[SSSD] [sssd PR#677][-Changes requested] pcre: port to pcre2
URL: https://github.com/SSSD/sssd/pull/677 Title: #677: pcre: port to pcre2 Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#682][opened] DYNDNS: Drop support for legacy NSUPDATE
URL: https://github.com/SSSD/sssd/pull/682 Author: thalman Title: #682: DYNDNS: Drop support for legacy NSUPDATE Action: opened PR body: """ We should drop support for legacy versions of NSUPDATE that doesn't support 'realm' option. The option 'realm' was added in BIND 9.8.0a1. Resolves: https://pagure.io/SSSD/sssd/issue/2817 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/682/head:pr682 git checkout pr682 From 0e1c6cf01a92f889c92c0d087805382931675686 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Mon, 22 Oct 2018 14:33:32 +0200 Subject: [PATCH] DYNDNS: Drop support for legacy NSUPDATE We should drop support for legacy versions of NSUPDATE that don't support 'realm' option. The option 'realm' was added in BIND 9.8.0a1. Resolves: https://pagure.io/SSSD/sssd/issue/2817 --- src/external/nsupdate.m4 | 3 +-- src/providers/be_dyndns.c | 5 ++--- src/tests/cmocka/test_dyndns.c | 8 3 files changed, 3 insertions(+), 13 deletions(-) diff --git a/src/external/nsupdate.m4 b/src/external/nsupdate.m4 index b7048d58a3..a137f38221 100644 --- a/src/external/nsupdate.m4 +++ b/src/external/nsupdate.m4 @@ -7,10 +7,9 @@ if test -x "$NSUPDATE"; then AC_MSG_CHECKING(for nsupdate 'realm' support') if AC_RUN_LOG([echo realm |$NSUPDATE >&2]); then AC_MSG_RESULT([yes]) -AC_DEFINE_UNQUOTED([HAVE_NSUPDATE_REALM], 1, [Whether to use the 'realm' directive with nsupdate]) else AC_MSG_RESULT([no]) -AC_MSG_WARN([Will build without the 'realm' directive]) +AC_MSG_ERROR([nsupdate does not support 'realm']) fi else diff --git a/src/providers/be_dyndns.c b/src/providers/be_dyndns.c index ebe1fcd164..4c9bbe6448 100644 --- a/src/providers/be_dyndns.c +++ b/src/providers/be_dyndns.c @@ -400,12 +400,11 @@ static char *nsupdate_msg_add_ptr(char *update_msg, static char * nsupdate_msg_add_realm_cmd(TALLOC_CTX *mem_ctx, const char *realm) { -#ifdef HAVE_NSUPDATE_REALM if (realm != NULL) { return talloc_asprintf(mem_ctx, "realm %s\n", realm); +} else { +return talloc_asprintf(mem_ctx, "\n"); } -#endif -return talloc_asprintf(mem_ctx, "\n"); } static char * diff --git a/src/tests/cmocka/test_dyndns.c b/src/tests/cmocka/test_dyndns.c index b53712..491b4377fa 100644 --- a/src/tests/cmocka/test_dyndns.c +++ b/src/tests/cmocka/test_dyndns.c @@ -406,11 +406,7 @@ void dyndns_test_create_fwd_msg(void **state) assert_string_equal(msg, "server Winterfell\n" -#ifdef HAVE_NSUPDATE_REALM "realm North\n" -#else -"\n" -#endif "update delete bran_stark. in A\n" "update add bran_stark. 1234 in A 192.168.0.2\n" "send\n" @@ -427,11 +423,7 @@ void dyndns_test_create_fwd_msg(void **state) assert_int_equal(ret, EOK); assert_string_equal(msg, -#ifdef HAVE_NSUPDATE_REALM "realm North\n" -#else -"\n" -#endif "update delete bran_stark. in A\n" "update add bran_stark. 1234 in A 192.168.0.2\n" "send\n" ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#677][synchronized] pcre: port to pcre2
URL: https://github.com/SSSD/sssd/pull/677 Author: thalman Title: #677: pcre: port to pcre2 Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/677/head:pr677 git checkout pr677 From 22d24604e6299448929e4b5178c2b8fb556e0416 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Mon, 15 Oct 2018 15:13:38 +0200 Subject: [PATCH] pcre: port to pcre2 Some distributions want to drop pcre support. Sssd should work with pcre2. With this patch sssd tries to use pcre2 if pcre is not present. Resolves: https://pagure.io/SSSD/sssd/issue/3833 --- Makefile.am | 2 + src/external/libpcre.m4 | 46 +- src/providers/krb5/krb5_auth.h | 2 +- src/providers/krb5/krb5_common.h | 2 +- src/providers/krb5/krb5_init.c | 19 +-- src/providers/krb5/krb5_utils.c | 12 +- src/providers/krb5/krb5_utils.h | 2 +- src/responder/common/responder.h | 2 +- src/tests/krb5_child-test.c | 18 +-- src/tests/krb5_utils-tests.c | 13 +- src/util/sss_regexp.c| 262 +++ src/util/sss_regexp.h| 96 +++ src/util/usertools.c | 50 ++ src/util/util.h | 4 +- 14 files changed, 437 