[SSSD] [sssd PR#5361][+Accepted] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361 Title: #5361: negcache: multiple fixes Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5361][comment] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361 Title: #5361: negcache: multiple fixes alexey-tikhonov commented: """ Thank you, ACK. """ See the full comment at https://github.com/SSSD/sssd/pull/5361#issuecomment-724731549 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5361][-Waiting for review] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361 Title: #5361: negcache: multiple fixes Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][edited] RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Author: thalman Title: #5245: RESOLV: Avoid DNS search to improve fail-over reaction Action: edited Changed field: body Original value: """ In case of unreachable DNS server or invalid hostname sssd/c-ares tries to search in multiple domains based on the search directive in resolv.conf But the hostnames in config file are fully qualified and this just extends the time spent with DNS resolution. This patch set the c-ares library flags to avoid DNS search Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1608496 """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][synchronized] RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Author: thalman Title: #5245: RESOLV: Avoid DNS search to improve fail-over reaction Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5245/head:pr5245 git checkout pr5245 From 50d0bde2d594f37d22d48d78ab6eb92bfa88b1d5 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Tue, 14 Jul 2020 17:34:36 +0200 Subject: [PATCH 1/4] RESOLV: Avoid DNS search to improve fail-over reaction In case of unreachable DNS server or invalid hostname sssd/c-ares tries to search in multiple domains based on the search directive in resolv.conf But the hostnames in config file are fully qualified and this just extends the time spent with DNS resolution. This patch set the c-ares library flags to avoid DNS search Resolves: https://github.com/SSSD/sssd/issues/5390 --- src/config/SSSDConfig/sssdoptions.py | 1 + src/config/cfg_rules.ini | 1 + src/config/etc/sssd.api.conf | 2 +- src/providers/data_provider.h| 1 + src/providers/data_provider_fo.c | 3 +++ src/resolv/async_resolv.c| 17 +++-- src/resolv/async_resolv.h| 3 ++- 7 files changed, 24 insertions(+), 4 deletions(-) diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py index f57ad4b41a..23bc457b81 100644 --- a/src/config/SSSDConfig/sssdoptions.py +++ b/src/config/SSSDConfig/sssdoptions.py @@ -191,6 +191,7 @@ def __init__(self): 'miliseconds)'), 'dns_resolver_op_timeout': _('How long should keep trying to resolve single DNS query (seconds)'), 'dns_resolver_timeout': _('How long to wait for replies from DNS when resolving servers (seconds)'), +'dns_resolver_perform_dns_search': _('Should resolver perform DNS search'), 'dns_discovery_domain': _('The domain part of service discovery DNS query'), 'override_gid': _('Override GID value from the identity provider with this value'), 'case_sensitive': _('Treat usernames as case sensitive'), diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 2874ea048b..249cf4d9af 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -382,6 +382,7 @@ option = filter_groups option = dns_resolver_server_timeout option = dns_resolver_op_timeout option = dns_resolver_timeout +option = dns_resolver_perform_dns_search option = dns_discovery_domain option = override_gid option = case_sensitive diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 035c33cad8..1adb0e1409 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -179,6 +179,7 @@ filter_groups = list, str, false dns_resolver_server_timeout = int, None, false dns_resolver_op_timeout = int, None, false dns_resolver_timeout = int, None, false +dns_resolver_perform_dns_search = bool, None, true dns_discovery_domain = str, None, false override_gid = int, None, false case_sensitive = str, None, false @@ -226,4 +227,3 @@ dyndns_server = str, None, false [provider/deny] [provider/deny/access] - diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index 32215a0fa5..31eed0cafa 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -267,6 +267,7 @@ enum dp_res_opts { DP_RES_OPT_RESOLVER_TIMEOUT, DP_RES_OPT_RESOLVER_OP_TIMEOUT, DP_RES_OPT_RESOLVER_SERVER_TIMEOUT, +DP_RES_OPT_RESOLVER_PERFORM_DNS_SEARCH, DP_RES_OPT_DNS_DOMAIN, DP_RES_OPTS /* attrs counter */ diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c index afc6081afa..58a3681ad4 100644 --- a/src/providers/data_provider_fo.c +++ b/src/providers/data_provider_fo.c @@ -836,6 +836,7 @@ static struct dp_option dp_res_default_opts[] = { { "dns_resolver_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 3 }, NULL_NUMBER }, { "dns_resolver_server_timeout", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER }, +{ "dns_resolver_perform_dns_search", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "dns_discovery_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, DP_OPTION_TERMINATOR }; @@ -899,6 +900,8 @@ errno_t be_res_init(struct be_ctx *ctx) DP_RES_OPT_RESOLVER_OP_TIMEOUT), dp_opt_get_int(ctx->be_res->opts, DP_RES_OPT_RESOLVER_SERVER_TIMEOUT), + dp_opt_get_bool(ctx->be_res->opts, + DP_RES_OPT_RESOLVER_PERFORM_DNS_SEARCH), >be_res->resolv); if (ret != EOK) { talloc_zfree(ctx->be_res); diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c index 00b9531d49..ce61670ef7 100644 --- a/src/resolv/async_resolv.c +++ b/src/resolv/async_resolv.c @@ -81,6
