On Mon, Mar 01, 2010 at 09:52:12AM -0600, George McCollister wrote:
I fixed a handful of alignment problems in sss_client and nss responder.
Enumerating group and passwd with getgrent and getpwent now works
correctly on ARM.
Cheers,
George McCollister
Thanks for the contribution. The patch
On Thu, Mar 04, 2010 at 06:54:44PM +0100, Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/04/2010 06:27 PM, Jakub Hrozek wrote:
The attached patch also moves the localhost test into the networked
tests so we can safely build on systems that lack the localhost
:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 4 Mar 2010 12:44:21 +0100
Subject: [PATCH 1/2] Write the IP address of the KDC to the kdcinfo file
---
src/krb5_plugin/sssd_krb5_locator_plugin.c | 78 ++--
src/providers/ipa/ipa_common.c | 14 -
src
On Fri, Mar 05, 2010 at 12:00:41PM -0500, Dmitri Pal wrote:
Sumit Bose wrote:
Hi,
the following two patches are related to the Kerberos locator plugin.
The first patch removes the name resolution from the locator plugin and
let it use the IP address found by the resolver code
On Fri, Feb 26, 2010 at 04:43:56PM +0100, Sumit Bose wrote:
On Wed, Feb 24, 2010 at 09:56:47AM -0500, Simo Sorce wrote:
On Wed, 24 Feb 2010 12:05:18 +0100
Sumit Bose sb...@redhat.com wrote:
+old_umask = umask();
+ret = mkdir(dirname, 01777);
+umask(old_umask
On Mon, Mar 01, 2010 at 11:04:25AM +0100, Sumit Bose wrote:
On Thu, Feb 25, 2010 at 08:50:43PM +0100, Sumit Bose wrote:
On Thu, Feb 25, 2010 at 01:27:34PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/25/2010 12:31 PM, Sumit Bose wrote:
Hi
On Mon, Mar 08, 2010 at 02:07:00PM +0100, Sumit Bose wrote:
On Mon, Mar 01, 2010 at 11:04:25AM +0100, Sumit Bose wrote:
On Thu, Feb 25, 2010 at 08:50:43PM +0100, Sumit Bose wrote:
On Thu, Feb 25, 2010 at 01:27:34PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE
2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 9 Feb 2010 12:39:49 +0100
Subject: [PATCH] Add better checks on PAM socket
- check if the public socket belongs to root and has 0666 permissions
- use a SCM_CREDENTIALS message if available
---
src/external/platform.m4| 12
On Mon, Mar 08, 2010 at 11:50:38AM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/08/2010 08:40 AM, Sumit Bose wrote:
This new version makes it a configuration error if both lists are
defined in the config file.
bye,
Sumit
Nack (though
On Mon, Mar 08, 2010 at 03:53:03PM +0100, Martin Nagy wrote:
On 03/08/2010 02:45 PM, Sumit Bose wrote:
On Mon, Mar 08, 2010 at 04:29:12AM +0100, Martin Nagy wrote:
On 03/05/2010 08:19 PM, Sumit Bose wrote:
On Fri, Mar 05, 2010 at 12:00:41PM -0500, Dmitri Pal wrote:
Sumit Bose wrote:
Hi
haven't add to option to the IPA provider, because I think here the
kpasswd always runs together with the KDC.
bye,
Sumit
From 986a9b0238b88cbf20e11a1c523161d78d797964 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 10 Mar 2010 17:03:23 +0100
Subject: [PATCH] Add krb5_kadmin
On Thu, Mar 11, 2010 at 11:00:58AM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/11/2010 10:05 AM, Sumit Bose wrote:
On Thu, Mar 11, 2010 at 07:19:13AM -0500, Stephen Gallagher wrote:
On 03/10/2010 11:18 AM, Sumit Bose wrote:
Hi
On Fri, Mar 12, 2010 at 04:45:27PM +0100, Ralf Haferkamp wrote:
Hi,
here are some more patches regarding the handling of the LDAP ppolicy
control.
Patch1: An error code of LDAP_INVALID_CREDENTIALS + a ppolicy control
with the error PP_passwordExpired indicates an expire password
On Fri, Mar 12, 2010 at 04:37:26PM +0100, Ralf Haferkamp wrote:
Hi,
I did some testing of pam_sss and the LDAP backend's password policy
features and ran into some issue. One of the being the getuid() == 0
checks in pam_sss when checking whether the user needs to be prompted for
the old
be a much simpler way to get the creds of the peer.
