[SSSD] [sssd PR#75][comment] Add configuirable max payload size limit of a secret
URL: https://github.com/SSSD/sssd/pull/75 Title: #75: Add configuirable max payload size limit of a secret jhrozek commented: """ ACK, I'll push when CI finishes """ See the full comment at https://github.com/SSSD/sssd/pull/75#issuecomment-262710494 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) jhrozek commented: """ (CI pending) """ See the full comment at https://github.com/SSSD/sssd/pull/39#issuecomment-262709772 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#39][+Accepted] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) jhrozek commented: """ ack, this version works for me """ See the full comment at https://github.com/SSSD/sssd/pull/39#issuecomment-262709744 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) celestian commented: """ Squashed version pushed. """ See the full comment at https://github.com/SSSD/sssd/pull/39#issuecomment-262694326 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#39][synchronized] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Author: celestian Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/39/head:pr39 git checkout pr39 From 40ecde220e26109b81c9be5676b4c8ef4084de03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?=Date: Wed, 12 Oct 2016 16:48:38 +0200 Subject: [PATCH] SYSDB: Adding lowercase sudoUser form If domain is not case sensitive we add lowercase form of usernames to sudoUser attributes. So we actually able to apply sudoRule on user Administrator@... with login admnistrator@... This patch is squashed with Resolves: https://fedorahosted.org/sssd/ticket/3203 (cherry picked from commit f4a1046bb88d7a0ab3617e49ae94bfa849d10645) Squashed with: SYSDB: Fixing of sudorule without a sudoUser This patch solved a regression caused by the recent patches to lowercase sudoUser -- in case sudoUser is missing completely, we abort the processing of this rule and all others. With this patch, we return ERR_MALFORMED_ENTRY and gracefully skip the malformed rule instead. Resolves: https://fedorahosted.org/sssd/ticket/3241 Reviewed-by: Jakub Hrozek (cherry picked from commit 7e23edbaa7a6bbd0b461d5792535896b6a77928b) --- src/db/sysdb_sudo.c| 110 - src/db/sysdb_sudo.h| 7 +- src/responder/sudo/sudosrv_get_sudorules.c | 15 ++-- 3 files changed, 122 insertions(+), 10 deletions(-) diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index 76116ab..de1e8da 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -216,9 +216,9 @@ errno_t sysdb_sudo_filter_rules_by_time(TALLOC_CTX *mem_ctx, } errno_t -sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, - uid_t uid, char **groupnames, unsigned int flags, - char **_filter) +sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, char **aliases, + uid_t uid, char **groupnames, bool case_sensitive_domain, + unsigned int flags, char **_filter) { TALLOC_CTX *tmp_ctx = NULL; char *filter = NULL; @@ -258,6 +258,15 @@ sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, SYSDB_SUDO_CACHE_AT_USER, sanitized); NULL_CHECK(specific_filter, ret, done); + +if (case_sensitive_domain == false) { +for (i = 0; aliases[i] != NULL; i++) { +specific_filter = talloc_asprintf_append(specific_filter, "(%s=%s)", + SYSDB_SUDO_CACHE_AT_USER, + aliases[i]); +NULL_CHECK(specific_filter, ret, done); +} +} } if ((flags & SYSDB_SUDO_FILTER_UID) && (uid != 0)) { @@ -320,6 +329,7 @@ errno_t sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *username, uid_t *_uid, + char ***_aliases, char ***groupnames) { TALLOC_CTX *tmp_ctx; @@ -327,15 +337,19 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, struct ldb_message *msg; struct ldb_message *group_msg = NULL; char **sysdb_groupnames = NULL; +char **sysdb_aliases = NULL; const char *primary_group = NULL; struct ldb_message_element *groups; +struct ldb_message_element *aliases; uid_t uid = 0; gid_t gid = 0; size_t num_groups = 0; +size_t num_aliases = 0; int i; const char *attrs[] = { SYSDB_MEMBEROF, SYSDB_GIDNUM, SYSDB_UIDNUM, +SYSDB_NAME_ALIAS, NULL }; const char *group_attrs[] = { SYSDB_NAME, NULL }; @@ -358,6 +372,24 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, } } +aliases = ldb_msg_find_element(msg, SYSDB_NAME_ALIAS); +if (!aliases || aliases->num_values == 0) { +/* No nameAlias for this user in sysdb currently */ +sysdb_aliases = NULL; +num_aliases = 0; +} else { +num_aliases = aliases->num_values; +sysdb_aliases = talloc_array(tmp_ctx, char *, num_aliases + 1); +NULL_CHECK(sysdb_aliases, ret, done); + +for (i = 0; i < aliases->num_values; i++) { +sysdb_aliases[i] = talloc_strdup(sysdb_aliases, + (const char *)aliases->values[i].data); +NULL_CHECK(sysdb_aliases[i], ret, done); +} +sysdb_aliases[aliases->num_values] = NULL; +} + /* resolve secondary groups */ if (groupnames != NULL) {
