[SSSD] [sssd PR#230][comment] Failure to filter out AD subdomain with flatname is used

2017-04-07 Thread sumit-bose 
  URL: https://github.com/SSSD/sssd/pull/230
Title: #230: Failure to filter out AD subdomain with flatname is used

sumit-bose commented:
"""
ok to test
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/230#issuecomment-292633506
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#230][comment] Failure to filter out AD subdomain with flatname is used

2017-04-07 Thread centos-ci 
  URL: https://github.com/SSSD/sssd/pull/230
Title: #230: Failure to filter out AD subdomain with flatname is used

centos-ci commented:
"""
Can one of the admins verify this patch?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/230#issuecomment-292632656
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#230][comment] Failure to filter out AD subdomain with flatname is used

2017-04-07 Thread centos-ci 
  URL: https://github.com/SSSD/sssd/pull/230
Title: #230: Failure to filter out AD subdomain with flatname is used

centos-ci commented:
"""
Can one of the admins verify this patch?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/230#issuecomment-292632653
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#230][opened] Failure to filter out AD subdomain with flatname is used

2017-04-07 Thread justin-stephenson 
   URL: https://github.com/SSSD/sssd/pull/230
Author: justin-stephenson
 Title: #230: Failure to filter out AD subdomain with flatname is used
Action: opened

PR body:
"""
Ticket: https://pagure.io/SSSD/sssd/issue/3365

SSSD fails to filter out the child domain it is connected to when domain 
flatname is used instead of fully qualified domain name in `sssd.conf`, this 
leads to creation of an empty subdomain.

After the patch, no duplicate subdomain is created. Tested by performing `id` 
against user in connected-to child domain(used 2 AD domains:root and child for 
this). 

```
  [sssm_ad_subdomains_init] (0x2000): Initializing AD subdomains handler
  [new_subdomain] (0x0400): Creating [AD.JSTEPHEN] as subdomain of [winchld]!
  [ad_subdomains_process] (0x0400): Enabling subdomain WINCHLD.AD.JSTEPHEN
  [ad_subdomains_process] (0x2000): Not including primary domain winchld in the 
subdomain list
  [ad_subdomains_refresh_done] (0x0400): Subdomains refreshed.
```

I wrote a test for this but I may have gotten some talloc heirarchy incorrect 
so please let me know if there is a problem to fix here.
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/230/head:pr230
git checkout pr230
From b42cf6446620315c8251447c4061336957fb17e9 Mon Sep 17 00:00:00 2001
From: Justin Stephenson 
Date: Wed, 5 Apr 2017 13:04:08 -0400
Subject: [PATCH 1/2] AD: Add subdomain name comparison to realm

When SSSD is connected to an AD child or subdomain, the subdomain will
not be filtered out if only the domain flatname/shortname is provided in
sssd.conf. Add a subdomain name comparison to the domain realm to fix
this problem.

Resolves:
https://pagure.io/SSSD/sssd/issue/3365
---
 src/providers/ad/ad_subdomains.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index bc659b2..a73d9e3 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -562,7 +562,8 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx,
 DEBUG(SSSDBG_TRACE_FUNC, "Enabling subdomain %s\n", sd_name);
 }
 
-if (strcasecmp(sd_name, domain->name) == 0) {
+if ((strcasecmp(sd_name, domain->name) == 0) ||
+(strcasecmp(sd_name, domain->realm) == 0)) {
 DEBUG(SSSDBG_TRACE_INTERNAL,
   "Not including primary domain %s in the subdomain list\n",
   domain->name);

From 600834a61fe81b6a887e09bd1a9dab7acc514061 Mon Sep 17 00:00:00 2001
From: Justin Stephenson 
Date: Thu, 6 Apr 2017 09:06:37 -0400
Subject: [PATCH 2/2] TESTS: Test AD subdomain filter behavior

Test added to validate number of AD subdomains created during subdomain
processing, specifically when connected to AD child domain and flatname
is provided as the domain name in config file.

