date:20180329

[SSSD] [sssd PR#546][+Blocked] TESTS: Re-add tests for `kdestroy -A`

2018-03-29 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/546
Title: #546: TESTS: Re-add tests for `kdestroy -A`

Label: +Blocked
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#545][+Pushed] Two small fixes for KCM

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/545
Title: #545: Two small fixes for KCM

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#545][closed] Two small fixes for KCM

2018-03-29 Thread jhrozek

   URL: https://github.com/SSSD/sssd/pull/545
Author: fidencio
 Title: #545: Two small fixes for KCM
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/545/head:pr545
git checkout pr545
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#545][comment] Two small fixes for KCM

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/545
Title: #545: Two small fixes for KCM

jhrozek commented:
"""
* master:
 * e588e24c900e3f587f52533db12b87451b789a33
 * 96fdbb2cb7d1bd8f9b2b64acfb5dd845b0290946
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/545#issuecomment-377351564
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#545][+Accepted] Two small fixes for KCM

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/545
Title: #545: Two small fixes for KCM

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#546][comment] TESTS: Re-add tests for `kdestroy -A`

2018-03-29 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/546
Title: #546: TESTS: Re-add tests for `kdestroy -A`

fidencio commented:
"""
Yep, that's exactly the situation I could see the "blocked"/"depends-on" tag 
being used.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/546#issuecomment-377343971
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#543][comment] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/543
Title: #543: SYSDB: When marking an entry as expired, also set the 
originalModifyTimestamp to 1

jhrozek commented:
"""
Thanks for fixing the pep8 issue. I pushed the patches to our internal CI and 
Coverity.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/543#issuecomment-377340405
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#544][comment] IPA: Qualify the externalUser sudo attribute

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/544
Title: #544: IPA: Qualify the externalUser sudo attribute

jhrozek commented:
"""
I pushed a slightly simplified version.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/544#issuecomment-377339384
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#544][synchronized] IPA: Qualify the externalUser sudo attribute

2018-03-29 Thread jhrozek

   URL: https://github.com/SSSD/sssd/pull/544
Author: jhrozek
 Title: #544: IPA: Qualify the externalUser sudo attribute
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/544/head:pr544
git checkout pr544
From 86d31351861bed9c993f100f6603b1c9cff754c3 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Mon, 26 Mar 2018 11:36:00 +0200
Subject: [PATCH] IPA: Qualify the externalUser sudo attribute

We broke the externalUser support with the introduction of the fully
qualified attributes, because the provider was saving the data verbatim,
but the sudo responder expects a fully qualified name.

Reproducer:
on the server:
ipa sudocmd-add --desc='For reading log files' /usr/bin/less
ipa sudorule-add readfiles
ipa sudorule-add-user --users=lcluser
ipa sudorule-mod --hostcat=all readfiles

then on the client:
configure sssd with:
id_provider = files
sudo_provider = ipa
ipa_domain = ipa.test

run:
sudo useradd lcluser
sudo passwd lcluser
su - lcluser
sudo -l
---
 src/providers/ipa/ipa_sudo_conversion.c | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c
index a96ae3447..bfa66b2c6 100644
--- a/src/providers/ipa/ipa_sudo_conversion.c
+++ b/src/providers/ipa/ipa_sudo_conversion.c
@@ -873,6 +873,15 @@ convert_user_fqdn(TALLOC_CTX *mem_ctx,
 return fqdn;
 }
 