Please wait for a new patch.
bye,
Sumit
George McCollister
On 03/08/2010 07:55 AM, Sumit Bose wrote:
Hi,
this patch adds a check the public PAM socket it a socket that belongs
to root for all plattforms and uses a SCM_CREDENTIALS
On Mon, Mar 15, 2010 at 02:00:39PM -0500, George McCollister wrote:
Now the server side is also fixed. Added comments.
Regards,
George McCollister
Thank you very much. This patch works for me, too.
ACK
bye,
Sumit
___
sssd-devel mailing list
Hi,
the LDAP search paths in the IPA access modules currently will only work
with single word domain names. This patch fixes this and adds some
tests.
bye,
Sumit
From c610f72c5b8b28067e24cb72319603e7d906a6d8 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 15 Mar 2010 20:58
From b3a32bc1e9d4b5e572e29504f749ba78f0e10c8a Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 17 Mar 2010 12:52:54 +0100
Subject: [PATCH] Fixes for client communication
- catch all errors of send() and recv(), not only EAGAIN
- check if send() or recv() return EWOULDBLOCK
On Wed, Mar 17, 2010 at 01:16:24PM +0100, Sumit Bose wrote:
Hi,
this patch fixes some issues in the client communication code of the
responders.
The man pages of send() and recv() tell to following:
EAGAIN or EWOULDBLOCK
The socket is marked non-blocking and the requested operation
On Thu, Mar 18, 2010 at 12:15:39PM -0400, Dmitri Pal wrote:
Ralf Haferkamp wrote:
Am Donnerstag 18 März 2010 15:25:49 schrieb Dmitri Pal:
Ralf Haferkamp wrote:
Am Donnerstag 18 März 2010 12:42:23 schrieb Simo Sorce:
On Wed, 17 Mar 2010 15:33:38 +0100
Ralf
On Thu, Mar 18, 2010 at 05:51:13PM -0400, Simo Sorce wrote:
Some time ago I added code to fetch the rootdse on connection, but
didn't publicize it too much.
Attached find 2 patches.
1) Rework the way we store data fetched from the rootdse so the it is
more useful and is actually
On Thu, Mar 18, 2010 at 07:39:32PM -0400, Simo Sorce wrote:
These bugs were never much important as they tend to happen only when
the monitor exits. Yet analyzing them I found some problems that might
happen also on a normally running daemon. It is also bad to have the
monitor potentially
Hi,
this patch implements a request from #419 to lower the debug level for
some LDAP result codes.
bye,
Sumit
From d4498190f7d0d119a56a041e73a7fa996f1eea70 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 19 Mar 2010 15:44:15 +0100
Subject: [PATCH] Lower debug level
/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -7,6 +7,7 @@
Sumit Bose sb...@redhat.com
Copyright (C) 2008 Red Hat
+Copyright (C) 2010, rha...@suse.de, Novell Inc.
This program is free software; you can redistribute it and/or modify
it under
Hi,
this patch should fix #433 'Changing password with Kerberos succeeds,
but still returns an error message'
bye,
Sumit
From bcdb6851f7c01010c6c45cf81a816f6d0be96067 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 23 Mar 2010 15:26:33 +0100
Subject: [PATCH] Fix kinit after
On Tue, Mar 23, 2010 at 03:36:43PM +0100, Sumit Bose wrote:
Hi,
this patch should fix #433 'Changing password with Kerberos succeeds,
but still returns an error message'
bye,
Sumit
With a suggestion from Nalin I came to a much simpler and more flexible
solution.
New version attached
Hi,
this patch should fix #431 by setting LDAP_OPT_RESTART before
ldap_sasl_interactive_bind_s() is called.
bye,
Sumit
From 78f0b014c374e62301e411272ab0443ecce74787 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 23 Mar 2010 17:01:59 +0100
Subject: [PATCH] Set
On Wed, Mar 24, 2010 at 06:56:10AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/24/2010 06:49 AM, Stephen Gallagher wrote:
On 03/23/2010 04:51 PM, Simo Sorce wrote:
On Tue, 23 Mar 2010 16:38:57 -0400
Stephen Gallagher sgall...@redhat.com wrote:
On Tue, Mar 16, 2010 at 11:55:23AM +0100, Sumit Bose wrote:
Hi,
the LDAP search paths in the IPA access modules currently will only work
with single word domain names. This patch fixes this and adds some
tests.
bye,
Sumit
Hi,
this is a new version of the patch where
- the fixes
.
