[SSSD] [sssd PR#160][comment] Fix files provider reallocation logic
URL: https://github.com/SSSD/sssd/pull/160 Title: #160: Fix files provider reallocation logic pbrezina commented: """ `talloc_realloc` takes number of elements not the total size so ack. """ See the full comment at https://github.com/SSSD/sssd/pull/160#issuecomment-281609221 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#161][opened] pam_sss: check conversation callback
URL: https://github.com/SSSD/sssd/pull/161
Author: sumit-bose
Title: #161: pam_sss: check conversation callback
Action: opened
PR body:
"""
With this patch pam_sss checks if a conversation callback is available
before using it.
Resolves https://fedorahosted.org/sssd/ticket/3296
There is currently no test because I'm waiting for the pam-wrapper based tests
to be committed to add a test there.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/161/head:pr161
git checkout pr161
From 1bf9821133782c241f75bb0c86fcd0d63ebd7442 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Wed, 22 Feb 2017 11:39:48 +0100
Subject: [PATCH] pam_sss: check conversation callback
With this patch pam_sss checks if a conversation callback is available
before using it.
Resolves https://fedorahosted.org/sssd/ticket/3296
---
src/sss_client/pam_sss.c | 8
1 file changed, 8 insertions(+)
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
index b4175ae..03613b8 100644
--- a/src/sss_client/pam_sss.c
+++ b/src/sss_client/pam_sss.c
@@ -205,6 +205,10 @@ static int do_pam_conversation(pam_handle_t *pamh, const int msg_style,
ret=pam_get_item(pamh, PAM_CONV, (const void **) &conv);
if (ret != PAM_SUCCESS) return ret;
+if (conv == NULL || conv->conv == NULL) {
+logger(pamh, LOG_ERR, "No conversation function");
+return PAM_SYSTEM_ERR;
+}
do {
pam_msg = malloc(sizeof(struct pam_message));
@@ -1304,6 +1308,10 @@ static int prompt_2fa(pam_handle_t *pamh, struct pam_items *pi,
if (ret != PAM_SUCCESS) {
return ret;
}
+if (conv == NULL || conv->conv == NULL) {
+logger(pamh, LOG_ERR, "No conversation function");
+return PAM_SYSTEM_ERR;
+}
m[0].msg_style = PAM_PROMPT_ECHO_OFF;
m[0].msg = prompt_fa1;
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#66][+Pushed] Minor Dynamic DNS fixes
URL: https://github.com/SSSD/sssd/pull/66 Title: #66: Minor Dynamic DNS fixes Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#66][closed] Minor Dynamic DNS fixes
URL: https://github.com/SSSD/sssd/pull/66 Author: justin-stephenson Title: #66: Minor Dynamic DNS fixes Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/66/head:pr66 git checkout pr66 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#66][comment] Minor Dynamic DNS fixes
URL: https://github.com/SSSD/sssd/pull/66 Title: #66: Minor Dynamic DNS fixes jhrozek commented: """ * master: * d694d4fdcc81f24c2f9e3bb5a0dbe0a52498f196 * fccd8f9ab7a0ac9868c43ea0e8c3af142b2809fa """ See the full comment at https://github.com/SSSD/sssd/pull/66#issuecomment-281643200 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#161][comment] pam_sss: check conversation callback
URL: https://github.com/SSSD/sssd/pull/161 Title: #161: pam_sss: check conversation callback pbrezina commented: """ Ack. """ See the full comment at https://github.com/SSSD/sssd/pull/161#issuecomment-281643799 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#70][comment] check_duplicate: check name member before using it
URL: https://github.com/SSSD/sssd/pull/70 Title: #70: check_duplicate: check name member before using it jhrozek commented: """ Actually, let's push this PR now, there is a test so we won't regress """ See the full comment at https://github.com/SSSD/sssd/pull/70#issuecomment-281643957 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#70][comment] check_duplicate: check name member before using it
URL: https://github.com/SSSD/sssd/pull/70 Title: #70: check_duplicate: check name member before using it jhrozek commented: """ master: 454cf0c3808a9f6a0c9f79e9796e17c58907ee6c 08bf6b4a281ef4308119dccbba4e86cf28b505d2 sssd-1-14: c14980e81253aaec2fddb4f794fb1eb39167e885 bb4b624bfb3a08fc3b2989d0cce05afd2c3d4843 """ See the full comment at https://github.com/SSSD/sssd/pull/70#issuecomment-281645844 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#70][+Pushed] check_duplicate: check name member before using it
URL: https://github.com/SSSD/sssd/pull/70 Title: #70: check_duplicate: check name member before using it Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#70][closed] check_duplicate: check name member before using it
URL: https://github.com/SSSD/sssd/pull/70 Author: sumit-bose Title: #70: check_duplicate: check name member before using it Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/70/head:pr70 git checkout pr70 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#161][+Accepted] pam_sss: check conversation callback
URL: https://github.com/SSSD/sssd/pull/161 Title: #161: pam_sss: check conversation callback Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#159][comment] pam: use authtok from PAM stack if available
URL: https://github.com/SSSD/sssd/pull/159 Title: #159: pam: use authtok from PAM stack if available pbrezina commented: """ Will this fix https://bugzilla.redhat.com/show_bug.cgi?id=1329598 ? """ See the full comment at https://github.com/SSSD/sssd/pull/159#issuecomment-281647271 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#160][comment] Fix files provider reallocation logic