+static const char *
+convert_ext_user(TALLOC_CTX *mem_ctx,
+ struct ipa_sudo_conv *conv,
+ const char *value,
+ bool *skip_entry)
+{
+return sss_create_internal_fqname(mem_ctx, value, conv->dom->name);
+}
+
 static const char *
 convert_group(TALLOC_CTX *mem_ctx,
   struct ipa_sudo_conv *conv,
@@ -959,7 +968,7 @@ convert_attributes(struct ipa_sudo_conv *conv,
  {SYSDB_IPA_SUDORULE_RUNASEXTUSER,   SYSDB_SUDO_CACHE_AT_RUNASUSER  , NULL},
  {SYSDB_IPA_SUDORULE_RUNASEXTGROUP,  SYSDB_SUDO_CACHE_AT_RUNASGROUP , NULL},
  {SYSDB_IPA_SUDORULE_RUNASEXTUSERGROUP,  SYSDB_SUDO_CACHE_AT_RUNASUSER  , convert_runasextusergroup},
- {SYSDB_IPA_SUDORULE_EXTUSER,SYSDB_SUDO_CACHE_AT_USER   , NULL},
+ {SYSDB_IPA_SUDORULE_EXTUSER,SYSDB_SUDO_CACHE_AT_USER   , convert_ext_user},
  {SYSDB_IPA_SUDORULE_ALLOWCMD,   SYSDB_IPA_SUDORULE_ORIGCMD , NULL},
  {SYSDB_IPA_SUDORULE_DENYCMD,SYSDB_IPA_SUDORULE_ORIGCMD , NULL},
  {NULL, NULL, NULL}};
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#546][comment] TESTS: Re-add tests for `kdestroy -A`

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/546
Title: #546: TESTS: Re-add tests for `kdestroy -A`

jhrozek commented:
"""
so, not totally related to this thread, but is this one of the cases where a 
label like "blocked" or "depends-on" would be useful? iirc you suggested 
something like this on sssd-devel the other day.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/546#issuecomment-377331452
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#546][comment] TESTS: Re-add tests for `kdestroy -A`

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/546
Title: #546: TESTS: Re-add tests for `kdestroy -A`

jhrozek commented:
"""
but the hunk itself of course LGTM
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/546#issuecomment-377331057
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#546][comment] TESTS: Re-add tests for `kdestroy -A`

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/546
Title: #546: TESTS: Re-add tests for `kdestroy -A`

jhrozek commented:
"""
I'll ack and push the patch if you show me a CI run from our internal Jenkins 
:-)
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/546#issuecomment-377330980
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#535][+Pushed] Backport of PR#525 and PR#534 to sssd-1-13

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/535
Title: #535: Backport of PR#525 and PR#534 to sssd-1-13

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#535][closed] Backport of PR#525 and PR#534 to sssd-1-13

2018-03-29 Thread jhrozek

   URL: https://github.com/SSSD/sssd/pull/535
Author: sumit-bose
 Title: #535: Backport of PR#525 and PR#534 to sssd-1-13
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/535/head:pr535
git checkout pr535
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#535][comment] Backport of PR#525 and PR#534 to sssd-1-13

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/535
Title: #535: Backport of PR#525 and PR#534 to sssd-1-13

jhrozek commented:
"""
sssd-1-13:
e51c63f55b9614749a08a50cd2308abb6a204ab5
86dee30bc23246aefac31f4fa67b442ae42224ed
5c2d6dcb5b3c4e05694c7fa3786ce8a7afd2d2f8
1df9ccd13b307a1d8019c1e69a7809dcd1e76cef
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/535#issuecomment-377330069
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#536][+Pushed] Backport of PR#525 and PR#534 to sssd-1-14

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/536
Title: #536: Backport of PR#525 and PR#534 to sssd-1-14

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#536][closed] Backport of PR#525 and PR#534 to sssd-1-14

2018-03-29 Thread jhrozek

   URL: https://github.com/SSSD/sssd/pull/536
Author: sumit-bose
 Title: #536: Backport of PR#525 and PR#534 to sssd-1-14
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/536/head:pr536
git checkout pr536
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#536][comment] Backport of PR#525 and PR#534 to sssd-1-14

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/536
Title: #536: Backport of PR#525 and PR#534 to sssd-1-14

jhrozek commented:
"""
sssd-1-14:
8eefaa7fdb4bbcd9ed9fdbbb2c827f2ba2b90585
ab320f5a0a5337a286b315969d0ff4a1a0df6f9d
609247a34d6ea9c8c0b74fb67de20b24bd0d2336
6c2fbd06e5e995e1eb3caf17712665e8db80ce90
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/536#issuecomment-377329142
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#540][+Pushed] Fix python3 issue in the integration test

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/540
Title: #540: Fix python3 issue in the integration test

