[SSSD] [sssd PR#5928][+Changes requested] IPA: Add password expire warning
URL: https://github.com/SSSD/sssd/pull/5928 Title: #5928: IPA: Add password expire warning Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5928][-Waiting for review] IPA: Add password expire warning
URL: https://github.com/SSSD/sssd/pull/5928 Title: #5928: IPA: Add password expire warning Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5935][-Waiting for review] sysdb: more specific mpg search filter
URL: https://github.com/SSSD/sssd/pull/5935 Title: #5935: sysdb: more specific mpg search filter Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5935][+Accepted] sysdb: more specific mpg search filter
URL: https://github.com/SSSD/sssd/pull/5935 Title: #5935: sysdb: more specific mpg search filter Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5935][comment] sysdb: more specific mpg search filter
URL: https://github.com/SSSD/sssd/pull/5935 Title: #5935: sysdb: more specific mpg search filter thalman commented: """ Thank you for the patch, ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5935#issuecomment-1005631670 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5920][+Accepted] krb5: write kdcinfo.* file with port configuration
URL: https://github.com/SSSD/sssd/pull/5920 Title: #5920: krb5: write kdcinfo.* file with port configuration Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5920][-Waiting for review] krb5: write kdcinfo.* file with port configuration
URL: https://github.com/SSSD/sssd/pull/5920 Title: #5920: krb5: write kdcinfo.* file with port configuration Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5913][comment] Analyzer: Remove python-click dependency
URL: https://github.com/SSSD/sssd/pull/5913 Title: #5913: Analyzer: Remove python-click dependency thalman commented: """ @alexey-tikhonov Yes, I'm fine with last update """ See the full comment at https://github.com/SSSD/sssd/pull/5913#issuecomment-994921971 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5913][comment] Analyzer: Remove python-click dependency
URL: https://github.com/SSSD/sssd/pull/5913 Title: #5913: Analyzer: Remove python-click dependency thalman commented: """ ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5913#issuecomment-993686327 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5913][+Accepted] Analyzer: Remove python-click dependency
URL: https://github.com/SSSD/sssd/pull/5913 Title: #5913: Analyzer: Remove python-click dependency Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5913][comment] Analyzer: Remove python-click dependency
URL: https://github.com/SSSD/sssd/pull/5913 Title: #5913: Analyzer: Remove python-click dependency thalman commented: """ Thank you for the patch. I will wait for CI to finish the job and then I'm going to ACK it. """ See the full comment at https://github.com/SSSD/sssd/pull/5913#issuecomment-993567005 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5894][comment] contrib: sssd krb5 configuration snippet
URL: https://github.com/SSSD/sssd/pull/5894 Title: #5894: contrib: sssd krb5 configuration snippet thalman commented: """ LGTM, thank you for the patch """ See the full comment at https://github.com/SSSD/sssd/pull/5894#issuecomment-993514670 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5894][-Waiting for review] contrib: sssd krb5 configuration snippet
URL: https://github.com/SSSD/sssd/pull/5894 Title: #5894: contrib: sssd krb5 configuration snippet Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5894][+Accepted] contrib: sssd krb5 configuration snippet
URL: https://github.com/SSSD/sssd/pull/5894 Title: #5894: contrib: sssd krb5 configuration snippet Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5835][comment] Tests: Add test for bz1636002.
URL: https://github.com/SSSD/sssd/pull/5835 Title: #5835: Tests: Add test for bz1636002. thalman commented: """ Thank you for the update, ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5835#issuecomment-989642988 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5835][-Waiting for review] Tests: Add test for bz1636002.
URL: https://github.com/SSSD/sssd/pull/5835 Title: #5835: Tests: Add test for bz1636002. Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5835][+Accepted] Tests: Add test for bz1636002.
URL: https://github.com/SSSD/sssd/pull/5835 Title: #5835: Tests: Add test for bz1636002. Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5835][-Waiting for review] Tests: Add test for bz1636002.
URL: https://github.com/SSSD/sssd/pull/5835 Title: #5835: Tests: Add test for bz1636002. Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5835][+Accepted] Tests: Add test for bz1636002.
