[SSSD] [sssd PR#5361][+Accepted] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361 Title: #5361: negcache: multiple fixes Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5361][comment] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361 Title: #5361: negcache: multiple fixes alexey-tikhonov commented: """ Thank you, ACK. """ See the full comment at https://github.com/SSSD/sssd/pull/5361#issuecomment-724731549 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5361][-Waiting for review] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361 Title: #5361: negcache: multiple fixes Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][edited] RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Author: thalman Title: #5245: RESOLV: Avoid DNS search to improve fail-over reaction Action: edited Changed field: body Original value: """ In case of unreachable DNS server or invalid hostname sssd/c-ares tries to search in multiple domains based on the search directive in resolv.conf But the hostnames in config file are fully qualified and this just extends the time spent with DNS resolution. This patch set the c-ares library flags to avoid DNS search Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1608496 """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][synchronized] RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245
Author: thalman
Title: #5245: RESOLV: Avoid DNS search to improve fail-over reaction
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5245/head:pr5245
git checkout pr5245
From 50d0bde2d594f37d22d48d78ab6eb92bfa88b1d5 Mon Sep 17 00:00:00 2001
From: Tomas Halman
Date: Tue, 14 Jul 2020 17:34:36 +0200
Subject: [PATCH 1/4] RESOLV: Avoid DNS search to improve fail-over reaction
In case of unreachable DNS server or invalid hostname sssd/c-ares tries
to search in multiple domains based on the search directive
in resolv.conf
But the hostnames in config file are fully qualified and this just
extends the time spent with DNS resolution.
This patch set the c-ares library flags to avoid DNS search
Resolves:
https://github.com/SSSD/sssd/issues/5390
---
src/config/SSSDConfig/sssdoptions.py | 1 +
src/config/cfg_rules.ini | 1 +
src/config/etc/sssd.api.conf | 2 +-
src/providers/data_provider.h| 1 +
src/providers/data_provider_fo.c | 3 +++
src/resolv/async_resolv.c| 17 +++--
src/resolv/async_resolv.h| 3 ++-
7 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py
index f57ad4b41a..23bc457b81 100644
--- a/src/config/SSSDConfig/sssdoptions.py
+++ b/src/config/SSSDConfig/sssdoptions.py
@@ -191,6 +191,7 @@ def __init__(self):
'miliseconds)'),
'dns_resolver_op_timeout': _('How long should keep trying to resolve single DNS query (seconds)'),
'dns_resolver_timeout': _('How long to wait for replies from DNS when resolving servers (seconds)'),
+'dns_resolver_perform_dns_search': _('Should resolver perform DNS search'),
'dns_discovery_domain': _('The domain part of service discovery DNS query'),
'override_gid': _('Override GID value from the identity provider with this value'),
'case_sensitive': _('Treat usernames as case sensitive'),
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 2874ea048b..249cf4d9af 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -382,6 +382,7 @@ option = filter_groups
option = dns_resolver_server_timeout
option = dns_resolver_op_timeout
option = dns_resolver_timeout
+option = dns_resolver_perform_dns_search
option = dns_discovery_domain
option = override_gid
option = case_sensitive
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 035c33cad8..1adb0e1409 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -179,6 +179,7 @@ filter_groups = list, str, false
dns_resolver_server_timeout = int, None, false
dns_resolver_op_timeout = int, None, false
dns_resolver_timeout = int, None, false
+dns_resolver_perform_dns_search = bool, None, true
dns_discovery_domain = str, None, false
override_gid = int, None, false
case_sensitive = str, None, false
@@ -226,4 +227,3 @@ dyndns_server = str, None, false
[provider/deny]
[provider/deny/access]
-
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h
index 32215a0fa5..31eed0cafa 100644
--- a/src/providers/data_provider.h
+++ b/src/providers/data_provider.h
@@ -267,6 +267,7 @@ enum dp_res_opts {
DP_RES_OPT_RESOLVER_TIMEOUT,
DP_RES_OPT_RESOLVER_OP_TIMEOUT,
DP_RES_OPT_RESOLVER_SERVER_TIMEOUT,
+DP_RES_OPT_RESOLVER_PERFORM_DNS_SEARCH,
DP_RES_OPT_DNS_DOMAIN,
DP_RES_OPTS /* attrs counter */
diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c
