On 04/11/2016 07:44 PM, Sumit Bose wrote:
On Fri, Apr 08, 2016 at 07:31:59PM +0300, Nikolai Kondrashov wrote:
On 04/06/2016 02:06 PM, Sumit Bose wrote:
I wonder if it would makes sense to add the cached user object to preq
in pam_check_user_search() to avoid the lookup in
pam_reply_export_shell(). The data is already allocated on preq and as
far as I can see never freed explicitly, so it wouldn't even cost more
memory.
Sure, that would be nice. However it's really hard for me to tell where that
would come from, where it's actually retrieved and what's the lifetime would
be. I really miss documentation there.
Could you suggest the change, perhaps?
sure, please have a look at attached (untested) patch. With this you start in
pam_reply_export_shell() with
+shell = ldb_msg_find_attr_as_string(preq->user_obj, SYSDB_SHELL, NULL);
+if (shell == NULL) {
+DEBUG(SSSDBG_CRIT_FAILURE, "user has no shell\n");
+ret = ENOENT;
+goto done;
+}
Thanks a lot Sumit, this is very helpful! However, the problem is the non-UPN
case is requesting the user with sysdb_getpwnam_with_views and
pam_reply_export_shell needs the non-overridden shell to pass it to tlog-rec,
as local override is the mechanism used to enable tlog-rec at the moment.
So, it seems we need the second lookup in pam_reply_export_shell after all.
Or am I missing something?
Thank you.
Nick
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org