date:20161123

[SSSD] [sssd PR#75][comment] Add configuirable max payload size limit of a secret

2016-11-23 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/75
Title: #75: Add configuirable max payload size limit of a secret

jhrozek commented:
"""
ACK, I'll push when CI finishes
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/75#issuecomment-262710494
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/39
Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)

jhrozek commented:
"""
(CI pending)
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/39#issuecomment-262709772
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#39][+Accepted] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/39
Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/39
Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)

jhrozek commented:
"""
ack, this version works for me
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/39#issuecomment-262709744
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/39
Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)

celestian commented:
"""
Squashed version pushed.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/39#issuecomment-262694326
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#39][synchronized] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread celestian

   URL: https://github.com/SSSD/sssd/pull/39
Author: celestian
 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/39/head:pr39
git checkout pr39
From 40ecde220e26109b81c9be5676b4c8ef4084de03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= 
Date: Wed, 12 Oct 2016 16:48:38 +0200
Subject: [PATCH] SYSDB: Adding lowercase sudoUser form

If domain is not case sensitive we add lowercase form of usernames
to sudoUser attributes. So we actually able to apply sudoRule on
user Administrator@... with login admnistrator@...

This patch is squashed with

Resolves:
https://fedorahosted.org/sssd/ticket/3203
(cherry picked from commit f4a1046bb88d7a0ab3617e49ae94bfa849d10645)

Squashed with:
SYSDB: Fixing of sudorule without a sudoUser

This patch solved a regression caused by the recent patches
to lowercase sudoUser -- in case sudoUser is missing completely,
we abort the processing of this rule and all others.

With this patch, we return ERR_MALFORMED_ENTRY and gracefully
skip the malformed rule instead.

Resolves:
https://fedorahosted.org/sssd/ticket/3241

Reviewed-by: Jakub Hrozek 
(cherry picked from commit 7e23edbaa7a6bbd0b461d5792535896b6a77928b)
---
 src/db/sysdb_sudo.c| 110 -
 src/db/sysdb_sudo.h|   7 +-
 src/responder/sudo/sudosrv_get_sudorules.c |  15 ++--
 3 files changed, 122 insertions(+), 10 deletions(-)

diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
index 76116ab..de1e8da 100644
--- a/src/db/sysdb_sudo.c
+++ b/src/db/sysdb_sudo.c
@@ -216,9 +216,9 @@ errno_t sysdb_sudo_filter_rules_by_time(TALLOC_CTX *mem_ctx,
 }
 
 errno_t
-sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username,
-  uid_t uid, char **groupnames, unsigned int flags,
-  char **_filter)
+sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, char **aliases,
+  uid_t uid, char **groupnames, bool case_sensitive_domain,
+  unsigned int flags, char **_filter)
 {
 TALLOC_CTX *tmp_ctx = NULL;
 char *filter = NULL;
@@ -258,6 +258,15 @@ sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username,
  SYSDB_SUDO_CACHE_AT_USER,
  sanitized);
 NULL_CHECK(specific_filter, ret, done);
+
+if (case_sensitive_domain == false) {
+for (i = 0; aliases[i] != NULL; i++) {
+specific_filter = talloc_asprintf_append(specific_filter, "(%s=%s)",
+ SYSDB_SUDO_CACHE_AT_USER,
+ aliases[i]);
+NULL_CHECK(specific_filter, ret, done);
+}
+}
 }
 
 if ((flags & SYSDB_SUDO_FILTER_UID) && (uid != 0)) {
@@ -320,6 +329,7 @@ errno_t
 sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx,
  struct sss_domain_info *domain,
  const char *username, uid_t *_uid,
+ char ***_aliases,
  char ***groupnames)
 {
 TALLOC_CTX *tmp_ctx;
@@ -327,15 +337,19 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx,
 struct ldb_message *msg;
 struct ldb_message *group_msg = NULL;
 char **sysdb_groupnames = NULL;
+char **sysdb_aliases = NULL;
 const char *primary_group = NULL;
 struct ldb_message_element *groups;
+struct ldb_message_element *aliases;
 uid_t uid = 0;
 gid_t gid = 0;
 size_t num_groups = 0;
+size_t num_aliases = 0;
 int i;
 const char *attrs[] = { SYSDB_MEMBEROF,
 SYSDB_GIDNUM,
 SYSDB_UIDNUM,
+SYSDB_NAME_ALIAS,
 NULL };
 const char *group_attrs[] = { SYSDB_NAME,
   NULL };
@@ -358,6 +372,24 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx,
 }
 }
 
+aliases = ldb_msg_find_element(msg, SYSDB_NAME_ALIAS);
+if (!aliases || aliases->num_values == 0) {
+/* No nameAlias for this user in sysdb currently */
+sysdb_aliases = NULL;
+num_aliases = 0;
+} else {
+num_aliases = aliases->num_values;
+sysdb_aliases = talloc_array(tmp_ctx, char *, num_aliases + 1);
+NULL_CHECK(sysdb_aliases, ret, done);
+
+for (i = 0; i < aliases->num_values; i++) {
+sysdb_aliases[i] = talloc_strdup(sysdb_aliases,
+ (const char *)aliases->values[i].data);
+NULL_CHECK(sysdb_aliases[i], ret, done);
+}
+sysdb_aliases[aliases->num_values] = NULL;
+}
+
 /* resolve secondary groups */
 if (groupnames != NULL) {

[SSSD] [sssd PR#39][-Changes requested] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/39
Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#39][+Changes requested] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/39
Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/39
Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)

lslebodn commented:
"""
On (23/11/16 08:07), celestian wrote:
>I pushed new version. The patch is the same plus I added back-ported patch 
>from #80 (with cerry-pick tag).
>
NACK to two patches.
As I explained it before there is not a reason
to introduce regression in one patch and fix in another patch.

