[SSSD] [sssd PR#547][+Blocked] Tests for #511
URL: https://github.com/SSSD/sssd/pull/547 Title: #547: Tests for #511 Label: +Blocked ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#546][+Blocked] TESTS: Re-add tests for `kdestroy -A`
URL: https://github.com/SSSD/sssd/pull/546 Title: #546: TESTS: Re-add tests for `kdestroy -A` Label: +Blocked ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#545][+Pushed] Two small fixes for KCM
URL: https://github.com/SSSD/sssd/pull/545 Title: #545: Two small fixes for KCM Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#545][closed] Two small fixes for KCM
URL: https://github.com/SSSD/sssd/pull/545 Author: fidencio Title: #545: Two small fixes for KCM Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/545/head:pr545 git checkout pr545 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#545][comment] Two small fixes for KCM
URL: https://github.com/SSSD/sssd/pull/545 Title: #545: Two small fixes for KCM jhrozek commented: """ * master: * e588e24c900e3f587f52533db12b87451b789a33 * 96fdbb2cb7d1bd8f9b2b64acfb5dd845b0290946 """ See the full comment at https://github.com/SSSD/sssd/pull/545#issuecomment-377351564 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#545][+Accepted] Two small fixes for KCM
URL: https://github.com/SSSD/sssd/pull/545 Title: #545: Two small fixes for KCM Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#546][comment] TESTS: Re-add tests for `kdestroy -A`
URL: https://github.com/SSSD/sssd/pull/546 Title: #546: TESTS: Re-add tests for `kdestroy -A` fidencio commented: """ Yep, that's exactly the situation I could see the "blocked"/"depends-on" tag being used. """ See the full comment at https://github.com/SSSD/sssd/pull/546#issuecomment-377343971 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#543][comment] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1
URL: https://github.com/SSSD/sssd/pull/543 Title: #543: SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1 jhrozek commented: """ Thanks for fixing the pep8 issue. I pushed the patches to our internal CI and Coverity. """ See the full comment at https://github.com/SSSD/sssd/pull/543#issuecomment-377340405 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#544][comment] IPA: Qualify the externalUser sudo attribute
URL: https://github.com/SSSD/sssd/pull/544 Title: #544: IPA: Qualify the externalUser sudo attribute jhrozek commented: """ I pushed a slightly simplified version. """ See the full comment at https://github.com/SSSD/sssd/pull/544#issuecomment-377339384 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#544][synchronized] IPA: Qualify the externalUser sudo attribute
URL: https://github.com/SSSD/sssd/pull/544 Author: jhrozek Title: #544: IPA: Qualify the externalUser sudo attribute Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/544/head:pr544 git checkout pr544 From 86d31351861bed9c993f100f6603b1c9cff754c3 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 26 Mar 2018 11:36:00 +0200 Subject: [PATCH] IPA: Qualify the externalUser sudo attribute We broke the externalUser support with the introduction of the fully qualified attributes, because the provider was saving the data verbatim, but the sudo responder expects a fully qualified name. Reproducer: on the server: ipa sudocmd-add --desc='For reading log files' /usr/bin/less ipa sudorule-add readfiles ipa sudorule-add-user --users=lcluser ipa sudorule-mod --hostcat=all readfiles then on the client: configure sssd with: id_provider = files sudo_provider = ipa ipa_domain = ipa.test run: sudo useradd lcluser sudo passwd lcluser su - lcluser sudo -l --- src/providers/ipa/ipa_sudo_conversion.c | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c index a96ae3447..bfa66b2c6 100644 --- a/src/providers/ipa/ipa_sudo_conversion.c +++ b/src/providers/ipa/ipa_sudo_conversion.c @@ -873,6 +873,15 @@ convert_user_fqdn(TALLOC_CTX *mem_ctx, return fqdn; } +static const char * +convert_ext_user(TALLOC_CTX *mem_ctx, + struct ipa_sudo_conv *conv, + const char *value, + bool *skip_entry) +{ +return sss_create_internal_fqname(mem_ctx, value, conv->dom->name); +} + static const char * convert_group(TALLOC_CTX *mem_ctx, struct ipa_sudo_conv *conv, @@ -959,7 +968,7 @@ convert_attributes(struct ipa_sudo_conv *conv, {SYSDB_IPA_SUDORULE_RUNASEXTUSER, SYSDB_SUDO_CACHE_AT_RUNASUSER , NULL}, {SYSDB_IPA_SUDORULE_RUNASEXTGROUP, SYSDB_SUDO_CACHE_AT_RUNASGROUP , NULL}, {SYSDB_IPA_SUDORULE_RUNASEXTUSERGROUP, SYSDB_SUDO_CACHE_AT_RUNASUSER , convert_runasextusergroup}, - {SYSDB_IPA_SUDORULE_EXTUSER,SYSDB_SUDO_CACHE_AT_USER , NULL}, + {SYSDB_IPA_SUDORULE_EXTUSER,SYSDB_SUDO_CACHE_AT_USER , convert_ext_user}, {SYSDB_IPA_SUDORULE_ALLOWCMD, SYSDB_IPA_SUDORULE_ORIGCMD , NULL}, {SYSDB_IPA_SUDORULE_DENYCMD,SYSDB_IPA_SUDORULE_ORIGCMD , NULL}, {NULL, NULL, NULL}}; ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#546][comment] TESTS: Re-add tests for `kdestroy -A`
URL: https://github.com/SSSD/sssd/pull/546 Title: #546: TESTS: Re-add tests for `kdestroy -A` jhrozek commented: """ so, not totally related to this thread, but is this one of the cases where a label like "blocked" or "depends-on" would be useful? iirc you suggested something like this on sssd-devel the other day. """ See the full comment at https://github.com/SSSD/sssd/pull/546#issuecomment-377331452 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#546][comment] TESTS: Re-add tests for `kdestroy -A`
URL: https://github.com/SSSD/sssd/pull/546 Title: #546: TESTS: Re-add tests for `kdestroy -A` jhrozek commented: """ but the hunk itself of course LGTM """ See the full comment at https://github.com/SSSD/sssd/pull/546#issuecomment-377331057 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#546][comment] TESTS: Re-add tests for `kdestroy -A`
URL: https://github.com/SSSD/sssd/pull/546 Title: #546: TESTS: Re-add tests for `kdestroy -A` jhrozek commented: """ I'll ack and push the patch if you show me a CI run from our internal Jenkins :-) """ See the full comment at https://github.com/SSSD/sssd/pull/546#issuecomment-377330980 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#535][+Pushed] Backport of PR#525 and PR#534 to sssd-1-13
URL: https://github.com/SSSD/sssd/pull/535 Title: #535: Backport of PR#525 and PR#534 to sssd-1-13 Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#535][closed] Backport of PR#525 and PR#534 to sssd-1-13
URL: https://github.com/SSSD/sssd/pull/535 Author: sumit-bose Title: #535: Backport of PR#525 and PR#534 to sssd-1-13 Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/535/head:pr535 git checkout pr535 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#535][comment] Backport of PR#525 and PR#534 to sssd-1-13
URL: https://github.com/SSSD/sssd/pull/535 Title: #535: Backport of PR#525 and PR#534 to sssd-1-13 jhrozek commented: """ sssd-1-13: e51c63f55b9614749a08a50cd2308abb6a204ab5 86dee30bc23246aefac31f4fa67b442ae42224ed 5c2d6dcb5b3c4e05694c7fa3786ce8a7afd2d2f8 1df9ccd13b307a1d8019c1e69a7809dcd1e76cef """ See the full comment at https://github.com/SSSD/sssd/pull/535#issuecomment-377330069 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#536][+Pushed] Backport of PR#525 and PR#534 to sssd-1-14
URL: https://github.com/SSSD/sssd/pull/536 Title: #536: Backport of PR#525 and PR#534 to sssd-1-14 Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#536][closed] Backport of PR#525 and PR#534 to sssd-1-14
URL: https://github.com/SSSD/sssd/pull/536 Author: sumit-bose Title: #536: Backport of PR#525 and PR#534 to sssd-1-14 Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/536/head:pr536 git checkout pr536 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#536][comment] Backport of PR#525 and PR#534 to sssd-1-14