https://pagure.io/SSSD/sssd/issue/3365
---
 src/tests/cmocka/test_ad_subdomains.c | 54 +++
 1 file changed, 54 insertions(+)

diff --git a/src/tests/cmocka/test_ad_subdomains.c b/src/tests/cmocka/test_ad_subdomains.c
index 99908b5..00784e5 100644
--- a/src/tests/cmocka/test_ad_subdomains.c
+++ b/src/tests/cmocka/test_ad_subdomains.c
@@ -42,9 +42,13 @@
 #define AD_DOMAIN "ad_domain.domain.test"
 #define DOMAIN_1 "one.domain.test"
 #define DOMAIN_2 "two.domain.test"
+#define EXAMPLE_ROOT_DOM "EXAMPLE.COM"
+#define EXAMPLE_CHILD_DOM "WINCHILD.EXAMPLE.COM"
+#define EXAMPLE_CHILD_FLATNAME "winchild"
 
 struct test_ad_subdom_ctx {
 struct ad_id_ctx *ad_id_ctx;
+struct sss_domain_info *dom;
 };
 
 static struct ad_id_ctx *
@@ -80,6 +84,9 @@ static int test_ad_subdom_setup(void **state)
 test_ctx = talloc_zero(global_talloc_context, struct test_ad_subdom_ctx);
 assert_non_null(test_ctx);
 
+test_ctx->dom = talloc_zero(test_ctx, struct sss_domain_info);
+assert_non_null(test_ctx->dom);
+
 test_ctx->ad_id_ctx = NULL;
 
 check_leaks_push(test_ctx);
@@ -273,6 +280,50 @@ static void test_ad_subdom_add_two_with_master(void **state)
 talloc_zfree(ad_enabled_domains);
 }
 
+static void test_ad_subdom_exclude_child_flatname(void **state)
+{
+struct test_ad_subdom_ctx *test_ctx;
+const char **enabled_domains_list = NULL;
+errno_t ret;
+size_t orig_subdoms = 1;
+struct sysdb_attrs *sd_attrs;
+struct sysdb_attrs **sd;
+struct sysdb_attrs *root;
+size_t nsubdoms;
+size_t expected_subdoms = 1;
+struct sysdb_attrs **subdoms;
+
+test_ctx = talloc_get_type(*state, struct test_ad_subdom_ctx);
+
+test_ctx->dom->name = discard_const(EXAMPLE_CHILD_FLATNAME);
+test_ctx->dom->realm = discard_const(EXAMPLE_CHILD_DOM);
+
+sd_attrs = sysdb_new_attrs(test_ctx);
+assert_non_null(sd_attrs);
+
+ret = sysdb_attrs_add_string(sd_attrs, AD_AT_TRUST_PARTNER, EXAMPLE_CHILD_DOM);
+assert_int_equal(ret, EOK);
+
+sd = _attrs;
+
+

[SSSD] [sssd PR#227][comment] CONFDB: Fix handling of enable_files_domain

2017-04-07 Thread mzidek-rh 
  URL: https://github.com/SSSD/sssd/pull/227
Title: #227: CONFDB: Fix handling of enable_files_domain

mzidek-rh commented:
"""
Oh, I did not notice, you posted CI results before. It is an ACK then.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/227#issuecomment-292614149
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#227][+Accepted] CONFDB: Fix handling of enable_files_domain

2017-04-07 Thread mzidek-rh 
  URL: https://github.com/SSSD/sssd/pull/227
Title: #227: CONFDB: Fix handling of enable_files_domain

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#227][comment] CONFDB: Fix handling of enable_files_domain

2017-04-07 Thread mzidek-rh 
  URL: https://github.com/SSSD/sssd/pull/227
Title: #227: CONFDB: Fix handling of enable_files_domain

mzidek-rh commented:
"""
LGTM. I tested with both --enable/disable-files domain and true/false 
enable_files_domain in sssd.conf. I will give you an ack when CI finishes.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/227#issuecomment-292613950
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#191][comment] Few spec file fixes

