[SSSD] [sssd PR#230][comment] Failure to filter out AD subdomain with flatname is used
URL: https://github.com/SSSD/sssd/pull/230 Title: #230: Failure to filter out AD subdomain with flatname is used sumit-bose commented: """ ok to test """ See the full comment at https://github.com/SSSD/sssd/pull/230#issuecomment-292633506 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#230][comment] Failure to filter out AD subdomain with flatname is used
URL: https://github.com/SSSD/sssd/pull/230 Title: #230: Failure to filter out AD subdomain with flatname is used centos-ci commented: """ Can one of the admins verify this patch? """ See the full comment at https://github.com/SSSD/sssd/pull/230#issuecomment-292632656 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#230][comment] Failure to filter out AD subdomain with flatname is used
URL: https://github.com/SSSD/sssd/pull/230 Title: #230: Failure to filter out AD subdomain with flatname is used centos-ci commented: """ Can one of the admins verify this patch? """ See the full comment at https://github.com/SSSD/sssd/pull/230#issuecomment-292632653 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#230][opened] Failure to filter out AD subdomain with flatname is used
URL: https://github.com/SSSD/sssd/pull/230 Author: justin-stephenson Title: #230: Failure to filter out AD subdomain with flatname is used Action: opened PR body: """ Ticket: https://pagure.io/SSSD/sssd/issue/3365 SSSD fails to filter out the child domain it is connected to when domain flatname is used instead of fully qualified domain name in `sssd.conf`, this leads to creation of an empty subdomain. After the patch, no duplicate subdomain is created. Tested by performing `id` against user in connected-to child domain(used 2 AD domains:root and child for this). ``` [sssm_ad_subdomains_init] (0x2000): Initializing AD subdomains handler [new_subdomain] (0x0400): Creating [AD.JSTEPHEN] as subdomain of [winchld]! [ad_subdomains_process] (0x0400): Enabling subdomain WINCHLD.AD.JSTEPHEN [ad_subdomains_process] (0x2000): Not including primary domain winchld in the subdomain list [ad_subdomains_refresh_done] (0x0400): Subdomains refreshed. ``` I wrote a test for this but I may have gotten some talloc heirarchy incorrect so please let me know if there is a problem to fix here. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/230/head:pr230 git checkout pr230 From b42cf6446620315c8251447c4061336957fb17e9 Mon Sep 17 00:00:00 2001 From: Justin StephensonDate: Wed, 5 Apr 2017 13:04:08 -0400 Subject: [PATCH 1/2] AD: Add subdomain name comparison to realm When SSSD is connected to an AD child or subdomain, the subdomain will not be filtered out if only the domain flatname/shortname is provided in sssd.conf. Add a subdomain name comparison to the domain realm to fix this problem. Resolves: https://pagure.io/SSSD/sssd/issue/3365 --- src/providers/ad/ad_subdomains.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index bc659b2..a73d9e3 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -562,7 +562,8 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_FUNC, "Enabling subdomain %s\n", sd_name); } -if (strcasecmp(sd_name, domain->name) == 0) { +if ((strcasecmp(sd_name, domain->name) == 0) || +(strcasecmp(sd_name, domain->realm) == 0)) { DEBUG(SSSDBG_TRACE_INTERNAL, "Not including primary domain %s in the subdomain list\n", domain->name); From 600834a61fe81b6a887e09bd1a9dab7acc514061 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Thu, 6 Apr 2017 09:06:37 -0400 Subject: [PATCH 2/2] TESTS: Test AD subdomain filter behavior Test added to validate number of AD subdomains created during subdomain processing, specifically when connected to AD child domain and flatname is provided as the domain name in config file. https://pagure.io/SSSD/sssd/issue/3365 --- src/tests/cmocka/test_ad_subdomains.c | 54 +++ 1 file changed, 54 insertions(+) diff --git a/src/tests/cmocka/test_ad_subdomains.c