Re: [SSSD] [PATCH] Add support for the EntryCacheNoWaitRefreshTimeout

2009-08-17 Thread Sumit Bose
On Fri, Aug 14, 2009 at 03:46:54PM -0400, Stephen Gallagher wrote: This timeout specifies the lifetime of a cache entry before it is updated out-of-band. When this timeout is hit, the request will still complete from cache, but the SSSD will also go and update the cached entry in the

Re: [SSSD] [PATCH] Remove unneeded binary objects from the replace directory

2009-08-18 Thread Sumit Bose
On Mon, Aug 17, 2009 at 02:12:12PM -0400, Stephen Gallagher wrote: These were unintentionally committed binary files. They were used by the Samba project during cross-compilation, but they serve no purpose for us. ACK bye, Sumit ___ sssd-devel

[SSSD] [PATCH] fix return value of confdb_get_domains

2009-08-18 Thread Sumit Bose
Hi, while testing Stephen's 'only one local domain' patch I found that if the last configured domain is broken sssd terminates even if there valid domains available. The following patch will fix this. bye, Sumit From 095e85ac304ac36aad39a0c4edb436b287770771 Mon Sep 17 00:00:00 2001 From: Sumit

[SSSD] [PATCH] added missing hash_create which was remove by a previous patch

2009-08-18 Thread Sumit Bose
Hi, commit c0f3393d4ab923e2eedab0fad88a864e2aae9fc9 removed a needed hash_create. This patch adds it again. bye, Sumit From 26584f63fdf4139c1d3bf6577e9dd26a5c2520ae Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Tue, 18 Aug 2009 11:57:50 +0200 Subject: [PATCH] added missing

Re: [SSSD] [PATCH] Make the LOCAL provider always use MagicPrivateGroups

2009-08-20 Thread Sumit Bose
On Thu, Aug 20, 2009 at 10:50:29AM -0400, Stephen Gallagher wrote: On 08/20/2009 10:34 AM, Stephen Gallagher wrote: This patch will resolve https://fedorahosted.org/sssd/ticket/95 by making MPG=false an impossible configuration for the LOCAL provider.

Re: [SSSD] [PATCH] Make the LOCAL provider always use MagicPrivateGroups

2009-08-20 Thread Sumit Bose
On Thu, Aug 20, 2009 at 11:11:22AM -0400, Stephen Gallagher wrote: On 08/20/2009 10:59 AM, Sumit Bose wrote: On Thu, Aug 20, 2009 at 10:50:29AM -0400, Stephen Gallagher wrote: On 08/20/2009 10:34 AM, Stephen Gallagher wrote: This patch will resolve https://fedorahosted.org/sssd/ticket/95

Re: [SSSD] [PATCHES] Fix RHEL5 builds (was: [PATCH] Fix usage of $(builddir) in SSSD)

2009-08-20 Thread Sumit Bose
On Thu, Aug 20, 2009 at 11:15:30AM -0400, Stephen Gallagher wrote: On 08/20/2009 07:27 AM, Stephen Gallagher wrote: On 08/19/2009 07:40 PM, Dmitri Pal wrote: Dmitri Pal wrote: Stephen Gallagher wrote: There are some old versions of automake that do not define $(builddir) correctly.

[SSSD] [PATCH] use stored upn if available

2009-08-21 Thread Sumit Bose
From 6bc7402f112d8ed612d0a8128e74459d4c072809 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Fri, 21 Aug 2009 12:08:31 +0200 Subject: [PATCH] use stored upn if available If a user principle name (upn) can be found in sysdb the krb5 backend will use this otherwise is build

Re: [SSSD] [PATCH] Disallow all legacy operations outside domains

2009-08-21 Thread Sumit Bose
On Fri, Aug 21, 2009 at 02:01:32PM +0200, Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/21/2009 01:19 PM, Jakub Hrozek wrote: On 08/21/2009 11:24 AM, Jakub Hrozek wrote: One of my previous patches disallowed adding users and groups outside known domains but I

Re: [SSSD] [PATCHES] make enumerations a background task

2009-08-27 Thread Sumit Bose
On Thu, Aug 27, 2009 at 09:21:55AM -0400, Simo Sorce wrote: On Thu, 2009-08-27 at 01:03 -0400, Simo Sorce wrote: This affects only the ldap driver. Enumerations are now a background task, on startup a full enumeration is performed. Then every 5 minutes (changeable default) only

[SSSD] [PATCH] check if gid attribute is empty

2009-08-28 Thread Sumit Bose
a9a1c7e26b919c2edb6fa64fbb4e7d9e243eb565 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Thu, 27 Aug 2009 14:05:36 +0200 Subject: [PATCH] check if gid attribute is empty --- server/providers/ldap/sdap_async.c |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/server

Re: [SSSD] [Freeipa-devel] [PATCH] add configure check for errno_t

2009-08-28 Thread Sumit Bose
On Thu, Aug 27, 2009 at 09:38:14AM -0400, Simo Sorce wrote: On Wed, 2009-08-26 at 13:25 +0200, Sumit Bose wrote: I have include the check in the sss_client directory, but I'm reluctant to add it to common, too. IMO the maintainers of the packages should decide if errno_t makes sense

