[SSSD] [sssd PR#1006][-Changes requested] LDAP: Netgroups refresh in background task
URL: https://github.com/SSSD/sssd/pull/1006 Title: #1006: LDAP: Netgroups refresh in background task Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#1006][+Accepted] LDAP: Netgroups refresh in background task
URL: https://github.com/SSSD/sssd/pull/1006 Title: #1006: LDAP: Netgroups refresh in background task Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#1007][comment] LDAP: Remove unused sdap_refresh code
URL: https://github.com/SSSD/sssd/pull/1007 Title: #1007: LDAP: Remove unused sdap_refresh code jhrozek commented: """ On Thu, Mar 19, 2020 at 06:17:27AM -0700, Paweł Poławski wrote: > I just need to check one thing - if similar functions for AD and IPA are > unused too. > @jhrozek if those functions will be unused should I remove them in this PR or > make new one? Up to you.. """ See the full comment at https://github.com/SSSD/sssd/pull/1007#issuecomment-601193717 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD]WARNING: MERGED [sssd PR#962][closed] nss: use real primary gid if the value is overriden (sssd-1-16)
*WARNING: this pull request has been merged!* This is only mirrored repo thus any changes will be erased. Please push commit(s) to authoritative repository. URL: https://github.com/SSSD/sssd/pull/962 Author: mzidek-rh Title: #962: nss: use real primary gid if the value is overriden (sssd-1-16) Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/962/head:pr962 git checkout pr962 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#558][comment] WIP: Add a test for sss_nss_getgrouplist_timeout and fix invalidating the initgroups cache
URL: https://github.com/SSSD/sssd/pull/558 Title: #558: WIP: Add a test for sss_nss_getgrouplist_timeout and fix invalidating the initgroups cache jhrozek commented: """ Maybe? I don't plan on working on this, so do whatever you like.. """ See the full comment at https://github.com/SSSD/sssd/pull/558#issuecomment-549329226 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#921][comment] util/server.c: fix handling when error occurs in waitpid()
URL: https://github.com/SSSD/sssd/pull/921 Title: #921: util/server.c: fix handling when error occurs in waitpid() jhrozek commented: """ ok to test """ See the full comment at https://github.com/SSSD/sssd/pull/921#issuecomment-547995771 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#920][comment] Add comment to workaround for libsemanage issue
URL: https://github.com/SSSD/sssd/pull/920 Title: #920: Add comment to workaround for libsemanage issue jhrozek commented: """ add to whitelist """ See the full comment at https://github.com/SSSD/sssd/pull/920#issuecomment-547849552 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#904][comment] KCM: Set kdc_offset to zero initially
URL: https://github.com/SSSD/sssd/pull/904 Title: #904: KCM: Set kdc_offset to zero initially jhrozek commented: """ @frozencemetery Do you have an opinion about this one way or the other? This is related to https://bugzilla.redhat.com/show_bug.cgi?id=1757224 """ See the full comment at https://github.com/SSSD/sssd/pull/904#issuecomment-542875335 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#904][opened] KCM: Set kdc_offset to zero initially
URL: https://github.com/SSSD/sssd/pull/904 Author: jhrozek Title: #904: KCM: Set kdc_offset to zero initially Action: opened PR body: """ Resolves: https://pagure.io/SSSD/sssd/issue/4100 KCM assumed that the client library would always set the KDC offset, but that's not always the case, especially when using multiple krb contexts from the client application: https://bugzilla.redhat.com/show_bug.cgi?id=1757224#c64 Heimdal also creates ccaches with zero kdc_offset: https://github.com/heimdal/heimdal/commit/9f58896af958ae5e6e3ebde8c48dad4eda841986 so we should do the same.. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/904/head:pr904 git checkout pr904 From 8b20ea96054165167e4cf53b5a838b11f590bc32 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 11 Oct 2019 09:20:20 +0200 Subject: [PATCH] KCM: Set kdc_offset to zero initially Resolves: https://pagure.io/SSSD/sssd/issue/4100 KCM assumed that the client library would always set the KDC offset, but that's not always the case, especially when using multiple krb contexts from the client application: https://bugzilla.redhat.com/show_bug.cgi?id=1757224#c64 Heimdal also creates ccaches with zero kdc_offset: https://github.com/heimdal/heimdal/commit/9f58896af958ae5e6e3ebde8c48dad4eda841986 so we should do the same.. --- src/responder/kcm/kcmsrv_ccache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/responder/kcm/kcmsrv_ccache.c b/src/responder/kcm/kcmsrv_ccache.c index e24da9aa25..66e2752ba7 100644 --- a/src/responder/kcm/kcmsrv_ccache.c +++ b/src/responder/kcm/kcmsrv_ccache.c @@ -82,7 +82,7 @@ errno_t kcm_cc_new(TALLOC_CTX *mem_ctx, cc->owner.uid = cli_creds_get_uid(owner); cc->owner.gid = cli_creds_get_gid(owner); -cc->kdc_offset = INT32_MAX; +cc->kdc_offset = 0; talloc_set_destructor(cc, kcm_cc_destructor); *_cc = cc; ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#896][opened] KCM: Fix typo in allocation check
URL: https://github.com/SSSD/sssd/pull/896 Author: jhrozek Title: #896: KCM: Fix typo in allocation check Action: opened PR body: """ Spotted by adelton """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/896/head:pr896 git checkout pr896 From 5297836583eae6aa800b86ba51e80433a864d4e5 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 30 Sep 2019 21:03:50 +0200 Subject: [PATCH] KCM: Fix typo in allocation check --- src/responder/kcm/kcmsrv_ccache_secdb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/responder/kcm/kcmsrv_ccache_secdb.c b/src/responder/kcm/kcmsrv_ccache_secdb.c index b79a033f2c..ed1c8247fe 100644 --- a/src/responder/kcm/kcmsrv_ccache_secdb.c +++ b/src/responder/kcm/kcmsrv_ccache_secdb.c @@ -560,7 +560,7 @@ static errno_t ccdb_secdb_init(struct kcm_ccdb *db, kcm_section_quota[0] = talloc_zero(kcm_section_quota, struct sss_sec_hive_config); -if (kcm_section_quota == NULL) { +if (kcm_section_quota[0] == NULL) { talloc_free(secdb); return ENOMEM; } ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#546][comment] TESTS: Re-add tests for `kdestroy -A`
URL: https://github.com/SSSD/sssd/pull/546 Title: #546: TESTS: Re-add tests for `kdestroy -A` jhrozek commented: """ Alexey, I don't know if Debian already picked up the fixed libkrb5. If not, I think it would be nice to add this as a separate test and mark it as xfail or similar. """ See the full comment at https://github.com/SSSD/sssd/pull/546#issuecomment-532818809 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#885][comment] Fix option type for ldap_group_type
URL: https://github.com/SSSD/sssd/pull/885 Title: #885: Fix option type for ldap_group_type jhrozek commented: """ ok to test """ See the full comment at https://github.com/SSSD/sssd/pull/885#issuecomment-532818264 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#878][comment] backport the background refresh patches to sssd-1-16
URL: https://github.com/SSSD/sssd/pull/878 Title: #878: backport the background refresh patches to sssd-1-16 jhrozek commented: """ Yes? But I only tried on my local F-30 system """ See the full comment at https://github.com/SSSD/sssd/pull/878#issuecomment-528766626 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#558][synchronized] WIP: Add a test for sss_nss_getgrouplist_timeout and fix invalidating the initgroups cache
URL: https://github.com/SSSD/sssd/pull/558 Author: jhrozek Title: #558: WIP: Add a test for sss_nss_getgrouplist_timeout and fix invalidating the initgroups cache Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/558/head:pr558 git checkout pr558 From 09c3b270e6efa56cb943db09160e40172c2fb11a Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 24 Apr 2018 16:31:38 +0200 Subject: [PATCH 1/2] NSS: Fix deleting named entries from the initgroup memory cache --- src/responder/nss/nss_cmd.c| 8 ++-- src/responder/nss/nss_get_object.c | 17 +++-- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c index dae1759103..b669866d3e 100644 --- a/src/responder/nss/nss_cmd.c +++ b/src/responder/nss/nss_cmd.c @@ -493,12 +493,16 @@ static errno_t invalidate_cache(struct nss_cmd_ctx *cmd_ctx, return ret; } -memcache_delete_entry(cmd_ctx->nss_ctx, cmd_ctx->nss_ctx->rctx, NULL, - output_name, 0, memcache_type); if (memcache_type == SSS_MC_INITGROUPS) { +memcache_delete_entry(cmd_ctx->nss_ctx, cmd_ctx->nss_ctx->rctx, NULL, + result->lookup_name, 0, memcache_type); + /* Invalidate the passwd data as well */ memcache_delete_entry(cmd_ctx->nss_ctx, cmd_ctx->nss_ctx->rctx, result->domain, output_name, 0, SSS_MC_PASSWD); +} else { +memcache_delete_entry(cmd_ctx->nss_ctx, cmd_ctx->nss_ctx->rctx, NULL, + output_name, 0, memcache_type); } talloc_free(output_name); diff --git a/src/responder/nss/nss_get_object.c b/src/responder/nss/nss_get_object.c index 