On Fri, 2012-11-02 at 09:16 -0400, Dmitri Pal wrote:
On 11/02/2012 07:22 AM, Petr Spacek wrote:
On 11/02/2012 11:10 AM, Petr Viktorin wrote:
On 11/02/2012 10:46 AM, Martin Kosek wrote:
On 11/01/2012 07:28 PM, Simo Sorce wrote:
On Thu, 2012-11-01 at 10:59 -0400, Rob Crittenden wrote:
Rob
On Fri, 2012-11-02 at 11:16 -0400, John Dennis wrote:
On 11/02/2012 10:56 AM, Simo Sorce wrote:
I do not like the trac approach because it is not automatic, so it is
completely inconsistent, and also because trac is extremely slow.
Factoring out the whole patchwork issue I do have to agree
On Fri, 2012-11-02 at 16:35 +0100, Jan Cholasta wrote:
On 2.11.2012 15:56, Simo Sorce wrote:
On Fri, 2012-11-02 at 09:16 -0400, Dmitri Pal wrote:
On 11/02/2012 07:22 AM, Petr Spacek wrote:
On 11/02/2012 11:10 AM, Petr Viktorin wrote:
On 11/02/2012 10:46 AM, Martin Kosek wrote:
On 11/01
a possibility, or maybe we consider ':ALL' the
'escaping' version to be able to reference and actual entity called
'ALL' (I would prefer the escaping rule).
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel
|| in the previous condition ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
On Fri, 2012-11-02 at 19:11 +0100, Jakub Hrozek wrote:
On Fri, Nov 02, 2012 at 01:53:52PM -0400, Simo Sorce wrote:
On Thu, 2012-11-01 at 17:36 +0100, Pavel Březina wrote:
+if (ctx-is_daemon ctx-parent_pid 0
+ ctx-parent_pid == getppid()) {
+if (ctx
the patch that changes the code ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
();
+/* Close fd's 0,1,2. Needed if started by rsh */
+close_low_fds();
}
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
is created in
server_setup()
Also it doesn't say why you remove check_file on the pidfile ?
Can you explain ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org
than 80, would be nice to
fold that.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
SSSDBG_IMPORTANT_INFO SSSDBG_OP_FAILURE
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
On Fri, 2012-11-02 at 22:58 +0100, Pavel Březina wrote:
I'm sending a new set of patches. There are the three original and two
new.
The changes on the three original patches are all good, ack on those.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
selinux policy works ok now, in F18 it should be
fine.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
On Tue, 2012-11-06 at 14:46 +0100, Ondrej Kos wrote:
On 11/02/2012 05:32 PM, Simo Sorce wrote:
On Fri, 2012-11-02 at 10:10 -0400, Dmitri Pal wrote:
On 11/02/2012 09:50 AM, Stef Walter wrote:
On 11/02/2012 01:57 PM, Dmitri Pal wrote:
First let us define a general rule about how we treat
On Tue, 2012-11-06 at 15:10 +0100, Ondrej Kos wrote:
On 11/06/2012 02:52 PM, Simo Sorce wrote:
On Tue, 2012-11-06 at 14:46 +0100, Ondrej Kos wrote:
On 11/02/2012 05:32 PM, Simo Sorce wrote:
On Fri, 2012-11-02 at 10:10 -0400, Dmitri Pal wrote:
On 11/02/2012 09:50 AM, Stef Walter wrote
On Tue, 2012-11-06 at 10:26 -0500, Dmitri Pal wrote:
On 11/06/2012 09:24 AM, Simo Sorce wrote:
On Tue, 2012-11-06 at 15:10 +0100, Ondrej Kos wrote:
On 11/06/2012 02:52 PM, Simo Sorce wrote:
On Tue, 2012-11-06 at 14:46 +0100, Ondrej Kos wrote:
On 11/02/2012 05:32 PM, Simo Sorce wrote
On Tue, 2012-11-06 at 09:08 +0100, Jakub Hrozek wrote:
On Wed, Oct 31, 2012 at 06:37:31PM -0400, Simo Sorce wrote:
No functionality changes,
[..]
+static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx,
+ struct sysdb_ctx *sysdb
On Tue, 2012-11-06 at 09:07 +0100, Jakub Hrozek wrote:
On Wed, Oct 31, 2012 at 06:37:30PM -0400, Simo Sorce wrote:
While I was working on an unrelated patchset I couldn't help fixing some
of the code to properly use tevent_req style and naming conventions.