2017-04-07 Thread lslebodn 
  URL: https://github.com/SSSD/sssd/pull/191
Title: #191: Few spec file fixes

lslebodn commented:
"""
http://sssd-ci.duckdns.org/logs/job/67/57/summary.html
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/191#issuecomment-292553972
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#191][comment] Few spec file fixes

2017-04-07 Thread lslebodn 
  URL: https://github.com/SSSD/sssd/pull/191
Title: #191: Few spec file fixes

lslebodn commented:
"""
Patches were updated due to sssd-kcm and libsss_certmap.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/191#issuecomment-292531702
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#191][synchronized] Few spec file fixes

2017-04-07 Thread lslebodn 
   URL: https://github.com/SSSD/sssd/pull/191
Author: lslebodn
 Title: #191: Few spec file fixes
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/191/head:pr191
git checkout pr191
From 4c6abde3021ae62dab20139ad26bcbc2956d8fd6 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Fri, 10 Mar 2017 13:06:42 +0100
Subject: [PATCH 01/13] SPEC: Update processing of translation in %install

---
 contrib/sssd.spec.in | 26 ++
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 39a974e..d92de10 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -794,11 +794,10 @@ done
 %endif
 
 touch sssd.lang
-touch sssd_tools.lang
-touch sssd_client.lang
-for provider in ldap krb5 ipa ad proxy
+for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
+  sssd_client
 do
-touch sssd_$provider.lang
+touch $subpackage.lang
 done
 
 for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`
@@ -838,6 +837,25 @@ do
 esac
 done
 
+# Print these to the rpmbuild log
+echo "sssd.lang:"
+cat sssd.lang
+
+echo "python2_sssdconfig.lang:"
+cat python2_sssdconfig.lang
+
+%if (0%{?with_python3} == 1)
+echo "python3_sssdconfig.lang:"
+cat python3_sssdconfig.lang
+%endif
+
+for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
+  sssd_client
+do
+echo "$subpackage.lang:"
+cat $subpackage.lang
+done
+
 %files
 %defattr(-,root,root,-)
 %doc COPYING

From a441ecad10b97632b2b1e5e76a4a1c4054cb492f Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Fri, 10 Mar 2017 12:49:40 +0100
Subject: [PATCH 02/13] SPEC: Move systemd service sssd-ifp.service to right
 package

Explanation

Resolves:
https://pagure.io/SSSD/sssd/issue/
---
 contrib/sssd.spec.in | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index d92de10..515714d 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -869,7 +869,6 @@ done
 %{_unitdir}/sssd.service
 %{_unitdir}/sssd-autofs.socket
 %{_unitdir}/sssd-autofs.service
-%{_unitdir}/sssd-ifp.service
 %{_unitdir}/sssd-nss.socket
 %{_unitdir}/sssd-nss.service
 %{_unitdir}/sssd-pac.socket
@@ -1035,6 +1034,9 @@ done
 %doc COPYING
 %{_libexecdir}/%{servicename}/sssd_ifp
 %{_mandir}/man5/sssd-ifp.5*
+%if (0%{?use_systemd} == 1)
+%{_unitdir}/sssd-ifp.service
+%endif
 # InfoPipe DBus plumbing
 %{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
 %{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service

From 101c3a4eb441b8b620e67e13b4ee93deaf5bf957 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Fri, 10 Mar 2017 12:55:39 +0100
Subject: [PATCH 03/13] SPEC: Add missing scriptlets for package sssd-dbus

---
 contrib/sssd.spec.in | 9 +
 1 file changed, 9 insertions(+)

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 515714d..bb535ea 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -1291,6 +1291,15 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
 %systemd_postun_with_restart sssd-sudo.socket
 %systemd_postun_with_restart sssd-sudo.service
 
+%post dbus
+%systemd_post sssd-ifp.service
+
+%preun dbus
+%systemd_preun sssd-ifp.service
+
+%postun dbus
+%systemd_postun_with_restart sssd-ifp.service
+
 %else
 # sysv
 %post common