2ef34c564c..2f231df8b5 100644 --- a/src/responder/nss/nss_get_object.c +++ b/src/responder/nss/nss_get_object.c @@ -109,12 +109,17 @@ memcache_delete_entry(struct nss_ctx *nss_ctx, } if (name != NULL) { -ret = sized_output_name(NULL, rctx, name, dom, &sized_name); -if (ret != EOK) { -DEBUG(SSSDBG_OP_FAILURE, - "Unable to create sized name [%d]: %s\n", - ret, sss_strerror(ret)); -return ret; +if (type == SSS_MC_INITGROUPS) { +sized_name = talloc_zero(NULL, struct sized_string); +to_sized_string(sized_name, name); +} else { +ret = sized_output_name(NULL, rctx, name, dom, &sized_name); +if (ret != EOK) { +DEBUG(SSSDBG_OP_FAILURE, +"Unable to create sized name [%d]: %s\n", +ret, sss_strerror(ret)); +return ret; +} } ret = memcache_delete_entry_by_name(nss_ctx, sized_name, type); From 0e7f363b8dff7b99c9bcfbcf469243199c61b4a8 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 23 Apr 2018 21:33:49 +0200 Subject: [PATCH 2/2] TESTS: Add tests for the sss_nss_getgrouplist_timeout function --- src/tests/intg/Makefile.am| 2 + src/tests/intg/sssd_nss_ex.py | 86 +++ src/tests/intg/test_nss_ex.py | 261 ++ 3 files changed, 349 insertions(+) create mode 100644 src/tests/intg/sssd_nss_ex.py create mode 100644 src/tests/intg/test_nss_ex.py diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am index f60751a444..223f8642a2 100644 --- a/src/tests/intg/Makefile.am +++ b/src/tests/intg/Makefile.am @@ -3,6 +3,7 @@ dist_noinst_DATA = \ config.py.m4 \ util.py \ sssd_nss.py \ +sssd_nss_ex.py \ sssd_id.py \ sssd_ldb.py \ sssd_netgroup.py \ @@ -40,6 +41,7 @@ dist_noinst_DATA = \ test_ssh_pubkey.py \ test_pam_responder.py \ test_sudo.py \ +test_nss_ex.py \ $(NULL) EXTRA_DIST = data/cwrap-dbus-system.conf.in diff --git a/src/tests/intg/sssd_nss_ex.py b/src/tests/intg/sssd_nss_ex.py new file mode 100644 index 00..381f3cae34 --- /dev/null +++ b/src/tests/intg/sssd_nss_ex.py @@ -0,0 +1,86 @@ +# +# Shared module for integration tests that need to access the sssd_nss_ex +# interface directly +# +# Copyright (c) 2018 Red Hat, Inc. +# +# This is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +im
[SSSD] [sssd PR#558][comment] WIP: Add a test for sss_nss_getgrouplist_timeout and fix invalidating the initgroups cache
URL: https://github.com/SSSD/sssd/pull/558 Title: #558: WIP: Add a test for sss_nss_getgrouplist_timeout and fix invalidating the initgroups cache jhrozek commented: """ Rebased per @pbrezina 's request """ See the full comment at https://github.com/SSSD/sssd/pull/558#issuecomment-528062310 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#693][comment] SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything
URL: https://github.com/SSSD/sssd/pull/693 Title: #693: SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything jhrozek commented: """ Rebased per @pbrezina 's request """ See the full comment at https://github.com/SSSD/sssd/pull/693#issuecomment-528059811 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#693][synchronized] SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything
URL: https://github.com/SSSD/sssd/pull/693 Author: jhrozek Title: #693: SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/693/head:pr693 git checkout pr693 From 679f9b326f5d3dde0df8f9363bbbfa4f0cf1308b Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 7 Nov 2018 13:26:59 +0100 Subject: [PATCH] SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything --- src/db/sysdb_search.c | 14 ++ 1 file changed, 14 insertions(+) diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index a71c43112e..f059f99408 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -1293,6 +1293,7 @@ int sysdb_getgrgid_attrs(TALLOC_CTX *mem_ctx, const char *fmt_filter; struct ldb_dn *base_dn; struct ldb_result *res = NULL; +struct ldb_result *mpg_res = NULL; int ret; static const char *default_attrs[] = SYSDB_GRSRC_ATTRS; const char **attrs = NULL; @@ -1321,6 +1322,10 @@ int sysdb_getgrgid_attrs(TALLOC_CTX *mem_ctx, * In case those are not the same, we're dealing with an * override and in order to return the proper overridden group * we must use the very same search used by a non-mpg domain + * to make sure that if the GID points to a group, it will + * be resolved. But we must also make sure to fall back + * to using the MPG result if the GID does not resolve + * to a group */ fmt_filter = SYSDB_GRGID_MPG_FILTER; base_dn = sysdb_domain_dn(tmp_ctx, domain); @@ -1343,6 +1348,7 @@ int sysdb_getgrgid_attrs(TALLOC_CTX *mem_ctx, if (ul_originalad_gid != 0 && ul_originalad_gid != ul_gid) { fmt_filter = SYSDB_GRGID_FILTER; base_dn = sysdb_group_base_dn(tmp_ctx, domain); +mpg_res = res; res = NULL; } } @@ -1367,6 +1373,14 @@ int sysdb_getgrgid_attrs(TALLOC_CTX *mem_ctx, } } +if (mpg_res != NULL && mpg_res->count > 0 +&& (res == NULL || res->count == 0)) { +/* The overriden group does not resolve to a proper group object, + * just use it as a result + */ +res = mpg_res; +} + ret = mpg_res_convert(res); if (ret) { goto done; ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#876][synchronized] KCM: Fill in pre-created ccache instead of creating a new one in kcm_initialize
URL: https://github.com/SSSD/sssd/pull/876 Author: jhrozek Title: #876: KCM: Fill in pre-created ccache instead of creating a new one in kcm_initialize Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/876/head:pr876 git checkout pr876 From 6bc8fe7ec17fe7081cae46a4fb0ca35087453de1 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 27 Aug 2019 14:27:21 +0200 Subject: [PATCH 1/3] KCM: Add a forgotten return --- src/responder/kcm/kcmsrv_ops.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c index 1160c93f91..d8a7b03c5f 100644 --- a/src/responder/kcm/kcmsrv_ops.c +++ b/src/responder/kcm/kcmsrv_ops.c @@ -1685,6 +1685,7 @@ static void kcm_op_set_default_ccache_getbyname_done(struct tevent_req *subreq) DEBUG(SSSDBG_TRACE_LIBS, "The ccache does not exist, creating a new one\n"); kcm_op_set_default_create_step(req); +return; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Cannot get ccache by name [%d]: %s\n", From c51120482a7d09ec28f70a97e4f36574d79e542d Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 28 Aug 2019 14:22:49 +0200 Subject: [PATCH 2/3] KCM: Allow modifications of ccache's principal Related: https://pagure.io/SSSD/sssd/issue/4017 This patch will be useful to fix credential delegation. --- src/responder/kcm/kcmsrv_ccache.c | 37 +-- src/responder/kcm/kcmsrv_ccache.h | 5 +-- src/responder/kcm/kcmsrv_ccache_mem.c | 8 - src/responder/kcm/kcmsrv_ccache_secdb.c | 8 - src/responder/kcm/kcmsrv_ccache_secrets.c | 9 +- src/responder/kcm/kcmsrv_ops.c| 4 +-- 6 files changed, 60 insertions(+), 11 deletions(-) diff --git a/src/responder/kcm/kcmsrv_ccache.c b/src/responder/kcm/kcmsrv_ccache.c index 085cc4464c..e24da9aa25 100644 --- a/src/responder/kcm/kcmsrv_ccache.c +++ b/src/responder/kcm/kcmsrv_ccache.c @@ -1089,25 +1089,56 @@ errno_t kcm_ccdb_create_cc_recv(struct tevent_req *req) return EOK; } -void kcm_mod_ctx_clear(struct kcm_mod_ctx *mod_ctx) +static void kcm_mod_ctx_clear(struct kcm_mod_ctx *mod_ctx) { if (mod_ctx == NULL) { return; } mod_ctx->kdc_offset = INT32_MAX; +if (mod_ctx->client != NULL) { +krb5_free_principal(NULL, mod_ctx->client); +mod_ctx->client = NULL; +} + +return; +} + +struct kcm_mod_ctx *kcm_mod_ctx_new(TALLOC_CTX *mem_ctx) +{ +struct kcm_mod_ctx *mod_ctx; + +mod_ctx = talloc_zero(mem_ctx, struct kcm_mod_ctx); +if (mod_ctx == NULL) { +return NULL; +} + +kcm_mod_ctx_clear(mod_ctx); +return mod_ctx; } -void kcm_mod_cc(struct kcm_ccache *cc, struct kcm_mod_ctx *mod_ctx) +errno_t kcm_mod_cc(struct kcm_ccache *cc, struct kcm_mod_ctx *mod_ctx) { if (cc == NULL || mod_ctx == NULL) { -return; +return EINVAL; } if (mod_ctx->kdc_offset != INT32_MAX) { cc->kdc_offset = mod_ctx->kdc_offset; } +if (mod_ctx->client != NULL) { +krb5_error_code kret; + +kret = krb5_copy_principal(NULL, mod_ctx->client, &cc->client); +if (kret != 0) { +DEBUG(SSSDBG_OP_FAILURE, +"krb5_copy_principal failed: %d\n", kret); +return ERR_INTERNAL; +} +} + +return EOK; } struct kcm_ccdb_mod_cc_state { diff --git a/src/responder/kcm/kcmsrv_ccache.h b/src/responder/kcm/kcmsrv_ccache.h index 199b75b16c..220220ca97 100644 --- a/src/responder/kcm/kcmsrv_ccache.h +++ b/src/responder/kcm/kcmsrv_ccache.h @@ -257,13 +257,14 @@ errno_t kcm_ccdb_create_cc_recv(struct tevent_req *req); */ struct kcm_mod_ctx { int32_t kdc_offset; +krb5_principal client; /* More settable properties (like name, when we support renames * will be added later */ }; -void kcm_mod_ctx_clear(struct kcm_mod_ctx *mod_ctx); -void kcm_mod_cc(struct kcm_ccache *cc, struct kcm_mod_ctx *mod_ctx); +struct kcm_mod_ctx *kcm_mod_ctx_new(TALLOC_CTX *mem_ctx); +errno_t kcm_mod_cc(struct kcm_ccache *cc, struct kcm_mod_ctx *mod_ctx); struct tevent_req *kcm_ccdb_mod_cc_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, diff --git a/src/responder/kcm/kcmsrv_ccache_mem.c b/src/responder/kcm/kcmsrv_ccache_mem.c index 35955b2f4a..18c3878ad4 100644 --- a/src/responder/kcm/kcmsrv_ccache_mem.c +++ b/src/responder/kcm/kcmsrv_ccache_mem.c @@ -676,7 +676,13 @@ static struct tevent_req *ccdb_mem_mod_send(TALLOC_CTX *mem_ctx, goto immediate; } -kcm_mod_cc(ccwrap->cc, mod_cc); +ret = kcm_mod_cc(ccwrap->cc, mod_cc); +if (ret != EOK) { +DEBUG(SSSDBG_OP_FAILURE, + "Cannot modify ccache [%d]: %s\n", + ret, sss_strerror(ret)); +