b/src/tests/cmocka/test_ad_subdomains.c index 99908b5..00784e5 100644 --- a/src/tests/cmocka/test_ad_subdomains.c +++ b/src/tests/cmocka/test_ad_subdomains.c @@ -42,9 +42,13 @@ #define AD_DOMAIN "ad_domain.domain.test" #define DOMAIN_1 "one.domain.test" #define DOMAIN_2 "two.domain.test" +#define EXAMPLE_ROOT_DOM "EXAMPLE.COM" +#define EXAMPLE_CHILD_DOM "WINCHILD.EXAMPLE.COM" +#define EXAMPLE_CHILD_FLATNAME "winchild" struct test_ad_subdom_ctx { struct ad_id_ctx *ad_id_ctx; +struct sss_domain_info *dom; }; static struct ad_id_ctx * @@ -80,6 +84,9 @@ static int test_ad_subdom_setup(void **state) test_ctx = talloc_zero(global_talloc_context, struct test_ad_subdom_ctx); assert_non_null(test_ctx); +test_ctx->dom = talloc_zero(test_ctx, struct sss_domain_info); +assert_non_null(test_ctx->dom); + test_ctx->ad_id_ctx = NULL; check_leaks_push(test_ctx); @@ -273,6 +280,50 @@ static void test_ad_subdom_add_two_with_master(void **state) talloc_zfree(ad_enabled_domains); } +static void test_ad_subdom_exclude_child_flatname(void **state) +{ +struct test_ad_subdom_ctx *test_ctx; +const char **enabled_domains_list = NULL; +errno_t ret; +size_t orig_subdoms = 1; +struct sysdb_attrs *sd_attrs; +struct sysdb_attrs **sd; +struct sysdb_attrs *root; +size_t nsubdoms; +size_t expected_subdoms = 1; +struct sysdb_attrs **subdoms; + +test_ctx = talloc_get_type(*state, struct test_ad_subdom_ctx); + +test_ctx->dom->name = discard_const(EXAMPLE_CHILD_FLATNAME); +test_ctx->dom->realm = discard_const(EXAMPLE_CHILD_DOM); + +sd_attrs = sysdb_new_attrs(test_ctx); +assert_non_null(sd_attrs); + +ret = sysdb_attrs_add_string(sd_attrs, AD_AT_TRUST_PARTNER, EXAMPLE_CHILD_DOM); +assert_int_equal(ret, EOK); + +sd = _attrs; + +
[SSSD] [sssd PR#227][comment] CONFDB: Fix handling of enable_files_domain
URL: https://github.com/SSSD/sssd/pull/227 Title: #227: CONFDB: Fix handling of enable_files_domain mzidek-rh commented: """ Oh, I did not notice, you posted CI results before. It is an ACK then. """ See the full comment at https://github.com/SSSD/sssd/pull/227#issuecomment-292614149 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#227][+Accepted] CONFDB: Fix handling of enable_files_domain
URL: https://github.com/SSSD/sssd/pull/227 Title: #227: CONFDB: Fix handling of enable_files_domain Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#227][comment] CONFDB: Fix handling of enable_files_domain
URL: https://github.com/SSSD/sssd/pull/227 Title: #227: CONFDB: Fix handling of enable_files_domain mzidek-rh commented: """ LGTM. I tested with both --enable/disable-files domain and true/false enable_files_domain in sssd.conf. I will give you an ack when CI finishes. """ See the full comment at https://github.com/SSSD/sssd/pull/227#issuecomment-292613950 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#191][comment] Few spec file fixes
URL: https://github.com/SSSD/sssd/pull/191 Title: #191: Few spec file fixes lslebodn commented: """ http://sssd-ci.duckdns.org/logs/job/67/57/summary.html """ See the full comment at https://github.com/SSSD/sssd/pull/191#issuecomment-292553972 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#191][comment] Few spec file fixes
URL: https://github.com/SSSD/sssd/pull/191 Title: #191: Few spec file fixes lslebodn commented: """ Patches were updated due to sssd-kcm and libsss_certmap. """ See the full comment at https://github.com/SSSD/sssd/pull/191#issuecomment-292531702 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#191][synchronized] Few spec file fixes