From 5d35797b766a38c6e0cb182c369110c50be39a7b Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Fri, 10 Mar 2017 13:13:35 +0100
Subject: [PATCH 04/13] SPEC: Use correct package for translated sssd-ifp man
 page

Resolves:
https://pagure.io/SSSD/sssd/issue/3327
---
 contrib/sssd.spec.in | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index bb535ea..8bf366f 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -795,7 +795,7 @@ done
 
 touch sssd.lang
 for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
-  sssd_client
+  sssd_client sssd_dbus
 do
 touch $subpackage.lang
 done
@@ -831,6 +831,9 @@ do
 sssd-proxy*)
 echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang
 ;;
+sssd-ifp*)
+echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_dbus.lang
+;;
 *)
 echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
 ;;
@@ -850,7 +853,7 @@ cat python3_sssdconfig.lang
 %endif
 
 for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
-  sssd_client
+  sssd_client sssd_dbus
 do
 echo "$subpackage.lang:"
 cat $subpackage.lang
@@ -1029,7 +1032,7 @@ done

[SSSD] [sssd PR#200][comment] Improve PAM test client

2017-04-07 Thread sumit-bose 
  URL: https://github.com/SSSD/sssd/pull/200
Title: #200: Improve PAM test client

sumit-bose commented:
"""
Thank you for the review, all your suggestions are included in the latest 
update. To really make use of gettext I added the sssctl source files to 
POTFILES.in in a new patch.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/200#issuecomment-292523343
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#200][synchronized] Improve PAM test client

2017-04-07 Thread sumit-bose 
   URL: https://github.com/SSSD/sssd/pull/200
Author: sumit-bose
 Title: #200: Improve PAM test client
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/200/head:pr200
git checkout pr200
From 0c34e0ed7a0f10bfb4e4dc9fef433105a8d1676f Mon Sep 17 00:00:00 2001
From: Sumit Bose 
Date: Tue, 24 Jan 2017 14:50:20 +0100
Subject: [PATCH 1/7] pam_test_client: add service and environment to PAM test
 client

Related to https://pagure.io/SSSD/sssd/issue/3292
---
 src/sss_client/pam_test_client.c | 51 ++--
 1 file changed, 39 insertions(+), 12 deletions(-)

diff --git a/src/sss_client/pam_test_client.c b/src/sss_client/pam_test_client.c
index 29d1fcb..edd5e0c 100644
--- a/src/sss_client/pam_test_client.c
+++ b/src/sss_client/pam_test_client.c
@@ -48,34 +48,44 @@ static struct pam_conv conv = {
 # error "Missing text based pam conversation function"
 #endif
 
+#define DEFAULT_ACTION "acct"
+#define DEFAULT_SERVICE "system-auth"
+
 int main(int argc, char *argv[]) {
 
 pam_handle_t *pamh;
 char *user;
 char *action;
+char *service;
 int ret;
+size_t c;
+char **pam_env;
 
 if (argc == 1) {
-fprintf(stderr, "missing action and user name, using default\n");
-action = strdup("auth");
-user = strdup("dummy");
+fprintf(stderr, "Usage: pam_test_client USERNAME "
+"[auth|acct|setc|chau|open|clos] [pam_service]\n");
+return 0;
 } else if (argc == 2) {
-fprintf(stdout, "using first argument as action and default user name\n");
-action = strdup(argv[1]);
-user = strdup("dummy");
-} else {
-action = strdup(argv[1]);
-user = strdup(argv[2]);
+fprintf(stderr,"using first argument as user name and default action "
+   "and service\n");
+} else if (argc == 3) {
+fprintf(stderr, "using first argument as user name, second as action "
+"and default service\n");
 }
 
-if (action == NULL || user == NULL) {
+user = strdup(argv[1]);
+action =  argc > 2 ? strdup(argv[2]) : strdup(DEFAULT_ACTION);
+service = argc > 3 ? strdup(argv[3]) : strdup(DEFAULT_SERVICE);
+
+if (action == NULL || user == NULL || service == NULL) {
 fprintf(stderr, "Out of memory!\n");
 return 1;
 }
 