Please squash them together. The commit message can contain
information about squasing commits

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/39#issuecomment-262582550
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#39][-Changes requested] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/39
Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/39
Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)

celestian commented:
"""
I pushed new version. The patch is the same plus I added back-ported patch from 
#80 (with cerry-pick tag).
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/39#issuecomment-262557829
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#39][synchronized] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread celestian

   URL: https://github.com/SSSD/sssd/pull/39
Author: celestian
 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/39/head:pr39
git checkout pr39
From dbba27272c8ab358dbf6dea8adfedfe9d511c36d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= 
Date: Wed, 12 Oct 2016 16:48:38 +0200
Subject: [PATCH 1/2] SYSDB: Adding lowercase sudoUser form

If domain is not case sensitive we add lowercase form of usernames
to sudoUser attributes. So we actually able to apply sudoRule on
user Administrator@... with login admnistrator@...

Resolves:
https://fedorahosted.org/sssd/ticket/3203
(cherry picked from commit f4a1046bb88d7a0ab3617e49ae94bfa849d10645)
---
 src/db/sysdb_sudo.c| 105 -
 src/db/sysdb_sudo.h|   7 +-
 src/responder/sudo/sudosrv_get_sudorules.c |  15 +++--
 3 files changed, 117 insertions(+), 10 deletions(-)

diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
index 76116ab..39a6558 100644
--- a/src/db/sysdb_sudo.c
+++ b/src/db/sysdb_sudo.c
@@ -216,9 +216,9 @@ errno_t sysdb_sudo_filter_rules_by_time(TALLOC_CTX *mem_ctx,
 }
 
 errno_t
-sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username,
-  uid_t uid, char **groupnames, unsigned int flags,
-  char **_filter)
+sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, char **aliases,
+  uid_t uid, char **groupnames, bool case_sensitive_domain,
+  unsigned int flags, char **_filter)
 {
 TALLOC_CTX *tmp_ctx = NULL;
 char *filter = NULL;
@@ -258,6 +258,15 @@ sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username,
  SYSDB_SUDO_CACHE_AT_USER,
  sanitized);
 NULL_CHECK(specific_filter, ret, done);
+
+if (case_sensitive_domain == false) {
+for (i = 0; aliases[i] != NULL; i++) {
+specific_filter = talloc_asprintf_append(specific_filter, "(%s=%s)",
+ SYSDB_SUDO_CACHE_AT_USER,
+ aliases[i]);
+NULL_CHECK(specific_filter, ret, done);
+}
+}
 }
 
 if ((flags & SYSDB_SUDO_FILTER_UID) && (uid != 0)) {
@@ -320,6 +329,7 @@ errno_t
 sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx,
  struct sss_domain_info *domain,
  const char *username, uid_t *_uid,
+ char ***_aliases,
  char ***groupnames)
 {
 TALLOC_CTX *tmp_ctx;
@@ -327,15 +337,19 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx,
 struct ldb_message *msg;
 struct ldb_message *group_msg = NULL;
 char **sysdb_groupnames = NULL;
+char **sysdb_aliases = NULL;
 const char *primary_group = NULL;
 struct ldb_message_element *groups;
+struct ldb_message_element *aliases;
 uid_t uid = 0;
 gid_t gid = 0;
 size_t num_groups = 0;
+size_t num_aliases = 0;
 int i;
 const char *attrs[] = { SYSDB_MEMBEROF,
 SYSDB_GIDNUM,
 SYSDB_UIDNUM,
+SYSDB_NAME_ALIAS,
 NULL };
 const char *group_attrs[] = { SYSDB_NAME,
   NULL };
@@ -358,6 +372,24 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx,
 }
 }
 
+aliases = ldb_msg_find_element(msg, SYSDB_NAME_ALIAS);
+if (!aliases || aliases->num_values == 0) {
+/* No nameAlias for this user in sysdb currently */
+sysdb_aliases = NULL;
+num_aliases = 0;
+} else {
+num_aliases = aliases->num_values;
+sysdb_aliases = talloc_array(tmp_ctx, char *, num_aliases + 1);
+NULL_CHECK(sysdb_aliases, ret, done);
+
+for (i = 0; i < aliases->num_values; i++) {
+sysdb_aliases[i] = talloc_strdup(sysdb_aliases,
+ (const char *)aliases->values[i].data);
+NULL_CHECK(sysdb_aliases[i], ret, done);
+}
+sysdb_aliases[aliases->num_values] = NULL;
+}
+
 /* resolve secondary groups */
 if (groupnames != NULL) {
 groups = ldb_msg_find_element(msg, SYSDB_MEMBEROF);
@@ -421,6 +453,10 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx,
 *_uid = uid;
 }
 