[SSSD] [sssd PR#39][-Changes requested] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#39][+Changes requested] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) lslebodn commented: """ On (23/11/16 08:07), celestian wrote: >I pushed new version. The patch is the same plus I added back-ported patch >from #80 (with cerry-pick tag). > NACK to two patches. As I explained it before there is not a reason to introduce regression in one patch and fix in another patch. Please squash them together. The commit message can contain information about squasing commits LS """ See the full comment at https://github.com/SSSD/sssd/pull/39#issuecomment-262582550 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#39][-Changes requested] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) celestian commented: """ I pushed new version. The patch is the same plus I added back-ported patch from #80 (with cerry-pick tag). """ See the full comment at https://github.com/SSSD/sssd/pull/39#issuecomment-262557829 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#39][synchronized] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Author: celestian Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/39/head:pr39 git checkout pr39 From dbba27272c8ab358dbf6dea8adfedfe9d511c36d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?=Date: Wed, 12 Oct 2016 16:48:38 +0200 Subject: [PATCH 1/2] SYSDB: Adding lowercase sudoUser form If domain is not case sensitive we add lowercase form of usernames to sudoUser attributes. So we actually able to apply sudoRule on user Administrator@... with login admnistrator@... Resolves: https://fedorahosted.org/sssd/ticket/3203 (cherry picked from commit f4a1046bb88d7a0ab3617e49ae94bfa849d10645) --- src/db/sysdb_sudo.c| 105 - src/db/sysdb_sudo.h| 7 +- src/responder/sudo/sudosrv_get_sudorules.c | 15 +++-- 3 files changed, 117 insertions(+), 10 deletions(-) diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index 76116ab..39a6558 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -216,9 +216,9 @@ errno_t sysdb_sudo_filter_rules_by_time(TALLOC_CTX *mem_ctx, } errno_t -sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, - uid_t uid, char **groupnames, unsigned int flags, - char **_filter) +sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, char **aliases, + uid_t uid, char **groupnames, bool case_sensitive_domain, + unsigned int flags, char **_filter) { TALLOC_CTX *tmp_ctx = NULL; char *filter = NULL; @@ -258,6 +258,15 @@ sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, SYSDB_SUDO_CACHE_AT_USER, sanitized); NULL_CHECK(specific_filter, ret, done); + +if (case_sensitive_domain == false) { +for (i = 0; aliases[i] != NULL; i++) { +specific_filter = talloc_asprintf_append(specific_filter, "(%s=%s)", + SYSDB_SUDO_CACHE_AT_USER, + aliases[i]); +NULL_CHECK(specific_filter, ret, done); +} +} } if ((flags & SYSDB_SUDO_FILTER_UID) && (uid != 0)) { @@ -320,6 +329,7 @@ errno_t sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *username, uid_t *_uid, + char ***_aliases, char ***groupnames) { TALLOC_CTX *tmp_ctx; @@ -327,15 +337,19 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, struct ldb_message *msg; struct ldb_message *group_msg = NULL; char **sysdb_groupnames = NULL; +char **sysdb_aliases = NULL; const char *primary_group = NULL; struct ldb_message_element *groups; +struct ldb_message_element *aliases; uid_t uid = 0; gid_t gid = 0; size_t num_groups = 0; +size_t num_aliases = 0; int i; const char *attrs[] = { SYSDB_MEMBEROF, SYSDB_GIDNUM, SYSDB_UIDNUM, +SYSDB_NAME_ALIAS, NULL }; const char *group_attrs[] = { SYSDB_NAME, NULL }; @@ -358,6 +372,24 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, } } +aliases = ldb_msg_find_element(msg, SYSDB_NAME_ALIAS); +if (!aliases || aliases->num_values == 0) { +/* No nameAlias for this user in sysdb currently */ +sysdb_aliases = NULL; +num_aliases = 0; +} else { +num_aliases = aliases->num_values; +sysdb_aliases = talloc_array(tmp_ctx, char *, num_aliases + 1); +NULL_CHECK(sysdb_aliases, ret, done); + +for (i = 0; i < aliases->num_values; i++) { +sysdb_aliases[i] = talloc_strdup(sysdb_aliases, + (const char *)aliases->values[i].data); +NULL_CHECK(sysdb_aliases[i], ret, done); +} +sysdb_aliases[aliases->num_values] = NULL; +} + /* resolve secondary groups */ if (groupnames != NULL) { groups = ldb_msg_find_element(msg, SYSDB_MEMBEROF); @@ -421,6 +453,10 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, *_uid = uid; } +if (sysdb_aliases != NULL) { +*_aliases = talloc_steal(mem_ctx, sysdb_aliases); +} + if (groupnames != NULL) { *groupnames = talloc_steal(mem_ctx, sysdb_groupnames); } @@ -801,6 +837,64 @@ sysdb_sudo_add_sss_attrs(struct sysdb_attrs *rule, return EOK; } +static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info