URL: https://github.com/SSSD/sssd/pull/160 Title: #160: Fix files provider reallocation logic jhrozek commented: """ * master: fc91d72f32660712f7c9e872e00deb91f188fea3 """ See the full comment at https://github.com/SSSD/sssd/pull/160#issuecomment-281655954 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#160][+Pushed] Fix files provider reallocation logic
URL: https://github.com/SSSD/sssd/pull/160 Title: #160: Fix files provider reallocation logic Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#160][closed] Fix files provider reallocation logic
URL: https://github.com/SSSD/sssd/pull/160 Author: jhrozek Title: #160: Fix files provider reallocation logic Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/160/head:pr160 git checkout pr160 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#161][+Pushed] pam_sss: check conversation callback
URL: https://github.com/SSSD/sssd/pull/161 Title: #161: pam_sss: check conversation callback Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#161][closed] pam_sss: check conversation callback
URL: https://github.com/SSSD/sssd/pull/161 Author: sumit-bose Title: #161: pam_sss: check conversation callback Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/161/head:pr161 git checkout pr161 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#161][comment] pam_sss: check conversation callback
URL: https://github.com/SSSD/sssd/pull/161 Title: #161: pam_sss: check conversation callback jhrozek commented: """ Fixed upstream: * master: 0965a77c4ff0b358d24582955cb7ae375ebaa0d2 * sssd-1-14: ba8e3f2850e5a328bc3e732b471280fc4fa49c53 * sssd-1-13: cc8c28ad26ae8dbd7e8bee1dee6d5439f2ee06fe """ See the full comment at https://github.com/SSSD/sssd/pull/161#issuecomment-281662475 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#159][comment] pam: use authtok from PAM stack if available
URL: https://github.com/SSSD/sssd/pull/159 Title: #159: pam: use authtok from PAM stack if available sumit-bose commented: """ > Will this fix https://bugzilla.redhat.com/show_bug.cgi?id=1329598 ? Yes, if the control of the pam_unix auth is changed in authconfig as described above (die->ignore). """ See the full comment at https://github.com/SSSD/sssd/pull/159#issuecomment-281663151 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#155][comment] MONITOR: Don't return an error in case we fail to register a service
URL: https://github.com/SSSD/sssd/pull/155 Title: #155: MONITOR: Don't return an error in case we fail to register a service jhrozek commented: """ * master: 86bcc81a665dde4799d67ab7ea2bbd23608e7dab """ See the full comment at https://github.com/SSSD/sssd/pull/155#issuecomment-281663999 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#155][-Accepted] MONITOR: Don't return an error in case we fail to register a service
URL: https://github.com/SSSD/sssd/pull/155 Title: #155: MONITOR: Don't return an error in case we fail to register a service Label: -Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#155][+Pushed] MONITOR: Don't return an error in case we fail to register a service
URL: https://github.com/SSSD/sssd/pull/155 Title: #155: MONITOR: Don't return an error in case we fail to register a service Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#155][closed] MONITOR: Don't return an error in case we fail to register a service
URL: https://github.com/SSSD/sssd/pull/155 Author: fidencio Title: #155: MONITOR: Don't return an error in case we fail to register a service Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/155/head:pr155 git checkout pr155 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#156][comment] FILES: Remove unnecessary check
URL: https://github.com/SSSD/sssd/pull/156 Title: #156: FILES: Remove unnecessary check jhrozek commented: """ No, I meant the one in save_group, but you're right the check for \0 is strange. """ See the full comment at https://github.com/SSSD/sssd/pull/156#issuecomment-281665452 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#156][closed] FILES: Remove unnecessary check
URL: https://github.com/SSSD/sssd/pull/156 Author: lslebodn Title: #156: FILES: Remove unnecessary check Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/156/head:pr156 git checkout pr156 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#156][+Pushed] FILES: Remove unnecessary check
URL: https://github.com/SSSD/sssd/pull/156 Title: #156: FILES: Remove unnecessary check Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#156][comment] FILES: Remove unnecessary check
URL: https://github.com/SSSD/sssd/pull/156 Title: #156: FILES: Remove unnecessary check jhrozek commented: """ * master: 1f49be4429c17475b789e9089ce4d0ae48315e74 """ See the full comment at https://github.com/SSSD/sssd/pull/156#issuecomment-281666431 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#162][opened] cache_req: use own namespace for UPNs
URL: https://github.com/SSSD/sssd/pull/162
Author: sumit-bose
Title: #162: cache_req: use own namespace for UPNs
Action: opened
PR body:
"""
If the UPN use the same domain name as the configured domain an
unsuccessful lookup by name will already create an entry in the negative
cache. If the lookup by UPN would use the same namespace the lookup will
immediately be finished because there would already be an entry in the
negative cache.