URL: https://github.com/SSSD/sssd/pull/536 Title: #536: Backport of PR#525 and PR#534 to sssd-1-14 jhrozek commented: """ sssd-1-14: 8eefaa7fdb4bbcd9ed9fdbbb2c827f2ba2b90585 ab320f5a0a5337a286b315969d0ff4a1a0df6f9d 609247a34d6ea9c8c0b74fb67de20b24bd0d2336 6c2fbd06e5e995e1eb3caf17712665e8db80ce90 """ See the full comment at https://github.com/SSSD/sssd/pull/536#issuecomment-377329142 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#540][+Pushed] Fix python3 issue in the integration test
URL: https://github.com/SSSD/sssd/pull/540 Title: #540: Fix python3 issue in the integration test Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#540][closed] Fix python3 issue in the integration test
URL: https://github.com/SSSD/sssd/pull/540 Author: sumit-bose Title: #540: Fix python3 issue in the integration test Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/540/head:pr540 git checkout pr540 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#540][comment] Fix python3 issue in the integration test
URL: https://github.com/SSSD/sssd/pull/540 Title: #540: Fix python3 issue in the integration test jhrozek commented: """ * master: a263309322cf8fff15d21207a4eee5f301e3ad2e """ See the full comment at https://github.com/SSSD/sssd/pull/540#issuecomment-377328356 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#533][+Pushed] KCM's payload related patches
URL: https://github.com/SSSD/sssd/pull/533 Title: #533: KCM's payload related patches Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#533][comment] KCM's payload related patches
URL: https://github.com/SSSD/sssd/pull/533 Title: #533: KCM's payload related patches jhrozek commented: """ * master: * b09cd3072153663bfcce902633b5e6f9134e72e0 * 786c40023e1348e7613805446ae821af7030b5d3 * 2f11cf256a10ca6f6ace35a05cc2edb46689567f * bfc6d9d611bfbc54b3f738084d86fb887c8769b5 """ See the full comment at https://github.com/SSSD/sssd/pull/533#issuecomment-377325664 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#533][closed] KCM's payload related patches
URL: https://github.com/SSSD/sssd/pull/533 Author: fidencio Title: #533: KCM's payload related patches Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/533/head:pr533 git checkout pr533 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#542][+Pushed] KCM: Use json_loadb() when dealing with sss_iobuf data
URL: https://github.com/SSSD/sssd/pull/542 Title: #542: KCM: Use json_loadb() when dealing with sss_iobuf data Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#542][comment] KCM: Use json_loadb() when dealing with sss_iobuf data
URL: https://github.com/SSSD/sssd/pull/542 Title: #542: KCM: Use json_loadb() when dealing with sss_iobuf data jhrozek commented: """ * master: a40c6b4280f319efb935a9c9d3b83486a0f4d2d3 """ See the full comment at https://github.com/SSSD/sssd/pull/542#issuecomment-377324396 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#542][closed] KCM: Use json_loadb() when dealing with sss_iobuf data
URL: https://github.com/SSSD/sssd/pull/542 Author: fidencio Title: #542: KCM: Use json_loadb() when dealing with sss_iobuf data Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/542/head:pr542 git checkout pr542 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#511][comment] Do not shutdown KCM/Secrets responders when activities are happening ...
URL: https://github.com/SSSD/sssd/pull/511 Title: #511: Do not shutdown KCM/Secrets responders when activities are happening ... simo5 commented: """ Ok moving to a different PR, definitely. As for keeping a list, the best thing would be to not have explicit book keeping (as that's what you are fixing here), because when you write new code you invariable tend to forget about the book keeping and bugs creep in. I was thinking you may be able to simply look at the event context and figure out if there are pending operations there. If that is not easy then having some central place that does the book keeping indeed. """ See the full comment at https://github.com/SSSD/sssd/pull/511#issuecomment-377273247 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#511][comment] Do not shutdown KCM/Secrets responders when activities are happening ...