To make the review easier the first patch reverts the previous attempt.
bye,
Sumit
From 480d2e7f822256f1bd871b34007b261047a2bb46 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 26 Mar 2010 10:11:22 +0100
Subject: [PATCH 1/2] Revert Add better checks on PAM socket
This reverts
On Sun, Mar 21, 2010 at 10:54:28AM -0400, Simo Sorce wrote:
I have completed the work of making sysdb synchronous in my
fedorapeople repository.
Although all core functionality seem to work we need some careful
testing of stuff I touched that I wasn't able to test like the IPA HBAC
stuff.
On Wed, Apr 14, 2010 at 10:48:28AM +0400, Eugene Indenbom wrote:
...
3. My patch contained an additional fix to sdap_handle_release.
Before calling op callbacks LDAP callback data was destroyed:
commit: sssd-1_1_1
line 102:talloc_zfree(sh-conncb-lc_arg);
and later LDAP handle was
30487b82a2968bd74cd6c3aecc9a459d08559abd Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 15 Apr 2010 11:30:55 +0200
Subject: [PATCH] Set LDAP_OPT_RESTART for all LDAP connections
---
src/providers/ldap/sdap_async_connection.c | 14 +++---
1 files changed, 7 insertions(+), 7 deletions(-)
diff --git
On Wed, Mar 31, 2010 at 03:29:58PM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/29/2010 05:23 AM, Sumit Bose wrote:
Hi,
please find attached my second attempt to exchange uid, gid and pid
between PAM client and responder. This new apporoach does
On Thu, Apr 15, 2010 at 08:24:59AM -0400, Stephen Gallagher wrote:
On 04/15/2010 07:49 AM, Sumit Bose wrote:
New version attached.
bye,
Sumit
Nack.
Warnings seen while compiling on Fedora 13:
../../src/responder/common/responder_common.c: In function
‘get_client_cred
: Sumit Bose sb...@redhat.com
Date: Thu, 15 Apr 2010 18:26:18 +0200
Subject: [PATCH] Make the handling of fd events opaque
Depending on the version of the OpenLDAP libraries we use two different
schemes to find the file descriptor of the connection to the LDAP
server. This patch removes the related
On Thu, Apr 15, 2010 at 02:24:09PM -0400, Stephen Gallagher wrote:
Using sssm_*_init() as the name of the initialization function for
identity providers was a holdover from earlier development when we
thought we would only have a single provider entry in the config
file.
As we have now
On Thu, Apr 15, 2010 at 10:06:30AM -0400, Stephen Gallagher wrote:
As requested in https://fedorahosted.org/sssd/ticket/438
ACK
bye,
Sumit
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
On Fri, Apr 16, 2010 at 02:21:03PM +0200, Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/16/2010 01:51 PM, Sumit Bose wrote:
in the most simple case only ipa_server is needed. (If we can resolve
service records we wouldn't even need this.)
Related question
From 1776ba3f543c8c7ce1adfc77555d5ff8c48a37e6 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 21 Apr 2010 10:46:01 +0200
Subject: [PATCH 1/2] Unset authentication tokens if password change fails
---
src/sss_client/pam_sss.c | 79
On Fri, Apr 23, 2010 at 02:37:01PM +0200, Martin Nagy wrote:
On Fri, 2010-04-23 at 11:28 +0200, Sumit Bose wrote:
On Thu, Apr 22, 2010 at 11:58:10PM +0200, Martin Nagy wrote:
On 04/16/2010 12:22 PM, Sumit Bose wrote:
Hi,
to support the current effort to make the LDAP provider
On Thu, Apr 22, 2010 at 09:03:25AM -0400, Stephen Gallagher wrote:
On 04/22/2010 06:08 AM, Sumit Bose wrote:
Hi,
the two patches attached should fix #446 and #417 respectively.