[SSSD] [sssd PR#876][comment] KCM: Fill in pre-created ccache instead of creating a new one in kcm_initialize
URL: https://github.com/SSSD/sssd/pull/876 Title: #876: KCM: Fill in pre-created ccache instead of creating a new one in kcm_initialize jhrozek commented: """ So, the initialize() command receives the principal. We could iterate over the ccaches for this client and check if there is already one for the same principal and if yes, remove it unconditionally or if it contains a ticket that expires sooner than the one being initialized. The only cache is that this would require N lookups for N caches. OTOH, initialize is not so frequent operation (unlike all the gets and such and typically only happens after some network operation, so the cache lookups might be OK. """ See the full comment at https://github.com/SSSD/sssd/pull/876#issuecomment-525735374 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#876][comment] KCM: Fill in pre-created ccache instead of creating a new one in kcm_initialize
URL: https://github.com/SSSD/sssd/pull/876 Title: #876: KCM: Fill in pre-created ccache instead of creating a new one in kcm_initialize jhrozek commented: """ btw this PR fixes the most glaring issue but maybe the whole problem needs more work. What this doesn't take into account is that if there is already an existing cache for a principal, but then openssh fills in the new one. In this case, the old one stays in the cache. Currently we always switch to the new one. We should also take into account the cases described by the reporter in https://pagure.io/SSSD/sssd/issue/4017 -- e.g. if there is already a ccache for the principal being initialized, we might switch to the new one by default, or only if the new one has longer-lived credentials than the old one. At any rate, we should reap the old TGTs..but I guess this PR has some value on its own as well. """ See the full comment at https://github.com/SSSD/sssd/pull/876#issuecomment-525734063 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#876][opened] KCM: Fill in pre-created ccache instead of creating a new one in kcm_initialize
URL: https://github.com/SSSD/sssd/pull/876 Author: jhrozek Title: #876: KCM: Fill in pre-created ccache instead of creating a new one in kcm_initialize Action: opened PR body: """ This is a continuation of https://pagure.io/SSSD/sssd/issue/3873 Some programs like openssh use the following sequence of calls: cc = krb5_cc_new_unique krb5_cc_switch(cc) krb5_cc_initialize(cc, principal) Since switch changes the default ccache, we create a 'dummy' ccache with krb5_cc_switch() and then the initialize call just fills in the details. The 'fills in the details' part was not properly implemented with the previous patchset, the previous patchset worked only for password-based authentication where nothing is cached initially. For delegation, we watch to make sure that the credentials that are being delegated are filled in to the new ccache and the new ccache is used as the default. What initialize did previously was that if there was a default ccache already (in this case the dummy one created with krb5_cc_switch()), it would treat it as obsolete, create a new one and switch to it. Then the client (openssh) would store the credential in a ccache that wouldn't be the default anymore, leaving the default ccache empty. Afterwards, klist or similar would see that the default ccache is empty and just pick the first non-empty one as a fallback, which would often be one of the previous expired ones. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/876/head:pr876 git checkout pr876 From 6bc8fe7ec17fe7081cae46a4fb0ca35087453de1 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 27 Aug 2019 14:27:21 +0200 Subject: [PATCH 1/3] KCM: Add a forgotten return --- src/responder/kcm/kcmsrv_ops.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c index 1160c93f91..d8a7b03c5f 100644 --- a/src/responder/kcm/kcmsrv_ops.c +++ b/src/responder/kcm/kcmsrv_ops.c @@ -1685,6 +1685,7 @@ static void kcm_op_set_default_ccache_getbyname_done(struct tevent_req *subreq) DEBUG(SSSDBG_TRACE_LIBS, "The ccache does not exist, creating a new one\n"); kcm_op_set_default_create_step(req); +return; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Cannot get ccache by name [%d]: %s\n", From c51120482a7d09ec28f70a97e4f36574d79e542d Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 28 Aug 2019 14:22:49 +0200 Subject: [PATCH 2/3] KCM: Allow modifications of ccache's principal Related: https://pagure.io/SSSD/sssd/issue/4017 This patch will be useful to fix credential delegation. --- src/responder/kcm/kcmsrv_ccache.c | 37 +-- src/responder/kcm/kcmsrv_ccache.h | 5 +-- src/responder/kcm/kcmsrv_ccache_mem.c | 8 - src/responder/kcm/kcmsrv_ccache_secdb.c | 8 - src/responder/kcm/kcmsrv_ccache_secrets.c | 9 +- src/responder/kcm/kcmsrv_ops.c| 4 +-- 6 files changed, 60 insertions(+), 11 deletions(-) diff --git a/src/responder/kcm/kcmsrv_ccache.c b/src/responder/kcm/kcmsrv_ccache.c index 085cc4464c..e24da9aa25 100644 --- a/src/responder/kcm/kcmsrv_ccache.c +++ b/src/responder/kcm/kcmsrv_ccache.c @@ -1089,25 +1089,56 @@ errno_t kcm_ccdb_create_cc_recv(struct tevent_req *req) return EOK; } -void kcm_mod_ctx_clear(struct kcm_mod_ctx *mod_ctx) +static void kcm_mod_ctx_clear(struct kcm_mod_ctx *mod_ctx) { if (mod_ctx == NULL) { return; } mod_ctx->kdc_offset = INT32_MAX; +if (mod_ctx->client != NULL) { +krb5_free_principal(NULL, mod_ctx->client); +mod_ctx->client = NULL; +} + +return; +} + +struct kcm_mod_ctx *kcm_mod_ctx_new(TALLOC_CTX *mem_ctx) +{ +struct kcm_mod_ctx *mod_ctx; + +mod_ctx = talloc_zero(mem_ctx, struct kcm_mod_ctx); +if (mod_ctx == NULL) { +return NULL; +} + +kcm_mod_ctx_clear(mod_ctx); +return mod_ctx; } -void kcm_mod_cc(struct kcm_ccache *cc, struct kcm_mod_ctx *mod_ctx) +errno_t kcm_mod_cc(struct kcm_ccache *cc, struct kcm_mod_ctx *mod_ctx) { if (cc == NULL || mod_ctx == NULL) { -return; +return EINVAL; } if (mod_ctx->kdc_offset != INT32_MAX) { cc->kdc_offset = mod_ctx->kdc_offset; } +if (mod_ctx->client != NULL) { +krb5_error_code kret; + +kret = krb5_copy_principal(NULL, mod_ctx->client, &cc->client); +if (kret != 0) { +DEBUG(SSSDBG_OP_FAILURE, +"krb5_copy_principal failed: %d\n", kret); +return ERR_INTERNAL; +} +} + +return EOK; } struct kcm_ccdb_mod_cc_state { diff --git a/src/responder/kcm/kcmsrv_ccache.h b/src/responder/kcm/kcmsrv_ccache.h index 199b75b16c..220220ca97 100644 --- a/src/respon
[SSSD] [sssd PR#866][comment] autofs: do not enumerate when only single entry is requested
URL: https://github.com/SSSD/sssd/pull/866 Title: #866: autofs: do not enumerate when only single entry is requested jhrozek commented: """ @pbrezina do you think this patchset is backportable to sssd-1-16 at all? """ See the full comment at https://github.com/SSSD/sssd/pull/866#issuecomment-523820577 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#845][+Pushed] MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8
URL: https://github.com/SSSD/sssd/pull/845 Title: #845: MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8 Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#865][opened] KCM: Use int32_t type conversion in DEBUG message for int32_t variable
URL: https://github.com/SSSD/sssd/pull/865 Author: jhrozek Title: #865: KCM: Use int32_t type conversion in DEBUG message for int32_t variable Action: opened PR body: """ The KDC offset is stored as int32_t, but a DEBUG message in KCM was using an uint32_t. This lead to confusion as it appeared that the offset does not work. Resolves: https://pagure.io/SSSD/sssd/issue/4063 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/865/head:pr865 git checkout pr865 From dbedac8366a95d959bba912edf7ec61ff604f07a Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 14 Aug 2019 20:59:54 +0200 Subject: [PATCH] KCM: Use int32_t type conversion in DEBUG message for int32_t variable The KDC offset is stored as int32_t, but a DEBUG message in KCM was using an uint32_t. This lead to confusion as it appeared that the offset does not work. Resolves: https://pagure.io/SSSD/sssd/issue/4063 --- src/responder/kcm/kcmsrv_ops.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c index 1160c93f91..96c3384f08 100644 --- a/src/responder/kcm/kcmsrv_ops.c +++ b/src/responder/kcm/kcmsrv_ops.c @@ -1888,7 +1888,7 @@ static void kcm_op_get_kdc_offset_getbyname_done(struct tevent_req *subreq) } offset = kcm_cc_get_offset(cc); -DEBUG(SSSDBG_TRACE_LIBS, "KDC offset: %"PRIu32"\n", offset); +DEBUG(SSSDBG_TRACE_LIBS, "KDC offset: %"PRIi32"\n", offset); offset_be = htobe32(offset); ret = sss_iobuf_write_int32(state->op_ctx->reply, offset_be); ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#857][comment] Don't qualify users from files domain when default_domain_suffix is set