+if (sysdb_aliases != NULL) {
+*_aliases = talloc_steal(mem_ctx, sysdb_aliases);
+}
+
 if (groupnames != NULL) {
 *groupnames = talloc_steal(mem_ctx, sysdb_groupnames);
 }
@@ -801,6 +837,64 @@ sysdb_sudo_add_sss_attrs(struct sysdb_attrs *rule,
 return EOK;
 }
 
+static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info

[SSSD] [sssd PR#46][comment] sss_client: Defer thread cancellation until completion of nss/pam operations

2016-11-23 Thread sumit-bose

  URL: https://github.com/SSSD/sssd/pull/46
Title: #46: sss_client: Defer thread cancellation until completion of nss/pam 
operations

sumit-bose commented:
"""
Testing went fine, but there is a "declared 'static' but never defined" issue. 
If this patch can be push with

diff --git a/src/sss_client/common.c b/src/sss_client/common.c
index 676a1ba..b7a5ed7 100644
--- a/src/sss_client/common.c
+++ b/src/sss_client/common.c
@@ -1073,8 +1073,6 @@ struct sss_mutex {
 int old_cancel_state;
 };
 
-static void sss_nss_mc_mt_init(void);
-
 static struct sss_mutex sss_nss_mtx = { .mtx  = PTHREAD_MUTEX_INITIALIZER };
 
 static struct sss_mutex sss_pam_mtx = { .mtx  = PTHREAD_MUTEX_INITIALIZER };


It would be an ACK from me.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/46#issuecomment-26232
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#75][synchronized] Add configuirable max payload size limit of a secret

2016-11-23 Thread fidencio

   URL: https://github.com/SSSD/sssd/pull/75
Author: fidencio
 Title: #75: Add configuirable max payload size limit of a secret
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/75/head:pr75
git checkout pr75
From 9be11dd19a392efbe7c75ef0d4515b6eb8f775ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Tue, 8 Nov 2016 16:39:48 +0100
Subject: [PATCH 1/2] SECRETS: Delete all secrets stored during "max_secrets"
 test
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Otherwise we will have an 507 error in case any secret is added by any
of the tests that may be implemented in the future.

Signed-off-by: Fabiano Fidêncio 
---
 src/tests/intg/test_secrets.py | 4 
 1 file changed, 4 insertions(+)

diff --git a/src/tests/intg/test_secrets.py b/src/tests/intg/test_secrets.py
index 57b8f3f..09a91e0 100644
--- a/src/tests/intg/test_secrets.py
+++ b/src/tests/intg/test_secrets.py
@@ -151,6 +151,10 @@ def test_crd_ops(setup_for_secrets, secrets_cli):
 cli.set_secret(str(MAX_SECRETS), sec_value)
 assert str(err507.value).startswith("507")
 
+# Delete all stored secrets used for max secrets tests
+for x in xrange(MAX_SECRETS):
+cli.del_secret(str(x))
+
 
 def test_containers(setup_for_secrets, secrets_cli):
 """

From 273749d58c73dff9f4e001dae4c3dd1decfc98cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Tue, 8 Nov 2016 16:46:21 +0100
Subject: [PATCH 2/2] SECRETS: Add configurable payload size limit of a secret
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Resolves:
https://fedorahosted.org/sssd/ticket/3169

Signed-off-by: Fabiano Fidêncio 
---
 src/confdb/confdb.h|  1 +
 src/config/SSSDConfig/__init__.py.in   |  1 +
 src/config/cfg_rules.ini   |  1 +
 src/config/etc/sssd.api.conf   |  1 +
 src/man/sssd-secrets.5.xml | 12 
 src/responder/secrets/local.c  | 31 +++
 src/responder/secrets/providers.c  |  4 
 src/responder/secrets/secsrv.c | 13 +
 src/responder/secrets/secsrv.h |  1 +
 src/responder/secrets/secsrv_private.h |  1 +
 src/tests/intg/test_secrets.py | 15 +++
 src/util/util_errors.c |  1 +
 src/util/util_errors.h |  1 +
 13 files changed, 83 insertions(+)

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 2a1e581..12beaab 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -226,6 +226,7 @@
 #define CONFDB_SEC_CONF_ENTRY "config/secrets"
 #define CONFDB_SEC_CONTAINERS_NEST_LEVEL "containers_nest_level"
 #define CONFDB_SEC_MAX_SECRETS "max_secrets"
+#define CONFDB_SEC_MAX_PAYLOAD_SIZE "max_payload_size"
 
 
 struct confdb_ctx;
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 381ff95..be09e8f 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -123,6 +123,7 @@ option_strings = {
 'provider': _('The provider where the secrets will be stored in'),
 'containers_nest_level': _('The maximum allowed number of nested containers'),
 'max_secrets': _('The maximum number of secrets that can be stored'),
+'max_payload_size': _('The maximum payload size of a secret in kilobytes'),
 # secrets - proxy
 'proxy_url': _('The URL Custodia server is listening on'),
 'auth_type': _('The method to use when authenticating to a Custodia server'),
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 882a185..ec44bff 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -230,6 +230,7 @@ option = client_idle_timeout
 option = description
 option = containers_nest_level
 option = max_secrets
+option = max_payload_size
 