URL: https://github.com/SSSD/sssd/pull/191 Author: lslebodn Title: #191: Few spec file fixes Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/191/head:pr191 git checkout pr191 From 4c6abde3021ae62dab20139ad26bcbc2956d8fd6 Mon Sep 17 00:00:00 2001 From: Lukas SlebodnikDate: Fri, 10 Mar 2017 13:06:42 +0100 Subject: [PATCH 01/13] SPEC: Update processing of translation in %install --- contrib/sssd.spec.in | 26 ++ 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 39a974e..d92de10 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -794,11 +794,10 @@ done %endif touch sssd.lang -touch sssd_tools.lang -touch sssd_client.lang -for provider in ldap krb5 ipa ad proxy +for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ + sssd_client do -touch sssd_$provider.lang +touch $subpackage.lang done for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"` @@ -838,6 +837,25 @@ do esac done +# Print these to the rpmbuild log +echo "sssd.lang:" +cat sssd.lang + +echo "python2_sssdconfig.lang:" +cat python2_sssdconfig.lang + +%if (0%{?with_python3} == 1) +echo "python3_sssdconfig.lang:" +cat python3_sssdconfig.lang +%endif + +for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ + sssd_client +do +echo "$subpackage.lang:" +cat $subpackage.lang +done + %files %defattr(-,root,root,-) %doc COPYING From a441ecad10b97632b2b1e5e76a4a1c4054cb492f Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Fri, 10 Mar 2017 12:49:40 +0100 Subject: [PATCH 02/13] SPEC: Move systemd service sssd-ifp.service to right package Explanation Resolves: https://pagure.io/SSSD/sssd/issue/ --- contrib/sssd.spec.in | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index d92de10..515714d 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -869,7 +869,6 @@ done %{_unitdir}/sssd.service %{_unitdir}/sssd-autofs.socket %{_unitdir}/sssd-autofs.service -%{_unitdir}/sssd-ifp.service %{_unitdir}/sssd-nss.socket %{_unitdir}/sssd-nss.service %{_unitdir}/sssd-pac.socket @@ -1035,6 +1034,9 @@ done %doc COPYING %{_libexecdir}/%{servicename}/sssd_ifp %{_mandir}/man5/sssd-ifp.5* +%if (0%{?use_systemd} == 1) +%{_unitdir}/sssd-ifp.service +%endif # InfoPipe DBus plumbing %{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf %{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service From 101c3a4eb441b8b620e67e13b4ee93deaf5bf957 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Fri, 10 Mar 2017 12:55:39 +0100 Subject: [PATCH 03/13] SPEC: Add missing scriptlets for package sssd-dbus --- contrib/sssd.spec.in | 9 + 1 file changed, 9 insertions(+) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 515714d..bb535ea 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -1291,6 +1291,15 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us %systemd_postun_with_restart sssd-sudo.socket %systemd_postun_with_restart sssd-sudo.service +%post dbus +%systemd_post sssd-ifp.service + +%preun dbus +%systemd_preun sssd-ifp.service + +%postun dbus +%systemd_postun_with_restart sssd-ifp.service + %else # sysv %post common From 5d35797b766a38c6e0cb182c369110c50be39a7b Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Fri, 10 Mar 2017 13:13:35 +0100 Subject: [PATCH 04/13] SPEC: Use correct package for translated sssd-ifp man page Resolves: https://pagure.io/SSSD/sssd/issue/3327 --- contrib/sssd.spec.in | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index bb535ea..8bf366f 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -795,7 +795,7 @@ done touch sssd.lang for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ - sssd_client + sssd_client sssd_dbus do touch $subpackage.lang done @@ -831,6 +831,9 @@ do sssd-proxy*) echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang ;; +sssd-ifp*) +echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_dbus.lang +;; *) echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang ;; @@ -850,7 +853,7 @@ cat python3_sssdconfig.lang %endif for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ - sssd_client + sssd_client sssd_dbus do echo "$subpackage.lang:" cat $subpackage.lang @@ -1029,7 +1032,7 @@ done
[SSSD] [sssd PR#200][comment] Improve PAM test client
