[Freeipa-devel] [PATCH 0074] Make token window sizes configurable
thierry bordaz
tbordaz at redhat.com
Fri Nov 7 17:50:02 UTC 2014
On 11/07/2014 05:40 PM, Nathaniel McCallum wrote:
> On Fri, 2014-11-07 at 15:02 +0100, thierry bordaz wrote:
>> On 11/04/2014 05:17 PM, Nathaniel McCallum wrote:
>>
>>> On Wed, 2014-10-29 at 09:34 -0400, Nathaniel McCallum wrote:
>>>> On Wed, 2014-10-29 at 12:21 +0100, Petr Viktorin wrote:
>>>>> On 10/29/2014 10:37 AM, Martin Kosek wrote:
>>>>>> On 10/28/2014 09:59 PM, Nathaniel McCallum wrote:
>>>>>>> On Thu, 2014-10-23 at 18:07 -0400, Nathaniel McCallum wrote:
>>>>>>>> This patch gives the administrator variables to control the size of
>>>>>>>> the authentication and synchronization windows for OTP tokens.
>>>>>>>>
>>>>>>>> https://fedorahosted.org/freeipa/ticket/4511
>>>>>>>>
>>>>>>>> NOTE: There is one known issue with this patch which I don't know how to
>>>>>>>> solve. This patch changes the schema in install/share/60ipaconfig.ldif.
>>>>>>>> On an upgrade, all of the new attributeTypes appear correctly. However,
>>>>>>>> the modifications to the pre-existing objectClass do not show up on the
>>>>>>>> server. What am I doing wrong?
>>>>>>>>
>>>>>>>> After modifying ipaGuiConfig manually, everything in this patch works
>>>>>>>> just fine.
>>>>>>> This new version takes into account the new (proper) OIDs and attribute
>>>>>>> names.
>>>>>> Thanks Nathaniel!
>>>>>>
>>>>>>> The above known issue still remains.
>>>>>> Petr3, any idea what could have gone wrong? ObjectClass MAY list extension
>>>>>> should work just fine, AFAIK.
>>>>> You added a blank line to the LDIF file. This is an entry separator, so
>>>>> the objectClasses after the blank line don't belong to cn=schema, so
>>>>> they aren't considered in the update.
>>>>> Without the blank line it works fine.
>>>> Thanks for the catch!
>>>>
>>>> Here is a version without the blank line.
>>> I forgot to remove the old steps defines. This patch performs this
>>> cleanup.
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> Hello Nathaniel,
>>
>> Few comments on the review:
>> * in authcfg
>> * in string_to_types, I would prefer you set the
>> last element of 'map' to { NULL, 0 }.
> Why? What I have is perfectly legal ISO C and is exactly the equivalent
> of your code. In a structure initializer, undefined structure elements
> are zero'd.
>
>> * in entry_to_window, you may declare the
>> 'defaults' array as 'static const'
> Fixed.
>
>> * Would use define for
>> "ipaUserAuthType","ipaHOTPAuthWindow",
>> "ipaTOTPAuthWindow",
>> "ipaHOTPSyncWindow","ipaTOTPSyncWindow" that
>> are present multiple times
> Fixed.
>
>> * suffix_to_config: cfg is set (and returned)
>> calling entry_to_config(entry). Now the
>> entry_to_config returns a structure on the
>> stack so it is not valid to access outside of
>> the entry_to_config
> Nope. We are not passing by reference but by copy. This is perfectly
> valid C.
>
>> * authcfg_fini free the configs. config->cfg
>> should have been allocated and must be freed
>> (be care that configs->cfg may contains
>> DEFAULTS)
> Nope. The config->cfg structure is allocated and freed when config is.
> This is assignment by copy not by reference.
>
>> * authcfg_get_auth_types:322 should it return
>> 'gbl' or AUTHCFG_AUTH_TYPE_PASSWORD
> If both the global and per-user auth type is unset, the default is
> AUTHCFG_AUTH_TYPE_PASSWORD. We special case this here so that we don't
> have to special case it everywhere else in the code. The code is correct
> as stands.
>
>> * authcfg_get_auth_window/authcfg_get_sync_window returns a window structure that is on the stack. It is not valid outside of those functions
> Nope. Structure return by copy is perfectly legal ISO C.
Hi Nathaniel,
You are right, I am not use to structure assignment and all these
assignments are valid.
Sorry for the noise. The patch is fine for me.
thanks
theirry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141107/41bc3f80/attachment.htm>
More information about the Freeipa-devel
mailing list