[SSSD] [PATCH] DEBUG: Add `debug` alias for debug_level
Our users constantly make the mistake of typing `debug = 9` in the sssd.conf instead of `debug_level = 9` as would be correct. This happens frequently-enough that we should just alias it rather than continue to have people make mistakes. Resolves: https://fedorahosted.org/sssd/ticket/2999 From f59256f027bb15a5cff317e5b1d418107b4a0a95 Mon Sep 17 00:00:00 2001 From: Stephen GallagherDate: Tue, 26 Apr 2016 11:04:36 -0400 Subject: [PATCH] DEBUG: Add `debug` alias for debug_level Our users constantly make the mistake of typing `debug = 9` in the sssd.conf instead of `debug_level = 9` as would be correct. This happens frequently-enough that we should just alias it rather than continue to have people make mistakes. Resolves: https://fedorahosted.org/sssd/ticket/2999 --- src/confdb/confdb.h | 1 + src/util/server.c | 15 ++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index a9b1c4362b5c0c6b158830b1bf2ef68db09d8d06..153e68a0761463723945667004b4505acbc5a0b9 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -51,10 +51,11 @@ /* Services */ #define CONFDB_SERVICE_PATH_TMPL "config/%s" #define CONFDB_SERVICE_COMMAND "command" #define CONFDB_SERVICE_DEBUG_LEVEL "debug_level" +#define CONFDB_SERVICE_DEBUG_LEVEL_ALIAS "debug" #define CONFDB_SERVICE_DEBUG_TIMESTAMPS "debug_timestamps" #define CONFDB_SERVICE_DEBUG_MICROSECONDS "debug_microseconds" #define CONFDB_SERVICE_DEBUG_TO_FILES "debug_to_files" #define CONFDB_SERVICE_TIMEOUT "timeout" #define CONFDB_SERVICE_FORCE_TIMEOUT "force_timeout" diff --git a/src/util/server.c b/src/util/server.c index 67a25955783c30dc03f3d6d9193c8547c625f134..074dc34848ae2b8dd98bf6b218cc6c9c8441104d 100644 --- a/src/util/server.c +++ b/src/util/server.c @@ -565,18 +565,31 @@ int server_setup(const char *name, int flags, if (debug_level == SSSDBG_UNRESOLVED) { /* set debug level if any in conf_entry */ ret = confdb_get_int(ctx->confdb_ctx, conf_entry, CONFDB_SERVICE_DEBUG_LEVEL, - SSSDBG_DEFAULT, + SSSDBG_UNRESOLVED, _level); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) " "[%s]\n", ret, strerror(ret)); return ret; } +if (debug_level == SSSDBG_UNRESOLVED) { +/* Check for the `debug` alias */ +ret = confdb_get_int(ctx->confdb_ctx, conf_entry, +CONFDB_SERVICE_DEBUG_LEVEL_ALIAS, +SSSDBG_DEFAULT, +_level); +if (ret != EOK) { +DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) " +"[%s]\n", ret, strerror(ret)); +return ret; +} +} + debug_level = debug_convert_old_level(debug_level); } /* same for debug timestamps */ if (debug_timestamps == SSSDBG_TIMESTAMP_UNRESOLVED) { -- 2.7.4 signature.asc Description: OpenPGP digital signature ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] PAM: Export original user shell to tlog-rec
On Mon, Apr 25, 2016 at 09:16:22PM +0300, Nikolai Kondrashov wrote: > On 04/11/2016 07:44 PM, Sumit Bose wrote: > >On Fri, Apr 08, 2016 at 07:31:59PM +0300, Nikolai Kondrashov wrote: > >>On 04/06/2016 02:06 PM, Sumit Bose wrote: > >>>I wonder if it would makes sense to add the cached user object to preq > >>>in pam_check_user_search() to avoid the lookup in > >>>pam_reply_export_shell(). The data is already allocated on preq and as > >>>far as I can see never freed explicitly, so it wouldn't even cost more > >>>memory. > >> > >>Sure, that would be nice. However it's really hard for me to tell where that > >>would come from, where it's actually retrieved and what's the lifetime would > >>be. I really miss documentation there. > >> > >>Could you suggest the change, perhaps? > > > >sure, please have a look at attached (untested) patch. With this you start in > >pam_reply_export_shell() with > > > >+shell = ldb_msg_find_attr_as_string(preq->user_obj, SYSDB_SHELL, NULL); > >+if (shell == NULL) { > >+DEBUG(SSSDBG_CRIT_FAILURE, "user has no shell\n"); > >+ret = ENOENT; > >+goto done; > >+} > > Thanks a lot Sumit, this is very helpful! However, the problem is the non-UPN > case is requesting the user with sysdb_getpwnam_with_views and > pam_reply_export_shell needs the non-overridden shell to pass it to tlog-rec, > as local override is the mechanism used to enable tlog-rec at the moment. > > So, it seems we need the second lookup in pam_reply_export_shell after all. > Or am I missing something? The *_with_views() calls add the override data with the OVERRIDE_PREFIX, so SYSDB_SHELL is still the original one while OVERRIDE_PREFIX SYSDB_SHELL is the overridden one if there is any. There is something special with AD users and the default view. If the shell for an AD user is overridden in the default view it is already applied and SYSDB_SHELL will show it. The original shell from AD can be found in ORIGINALAD_PREFIX SYSDB_SHELL if it is needed here. HTH bye, Sumit P.S. Based on your comments I opened https://fedorahosted.org/sssd/ticket/2997 and https://fedorahosted.org/sssd/ticket/2999 to check if we handle the shell correctly in the case it is overridded. > > Thank you. > > Nick > ___ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] [PATCH] RESPONDERS: Fix talloc context for negative cache
