[SSSD] [sssd PR#682][+Accepted] DYNDNS: Drop support for legacy NSUPDATE
URL: https://github.com/SSSD/sssd/pull/682 Title: #682: DYNDNS: Drop support for legacy NSUPDATE Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#687][opened] sbus: allow access for sssd user
URL: https://github.com/SSSD/sssd/pull/687 Author: pbrezina Title: #687: sbus: allow access for sssd user Action: opened PR body: """ D-Bus allows access for root and euid by default, however when running in non-root mode monitor continues to run as root but responsers as sssd user. Therefore monitor euid != sssd user and the connection is terminated. We must explicitly allow the connection for sssd user uid. Resolves: https://pagure.io/SSSD/sssd/issue/3871 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/687/head:pr687 git checkout pr687 From b2c8340c1d6eeeff8966164f297345f4c5478bd3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Wed, 31 Oct 2018 13:07:26 +0100 Subject: [PATCH] sbus: allow access for sssd user D-Bus allows access for root and euid by default, however when running in non-root mode monitor continues to run as root but responsers as sssd user. Therefore monitor euid != sssd user and the connection is terminated. We must explicitly allow the connection for sssd user uid. Resolves: https://pagure.io/SSSD/sssd/issue/3871 --- src/sbus/server/sbus_server.c | 21 + 1 file changed, 21 insertions(+) diff --git a/src/sbus/server/sbus_server.c b/src/sbus/server/sbus_server.c index 576cff616..5405dae56 100644 --- a/src/sbus/server/sbus_server.c +++ b/src/sbus/server/sbus_server.c @@ -400,6 +400,22 @@ sbus_server_filter_add(struct sbus_server *server, return true; } +static dbus_bool_t +sbus_server_check_connection_uid(DBusConnection *dbus_conn, + unsigned long uid, + void *data) +{ +struct sbus_server *sbus_server; + +sbus_server = talloc_get_type(data, struct sbus_server); + +if (uid == 0 || uid == sbus_server->uid) { +return true; +} + +return false; +} + static void sbus_server_new_connection(DBusServer *dbus_server, DBusConnection *dbus_conn, @@ -415,6 +431,11 @@ sbus_server_new_connection(DBusServer *dbus_server, DEBUG(SSSDBG_FUNC_DATA, "Adding connection %p.\n", dbus_conn); +/* Allow access from uid that is associated with this sbus server. */ +dbus_connection_set_unix_user_function(dbus_conn, + sbus_server_check_connection_uid, + sbus_server, NULL); + /* First, add a message filter that will take care of routing messages * between connections. */ bret = sbus_server_filter_add(sbus_server, dbus_conn); ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#687][comment] sbus: allow access for sssd user
URL: https://github.com/SSSD/sssd/pull/687 Title: #687: sbus: allow access for sssd user jhrozek commented: """ ACK """ See the full comment at https://github.com/SSSD/sssd/pull/687#issuecomment-434683614 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#687][+Accepted] sbus: allow access for sssd user
URL: https://github.com/SSSD/sssd/pull/687 Title: #687: sbus: allow access for sssd user Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#686][comment] nss: use enumeration context as talloc parent for cache req result
URL: https://github.com/SSSD/sssd/pull/686 Title: #686: nss: use enumeration context as talloc parent for cache req result jhrozek commented: """ retest this please """ See the full comment at https://github.com/SSSD/sssd/pull/686#issuecomment-434817136 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#686][comment] nss: use enumeration context as talloc parent for cache req result
URL: https://github.com/SSSD/sssd/pull/686 Title: #686: nss: use enumeration context as talloc parent for cache req result jhrozek commented: """ I restarted the CI but I suspect the failure is genuine, because I also submitted the same patch to our internal CI and the runs are (on all systemd) stuck. """ See the full comment at https://github.com/SSSD/sssd/pull/686#issuecomment-434817421 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org