[SSSD] [sssd PR#237][comment] providers: Move hostid from ipa to sdap
URL: https://github.com/SSSD/sssd/pull/237 Title: #237: providers: Move hostid from ipa to sdap hvenev commented: """ When this patch is applied to 1.15.3, all tests are passing and things seem to be working fine when using ldap. """ See the full comment at https://github.com/SSSD/sssd/pull/237#issuecomment-318501152 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#325][comment] MAN: Improve description of 'trusted domain section' in sssd.conf's man page
URL: https://github.com/SSSD/sssd/pull/325 Title: #325: MAN: Improve description of 'trusted domain section' in sssd.conf's man page fidencio commented: """ I'm adding "Changes Requested" label as per my review. """ See the full comment at https://github.com/SSSD/sssd/pull/325#issuecomment-318495236 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#325][+Changes requested] MAN: Improve description of 'trusted domain section' in sssd.conf's man page
URL: https://github.com/SSSD/sssd/pull/325 Title: #325: MAN: Improve description of 'trusted domain section' in sssd.conf's man page Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#214][comment] UTIL: Set udp_preference_limit=0 in krb5 snippet
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet fidencio commented: """ @frozencemetery. thanks for checking it out. I'll take over the review in the next few days (unless I have an ACK from you ;-)). """ See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-318480125 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#214][-Changes requested] UTIL: Set udp_preference_limit=0 in krb5 snippet
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#326][+Changes requested] IPA: check if IPA hostname is a FQDN
URL: https://github.com/SSSD/sssd/pull/326 Title: #326: IPA: check if IPA hostname is a FQDN Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#326][comment] IPA: check if IPA hostname is a FQDN
URL: https://github.com/SSSD/sssd/pull/326 Title: #326: IPA: check if IPA hostname is a FQDN fidencio commented: """ @amitkumar50: I've tested the patch, it works, but I'll request some changes in it. Let me write you here a few general recommendations based on a few different parts of the code: - Commit message: Although the commit message itself is good, please, don't use more than 72 characters in the body (please, see https://github.com/SSSD/sssd/blob/master/.git-commit-template) - Coding style: - Instead of doing `if(!ipa_check_fqdn(ipa_hostname)){ `, please, do `if (!ipa_check_fqdn(ipa_hostname)) {`; - Be careful about the alignment. So, instead of doing: ``` DEBUG(SSSDBG_CRIT_FAILURE, "ipa_hostname is not Fully Qualified Domain Name.\n"); ``` please, do: ``` DEBUG(SSSDBG_CRIT_FAILURE, "ipa_hostname is not Fully Qualified Domain Name.\n"); ``` - Only use implicit checks against bool. For instance, instead of `if(ret){`, please, do `if (ret != NULL) {` And last but not least, I do believe this function could be an internal one inside src/providers/ipa/ipa_init.c as I do believe the check could be done only in the ipa_init_server_mode() function. Thanks a lot for the patch and I'm setting the "Changes Requested" label as per this review. """ See the full comment at https://github.com/SSSD/sssd/pull/326#issuecomment-318405884 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#214][comment] UTIL: Set udp_preference_limit=0 in krb5 snippet
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet frozencemetery commented: """ @fidencio it looks like it's been addressed. Thanks for checking! """ See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-318387652 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#225][-Changes requested] SECRETS: Apply separate quotas for cn=secrets and cn=kcm
URL: https://github.com/SSSD/sssd/pull/225 Title: #225: SECRETS: Apply separate quotas for cn=secrets and cn=kcm Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#225][comment] SECRETS: Apply separate quotas for cn=secrets and cn=kcm
URL: https://github.com/SSSD/sssd/pull/225 Title: #225: SECRETS: Apply separate quotas for cn=secrets and cn=kcm jhrozek commented: """ I squashed in @fidencio's fixup and pushed new version of the patches.. """ See the full comment at https://github.com/SSSD/sssd/pull/225#issuecomment-318370499 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#225][synchronized] SECRETS: Apply separate quotas for cn=secrets and cn=kcm