index afc6081afa..58a3681ad4 100644
--- a/src/providers/data_provider_fo.c
+++ b/src/providers/data_provider_fo.c
@@ -836,6 +836,7 @@ static struct dp_option dp_res_default_opts[] = {
{ "dns_resolver_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
{ "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 3 }, NULL_NUMBER },
{ "dns_resolver_server_timeout", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER },
+{ "dns_resolver_perform_dns_search", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
{ "dns_discovery_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING },
DP_OPTION_TERMINATOR
};
@@ -899,6 +900,8 @@ errno_t be_res_init(struct be_ctx *ctx)
DP_RES_OPT_RESOLVER_OP_TIMEOUT),
dp_opt_get_int(ctx->be_res->opts,
DP_RES_OPT_RESOLVER_SERVER_TIMEOUT),
+ dp_opt_get_bool(ctx->be_res->opts,
+ DP_RES_OPT_RESOLVER_PERFORM_DNS_SEARCH),
>be_res->resolv);
if (ret != EOK) {
talloc_zfree(ctx->be_res);
diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c
index 00b9531d49..ce61670ef7 100644
--- a/src/resolv/async_resolv.c
+++ b/src/resolv/async_resolv.c
@@ -81,6
[SSSD] [sssd PR#5245][+Waiting for review] RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Title: #5245: RESOLV: Avoid DNS search to improve fail-over reaction Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][edited] RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Author: thalman Title: #5245: RESOLV: Avoid DNS search to improve fail-over reaction Action: edited Changed field: title Original value: """ WIP: RESOLV: Avoid DNS search to improve fail-over reaction """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][synchronized] WIP: RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245
Author: thalman
Title: #5245: WIP: RESOLV: Avoid DNS search to improve fail-over reaction
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5245/head:pr5245
git checkout pr5245
From 3b0c7b5ecbd50517df91c47218ed10ccf0eebd3a Mon Sep 17 00:00:00 2001
From: Tomas Halman
Date: Tue, 14 Jul 2020 17:34:36 +0200
Subject: [PATCH 1/4] RESOLV: Avoid DNS search to improve fail-over reaction
In case of unreachable DNS server or invalid hostname sssd/c-ares tries
to search in multiple domains based on the search directive
in resolv.conf
But the hostnames in config file are fully qualified and this just
extends the time spent with DNS resolution.
This patch set the c-ares library flags to avoid DNS search
Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=1608496
---
src/config/SSSDConfig/sssdoptions.py | 1 +
src/config/cfg_rules.ini | 1 +
src/config/etc/sssd.api.conf | 2 +-
src/providers/data_provider.h| 1 +
src/providers/data_provider_fo.c | 3 +++
src/resolv/async_resolv.c| 17 +++--
src/resolv/async_resolv.h| 3 ++-
7 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py
index f57ad4b41a..23bc457b81 100644
--- a/src/config/SSSDConfig/sssdoptions.py
+++ b/src/config/SSSDConfig/sssdoptions.py
@@ -191,6 +191,7 @@ def __init__(self):
'miliseconds)'),
'dns_resolver_op_timeout': _('How long should keep trying to resolve single DNS query (seconds)'),
'dns_resolver_timeout': _('How long to wait for replies from DNS when resolving servers (seconds)'),
+'dns_resolver_perform_dns_search': _('Should resolver perform DNS search'),
'dns_discovery_domain': _('The domain part of service discovery DNS query'),
'override_gid': _('Override GID value from the identity provider with this value'),
'case_sensitive': _('Treat usernames as case sensitive'),
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 2874ea048b..249cf4d9af 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -382,6 +382,7 @@ option = filter_groups
option = dns_resolver_server_timeout
option = dns_resolver_op_timeout
option = dns_resolver_timeout
+option = dns_resolver_perform_dns_search
option = dns_discovery_domain
option = override_gid
option = case_sensitive
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 035c33cad8..1adb0e1409 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -179,6 +179,7 @@ filter_groups = list, str, false
dns_resolver_server_timeout = int, None, false
dns_resolver_op_timeout = int, None, false
dns_resolver_timeout = int, None, false
+dns_resolver_perform_dns_search = bool, None, true
dns_discovery_domain = str, None, false
override_gid = int, None, false
case_sensitive = str, None, false
@@ -226,4 +227,3 @@ dyndns_server = str, None, false
[provider/deny]
[provider/deny/access]
-
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h
