[SSSD] [sssd PR#516][+Changes requested] DESKPROFILE: Document it doesn't work when run as unprivileged user
URL: https://github.com/SSSD/sssd/pull/516 Title: #516: DESKPROFILE: Document it doesn't work when run as unprivileged user Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#435][comment] krb5: call krb5_auth_cache_creds() if a pssword is available
URL: https://github.com/SSSD/sssd/pull/435 Title: #435: krb5: call krb5_auth_cache_creds() if a pssword is available lslebodn commented: """ master: * a87658e5382a6ad119058d22b118a29eaae7a365 sssd-1-14: * 3546e6c0be2f85c9e1828237000a376a188e43ac sssd-1-13: * 6b900667cd1541809dbaaf9603f7e7785e6f78f9 """ See the full comment at https://github.com/SSSD/sssd/pull/435#issuecomment-366344661 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#435][closed] krb5: call krb5_auth_cache_creds() if a pssword is available
URL: https://github.com/SSSD/sssd/pull/435 Author: sumit-bose Title: #435: krb5: call krb5_auth_cache_creds() if a pssword is available Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/435/head:pr435 git checkout pr435 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#435][+Pushed] krb5: call krb5_auth_cache_creds() if a pssword is available
URL: https://github.com/SSSD/sssd/pull/435 Title: #435: krb5: call krb5_auth_cache_creds() if a pssword is available Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set sumit-bose commented: """ @fidencio, you cannot do this on the sysdb level, that's the wrong layer. sysdb_add_incomplete_group() is called in only two places. So I would suggest instead to deleting the old entry in sysdb_add_incomplete_group() to return a specific error code so that the caller knows about the rename, remove the old group on its own, call sysdb_add_incomplete_group() again to add the new entry. The two callers call sysdb_add_incomplete_group() in a loop. So just returning an error code here to notify the next layer would not work. But since it is already in the general LDAP code if might be easier to pass down the needed contexts to make the dbus calls. As an alternative the callers can return a list of objects which have to be deleted from the memory cache so that some upper layers can handle them. """ See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-366324379 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#435][+Accepted] krb5: call krb5_auth_cache_creds() if a pssword is available
URL: https://github.com/SSSD/sssd/pull/435 Title: #435: krb5: call krb5_auth_cache_creds() if a pssword is available Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#435][comment] krb5: call krb5_auth_cache_creds() if a pssword is available
URL: https://github.com/SSSD/sssd/pull/435 Title: #435: krb5: call krb5_auth_cache_creds() if a pssword is available lslebodn commented: """ Sanity test with krb5/ad/ipa passed ACK """ See the full comment at https://github.com/SSSD/sssd/pull/435#issuecomment-366290486 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set fidencio commented: """ @jhrozek: ^ """ See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-366279919 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#518][comment] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc
URL: https://github.com/SSSD/sssd/pull/518 Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc fidencio commented: """ Just for the record, the comment https://github.com/SSSD/sssd/pull/518#issuecomment-366231410 is not accurate as the versions backported already contained the change proposed by this patch. """ See the full comment at https://github.com/SSSD/sssd/pull/518#issuecomment-366260845 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#518][+Pushed] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc
URL: https://github.com/SSSD/sssd/pull/518 Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#518][closed] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc
URL: https://github.com/SSSD/sssd/pull/518 Author: fidencio Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/518/head:pr518 git checkout pr518 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#518][comment] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc
URL: https://github.com/SSSD/sssd/pull/518 Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc lslebodn commented: """ master: * 1c42c3962577ea4b2d9ed6a8a07179d33756b3b4 """ See the full comment at https://github.com/SSSD/sssd/pull/518#issuecomment-366244837 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#518][+Accepted] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc
URL: https://github.com/SSSD/sssd/pull/518 Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#518][comment] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc
URL: https://github.com/SSSD/sssd/pull/518 Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc lslebodn commented: """ ACK """ See the full comment at https://github.com/SSSD/sssd/pull/518#issuecomment-366244091 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#518][comment] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc
URL: https://github.com/SSSD/sssd/pull/518 Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc fidencio commented: """ As the patches which introduced the warning have been backported to 1-13 and 1-14 branch, this patch (or the version of this patch that will end up accepted) will also have to be backported. """ See the full comment at https://github.com/SSSD/sssd/pull/518#issuecomment-366231410 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#518][opened] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc
URL: https://github.com/SSSD/sssd/pull/518 Author: fidencio Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc Action: opened PR body: """ While building the project I've noticed the following warning: ../src/python/pysss_murmur.c: In function ‘py_murmurhash3’: ../src/python/pysss_murmur.c:50:25: warning: comparison between signed and unsigned integer expressions [-Wsign-compare] (size_t)key_len > input_len) { ^ Previously we were comparing key_len(long) with the output of strlen(key) (size_t), thus the (size_t) cast. Currently, we can jut compare key_len with input_len without issues and without the needed to the cast. Issue has been introduced as part of 41454a64c7. Signed-off-by: Fabiano Fidêncio""" To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/518/head:pr518 git checkout pr518 From b0f1d063d302978735aa05a1eb1f85117e5fb3af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Fri, 16 Feb 2018 14:05:19 +0100 Subject: [PATCH] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While building the project I've noticed the following warning: ../src/python/pysss_murmur.c: In function ‘py_murmurhash3’: ../src/python/pysss_murmur.c:50:25: warning: comparison between signed and unsigned integer expressions [-Wsign-compare] (size_t)key_len > input_len) { ^ Previously we were comparing key_len(long) with the output of strlen(key) (size_t), thus the (size_t) cast. Currently, we can jut compare key_len with input_len without issues and without the needed to the cast. Issue has been introduced as part of 41454a64c7. Signed-off-by: Fabiano Fidêncio --- src/python/pysss_murmur.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/python/pysss_murmur.c b/src/python/pysss_murmur.c index 8f1752a29..bcb2b8151 100644 --- a/src/python/pysss_murmur.c +++ b/src/python/pysss_murmur.c @@ -47,7 +47,7 @@ static PyObject * py_murmurhash3(PyObject *module, PyObject *args) } if (seed > UINT32_MAX || key_len > INT_MAX || key_len < 0 || -(size_t)key_len > input_len) { +key_len > input_len) { PyErr_Format(PyExc_ValueError, "Invalid value\n"); return NULL; } ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#517][opened] Fix two memory leaks in the AD provider
URL: https://github.com/SSSD/sssd/pull/517 Author: sumit-bose Title: #517: Fix two memory leaks in the AD provider Action: opened PR body: """ I found two memory leaks in the AD provider, one is triggered by every user lookup the other during an initgroups request with tokenGroups. To verify this just lookup a larger number of AD users, I took 500, or call 'id' for each of the users. When checking the memory consumption before and after e.g. with 'ps' the increased memory usage should become obvious. To analyse where the memory is used 'talloc_report_full' help. You can call it directly inside of gdb or just use Pavel's 'sss-talloc-report' from https://github.com/pbrezina/sssd-dev-utils. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/517/head:pr517 git checkout pr517 From 7462b7b4f3b20e46f7e58e472fbb2997b93cf46c Mon Sep 17 00:00:00 2001 From: Sumit BoseDate: Fri, 16 Feb 2018 12:07:28 +0100 Subject: [PATCH 1/2] AD: sdap_get_ad_tokengroups_done() allocate temporary data on state Related to https://pagure.io/SSSD/sssd/issue/3639 --- src/providers/ldap/sdap_async_initgroups_ad.c | 5 + 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 9da671a99..30f1d3db2 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -372,7 +372,6 @@ sdap_get_ad_tokengroups_send(TALLOC_CTX *mem_ctx, static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq) { -TALLOC_CTX *tmp_ctx = NULL; struct sdap_get_ad_tokengroups_state *state = NULL; struct tevent_req *req = NULL; struct sysdb_attrs **users = NULL; @@ -386,7 +385,7 @@ static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq) req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_get_ad_tokengroups_state); -ret = sdap_get_generic_recv(subreq, tmp_ctx, _users, ); +ret = sdap_get_generic_recv(subreq, state, _users, ); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, @@ -449,8 +448,6 @@ static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq) ret = EOK; done: -talloc_free(tmp_ctx); - if (ret != EOK) { tevent_req_error(req, ret); return; From d205dd448348082721ac834ba9b0edccda5a56a6 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 16 Feb 2018 12:09:01 +0100 Subject: [PATCH 2/2] AD: do not allocate temporary data on long living context Related to https://pagure.io/SSSD/sssd/issue/3639 --- src/providers/ad/ad_common.c | 5 +++-- src/providers/ad/ad_common.h | 3 ++- src/providers/ad/ad_id.c | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 84845e285..2a1647173 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -1402,13 +1402,14 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx, } struct sdap_id_conn_ctx ** -ad_user_conn_list(struct ad_id_ctx *ad_ctx, +ad_user_conn_list(TALLOC_CTX *mem_ctx, + struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom) { struct sdap_id_conn_ctx **clist; int cindex = 0; -clist = talloc_zero_array(ad_ctx, struct sdap_id_conn_ctx *, 3); +clist = talloc_zero_array(mem_ctx, struct sdap_id_conn_ctx *, 3); if (clist == NULL) { return NULL; } diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index ce33b37c7..931aafc6c 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -175,7 +175,8 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom); struct sdap_id_conn_ctx ** -ad_user_conn_list(struct ad_id_ctx *ad_ctx, +ad_user_conn_list(TALLOC_CTX *mem_ctx, + struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom); struct sdap_id_conn_ctx * diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index 0b8f49819..782d9bc40 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -367,7 +367,7 @@ get_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx, switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_USER: /* user */ -clist = ad_user_conn_list(ad_ctx, dom); +clist = ad_user_conn_list(mem_ctx, ad_ctx, dom); break; case BE_REQ_BY_SECID: /* by SID */ case BE_REQ_USER_AND_GROUP: /* get SID */ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#516][opened] DESKPROFILE: Document it doesn't work when run as unprivileged user
URL: https://github.com/SSSD/sssd/pull/516 Author: fidencio Title: #516: DESKPROFILE: Document it doesn't work when run as unprivileged user Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/516/head:pr516 git checkout pr516 From 6844c8a6f140971e337747031fe47b8342fe7ed7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=Date: Fri, 16 Feb 2018 13:12:32 +0100 Subject: [PATCH] DESKPROFILE: Document it doesn't work when run as unprivileged user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabiano Fidêncio --- src/man/sssd.conf.5.xml | 5 + 1 file changed, 5 insertions(+) diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 67856d2b3..fff052a34 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -2461,6 +2461,11 @@ pam_account_locked_message = Account locked, please contact help desk. Default: id_provider is used if it is set and can perform session related tasks. + +In order to have this feature working as expected, +SSSD must be running as "root" and not as the "sssd" +unprivileged user. + ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org