Resolves https://fedorahosted.org/sssd/ticket/3313
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/162/head:pr162
git checkout pr162
From a9c01dfbc0693525d8a0aff736bacc13117702c0 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Wed, 22 Feb 2017 14:34:06 +0100
Subject: [PATCH] cache_req: use own namespace for UPNs
If the UPN use the same domain name as the configured domain an
unsuccessful lookup by name will already create an entry in the negative
cache. If the lookup by UPN would use the same namespace the lookup will
immediately be finished because there would already be an entry in the
negative cache.
Resolves https://fedorahosted.org/sssd/ticket/3313
---
Makefile.am| 1 +
.../cache_req/plugins/cache_req_user_by_upn.c | 4 +-
src/responder/common/negcache.c| 36
src/responder/common/negcache.h| 4 ++
src/tests/cmocka/test_nss_srv.c| 49 ++
5 files changed, 92 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index e676e18..8e8eb9a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2192,6 +2192,7 @@ nss_srv_tests_CFLAGS = \
$(AM_CFLAGS)
nss_srv_tests_LDFLAGS = \
-Wl,-wrap,sss_ncache_check_user \
+-Wl,-wrap,sss_ncache_check_upn \
-Wl,-wrap,sss_ncache_check_uid \
-Wl,-wrap,sss_ncache_check_sid \
-Wl,-wrap,sss_ncache_check_cert \
diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_upn.c b/src/responder/common/cache_req/plugins/cache_req_user_by_upn.c
index f496479..9c69573 100644
--- a/src/responder/common/cache_req/plugins/cache_req_user_by_upn.c
+++ b/src/responder/common/cache_req/plugins/cache_req_user_by_upn.c
@@ -66,7 +66,7 @@ cache_req_user_by_upn_ncache_check(struct sss_nc_ctx *ncache,
struct sss_domain_info *domain,
struct cache_req_data *data)
{
-return sss_ncache_check_user(ncache, domain, data->name.lookup);
+return sss_ncache_check_upn(ncache, domain, data->name.lookup);
}
static errno_t
@@ -74,7 +74,7 @@ cache_req_user_by_upn_ncache_add(struct sss_nc_ctx *ncache,
struct sss_domain_info *domain,
struct cache_req_data *data)
{
-return sss_ncache_set_user(ncache, false, domain, data->name.lookup);
+return sss_ncache_set_upn(ncache, false, domain, data->name.lookup);
}
static errno_t
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index 944a06e..084c47a 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -289,6 +289,24 @@ int sss_ncache_check_user(struct sss_nc_ctx *ctx, struct sss_domain_info *dom,
return sss_cache_check_ent(ctx, dom, name, sss_ncache_check_user_int);
}
+int sss_ncache_check_upn(struct sss_nc_ctx *ctx, struct sss_domain_info *dom,
+ const char *name)
+{
+char *neg_cache_name = NULL;
+errno_t ret;
+
+neg_cache_name = talloc_asprintf(ctx, "@%s", name);
+if (neg_cache_name == NULL) {
+return ENOMEM;
+}
+
+ret = sss_cache_check_ent(ctx, dom, neg_cache_name,
+ sss_ncache_check_user_int);
+talloc_free(neg_cache_name);
+
+return ret;
+}
+
int sss_ncache_check_group(struct sss_nc_ctx *ctx, struct sss_domain_info *dom,
const char *name)
{
@@ -540,6 +558,24 @@ int sss_ncache_set_user(struct sss_nc_ctx *ctx, bool permanent,
return sss_ncache_set_ent(ctx, permanent, dom, name, sss_ncache_set_user_int);
}
+int sss_ncache_set_upn(struct sss_nc_ctx *ctx, bool permanent,
+ struct sss_domain_info *dom, const char *name)
+{
+char *neg_cache_name = NULL;
+errno_t ret;
+
+neg_cache_name = talloc_asprintf(ctx, "@%s", name);
+if (neg_cache_name == NULL) {
+return ENOMEM;
+}
+
+ret = sss_ncache_set_ent(ctx, permanent, dom, neg_cache_name,
+ sss_ncache_set_user_int);
+talloc_free(neg_cache_name);
+
+return ret;
+}
+
int sss_ncache_set_group(struct sss_nc_ctx *ctx, bool permanent,
struct sss_domain_info *dom, const char *name)
{
diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h
index 8af736a..782ec14 100644
--- a/src/responder/common/negcache.h
+++ b/src/responder/common/negcache.h
@@ -33,6 +33,
[SSSD] [sssd PR#139][comment] Initial revision of sssd pytest framework
URL: https://github.com/SSSD/sssd/pull/139 Title: #139: Initial revision of sssd pytest framework mrniranjan commented: """ @lslebodn @jhrozek i have an internal fix for pep8 and whitespaces, and also a lot of pylint fixes are pending internal review. i will try to send a revised patch by this week. """ See the full comment at https://github.com/SSSD/sssd/pull/139#issuecomment-281675002 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#137][comment] Initial pkinit support
URL: https://github.com/SSSD/sssd/pull/137 Title: #137: Initial pkinit support jhrozek commented: """ The patches work now, if the three small issues above and the individual compilation are addressed, I'll ack """ See the full comment at https://github.com/SSSD/sssd/pull/137#issuecomment-281685683 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#137][+Changes requested] Initial pkinit support
URL: https://github.com/SSSD/sssd/pull/137 Title: #137: Initial pkinit support Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#163][opened] Enable the files domain for all sssd configurations
URL: https://github.com/SSSD/sssd/pull/163
Author: jhrozek
Title: #163: Enable the files domain for all sssd configurations
Action: opened
PR body:
"""
This patch is a prerequisite for Fedora-26 feature:
https://fedoraproject.org/wiki/Changes/SSSDCacheForLocalUsers
Adds a new build-time option that defaults to being disabled. When this
option is enabled, sssd will always configure a files domain (unless one
already exists) and place it on the first place in the list.