[SSSD] [sssd PR#5245][+Waiting for review] RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Title: #5245: RESOLV: Avoid DNS search to improve fail-over reaction Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][edited] RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Author: thalman Title: #5245: RESOLV: Avoid DNS search to improve fail-over reaction Action: edited Changed field: title Original value: """ WIP: RESOLV: Avoid DNS search to improve fail-over reaction """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][synchronized] WIP: RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Author: thalman Title: #5245: WIP: RESOLV: Avoid DNS search to improve fail-over reaction Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5245/head:pr5245 git checkout pr5245 From 3b0c7b5ecbd50517df91c47218ed10ccf0eebd3a Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Tue, 14 Jul 2020 17:34:36 +0200 Subject: [PATCH 1/4] RESOLV: Avoid DNS search to improve fail-over reaction In case of unreachable DNS server or invalid hostname sssd/c-ares tries to search in multiple domains based on the search directive in resolv.conf But the hostnames in config file are fully qualified and this just extends the time spent with DNS resolution. This patch set the c-ares library flags to avoid DNS search Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1608496 --- src/config/SSSDConfig/sssdoptions.py | 1 + src/config/cfg_rules.ini | 1 + src/config/etc/sssd.api.conf | 2 +- src/providers/data_provider.h| 1 + src/providers/data_provider_fo.c | 3 +++ src/resolv/async_resolv.c| 17 +++-- src/resolv/async_resolv.h| 3 ++- 7 files changed, 24 insertions(+), 4 deletions(-) diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py index f57ad4b41a..23bc457b81 100644 --- a/src/config/SSSDConfig/sssdoptions.py +++ b/src/config/SSSDConfig/sssdoptions.py @@ -191,6 +191,7 @@ def __init__(self): 'miliseconds)'), 'dns_resolver_op_timeout': _('How long should keep trying to resolve single DNS query (seconds)'), 'dns_resolver_timeout': _('How long to wait for replies from DNS when resolving servers (seconds)'), +'dns_resolver_perform_dns_search': _('Should resolver perform DNS search'), 'dns_discovery_domain': _('The domain part of service discovery DNS query'), 'override_gid': _('Override GID value from the identity provider with this value'), 'case_sensitive': _('Treat usernames as case sensitive'), diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 2874ea048b..249cf4d9af 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -382,6 +382,7 @@ option = filter_groups option = dns_resolver_server_timeout option = dns_resolver_op_timeout option = dns_resolver_timeout +option = dns_resolver_perform_dns_search option = dns_discovery_domain option = override_gid option = case_sensitive diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 035c33cad8..1adb0e1409 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -179,6 +179,7 @@ filter_groups = list, str, false dns_resolver_server_timeout = int, None, false dns_resolver_op_timeout = int, None, false dns_resolver_timeout = int, None, false +dns_resolver_perform_dns_search = bool, None, true dns_discovery_domain = str, None, false override_gid = int, None, false case_sensitive = str, None, false @@ -226,4 +227,3 @@ dyndns_server = str, None, false [provider/deny] [provider/deny/access] - diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index 32215a0fa5..31eed0cafa 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -267,6 +267,7 @@ enum dp_res_opts { DP_RES_OPT_RESOLVER_TIMEOUT, DP_RES_OPT_RESOLVER_OP_TIMEOUT, DP_RES_OPT_RESOLVER_SERVER_TIMEOUT, +DP_RES_OPT_RESOLVER_PERFORM_DNS_SEARCH, DP_RES_OPT_DNS_DOMAIN, DP_RES_OPTS /* attrs counter */ diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c index afc6081afa..58a3681ad4 100644 --- a/src/providers/data_provider_fo.c +++ b/src/providers/data_provider_fo.c @@ -836,6 +836,7 @@ static struct dp_option dp_res_default_opts[] = { { "dns_resolver_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 3 }, NULL_NUMBER }, { "dns_resolver_server_timeout", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER }, +{ "dns_resolver_perform_dns_search", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "dns_discovery_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, DP_OPTION_TERMINATOR }; @@ -899,6 +900,8 @@ errno_t be_res_init(struct be_ctx *ctx) DP_RES_OPT_RESOLVER_OP_TIMEOUT), dp_opt_get_int(ctx->be_res->opts, DP_RES_OPT_RESOLVER_SERVER_TIMEOUT), + dp_opt_get_bool(ctx->be_res->opts, + DP_RES_OPT_RESOLVER_PERFORM_DNS_SEARCH), >be_res->resolv); if (ret != EOK) { talloc_zfree(ctx->be_res); diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c index 00b9531d49..ce61670ef7 100644 --- a/src/resolv/async_resolv.c +++
