date:20181022

[SSSD] [sssd PR#677][-Changes requested] pcre: port to pcre2

2018-10-22 Thread thalman

  URL: https://github.com/SSSD/sssd/pull/677
Title: #677: pcre: port to pcre2

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#682][opened] DYNDNS: Drop support for legacy NSUPDATE

2018-10-22 Thread thalman

   URL: https://github.com/SSSD/sssd/pull/682
Author: thalman
 Title: #682: DYNDNS: Drop support for legacy NSUPDATE
Action: opened

PR body:
"""
We should drop support for legacy versions of NSUPDATE that doesn't
support 'realm' option. The option 'realm' was added in
BIND 9.8.0a1.

Resolves:
https://pagure.io/SSSD/sssd/issue/2817
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/682/head:pr682
git checkout pr682
From 0e1c6cf01a92f889c92c0d087805382931675686 Mon Sep 17 00:00:00 2001
From: Tomas Halman 
Date: Mon, 22 Oct 2018 14:33:32 +0200
Subject: [PATCH] DYNDNS: Drop support for legacy NSUPDATE

We should drop support for legacy versions of NSUPDATE that don't
support 'realm' option. The option 'realm' was added in
BIND 9.8.0a1.

Resolves:
https://pagure.io/SSSD/sssd/issue/2817
---
 src/external/nsupdate.m4   | 3 +--
 src/providers/be_dyndns.c  | 5 ++---
 src/tests/cmocka/test_dyndns.c | 8 
 3 files changed, 3 insertions(+), 13 deletions(-)

diff --git a/src/external/nsupdate.m4 b/src/external/nsupdate.m4
index b7048d58a3..a137f38221 100644
--- a/src/external/nsupdate.m4
+++ b/src/external/nsupdate.m4
@@ -7,10 +7,9 @@ if test -x "$NSUPDATE"; then
   AC_MSG_CHECKING(for nsupdate 'realm' support')
   if AC_RUN_LOG([echo realm |$NSUPDATE >&2]); then
 AC_MSG_RESULT([yes])
-AC_DEFINE_UNQUOTED([HAVE_NSUPDATE_REALM], 1, [Whether to use the 'realm' directive with nsupdate])
   else
 AC_MSG_RESULT([no])
-AC_MSG_WARN([Will build without the 'realm' directive])
+AC_MSG_ERROR([nsupdate does not support 'realm'])
   fi
 
 else
diff --git a/src/providers/be_dyndns.c b/src/providers/be_dyndns.c
index ebe1fcd164..4c9bbe6448 100644
--- a/src/providers/be_dyndns.c
+++ b/src/providers/be_dyndns.c
@@ -400,12 +400,11 @@ static char *nsupdate_msg_add_ptr(char *update_msg,
 static char *
 nsupdate_msg_add_realm_cmd(TALLOC_CTX *mem_ctx, const char *realm)
 {
-#ifdef HAVE_NSUPDATE_REALM
 if (realm != NULL) {
 return talloc_asprintf(mem_ctx, "realm %s\n", realm);
+} else {
+return talloc_asprintf(mem_ctx, "\n");
 }
-#endif
-return talloc_asprintf(mem_ctx, "\n");
 }
 
 static char *
diff --git a/src/tests/cmocka/test_dyndns.c b/src/tests/cmocka/test_dyndns.c
index b53712..491b4377fa 100644
--- a/src/tests/cmocka/test_dyndns.c
+++ b/src/tests/cmocka/test_dyndns.c
@@ -406,11 +406,7 @@ void dyndns_test_create_fwd_msg(void **state)
 
 assert_string_equal(msg,
 "server Winterfell\n"
-#ifdef HAVE_NSUPDATE_REALM
 "realm North\n"
-#else
-"\n"
-#endif
 "update delete bran_stark. in A\n"
 "update add bran_stark. 1234 in A 192.168.0.2\n"
 "send\n"
@@ -427,11 +423,7 @@ void dyndns_test_create_fwd_msg(void **state)
 assert_int_equal(ret, EOK);
 
 assert_string_equal(msg,
-#ifdef HAVE_NSUPDATE_REALM
 "realm North\n"
-#else
-"\n"
-#endif
 "update delete bran_stark. in A\n"
 "update add bran_stark. 1234 in A 192.168.0.2\n"
 "send\n"
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#677][synchronized] pcre: port to pcre2