Distributions that wish to configure the NSS modules in the order of
'sss files' are expected to enable this option.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/163/head:pr163
git checkout pr163
From 857bc6bfdaaba774e2ef393976adddec743e596a Mon Sep 17 00:00:00 2001
From: Jakub Hrozek
Date: Tue, 21 Feb 2017 16:34:45 +0100
Subject: [PATCH 1/3] MONITOR: Enable an implicit files domain if one is not
configured
Resolves:
https://fedorahosted.org/sssd/ticket/3112
If SSSD is compiled with --enable-files-domain, the loading of the
domains changes such that:
* if no domain with id_provider=files exists in the config file, an
implicit SSSD files domain is added
* this domain is always first in the list
The administrator is free to create a files domain in the config file
himself and either place it at the end of the list or not enable it at
all.
---
src/conf_macros.m4| 12
src/confdb/confdb.c | 165 ++
src/confdb/confdb.h | 3 +
src/monitor/monitor.c | 11
4 files changed, 191 insertions(+)
diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
index 427b0e0..bd65217 100644
--- a/src/conf_macros.m4
+++ b/src/conf_macros.m4
@@ -903,3 +903,15 @@ AC_DEFUN([WITH_SECRETS_DB_PATH],
AC_SUBST(secdbpath)
AC_DEFINE_UNQUOTED(SECRETS_DB_PATH, "$config_secdbpath", [Path to the SSSD Secrets databases])
])
+
+AC_ARG_ENABLE([files-domain],
+ [AS_HELP_STRING([--enable-files-domain],
+ [If this feature is enabled, then SSSD always enables
+ a domain with id_provider=files even if the domain
+ is not specified in the config file
+ [default=no]])],
+ [enable_files_domain=$enableval],
+ [enable_files_domain=no])
+AS_IF([test x$enable_files_domain = xyes],
+ AC_DEFINE_UNQUOTED([ADD_FILES_DOMAIN], [1],
+ [whether to build unconditionally enable files domain]))
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index c7afd68..980cabc 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1643,3 +1643,168 @@ int confdb_get_sub_sections(TALLOC_CTX *mem_ctx,
talloc_free(tmp_ctx);
return ret;
}
+
+#ifdef ADD_FILES_DOMAIN
+static int confdb_has_files_domain(struct confdb_ctx *cdb)
+{
+TALLOC_CTX *tmp_ctx = NULL;
+struct ldb_dn *dn = NULL;
+struct ldb_result *res = NULL;
+static const char *attrs[] = {CONFDB_DOMAIN_ID_PROVIDER, NULL};
+const char *id_provider = NULL;
+int ret;
+unsigned int i;
+
+tmp_ctx = talloc_new(NULL);
+if (tmp_ctx == NULL) {
+return ENOMEM;
+}
+
+dn = ldb_dn_new(tmp_ctx, cdb->ldb, CONFDB_DOMAIN_BASEDN);
+if (dn == NULL) {
+ret = ENOMEM;
+goto done;
+}
+
+ret = ldb_search(cdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_ONELEVEL,
+ attrs, NULL);
+if (ret != LDB_SUCCESS) {
+ret = EIO;
+goto done;
+}
+
+for (i = 0; i < res->count; i++) {
+id_provider = ldb_msg_find_attr_as_string(res->msgs[i],
+ CONFDB_DOMAIN_ID_PROVIDER,
+ NULL);
+if (id_provider == NULL) {
+DEBUG(SSSDBG_CRIT_FAILURE,
+ "The object [%s] doesn't have a id_provider\n",
+ ldb_dn_get_linearized(res->msgs[i]->dn));
+ret = EINVAL;
+goto done;
+}
+
+if (strcasecmp(id_provider, "files") == 0) {
+break;
+}
+}
+
+ret = i < res->count ? EOK : ENOENT;
+done:
+talloc_free(tmp_ctx);
+return ret;
+}
+
+static int create_files_domain(struct confdb_ctx *cdb,
+ const char *name)
+{
+TALLOC_CTX *tmp_ctx = NULL;
+errno_t ret;
+char *cdb_path = NULL;
+const char *val[2] = {NULL, NULL};
+
+tmp_ctx = talloc_new(NULL);
+if (tmp_ctx == NULL) {
+DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
+return ENOMEM;
+}
+
+cdb_path = talloc_asprintf(tmp_ctx, CONFDB_DOMAIN_PATH_TMPL, name);
+if (cdb_path == NULL) {
+ret = ENOMEM;
+goto done;