[SSSD] [sssd PR#46][comment] sss_client: Defer thread cancellation until completion of nss/pam operations
URL: https://github.com/SSSD/sssd/pull/46 Title: #46: sss_client: Defer thread cancellation until completion of nss/pam operations sumit-bose commented: """ Testing went fine, but there is a "declared 'static' but never defined" issue. If this patch can be push with diff --git a/src/sss_client/common.c b/src/sss_client/common.c index 676a1ba..b7a5ed7 100644 --- a/src/sss_client/common.c +++ b/src/sss_client/common.c @@ -1073,8 +1073,6 @@ struct sss_mutex { int old_cancel_state; }; -static void sss_nss_mc_mt_init(void); - static struct sss_mutex sss_nss_mtx = { .mtx = PTHREAD_MUTEX_INITIALIZER }; static struct sss_mutex sss_pam_mtx = { .mtx = PTHREAD_MUTEX_INITIALIZER }; It would be an ACK from me. """ See the full comment at https://github.com/SSSD/sssd/pull/46#issuecomment-26232 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#75][synchronized] Add configuirable max payload size limit of a secret
URL: https://github.com/SSSD/sssd/pull/75 Author: fidencio Title: #75: Add configuirable max payload size limit of a secret Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/75/head:pr75 git checkout pr75 From 9be11dd19a392efbe7c75ef0d4515b6eb8f775ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=Date: Tue, 8 Nov 2016 16:39:48 +0100 Subject: [PATCH 1/2] SECRETS: Delete all secrets stored during "max_secrets" test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Otherwise we will have an 507 error in case any secret is added by any of the tests that may be implemented in the future. Signed-off-by: Fabiano Fidêncio --- src/tests/intg/test_secrets.py | 4 1 file changed, 4 insertions(+) diff --git a/src/tests/intg/test_secrets.py b/src/tests/intg/test_secrets.py index 57b8f3f..09a91e0 100644 --- a/src/tests/intg/test_secrets.py +++ b/src/tests/intg/test_secrets.py @@ -151,6 +151,10 @@ def test_crd_ops(setup_for_secrets, secrets_cli): cli.set_secret(str(MAX_SECRETS), sec_value) assert str(err507.value).startswith("507") +# Delete all stored secrets used for max secrets tests +for x in xrange(MAX_SECRETS): +cli.del_secret(str(x)) + def test_containers(setup_for_secrets, secrets_cli): """ From 273749d58c73dff9f4e001dae4c3dd1decfc98cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 8 Nov 2016 16:46:21 +0100 Subject: [PATCH 2/2] SECRETS: Add configurable payload size limit of a secret MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves: https://fedorahosted.org/sssd/ticket/3169 Signed-off-by: Fabiano Fidêncio --- src/confdb/confdb.h| 1 + src/config/SSSDConfig/__init__.py.in | 1 + src/config/cfg_rules.ini | 1 + src/config/etc/sssd.api.conf | 1 + src/man/sssd-secrets.5.xml | 12 src/responder/secrets/local.c | 31 +++ src/responder/secrets/providers.c | 4 src/responder/secrets/secsrv.c | 13 + src/responder/secrets/secsrv.h | 1 + src/responder/secrets/secsrv_private.h | 1 + src/tests/intg/test_secrets.py | 15 +++ src/util/util_errors.c | 1 + src/util/util_errors.h | 1 + 13 files changed, 83 insertions(+) diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 2a1e581..12beaab 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -226,6 +226,7 @@ #define CONFDB_SEC_CONF_ENTRY "config/secrets" #define CONFDB_SEC_CONTAINERS_NEST_LEVEL "containers_nest_level" #define CONFDB_SEC_MAX_SECRETS "max_secrets" +#define CONFDB_SEC_MAX_PAYLOAD_SIZE "max_payload_size" struct confdb_ctx; diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 381ff95..be09e8f 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -123,6 +123,7 @@ option_strings = { 'provider': _('The provider where the secrets will be stored in'), 'containers_nest_level': _('The maximum allowed number of nested containers'), 'max_secrets': _('The maximum number of secrets that can be stored'), +'max_payload_size': _('The maximum payload size of a secret in kilobytes'), # secrets - proxy 'proxy_url': _('The URL Custodia server is listening on'), 'auth_type': _('The method to use when authenticating to a Custodia server'), diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 882a185..ec44bff 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -230,6 +230,7 @@ option = client_idle_timeout option = description option = containers_nest_level option = max_secrets +option = max_payload_size [rule/allowed_sec_users_options] validator = ini_allowed_options diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index be24bce..d591228 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -100,6 +100,7 @@ user_attributes = str, None, false provider = str, None, false containers_nest_level = int, None, false max_secrets = int, None, false +max_payload_size = int, None, false # Secrets service - proxy proxy_url = str, None, false auth_type = str, None, false diff --git a/src/man/sssd-secrets.5.xml b/src/man/sssd-secrets.5.xml index 7ec54c2..80e9c40 100644 --- a/src/man/sssd-secrets.5.xml +++ b/src/man/sssd-secrets.5.xml @@ -168,6 +168,18 @@ systemctl enable sssd-secrets.service + +max_payload_size (integer) + + +This option specifies the maximum payload size
