[SSSD] [sssd PR#342][comment] SELINUX: Use getseuserbyname to get IPA seuser

2017-08-28 Thread justin-stephenson 
  URL: https://github.com/SSSD/sssd/pull/342
Title: #342: SELINUX: Use getseuserbyname to get IPA seuser

justin-stephenson commented:
"""
I agree with Fabiano, I could not find an equivalent libselinux user delete 
function. If there is a one i'm missing then I don't mind updating the PR.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/342#issuecomment-325474168
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#355][+Pushed] localauth plugin: change return code of sss_an2ln

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/355
Title: #355: localauth plugin: change return code of sss_an2ln

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#355][closed] localauth plugin: change return code of sss_an2ln

2017-08-28 Thread jhrozek 
   URL: https://github.com/SSSD/sssd/pull/355
Author: sumit-bose
 Title: #355: localauth plugin: change return code of sss_an2ln
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/355/head:pr355
git checkout pr355
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#355][comment] localauth plugin: change return code of sss_an2ln

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/355
Title: #355: localauth plugin: change return code of sss_an2ln

jhrozek commented:
"""
* master:
b4e45531b3e98efce868d8a01ebd2dbe54348217
3f94a979eebd1c9496b49b4e07b7823550dec97e
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/355#issuecomment-325460531
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#355][comment] localauth plugin: change return code of sss_an2ln

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/355
Title: #355: localauth plugin: change return code of sss_an2ln

jhrozek commented:
"""
The change is a one-liner, matching the ticket. There is a unit test and 
neither CI nor Coverity complain -> ACK.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/355#issuecomment-325459961
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#355][+Accepted] localauth plugin: change return code of sss_an2ln

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/355
Title: #355: localauth plugin: change return code of sss_an2ln

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#332][+Changes requested] sydb: index improvements

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/332
Title: #332: sydb: index improvements

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#332][comment] sydb: index improvements

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/332
Title: #332: sydb: index improvements

jhrozek commented:
"""
Setting changes requested as per the review.

(note that this is NOT a nudge for anyone to work faster, I'm just reconciling 
the PR statuses)
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/332#issuecomment-325455185
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#351][comment] NSS: Look for name attribute also in nss_cmd_getsidbyid

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/351
Title: #351: NSS: Look for name attribute also in nss_cmd_getsidbyid

jhrozek commented:
"""
Setting Changes requested as per @pbrezina's last comment

(note that this is NOT a nudge for anyone to work faster, I'm just reconciling 
the PR statuses)
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/351#issuecomment-325454974
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#351][+Changes requested] NSS: Look for name attribute also in nss_cmd_getsidbyid

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/351
Title: #351: NSS: Look for name attribute also in nss_cmd_getsidbyid

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#325][+Changes requested] MAN: Improve description of 'trusted domain section' in sssd.conf's man page

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/325
Title: #325: MAN: Improve description of 'trusted domain section' in 
sssd.conf's man page

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#347][+Pushed] Fixes related to negative cache and "root" user/group

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/347
Title: #347: Fixes related to negative cache and "root" user/group

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#347][comment] Fixes related to negative cache and "root" user/group

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/347
Title: #347: Fixes related to negative cache and "root" user/group

jhrozek commented:
"""
* master:
6c3841099addb84bf3e9a2f85e96dffae1b94623
5883b99fa0d13368f6e79fdb40b6637d36ed1801
137e105ac8ca3476d2f74d24ae13860774937000
b4b3d0642120ca05f63959fe2f317a6b93031929
3ad33ca77044f9a9d18f7def271b0beb180e567b
431c7508e0d256b9c712cb9dcb9aa4cb635f4a0b
d7a46371ddd2c2514c3e81b58bb1090902a2
9908bdc9755e744c3e2c7c746a4edf95f9083ef5
e54764d62bfcc48770d9b2578132979aa58636e5
1e7b7da3aa56060c26f8ba1c08318cdee77753ea
b54d79cf3c8017e186b5ea7cdc383746233db39b

