[SSSD] [PATCH] DEBUG: Add `debug` alias for debug_level

[Stephen Gallagher]

Our users constantly make the mistake of typing `debug = 9` in the sssd.conf
instead of `debug_level = 9` as would be correct. This happens frequently-enough
that we should just alias it rather than continue to have people make mistakes.

Resolves:
https://fedorahosted.org/sssd/ticket/2999
From f59256f027bb15a5cff317e5b1d418107b4a0a95 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher 
Date: Tue, 26 Apr 2016 11:04:36 -0400
Subject: [PATCH] DEBUG: Add `debug` alias for debug_level

Our users constantly make the mistake of typing `debug = 9` in the
sssd.conf instead of `debug_level = 9` as would be correct. This
happens frequently-enough that we should just alias it rather than
continue to have people make mistakes.

Resolves:
https://fedorahosted.org/sssd/ticket/2999
---
 src/confdb/confdb.h |  1 +
 src/util/server.c   | 15 ++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index a9b1c4362b5c0c6b158830b1bf2ef68db09d8d06..153e68a0761463723945667004b4505acbc5a0b9 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -51,10 +51,11 @@
 
 /* Services */
 #define CONFDB_SERVICE_PATH_TMPL "config/%s"
 #define CONFDB_SERVICE_COMMAND "command"
 #define CONFDB_SERVICE_DEBUG_LEVEL "debug_level"
+#define CONFDB_SERVICE_DEBUG_LEVEL_ALIAS "debug"
 #define CONFDB_SERVICE_DEBUG_TIMESTAMPS "debug_timestamps"
 #define CONFDB_SERVICE_DEBUG_MICROSECONDS "debug_microseconds"
 #define CONFDB_SERVICE_DEBUG_TO_FILES "debug_to_files"
 #define CONFDB_SERVICE_TIMEOUT "timeout"
 #define CONFDB_SERVICE_FORCE_TIMEOUT "force_timeout"
diff --git a/src/util/server.c b/src/util/server.c
index 67a25955783c30dc03f3d6d9193c8547c625f134..074dc34848ae2b8dd98bf6b218cc6c9c8441104d 100644
--- a/src/util/server.c
+++ b/src/util/server.c
@@ -565,18 +565,31 @@ int server_setup(const char *name, int flags,
 
 if (debug_level == SSSDBG_UNRESOLVED) {
 /* set debug level if any in conf_entry */
 ret = confdb_get_int(ctx->confdb_ctx, conf_entry,
  CONFDB_SERVICE_DEBUG_LEVEL,
- SSSDBG_DEFAULT,
+ SSSDBG_UNRESOLVED,
  _level);
 if (ret != EOK) {
 DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) "
  "[%s]\n", ret, strerror(ret));
 return ret;
 }
 
+if (debug_level == SSSDBG_UNRESOLVED) {
+/* Check for the `debug` alias */
+ret = confdb_get_int(ctx->confdb_ctx, conf_entry,
+CONFDB_SERVICE_DEBUG_LEVEL_ALIAS,
+SSSDBG_DEFAULT,
+_level);
+if (ret != EOK) {
+DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) "
+"[%s]\n", ret, strerror(ret));
+return ret;
+}
+}
+
 debug_level = debug_convert_old_level(debug_level);
 }
 
 /* same for debug timestamps */
 if (debug_timestamps == SSSDBG_TIMESTAMP_UNRESOLVED) {
-- 
2.7.4



signature.asc
Description: OpenPGP digital signature
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] Re: [PATCH] PAM: Export original user shell to tlog-rec

[Sumit Bose]

On Mon, Apr 25, 2016 at 09:16:22PM +0300, Nikolai Kondrashov wrote:
> On 04/11/2016 07:44 PM, Sumit Bose wrote:
> >On Fri, Apr 08, 2016 at 07:31:59PM +0300, Nikolai Kondrashov wrote:
> >>On 04/06/2016 02:06 PM, Sumit Bose wrote:
> >>>I wonder if it would makes sense to add the cached user object to preq
> >>>in pam_check_user_search() to avoid the lookup in
> >>>pam_reply_export_shell(). The data is already allocated on preq and as
> >>>far as I can see never freed explicitly, so it wouldn't even cost more
> >>>memory.
> >>
> >>Sure, that would be nice. However it's really hard for me to tell where that
> >>would come from, where it's actually retrieved and what's the lifetime would
> >>be. I really miss documentation there.
> >>
> >>Could you suggest the change, perhaps?
> >
> >sure, please have a look at attached (untested) patch. With this you start in
> >pam_reply_export_shell() with
> >
> >+shell = ldb_msg_find_attr_as_string(preq->user_obj, SYSDB_SHELL, NULL);
> >+if (shell == NULL) {
> >+DEBUG(SSSDBG_CRIT_FAILURE, "user has no shell\n");
> >+ret = ENOENT;
> >+goto done;
> >+}
> 
> Thanks a lot Sumit, this is very helpful! However, the problem is the non-UPN
> case is requesting the user with sysdb_getpwnam_with_views and
> pam_reply_export_shell needs the non-overridden shell to pass it to tlog-rec,
> as local override is the mechanism used to enable tlog-rec at the moment.
> 
> So, it seems we need the second lookup in pam_reply_export_shell after all.
> Or am I missing something?

The *_with_views() calls add the override data with the OVERRIDE_PREFIX,
so SYSDB_SHELL is still the original one while OVERRIDE_PREFIX SYSDB_SHELL
is the overridden one if there is any.

