date:20161025

[SSSD] [sssd PR#60][synchronized] Document ad_access_filter search for nested groups

2016-10-25 Thread taupehat

   URL: https://github.com/SSSD/sssd/pull/60
Author: taupehat
 Title: #60: Document ad_access_filter search for nested groups
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/60/head:pr60
git checkout pr60
From 1c1a849a72ef0dd8778b009e9964fe2b0c8beaa6 Mon Sep 17 00:00:00 2001
From: taupehat 
Date: Wed, 19 Oct 2016 09:42:34 -0700
Subject: [PATCH 1/2] ad_access_filter search for nested groups

Includes instructions and example
---
 src/man/sssd-ad.5.xml | 9 +
 1 file changed, 9 insertions(+)

diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index 8a2f4ad..b52cae0 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -235,6 +235,12 @@ ad_enabled_domains = sales.example.com, eng.example.com
 ? character, similarly to how
 search bases work.
 
+			
+Nested group membership must be searched for using
+a special OID :1.2.840.113556.1.4.1941:.
+If you do not use this OID then nested group membership
+will not be resolved. See example below.
+
 
 The most specific match is always used. For
 example, if the option specified filter
@@ -255,6 +261,9 @@ DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)
 
 # apply filter on forest called EXAMPLE.COM only:
 FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)
+
+# apply filter for a member of a nested group in dom1:
+DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)
 
 
 Default: Not set

From 86665d4eace4da2e2817ef01d6dcc31a6c7da87a Mon Sep 17 00:00:00 2001
From: taupehat 
Date: Tue, 25 Oct 2016 14:31:12 -0700
Subject: [PATCH 2/2] Further documentation of AD nested group access

---
 src/man/sssd-ad.5.xml | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index b52cae0..01cff3f 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -237,9 +237,14 @@ ad_enabled_domains = sales.example.com, eng.example.com
 
 			
 Nested group membership must be searched for using
-a special OID :1.2.840.113556.1.4.1941:.
-If you do not use this OID then nested group membership
-will not be resolved. See example below.
+a special OID :1.2.840.113556.1.4.1941:
+in addition to the full DOM:domain.example.org: syntax
+to ensure the parser does not attempt to interpret the
+colon characters associated with the OID. If you do not
+use this OID then nested group membership will not be
+resolved. See usage example below and refer here
+for further information about the OID:
+https://msdn.microsoft.com/en-us/library/cc223367.aspx
 
 
 The most specific match is always used. For
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#63][comment] BUILD: Fix installation without samba

2016-10-25 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/63
Title: #63: BUILD: Fix installation without samba

lslebodn commented:
"""
ok to test

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/63#issuecomment-256124715
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#61][comment] BUILD: Fix build without samba

2016-10-25 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/61
Title: #61: BUILD: Fix build without samba

lslebodn commented:
"""
On (21/10/16 05:09), fidencio wrote:
>Please, fix the typos in the commit message before pushing.
>
>shoudl bw -> should be
>
Nice catch.

Fixed.

master:
* 4117ae3230f6744c255b0309e86d519d7e41d2d7

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/61#issuecomment-256122252
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#57][comment] LDAP/AD: resolve domain local groups for remote users

2016-10-25 Thread sumit-bose

  URL: https://github.com/SSSD/sssd/pull/57
Title: #57: LDAP/AD: resolve domain local groups for remote users

sumit-bose commented:
"""
On Fri, Oct 21, 2016 at 01:22:08AM -0700, Jakub Hrozek wrote:
> Hmm, looks like github ate my mail, so let's paste the comment again (and 
> sorry if it arrives twice). Coverity detected some warnings:
> ```
> Error: COMPILER_WARNING:
> sssd-1.14.90/src/providers/ldap/sdap_async_initgroups_ad.c:1554:12: warning: 
> unused variable 'd' [-Wunused-variable]
> # size_t d;
> #^


hm, I wonder why gcc 4.9.2 didn't show those warnings for
sdap_async_initgroups_ad.c but shows it for other files?

Nevertheless, I can see the warnings with newer versions of gcc and
updated the patch.

bye,
Sumit

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/57#issuecomment-256118920
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#63][comment] BUILD: Fix installation without samba

2016-10-25 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/63
Title: #63: BUILD: Fix installation without samba

lslebodn commented:
"""
On (22/10/16 10:05), fidencio wrote:
>Patch makes sense.
>I'll run our CI on this and ACK as soon as CI passes.
>
Our CI would not catch such use-case.
But I verfied it with following steps:
```
./configure --without-samba
make -j8 check
make install DESTDIR=$PWD/_inst
```

`make check` still fails but that's solved in different
PR https://github.com/SSSD/sssd/pull/56

ACK++

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/63#issuecomment-256117695
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#57][comment] LDAP/AD: resolve domain local groups for remote users

2016-10-25 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/57
Title: #57: LDAP/AD: resolve domain local groups for remote users

lslebodn commented:
"""
On (21/10/16 01:22), Jakub Hrozek wrote:
>Hmm, looks like github ate my mail, so let's paste the comment again (and 
>sorry if it arrives twice). Coverity detected some warnings:
It has nothing to do with coverity.
All warnings are reported by gcc.

covscan != coverity

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/57#issuecomment-256116764
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#49][comment] Try to match multiple results from an AD initgroups request against domain's search bases, too

2016-10-25 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/49
Title: #49: Try to match multiple results from an AD initgroups request against 
domain's search bases, too

jhrozek commented:
"""
Bump. Could anyone review this patch, please?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/49#issuecomment-256086797
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#57][comment] LDAP/AD: resolve domain local groups for remote users

2016-10-25 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/57
Title: #57: LDAP/AD: resolve domain local groups for remote users

jhrozek commented:
"""
Thanks for the changes, at least with the previous version all the tests with 
the domain-local groups were working for me and the internal ad_forest test 
didn't catch any new regressions (some tests are failing, but those are failing 
even with the old version). I haven't had the chance to run the IPA-AD tests 
yet.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/57#issuecomment-256087211
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#66][comment] Minor Dynamic DNS fixes

2016-10-25 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/66
Title: #66: Minor Dynamic DNS fixes

jhrozek commented:
"""
ok to test
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/66#issuecomment-256084328
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#48][-Changes requested] sssctl: Flags for commadn initialization

2016-10-25 Thread mzidek-rh

  URL: https://github.com/SSSD/sssd/pull/48
Title: #48: sssctl: Flags for commadn initialization