URL: https://github.com/SSSD/sssd/pull/511 Title: #511: Do not shutdown KCM/Secrets responders when activities are happening ... fidencio commented: """ > Sorry for late comment, but should't you simply have a list of "inflight" > calls and take that in consideration before deciding to shut down ? Maybe. Do we already keep track of the "inflight" calls? That's something that should be implemented and used for all responders, @simo5. So, in case we decide to go for it, I'd prefer to deal with this in a different PR (although I'm more than fine and want to have this discussion here before opening a ticket for that). Does that make sense? """ See the full comment at https://github.com/SSSD/sssd/pull/511#issuecomment-377267009 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#511][comment] Do not shutdown KCM/Secrets responders when activities are happening ...
URL: https://github.com/SSSD/sssd/pull/511 Title: #511: Do not shutdown KCM/Secrets responders when activities are happening ... simo5 commented: """ Sorry for late comment, but should't you simply have a list of "inflight" calls and take that in consideration before deciding to shut down ? """ See the full comment at https://github.com/SSSD/sssd/pull/511#issuecomment-377265151 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#511][comment] Do not shutdown KCM/Secrets responders when activities are happening ...
URL: https://github.com/SSSD/sssd/pull/511 Title: #511: Do not shutdown KCM/Secrets responders when activities are happening ... fidencio commented: """ I'm removing the "Changes Requested" label. """ See the full comment at https://github.com/SSSD/sssd/pull/511#issuecomment-377258726 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#511][-Changes requested] Do not shutdown KCM/Secrets responders when activities are happening ...
URL: https://github.com/SSSD/sssd/pull/511 Title: #511: Do not shutdown KCM/Secrets responders when activities are happening ... Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#547][opened] Tests for #511
URL: https://github.com/SSSD/sssd/pull/547 Author: fidencio Title: #547: Tests for #511 Action: opened PR body: """ We've decided to split the fix/tests in two different PRs. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/547/head:pr547 git checkout pr547 From aa8cfabd2f692bb36c479a2cd9edfb2d96d56aae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 7 Feb 2018 13:26:46 +0100 Subject: [PATCH 1/2] TESTS: Rename test_idle_timeout() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As this test is related to the client_idle_timeout, let's rename it accordingly. Resolves: https://pagure.io/SSSD/sssd/issue/3633 Signed-off-by: Fabiano Fidêncio --- src/tests/intg/test_secrets.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/intg/test_secrets.py b/src/tests/intg/test_secrets.py index a145045ee..96b6f6b4a 100644 --- a/src/tests/intg/test_secrets.py +++ b/src/tests/intg/test_secrets.py @@ -369,7 +369,7 @@ def get_fds(pid): def setup_for_cli_timeout_test(request): """ Same as the generic setup, except a short client_idle_timeout so that -the test_idle_timeout() test closes the fd towards the client. +the test_cli_idle_timeout() test closes the fd towards the client. """ conf = generate_sec_config() + \ unindent(""" @@ -380,7 +380,7 @@ def setup_for_cli_timeout_test(request): return create_sssd_secrets_fixture(request) -def test_idle_timeout(setup_for_cli_timeout_test): +def test_cli_idle_timeout(setup_for_cli_timeout_test): """ Test that idle file descriptors are reaped after the idle timeout passes From a39b02be1696bb7ad571b2495f72862ddb9c35e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 7 Feb 2018 13:26:46 +0100 Subject: [PATCH 2/2] TESTS: Add test for responder_idle_timeout MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two new tests have been added in order to test the following scenarios of responder_idle_timeout: - responder is shutdown after n seconds; - responder has its shutdown delayed due to some activity and then is shutdown after n seconds; In order to have the tests added, a new dep has been introduced: python-psutil Keep in mind those newly added tests make our test suite to take a few minutes more to finish. Resolves: https://pagure.io/SSSD/sssd/issue/3633 