URL: https://github.com/SSSD/sssd/pull/225 Author: jhrozek Title: #225: SECRETS: Apply separate quotas for cn=secrets and cn=kcm Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/225/head:pr225 git checkout pr225 From 45dc03220c333d06c0cf147167e47a56db217059 Mon Sep 17 00:00:00 2001 From: Jakub HrozekDate: Tue, 30 May 2017 12:19:53 +0200 Subject: [PATCH 1/9] SECRETS: Remove unused declarations --- src/responder/secrets/secsrv.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/responder/secrets/secsrv.h b/src/responder/secrets/secsrv.h index 3d23c405b..0575cbaba 100644 --- a/src/responder/secrets/secsrv.h +++ b/src/responder/secrets/secsrv.h @@ -32,8 +32,6 @@ #define SEC_NET_TIMEOUT 5 -struct resctx; - struct sec_ctx { struct resolv_ctx *resctx; struct resp_ctx *rctx; From a9f4aa3e544001cd2f963957cfdc2213834e4d23 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 5 Jun 2017 15:19:13 +0200 Subject: [PATCH 2/9] SECRETS: Do not link with c-ares Since we started using libcurl for the proxy provider, there is no point in initializing or linking against c-ares. If we want to explicitly use a resolver in the future, we should use libcurl callbacks. --- Makefile.am| 1 - src/responder/secrets/proxy.c | 2 -- src/responder/secrets/secsrv.c | 6 -- src/responder/secrets/secsrv.h | 3 --- 4 files changed, 12 deletions(-) diff --git a/Makefile.am b/Makefile.am index e7d69d2f0..9e3b492e8 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1494,7 +1494,6 @@ sssd_secrets_SOURCES = \ src/util/sss_iobuf.c \ src/util/tev_curl.c \ $(SSSD_RESPONDER_OBJ) \ -$(SSSD_RESOLV_OBJ) \ $(NULL) sssd_secrets_LDADD = \ $(HTTP_PARSER_LIBS) \ diff --git a/src/responder/secrets/proxy.c b/src/responder/secrets/proxy.c index a4e97f83e..a910b3853 100644 --- a/src/responder/secrets/proxy.c +++ b/src/responder/secrets/proxy.c @@ -29,7 +29,6 @@ #define SEC_PROXY_TIMEOUT 5 struct proxy_context { -struct resolv_ctx *resctx; struct confdb_ctx *cdb; struct tcurl_ctx *tcurl; }; @@ -585,7 +584,6 @@ int proxy_secrets_provider_handle(struct sec_ctx *sctx, pctx = talloc(handle, struct proxy_context); if (!pctx) return ENOMEM; -pctx->resctx = sctx->resctx; pctx->cdb = sctx->rctx->cdb; pctx->tcurl = tcurl_init(pctx, sctx->rctx->ev); if (pctx->tcurl == NULL) { diff --git a/src/responder/secrets/secsrv.c b/src/responder/secrets/secsrv.c index b0467e90e..ae2a658ae 100644 --- a/src/responder/secrets/secsrv.c +++ b/src/responder/secrets/secsrv.c @@ -162,12 +162,6 @@ static int sec_process_init(TALLOC_CTX *mem_ctx, goto fail; } -ret = resolv_init(sctx, ev, SEC_NET_TIMEOUT, >resctx); -if (ret != EOK) { -/* not fatal for now */ -DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize resolver library\n"); -} - /* Set up file descriptor limits */ responder_set_fd_limit(sctx->fd_limit); diff --git a/src/responder/secrets/secsrv.h b/src/responder/secrets/secsrv.h index 0575cbaba..1aad272da 100644 --- a/src/responder/secrets/secsrv.h +++ b/src/responder/secrets/secsrv.h @@ -30,10 +30,7 @@ #include #include -#define SEC_NET_TIMEOUT 5 - struct sec_ctx { -struct resolv_ctx *resctx; struct resp_ctx *rctx; int fd_limit; int containers_nest_level; From 90b768e06daa7c719ba6b94a58ecadead00cacea Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 30 May 2017 12:31:57 +0200 Subject: [PATCH 3/9] SECRETS: Store quotas in a per-hive configuration structure Adds two new structures to hold the quotas and associate a quota with a hive. This is just an internal change for now, but will allow us to read quota configuration from per-hive sections later. --- src/responder/secrets/local.c | 21 + src/responder/secrets/secsrv.c | 6 +++--- src/responder/secrets/secsrv.h | 17 ++--- 3 files changed, 26 insertions(+), 18 deletions(-) diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c index 66401ef50..0b879939f 100644 --- a/src/responder/secrets/local.c +++ b/src/responder/secrets/local.c @@ -34,9 +34,8 @@ struct local_context { struct ldb_context *ldb; struct sec_data master_key; -int containers_nest_level; -int max_secrets; -int max_payload_size; + +struct sec_quota *quota_secrets; }; static int local_decrypt(struct local_context *lctx, TALLOC_CTX *mem_ctx, @@ -398,11 +397,11 @@ static int local_db_check_containers_nest_level(struct local_context *lctx, /* We need do not care for the synthetic containers that constitute the * base path (cn=,cn=user,cn=secrets). */ nest_level = ldb_dn_get_comp_num(leaf_dn) - 3; -if (nest_level > lctx->containers_nest_level) { +if (nest_level > lctx->quota_secrets->containers_nest_level) {