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#56][comment] Update dlopen test

2016-10-25 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/56
Title: #56: Update dlopen test

lslebodn commented:
"""
On (25/10/16 00:45), celestian wrote:   
  
>OK, I understand. So there is no obstacles now.
>  
>ACK
>  

   
master: 
  
* c7b3c43cf669e39f7ce5f4ef1a2e939b31a8b7b9  
  
* d708e53d0df0c1ed4cc0097bebfa2a84d7b20fad  
  
* 558b8f3cd2439c01e139cf5f812aea9409fe776a  
  
* bacc66dc6f446d47be18b61d569721481d70386b  
  

  
sssd-1-14:  
  
* 7251859d8cdb2fc57c969f67ac76904fea331cd0  
  
* a52c7df943a7b685609b66c49264c6d1805d31c2  
  
* 9b972260cb805e3537ab9464ef5347348792d7cf  
  
* a64409a528257ee0706cc12a1b974a159edac041  
  

  
LS
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/56#issuecomment-256065486
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#56][+Pushed] Update dlopen test

2016-10-25 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/56
Title: #56: Update dlopen test

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#56][closed] Update dlopen test

2016-10-25 Thread lslebodn

   URL: https://github.com/SSSD/sssd/pull/56
Author: lslebodn
 Title: #56: Update dlopen test
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/56/head:pr56
git checkout pr56
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#66][comment] Minor Dynamic DNS fixes

2016-10-25 Thread centos-ci

  URL: https://github.com/SSSD/sssd/pull/66
Title: #66: Minor Dynamic DNS fixes

centos-ci commented:
"""
Can one of the admins verify this patch?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/66#issuecomment-25603
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#66][comment] Minor Dynamic DNS fixes

2016-10-25 Thread centos-ci

  URL: https://github.com/SSSD/sssd/pull/66
Title: #66: Minor Dynamic DNS fixes

centos-ci commented:
"""
Can one of the admins verify this patch?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/66#issuecomment-25607
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#66][opened] Minor Dynamic DNS fixes

2016-10-25 Thread justin-stephenson

   URL: https://github.com/SSSD/sssd/pull/66
Author: justin-stephenson
 Title: #66: Minor Dynamic DNS fixes
Action: opened

PR body:
"""
To provide a bit more information, one of the fixes is to correct NULL being 
printed here(https://fedorahosted.org/sssd/ticket/3220):

   [nsupdate_msg_create_common] (0x0200): Creating update message for realm 
[(null)].

For the other(https://bugzilla.redhat.com/show_bug.cgi?id=1386748), It is not 
uncommon for nsupdate to successfully update DNS records but report the error 
below which results in return(2) to be called inside nsupdate code

TSIG error with server: tsig verify failure

It is easy to reproduce with AD DNS changing Dynamic DNS to 'Nonsecure and 
secure' on the Zone Properties.

This patch allows PTR records to continue when this happens, however in this 
case our debug log messages still report failure and I think some improvement 
should be made here(not sure how exactly though)

[child_sig_handler] (0x1000): Waiting for child [3710].
[nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status 
[512]
[child_sig_handler] (0x0020): child [3710] failed with status [2].
[be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158238]: 
Dynamic DNS update failed

It would be nice to correct this at the nsupdate level if this is not the 
expected behavior also.
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/66/head:pr66
git checkout pr66
From bd43541be56b035c1bd0cd5887381ea545da5e73 Mon Sep 17 00:00:00 2001
From: Justin Stephenson 
Date: Mon, 24 Oct 2016 15:46:50 -0400
Subject: [PATCH 1/2] DYNDNS: Update PTR record after non-fatal error

Continue to send PTR record update in situations where the nsupdate
child forward zone updates are successful but nsupdate returns non-zero

Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=1386748
---
 src/providers/ldap/sdap_dyndns.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/providers/ldap/sdap_dyndns.c b/src/providers/ldap/sdap_dyndns.c
index 83ec051..9d28b57 100644
--- a/src/providers/ldap/sdap_dyndns.c
+++ b/src/providers/ldap/sdap_dyndns.c
@@ -381,9 +381,6 @@ sdap_dyndns_update_done(struct tevent_req *subreq)
 return;
 }
 }
-
-tevent_req_error(req, ret);
-return;
 }
 
 if (state->update_ptr == false) {

From 919f2261c7a54b95a91077c79a4753ecdf7843c8 Mon Sep 17 00:00:00 2001
From: Justin Stephenson 
Date: Mon, 24 Oct 2016 18:04:11 -0400
Subject: [PATCH 2/2] DYNDNS: Correct debug log message of realm

If the realm is not added to the nsupdate message, the SSSD Debug log
message should inform about utilizing autodiscovered realm.

Resolves:
https://fedorahosted.org/sssd/ticket/3220
---
 src/providers/be_dyndns.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/providers/be_dyndns.c b/src/providers/be_dyndns.c
index 07dc333..1120654 100644
--- a/src/providers/be_dyndns.c
+++ b/src/providers/be_dyndns.c
@@ -435,11 +435,15 @@ nsupdate_msg_create_common(TALLOC_CTX *mem_ctx, const char *realm,
 /* Add the server, realm and headers */
 update_msg = talloc_asprintf(tmp_ctx, "server %s\n%s",
  servername, realm_directive);
-} else {
+} else if (realm) {
 DEBUG(SSSDBG_FUNC_DATA,
   "Creating update message for realm [%s].\n", realm);
 /* Add the realm headers */
 update_msg = talloc_asprintf(tmp_ctx, "%s", realm_directive);
+} else {
+DEBUG(SSSDBG_FUNC_DATA,
+  "Creating update message for auto-discovered realm.\n");
+update_msg = talloc_asprintf(tmp_ctx, "%s", realm_directive);
 }
 talloc_free(realm_directive);
 if (update_msg == NULL) {
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#43][comment] RESPONDER: Enable sudoRule in case insen. domains (1.15)

2016-10-25 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/43
Title: #43: RESPONDER: Enable sudoRule in case insen. domains (1.15)

celestian commented:
"""
Of course, it is simple. I pushed new version. Thanks for comment.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/43#issuecomment-256042823
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#43][edited] RESPONDER: Enable sudoRule in case insen. domains (1.15)

2016-10-25 Thread celestian

   URL: https://github.com/SSSD/sssd/pull/43
Author: celestian
 Title: #43: RESPONDER: Enable sudoRule in case insen. domains (1.15)
Action: edited

 Changed field: title
Original value:
"""
RESPONDER: Enable sudoRule in case insen. domains (1.14)
"""

___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#43][synchronized] RESPONDER: Enable sudoRule in case insen. domains (1.14)

2016-10-25 Thread celestian

   URL: https://github.com/SSSD/sssd/pull/43
Author: celestian
 Title: #43: RESPONDER: Enable sudoRule in case insen. domains (1.14)
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/43/head:pr43
git checkout pr43
From fbc12bcdad4547d698ddbb9771e125ff7ae981df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= 
Date: Wed, 12 Oct 2016 16:48:38 +0200
Subject: [PATCH 1/2] SYSDB: Adding lowercase sudoUser form

If domain is not case sensitive we add lowercase form of usernames
to sudoUser attributes. So we actually able to apply sudoRule on
user Administrator@... with login admnistrator@...