For #417 a different solution, where the message is generated by SSSD
and send to the client, would
On Mon, Apr 26, 2010 at 08:13:40AM -0400, Stephen Gallagher wrote:
On 04/26/2010 07:41 AM, Sumit Bose wrote:
On Thu, Apr 22, 2010 at 09:03:25AM -0400, Stephen Gallagher wrote:
On 04/22/2010 06:08 AM, Sumit Bose wrote:
Hi,
the two patches attached should fix #446 and #417 respectively
Hi,
the patch which removes the authentication tokens from the PAM stack
didn't return the right status code if a password change fails. To make
it easier to read I introduced a new variable.
bye,
Sumit
From 5a17478b0cdee8309bd018be85dec62b33e92322 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb
On Tue, Apr 27, 2010 at 07:44:24AM -0400, Stephen Gallagher wrote:
On 04/27/2010 07:18 AM, Sumit Bose wrote:
Hi,
the patch which removes the authentication tokens from the PAM stack
didn't return the right status code if a password change fails. To make
it easier to read I introduced
to indicate why a password change failed, too. The rest of the patch
changes the way the response from the child is packed and unpacked to
allow more than one response message.
bye,
Sumit
From cbf80a5f3aa12917c6c05dc264916564caf40068 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri
- 'Handle Krb5 password expiration warning' which handles the warning
for the Kerberos provider
bye,
Sumit
From 2bc2ce2d6df038ca1cca1edb6daf040d1878d0bc Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 22 Apr 2010 15:28:50 +0200
Subject: [PATCH] Add more warnings about nearly
On Wed, Apr 28, 2010 at 03:26:29PM -0400, Stephen Gallagher wrote:
On 04/28/2010 02:57 PM, Stephen Gallagher wrote:
Simo made some excellent suggestions on IRC, so I have incorporated them:
First, I changed the interface for be_add_online_cb() so that it will
now take a mem_ctx and pass back
will rebase/rewrite it for
master later.
bye,
Sumit
From 2bdf54dff9ab0de473fadedf6d7dd52c8e13 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 19 Apr 2010 11:59:09 +0200
Subject: [PATCH] Add support for delayed kinit if offline
If the configuration option
On Fri, Apr 30, 2010 at 10:18:39AM -0400, Stephen Gallagher wrote:
On 04/29/2010 07:27 AM, Sumit Bose wrote:
Sorry, the first patch had dependencies to another patch, new version
attached.
bye,
Sumit
On Tue, Apr 27, 2010 at 02:08:02PM +0200, Sumit Bose wrote:
Hi,
this two
Hi,
this patch corrects a return value in check_user() of the IPA access
provider.
bye,
Sumit
From 428cec338b9e078178ec5ea8013a5f33af698d60 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 3 May 2010 10:06:39 +0200
Subject: [PATCH] Fix a wrong return value in IPA HBAC
On Thu, Apr 29, 2010 at 06:21:20PM +0200, Sumit Bose wrote:
Hi,
this patch should fix #305 'The kerberos provider should automatically
kinit users when it goes online'.
This patch depends on:
- 'Split pam_data utilities into a separate file'
- 'Add callback when the ID provider
On Fri, Apr 30, 2010 at 05:36:27PM +0200, Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Kerberos backend would previously try only the first server and if
it was unreachable, it immediatelly went offline.
This patch was rebased on top of Sumit's tevent_req rewrite
On Fri, Apr 30, 2010 at 05:42:46PM +0200, Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is a rebased version of the patch that applies on top of the recent
changes that went into 1.2.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using
On Mon, May 03, 2010 at 02:29:39PM -0400, Stephen Gallagher wrote:
On 04/30/2010 12:10 PM, Sumit Bose wrote:
On Fri, Apr 30, 2010 at 10:18:39AM -0400, Stephen Gallagher wrote:
On 04/29/2010 07:27 AM, Sumit Bose wrote:
Sorry, the first patch had dependencies to another patch, new version
On Mon, May 03, 2010 at 09:39:44AM -0400, Stephen Gallagher wrote:
On 05/03/2010 07:36 AM, Stephen Gallagher wrote:
On 05/02/2010 05:19 PM, Stephen Gallagher wrote:
On 05/02/2010 03:37 PM, Stephen Gallagher wrote:
On 05/02/2010 08:10 AM, Stephen Gallagher wrote:
Previously, we could set up
Hi,
my comments are in line.
bye,
Sumit
On Mon, May 03, 2010 at 04:02:38PM -0400, Stephen Gallagher wrote:
On 05/03/2010 11:32 AM, Stephen Gallagher wrote:
Addresses https://fedorahosted.org/sssd/ticket/368
This adds two new options:
ipa_dyndns_update: Boolean value to select whether
Hi,
this patch fixes an issue discussed on the freeipa-user mailing list.
