[Freeipa-devel] [PATCH 0074] Make token window sizes configurable
thierry bordaz
tbordaz at redhat.com
Fri Nov 7 14:02:00 UTC 2014
On 11/04/2014 05:17 PM, Nathaniel McCallum wrote:
> On Wed, 2014-10-29 at 09:34 -0400, Nathaniel McCallum wrote:
>> On Wed, 2014-10-29 at 12:21 +0100, Petr Viktorin wrote:
>>> On 10/29/2014 10:37 AM, Martin Kosek wrote:
>>>> On 10/28/2014 09:59 PM, Nathaniel McCallum wrote:
>>>>> On Thu, 2014-10-23 at 18:07 -0400, Nathaniel McCallum wrote:
>>>>>> This patch gives the administrator variables to control the size of
>>>>>> the authentication and synchronization windows for OTP tokens.
>>>>>>
>>>>>> https://fedorahosted.org/freeipa/ticket/4511
>>>>>>
>>>>>> NOTE: There is one known issue with this patch which I don't know how to
>>>>>> solve. This patch changes the schema in install/share/60ipaconfig.ldif.
>>>>>> On an upgrade, all of the new attributeTypes appear correctly. However,
>>>>>> the modifications to the pre-existing objectClass do not show up on the
>>>>>> server. What am I doing wrong?
>>>>>>
>>>>>> After modifying ipaGuiConfig manually, everything in this patch works
>>>>>> just fine.
>>>>> This new version takes into account the new (proper) OIDs and attribute
>>>>> names.
>>>> Thanks Nathaniel!
>>>>
>>>>> The above known issue still remains.
>>>> Petr3, any idea what could have gone wrong? ObjectClass MAY list extension
>>>> should work just fine, AFAIK.
>>> You added a blank line to the LDIF file. This is an entry separator, so
>>> the objectClasses after the blank line don't belong to cn=schema, so
>>> they aren't considered in the update.
>>> Without the blank line it works fine.
>> Thanks for the catch!
>>
>> Here is a version without the blank line.
> I forgot to remove the old steps defines. This patch performs this
> cleanup.
>
>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Hello Nathaniel,
Few comments on the review:
* in authcfg
o in string_to_types, I would prefer you set the last element
of 'map' to { NULL, 0 }.
o in entry_to_window, you may declare the 'defaults' array as
'static const'
o Would use define for "ipaUserAuthType","ipaHOTPAuthWindow",
"ipaTOTPAuthWindow", "ipaHOTPSyncWindow","ipaTOTPSyncWindow"
that are present multiple times
o suffix_to_config: cfg is set (and returned) calling
entry_to_config(entry). Now the entry_to_config returns a
structure on the stack so it is not valid to access outside
of the entry_to_config
o authcfg_fini free the configs. config->cfg should have
been allocated and must be freed (be care that configs->cfg
may contains DEFAULTS)
o authcfg_get_auth_types:322 should it return 'gbl' or
AUTHCFG_AUTH_TYPE_PASSWORD
o authcfg_get_auth_window/authcfg_get_sync_window returns a
window structure that is on the stack. It is not valid
outside of those functions
thanks
thierry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141107/514d84ba/attachment.htm>
More information about the Freeipa-devel
mailing list