Resolves:
https://fedorahosted.org/sssd/ticket/3203
---
 src/db/sysdb_sudo.c | 63 +
 1 file changed, 63 insertions(+)

diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
index 601fb63..02dbda4 100644
--- a/src/db/sysdb_sudo.c
+++ b/src/db/sysdb_sudo.c
@@ -852,6 +852,64 @@ sysdb_sudo_add_sss_attrs(struct sysdb_attrs *rule,
 return EOK;
 }
 
+static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain,
+struct sysdb_attrs *rule)
+{
+TALLOC_CTX *tmp_ctx;
+const char **users = NULL;
+const char *lowered = NULL;
+errno_t ret;
+
+if (domain->case_sensitive == true || rule == NULL) {
+return EOK;
+}
+
+tmp_ctx = talloc_new(NULL);
+if (tmp_ctx == NULL) {
+return ENOMEM;
+}
+
+ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_USER, tmp_ctx,
+   );
+if (ret != EOK) {
+DEBUG(SSSDBG_OP_FAILURE, "Unable to get %s attribute [%d]: %s\n",
+SYSDB_SUDO_CACHE_AT_USER, ret, strerror(ret));
+goto done;
+}
+if (users == NULL) {
+ret =  EOK;
+goto done;
+}
+
+for (int i = 0; users[i] != NULL; i++) {
+lowered = sss_tc_utf8_str_tolower(tmp_ctx, users[i]);
+if (lowered == NULL) {
+DEBUG(SSSDBG_OP_FAILURE, "Cannot convert name to lowercase.\n");
+ret = ENOMEM;
+goto done;
+}
+
+if (strcmp(users[i], lowered) == 0) {
+/* It protects us from adding duplicate. */
+continue;
+}
+
+ret = sysdb_attrs_add_string(rule, SYSDB_SUDO_CACHE_AT_USER, lowered);
+if (ret != EOK) {
+DEBUG(SSSDBG_OP_FAILURE,
+  "Unable to add %s attribute [%d]: %s\n",
+  SYSDB_SUDO_CACHE_AT_USER, ret, strerror(ret));
+goto done;
+}
+}
+
+ret = EOK;
+
+done:
+talloc_zfree(tmp_ctx);
+return ret;
+}
+
 static errno_t
 sysdb_sudo_store_rule(struct sss_domain_info *domain,
   struct sysdb_attrs *rule,
@@ -868,6 +926,11 @@ sysdb_sudo_store_rule(struct sss_domain_info *domain,
 
 DEBUG(SSSDBG_TRACE_FUNC, "Adding sudo rule %s\n", name);
 
+ret = sysdb_sudo_add_lowered_users(domain, rule);
+if (ret != EOK) {
+return ret;
+}
+
 ret = sysdb_sudo_add_sss_attrs(rule, name, cache_timeout, now);
 if (ret != EOK) {
 return ret;

From d07a744d068416352012380e4ab756591ae62e2e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= 
Date: Thu, 13 Oct 2016 09:31:52 +0200
Subject: [PATCH 2/2] TESTS: Extending sysdb sudo store tests

We covered diference between case sensitive and case insensitive
domains. If domain is case insensitive we add lowercase form of
sudoUser to local sysdb cache.

Resolves:
https://fedorahosted.org/sssd/ticket/3203
---
 src/tests/cmocka/test_sysdb_sudo.c | 178 -
 1 file changed, 177 insertions(+), 1 deletion(-)

diff --git a/src/tests/cmocka/test_sysdb_sudo.c b/src/tests/cmocka/test_sysdb_sudo.c
index 889de72..18dac33 100644
--- a/src/tests/cmocka/test_sysdb_sudo.c
+++ b/src/tests/cmocka/test_sysdb_sudo.c
@@ -44,7 +44,7 @@ struct test_user {
 const char *name;
 uid_t uid;
 gid_t gid;
-} users[] = { { "test_user1", 1001, 1001 },
+} users[] = { { "test_USER1", 1001, 1001 },
   { "test_user2", 1002, 1002 },
   { "test_user3", 1003, 1003 } };
 
@@ -104,6 +104,29 @@ static void create_rule_attrs(struct sysdb_attrs *rule, int i)
 assert_int_equal(ret, EOK);
 }
 
+static void create_rule_attrs_multiple_sudoUser(struct sysdb_attrs *rule)
+{
+errno_t ret;
+
+ret = sysdb_attrs_add_string_safe(rule, SYSDB_SUDO_CACHE_AT_CN,
+  rules[0].name);
+assert_int_equal(ret, EOK);
+
+ret = sysdb_attrs_add_string_safe(rule, SYSDB_SUDO_CACHE_AT_HOST,
+  rules[0].host);
+assert_int_equal(ret, EOK);
+
+ret = sysdb_attrs_add_string_safe(rule, SYSDB_SUDO_CACHE_AT_RUNASUSER,
+  rules[0].as_user);
+assert_int_equal(ret, EOK);
+
+for (int

[SSSD] [sssd PR#48][comment] sssctl: Flags for commadn initialization

2016-10-25 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/48
Title: #48: sssctl: Flags for commadn initialization

lslebodn commented:
"""
We(mzidek, lslebodn) tried some feature for github. "Allow edits from 
maintainers."

> When you are creating a new pull request, you'll see a checkbox   
> 
> labelled "Allow edits from maintainers". This is enabled by default.  
> 
>   
> 
> With this in place, anyone with commit access to the repository that  
> 
> is the target of the pull request will also be able to push changes   
> 
> to the branch of the repository that is the origin of the pull
> 
> request. 
> 

But information about this changes does not appear in the conversation itself.