Hi list, this simple patch fixes talloc hierarchy in initializing negative caches in responders. This patch is applicable after [1]. [1] https://www.mail-archive.com/sssd-devel@lists.fedorahosted.org/msg26515.html Regards -- Petr^4 Čech >From 974f7ab89770683e22e9ba186ae662c20876d354 Mon Sep 17 00:00:00 2001 From: Petr CechDate: Tue, 26 Apr 2016 03:16:27 -0400 Subject: [PATCH] RESPONDERS: Fix talloc context for negative cache This patch fixes hierarchy of talloc contexts used for initializing negative cache in responders. Resolves: https://fedorahosted.org/sssd/ticket/2928 --- src/responder/ifp/ifpsrv.c | 2 +- src/responder/nss/nsssrv.c | 2 +- src/responder/sudo/sudosrv.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c index 55a182143b82c7eedfa4f4619adc6ab1de73bf4d..8ae8f928336e60cacae246a2b8270051eabd3d27 100644 --- a/src/responder/ifp/ifpsrv.c +++ b/src/responder/ifp/ifpsrv.c @@ -287,7 +287,7 @@ int ifp_process_init(TALLOC_CTX *mem_ctx, ret = responder_get_neg_timeout_from_confdb(cdb, _timeout); if (ret != EOK) goto fail; -ret = sss_ncache_init(rctx, neg_timeout, _ctx->ncache); +ret = sss_ncache_init(ifp_ctx, neg_timeout, _ctx->ncache); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "fatal error initializing negcache\n"); goto fail; diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 363ee7bffac5a3fa61a9d81ae5821ed6ffaa50d7..d5e35f9349289caa87474ca8c7ee5a87934cd7f6 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -439,7 +439,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx, ret = responder_get_neg_timeout_from_confdb(cdb, _timeout); if (ret != EOK) goto fail; -ret = sss_ncache_init(rctx, neg_timeout, >ncache); +ret = sss_ncache_init(nctx, neg_timeout, >ncache); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing negative cache\n"); diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c index cf131853d16314356e18063972812f56ccbb4386..0740303123bc41bb468b9cc0ef1080689f756f75 100644 --- a/src/responder/sudo/sudosrv.c +++ b/src/responder/sudo/sudosrv.c @@ -118,7 +118,7 @@ int sudo_process_init(TALLOC_CTX *mem_ctx, ret = responder_get_neg_timeout_from_confdb(cdb, _timeout); if (ret != EOK) goto fail; -ret = sss_ncache_init(rctx, neg_timeout, _ctx->ncache); +ret = sss_ncache_init(sudo_ctx, neg_timeout, _ctx->ncache); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing ncache\n"); -- 2.5.5 ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] ldap_test.py: Modify enum cache timeouts
On 04/22/2016 09:04 AM, Lukas Slebodnik wrote: On (02/12/15 17:10), Michal Židek wrote: Hi! I saw some integration tests failures recently, and I think there is a race condition between the enumeration refresh timeout and the sleeps after some operations that wait for this timeout. SSSD fails to populate changes from LDAP in time and some asserts can fail because of this. So far I saw 4 tests to fail like this, which is already quite a lot. The attached patch modifies the timeout values and hopefully removes the issue. Michal From b724db15ce0c1593cfdd7b4da8e0c39e97942e8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?=Date: Wed, 2 Dec 2015 16:44:48 +0100 Subject: [PATCH] ldap_test.py: Modify enum cache timeouts There is a race condation between ldap enumeration refresh timeout and the sleeps that wait for the ldap changes to populate to SSSD if the timeout and the sleeps have the same value. --- src/tests/intg/ldap_test.py | 30 +- 1 file changed, 17 insertions(+), 13 deletions(-) Houston, we have a problem. You patch does nto work either :-( Hmmm... looks like my magic numbers went out of mana. http://sssd-ci.duckdns.org/logs/job/42/59/summary.html rhel6 make-intgcheck ldap_test.py:496: test_add_remove_group_rfc2307_bis FAILED http://sssd-ci.duckdns.org/logs/job/42/60/summary.html rhel6 make-intgcheck ldap_test.py:466: test_add_remove_user FAILED http://sssd-ci.duckdns.org/logs/job/42/61/summary.html rhel6 make-intgcheck ldap_test.py:481: test_add_remove_group_rfc2307 FAILED LS ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org