[SSSD] [sssd PR#60][synchronized] Document ad_access_filter search for nested groups
URL: https://github.com/SSSD/sssd/pull/60 Author: taupehat Title: #60: Document ad_access_filter search for nested groups Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/60/head:pr60 git checkout pr60 From 1c1a849a72ef0dd8778b009e9964fe2b0c8beaa6 Mon Sep 17 00:00:00 2001 From: taupehatDate: Wed, 19 Oct 2016 09:42:34 -0700 Subject: [PATCH 1/2] ad_access_filter search for nested groups Includes instructions and example --- src/man/sssd-ad.5.xml | 9 + 1 file changed, 9 insertions(+) diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 8a2f4ad..b52cae0 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -235,6 +235,12 @@ ad_enabled_domains = sales.example.com, eng.example.com ? character, similarly to how search bases work. + +Nested group membership must be searched for using +a special OID :1.2.840.113556.1.4.1941:. +If you do not use this OID then nested group membership +will not be resolved. See example below. + The most specific match is always used. For example, if the option specified filter @@ -255,6 +261,9 @@ DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com) # apply filter on forest called EXAMPLE.COM only: FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) + +# apply filter for a member of a nested group in dom1: +DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com) Default: Not set From 86665d4eace4da2e2817ef01d6dcc31a6c7da87a Mon Sep 17 00:00:00 2001 From: taupehat Date: Tue, 25 Oct 2016 14:31:12 -0700 Subject: [PATCH 2/2] Further documentation of AD nested group access --- src/man/sssd-ad.5.xml | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index b52cae0..01cff3f 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -237,9 +237,14 @@ ad_enabled_domains = sales.example.com, eng.example.com Nested group membership must be searched for using -a special OID :1.2.840.113556.1.4.1941:. -If you do not use this OID then nested group membership -will not be resolved. See example below. +a special OID :1.2.840.113556.1.4.1941: +in addition to the full DOM:domain.example.org: syntax +to ensure the parser does not attempt to interpret the +colon characters associated with the OID. If you do not +use this OID then nested group membership will not be +resolved. See usage example below and refer here +for further information about the OID: +https://msdn.microsoft.com/en-us/library/cc223367.aspx The most specific match is always used. For ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#63][comment] BUILD: Fix installation without samba
URL: https://github.com/SSSD/sssd/pull/63 Title: #63: BUILD: Fix installation without samba lslebodn commented: """ ok to test """ See the full comment at https://github.com/SSSD/sssd/pull/63#issuecomment-256124715 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#61][comment] BUILD: Fix build without samba
URL: https://github.com/SSSD/sssd/pull/61 Title: #61: BUILD: Fix build without samba lslebodn commented: """ On (21/10/16 05:09), fidencio wrote: >Please, fix the typos in the commit message before pushing. > >shoudl bw -> should be > Nice catch. Fixed. master: * 4117ae3230f6744c255b0309e86d519d7e41d2d7 LS """ See the full comment at https://github.com/SSSD/sssd/pull/61#issuecomment-256122252 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#57][comment] LDAP/AD: resolve domain local groups for remote users
URL: https://github.com/SSSD/sssd/pull/57 Title: #57: LDAP/AD: resolve domain local groups for remote users sumit-bose commented: """ On Fri, Oct 21, 2016 at 01:22:08AM -0700, Jakub Hrozek wrote: > Hmm, looks like github ate my mail, so let's paste the comment again (and > sorry if it arrives twice). Coverity detected some warnings: > ``` > Error: COMPILER_WARNING: > sssd-1.14.90/src/providers/ldap/sdap_async_initgroups_ad.c:1554:12: warning: > unused variable 'd' [-Wunused-variable] > # size_t d; > #^ hm, I wonder why gcc 4.9.2 didn't show those warnings for sdap_async_initgroups_ad.c but shows it for other files? Nevertheless, I can see the warnings with newer versions of gcc and updated the patch. bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/57#issuecomment-256118920 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#63][comment] BUILD: Fix installation without samba
URL: https://github.com/SSSD/sssd/pull/63 Title: #63: BUILD: Fix installation without samba lslebodn commented: """ On (22/10/16 10:05), fidencio wrote: >Patch makes sense. >I'll run our CI on this and ACK as soon as CI passes. > Our CI would not catch such use-case. But I verfied it with following steps: ``` ./configure --without-samba make -j8 check make install DESTDIR=$PWD/_inst ``` `make check` still fails but that's solved in different PR https://github.com/SSSD/sssd/pull/56 ACK++ LS """ See the full comment at https://github.com/SSSD/sssd/pull/63#issuecomment-256117695 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#57][comment] LDAP/AD: resolve domain local groups for remote users