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#540][closed] Fix python3 issue in the integration test

2018-03-29 Thread jhrozek

   URL: https://github.com/SSSD/sssd/pull/540
Author: sumit-bose
 Title: #540: Fix python3 issue in the integration test
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/540/head:pr540
git checkout pr540
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#540][comment] Fix python3 issue in the integration test

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/540
Title: #540: Fix python3 issue in the integration test

jhrozek commented:
"""
* master: a263309322cf8fff15d21207a4eee5f301e3ad2e
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/540#issuecomment-377328356
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#533][+Pushed] KCM's payload related patches

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/533
Title: #533: KCM's payload related patches

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#533][comment] KCM's payload related patches

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/533
Title: #533: KCM's payload related patches

jhrozek commented:
"""
* master:
 * b09cd3072153663bfcce902633b5e6f9134e72e0
 * 786c40023e1348e7613805446ae821af7030b5d3
 * 2f11cf256a10ca6f6ace35a05cc2edb46689567f
 * bfc6d9d611bfbc54b3f738084d86fb887c8769b5
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/533#issuecomment-377325664
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#533][closed] KCM's payload related patches

2018-03-29 Thread jhrozek

   URL: https://github.com/SSSD/sssd/pull/533
Author: fidencio
 Title: #533: KCM's payload related patches
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/533/head:pr533
git checkout pr533
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#542][+Pushed] KCM: Use json_loadb() when dealing with sss_iobuf data

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/542
Title: #542: KCM: Use json_loadb() when dealing with sss_iobuf data

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#542][comment] KCM: Use json_loadb() when dealing with sss_iobuf data

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/542
Title: #542: KCM: Use json_loadb() when dealing with sss_iobuf data

jhrozek commented:
"""
* master: a40c6b4280f319efb935a9c9d3b83486a0f4d2d3
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/542#issuecomment-377324396
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#542][closed] KCM: Use json_loadb() when dealing with sss_iobuf data

2018-03-29 Thread jhrozek

   URL: https://github.com/SSSD/sssd/pull/542
Author: fidencio
 Title: #542: KCM: Use json_loadb() when dealing with sss_iobuf data
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/542/head:pr542
git checkout pr542
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#511][comment] Do not shutdown KCM/Secrets responders when activities are happening ...

2018-03-29 Thread simo5

  URL: https://github.com/SSSD/sssd/pull/511
Title: #511: Do not shutdown KCM/Secrets responders when activities are 
happening ...

simo5 commented:
"""
Ok moving to a different PR, definitely.
As for keeping a list, the best thing would be to not have explicit book 
keeping (as that's what you are fixing here), because when you write new code 
you invariable tend to forget about the book keeping and bugs creep in.
I was thinking you may be able to simply look at the event context and figure 
out if there are pending operations there. If that is not easy then having some 
central place that does the book keeping indeed.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/511#issuecomment-377273247
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#511][comment] Do not shutdown KCM/Secrets responders when activities are happening ...

2018-03-29 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/511
Title: #511: Do not shutdown KCM/Secrets responders when activities are 
happening ...

fidencio commented:
"""
> Sorry for late comment, but should't you simply have a list of "inflight" 
> calls and take that in consideration before deciding to shut down ?

Maybe. Do we already keep track of the "inflight" calls?

That's something that should be implemented and used for all responders, 
@simo5. So, in case we decide to go for it, I'd prefer to deal with this in a  
different PR (although I'm more than fine and want to have this discussion here 
before opening a ticket for that). Does that make sense?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/511#issuecomment-377267009
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#511][comment] Do not shutdown KCM/Secrets responders when activities are happening ...

2018-03-29 Thread simo5

  URL: https://github.com/SSSD/sssd/pull/511
Title: #511: Do not shutdown KCM/Secrets responders when activities are 
happening ...

simo5 commented:
"""
Sorry for late comment, but should't you simply have a list of "inflight" calls 
and take that in consideration before deciding to shut down ?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/511#issuecomment-377265151
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#511][comment] Do not shutdown KCM/Secrets responders when activities are happening ...