 [rule/allowed_sec_users_options]
 validator = ini_allowed_options
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index be24bce..d591228 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -100,6 +100,7 @@ user_attributes = str, None, false
 provider = str, None, false
 containers_nest_level = int, None, false
 max_secrets = int, None, false
+max_payload_size = int, None, false
 # Secrets service - proxy
 proxy_url = str, None, false
 auth_type = str, None, false
diff --git a/src/man/sssd-secrets.5.xml b/src/man/sssd-secrets.5.xml
index 7ec54c2..80e9c40 100644
--- a/src/man/sssd-secrets.5.xml
+++ b/src/man/sssd-secrets.5.xml
@@ -168,6 +168,18 @@ systemctl enable sssd-secrets.service
 
 
 
+
+max_payload_size (integer)
+
+
+This option specifies the maximum payload size

[SSSD] [sssd PR#75][-Changes requested] Add configuirable max payload size limit of a secret

2016-11-23 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/75
Title: #75: Add configuirable max payload size limit of a secret

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#75][comment] Add configuirable max payload size limit of a secret

2016-11-23 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/75
Title: #75: Add configuirable max payload size limit of a secret

fidencio commented:
"""
New version pushed.

```
[ffidenci@cat x86_64]$ git diff
diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c
index a9cf74d..ed70193 100644
--- a/src/responder/secrets/local.c
+++ b/src/responder/secrets/local.c
@@ -461,8 +461,10 @@ static int local_check_max_payload_size(struct 
local_context *lctx,
 DEBUG(SSSDBG_OP_FAILURE,
   "Secrets' payload size [%d kb (%d)] exceeds the maximum allowed "
   "payload size [%d kb (%d)]\n",
-  payload_size * 1024 /* kb */, payload_size,
-  lctx->max_payload_size /* kb */, max_payload_size);
+  payload_size * 1024, /* kb */
+  payload_size,
+  lctx->max_payload_size, /* kb */
+  max_payload_size);
 
 return ERR_SEC_PAYLOAD_SIZE_IS_TOO_LARGE;
 }
```
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/75#issuecomment-262541883
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#75][synchronized] Add configuirable max payload size limit of a secret

2016-11-23 Thread fidencio

   URL: https://github.com/SSSD/sssd/pull/75
Author: fidencio
 Title: #75: Add configuirable max payload size limit of a secret
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/75/head:pr75
git checkout pr75
From 39f7e82bce77f81e9f8f7aa490fb2bb186d9b80c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Tue, 8 Nov 2016 16:39:48 +0100
Subject: [PATCH 1/2] SECRETS: Delete all secret stored during "max_secrets"
 test
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Otherwise we will have an 507 error in case any secret is added by any
of the tests that may be implemented in the future.

Signed-off-by: Fabiano Fidêncio 
---
 src/tests/intg/test_secrets.py | 4 
 1 file changed, 4 insertions(+)

diff --git a/src/tests/intg/test_secrets.py b/src/tests/intg/test_secrets.py
index 57b8f3f..09a91e0 100644
--- a/src/tests/intg/test_secrets.py
+++ b/src/tests/intg/test_secrets.py
@@ -151,6 +151,10 @@ def test_crd_ops(setup_for_secrets, secrets_cli):
 cli.set_secret(str(MAX_SECRETS), sec_value)
 assert str(err507.value).startswith("507")
 
+# Delete all stored secrets used for max secrets tests
+for x in xrange(MAX_SECRETS):
+cli.del_secret(str(x))
+
 
 def test_containers(setup_for_secrets, secrets_cli):
 """

From 47497ee224f5b345487e4a3afd6ce1c84b208faf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Tue, 8 Nov 2016 16:46:21 +0100
Subject: [PATCH 2/2] SECRETS: Add configurable payload size limit of a secret
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Resolves:
https://fedorahosted.org/sssd/ticket/3169

Signed-off-by: Fabiano Fidêncio 
---
 src/confdb/confdb.h|  1 +
 src/config/SSSDConfig/__init__.py.in   |  1 +
 src/config/cfg_rules.ini   |  1 +
 src/config/etc/sssd.api.conf   |  1 +
 src/man/sssd-secrets.5.xml | 12 
 src/responder/secrets/local.c  | 31 +++
 src/responder/secrets/providers.c  |  4 
 src/responder/secrets/secsrv.c | 13 +
 src/responder/secrets/secsrv.h |  1 +
 src/responder/secrets/secsrv_private.h |  1 +
 src/tests/intg/test_secrets.py | 15 +++
 src/util/util_errors.c |  1 +
 src/util/util_errors.h |  1 +
 13 files changed, 83 insertions(+)