Now the service names should be compared properly.
bye,
Sumit
From 04106537c8df884457b14d99c3767dc3a6516d33 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 3 May 2010 23:25:27 +0200
Subject: [PATCH
On Tue, May 04, 2010 at 01:40:03PM +0200, Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 03:16 PM, Sumit Bose wrote:
On Fri, Apr 30, 2010 at 05:42:46PM +0200, Jakub Hrozek wrote:
This is a rebased version of the patch that applies on top of the recent
/providers/ipa/ipa_dyndns.h
@@ -1,12 +1,12 @@
/*
SSSD
-IPA Backend Module -- Authentication
+ipa_dyndns.h
Authors:
-Sumit Bose sb...@redhat.com
+Stephen Gallagher sgall...@redhat.com
-Copyright (C) 2009 Red Hat
+Copyright (C) 2010 Red Hat
On Tue, May 04, 2010 at 03:16:12PM -0400, Stephen Gallagher wrote:
On 05/03/2010 04:44 PM, Sumit Bose wrote:
On Mon, May 03, 2010 at 10:39:57PM +0200, Sumit Bose wrote:
On Mon, May 03, 2010 at 02:29:39PM -0400, Stephen Gallagher wrote:
On 04/30/2010 12:10 PM, Sumit Bose wrote:
On Fri, Apr
Hi,
this patch should fix #408 by adding and option named retry to pam_sss.
bye,
Sumit
From 123bc673de7f6696882dcc4865589a60e3177b19 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 28 Apr 2010 10:01:06 +0200
Subject: [PATCH] Add retry option to pam_sss
---
src/man/pam_sss
Hi,
this patch should solve #470 by calling be_resolve_server_send() during
startup.
bye,
Sumit
From 0a61519bcb149b81d932c6f188d8c67be257d658 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 7 May 2010 15:28:21 +0200
Subject: [PATCH] Create kdcinfo and kpasswdinfo file
fabde503df784065f11b109e9f60bba86fec777e Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 28 Apr 2010 10:01:06 +0200
Subject: [PATCH] Add retry option to pam_sss
---
src/man/pam_sss.8.xml| 17
src/sss_client/pam_sss.c | 239
Hi,
with this patch we avoid to send an illegal address back to libkrb5 and
return KRB5_KDC_UNREACH instead.
bye,
Sumit
From eb2aac56ac4ef14c90521a27fb58c8b292f7eb0e Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 11 May 2010 14:17:47 +0200
Subject: [PATCH] Improve offline
Hi,
this patch makes the lifetime of the TGT for the SASL LDAP connection
configurable and should fix #467.
bye,
Sumit
From cbd8f27e83d92de46e0c43cb9bdc316d282db7f3 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 11 May 2010 17:51:02 +0200
Subject: [PATCH] Add
On Thu, May 13, 2010 at 02:02:57PM -0400, Stephen Gallagher wrote:
On 05/13/2010 12:07 PM, Simo Sorce wrote:
On Thu, 13 May 2010 10:56:35 -0400
Stephen Gallaghersgall...@redhat.com wrote:
+ret = sysdb_attrs_add_uint32(attrs, SYSDB_LDAP_ACCESS,
+
On Fri, May 14, 2010 at 11:55:01AM -0400, Stephen Gallagher wrote:
On 05/14/2010 08:29 AM, Sumit Bose wrote:
Hi,
this series of patches aims to fix the handling of the info file for the
locator plugin to allow a graceful fallback to the configuration from
krb5.conf is the sssd backend
fail in the rare case where the id provider is not the LDAP
provider. This patch sould fix it.
bye,
Sumit
From cc5ba82def650a6edbcdbbc4ff93a0c1d3f0aa86 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 19 May 2010 10:07:59 +0200
Subject: [PATCH] Fix check if LDAP id provider
Hi,
the patch adds a small delay to sbus_dispatch() to avoid log flooding.
bye,
Sumit
From 25c3ada18e44032cd6a2416914bac628a7034c55 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 19 May 2010 17:49:45 +0200
Subject: [PATCH] Defer sbus_dispatch() for 30ms during reconnect
Hi,
although I'm still not sure where the related DBus message is freed this
patch fixes the potential issue of accessing already freed data by
copying it out of the message.
bye,
Sumit
From fa2663d1c267870fca905404c6e718447ead538b Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date
Hi,
this patch will reduce the number of log messages if there are no
online callbacks and makes sure the run_online_cb flag has always the
right value.
bye,
Sumit
From 46f2b6482205171ec8dffe61ae93e57efcfe299a Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 20 May 2010 13
On Tue, May 18, 2010 at 04:54:23PM -0400, Stephen Gallagher wrote:
Addresses https://fedorahosted.org/sssd/ticket/482
Turns out there is an openldap way to do this. It's just ugly.