URL: https://github.com/SSSD/sssd/pull/857 Title: #857: Don't qualify users from files domain when default_domain_suffix is set jhrozek commented: """ * master: 41da9ddfd084024ba9ca20b6d3c0b531c0473231 """ See the full comment at https://github.com/SSSD/sssd/pull/857#issuecomment-521220284 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#857][closed] Don't qualify users from files domain when default_domain_suffix is set
URL: https://github.com/SSSD/sssd/pull/857 Author: jhrozek Title: #857: Don't qualify users from files domain when default_domain_suffix is set Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/857/head:pr857 git checkout pr857 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#862][+Pushed] pam: fix loop in Smartcard authentication
URL: https://github.com/SSSD/sssd/pull/862 Title: #862: pam: fix loop in Smartcard authentication Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#862][closed] pam: fix loop in Smartcard authentication
URL: https://github.com/SSSD/sssd/pull/862 Author: sumit-bose Title: #862: pam: fix loop in Smartcard authentication Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/862/head:pr862 git checkout pr862 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#862][comment] pam: fix loop in Smartcard authentication
URL: https://github.com/SSSD/sssd/pull/862 Title: #862: pam: fix loop in Smartcard authentication jhrozek commented: """ * master: 5574de0f87e72d85547add9a48f9ac0def27f47d """ See the full comment at https://github.com/SSSD/sssd/pull/862#issuecomment-521220028 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#862][+Accepted] pam: fix loop in Smartcard authentication
URL: https://github.com/SSSD/sssd/pull/862 Title: #862: pam: fix loop in Smartcard authentication Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#862][comment] pam: fix loop in Smartcard authentication
URL: https://github.com/SSSD/sssd/pull/862 Title: #862: pam: fix loop in Smartcard authentication jhrozek commented: """ ACK, thank you """ See the full comment at https://github.com/SSSD/sssd/pull/862#issuecomment-521219414 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#824][comment] CONFDB: Files domain if activated without .conf
URL: https://github.com/SSSD/sssd/pull/824 Title: #824: CONFDB: Files domain if activated without .conf jhrozek commented: """ retest this please """ See the full comment at https://github.com/SSSD/sssd/pull/824#issuecomment-521162256 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#863][comment] ci: add Debian 10
URL: https://github.com/SSSD/sssd/pull/863 Title: #863: ci: add Debian 10 jhrozek commented: """ Hi @pbrezina I would prefer if @alexey-tikhonov could check the valgrind errors, because he was already looking into them. Honestly they seem a bit too much like a black check :-) maybe Alexey would know how to make them more specific to the location of the error. Anyway, great job. One step closer to retiring the old CI :-) """ See the full comment at https://github.com/SSSD/sssd/pull/863#issuecomment-519933107 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#857][comment] Don't qualify users from files domain when default_domain_suffix is set
URL: https://github.com/SSSD/sssd/pull/857 Title: #857: Don't qualify users from files domain when default_domain_suffix is set jhrozek commented: """ Thanks @mzidek-rh for the review. How about now? """ See the full comment at https://github.com/SSSD/sssd/pull/857#issuecomment-519664632 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#857][-Changes requested] Don't qualify users from files domain when default_domain_suffix is set
URL: https://github.com/SSSD/sssd/pull/857 Title: #857: Don't qualify users from files domain when default_domain_suffix is set Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#857][synchronized] Don't qualify users from files domain when default_domain_suffix is set
URL: https://github.com/SSSD/sssd/pull/857 Author: jhrozek Title: #857: Don't qualify users from files domain when default_domain_suffix is set Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/857/head:pr857 git checkout pr857 From e6f976bf3654d7936e0b5e591857cede758c0c95 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 2 Aug 2019 12:07:51 +0200 Subject: [PATCH] Don't qualify users from files domain when default_domain_suffix is set Resolves: https://pagure.io/SSSD/sssd/issue/4052 The files domain should always be non-qualified. The usual rules like qualification of all domains except the one set with default_domain_suffix should not apply. --- src/confdb/confdb.c | 7 -- src/man/sssd.conf.5.xml | 8 ++- src/tests/intg/test_files_provider.py | 31 +++ 3 files changed, 43 insertions(+), 3 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index f6fdbc3aa8..be65310dcc 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1049,7 +1049,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, /* Determine if user/group names will be Fully Qualified * in NSS interfaces */ -if (default_domain != NULL) { +if (default_domain != NULL + && is_files_provider(domain) == false) { DEBUG(SSSDBG_CONF_SETTINGS, "Default domain suffix set. Changing default for " "use_fully_qualified_names to True.\n"); @@ -1064,7 +1065,9 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } -if (default_domain != NULL && domain->fqnames == false) { +if (default_domain != NULL +&& domain->fqnames == false +&& is_files_provider(domain) == false) { DEBUG(SSSDBG_FATAL_FAILURE, "Invalid configuration detected (default_domain_suffix is used " "while use_fully_qualified_names was set to false).\n"); diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 304a6a170c..c810123572 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -412,7 +412,13 @@ to log in. Setting this option changes default of use_fully_qualified_names to True. It is not allowed to use this option together with -use_fully_qualified_names set to False. +use_fully_qualified_names set to False. One +exception from this rule are domains with +id_provider=files that always try +to match the behaviour of nss_files +and therefore their output is not +qualified even when the default_domain_suffix +option is used. Default: not set diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py index 784bfa91f7..9f3aad9949 100644 --- a/src/tests/intg/test_files_provider.py +++ b/src/tests/intg/test_files_provider.py @@ -310,6 +310,22 @@ def domain_resolution_order(request): return None +@pytest.fixture +def default_domain_suffix(request): +conf = unindent("""\ +[sssd] +domains = files +services= nss +default_domain_suffix = foo + +[domain/files] +id_provider = files +""").format(**locals()) +create_conf_fixture(request, conf) +create_sssd_fixture(request) +return None + + @pytest.fixture def override_homedir_and_shell(request): conf = unindent("""\ @@ -1206,6 +1222,21 @@ def test_files_with_domain_resolution_order(add_user_with_canary, check_user(USER1) +def test_files_with_default_domain_suffix(add_user_with_canary, + default_domain_suffix): +""" +Test that when using domain_resolution_order the user won't be using +its fully-qualified name. +""" +ret = poll_canary(call_sssd_getpwuid, CANARY["uid"]) +if ret is False: +return NssReturnCode.NOTFOUND, None + +res, found_user = call_sssd_getpwuid(USER1["uid"]) +assert res == NssReturnCode.SUCCESS +assert found_user == USER1 + + def test_files_with_override_homedir(add_user_with_canary, override_homedir_and_shell): res, user = sssd_getpwnam_sync(USER1["name"]) ___ sssd-devel mailing list --
[SSSD] [sssd PR#861][opened] IPA: Allow paging when fetching external groups
URL: https://github.com/SSSD/sssd/pull/861 Author: jhrozek Title: #861: IPA: Allow paging when fetching external groups Action: opened PR body: """ For some reason (I guess a mistake during refactoring..) the LDAP search request that fetches the external groups does not enable the paging control. This means that the number of external groups that SSSD can fetch is limited to 2000. Resolves: https://pagure.io/SSSD/sssd/issue/4058 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/861/head:pr861 git checkout pr861 From 479c53d27f5b7cf09a171df74796949fd39c2cfd Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 5 Jul 2019 10:09:15 +0200 Subject: [PATCH] IPA: Allow paging when fetching external groups For some reason (I guess a mistake during refactoring..) the LDAP search request that fetches the external groups does not enable the paging control. This means that the number of external groups that SSSD can fetch is limited to 2000. Resolves: https://pagure.io/SSSD/sssd/issue/4058 --- src/providers/ipa/ipa_subdomains_ext_groups.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/ipa/ipa_subdomains_ext_groups.c b/src/providers/ipa/ipa_subdomains_ext_groups.c index bcf2d930e4..480c4ee9a3 100644 --- a/src/providers/ipa/ipa_subdomains_ext_groups.c +++ b/src/providers/ipa/ipa_subdomains_ext_groups.c @@ -541,7 +541,7 @@ static void ipa_get_ad_memberships_connect_done(struct tevent_req *subreq) subreq = sdap_search_bases_send(state, state->ev, state->sdap_id_ctx->opts, sdap_id_op_handle(state->sdap_op), state->sdap_id_ctx->opts->sdom->group_search_bases, -NULL, false, +NULL, true, dp_opt_get_int(state->sdap_id_ctx->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), IPA_EXT_GROUPS_FILTER, ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#837][comment] p11_child: make OCSP digest configurable