[SSSD] [sssd PR#274][comment] Merge sss_cache and sss_debuglevel into sssctl
URL: https://github.com/SSSD/sssd/pull/274 Title: #274: Merge sss_cache and sss_debuglevel into sssctl justin-stephenson commented: """ Thank you for the review @mzidek-rh - I will make the changes and update the PR. """ See the full comment at https://github.com/SSSD/sssd/pull/274#issuecomment-318369074 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#295][comment] MAN: Document that the secrets provider can only be specified in a per-client section
URL: https://github.com/SSSD/sssd/pull/295 Title: #295: MAN: Document that the secrets provider can only be specified in a per-client section justin-stephenson commented: """ I think it could be useful to add something like "The secrets responder is configured with a global [secrets] section and an optional per-user [secrets/users/$uid] section in sssd.conf" just under `CONFIGURATION OPTIONS` or in some easy to spot location. Also I wonder if it is worth mentioning herein the provider section(instead of only at the bottom of the man page) that the `provider = proxy` can only be used in the per-user section, not the global [secrets] section. Otherwise looks okay from my side. """ See the full comment at https://github.com/SSSD/sssd/pull/295#issuecomment-318368728 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#333][+Changes requested] Move header files consumed by both server and client to special folder
URL: https://github.com/SSSD/sssd/pull/333 Title: #333: Move header files consumed by both server and client to special folder Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#333][comment] Move header files consumed by both server and client to special folder
URL: https://github.com/SSSD/sssd/pull/333 Title: #333: Move header files consumed by both server and client to special folder fidencio commented: """ Although we may not do it properly, we try our best to keep our files grouped together and alphabetically ordered. So, please, group together the lines containing src/shared/... instead of leaving them in the middle of the src/util/... files. Also, please, try to follow our commit template (https://github.com/SSSD/sssd/blob/master/.git-commit-template) when writing the commit message. I'm adding the "Changes Requested" label as per this review. """ See the full comment at https://github.com/SSSD/sssd/pull/333#issuecomment-318360161 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#334][+Changes requested] Print a warning when enumeration is requested but disabled
URL: https://github.com/SSSD/sssd/pull/334 Title: #334: Print a warning when enumeration is requested but disabled Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#334][comment] Print a warning when enumeration is requested but disabled
URL: https://github.com/SSSD/sssd/pull/334 Title: #334: Print a warning when enumeration is requested but disabled fidencio commented: """ I basically agree with @lslebodn here. 'SSSDBG_CONF_SETTINGS' seems the appropriate debug level to use. Also, a review about the commit short-log and the commit message: - commit short-log: We have a template (https://github.com/SSSD/sssd/blob/master/.git-commit-template) that explains how the commit should look like. Based on that, I'd suggest something like: "CONFDB: Warn that `getent passwd` doesn't return all users by design" - commit message: "Add an explanatory message to be logged once, at the start-up, mentioning that in case enumeration is not enabled, `getent passwd` won't return all users by design. The debug level chosen to show the message is `SSSDBG_CONF_SETTINGS`." About the patch itself: ``` +DEBUG(SSSDBG_OP_FAILURE, "Please note With No enumeration sssd " +"getent passwd does not return all users by design, see man " +"pages for more information\n"); ``` Please, do not mix words started with uppercase letters in the middle of the sentence. I'd rewrite the text as something like: "Please, note that when `enumeration` is disabled `getent passwd` does not return all users by design. See `sssd.conf` man page for more detailed information". """ See the full comment at https://github.com/SSSD/sssd/pull/334#issuecomment-318357905 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#339][comment] UTIL: Create custom abort function for talloc_get_type_abort()
