a/src/external/pac_responder.m4 +++ b/src/external/pac_responder.m4 @@ -18,7 +18,8 @@ then Kerberos\ 5\ release\ 1.13* | \ Kerberos\ 5\ release\ 1.14* | \ Kerberos\ 5\ release\ 1.15* | \ -Kerberos\ 5\ release\ 1.16*) +Kerberos\ 5\ release\ 1.16* | \ +Kerberos\ 5\ release\ 1.17*) krb5_version_ok=yes AC_MSG_RESULT([yes]) ;; From 2470d1f5ce1e499f7a8f80c58e29a13860434010 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 22 Nov 2018 11:36:57 +0100 Subject: [PATCH 2/3] tests: fix mocking krb5_creds in test_copy_ccache To just test some ccache related functionality without talking to an actual KDC to get the tickets some needed libkrb5 structs were mocked based on tests from the MIT Kerberos source code. One struct member (is_skey) was so far not regarded by libkrb5 for out test case. But a recent fix for http://krbdev.mit.edu/rt/Ticket/Display.html?id=8718 changed this and we have to change the mocking. --- src/tests/cmocka/test_copy_ccache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/cmocka/test_copy_ccache.c b/src/tests/cmocka/test_copy_ccache.c index 84225b6bff..7c76c00e8f 100644 --- a/src/tests/cmocka/test_copy_ccache.c +++ b/src/tests/cmocka/test_copy_ccache.c @@ -88,7 +88,7 @@ static int setup_ccache(void **state) test_creds.times.starttime = ; test_creds.times.endtime = ; test_creds.times.renew_till = ; -test_creds.is_skey = 1; +test_creds.is_skey = 0; test_creds.ticket_flags = ; test_creds.addresses = addrs; From f66a38e58b969294100b9ac93e83b4491a69d317 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 22 Nov 2018 12:12:00 +0100 Subject: [PATCH 3/3] tests: increase p11_child_timeout With recent version of valgrind some tests failed during a CI run with a timeout. To avoid this the related p11_child_timeout is increased for the affected tests. --- src/tests/cmocka/test_cert_utils.c | 2 +- src/tests/cmocka/test_ssh_srv.c| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/cmocka/test_cert_utils.c b/src/tests/cmocka/test_cert_utils.c index 26fffb870c..ec5858b6e2 100644 --- a/src/tests/cmocka/test_cert_utils.c +++ b/src/tests/cmocka/test_cert_utils.c @@ -50,7 +50,7 @@ /* When run under valgrind with --trace-children=yes we have to increase the * timeout not because p11_child needs much more time under valgrind but * because of the way valgrind handles the children. */ -#define P11_CHILD_TIMEOUT 40 +#define P11_CHILD_TIMEOUT 80 /* TODO: create a certificate for this test */ const uint8_t test_cert_der[] = { diff --git a/src/tests/cmocka/test_ssh_srv.c b/src/tests/cmocka/test_ssh_srv.c index 93217a1979..d611bdcfff 100644 --- a/src/tests/cmocka/test_ssh_srv.c +++ b/src/tests/cmocka/test_ssh_srv.c @@ -223,7 +223,7 @@ static int ssh_test_setup(void **state) * the timeout not because p11_child needs much more time under valgrind * but because of the way valgrind handles the children. */ struct sss_test_conf_param ssh_params[] = { -{ "p11_child_timeout", "40" }, +{ "p11_child_timeout", "80" }, { NULL, NULL }, /* Sentinel */ }; ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#700][comment] LDAP: Only authenticate the auth connection if we need to look up user information
URL: https://github.com/SSSD/sssd/pull/700 Title: #700: LDAP: Only authenticate the auth connection if we need to look up user information jhrozek commented: """ I chose this approach because it only touches the ldap auth code. The other approach I was considering was to not force off the authentication, but turn the skip_auth boolean into a tri-state (do_auth, skip_auth, auth_if_possible). Then the caller from the ldap auth code would select auth_if_possible if the DN is known and do_auth if the DN must be looked up. What auth_if_possible would do is to check if GSSAPI is the authentication method and only skip only the GSSAPI auth step. This would make it possible to use other authentication methods, whatever they might be in case the DN must be looked up. And even another approach might be to establish authenticated connection to look up the user, then close is and authenticate the user using a second connection. But currently the only use-case that doesn't work with the current approach is id_provider=proxy and auth_provider=ldap where the LDAP server is AD DC. In this case, you must look up the user, so the connection must be authenticated, but using TLS and GSSAPI together wouldn't work. And I'm not sure if this use-case is