Re: [SSSD] [PATCH] Speed up NSS enumeration code

2009-08-28 Thread Sumit Bose
On Thu, Aug 27, 2009 at 01:58:15PM -0400, Simo Sorce wrote: This patch should make the enumeration code ~ O(log n) instead of O(n) On my system it brought enumeration down from 12s to 4s with the same data set. Although I haven't measured it I see a speed-up, too. I have only one issue

[SSSD] [PATCH] send SSSD_REALM and SSSD_KDCIP environment to the client

2009-08-28 Thread Sumit Bose
From: Sumit Bose sb...@redhat.com Date: Wed, 26 Aug 2009 11:08:55 +0200 Subject: [PATCH] send SSSD_REALM and SSSD_KDCIP environment to the client Currently the kerberos locator plugin needs these two variables to be set to find a KDC which is configured in sssd but not in /etc/krb5.conf. --- server

Re: [SSSD] [PATCH] send SSSD_REALM and SSSD_KDCIP environment to the client

2009-08-28 Thread Sumit Bose
On Fri, Aug 28, 2009 at 12:16:51PM +0200, Sumit Bose wrote: Hi, the environment variable which are send back by this patch are currently needed in the user session of the client. When the DNS helper is available and used by the kerberos locator plugin they can be removed. bye, Sumit

[SSSD] [PATCH] fix internal order of ldap user mapping options

2009-08-28 Thread Sumit Bose
Hi, a previous patch added a new attribute and also changed the internal order of the existing attributes. This patch changes the numbering of the attributes to match the new order. bye, Sumit From a4e1484f0dc9297f9c609196e4356e97d244ad14 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb

[SSSD] [PATCH] add change password target to krb5 backend

2009-08-31 Thread Sumit Bose
8443d492480bf186feabae3debb505203676620c Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Mon, 24 Aug 2009 13:52:23 +0200 Subject: [PATCH] add change password target to krb5 backend --- server/Makefile.am|2 +- server/man/sssd-krb5.5.xml| 17 ++- server/providers/krb5

[SSSD] [PATCH] remove the concept of a backend name

2009-09-02 Thread Sumit Bose
tests which uses 'provider=files' might fail if I have messed up the expansion. bye, Sumit From 79ffba6e5d1ee01fe8474aacaec412e9387a85df Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Wed, 2 Sep 2009 12:21:55 +0200 Subject: [PATCH] remove the concept of a backend name The data

Re: [SSSD] [PATCH] honour enumerate in ldap backend

2009-09-02 Thread Sumit Bose
On Tue, Sep 01, 2009 at 04:35:14PM -0400, Simo Sorce wrote: On Tue, 2009-09-01 at 16:33 -0400, Simo Sorce wrote: When enumerate is set to flse we don't return entries on an enumerating getent but we still run the enumeration task. Obey the enumerate flag and don't start the task if it is

Re: [SSSD] [PATCH] Fix proxy enumerations with newer tevent

2009-09-02 Thread Sumit Bose
On Tue, Sep 01, 2009 at 04:36:26PM -0400, Simo Sorce wrote: newer tevent versions (correctly) fail if loops are nested. fix the code to never nest loops. Simo. If during a enumeration an uid/gid is found which is not in the range, the whole transaction is canceled and nothing is cached. Is

Re: [SSSD] [PATCH] Fix proxy enumerations with newer tevent

2009-09-02 Thread Sumit Bose
On Wed, Sep 02, 2009 at 09:16:41AM -0400, Simo Sorce wrote: On Wed, 2009-09-02 at 09:07 -0400, Simo Sorce wrote: On Wed, 2009-09-02 at 14:53 +0200, Sumit Bose wrote: On Tue, Sep 01, 2009 at 04:36:26PM -0400, Simo Sorce wrote: newer tevent versions (correctly) fail if loops are nested

[SSSD] [PATCH] configure cleanups

2009-09-03 Thread Sumit Bose
2001 From: Sumit Bose sb...@redhat.com Date: Thu, 3 Sep 2009 13:36:22 +0200 Subject: [PATCH] configure cleanups - replaced mailing list address - let sssd base components read version from VERSION --- VERSION |1 + common/collection/configure.ac |2

[SSSD] [RFC][PATCH] adding domain-type config option

2009-09-03 Thread Sumit Bose
. To handle more than one meta-option this patch needs a bit more abstraction, but I would like to get some feedback on the general idea. Thanks. bye, Sumit From 2d58e76d1300dd5d7457642d3a0dc54ee1f8e81f Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Wed, 2 Sep 2009 11:58:17 +0200

Re: [SSSD] [RFC][PATCH] adding domain-type config option

2009-09-03 Thread Sumit Bose
On Thu, Sep 03, 2009 at 09:35:49AM -0400, Simo Sorce wrote: On Thu, 2009-09-03 at 09:13 -0400, Simo Sorce wrote: On Thu, 2009-09-03 at 14:02 +0200, Sumit Bose wrote: Hi, this patch is work in progress, please do not push it to the master repository. I think it makes sense

[SSSD] [PATCH] fix libdbus configure check

2009-09-08 Thread Sumit Bose
Hi, this patch adds some autotols cleanups. bye, Sumit From 9775390adcaa7ad42f78930d9ffa5bbadb85cff5 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Mon, 7 Sep 2009 18:06:21 +0200 Subject: [PATCH] fix libdbus configure check - remove unneeded CFLAGS component - do not leak