+}
+
+val[0] = "files";
+ret = confdb_add_param(cdb, true, cdb_path, "id_provider", val);
+if (ret != EOK) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add
[SSSD] [sssd PR#137][synchronized] Initial pkinit support
URL: https://github.com/SSSD/sssd/pull/137
Author: sumit-bose
Title: #137: Initial pkinit support
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/137/head:pr137
git checkout pr137
From 0c0b2103dd5cd3bedaacbd239a6cfef66b5c75aa Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Mon, 19 Sep 2016 16:56:46 +0200
Subject: [PATCH 01/10] PAM: store user object in the preq context
---
src/responder/pam/pamsrv.h | 1 +
src/responder/pam/pamsrv_cmd.c | 12 ++--
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h
index 75045d0..e356812 100644
--- a/src/responder/pam/pamsrv.h
+++ b/src/responder/pam/pamsrv.h
@@ -68,6 +68,7 @@ struct pam_auth_req {
struct pam_auth_dp_req *dpreq_spy;
+struct ldb_message *user_obj;
struct ldb_message *cert_user_obj;
char *token_name;
};
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index e73a819..e74dd16 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -1560,7 +1560,6 @@ static int pam_check_user_search(struct pam_auth_req *preq)
struct pam_ctx *pctx =
talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
static const char *user_attrs[] = SYSDB_PW_ATTRS;
-struct ldb_message *msg;
struct ldb_result *res;
const char *sysdb_name;
@@ -1621,11 +1620,12 @@ static int pam_check_user_search(struct pam_auth_req *preq)
}
if (preq->pd->name_is_upn) {
-ret = sysdb_search_user_by_upn(preq, dom, name, user_attrs, &msg);
+ret = sysdb_search_user_by_upn(preq, dom, name, user_attrs,
+ &preq->user_obj);
if (ret == EOK) {
/* Since sysdb_search_user_by_upn() searches the whole cache we
* have to set the domain so that it matches the result. */
-sysdb_name = ldb_msg_find_attr_as_string(msg,
+sysdb_name = ldb_msg_find_attr_as_string(preq->user_obj,
SYSDB_NAME, NULL);
if (sysdb_name == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cached entry has no name.\n");
@@ -1654,7 +1654,7 @@ static int pam_check_user_search(struct pam_auth_req *preq)
} else if (res->count == 0) {
ret = ENOENT;
} else {
-msg = res->msgs[0];
+preq->user_obj = res->msgs[0];
}
}
if (ret != EOK && ret != ENOENT) {
@@ -1693,7 +1693,7 @@ static int pam_check_user_search(struct pam_auth_req *preq)
/* if we need to check the remote account go on */
if (preq->check_provider) {
-cacheExpire = ldb_msg_find_attr_as_uint64(msg,
+cacheExpire = ldb_msg_find_attr_as_uint64(preq->user_obj,
SYSDB_CACHE_EXPIRE, 0);
if (cacheExpire < time(NULL)) {
break;
@@ -1704,7 +1704,7 @@ static int pam_check_user_search(struct pam_auth_req *preq)
"Returning info for user [%s@%s]\n", name, dom->name);
/* We might have searched by alias. Pass on the primary name */
-ret = pd_set_primary_name(msg, preq->pd);
+ret = pd_set_primary_name(preq->user_obj, preq->pd);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Could not canonicalize username\n");
return ret;
From 2ee4652d4c8cc687ac705d20ab81e7faf5408432 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Wed, 25 Jan 2017 17:34:54 +0100
Subject: [PATCH 02/10] PAM: fix memory leak in pam_sss
Since there can be multiple rounds trips between the PAM client and SSSD
it might be possible that the same data is send multiple times by SSSD.
So before overriding the old data it should be freed. I've seen this
with the domain name which is send both in the pre-auth and the auth
responses. To be on the safe side I added free() for some other items as
well.