I think the krb5_auth code
On Tue, 2012-11-06 at 09:09 +0100, Jakub Hrozek wrote:
On Wed, Oct 31, 2012 at 06:37:33PM -0400, Simo Sorce wrote:
Also do not intermix two tevent_req sequences
---
src/providers/ipa/ipa_id.c | 151
+---
1 files changed, 71 insertions(+), 80
On Tue, 2012-11-06 at 09:09 +0100, Jakub Hrozek wrote:
On Wed, Oct 31, 2012 at 06:37:34PM -0400, Simo Sorce wrote:
---
src/providers/ipa/ipa_id.c | 128
1 files changed, 69 insertions(+), 59 deletions(-)
diff --git a/src/providers/ipa
---
src/providers/ipa/ipa_id.c|5 +-
src/providers/ipa/ipa_id.h| 10 ++--
src/providers/ipa/ipa_subdomains_id.c | 73 +
3 files changed, 36 insertions(+), 52 deletions(-)
diff --git a/src/providers/ipa/ipa_id.c
Also do not intermix two tevent_req sequences
---
src/providers/ipa/ipa_id.c | 151 +---
1 files changed, 71 insertions(+), 80 deletions(-)
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c
index
No functionality changes,
just make the code respect the tevent_req style and naming conventions
and enhance readability by adding some helper functions.
---
src/providers/krb5/krb5_access.c |6 +-
src/providers/krb5/krb5_auth.c | 685 --
In particular note that we merge ipa_account_info_netgroups_done()
and ipa_account_info_users_done() into a single fucntion called
ipa_account_info_done() that handles both cases
We also remove the auxiliary function ipa_account_info_complete() that
unnecessarily violates the tevent_req style and
Avoids hardcoding magic numbers everywhere and self documents why a
mask is being applied.
---
src/providers/data_provider.h |1 +
src/providers/ipa/ipa_id.c|2 +-
src/providers/ipa/ipa_subdomains_id.c |2 +-
src/providers/ldap/ldap_id.c |2 +-
Make it clear to the API users that we can not take arbitrary auth tokens.
We can only take a password for now so simplify and clarify the interface.
---
src/db/sysdb.h |3 +--
src/db/sysdb_ops.c | 12 +---
src/providers/krb5/krb5_auth.c | 23
This is useful for wiping passwords, as it prevents the compiler from
optimizing out a memset to zero before a free()
---
src/util/util.c |9 +
src/util/util.h | 10 ++
2 files changed, 19 insertions(+), 0 deletions(-)
diff --git a/src/util/util.c b/src/util/util.c
index
but it would have
required a lot more allocations and pointers, and made the patchset larger.
Fixes: https://fedorahosted.org/sssd/ticket/1586
Simo.
Simo Sorce (4):
Code can only check for cached passwords
Add function to safely wipe memory.
Add authtok utility functions.
Change pam data auth
/util_lock.c
diff --git a/src/util/authtok.c b/src/util/authtok.c
new file mode 100644
index
..1f45953378021e9d30559030326134794965b240
--- /dev/null
+++ b/src/util/authtok.c
@@ -0,0 +1,195 @@
+/*
+ SSSD - auth utils
+
+ Copyright (C) Simo Sorce s...@redhat.com
- _add_gid_list
_del_gid_count - _del_gid_num
_del_gids - _del_gid_list
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
NULL pointers and free a NULL context.
talloc_steal and talloc_free do not crash if you pass NULL, but it is
strange to see all this done when clearly you never set anything in
there.
Not fatal, if you feel strongly that jumping to done is better I am ok
with it too.
Simo.
--
Simo Sorce * Red Hat
different fullname) that information is simply
discarded and not updated.
I thik keeping these 2 separate makes it more readable and avoids this
bug.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
domain.
Can you please ad a comment on why you are also removing code that sets
group_attrs ?
I can't see why at a glance.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https
While looking at the mc code I came up with this patch that makes the
code a little bit cleaner.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From 514c1249dd8b7156c2da9c4006836ab21a9aee98 Mon Sep 17 00:00:00 2001
From: Simo Sorce s...@redhat.com
Date: Tue, 16 Oct 2012 15:21:50 -0400
Subject
fro quite a while that using pam
status internally is quite confusing.