[SSSD] [PATCH] initialize sockaddr_in structure

2009-09-08 Thread Sumit Bose
Hi, valgrind told me that the sockaddr_in structure might be used uninitialized. This patch fixes this and adds some debugging messages I found useful to follow the usage of the plugin. bye, Sumit From be17f8cefb0b2485fde334d60eddd3dababa1fb1 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb

Re: [SSSD] Unpleasant warnings

2009-09-08 Thread Sumit Bose
an error, too. I cannot see the other warnings, what compiler options and code revision are you using? bye, Sumit From 08b9b713d3da341c161b1bd6505d9f3968b84f6b Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Tue, 8 Sep 2009 12:08:39 +0200 Subject: [PATCH] fix two possible

Re: [SSSD] [PATCH] Split database file to one per domain

2009-09-08 Thread Sumit Bose
On Fri, Sep 04, 2009 at 06:02:09PM -0400, Simo Sorce wrote: Hello list. So far we have been using a single database file for all our caches as well as for the local domain. Initially I used a single database because I thought we could optimize some search queries when it came to

[SSSD] [PATCH] more fixes for older libpcre versions

2009-09-09 Thread Sumit Bose
Hi, older versions of libpcre only support the Python naming style, ?Pname, for subpatterns. This patch changes our default pattern and adds some hints about this. bye, Sumit From d5730a503f6d923c1cc21b27d7693a496e13e054 Mon Sep 17 00:00:00 2001 From: sbose sb...@sles10.site Date: Wed, 9 Sep

Re: [SSSD] [PATCH] Add support for the EntryCacheNoWaitRefreshTimeout

2009-09-09 Thread Sumit Bose
to examine whether the cache is still valid. Addressing other points from the review inline below. On 08/17/2009 11:19 AM, Sumit Bose wrote: On Fri, Aug 14, 2009 at 03:46:54PM -0400, Stephen Gallagher wrote: This timeout specifies the lifetime of a cache entry before it is updated out-of-band

[SSSD] [PATCH] Cleanups for library linking

2009-09-09 Thread Sumit Bose
Hi, I think the LDAP provider should link agains a LDAP library. So far it only worked, because sssd_be exports all symbols and links against libldb which links against libldap. bye, Sumit From 911e1f245e00b95621d1d21e43c688e8973ceb12 Mon Sep 17 00:00:00 2001 From: sbose sb...@sles10.site Date:

Re: [SSSD] [PATCH] Add support for the EntryCacheNoWaitRefreshTimeout

2009-09-09 Thread Sumit Bose
On Wed, Sep 09, 2009 at 08:25:19AM -0400, Stephen Gallagher wrote: On 09/09/2009 07:50 AM, Sumit Bose wrote: On Tue, Sep 08, 2009 at 08:32:55PM -0400, Stephen Gallagher wrote: I have refactored nsssrv_cmd.c and created a new patch for the EntryCacheNoWaitRefreshTimeout. I have created

Re: [SSSD] [PATCH] Add support for the EntryCacheNoWaitRefreshTimeout

2009-09-09 Thread Sumit Bose
to examine whether the cache is still valid. Addressing other points from the review inline below. On 08/17/2009 11:19 AM, Sumit Bose wrote: On Fri, Aug 14, 2009 at 03:46:54PM -0400, Stephen Gallagher wrote: This timeout specifies the lifetime of a cache entry before it is updated out-of-band

Re: [SSSD] [PATCH] Add support for the EntryCacheNoWaitRefreshTimeout

2009-09-09 Thread Sumit Bose
On Wed, Sep 09, 2009 at 08:58:54AM -0400, Stephen Gallagher wrote: On 09/09/2009 08:46 AM, Sumit Bose wrote: On Tue, Sep 08, 2009 at 08:32:55PM -0400, Stephen Gallagher wrote: I have refactored nsssrv_cmd.c and created a new patch for the EntryCacheNoWaitRefreshTimeout. I have created

Re: [SSSD] [PATCH] Let the PAM client send its PID

2009-09-11 Thread Sumit Bose
On Fri, Sep 11, 2009 at 09:07:01AM -0400, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/11/2009 06:13 AM, Sumit Bose wrote: Hi, with this patch the client sends its PID to sssd. This is at least needed by the krb5 provider if the client PID should

Re: [SSSD] [PATCH] Let the PAM client send its PID

2009-09-11 Thread Sumit Bose
On Fri, Sep 11, 2009 at 10:48:10AM -0400, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/11/2009 10:29 AM, Sumit Bose wrote: On Fri, Sep 11, 2009 at 09:07:01AM -0400, Stephen Gallagher wrote: On 09/11/2009 06:13 AM, Sumit Bose wrote: Hi, with this patch

Re: [SSSD] [PATCH] Let the PAM client send its PID

2009-09-12 Thread Sumit Bose
On Fri, Sep 11, 2009 at 05:46:24PM -0400, Simo Sorce wrote: On Fri, 2009-09-11 at 17:10 +0200, Sumit Bose wrote: Most of items are not mandatory at the protocol level. If e.g. the remote host is not known to the client it is not sent to the server and the server complains if he really