URL: https://github.com/SSSD/sssd/pull/5835 Title: #5835: Tests: Add test for bz1636002. Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5882][-Changes requested] CONFDB: check the return values
URL: https://github.com/SSSD/sssd/pull/5882 Title: #5882: CONFDB: check the return values Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5882][+Waiting for review] CONFDB: check the return values
URL: https://github.com/SSSD/sssd/pull/5882 Title: #5882: CONFDB: check the return values Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5882][synchronized] CONFDB: check the return values
URL: https://github.com/SSSD/sssd/pull/5882 Author: thalman Title: #5882: CONFDB: check the return values Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5882/head:pr5882 git checkout pr5882 From 0db7c401ee40a1351da7d915a7e3d6a5539522dc Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Thu, 18 Nov 2021 17:43:19 +0100 Subject: [PATCH] CONFDB: check the return values Covscan pointed out that return value of chown and sete[ug]id is not checked in some cases. There is not much we can do in case of failure so only minor failure is logged. Resolves: https://github.com/SSSD/sssd/issues/5876 --- src/confdb/confdb.c | 6 +- src/util/usertools.c | 25 + 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 6a6fac916e..e557b469cb 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -685,7 +685,11 @@ int confdb_init(TALLOC_CTX *mem_ctx, old_umask = umask(SSS_DFL_UMASK); /* file may exists and could be owned by root from previous version */ sss_sssd_user_uid_and_gid(_uid, _gid); -chown(confdb_location, sssd_uid, sssd_gid); +ret = chown(confdb_location, sssd_uid, sssd_gid); +if (ret != EOK && errno != ENOENT) { +DEBUG(SSSDBG_MINOR_FAILURE, "Unable to chown config database [%s]: %s\n", + confdb_location, sss_strerror(errno)); +} sss_set_sssd_user_eid(); ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL); diff --git a/src/util/usertools.c b/src/util/usertools.c index 370a98b417..72dec6 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -863,17 +863,34 @@ void sss_set_sssd_user_eid(void) uid_t uid; gid_t gid; + if (geteuid() == 0) { sss_sssd_user_uid_and_gid(, ); -seteuid(uid); -setegid(gid); +if (seteuid(uid) != EOK) { +DEBUG(SSSDBG_MINOR_FAILURE, + "Failed to set euid to %"SPRIuid": %s\n", + uid, sss_strerror(errno)); +} +if (setegid(gid) != EOK) { +DEBUG(SSSDBG_MINOR_FAILURE, + "Failed to set egid to %"SPRIgid": %s\n", + gid, sss_strerror(errno)); +} } } void sss_restore_sssd_user_eid(void) { if (getuid() == 0) { -seteuid(getuid()); -setegid(getgid()); +if (seteuid(getuid()) != EOK) { +DEBUG(SSSDBG_MINOR_FAILURE, + "Failed to restore euid: %s\n", + sss_strerror(errno)); +} +if (setegid(getgid()) != EOK) { +DEBUG(SSSDBG_MINOR_FAILURE, + "Failed to restore egid: %s\n", + sss_strerror(errno)); +} } } ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5882][comment] CONFDB: check the return values
URL: https://github.com/SSSD/sssd/pull/5882 Title: #5882: CONFDB: check the return values thalman commented: """ > In the commit message you mention fixing `setuid()` and `setegid()` but you > are also fixing `chown()` in this PR. Fixing chown return value is also claimed in the commit message """ See the full comment at https://github.com/SSSD/sssd/pull/5882#issuecomment-973860781 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5882][opened] CONFDB: check the return values