ACK, but
-int lret;
+int lret, optret;
-int ret;
+char *tlserr;
+int ret,
On Thu, May 20, 2010 at 07:19:47AM -0400, Stephen Gallagher wrote:
On 05/20/2010 04:24 AM, Sumit Bose wrote:
Hi,
although I'm still not sure where the related DBus message is freed this
patch fixes the potential issue of accessing already freed data by
copying it out of the message
On Fri, May 21, 2010 at 03:42:10PM +1000, David O'Brien wrote:
David O'Brien wrote:
I'm trying to elaborate and improve the doc on configuring domains, and
I'm looking for more info on how to use a proxy. I've been looking over
what's in the sssd.conf man page, but unlike ldap and krb5,
Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 21 May 2010 11:09:11 +0200
Subject: [PATCH] Remove signal event if child was terminated by a signal
---
src/providers/child_common.c | 26 +-
src/providers/ipa/ipa_dyndns.c |9 -
2 files
Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 21 May 2010 16:06:28 +0200
Subject: [PATCH] Do not modify IPA_DOMAIN when setting Kerberos realm
---
src/providers/ipa/ipa_common.c | 26 --
1 files changed, 20 insertions(+), 6 deletions(-)
diff --git
00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 21 May 2010 15:16:15 +0200
Subject: [PATCH 1/2] Check ipaEnabledFlag
---
src/providers/ipa/ipa_access.c | 28 +++-
1 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/src/providers/ipa/ipa_access.c b
On Fri, Apr 30, 2010 at 05:39:53PM +0200, Jakub Hrozek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/28/2010 02:21 PM, Jakub Hrozek wrote:
The Kerberos backend would previously try only the first server and if
it was unreachable, it immediatelly went offline.
Attached is a
Hi,
this is the rebased version of 'Handle Krb5 password expiration
warning'. It depends on Jakub's 'Try all servers during Kerberos auth'.
bye,
Sumit
From f5374da65f1bd96f0d07205deeab3a99d9ab94ee Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Fri, 23 Apr 2010 13:37:22 +0200
On Tue, May 25, 2010 at 01:06:00PM -0400, Stephen Gallagher wrote:
On 05/14/2010 02:57 PM, Stephen Gallagher wrote:
On 05/13/2010 03:21 PM, Stephen Gallagher wrote:
Attached is a version of the ldap_access_filter patch that applies to
master.
New version of the patch that ports the changes
Hi,
please find enclosed 4 smaller patch which have already been commited to
1.2 but are missing in master.
bye,
Sumit
From 686439bae8df1afea258b6f7ab02d44cf4523929 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 20 May 2010 13:18:30 +0200
Subject: [PATCH 1/4] Reset
,
Sumit
From a1fb83addf3d70677d3377852c59e8da14970a19 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 19 May 2010 15:23:34 +0200
Subject: [PATCH] Use new schema for HBAC service checks
---
src/providers/ipa/ipa_access.c | 658 ++--
src
Hi,
I have made the same error a second time and forget to check the length
before calling strncmp(). This patch should fix it and applies to 1.2
and master.
bye,
Sumit
From 813a4f808aec3168547c266f7506f0059f8d8485 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 31 May 2010
From: Sumit Bose sb...@redhat.com
Date: Tue, 25 May 2010 13:59:41 +0200
Subject: [PATCH] Fix handling of ccache file when going offline
The ccache file was removed too early if system is offline but the
backend was not already marked offline. Now we remove the ccache file
only if the successfully
On Mon, May 31, 2010 at 04:25:02PM +0200, Torsten Spindler wrote:
On Mon, 2010-05-31 at 09:25 -0400, Stephen Gallagher wrote:
Hmm, that's odd. Check your startup script for SSSD. It should include
--debug-to-files.
Thanks, I'll ask the developer to add this to the Ubuntu upstart script.