[SSSD] [sssd PR#75][-Changes requested] Add configuirable max payload size limit of a secret
URL: https://github.com/SSSD/sssd/pull/75 Title: #75: Add configuirable max payload size limit of a secret Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#75][comment] Add configuirable max payload size limit of a secret
URL: https://github.com/SSSD/sssd/pull/75 Title: #75: Add configuirable max payload size limit of a secret fidencio commented: """ New version pushed. ``` [ffidenci@cat x86_64]$ git diff diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c index a9cf74d..ed70193 100644 --- a/src/responder/secrets/local.c +++ b/src/responder/secrets/local.c @@ -461,8 +461,10 @@ static int local_check_max_payload_size(struct local_context *lctx, DEBUG(SSSDBG_OP_FAILURE, "Secrets' payload size [%d kb (%d)] exceeds the maximum allowed " "payload size [%d kb (%d)]\n", - payload_size * 1024 /* kb */, payload_size, - lctx->max_payload_size /* kb */, max_payload_size); + payload_size * 1024, /* kb */ + payload_size, + lctx->max_payload_size, /* kb */ + max_payload_size); return ERR_SEC_PAYLOAD_SIZE_IS_TOO_LARGE; } ``` """ See the full comment at https://github.com/SSSD/sssd/pull/75#issuecomment-262541883 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#75][synchronized] Add configuirable max payload size limit of a secret
URL: https://github.com/SSSD/sssd/pull/75 Author: fidencio Title: #75: Add configuirable max payload size limit of a secret Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/75/head:pr75 git checkout pr75 From 39f7e82bce77f81e9f8f7aa490fb2bb186d9b80c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=Date: Tue, 8 Nov 2016 16:39:48 +0100 Subject: [PATCH 1/2] SECRETS: Delete all secret stored during "max_secrets" test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Otherwise we will have an 507 error in case any secret is added by any of the tests that may be implemented in the future. Signed-off-by: Fabiano Fidêncio --- src/tests/intg/test_secrets.py | 4 1 file changed, 4 insertions(+) diff --git a/src/tests/intg/test_secrets.py b/src/tests/intg/test_secrets.py index 57b8f3f..09a91e0 100644 --- a/src/tests/intg/test_secrets.py +++ b/src/tests/intg/test_secrets.py @@ -151,6 +151,10 @@ def test_crd_ops(setup_for_secrets, secrets_cli): cli.set_secret(str(MAX_SECRETS), sec_value) assert str(err507.value).startswith("507") +# Delete all stored secrets used for max secrets tests +for x in xrange(MAX_SECRETS): +cli.del_secret(str(x)) + def test_containers(setup_for_secrets, secrets_cli): """ From 47497ee224f5b345487e4a3afd6ce1c84b208faf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 8 Nov 2016 16:46:21 +0100 Subject: [PATCH 2/2] SECRETS: Add configurable payload size limit of a secret MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves: https://fedorahosted.org/sssd/ticket/3169 Signed-off-by: Fabiano Fidêncio --- src/confdb/confdb.h| 1 + src/config/SSSDConfig/__init__.py.in | 1 + src/config/cfg_rules.ini | 1 + src/config/etc/sssd.api.conf | 1 + src/man/sssd-secrets.5.xml | 12 src/responder/secrets/local.c | 31 +++ src/responder/secrets/providers.c | 4 src/responder/secrets/secsrv.c | 13 + src/responder/secrets/secsrv.h | 1 + src/responder/secrets/secsrv_private.h | 1 + src/tests/intg/test_secrets.py | 15 +++ src/util/util_errors.c | 1 + src/util/util_errors.h | 1 + 13 files changed, 83 insertions(+) diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 2a1e581..12beaab 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -226,6 +226,7 @@ #define CONFDB_SEC_CONF_ENTRY "config/secrets" #define CONFDB_SEC_CONTAINERS_NEST_LEVEL "containers_nest_level" #define CONFDB_SEC_MAX_SECRETS "max_secrets" +#define CONFDB_SEC_MAX_PAYLOAD_SIZE "max_payload_size" struct confdb_ctx; diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 381ff95..be09e8f 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -123,6 +123,7 @@ option_strings = { 'provider': _('The provider where the secrets will be stored in'), 'containers_nest_level': _('The maximum allowed number of nested containers'), 'max_secrets': _('The maximum number of secrets that can be stored'), +'max_payload_size': _('The maximum payload size of a secret in kilobytes'), # secrets - proxy 'proxy_url': _('The URL Custodia server is listening on'), 'auth_type': _('The method to use when authenticating to a Custodia server'), diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 882a185..ec44bff 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -230,6 +230,7 @@ option = client_idle_timeout option = description option = containers_nest_level option = max_secrets +option = max_payload_size [rule/allowed_sec_users_options] validator = ini_allowed_options diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index be24bce..d591228 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -100,6 +100,7 @@ user_attributes = str, None, false provider = str, None, false containers_nest_level = int, None, false max_secrets = int, None, false +max_payload_size = int, None, false # Secrets service - proxy proxy_url = str, None, false auth_type = str, None, false diff --git a/src/man/sssd-secrets.5.xml b/src/man/sssd-secrets.5.xml index 7ec54c2..80e9c40 100644 --- a/src/man/sssd-secrets.5.xml +++ b/src/man/sssd-secrets.5.xml @@ -168,6 +168,18 @@ systemctl enable sssd-secrets.service + +max_payload_size (integer) + + +This option specifies the maximum payload size
[SSSD] [sssd PR#75][comment] Add configuirable max payload size limit of a secret
URL: https://github.com/SSSD/sssd/pull/75 Title: #75: Add configuirable max payload size limit of a secret jhrozek commented: """ Apart from the nitpick, I don't have any other comments. Unless someone else has, I can even squash the nitpick and just push the patches, -- just let me know. """ See the full comment at https://github.com/SSSD/sssd/pull/75#issuecomment-262539383 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#75][+Changes requested] Add configuirable max payload size limit of a secret
URL: https://github.com/SSSD/sssd/pull/75 Title: #75: Add configuirable max payload size limit of a secret Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#85][comment] SYSDB: Removing of sysdb_try_to_find_expected_dn()
URL: https://github.com/SSSD/sssd/pull/85 Title: #85: SYSDB: Removing of sysdb_try_to_find_expected_dn() celestian commented: """ Reproducer: We need AD domain and it's AD subdomain. If we type in SSSD box connected to AD domain: ``` id Administrator@ ``` it resolves between Administrator@ and Administrator@ """ See the full comment at https://github.com/SSSD/sssd/pull/85#issuecomment-262537432 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#39][-Accepted] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) Label: -Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#39][+Changes requested] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) jhrozek commented: """ regardless of what we choose, the patch for PR #80 does not apply atop this patch, can we have a version that applies to the 1.13 branch, please? """ See the full comment at https://github.com/SSSD/sssd/pull/39#issuecomment-262536635 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#85][opened] SYSDB: Removing of sysdb_try_to_find_expected_dn()
URL: https://github.com/SSSD/sssd/pull/85 Author: celestian Title: #85: SYSDB: Removing of sysdb_try_to_find_expected_dn() Action: opened PR body: """ Currently in order to match multiple LDAP search results we use two different functions - we have sysdb_try_to_find_expected_dn() but also sdap_object_in_domain(). This patch removes sysdb_try_to_find_expected_dn() and add new sdap_search_initgr_user_in_batch() based on sdap_object_in_domain(). This function covers necessary logic. Resolves: https://fedorahosted.org/sssd/ticket/3230 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/85/head:pr85 git checkout pr85 From f26af5f1bb37015554864beed13dba0be87daaff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?=Date: Wed, 23 Nov 2016 15:48:47 +0100 Subject: [PATCH] SYSDB: Removing of sysdb_try_to_find_expected_dn() Currently in order to match multiple LDAP search results we use two different functions - we have sysdb_try_to_find_expected_dn() but also sdap_object_in_domain(). This patch removes sysdb_try_to_find_expected_dn() and add new sdap_search_initgr_user_in_batch() based on sdap_object_in_domain(). This function covers necessary logic. Resolves: https://fedorahosted.org/sssd/ticket/3230 --- src/db/sysdb.h | 6 - src/db/sysdb_subdomains.c | 332 - src/providers/ldap/sdap.c | 6 +- src/providers/ldap/sdap.h | 4 + src/providers/ldap/sdap_async_initgroups.c | 28 ++- src/tests/cmocka/test_sysdb_subdomains.c | 104 - 6 files changed, 30 insertions(+), 450 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 5dedd97..3b592d6 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -1295,10 +1295,4 @@ errno_t sysdb_handle_original_uuid(const char *orig_name, struct sysdb_attrs *dest_attrs, const char *dest_name); -errno_t sysdb_try_to_find_expected_dn(struct sss_domain_info *dom, - const char *domain_component_name, - const char *ldap_search_base, - struct sysdb_attrs **usr_attrs, - size_t count, - struct sysdb_attrs **exp_usr); #endif /* __SYS_DB_H__ */ diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c index 7801404..1f43bfc 100644 --- a/src/db/sysdb_subdomains.c +++ b/src/db/sysdb_subdomains.c @@ -1144,335 +1144,3 @@ errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name) talloc_free(tmp_ctx); return ret; } - -static errno_t match_cn_users(TALLOC_CTX *tmp_ctx, - struct sysdb_attrs **usr_attrs, - size_t count, - const char *dom_basedn, - struct sysdb_attrs **_result) -{ -errno_t ret; -const char *orig_dn; -size_t dn_len; -struct sysdb_attrs *result = NULL; -const char *result_dn_str = NULL; -char *cn_users_basedn; -size_t cn_users_basedn_len; - -cn_users_basedn = talloc_asprintf(tmp_ctx, "%s%s", "cn=users,", dom_basedn); -if (cn_users_basedn == NULL) { -ret = ENOMEM; -goto done; -} -cn_users_basedn_len = strlen(cn_users_basedn); -DEBUG(SSSDBG_TRACE_ALL, "cn=users baseDN is [%s].\n", cn_users_basedn); - -for (size_t c = 0; c < count; c++) { -ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, _dn); -if (ret != EOK) { -DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n"); -goto done; -} -dn_len = strlen(orig_dn); - -if (dn_len > cn_users_basedn_len -&& strcasecmp(orig_dn + (dn_len - cn_users_basedn_len), - cn_users_basedn) == 0) { -DEBUG(SSSDBG_TRACE_ALL, - "Found matching dn [%s].\n", orig_dn); -if (result != NULL) { -DEBUG(SSSDBG_OP_FAILURE, - "Found 2 matching DN [%s] and [%s], expecting only 1.\n", - result_dn_str, orig_dn); -ret = EINVAL; -goto done; -} -result = usr_attrs[c]; -result_dn_str = orig_dn; -} -} - -ret = EOK; -done: -*_result = result; -return ret; -} - -static errno_t match_non_dc_comp(TALLOC_CTX *tmp_ctx, - struct sss_domain_info *dom, - struct sysdb_attrs **usr_attrs, - size_t count, - struct ldb_dn *ldb_basedn, - const char *basedn, - const char *domain_component_name, -
[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) lslebodn commented: """ On (23/11/16 06:19), celestian wrote: >Thanks for CR. >After pushing it is important to cherry pick #80 as well. > I do not agree. The ticket #3241 was a regression caused by #3203. This patch should fix #3203 for 1.13 I do not see a reason why we should introduce regression with the patch a fix it with other patch. I would prefer to squash patches together for 1.13 branch. LS """ See the full comment at https://github.com/SSSD/sssd/pull/39#issuecomment-262532341 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) jhrozek commented: """ For some reason the downstream tests are stuck and time out, even with known-good packages. I will keep trying but for downstream's sake I'm going to push the patch based on my manual testing. """ See the full comment at https://github.com/SSSD/sssd/pull/39#issuecomment-262530794 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#79][edited] BUILD: Drop libsss_config
URL: https://github.com/SSSD/sssd/pull/79 Author: fidencio Title: #79: BUILD: Drop libsss_config Action: edited Changed field: title Original value: """ LIBSSS_CONFIG: Drop libsss_config """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#79][-Changes requested] LIBSSS_CONFIG: Drop libsss_config
URL: https://github.com/SSSD/sssd/pull/79 Title: #79: LIBSSS_CONFIG: Drop libsss_config Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#79][comment] LIBSSS_CONFIG: Drop libsss_config
URL: https://github.com/SSSD/sssd/pull/79 Title: #79: LIBSSS_CONFIG: Drop libsss_config fidencio commented: """ Suggestion taken and changes done, thanks for the review! I've just pushed a new version of the patch. """ See the full comment at https://github.com/SSSD/sssd/pull/79#issuecomment-262529623 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#79][synchronized] LIBSSS_CONFIG: Drop libsss_config
URL: https://github.com/SSSD/sssd/pull/79 Author: fidencio Title: #79: LIBSSS_CONFIG: Drop libsss_config Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/79/head:pr79 git checkout pr79 From 367332abf2c5f50f265ea8cff9801fb792535838 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=Date: Thu, 10 Nov 2016 18:31:02 +0100 Subject: [PATCH] BUILD: Drop libsss_config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit libsss_config has been used only by OpenLMI and the project has been deprecated making, then, no sense to keep the support on SSSD. Distros that, for some reason, are still packing and distributing OpenLMI can stick to SSSD 1.14 branch. Signed-off-by: Fabiano Fidêncio --- Makefile.am | 47 -- configure.ac| 5 - contrib/ci/deps.sh | 1 - contrib/sssd.spec.in| 2 - src/external/configlib.m4 | 12 - src/external/libaugeas.m4 | 10 - src/responder/ifp/ifp_components.c | 228 src/responder/ifp/ifp_components.h | 8 - src/responder/ifp/ifp_iface.c | 3 - src/responder/ifp/ifp_iface.xml | 6 - src/responder/ifp/ifp_iface_generated.c | 45 -- src/responder/ifp/ifp_iface_generated.h | 15 - src/tests/dlopen-tests.c| 3 - src/tests/sss_config-tests.c| 884 src/util/sss_config.c | 509 -- src/util/sss_config.h | 71 --- 16 files changed, 1849 deletions(-) delete mode 100644 src/external/configlib.m4 delete mode 100644 src/external/libaugeas.m4 delete mode 100644 src/tests/sss_config-tests.c delete mode 100644 src/util/sss_config.c delete mode 100644 src/util/sss_config.h diff --git a/Makefile.am b/Makefile.am index e037930..0c7797b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -208,12 +208,6 @@ if BUILD_SSH non_interactive_check_based_tests += sysdb_ssh-tests endif -if BUILD_IFP -if BUILD_CONFIG_LIB -non_interactive_check_based_tests += sss_config-tests -endif # BUILD_CONFIG_LIB -endif # BUILD_IFP - if BUILD_DBUS_TESTS non_interactive_check_based_tests += \ sbus_tests \ @@ -604,7 +598,6 @@ dist_noinst_HEADERS = \ src/util/sss_ssh.h \ src/util/sss_ini.h \ src/util/sss_format.h \ -src/util/sss_config.h \ src/util/refcount.h \ src/util/find_uid.h \ src/util/user_info_msg.h \ @@ -1028,24 +1021,6 @@ SSSD_INTERNAL_LTLIBS = \ libsss_child.la \ $(NULL) -if BUILD_IFP -if BUILD_CONFIG_LIB -pkglib_LTLIBRARIES += libsss_config.la -libsss_config_la_SOURCES = \ -src/util/sss_config.c -libsss_config_la_CFLAGS = \ -$(AM_CFLAGS) \ -$(AUGEAS_CFLAGS) \ -$(TALLOC_CFLAGS) -libsss_config_la_LIBADD = \ -$(AUGEAS_LIBS) \ -$(TALLOC_LIBS) \ -$(SSSD_INTERNAL_LTLIBS) -libsss_config_la_LDFLAGS = \ --avoid-version -endif # BUILD_CONFIG_LIB -endif # BUILD_IFP - lib_LTLIBRARIES = libipa_hbac.la \ libsss_idmap.la \ libsss_nss_idmap.la \ @@ -1387,11 +1362,6 @@ dist_dbuspolicy_DATA = \ src/responder/ifp/org.freedesktop.sssd.infopipe.conf dist_dbusservice_DATA = \ src/responder/ifp/org.freedesktop.sssd.infopipe.service - -if BUILD_CONFIG_LIB -sssd_ifp_LDADD += libsss_config.la -endif - endif if BUILD_SECRETS @@ -2094,23 +2064,6 @@ sbus_codegen_tests_LDADD = \ endif # BUILD_DBUS_TESTS -if BUILD_IFP -if BUILD_CONFIG_LIB -sss_config_tests_SOURCES = \ -src/tests/sss_config-tests.c \ -src/tests/common.c -sss_config_tests_CFLAGS = \ -$(AM_CFLAGS) \ -$(CHECK_CFLAGS) -sss_config_tests_LDADD = \ -$(SSSD_LIBS) \ -$(CHECK_LIBS) \ -$(SSSD_INTERNAL_LTLIBS) \ -libsss_config.la \ -libsss_test_common.la -endif # BUILD_CONFIG_LIB -endif # BUILD_IFP - if HAVE_CMOCKA TEST_MOCK_RESP_OBJ = \ diff --git a/configure.ac b/configure.ac index d3ef1e1..d48f08c 100644 --- a/configure.ac +++ b/configure.ac @@ -195,7 +195,6 @@ m4_include([src/external/signal.m4]) m4_include([src/external/inotify.m4]) m4_include([src/external/samba.m4]) m4_include([src/external/sasl.m4]) -m4_include([src/external/configlib.m4]) m4_include([src/external/libnfsidmap.m4]) m4_include([src/external/cwrap.m4]) m4_include([src/external/libresolv.m4]) @@ -208,10 +207,6 @@ if test x$with_secrets = xyes; then m4_include([src/external/libjansson.m4]) fi -if test x$build_config_lib = xyes; then -m4_include([src/external/libaugeas.m4]) -fi - WITH_UNICODE_LIB if test x$unicode_lib = xlibunistring; then m4_include([src/external/libunistring.m4]) diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh index 9a7098c..387ad1f 100644 --- a/contrib/ci/deps.sh +++ b/contrib/ci/deps.sh @@ -69,7 +69,6 @@ if [[
[SSSD] [sssd PR#66][comment] Minor Dynamic DNS fixes
URL: https://github.com/SSSD/sssd/pull/66 Title: #66: Minor Dynamic DNS fixes jhrozek commented: """ On Wed, Nov 23, 2016 at 06:05:10AM -0800, lslebodn wrote: > @jhrozek Do you pan to review the patch? Feel free to take over the review, I'm currently busy with other work. """ See the full comment at https://github.com/SSSD/sssd/pull/66#issuecomment-262529286 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#46][comment] sss_client: Defer thread cancellation until completion of nss/pam operations
URL: https://github.com/SSSD/sssd/pull/46 Title: #46: sss_client: Defer thread cancellation until completion of nss/pam operations sumit-bose commented: """ I'm fine with the patch as well. Shall I re-run the test with the original reproducer or did you already run it? """ See the full comment at https://github.com/SSSD/sssd/pull/46#issuecomment-262525503 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#39][comment] RESPONDER: Enable sudoRule in case insen. domains (1.13)
URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13) celestian commented: """ Thanks for CR. After pushing it is important to cherry pick #80 as well. """ See the full comment at https://github.com/SSSD/sssd/pull/39#issuecomment-262524310 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#66][comment] Minor Dynamic DNS fixes
URL: https://github.com/SSSD/sssd/pull/66 Title: #66: Minor Dynamic DNS fixes lslebodn commented: """ @jhrozek Do you pan to review the patch? """ See the full comment at https://github.com/SSSD/sssd/pull/66#issuecomment-262520613 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#46][comment] sss_client: Defer thread cancellation until completion of nss/pam operations