insertions(+), 93 deletions(-) create mode 100644 src/util/sss_regexp.c create mode 100644 src/util/sss_regexp.h diff --git a/Makefile.am b/Makefile.am index 3667856c68..1df2c0833e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -662,6 +662,7 @@ dist_noinst_HEADERS = \ src/util/sss_nss.h \ src/util/sss_ldap.h \ src/util/sss_python.h \ +src/util/sss_regexp.h \ src/util/sss_krb5.h \ src/util/sss_selinux.h \ src/util/sss_sockets.h \ @@ -1265,6 +1266,7 @@ libsss_util_la_SOURCES = \ src/util/sss_ptr_hash.c \ src/util/files.c \ src/util/selinux.c \ +src/util/sss_regexp.c \ $(NULL) libsss_util_la_CFLAGS = \ $(AM_CFLAGS) \ diff --git a/src/external/libpcre.m4 b/src/external/libpcre.m4 index 2326cbf864..bb53a47b68 100644 --- a/src/external/libpcre.m4 +++ b/src/external/libpcre.m4 @@ -1,13 +1,45 @@ AC_SUBST(PCRE_LIBS) AC_SUBST(PCRE_CFLAGS) -PKG_CHECK_MODULES([PCRE], [libpcre], [found_libpcre=yes], [found_libpcre=no]) -PKG_CHECK_EXISTS(libpcre >= 7, - [AC_MSG_NOTICE([PCRE version is 7 or higher])], - [AC_MSG_NOTICE([PCRE version is below 7]) - AC_DEFINE([HAVE_LIBPCRE_LESSER_THAN_7], -1, -[Define if libpcre version is less than 7])]) +PKG_CHECK_MODULES( +[PCRE], +[libpcre], +[ +found_libpcre=yes +PKG_CHECK_EXISTS( +libpcre >= 7, +[AC_MSG_NOTICE([PCRE version is 7 or higher])], +[ +AC_MSG_NOTICE([PCRE version is below 7]) +AC_DEFINE( +[HAVE_LIBPCRE_LESSER_THAN_7], +1, +[Define if libpcre version is less than 7] +) +] +) +], +[ +PKG_CHECK_MODULES( +[PCRE2], +[libpcre2-8], +[ +found_libpcre=yes +AC_DEFINE( +[HAVE_LIBPCRE2], +1, +[Define if libpcre2 is present] +) +AC_DEFINE( +[PCRE2_CODE_UNIT_WIDTH], +8, +[Define libpcre2 unit size] +) +], +[found_libpcre=no] +) +] +) SSS_AC_EXPAND_LIB_DIR() AS_IF([test x"$found_libpcre" != xyes], diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h index 847fbf52b8..c706625f6f 100644 --- a/src/providers/krb5/krb5_auth.h +++ b/src/providers/krb5/krb5_auth.h @@ -26,8 +26,8 @@ #ifndef __KRB5_AUTH_H__ #define __KRB5_AUTH_H__ -#include +#include "util/sss_regexp.h" #include "util/sss_krb5.h" #include "providers/backend.h" #include "util/child_common.h" diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index bf36a551a9..4b27f166ac 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -121,7 +121,7 @@ struct krb5_ctx { struct krb5_service *kpasswd_service; int child_debug_fd; -pcre *illegal_path_re; +sss_regexp_t *illegal_path_re; struct deferred_auth_ctx *deferred_auth_ctx; struct renew_tgt_ctx *renew_tgt_ctx; diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c index 66ae68fb47..5f956b88e7 100644 --- a/src/providers/krb5/krb5_init.c +++ b/src/providers/krb5/krb5_init.c @@ -108,16 +108,6 @@ static errno_t krb5_init_kdc(struct krb5_ctx *ctx, struct be_ctx *be_ctx) return EOK; } -int krb5_ctx_re_destructor(struct krb5_ctx *ctx) -{ -if (ctx->illegal_path_re != NULL) { -pcre_free(ctx->illegal_path_re); -
[SSSD] [sssd PR#677][comment] pcre: port to pcre2
URL: https://github.com/SSSD/sssd/pull/677 Title: #677: pcre: port to pcre2 thalman commented: """ Re-formatted to 80 columns """ See the full comment at https://github.com/SSSD/sssd/pull/677#issuecomment-431803305 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#680][comment] pytest: Add test case for Expired sudo rule
URL: https://github.com/SSSD/sssd/pull/680 Title: #680: pytest: Add test case for Expired sudo rule jhrozek commented: """ github has issues: https://status.github.com/messages """ See the full comment at https://github.com/SSSD/sssd/pull/680#issuecomment-431769461 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#680][comment] pytest: Add test case for Expired sudo rule
URL: https://github.com/SSSD/sssd/pull/680 Title: #680: pytest: Add test case for Expired sudo rule mrniranjan commented: """ I have fixed the issues raised in the review comments, but for some reason github is not updating the PR with latest commits. """ See the full comment at https://github.com/SSSD/sssd/pull/680#issuecomment-431748508 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#680][synchronized] pytest: Add test case for Expired sudo rule