Anyway we renamed the flag into `SSS_TOOL_FLAG_SKIP_CMD_INIT`
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/48#issuecomment-256040056
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#48][synchronized] sssctl: Flags for commadn initialization

2016-10-25 Thread lslebodn

   URL: https://github.com/SSSD/sssd/pull/48
Author: mzidek-rh
 Title: #48: sssctl: Flags for commadn initialization
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/48/head:pr48
git checkout pr48
From 5b21efc068780fe565a3b1b93759ac313fae3801 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= 
Date: Wed, 12 Oct 2016 13:09:37 +0200
Subject: [PATCH] sssctl: Flags for command initialization

Allow passing flags for command specific initialization. Currently
only one flag is available to skip the confdb initialization which is
required to improve config-check command.

Resolves:
https://fedorahosted.org/sssd/ticket/3209
---
 src/tools/common/sss_tools.c | 91 +---
 src/tools/common/sss_tools.h | 14 +--
 src/tools/sssctl/sssctl.c|  2 +-
 3 files changed, 63 insertions(+), 44 deletions(-)

diff --git a/src/tools/common/sss_tools.c b/src/tools/common/sss_tools.c
index 686b53a..0f4f468 100644
--- a/src/tools/common/sss_tools.c
+++ b/src/tools/common/sss_tools.c
@@ -182,7 +182,6 @@ errno_t sss_tool_init(TALLOC_CTX *mem_ctx,
   struct sss_tool_ctx **_tool_ctx)
 {
 struct sss_tool_ctx *tool_ctx;
-errno_t ret;
 
 tool_ctx = talloc_zero(mem_ctx, struct sss_tool_ctx);
 if (tool_ctx == NULL) {
@@ -192,45 +191,9 @@ errno_t sss_tool_init(TALLOC_CTX *mem_ctx,
 
 sss_tool_common_opts(tool_ctx, argc, argv);
 
-/* Connect to confdb. */
-ret = sss_tool_confdb_init(tool_ctx, _ctx->confdb);
-if (ret != EOK) {
-DEBUG(SSSDBG_CRIT_FAILURE, "Unable to open confdb [%d]: %s\n",
-   ret, sss_strerror(ret));
-goto done;
-}
+*_tool_ctx = tool_ctx;
 
-/* Setup domains. */
-ret = sss_tool_domains_init(tool_ctx, tool_ctx->confdb, _ctx->domains);
-if (ret != EOK) {
-DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup domains [%d]: %s\n",
-   ret, sss_strerror(ret));
-goto done;
-}
-
-ret = confdb_get_string(tool_ctx->confdb, tool_ctx,
-CONFDB_MONITOR_CONF_ENTRY,
-CONFDB_MONITOR_DEFAULT_DOMAIN,
-NULL, _ctx->default_domain);
-if (ret != EOK) {
-DEBUG(SSSDBG_OP_FAILURE, "Cannot get the default domain [%d]: %s\n",
- ret, strerror(ret));
-goto done;
-}
-
-ret = EOK;
-
-done:
-switch (ret) {
-case EOK:
-case ERR_SYSDB_VERSION_TOO_OLD:
-*_tool_ctx = tool_ctx;
-break;
-default:
-break;
-}
-
-return ret;
+return EOK;
 }
 
 static bool sss_tool_is_delimiter(struct sss_route_cmd *command)
@@ -300,6 +263,47 @@ void sss_tool_usage(const char *tool_name, struct sss_route_cmd *commands)
 sss_tool_print_common_opts(min_len);
 }
 
+static int tool_cmd_init(struct sss_tool_ctx *tool_ctx,
+ struct sss_route_cmd *command)
+{
+int ret;
+
+if (command->flags & SSS_TOOL_FLAG_SKIP_CMD_INIT) {
+return EOK;
+}
+
+/* Connect to confdb. */
+ret = sss_tool_confdb_init(tool_ctx, _ctx->confdb);
+if (ret != EOK) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Unable to open confdb [%d]: %s\n",
+  ret, sss_strerror(ret));
+goto done;
+}
+
+/* Setup domains. */
+ret = sss_tool_domains_init(tool_ctx, tool_ctx->confdb, _ctx->domains);
+if (ret != EOK) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup domains [%d]: %s\n",
+  ret, sss_strerror(ret));
+goto done;
+}
+
+ret = confdb_get_string(tool_ctx->confdb, tool_ctx,
+CONFDB_MONITOR_CONF_ENTRY,
+CONFDB_MONITOR_DEFAULT_DOMAIN,
+NULL, _ctx->default_domain);
+if (ret != EOK) {
+DEBUG(SSSDBG_OP_FAILURE, "Cannot get the default domain [%d]: %s\n",
+  ret, strerror(ret));
+goto done;
+}
+
+ret = EOK;
+
+done:
+return ret;
+}
+
 errno_t sss_tool_route(int argc, const char **argv,
struct sss_tool_ctx *tool_ctx,
struct sss_route_cmd *commands,
@@ -308,6 +312,7 @@ errno_t sss_tool_route(int argc, const char **argv,
 struct sss_cmdline cmdline;
 const char *cmd;
 int i;
+int ret;
 
 if (commands == NULL) {
 DEBUG(SSSDBG_CRIT_FAILURE, "Bug: commands can't be NULL!\n");
@@ -339,6 +344,14 @@ errno_t sss_tool_route(int argc, const char **argv,
 return tool_ctx->init_err;
 }
 
+ret = tool_cmd_init(tool_ctx, [i]);
+if (ret != EOK) {
+DEBUG(SSSDBG_FATAL_FAILURE,
+  "Command initialization failed [%d] %s\n",
+  ret, sss_strerror(ret));
+return ret;
+}
+
 return

[SSSD] [sssd PR#48][synchronized] sssctl: Flags for commadn initialization

2016-10-25 Thread lslebodn

   URL: https://github.com/SSSD/sssd/pull/48
Author: mzidek-rh
 Title: #48: sssctl: Flags for commadn initialization
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/48/head:pr48
git checkout pr48
From 0a318f767a3479cd04008c8da909ccadf18252ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= 
Date: Wed, 12 Oct 2016 13:09:37 +0200
Subject: [PATCH] sssctl: Flags for command initialization

Allow passing flags for command specific initialization. Currently
only one flag is available to skip the confdb initialization which is
required to improve config-check command.