URL: https://github.com/SSSD/sssd/pull/46 Title: #46: sss_client: Defer thread cancellation until completion of nss/pam operations lslebodn commented: """ I asked Florian on IRC and he is fine with the last version. @sumit-bose do you have other comments; can we push it? """ See the full comment at https://github.com/SSSD/sssd/pull/46#issuecomment-262520348 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#79][+Changes requested] LIBSSS_CONFIG: Drop libsss_config
URL: https://github.com/SSSD/sssd/pull/79 Title: #79: LIBSSS_CONFIG: Drop libsss_config Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#79][comment] LIBSSS_CONFIG: Drop libsss_config
URL: https://github.com/SSSD/sssd/pull/79 Title: #79: LIBSSS_CONFIG: Drop libsss_config lslebodn commented: """ There is a tiny conflict due to change in `src/external/configlib.m4` There is also typo in commit message `lib_config` and IMHO it might be better to use "BUILD" as a component in commit title rather then `LIBSSS_CONFIG`. I think you also forgot to remove methods from `src/responder/ifp/ifp_iface.xml` which is used for generating C code. """ See the full comment at https://github.com/SSSD/sssd/pull/79#issuecomment-262518170 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] Re: trac cleanup of the patches welcome milestone
On Thu, Nov 17, 2016 at 12:23:24PM +0100, Jakub Hrozek wrote: > Hi, > > as we're planning what exactly are we going to work on in the next release > and also preparing to move away from fedorahosted, I think it makes sense > to clean up our Trac. The intent is to make our trac better searchable > and reduce clutter. > > First, I went through the Patches Welcome milestone and marked tickets > that in my opinion should be just closed: > https://fedorahosted.org/sssd/report/35 > > These are tickets that either talk about enhancements to the local > provider, do not have any useful information (example: a crash in the > version we shipped in RHEL-6.1) or were simply filed as an idea many > years ago but since then nobody stepped up to work on this ticket and > nebody requested this work again, so the assumption is that nobody > really needs that work. > > Feel free to go through this list and push back if you disagree. For > tickets where nobody complains about closing them, I will close them in > a week from now. If somebody will disagree about closing these tickets, > we can always reopen them.. One last call for anyone who would like to push back on some tickets before I close them tomorrow and start cleaning up the 'future releases' milestone. ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#83][-Changes requested] TESTS: Check new line at end of file
URL: https://github.com/SSSD/sssd/pull/83 Title: #83: TESTS: Check new line at end of file Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#83][closed] TESTS: Check new line at end of file
URL: https://github.com/SSSD/sssd/pull/83 Author: lslebodn Title: #83: TESTS: Check new line at end of file Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/83/head:pr83 git checkout pr83 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#83][+Pushed] TESTS: Check new line at end of file
URL: https://github.com/SSSD/sssd/pull/83 Title: #83: TESTS: Check new line at end of file Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#83][comment] TESTS: Check new line at end of file
URL: https://github.com/SSSD/sssd/pull/83 Title: #83: TESTS: Check new line at end of file lslebodn commented: """ On (22/11/16 08:16), Nikolai Kondrashov wrote: >Looks good to me! > * 900778b5afd0143005cfd40cc67ad5086481f7ee LS """ See the full comment at https://github.com/SSSD/sssd/pull/83#issuecomment-262501226 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#80][+Pushed] SYSDB: Fixing of sudorule without a sudoUser
URL: https://github.com/SSSD/sssd/pull/80 Title: #80: SYSDB: Fixing of sudorule without a sudoUser Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#80][comment] SYSDB: Fixing of sudorule without a sudoUser
URL: https://github.com/SSSD/sssd/pull/80 Title: #80: SYSDB: Fixing of sudorule without a sudoUser lslebodn commented: """ master: * 7e23edbaa7a6bbd0b461d5792535896b6a77928b sssd-1-14: * 54f176066dafafdc12f6e0dd112ff6339308aa7c """ See the full comment at https://github.com/SSSD/sssd/pull/80#issuecomment-262499125 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#80][closed] SYSDB: Fixing of sudorule without a sudoUser
URL: https://github.com/SSSD/sssd/pull/80 Author: celestian Title: #80: SYSDB: Fixing of sudorule without a sudoUser Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/80/head:pr80 git checkout pr80 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org