5ba0fe3f3067f9c502bed898328d49652f05a053 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 31 May 2010 17:24:36 +0200
Subject: [PATCH] Remove service groups
Because the memberOf attribute is now set for the service objects we do
not need to fetch the service groups separately anymore.
---
src/providers/ipa
Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 1 Jun 2010 12:30:41 +0200
Subject: [PATCH] Unify sdap and sysdb data handling
---
src/providers/ipa/ipa_access.c | 189 ++--
1 files changed, 104 insertions(+), 85 deletions(-)
diff --git a/src
On Tue, Jun 01, 2010 at 01:11:32PM -0400, Stephen Gallagher wrote:
On 06/01/2010 05:41 AM, Sumit Bose wrote:
Hi,
this patch removes the service groups from the IPA access provider
because with working memberOf attributed for the service objects they
are not necessary anymore
On Mon, Jun 07, 2010 at 04:02:26PM -0400, Stephen Gallagher wrote:
Sumit, I'm requesting that you perform this review, as you are most
familiar with this bit of code.
Under certain circumstances, the openldap libraries will continue
internally trying to reconnect to a connection lost (as
Hi,
this patch should fix #521 by setting the unitialized return code to
EPERM.
bye.
Sumit
From acefb8cc713d1cc3e56f2815e2cdb1fc292a8ccc Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 9 Jun 2010 12:42:10 +0200
Subject: [PATCH] Add a missing return value
---
src/providers
Hi,
this patch should fix #527 by setting the pointer to NULL after free.
This issue could be triggered if retries are configured and sssd does
not return a domain name.
bye,
Sumit
From 30288aa01c302912bbf3415e3ea2118764f3bfb8 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed
On Wed, Jun 09, 2010 at 07:56:33AM -0400, Stephen Gallagher wrote:
On 06/09/2010 06:52 AM, Sumit Bose wrote:
Hi,
this patch should fix #521 by setting the unitialized return code to
EPERM.
Ack.
sorry, EPERM is not the right return value here, because there is no
error in the current
On Wed, Jun 09, 2010 at 10:53:55AM -0400, Stephen Gallagher wrote:
All patches apply to both master and sssd-1-2.
...
From b21eecc180bb62f2783c50ebae30a20940636c8d Mon Sep 17 00:00:00 2001
From: Stephen Gallagher sgall...@redhat.com
Date: Wed, 9 Jun 2010 09:44:47 -0400
Subject: [PATCH
On Wed, Jun 09, 2010 at 12:21:15PM -0400, Stephen Gallagher wrote:
On 06/09/2010 11:09 AM, Sumit Bose wrote:
NACK, with this patch the backend returns with pd-pam_status not set.
Please change it to something like:
pd-pam_status = PAM_SYSTEM_ERR;
ipa_auth_reply(be_req
On Wed, Jun 09, 2010 at 12:21:15PM -0400, Stephen Gallagher wrote:
On 06/09/2010 11:09 AM, Sumit Bose wrote:
NACK, with this patch the backend returns with pd-pam_status not set.
Please change it to something like:
pd-pam_status = PAM_SYSTEM_ERR;
ipa_auth_reply(be_req
. The second removes the individual transactions and
introduces a common sysdb transaction.
Do we want/need a similar patch for master, too?
bye,
Sumit
From 95a2ae812c5d2fd85a17ec7c98eb5ae55ee67aa6 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 2 Jun 2010 11:45:24 +0200
Subject
On Fri, Jun 18, 2010 at 02:02:34PM +1000, David O'Brien wrote:
This time I'm wrestling with native LDAP vs any other sort of LDAP,
and where does MS Active Directory fit in?
afaik native LDAP just means LDAP provides the identities and does the
authentication. If I'm using OpenLDAP or 389
On Fri, Jun 18, 2010 at 04:16:03PM +1000, David O'Brien wrote:
The src/examples/sssd.conf file still has min_id = 1000 in the Active
Directory example.
Is this by design or accident?
I think it is ok in the AD case to keep the min_id at 1000, because
typically Windows assigns high UID
On Wed, Jun 23, 2010 at 06:02:24PM +0400, Alexander Gordeev wrote:
On Wed, 23 Jun 2010 09:35:42 -0400
Stephen Gallagher step...@gallagherhome.com wrote:
I don't think we ever tested GSSAPI over LDAPS. I'm not sure if that
works. Can you try over straight LDAP? The GSSAPI SASL mechanism
201 - 300 of 3319 matches
Mail list logo