2018-10-22 Thread thalman

   URL: https://github.com/SSSD/sssd/pull/677
Author: thalman
 Title: #677: pcre: port to pcre2
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/677/head:pr677
git checkout pr677
From 22d24604e6299448929e4b5178c2b8fb556e0416 Mon Sep 17 00:00:00 2001
From: Tomas Halman 
Date: Mon, 15 Oct 2018 15:13:38 +0200
Subject: [PATCH] pcre: port to pcre2

Some distributions want to drop pcre support. Sssd should work with
pcre2. With this patch sssd tries to use pcre2 if pcre is not present.

Resolves:
https://pagure.io/SSSD/sssd/issue/3833
---
 Makefile.am  |   2 +
 src/external/libpcre.m4  |  46 +-
 src/providers/krb5/krb5_auth.h   |   2 +-
 src/providers/krb5/krb5_common.h |   2 +-
 src/providers/krb5/krb5_init.c   |  19 +--
 src/providers/krb5/krb5_utils.c  |  12 +-
 src/providers/krb5/krb5_utils.h  |   2 +-
 src/responder/common/responder.h |   2 +-
 src/tests/krb5_child-test.c  |  18 +--
 src/tests/krb5_utils-tests.c |  13 +-
 src/util/sss_regexp.c| 262 +++
 src/util/sss_regexp.h|  96 +++
 src/util/usertools.c |  50 ++
 src/util/util.h  |   4 +-
 14 files changed, 437 insertions(+), 93 deletions(-)
 create mode 100644 src/util/sss_regexp.c
 create mode 100644 src/util/sss_regexp.h

diff --git a/Makefile.am b/Makefile.am
index 3667856c68..1df2c0833e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -662,6 +662,7 @@ dist_noinst_HEADERS = \
 src/util/sss_nss.h \
 src/util/sss_ldap.h \
 src/util/sss_python.h \
+src/util/sss_regexp.h \
 src/util/sss_krb5.h \
 src/util/sss_selinux.h \
 src/util/sss_sockets.h \
@@ -1265,6 +1266,7 @@ libsss_util_la_SOURCES = \
 src/util/sss_ptr_hash.c \
 src/util/files.c \
 src/util/selinux.c \
+src/util/sss_regexp.c \
 $(NULL)
 libsss_util_la_CFLAGS = \
 $(AM_CFLAGS) \
diff --git a/src/external/libpcre.m4 b/src/external/libpcre.m4
index 2326cbf864..bb53a47b68 100644
--- a/src/external/libpcre.m4
+++ b/src/external/libpcre.m4
@@ -1,13 +1,45 @@
 AC_SUBST(PCRE_LIBS)
 AC_SUBST(PCRE_CFLAGS)
 
-PKG_CHECK_MODULES([PCRE], [libpcre], [found_libpcre=yes], [found_libpcre=no])
-PKG_CHECK_EXISTS(libpcre >= 7,
- [AC_MSG_NOTICE([PCRE version is 7 or higher])],
- [AC_MSG_NOTICE([PCRE version is below 7])
-  AC_DEFINE([HAVE_LIBPCRE_LESSER_THAN_7],
-1,
-[Define if libpcre version is less than 7])])
+PKG_CHECK_MODULES(
+[PCRE],
+[libpcre],
+[
+found_libpcre=yes
+PKG_CHECK_EXISTS(
+libpcre >= 7,
+[AC_MSG_NOTICE([PCRE version is 7 or higher])],
+[
+AC_MSG_NOTICE([PCRE version is below 7])
+AC_DEFINE(
+[HAVE_LIBPCRE_LESSER_THAN_7],
+1,
+[Define if libpcre version is less than 7]
+)
+]
+)
+],
+[
+PKG_CHECK_MODULES(
+[PCRE2],
+[libpcre2-8],
+[
+found_libpcre=yes
+AC_DEFINE(
+[HAVE_LIBPCRE2],
+1,
+[Define if libpcre2 is present]
+)
+AC_DEFINE(
+[PCRE2_CODE_UNIT_WIDTH],
+8,
+[Define libpcre2 unit size]
+)
+],
+[found_libpcre=no]
+)
+]
+)
 