2018-03-29 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/511
Title: #511: Do not shutdown KCM/Secrets responders when activities are 
happening ...

fidencio commented:
"""
I'm removing the "Changes Requested" label.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/511#issuecomment-377258726
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#511][-Changes requested] Do not shutdown KCM/Secrets responders when activities are happening ...

2018-03-29 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/511
Title: #511: Do not shutdown KCM/Secrets responders when activities are 
happening ...

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#547][opened] Tests for #511

2018-03-29 Thread fidencio

   URL: https://github.com/SSSD/sssd/pull/547
Author: fidencio
 Title: #547: Tests for #511
Action: opened

PR body:
"""
We've decided to split the fix/tests in two different PRs.
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/547/head:pr547
git checkout pr547
From aa8cfabd2f692bb36c479a2cd9edfb2d96d56aae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Wed, 7 Feb 2018 13:26:46 +0100
Subject: [PATCH 1/2] TESTS: Rename test_idle_timeout()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As this test is related to the client_idle_timeout, let's rename it
accordingly.

Resolves:
https://pagure.io/SSSD/sssd/issue/3633

Signed-off-by: Fabiano Fidêncio 
---
 src/tests/intg/test_secrets.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tests/intg/test_secrets.py b/src/tests/intg/test_secrets.py
index a145045ee..96b6f6b4a 100644
--- a/src/tests/intg/test_secrets.py
+++ b/src/tests/intg/test_secrets.py
@@ -369,7 +369,7 @@ def get_fds(pid):
 def setup_for_cli_timeout_test(request):
 """
 Same as the generic setup, except a short client_idle_timeout so that
-the test_idle_timeout() test closes the fd towards the client.
+the test_cli_idle_timeout() test closes the fd towards the client.
 """
 conf = generate_sec_config() + \
 unindent("""
@@ -380,7 +380,7 @@ def setup_for_cli_timeout_test(request):
 return create_sssd_secrets_fixture(request)
 
 
-def test_idle_timeout(setup_for_cli_timeout_test):
+def test_cli_idle_timeout(setup_for_cli_timeout_test):
 """
 Test that idle file descriptors are reaped after the idle timeout
 passes

From a39b02be1696bb7ad571b2495f72862ddb9c35e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Wed, 7 Feb 2018 13:26:46 +0100
Subject: [PATCH 2/2] TESTS: Add test for responder_idle_timeout
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two new tests have been added in order to test the following scenarios
of responder_idle_timeout:
- responder is shutdown after n seconds;
- responder has its shutdown delayed due to some activity and then is
  shutdown after n seconds;

In order to have the tests added, a new dep has been introduced:
python-psutil

Keep in mind those newly added tests make our test suite to take a few
minutes more to finish.

Resolves:
https://pagure.io/SSSD/sssd/issue/3633

Signed-off-by: Fabiano Fidêncio 
---
 contrib/ci/deps.sh |  2 +
 src/tests/intg/test_secrets.py | 84 --
 2 files changed, 83 insertions(+), 3 deletions(-)

diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh
index 8287918be..d8b1414c8 100644
--- a/contrib/ci/deps.sh
+++ b/contrib/ci/deps.sh
@@ -42,6 +42,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then
 openldap-servers
 pytest
 python-ldap
+python-psutil
 pyldb
 rpm-build
 uid_wrapper
@@ -120,6 +121,7 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
 python-ldap
 python-ldb
 python-requests
+python-psutil
 ldap-utils
 slapd
 systemtap-sdt-dev
diff --git a/src/tests/intg/test_secrets.py b/src/tests/intg/test_secrets.py
index 96b6f6b4a..3632351cc 100644
--- a/src/tests/intg/test_secrets.py
+++ b/src/tests/intg/test_secrets.py
@@ -26,6 +26,7 @@
 import time
 import socket
 import pytest
+import psutil
 from requests import HTTPError
 
 from util import unindent
@@ -41,7 +42,7 @@ def create_conf_fixture(request, contents):
 request.addfinalizer(lambda: os.unlink(config.CONF_PATH))
 
 
-def create_sssd_secrets_fixture(request):
+def create_sssd_secrets_fixture(request, teardown=True):
 if subprocess.call(['sssd', "--genconf"]) != 0:
 raise Exception("failed to regenerate confdb")
 