important enough to consider either two connections or touching the connection code. """ See the full comment at https://github.com/SSSD/sssd/pull/700#issuecomment-441025645 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#694][synchronized] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694 Author: thalman Title: #694: SSSCTL: user-show says that user is expired Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/694/head:pr694 git checkout pr694 From 3d7d9c7a3a7bc05c76612c76b7b8ca31b1d6517a Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Tue, 13 Nov 2018 12:21:16 +0100 Subject: [PATCH] SSSCTL: user-show says that user is expired sssctl user-show says that user is expired if the user comes from files provider. This is ok because files user's expiration time is always set to 0 but we should print a better, less confusing message. The same change apply to groups. Resolves: https://pagure.io/SSSD/sssd/issue/3858 --- src/tools/sssctl/sssctl_cache.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/src/tools/sssctl/sssctl_cache.c b/src/tools/sssctl/sssctl_cache.c index 42a2a60fd3..e0d067cfbe 100644 --- a/src/tools/sssctl/sssctl_cache.c +++ b/src/tools/sssctl/sssctl_cache.c @@ -154,6 +154,11 @@ static errno_t get_attr_expire(TALLOC_CTX *mem_ctx, return ret; } +if (is_files_provider(dom)) { +*_value = "Never"; +return EOK; +} + if (value < time(NULL)) { *_value = "Expired"; return EOK; @@ -179,6 +184,11 @@ static errno_t attr_initgr(TALLOC_CTX *mem_ctx, return ret; } +if (is_files_provider(dom)) { +*_value = "Never"; +return EOK; +} + if (value < time(NULL)) { *_value = "Expired"; return EOK; ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#700][comment] LDAP: Only authenticate the auth connection if we need to look up user information
URL: https://github.com/SSSD/sssd/pull/700 Title: #700: LDAP: Only authenticate the auth connection if we need to look up user information jhrozek commented: """ I chose this approach because it only touches the ldap auth code. The other approach I was considering was to not force off the authentication, but turn the skip_auth boolean into a tri-state (do_auth, skip_auth, auth_if_possible). Then the caller from the ldap auth code would select auth_if_possible if the DN is known and do_auth if the DN must be looked up. What auth_if_possible would do is to check if GSSAPI is the authentication method and only skip only the GSSAPI auth step. This would make it possible to use other authentication methods, whatever they might be in case the DN must be looked up. And even another approach might be to establish authenticated connection to look up the user, then close it and authenticate the user using a second connection. But currently the only use-case that doesn't work with the current approach is id_provider=proxy and auth_provider=ldap where the LDAP server is AD DC. In this case, you must look up the user, so the connection must be authenticated, but using TLS and GSSAPI together wouldn't work, so the only way you can make this setup work is to use a bind DN and password. And I'm not sure if this use-case is important enough to consider either two connections or touching the connection code. Moreover, this combination of proxy identity, ldap authentication and GSSAPI-authenticated binds didn't work in any of the previous SSSD versions. """ See the full comment at https://github.com/SSSD/sssd/pull/700#issuecomment-441025645 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#700][opened] LDAP: Only authenticate the auth connection if we need to look up user information
URL: https://github.com/SSSD/sssd/pull/700 Author: jhrozek Title: #700: LDAP: Only authenticate the auth connection if we need to look up user information Action: opened PR body: """ Related: https://pagure.io/SSSD/sssd/issue/3451 Commit add72860c7a7a2c418f4d8b6790b5caeaf7dfb7b initially addressed #3451 by using the full sdap_cli_connect() request during LDAP authentication. This was a good idea as it addressed the case where the authentication connection must also look up some user information (typically with id_provider=proxy where you don't know the DN to bind as during authentication), but this approach also broke the use-case of id_provider=ldap and auth_provider=ldap with ldap_sasl_auth=gssapi. This is because (for reason I don't know) AD doesn't like if you use both GSSAPI and startTLS on the same connection. But the code would force TLS during the authentication as a general measure to not transmit passwords in the clear, but then, the connection would also see that ldap_sasl_auth=gssapi is set and also bind with GSSAPI. This patch checks if the user DN is already known and if yes, then doesn't authenticate the connection as the connection will then only be used for the user simple bind. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/700/head:pr700 git checkout pr700 From ee4a272240ee004e21941525dffc657b792c4689 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Thu, 22 Nov 2018 12:51:14 +0100 Subject: [PATCH 1/2] LDAP: minor refactoring in auth_send() to conform to our coding style Related: https://pagure.io/SSSD/sssd/issue/3451 A tevent _send() function should only return NULL on ENOMEM, otherwise it should mark the request as failed but return the req pointer. This was not much of an issue, before, but the next patch will add another function call to the auth_send call which would make error handling awkward. --- src/providers/ldap/ldap_auth.c | 17 +++-- 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index d40bc94148..c409353d91 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -636,6 +636,7 @@ static struct tevent_req *auth_send(TALLOC_CTX *memctx, { struct tevent_req *req; struct auth_state *state; +errno_t ret; req = tevent_req_create(memctx, , struct auth_state); if (!req) return NULL; @@ -645,11 +646,11 @@ static struct tevent_req *auth_send(TALLOC_CTX *memctx, if (sss_authtok_get_type(authtok) == SSS_AUTHTOK_TYPE_SC_PIN || sss_authtok_get_type(authtok) == SSS_AUTHTOK_TYPE_SC_KEYPAD) { /* Tell frontend that we do not support Smartcard authentication */ -tevent_req_error(req, ERR_SC_AUTH_NOT_SUPPORTED); +ret = ERR_SC_AUTH_NOT_SUPPORTED; } else { -tevent_req_error(req, ERR_AUTH_FAILED); +ret = ERR_AUTH_FAILED; } -return tevent_req_post(req, ev); +goto fail; } state->ev = ev; @@ -663,13 +664,17 @@ static struct tevent_req *auth_send(TALLOC_CTX *memctx, state->sdap_service = ctx->service; } -if (!auth_connect_send(req)) goto fail; +if (auth_connect_send(req) == NULL) { +ret = ENOMEM; +goto fail; +} return req; fail: -talloc_zfree(req); -return NULL; +tevent_req_error(req, ret); +tevent_req_post(req, ev); +return req; } static struct tevent_req *auth_connect_send(struct tevent_req *req) From ba016255fccea10519edef031bc6aac5e1c3222c Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Thu, 22 Nov 2018 12:17:51 +0100 Subject: [PATCH 2/2] LDAP: Only authenticate the auth connection if we need to look up user information Related: https://pagure.io/SSSD/sssd/issue/3451 Commit add72860c7a7a2c418f4d8b6790b5caeaf7dfb7b initially addressed #3451 by using the full sdap_cli_connect() request during LDAP authentication. This was a good idea as it addressed the case where the authentication connection must also look up some user information (typically with id_provider=proxy where you don't know the DN to bind as during authentication), but this approach also broke the use-case of id_provider=ldap and auth_provider=ldap with ldap_sasl_auth=gssapi. This is because (for reason I don't know) AD doesn't like if you use both GSSAPI and startTLS on the same connection. But the code would force TLS during the authentication as a general measure to not transmit passwords in the clear, but then, the connection would also see that ldap_sasl_auth=gssapi is set and also bind with GSSAPI. This patch checks if the user DN is already known and if yes, then doesn't authenticate the connection as the connection will then only be used for the user simple bind. --- src/providers/ldap/ldap_auth.c | 43 +- 1 file changed, 32 insertions(+), 11 deletions(-) diff
[SSSD] [sssd PR#694][comment] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694 Title: #694: SSSCTL: user-show says that user is expired thalman commented: """ Thanks for comments. PR updated. """ See the full comment at https://github.com/SSSD/sssd/pull/694#issuecomment-441025815 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][synchronized] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697 Author: jhrozek Title: #697: RESPONDER: Log failures from bind() and listen() Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/697/head:pr697 git checkout pr697 From aae911ec5d4423ce0dfd6da3bb67a0c7e43e1ce2 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 