Resolves:
https://fedorahosted.org/sssd/ticket/3209
---
 src/tools/common/sss_tools.c | 93 +---
 src/tools/common/sss_tools.h | 15 +--
 src/tools/sssctl/sssctl.c|  2 +-
 3 files changed, 66 insertions(+), 44 deletions(-)

diff --git a/src/tools/common/sss_tools.c b/src/tools/common/sss_tools.c
index 686b53a..6c0d1a4 100644
--- a/src/tools/common/sss_tools.c
+++ b/src/tools/common/sss_tools.c
@@ -182,7 +182,6 @@ errno_t sss_tool_init(TALLOC_CTX *mem_ctx,
   struct sss_tool_ctx **_tool_ctx)
 {
 struct sss_tool_ctx *tool_ctx;
-errno_t ret;
 
 tool_ctx = talloc_zero(mem_ctx, struct sss_tool_ctx);
 if (tool_ctx == NULL) {
@@ -192,45 +191,9 @@ errno_t sss_tool_init(TALLOC_CTX *mem_ctx,
 
 sss_tool_common_opts(tool_ctx, argc, argv);
 
-/* Connect to confdb. */
-ret = sss_tool_confdb_init(tool_ctx, _ctx->confdb);
-if (ret != EOK) {
-DEBUG(SSSDBG_CRIT_FAILURE, "Unable to open confdb [%d]: %s\n",
-   ret, sss_strerror(ret));
-goto done;
-}
+*_tool_ctx = tool_ctx;
 
-/* Setup domains. */
-ret = sss_tool_domains_init(tool_ctx, tool_ctx->confdb, _ctx->domains);
-if (ret != EOK) {
-DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup domains [%d]: %s\n",
-   ret, sss_strerror(ret));
-goto done;
-}
-
-ret = confdb_get_string(tool_ctx->confdb, tool_ctx,
-CONFDB_MONITOR_CONF_ENTRY,
-CONFDB_MONITOR_DEFAULT_DOMAIN,
-NULL, _ctx->default_domain);
-if (ret != EOK) {
-DEBUG(SSSDBG_OP_FAILURE, "Cannot get the default domain [%d]: %s\n",
- ret, strerror(ret));
-goto done;
-}
-
-ret = EOK;
-
-done:
-switch (ret) {
-case EOK:
-case ERR_SYSDB_VERSION_TOO_OLD:
-*_tool_ctx = tool_ctx;
-break;
-default:
-break;
-}
-
-return ret;
+return EOK;
 }
 
 static bool sss_tool_is_delimiter(struct sss_route_cmd *command)
@@ -300,6 +263,49 @@ void sss_tool_usage(const char *tool_name, struct sss_route_cmd *commands)
 sss_tool_print_common_opts(min_len);
 }
 
+static int tool_cmd_init(struct sss_tool_ctx *tool_ctx,
+ struct sss_route_cmd *command)
+{
+int ret;
+
+if (command->flags & SSS_TOOL_FLAG_NOCONF) {
+/* This tool does not need to connect to confdb or
+ * initialize the domain contexts. Nothing to do. */
+return EOK;
+}
+
+/* Connect to confdb. */
+ret = sss_tool_confdb_init(tool_ctx, _ctx->confdb);
+if (ret != EOK) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Unable to open confdb [%d]: %s\n",
+  ret, sss_strerror(ret));
+goto done;
+}
+
+/* Setup domains. */
+ret = sss_tool_domains_init(tool_ctx, tool_ctx->confdb, _ctx->domains);
+if (ret != EOK) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup domains [%d]: %s\n",
+  ret, sss_strerror(ret));
+goto done;
+}
+
+ret = confdb_get_string(tool_ctx->confdb, tool_ctx,
+CONFDB_MONITOR_CONF_ENTRY,
+CONFDB_MONITOR_DEFAULT_DOMAIN,
+NULL, _ctx->default_domain);
+if (ret != EOK) {
+DEBUG(SSSDBG_OP_FAILURE, "Cannot get the default domain [%d]: %s\n",
+  ret, strerror(ret));
+goto done;
+}
+
+ret = EOK;
+
+done:
+return ret;
+}
+
 errno_t sss_tool_route(int argc, const char **argv,
struct sss_tool_ctx *tool_ctx,
struct sss_route_cmd *commands,
@@ -308,6 +314,7 @@ errno_t sss_tool_route(int argc, const char **argv,
 struct sss_cmdline cmdline;
 const char *cmd;
 int i;
+int ret;
 
 if (commands == NULL) {
 DEBUG(SSSDBG_CRIT_FAILURE, "Bug: commands can't be NULL!\n");
@@ -339,6 +346,14 @@ errno_t sss_tool_route(int argc, const char **argv,
 return tool_ctx->init_err;
 }
 
+ret = tool_cmd_init(tool_ctx, [i]);
+if (ret != EOK) {
+DEBUG(SSSDBG_FATAL_FAILURE,
+  "Command initialization failed [%d] %s\n",
+

[SSSD] [sssd PR#60][comment] Document ad_access_filter search for nested groups

2016-10-25 Thread abbra

  URL: https://github.com/SSSD/sssd/pull/60
Title: #60: Document ad_access_filter search for nested groups

abbra commented:
"""
Please use this URL: https://msdn.microsoft.com/en-us/library/cc223367.aspx
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/60#issuecomment-256004734
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#43][comment] RESPONDER: Enable sudoRule in case insen. domains (1.14)

2016-10-25 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/43
Title: #43: RESPONDER: Enable sudoRule in case insen. domains (1.14)

pbrezina commented:
"""
I see why it works now, what I originally meant was to create a whole new 
attribute, say sudoUserAlias that would contain lowercased values so we can 
also distinguish between original and custom data when debugging issues. Can 
you do it this way, please? The change should be small.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/43#issuecomment-25611
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#60][comment] Document ad_access_filter search for nested groups

2016-10-25 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/60
Title: #60: Document ad_access_filter search for nested groups

jhrozek commented:
"""
Additionally, if there is some link to MSDN explaining what the OID is, it 
would be nice to add that link
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/60#issuecomment-255976616
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#57][synchronized] LDAP/AD: resolve domain local groups for remote users