URL: https://github.com/SSSD/sssd/pull/339 Title: #339: UTIL: Create custom abort function for talloc_get_type_abort() fidencio commented: """ Talked privately to @amitkumar50 and this PR actually should be part of #231. I'm closing this PR and @amitkumar50 will update #231 when all the changes are done, following Simo's comments. """ See the full comment at https://github.com/SSSD/sssd/pull/339#issuecomment-318349075 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#339][-Changes requested] UTIL: Create custom abort function for talloc_get_type_abort()
URL: https://github.com/SSSD/sssd/pull/339 Title: #339: UTIL: Create custom abort function for talloc_get_type_abort() Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#339][closed] UTIL: Create custom abort function for talloc_get_type_abort()
URL: https://github.com/SSSD/sssd/pull/339 Author: amitkumar50 Title: #339: UTIL: Create custom abort function for talloc_get_type_abort() Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/339/head:pr339 git checkout pr339 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#339][+Rejected] UTIL: Create custom abort function for talloc_get_type_abort()
URL: https://github.com/SSSD/sssd/pull/339 Title: #339: UTIL: Create custom abort function for talloc_get_type_abort() Label: +Rejected ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#202][comment] T3315 infopipe group users master
URL: https://github.com/SSSD/sssd/pull/202 Title: #202: T3315 infopipe group users master celestian commented: """ The issue was that getent shows user test_user in test_group, but dbus call doesn't. How I did it is described in my description. But I don't know if it is still valid. It was some time ago. If I understand others comments right, it was try to fix method `org.freedesktop.sssd.infopipe.Groups.Group.UpdateMemberList()` """ See the full comment at https://github.com/SSSD/sssd/pull/202#issuecomment-318345349 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#338][+Pushed] MAN: Don't tell the user to autostart sssd-kcm.service; it's socket-enabled
URL: https://github.com/SSSD/sssd/pull/338 Title: #338: MAN: Don't tell the user to autostart sssd-kcm.service; it's socket-enabled Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#338][comment] MAN: Don't tell the user to autostart sssd-kcm.service; it's socket-enabled
URL: https://github.com/SSSD/sssd/pull/338 Title: #338: MAN: Don't tell the user to autostart sssd-kcm.service; it's socket-enabled jhrozek commented: """ * master: 47f73fbf39b75b1a6c816206c384f83f78535677 """ See the full comment at https://github.com/SSSD/sssd/pull/338#issuecomment-318343971 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#338][closed] MAN: Don't tell the user to autostart sssd-kcm.service; it's socket-enabled
URL: https://github.com/SSSD/sssd/pull/338 Author: jhrozek Title: #338: MAN: Don't tell the user to autostart sssd-kcm.service; it's socket-enabled Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/338/head:pr338 git checkout pr338 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#340][closed] SPEC: Use language file for sssd-kcm
URL: https://github.com/SSSD/sssd/pull/340 Author: lslebodn Title: #340: SPEC: Use language file for sssd-kcm Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/340/head:pr340 git checkout pr340 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#340][+Pushed] SPEC: Use language file for sssd-kcm
URL: https://github.com/SSSD/sssd/pull/340 Title: #340: SPEC: Use language file for sssd-kcm Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#136][comment] Tlog integration
URL: https://github.com/SSSD/sssd/pull/136 Title: #136: Tlog integration spbnick commented: """ Woo-hoo :D! Thanks a lot for all the work, Pavel, Lukas and Jakub :)! """ See the full comment at https://github.com/SSSD/sssd/pull/136#issuecomment-318342564 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#136][+Pushed] Tlog integration
URL: https://github.com/SSSD/sssd/pull/136 Title: #136: Tlog integration Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#136][comment] Tlog integration
