Re: [SSSD] [PATCH] INIT: Drop syslog.target from service file

On (10/11/15 16:23), Jakub Hrozek wrote: >On Tue, Nov 10, 2015 at 09:43:55AM +0100, Lukas Slebodnik wrote: >> ehlo, >> >> debian has pach which removes syslog.target from service.file >> http://anonscm.debian.org/cgit/pkg-sssd/sssd.git/tree/debian/patches/fix-obsolete-target.diff >> and this

Re: [SSSD] [PATCH] BE: Add IFP to known clients

On Tue, Nov 10, 2015 at 02:50:57PM +0100, Lukas Slebodnik wrote: > On (10/11/15 12:10), Pavel Březina wrote: > >This gets rid of confusing debug message: > >[be_client_destructor] (0x0020): Unknown client removed ... > > >From 17b1d8216bab3770c58c79cf51c571cb184e8ab4 Mon Sep 17 00:00:00 2001 >

Re: [SSSD] [PATCH] INIT: Drop syslog.target from service file

On Tue, Nov 10, 2015 at 09:43:55AM +0100, Lukas Slebodnik wrote: > ehlo, > > debian has pach which removes syslog.target from service.file > http://anonscm.debian.org/cgit/pkg-sssd/sssd.git/tree/debian/patches/fix-obsolete-target.diff > and this target is not available on el7.1with quite old

Re: [SSSD] [PATCH] SSSD: Add a new command diag_cmd

On Tue, Nov 10, 2015 at 01:22:54PM +0100, Lukas Slebodnik wrote: > On (10/11/15 13:15), Jakub Hrozek wrote: > >On Mon, Nov 09, 2015 at 11:32:30AM +0100, Petr Cech wrote: > >> On 11/04/2015 11:24 AM, Jakub Hrozek wrote: > >> >Hi, > >> > > >> >I created this patch to try to diagnose an issue where

Re: [SSSD] [PATCH] TESTS: extend PAM responder unit test

On (05/11/15 17:01), Pavel Reichl wrote: >On 11/05/2015 09:17 AM, Lukas Slebodnik wrote: >>Let's image following use case: >>* cached authentication is enabled. >>* user "pamuser" has never authenticated to the machine and thus >> password is not cached >>* for the first time the the data

Re: [SSSD] [PATCH] TEST: recent_valid filter testing

On 11/10/2015 08:29 AM, Pavel Reichl wrote: On 11/05/2015 05:29 PM, Petr Cech wrote: +void test_groups_by_recent_filter_valid(void **state) +{ +struct cache_req_test_ctx *test_ctx = NULL; +TALLOC_CTX *req_mem_ctx = NULL; +struct tevent_req *req = NULL; +const char

Re: [SSSD] [PATCH] TEST: recent_valid filter testing

On 11/10/2015 08:37 AM, Lukas Slebodnik wrote: On (10/11/15 08:29), Pavel Reichl wrote: On 11/05/2015 05:29 PM, Petr Cech wrote: +void test_groups_by_recent_filter_valid(void **state) +{ +struct cache_req_test_ctx *test_ctx = NULL; +TALLOC_CTX *req_mem_ctx = NULL; +struct

Re: [SSSD] [PATCH] TEST: recent_valid filter testing

On 11/09/2015 04:28 PM, Jakub Hrozek wrote: On Thu, Nov 05, 2015 at 05:29:25PM +0100, Petr Cech wrote: >On 11/04/2015 11:11 AM, Jakub Hrozek wrote: > >Hi, > > > >Sorry it took so long to get back to the review. I only have some minor > >comments, see inline.. > > > >Because the group patches

Re: [SSSD] [PATCH] tools: Don't shadow 'exit'

On (10/11/15 08:59), Lukas Slebodnik wrote: >On (09/11/15 15:33), Jakub Hrozek wrote: >>On Mon, Nov 09, 2015 at 10:44:49AM +0100, Lukas Slebodnik wrote: >>> Obvious ACK >> >>While reviewing your patches, I found one more place I forgot to fix, >>see the attached patch. > >>From

[SSSD] [PATCH] INIT: Drop syslog.target from service file

ehlo, debian has pach which removes syslog.target from service.file http://anonscm.debian.org/cgit/pkg-sssd/sssd.git/tree/debian/patches/fix-obsolete-target.diff and this target is not available on el7.1with quite old systemd. I had a small discussion with systemd guys and we can drop it without

Re: [SSSD] [PATCH] tools: Don't shadow 'exit'

On (09/11/15 20:53), Jakub Hrozek wrote: >On Mon, Nov 09, 2015 at 06:35:05PM +0100, Lukas Slebodnik wrote: >> BTW which version do you prefer? >> a) signl >> b) sig >> c) a_signal > >I don't care :) Feel free to use a_signal since it came first. Updated patches are attached. LS >From

[SSSD] [PATCH] FAIL_OVER: Fix warning value computed is not used

ehlo, another warning on rhel6. BTW different solution would be to cast to void. LS >From 2516dadde6940fe8cd7bf0ad769f81bbf2c23b7e Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Tue, 10 Nov 2015 07:41:10 + Subject: [PATCH 1/2] FAIL_OVER: Fix warning value