URL: https://github.com/SSSD/sssd/pull/837 Title: #837: p11_child: make OCSP digest configurable jhrozek commented: """ * master: * ad9dd137e2f8ad46cfb921fb7bf137fb3442692e * a97ec73e04b6347bb6aa9794f5ea9f4ca3424801 * ba01db0dcd43ef1b2079d9cc209534d45a3e938d """ See the full comment at https://github.com/SSSD/sssd/pull/837#issuecomment-519239898 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#837][+Pushed] p11_child: make OCSP digest configurable
URL: https://github.com/SSSD/sssd/pull/837 Title: #837: p11_child: make OCSP digest configurable Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#837][closed] p11_child: make OCSP digest configurable
URL: https://github.com/SSSD/sssd/pull/837 Author: sumit-bose Title: #837: p11_child: make OCSP digest configurable Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/837/head:pr837 git checkout pr837 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#705][closed] KCM: Add configurable quotas
URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#705][+Pushed] KCM: Add configurable quotas
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#705][comment] KCM: Add configurable quotas
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas jhrozek commented: """ * master: * 247aa48004ceb2efba42e917cebecc0ab74dc207 * f024b5e46b62ad49f0099ed8db8155e7ea475639 * f00db73d7bbf312e3e2a772b8b10895d5460b989 * 940002ca21abde53ad81df622d1f4dd3b5e8e014 * f74b97860ec7c66df01ed2b719d29a138c958081 * 84eca2e812f8a8684a35b4cd0c262660930e0d40 * ca02a20c16a1249a8fcecad31e915bf64df77cc9 """ See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-519226953 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#824][comment] CONFDB: Files domain if activated without .conf
URL: https://github.com/SSSD/sssd/pull/824 Title: #824: CONFDB: Files domain if activated without .conf jhrozek commented: """ retest this please """ See the full comment at https://github.com/SSSD/sssd/pull/824#issuecomment-519099537 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#859][+Accepted] Make sure child log files have the right permissions
URL: https://github.com/SSSD/sssd/pull/859 Title: #859: Make sure child log files have the right permissions Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#837][+Accepted] p11_child: make OCSP digest configurable
URL: https://github.com/SSSD/sssd/pull/837 Title: #837: p11_child: make OCSP digest configurable Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#857][opened] Don't qualify users from files domain when default_domain_suffix is set
URL: https://github.com/SSSD/sssd/pull/857 Author: jhrozek Title: #857: Don't qualify users from files domain when default_domain_suffix is set Action: opened PR body: """ Resolves: https://pagure.io/SSSD/sssd/issue/4052 The files domain should always be non-qualified. The usual rules like qualification of all domains except the one set with default_domain_suffix should not apply. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/857/head:pr857 git checkout pr857 From 728966cc32015f43bf22e22febdc85a6aa5fbc8e Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 2 Aug 2019 12:07:51 +0200 Subject: [PATCH] Don't qualify users from files domain when default_domain_suffix is set Resolves: https://pagure.io/SSSD/sssd/issue/4052 The files domain should always be non-qualified. The usual rules like qualification of all domains except the one set with default_domain_suffix should not apply. --- src/confdb/confdb.c | 7 -- src/tests/intg/test_files_provider.py | 31 +++ 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index f6fdbc3aa8..be65310dcc 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1049,7 +1049,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, /* Determine if user/group names will be Fully Qualified * in NSS interfaces */ -if (default_domain != NULL) { +if (default_domain != NULL + && is_files_provider(domain) == false) { DEBUG(SSSDBG_CONF_SETTINGS, "Default domain suffix set. Changing default for " "use_fully_qualified_names to True.\n"); @@ -1064,7 +1065,9 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } -if (default_domain != NULL && domain->fqnames == false) { +if (default_domain != NULL +&& domain->fqnames == false +&& is_files_provider(domain) == false) { DEBUG(SSSDBG_FATAL_FAILURE, "Invalid configuration detected (default_domain_suffix is used " "while use_fully_qualified_names was set to false).\n"); diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py index 784bfa91f7..9f3aad9949 100644 --- a/src/tests/intg/test_files_provider.py +++ b/src/tests/intg/test_files_provider.py @@ -310,6 +310,22 @@ def domain_resolution_order(request): return None +@pytest.fixture +def default_domain_suffix(request): +conf = unindent("""\ +[sssd] +domains = files +services= nss +default_domain_suffix = foo + +[domain/files] +id_provider = files +""").format(**locals()) +create_conf_fixture(request, conf) +create_sssd_fixture(request) +return None + + @pytest.fixture def override_homedir_and_shell(request): conf = unindent("""\ @@ -1206,6 +1222,21 @@ def test_files_with_domain_resolution_order(add_user_with_canary, check_user(USER1) +def test_files_with_default_domain_suffix(add_user_with_canary, + default_domain_suffix): +""" +Test that when using domain_resolution_order the user won't be using +its fully-qualified name. +""" +ret = poll_canary(call_sssd_getpwuid, CANARY["uid"]) +if ret is False: +return NssReturnCode.NOTFOUND, None + +res, found_user = call_sssd_getpwuid(USER1["uid"]) +assert res == NssReturnCode.SUCCESS +assert found_user == USER1 + + def test_files_with_override_homedir(add_user_with_canary, override_homedir_and_shell): res, user = sssd_getpwnam_sync(USER1["name"]) ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#636][+Pushed] failover: tune up default timeouts
URL: https://github.com/SSSD/sssd/pull/636 Title: #636: failover: tune up default timeouts Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#636][closed] failover: tune up default timeouts
URL: https://github.com/SSSD/sssd/pull/636 Author: pbrezina Title: #636: failover: tune up default timeouts Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/636/head:pr636 git checkout pr636 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#636][comment] failover: tune up default timeouts
URL: https://github.com/SSSD/sssd/pull/636 Title: #636: failover: tune up default timeouts jhrozek commented: """ * master: * 049f3906b9ef2041b5e1df666bd570379ae60718 * e97ff0adb62c89cfc7e75858b7e592e0303720b0 * 99e2a107f01c625cb59cb88589db87294176d6c6 * 3807de1d97fc87cf7c25af264a8b1bbabdef54e2 * 7b4635c8428917ced63954f2c3c70491b45d7870 """ See the full comment at https://github.com/SSSD/sssd/pull/636#issuecomment-516998725 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#847][comment] systemd: add Restart=on-failure to sssd.service
URL: https://github.com/SSSD/sssd/pull/847 Title: #847: systemd: add Restart=on-failure to sssd.service jhrozek commented: """ * master: b1ea33eca64a0429513fcfe2ba7402ff56889b46 """ See the full comment at https://github.com/SSSD/sssd/pull/847#issuecomment-516996775 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#847][closed] systemd: add Restart=on-failure to sssd.service
URL: https://github.com/SSSD/sssd/pull/847 Author: pbrezina Title: #847: systemd: add Restart=on-failure to sssd.service Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/847/head:pr847 git checkout pr847 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#847][+Pushed] systemd: add Restart=on-failure to sssd.service
URL: https://github.com/SSSD/sssd/pull/847 Title: #847: systemd: add Restart=on-failure to sssd.service Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#853][+Pushed] DYNDNS: dyndns_update is not enough
URL: https://github.com/SSSD/sssd/pull/853 Title: #853: DYNDNS: dyndns_update is not enough Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#853][comment] DYNDNS: dyndns_update is not enough
URL: https://github.com/SSSD/sssd/pull/853 Title: #853: DYNDNS: dyndns_update is not enough jhrozek commented: """ * master: * f2c69a67ad0cd9d4db94aa66e46ede0cb0790480 * 1c7521898f1cb13607c536977029561f89573c7c * 5b235bbdbea355923e4f2aeb745c8e514b423984 """ See the full comment at https://github.com/SSSD/sssd/pull/853#issuecomment-516996063 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#853][closed] DYNDNS: dyndns_update is not enough