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 2a1e581..12beaab 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -226,6 +226,7 @@
 #define CONFDB_SEC_CONF_ENTRY "config/secrets"
 #define CONFDB_SEC_CONTAINERS_NEST_LEVEL "containers_nest_level"
 #define CONFDB_SEC_MAX_SECRETS "max_secrets"
+#define CONFDB_SEC_MAX_PAYLOAD_SIZE "max_payload_size"
 
 
 struct confdb_ctx;
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 381ff95..be09e8f 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -123,6 +123,7 @@ option_strings = {
 'provider': _('The provider where the secrets will be stored in'),
 'containers_nest_level': _('The maximum allowed number of nested containers'),
 'max_secrets': _('The maximum number of secrets that can be stored'),
+'max_payload_size': _('The maximum payload size of a secret in kilobytes'),
 # secrets - proxy
 'proxy_url': _('The URL Custodia server is listening on'),
 'auth_type': _('The method to use when authenticating to a Custodia server'),
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 882a185..ec44bff 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -230,6 +230,7 @@ option = client_idle_timeout
 option = description
 option = containers_nest_level
 option = max_secrets
+option = max_payload_size
 
 [rule/allowed_sec_users_options]
 validator = ini_allowed_options
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index be24bce..d591228 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -100,6 +100,7 @@ user_attributes = str, None, false
 provider = str, None, false
 containers_nest_level = int, None, false
 max_secrets = int, None, false
+max_payload_size = int, None, false
 # Secrets service - proxy
 proxy_url = str, None, false
 auth_type = str, None, false
diff --git a/src/man/sssd-secrets.5.xml b/src/man/sssd-secrets.5.xml
index 7ec54c2..80e9c40 100644
--- a/src/man/sssd-secrets.5.xml
+++ b/src/man/sssd-secrets.5.xml
@@ -168,6 +168,18 @@ systemctl enable sssd-secrets.service
 
 
 
+
+max_payload_size (integer)
+
+
+This option specifies the maximum payload size

[SSSD] [sssd PR#75][comment] Add configuirable max payload size limit of a secret

2016-11-23 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/75
Title: #75: Add configuirable max payload size limit of a secret

jhrozek commented:
"""
Apart from the nitpick, I don't have any other comments. Unless someone else 
has, I can even squash the nitpick and just push the patches, -- just let me 
know.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/75#issuecomment-262539383
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#75][+Changes requested] Add configuirable max payload size limit of a secret

2016-11-23 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/75
Title: #75: Add configuirable max payload size limit of a secret

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#85][comment] SYSDB: Removing of sysdb_try_to_find_expected_dn()

2016-11-23 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/85
Title: #85: SYSDB: Removing of sysdb_try_to_find_expected_dn()

celestian commented:
"""
Reproducer:

We need AD domain and it's AD subdomain.
If we type in SSSD box connected to AD domain:
```
id Administrator@
```
it resolves between Administrator@ and Administrator@
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/85#issuecomment-262537432
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#39][-Accepted] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/39
Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)

Label: -Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#39][+Changes requested] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/39
Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/39
Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)

jhrozek commented:
"""
regardless of what we choose, the patch for PR #80 does not apply atop this 
patch, can we have a version that applies to the 1.13 branch, please?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/39#issuecomment-262536635
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#85][opened] SYSDB: Removing of sysdb_try_to_find_expected_dn()

2016-11-23 Thread celestian

   URL: https://github.com/SSSD/sssd/pull/85
Author: celestian
 Title: #85: SYSDB: Removing of sysdb_try_to_find_expected_dn()
Action: opened

PR body:
"""
Currently in order to match multiple LDAP search results we
use two different functions - we have sysdb_try_to_find_expected_dn()
but also sdap_object_in_domain().

This patch removes sysdb_try_to_find_expected_dn() and add new
sdap_search_initgr_user_in_batch() based on sdap_object_in_domain().
This function covers necessary logic.

Resolves:
https://fedorahosted.org/sssd/ticket/3230
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/85/head:pr85
git checkout pr85
From f26af5f1bb37015554864beed13dba0be87daaff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= 
Date: Wed, 23 Nov 2016 15:48:47 +0100
Subject: [PATCH] SYSDB: Removing of sysdb_try_to_find_expected_dn()

Currently in order to match multiple LDAP search results we
use two different functions - we have sysdb_try_to_find_expected_dn()
but also sdap_object_in_domain().

This patch removes sysdb_try_to_find_expected_dn() and add new
sdap_search_initgr_user_in_batch() based on sdap_object_in_domain().
This function covers necessary logic.

Resolves:
https://fedorahosted.org/sssd/ticket/3230
---
 src/db/sysdb.h |   6 -
 src/db/sysdb_subdomains.c  | 332 -
 src/providers/ldap/sdap.c  |   6 +-
 src/providers/ldap/sdap.h  |   4 +
 src/providers/ldap/sdap_async_initgroups.c |  28 ++-
 src/tests/cmocka/test_sysdb_subdomains.c   | 104 -
 6 files changed, 30 insertions(+), 450 deletions(-)

diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 5dedd97..3b592d6 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -1295,10 +1295,4 @@ errno_t sysdb_handle_original_uuid(const char *orig_name,
struct sysdb_attrs *dest_attrs,
const char *dest_name);
 