20 Nov 2018 12:16:44 +0100 Subject: [PATCH] RESPONDER: Log failures from bind() and listen() We've seen reports from users where SSSD (for a reason which is not known at the moment) couldn't bind to the created socket. This patch just logs the errno which should help in debugging issues like that in the future. --- src/responder/common/responder_common.c | 11 +++ 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 9081901a66..5792f3 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -847,15 +847,18 @@ int create_pipe_fd(const char *sock_name, int *_fd, mode_t umaskval) } if (bind(fd, (struct sockaddr *), sizeof(addr)) == -1) { +ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, - "Unable to bind on socket '%s'\n", sock_name); -ret = EIO; + "Unable to bind on socket '%s' [%d]: %s\n", + sock_name, ret, sss_strerror(ret)); goto done; } + if (listen(fd, 10) == -1) { +ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, - "Unable to listen on socket '%s'\n", sock_name); -ret = EIO; + "Unable to listen on socket '%s' [%d]: %s\n", + sock_name, ret, sss_strerror(ret)); goto done; } ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][comment] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697 Title: #697: RESPONDER: Log failures from bind() and listen() pbrezina commented: """ Ack. """ See the full comment at https://github.com/SSSD/sssd/pull/697#issuecomment-441056142 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#694][+Accepted] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694 Title: #694: SSSCTL: user-show says that user is expired Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][+Accepted] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697 Title: #697: RESPONDER: Log failures from bind() and listen() Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#694][comment] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694 Title: #694: SSSCTL: user-show says that user is expired pbrezina commented: """ Thank you. Ack. """ See the full comment at https://github.com/SSSD/sssd/pull/694#issuecomment-441055972 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#686][closed] nss: use enumeration context as talloc parent for cache req result
URL: https://github.com/SSSD/sssd/pull/686 Author: pbrezina Title: #686: nss: use enumeration context as talloc parent for cache req result Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/686/head:pr686 git checkout pr686 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#686][comment] nss: use enumeration context as talloc parent for cache req result
URL: https://github.com/SSSD/sssd/pull/686 Title: #686: nss: use enumeration context as talloc parent for cache req result jhrozek commented: """ So far I pushed the patch to master with 406b731ddfbeb62623640cc37a7adc76af0a4b22 but I suspect we'll do a 1-16 backport later.. """ See the full comment at https://github.com/SSSD/sssd/pull/686#issuecomment-441123827 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#686][+Pushed] nss: use enumeration context as talloc parent for cache req result
URL: https://github.com/SSSD/sssd/pull/686 Title: #686: nss: use enumeration context as talloc parent for cache req result Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#694][+Pushed] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694 Title: #694: SSSCTL: user-show says that user is expired Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#694][comment] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694 Title: #694: SSSCTL: user-show says that user is expired jhrozek commented: """ * master: 291071cb3c04eda7606d62bbff123a0a125c7d60 """ See the full comment at https://github.com/SSSD/sssd/pull/694#issuecomment-441124198 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#698][comment] Add support for EC keys
URL: https://github.com/SSSD/sssd/pull/698 Title: #698: Add support for EC keys jhrozek commented: """ While I can't say I understand every bit of the code completely, the code looks good, has tests and passes both CI (with some current rawhide caveats) and Coverity tests. --> ACK """ See the full comment at https://github.com/SSSD/sssd/pull/698#issuecomment-441122185 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#698][+Accepted] Add support for EC keys
URL: https://github.com/SSSD/sssd/pull/698 Title: #698: Add support for EC keys Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#694][closed] SSSCTL: user-show says that user is expired