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/347#issuecomment-325446825
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#347][closed] Fixes related to negative cache and "root" user/group

2017-08-28 Thread jhrozek 
   URL: https://github.com/SSSD/sssd/pull/347
Author: fidencio
 Title: #347: Fixes related to negative cache and "root" user/group
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/347/head:pr347
git checkout pr347
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#241][closed] FleetCommander Integration

2017-08-28 Thread jhrozek 
   URL: https://github.com/SSSD/sssd/pull/241
Author: fidencio
 Title: #241: FleetCommander Integration
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/241/head:pr241
git checkout pr241
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#241][comment] FleetCommander Integration

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/241
Title: #241: FleetCommander Integration

jhrozek commented:
"""
* master:
4a311702045b065a97a0c0fc0ccc7a1fc84b38cf
85517b57685809ff96818bbd3e3b4678ac74b461
85a93ca67ae020607006cd035170c9360fb0a450
684a13e8de1526257ca2e40b6bf2e05585d4eaca
4b37ee7d370003514916c793046577ea4b6e736b
dd6a4fb9ae4825caf4ccb835f8b8221c96bbb6f5
c9e104f17b6c4cf5741dea9fdbe864619125fab1
9d98e98ab37d86323034e7bc342f196b81fa07bc
b054e7d8c43b024ee33e9343b4a15e124861f68c
f982039c75ec064894deb676ae53ee57de868590
6f466e0a3d950d21bd750ef53cb93b75dc023f9e
5b93634c7f0e34f69b4cf8fb9b2e77b9179024a7
7c1d1393537dec95e09b83b607ce9d0e8f49584c
18d898d9cb30f298b3a35dc1c1bace95ef4e0b3b
ee164913f9c12a557044eb469f4498b9be9a8f50
0f623456437c96f50330fe0ff21afd9638d14e57
d2a0b4a6a220bf9a58c7306c3f673891efc419eb
e17e37cd0e2109e7f1bd4ae48edfc8cca85b3f93
21909d3b620d97e81dd946b959a47efe88d2b7d8
9a18f78f38e274f4906af6ef8e1a82d844fde4cc
8a26d32bc9b71e85a42b7832891100a7249f92aa

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/241#issuecomment-325442601
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#241][+Pushed] FleetCommander Integration

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/241
Title: #241: FleetCommander Integration

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#358][comment] Requesting a pull to SSSD:master from jhrozek:pep8

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/358
Title: #358: Requesting a pull to SSSD:master from jhrozek:pep8

jhrozek commented:
"""
retest this please
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/358#issuecomment-325437251
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#347][+Accepted] Fixes related to negative cache and "root" user/group

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/347
Title: #347: Fixes related to negative cache and "root" user/group

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#358][opened] Requesting a pull to SSSD:master from jhrozek:pep8

2017-08-28 Thread jhrozek 
   URL: https://github.com/SSSD/sssd/pull/358
Author: jhrozek
 Title: #358: Requesting a pull to SSSD:master from jhrozek:pep8
Action: opened

PR body:
"""
To reprouce, run:
pep8 src/tests/intg/*.py 

No functional changes are present.
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/358/head:pr358
git checkout pr358
From cb05b625dda8fbcf92d6806b81782cceed930711 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Mon, 28 Aug 2017 18:02:43 +0200
Subject: [PATCH] TESTS: Fix assorted pep8 issues