-errno_t sysdb_try_to_find_expected_dn(struct sss_domain_info *dom,
-  const char *domain_component_name,
-  const char *ldap_search_base,
-  struct sysdb_attrs **usr_attrs,
-  size_t count,
-  struct sysdb_attrs **exp_usr);
 #endif /* __SYS_DB_H__ */
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
index 7801404..1f43bfc 100644
--- a/src/db/sysdb_subdomains.c
+++ b/src/db/sysdb_subdomains.c
@@ -1144,335 +1144,3 @@ errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name)
 talloc_free(tmp_ctx);
 return ret;
 }
-
-static errno_t match_cn_users(TALLOC_CTX *tmp_ctx,
-  struct sysdb_attrs **usr_attrs,
-  size_t count,
-  const char *dom_basedn,
-  struct sysdb_attrs **_result)
-{
-errno_t ret;
-const char *orig_dn;
-size_t dn_len;
-struct sysdb_attrs *result = NULL;
-const char *result_dn_str = NULL;
-char *cn_users_basedn;
-size_t cn_users_basedn_len;
-
-cn_users_basedn = talloc_asprintf(tmp_ctx, "%s%s", "cn=users,", dom_basedn);
-if (cn_users_basedn == NULL) {
-ret = ENOMEM;
-goto done;
-}
-cn_users_basedn_len = strlen(cn_users_basedn);
-DEBUG(SSSDBG_TRACE_ALL, "cn=users baseDN is [%s].\n", cn_users_basedn);
-
-for (size_t c = 0; c < count; c++) {
-ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, _dn);
-if (ret != EOK) {
-DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
-goto done;
-}
-dn_len = strlen(orig_dn);
-
-if (dn_len > cn_users_basedn_len
-&& strcasecmp(orig_dn + (dn_len - cn_users_basedn_len),
-  cn_users_basedn) == 0) {
-DEBUG(SSSDBG_TRACE_ALL,
-  "Found matching dn [%s].\n", orig_dn);
-if (result != NULL) {
-DEBUG(SSSDBG_OP_FAILURE,
-  "Found 2 matching DN [%s] and [%s], expecting only 1.\n",
-  result_dn_str, orig_dn);
-ret = EINVAL;
-goto done;
-}
-result = usr_attrs[c];
-result_dn_str = orig_dn;
-}
-}
-
-ret = EOK;
-done:
-*_result = result;
-return ret;
-}
-
-static errno_t match_non_dc_comp(TALLOC_CTX *tmp_ctx,
- struct sss_domain_info *dom,
- struct sysdb_attrs **usr_attrs,
- size_t count,
- struct ldb_dn *ldb_basedn,
- const char *basedn,
- const char *domain_component_name,
-

[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/39
Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)

lslebodn commented:
"""
On (23/11/16 06:19), celestian wrote:
>Thanks for CR.
>After pushing it is important to cherry pick #80 as well.
>
I do not agree. The ticket #3241 was a regression caused by
#3203.

This patch should fix #3203 for 1.13
I do not see a reason why we should introduce regression
with the patch a fix it with other patch.
I would prefer to squash patches together for 1.13 branch.

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/39#issuecomment-262532341
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/39
Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)

jhrozek commented:
"""
For some reason the downstream tests are stuck and time out, even with 
known-good packages. I will keep trying but for downstream's sake I'm going to 
push the patch based on my manual testing.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/39#issuecomment-262530794
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#79][edited] BUILD: Drop libsss_config

2016-11-23 Thread fidencio

   URL: https://github.com/SSSD/sssd/pull/79
Author: fidencio
 Title: #79: BUILD: Drop libsss_config
Action: edited

 Changed field: title
Original value:
"""
LIBSSS_CONFIG: Drop libsss_config
"""

___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#79][-Changes requested] LIBSSS_CONFIG: Drop libsss_config

2016-11-23 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/79
Title: #79: LIBSSS_CONFIG: Drop libsss_config

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#79][comment] LIBSSS_CONFIG: Drop libsss_config

2016-11-23 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/79
Title: #79: LIBSSS_CONFIG: Drop libsss_config

fidencio commented:
"""
Suggestion taken and changes done, thanks for the review!
I've just pushed a new version of the patch.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/79#issuecomment-262529623
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#79][synchronized] LIBSSS_CONFIG: Drop libsss_config

2016-11-23 Thread fidencio

   URL: https://github.com/SSSD/sssd/pull/79
Author: fidencio
 Title: #79: LIBSSS_CONFIG: Drop libsss_config
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/79/head:pr79
git checkout pr79
From 367332abf2c5f50f265ea8cff9801fb792535838 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Thu, 10 Nov 2016 18:31:02 +0100
Subject: [PATCH] BUILD: Drop libsss_config
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

libsss_config has been used only by OpenLMI and the project has been
deprecated making, then, no sense to keep the support on SSSD.

Distros that, for some reason, are still packing and distributing
OpenLMI can stick to SSSD 1.14 branch.