@@ -72,13 +73,21 @@ def create_sssd_secrets_fixture(request):
 
 assert os.path.exists(sock_path)
 
+def unlink_secdb():
+for secdb_file in os.listdir(config.SECDB_PATH):
+os.unlink(config.SECDB_PATH + "/" + secdb_file)
+
 def sec_teardown():
+if teardown is False:
+unlink_secdb()
+return
+
 if secpid == 0:
 return
 
 os.kill(secpid, signal.SIGTERM)
-for secdb_file in os.listdir(config.SECDB_PATH):
-os.unlink(config.SECDB_PATH + "/" + secdb_file)
+unlink_secdb()
+
 request.addfinalizer(sec_teardown)
 return secpid
 
@@ -602,3 +611,72 @@ def test_unlimited_quotas(setup_for_unlimited_quotas, secrets_cli):
 for i in range(DEFAULT_CONTAINERS_NEST_LEVEL):
 container += "%s/" % str(i)
 cli.create_container(container)
+
+
+@pytest.fixture
+def setup_for_resp_timeout_test(request):
+"""
+Same as the

[SSSD] [sssd PR#511][synchronized] Do not shutdown KCM/Secrets responders when activities are happening ...

2018-03-29 Thread fidencio

   URL: https://github.com/SSSD/sssd/pull/511
Author: fidencio
 Title: #511: Do not shutdown KCM/Secrets responders when activities are 
happening ...
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/511/head:pr511
git checkout pr511
From 5eb00fd032cf6393db6ee75a11e81b9192cf1247 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Wed, 7 Feb 2018 13:20:31 +0100
Subject: [PATCH 1/6] SECRETS: reset last_request_time on any activity
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As all the activities are being handled by the secrets responder itself
and not by responder's common code, we have to take care of re-setting
the last_request_time by ourselves here.

Without this patch, the responder would be shot down after reaching the
idle_timeout with activities happening or not.

Resolves:
https://pagure.io/SSSD/sssd/issue/3633

Signed-off-by: Fabiano Fidêncio 
---
 src/responder/secrets/secsrv_cmd.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/responder/secrets/secsrv_cmd.c b/src/responder/secrets/secsrv_cmd.c
index fa5970504..1b405a23e 100644
--- a/src/responder/secrets/secsrv_cmd.c
+++ b/src/responder/secrets/secsrv_cmd.c
@@ -588,6 +588,9 @@ static void sec_fd_handler(struct tevent_context *ev,
 errno_t ret;
 struct cli_ctx *cctx = talloc_get_type(ptr, struct cli_ctx);
 
+/* Always reset the responder idle timer on any activity */
+cctx->rctx->last_request_time = time(NULL);
+
 /* Always reset the idle timer on any activity */
 ret = reset_client_idle_timer(cctx);
 if (ret != EOK) {

From cd172dd8ba979b8fb029c487343d32a69f973afb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Wed, 7 Feb 2018 13:24:05 +0100
Subject: [PATCH 2/6] KCM: reset last_request_time on any activity
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As all the activities are being handled by the kcm responder itself and
not by responder's common code, we have to take care of re-setting the
last_request_time by ourselves here.

Without this patch, the responder would be shot down after reaching the
idle_timeout with activities happening or not.

Resolves:
https://pagure.io/SSSD/sssd/issue/3633

Signed-off-by: Fabiano Fidêncio 
---
 src/responder/kcm/kcmsrv_cmd.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c
index 0b933f0b4..903c89417 100644
--- a/src/responder/kcm/kcmsrv_cmd.c
+++ b/src/responder/kcm/kcmsrv_cmd.c
@@ -588,6 +588,9 @@ static void kcm_fd_handler(struct tevent_context *ev,
 errno_t ret;
 struct cli_ctx *cctx = talloc_get_type(ptr, struct cli_ctx);
 
+/* Always reset the responder idle timer on any activity */
+cctx->rctx->last_request_time = time(NULL);
+
 /* Always reset the idle timer on any activity */
 ret = reset_client_idle_timer(cctx);
 if (ret != EOK) {