URL: https://github.com/SSSD/sssd/pull/136 Title: #136: Tlog integration jhrozek commented: """ Since we released 1.15.3 (finally!) ealier this week, I merged the patches: * 27c30eb5f046d6c43276b139706110906cdacb9b * 53a4219e2f51cd0443931aa931505bf0b4bf5a45 * 49d24ba630544632e29ed397627c97352523165d * 836dae913497e150bd0ec11eee1e256e4fcc0bb7 * 382a972a80ac571cdbf70d88571f6de49fe1cd23 * 24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1 * 200787df74510f6edc9387cf9c33f133ccfc0ae3 * bac0c0df377de4469c8f9310179eef04c7b091fa * 90fb7d3e61423ff1375e9f552f4b58e5173ad3d1 * 5ea60d18ddb8eaff25d274c22c7db7df57b6ec4d * 29dd456102dc995aa59a56483363087071bb84d6 * 99b96048b79b0228c3f7c431ea12010f7bd5b362 * d802eba25e7c1304e5036684261bcf41540532d8 * 555f43b491f40e0237b8677565a748b929092bee * 9759333b3dd404c6787ef0186984c5d4256eb5bb * c31065ecc0793e836066035d0c692b050b5f6f55 * cb89693cf5ccdedf69fa304c6d43d618a7bc18b2 """ See the full comment at https://github.com/SSSD/sssd/pull/136#issuecomment-318342201 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#136][+Accepted] Tlog integration
URL: https://github.com/SSSD/sssd/pull/136 Title: #136: Tlog integration Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#136][-Accepted] Tlog integration
URL: https://github.com/SSSD/sssd/pull/136 Title: #136: Tlog integration Label: -Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#136][closed] Tlog integration
URL: https://github.com/SSSD/sssd/pull/136 Author: spbnick Title: #136: Tlog integration Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/136/head:pr136 git checkout pr136 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#202][comment] T3315 infopipe group users master
URL: https://github.com/SSSD/sssd/pull/202 Title: #202: T3315 infopipe group users master mzidek-rh commented: """ @fidencio , sorry but I do not know what is the issue. I was probably not clear in my previous comments, but IMO the reproducer is wrong because it does not describe any issue. I do not know what the issue was, so I do not know what the reproducer should be. And I did not see any difference in behavior before and after applying the patches (but it is a while since I tried them so I do not remember every detail). """ See the full comment at https://github.com/SSSD/sssd/pull/202#issuecomment-318341344 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#274][comment] Merge sss_cache and sss_debuglevel into sssctl
URL: https://github.com/SSSD/sssd/pull/274 Title: #274: Merge sss_cache and sss_debuglevel into sssctl mzidek-rh commented: """ There is a tabulator instead of space after '=' sign in Makefile.am: ``` 458 459 dist_sbin_SCRIPTS = contrib/tools/sss_debuglevel 460 ``` But as Lukas mentioned we should not put sss_debuglevel in the tarball directly, but only the .in version and call the replace_script on it in the Makefile.am, so that proper paths are expanded in the script (see how replace_script is used in the Makefile.am for other files). So the configure.ac line should be removed too. Also I would not put this to the contrib directory because this is directory that we use for things that are not packaged in the tarball or nice things that someone creted but are not core parts of the project (like some helpful sripts etc). Maybe a new directory src/tools/wrappers would be more appropriate? @lslebodn do you have any proposal in this regard? I can see these warnings when I run autoreconf -if indicating you forgot to remove some lines from Makefile.am: ``` Makefile.am: installing 'build/depcomp' Makefile.am:1685: warning: variable 'sss_debuglevel_SOURCES' is defined but no program or Makefile.am:1685: library has 'sss_debuglevel' as canonical name (possible typo) Makefile.am:1688: warning: variable 'sss_debuglevel_LDADD' is defined but no program or Makefile.am:1688: library has 'sss_debuglevel' as canonical name (possible typo) ``` Bad indentation in src/tools/sssctl/sssctl.h ``` 113 errno_t sssctl_debug_level(struct sss_cmdline *cmdline, 114 struct sss_tool_ctx *tool_ctx, 115 void *pvt); ^ bad indentation ``` In src/tools/sssctl/sssctl_logs.c, the config.h should be the first header that is included (I think we do not follow this everywhere, but still..) Another bad indentation in src/tools/sssctl/sssctl.h ``` 101 errno_t sssctl_cache_expire(struct sss_cmdline *cmdline, 102 struct sss_tool_ctx *tool_ctx, 103 void *pvt); 104 ^^^ bad indentation ``` """ See the full comment at https://github.com/SSSD/sssd/pull/274#issuecomment-318339105 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#237][comment] providers: Move hostid from ipa to sdap