Signed-off-by: Fabiano Fidêncio 
---
 Makefile.am |  47 --
 configure.ac|   5 -
 contrib/ci/deps.sh  |   1 -
 contrib/sssd.spec.in|   2 -
 src/external/configlib.m4   |  12 -
 src/external/libaugeas.m4   |  10 -
 src/responder/ifp/ifp_components.c  | 228 
 src/responder/ifp/ifp_components.h  |   8 -
 src/responder/ifp/ifp_iface.c   |   3 -
 src/responder/ifp/ifp_iface.xml |   6 -
 src/responder/ifp/ifp_iface_generated.c |  45 --
 src/responder/ifp/ifp_iface_generated.h |  15 -
 src/tests/dlopen-tests.c|   3 -
 src/tests/sss_config-tests.c| 884 
 src/util/sss_config.c   | 509 --
 src/util/sss_config.h   |  71 ---
 16 files changed, 1849 deletions(-)
 delete mode 100644 src/external/configlib.m4
 delete mode 100644 src/external/libaugeas.m4
 delete mode 100644 src/tests/sss_config-tests.c
 delete mode 100644 src/util/sss_config.c
 delete mode 100644 src/util/sss_config.h

diff --git a/Makefile.am b/Makefile.am
index e037930..0c7797b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -208,12 +208,6 @@ if BUILD_SSH
 non_interactive_check_based_tests += sysdb_ssh-tests
 endif
 
-if BUILD_IFP
-if BUILD_CONFIG_LIB
-non_interactive_check_based_tests += sss_config-tests
-endif # BUILD_CONFIG_LIB
-endif # BUILD_IFP
-
 if BUILD_DBUS_TESTS
 non_interactive_check_based_tests += \
 	sbus_tests \
@@ -604,7 +598,6 @@ dist_noinst_HEADERS = \
 src/util/sss_ssh.h \
 src/util/sss_ini.h \
 src/util/sss_format.h \
-src/util/sss_config.h \
 src/util/refcount.h \
 src/util/find_uid.h \
 src/util/user_info_msg.h \
@@ -1028,24 +1021,6 @@ SSSD_INTERNAL_LTLIBS = \
 libsss_child.la \
 $(NULL)
 
-if BUILD_IFP
-if BUILD_CONFIG_LIB
-pkglib_LTLIBRARIES += libsss_config.la
-libsss_config_la_SOURCES = \
-src/util/sss_config.c
-libsss_config_la_CFLAGS = \
-$(AM_CFLAGS) \
-$(AUGEAS_CFLAGS) \
-$(TALLOC_CFLAGS)
-libsss_config_la_LIBADD = \
-$(AUGEAS_LIBS) \
-$(TALLOC_LIBS) \
-$(SSSD_INTERNAL_LTLIBS)
-libsss_config_la_LDFLAGS = \
--avoid-version
-endif # BUILD_CONFIG_LIB
-endif # BUILD_IFP
-
 lib_LTLIBRARIES = libipa_hbac.la \
   libsss_idmap.la \
   libsss_nss_idmap.la \
@@ -1387,11 +1362,6 @@ dist_dbuspolicy_DATA = \
 src/responder/ifp/org.freedesktop.sssd.infopipe.conf
 dist_dbusservice_DATA = \
 src/responder/ifp/org.freedesktop.sssd.infopipe.service
-
-if BUILD_CONFIG_LIB
-sssd_ifp_LDADD += libsss_config.la
-endif
-
 endif
 
 if BUILD_SECRETS
@@ -2094,23 +2064,6 @@ sbus_codegen_tests_LDADD = \
 
 endif # BUILD_DBUS_TESTS
 
-if BUILD_IFP
-if BUILD_CONFIG_LIB
-sss_config_tests_SOURCES = \
-src/tests/sss_config-tests.c \
-src/tests/common.c
-sss_config_tests_CFLAGS = \
-$(AM_CFLAGS) \
-$(CHECK_CFLAGS)
-sss_config_tests_LDADD = \
-$(SSSD_LIBS) \
-$(CHECK_LIBS) \
-$(SSSD_INTERNAL_LTLIBS) \
-libsss_config.la \
-libsss_test_common.la
-endif # BUILD_CONFIG_LIB
-endif # BUILD_IFP
-
 if HAVE_CMOCKA
 
 TEST_MOCK_RESP_OBJ = \
diff --git a/configure.ac b/configure.ac
index d3ef1e1..d48f08c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -195,7 +195,6 @@ m4_include([src/external/signal.m4])
 m4_include([src/external/inotify.m4])
 m4_include([src/external/samba.m4])
 m4_include([src/external/sasl.m4])
-m4_include([src/external/configlib.m4])
 m4_include([src/external/libnfsidmap.m4])
 m4_include([src/external/cwrap.m4])
 m4_include([src/external/libresolv.m4])
@@ -208,10 +207,6 @@ if test x$with_secrets = xyes; then
 m4_include([src/external/libjansson.m4])
 fi
 
-if test x$build_config_lib = xyes; then
-m4_include([src/external/libaugeas.m4])
-fi
-
 WITH_UNICODE_LIB
 if test x$unicode_lib = xlibunistring; then
 m4_include([src/external/libunistring.m4])
diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh
index 9a7098c..387ad1f 100644
--- a/contrib/ci/deps.sh
+++ b/contrib/ci/deps.sh
@@ -69,7 +69,6 @@ if [[

[SSSD] [sssd PR#66][comment] Minor Dynamic DNS fixes

2016-11-23 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/66
Title: #66: Minor Dynamic DNS fixes

jhrozek commented:
"""
On Wed, Nov 23, 2016 at 06:05:10AM -0800, lslebodn wrote:
> @jhrozek Do you pan to review the patch?