URL: https://github.com/SSSD/sssd/pull/57 Title: #57: LDAP/AD: resolve domain local groups for remote users lslebodn commented: """ On (21/10/16 01:22), Jakub Hrozek wrote: >Hmm, looks like github ate my mail, so let's paste the comment again (and >sorry if it arrives twice). Coverity detected some warnings: It has nothing to do with coverity. All warnings are reported by gcc. covscan != coverity LS """ See the full comment at https://github.com/SSSD/sssd/pull/57#issuecomment-256116764 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#49][comment] Try to match multiple results from an AD initgroups request against domain's search bases, too
URL: https://github.com/SSSD/sssd/pull/49 Title: #49: Try to match multiple results from an AD initgroups request against domain's search bases, too jhrozek commented: """ Bump. Could anyone review this patch, please? """ See the full comment at https://github.com/SSSD/sssd/pull/49#issuecomment-256086797 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#57][comment] LDAP/AD: resolve domain local groups for remote users
URL: https://github.com/SSSD/sssd/pull/57 Title: #57: LDAP/AD: resolve domain local groups for remote users jhrozek commented: """ Thanks for the changes, at least with the previous version all the tests with the domain-local groups were working for me and the internal ad_forest test didn't catch any new regressions (some tests are failing, but those are failing even with the old version). I haven't had the chance to run the IPA-AD tests yet. """ See the full comment at https://github.com/SSSD/sssd/pull/57#issuecomment-256087211 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#66][comment] Minor Dynamic DNS fixes
URL: https://github.com/SSSD/sssd/pull/66 Title: #66: Minor Dynamic DNS fixes jhrozek commented: """ ok to test """ See the full comment at https://github.com/SSSD/sssd/pull/66#issuecomment-256084328 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#48][-Changes requested] sssctl: Flags for commadn initialization
URL: https://github.com/SSSD/sssd/pull/48 Title: #48: sssctl: Flags for commadn initialization Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#56][comment] Update dlopen test
URL: https://github.com/SSSD/sssd/pull/56 Title: #56: Update dlopen test lslebodn commented: """ On (25/10/16 00:45), celestian wrote: >OK, I understand. So there is no obstacles now. > >ACK > master: * c7b3c43cf669e39f7ce5f4ef1a2e939b31a8b7b9 * d708e53d0df0c1ed4cc0097bebfa2a84d7b20fad * 558b8f3cd2439c01e139cf5f812aea9409fe776a * bacc66dc6f446d47be18b61d569721481d70386b sssd-1-14: * 7251859d8cdb2fc57c969f67ac76904fea331cd0 * a52c7df943a7b685609b66c49264c6d1805d31c2 * 9b972260cb805e3537ab9464ef5347348792d7cf * a64409a528257ee0706cc12a1b974a159edac041 LS """ See the full comment at https://github.com/SSSD/sssd/pull/56#issuecomment-256065486 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#56][+Pushed] Update dlopen test
URL: https://github.com/SSSD/sssd/pull/56 Title: #56: Update dlopen test Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#56][closed] Update dlopen test
URL: https://github.com/SSSD/sssd/pull/56 Author: lslebodn Title: #56: Update dlopen test Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/56/head:pr56 git checkout pr56 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#66][comment] Minor Dynamic DNS fixes
URL: https://github.com/SSSD/sssd/pull/66 Title: #66: Minor Dynamic DNS fixes centos-ci commented: """ Can one of the admins verify this patch? """ See the full comment at https://github.com/SSSD/sssd/pull/66#issuecomment-25603 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#66][comment] Minor Dynamic DNS fixes
URL: https://github.com/SSSD/sssd/pull/66 Title: #66: Minor Dynamic DNS fixes centos-ci commented: """ Can one of the admins verify this patch? """ See the full comment at https://github.com/SSSD/sssd/pull/66#issuecomment-25607 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#66][opened] Minor Dynamic DNS fixes
URL: https://github.com/SSSD/sssd/pull/66 Author: justin-stephenson Title: #66: Minor Dynamic DNS fixes Action: opened PR body: """ To provide a bit more information, one of the fixes is to correct NULL being printed here(https://fedorahosted.org/sssd/ticket/3220): [nsupdate_msg_create_common] (0x0200): Creating update message for realm [(null)]. For the other(https://bugzilla.redhat.com/show_bug.cgi?id=1386748), It is not uncommon for nsupdate to successfully update DNS records but report the error below which results in return(2) to be called inside nsupdate code TSIG error with server: tsig verify failure It is easy to reproduce with AD DNS changing Dynamic DNS to 'Nonsecure and secure' on the Zone Properties. This patch allows PTR records to continue when this happens, however in this case our debug log messages still report failure and I think some improvement should be made here(not sure how exactly though) [child_sig_handler] (0x1000): Waiting for child [3710]. [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512] [child_sig_handler] (0x0020): child [3710] failed with status [2]. [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158238]: Dynamic DNS update failed It would be nice to correct this at the nsupdate level if this is not the expected behavior also. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/66/head:pr66 git checkout pr66 From bd43541be56b035c1bd0cd5887381ea545da5e73 Mon Sep 17 00:00:00 2001 From: Justin StephensonDate: Mon, 24 Oct 2016 15:46:50 -0400 Subject: [PATCH 1/2] DYNDNS: Update PTR record after non-fatal error Continue to send PTR record update in situations where the nsupdate child forward zone updates are successful but nsupdate returns non-zero Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1386748 --- src/providers/ldap/sdap_dyndns.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/providers/ldap/sdap_dyndns.c b/src/providers/ldap/sdap_dyndns.c index 83ec051..9d28b57 100644 --- a/src/providers/ldap/sdap_dyndns.c +++ b/src/providers/ldap/sdap_dyndns.c @@ -381,9 +381,6 @@ sdap_dyndns_update_done(struct tevent_req *subreq) return; } } - -tevent_req_error(req, ret); -return; } if (state->update_ptr == false) { From 919f2261c7a54b95a91077c79a4753ecdf7843c8 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Mon, 24 Oct 2016 18:04:11 -0400 Subject: [PATCH 2/2] DYNDNS: Correct debug log message of realm If the realm is not added to the nsupdate message, the SSSD Debug log message should inform about utilizing autodiscovered realm. Resolves: https://fedorahosted.org/sssd/ticket/3220 --- src/providers/be_dyndns.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/providers/be_dyndns.c b/src/providers/be_dyndns.c index 07dc333..1120654 100644 --- a/src/providers/be_dyndns.c +++ b/src/providers/be_dyndns.c @@ -435,11 +435,15 @@ nsupdate_msg_create_common(TALLOC_CTX *mem_ctx, const char *realm, /* Add the server, realm and headers */ update_msg = talloc_asprintf(tmp_ctx, "server %s\n%s", servername, realm_directive); -} else { +} else if (realm) { DEBUG(SSSDBG_FUNC_DATA, "Creating update message for realm [%s].\n", realm); /* Add the realm headers */ update_msg = talloc_asprintf(tmp_ctx, "%s", realm_directive); +} else { +DEBUG(SSSDBG_FUNC_DATA, + "Creating update message for auto-discovered realm.\n"); +update_msg = talloc_asprintf(tmp_ctx, "%s", realm_directive); } talloc_free(realm_directive); if (update_msg == NULL) { ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#43][comment] RESPONDER: Enable sudoRule in case insen. domains (1.15)
URL: https://github.com/SSSD/sssd/pull/43 Title: #43: RESPONDER: Enable sudoRule in case insen. domains (1.15) celestian commented: """ Of course, it is simple. I pushed new version. Thanks for comment. """ See the full comment at https://github.com/SSSD/sssd/pull/43#issuecomment-256042823 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#43][edited] RESPONDER: Enable sudoRule in case insen. domains (1.15)
URL: https://github.com/SSSD/sssd/pull/43 Author: celestian Title: #43: RESPONDER: Enable sudoRule in case insen. domains (1.15) Action: edited Changed field: title Original value: """ RESPONDER: Enable sudoRule in case insen. domains (1.14) """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#43][synchronized] RESPONDER: Enable sudoRule in case insen. domains (1.14)
URL: https://github.com/SSSD/sssd/pull/43 Author: celestian Title: #43: RESPONDER: Enable sudoRule in case insen. domains (1.14) Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/43/head:pr43 git checkout pr43 From fbc12bcdad4547d698ddbb9771e125ff7ae981df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?=Date: Wed, 12 Oct 2016 16:48:38 +0200 Subject: [PATCH 1/2] SYSDB: Adding lowercase sudoUser form If domain is not case sensitive we add lowercase form of usernames to sudoUser attributes. So we actually able to apply sudoRule on user Administrator@... with login admnistrator@... Resolves: https://fedorahosted.org/sssd/ticket/3203 --- src/db/sysdb_sudo.c | 63 + 1 file changed, 63 insertions(+) diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index 601fb63..02dbda4 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -852,6 +852,64 @@ sysdb_sudo_add_sss_attrs(struct sysdb_attrs *rule, return EOK; } +static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain, +struct sysdb_attrs *rule) +{ +TALLOC_CTX *tmp_ctx; +const char **users = NULL; +const char *lowered = NULL; +errno_t ret; + +if (domain->case_sensitive == true || rule == NULL) { +return EOK; +} + +tmp_ctx = talloc_new(NULL); +if (tmp_ctx == NULL) { +return ENOMEM; +} + +ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_USER, tmp_ctx, + ); +if (ret != EOK) { +DEBUG(SSSDBG_OP_FAILURE, "Unable to get %s attribute [%d]: %s\n", +SYSDB_SUDO_CACHE_AT_USER, ret, strerror(ret)); +goto done; +} +if (users == NULL) { +ret = EOK; +goto done; +} + +for (int i = 0; users[i] != NULL; i++) { +lowered = sss_tc_utf8_str_tolower(tmp_ctx, users[i]); +if (lowered == NULL) { +DEBUG(SSSDBG_OP_FAILURE, "Cannot convert name to lowercase.\n"); +ret = ENOMEM; +goto done; +} + +if (strcmp(users[i], lowered) == 0) { +/* It protects us from adding duplicate. */ +continue; +} + +ret = sysdb_attrs_add_string(rule, SYSDB_SUDO_CACHE_AT_USER, lowered); +if (ret != EOK) { +DEBUG(SSSDBG_OP_FAILURE, + "Unable to add %s attribute [%d]: %s\n", + SYSDB_SUDO_CACHE_AT_USER, ret, strerror(ret)); +goto done; +} +} + +ret = EOK; + +done: +talloc_zfree(tmp_ctx); +return ret; +} + static errno_t sysdb_sudo_store_rule(struct sss_domain_info *domain, struct sysdb_attrs *rule, @@ -868,6 +926,11 @@ sysdb_sudo_store_rule(struct sss_domain_info *domain, DEBUG(SSSDBG_TRACE_FUNC, "Adding sudo rule %s\n", name); +ret = sysdb_sudo_add_lowered_users(domain, rule); +if (ret != EOK) { +return ret; +} + ret = sysdb_sudo_add_sss_attrs(rule, name, cache_timeout, now); if (ret != EOK) { return ret; From d07a744d068416352012380e4ab756591ae62e2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?