Signed-off-by: Fabiano Fidêncio --- contrib/ci/deps.sh | 2 + src/tests/intg/test_secrets.py | 84 -- 2 files changed, 83 insertions(+), 3 deletions(-) diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh index 8287918be..d8b1414c8 100644 --- a/contrib/ci/deps.sh +++ b/contrib/ci/deps.sh @@ -42,6 +42,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then openldap-servers pytest python-ldap +python-psutil pyldb rpm-build uid_wrapper @@ -120,6 +121,7 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then python-ldap python-ldb python-requests +python-psutil ldap-utils slapd systemtap-sdt-dev diff --git a/src/tests/intg/test_secrets.py b/src/tests/intg/test_secrets.py index 96b6f6b4a..3632351cc 100644 --- a/src/tests/intg/test_secrets.py +++ b/src/tests/intg/test_secrets.py @@ -26,6 +26,7 @@ import time import socket import pytest +import psutil from requests import HTTPError from util import unindent @@ -41,7 +42,7 @@ def create_conf_fixture(request, contents): request.addfinalizer(lambda: os.unlink(config.CONF_PATH)) -def create_sssd_secrets_fixture(request): +def create_sssd_secrets_fixture(request, teardown=True): if subprocess.call(['sssd', "--genconf"]) != 0: raise Exception("failed to regenerate confdb") @@ -72,13 +73,21 @@ def create_sssd_secrets_fixture(request): assert os.path.exists(sock_path) +def unlink_secdb(): +for secdb_file in os.listdir(config.SECDB_PATH): +os.unlink(config.SECDB_PATH + "/" + secdb_file) + def sec_teardown(): +if teardown is False: +unlink_secdb() +return + if secpid == 0: return os.kill(secpid, signal.SIGTERM) -for secdb_file in os.listdir(config.SECDB_PATH): -os.unlink(config.SECDB_PATH + "/" + secdb_file) +unlink_secdb() + request.addfinalizer(sec_teardown) return secpid @@ -602,3 +611,72 @@ def test_unlimited_quotas(setup_for_unlimited_quotas, secrets_cli): for i in range(DEFAULT_CONTAINERS_NEST_LEVEL): container += "%s/" % str(i) cli.create_container(container) + + +@pytest.fixture +def setup_for_resp_timeout_test(request): +""" +Same as the generic setup, except a short responder_idle_timeout +so that the test_responder_i
[SSSD] [sssd PR#511][synchronized] Do not shutdown KCM/Secrets responders when activities are happening ...
URL: https://github.com/SSSD/sssd/pull/511 Author: fidencio Title: #511: Do not shutdown KCM/Secrets responders when activities are happening ... Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/511/head:pr511 git checkout pr511 From 5eb00fd032cf6393db6ee75a11e81b9192cf1247 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 7 Feb 2018 13:20:31 +0100 Subject: [PATCH 1/6] SECRETS: reset last_request_time on any activity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As all the activities are being handled by the secrets responder itself and not by responder's common code, we have to take care of re-setting the last_request_time by ourselves here. Without this patch, the responder would be shot down after reaching the idle_timeout with activities happening or not. Resolves: https://pagure.io/SSSD/sssd/issue/3633 Signed-off-by: Fabiano Fidêncio --- src/responder/secrets/secsrv_cmd.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/responder/secrets/secsrv_cmd.c b/src/responder/secrets/secsrv_cmd.c index fa5970504..1b405a23e 100644 --- a/src/responder/secrets/secsrv_cmd.c +++ b/src/responder/secrets/secsrv_cmd.c @@ -588,6 +588,9 @@ static void sec_fd_handler(struct tevent_context *ev, errno_t ret; struct cli_ctx *cctx = talloc_get_type(ptr, struct cli_ctx); +/* Always reset the responder idle timer on any activity */ +cctx->rctx->last_request_time = time(NULL); + /* Always reset the idle timer on any activity */ ret = reset_client_idle_timer(cctx); if (ret != EOK) { From cd172dd8ba979b8fb029c487343d32a69f973afb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 7 Feb 2018 13:24:05 +0100 Subject: [PATCH 2/6] KCM: reset last_request_time on any activity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As all the activities are being handled by the kcm responder itself and not by responder's common code, we have to take care of re-setting the last_request_time by ourselves here. Without this patch, the responder would be shot down after reaching the idle_timeout with activities happening or not. Resolves: https://pagure.io/SSSD/sssd/issue/3633 Signed-off-by: Fabiano Fidêncio --- src/responder/kcm/kcmsrv_cmd.