-fprintf(stdout, "action: %s\nuser: %s\n", action,user);
+fprintf(stdout, "user: %s\naction: %s\nservice: %s\n",
+user, action, service);
 
-ret = pam_start("sss_test", user, , );
+ret = pam_start(service, user, , );
 if (ret != PAM_SUCCESS) {
 fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, ret));
 return 1;
@@ -109,7 +119,24 @@ int main(int argc, char *argv[]) {
 fprintf(stderr, "unknown action\n");
 }
 
+fprintf(stderr, "PAM Environment:\n");
+pam_env = pam_getenvlist(pamh);
+if (pam_env != NULL && pam_env[0] != NULL) {
+for (c = 0; pam_env[c] != NULL; c++) {
+fprintf(stderr," - %s\n", pam_env[c]);
+free(pam_env[c]);
+}
+} else {
+fprintf(stderr," - no env -\n");
+}
+free(pam_env);
+
+
 pam_end(pamh, ret);
 
+free(user);
+free(action);
+free(service);
+
 return 0;
 }

From 9d1519e3ddb868ea022df219ee3bae01a4a8d7e4 Mon Sep 17 00:00:00 2001
From: Sumit Bose 
Date: Wed, 25 Jan 2017 16:50:00 +0100
Subject: [PATCH 2/7] pam_test_client: add SSSD getpwnam lookup

Related to https://pagure.io/SSSD/sssd/issue/3292
---
 Makefile.am  | 10 --
 src/sss_client/pam_test_client.c | 75 
 2 files changed, 83 insertions(+), 2 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index d45c0ff..7aca5b8 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3461,8 +3461,14 @@ if BUILD_WITH_LIBCURL
 noinst_PROGRAMS += tcurl-test-tool
 endif
 
-pam_test_client_SOURCES = src/sss_client/pam_test_client.c
-pam_test_client_LDADD = $(PAM_LIBS) $(PAM_MISC_LIBS)
+pam_test_client_SOURCES = \
+src/sss_client/pam_test_client.c \
+$(NULL)
+pam_test_client_LDADD = \
+$(PAM_LIBS) \
+$(PAM_MISC_LIBS) \
+$(LIBADD_DL) \
+$(NULL)
 
 if BUILD_AUTOFS
 autofs_test_client_SOURCES = \
diff --git a/src/sss_client/pam_test_client.c b/src/sss_client/pam_test_client.c
index edd5e0c..2b2c607 100644
--- a/src/sss_client/pam_test_client.c
+++ b/src/sss_client/pam_test_client.c
@@ -25,6 +25,11 @@
 #include 
 #include 
 #include 
+#include 
+#include 
+#include 
+#include 
+#include 
 
 #include 
 
@@ -51,6 +56,69 @@ static struct pam_conv conv = {
 #define DEFAULT_ACTION "acct"
 #define DEFAULT_SERVICE "system-auth"
 
+#define DEFAULT_BUFSIZE 4096
+
+static int sss_getpwnam_check(const char *user)
+{
+void *dl_handle = NULL;
+enum nss_status (*getpwnam_r)(const char *name, struct

[SSSD] [sssd PR#200][synchronized] Improve PAM test client

2017-04-07 Thread sumit-bose 
   URL: https://github.com/SSSD/sssd/pull/200
Author: sumit-bose
 Title: #200: Improve PAM test client
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/200/head:pr200
git checkout pr200
From 0c34e0ed7a0f10bfb4e4dc9fef433105a8d1676f Mon Sep 17 00:00:00 2001
From: Sumit Bose 
Date: Tue, 24 Jan 2017 14:50:20 +0100
Subject: [PATCH 1/8] pam_test_client: add service and environment to PAM test
 client