= Date: Thu, 13 Oct 2016 09:31:52 +0200 Subject: [PATCH 2/2] TESTS: Extending sysdb sudo store tests We covered diference between case sensitive and case insensitive domains. If domain is case insensitive we add lowercase form of sudoUser to local sysdb cache. Resolves: https://fedorahosted.org/sssd/ticket/3203 --- src/tests/cmocka/test_sysdb_sudo.c | 178 - 1 file changed, 177 insertions(+), 1 deletion(-) diff --git a/src/tests/cmocka/test_sysdb_sudo.c b/src/tests/cmocka/test_sysdb_sudo.c index 889de72..18dac33 100644 --- a/src/tests/cmocka/test_sysdb_sudo.c +++ b/src/tests/cmocka/test_sysdb_sudo.c @@ -44,7 +44,7 @@ struct test_user { const char *name; uid_t uid; gid_t gid; -} users[] = { { "test_user1", 1001, 1001 }, +} users[] = { { "test_USER1", 1001, 1001 }, { "test_user2", 1002, 1002 }, { "test_user3", 1003, 1003 } }; @@ -104,6 +104,29 @@ static void create_rule_attrs(struct sysdb_attrs *rule, int i) assert_int_equal(ret, EOK); } +static void create_rule_attrs_multiple_sudoUser(struct sysdb_attrs *rule) +{ +errno_t ret; + +ret = sysdb_attrs_add_string_safe(rule, SYSDB_SUDO_CACHE_AT_CN, + rules[0].name); +assert_int_equal(ret, EOK); + +ret = sysdb_attrs_add_string_safe(rule, SYSDB_SUDO_CACHE_AT_HOST, + rules[0].host); +assert_int_equal(ret, EOK); + +ret = sysdb_attrs_add_string_safe(rule, SYSDB_SUDO_CACHE_AT_RUNASUSER, + rules[0].as_user); +assert_int_equal(ret, EOK); + +for (int
[SSSD] [sssd PR#48][comment] sssctl: Flags for commadn initialization
URL: https://github.com/SSSD/sssd/pull/48 Title: #48: sssctl: Flags for commadn initialization lslebodn commented: """ We(mzidek, lslebodn) tried some feature for github. "Allow edits from maintainers." > When you are creating a new pull request, you'll see a checkbox > > labelled "Allow edits from maintainers". This is enabled by default. > > > > With this in place, anyone with commit access to the repository that > > is the target of the pull request will also be able to push changes > > to the branch of the repository that is the origin of the pull > > request. > But information about this changes does not appear in the conversation itself. Anyway we renamed the flag into `SSS_TOOL_FLAG_SKIP_CMD_INIT` """ See the full comment at https://github.com/SSSD/sssd/pull/48#issuecomment-256040056 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#48][synchronized] sssctl: Flags for commadn initialization
URL: https://github.com/SSSD/sssd/pull/48 Author: mzidek-rh Title: #48: sssctl: Flags for commadn initialization Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/48/head:pr48 git checkout pr48 From 5b21efc068780fe565a3b1b93759ac313fae3801 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?=Date: Wed, 12 Oct 2016 13:09:37 +0200 Subject: [PATCH] sssctl: Flags for command initialization Allow passing flags for command specific initialization. Currently only one flag is available to skip the confdb initialization which is required to improve config-check command. Resolves: https://fedorahosted.org/sssd/ticket/3209 --- src/tools/common/sss_tools.c | 91 +--- src/tools/common/sss_tools.h | 14 +-- src/tools/sssctl/sssctl.c| 2 +- 3 files changed, 63 insertions(+), 44 deletions(-) diff --git a/src/tools/common/sss_tools.c b/src/tools/common/sss_tools.c index 686b53a..0f4f468 100644 --- a/src/tools/common/sss_tools.c +++ b/src/tools/common/sss_tools.c @@ -182,7 +182,6 @@ errno_t sss_tool_init(TALLOC_CTX *mem_ctx, struct sss_tool_ctx **_tool_ctx) { struct sss_tool_ctx *tool_ctx; -errno_t ret; tool_ctx = talloc_zero(mem_ctx, struct sss_tool_ctx); if (tool_ctx == NULL) { @@ -192,45 +191,9 @@ errno_t sss_tool_init(TALLOC_CTX *mem_ctx, sss_tool_common_opts(tool_ctx, argc, argv); -/* Connect to confdb. */ -ret = sss_tool_confdb_init(tool_ctx, _ctx->confdb); -if (ret != EOK) { -DEBUG(SSSDBG_CRIT_FAILURE, "Unable to open confdb [%d]: %s\n", - ret, sss_strerror(ret)); -goto done; -} +*_tool_ctx = tool_ctx; -/* Setup domains. */ -ret = sss_tool_domains_init(tool_ctx, tool_ctx->confdb, _ctx->domains); -if (ret != EOK) { -DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup domains [%d]: %s\n", - ret, sss_strerror(ret)); -goto done; -} - -ret = confdb_get_string(tool_ctx->confdb, tool_ctx, -CONFDB_MONITOR_CONF_ENTRY, -CONFDB_MONITOR_DEFAULT_DOMAIN, -NULL, _ctx->default_domain); -if (ret != EOK) { -DEBUG(SSSDBG_OP_FAILURE, "Cannot get the default domain [%d]: %s\n", - ret, strerror(ret)); -goto done; -} - -ret = EOK; - -done: -switch (ret) { -case EOK: -case ERR_SYSDB_VERSION_TOO_OLD: -*_tool_ctx = tool_ctx; -break; -default: -break; -} - -return ret; +return EOK; } static bool sss_tool_is_delimiter(struct sss_route_cmd *command) @@ -300,6 +263,47 @@ void sss_tool_usage(const char *tool_name, struct sss_route_cmd *commands) sss_tool_print_common_opts(min_len); } +static int tool_cmd_init(struct sss_tool_ctx *tool_ctx, + struct sss_route_cmd *command) +{ +int ret; + +if (command->flags & SSS_TOOL_FLAG_SKIP_CMD_INIT) { +return EOK; +} + +/* Connect to confdb. */ +ret = sss_tool_confdb_init(tool_ctx, _ctx->confdb); +if (ret != EOK) { +DEBUG(SSSDBG_CRIT_FAILURE, "Unable to open confdb [%d]: %s\n", + ret, sss_strerror(ret)); +goto done; +} + +/* Setup domains. */ +ret = sss_tool_domains_init(tool_ctx, tool_ctx->confdb, _ctx->domains); +if (ret != EOK) { +DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup domains [%d]: %s\n", + ret, sss_strerror(ret)); +goto done; +} + +ret = confdb_get_string(tool_ctx->confdb, tool_ctx, +CONFDB_MONITOR_CONF_ENTRY, +CONFDB_MONITOR_DEFAULT_DOMAIN, +NULL, _ctx->default_domain); +if (ret != EOK) { +DEBUG(SSSDBG_OP_FAILURE, "Cannot get the default domain [%d]: %s\n", + ret, strerror(ret)); +goto done; +} + +ret = EOK; + +done: +return ret; +} + errno_t sss_tool_route(int argc, const char **argv, struct sss_tool_ctx *tool_ctx, struct sss_route_cmd *commands, @@ -308,6 +312,7 @@ errno_t sss_tool_route(int argc, const char **argv, struct sss_cmdline cmdline; const char *cmd; int i; +int ret; if (commands == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Bug: commands can't be NULL!\n"); @@ -339,6 +344,14 @@ errno_t sss_tool_route(int argc, const char **argv, return tool_ctx->init_err; } +ret = tool_cmd_init(tool_ctx, [i]); +if (ret != EOK) { +DEBUG(SSSDBG_FATAL_FAILURE, + "Command initialization failed [%d] %s\n", + ret, sss_strerror(ret)); +return ret; +} + return
[SSSD] [sssd PR#48][synchronized] sssctl: Flags for commadn initialization
URL: https://github.com/SSSD/sssd/pull/48 Author: mzidek-rh Title: #48: sssctl: Flags for commadn initialization Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/48/head:pr48 git checkout pr48 From 0a318f767a3479cd04008c8da909ccadf18252ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?=Date: Wed, 12 Oct 2016 13:09:37 +0200 Subject: [PATCH] sssctl: Flags for command initialization Allow passing flags for command specific initialization. Currently only one flag is available to skip the confdb initialization which is required to improve config-check command. Resolves: https://fedorahosted.org/sssd/ticket/3209 --- src/tools/common/sss_tools.c | 93 +--- src/tools/common/sss_tools.h | 15 +-- src/tools/sssctl/sssctl.c| 2 +- 3 files changed, 66 insertions(+), 44 deletions(-) diff --git a/src/tools/common/sss_tools.c b/src/tools/common/sss_tools.c index 686b53a..6c0d1a4 100644 --- a/src/tools/common/sss_tools.c +++ b/src/tools/common/sss_tools.c @@ -182,7 +182,6 @@ errno_t sss_tool_init(TALLOC_CTX *mem_ctx, struct sss_tool_ctx **_tool_ctx) { struct sss_tool_ctx *tool_ctx; -errno_t ret; tool_ctx = talloc_zero(mem_ctx, struct sss_tool_ctx); if (tool_ctx == NULL) { @@ -192,45 +191,9 @@ errno_t sss_tool_init(TALLOC_CTX *mem_ctx, sss_tool_common_opts(tool_ctx, argc, argv); -/* Connect to confdb. */ -ret = sss_tool_confdb_init(tool_ctx, _ctx->confdb); -if (ret != EOK) { -DEBUG(SSSDBG_CRIT_FAILURE, "Unable to open confdb [%d]: %s\n", - ret, sss_strerror(ret)); -goto done; -} +*_tool_ctx = tool_ctx; -/* Setup domains. */ -ret = sss_tool_domains_init(tool_ctx, tool_ctx->confdb, _ctx->domains); -if (ret != EOK) { -DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup domains [%d]: %s\n", - ret, sss_strerror(ret)); -goto done; -} - -ret = confdb_get_string(tool_ctx->confdb, tool_ctx, -CONFDB_MONITOR_CONF_ENTRY, -CONFDB_MONITOR_DEFAULT_DOMAIN, -NULL, _ctx->default_domain); -if (ret != EOK) { -DEBUG(SSSDBG_OP_FAILURE, "Cannot get the default domain [%d]: %s\n", - ret, strerror(ret)); -goto done; -} - -ret = EOK; - -done: -switch (ret) { -case EOK: -case ERR_SYSDB_VERSION_TOO_OLD: -*_tool_ctx = tool_ctx; -break; -default: -break; -} - -return ret; +return EOK; } static bool sss_tool_is_delimiter(struct sss_route_cmd *command) @@ -300,6 +263,49 @@ void sss_tool_usage(const char *tool_name, struct sss_route_cmd *commands) sss_tool_print_common_opts(min_len); } +static int tool_cmd_init(struct sss_tool_ctx *tool_ctx, + struct sss_route_cmd *command) +{ +int ret; + +if (command->flags & SSS_TOOL_FLAG_NOCONF) { +/* This tool does not need to connect to confdb or + * initialize the domain contexts. Nothing to do. */ +return EOK; +} + +/* Connect to confdb. */ +ret = sss_tool_confdb_init(tool_ctx, _ctx->confdb); +if (ret != EOK) { +DEBUG(SSSDBG_CRIT_FAILURE, "Unable to open confdb [%d]: %s\n", + ret, sss_strerror(ret)); +goto done; +} + +/* Setup domains. */ +ret = sss_tool_domains_init(tool_ctx, tool_ctx->confdb, _ctx->domains); +if (ret != EOK) { +DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup domains [%d]: %s\n", + ret, sss_strerror(ret)); +goto done; +} + +ret = confdb_get_string(tool_ctx->confdb, tool_ctx, +CONFDB_MONITOR_CONF_ENTRY, +CONFDB_MONITOR_DEFAULT_DOMAIN, +NULL, _ctx->default_domain); +if (ret != EOK) { +DEBUG(SSSDBG_OP_FAILURE, "Cannot get the default domain [%d]: %s\n", + ret, strerror(ret)); +goto done; +} + +ret = EOK; + +done: +return ret; +} + errno_t sss_tool_route(int argc, const char **argv, struct sss_tool_ctx *tool_ctx, struct sss_route_cmd *commands, @@ -308,6 +314,7 @@ errno_t sss_tool_route(int argc, const char **argv, struct sss_cmdline cmdline; const char *cmd; int i; +int ret; if (commands == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Bug: commands can't be NULL!\n"); @@ -339,6 +346,14 @@ errno_t sss_tool_route(int argc, const char **argv, return tool_ctx->init_err; } +ret = tool_cmd_init(tool_ctx, [i]); +if (ret != EOK) { +DEBUG(SSSDBG_FATAL_FAILURE, + "Command initialization failed [%d] %s\n", +