From 42d0f1ae4392f43d04740b3696e8b1d4d9429c03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Wed, 7 Feb 2018 17:06:39 +0100
Subject: [PATCH 3/6] RESPONDER: Add sss_client_fd_handler()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Currently we have 3 functions to handle client fds:
- sec_fd_handler(): for secrets responder
- kcm_fd_handler(): for kcm responder
- client_fd_handler(): for all the others reponders

As those functions only differ by the functions used to handle sending
and receiving data to the fds, let's create a generic function that
receives the specific send_fn() and recv_fn() functions.

With this newly introduced function we'll be able to simply remove
duplicated code from those 3 handlers and just call
sss_client_fd_handler() from all of those.

Resolves:
https://pagure.io/SSSD/sssd/issue/3633

Signed-off-by: Fabiano Fidêncio 
---
 src/responder/common/responder.h|  5 +
 src/responder/common/responder_common.c | 31 +++
 2 files changed, 36 insertions(+)

diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 9400e4b60..987a5d17d 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -197,6 +197,11 @@ typedef int (*connection_setup_t)(struct cli_ctx *cctx);
 
 int sss_connection_setup(struct cli_ctx *cctx);
 
+void sss_client_fd_handler(void *ptr,
+   void (*recv_fn) (struct cli_ctx *cctx),
+   void (*send_fn) (struct cli_ctx *cctx),
+   uint16_t flags);
+
 int sss_process_init(TALLOC_CTX *mem_ctx,
  struct tevent_context *ev,
  struct confdb_ctx *cdb,
diff --git

[SSSD] [sssd PR#511][comment] Do not shutdown KCM/Secrets responders when activities are happening ...

2018-03-29 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/511
Title: #511: Do not shutdown KCM/Secrets responders when activities are 
happening ...

fidencio commented:
"""
We have discussed in a phone meeting Today that we will go for this patches and 
decide about https://pagure.io/SSSD/sssd/issue/3675 later.

Also, this PR will be split into code and tests parts in order to have the 
patches merged soon and we can keep discussing about the timeout used in the 
test side later on.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/511#issuecomment-377256609
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#542][comment] KCM: Use json_loadb() when dealing with sss_iobuf data

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/542
Title: #542: KCM: Use json_loadb() when dealing with sss_iobuf data

jhrozek commented:
"""
OK, let's have this patch merged /as a stopgap/ so that we can have a fix in 
fedora and work on a better fix in the  meantime without waiting for the 
perfect patch and having crashes in the meantime.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/542#issuecomment-377235952
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#542][+Accepted] KCM: Use json_loadb() when dealing with sss_iobuf data

2018-03-29 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/542
Title: #542: KCM: Use json_loadb() when dealing with sss_iobuf data

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#543][-Changes requested] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1

2018-03-29 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/543
Title: #543: SYSDB: When marking an entry as expired, also set the 
originalModifyTimestamp to 1

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#543][comment] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1

2018-03-29 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/543
Title: #543: SYSDB: When marking an entry as expired, also set the 
originalModifyTimestamp to 1

fidencio commented:
"""
@jhrozek, I've made the change and mistakenly pushed to your branch (well, not 
so bad in the end as it may save you some time).

I'm removing the "Changes Requested" label.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/543#issuecomment-377170534
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#543][synchronized] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1

2018-03-29 Thread fidencio

   URL: https://github.com/SSSD/sssd/pull/543
Author: jhrozek
 Title: #543: SYSDB: When marking an entry as expired, also set the 
originalModifyTimestamp to 1
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/543/head:pr543
git checkout pr543
From 1c11bb393037c37fb380ce687b48f618ab85c64a Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Fri, 23 Mar 2018 13:40:34 +0100
Subject: [PATCH] SYSDB: When marking an entry as expired, also set the
 originalModifyTimestamp to 1

Resolves:
https://pagure.io/SSSD/sssd/issue/3684

If the cleanup task removes a user who was a fully resolved member (not a
ghost), but then the group the user was a member of is requested, unless
the group had changed, the user doesn't appear as a member of the group
again. This is because the modify timestamp would prevent the group from
updating and therefore the ghost attribute is not readded.