URL: https://github.com/SSSD/sssd/pull/694 Author: thalman Title: #694: SSSCTL: user-show says that user is expired Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/694/head:pr694 git checkout pr694 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][comment] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697 Title: #697: RESPONDER: Log failures from bind() and listen() jhrozek commented: """ * master: 75696ddc84ab08c8c885dacc7796ebc8afc429ec """ See the full comment at https://github.com/SSSD/sssd/pull/697#issuecomment-441124522 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][closed] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697 Author: jhrozek Title: #697: RESPONDER: Log failures from bind() and listen() Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/697/head:pr697 git checkout pr697 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#697][+Pushed] RESPONDER: Log failures from bind() and listen()
URL: https://github.com/SSSD/sssd/pull/697 Title: #697: RESPONDER: Log failures from bind() and listen() Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#680][+Accepted] pytest: Add test case for Expired sudo rule
URL: https://github.com/SSSD/sssd/pull/680 Title: #680: pytest: Add test case for Expired sudo rule Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#680][+Pushed] pytest: Add test case for Expired sudo rule
URL: https://github.com/SSSD/sssd/pull/680 Title: #680: pytest: Add test case for Expired sudo rule Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#680][closed] pytest: Add test case for Expired sudo rule
URL: https://github.com/SSSD/sssd/pull/680 Author: mrniranjan Title: #680: pytest: Add test case for Expired sudo rule Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/680/head:pr680 git checkout pr680 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#680][comment] pytest: Add test case for Expired sudo rule
URL: https://github.com/SSSD/sssd/pull/680 Title: #680: pytest: Add test case for Expired sudo rule jhrozek commented: """ I fixed the unused import and pushed the patches to master: 5c550e72ea9939139d2e9b0b7e3c6a534568d799 fa2106a7af9d70380c9694a1a15752f39531f6f0 a5133f3ab384c2e3f37081bb73fdf705edc45ee6 4dcef883255b25f3a38cd67bcef3a6d3eb7d1c26 ba87d78343a42e716a2ea32890b16f33c62002a2 6dcc34d09e0f583743dc4a74076eb30e505deed1 """ See the full comment at https://github.com/SSSD/sssd/pull/680#issuecomment-441123603 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#698][comment] Add support for EC keys
URL: https://github.com/SSSD/sssd/pull/698 Title: #698: Add support for EC keys jhrozek commented: """ * master: 3906e5f41a00063127e07f5ca696a25eea2e8bb7 4e627add38af409ec6a5023212677956babca1e7 41c4661b6fd237b156606bfd0d8ca3edd5a16795 ad3356d105835718f57edb7844e1fed911770610 d64d9cfbe9dc44db04b253aa08c05e645e10708a a7421b5260cd2edd07ec5c0fefd240e76c5a0f03 a0cdc3bdf0e7f8ef15997f269b6f1ca5cab85825 ef631f9e61e7a0e168cce9071470839a4c04114c 6286f8120ac9986b418f4f08f26d6808cf028a9b """ See the full comment at https://github.com/SSSD/sssd/pull/698#issuecomment-441124986 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#698][+Pushed] Add support for EC keys
URL: https://github.com/SSSD/sssd/pull/698 Title: #698: Add support for EC keys Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#698][closed] Add support for EC keys
URL: https://github.com/SSSD/sssd/pull/698 Author: sumit-bose Title: #698: Add support for EC keys Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/698/head:pr698 git checkout pr698 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#644][closed] When multiple UIDs exist, use the username provided by the user as the first lookup
URL: https://github.com/SSSD/sssd/pull/644 Author: joeFischetti Title: #644: When multiple UIDs exist, use the username provided by the user as the first lookup Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/644/head:pr644 git checkout pr644 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#644][+Rejected] When multiple UIDs exist, use the username provided by the user as the first lookup
URL: https://github.com/SSSD/sssd/pull/644 Title: #644: When multiple UIDs exist, use the username provided by the user as the first lookup Label: +Rejected ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org