URL: https://github.com/SSSD/sssd/pull/237 Title: #237: providers: Move hostid from ipa to sdap fidencio commented: """ Removing the "Changes requested" label as the patch has been updated (v2). """ See the full comment at https://github.com/SSSD/sssd/pull/237#issuecomment-318329098 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#237][-Changes requested] providers: Move hostid from ipa to sdap
URL: https://github.com/SSSD/sssd/pull/237 Title: #237: providers: Move hostid from ipa to sdap Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#4][comment] Added small tweaks to enable SSSD to be compiled with the musl libc
URL: https://github.com/SSSD/sssd/pull/4 Title: #4: Added small tweaks to enable SSSD to be compiled with the musl libc fidencio commented: """ @lejonet, @lslebodn, does this PR still make sense? """ See the full comment at https://github.com/SSSD/sssd/pull/4#issuecomment-318327689 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#301][comment] Introduce sysdb_search_by_orig_dn()
URL: https://github.com/SSSD/sssd/pull/301 Title: #301: Introduce sysdb_search_by_orig_dn() fidencio commented: """ Patch set has been updated. """ See the full comment at https://github.com/SSSD/sssd/pull/301#issuecomment-318327223 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#301][synchronized] Introduce sysdb_search_by_orig_dn()
URL: https://github.com/SSSD/sssd/pull/301 Author: fidencio Title: #301: Introduce sysdb_search_by_orig_dn() Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/301/head:pr301 git checkout pr301 From 87fd7441f06d61f3c2b2a269955646fd4752c25a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=Date: Fri, 2 Jun 2017 13:26:49 +0200 Subject: [PATCH 1/5] SYSDB: Add sysdb_search_by_orig_dn() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Three new methods have been added to sysdb's API in order to perform search by the orig dn (which is quite common in SSSD's code base). A common/base method called sysdb_search_by_orig_dn() is the most important one and then a few other helpers for searching users and groups groups directly. Signed-off-by: Fabiano FidĂȘncio --- src/db/sysdb.h | 19 + src/db/sysdb_ops.c | 61 ++ 2 files changed, 80 insertions(+) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index b045684db..4bd9fe6b4 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -572,6 +572,25 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain, struct sysdb_attrs *override_attrs, struct ldb_dn *obj_dn); +enum search_by_orig_dn_type { +SYSDB_SEARCH_USER = 0, +SYSDB_SEARCH_GROUP, +}; + +errno_t sysdb_search_by_orig_dn(TALLOC_CTX *mem_ctx, +struct sss_domain_info *domain, +enum search_by_orig_dn_type type, +const char *member_dn, +const char **attrs, +size_t *msgs_counts, +struct ldb_message ***msgs); + +#define sysdb_search_users_by_orig_dn(mem_ctx, domain, member_dn, attrs, msgs_counts, msgs) \ +sysdb_search_by_orig_dn(mem_ctx, domain, SYSDB_SEARCH_USER, member_dn, attrs, msgs_counts, msgs); + +#define sysdb_search_groups_by_orig_dn(mem_ctx, domain, member_dn, attrs, msgs_counts, msgs) \ +sysdb_search_by_orig_dn(mem_ctx, domain, SYSDB_SEARCH_GROUP, member_dn, attrs, msgs_counts, msgs); + errno_t sysdb_search_user_override_attrs_by_name(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *name, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 7ca6575ce..04df6c5e7 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -3236,6 +3236,67 @@ int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx, return ret; } +static int sysdb_cache_search_users(TALLOC_CTX *mem_ctx, +struct sss_domain_info *domain, +struct ldb_context *ldb, +const char *sub_filter, +const char **attrs, +size_t *msgs_count, +struct ldb_message ***msgs); + +static int sysdb_cache_search_groups(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + struct ldb_context *ldb, + const char *sub_filter, + const char **attrs, + size_t *msgs_count, + struct ldb_message ***msgs); + +errno_t sysdb_search_by_orig_dn(TALLOC_CTX *mem_ctx, +struct sss_domain_info *domain, +enum search_by_orig_dn_type type, +const char *member_dn, +const char **attrs, +size_t *msgs_count, +struct ldb_message ***msgs) +{ +TALLOC_CTX *tmp_ctx; +char *filter; +struct ldb_dn *basedn; +errno_t ret; + +tmp_ctx = talloc_new(NULL); +if (tmp_ctx == NULL) { +return ENOMEM; +} + +filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_ORIG_DN, member_dn); +if (filter == NULL) { +ret = ENOMEM; +goto done; +} + +switch (type) { +case SYSDB_SEARCH_USER: +ret = sysdb_cache_search_users(mem_ctx, domain, domain->sysdb->ldb, + filter, attrs, msgs_count, msgs); +break; +case SYSDB_SEARCH_GROUP: +ret = sysdb_cache_search_groups(mem_ctx, domain, domain->sysdb->ldb, + filter, attrs, msgs_count, msgs); +break; +default: +DEBUG(SSSDBG_CRIT_FAILURE, + "Trying to perform a search by orig_dn using a " + "non-supported