Re: [SSSD] [PATCH] Let the PAM client send its PID

2009-09-13 Thread Sumit Bose
On Sat, Sep 12, 2009 at 09:02:34PM -0400, Simo Sorce wrote: On Sat, 2009-09-12 at 10:11 +0200, Sumit Bose wrote: On Fri, Sep 11, 2009 at 05:46:24PM -0400, Simo Sorce wrote: On Fri, 2009-09-11 at 17:10 +0200, Sumit Bose wrote: Most of items are not mandatory at the protocol level. If e.g

[SSSD] [PATCH 1/3] Let the PAM client send its PID -- 2nd version

2009-09-14 Thread Sumit Bose
0003 makes cli_pid a mandatory item in the pam protocol and increments the protocol version to 3. IMO it is not necessary to push it, but I wouldn't mind if you prefer it this way. bye, Sumit From dacbe553befbdc7569369458ba9fa28d015d1d21 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com

[SSSD] [PATCH] add krb5ccache_dir and krb5ccname_template option

2009-09-14 Thread Sumit Bose
Hi, this patch add two new option to make the Kerberos provider of sssd more compatible with pam_krb5. bye, Sumit From 021ee9186ac3a6f9939f1ae0bc748aae112de660 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Thu, 10 Sep 2009 14:43:33 +0200 Subject: [PATCH] add krb5ccache_dir

Re: [SSSD] [PATCH] Make basic options typed

2009-09-14 Thread Sumit Bose
On Mon, Sep 14, 2009 at 08:03:14AM -0400, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2009 10:38 AM, Simo Sorce wrote: This patch finally allows us to define the type for basic options. It uses a union to store different types, and an enum to list the

Re: [SSSD] [PATCH] Make offline status backend global

2009-09-14 Thread Sumit Bose
On Mon, Sep 14, 2009 at 11:30:44AM -0400, Simo Sorce wrote: On Mon, 2009-09-14 at 07:48 -0400, Stephen Gallagher wrote: Just a nitpick, but why did you replace sbus_conn_send_reply() in be_check_online with sbus_get_connection and dbus_connection_send()? They are functionally identical.

[SSSD] [PATCH] fix the wrong usage of an offset

2009-09-14 Thread Sumit Bose
Hi, I hadn't checked a last minute change properly with the result that the detection if mkstemp should be used or not is broken. This patch should fix this. bye, Sumit From f40ae51b976c2022c07319235f2c1b31ead89636 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Mon, 14 Sep 2009

[SSSD] [PATCH] added child timeout handler

2009-09-14 Thread Sumit Bose
Hi, this patch adds a timeout handling for the kerberos children. If a child needs omre then krb5auth_timeout seconds to send a response it is killed and the baclend is marked offline. bye, Sumit From 4104863d945c66e947f47af6cde9141646bf51ce Mon Sep 17 00:00:00 2001 From: Sumit Bose sb

Re: [SSSD] [PATCH] Include m4 directories in tarball

2009-09-15 Thread Sumit Bose
On Tue, Sep 15, 2009 at 09:16:24AM -0400, Stephen Gallagher wrote: Due to differences in autotools, building RPMS on RHEL5 requires the m4 directories to be included in the tarball. ACK SLES10 needs this, too. bye, Sumit ___ sssd-devel mailing

[SSSD] [PATCH] Check if SSL/TLS handler is already in place

2009-09-16 Thread Sumit Bose
Hi, authentication via LDAPS currently fails, see bug #183. This patch should fix it. bye, Sumit From fe00b098f55e12e3ebb3e3a2f51a32e8b3919d67 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Wed, 16 Sep 2009 13:02:47 +0200 Subject: [PATCH] Check if SSL/TLS handler is already

Re: [SSSD] [PATCHES] a few basic fixed that caused segfaults/aborts

2009-09-23 Thread Sumit Bose
On Tue, Sep 22, 2009 at 01:10:34PM -0400, Simo Sorce wrote: 0001 caught compiling against talloc 2.0 0002 fixes long standing segfault with proxy+files Simo. ACK to both. bye, Sumit ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org

[SSSD] [PATCH] fix possible short reads in kerberos provider

2009-09-23 Thread Sumit Bose
Hi, this patch should fix #179. bye, Sumit From 3924dc5b18c9efbf3dbe9a1888e7e79bcbff Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Wed, 23 Sep 2009 13:54:49 +0200 Subject: [PATCH] fix possible short reads in kerberos provider --- server/providers/krb5/krb5_auth.c | 23

Re: [SSSD] [PATCH] Send debug messages to logfile

2009-09-24 Thread Sumit Bose
On Thu, Sep 24, 2009 at 11:56:00AM +0200, Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/23/2009 07:16 PM, Jakub Hrozek wrote: Introduces a new option --debug-to-files which makes SSSD output its debug information to a file instead of stderr, which is still the

[SSSD] [PATCH] declare hostip only in debug mode

2009-09-24 Thread Sumit Bose
Hi, this patch suppresses a compiler warning when KRB5_PLUGIN_DEBUG is not set, which is the common case. bye, Sumit From bc6076e2cf15cfe63afee133921063a12a611eec Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Thu, 24 Sep 2009 14:28:33 +0200 Subject: [PATCH] declare hostip only

Re: [SSSD] [PATCH] declare hostip only in debug mode

2009-09-24 Thread Sumit Bose
On Thu, Sep 24, 2009 at 09:09:04AM -0400, Simo Sorce wrote: On Thu, 2009-09-24 at 14:39 +0200, Sumit Bose wrote: Hi, this patch suppresses a compiler warning when KRB5_PLUGIN_DEBUG is not set, which is the common case. Sumit, would it be possible to use an env variable to control