To mitigate this, let's also set the originalModifyTimestamp attribute
to 1, so that we never take the optimized path while updating the group.
---
 src/db/sysdb_ops.c  | 13 
 src/tests/intg/test_ldap.py | 51 +
 2 files changed, 64 insertions(+)

diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index cc86a114e..09aa04a29 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -5410,6 +5410,19 @@ errno_t sysdb_mark_entry_as_expired_ldb_dn(struct sss_domain_info *dom,
 goto done;
 }
 
+ret = ldb_msg_add_empty(msg, SYSDB_ORIG_MODSTAMP,
+LDB_FLAG_MOD_REPLACE, NULL);
+if (ret != LDB_SUCCESS) {
+ret = sysdb_error_to_errno(ret);
+goto done;
+}
+
+ret = ldb_msg_add_string(msg, SYSDB_ORIG_MODSTAMP, "1");
+if (ret != LDB_SUCCESS) {
+ret = sysdb_error_to_errno(ret);
+goto done;
+}
+
 ret = ldb_modify(dom->sysdb->ldb, msg);
 if (ret != LDB_SUCCESS) {
 ret = sysdb_error_to_errno(ret);
diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py
index 2d95d2549..a5761cbe1 100644
--- a/src/tests/intg/test_ldap.py
+++ b/src/tests/intg/test_ldap.py
@@ -434,6 +434,57 @@ def test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task):
 dict(mem=ent.contains_only("user1")))
 
 
+@pytest.fixture
+def update_ts_after_cleanup_task(request, ldap_conn):
+ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ent_list.add_user("user1", 1001, 2001)
+ent_list.add_user("user2", 1002, 2001)
+
+ent_list.add_group_bis("group1", 2001, ["user1", "user2"])
+
+create_ldap_fixture(request, ldap_conn, ent_list)
+
+conf = \
+format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
+unindent("""
+[domain/LDAP]
+ldap_purge_cache_timeout = 3
+""").format(**locals())
+create_conf_fixture(request, conf)
+create_sssd_fixture(request)
+return None
+
+
+def test_update_ts_cache_after_cleanup_task(ldap_conn,
+update_ts_after_cleanup_task):
+"""
+Regression test for ticket:
+https://fedorahosted.org/sssd/ticket/2676
+"""
+ent.assert_group_by_name(
+"group1",
+dict(mem=ent.contains_only("user1", "user2")))
+
+ent.assert_passwd_by_name(
+'user1',
+dict(name='user1', passwd='*', uid=1001, gid=2001,
+ gecos='1001', shell='/bin/bash'))
+
+ent.assert_passwd_by_name(
+'user2',
+dict(name='user2', passwd='*', uid=1002, gid=2001,
+ gecos='1002', shell='/bin/bash'))
+
+if subprocess.call(["sss_cache", "-u", "user1"]) != 0:
+raise Exception("sssd_cache failed")
+
+time.sleep(15)
+
+ent.assert_group_by_name(
+"group1",
+dict(mem=ent.contains_only("user1", "user2")))
+
+
 @pytest.fixture
 def blank_rfc2307(request, ldap_conn):
 """Create blank RFC2307 directory fixture with interactive SSSD conf"""
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#543][comment] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1

2018-03-29 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/543
Title: #543: SYSDB: When marking an entry as expired, also set the 
originalModifyTimestamp to 1

fidencio commented:
"""
@jhrozek, please, just squash the following patch into your:
```
[ffidenci@pessoa sssd]$ cat 
0001-fixup-SYSDB-When-marking-an-entry-as-expired-also-se.patch 
From fd51f94c18b9d40b89fa8696fd626d6d2c8a0fae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Thu, 29 Mar 2018 10:26:50 +0200
Subject: [PATCH] fixup! SYSDB: When marking an entry as expired, also set the
 originalModifyTimestamp to 1

---
 src/tests/intg/test_ldap.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py
index 56d06275a..a5761cbe1 100644
--- a/src/tests/intg/test_ldap.py
+++ b/src/tests/intg/test_ldap.py
@@ -455,7 +455,8 @@ def update_ts_after_cleanup_task(request, ldap_conn):
 return None
 
 
-def test_update_ts_cache_after_cleanup_task(ldap_conn, 
update_ts_after_cleanup_task):
+def test_update_ts_cache_after_cleanup_task(ldap_conn,
+update_ts_after_cleanup_task):
 """
 Regression test for ticket:
 https://fedorahosted.org/sssd/ticket/2676
-- 
2.14.3
```

