[PATCH] BUILD: Ignore translations when building RPMs
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
When we're running 'make rpms' for development purposes, the nested
call to 'make distdir' ends up forcing an update of the translation pot
files. With this patch, we'll automatically ignore them during (S)RPM
actions.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlIcwZYACgkQeiVVYja6o6MO0gCcCn9RxJasvLRSpLqg7TaoZWGS
vcIAnjOkMMclWiZ3ITywIfUUjIA9AnfS
=rZ2/
-----END PGP SIGNATURE-----
10 years, 8 months
[PATCHES] KRB5: Add support for KEYRING:persistent
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Patch 0001: Adds a couple debug messages I found useful to figure out
if a bug was in SSSD or libkrb5. Feel free to skip its inclusion if
you feel it's unnecessary (it's at log level 9)
Patch 0002: KRB5: Remove unnecessary call to become_user()
By the time that the create_ccache_in_dir() routine is called, we are
already guaranteed to have dropped privileges. This has either happened
because we dropped them before the exec() in the normal operation case
or because we dropped them explicitly after we completed the TGT
validation step if that or FAST is configured. This code is actually
completely harmless, since it checks internally to see if we've
already dropped privileges before it does so, but it's unnecessary.
Patch 0003: KRB5: Add support for KEYRING cache type
This is the Big One. This adds support for KEYRING types but notes in
sssd-krb5(5) that we only support KEYRING:persistent (this is because
the other keyring types may break if validation or FAST are used).
Other than that, this patch should be reasonably straightforward. I
have tested this code against Simo's preliminary Kerberos patches
along with David Howells' kernel patch for persistent keyrings. We hit
(and fixed) a couple bugs in krb5. This patch should be safe to put
into the upstream master immediately; it does not change any behavior
with the existing FILE or DIR cache types.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlIXq/sACgkQeiVVYja6o6NbpQCgr7VL8rYn4pBM6evONUIFLn5m
fYwAn3vZg2/Bn8R2RsExD7biknyHidvp
=6n94
-----END PGP SIGNATURE-----
10 years, 8 months
[PATCH] PAC: Skip SIDs that cannot be resolved to domain
by Jakub Hrozek
Hi,
attached is a small patch I prepared when testing the PAC responder
patches. In my case, the user was a member of a well-known SID S-1-18-1
which didn't resolve into a domain and all his groups were skipped. I
think we should just skip the offending SID and carry on.
10 years, 8 months
[PATCHES] PAC responder improvements
by Sumit Bose
Hi,
this series of patches contains improvements for the PAC responder
related to the support of UIDs and GIDs managed by AD.
The first patch is a fix for https://fedorahosted.org/sssd/ticket/1996.
The original idea in the ticket was to modify an existing user entry
instead of deleting and recreating it. But since the PAC does not
contain any useful information which would improve the entry I decided to
not touch existing user entries at all and only update the group
memberships.
Please find details about the other patches in the commit messages.
bye,
Sumit
10 years, 8 months
[PATCH] DP: Notify propperly when removing PAC responder
by Ondrej Kos
Hi,
During testing, I noticed, that all responders are logged propperly when
being shut down:
[sssd[be[DOM]]] [be_client_destructor] (0x0400): Removed PAM client
[sssd[be[DOM]]] [be_client_destructor] (0x0400): Removed NSS client
But not PAC:
[sssd[be[DOM]]] [be_client_destructor] (0x0020): Unknown client removed ...
Attached patch adds pac_cli pointer, to fix this behavior.
Ondra
--
Ondrej Kos
Associate Software Engineer
Identity Management - SSSD
Red Hat Czech
10 years, 8 months
[PATCH] pam: Bad debug message format and parameter.
by Michal Židek
Simple patch attached.
Thanks
Michal
PS: We should really push the patches that Lukas wrote to prevent this
kind of errors. It is in thread:
[SSSD] [PATCHES] Enable printf format string checking
With them, we will get warning if do the same mistake in the future.
10 years, 8 months
[PATCHES] Fix warnings generated by static analysers
by Lukas Slebodnik
ehlo,
Patches are attached.
Comment to patch 0001
dp_refresh.h and dp_ptask contain comment "/* solve circular dependency */"
and forward declaration of some structures was after this comment.
But circular dependency was there.
LS
10 years, 8 months