[SSSD] [sssd PR#301][-Changes requested] Introduce sysdb_search_by_orig_dn()
URL: https://github.com/SSSD/sssd/pull/301 Title: #301: Introduce sysdb_search_by_orig_dn() Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#214][comment] UTIL: Set udp_preference_limit=0 in krb5 snippet
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet celestian commented: """ @fidencio Oh, I see -- now I understand what are you looking for. Maybe it is little confusing, there on github, that it is not visible that my patch is already updated/fixed. So there were another one patch before this one but it is not reachable from gtithub (nor from my local repo, I deleted it some times ago.) """ See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-318318158 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#214][comment] UTIL: Set udp_preference_limit=0 in krb5 snippet
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet fidencio commented: """ @celestian: basically I'm trying to figure out whether his comments are still valid and I misunderstood the last patch. Because looks like the last patch addresses his comments ... or am I mistaken? Anyways, someone will take it over, so just trying to get as much context as possible for whoever does that. """ See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-318290260 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#214][comment] UTIL: Set udp_preference_limit=0 in krb5 snippet
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet celestian commented: """ @fidencio I am totally out of scope of this PR. I just assume that I addressed @frozencemetery 's comment from Mar 28. The conditional setting was subject of frozencemetery's comment. @fidencio, Is this sufficient answer for you? """ See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-318288827 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#309][+Pushed] HBAC: Do not rely on originalMemberOf, use the sysdb memberof links instead (sssd-1-13 backprot)
URL: https://github.com/SSSD/sssd/pull/309 Title: #309: HBAC: Do not rely on originalMemberOf, use the sysdb memberof links instead (sssd-1-13 backprot) Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#309][closed] HBAC: Do not rely on originalMemberOf, use the sysdb memberof links instead (sssd-1-13 backprot)
URL: https://github.com/SSSD/sssd/pull/309 Author: jhrozek Title: #309: HBAC: Do not rely on originalMemberOf, use the sysdb memberof links instead (sssd-1-13 backprot) Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/309/head:pr309 git checkout pr309 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#309][comment] HBAC: Do not rely on originalMemberOf, use the sysdb memberof links instead (sssd-1-13 backprot)
URL: https://github.com/SSSD/sssd/pull/309 Title: #309: HBAC: Do not rely on originalMemberOf, use the sysdb memberof links instead (sssd-1-13 backprot) jhrozek commented: """ * sssd-1-13: 88f6d8ad4eef4b4fa032fd451ad732cf8201b0bf """ See the full comment at https://github.com/SSSD/sssd/pull/309#issuecomment-318286140 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#307][comment] IPA: Only attempt migration for the joined domain
URL: https://github.com/SSSD/sssd/pull/307 Title: #307: IPA: Only attempt migration for the joined domain jhrozek commented: """ Sure, just type in a wrong password when authenticating as a user from an IPA-AD trust. With the patch, you will see the migration being tried as well, without the patch, the PAM request should just shortcut. """ See the full comment at https://github.com/SSSD/sssd/pull/307#issuecomment-318285876 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#340][+Accepted] SPEC: Use language file for sssd-kcm
URL: https://github.com/SSSD/sssd/pull/340 Title: #340: SPEC: Use language file for sssd-kcm Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#340][comment] SPEC: Use language file for sssd-kcm