URL: https://github.com/SSSD/sssd/pull/680 Author: mrniranjan Title: #680: pytest: Add test case for Expired sudo rule Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/680/head:pr680 git checkout pr680 From 8cddf199d93b5c5e9898cda260524facfe854725 Mon Sep 17 00:00:00 2001 From: "Niranjan M.R" Date: Tue, 16 Oct 2018 14:00:30 +0530 Subject: [PATCH 1/6] pytest/sudo: Modify fixture to restore sssd.conf Modify set_case_sensitive_false fixture to restore sssd.conf back to the original sssd.conf after running test_case_senitivity test case. Signed-off-by: Niranjan M.R --- src/tests/multihost/basic/conftest.py | 13 - 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py index 0d3b831bea..376a3b415b 100644 --- a/src/tests/multihost/basic/conftest.py +++ b/src/tests/multihost/basic/conftest.py @@ -15,6 +15,7 @@ import os import tempfile import ldap +import time def pytest_namespace(): @@ -193,8 +194,10 @@ def create_casesensitive_posix_user(session_multihost): @pytest.fixture -def set_case_sensitive_false(session_multihost): +def set_case_sensitive_false(session_multihost, request): """ Set case_sensitive to false in sssd domain section """ +bkup_sssd = 'cp -f /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig' +session_multihost.master[0].run_command(bkup_sssd) session_multihost.master[0].transport.get_file('/etc/sssd/sssd.conf', '/tmp/sssd.conf') sssdconfig = ConfigParser.SafeConfigParser() @@ -208,6 +211,14 @@ def set_case_sensitive_false(session_multihost): '/etc/sssd/sssd.conf') session_multihost.master[0].service_sssd('restart') +def restore_sssd(): +""" Restore sssd.conf """ +restore_sssd = 'cp -f /etc/sssd/sssd.conf.orig /etc/sssd/sssd.conf' +session_multihost.master[0].run_command(restore_sssd) +session_multihost.master[0].service_sssd('restart') +time.sleep(5) +request.addfinalizer(restore_sssd) + @pytest.fixture def enable_files_domain(session_multihost): From f8926ab5817696c8825b5a8d2388a002266b1e56 Mon Sep 17 00:00:00 2001 From: "Niranjan M.R" Date: Tue, 16 Oct 2018 16:31:25 +0530 Subject: [PATCH 2/6] pytest/sudo: Rename create_sudorule to case_sensitive_sudorule Add del_sudo_rule function to delete the sudo rules after test_sensitivity completes Signed-off-by: Niranjan M.R --- src/tests/multihost/basic/conftest.py | 17 ++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py index 376a3b415b..cfc35d527a 100644 --- a/src/tests/multihost/basic/conftest.py +++ b/src/tests/multihost/basic/conftest.py @@ -254,10 +254,10 @@ def teardown_files_domain_users(): @pytest.fixture -def create_sudorule(session_multihost, create_casesensitive_posix_user): +def case_sensitive_sudorule(session_multihost, +create_casesensitive_posix_user, +request): """ Create posix user and groups """ -# pylint: disable=unused-argument -_pytest_fixtures = [create_casesensitive_posix_user] ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) ds_rootdn = 'cn=Directory Manager' ds_rootpw = 'Secret123' @@ -280,6 +280,17 @@ def create_sudorule(session_multihost, create_casesensitive_posix_user): except LdapException: pytest.fail("Failed to add sudo rule %s" % rule_dn2) +def del_sensitive_sudo_rule(): +""" Delete sudo rule """ +(ret, _) = ldap_inst.del_dn(rule_dn1) +assert ret == 'Success' +(ret, _) = ldap_inst.del_dn(rule_dn2) +assert ret == 'Success' +(ret, _) = ldap_inst.del_dn(sudo_ou) +assert ret == 'Success' +time.sleep(5) +request.addfinalizer(del_sensitive_sudo_rule) + @pytest.fixture def enable_sss_sudo_nsswitch(session_multihost, tmpdir, request): From 2e2240c2e3d7dc9be0f85a746855b20390aaa6c0 Mon Sep 17 00:00:00 2001 From: "Niranjan M.R" Date: Tue, 16 Oct 2018 16:35:43 +0530 Subject: [PATCH 3/6] pytest/sudo: call case_sensitive_sudorule fixture instead of create_sudorule Signed-off-by: Niranjan M.R --- src/tests/multihost/basic/test_sudo.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/multihost/basic/test_sudo.py b/src/tests/multihost/basic/test_sudo.py index ecf41ffb1a..af9b7a8e87 100644 --- a/src/tests/multihost/basic/test_sudo.py +++ b/src/tests/multihost/basic/test_sudo.py @@ -6,12 +6,12 @@ class TestSanitySudo(object): """ Basic Sanity Test cases for sudo service in sssd """ -def test_case_senitivity(self, multihost, create_sudorule, +def test_case_senitivity(self, multihost,