 SSS_AC_EXPAND_LIB_DIR()
 AS_IF([test x"$found_libpcre" != xyes],
diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h
index 847fbf52b8..c706625f6f 100644
--- a/src/providers/krb5/krb5_auth.h
+++ b/src/providers/krb5/krb5_auth.h
@@ -26,8 +26,8 @@
 #ifndef __KRB5_AUTH_H__
 #define __KRB5_AUTH_H__
 
-#include 
 
+#include "util/sss_regexp.h"
 #include "util/sss_krb5.h"
 #include "providers/backend.h"
 #include "util/child_common.h"
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
index bf36a551a9..4b27f166ac 100644
--- a/src/providers/krb5/krb5_common.h
+++ b/src/providers/krb5/krb5_common.h
@@ -121,7 +121,7 @@ struct krb5_ctx {
 struct krb5_service *kpasswd_service;
 int child_debug_fd;
 
-pcre *illegal_path_re;
+sss_regexp_t *illegal_path_re;
 
 struct deferred_auth_ctx *deferred_auth_ctx;
 struct renew_tgt_ctx *renew_tgt_ctx;
diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c
index 66ae68fb47..5f956b88e7 100644
--- a/src/providers/krb5/krb5_init.c
+++ b/src/providers/krb5/krb5_init.c
@@ -108,16 +108,6 @@ static errno_t krb5_init_kdc(struct krb5_ctx *ctx, struct be_ctx *be_ctx)
 return EOK;
 }
 
-int krb5_ctx_re_destructor(struct krb5_ctx *ctx)
-{
-if (ctx->illegal_path_re != NULL) {
-pcre_free(ctx->illegal_path_re);
-

[SSSD] [sssd PR#677][comment] pcre: port to pcre2

2018-10-22 Thread thalman

  URL: https://github.com/SSSD/sssd/pull/677
Title: #677: pcre: port to pcre2

thalman commented:
"""
Re-formatted to 80 columns
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/677#issuecomment-431803305
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#680][comment] pytest: Add test case for Expired sudo rule

2018-10-22 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/680
Title: #680: pytest: Add test case for Expired sudo rule

jhrozek commented:
"""
github has issues: https://status.github.com/messages
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/680#issuecomment-431769461
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#680][comment] pytest: Add test case for Expired sudo rule

2018-10-22 Thread mrniranjan

  URL: https://github.com/SSSD/sssd/pull/680
Title: #680: pytest: Add test case for Expired sudo rule

mrniranjan commented:
"""
I have fixed the issues raised in the review comments, but for some reason 
github is not updating the PR with latest commits. 
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/680#issuecomment-431748508
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org

[SSSD] [sssd PR#680][synchronized] pytest: Add test case for Expired sudo rule

2018-10-22 Thread mrniranjan

   URL: https://github.com/SSSD/sssd/pull/680
Author: mrniranjan
 Title: #680: pytest: Add test case for Expired sudo rule
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/680/head:pr680
git checkout pr680
From 8cddf199d93b5c5e9898cda260524facfe854725 Mon Sep 17 00:00:00 2001
From: "Niranjan M.R" 
Date: Tue, 16 Oct 2018 14:00:30 +0530
Subject: [PATCH 1/6] pytest/sudo: Modify fixture to restore sssd.conf

Modify set_case_sensitive_false fixture to restore sssd.conf
back to the original sssd.conf after running test_case_senitivity
test case.

Signed-off-by: Niranjan M.R 
---
 src/tests/multihost/basic/conftest.py | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py
index 0d3b831bea..376a3b415b 100644
--- a/src/tests/multihost/basic/conftest.py
+++ b/src/tests/multihost/basic/conftest.py
@@ -15,6 +15,7 @@
 import os
 import tempfile
 import ldap
+import time
 
 
 def pytest_namespace():
@@ -193,8 +194,10 @@ def create_casesensitive_posix_user(session_multihost):
 
 
 @pytest.fixture
-def set_case_sensitive_false(session_multihost):
+def set_case_sensitive_false(session_multihost, request):
 """ Set case_sensitive to false in sssd domain section """
+bkup_sssd = 'cp -f /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig'
+session_multihost.master[0].run_command(bkup_sssd)
 session_multihost.master[0].transport.get_file('/etc/sssd/sssd.conf',
'/tmp/sssd.conf')
 sssdconfig = ConfigParser.SafeConfigParser()
@@ -208,6 +211,14 @@ def set_case_sensitive_false(session_multihost):
'/etc/sssd/sssd.conf')
 session_multihost.master[0].service_sssd('restart')
 