Feel free to take over the review, I'm currently busy with other work.

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/66#issuecomment-262529286
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#46][comment] sss_client: Defer thread cancellation until completion of nss/pam operations

2016-11-23 Thread sumit-bose

  URL: https://github.com/SSSD/sssd/pull/46
Title: #46: sss_client: Defer thread cancellation until completion of nss/pam 
operations

sumit-bose commented:
"""
I'm fine with the patch as well. Shall I re-run the test with the original 
reproducer or did you already run it?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/46#issuecomment-262525503
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)

2016-11-23 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/39
Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)

celestian commented:
"""
Thanks for CR.
After pushing it is important to cherry pick #80 as well.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/39#issuecomment-262524310
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#66][comment] Minor Dynamic DNS fixes

2016-11-23 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/66
Title: #66: Minor Dynamic DNS fixes

lslebodn commented:
"""
@jhrozek Do you pan to review the patch?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/66#issuecomment-262520613
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#46][comment] sss_client: Defer thread cancellation until completion of nss/pam operations

2016-11-23 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/46
Title: #46: sss_client: Defer thread cancellation until completion of nss/pam 
operations

lslebodn commented:
"""
I asked Florian on IRC and he is fine with the last version.
@sumit-bose do you have other comments; can we push it?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/46#issuecomment-262520348
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#79][+Changes requested] LIBSSS_CONFIG: Drop libsss_config

2016-11-23 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/79
Title: #79: LIBSSS_CONFIG: Drop libsss_config

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#79][comment] LIBSSS_CONFIG: Drop libsss_config

2016-11-23 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/79
Title: #79: LIBSSS_CONFIG: Drop libsss_config

lslebodn commented:
"""
There is a tiny conflict due to change in `src/external/configlib.m4`

There is also typo in commit message `lib_config` and IMHO it might be 
better to use "BUILD"
as a component in commit title rather then `LIBSSS_CONFIG`.

I think you also forgot to remove methods from 
`src/responder/ifp/ifp_iface.xml` which is used
for generating C code.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/79#issuecomment-262518170
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: trac cleanup of the patches welcome milestone

2016-11-23 Thread Jakub Hrozek

On Thu, Nov 17, 2016 at 12:23:24PM +0100, Jakub Hrozek wrote:
> Hi,
> 
> as we're planning what exactly are we going to work on in the next release
> and also preparing to move away from fedorahosted, I think it makes sense
> to clean up our Trac. The intent is to make our trac better searchable
> and reduce clutter.
> 
> First, I went through the Patches Welcome milestone and marked tickets
> that in my opinion should be just closed:
> https://fedorahosted.org/sssd/report/35
> 
> These are tickets that either talk about enhancements to the local
> provider, do not have any useful information (example: a crash in the
> version we shipped in RHEL-6.1) or were simply filed as an idea many
> years ago but since then nobody stepped up to work on this ticket and
> nebody requested this work again, so the assumption is that nobody
> really needs that work.
> 
> Feel free to go through this list and push back if you disagree. For
> tickets where nobody complains about closing them, I will close them in
> a week from now. If somebody will disagree about closing these tickets,
> we can always reopen them..

One last call for anyone who would like to push back on some tickets
before I close them tomorrow and start cleaning up the 'future releases'
milestone.
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#83][-Changes requested] TESTS: Check new line at end of file

2016-11-23 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/83
Title: #83: TESTS: Check new line at end of file

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#83][closed] TESTS: Check new line at end of file

2016-11-23 Thread lslebodn

   URL: https://github.com/SSSD/sssd/pull/83
Author: lslebodn
 Title: #83: TESTS: Check new line at end of file
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/83/head:pr83
git checkout pr83
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#83][+Pushed] TESTS: Check new line at end of file

2016-11-23 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/83
Title: #83: TESTS: Check new line at end of file

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#83][comment] TESTS: Check new line at end of file

2016-11-23 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/83
Title: #83: TESTS: Check new line at end of file

lslebodn commented:
"""
On (22/11/16 08:16), Nikolai Kondrashov wrote:
>Looks good to me!
>
* 900778b5afd0143005cfd40cc67ad5086481f7ee

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/83#issuecomment-262501226
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#80][+Pushed] SYSDB: Fixing of sudorule without a sudoUser

2016-11-23 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/80
Title: #80: SYSDB: Fixing of sudorule without a sudoUser

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#80][comment] SYSDB: Fixing of sudorule without a sudoUser

2016-11-23 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/80
Title: #80: SYSDB: Fixing of sudorule without a sudoUser

lslebodn commented:
"""
master:
* 7e23edbaa7a6bbd0b461d5792535896b6a77928b

sssd-1-14:
* 54f176066dafafdc12f6e0dd112ff6339308aa7c 


"""

See the full comment at 
https://github.com/SSSD/sssd/pull/80#issuecomment-262499125
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#80][closed] SYSDB: Fixing of sudorule without a sudoUser

2016-11-23 Thread lslebodn

   URL: https://github.com/SSSD/sssd/pull/80
Author: celestian
 Title: #80: SYSDB: Fixing of sudorule without a sudoUser
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/80/head:pr80
git checkout pr80
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

45 matches

Mail list logo