---
 src/tests/intg/test_enumeration.py   |   2 +-
 src/tests/intg/test_files_provider.py|   4 +-
 src/tests/intg/test_ldap.py  |   3 +-
 src/tests/intg/test_session_recording.py | 411 +++
 4 files changed, 309 insertions(+), 111 deletions(-)

diff --git a/src/tests/intg/test_enumeration.py b/src/tests/intg/test_enumeration.py
index fdb8d3768..54d10f8bf 100644
--- a/src/tests/intg/test_enumeration.py
+++ b/src/tests/intg/test_enumeration.py
@@ -465,7 +465,7 @@ def _test_add_remove_membership_rfc2307(ldap_conn, user_and_group_rfc2307):
 
 
 def _test_add_remove_membership_rfc2307_bis(ldap_conn,
-   user_and_groups_rfc2307_bis):
+user_and_groups_rfc2307_bis):
 """
 Test user and group membership addition and removal are reflected by SSSD,
 with RFC2307bis schema
diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
index b26977e06..6420f6fad 100644
--- a/src/tests/intg/test_files_provider.py
+++ b/src/tests/intg/test_files_provider.py
@@ -373,8 +373,8 @@ def test_group_overriden(add_group_with_canary, files_domain_only):
 """
 # Override
 subprocess.check_call(["sss_override", "group-add", GROUP1["name"],
-  "-n", OV_GROUP1["name"],
-  "-g", str(OV_GROUP1["gid"])])
+   "-n", OV_GROUP1["name"],
+   "-g", str(OV_GROUP1["gid"])])
 
 restart_sssd()
 
diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py
index 7906508e1..136abc9ee 100644
--- a/src/tests/intg/test_ldap.py
+++ b/src/tests/intg/test_ldap.py
@@ -995,11 +995,10 @@ def test_zero_nesting_level(ldap_conn, rfc2307bis_no_nesting):
 assert res == sssd_id.NssReturnCode.SUCCESS, \
 "Could not find groups for user1, %d" % errno
 
-## test nestedgroup is not returned in group list
+# test nestedgroup is not returned in group list
 assert sorted(grp_list) == sorted(["primarygroup", "parentgroup"])
 
 
-
 @pytest.fixture
 def sanity_nss_filter(request, ldap_conn):
 ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
diff --git a/src/tests/intg/test_session_recording.py b/src/tests/intg/test_session_recording.py
index 56a056a15..b5fff0c0d 100644
--- a/src/tests/intg/test_session_recording.py
+++ b/src/tests/intg/test_session_recording.py
@@ -287,20 +287,36 @@ def all(request, ldap_conn, users_and_groups):
 def test_all_nam(all):
 """Test "all" scope with getpwnam"""
 ent.assert_each_passwd_by_name(dict(
-user1=dict(name="user1", uid=1001, shell=config.SESSION_RECORDING_SHELL),
-user2=dict(name="user2", uid=1002, shell=config.SESSION_RECORDING_SHELL),
-user3=dict(name="user3", uid=1003, shell=config.SESSION_RECORDING_SHELL),
-user4=dict(name="user4", uid=1004, shell=config.SESSION_RECORDING_SHELL),
+user1=dict(name="user1",
+   uid=1001,
+   shell=config.SESSION_RECORDING_SHELL),
+user2=dict(name="user2",
+   uid=1002,
+   shell=config.SESSION_RECORDING_SHELL),
+user3=dict(name="user3",
+   uid=1003,
+   shell=config.SESSION_RECORDING_SHELL),
+user4=dict(name="user4",
+   uid=1004,
+   shell=config.SESSION_RECORDING_SHELL),
 ))
 
 
 def test_all_uid(all):
 """Test "all" scope with getpwuid"""
 ent.assert_each_passwd_by_uid({
-1001:dict(name="user1", uid=1001, shell=config.SESSION_RECORDING_SHELL),
-1002:dict(name="user2", uid=1002, shell=config.SESSION_RECORDING_SHELL),
-1003:dict(name="user3", uid=1003, shell=config.SESSION_RECORDING_SHELL),
-1004:dict(name="user4", uid=1004, shell=config.SESSION_RECORDING_SHELL),
+1001: dict(name="user1",
+   uid=1001,
+   shell=config.SESSION_RECORDING_SHELL),
+1002: dict(name="user2",
+   uid=1002,
+   shell=config.SESSION_RECORDING_SHELL),
+1003: dict(name="user3",
+   uid=1003,
+   shell=config.SESSION_RECORDING_SHELL),
+1004: dict(name="user4",
+   uid=1004,
+   shell=config.SESSION_RECORDING_SHELL),
 })
 