[SSSD] [sssd PR#5361][-Changes requested] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361 Title: #5361: negcache: multiple fixes Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5361][+Waiting for review] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361 Title: #5361: negcache: multiple fixes Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5361][comment] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361 Title: #5361: negcache: multiple fixes sumit-bose commented: """ Hi, thanks for the rigid review, the latest version should address your comments. bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/5361#issuecomment-724642834 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5361][comment] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361 Title: #5361: negcache: multiple fixes sumit-bose commented: """ > https://github.com/sumit-bose/sssd/blob/f095a01b804d97a46149c9f6593e7e99a63b7195/src/responder/common/negcache.c#L1009 > -- I think code should `continue` in case of any error, including `EAGAIN` > (there are 3 similar spots in this function) Hi, this missing `continue` for the users is in fact correct and in the following code the name is treated a generic UPN. I changed the debug message to make this more clear. For groups there are no UPNs should here we should continue on all errors. I fixed the code accordingly and comments. bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/5361#issuecomment-724641235 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5361][synchronized] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361 Author: sumit-bose Title: #5361: negcache: multiple fixes Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5361/head:pr5361 git checkout pr5361 From 4706d27553fb6275c64301fa31913a9dc167 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 8 Oct 2020 12:18:41 +0200 Subject: [PATCH 1/4] negcache: make sure domain config does not leak into global Resolves: https://github.com/SSSD/sssd/issues/5238 --- src/responder/common/negcache.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index ce1c0ab8c3..139218420d 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -1050,6 +1050,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, } } +talloc_zfree(filter_list); /* Populate non domain-specific negative cache user entries */ ret = confdb_get_string_as_list(cdb, tmpctx, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_FILTER_USERS, _list); @@ -1185,6 +1186,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, } } +talloc_zfree(filter_list); /* Populate non domain-specific negative cache group entries */ ret = confdb_get_string_as_list(cdb, tmpctx, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_FILTER_GROUPS, _list); From 2329d6b6b6b1376f5217b71757ef986f50cfc2e6 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 8 Oct 2020 17:57:29 +0200 Subject: [PATCH 2/4] utils: add SSS_GND_SUBDOMAINS flag for get_next_domain() To allow to only iterate over a singel domain an its sub-domains a new flag is added to get_next_domain(). Resolves: https://github.com/SSSD/sssd/issues/5238 --- src/tests/cmocka/test_utils.c | 31 +++ src/util/domain_info_utils.c | 10 +++--- src/util/util.h | 4 3 files changed, 42 insertions(+), 3 deletions(-) diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c index 945f5cb44a..d77a972c1b 100644 --- a/src/tests/cmocka/test_utils.c +++ b/src/tests/cmocka/test_utils.c @@ -877,6 +877,37 @@ static void test_get_next_domain_flags(void **state) dom = get_next_domain(dom, gnd_flags); assert_null(dom); + +/* Descend only to subdomains */ +gnd_flags = SSS_GND_SUBDOMAINS | SSS_GND_INCLUDE_DISABLED; + +dom = get_next_domain(test_ctx->dom_list, gnd_flags); +assert_non_null(dom); +assert_string_equal(dom->name, "sub1a"); + +dom = get_next_domain(dom, gnd_flags); +assert_null(dom); + +dom = find_domain_by_name_ex(test_ctx->dom_list, "dom2", true, + SSS_GND_ALL_DOMAINS); +assert_non_null(dom); +assert_string_equal(dom->name, "dom2"); + +dom = get_next_domain(dom, gnd_flags); +assert_non_null(dom); +assert_string_equal(dom->name, "sub2a"); + +dom = get_next_domain(dom, gnd_flags); +assert_non_null(dom); +assert_string_equal(dom->name, "sub2b"); + +dom = get_next_domain(dom, gnd_flags); +assert_null(dom); + +/* Expect