[SSSD] [sssd PR#516][+Changes requested] DESKPROFILE: Document it doesn't work when run as unprivileged user

2018-02-16 Thread lslebodn 
  URL: https://github.com/SSSD/sssd/pull/516
Title: #516: DESKPROFILE: Document it doesn't work when run as unprivileged user

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#435][comment] krb5: call krb5_auth_cache_creds() if a pssword is available

2018-02-16 Thread lslebodn 
  URL: https://github.com/SSSD/sssd/pull/435
Title: #435: krb5: call krb5_auth_cache_creds() if a pssword is available

lslebodn commented:
"""
master:
* a87658e5382a6ad119058d22b118a29eaae7a365

sssd-1-14:
* 3546e6c0be2f85c9e1828237000a376a188e43ac

sssd-1-13:
* 6b900667cd1541809dbaaf9603f7e7785e6f78f9
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/435#issuecomment-366344661
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#435][closed] krb5: call krb5_auth_cache_creds() if a pssword is available

2018-02-16 Thread lslebodn 
   URL: https://github.com/SSSD/sssd/pull/435
Author: sumit-bose
 Title: #435: krb5: call krb5_auth_cache_creds() if a pssword is available
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/435/head:pr435
git checkout pr435
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#435][+Pushed] krb5: call krb5_auth_cache_creds() if a pssword is available

2018-02-16 Thread lslebodn 
  URL: https://github.com/SSSD/sssd/pull/435
Title: #435: krb5: call krb5_auth_cache_creds() if a pssword is available

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set

2018-02-16 Thread sumit-bose 
  URL: https://github.com/SSSD/sssd/pull/128
Title: #128: Fix group renaming issue when "id_provider = ldap" is set

sumit-bose commented:
"""
@fidencio, you cannot do this on the sysdb level, that's the wrong layer. 
sysdb_add_incomplete_group() is called in only two places. So I would suggest 
instead to deleting the old entry in sysdb_add_incomplete_group() to return a 
specific error code so that the caller knows about the rename, remove the old 
group on its own, call sysdb_add_incomplete_group() again to add the new entry.

The two callers call  sysdb_add_incomplete_group() in a loop. So just returning 
an error code here to notify the next layer would not work. But since it is 
already in the general LDAP code if might be easier to pass down the needed 
contexts to make the dbus calls. As an alternative the callers can return a 
list of objects which have to be deleted from the memory cache so that some 
upper layers can handle them.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/128#issuecomment-366324379
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#435][+Accepted] krb5: call krb5_auth_cache_creds() if a pssword is available

2018-02-16 Thread lslebodn 
  URL: https://github.com/SSSD/sssd/pull/435
Title: #435: krb5: call krb5_auth_cache_creds() if a pssword is available

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#435][comment] krb5: call krb5_auth_cache_creds() if a pssword is available

2018-02-16 Thread lslebodn 
  URL: https://github.com/SSSD/sssd/pull/435
Title: #435: krb5: call krb5_auth_cache_creds() if a pssword is available

lslebodn commented:
"""
Sanity test with krb5/ad/ipa passed

ACK
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/435#issuecomment-366290486
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set

2018-02-16 Thread fidencio 
  URL: https://github.com/SSSD/sssd/pull/128
Title: #128: Fix group renaming issue when "id_provider = ldap" is set

fidencio commented:
"""
@jhrozek: ^
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/128#issuecomment-366279919
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#518][comment] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc

2018-02-16 Thread fidencio 
  URL: https://github.com/SSSD/sssd/pull/518
Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc

fidencio commented:
"""
Just for the record, the comment 
https://github.com/SSSD/sssd/pull/518#issuecomment-366231410 is not accurate as 
the versions backported already contained the change proposed by this patch.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/518#issuecomment-366260845
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#518][+Pushed] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc

2018-02-16 Thread lslebodn 
  URL: https://github.com/SSSD/sssd/pull/518
Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#518][closed] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc

2018-02-16 Thread lslebodn 
   URL: https://github.com/SSSD/sssd/pull/518
Author: fidencio
 Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/518/head:pr518
git checkout pr518
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#518][comment] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc

2018-02-16 Thread lslebodn 
  URL: https://github.com/SSSD/sssd/pull/518
Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc

lslebodn commented:
"""
master:
* 1c42c3962577ea4b2d9ed6a8a07179d33756b3b4
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/518#issuecomment-366244837
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#518][+Accepted] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc

2018-02-16 Thread lslebodn 
  URL: https://github.com/SSSD/sssd/pull/518
Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#518][comment] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc

2018-02-16 Thread lslebodn 
  URL: https://github.com/SSSD/sssd/pull/518
Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc

lslebodn commented:
"""
ACK

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/518#issuecomment-366244091
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#518][comment] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc

2018-02-16 Thread fidencio 
  URL: https://github.com/SSSD/sssd/pull/518
Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc

fidencio commented:
"""
As the patches which introduced the warning have been backported to 1-13 and 
1-14 branch, this patch (or the version of this patch that will end up 
accepted) will also have to be backported.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/518#issuecomment-366231410
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#518][opened] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc

2018-02-16 Thread fidencio 
   URL: https://github.com/SSSD/sssd/pull/518
Author: fidencio
 Title: #518: PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc
Action: opened

PR body:
"""
While building the project I've noticed the following warning:
../src/python/pysss_murmur.c: In function ‘py_murmurhash3’:
../src/python/pysss_murmur.c:50:25: warning: comparison between signed and 
unsigned integer expressions [-Wsign-compare]
 (size_t)key_len > input_len) {
 ^

Previously we were comparing key_len(long) with the output of strlen(key)
(size_t), thus the (size_t) cast.

Currently, we can jut compare key_len with input_len without issues and
without the needed to the cast.

Issue has been introduced as part of 41454a64c7.

Signed-off-by: Fabiano Fidêncio 
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/518/head:pr518
git checkout pr518
From b0f1d063d302978735aa05a1eb1f85117e5fb3af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Fri, 16 Feb 2018 14:05:19 +0100
Subject: [PATCH] PYSSS_MURMUR: Fix [-Wsign-compare] found by gcc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

While building the project I've noticed the following warning:
../src/python/pysss_murmur.c: In function ‘py_murmurhash3’:
../src/python/pysss_murmur.c:50:25: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
 (size_t)key_len > input_len) {
 ^

Previously we were comparing key_len(long) with the output of strlen(key)
(size_t), thus the (size_t) cast.

Currently, we can jut compare key_len with input_len without issues and
without the needed to the cast.

Issue has been introduced as part of 41454a64c7.

Signed-off-by: Fabiano Fidêncio 
---
 src/python/pysss_murmur.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/python/pysss_murmur.c b/src/python/pysss_murmur.c
index 8f1752a29..bcb2b8151 100644
--- a/src/python/pysss_murmur.c
+++ b/src/python/pysss_murmur.c
@@ -47,7 +47,7 @@ static PyObject * py_murmurhash3(PyObject *module, PyObject *args)
 }
 
 if (seed > UINT32_MAX || key_len > INT_MAX || key_len < 0 ||
-(size_t)key_len > input_len) {
+key_len > input_len) {
 PyErr_Format(PyExc_ValueError, "Invalid value\n");
 return NULL;
 }
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#517][opened] Fix two memory leaks in the AD provider

2018-02-16 Thread sumit-bose 
   URL: https://github.com/SSSD/sssd/pull/517
Author: sumit-bose
 Title: #517: Fix two memory leaks in the AD provider
Action: opened

PR body:
"""
I found two memory leaks in the AD provider, one is triggered by every user
lookup the other during an initgroups request with tokenGroups.

To verify this just lookup a larger number of AD users, I took 500, or call
'id' for each of the users. When checking the memory consumption before and
after e.g. with 'ps' the increased memory usage should become obvious.

To analyse where the memory is used 'talloc_report_full' help. You can call it
directly inside of gdb or just use Pavel's 'sss-talloc-report' from
https://github.com/pbrezina/sssd-dev-utils.
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/517/head:pr517
git checkout pr517
From 7462b7b4f3b20e46f7e58e472fbb2997b93cf46c Mon Sep 17 00:00:00 2001
From: Sumit Bose 
Date: Fri, 16 Feb 2018 12:07:28 +0100
Subject: [PATCH 1/2] AD: sdap_get_ad_tokengroups_done() allocate temporary
 data on state