[SSSD] [sssd PR#60][comment] Document ad_access_filter search for nested groups
URL: https://github.com/SSSD/sssd/pull/60 Title: #60: Document ad_access_filter search for nested groups abbra commented: """ Please use this URL: https://msdn.microsoft.com/en-us/library/cc223367.aspx """ See the full comment at https://github.com/SSSD/sssd/pull/60#issuecomment-256004734 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#43][comment] RESPONDER: Enable sudoRule in case insen. domains (1.14)
URL: https://github.com/SSSD/sssd/pull/43 Title: #43: RESPONDER: Enable sudoRule in case insen. domains (1.14) pbrezina commented: """ I see why it works now, what I originally meant was to create a whole new attribute, say sudoUserAlias that would contain lowercased values so we can also distinguish between original and custom data when debugging issues. Can you do it this way, please? The change should be small. """ See the full comment at https://github.com/SSSD/sssd/pull/43#issuecomment-25611 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#60][comment] Document ad_access_filter search for nested groups
URL: https://github.com/SSSD/sssd/pull/60 Title: #60: Document ad_access_filter search for nested groups jhrozek commented: """ Additionally, if there is some link to MSDN explaining what the OID is, it would be nice to add that link """ See the full comment at https://github.com/SSSD/sssd/pull/60#issuecomment-255976616 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#57][synchronized] LDAP/AD: resolve domain local groups for remote users
URL: https://github.com/SSSD/sssd/pull/57 Author: sumit-bose Title: #57: LDAP/AD: resolve domain local groups for remote users Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/57/head:pr57 git checkout pr57 From 1aa8ad842ca327c6dd8dc27b9e904f8486d9abf4 Mon Sep 17 00:00:00 2001 From: Sumit BoseDate: Tue, 18 Oct 2016 14:59:19 +0200 Subject: [PATCH 1/3] sysdb: add parent_dom to sysdb_get_direct_parents() Currently sysdb_get_direct_parents() only return direct parents from the same domain as the child object. In setups with sub-domains this might not be sufficient. A new option parent_dom is added which allows to specify a domain the direct parents should be lookup up in. If it is NULL the whole cache is searched. --- src/db/sysdb.h | 21 + src/db/sysdb_search.c | 7 ++- src/providers/ldap/sdap_async_initgroups.c | 11 +++ 3 files changed, 34 insertions(+), 5 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 7de3acd..f5d3ddb 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -1137,8 +1137,29 @@ errno_t sysdb_remove_attrs(struct sss_domain_info *domain, enum sysdb_member_type type, char **remove_attrs); +/** + * @brief Return direct parents of an object in the cache + * + * @param[in] mem_ctx Memory context the result should be allocated + * on + * @param[in] dom domain the object is in + * @param[in] parent_dom domain which should be searched for direct + * parents if NULL all domains in the given cache + * are searched + * @param[in] mtype Type of the object, SYSDB_MEMBER_USER or + * SYSDB_MEMBER_GROUP + * @param[in] nameName of the object + * @param[out] _direct_parents List of names of the direct parent groups + * + * + * @return + * - EOK:success + * - EINVAL: wrong mtype + * - ENOMEM: Memory allocation failed + */ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, + struct sss_domain_info *parent_dom, enum sysdb_member_type mtype, const char *name, char ***_direct_parents); diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index cfee578..4d63c38 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -1981,6 +1981,7 @@ int sysdb_get_netgroup_attr(TALLOC_CTX *mem_ctx, errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, + struct sss_domain_info *parent_dom, enum sysdb_member_type mtype, const char *name, char ***_direct_parents) @@ -2029,7 +2030,11 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx, goto done; } -basedn = sysdb_group_base_dn(tmp_ctx, dom); +if (parent_dom == NULL) { +basedn = sysdb_base_dn(dom->sysdb, tmp_ctx); +} else { +basedn = sysdb_group_base_dn(tmp_ctx, parent_dom); +} if (!basedn) { ret = ENOMEM; goto done; diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index df39de3..7a2eef4 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -1301,7 +1301,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) } } -ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER, +ret = sysdb_get_direct_parents(tmp_ctx, state->dom, state->dom, + SYSDB_MEMBER_USER, state->username, _parent_name_list); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -1388,7 +1389,7 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, goto done; } -ret = sysdb_get_direct_parents(tmp_ctx, dom, SYSDB_MEMBER_GROUP, +ret = sysdb_get_direct_parents(tmp_ctx, dom, dom, SYSDB_MEMBER_GROUP, group_name, _parents_names_list); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -2070,7 +2071,8 @@ rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data) goto done; } -ret = sysdb_get_direct_parents(tmp_ctx, mstate->dom, SYSDB_MEMBER_GROUP, +ret = sysdb_get_direct_parents(tmp_ctx, mstate->dom, mstate->dom, + SYSDB_MEMBER_GROUP, group_name, _parents_names_list); if (ret) {