2016-10-25 Thread sumit-bose

   URL: https://github.com/SSSD/sssd/pull/57
Author: sumit-bose
 Title: #57: LDAP/AD: resolve domain local groups for remote users
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/57/head:pr57
git checkout pr57
From 1aa8ad842ca327c6dd8dc27b9e904f8486d9abf4 Mon Sep 17 00:00:00 2001
From: Sumit Bose 
Date: Tue, 18 Oct 2016 14:59:19 +0200
Subject: [PATCH 1/3] sysdb: add parent_dom to sysdb_get_direct_parents()

Currently sysdb_get_direct_parents() only return direct parents from the
same domain as the child object. In setups with sub-domains this might
not be sufficient. A new option parent_dom is added which allows to
specify a domain the direct parents should be lookup up in. If it is
NULL the whole cache is searched.
---
 src/db/sysdb.h | 21 +
 src/db/sysdb_search.c  |  7 ++-
 src/providers/ldap/sdap_async_initgroups.c | 11 +++
 3 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 7de3acd..f5d3ddb 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -1137,8 +1137,29 @@ errno_t sysdb_remove_attrs(struct sss_domain_info *domain,
enum sysdb_member_type type,
char **remove_attrs);
 
+/**
+ * @brief Return direct parents of an object in the cache
+ *
+ * @param[in]  mem_ctx Memory context the result should be allocated
+ * on
+ * @param[in]  dom domain the object is in
+ * @param[in]  parent_dom  domain which should be searched for direct
+ * parents if NULL all domains in the given cache
+ * are searched
+ * @param[in]  mtype   Type of the object, SYSDB_MEMBER_USER or
+ * SYSDB_MEMBER_GROUP
+ * @param[in]  nameName of the object
+ * @param[out] _direct_parents List of names of the direct parent groups
+ *
+ *
+ * @return
+ *  - EOK:success
+ *  - EINVAL: wrong mtype
+ *  - ENOMEM: Memory allocation failed
+ */
 errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
  struct sss_domain_info *dom,
+ struct sss_domain_info *parent_dom,
  enum sysdb_member_type mtype,
  const char *name,
  char ***_direct_parents);
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
index cfee578..4d63c38 100644
--- a/src/db/sysdb_search.c
+++ b/src/db/sysdb_search.c
@@ -1981,6 +1981,7 @@ int sysdb_get_netgroup_attr(TALLOC_CTX *mem_ctx,
 
 errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
  struct sss_domain_info *dom,
+ struct sss_domain_info *parent_dom,
  enum sysdb_member_type mtype,
  const char *name,
  char ***_direct_parents)
@@ -2029,7 +2030,11 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
 goto done;
 }
 
-basedn = sysdb_group_base_dn(tmp_ctx, dom);
+if (parent_dom == NULL) {
+basedn = sysdb_base_dn(dom->sysdb, tmp_ctx);
+} else {
+basedn = sysdb_group_base_dn(tmp_ctx, parent_dom);
+}
 if (!basedn) {
 ret = ENOMEM;
 goto done;
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index df39de3..7a2eef4 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -1301,7 +1301,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
 }
 }
 
-ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER,
+ret = sysdb_get_direct_parents(tmp_ctx, state->dom, state->dom,
+   SYSDB_MEMBER_USER,
state->username, _parent_name_list);
 if (ret) {
 DEBUG(SSSDBG_CRIT_FAILURE,
@@ -1388,7 +1389,7 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx,
 goto done;
 }
 
-ret = sysdb_get_direct_parents(tmp_ctx, dom, SYSDB_MEMBER_GROUP,
+ret = sysdb_get_direct_parents(tmp_ctx, dom, dom, SYSDB_MEMBER_GROUP,
group_name, _parents_names_list);
 if (ret) {
 DEBUG(SSSDBG_CRIT_FAILURE,
@@ -2070,7 +2071,8 @@ rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data)
 goto done;
 }
 
-ret = sysdb_get_direct_parents(tmp_ctx, mstate->dom, SYSDB_MEMBER_GROUP,
+ret = sysdb_get_direct_parents(tmp_ctx, mstate->dom, mstate->dom,
+   SYSDB_MEMBER_GROUP,
group_name, _parents_names_list);
 if (ret) {

[SSSD] [sssd PR#60][comment] Document ad_access_filter search for nested groups

2016-10-25 Thread sumit-bose

  URL: https://github.com/SSSD/sssd/pull/60
Title: #60: Document ad_access_filter search for nested groups

sumit-bose commented:
"""
Thank you for the patch. Given the related discussion in ticket 
https://fedorahosted.org/sssd/ticket/3218 I think it would help if you can add 
a sentence saying that becasue of the ':' characters in the filter part the 
option must always use the full format with DOM or FOREST and the name.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/60#issuecomment-255974002
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#57][comment] LDAP/AD: resolve domain local groups for remote users

2016-10-25 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/57
Title: #57: LDAP/AD: resolve domain local groups for remote users

lslebodn commented:
"""
retest this please
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/57#issuecomment-255969624
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: [PATCH SET] SYSDB: Adding message to inform about cache

2016-10-25 Thread Petr Cech


On 10/20/2016 01:14 PM, Petr Cech wrote:

On 09/22/2016 01:04 PM, Lukas Slebodnik wrote:

Attached is an alternative solution for debugging ldb functions
How to test:
LD_PRELOAD=.libs/sss_ldb_debug.so ./sysdb-tests -d 10

The only think would be to find out why LD_PRELOAD in
/etc/sysconfig/sssd is not passwd to child processes.
MY_LD_PRELOAD is passed without issue.

LS


Hello all,

I just replaced wrappers with Lukas patch. Thanks.

I tested manually LD_PRELOAD, it worked fine if you use
export LD_PRELOAD... how it has been described above in Lukas answer.
I wasn't successful with /etc/sysconfig/sssd too. And uncle google is
silent :-(

I propose to change the commit message of the third patch to `export
LD_PRELAOD=...` instead of `/etc/sysconfig/sssd`. So it should work.

Any other idea?


So,

I changed commit message in last commit to
`export LD_PRELAOD=...`
New patch set is attached.

