[PATCH] Convert read and write operations to sss_atomic_{read|write}
by Jakub Hrozek
Andreas, can you check the src/util/util.c hunk in the first patch? I
think the atomic io functions were taken from libssh that you maintain..
Honza, can you check out if I didn't miss anything in sss_ssh_knownproxy
and if it can in fact use the atomic read?
[PATCH 1/3] sss_atomic_io: Do not fail reads with EPIPE if there is not
enough data to read
The hunk in src/util/util.c would apply when the read buffer is bigger
than the contents of the file we read from. The rest is just unit tests.
[PATCH 2/3] Move atomic io function to a separate module
We'll be using it on various places of the SSSD. The function is in its
own file to allow using just the one piece without having to drag in the
whole util.c module.
There is no functional change in this patch
[PATCH 3/3] Convert read and write operations to sss_atomic_read
https://fedorahosted.org/sssd/ticket/1209
There are two exceptions that were not converted - one is the read in
sss_ssh_knownproxy because sss_ssh_knownproxy uses its own poll logic
that seemed to interfere with what atomic_read_does. The other are read
and write loops in the sss_client. Those use a logic as to how many bytes
are left to read and also handle polling themselves.
11 years, 11 months
[PATCH] Install all docs
by Pavel Březina
I've noticed that hbac_doc and libsss_sudo_doc is created during 'make
docs' but not installed nor cleaned afterwards.
This patch fixes it. It will treat every directory in SSSD_DOCS as a
documentation and automatically (un)install it.
11 years, 11 months
[PATCH] Another code cleanup
by Jan Zelený
After some recent cleanup patches I sent, I'd like to do one more change, this
time a more significant one. I'd like to propose attached patch which will
delete a code path in sdap_async_groups.c which is not exactly dead but it is
unnecessary IMO. I already tried to do some testing with IPA server and nested
groups on it and everything seems to be working as expected.
However since this is not exactly trivial change, I'd like your comments. The
new approach basically utilizes the "nesting" code path even when nesting is
explicitly set to zero.
In the original approach a query is sent to the server for each member of the
original group. A filter objectclass=posixAccount is used to make sure that
groups are not returned from the server. In the new approach the same amount
of queries is sent to the server, the only difference is that server is
returning more results. If necessary I believe this can be optimized by
several simple ifs. Of course in case of deref this can be optimized only to
some degree (lowering the amount of entities we want to ask for, therefore
lowering the possibility that deref will be actually used).
Thank you for any comments
Jan
11 years, 11 months
Kerberos login
by Braden McDaniel
I have set up Kerberos and OpenLDAP on Fedora 16. For the most part,
things seem to be working; I can use "kinit" to get a Kerberos ticket.
But I'm not getting a Kerberos ticket on login; which suggests to me
that Kerberos isn't really being used for login.
In "system-config-authentication", the authentication method is set to
"Kerberos password". Where should I be looking to see what's missing?
--
Braden McDaniel <braden(a)endoframe.com>
11 years, 11 months
RFC: a wiki page with tips for developers
by Jakub Hrozek
Hi,
Some time ago, Stephen mentioned that we might want to create a wiki
page that would contain tips for developers. I think it might be very
useful especially for new contributors. Attached is a draft of the page,
I plan to link it from the "Contribute" page.
Comments are appreciated.
11 years, 11 months
[PATCH] Man page fixes
by Jakub Hrozek
[PATCH 1/2] MAN: timeout can be specified for services, too
The manual page claimed the option only worked for domains
[PATCH 2/2] MAN: document the hostid and autofs providers
They were left out
11 years, 11 months