[SSSD] [PATCH] toggle debug output of sssd_krb5_locator_plugin with an environment variable [was: [PATCH] declare hostip only in debug mode]

2009-09-24 Thread Sumit Bose
On Thu, Sep 24, 2009 at 03:21:49PM +0200, Sumit Bose wrote: On Thu, Sep 24, 2009 at 09:09:04AM -0400, Simo Sorce wrote: On Thu, 2009-09-24 at 14:39 +0200, Sumit Bose wrote: Hi, this patch suppresses a compiler warning when KRB5_PLUGIN_DEBUG is not set, which is the common case

Re: [SSSD] [PATCH] add new config options ldap_tls_cacert and ldap_tls_cacertdir

2009-09-25 Thread Sumit Bose
On Fri, Sep 25, 2009 at 06:33:57AM -0400, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/25/2009 06:16 AM, Sumit Bose wrote: Hi, this patch adds the config option ldap_tls_cacert and ldap_tls_cacertdir to specify the location of CA certificates

[SSSD] [PATCH] add defines for large file support to standard CFLAGS

2009-09-25 Thread Sumit Bose
to problems on systems where python was compiled without large file support, but I think most will have it. bye, Sumit From d28d33218bad200da3781921e1a98a095660121a Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Fri, 25 Sep 2009 17:12:06 +0200 Subject: [PATCH] add defines for large

[SSSD] [PATCH] remove krb5_try_simple_upn option and make it a default fallback [was: [PATCH] extend sssd-krb5 man page]

2009-09-25 Thread Sumit Bose
On Fri, Sep 25, 2009 at 09:40:49AM -0400, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/25/2009 09:09 AM, Sumit Bose wrote: Hi, this patch to the sssd-krb5 man page should clarify how the krb5 provider will find the right UPN. This hopefully fixes

[SSSD] [PATCH] update sysdb tests to new config file version

2009-09-28 Thread Sumit Bose
Hi, this patch should make sysdb tests happy again. bye, Sumit From cd13b1e84e8b9f972851e07857d6a547c6077677 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Mon, 28 Sep 2009 16:58:31 +0200 Subject: [PATCH] update sysdb tests to new config file version --- server/tests/sysdb

Re: [SSSD] [PATCH] Add config_from_fd() to ini_config

2009-09-28 Thread Sumit Bose
On Mon, Sep 28, 2009 at 10:33:22AM -0400, Stephen Gallagher wrote: On 09/28/2009 09:55 AM, Simo Sorce wrote: On Mon, 2009-09-28 at 09:38 -0400, Stephen Gallagher wrote: The SSSD needs a config_from_fd() variant of the config_from_file() call so that we can preopen a config file and

[SSSD] [PATCH] add utility call check_and_open_readonly

2009-09-28 Thread Sumit Bose
: Sumit Bose sb...@redhat.com Date: Mon, 28 Sep 2009 15:50:22 +0200 Subject: [PATCH] add utility call check_and_open_readonly --- server/Makefile.am | 13 +++- server/confdb/confdb_setup.c| 10 ++- server/monitor/monitor.c|2 +- server/tests/check_and_open

Re: [SSSD] [PATCH] add utility call check_and_open_readonly

2009-09-28 Thread Sumit Bose
On Mon, Sep 28, 2009 at 02:51:11PM -0400, Stephen Gallagher wrote: On 09/28/2009 01:52 PM, Stephen Gallagher wrote: On 09/28/2009 12:24 PM, Stephen Gallagher wrote: On 09/28/2009 11:49 AM, Sumit Bose wrote: Hi, with the patch the config file is only read if it is - a regular file

Re: [SSSD] [PATCH] Add config_from_fd() to ini_config

2009-09-28 Thread Sumit Bose
On Mon, Sep 28, 2009 at 02:50:30PM -0400, Stephen Gallagher wrote: On 09/28/2009 01:46 PM, Dmitri Pal wrote: Stephen Gallagher wrote: On 09/28/2009 09:55 AM, Simo Sorce wrote: On Mon, 2009-09-28 at 09:38 -0400, Stephen Gallagher wrote: The SSSD needs a config_from_fd() variant

Re: [SSSD] [PATCH] add utility call check_and_open_readonly

2009-10-05 Thread Sumit Bose
On Fri, Oct 02, 2009 at 03:20:33PM -0400, Stephen Gallagher wrote: On 09/28/2009 03:05 PM, Sumit Bose wrote: On Mon, Sep 28, 2009 at 02:51:11PM -0400, Stephen Gallagher wrote: On 09/28/2009 01:52 PM, Stephen Gallagher wrote: On 09/28/2009 12:24 PM, Stephen Gallagher wrote: On 09/28/2009

[SSSD] [PATCH] more documentation and test for sssd.conf

2009-10-05 Thread Sumit Bose
Hi, this patch adds a sentence about the strict requirements on sssd.conf to the man page and another test. bye, Sumit From ff281ef5250c2605d22fc10acb4daeaa85fbb35e Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Mon, 5 Oct 2009 09:10:32 +0200 Subject: [PATCH] more documentation