There is something special with AD users and the default view. If the
shell for an AD user is overridden in the default view it is already
applied and SYSDB_SHELL will show it. The original shell from AD can be
found in ORIGINALAD_PREFIX SYSDB_SHELL if it is needed here.

HTH

bye,
Sumit

P.S. Based on your comments I opened
https://fedorahosted.org/sssd/ticket/2997 and
https://fedorahosted.org/sssd/ticket/2999 to check if we handle the
shell correctly in the case it is overridded.

> 
> Thank you.
> 
> Nick
> ___
> sssd-devel mailing list
> sssd-devel@lists.fedorahosted.org
> https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] [PATCH] RESPONDERS: Fix talloc context for negative cache

[Petr Cech]

Hi list,

this simple patch fixes talloc hierarchy in initializing negative caches 
in responders.


This patch is applicable after [1].

[1] 
https://www.mail-archive.com/sssd-devel@lists.fedorahosted.org/msg26515.html


Regards

--
Petr^4 Čech
>From 974f7ab89770683e22e9ba186ae662c20876d354 Mon Sep 17 00:00:00 2001
From: Petr Cech 
Date: Tue, 26 Apr 2016 03:16:27 -0400
Subject: [PATCH] RESPONDERS: Fix talloc context for negative cache

This patch fixes hierarchy of talloc contexts used for initializing
negative cache in responders.

Resolves:
https://fedorahosted.org/sssd/ticket/2928
---
 src/responder/ifp/ifpsrv.c   | 2 +-
 src/responder/nss/nsssrv.c   | 2 +-
 src/responder/sudo/sudosrv.c | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c
index 55a182143b82c7eedfa4f4619adc6ab1de73bf4d..8ae8f928336e60cacae246a2b8270051eabd3d27 100644
--- a/src/responder/ifp/ifpsrv.c
+++ b/src/responder/ifp/ifpsrv.c
@@ -287,7 +287,7 @@ int ifp_process_init(TALLOC_CTX *mem_ctx,
 ret = responder_get_neg_timeout_from_confdb(cdb, _timeout);
 if (ret != EOK) goto fail;
 
-ret = sss_ncache_init(rctx, neg_timeout, _ctx->ncache);
+ret = sss_ncache_init(ifp_ctx, neg_timeout, _ctx->ncache);
 if (ret != EOK) {
 DEBUG(SSSDBG_CRIT_FAILURE, "fatal error initializing negcache\n");
 goto fail;
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 363ee7bffac5a3fa61a9d81ae5821ed6ffaa50d7..d5e35f9349289caa87474ca8c7ee5a87934cd7f6 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -439,7 +439,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
 ret = responder_get_neg_timeout_from_confdb(cdb, _timeout);
 if (ret != EOK) goto fail;
 
-ret = sss_ncache_init(rctx, neg_timeout, >ncache);
+ret = sss_ncache_init(nctx, neg_timeout, >ncache);
 if (ret != EOK) {
 DEBUG(SSSDBG_FATAL_FAILURE,
   "fatal error initializing negative cache\n");
diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
index cf131853d16314356e18063972812f56ccbb4386..0740303123bc41bb468b9cc0ef1080689f756f75 100644
--- a/src/responder/sudo/sudosrv.c
+++ b/src/responder/sudo/sudosrv.c
@@ -118,7 +118,7 @@ int sudo_process_init(TALLOC_CTX *mem_ctx,
 ret = responder_get_neg_timeout_from_confdb(cdb, _timeout);
 if (ret != EOK) goto fail;
 
-ret = sss_ncache_init(rctx, neg_timeout, _ctx->ncache);
+ret = sss_ncache_init(sudo_ctx, neg_timeout, _ctx->ncache);
 if (ret != EOK) {
 DEBUG(SSSDBG_FATAL_FAILURE,
   "fatal error initializing ncache\n");
-- 
2.5.5

___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

[SSSD] Re: [PATCH] ldap_test.py: Modify enum cache timeouts

[Michal Židek]

On 04/22/2016 09:04 AM, Lukas Slebodnik wrote:

On (02/12/15 17:10), Michal Židek wrote:

Hi!

I saw some integration tests failures recently,
and I think there is a race condition between the
enumeration refresh timeout and the sleeps
after some operations that wait for this timeout.
SSSD fails to populate changes from LDAP in time
and some asserts can fail because of this.

So far I saw 4 tests to fail like this, which
is already quite a lot.

The attached patch modifies the timeout values
and hopefully removes the issue.

Michal



From b724db15ce0c1593cfdd7b4da8e0c39e97942e8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= 
Date: Wed, 2 Dec 2015 16:44:48 +0100
Subject: [PATCH] ldap_test.py: Modify enum cache timeouts

There is a race condation between ldap
enumeration refresh timeout and the sleeps
that wait for the ldap changes to populate
to SSSD if the timeout and the sleeps have
the same value.
---
src/tests/intg/ldap_test.py | 30 +-
1 file changed, 17 insertions(+), 13 deletions(-)


Houston,
we have a problem.

You patch does nto work either :-(


Hmmm... looks like my magic numbers went out of mana.



http://sssd-ci.duckdns.org/logs/job/42/59/summary.html
rhel6
make-intgcheck
ldap_test.py:496: test_add_remove_group_rfc2307_bis FAILED

http://sssd-ci.duckdns.org/logs/job/42/60/summary.html
rhel6
make-intgcheck
ldap_test.py:466: test_add_remove_user FAILED

http://sssd-ci.duckdns.org/logs/job/42/61/summary.html
rhel6
make-intgcheck
ldap_test.py:481: test_add_remove_group_rfc2307 FAILED

LS


___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org