[SSSD] [sssd PR#60][comment] Document ad_access_filter search for nested groups
URL: https://github.com/SSSD/sssd/pull/60 Title: #60: Document ad_access_filter search for nested groups sumit-bose commented: """ Thank you for the patch. Given the related discussion in ticket https://fedorahosted.org/sssd/ticket/3218 I think it would help if you can add a sentence saying that becasue of the ':' characters in the filter part the option must always use the full format with DOM or FOREST and the name. """ See the full comment at https://github.com/SSSD/sssd/pull/60#issuecomment-255974002 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#57][comment] LDAP/AD: resolve domain local groups for remote users
URL: https://github.com/SSSD/sssd/pull/57 Title: #57: LDAP/AD: resolve domain local groups for remote users lslebodn commented: """ retest this please """ See the full comment at https://github.com/SSSD/sssd/pull/57#issuecomment-255969624 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] Re: [PATCH SET] SYSDB: Adding message to inform about cache
On 10/20/2016 01:14 PM, Petr Cech wrote: On 09/22/2016 01:04 PM, Lukas Slebodnik wrote: Attached is an alternative solution for debugging ldb functions How to test: LD_PRELOAD=.libs/sss_ldb_debug.so ./sysdb-tests -d 10 The only think would be to find out why LD_PRELOAD in /etc/sysconfig/sssd is not passwd to child processes. MY_LD_PRELOAD is passed without issue. LS Hello all, I just replaced wrappers with Lukas patch. Thanks. I tested manually LD_PRELOAD, it worked fine if you use export LD_PRELOAD... how it has been described above in Lukas answer. I wasn't successful with /etc/sysconfig/sssd too. And uncle google is silent :-( I propose to change the commit message of the third patch to `export LD_PRELAOD=...` instead of `/etc/sysconfig/sssd`. So it should work. Any other idea? So, I changed commit message in last commit to `export LD_PRELAOD=...` New patch set is attached. Regards -- Petr^4 Čech >From c67ccc872eb5dacc98f626c10740424cef205334 Mon Sep 17 00:00:00 2001 From: Petr CechDate: Tue, 16 Aug 2016 09:32:18 +0200 Subject: [PATCH 1/3] SYSDB: Adding message to inform which cache is used Resolves: https://fedorahosted.org/sssd/ticket/3060 --- src/db/sysdb_ops.c | 31 +++ 1 file changed, 31 insertions(+) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 29f4b1d1597bd98541a152dd6462caa864fbf2fd..8b194e3db48870aecd54b21bd3d0b77dc342f9e5 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -27,6 +27,11 @@ #include "util/cert.h" #include + +#define SSS_SYSDB_NO_CACHE 0x0 +#define SSS_SYSDB_CACHE 0x1 +#define SSS_SYSDB_TS_CACHE 0x2 + static uint32_t get_attr_as_uint32(struct ldb_message *msg, const char *attr) { const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr); @@ -1176,6 +1181,21 @@ done: return ret; } +static const char *get_attr_storage(int state_mask) +{ +const char *storage = "unknown"; + +if (state_mask == (SSS_SYSDB_CACHE | SSS_SYSDB_TS_CACHE)) { +storage = "cache, ts_cache"; +} else if (state_mask == SSS_SYSDB_TS_CACHE) { +storage = "ts_cache"; +} else if (state_mask == SSS_SYSDB_CACHE) { +storage = "cache"; +} + +return storage; +} + int sysdb_set_entry_attr(struct sysdb_ctx *sysdb, struct ldb_dn *entry_dn, struct sysdb_attrs *attrs, @@ -1184,6 +1204,7 @@ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb, bool sysdb_write = true; errno_t ret = EOK; errno_t tret = EOK; +int state_mask = SSS_SYSDB_NO_CACHE; sysdb_write = sysdb_entry_attrs_diff(sysdb, entry_dn, attrs, mod_op); if (sysdb_write == true) { @@ -1192,6 +1213,8 @@ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb, DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set attrs for %s, %d [%s]\n", ldb_dn_get_linearized(entry_dn), ret, sss_strerror(ret)); +} else { +state_mask |= SSS_SYSDB_CACHE; } } @@ -1201,9 +1224,17 @@ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb, DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set ts attrs for %s\n", ldb_dn_get_linearized(entry_dn)); /* Not fatal */ +} else { +state_mask |= SSS_SYSDB_TS_CACHE; } } +if (state_mask != SSS_SYSDB_NO_CACHE) { +DEBUG(SSSDBG_FUNC_DATA, "Entry [%s] has set [%s] attrs.\n", +ldb_dn_get_linearized(entry_dn), +get_attr_storage(state_mask)); +} + return ret; } -- 2.7.4 >From 1f4e5b03442ea87a117c54a30550fbc357ff10a7 Mon Sep 17 00:00:00 2001 From: Petr Cech Date: Tue, 16 Aug 2016 09:33:46 +0200 Subject: [PATCH 2/3] SYSDB: Adding message about reason why cache changed Resolves: https://fedorahosted.org/sssd/ticket/3060 --- src/db/sysdb.c | 24 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/src/db/sysdb.c b/src/db/sysdb.c index 6f0b1b9e9b52bede68f03cb5674f65b91cc28c98..b67769ed11fc0796d1987f09aa568c2db4a0ffab 100644 --- a/src/db/sysdb.c +++ b/src/db/sysdb.c @@ -1821,7 +1821,8 @@ bool sysdb_msg_attrs_modts_differs(struct ldb_message *old_entry, return true; } -static bool sysdb_ldb_msg_difference(struct ldb_message *db_msg, +static bool sysdb_ldb_msg_difference(struct ldb_dn *entry_dn, + struct ldb_message *db_msg, struct ldb_message *mod_msg) { struct ldb_message_element *mod_msg_el; @@ -1848,6 +1849,9 @@ static bool sysdb_ldb_msg_difference(struct ldb_message *db_msg, */ if (mod_msg_el->num_values > 0) { /* We can ignore additions of timestamp attributes */ +DEBUG(SSSDBG_TRACE_INTERNAL, + "Added attr [%s] to entry [%s]\n", + mod_msg_el->name,