index 32215a0fa5..31eed0cafa 100644
--- a/src/providers/data_provider.h
+++ b/src/providers/data_provider.h
@@ -267,6 +267,7 @@ enum dp_res_opts {
DP_RES_OPT_RESOLVER_TIMEOUT,
DP_RES_OPT_RESOLVER_OP_TIMEOUT,
DP_RES_OPT_RESOLVER_SERVER_TIMEOUT,
+DP_RES_OPT_RESOLVER_PERFORM_DNS_SEARCH,
DP_RES_OPT_DNS_DOMAIN,
DP_RES_OPTS /* attrs counter */
diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c
index afc6081afa..58a3681ad4 100644
--- a/src/providers/data_provider_fo.c
+++ b/src/providers/data_provider_fo.c
@@ -836,6 +836,7 @@ static struct dp_option dp_res_default_opts[] = {
{ "dns_resolver_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
{ "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 3 }, NULL_NUMBER },
{ "dns_resolver_server_timeout", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER },
+{ "dns_resolver_perform_dns_search", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
{ "dns_discovery_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING },
DP_OPTION_TERMINATOR
};
@@ -899,6 +900,8 @@ errno_t be_res_init(struct be_ctx *ctx)
DP_RES_OPT_RESOLVER_OP_TIMEOUT),
dp_opt_get_int(ctx->be_res->opts,
DP_RES_OPT_RESOLVER_SERVER_TIMEOUT),
+ dp_opt_get_bool(ctx->be_res->opts,
+ DP_RES_OPT_RESOLVER_PERFORM_DNS_SEARCH),
>be_res->resolv);
if (ret != EOK) {
talloc_zfree(ctx->be_res);
diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c
index 00b9531d49..ce61670ef7 100644
--- a/src/resolv/async_resolv.c
+++
[SSSD] [sssd PR#5361][-Changes requested] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361 Title: #5361: negcache: multiple fixes Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5361][+Waiting for review] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361 Title: #5361: negcache: multiple fixes Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5361][comment] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361 Title: #5361: negcache: multiple fixes sumit-bose commented: """ Hi, thanks for the rigid review, the latest version should address your comments. bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/5361#issuecomment-724642834 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5361][comment] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361 Title: #5361: negcache: multiple fixes sumit-bose commented: """ > https://github.com/sumit-bose/sssd/blob/f095a01b804d97a46149c9f6593e7e99a63b7195/src/responder/common/negcache.c#L1009 > -- I think code should `continue` in case of any error, including `EAGAIN` > (there are 3 similar spots in this function) Hi, this missing `continue` for the users is in fact correct and in the following code the name is treated a generic UPN. I changed the debug message to make this more clear. For groups there are no UPNs should here we should continue on all errors. I fixed the code accordingly and comments. bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/5361#issuecomment-724641235 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5361][synchronized] negcache: multiple fixes
URL: https://github.com/SSSD/sssd/pull/5361
Author: sumit-bose
Title: #5361: negcache: multiple fixes
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5361/head:pr5361
git checkout pr5361
From 4706d27553fb6275c64301fa31913a9dc167 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 8 Oct 2020 12:18:41 +0200
Subject: [PATCH 1/4] negcache: make sure domain config does not leak into
global
Resolves: https://github.com/SSSD/sssd/issues/5238
---
src/responder/common/negcache.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index ce1c0ab8c3..139218420d 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -1050,6 +1050,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
}
}
+talloc_zfree(filter_list);
/* Populate non domain-specific negative cache user entries */
ret = confdb_get_string_as_list(cdb, tmpctx, CONFDB_NSS_CONF_ENTRY,
CONFDB_NSS_FILTER_USERS, _list);
@@ -1185,6 +1186,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
}
}
+talloc_zfree(filter_list);
/* Populate non domain-specific negative cache group entries */
ret = confdb_get_string_as_list(cdb, tmpctx, CONFDB_NSS_CONF_ENTRY,
CONFDB_NSS_FILTER_GROUPS, _list);
From 2329d6b6b6b1376f5217b71757ef986f50cfc2e6 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 8 Oct 2020 17:57:29 +0200
Subject: [PATCH 2/4] utils: add SSS_GND_SUBDOMAINS flag for get_next_domain()
To allow to only iterate over a singel domain an its sub-domains a new
flag is added to get_next_domain().