 
@@ -308,10

[SSSD] [sssd PR#241][+Accepted] FleetCommander Integration

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/241
Title: #241: FleetCommander Integration

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#241][comment] FleetCommander Integration

2017-08-28 Thread jhrozek 
  URL: https://github.com/SSSD/sssd/pull/241
Title: #241: FleetCommander Integration

jhrozek commented:
"""
ACK, CI: http://vm-058-233.XXX/logs/job/74/33/summary.html
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/241#issuecomment-325391191
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#357][opened] A few fixes/improvements related to issue #2976

2017-08-28 Thread fidencio 
   URL: https://github.com/SSSD/sssd/pull/357
Author: fidencio
 Title: #357: A few fixes/improvements related to issue #2976
Action: opened

PR body:
"""
While digging into the sdap_id_op.c code, I've noticed a missing debug log that 
could be useful and a fishy situation where we can mark the whole backend as 
offline in case sdap_id_conn_data_set_expire_timer() fails.
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/357/head:pr357
git checkout pr357
From 945124c4ae6665d2ad28d740b63356a083c14caa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Mon, 28 Aug 2017 13:17:49 +0200
Subject: [PATCH 1/2] SDAP: Add a debug message to explain why a backend was
 marked offline
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This new debug message may help us when debugging the cases where a
backend was marked offline but it shouldn't be.

Related: https://pagure.io/SSSD/sssd/issue/2976

Signed-off-by: Fabiano Fidêncio 
---
 src/providers/ldap/sdap_id_op.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/src/providers/ldap/sdap_id_op.c b/src/providers/ldap/sdap_id_op.c
index 3a3de3643..5a005ba9a 100644
--- a/src/providers/ldap/sdap_id_op.c
+++ b/src/providers/ldap/sdap_id_op.c
@@ -608,6 +608,10 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq)
 
 default:
 /* do not attempt to retry on errors like ENOMEM */
+DEBUG(SSSDBG_TRACE_FUNC,
+  "Marking the backend (%p) offline [%d]: %s\n",
+  conn_cache->id_conn->id_ctx->be,
+  ret, sss_strerror(ret));
 can_retry = false;
 is_offline = true;
 be_mark_offline(conn_cache->id_conn->id_ctx->be);

From f0efbcc257dcaaf192600198d8055d8287d57510 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Mon, 28 Aug 2017 16:38:40 +0200
Subject: [PATCH 2/2] SDAP: Don't call be_mark_offline() because
 sdap_id_conn_data_set_expire_timer() failed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Marking the whole backend as offline because
sdap_id_conn_data_set_expire_timer() failed doesn't look any right and
from now on let's avoiding doing so.

Related: https://pagure.io/SSSD/sssd/issue/2976

Signed-off-by: Fabiano Fidêncio 
---
 src/providers/ldap/sdap_id_op.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/src/providers/ldap/sdap_id_op.c b/src/providers/ldap/sdap_id_op.c
index 5a005ba9a..226c40930 100644
--- a/src/providers/ldap/sdap_id_op.c
+++ b/src/providers/ldap/sdap_id_op.c
@@ -592,6 +592,14 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq)
 }
 }
 ret = sdap_id_conn_data_set_expire_timer(conn_data);
+if (ret != EOK) {
+DEBUG(SSSDBG_MINOR_FAILURE,
+  "sdap_id_conn_data_set_expire_timer() failed [%d]: %s",
+  ret, sss_strerror(ret));
+/* Avoid causing the whole backend to be marked as offline because
+ * this operation failed. */
+ret = EOK;
+}
 sdap_steal_server_opts(conn_cache->id_conn->id_ctx, _opts);
 }
 
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#321][comment] certmap: add OpenSSL implementation

2017-08-28 Thread sumit-bose 
  URL: https://github.com/SSSD/sssd/pull/321
Title: #321: certmap: add OpenSSL implementation

sumit-bose commented:
"""
Thank you for the review, I addressed all your comments.