[SSSD] [sssd PR#64][comment] BUILD: Accept krb5 1.15 for building the PAC plugin
URL: https://github.com/SSSD/sssd/pull/64 Title: #64: BUILD: Accept krb5 1.15 for building the PAC plugin lslebodn commented: """ http://sssd-ci.duckdns.org/logs/job/55/53/summary.html master: * 11d2a1183d7017f3d453d0a7046004b6968fefb5 sssd-1-4: * 6a96323fb511565908a5a7ce7b1d6e0d40aa647d sssd-1-13: * 63641202e1cfb62b5f3ec6ea1c9b1fc7611d91ef """ See the full comment at https://github.com/SSSD/sssd/pull/64#issuecomment-255963886 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#64][+Pushed] BUILD: Accept krb5 1.15 for building the PAC plugin
URL: https://github.com/SSSD/sssd/pull/64 Title: #64: BUILD: Accept krb5 1.15 for building the PAC plugin Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#65][opened] Fixing of nitpicks
URL: https://github.com/SSSD/sssd/pull/65 Author: celestian Title: #65: Fixing of nitpicks Action: opened PR body: """ Hello, there are two simple patches. I found those things during static analysis of SSSD code. Petr """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/65/head:pr65 git checkout pr65 From e0a86010fe7c65cce7f561b2213e6046346d9aab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?=Date: Mon, 24 Oct 2016 16:14:58 +0200 Subject: [PATCH 1/2] RESPONDER: Adding of return value checking --- src/responder/common/data_provider/rdp_message.c | 4 1 file changed, 4 insertions(+) diff --git a/src/responder/common/data_provider/rdp_message.c b/src/responder/common/data_provider/rdp_message.c index 6ad2ba0..d0ce365 100644 --- a/src/responder/common/data_provider/rdp_message.c +++ b/src/responder/common/data_provider/rdp_message.c @@ -269,6 +269,10 @@ static void rdp_message_send_and_reply_done(DBusPendingCall *pending, sbus_req = talloc_get_type(ptr, struct sbus_request); ret = rdp_process_pending_call(sbus_req, pending, ); +if (ret != EOK) { +/* Something bad happened. Just kill the request. */ +goto done; +} if (reply == NULL) { /* Something bad happened. Just kill the request. */ ret = EIO; From 5b6ebb39b9d597c849e4ab458b6dc3421f876e7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?= Date: Mon, 24 Oct 2016 16:20:22 +0200 Subject: [PATCH 2/2] UTIL: Removing of never read value --- src/util/sss_krb5.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index 2d2dfc4..4808a77 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -1104,7 +1104,6 @@ bool sss_krb5_realm_has_proxy(const char *realm) kerr = profile_get_values(profile, profile_path, ); if (kerr == PROF_NO_RELATION || kerr == PROF_NO_SECTION) { -kerr = 0; goto done; } else if (kerr != 0) { DEBUG(SSSDBG_OP_FAILURE, "profile_get_values failed.\n"); ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#56][comment] Update dlopen test
URL: https://github.com/SSSD/sssd/pull/56 Title: #56: Update dlopen test celestian commented: """ OK, I understand. So there is no obstacles now. ACK """ See the full comment at https://github.com/SSSD/sssd/pull/56#issuecomment-255961391 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#56][+Accepted] Update dlopen test
URL: https://github.com/SSSD/sssd/pull/56 Title: #56: Update dlopen test Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#56][comment] Update dlopen test
URL: https://github.com/SSSD/sssd/pull/56 Title: #56: Update dlopen test lslebodn commented: """ On (25/10/16 00:36), celestian wrote: >celestian requested changes on this pull request. > >Hello Lukáš, > >I found one little nitpick (see inline comment). > >And there is CI summary: >http://sssd-ci.duckdns.org/logs/job/55/54/summary.html > >``` ># >http://sssd-ci.duckdns.org/logs/job/55/54/fedora_rawhide/ci-build-debug/ci-mock-result/build.log > >RPM build errors: >Empty %files file /builddir/build/BUILD/sssd-1.14.90/sssd_client.lang >File not found: > /builddir/build/BUILDROOT/sssd-1.14.90-0.fc26.x86_64/usr/lib64/krb5/plugins/authdata/sssd_pac_plugin.so >Child return code was: 1 >EXCEPTION: [Error()] >Traceback (most recent call last): > File "/usr/lib/python3.5/site-packages/mockbuild/trace_decorator.py", line > 89, in trace >result = func(*args, **kw) > File "/usr/lib/python3.5/site-packages/mockbuild/util.py", line 569, in do >raise exception.Error("Command failed. See logs for output.\n # %s" % > (command,), child.returncode) >mockbuild.exception.Error: Command failed. See logs for output. > # bash --login -c /usr/bin/rpmbuild -bb --target x86_64 --nodeps > /builddir/build/SPECS/sssd.spec >``` >It seems it is not connected to your patch set. > Yes, it's fixed in PR#64 >However, code LGTM. > >> @@ -154,16 +155,84 @@ static bool recursive_dlopen(const char **name, int >> round, char **errmsg) > return ok; > } > >+static int file_so_filter(const struct dirent *ent) > >Just a nitpick -- if function returns values 0 and 1 and it is answer to >question of type yes/no, isn't bool better than int? > No, because this function is used as a callback in scandir which requires such prototype. #see man 3 SCANDIR LS """ See the full comment at https://github.com/SSSD/sssd/pull/56#issuecomment-255960749 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org