URL: https://github.com/SSSD/sssd/pull/200 Title: #200: Improve PAM test client sumit-bose commented: """ Thank you for the review, all your suggestions are included in the latest update. To really make use of gettext I added the sssctl source files to POTFILES.in in a new patch. """ See the full comment at https://github.com/SSSD/sssd/pull/200#issuecomment-292523343 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#200][synchronized] Improve PAM test client
URL: https://github.com/SSSD/sssd/pull/200 Author: sumit-bose Title: #200: Improve PAM test client Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/200/head:pr200 git checkout pr200 From 0c34e0ed7a0f10bfb4e4dc9fef433105a8d1676f Mon Sep 17 00:00:00 2001 From: Sumit BoseDate: Tue, 24 Jan 2017 14:50:20 +0100 Subject: [PATCH 1/7] pam_test_client: add service and environment to PAM test client Related to https://pagure.io/SSSD/sssd/issue/3292 --- src/sss_client/pam_test_client.c | 51 ++-- 1 file changed, 39 insertions(+), 12 deletions(-) diff --git a/src/sss_client/pam_test_client.c b/src/sss_client/pam_test_client.c index 29d1fcb..edd5e0c 100644 --- a/src/sss_client/pam_test_client.c +++ b/src/sss_client/pam_test_client.c @@ -48,34 +48,44 @@ static struct pam_conv conv = { # error "Missing text based pam conversation function" #endif +#define DEFAULT_ACTION "acct" +#define DEFAULT_SERVICE "system-auth" + int main(int argc, char *argv[]) { pam_handle_t *pamh; char *user; char *action; +char *service; int ret; +size_t c; +char **pam_env; if (argc == 1) { -fprintf(stderr, "missing action and user name, using default\n"); -action = strdup("auth"); -user = strdup("dummy"); +fprintf(stderr, "Usage: pam_test_client USERNAME " +"[auth|acct|setc|chau|open|clos] [pam_service]\n"); +return 0; } else if (argc == 2) { -fprintf(stdout, "using first argument as action and default user name\n"); -action = strdup(argv[1]); -user = strdup("dummy"); -} else { -action = strdup(argv[1]); -user = strdup(argv[2]); +fprintf(stderr,"using first argument as user name and default action " + "and service\n"); +} else if (argc == 3) { +fprintf(stderr, "using first argument as user name, second as action " +"and default service\n"); } -if (action == NULL || user == NULL) { +user = strdup(argv[1]); +action = argc > 2 ? strdup(argv[2]) : strdup(DEFAULT_ACTION); +service = argc > 3 ? strdup(argv[3]) : strdup(DEFAULT_SERVICE); + +if (action == NULL || user == NULL || service == NULL) { fprintf(stderr, "Out of memory!\n"); return 1; } -fprintf(stdout, "action: %s\nuser: %s\n", action,user); +fprintf(stdout, "user: %s\naction: %s\nservice: %s\n", +user, action, service); -ret = pam_start("sss_test", user, , ); +ret = pam_start(service, user, , ); if (ret != PAM_SUCCESS) { fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, ret)); return 1; @@ -109,7 +119,24 @@ int main(int argc, char *argv[]) { fprintf(stderr, "unknown action\n"); } +fprintf(stderr, "PAM Environment:\n"); +pam_env = pam_getenvlist(pamh); +if (pam_env != NULL && pam_env[0] != NULL) { +for (c = 0; pam_env[c] != NULL; c++) { +fprintf(stderr," - %s\n", pam_env[c]); +free(pam_env[c]); +} +} else { +fprintf(stderr," - no env -\n"); +} +free(pam_env); + + pam_end(pamh, ret); +free(user); +free(action); +free(service); + return 0; } From 9d1519e3ddb868ea022df219ee3bae01a4a8d7e4 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 25 Jan 2017 16:50:00 +0100 Subject: [PATCH 2/7] pam_test_client: add SSSD getpwnam lookup Related to https://pagure.io/SSSD/sssd/issue/3292 --- Makefile.am | 10 -- src/sss_client/pam_test_client.c | 75 2 files changed, 83 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index d45c0ff..7aca5b8 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3461,8 +3461,14 @@ if BUILD_WITH_LIBCURL noinst_PROGRAMS += tcurl-test-tool endif -pam_test_client_SOURCES = src/sss_client/pam_test_client.c -pam_test_client_LDADD = $(PAM_LIBS) $(PAM_MISC_LIBS) +pam_test_client_SOURCES = \ +src/sss_client/pam_test_client.c \ +$(NULL) +pam_test_client_LDADD = \ +$(PAM_LIBS) \ +$(PAM_MISC_LIBS) \ +$(LIBADD_DL) \ +$(NULL) if BUILD_AUTOFS autofs_test_client_SOURCES = \ diff --git a/src/sss_client/pam_test_client.c b/src/sss_client/pam_test_client.c index edd5e0c..2b2c607 100644 --- a/src/sss_client/pam_test_client.c +++ b/src/sss_client/pam_test_client.c @@ -25,6 +25,11 @@ #include #include #include +#include +#include +#include +#include +#include #include @@ -51,6 +56,69 @@ static struct pam_conv conv = { #define DEFAULT_ACTION "acct" #define DEFAULT_SERVICE "system-auth" +#define DEFAULT_BUFSIZE 4096 + +static int sss_getpwnam_check(const char *user) +{ +void *dl_handle = NULL; +enum nss_status (*getpwnam_r)(const char *name, struct