The issue was caused by;
```
[ffidenci@pessoa sssd]$ pep8 src/tests/intg/test_ldap.py
src/tests/intg/test_ldap.py:458:80: E501 line too long (85 > 79 characters)
```
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/543#issuecomment-377167510
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#544][comment] IPA: Qualify the externalUser sudo attribute

2018-03-29 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/544
Title: #544: IPA: Qualify the externalUser sudo attribute

fidencio commented:
"""
@jhrozek, the patch itself looks good.
Do we have downstream tests covering this situation? Wouldn't be worth it to 
open a RHEL bug for this issue?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/544#issuecomment-377161312
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#546][opened] TESTS: Re-add tests for `kdestroy -A`

2018-03-29 Thread fidencio

   URL: https://github.com/SSSD/sssd/pull/546
Author: fidencio
 Title: #546: TESTS: Re-add tests for `kdestroy -A`
Action: opened

PR body:
"""
This reverts commit 89726be5a05493b7af312f0be9ac5ecb6f1822e1 and also do
a few modifications on it in order to ensure we don't have any
regression on https://pagure.io/SSSD/sssd/issue/3413

As this patch depends on a krb5 patch applied to the distros we run our 
internal CI on, I've opened a bug report providing patches for Fedora[0] and 
Debian[1].

[0]: https://bugzilla.redhat.com/show_bug.cgi?id=1561917
[1]: https://salsa.debian.org/debian/krb5/merge_requests/1
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/546/head:pr546
git checkout pr546
From 2aa613a5922e47e9e21880a3646e427d2f05aaa5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= 
Date: Tue, 27 Mar 2018 17:55:08 +0200
Subject: [PATCH] TESTS: Re-add tests for `kdestroy -A`
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This reverts commit 89726be5a05493b7af312f0be9ac5ecb6f1822e1 and also do
a few modifications on it in order to ensure we don't have any
regression on https://pagure.io/SSSD/sssd/issue/3413

Related:
https://pagure.io/SSSD/sssd/issue/3413

Signed-off-by: Fabiano Fidêncio 
---
 src/tests/intg/test_kcm.py | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/src/tests/intg/test_kcm.py b/src/tests/intg/test_kcm.py
index 5bacc6f91..b3252bd36 100644
--- a/src/tests/intg/test_kcm.py
+++ b/src/tests/intg/test_kcm.py
@@ -303,6 +303,21 @@ def collection_init_list_destroy(testenv):
 assert cc_coll['bob@KCMTEST'] == ['krbtgt/KCMTEST@KCMTEST']
 assert 'carol@KCMTEST' not in cc_coll
 
+# Let's kinit a 3rd principal
+out, _, _ = testenv.k5util.kinit("carol", "carolpw")
+assert out == 0
+cc_coll = testenv.k5util.list_all_princs()
+assert len(cc_coll) == 3
+assert cc_coll['alice@KCMTEST'] == ['krbtgt/KCMTEST@KCMTEST']
+assert cc_coll['bob@KCMTEST'] == ['krbtgt/KCMTEST@KCMTEST']
+assert cc_coll['carol@KCMTEST'] == ['krbtgt/KCMTEST@KCMTEST']
+
+# Let's ensure `kdestroy -A` works with more than 2 principals
+# https://pagure.io/SSSD/sssd/issue/3413
+out = testenv.k5util.kdestroy(all_ccaches=True)
+assert out == 0
+assert testenv.k5util.num_princs() == 0
+
 
 def test_kcm_mem_collection_init_list_destroy(setup_for_kcm_mem):
 testenv = setup_for_kcm_mem
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

43 matches

Mail list logo