URL: https://github.com/SSSD/sssd/pull/5882 Author: thalman Title: #5882: CONFDB: check the return values Action: opened PR body: """ Covscan pointed out that return value of chown and sete[ug]id is not checked in some cases. There is not much we can do in case of failure so only minor failure is logged. Resolves: https://github.com/SSSD/sssd/issues/5876 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5882/head:pr5882 git checkout pr5882 From 75353f32cdcb1503c4536506f94094e10c60ee61 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Thu, 18 Nov 2021 17:43:19 +0100 Subject: [PATCH] CONFDB: check the return values Covscan pointed out that return value of chown and sete[ug]id is not checked in some cases. There is not much we can do in case of failure so only minor failure is logged. Resolves: https://github.com/SSSD/sssd/issues/5876 --- src/confdb/confdb.c | 6 +- src/util/usertools.c | 17 + 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 6a6fac916e..9cc1e82d2a 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -685,7 +685,11 @@ int confdb_init(TALLOC_CTX *mem_ctx, old_umask = umask(SSS_DFL_UMASK); /* file may exists and could be owned by root from previous version */ sss_sssd_user_uid_and_gid(_uid, _gid); -chown(confdb_location, sssd_uid, sssd_gid); +ret = chown(confdb_location, sssd_uid, sssd_gid); +if (ret != EOK && errno != ENOENT) { +DEBUG(SSSDBG_MINOR_FAILURE, "Unable to chown config database [%s]\n", + confdb_location); +} sss_set_sssd_user_eid(); ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL); diff --git a/src/util/usertools.c b/src/util/usertools.c index 370a98b417..324fc107e5 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -863,17 +863,26 @@ void sss_set_sssd_user_eid(void) uid_t uid; gid_t gid; + if (geteuid() == 0) { sss_sssd_user_uid_and_gid(, ); -seteuid(uid); -setegid(gid); +if (seteuid(uid) != EOK) { +DEBUG(SSSDBG_MINOR_FAILURE, "failed to set euid to %"SPRIuid"\n", uid); +} +if (setegid(gid) != EOK) { +DEBUG(SSSDBG_MINOR_FAILURE, "failed to set egid to %"SPRIgid"\n", gid); +} } } void sss_restore_sssd_user_eid(void) { if (getuid() == 0) { -seteuid(getuid()); -setegid(getgid()); +if (seteuid(getuid()) != EOK) { +DEBUG(SSSDBG_MINOR_FAILURE, "failed to restore euid\n"); +} +if (setegid(getgid()) != EOK) { +DEBUG(SSSDBG_MINOR_FAILURE, "failed to restore egid\n"); +} } } ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5862][-Waiting for review] DEBUG: avoid backtrace dups.
URL: https://github.com/SSSD/sssd/pull/5862 Title: #5862: DEBUG: avoid backtrace dups. Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5862][+Accepted] DEBUG: avoid backtrace dups.
URL: https://github.com/SSSD/sssd/pull/5862 Title: #5862: DEBUG: avoid backtrace dups. Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5782][comment] CONFDB: Change ownership of config.ldb
URL: https://github.com/SSSD/sssd/pull/5782 Title: #5782: CONFDB: Change ownership of config.ldb thalman commented: """ > Just one last improvement before I accept the changes. updated > By the way, I haven't found why `debian10` is failing. This was CI problem. On the second run it worked. """ See the full comment at https://github.com/SSSD/sssd/pull/5782#issuecomment-946675753 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5782][comment] CONFDB: Change ownership of config.ldb
URL: https://github.com/SSSD/sssd/pull/5782 Title: #5782: CONFDB: Change ownership of config.ldb thalman commented: """ > Just one last improvement before I accept the changes. updated > By the way, I haven't found why `debian10` is failing. This was CI problem. On the second run it worked. """ See the full comment at https://github.com/SSSD/sssd/pull/5782#issuecomment-946675753 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5782][synchronized] CONFDB: Change ownership of config.ldb
URL: https://github.com/SSSD/sssd/pull/5782 Author: thalman Title: #5782: CONFDB: Change ownership of config.ldb Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5782/head:pr5782 git checkout pr5782 From eb73035b35eade285c61d90c921ebef22e228ae3 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Fri, 15 Oct 2021 11:03:19 +0200 Subject: [PATCH 1/2] CONFDB: Change ownership of config.ldb Config database is owned by root. This prevents our socket activated services to start because they are started under the sssd user. Changing the ownership to sssd fixes the issue. Resolves: https://github.com/SSSD/sssd/issues/5781 --- src/confdb/confdb.c| 3 +++ src/monitor/monitor.c | 5 - src/tests/cwrap/group | 1 + src/tests/cwrap/passwd | 1 + src/util/usertools.c | 42 ++ src/util/util.h| 3 +++ 6 files changed, 54 insertions(+), 1 deletion(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index b7a73d97b3..7a718cc628 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -673,8 +673,11 @@ int confdb_init(TALLOC_CTX *mem_ctx, } old_umask = umask(SSS_DFL_UMASK); +sss_set_sssd_user_eid(); ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL); + +sss_restore_sssd_user_eid(); umask(old_umask); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to open config database [%s]\n", diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index b5fee7e7a7..c7610cb69b 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1551,6 +1551,8 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx, errno_t ret; struct mt_ctx *ctx; char *cdb_file = NULL; +uid_t sssd_uid; +gid_t sssd_gid; ctx = talloc_zero(mem_ctx, struct mt_ctx); if(!ctx) { @@ -1591,7 +1593,8 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx, /* Allow configuration database to be accessible * when SSSD runs as nonroot */ -ret = chown(cdb_file, ctx->uid, ctx->gid); +sss_sssd_user_uid_and_gid(_uid, _gid); +ret = chown(cdb_file, sssd_uid, sssd_gid); if (ret != 0) { ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, diff --git a/src/tests/cwrap/group b/src/tests/cwrap/group index d0cea659ea..1a3766e630 100644 --- a/src/tests/cwrap/group +++ b/src/tests/cwrap/group @@ -1,2 +1,3 @@ +root:x:0: sssd:x:123: foogroup:x:10001: diff --git a/src/tests/cwrap/passwd b/src/tests/cwrap/passwd index 862ccfe03e..0511a91bcb 100644 --- a/src/tests/cwrap/passwd +++ b/src/tests/cwrap/passwd @@ -1,2 +1,3 @@ +root:x:0:0:root:/root:/bin/bash sssd:x:123:456:sssd unprivileged user:/:/sbin/nologin foobar:x:10001:10001:User for SSSD testing:/home/foobar:/bin/bash diff --git a/src/util/usertools.c b/src/util/usertools.c index 8c2ed4e2de..6f93a4cef2 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -835,3 +835,45 @@ int sss_output_fqname(TALLOC_CTX *mem_ctx, talloc_zfree(tmp_ctx); return ret; } + +void sss_sssd_user_uid_and_gid(uid_t *_uid, gid_t *_gid) +{ +uid_t sssd_uid; +gid_t sssd_gid; +errno_t ret; + +ret = sss_user_by_name_or_uid(SSSD_USER, _uid, _gid); +if (ret != EOK) { +DEBUG(SSSDBG_CRIT_FAILURE, "failed to get sssd user (" SSSD_USER ") uid/gid, using root\n"); +sssd_uid = 0; +sssd_gid = 0; +} + +if (_uid != NULL) { +*_uid = sssd_uid; +} + +if (_gid != NULL) { +*_gid = sssd_gid; +} +} + +void sss_set_sssd_user_eid(void) +{ +uid_t uid; +gid_t gid; + +if (geteuid() == 0) { +sss_sssd_user_uid_and_gid(, ); +seteuid(uid); +setegid(gid); +} +} + +void sss_restore_sssd_user_eid(void) +{ +if (getuid() == 0) { +seteuid(getuid()); +setegid(getgid()); +} +} diff --git a/src/util/util.h b/src/util/util.h index e85cd12022..6dfd2540cc 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -383,6 +383,9 @@ errno_t sss_canonicalize_ip_address(TALLOC_CTX *mem_ctx, const char * const * get_known_services(void); errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid); +void sss_sssd_user_uid_and_gid(uid_t *_uid, gid_t *_gid); +void sss_set_sssd_user_eid(void); +void sss_restore_sssd_user_eid(void); int split_on_separator(TALLOC_CTX *mem_ctx, const char *str, const char sep, bool trim, bool skip_empty, From 9d30b6e991e2d3aee1ba75e89252594096b2c798 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Fri, 15 Oct 2021 11:04:05 +0200 Subject: [PATCH 2/2] CONFDB: Change ownership before dropping privileges From previous SSSD version, config file can exist and can be owned by root. To allow smooth transition we can change the ownership. This commit can be reverted later. Resolves: https://github.com/SSSD/sssd/issues/5781 --- src/confdb/confdb.c | 5 + 1 fi
[SSSD] [sssd PR#5782][-Changes requested] CONFDB: Change ownership of config.ldb