URL: https://github.com/SSSD/sssd/pull/340 Title: #340: SPEC: Use language file for sssd-kcm fidencio commented: """ ACK! """ See the full comment at https://github.com/SSSD/sssd/pull/340#issuecomment-318279599 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#339][+Changes requested] UTIL: Create custom abort function for talloc_get_type_abort()
URL: https://github.com/SSSD/sssd/pull/339 Title: #339: UTIL: Create custom abort function for talloc_get_type_abort() Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#339][comment] UTIL: Create custom abort function for talloc_get_type_abort()
URL: https://github.com/SSSD/sssd/pull/339 Title: #339: UTIL: Create custom abort function for talloc_get_type_abort() fidencio commented: """ @amitkumar50: The patch you updated doesn't match with the description you wrote. I'm adding "Changes Requested" label for now. Please, update the PR with the right patches. """ See the full comment at https://github.com/SSSD/sssd/pull/339#issuecomment-318279275 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#214][comment] UTIL: Set udp_preference_limit=0 in krb5 snippet
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet fidencio commented: """ retest this, please """ See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-318278533 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#295][+Changes requested] MAN: Document that the secrets provider can only be specified in a per-client section
URL: https://github.com/SSSD/sssd/pull/295 Title: #295: MAN: Document that the secrets provider can only be specified in a per-client section Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#237][comment] providers: Move hostid from ipa to sdap
URL: https://github.com/SSSD/sssd/pull/237 Title: #237: providers: Move hostid from ipa to sdap fidencio commented: """ retest this, please """ See the full comment at https://github.com/SSSD/sssd/pull/237#issuecomment-318271653 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#214][comment] UTIL: Set udp_preference_limit=0 in krb5 snippet
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet fidencio commented: """ @frozencemetery: is your comment still valid for the latest version of this patch? I'm not sure whether @celestian updated this patch after your comment or not and excuse me in case I'm mistaken, but now seems that those patches are setting `udp_preference_limit = 0` conditionally in the krb5 snippet. """ See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-318269285 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#189][comment] SELINUX: Use getseuserbyname to get IPA seuser
URL: https://github.com/SSSD/sssd/pull/189 Title: #189: SELINUX: Use getseuserbyname to get IPA seuser fidencio commented: """ @lslebodn, @justin-stephenson: What's the state of this PR? Is this still valid? In case it's still valid, @justin-stephenson, may I ask you to rebase the patches based on our git master as currently they have some conflicts? """ See the full comment at https://github.com/SSSD/sssd/pull/189#issuecomment-318268525 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#32][-Changes requested] Requesting a pull to SSSD:master from fidencio:wip/#3138
URL: https://github.com/SSSD/sssd/pull/32 Title: #32: Requesting a pull to SSSD:master from fidencio:wip/#3138 Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#32][+Rejected] Requesting a pull to SSSD:master from fidencio:wip/#3138
URL: https://github.com/SSSD/sssd/pull/32 Title: #32: Requesting a pull to SSSD:master from fidencio:wip/#3138 Label: +Rejected ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#32][closed] Requesting a pull to SSSD:master from fidencio:wip/#3138
URL: https://github.com/SSSD/sssd/pull/32 Author: fidencio Title: #32: Requesting a pull to SSSD:master from fidencio:wip/#3138 Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/32/head:pr32 git checkout pr32 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#32][comment] Requesting a pull to SSSD:master from fidencio:wip/#3138
URL: https://github.com/SSSD/sssd/pull/32 Title: #32: Requesting a pull to SSSD:master from fidencio:wip/#3138 fidencio commented: """ This PR doesn't make sense anymore in the state that this branch is. I'm closing the PR and a new one will be re-open by whoever ends up working on this in the future. """ See the full comment at https://github.com/SSSD/sssd/pull/32#issuecomment-318267955 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org