NULL if the domain has no sub-domains */ +test_ctx->dom_list->subdomains = NULL; +dom = get_next_domain(test_ctx->dom_list, gnd_flags); +assert_null(dom); } struct name_init_test_ctx { diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index aa3582f038..4d4726daa1 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -39,16 +39,20 @@ struct sss_domain_info *get_next_domain(struct sss_domain_info *domain, uint32_t gnd_flags) { struct sss_domain_info *dom; -bool descend = gnd_flags & SSS_GND_DESCEND; +bool descend = gnd_flags & (SSS_GND_DESCEND | SSS_GND_SUBDOMAINS); bool include_disabled = gnd_flags & SSS_GND_INCLUDE_DISABLED; +bool only_subdomains = gnd_flags & SSS_GND_SUBDOMAINS; dom = domain; while (dom) { if (descend && dom->subdomains) { dom = dom->subdomains; -} else if (dom->next) { +} else if (dom->next && only_subdomains && IS_SUBDOMAIN(dom)) { dom = dom->next; -} else if (descend && IS_SUBDOMAIN(dom) && dom->parent->next) { +} else if (dom->next && !only_subdomains) { +dom = dom->next; +} else if (descend && !only_subdomains && IS_SUBDOMAIN(dom) +&& dom->parent->next) { dom = dom->parent->next; } else { dom = NULL; diff --git a/src/util/util.h b/src/util/util.h index fbcac5cd09..581c0edfbc 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -565,7 +565,11 @@ struct sss_domain_info *get_domains_head(struct sss_domain_info *domain); #define SSS_GND_DESCEND 0x01 #define SSS_GND_INCLUDE_DISABLED 0x02 +/* Descend to sub-domains of current domain but do not
[SSSD] [sssd PR#5381][comment] pytest multihost tests for sssd
URL: https://github.com/SSSD/sssd/pull/5381 Title: #5381: pytest multihost tests for sssd pbrezina commented: """ Thanks for the updates Steeve. There is an issue with one of the sudo tests, see: https://s3.eu-central-1.amazonaws.com/sssd-ci/PR-5381/6/rhel8/multihost-pytest.log ``` ERRORS __ ERROR at setup of TestSanitySudo.test_refresh_expired_rule __ session_multihost = request = > @pytest.fixture def generic_sudorule(session_multihost, request): """ Create a generic sudo rule """ ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) ds_rootdn = 'cn=Directory Manager' ds_rootpw = 'Secret123' ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) > ldap_inst.org_unit('sudoers', 'dc=example,dc=test') src/tests/multihost/basic/conftest.py:257: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ src/tests/multihost/sssd/testlib/common/utils.py:991: in org_unit (ret, _) = self.add_entry(attr, org_dn) src/tests/multihost/sssd/testlib/common/utils.py:839: in add_entry self.conn.add_s(ldap_dn, ldif) /usr/lib64/python3.6/site-packages/ldap/ldapobject.py:439: in add_s return self.add_ext_s(dn,modlist,None,None) /usr/lib64/python3.6/site-packages/ldap/ldapobject.py:425: in add_ext_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) /usr/lib64/python3.6/site-packages/ldap/ldapobject.py:767: in result3 resp_ctrl_classes=resp_ctrl_classes /usr/lib64/python3.6/site-packages/ldap/ldapobject.py:774: in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) /usr/lib64/python3.6/site-packages/ldap/ldapobject.py:340: in _ldap_call reraise(exc_type, exc_value, exc_traceback) /usr/lib64/python3.6/site-packages/ldap/compat.py:46: in reraise raise exc_value _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = func = args = (2, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None exc_type = None, exc_value = None, exc_traceback = None def _ldap_call(self,func,*args,**kwargs): """ Wrapper method mainly for serializing calls into OpenLDAP libs and trace logs """ self._ldap_object_lock.acquire() if __debug__: if self._trace_level>=1: self._trace_file.write('*** %s %s - %s\n%s\n' % ( repr(self), self._uri, '.'.join((self.__class__.__name__,func.__name__)), pprint.pformat((args,kwargs)) )) if self._trace_level>=9: traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file) diagnostic_message_success = None try: try: > result = func(*args,**kwargs) E ldap.ALREADY_EXISTS: {'msgtype': 105, 'msgid': 2, 'result': 68, 'desc': 'Already exists', 'ctrls': []} /usr/lib64/python3.6/site-packages/ldap/ldapobject.py:324: ALREADY_EXISTS = 27 passed, 1 error in 780.65 seconds = This seems to be related to your PR since it passes on other PRs. ``` """ See the full comment at https://github.com/SSSD/sssd/pull/5381#issuecomment-724627101 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5370][comment] nss: Use posix_fallocate() to alloc memcache file
URL: https://github.com/SSSD/sssd/pull/5370 Title: #5370: nss: Use posix_fallocate() to alloc memcache file alexey-tikhonov commented: """ It's weird, but seems recent update somehow broke rawhide again... ``` make-intgcheck: failure 00:26:45 ci-build-debug/ci-make-intgcheck.log ``` """ See the full comment at https://github.com/SSSD/sssd/pull/5370#issuecomment-724598569 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org