Related to https://pagure.io/SSSD/sssd/issue/3639
---
 src/providers/ldap/sdap_async_initgroups_ad.c | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
index 9da671a99..30f1d3db2 100644
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -372,7 +372,6 @@ sdap_get_ad_tokengroups_send(TALLOC_CTX *mem_ctx,
 
 static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq)
 {
-TALLOC_CTX *tmp_ctx = NULL;
 struct sdap_get_ad_tokengroups_state *state = NULL;
 struct tevent_req *req = NULL;
 struct sysdb_attrs **users = NULL;
@@ -386,7 +385,7 @@ static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq)
 req = tevent_req_callback_data(subreq, struct tevent_req);
 state = tevent_req_data(req, struct sdap_get_ad_tokengroups_state);
 
-ret = sdap_get_generic_recv(subreq, tmp_ctx, _users, );
+ret = sdap_get_generic_recv(subreq, state, _users, );
 talloc_zfree(subreq);
 if (ret != EOK) {
 DEBUG(SSSDBG_MINOR_FAILURE,
@@ -449,8 +448,6 @@ static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq)
 ret = EOK;
 
 done:
-talloc_free(tmp_ctx);
-
 if (ret != EOK) {
 tevent_req_error(req, ret);
 return;

From d205dd448348082721ac834ba9b0edccda5a56a6 Mon Sep 17 00:00:00 2001
From: Sumit Bose 
Date: Fri, 16 Feb 2018 12:09:01 +0100
Subject: [PATCH 2/2] AD: do not allocate temporary data on long living context

Related to https://pagure.io/SSSD/sssd/issue/3639
---
 src/providers/ad/ad_common.c | 5 +++--
 src/providers/ad/ad_common.h | 3 ++-
 src/providers/ad/ad_id.c | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
index 84845e285..2a1647173 100644
--- a/src/providers/ad/ad_common.c
+++ b/src/providers/ad/ad_common.c
@@ -1402,13 +1402,14 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx,
 }
 
 struct sdap_id_conn_ctx **
-ad_user_conn_list(struct ad_id_ctx *ad_ctx,
+ad_user_conn_list(TALLOC_CTX *mem_ctx,
+  struct ad_id_ctx *ad_ctx,
   struct sss_domain_info *dom)
 {
 struct sdap_id_conn_ctx **clist;
 int cindex = 0;
 
-clist = talloc_zero_array(ad_ctx, struct sdap_id_conn_ctx *, 3);
+clist = talloc_zero_array(mem_ctx, struct sdap_id_conn_ctx *, 3);
 if (clist == NULL) {
 return NULL;
 }
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index ce33b37c7..931aafc6c 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -175,7 +175,8 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx,
   struct sss_domain_info *dom);
 
 struct sdap_id_conn_ctx **
-ad_user_conn_list(struct ad_id_ctx *ad_ctx,
+ad_user_conn_list(TALLOC_CTX *mem_ctx,
+  struct ad_id_ctx *ad_ctx,
   struct sss_domain_info *dom);
 
 struct sdap_id_conn_ctx *
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
index 0b8f49819..782d9bc40 100644
--- a/src/providers/ad/ad_id.c
+++ b/src/providers/ad/ad_id.c
@@ -367,7 +367,7 @@ get_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx,
 
 switch (ar->entry_type & BE_REQ_TYPE_MASK) {
 case BE_REQ_USER: /* user */
-clist = ad_user_conn_list(ad_ctx, dom);
+clist = ad_user_conn_list(mem_ctx, ad_ctx, dom);
 break;
 case BE_REQ_BY_SECID:   /* by SID */
 case BE_REQ_USER_AND_GROUP: /* get SID */
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#516][opened] DESKPROFILE: Document it doesn't work when run as unprivileged user

2018-02-16 Thread fidencio 
   URL: https://github.com/SSSD/sssd/pull/516
Author: fidencio
 Title: #516: DESKPROFILE: Document it doesn't work when run as unprivileged 
user
Action: opened

PR body:
"""

"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/516/head:pr516
git checkout pr516
From 6844c8a6f140971e337747031fe47b8342fe7ed7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Fri, 16 Feb 2018 13:12:32 +0100
Subject: [PATCH] DESKPROFILE: Document it doesn't work when run as
 unprivileged user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Fabiano Fidêncio 
---
 src/man/sssd.conf.5.xml | 5 +
 1 file changed, 5 insertions(+)

diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 67856d2b3..fff052a34 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -2461,6 +2461,11 @@ pam_account_locked_message = Account locked, please contact help desk.
 Default: id_provider is used if it
 is set and can perform session related tasks.
 
+
+In order to have this feature working as expected,
+SSSD must be running as "root" and not as the "sssd"
+unprivileged user.
+
 
 
 
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org