Related to https://pagure.io/SSSD/sssd/issue/3292
---
 src/sss_client/pam_test_client.c | 51 ++--
 1 file changed, 39 insertions(+), 12 deletions(-)

diff --git a/src/sss_client/pam_test_client.c b/src/sss_client/pam_test_client.c
index 29d1fcb..edd5e0c 100644
--- a/src/sss_client/pam_test_client.c
+++ b/src/sss_client/pam_test_client.c
@@ -48,34 +48,44 @@ static struct pam_conv conv = {
 # error "Missing text based pam conversation function"
 #endif
 
+#define DEFAULT_ACTION "acct"
+#define DEFAULT_SERVICE "system-auth"
+
 int main(int argc, char *argv[]) {
 
 pam_handle_t *pamh;
 char *user;
 char *action;
+char *service;
 int ret;
+size_t c;
+char **pam_env;
 
 if (argc == 1) {
-fprintf(stderr, "missing action and user name, using default\n");
-action = strdup("auth");
-user = strdup("dummy");
+fprintf(stderr, "Usage: pam_test_client USERNAME "
+"[auth|acct|setc|chau|open|clos] [pam_service]\n");
+return 0;
 } else if (argc == 2) {
-fprintf(stdout, "using first argument as action and default user name\n");
-action = strdup(argv[1]);
-user = strdup("dummy");
-} else {
-action = strdup(argv[1]);
-user = strdup(argv[2]);
+fprintf(stderr,"using first argument as user name and default action "
+   "and service\n");
+} else if (argc == 3) {
+fprintf(stderr, "using first argument as user name, second as action "
+"and default service\n");
 }
 
-if (action == NULL || user == NULL) {
+user = strdup(argv[1]);
+action =  argc > 2 ? strdup(argv[2]) : strdup(DEFAULT_ACTION);
+service = argc > 3 ? strdup(argv[3]) : strdup(DEFAULT_SERVICE);
+
+if (action == NULL || user == NULL || service == NULL) {
 fprintf(stderr, "Out of memory!\n");
 return 1;
 }
 
-fprintf(stdout, "action: %s\nuser: %s\n", action,user);
+fprintf(stdout, "user: %s\naction: %s\nservice: %s\n",
+user, action, service);
 
-ret = pam_start("sss_test", user, , );
+ret = pam_start(service, user, , );
 if (ret != PAM_SUCCESS) {
 fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, ret));
 return 1;
@@ -109,7 +119,24 @@ int main(int argc, char *argv[]) {
 fprintf(stderr, "unknown action\n");
 }
 
+fprintf(stderr, "PAM Environment:\n");
+pam_env = pam_getenvlist(pamh);
+if (pam_env != NULL && pam_env[0] != NULL) {
+for (c = 0; pam_env[c] != NULL; c++) {
+fprintf(stderr," - %s\n", pam_env[c]);
+free(pam_env[c]);
+}
+} else {
+fprintf(stderr," - no env -\n");
+}
+free(pam_env);
+
+
 pam_end(pamh, ret);
 
+free(user);
+free(action);
+free(service);
+
 return 0;
 }

From 9d1519e3ddb868ea022df219ee3bae01a4a8d7e4 Mon Sep 17 00:00:00 2001
From: Sumit Bose 
Date: Wed, 25 Jan 2017 16:50:00 +0100
Subject: [PATCH 2/8] pam_test_client: add SSSD getpwnam lookup

Related to https://pagure.io/SSSD/sssd/issue/3292
---
 Makefile.am  | 10 --
 src/sss_client/pam_test_client.c | 75 
 2 files changed, 83 insertions(+), 2 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index d45c0ff..7aca5b8 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3461,8 +3461,14 @@ if BUILD_WITH_LIBCURL
 noinst_PROGRAMS += tcurl-test-tool
 endif
 