About the tickets, the validation is currently done in two places, the ssh 
responder and p11_child. So I think https://pagure.io/SSSD/sssd/issue/2880 is 
justified, even if the solution will be to call p11_child from the ssh 
responder to validate the certificate which is the solution I currently prefer.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/321#issuecomment-325358022
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#321][synchronized] certmap: add OpenSSL implementation

2017-08-28 Thread sumit-bose 
   URL: https://github.com/SSSD/sssd/pull/321
Author: sumit-bose
 Title: #321: certmap: add OpenSSL implementation
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/321/head:pr321
git checkout pr321
From 08faaa9a420f796c93b4794c8852c19dfe03574a Mon Sep 17 00:00:00 2001
From: Sumit Bose 
Date: Tue, 14 Feb 2017 22:47:08 +0100
Subject: [PATCH] certmap: add OpenSSL implementation

The OpenSSL 1.1 API is used but there is a short macro block which
should added the needed compatibility if and older OpenSSL version is
used.

Related to https://pagure.io/SSSD/sssd/issue/3050
---
 Makefile.am   |   7 +-
 src/lib/certmap/sss_cert_content_common.c | 199 
 src/lib/certmap/sss_cert_content_crypto.c | 779 +-
 src/lib/certmap/sss_cert_content_nss.c| 105 +---
 src/lib/certmap/sss_certmap.c |  93 +---
 src/lib/certmap/sss_certmap_attr_names.c  |  83 ++--
 src/lib/certmap/sss_certmap_int.h |  25 +-
 src/tests/cmocka/test_certmap.c   | 104 +++-
 8 files changed, 1170 insertions(+), 225 deletions(-)
 create mode 100644 src/lib/certmap/sss_cert_content_common.c

diff --git a/Makefile.am b/Makefile.am
index faa2fbaba..0ff7c36ec 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -287,11 +287,9 @@ if HAVE_CMOCKA
 simple-access-tests \
 krb5_common_test \
 test_iobuf \
+sss_certmap_test \
 $(NULL)
 
-if HAVE_NSS
-non_interactive_cmocka_based_tests +=  sss_certmap_test
-endif #HAVE_NSS
 
 if HAVE_LIBRESOLV
 non_interactive_cmocka_based_tests += test_resolv_fake
@@ -1799,6 +1797,7 @@ libsss_certmap_la_SOURCES = \
 src/lib/certmap/sss_certmap_attr_names.c \
 src/lib/certmap/sss_certmap_krb5_match.c \
 src/lib/certmap/sss_certmap_ldap_mapping.c \
+src/lib/certmap/sss_cert_content_common.c \
 src/util/util_ext.c \
 src/util/cert/cert_common.c \
 $(NULL)
@@ -3422,7 +3421,6 @@ test_inotify_LDADD = \
 libsss_test_common.la \
 $(NULL)
 
-if HAVE_NSS
 sss_certmap_test_SOURCES = \
 src/tests/cmocka/test_certmap.c \
 src/lib/certmap/sss_certmap_attr_names.c \
@@ -3440,7 +3438,6 @@ sss_certmap_test_LDADD = \
 libsss_test_common.la \
 libsss_certmap.la \
 $(NULL)
-endif
 