We should probably finally define our own internal error range and start
adding errors there, then have error translators like this one used at
the edges only.
Should we open a ticket ?
Simo.
--
Simo Sorce * Red Hat, Inc
On Fri, 2012-11-09 at 09:00 +0100, Jakub Hrozek wrote:
On Thu, Nov 08, 2012 at 02:19:57PM -0500, Simo Sorce wrote:
On Thu, 2012-11-08 at 20:09 +0100, Jakub Hrozek wrote:
I noticed that if offline auth failed for any reason including
mistyped
password, we would always print System Error
(SSSDBG_CRIT_FAILURE,
- (Unable to retrieve user info [%d]: %s\n,
strerror(ret)));
+ (Unable to retrieve user info [%d]: %s\n, ret,
strerror(ret)));
goto done;
}
The comment says 2 debug messages, but the patch only has one, which is
wrong ?
Simo.
--
Simo Sorce * Red
On Fri, 2012-11-09 at 15:10 +0100, Michal Židek wrote:
On 11/08/2012 08:16 PM, Simo Sorce wrote:
While looking at the mc code I came up with this patch that makes the
code a little bit cleaner.
ACK.
Thanks, pushed to master only.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
On Fri, 2012-11-09 at 12:09 +0100, Sumit Bose wrote:
New series attached.
ack and pushed to master and 1-9
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https
password based logins with full
HABC checking. getent passwd/group commands also return the extected outputs.
Please review carefully.
Simo Sorce (1):
Refactor the way subdomain accounts are saved
src/db/sysdb_search.c| 17 +++-
src/providers/data_provider_be.c | 11
The original sysdb code had a strong assumption that only users from one
domain are saved in the databse, with the subdomain feature, we have
changed reality, but have not adjusted all the code arund the sysdb calls
to not rely on the original assumption.
One of the side effects of this
, the fully qualified name format is an
option that admins can change, and the sudo client have no way to know
what that is.
I think before I allow to further change this protocol I need to
understand why it is transporting the domain name at all.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
On Mon, 2012-11-12 at 13:30 +0100, Sumit Bose wrote:
On Sat, Nov 10, 2012 at 10:05:36PM -0500, Simo Sorce wrote:
This patch changes the way subdomain users are stored in the database.
Thank you for the patch.
I run couple of test and have not see an issue so far. But I have a
couple
to document. It
carries way too many breaches of trust for both domains.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
On Mon, 2012-11-12 at 16:47 +0100, Pavel Březina wrote:
This patch hides following message:
[client_registration] (0x0020): Unknown client! [PAC]
Ack!
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel
On Mon, 2012-11-12 at 17:49 +0100, Jakub Hrozek wrote:
Please see the patch and the commit message.
Why not simply do the operation but not fail on errors ?
Is the operation really unnecessary ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
to remove those member from struct be_ctx?
What do you replace the debug messages with ?
It's useful to know when clients disconnect, that's why we have the
msgs.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel
On Mon, 2012-11-12 at 20:17 +0100, Jakub Hrozek wrote:
On Mon, Nov 12, 2012 at 01:34:01PM -0500, Simo Sorce wrote:
On Mon, 2012-11-12 at 17:49 +0100, Jakub Hrozek wrote:
Please see the patch and the commit message.
Why not simply do the operation but not fail on errors ?
We delete
On Mon, 2012-11-12 at 21:36 +0100, Sumit Bose wrote:
On Mon, Nov 12, 2012 at 01:36:50PM -0500, Simo Sorce wrote:
On Mon, 2012-11-12 at 18:31 +0100, Sumit Bose wrote:
I wonder if those becli-bectx-*_cli members are still used
somewhere?
The only place I see is be_client_destructor
On Tue, 2012-11-13 at 13:13 +0100, Jakub Hrozek wrote:
On Mon, Nov 12, 2012 at 10:10:25AM -0500, Simo Sorce wrote:
On Mon, 2012-11-12 at 09:05 -0500, Dmitri Pal wrote:
I changed the subject because this is a separate discussion and not a
review of the patches.