-pam_test_client_SOURCES = src/sss_client/pam_test_client.c
-pam_test_client_LDADD = $(PAM_LIBS) $(PAM_MISC_LIBS)
+pam_test_client_SOURCES = \
+src/sss_client/pam_test_client.c \
+$(NULL)
+pam_test_client_LDADD = \
+$(PAM_LIBS) \
+$(PAM_MISC_LIBS) \
+$(LIBADD_DL) \
+$(NULL)
 
 if BUILD_AUTOFS
 autofs_test_client_SOURCES = \
diff --git a/src/sss_client/pam_test_client.c b/src/sss_client/pam_test_client.c
index edd5e0c..2b2c607 100644
--- a/src/sss_client/pam_test_client.c
+++ b/src/sss_client/pam_test_client.c
@@ -25,6 +25,11 @@
 #include 
 #include 
 #include 
+#include 
+#include 
+#include 
+#include 
+#include 
 
 #include 
 
@@ -51,6 +56,69 @@ static struct pam_conv conv = {
 #define DEFAULT_ACTION "acct"
 #define DEFAULT_SERVICE "system-auth"
 
+#define DEFAULT_BUFSIZE 4096
+
+static int sss_getpwnam_check(const char *user)
+{
+void *dl_handle = NULL;
+enum nss_status (*getpwnam_r)(const char *name, struct

[SSSD] Re: WIP design page: Subdomain configuration

2017-04-07 Thread Jakub Hrozek 
On Fri, Apr 07, 2017 at 12:56:56PM +0200, Michal Židek wrote:
> On 04/07/2017 08:51 AM, Jakub Hrozek wrote:
> > On Mon, Jan 16, 2017 at 03:35:11PM +0100, Michal Židek wrote:
> > > Hi,
> > > 
> > > I started working on the design page for subdomain
> > > configuration in server mode. It is located here:
> > > https://fedorahosted.org/sssd/wiki/DesignDocs/SubdomConf
> > > 
> > > The implementation details and how to debug sections will
> > > be added later.
> > > 
> > > For now, the design page is short but should at least set the
> > > proper expectations for the feature. Please tell me if you think
> > > something is unclear.
> > > 
> > > I will add more to the page soon.
> > 
> > Hi,
> > 
> > I moved the design page to pagure docs:
> > 
> > https://docs.pagure.org/SSSD.sssd/design_pages/subdomain_configuration.html
> > 
> > and did a little cleanup (I added short implementation section and
> > expanded the examples in the how to test section, mostly)
> > 
> > Please let me know (or send a PR) if there's anything wrong or missing.
> 
> Thank you for moving the page. I sent one tiny PR to fix a typo I
> noticed.
> 
> Michal

Thanks, merged

(btw pagure++ for merging by applying patches atop origin/master instead
of the horrible way github does with merge commits..)
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: WIP design page: Subdomain configuration

2017-04-07 Thread Michal Židek 

On 04/07/2017 08:51 AM, Jakub Hrozek wrote:

On Mon, Jan 16, 2017 at 03:35:11PM +0100, Michal Židek wrote:

Hi,

I started working on the design page for subdomain
configuration in server mode. It is located here:
https://fedorahosted.org/sssd/wiki/DesignDocs/SubdomConf

The implementation details and how to debug sections will
be added later.

For now, the design page is short but should at least set the
proper expectations for the feature. Please tell me if you think
something is unclear.

I will add more to the page soon.


Hi,

I moved the design page to pagure docs:
https://docs.pagure.org/SSSD.sssd/design_pages/subdomain_configuration.html

and did a little cleanup (I added short implementation section and
expanded the examples in the how to test section, mostly)

Please let me know (or send a PR) if there's anything wrong or missing.


Thank you for moving the page. I sent one tiny PR to fix a typo I
noticed.

Michal
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: [Freeipa-devel] [RFC] Matching and Mapping Certificates

2017-04-07 Thread Sumit Bose 
On Fri, Apr 07, 2017 at 10:38:55AM +0200, Jakub Hrozek wrote:
> On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> > Hi,
> > 
> > I've started to write a SSSD design page about enhancing the current
> > mapping of certificates to users and how to select/match a suitable
> > certificate if multiple certificates are on a Smartcard.
> > 
> > My currently thoughts and idea and be found at
> > https://fedorahosted.org/sssd/wiki/DesignDocs/MatchingAndMappingCertificates
> > and for your convenience below as well.
> > 
> > Comments and suggestions are welcome. Please let me know about concerns,
> > alternatives and missing use-cases/user-stories.
> > 
> > bye,
> > Sumit
> 
> I converted the page to pagure markdown:
> 
> https://docs.pagure.org/SSSD.sssd/design_pages/matching_and_mapping_certificates.html
> 
> There are no changes to the content except for fixing typos.