[SSSD] [PATCH] Add handling of expired passwords

2009-10-05 Thread Sumit Bose
: Sumit Bose sb...@redhat.com Date: Fri, 2 Oct 2009 13:50:20 +0200 Subject: [PATCH 1/3] handle expired password during authentication --- server/providers/krb5/krb5_child.c | 12 ++-- 1 files changed, 10 insertions(+), 2 deletions(-) diff --git a/server/providers/krb5/krb5_child.c b

[SSSD] LDAP and password management

2009-10-05 Thread Sumit Bose
Hi, there are two schemes of password management with LDAP servers - the LDAP server supports attributes like 'shadowLastChange', 'shadowExpire' etc to store the relevant information at a central storage, but the evaluation is done on the client - the server supports password policies (see

[SSSD] [PATCH] remove redundant talloc_free

2009-10-05 Thread Sumit Bose
Hi, this patch is a fix for bug #213. The reason for the bug is a double free during the call of the sdap timeout handler. bye, Sumit From da74240dd2d521d479327351ef2931aacfa9b3ac Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Mon, 5 Oct 2009 09:38:29 +0200 Subject: [PATCH

Re: [SSSD] [PATCH] Add handling of expired passwords

2009-10-05 Thread Sumit Bose
On Mon, Oct 05, 2009 at 10:45:04AM -0400, Simo Sorce wrote: On Mon, 2009-10-05 at 14:06 +0200, Sumit Bose wrote: On Mon, Oct 05, 2009 at 06:48:14AM -0400, Simo Sorce wrote: On Mon, 2009-10-05 at 10:45 +0200, Sumit Bose wrote: - currently PAM_AUTHTOK_EXPIRED is returned if the password

[SSSD] [PATCH] add support for server side LDAP password policies

2009-10-07 Thread Sumit Bose
of LDAP attributes indicating an expired password bye, Sumit From 316291baf060097d37579c675e06a9194e42c251 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Wed, 7 Oct 2009 18:15:27 +0200 Subject: [PATCH] add support for server side LDAP password policies - password policy request

[SSSD] [PATCH] add description of chpass_provider option to sssd.conf man page

2009-10-08 Thread Sumit Bose
Hi, this patch adds an explanation of the chpass_provider option to the sssd.conf man page. bye, Sumit From a2aa152c86bb4b470ac2b451aa8f90866f7ec1df Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Thu, 8 Oct 2009 09:58:11 +0200 Subject: [PATCH] add description of chpass_provider

Re: [SSSD] [PATCH] LDAP provider needs to link against krb libraries

2009-10-12 Thread Sumit Bose
On Mon, Oct 12, 2009 at 12:20:37PM +0200, Ralf Haferkamp wrote: Hi, since the LDAP provider does calls into the krb5 libs it should also be linked against them :). Attached patch should fix that. -- regards, Ralf Obviously correct. ACK Thanks. bye, Sumit

[SSSD] [PATCH] fix a wrong argument to unpack_buffer

2009-10-12 Thread Sumit Bose
Hi, Martin was so nice to point me to a bug introduced by the short read patch. This patch should fix it. bye, Sumit From 190ac953255966ad49d915f9ce6741543a3fa824 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Mon, 12 Oct 2009 12:13:36 +0200 Subject: [PATCH] fix a wrong

Re: [SSSD] [PATCH] use old password if available during password change

2009-10-12 Thread Sumit Bose
On Fri, Oct 09, 2009 at 04:29:42PM -0400, Simo Sorce wrote: On Fri, 2009-10-09 at 21:02 +0200, Sumit Bose wrote: Hi, this one should fix #223. Because sshd runs as root the old password was not sent to sssd and changing the user password failed. Please review carefully. I guess

[SSSD] [PATCH] enable debugging of krb5_child

2009-10-12 Thread Sumit Bose
to have matching permissions. A possible solution would be to create the file with 666 permissions during the setup of the kerberos backend. Any other ideas? bye, Sumit From b6b92883b333107e743cb6665716a17e6cdee964 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Mon, 12 Oct 2009 15:38

Re: [SSSD] [PATCH] enable debugging of krb5_child

2009-10-12 Thread Sumit Bose
On Mon, Oct 12, 2009 at 12:10:43PM -0400, Dmitri Pal wrote: Simo Sorce wrote: On Mon, 2009-10-12 at 10:47 -0400, Dmitri Pal wrote: Just pass the fd to the client, it's simple and doesn't require us to replicate logic to open/close debug files in the children. I didn't

Re: [SSSD] [PATCH] enable debugging of krb5_child

2009-10-13 Thread Sumit Bose
On Mon, Oct 12, 2009 at 10:28:05AM -0400, Simo Sorce wrote: On Mon, 2009-10-12 at 15:46 +0200, Sumit Bose wrote: There is a problem with --debug-to-files. krb5_child runs as the user requesting the ticket so the path to krb5_child.log needs to have matching permissions. A possible solution

Re: [SSSD] [PATCH] Package SSSDConfig API

2009-10-13 Thread Sumit Bose
On Tue, Oct 13, 2009 at 09:22:51AM -0400, Stephen Gallagher wrote: On 10/13/2009 08:08 AM, Stephen Gallagher wrote: On 10/13/2009 06:22 AM, Stephen Gallagher wrote: Do not push. This patch is incomplete. On Oct 12, 2009, at 5:27 PM, Simo Sorce sso...@redhat.com wrote: On Mon,