URL: https://github.com/SSSD/sssd/pull/853 Author: thalman Title: #853: DYNDNS: dyndns_update is not enough Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/853/head:pr853 git checkout pr853 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#855][+Pushed] nss: Fix command 'endservent' resetting wrong struct member
URL: https://github.com/SSSD/sssd/pull/855 Title: #855: nss: Fix command 'endservent' resetting wrong struct member Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#855][comment] nss: Fix command 'endservent' resetting wrong struct member
URL: https://github.com/SSSD/sssd/pull/855 Title: #855: nss: Fix command 'endservent' resetting wrong struct member jhrozek commented: """ * sssd-1-16: 9673ca8 * master: 06479a1 """ See the full comment at https://github.com/SSSD/sssd/pull/855#issuecomment-516995456 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#855][closed] nss: Fix command 'endservent' resetting wrong struct member
URL: https://github.com/SSSD/sssd/pull/855 Author: scabrero Title: #855: nss: Fix command 'endservent' resetting wrong struct member Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/855/head:pr855 git checkout pr855 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#636][+Accepted] failover: tune up default timeouts
URL: https://github.com/SSSD/sssd/pull/636 Title: #636: failover: tune up default timeouts Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#636][comment] failover: tune up default timeouts
URL: https://github.com/SSSD/sssd/pull/636 Title: #636: failover: tune up default timeouts jhrozek commented: """ F-30 failed CI and there are no logs. But I don't see anything OS-specific in the patches and at the same time all my concerns were addressed. Thank you. ACK. """ See the full comment at https://github.com/SSSD/sssd/pull/636#issuecomment-516866347 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#837][comment] p11_child: make OCSP digest configurable
URL: https://github.com/SSSD/sssd/pull/837 Title: #837: p11_child: make OCSP digest configurable jhrozek commented: """ OK, I tried also different values of the `ocsp_dgst` option and at least I see that the revoked cert is still revoked..and invalid value seems to fall back to the default which seems OK. So I only left two small nitpicks. Feel free to fix them or not if you feel like they are too nitpicky. """ See the full comment at https://github.com/SSSD/sssd/pull/837#issuecomment-516861998 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#837][comment] p11_child: make OCSP digest configurable
URL: https://github.com/SSSD/sssd/pull/837 Title: #837: p11_child: make OCSP digest configurable jhrozek commented: """ Sorry it took me almost four weeks to test the PR. I think OSCP in general works fine. With a valid certificate I was getting: ``` (Wed Jul 31 15:34:44 2019) [[sssd[p11_child[23202 [do_card] (0x4000): Found [tuser] in slot [Yubico YubiKey OTP+FIDO+CCID 00 00][0] of module [1][/usr/lib64/pkcs11/opensc-pkcs11.so]. (Wed Jul 31 15:34:44 2019) [[sssd[p11_child[23202 [do_card] (0x4000): Login required. (Wed Jul 31 15:34:44 2019) [[sssd[p11_child[23202 [read_certs] (0x4000): found cert[Certificate for PIV Authentication][/C=SE/ST=Sweden/O=SSSD Intermediate/CN=tuser/emailAddress=tu...@ipa.test] (Wed Jul 31 15:34:44 2019) [[sssd[p11_child[23202 [do_ocsp] (0x4000): Using OCSP URL [http://localhost:]. (Wed Jul 31 15:34:44 2019) [[sssd[p11_child[23202 [do_ocsp] (0x4000): Nonce in OCSP response is the same as the one used in the request. (Wed Jul 31 15:34:44 2019) [[sssd[p11_child[23202 [do_ocsp] (0x4000): OCSP check was successful. (Wed Jul 31 15:34:44 2019) [[sssd[p11_child[23202 [do_card] (0x4000): /usr/lib64/pkcs11/opensc-pkcs11.so /usr/lib64/pkcs11/opensc-pkcs11.so tuser tuser 01 01. ``` With a revoked certificate I get: ``` (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [do_card] (0x4000): Found [tuser] in slot [Yubico YubiKey OTP+FIDO+CCID 00 00][0] of module [1][/usr/lib64/pkcs11/opensc-pkcs11.so]. (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [do_card] (0x4000): Login NOT required. (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [read_certs] (0x4000): found cert[Certificate for PIV Authentication][/C=SE/ST=Sweden/O=SSSD Intermediate/CN=tuser/emailAddress=tu...@ipa.test] (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [do_ocsp] (0x4000): Using OCSP URL [http://localhost:]. (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [do_ocsp] (0x4000): Nonce in OCSP response is the same as the one used in the request. (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [do_ocsp] (0x0020): OCSP check failed with [1][revoked]. (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [do_ocsp] (0x0020): Certificate is revoked [-1][(UNKNOWN)]. (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [do_verification] (0x0040): do_ocsp failed. (Wed Jul 31 15:36:25 2019) [[sssd[p11_child[23274 [read_certs] (0x0040): Certificate [Certificate for PIV Authentication][/C=SE/ST=Sweden/O=SSSD Intermediate/CN=tuser/emailAddress=tu...@ipa.test] not valid, skipping ``` This was with an openssl ocsp and: ``` certificate_verification=ocsp_default_responder=http://localhost: ``` """ See the full comment at https://github.com/SSSD/sssd/pull/837#issuecomment-516857056 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#851][comment] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Title: #851: Update __init__.py.in jhrozek commented: """ I don't know if it's easy or possible but wouldn't it be better to amend the config API to internally synthetize the provider values, but does not write them to the config file? Otherwise I'm sure we will forget when another provider is added.. """ See the full comment at https://github.com/SSSD/sssd/pull/851#issuecomment-516767396 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#841][+Changes requested] DEBUG: Add debug to display ldapsearch requests
URL: https://github.com/SSSD/sssd/pull/841 Title: #841: DEBUG: Add debug to display ldapsearch requests Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#841][comment] DEBUG: Add debug to display ldapsearch requests
URL: https://github.com/SSSD/sssd/pull/841 Title: #841: DEBUG: Add debug to display ldapsearch requests jhrozek commented: """ The code looks OK. I haven't tried it, but looks simple enough. But most importantly, it is not enough to resolve the issue, I think. What the original reporter asked for was a way to filter only these messages. And we can either add a special debug level, but wouldn't it be even better to add systemtap messages? See commits like d46d59e78600aa72176df7217c94743b7e71881a 1182dd93a5a6bb18943284273f7fd59b83468843 and f199c749197532fd3380fa6f5d9f7a579879c21a to see how we added some generic instrumentation to the DP.. """ See the full comment at https://github.com/SSSD/sssd/pull/841#issuecomment-516766392 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#847][comment] systemd: add Restart=on-failure to sssd.service
URL: https://github.com/SSSD/sssd/pull/847 Title: #847: systemd: add Restart=on-failure to sssd.service jhrozek commented: """ ACK, tested by sending SIGV to the main sssd process, systemd spawned another one. """ See the full comment at https://github.com/SSSD/sssd/pull/847#issuecomment-516762769 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#847][+Accepted] systemd: add Restart=on-failure to sssd.service
URL: https://github.com/SSSD/sssd/pull/847 Title: #847: systemd: add Restart=on-failure to sssd.service Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#705][comment] KCM: Add configurable quotas
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas jhrozek commented: """ Now some pep8 errors found by CI were fixed. """ See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-516752179 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#705][synchronized] KCM: Add configurable quotas
URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705 From 7584b16dd738a982595519354d24417a66a86810 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 5 Oct 2018 13:17:14 +0200 Subject: [PATCH 1/7] MAN: Get rid of sssd-secrets reference Related: https://pagure.io/SSSD/sssd/issue/3685 There were some stray references to the secrets responder in the sssd-kcm manual page. --- src/man/sssd-kcm.8.xml | 8 +++- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml index fff8b0a16d..90b9ad09c2 100644 --- a/src/man/sssd-kcm.8.xml +++ b/src/man/sssd-kcm.8.xml @@ -58,11 +58,9 @@ -the SSSD implementation stores the ccaches in the SSSD - -sssd-secrets5 - -secrets store, allowing the ccaches to survive KCM server restarts or machine reboots. +the SSSD implementation stores the ccaches in a database, +typically located at /var/lib/sss/secrets +allowing the ccaches to survive KCM server restarts or machine reboots. From db7863552729e39fe180304783f5750473b9f565 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 30 Nov 2018 13:15:58 +0100 Subject: [PATCH 2/7] MAN: Document that it is enough to systemctl restart sssd-kcm.service lately Related: https://pagure.io/SSSD/sssd/issue/3862 We forgot to amend the man page after implementing the sssd-kcm service reload. --- src/man/sssd-kcm.8.xml | 17 +++-- 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml index 90b9ad09c2..4e4aaa38ea 100644 --- a/src/man/sssd-kcm.8.xml +++ b/src/man/sssd-kcm.8.xml @@ -162,12 +162,17 @@ systemctl restart sssd-kcm.service CONFIGURATION OPTIONS The KCM service is configured in the kcm -section of the sssd.conf file. Please note that currently, -is it not sufficient to restart the sssd-kcm service, because -the sssd configuration is only parsed and read to an internal -configuration database by the sssd service. Therefore you -must restart the sssd service if you change anything in the -kcm section of sssd.conf. +section of the sssd.conf file. Please note that because +the KCM service is typically socket-activated, it is +enough to just restart the sssd-kcm service +after changing options in the kcm section +of sssd.conf: + +systemctl restart sssd-kcm.service + + + +The KCM service is configured in the kcm For a detailed syntax reference, refer to the FILE FORMAT section of the sssd.conf From c08eeb1e1320b197532a777042a3917825f99b40 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 26 Nov 2018 13:44:08 +0100 Subject: [PATCH 3/7] SECRETS: Use different option names from secrets and KCM for quota options Related: https://pagure.io/SSSD/sssd/issue/3386 With the separate secrets responder, the quotas for the /secrets and /kcm hives were configurable in a sub-section of the [secrets] sssd.conf section using the same option -- the /secrets vs. /kcm distinction was made using the subsection name. With the standalone KCM responder writing directly to the database, it makes sense to have options with more descriptive names better suitable for the KCM usage. For that we need the options for secrets quotas and kcm quotas to be named differently. For now, the patch only passes the option name to sss_sec_get_quota() and sss_sec_get_hive_config() together with the default value in an instance of a new structure sss_sec_quota_opt. The secrets responder still uses the same option names for backwards compatibility. --- src/responder/secrets/secsrv.c | 70 ++ src/util/secrets/config.c | 40 +-- src/util/secrets/secrets.h | 21 ++ 3 files changed, 88 insertions(+), 43 deletions(-) diff --git a/src/responder/secrets/secsrv.c b/src/responder/secrets/secsrv.c index 2de93dedc5..e783e231d3 100644 --- a/src/responder/secrets/secsrv.c +++ b/src/responder/secrets/secsrv.c @@ -47,6 +47,39 @@ static void adjust_global_quota(struct sec_ctx *sctx, static int sec_get_config(struct sec_ctx *sctx) { int ret; +struct sss_sec_quota_opt dfl_sec_nest_level = { +.opt_name = CONFDB_SEC_CONTAINERS_NEST_LEVEL, +.default_value = DEFAULT_SEC_CONTAINERS_NEST_LEVEL
[SSSD] [sssd PR#855][+Accepted] nss: Fix command 'endservent' resetting wrong struct member
URL: https://github.com/SSSD/sssd/pull/855 Title: #855: nss: Fix command 'endservent' resetting wrong struct member Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#853][comment] DYNDNS: dyndns_update is not enough
URL: https://github.com/SSSD/sssd/pull/853 Title: #853: DYNDNS: dyndns_update is not enough jhrozek commented: """ @pbrezina this seems like code you would like to review? """ See the full comment at https://github.com/SSSD/sssd/pull/853#issuecomment-516358977 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#705][-Changes requested] KCM: Add configurable quotas
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#851][comment] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Title: #851: Update __init__.py.in jhrozek commented: """ I thought @pbrezina might? """ See the full comment at https://github.com/SSSD/sssd/pull/851#issuecomment-516357806 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#636][comment] failover: tune up default timeouts
URL: https://github.com/SSSD/sssd/pull/636 Title: #636: failover: tune up default timeouts jhrozek commented: """ I'm sorry, but now the tests don't work: ``` In file included from /var/lib/jenkins/workspace/ci/label/rhel7/src/providers/fail_over_srv.h:27:0, from /var/lib/jenkins/workspace/ci/label/rhel7/src/tests/cmocka/test_fo_srv.c:33: /var/lib/jenkins/workspace/ci/label/rhel7/src/resolv/async_resolv.h:54:5: note: previous declaration of 'resolv_init' was here int resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx, ``` """ See the full comment at https://github.com/SSSD/sssd/pull/636#issuecomment-516357561 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#705][comment] KCM: Add configurable quotas
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas jhrozek commented: """ @mzidek-rh please try now, there was some conflict between the tests, so I just removed the secrets db with the quota tests. (Only the patch with the tests was modified) """ See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-516355581 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#705][synchronized] KCM: Add configurable quotas
URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705 From 7584b16dd738a982595519354d24417a66a86810 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 5 Oct 2018 13:17:14 +0200 Subject: [PATCH 1/7] MAN: Get rid of sssd-secrets reference Related: https://pagure.io/SSSD/sssd/issue/3685 There were some stray references to the secrets responder in the sssd-kcm manual page. --- src/man/sssd-kcm.8.xml | 8 +++- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml index fff8b0a16d..90b9ad09c2 100644 --- a/src/man/sssd-kcm.8.xml +++ b/src/man/sssd-kcm.8.xml @@ -58,11 +58,9 @@ -the SSSD implementation stores the ccaches in the SSSD - -sssd-secrets5 - -secrets store, allowing the ccaches to survive KCM server restarts or machine reboots. +the SSSD implementation stores the ccaches in a database, +typically located at /var/lib/sss/secrets +allowing the ccaches to survive KCM server restarts or machine reboots. From db7863552729e39fe180304783f5750473b9f565 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 30 Nov 2018 13:15:58 +0100 Subject: [PATCH 2/7] MAN: Document that it is enough to systemctl restart sssd-kcm.service lately Related: https://pagure.io/SSSD/sssd/issue/3862 We forgot to amend the man page after implementing the sssd-kcm service reload. --- src/man/sssd-kcm.8.xml | 17 +++-- 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/man/sssd-kcm.8.xml b/src/man/sssd-kcm.8.xml index 90b9ad09c2..4e4aaa38ea 100644 --- a/src/man/sssd-kcm.8.xml +++ b/src/man/sssd-kcm.8.xml @@ -162,12 +162,17 @@ systemctl restart sssd-kcm.service CONFIGURATION OPTIONS The KCM service is configured in the kcm -section of the sssd.conf file. Please note that currently, -is it not sufficient to restart the sssd-kcm service, because -the sssd configuration is only parsed and read to an internal -configuration database by the sssd service. Therefore you -must restart the sssd service if you change anything in the -kcm section of sssd.conf. +section of the sssd.conf file. Please note that because +the KCM service is typically socket-activated, it is +enough to just restart the sssd-kcm service +after changing options in the kcm section +of sssd.conf: + +systemctl restart sssd-kcm.service + + + +The KCM service is configured in the kcm For a detailed syntax reference, refer to the FILE FORMAT section of the sssd.conf From c08eeb1e1320b197532a777042a3917825f99b40 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 26 Nov 2018 13:44:08 +0100 Subject: [PATCH 3/7] SECRETS: Use different option names from secrets and KCM for quota options Related: https://pagure.io/SSSD/sssd/issue/3386 With the separate secrets responder, the quotas for the /secrets and /kcm hives were configurable in a sub-section of the [secrets] sssd.conf section using the same option -- the /secrets vs. /kcm distinction was made using the subsection name. With the standalone KCM responder writing directly to the database, it makes sense to have options with more descriptive names better suitable for the KCM usage. For that we need the options for secrets quotas and kcm quotas to be named differently. For now, the patch only passes the option name to sss_sec_get_quota() and sss_sec_get_hive_config() together with the default value in an instance of a new structure sss_sec_quota_opt. The secrets responder still uses the same option names for backwards compatibility. --- src/responder/secrets/secsrv.c | 70 ++ src/util/secrets/config.c | 40 +-- src/util/secrets/secrets.h | 21 ++ 3 files changed, 88 insertions(+), 43 deletions(-) diff --git a/src/responder/secrets/secsrv.c b/src/responder/secrets/secsrv.c index 2de93dedc5..e783e231d3 100644 --- a/src/responder/secrets/secsrv.c +++ b/src/responder/secrets/secsrv.c @@ -47,6 +47,39 @@ static void adjust_global_quota(struct sec_ctx *sctx, static int sec_get_config(struct sec_ctx *sctx) { int ret; +struct sss_sec_quota_opt dfl_sec_nest_level = { +.opt_name = CONFDB_SEC_CONTAINERS_NEST_LEVEL, +.default_value = DEFAULT_SEC_CONTAINERS_NEST_LEVEL