Thank you for doing the conversion and fixing the typos. I will now
update the page to reflect the current state of the code.

bye,
Sumit
> 
> -- 
> Manage your subscription for the Freeipa-devel mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#200][comment] Improve PAM test client

2017-04-07 Thread pbrezina 
  URL: https://github.com/SSSD/sssd/pull/200
Title: #200: Improve PAM test client

pbrezina commented:
"""
And maybe a little cosmetic stuff, can we add some empty lines to easier 
differentiate output blocks?

```
user: user-1
action: auth
service: system-auth
SSSD nss user lookup result:
 - user name: user-1
 - user id: 10001
 - group id: 10001
 - gecos: user-1
 - home directory: /home/user-1
 - shell: 
SSSD InfoPipe user lookup result:
 - name: user-1
 - uidNumber: 10001
 - gidNumber: 10001
 - gecos: user-1
 - homeDirectory: /home/user-1
 - loginShell: 
testing pam_authenticate
Password: 
pam_authenticate: Authentication failure
PAM Environment:
 - no env -
```
==>
```
user: user-1
action: auth
service: system-auth

SSSD nss user lookup result:
 - user name: user-1
 - user id: 10001
 - group id: 10001
 - gecos: user-1
 - home directory: /home/user-1
 - shell: 

SSSD InfoPipe user lookup result:
 - name: user-1
 - uidNumber: 10001
 - gidNumber: 10001
 - gecos: user-1
 - homeDirectory: /home/user-1
 - loginShell: 

testing pam_authenticate

Password: 
pam_authenticate: Authentication failure

PAM Environment:
 - no env -
```

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/200#issuecomment-292478501
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#200][comment] Improve PAM test client

2017-04-07 Thread pbrezina 
  URL: https://github.com/SSSD/sssd/pull/200
Title: #200: Improve PAM test client

pbrezina commented:
"""
Patches looks good, I have only one comment: we should use gettext when 
printing messages to user.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/200#issuecomment-292477580
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: [RFC] Matching and Mapping Certificates

2017-04-07 Thread Jakub Hrozek 
On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> Hi,
> 
> I've started to write a SSSD design page about enhancing the current
> mapping of certificates to users and how to select/match a suitable
> certificate if multiple certificates are on a Smartcard.
> 
> My currently thoughts and idea and be found at
> https://fedorahosted.org/sssd/wiki/DesignDocs/MatchingAndMappingCertificates
> and for your convenience below as well.
> 
> Comments and suggestions are welcome. Please let me know about concerns,
> alternatives and missing use-cases/user-stories.
> 
> bye,
> Sumit

I converted the page to pagure markdown:

https://docs.pagure.org/SSSD.sssd/design_pages/matching_and_mapping_certificates.html

There are no changes to the content except for fixing typos.
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: WIP design page: Subdomain configuration

2017-04-07 Thread Jakub Hrozek 
On Mon, Jan 16, 2017 at 03:35:11PM +0100, Michal Židek wrote:
> Hi,
> 
> I started working on the design page for subdomain
> configuration in server mode. It is located here:
> https://fedorahosted.org/sssd/wiki/DesignDocs/SubdomConf
> 
> The implementation details and how to debug sections will
> be added later.
> 
> For now, the design page is short but should at least set the
> proper expectations for the feature. Please tell me if you think
> something is unclear.
> 
> I will add more to the page soon.

Hi,

I moved the design page to pagure docs:
https://docs.pagure.org/SSSD.sssd/design_pages/subdomain_configuration.html

and did a little cleanup (I added short implementation section and
expanded the examples in the how to test section, mostly)

Please let me know (or send a PR) if there's anything wrong or missing.
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org