 if BUILD_KCM
 test_kcm_json_SOURCES = \
diff --git a/src/lib/certmap/sss_cert_content_common.c b/src/lib/certmap/sss_cert_content_common.c
new file mode 100644
index 0..429193352
--- /dev/null
+++ b/src/lib/certmap/sss_cert_content_common.c
@@ -0,0 +1,199 @@
+/*
+   SSSD - certificate handling utils
+   The calls defined here should be useable outside of SSSD as well, e.g. in
+   libsss_certmap.
+
+   Copyright (C) Sumit Bose  2017
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see .
+*/
+
+#include 
+#include 
+#include 
+
+#include "lib/certmap/sss_certmap_int.h"
+
+int get_short_name(TALLOC_CTX *mem_ctx, const char *full_name,
+   char delim, char **short_name)
+{
+char *at;
+char *s;
+
+if (full_name == NULL || delim == '\0' || short_name == NULL) {
+return EINVAL;
+}
+
+at = strchr(full_name, delim);
+if (at != NULL) {
+s = talloc_strndup(mem_ctx, full_name, (at - full_name));
+} else {
+s = talloc_strdup(mem_ctx, full_name);
+}
+if (s == NULL) {
+return ENOMEM;
+}
+
+*short_name = s;
+
+return 0;
+}
+
+int add_to_san_list(TALLOC_CTX *mem_ctx, bool is_bin,
+enum san_opt san_opt, const uint8_t *data, size_t len,
+struct san_list **item)
+{
+struct san_list *i;
+
+if (data == NULL || len == 0 || san_opt == SAN_INVALID) {
+return EINVAL;
+}
+
+i = talloc_zero(mem_ctx, struct san_list);
+if (i == NULL) {
+return ENOMEM;
+}
+
+i->san_opt = san_opt;
+if (is_bin) {
+i->bin_val = talloc_memdup(i, data, len);
+i->bin_val_len = len;
+} else {
+i->val = talloc_strndup(i, (const char *) data, len);
+}
+if (i->val == NULL) {
+talloc_free(i);
+return ENOMEM;
+}
+
+*item = i;
+
+return 0;
+}
+
+int add_principal_to_san_list(TALLOC_CTX *mem_ctx, enum san_opt san_opt,
+  const char *princ, struct san_list **item)
+{
+

[SSSD] [sssd PR#241][comment] FleetCommander Integration

2017-08-28 Thread olivergs 
  URL: https://github.com/SSSD/sssd/pull/241
Title: #241: FleetCommander Integration

olivergs commented:
"""
Tested the latest build for the patches from @fidencio COPR repo and it
worked as expected.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/241#issuecomment-325337915
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#241][comment] FleetCommander Integration

2017-08-28 Thread olivergs 
  URL: https://github.com/SSSD/sssd/pull/241
Title: #241: FleetCommander Integration

olivergs commented:
"""
Tested the latest build for the patches from @fidencio COPR repo and it
worked as expected.



On Thu, Aug 17, 2017 at 4:23 PM, fidencio  wrote:

> Patch set updated.
>
> This is the patch that I've squashed:
>
> From 97f189d3a4fcbbfe453cc6ba8eab8710ca31c4ac Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
> Date: Thu, 17 Aug 2017 13:29:24 +0200
> Subject: [PATCH] fixup! DESKPROFILE: Introduce the new IPA session provider
>
> ---
>  src/providers/ipa/ipa_deskprofile_rules_util.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/src/providers/ipa/ipa_deskprofile_rules_util.c 
> b/src/providers/ipa/ipa_deskprofile_rules_util.c
> index 12c6492ba..2ece5a1ee 100644
> --- a/src/providers/ipa/ipa_deskprofile_rules_util.c
> +++ b/src/providers/ipa/ipa_deskprofile_rules_util.c
> @@ -150,7 +150,7 @@ ipa_deskprofile_get_filename_path(TALLOC_CTX *mem_ctx,
>  extension,
>  NULL,
>  };
> -const uint8_t *perms = permuts[config_priority - 1];
> +const uint8_t *perms;
>  char *result;
>  errno_t ret;
>
> @@ -167,6 +167,8 @@ ipa_deskprofile_get_filename_path(TALLOC_CTX *mem_ctx,
>  goto done;
>  }
>
> +perms = permuts[config_priority - 1];
> +
>  result = talloc_strdup(tmp_ctx, "");
>  if (result == NULL) {
>  ret = ENOMEM;
> --
> 2.13.4
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> , or mute
> the thread
> 
> .
>



-- 
Oliver Gutierrez
Associate Software Engineer - Desktop Management tools
Red Hat

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/241#issuecomment-325337915
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org