[SSSD] [PATCH] add a replacement if ldap_control_create is missing

2009-10-13 Thread Sumit Bose
Hi, this patch should fix the build issue on RHEL5 where ldap_control_create is not available. I'm preparing a similar patch for Kerberos. bye, Sumit From 2c8466a3c8d67dac39eb3ed237dd17a364ee6f7f Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Tue, 13 Oct 2009 12:11:07 +0200

Re: [SSSD] [PATCH] Check for expired passwords in LDAP provider

2009-10-15 Thread Sumit Bose
On Wed, Oct 14, 2009 at 07:45:46PM -0400, Simo Sorce wrote: On Fri, 2009-10-09 at 21:38 +0200, Sumit Bose wrote: Hi, with this patch the LDAP provider check typical attributes which determines the lifetime of a password. If there is more than one scheme available the following order

Re: [SSSD] [PATCH] enable debugging of krb5_child

2009-10-15 Thread Sumit Bose
89440744c616396fc56dd4990eb5a5b93284f8c4 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Mon, 12 Oct 2009 15:38:29 +0200 Subject: [PATCH] enable debugging of krb5_child --- server/Makefile.am |2 + server/providers/krb5/krb5_auth.c | 101

Re: [SSSD] [PATCH] set chpass_provider implicit if not set explicit

2009-10-15 Thread Sumit Bose
On Thu, Oct 15, 2009 at 12:12:57PM +0200, Sumit Bose wrote: On Wed, Oct 14, 2009 at 01:33:18PM -0400, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/14/2009 07:24 AM, Sumit Bose wrote: Hi, if auth_provider is set to a provider which can handle

Re: [SSSD] Design question

2009-10-16 Thread Sumit Bose
On Thu, Oct 15, 2009 at 05:26:14PM -0400, Dmitri Pal wrote: Hi, Couple questions about async processing. The communication usually consists of several parts. Imagine that you have an object that is responsible for some sort of communication (socket, pipe, file, bus - whatever). Here are

Re: [SSSD] [PATCH] add IPA backend

2009-10-16 Thread Sumit Bose
On Thu, Oct 15, 2009 at 07:10:26PM -0400, Simo Sorce wrote: This patcheset does the minimal necessary work to separate initialization from actual providers code for ldap and kerberos and uses this to introduce a first basic ipa provider skeleton that simply reuses the ldap and krb5 providers

Re: [SSSD] [PATCH] added generic LDAP search sdap_get_generic_send/_recv

2009-10-19 Thread Sumit Bose
On Fri, Oct 16, 2009 at 02:47:38PM -0400, Simo Sorce wrote: On Fri, 2009-10-16 at 11:58 +0200, Sumit Bose wrote: Hi, currently the sdap interface is only used by the ID provider and consequently only offers special search for users and groups. This patch adds a generic search, i.e

[SSSD] [PATCH] add store/search/delete interface for custom sysdb objects

2009-10-19 Thread Sumit Bose
a look at the sysdb_check_handle_* request, too. I think it makes the code more readable and helps to reduce code duplications. bye, Sumit From 1615be0ba99dd996a58d43d2e6000edae9cc272b Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Tue, 6 Oct 2009 09:17:56 +0200 Subject: [PATCH

Re: [SSSD] [PATCHES] Assorted packaging fixes

2009-10-19 Thread Sumit Bose
On Mon, Oct 19, 2009 at 01:09:54PM -0400, Stephen Gallagher wrote: 0001: Use Python 3-compatible sitearch and sitelib 0002: Better detect installed language files. Previously we were including the translation files for both the daemon and clients in the server package. This will separate

Re: [SSSD] [PATCH] Introduce native ipa options

2009-10-19 Thread Sumit Bose
On Fri, Oct 16, 2009 at 07:10:36PM -0400, Simo Sorce wrote: This patch introduces the first set of native ipa options. At the moment a full configuration still requires specifying krb5 specific options. This will be fixed once Sumit provides a patch for the krb5 provider that uses the

[SSSD] [PATCH] New option code for krb5 and ipa auth

2009-10-20 Thread Sumit Bose
options. patch. bye, Sumit From f6051028ad564748d9b8c9886487857f13c96a1d Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Tue, 20 Oct 2009 10:49:40 +0200 Subject: [PATCH 1/3] update krb5 option handling to new option scheme --- server/Makefile.am |1 + server

Re: [SSSD] [PATCH] Add support for offline auth cache timeout

2009-10-20 Thread Sumit Bose
On Tue, Oct 20, 2009 at 11:15:52AM -0400, Stephen Gallagher wrote: On 10/20/2009 10:37 AM, Stephen Gallagher wrote: This patch addresses: https://fedorahosted.org/sssd/ticket/60 This adds a new option to the [PAM] section of the sssd.conf. It can be specified by seconds, minutes,

Re: [SSSD] [PATCH] add store/search/delete interface for custom sysdb objects

2009-10-21 Thread Sumit Bose
On Tue, Oct 20, 2009 at 07:46:02PM -0400, Simo Sorce wrote: On Mon, 2009-10-19 at 16:42 +0200, Sumit Bose wrote: Hi, this patch adds a store/search/delete sysdb API for data not related to users of groups. The data is stored in cn=custom,cn=domain,cn=sysdb. The client must specify

