[PATCH] KRB5: Handle ERR_CHPASS_FAILED
by Jakub Hrozek
The Kerberos provider didn't handle ERR_CHPASS_FAILED at all, which
resulted in the default return code (System Error) to be returned if
password change failed for pretty much any reason, including password
too recent etc.
10 years, 5 months
[PATCH] NSS: Print FQDN for groups with mixed domain membership
by Jakub Hrozek
Hi,
The first patch adds a unit test for getgrnam. I wanted to make sure we
don't break anything this close to the 1.11.2 release.
The second patch is a workaround until
https://fedorahosted.org/sssd/ticket/2129 is fixed properly.
Consider a group entry such as:
cn: subgroup@subdom
ghost: someuser
ghost: anotheruser@subdom
Currently in order to print all group members as FQDN (which is the default
for AD provider), the code needs to iterate over the ghost attributes and
parse them into (name,domain) and optionally re-add the domain.
The proper fix would be to store always just the FQDN in the hardcoded
form of user@domain
10 years, 5 months
[PATCH] LDAP: Delete entry by SID if not found
by Jakub Hrozek
Hi,
if an entry is removed from LDAP and searched by SID, the SID lookup
code doesn't handle ENOENT and doesn't remove the stray entry from
cache. The attached patch fixes that.
10 years, 5 months
[PATCH] tests: Use right format string for type size_t
by Lukas Slebodnik
ehlo,
I found few warnings in current master. (I compile with Werror)
src/tests/cmocka/test_utils.c:54:56: warning: format specifies type 'unsigned int' but the
argument has type 'size_t' (aka 'unsigned long') [-Wformat]
dom->name = talloc_asprintf(dom, DOMNAME_TMPL, c);
^
src/tests/cmocka/test_utils.c:57:62: warning: format specifies type 'unsigned int' but the
argument has type 'size_t' (aka 'unsigned long') [-Wformat]
dom->flat_name = talloc_asprintf(dom, FLATNAME_TMPL, c);
^
src/tests/cmocka/test_utils.c:60:57: warning: format specifies type 'unsigned int' but the
argument has type 'size_t' (aka 'unsigned long') [-Wformat]
dom->domain_id = talloc_asprintf(dom, SID_TMPL, c);
^
src/tests/cmocka/test_utils.c:111:69: warning: format specifies type 'unsigned int' but the
argument has type 'size_t' (aka 'unsigned long') [-Wformat]
name = talloc_asprintf(global_talloc_context, DOMNAME_TMPL, c);
^
src/tests/cmocka/test_utils.c:114:75: warning: format specifies type 'unsigned int' but the
argument has type 'size_t' (aka 'unsigned long') [-Wformat]
flat_name = talloc_asprintf(global_talloc_context, FLATNAME_TMPL, c);
^
src/tests/cmocka/test_utils.c:117:64: warning: format specifies type 'unsigned int' but the
argument has type 'size_t' (aka 'unsigned long') [-Wformat]
sid = talloc_asprintf(global_talloc_context, SID_TMPL, c);
^
src/tests/cmocka/test_utils.c:155:69: warning: format specifies type 'unsigned int' but the
argument has type 'size_t' (aka 'unsigned long') [-Wformat]
name = talloc_asprintf(global_talloc_context, DOMNAME_TMPL, c);
^
src/tests/cmocka/test_utils.c:158:75: warning: format specifies type 'unsigned int' but the
argument has type 'size_t' (aka 'unsigned long') [-Wformat]
flat_name = talloc_asprintf(global_talloc_context, FLATNAME_TMPL, c);
^
src/tests/cmocka/test_utils.c:161:64: warning: format specifies type 'unsigned int' but the
argument has type 'size_t' (aka 'unsigned long') [-Wformat]
sid = talloc_asprintf(global_talloc_context, SID_TMPL, c);
Simple patch is attached.
LS
10 years, 5 months
[PATCH] AD: fall back to LDAP if GC is not available.
by Lukas Slebodnik
ehlo,
Global catalog port was ignored from SRV record, hard coded value was used
every time.
1st patch should fix it.
2nd patch add fall back to LDAP if GC is not available.
with this patch SSSD will not go offline if GC is not available,
but it may happen that SSSD will try to connect to GC often.
I am not sure, but we can add new option do disable GC lookup completely.
LS
10 years, 5 months