[SSSD] [sssd PR#705][+Changes requested] KCM: Add configurable quotas
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#705][comment] KCM: Add configurable quotas
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas jhrozek commented: """ I can see the tests failing now, too.. Setting Changes requested so I can take a look.. """ See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-515969272 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#855][comment] nss: Fix command 'endservent' resetting wrong struct member
URL: https://github.com/SSSD/sssd/pull/855 Title: #855: nss: Fix command 'endservent' resetting wrong struct member jhrozek commented: """ ok to test """ See the full comment at https://github.com/SSSD/sssd/pull/855#issuecomment-515186167 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#854][comment] LDAP: Do not require START_TLS for loopback connections
URL: https://github.com/SSSD/sssd/pull/854 Title: #854: LDAP: Do not require START_TLS for loopback connections jhrozek commented: """ @simo5 this is one of the things I don't dare to include in the project without your blessing :-) So me and @scabrero talked about this over e-mail initially. There are some people who would like to run an LDAP server on ldap://localhost. While we both agreed that supporting ldapi:// might be a better way, what do you think allowing non-encrypted auth towards localhost? I was thinking about someone listening to the traffic on the localhost, but then you need either root or at least CAP_NET_RAW/CAP_NET_ADMIN.. """ See the full comment at https://github.com/SSSD/sssd/pull/854#issuecomment-514751512 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#854][comment] LDAP: Do not require START_TLS for loopback connections
URL: https://github.com/SSSD/sssd/pull/854 Title: #854: LDAP: Do not require START_TLS for loopback connections jhrozek commented: """ ok to test """ See the full comment at https://github.com/SSSD/sssd/pull/854#issuecomment-514748771 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#851][comment] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Title: #851: Update __init__.py.in jhrozek commented: """ Oh and about the centos CI triggers. I added both Alexey and Tomas to the centos CI whitelist so that the "OK to test" magic phrase would work for them. Honestly I thought everyone was added to the whitelist a long time ago.. """ See the full comment at https://github.com/SSSD/sssd/pull/851#issuecomment-513904659 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#851][comment] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Title: #851: Update __init__.py.in jhrozek commented: """ @alexey-tikhonov all the CI engines are green now. Unless you have more comments, would you mind adding the Accepted label so that we can push the PR? """ See the full comment at https://github.com/SSSD/sssd/pull/851#issuecomment-513904165 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#824][comment] CONFDB: Files domain if activated without .conf
URL: https://github.com/SSSD/sssd/pull/824 Title: #824: CONFDB: Files domain if activated without .conf jhrozek commented: """ @thalman can you re-push the PR so that the internal CI also gets triggered? """ See the full comment at https://github.com/SSSD/sssd/pull/824#issuecomment-513903766 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#824][comment] CONFDB: Files domain if activated without .conf
URL: https://github.com/SSSD/sssd/pull/824 Title: #824: CONFDB: Files domain if activated without .conf jhrozek commented: """ @alexey-tikhonov do you also plan on reviewing this PR? """ See the full comment at https://github.com/SSSD/sssd/pull/824#issuecomment-513903655 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#825][+Pushed] CONFDB: Files domain if activated without .conf
URL: https://github.com/SSSD/sssd/pull/825 Title: #825: CONFDB: Files domain if activated without .conf Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#825][closed] CONFDB: Files domain if activated without .conf
URL: https://github.com/SSSD/sssd/pull/825 Author: thalman Title: #825: CONFDB: Files domain if activated without .conf Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/825/head:pr825 git checkout pr825 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#825][comment] CONFDB: Files domain if activated without .conf
URL: https://github.com/SSSD/sssd/pull/825 Title: #825: CONFDB: Files domain if activated without .conf jhrozek commented: """ Ah, sorry, there is already PR#824. So I can close this one. """ See the full comment at https://github.com/SSSD/sssd/pull/825#issuecomment-513903219 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#843][closed] p11_child: prefer better digest function if card supports it
URL: https://github.com/SSSD/sssd/pull/843 Author: sumit-bose Title: #843: p11_child: prefer better digest function if card supports it Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/843/head:pr843 git checkout pr843 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#843][comment] p11_child: prefer better digest function if card supports it
URL: https://github.com/SSSD/sssd/pull/843 Title: #843: p11_child: prefer better digest function if card supports it jhrozek commented: """ * master: * 60748f69d9e21cf4cfd0655a0d7b81a715e9ae04 * 7f0a8f5060b28dc35e152d7290b583de99361d80 """ See the full comment at https://github.com/SSSD/sssd/pull/843#issuecomment-513902548 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#825][comment] CONFDB: Files domain if activated without .conf
URL: https://github.com/SSSD/sssd/pull/825 Title: #825: CONFDB: Files domain if activated without .conf jhrozek commented: """ * master: * 31e08f300ff9c19e87ee9b230d8d9a5970c7dcdb * 15cc1e404f1725d05cb6a285abba70853ae89ad1 """ See the full comment at https://github.com/SSSD/sssd/pull/825#issuecomment-513901664 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#825][comment] CONFDB: Files domain if activated without .conf
URL: https://github.com/SSSD/sssd/pull/825 Title: #825: CONFDB: Files domain if activated without .conf jhrozek commented: """ Looks like the patches don't apply cleanly atop sssd-1-16. @thalman would you like to open a separate backport PR? """ See the full comment at https://github.com/SSSD/sssd/pull/825#issuecomment-513901841 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#852][+Pushed] tests/cmocka/test_dyndns.c: Switching to tevent_loop_wait()
URL: https://github.com/SSSD/sssd/pull/852 Title: #852: tests/cmocka/test_dyndns.c: Switching to tevent_loop_wait() Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#852][closed] tests/cmocka/test_dyndns.c: Switching to tevent_loop_wait()
URL: https://github.com/SSSD/sssd/pull/852 Author: alexal Title: #852: tests/cmocka/test_dyndns.c: Switching to tevent_loop_wait() Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/852/head:pr852 git checkout pr852 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#852][comment] tests/cmocka/test_dyndns.c: Switching to tevent_loop_wait()
URL: https://github.com/SSSD/sssd/pull/852 Title: #852: tests/cmocka/test_dyndns.c: Switching to tevent_loop_wait() jhrozek commented: """ * master: ff8284e222f2c03e6ff72d6b03390db79e0511cd Thank you very much for the contribution """ See the full comment at https://github.com/SSSD/sssd/pull/852#issuecomment-513900579 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#852][comment] tests/cmocka/test_dyndns.c: Switching to tevent_loop_wait()
URL: https://github.com/SSSD/sssd/pull/852 Title: #852: tests/cmocka/test_dyndns.c: Switching to tevent_loop_wait() jhrozek commented: """ ok to test """ See the full comment at https://github.com/SSSD/sssd/pull/852#issuecomment-513710114 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#796][comment] ci: enable sssd-ci for 1-16 branch
URL: https://github.com/SSSD/sssd/pull/796 Title: #796: ci: enable sssd-ci for 1-16 branch jhrozek commented: """ * sssd-1-16: * 85dab318ce0ea745722a89a761d60bb33b102f6f * 8003e324912741c3083147180d7ee5fb0827eb0a * f988c870b2a8daa049896da1c8cd462b0ca173b4 * 23ad178aa90e964fdf51b798e384958225398cf2 """ See the full comment at https://github.com/SSSD/sssd/pull/796#issuecomment-511865344 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#796][closed] ci: enable sssd-ci for 1-16 branch
URL: https://github.com/SSSD/sssd/pull/796 Author: pbrezina Title: #796: ci: enable sssd-ci for 1-16 branch Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/796/head:pr796 git checkout pr796 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#796][+Pushed] ci: enable sssd-ci for 1-16 branch
URL: https://github.com/SSSD/sssd/pull/796 Title: #796: ci: enable sssd-ci for 1-16 branch Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org