Re: [SSSD] [PATCH] add store/search/delete interface for custom sysdb objects

2009-10-22 Thread Sumit Bose
On Tue, Oct 20, 2009 at 08:48:19PM -0400, Simo Sorce wrote: On Wed, 2009-10-21 at 17:15 +0200, Sumit Bose wrote: On Tue, Oct 20, 2009 at 07:46:02PM -0400, Simo Sorce wrote: On Mon, 2009-10-19 at 16:42 +0200, Sumit Bose wrote: Hi, this patch adds a store/search/delete sysdb API

Re: [SSSD] fix setting schema in ipa provider

2009-10-22 Thread Sumit Bose
On Thu, Oct 22, 2009 at 12:39:57PM -0400, Simo Sorce wrote: one liner -- Simo Sorce * Red Hat, Inc * New York From 86e1b6c35ed196140f25235a3e1a9610133696fc Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Thu, 22 Oct 2009 12:33:14 -0400 Subject: [PATCH] Fix setting the

[SSSD] [PATCH] store original DN with cached group objects if available

2009-10-23 Thread Sumit Bose
Hi, with this patch the original DN of a group object is store in sysdb. This is needed e.g. for IPA HBAC. bye, Sumit From 2466992484ad8d6838471208c5a1c3eb7968eaa5 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Fri, 23 Oct 2009 13:54:28 +0200 Subject: [PATCH] store original DN

Re: [SSSD] [PATCHES] Minor fixes

2009-10-26 Thread Sumit Bose
On Sat, Oct 24, 2009 at 02:07:15PM -0400, Simo Sorce wrote: Shouldn't require comments. Simo. [PATCH] Add IPA conf template, looks ok to me: ACK [PATCH] Copy option overrides, ACK, but please fix the typo in the patch description. Maybe it would be helpful to add a call to dump the current

Re: [SSSD] [PATCH] Fix group enumerations for IPA/AD domains

2009-10-27 Thread Sumit Bose
On Tue, Oct 27, 2009 at 09:23:54AM -0400, Simo Sorce wrote: On Sat, 2009-10-24 at 14:08 -0400, Simo Sorce wrote: With this patch we correctly parse groups. A 2 pass approach for setting members assures even complicated nested groups do not risk to miss memberships Rebased on top of Sumit

Re: [SSSD] [PATCH] added a ASQ search API for sysdb

2009-10-27 Thread Sumit Bose
On Tue, Oct 27, 2009 at 10:27:40AM -0400, Simo Sorce wrote: On Mon, 2009-10-26 at 17:43 +0100, Sumit Bose wrote: Hi, this patch adds a sysdb interface for ASQ (attribute scoped query) searches. These are useful to limit searches to objects listed in member/memberof attributes

[SSSD] [PATCH] Allow sysdb_search_entry request to return more than one result

2009-10-28 Thread Sumit Bose
79149782d1dafc59f91fce3fcb305a2d652ecf7e Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Wed, 28 Oct 2009 19:42:06 +0100 Subject: [PATCH] Allow sysdb_search_entry request to return more than one result --- server/db/sysdb.h |3 +- server/db/sysdb_ops.c | 90

Re: [SSSD] [PATCH] Allow sysdb_search_entry request to return more than one result

2009-10-29 Thread Sumit Bose
On Thu, Oct 29, 2009 at 09:15:23AM -0400, Stephen Gallagher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/28/2009 02:55 PM, Sumit Bose wrote: Hi, this patch makes the sysdb_search_entry request more flexible by enableing it to return more than one result. I have modified

Re: [SSSD] [PATCH] Slight change for ipa options

2009-10-29 Thread Sumit Bose
On Wed, Oct 28, 2009 at 05:12:59PM -0400, Simo Sorce wrote: And other changes, see commit message. Simo. -- Simo Sorce * Red Hat, Inc * New York From 1b8814820fad2d6e399af0a5f93713312b64d28d Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Wed, 28 Oct 2009 17:02:45

Re: [SSSD] [PATCH] add sysdb_delete_recursive request to sysdb API

2009-10-29 Thread Sumit Bose
On Thu, Oct 29, 2009 at 01:39:21PM +0100, Sumit Bose wrote: Hi, this patch adds a recursive delete request to the sysdb API. It has the same interface as sysdb_delete_entry, but does not delete the entry, but its children. bye, Sumit This is a new version of the patch which tries

Re: [SSSD] [PATCH] Clean up warnings in dhash tests

2009-10-29 Thread Sumit Bose
On Thu, Oct 29, 2009 at 01:43:06PM -0400, Stephen Gallagher wrote: Original warnings: ../../../common/dhash/dhash_test.c: In function ‘main’: ../../../common/dhash/dhash_test.c:288: warning: declaration of ‘i’ shadows a previous local ../../../common/dhash/dhash_test.c:115: warning:

Re: [SSSD] [PATCH] add sysdb_delete_recursive request to sysdb API

2009-10-29 Thread Sumit Bose
On Thu, Oct 29, 2009 at 09:32:34PM +, Simo Sorce wrote: On Thu, 2009-10-29 at 19:40 +0100, Sumit Bose wrote: On Thu, Oct 29, 2009 at 01:39:21PM +0100, Sumit Bose wrote: Hi, this patch adds a recursive delete request to the sysdb API. It has the same interface

  1   2   3   4   5   6   7   8   9   10   >