---
src/sss_client/pam_sss.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
index 03613b8..8f97af7 100644
--- a/src/sss_client/pam_sss.c
+++ b/src/sss_client/pam_sss.c
@@ -869,6 +869,7 @@ static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf,
break;
}
D(("domain name: [%s]", &buf[p]));
+free(pi->domain_name);
pi->domain_name = strdup((char *) &buf[p]);
if (pi->domain_name == NULL) {
D(("strdup failed"));
@@ -937,6 +938,7 @@ static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf,
break;
}
+free(pi->otp_vendor);
pi->otp_vendor = strdup((char *) &buf[p]
[SSSD] [sssd PR#137][comment] Initial pkinit support
URL: https://github.com/SSSD/sssd/pull/137 Title: #137: Initial pkinit support sumit-bose commented: """ Thank you for the rigid review, I've fixed the comments move some strucht members to a previous patch to not break the individual compilation. """ See the full comment at https://github.com/SSSD/sssd/pull/137#issuecomment-281740575 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#137][-Changes requested] Initial pkinit support
URL: https://github.com/SSSD/sssd/pull/137 Title: #137: Initial pkinit support Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#164][opened] Remove unused import of run_shell from tests
URL: https://github.com/SSSD/sssd/pull/164 Author: jhrozek Title: #164: Remove unused import of run_shell from tests Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/164/head:pr164 git checkout pr164 From efe4c54d49013a98be5e23935cfe4fae733f29d8 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 22 Feb 2017 18:44:55 +0100 Subject: [PATCH] TESTS: Remove unused import --- src/tests/intg/test_ts_cache.py | 1 - 1 file changed, 1 deletion(-) diff --git a/src/tests/intg/test_ts_cache.py b/src/tests/intg/test_ts_cache.py index ce0a7c7..445cdf6 100644 --- a/src/tests/intg/test_ts_cache.py +++ b/src/tests/intg/test_ts_cache.py @@ -33,7 +33,6 @@ import sssd_ldb import sssd_id from util import unindent -from util import run_shell LDAP_BASE_DN = "dc=example,dc=com" SSSD_DOMAIN = "LDAP" ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#165][opened] selinux: Do not fail if SELinux is not managed
URL: https://github.com/SSSD/sssd/pull/165
Author: mzidek-rh
Title: #165: selinux: Do not fail if SELinux is not managed
Action: opened
PR body:
"""
Previously we failed if selinux_is_managed returned
0 or -1 (not managed or error). With this patch we
only fail in case of error and continue normally if
selinux is not managed by libsemanage at all.
Resolves:
https://fedorahosted.org/sssd/ticket/3297
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/165/head:pr165
git checkout pr165
From 013b86dbdb0a98a382a1b726732f7b20076aabea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?=
Date: Wed, 8 Feb 2017 12:01:37 +0100
Subject: [PATCH] selinux: Do not fail if SELinux is not managed
Previously we failed if selinux_is_managed returned
0 or -1 (not managed or error). With this patch we
only fail in case of error and continue normally if
selinux is not managed by libsemanage at all.
Resolves:
https://fedorahosted.org/sssd/ticket/3297
---
src/providers/ipa/selinux_child.c | 4 +++
src/util/sss_semanage.c | 63 +--
src/util/util_errors.c| 1 +
src/util/util_errors.h| 1 +
4 files changed, 46 insertions(+), 23 deletions(-)
diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c
index 380005c..09a167f 100644
--- a/src/providers/ipa/selinux_child.c
+++ b/src/providers/ipa/selinux_child.c
@@ -182,6 +182,10 @@ static bool seuser_needs_update(struct input_buffer *ibuf)
strcmp(db_mls_range, ibuf->mls_range) == 0) {
needs_update = false;
}
+/* OR */
+if (ret == ERR_SELINUX_NOT_MANAGED) {
+needs_update = false;
+}
talloc_free(db_seuser);
talloc_free(db_mls_range);
diff --git a/src/util/sss_semanage.c b/src/util/sss_semanage.c
index fe06bee..9f58fb9 100644
--- a/src/util/sss_semanage.c
+++ b/src/util/sss_semanage.c
@@ -73,7 +73,7 @@ static void sss_semanage_close(semanage_handle_t *handle)
semanage_handle_destroy(handle);
}
-static semanage_handle_t *sss_semanage_init(void)
+int sss_semanage_init(semanage_handle_t **_handle)
{
int ret;
semanage_handle_t *handle = NULL;
@@ -81,7 +81,8 @@ static semanage_handle_t *sss_semanage_init(void)
handle = semanage_handle_create();
if (!handle) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux management handle\n");
-return NULL;
+ret = EIO;
+goto done;
}
semanage_msg_set_callback(handle,
@@ -89,28 +90,41 @@ static semanage_handle_t *sss_semanage_init(void)
NULL);
ret = semanage_is_managed(handle);
-if (ret != 1) {
-DEBUG(SSSDBG_CRIT_FAILURE, "SELinux policy not managed\n");
-goto fail;
+if (ret == 0) {
+DEBUG(SSSDBG_TRACE_FUNC, "SELinux policy not managed\n");
+ret = ERR_SELINUX_NOT_MANAGED;
+goto done;
+} else if ( ret == -1) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Call to semanage_is_managed failed\n");
+ret = EIO;
+goto done;
}
