[SSSD] [sssd PR#682][+Accepted] DYNDNS: Drop support for legacy NSUPDATE
URL: https://github.com/SSSD/sssd/pull/682 Title: #682: DYNDNS: Drop support for legacy NSUPDATE Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#687][opened] sbus: allow access for sssd user
URL: https://github.com/SSSD/sssd/pull/687
Author: pbrezina
Title: #687: sbus: allow access for sssd user
Action: opened
PR body:
"""
D-Bus allows access for root and euid by default, however when running
in non-root mode monitor continues to run as root but responsers as sssd
user. Therefore monitor euid != sssd user and the connection is terminated.
We must explicitly allow the connection for sssd user uid.
Resolves:
https://pagure.io/SSSD/sssd/issue/3871
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/687/head:pr687
git checkout pr687
From b2c8340c1d6eeeff8966164f297345f4c5478bd3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
Date: Wed, 31 Oct 2018 13:07:26 +0100
Subject: [PATCH] sbus: allow access for sssd user
D-Bus allows access for root and euid by default, however when running
in non-root mode monitor continues to run as root but responsers as sssd
user. Therefore monitor euid != sssd user and the connection is terminated.
We must explicitly allow the connection for sssd user uid.
Resolves:
https://pagure.io/SSSD/sssd/issue/3871
---
src/sbus/server/sbus_server.c | 21 +
1 file changed, 21 insertions(+)
diff --git a/src/sbus/server/sbus_server.c b/src/sbus/server/sbus_server.c
index 576cff616..5405dae56 100644
--- a/src/sbus/server/sbus_server.c
+++ b/src/sbus/server/sbus_server.c
@@ -400,6 +400,22 @@ sbus_server_filter_add(struct sbus_server *server,
return true;
}
+static dbus_bool_t
+sbus_server_check_connection_uid(DBusConnection *dbus_conn,
+ unsigned long uid,
+ void *data)
+{
+struct sbus_server *sbus_server;
+
+sbus_server = talloc_get_type(data, struct sbus_server);
+
+if (uid == 0 || uid == sbus_server->uid) {
+return true;
+}
+
+return false;
+}
+
static void
sbus_server_new_connection(DBusServer *dbus_server,
DBusConnection *dbus_conn,
@@ -415,6 +431,11 @@ sbus_server_new_connection(DBusServer *dbus_server,
DEBUG(SSSDBG_FUNC_DATA, "Adding connection %p.\n", dbus_conn);
+/* Allow access from uid that is associated with this sbus server. */
+dbus_connection_set_unix_user_function(dbus_conn,
+ sbus_server_check_connection_uid,
+ sbus_server, NULL);
+
/* First, add a message filter that will take care of routing messages
* between connections. */
bret = sbus_server_filter_add(sbus_server, dbus_conn);
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#687][comment] sbus: allow access for sssd user
URL: https://github.com/SSSD/sssd/pull/687 Title: #687: sbus: allow access for sssd user jhrozek commented: """ ACK """ See the full comment at https://github.com/SSSD/sssd/pull/687#issuecomment-434683614 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#687][+Accepted] sbus: allow access for sssd user
URL: https://github.com/SSSD/sssd/pull/687 Title: #687: sbus: allow access for sssd user Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#686][comment] nss: use enumeration context as talloc parent for cache req result
URL: https://github.com/SSSD/sssd/pull/686 Title: #686: nss: use enumeration context as talloc parent for cache req result jhrozek commented: """ retest this please """ See the full comment at https://github.com/SSSD/sssd/pull/686#issuecomment-434817136 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#686][comment] nss: use enumeration context as talloc parent for cache req result
URL: https://github.com/SSSD/sssd/pull/686 Title: #686: nss: use enumeration context as talloc parent for cache req result jhrozek commented: """ I restarted the CI but I suspect the failure is genuine, because I also submitted the same patch to our internal CI and the runs are (on all systemd) stuck. """ See the full comment at https://github.com/SSSD/sssd/pull/686#issuecomment-434817421 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