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c index 0b933f0b4..903c89417 100644 --- a/src/responder/kcm/kcmsrv_cmd.c +++ b/src/responder/kcm/kcmsrv_cmd.c @@ -588,6 +588,9 @@ static void kcm_fd_handler(struct tevent_context *ev, errno_t ret; struct cli_ctx *cctx = talloc_get_type(ptr, struct cli_ctx); +/* Always reset the responder idle timer on any activity */ +cctx->rctx->last_request_time = time(NULL); + /* Always reset the idle timer on any activity */ ret = reset_client_idle_timer(cctx); if (ret != EOK) { From 42d0f1ae4392f43d04740b3696e8b1d4d9429c03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 7 Feb 2018 17:06:39 +0100 Subject: [PATCH 3/6] RESPONDER: Add sss_client_fd_handler() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we have 3 functions to handle client fds: - sec_fd_handler(): for secrets responder - kcm_fd_handler(): for kcm responder - client_fd_handler(): for all the others reponders As those functions only differ by the functions used to handle sending and receiving data to the fds, let's create a generic function that receives the specific send_fn() and recv_fn() functions. With this newly introduced function we'll be able to simply remove duplicated code from those 3 handlers and just call sss_client_fd_handler() from all of those. Resolves: https://pagure.io/SSSD/sssd/issue/3633 Signed-off-by: Fabiano Fidêncio --- src/responder/common/responder.h| 5 + src/responder/common/responder_common.c | 31 +++ 2 files changed, 36 insertions(+) diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 9400e4b60..987a5d17d 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -197,6 +197,11 @@ typedef int (*connection_setup_t)(struct cli_ctx *cctx); int sss_connection_setup(struct cli_ctx *cctx); +void sss_client_fd_handler(void *ptr, + void (*recv_fn) (struct cli_ctx *cctx), + void (*send_fn) (struct cli_ctx *cctx), + uint16_t flags); + int sss_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb, diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 6130c1201..e2ac34651 100644 --- a/src/responder/common/responder_common.
[SSSD] [sssd PR#511][comment] Do not shutdown KCM/Secrets responders when activities are happening ...
URL: https://github.com/SSSD/sssd/pull/511 Title: #511: Do not shutdown KCM/Secrets responders when activities are happening ... fidencio commented: """ We have discussed in a phone meeting Today that we will go for this patches and decide about https://pagure.io/SSSD/sssd/issue/3675 later. Also, this PR will be split into code and tests parts in order to have the patches merged soon and we can keep discussing about the timeout used in the test side later on. """ See the full comment at https://github.com/SSSD/sssd/pull/511#issuecomment-377256609 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#542][comment] KCM: Use json_loadb() when dealing with sss_iobuf data
URL: https://github.com/SSSD/sssd/pull/542 Title: #542: KCM: Use json_loadb() when dealing with sss_iobuf data jhrozek commented: """ OK, let's have this patch merged /as a stopgap/ so that we can have a fix in fedora and work on a better fix in the meantime without waiting for the perfect patch and having crashes in the meantime. """ See the full comment at https://github.com/SSSD/sssd/pull/542#issuecomment-377235952 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#542][+Accepted] KCM: Use json_loadb() when dealing with sss_iobuf data
URL: https://github.com/SSSD/sssd/pull/542 Title: #542: KCM: Use json_loadb() when dealing with sss_iobuf data Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#544][comment] IPA: Qualify the externalUser sudo attribute
URL: https://github.com/SSSD/sssd/pull/544 Title: #544: IPA: Qualify the externalUser sudo attribute jhrozek commented: """ > On 29 Mar 2018, at 10:24, fidencio wrote: > > @jhrozek, the patch itself looks good. > Do we have downstream tests covering this situation? I don’t think so > Wouldn't be worth it to open a RHEL bug for this issue? Would you mind doing that, please? I won’t connect until today’s meeting and it might be good to discuss the bug """ See the full comment at https://github.com/SSSD/sssd/pull/544#issuecomment-377199238 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#543][-Changes requested] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1