It is generally
, paranoia is the next step :-)
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
On Tue, 2012-11-13 at 17:59 -0800, Paul B. Henson wrote:
On Tue, Nov 13, 2012 at 08:08:20PM -0500, Simo Sorce wrote:
Is this part really necessary ?
If you do not fetch members from LDAP then memberuid will usually be
empty anyway. In any case even if there is something (initgroups
This macro is already available in util/util.h which is expicitly included
in this file.
---
src/ldb_modules/memberof.c |4
1 files changed, 0 insertions(+), 4 deletions(-)
diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c
index
reverted that and then applied a fix to avoid const warnings, as they
are bogus in this case.
I also removed a duplicated macro that was out of sync already.
Simo Sorce (3):
Revert Avoid accessing half-deallocated memory when using
talloc_zfree macro.
Avoid duplicating macros
Avoid const
In some case we allocate and assign data to a const pointer.
When we then try to free it we would get a const warning because talloc_free
accepts a void, not a const void pointer. Use discard_const to avoid the
warning, it is safe in this case.
---
src/util/util.h |2 +-
1 files changed, 1
On Wed, 2012-11-14 at 08:48 -0500, Stephen Gallagher wrote:
On Wed 14 Nov 2012 01:24:15 AM EST, Paul B. Henson wrote:
On Nov 13, 2012, at 9:06 PM, Simo Sorce s...@redhat.com wrote:
Well my concern is allowing people to get the perf. benefit you
need, as
you may not be the only one who
memory context.
Simo Sorce (1):
Simplify writing db update functions
src/db/sysdb_upgrade.c | 621 +++-
1 files changed, 196 insertions(+), 425 deletions(-)
___
sssd-devel mailing list
sssd-devel
Add functions to automate setting versions numbers in the db, also
decrease chances of error in copying and pasting code, by setting
the version number only once when we commence the upgrade.
---
src/db/sysdb_upgrade.c | 621 +++-
1 files changed, 196
to better fit in sysdb.c).
Yes please, rename them to be sysdb_* functions and move them in sysdb
where they belong.
The util/ shouldn't have component specific functions.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd
On Wed, 2012-11-14 at 17:06 +0100, Jakub Hrozek wrote:
On Wed, Nov 14, 2012 at 05:01:34PM +0100, Pavel Březina wrote:
On 11/14/2012 03:01 PM, Simo Sorce wrote:
This reverts commit ff57c6aeb80a52b1f52bd1dac9308a69dc7a4774.
This commit doesn't really make sense, we are never accessing
On Wed, 2012-11-14 at 17:16 +0100, Sumit Bose wrote:
On Wed, Nov 14, 2012 at 09:01:15AM -0500, Simo Sorce wrote:
In some case we allocate and assign data to a const pointer.
When we then try to free it we would get a const warning because talloc_free
accepts a void, not a const void pointer
good
plain text
document
attachment
(0002-Fix-compare_principal_realm-check.patch)
this too
plain text
document
attachment
(0003-Disable-canonicalization-during-password-changes.patch)
not tested but looks good too.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
. It looks that it will be changed to 'const
char *'
+ * in Version 1.11. */
+#define SSSD_KRB5_CHANGEPW_PRINCIPAL discard_const(kadmin/changepw)
Nack, given it is being changed to const char * in 1.11 I think we
should just live with the const warnings for now.
Simo.
--
Simo Sorce * Red Hat, Inc
The original sysdb code had a strong assumption that only users from one
domain are saved in the databse, with the subdomain feature, we have
changed reality, but have not adjusted all the code arund the sysdb calls
to not rely on the original assumption.
One of the side effects of this
In subdomains we have to use fully qualified usernames.
Unfortunately we have no other good option than simply removing
caches for users of subdomains.
This is because the memberof plugin does not support the rename operation.
---
src/db/sysdb.c |7
src/db/sysdb_private.h |4
From: Sumit Bose sb...@redhat.com
Currently the sysdb context is pointed to the subdomain subtree
containing user the user to be checked at the beginning of a HBAC
request. As a result all HBAC rules and related data is save in the
subdomain tree as well. But since the HBAC rules of the
://fedorahosted.org/sssd/ticket/1629
Simo Sorce (2):
Refactor the way subdomain accounts are saved
Handle conversion to fully qualified usernames
Sumit Bose (1):
Do not save HBAC rules in subdomain subtree
src/db/sysdb.c |7 +++
src/db/sysdb_private.h |4 +-
src
On Wed, 2012-11-14 at 10:59 -0800, Paul B. Henson wrote:
On Wed, Nov 14, 2012 at 09:04:24AM -0500, Simo Sorce wrote:
Ok, put down this way it tips my opinion toward the currently proposed
patch.