Regards

--
Petr^4 Čech
>From c67ccc872eb5dacc98f626c10740424cef205334 Mon Sep 17 00:00:00 2001
From: Petr Cech 
Date: Tue, 16 Aug 2016 09:32:18 +0200
Subject: [PATCH 1/3] SYSDB: Adding message to inform which cache is used

Resolves:
https://fedorahosted.org/sssd/ticket/3060
---
 src/db/sysdb_ops.c | 31 +++
 1 file changed, 31 insertions(+)

diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 29f4b1d1597bd98541a152dd6462caa864fbf2fd..8b194e3db48870aecd54b21bd3d0b77dc342f9e5 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -27,6 +27,11 @@
 #include "util/cert.h"
 #include 
 
+
+#define SSS_SYSDB_NO_CACHE 0x0
+#define SSS_SYSDB_CACHE 0x1
+#define SSS_SYSDB_TS_CACHE 0x2
+
 static uint32_t get_attr_as_uint32(struct ldb_message *msg, const char *attr)
 {
 const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr);
@@ -1176,6 +1181,21 @@ done:
 return ret;
 }
 
+static const char *get_attr_storage(int state_mask)
+{
+const char *storage = "unknown";
+
+if (state_mask == (SSS_SYSDB_CACHE | SSS_SYSDB_TS_CACHE)) {
+storage = "cache, ts_cache";
+} else if (state_mask == SSS_SYSDB_TS_CACHE) {
+storage = "ts_cache";
+} else if (state_mask == SSS_SYSDB_CACHE) {
+storage = "cache";
+}
+
+return storage;
+}
+
 int sysdb_set_entry_attr(struct sysdb_ctx *sysdb,
  struct ldb_dn *entry_dn,
  struct sysdb_attrs *attrs,
@@ -1184,6 +1204,7 @@ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb,
 bool sysdb_write = true;
 errno_t ret = EOK;
 errno_t tret = EOK;
+int state_mask = SSS_SYSDB_NO_CACHE;
 
 sysdb_write = sysdb_entry_attrs_diff(sysdb, entry_dn, attrs, mod_op);
 if (sysdb_write == true) {
@@ -1192,6 +1213,8 @@ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb,
 DEBUG(SSSDBG_MINOR_FAILURE,
   "Cannot set attrs for %s, %d [%s]\n",
   ldb_dn_get_linearized(entry_dn), ret, sss_strerror(ret));
+} else {
+state_mask |= SSS_SYSDB_CACHE;
 }
 }
 
@@ -1201,9 +1224,17 @@ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb,
 DEBUG(SSSDBG_MINOR_FAILURE,
 "Cannot set ts attrs for %s\n", ldb_dn_get_linearized(entry_dn));
 /* Not fatal */
+} else {
+state_mask |= SSS_SYSDB_TS_CACHE;
 }
 }
 
+if (state_mask != SSS_SYSDB_NO_CACHE) {
+DEBUG(SSSDBG_FUNC_DATA, "Entry [%s] has set [%s] attrs.\n",
+ldb_dn_get_linearized(entry_dn),
+get_attr_storage(state_mask));
+}
+
 return ret;
 }
 
-- 
2.7.4

>From 1f4e5b03442ea87a117c54a30550fbc357ff10a7 Mon Sep 17 00:00:00 2001
From: Petr Cech 
Date: Tue, 16 Aug 2016 09:33:46 +0200
Subject: [PATCH 2/3] SYSDB: Adding message about reason why cache changed

Resolves:
https://fedorahosted.org/sssd/ticket/3060
---
 src/db/sysdb.c | 24 
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/src/db/sysdb.c b/src/db/sysdb.c
index 6f0b1b9e9b52bede68f03cb5674f65b91cc28c98..b67769ed11fc0796d1987f09aa568c2db4a0ffab 100644
--- a/src/db/sysdb.c
+++ b/src/db/sysdb.c
@@ -1821,7 +1821,8 @@ bool sysdb_msg_attrs_modts_differs(struct ldb_message *old_entry,
 return true;
 }
 
-static bool sysdb_ldb_msg_difference(struct ldb_message *db_msg,
+static bool sysdb_ldb_msg_difference(struct ldb_dn *entry_dn,
+ struct ldb_message *db_msg,
  struct ldb_message *mod_msg)
 {
 struct ldb_message_element *mod_msg_el;
@@ -1848,6 +1849,9 @@ static bool sysdb_ldb_msg_difference(struct ldb_message *db_msg,
  */
 if (mod_msg_el->num_values > 0) {
 /* We can ignore additions of timestamp attributes */
+DEBUG(SSSDBG_TRACE_INTERNAL,
+  "Added attr [%s] to entry [%s]\n",
+  mod_msg_el->name,

[SSSD] [sssd PR#64][comment] BUILD: Accept krb5 1.15 for building the PAC plugin

2016-10-25 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/64
Title: #64: BUILD: Accept krb5 1.15 for building the PAC plugin

lslebodn commented:
"""
http://sssd-ci.duckdns.org/logs/job/55/53/summary.html

master:
* 11d2a1183d7017f3d453d0a7046004b6968fefb5

sssd-1-4:
* 6a96323fb511565908a5a7ce7b1d6e0d40aa647d

sssd-1-13:
* 63641202e1cfb62b5f3ec6ea1c9b1fc7611d91ef
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/64#issuecomment-255963886
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#64][+Pushed] BUILD: Accept krb5 1.15 for building the PAC plugin

2016-10-25 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/64
Title: #64: BUILD: Accept krb5 1.15 for building the PAC plugin

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#65][opened] Fixing of nitpicks

2016-10-25 Thread celestian

   URL: https://github.com/SSSD/sssd/pull/65
Author: celestian
 Title: #65: Fixing of nitpicks
Action: opened

PR body:
"""
Hello,
there are two simple patches. I found those things during static analysis of 
SSSD code.
Petr
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/65/head:pr65
git checkout pr65
From e0a86010fe7c65cce7f561b2213e6046346d9aab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= 
Date: Mon, 24 Oct 2016 16:14:58 +0200
Subject: [PATCH 1/2] RESPONDER: Adding of return value checking

---
 src/responder/common/data_provider/rdp_message.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/src/responder/common/data_provider/rdp_message.c b/src/responder/common/data_provider/rdp_message.c
index 6ad2ba0..d0ce365 100644
--- a/src/responder/common/data_provider/rdp_message.c
+++ b/src/responder/common/data_provider/rdp_message.c
@@ -269,6 +269,10 @@ static void rdp_message_send_and_reply_done(DBusPendingCall *pending,
 sbus_req = talloc_get_type(ptr, struct sbus_request);
 
 ret = rdp_process_pending_call(sbus_req, pending, );
+if (ret != EOK) {
+/* Something bad happened. Just kill the request. */
+goto done;
+}
 if (reply == NULL) {
 /* Something bad happened. Just kill the request. */
 ret = EIO;