URL: https://github.com/SSSD/sssd/pull/543 Title: #543: SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1 Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#543][comment] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1
URL: https://github.com/SSSD/sssd/pull/543 Title: #543: SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1 fidencio commented: """ @jhrozek, I've made the change and mistakenly pushed to your branch (well, not so bad in the end as it may save you some time). I'm removing the "Changes Requested" label. """ See the full comment at https://github.com/SSSD/sssd/pull/543#issuecomment-377170534 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#543][synchronized] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1
URL: https://github.com/SSSD/sssd/pull/543 Author: jhrozek Title: #543: SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1 Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/543/head:pr543 git checkout pr543 From 1c11bb393037c37fb380ce687b48f618ab85c64a Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 23 Mar 2018 13:40:34 +0100 Subject: [PATCH] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1 Resolves: https://pagure.io/SSSD/sssd/issue/3684 If the cleanup task removes a user who was a fully resolved member (not a ghost), but then the group the user was a member of is requested, unless the group had changed, the user doesn't appear as a member of the group again. This is because the modify timestamp would prevent the group from updating and therefore the ghost attribute is not readded. To mitigate this, let's also set the originalModifyTimestamp attribute to 1, so that we never take the optimized path while updating the group. --- src/db/sysdb_ops.c | 13 src/tests/intg/test_ldap.py | 51 + 2 files changed, 64 insertions(+) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index cc86a114e..09aa04a29 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -5410,6 +5410,19 @@ errno_t sysdb_mark_entry_as_expired_ldb_dn(struct sss_domain_info *dom, goto done; } +ret = ldb_msg_add_empty(msg, SYSDB_ORIG_MODSTAMP, +LDB_FLAG_MOD_REPLACE, NULL); +if (ret != LDB_SUCCESS) { +ret = sysdb_error_to_errno(ret); +goto done; +} + +ret = ldb_msg_add_string(msg, SYSDB_ORIG_MODSTAMP, "1"); +if (ret != LDB_SUCCESS) { +ret = sysdb_error_to_errno(ret); +goto done; +} + ret = ldb_modify(dom->sysdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py index 2d95d2549..a5761cbe1 100644 --- a/src/tests/intg/test_ldap.py +++ b/src/tests/intg/test_ldap.py @@ -434,6 +434,57 @@ def test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task): dict(mem=ent.contains_only("user1"))) +@pytest.fixture +def update_ts_after_cleanup_task(request, ldap_conn): +ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) +ent_list.add_user("user1", 1001, 2001) +ent_list.add_user("user2", 1002, 2001) + +ent_list.add_group_bis("group1", 2001, ["user1", "user2"]) + +create_ldap_fixture(request, ldap_conn, ent_list) + +conf = \ +format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \ +unindent(""" +[domain/LDAP] +ldap_purge_cache_timeout = 3 +""").format(**locals()) +create_conf_fixture(request, conf) +create_sssd_fixture(request) +return None + + +def test_update_ts_cache_after_cleanup_task(ldap_conn, +update_ts_after_cleanup_task): +""" +Regression test for ticket: +https://fedorahosted.org/sssd/ticket/2676 +""" +ent.assert_group_by_name( +"group1", +dict(mem=ent.contains_only("user1", "user2"))) + +ent.assert_passwd_by_name( +'user1', +dict(name='user1', passwd='*', uid=1001, gid=2001, + gecos='1001', shell='/bin/bash')) + +ent.assert_passwd_by_name( +'user2', +dict(name='user2', passwd='*', uid=1002, gid=2001, + gecos='1002', shell='/bin/bash')) + +if subprocess.call(["sss_cache", "-u", "user1"]) != 0: +raise Exception("sssd_cache failed") + +time.sleep(15) + +ent.assert_group_by_name( +"group1", +dict(mem=ent.contains_only("user1", "user2"))) + + @pytest.fixture def blank_rfc2307(request, ldap_conn): """Create blank RFC2307 directory fixture with interactive SSSD conf""" ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#543][comment] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1
