On (21/04/16 12:22), Lukas Slebodnik wrote: >On (15/04/16 16:39), Sumit Bose wrote: >>On Thu, Apr 14, 2016 at 04:30:24PM +0200, Lukas Slebodnik wrote: >> >>... >> >>> >>> >From 62a3c79d7923dceb2c92c1b2d31388afd744a8ac Mon Sep 17 00:00:00 2001 >>> >From: Sumit Bose <sb...@redhat.com> >>> >Date: Wed, 10 Feb 2016 14:59:06 +0100 >>> >Subject: [PATCH 4/8] AD: process PAC during initgroups request >>> > >>> >If there is a recently attached PAC blob in the cached user entry the >>> >PAC data is used to update the group memberships data of the user. If >>> >there is no PAC attached or if it is too old the other configured >>> >methods will be used. >>> >--- >>> > Makefile.am | 20 ++ >>> > src/providers/ad/ad_id.c | 52 ++- >>> > src/providers/ad/ad_pac.c | 666 >>> > ++++++++++++++++++++++++++++++++++++++ >>> > src/providers/ad/ad_pac.h | 82 +++++ >>> > src/providers/ad/ad_pac_common.c | 86 +++++ >>> > src/tests/cmocka/test_ad_common.c | 346 +++++++++++++++++++- >>> > 6 files changed, 1243 insertions(+), 9 deletions(-) >>> > create mode 100644 src/providers/ad/ad_pac.c >>> > create mode 100644 src/providers/ad/ad_pac.h >>> > create mode 100644 src/providers/ad/ad_pac_common.c >>> > >>> I assume (I didn't try to bisect) this patch broke a build >>> with disabled pac responder and missing header file gen_ndr/krb5pac.h >> >>The attached patch should fix it in the sense that already configure >>will fail if the NDR krb5pac library is not available. To proceed in >>this case either --with-samba=no can be used which will basically >>disable the build of the IPA and AD provider and the PAC responder. Or >>on platforms like Debian and S.u.S.E where the different NDR libraries >>are in separate packages the related libndr-krb5pac-devel can be >>installed. >> >>This follows the logic we already use for the NDR NBT library we use to >>parse the CLDAP response in the AD provider. And since the PAC >>processing code is now in the AD provider as well I think NDR krb5pac >>should be handled the same way. >> >>While testing with --with-samba=no I found that some tests cannot be >>build in the case as well. Since they are related to the AD and IPA >>provider which are not build as well the patch just skip them in this >>case. Please let me know if you think that this is not a good idea. Then >>I can try to make the tests still buildable with some #ifdef in the >>code. >> >>Sumit >> > >>From 479a74d45d8e15a34f83d17625db7e6c5417cd41 Mon Sep 17 00:00:00 2001 >>From: Sumit Bose <sb...@redhat.com> >>Date: Fri, 15 Apr 2016 12:41:35 +0200 >>Subject: [PATCH] build: move ndr_krb5pac check to the other Samba checks >> >>--- >> Makefile.am | 7 ++++--- >> src/external/pac_responder.m4 | 14 ++++++-------- >> src/external/samba.m4 | 12 +++++++++++- >> 3 files changed, 21 insertions(+), 12 deletions(-) >> > >ACK > master: * 91d312000e6ded4a93327c137b10c5beda55f65c
LS _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