+def restore_sssd():
+""" Restore sssd.conf """
+restore_sssd = 'cp -f /etc/sssd/sssd.conf.orig /etc/sssd/sssd.conf'
+session_multihost.master[0].run_command(restore_sssd)
+session_multihost.master[0].service_sssd('restart')
+time.sleep(5)
+request.addfinalizer(restore_sssd)
+
 
 @pytest.fixture
 def enable_files_domain(session_multihost):

From f8926ab5817696c8825b5a8d2388a002266b1e56 Mon Sep 17 00:00:00 2001
From: "Niranjan M.R" 
Date: Tue, 16 Oct 2018 16:31:25 +0530
Subject: [PATCH 2/6] pytest/sudo: Rename create_sudorule to
 case_sensitive_sudorule

Add del_sudo_rule function to delete the sudo rules
after test_sensitivity completes

Signed-off-by: Niranjan M.R 
---
 src/tests/multihost/basic/conftest.py | 17 ++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py
index 376a3b415b..cfc35d527a 100644
--- a/src/tests/multihost/basic/conftest.py
+++ b/src/tests/multihost/basic/conftest.py
@@ -254,10 +254,10 @@ def teardown_files_domain_users():
 
 
 @pytest.fixture
-def create_sudorule(session_multihost, create_casesensitive_posix_user):
+def case_sensitive_sudorule(session_multihost,
+create_casesensitive_posix_user,
+request):
 """ Create posix user and groups """
-# pylint: disable=unused-argument
-_pytest_fixtures = [create_casesensitive_posix_user]
 ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
 ds_rootdn = 'cn=Directory Manager'
 ds_rootpw = 'Secret123'
@@ -280,6 +280,17 @@ def create_sudorule(session_multihost, create_casesensitive_posix_user):
 except LdapException:
 pytest.fail("Failed to add sudo rule %s" % rule_dn2)
 
+def del_sensitive_sudo_rule():
+""" Delete sudo rule """
+(ret, _) = ldap_inst.del_dn(rule_dn1)
+assert ret == 'Success'
+(ret, _) = ldap_inst.del_dn(rule_dn2)
+assert ret == 'Success'
+(ret, _) = ldap_inst.del_dn(sudo_ou)
+assert ret == 'Success'
+time.sleep(5)
+request.addfinalizer(del_sensitive_sudo_rule)
+
 
 @pytest.fixture
 def enable_sss_sudo_nsswitch(session_multihost, tmpdir, request):

From 2e2240c2e3d7dc9be0f85a746855b20390aaa6c0 Mon Sep 17 00:00:00 2001
From: "Niranjan M.R" 
Date: Tue, 16 Oct 2018 16:35:43 +0530
Subject: [PATCH 3/6] pytest/sudo: call case_sensitive_sudorule fixture instead
 of create_sudorule

Signed-off-by: Niranjan M.R 
---
 src/tests/multihost/basic/test_sudo.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tests/multihost/basic/test_sudo.py b/src/tests/multihost/basic/test_sudo.py
index ecf41ffb1a..af9b7a8e87 100644
--- a/src/tests/multihost/basic/test_sudo.py
+++ b/src/tests/multihost/basic/test_sudo.py
@@ -6,12 +6,12 @@
 
 class TestSanitySudo(object):
 """ Basic Sanity Test cases for sudo service in sssd """
-def test_case_senitivity(self, multihost, create_sudorule,
+def test_case_senitivity(self, multihost,

[SSSD] [sssd PR#677][-Changes requested] pcre: port to pcre2

[SSSD] [sssd PR#682][opened] DYNDNS: Drop support for legacy NSUPDATE

[SSSD] [sssd PR#677][synchronized] pcre: port to pcre2

[SSSD] [sssd PR#677][comment] pcre: port to pcre2

[SSSD] [sssd PR#680][comment] pytest: Add test case for Expired sudo rule

[SSSD] [sssd PR#680][comment] pytest: Add test case for Expired sudo rule

[SSSD] [sssd PR#680][synchronized] pytest: Add test case for Expired sudo rule

7 matches

Site Navigation

Mail list logo

Footer information