Cool. Is there anything else I need to do to move this forward?
No we just need someone
think a switch/case
statement would be much more clear (also avoids adding a variable as you
use it once):
switch(cli_ctx-cli_protocol_version-version) {
case 0:
DEBUG(..);
break;
case SSS_SUDO_PROTOCOL_VERSION:
break;
default:
DEBUG(invalid...);
break;
}
Simo.
--
Simo Sorce
personally don't think it is something we
need to bother with (at least not right now). What is your opinion?
Not working %#gid is a small part of a bug opened by Nikolai:
https://fedorahosted.org/sssd/ticket/1624
I would defer unless someone asks for it.
Simo.
--
Simo Sorce * Red Hat, Inc * New
instead of group_attrs
(ghostel in #4).
No, el is not a talloc_context, it is an element in an array so you
can't use it. The code above is correct.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel
user I find this page exaplains very well why
80 columns are used and gives you a better understanding of why I pushed
hard to have this rule in the coding style:
http://www.emacswiki.org/emacs/EightyColumnRule
It's a bit more than because I like it :-)
Simo.
--
Simo Sorce * Red Hat, Inc * New York
On Thu, 2012-11-15 at 11:52 +0100, Sumit Bose wrote:
On Wed, Nov 14, 2012 at 12:30:24PM -0500, Simo Sorce wrote:
This patch changes the way subdomain users are stored in the database.
The reason for changing the way we do it is that the sysdb code, before the
subdomain patches were added
Added wrappers as Sumit requested.
Simo Sorce (2):
Refactor the way subdomain accounts are saved
Handle conversion to fully qualified usernames
Sumit Bose (1):
Do not save HBAC rules in subdomain subtree
src/db/sysdb.c |7 +++
src/db/sysdb.h
From: Sumit Bose sb...@redhat.com
Currently the sysdb context is pointed to the subdomain subtree
containing user the user to be checked at the beginning of a HBAC
request. As a result all HBAC rules and related data is save in the
subdomain tree as well. But since the HBAC rules of the
In subdomains we have to use fully qualified usernames.
Unfortunately we have no other good option than simply removing
caches for users of subdomains.
This is because the memberof plugin does not support the rename operation.
---
src/db/sysdb.c |7
src/db/sysdb_private.h |4
The original sysdb code had a strong assumption that only users from one
domain are saved in the databse, with the subdomain feature, we have
changed reality, but have not adjusted all the code arund the sysdb calls
to not rely on the original assumption.
One of the side effects of this
On Fri, 2012-11-16 at 13:34 -0500, Simo Sorce wrote:
Added wrappers as Sumit requested.
Please ignore this set, I introduced a crash bug in refactoring the
getXXnam() calls as Sumit asked.
I'll send a new patchset soon.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
Resolved segfault, everything else as before.
Simo Sorce (2):
Refactor the way subdomain accounts are saved
Handle conversion to fully qualified usernames
Sumit Bose (1):
Do not save HBAC rules in subdomain subtree
src/db/sysdb.c |7 +++
src/db/sysdb.h
From: Sumit Bose sb...@redhat.com
Currently the sysdb context is pointed to the subdomain subtree
containing user the user to be checked at the beginning of a HBAC
request. As a result all HBAC rules and related data is save in the
subdomain tree as well. But since the HBAC rules of the
The original sysdb code had a strong assumption that only users from one
domain are saved in the databse, with the subdomain feature, we have
changed reality, but have not adjusted all the code arund the sysdb calls
to not rely on the original assumption.
One of the side effects of this
In subdomains we have to use fully qualified usernames.
Unfortunately we have no other good option than simply removing
caches for users of subdomains.
This is because the memberof plugin does not support the rename operation.
---
src/db/sysdb.c |7
src/db/sysdb_private.h |4
This should be hte last revision (last famous words :-)
Simo.