Resolves: https://github.com/SSSD/sssd/issues/5238
---
src/tests/cmocka/test_utils.c | 31 +++
src/util/domain_info_utils.c | 10 +++---
src/util/util.h | 4
3 files changed, 42 insertions(+), 3 deletions(-)
diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c
index 945f5cb44a..d77a972c1b 100644
--- a/src/tests/cmocka/test_utils.c
+++ b/src/tests/cmocka/test_utils.c
@@ -877,6 +877,37 @@ static void test_get_next_domain_flags(void **state)
dom = get_next_domain(dom, gnd_flags);
assert_null(dom);
+
+/* Descend only to subdomains */
+gnd_flags = SSS_GND_SUBDOMAINS | SSS_GND_INCLUDE_DISABLED;
+
+dom = get_next_domain(test_ctx->dom_list, gnd_flags);
+assert_non_null(dom);
+assert_string_equal(dom->name, "sub1a");
+
+dom = get_next_domain(dom, gnd_flags);
+assert_null(dom);
+
+dom = find_domain_by_name_ex(test_ctx->dom_list, "dom2", true,
+ SSS_GND_ALL_DOMAINS);
+assert_non_null(dom);
+assert_string_equal(dom->name, "dom2");
+
+dom = get_next_domain(dom, gnd_flags);
+assert_non_null(dom);
+assert_string_equal(dom->name, "sub2a");
+
+dom = get_next_domain(dom, gnd_flags);
+assert_non_null(dom);
+assert_string_equal(dom->name, "sub2b");
+
+dom = get_next_domain(dom, gnd_flags);
+assert_null(dom);
+
+/* Expect NULL if the domain has no sub-domains */
+test_ctx->dom_list->subdomains = NULL;
+dom = get_next_domain(test_ctx->dom_list, gnd_flags);
+assert_null(dom);
}
struct name_init_test_ctx {
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
index aa3582f038..4d4726daa1 100644
--- a/src/util/domain_info_utils.c
+++ b/src/util/domain_info_utils.c
@@ -39,16 +39,20 @@ struct sss_domain_info *get_next_domain(struct sss_domain_info *domain,
uint32_t gnd_flags)
{
struct sss_domain_info *dom;
-bool descend = gnd_flags & SSS_GND_DESCEND;
+bool descend = gnd_flags & (SSS_GND_DESCEND | SSS_GND_SUBDOMAINS);
bool include_disabled = gnd_flags & SSS_GND_INCLUDE_DISABLED;
+bool only_subdomains = gnd_flags & SSS_GND_SUBDOMAINS;
dom = domain;
while (dom) {
if (descend && dom->subdomains) {
dom = dom->subdomains;
-} else if (dom->next) {
+} else if (dom->next && only_subdomains && IS_SUBDOMAIN(dom)) {
dom = dom->next;
-} else if (descend && IS_SUBDOMAIN(dom) && dom->parent->next) {
+} else if (dom->next && !only_subdomains) {
+dom = dom->next;
+} else if (descend && !only_subdomains && IS_SUBDOMAIN(dom)
+&& dom->parent->next) {
dom = dom->parent->next;
} else {
dom = NULL;
diff --git a/src/util/util.h b/src/util/util.h
index fbcac5cd09..581c0edfbc 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -565,7 +565,11 @@ struct sss_domain_info *get_domains_head(struct sss_domain_info *domain);
#define SSS_GND_DESCEND 0x01
#define SSS_GND_INCLUDE_DISABLED 0x02
+/* Descend to sub-domains of current domain but do not
[SSSD] [sssd PR#5381][comment] pytest multihost tests for sssd
URL: https://github.com/SSSD/sssd/pull/5381
Title: #5381: pytest multihost tests for sssd
pbrezina commented:
"""
Thanks for the updates Steeve. There is an issue with one of the sudo tests,
see:
https://s3.eu-central-1.amazonaws.com/sssd-ci/PR-5381/6/rhel8/multihost-pytest.log
```
ERRORS
__ ERROR at setup of TestSanitySudo.test_refresh_expired_rule __
session_multihost =
request = >
@pytest.fixture
def generic_sudorule(session_multihost, request):
""" Create a generic sudo rule """
ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
ds_rootdn = 'cn=Directory Manager'
ds_rootpw = 'Secret123'
ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw)
> ldap_inst.org_unit('sudoers', 'dc=example,dc=test')
src/tests/multihost/basic/conftest.py:257:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/tests/multihost/sssd/testlib/common/utils.py:991: in org_unit
(ret, _) = self.add_entry(attr, org_dn)
src/tests/multihost/sssd/testlib/common/utils.py:839: in add_entry
self.conn.add_s(ldap_dn, ldif)
/usr/lib64/python3.6/site-packages/ldap/ldapobject.py:439: in add_s
return self.add_ext_s(dn,modlist,None,None)
/usr/lib64/python3.6/site-packages/ldap/ldapobject.py:425: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls =
self.result3(msgid,all=1,timeout=self.timeout)
/usr/lib64/python3.6/site-packages/ldap/ldapobject.py:767: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/lib64/python3.6/site-packages/ldap/ldapobject.py:774: in result4
ldap_result =
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/lib64/python3.6/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.6/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self =
func =
args = (2, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None
def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'msgtype': 105, 'msgid': 2, 'result': 68,
'desc': 'Already exists', 'ctrls': []}
/usr/lib64/python3.6/site-packages/ldap/ldapobject.py:324: ALREADY_EXISTS
= 27 passed, 1 error in 780.65 seconds =
This seems to be related to your PR since it passes on other PRs.
```
"""
See the full comment at
https://github.com/SSSD/sssd/pull/5381#issuecomment-724627101
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5370][comment] nss: Use posix_fallocate() to alloc memcache file
URL: https://github.com/SSSD/sssd/pull/5370 Title: #5370: nss: Use posix_fallocate() to alloc memcache file alexey-tikhonov commented: """ It's weird, but seems recent update somehow broke rawhide again... ``` make-intgcheck: failure 00:26:45 ci-build-debug/ci-make-intgcheck.log ``` """ See the full comment at https://github.com/SSSD/sssd/pull/5370#issuecomment-724598569 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