[SSSD] [sssd PR#200][synchronized] Improve PAM test client
URL: https://github.com/SSSD/sssd/pull/200 Author: sumit-bose Title: #200: Improve PAM test client Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/200/head:pr200 git checkout pr200 From 0c34e0ed7a0f10bfb4e4dc9fef433105a8d1676f Mon Sep 17 00:00:00 2001 From: Sumit BoseDate: Tue, 24 Jan 2017 14:50:20 +0100 Subject: [PATCH 1/8] pam_test_client: add service and environment to PAM test client Related to https://pagure.io/SSSD/sssd/issue/3292 --- src/sss_client/pam_test_client.c | 51 ++-- 1 file changed, 39 insertions(+), 12 deletions(-) diff --git a/src/sss_client/pam_test_client.c b/src/sss_client/pam_test_client.c index 29d1fcb..edd5e0c 100644 --- a/src/sss_client/pam_test_client.c +++ b/src/sss_client/pam_test_client.c @@ -48,34 +48,44 @@ static struct pam_conv conv = { # error "Missing text based pam conversation function" #endif +#define DEFAULT_ACTION "acct" +#define DEFAULT_SERVICE "system-auth" + int main(int argc, char *argv[]) { pam_handle_t *pamh; char *user; char *action; +char *service; int ret; +size_t c; +char **pam_env; if (argc == 1) { -fprintf(stderr, "missing action and user name, using default\n"); -action = strdup("auth"); -user = strdup("dummy"); +fprintf(stderr, "Usage: pam_test_client USERNAME " +"[auth|acct|setc|chau|open|clos] [pam_service]\n"); +return 0; } else if (argc == 2) { -fprintf(stdout, "using first argument as action and default user name\n"); -action = strdup(argv[1]); -user = strdup("dummy"); -} else { -action = strdup(argv[1]); -user = strdup(argv[2]); +fprintf(stderr,"using first argument as user name and default action " + "and service\n"); +} else if (argc == 3) { +fprintf(stderr, "using first argument as user name, second as action " +"and default service\n"); } -if (action == NULL || user == NULL) { +user = strdup(argv[1]); +action = argc > 2 ? strdup(argv[2]) : strdup(DEFAULT_ACTION); +service = argc > 3 ? strdup(argv[3]) : strdup(DEFAULT_SERVICE); + +if (action == NULL || user == NULL || service == NULL) { fprintf(stderr, "Out of memory!\n"); return 1; } -fprintf(stdout, "action: %s\nuser: %s\n", action,user); +fprintf(stdout, "user: %s\naction: %s\nservice: %s\n", +user, action, service); -ret = pam_start("sss_test", user, , ); +ret = pam_start(service, user, , ); if (ret != PAM_SUCCESS) { fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, ret)); return 1; @@ -109,7 +119,24 @@ int main(int argc, char *argv[]) { fprintf(stderr, "unknown action\n"); } +fprintf(stderr, "PAM Environment:\n"); +pam_env = pam_getenvlist(pamh); +if (pam_env != NULL && pam_env[0] != NULL) { +for (c = 0; pam_env[c] != NULL; c++) { +fprintf(stderr," - %s\n", pam_env[c]); +free(pam_env[c]); +} +} else { +fprintf(stderr," - no env -\n"); +} +free(pam_env); + + pam_end(pamh, ret); +free(user); +free(action); +free(service); + return 0; } From 9d1519e3ddb868ea022df219ee3bae01a4a8d7e4 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 25 Jan 2017 16:50:00 +0100 Subject: [PATCH 2/8] pam_test_client: add SSSD getpwnam lookup Related to https://pagure.io/SSSD/sssd/issue/3292 --- Makefile.am | 10 -- src/sss_client/pam_test_client.c | 75 2 files changed, 83 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index d45c0ff..7aca5b8 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3461,8 +3461,14 @@ if BUILD_WITH_LIBCURL noinst_PROGRAMS += tcurl-test-tool endif -pam_test_client_SOURCES = src/sss_client/pam_test_client.c -pam_test_client_LDADD = $(PAM_LIBS) $(PAM_MISC_LIBS) +pam_test_client_SOURCES = \ +src/sss_client/pam_test_client.c \ +$(NULL) +pam_test_client_LDADD = \ +$(PAM_LIBS) \ +$(PAM_MISC_LIBS) \ +$(LIBADD_DL) \ +$(NULL) if BUILD_AUTOFS autofs_test_client_SOURCES = \ diff --git a/src/sss_client/pam_test_client.c b/src/sss_client/pam_test_client.c index edd5e0c..2b2c607 100644 --- a/src/sss_client/pam_test_client.c +++ b/src/sss_client/pam_test_client.c @@ -25,6 +25,11 @@ #include #include #include +#include +#include +#include +#include +#include #include @@ -51,6 +56,69 @@ static struct pam_conv conv = { #define DEFAULT_ACTION "acct" #define DEFAULT_SERVICE "system-auth" +#define DEFAULT_BUFSIZE 4096 + +static int sss_getpwnam_check(const char *user) +{ +void *dl_handle = NULL; +enum nss_status (*getpwnam_r)(const char *name, struct
[SSSD] Re: WIP design page: Subdomain configuration
On Fri, Apr 07, 2017 at 12:56:56PM +0200, Michal Židek wrote: > On 04/07/2017 08:51 AM, Jakub Hrozek wrote: > > On Mon, Jan 16, 2017 at 03:35:11PM +0100, Michal Židek wrote: > > > Hi, > > > > > > I started working on the design page for subdomain > > > configuration in server mode. It is located here: > > > https://fedorahosted.org/sssd/wiki/DesignDocs/SubdomConf > > > > > > The implementation details and how to debug sections will > > > be added later. > > > > > > For now, the design page is short but should at least set the > > > proper expectations for the feature. Please tell me if you think > > > something is unclear. > > > > > > I will add more to the page soon. > > > > Hi, > > > > I moved the design page to pagure docs: > > > > https://docs.pagure.org/SSSD.sssd/design_pages/subdomain_configuration.html > > > > and did a little cleanup (I added short implementation section and > > expanded the examples in the how to test section, mostly) > > > > Please let me know (or send a PR) if there's anything wrong or missing. > > Thank you for moving the page. I sent one tiny PR to fix a typo I > noticed. > > Michal Thanks, merged (btw pagure++ for merging by applying patches atop origin/master instead of the horrible way github does with merge commits..) ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] Re: WIP design page: Subdomain configuration
On 04/07/2017 08:51 AM, Jakub Hrozek wrote: On Mon, Jan 16, 2017 at 03:35:11PM +0100, Michal Židek wrote: Hi, I started working on the design page for subdomain configuration in server mode. It is located here: https://fedorahosted.org/sssd/wiki/DesignDocs/SubdomConf The implementation details and how to debug sections will be added later. For now, the design page is short but should at least set the proper expectations for the feature. Please tell me if you think something is unclear. I will add more to the page soon. Hi, I moved the design page to pagure docs: https://docs.pagure.org/SSSD.sssd/design_pages/subdomain_configuration.html and did a little cleanup (I added short implementation section and expanded the examples in the how to test section, mostly) Please let me know (or send a PR) if there's anything wrong or missing. Thank you for moving the page. I sent one tiny PR to fix a typo I noticed. Michal ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] Re: [Freeipa-devel] [RFC] Matching and Mapping Certificates
On Fri, Apr 07, 2017 at 10:38:55AM +0200, Jakub Hrozek wrote: > On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote: > > Hi, > > > > I've started to write a SSSD design page about enhancing the current > > mapping of certificates to users and how to select/match a suitable > > certificate if multiple certificates are on a Smartcard. > > > > My currently thoughts and idea and be found at > > https://fedorahosted.org/sssd/wiki/DesignDocs/MatchingAndMappingCertificates > > and for your convenience below as well. > > > > Comments and suggestions are welcome. Please let me know about concerns, > > alternatives and missing use-cases/user-stories. > > > > bye, > > Sumit > > I converted the page to pagure markdown: > > https://docs.pagure.org/SSSD.sssd/design_pages/matching_and_mapping_certificates.html > > There are no changes to the content except for fixing typos. Thank you for doing the conversion and fixing the typos. I will now update the page to reflect the current state of the code. bye, Sumit > > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#200][comment] Improve PAM test client