ret = semanage_access_check(handle);
if (ret < SEMANAGE_CAN_READ) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot read SELinux policy store\n");
-goto fail;
+ret = EACCES;
+goto done;
}
ret = semanage_connect(handle);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Cannot estabilish SELinux management connection\n");
-goto fail;
+ret = EIO;
+goto done;
}
-return handle;
-fail:
-sss_semanage_close(handle);
-return NULL;
+ret = EOK;
+
+done:
+if (ret != EOK) {
+sss_semanage_close(handle);
+} else {
+*_handle = handle;
+}
+
+return ret;
}
static int sss_semanage_user_add(semanage_handle_t *handle,
@@ -228,10 +242,11 @@ int set_seuser(const char *login_name, const char *seuser_name,
return EOK;
}
-handle = sss_semanage_init();
-if (!handle) {
-DEBUG(SSSDBG_CRIT_FAILURE, "Cannot init SELinux management\n");
-ret = EIO;
+ret = sss_semanage_init(&handle);
+if (ret != EOK) {
+if (ret != ERR_SELINUX_NOT_MANAGED) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux handle\n");
+}
goto done;
}
@@ -295,10 +310,11 @@ int del_seuser(const char *login_name)
int ret;
int exists = 0;
-handle = sss_semanage_init();
-if (!handle) {
-DEBUG(SSSDBG_CRIT_FAILURE, "Cannot init SELinux management\n");
-ret = EIO;
+ret = sss_semanage_init(&handle);
+if (ret != EOK) {
+if (ret != ERR_SELINUX_NOT_MANAGED) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux handle\n");
+}
goto done;
}
@@ -377,10 +393,11 @@ int get_seuser(TALLOC_CTX *mem_ctx, const char *login_name,
semanage_seuser_t *sm_user = NULL;
semanage_seuser_key_t *sm_key = NULL
[SSSD] [sssd PR#165][comment] selinux: Do not fail if SELinux is not managed
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed mzidek-rh commented: """ I did not test this last version yet, because I have some issues with my test environment, but very similar version worked for me :) . So feel free to test/review. """ See the full comment at https://github.com/SSSD/sssd/pull/165#issuecomment-281756180 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#165][synchronized] selinux: Do not fail if SELinux is not managed
URL: https://github.com/SSSD/sssd/pull/165
Author: mzidek-rh
Title: #165: selinux: Do not fail if SELinux is not managed
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/165/head:pr165
git checkout pr165
From 946a05d7fa975593c8ece221eaa78a3213fc9608 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?=
Date: Wed, 8 Feb 2017 12:01:37 +0100
Subject: [PATCH] selinux: Do not fail if SELinux is not managed
Previously we failed if semanage_is_managed returned
0 or -1 (not managed or error). With this patch we
only fail in case of error and continue normally if
selinux is not managed by libsemanage at all.
Resolves:
https://fedorahosted.org/sssd/ticket/3297
---
src/providers/ipa/selinux_child.c | 4 +++
src/util/sss_semanage.c | 63 +--
src/util/util_errors.c| 1 +
src/util/util_errors.h| 1 +
4 files changed, 46 insertions(+), 23 deletions(-)
diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c
index 380005c..09a167f 100644
--- a/src/providers/ipa/selinux_child.c
+++ b/src/providers/ipa/selinux_child.c
@@ -182,6 +182,10 @@ static bool seuser_needs_update(struct input_buffer *ibuf)
strcmp(db_mls_range, ibuf->mls_range) == 0) {
needs_update = false;
}
+/* OR */
+if (ret == ERR_SELINUX_NOT_MANAGED) {
+needs_update = false;
+}
talloc_free(db_seuser);
talloc_free(db_mls_range);
diff --git a/src/util/sss_semanage.c b/src/util/sss_semanage.c
index fe06bee..9f58fb9 100644
--- a/src/util/sss_semanage.c
+++ b/src/util/sss_semanage.c
@@ -73,7 +73,7 @@ static void sss_semanage_close(semanage_handle_t *handle)
semanage_handle_destroy(handle);
}
-static semanage_handle_t *sss_semanage_init(void)
+int sss_semanage_init(semanage_handle_t **_handle)
{
int ret;
semanage_handle_t *handle = NULL;
@@ -81,7 +81,8 @@ static semanage_handle_t *sss_semanage_init(void)
handle = semanage_handle_create();
if (!handle) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux management handle\n");
-return NULL;
+ret = EIO;
+goto done;
}
semanage_msg_set_callback(handle,
@@ -89,28 +90,41 @@ static semanage_handle_t *sss_semanage_init(void)
NULL);
ret = semanage_is_managed(handle);
-if (ret != 1) {
-DEBUG(SSSDBG_CRIT_FAILURE, "SELinux policy not managed\n");
-goto fail;
+if (ret == 0) {
+DEBUG(SSSDBG_TRACE_FUNC, "SELinux policy not managed\n");
+ret = ERR_SELINUX_NOT_MANAGED;
+goto done;
+} else if ( ret == -1) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Call to semanage_is_managed failed\n");
+ret = EIO;
+goto done;
}
ret = semanage_access_check(handle);
if (ret < SEMANAGE_CAN_READ) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot read SELinux policy store\n");
-goto fail;
+ret = EACCES;
+goto done;
}
ret = semanage_connect(handle);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Cannot estabilish SELinux management connection\n");
-goto fail;
+ret = EIO;
+goto done;
}
-return handle;