URL: https://github.com/SSSD/sssd/pull/543 Title: #543: SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1 fidencio commented: """ @jhrozek, please, just squash the following patch into your: ``` [ffidenci@pessoa sssd]$ cat 0001-fixup-SYSDB-When-marking-an-entry-as-expired-also-se.patch From fd51f94c18b9d40b89fa8696fd626d6d2c8a0fae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 29 Mar 2018 10:26:50 +0200 Subject: [PATCH] fixup! SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1 --- src/tests/intg/test_ldap.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py index 56d06275a..a5761cbe1 100644 --- a/src/tests/intg/test_ldap.py +++ b/src/tests/intg/test_ldap.py @@ -455,7 +455,8 @@ def update_ts_after_cleanup_task(request, ldap_conn): return None -def test_update_ts_cache_after_cleanup_task(ldap_conn, update_ts_after_cleanup_task): +def test_update_ts_cache_after_cleanup_task(ldap_conn, +update_ts_after_cleanup_task): """ Regression test for ticket: https://fedorahosted.org/sssd/ticket/2676 -- 2.14.3 ``` The issue was caused by; ``` [ffidenci@pessoa sssd]$ pep8 src/tests/intg/test_ldap.py src/tests/intg/test_ldap.py:458:80: E501 line too long (85 > 79 characters) ``` """ See the full comment at https://github.com/SSSD/sssd/pull/543#issuecomment-377167510 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#544][comment] IPA: Qualify the externalUser sudo attribute
URL: https://github.com/SSSD/sssd/pull/544 Title: #544: IPA: Qualify the externalUser sudo attribute fidencio commented: """ @jhrozek, the patch itself looks good. Do we have downstream tests covering this situation? Wouldn't be worth it to open a RHEL bug for this issue? """ See the full comment at https://github.com/SSSD/sssd/pull/544#issuecomment-377161312 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#546][opened] TESTS: Re-add tests for `kdestroy -A`
URL: https://github.com/SSSD/sssd/pull/546 Author: fidencio Title: #546: TESTS: Re-add tests for `kdestroy -A` Action: opened PR body: """ This reverts commit 89726be5a05493b7af312f0be9ac5ecb6f1822e1 and also do a few modifications on it in order to ensure we don't have any regression on https://pagure.io/SSSD/sssd/issue/3413 As this patch depends on a krb5 patch applied to the distros we run our internal CI on, I've opened a bug report providing patches for Fedora[0] and Debian[1]. [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1561917 [1]: https://salsa.debian.org/debian/krb5/merge_requests/1 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/546/head:pr546 git checkout pr546 From 2aa613a5922e47e9e21880a3646e427d2f05aaa5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 27 Mar 2018 17:55:08 +0200 Subject: [PATCH] TESTS: Re-add tests for `kdestroy -A` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 89726be5a05493b7af312f0be9ac5ecb6f1822e1 and also do a few modifications on it in order to ensure we don't have any regression on https://pagure.io/SSSD/sssd/issue/3413 Related: https://pagure.io/SSSD/sssd/issue/3413 Signed-off-by: Fabiano Fidêncio --- src/tests/intg/test_kcm.py | 15 +++ 1 file changed, 15 insertions(+) diff --git a/src/tests/intg/test_kcm.py b/src/tests/intg/test_kcm.py index 5bacc6f91..b3252bd36 100644 --- a/src/tests/intg/test_kcm.py +++ b/src/tests/intg/test_kcm.py @@ -303,6 +303,21 @@ def collection_init_list_destroy(testenv): assert cc_coll['bob@KCMTEST'] == ['krbtgt/KCMTEST@KCMTEST'] assert 'carol@KCMTEST' not in cc_coll +# Let's kinit a 3rd principal +out, _, _ = testenv.k5util.kinit("carol", "carolpw") +assert out == 0 +cc_coll = testenv.k5util.list_all_princs() +assert len(cc_coll) == 3 +assert cc_coll['alice@KCMTEST'] == ['krbtgt/KCMTEST@KCMTEST'] +assert cc_coll['bob@KCMTEST'] == ['krbtgt/KCMTEST@KCMTEST'] +assert cc_coll['carol@KCMTEST'] == ['krbtgt/KCMTEST@KCMTEST'] + +# Let's ensure `kdestroy -A` works with more than 2 principals +# https://pagure.io/SSSD/sssd/issue/3413 +out = testenv.k5util.kdestroy(all_ccaches=True) +assert out == 0 +assert testenv.k5util.num_princs() == 0 + def test_kcm_mem_collection_init_list_destroy(setup_for_kcm_mem): testenv = setup_for_kcm_mem ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org