From 5b6ebb39b9d597c849e4ab458b6dc3421f876e7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= 
Date: Mon, 24 Oct 2016 16:20:22 +0200
Subject: [PATCH 2/2] UTIL: Removing of never read value

---
 src/util/sss_krb5.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 2d2dfc4..4808a77 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -1104,7 +1104,6 @@ bool sss_krb5_realm_has_proxy(const char *realm)
 
 kerr = profile_get_values(profile, profile_path, );
 if (kerr == PROF_NO_RELATION || kerr == PROF_NO_SECTION) {
-kerr = 0;
 goto done;
 } else if (kerr != 0) {
 DEBUG(SSSDBG_OP_FAILURE, "profile_get_values failed.\n");
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#56][comment] Update dlopen test

2016-10-25 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/56
Title: #56: Update dlopen test

celestian commented:
"""
OK, I understand. So there is no obstacles now.
ACK
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/56#issuecomment-255961391
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#56][+Accepted] Update dlopen test

2016-10-25 Thread celestian

  URL: https://github.com/SSSD/sssd/pull/56
Title: #56: Update dlopen test

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#56][comment] Update dlopen test

2016-10-25 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/56
Title: #56: Update dlopen test

lslebodn commented:
"""
On (25/10/16 00:36), celestian wrote:
>celestian requested changes on this pull request.
>
>Hello Lukáš,
>
>I found one little nitpick (see inline comment).
>
>And there is CI summary:
>http://sssd-ci.duckdns.org/logs/job/55/54/summary.html
>
>```
># 
>http://sssd-ci.duckdns.org/logs/job/55/54/fedora_rawhide/ci-build-debug/ci-mock-result/build.log
>
>RPM build errors:
>Empty %files file /builddir/build/BUILD/sssd-1.14.90/sssd_client.lang
>File not found: 
> /builddir/build/BUILDROOT/sssd-1.14.90-0.fc26.x86_64/usr/lib64/krb5/plugins/authdata/sssd_pac_plugin.so
>Child return code was: 1
>EXCEPTION: [Error()]
>Traceback (most recent call last):
>  File "/usr/lib/python3.5/site-packages/mockbuild/trace_decorator.py", line 
> 89, in trace
>result = func(*args, **kw)
>  File "/usr/lib/python3.5/site-packages/mockbuild/util.py", line 569, in do
>raise exception.Error("Command failed. See logs for output.\n # %s" % 
> (command,), child.returncode)
>mockbuild.exception.Error: Command failed. See logs for output.
> # bash --login -c /usr/bin/rpmbuild -bb --target x86_64 --nodeps 
> /builddir/build/SPECS/sssd.spec
>```
>It seems it is not connected to your patch set.
>

Yes, it's fixed in PR#64

>However, code LGTM.
>
>> @@ -154,16 +155,84 @@ static bool recursive_dlopen(const char **name, int 
>> round, char **errmsg)
> return ok;
> }
> 
>+static int file_so_filter(const struct dirent *ent)
>
>Just a nitpick -- if function returns values 0 and 1 and it is answer to 
>question of type yes/no, isn't bool better than int?  
>

No,
because this function is used as a callback in scandir which
requires such prototype.

#see man 3 SCANDIR

LS
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/56#issuecomment-255960749
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#60][synchronized] Document ad_access_filter search for nested groups

[SSSD] [sssd PR#63][comment] BUILD: Fix installation without samba

[SSSD] [sssd PR#61][comment] BUILD: Fix build without samba

[SSSD] [sssd PR#57][comment] LDAP/AD: resolve domain local groups for remote users

[SSSD] [sssd PR#63][comment] BUILD: Fix installation without samba

[SSSD] [sssd PR#57][comment] LDAP/AD: resolve domain local groups for remote users

[SSSD] [sssd PR#49][comment] Try to match multiple results from an AD initgroups request against domain's search bases, too

[SSSD] [sssd PR#57][comment] LDAP/AD: resolve domain local groups for remote users

[SSSD] [sssd PR#66][comment] Minor Dynamic DNS fixes

[SSSD] [sssd PR#48][-Changes requested] sssctl: Flags for commadn initialization

[SSSD] [sssd PR#56][comment] Update dlopen test

[SSSD] [sssd PR#56][+Pushed] Update dlopen test

[SSSD] [sssd PR#56][closed] Update dlopen test

[SSSD] [sssd PR#66][comment] Minor Dynamic DNS fixes

[SSSD] [sssd PR#66][comment] Minor Dynamic DNS fixes

[SSSD] [sssd PR#66][opened] Minor Dynamic DNS fixes

[SSSD] [sssd PR#43][comment] RESPONDER: Enable sudoRule in case insen. domains (1.15)

[SSSD] [sssd PR#43][edited] RESPONDER: Enable sudoRule in case insen. domains (1.15)

[SSSD] [sssd PR#43][synchronized] RESPONDER: Enable sudoRule in case insen. domains (1.14)

[SSSD] [sssd PR#48][comment] sssctl: Flags for commadn initialization

[SSSD] [sssd PR#48][synchronized] sssctl: Flags for commadn initialization

[SSSD] [sssd PR#48][synchronized] sssctl: Flags for commadn initialization

[SSSD] [sssd PR#60][comment] Document ad_access_filter search for nested groups

[SSSD] [sssd PR#43][comment] RESPONDER: Enable sudoRule in case insen. domains (1.14)

[SSSD] [sssd PR#60][comment] Document ad_access_filter search for nested groups

[SSSD] [sssd PR#57][synchronized] LDAP/AD: resolve domain local groups for remote users

[SSSD] [sssd PR#60][comment] Document ad_access_filter search for nested groups

[SSSD] [sssd PR#57][comment] LDAP/AD: resolve domain local groups for remote users

[SSSD] Re: [PATCH SET] SYSDB: Adding message to inform about cache

[SSSD] [sssd PR#64][comment] BUILD: Accept krb5 1.15 for building the PAC plugin

[SSSD] [sssd PR#64][+Pushed] BUILD: Accept krb5 1.15 for building the PAC plugin

[SSSD] [sssd PR#65][opened] Fixing of nitpicks

[SSSD] [sssd PR#56][comment] Update dlopen test

[SSSD] [sssd PR#56][+Accepted] Update dlopen test

[SSSD] [sssd PR#56][comment] Update dlopen test

35 matches

Site Navigation

Mail list logo

Footer information