-fail:
-sss_semanage_close(handle);
-return NULL;
+ret = EOK;
+
+done:
+if (ret != EOK) {
+sss_semanage_close(handle);
+} else {
+*_handle = handle;
+}
+
+return ret;
}
static int sss_semanage_user_add(semanage_handle_t *handle,
@@ -228,10 +242,11 @@ int set_seuser(const char *login_name, const char *seuser_name,
return EOK;
}
-handle = sss_semanage_init();
-if (!handle) {
-DEBUG(SSSDBG_CRIT_FAILURE, "Cannot init SELinux management\n");
-ret = EIO;
+ret = sss_semanage_init(&handle);
+if (ret != EOK) {
+if (ret != ERR_SELINUX_NOT_MANAGED) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux handle\n");
+}
goto done;
}
@@ -295,10 +310,11 @@ int del_seuser(const char *login_name)
int ret;
int exists = 0;
-handle = sss_semanage_init();
-if (!handle) {
-DEBUG(SSSDBG_CRIT_FAILURE, "Cannot init SELinux management\n");
-ret = EIO;
+ret = sss_semanage_init(&handle);
+if (ret != EOK) {
+if (ret != ERR_SELINUX_NOT_MANAGED) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux handle\n");
+}
goto done;
}
@@ -377,10 +393,11 @@ int get_seuser(TALLOC_CTX *mem_ctx, const char *login_name,
semanage_seuser_t *sm_user = NULL;
semanage_seuser_key_t *sm_key = NULL;
-sm_handle = sss_semanage_init();
-if (sm_handle == NULL) {
-DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux handle\n");
-ret = EIO;
+ret = sss_semanage_init(&sm_handle);
+if (ret != EOK) {
+if (ret != ERR_SELINUX_NOT_M
[SSSD] [sssd PR#165][edited] selinux: Do not fail if SELinux is not managed
URL: https://github.com/SSSD/sssd/pull/165 Author: mzidek-rh Title: #165: selinux: Do not fail if SELinux is not managed Action: edited Changed field: body Original value: """ Previously we failed if selinux_is_managed returned 0 or -1 (not managed or error). With this patch we only fail in case of error and continue normally if selinux is not managed by libsemanage at all. Resolves: https://fedorahosted.org/sssd/ticket/3297 """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#165][comment] selinux: Do not fail if SELinux is not managed
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed mzidek-rh commented: """ fixed a typo in commit message """ See the full comment at https://github.com/SSSD/sssd/pull/165#issuecomment-281760081 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#164][comment] Remove unused import of run_shell from tests
URL: https://github.com/SSSD/sssd/pull/164 Title: #164: Remove unused import of run_shell from tests fidencio commented: """ Obvious ACK. Interesting that it's been there since forever. """ See the full comment at https://github.com/SSSD/sssd/pull/164#issuecomment-281760586 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#164][+Accepted] Remove unused import of run_shell from tests
URL: https://github.com/SSSD/sssd/pull/164 Title: #164: Remove unused import of run_shell from tests Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#166][opened] Please see the commit message for commit description.
URL: https://github.com/SSSD/sssd/pull/166
Author: jhrozek
Title: #166: Please see the commit message for commit description.
Action: opened
PR body:
"""
To reproduce, log in as a user from a trusted domain. Before the patch,
you should see an error message about the domain not being found such as:
(Wed Feb 22 20:35:33 2017) [sssd[nss]] [nss_update_initgr_memcache]
(0x0040): Unknown domain (win.trust.test) requested by provider
and the memory cache wouldn't be in fact be invalidated.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/166/head:pr166
git checkout pr166
From 4ecdd930e60929c8fd00d7b82fab9473cc4c9b51 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek
Date: Wed, 22 Feb 2017 21:36:37 +0100
Subject: [PATCH] NSS: Fix invalidating memory cache for subdomain users
get_next_domain() was called without any special flags, meaning it only
iterates over main domains. We need to instead use the SSS_GND_DESCEND
flag to make sure sudomains are taken into account, too.
---
src/responder/nss/nss_iface.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/responder/nss/nss_iface.c b/src/responder/nss/nss_iface.c
index fee95f8..c40d3d1 100644
--- a/src/responder/nss/nss_iface.c
+++ b/src/responder/nss/nss_iface.c
@@ -36,7 +36,9 @@ void nss_update_initgr_memcache(struct nss_ctx *nctx,
int ret;
int i, j;
-for (dom = nctx->rctx->domains; dom; dom = get_next_domain(dom, 0)) {
+for (dom = nctx->rctx->domains;
+ dom;
+ dom = get_next_domain(dom, SSS_GND_DESCEND)) {
if (strcasecmp(dom->name, domain) == 0) {
break;
}
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#166][edited] Please see the commit message for commit description.
URL: https://github.com/SSSD/sssd/pull/166 Author: jhrozek Title: #166: Please see the commit message for commit description. Action: edited Changed field: title Original value: """ Please see the commit message for commit description. """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