Re: [SSSD] [PATCH] SSSD: Add a new command diag_cmd

On 11/09/2015 07:17 PM, Stephen Gallagher wrote: There are problems inherent with passing the PID to the child process. There's no guarantee that the process still exists. In the worst-case, the PID could actually be reassigned to a new process and the output you got back from something like

[SSSD] Fix warning may be used uninitialized

ehlo, and the last one patch to fix warnings on el6 LS >From 84e149ddba1cebfbc37bf7b6d3769f9851bce446 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Tue, 10 Nov 2015 07:42:59 + Subject: [PATCH 2/2] DP_PTASK: Fix warning may be used uninitialized MIME-Version: 1.0

[SSSD] CONFIGURE: Bump AM_GNU_GETTEXT_VERSION

ehlo, The function gettext was not detected properly with strict cflags even thought it was part of glibc. sh$ CFLAGS="-Werror" ./configure sh$ grep gt_cv_func_gnugettext config.log gt_cv_func_gnugettext1_libc=no gt_cv_func_gnugettext1_libintl=no sh$ objdump -T /lib64/libc.so.6 | grep gettext

[SSSD] [PATCH] p11: enable ocsp checks

Hi, this patch switches on the Online Certificate Status Protocol (OCSP) checks while validation the certificate. This is done by calling CERT_EnableOCSPChecking() before doing the validation. The main part of the patch makes this configurable. Since I expect that certificate validation will

[SSSD] [PATCH] p11: check if cert is valid before selecting it

Hi, currently the p11_child does not continue to search for more certificates if the first suitable certificate cannot be verified. With this patch p11_child will continue until a valid certificate is found (or all are checked). As said before I'm working on improving the handling of the

[SSSD] [PATCH] cache_req: check all domains for lookups by certificate

Hi, this patch is the equivalent of 374268c5eda35e8bbc2fef30752299199439cffe "fix upn cache_req for sub-domain users" for lookups by certificates. bye, Sumit From 78ac47bfdbb9c91dddefb4de06dcdf41e7035c6a Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 12 Oct 2015 13:00:28

Re: [SSSD] [PATCH] SSSD: Add a new command diag_cmd

On Mon, Nov 09, 2015 at 11:32:30AM +0100, Petr Cech wrote: > On 11/04/2015 11:24 AM, Jakub Hrozek wrote: > >Hi, > > > >I created this patch to try to diagnose an issue where sssd would > >randomly restart on any of machines in a VM cluster without giving too > >much advise why. I think it might be

Re: [SSSD] [PATCH] p11: enable ocsp checks

On (10/11/15 11:36), Sumit Bose wrote: >Hi, > >this patch switches on the Online Certificate Status Protocol (OCSP) >checks while validation the certificate. This is done by calling >CERT_EnableOCSPChecking() before doing the validation. The main part of >the patch makes this configurable. >

[SSSD] [PATCH] p11: allow p11_child to run completely unprivileged

Hi, this patch removes the requirement to install p11_child with SETUID or SETGID bit set. The needed privileges can be tuned with the help of policy-kit so p11_child can either run as root or as SSSD user depending on the SSSD configuration without the need to gain extra user or group

[SSSD] [PATCH] BE: Add IFP to known clients

This gets rid of confusing debug message: [be_client_destructor] (0x0020): Unknown client removed ... From 17b1d8216bab3770c58c79cf51c571cb184e8ab4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 10 Nov 2015 11:47:30 +0100 Subject: [PATCH] BE: Add

Re: [SSSD] [PATCHES] UTIL: Fix memory leak in switch_creds

On (11/11/15 07:58), Petr Cech wrote: >On 11/09/2015 08:06 AM, Lukas Slebodnik wrote: >>ehlo, >> >>You can see a leak in talloc report. >>But it was ignored. So we didn't notice it for long time. >>http://sssd-ci.duckdns.org/logs/job/29/90/rhel7/ci-build-debug/src/tests/cwrap/become_user-tests.log

Re: [SSSD] [PATCHES] UTIL: Fix memory leak in switch_creds

On 11/11/2015 08:04 AM, Lukas Slebodnik wrote: On (11/11/15 07:58), Petr Cech wrote: >On 11/09/2015 08:06 AM, Lukas Slebodnik wrote: >>ehlo, >> >>You can see a leak in talloc report. >>But it was ignored. So we didn't notice it for long time.