URL: https://github.com/SSSD/sssd/pull/200 Title: #200: Improve PAM test client pbrezina commented: """ And maybe a little cosmetic stuff, can we add some empty lines to easier differentiate output blocks? ``` user: user-1 action: auth service: system-auth SSSD nss user lookup result: - user name: user-1 - user id: 10001 - group id: 10001 - gecos: user-1 - home directory: /home/user-1 - shell: SSSD InfoPipe user lookup result: - name: user-1 - uidNumber: 10001 - gidNumber: 10001 - gecos: user-1 - homeDirectory: /home/user-1 - loginShell: testing pam_authenticate Password: pam_authenticate: Authentication failure PAM Environment: - no env - ``` ==> ``` user: user-1 action: auth service: system-auth SSSD nss user lookup result: - user name: user-1 - user id: 10001 - group id: 10001 - gecos: user-1 - home directory: /home/user-1 - shell: SSSD InfoPipe user lookup result: - name: user-1 - uidNumber: 10001 - gidNumber: 10001 - gecos: user-1 - homeDirectory: /home/user-1 - loginShell: testing pam_authenticate Password: pam_authenticate: Authentication failure PAM Environment: - no env - ``` """ See the full comment at https://github.com/SSSD/sssd/pull/200#issuecomment-292478501 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#200][comment] Improve PAM test client
URL: https://github.com/SSSD/sssd/pull/200 Title: #200: Improve PAM test client pbrezina commented: """ Patches looks good, I have only one comment: we should use gettext when printing messages to user. """ See the full comment at https://github.com/SSSD/sssd/pull/200#issuecomment-292477580 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] Re: [RFC] Matching and Mapping Certificates
On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote: > Hi, > > I've started to write a SSSD design page about enhancing the current > mapping of certificates to users and how to select/match a suitable > certificate if multiple certificates are on a Smartcard. > > My currently thoughts and idea and be found at > https://fedorahosted.org/sssd/wiki/DesignDocs/MatchingAndMappingCertificates > and for your convenience below as well. > > Comments and suggestions are welcome. Please let me know about concerns, > alternatives and missing use-cases/user-stories. > > bye, > Sumit I converted the page to pagure markdown: https://docs.pagure.org/SSSD.sssd/design_pages/matching_and_mapping_certificates.html There are no changes to the content except for fixing typos. ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] Re: WIP design page: Subdomain configuration
On Mon, Jan 16, 2017 at 03:35:11PM +0100, Michal Židek wrote: > Hi, > > I started working on the design page for subdomain > configuration in server mode. It is located here: > https://fedorahosted.org/sssd/wiki/DesignDocs/SubdomConf > > The implementation details and how to debug sections will > be added later. > > For now, the design page is short but should at least set the > proper expectations for the feature. Please tell me if you think > something is unclear. > > I will add more to the page soon. Hi, I moved the design page to pagure docs: https://docs.pagure.org/SSSD.sssd/design_pages/subdomain_configuration.html and did a little cleanup (I added short implementation section and expanded the examples in the how to test section, mostly) Please let me know (or send a PR) if there's anything wrong or missing. ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org