Simo Sorce (2):
Refactor the way subdomain accounts are saved
Handle conversion to fully qualified usernames
Sumit Bose (1):
Do not save HBAC rules in subdomain subtree
src/db/sysdb.c |7 +++
src/db/sysdb.h
The original sysdb code had a strong assumption that only users from one
domain are saved in the databse, with the subdomain feature, we have
changed reality, but have not adjusted all the code arund the sysdb calls
to not rely on the original assumption.
One of the side effects of this
In subdomains we have to use fully qualified usernames.
Unfortunately we have no other good option than simply removing
caches for users of subdomains.
This is because the memberof plugin does not support the rename operation.
---
src/db/sysdb.c |7
src/db/sysdb_private.h |4
From: Sumit Bose sb...@redhat.com
Currently the sysdb context is pointed to the subdomain subtree
containing user the user to be checked at the beginning of a HBAC
request. As a result all HBAC rules and related data is save in the
subdomain tree as well. But since the HBAC rules of the
On Sat, 2012-11-17 at 20:53 +0100, Jakub Hrozek wrote:
The connections request was terminated before setting the expiry
timeout
in case no authentication was set.
https://fedorahosted.org/sssd/ticket/1649
Ack.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
On Sun, 2012-11-18 at 18:27 +0100, Jakub Hrozek wrote:
On Sun, Nov 18, 2012 at 06:05:45PM +0100, Sumit Bose wrote:
On Fri, Nov 16, 2012 at 04:25:41PM -0500, Simo Sorce wrote:
Sumit found 2 issues in the patch.
1. the 2 new wrapper proptotypes used _res as variable names
On Mon, 2012-11-19 at 00:00 +0100, Jakub Hrozek wrote:
Simo noted during our debugging session that some sysdb macros are
unused. This patch removes them.
ACK
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel
On Mon, 2012-11-19 at 00:01 +0100, Jakub Hrozek wrote:
I noticed this small bug when I was working on another ticket.
ACK
this was ok as a oneliner push too.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel
On Mon, 2012-11-19 at 00:06 +0100, Jakub Hrozek wrote:
https://fedorahosted.org/sssd/ticket/1650
ACK
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman
On Mon, 2012-11-19 at 14:13 +0100, Michal Židek wrote:
SSSDBG_CRITICAL_FAILURE or SSSDBG_FATAL_FAILURE
It seem that you are expanding the set of errors printed when no debug
level is set.
Before it was just the old level 0, now it's the old level 0 and 1.
Why ?
Simo.
--
Simo Sorce * Red Hat
On Mon, 2012-11-19 at 12:37 +0100, Sumit Bose wrote:
On Wed, Nov 14, 2012 at 09:17:53AM -0500, Simo Sorce wrote:
While approaching the problem of updating the DB after a patch I am working
on I noticed that we do have a lot of biolerplate code in there that could
very simply be tucked
I see no issues, so I would ack.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
(err) {
case IDMAP_NO_DOMAIN:
...
break;
case IDMAP_BUILTIN_SID:
...
break;
default:
...
}
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org
failure
(we can later on use this feature to implement negative caching at the
mc layer).
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
On Wed, 2012-11-21 at 15:56 +0100, Michal Židek wrote:
On 11/21/2012 02:31 PM, Simo Sorce wrote:
On Tue, 2012-11-20 at 14:29 +0100, Michal Židek wrote:
On 11/20/2012 02:22 PM, Michal Židek wrote:
Patch 1: sss_cache refactor. See patch description for more details.
Patch 2: Remove mmap
ago:
http://git.fedorahosted.org/cgit/sssd.git/commit/?id=ba098f8670c680c805531dd2714f32bd2c108860
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman
that really confused me
initially also got removed.
(I propose this for master only)
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From a909978c5a1188a48a8838d851e29aca08809445 Mon Sep 17 00:00:00 2001
From: Simo Sorce s...@redhat.com
Date: Thu, 22 Nov 2012 12:39:38 -0500
Subject: [PATCH] Refactor
See commit msg, just a minor defensive fix.
--
Simo Sorce * Red Hat, Inc * New York
From 169c3026b4719c9456536c13e9c86f64bb53d734 Mon Sep 17 00:00:00 2001
From: Simo Sorce s...@redhat.com
Date: Thu, 22 Nov 2012 16:06:14 -0500
Subject: [PATCH] Save errno before it might be modified.
The DEBUG
701 - 800 of 1474 matches
Mail list logo