Re: [SSSD] [PATCH] AD: Remove unused memory context from ad_user_conn_list

On (11/11/15 07:37), Petr Cech wrote: >On 11/09/2015 07:44 AM, Lukas Slebodnik wrote: >>ehlo, >> >>simple patch is attached. >> >>LS >> >> >>0001-AD-Remove-unused-memory-context-from-ad_user_conn_li.patch >> >> >> From cec2a8d6e72324d6a80a1df832230567f8b4c819 Mon Sep 17 00:00:00 2001 >>From: Lukas

Re: [SSSD] [PATCH] tools: Don't shadow 'exit'

On (10/11/15 09:00), Lukas Slebodnik wrote: >On (10/11/15 08:59), Lukas Slebodnik wrote: >>On (09/11/15 15:33), Jakub Hrozek wrote: >>>On Mon, Nov 09, 2015 at 10:44:49AM +0100, Lukas Slebodnik wrote: Obvious ACK >>> >>>While reviewing your patches, I found one more place I forgot to fix,

Re: [SSSD] [PATCHES] UTIL: Fix memory leak in switch_creds

On 11/09/2015 08:06 AM, Lukas Slebodnik wrote: ehlo, You can see a leak in talloc report. But it was ignored. So we didn't notice it for long time. http://sssd-ci.duckdns.org/logs/job/29/90/rhel7/ci-build-debug/src/tests/cwrap/become_user-tests.log The first patch fixes the leak and the last

Re: [SSSD] [PATCH] FAIL_OVER: Fix warning value computed is not used

On Tue, Nov 10, 2015 at 02:39:03PM +0100, Jakub Hrozek wrote: > On Tue, Nov 10, 2015 at 09:11:25AM +0100, Lukas Slebodnik wrote: > > ehlo, > > > > another warning on rhel6. > > ACK * master: acd615cffd144b69e2558a0fc45c6966423f2d02 ___ sssd-devel

Re: [SSSD] [PATCH] tools: Don't shadow 'exit'

On Tue, Nov 10, 2015 at 03:06:22PM +0100, Jakub Hrozek wrote: > On Tue, Nov 10, 2015 at 09:03:55AM +0100, Lukas Slebodnik wrote: > > On (09/11/15 20:53), Jakub Hrozek wrote: > > >On Mon, Nov 09, 2015 at 06:35:05PM +0100, Lukas Slebodnik wrote: > > >> BTW which version do you prefer? > > >> a)

Re: [SSSD] [PATCH] FAIL_OVER: Fix warning value computed is not used

On (10/11/15 14:55), Pavel Reichl wrote: > > >On 11/10/2015 02:39 PM, Jakub Hrozek wrote: >>On Tue, Nov 10, 2015 at 09:11:25AM +0100, Lukas Slebodnik wrote: >>>ehlo, >>> >>>another warning on rhel6. >> >>ACK >> >>> >>>BTW different solution would be to cast to void. >> >>I prefer this solution >

Re: [SSSD] [PATCH] FAIL_OVER: Fix warning value computed is not used

On Tue, Nov 10, 2015 at 02:55:43PM +0100, Pavel Reichl wrote: > > > On 11/10/2015 02:39 PM, Jakub Hrozek wrote: > >On Tue, Nov 10, 2015 at 09:11:25AM +0100, Lukas Slebodnik wrote: > >>ehlo, > >> > >>another warning on rhel6. > > > >ACK > > > >> > >>BTW different solution would be to cast to

Re: [SSSD] [PATCH] tools: Don't shadow 'exit'

On Tue, Nov 10, 2015 at 09:03:55AM +0100, Lukas Slebodnik wrote: > On (09/11/15 20:53), Jakub Hrozek wrote: > >On Mon, Nov 09, 2015 at 06:35:05PM +0100, Lukas Slebodnik wrote: > >> BTW which version do you prefer? > >> a) signl > >> b) sig > >> c) a_signal > > > >I don't care :) Feel free to use

Re: [SSSD] [PATCH] FAIL_OVER: Fix warning value computed is not used

On 11/10/2015 03:05 PM, Jakub Hrozek wrote: On Tue, Nov 10, 2015 at 02:55:43PM +0100, Pavel Reichl wrote: On 11/10/2015 02:39 PM, Jakub Hrozek wrote: On Tue, Nov 10, 2015 at 09:11:25AM +0100, Lukas Slebodnik wrote: ehlo, another warning on rhel6. ACK BTW different solution would be

Re: [SSSD] [PATCH] FAIL_OVER: Fix warning value computed is not used

On 11/10/2015 02:39 PM, Jakub Hrozek wrote: On Tue, Nov 10, 2015 at 09:11:25AM +0100, Lukas Slebodnik wrote: ehlo, another warning on rhel6. ACK BTW different solution would be to cast to void. I prefer this solution Why? I think that changing value of input parameter is generally a

Re: [SSSD] [PATCH] FAIL_OVER: Fix warning value computed is not used

On Tue, Nov 10, 2015 at 09:11:25AM +0100, Lukas Slebodnik wrote: > ehlo, > > another warning on rhel6. ACK > > BTW different solution would be to cast to void. I prefer this solution CI: http://sssd-ci.duckdns.org/logs/job/32/38/summary.html (Fedora-20 failure is unrelated)

Re: [SSSD] [PATCH] BE: Add IFP to known clients

On (10/11/15 12:10), Pavel Březina wrote: >This gets rid of confusing debug message: >[be_client_destructor] (0x0020): Unknown client removed ... >From 17b1d8216bab3770c58c79cf51c571cb184e8ab4 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Pavel=20B=C5=99ezina?= >Date: Tue, 10