URL: https://github.com/SSSD/sssd/pull/5782 Title: #5782: CONFDB: Change ownership of config.ldb Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5782][+Waiting for review] CONFDB: Change ownership of config.ldb
URL: https://github.com/SSSD/sssd/pull/5782 Title: #5782: CONFDB: Change ownership of config.ldb Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5782][synchronized] CONFDB: Change ownership of config.ldb
URL: https://github.com/SSSD/sssd/pull/5782 Author: thalman Title: #5782: CONFDB: Change ownership of config.ldb Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5782/head:pr5782 git checkout pr5782 From 6cc70307ce60d06150b2ececa760c936bec8dc6d Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Fri, 15 Oct 2021 11:03:19 +0200 Subject: [PATCH 1/2] CONFDB: Change ownership of config.ldb Config database is owned by root. This prevents our socket activated services to start because they are started under the sssd user. Changing the ownership to sssd fixes the issue. Resolves: https://github.com/SSSD/sssd/issues/5781 --- src/confdb/confdb.c| 3 +++ src/monitor/monitor.c | 5 - src/tests/cwrap/group | 1 + src/tests/cwrap/passwd | 1 + src/util/usertools.c | 42 ++ src/util/util.h| 3 +++ 6 files changed, 54 insertions(+), 1 deletion(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index b7a73d97b3..7a718cc628 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -673,8 +673,11 @@ int confdb_init(TALLOC_CTX *mem_ctx, } old_umask = umask(SSS_DFL_UMASK); +sss_set_sssd_user_eid(); ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL); + +sss_restore_sssd_user_eid(); umask(old_umask); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to open config database [%s]\n", diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index b5fee7e7a7..c7610cb69b 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1551,6 +1551,8 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx, errno_t ret; struct mt_ctx *ctx; char *cdb_file = NULL; +uid_t sssd_uid; +gid_t sssd_gid; ctx = talloc_zero(mem_ctx, struct mt_ctx); if(!ctx) { @@ -1591,7 +1593,8 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx, /* Allow configuration database to be accessible * when SSSD runs as nonroot */ -ret = chown(cdb_file, ctx->uid, ctx->gid); +sss_sssd_user_uid_and_gid(_uid, _gid); +ret = chown(cdb_file, sssd_uid, sssd_gid); if (ret != 0) { ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, diff --git a/src/tests/cwrap/group b/src/tests/cwrap/group index d0cea659ea..1a3766e630 100644 --- a/src/tests/cwrap/group +++ b/src/tests/cwrap/group @@ -1,2 +1,3 @@ +root:x:0: sssd:x:123: foogroup:x:10001: diff --git a/src/tests/cwrap/passwd b/src/tests/cwrap/passwd index 862ccfe03e..0511a91bcb 100644 --- a/src/tests/cwrap/passwd +++ b/src/tests/cwrap/passwd @@ -1,2 +1,3 @@ +root:x:0:0:root:/root:/bin/bash sssd:x:123:456:sssd unprivileged user:/:/sbin/nologin foobar:x:10001:10001:User for SSSD testing:/home/foobar:/bin/bash diff --git a/src/util/usertools.c b/src/util/usertools.c index 8c2ed4e2de..333e92dffc 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -835,3 +835,45 @@ int sss_output_fqname(TALLOC_CTX *mem_ctx, talloc_zfree(tmp_ctx); return ret; } + +void sss_sssd_user_uid_and_gid(uid_t *uid, gid_t *gid) +{ +uid_t sssd_uid; +gid_t sssd_gid; +errno_t ret; + +ret = sss_user_by_name_or_uid(SSSD_USER, _uid, _gid); +if (ret != EOK) { +DEBUG(SSSDBG_CRIT_FAILURE, "failed to get sssd user (" SSSD_USER ") uid/gid, using root\n"); +sssd_uid = 0; +sssd_gid = 0; +} + +if (uid != NULL) { +*uid = sssd_uid; +} + +if (gid != NULL) { +*gid = sssd_gid; +} +} + +void sss_set_sssd_user_eid(void) +{ +uid_t uid; +gid_t gid; + +if (geteuid() == 0) { +sss_sssd_user_uid_and_gid(, ); +seteuid(uid); +setegid(gid); +} +} + +void sss_restore_sssd_user_eid(void) +{ +if (getuid() == 0) { +seteuid(getuid()); +setegid(getgid()); +} +} diff --git a/src/util/util.h b/src/util/util.h index e85cd12022..929080a315 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -383,6 +383,9 @@ errno_t sss_canonicalize_ip_address(TALLOC_CTX *mem_ctx, const char * const * get_known_services(void); errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid); +void sss_sssd_user_uid_and_gid(uid_t *uid, gid_t *gid); +void sss_set_sssd_user_eid(void); +void sss_restore_sssd_user_eid(void); int split_on_separator(TALLOC_CTX *mem_ctx, const char *str, const char sep, bool trim, bool skip_empty, From 5f3cd77df2d9d4f28aecf9170d70ef498910506e Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Fri, 15 Oct 2021 11:04:05 +0200 Subject: [PATCH 2/2] CONFDB: Change ownership before dropping privileges From previous SSSD version, config file can exist and can be owned by root. To allow smooth transition we can change the ownership. This commit can be reverted later. Resolves: https://github.com/SSSD/sssd/issues/5781 --- src/confdb/confdb.c | 5 + 1 file cha
[SSSD] [sssd PR#5782][synchronized] CONFDB: Change ownership of config.ldb
URL: https://github.com/SSSD/sssd/pull/5782 Author: thalman Title: #5782: CONFDB: Change ownership of config.ldb Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5782/head:pr5782 git checkout pr5782 From 05305d205f5e0c1d7a6c994d23aacc24ef3f1c01 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Wed, 8 Sep 2021 14:18:35 +0200 Subject: [PATCH 1/2] CONFDB: Change ownership of config.ldb Config database is owned by root. This prevents our socket activated services to start because they are started under the sssd user. Changing the ownership to sssd fixes the issue. Resolves: https://github.com/SSSD/sssd/issues/5781 --- src/confdb/confdb.c| 3 +++ src/monitor/monitor.c | 5 - src/tests/cwrap/group | 1 + src/tests/cwrap/passwd | 1 + src/util/usertools.c | 42 ++ src/util/util.h| 3 +++ 6 files changed, 54 insertions(+), 1 deletion(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index b7a73d97b3..7a718cc628 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -673,8 +673,11 @@ int confdb_init(TALLOC_CTX *mem_ctx, } old_umask = umask(SSS_DFL_UMASK); +sss_set_sssd_user_eid(); ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL); + +sss_restore_sssd_user_eid(); umask(old_umask); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to open config database [%s]\n", diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 60a9658642..d02f54650a 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1563,6 +1563,8 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx, errno_t ret; struct mt_ctx *ctx; char *cdb_file = NULL; +uid_t sssd_uid; +gid_t sssd_gid; ctx = talloc_zero(mem_ctx, struct mt_ctx); if(!ctx) { @@ -1603,7 +1605,8 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx, /* Allow configuration database to be accessible * when SSSD runs as nonroot */ -ret = chown(cdb_file, ctx->uid, ctx->gid); +sss_sssd_user_uid_and_gid(_uid, _gid); +ret = chown(cdb_file, sssd_uid, sssd_gid); if (ret != 0) { ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, diff --git a/src/tests/cwrap/group b/src/tests/cwrap/group index d0cea659ea..1a3766e630 100644 --- a/src/tests/cwrap/group +++ b/src/tests/cwrap/group @@ -1,2 +1,3 @@ +root:x:0: sssd:x:123: foogroup:x:10001: diff --git a/src/tests/cwrap/passwd b/src/tests/cwrap/passwd index 862ccfe03e..0511a91bcb 100644 --- a/src/tests/cwrap/passwd +++ b/src/tests/cwrap/passwd @@ -1,2 +1,3 @@ +root:x:0:0:root:/root:/bin/bash sssd:x:123:456:sssd unprivileged user:/:/sbin/nologin foobar:x:10001:10001:User for SSSD testing:/home/foobar:/bin/bash diff --git a/src/util/usertools.c b/src/util/usertools.c index 8c2ed4e2de..333e92dffc 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -835,3 +835,45 @@ int sss_output_fqname(TALLOC_CTX *mem_ctx, talloc_zfree(tmp_ctx); return ret; } + +void sss_sssd_user_uid_and_gid(uid_t *uid, gid_t *gid) +{ +uid_t sssd_uid; +gid_t sssd_gid; +errno_t ret; + +ret = sss_user_by_name_or_uid(SSSD_USER, _uid, _gid); +if (ret != EOK) { +DEBUG(SSSDBG_CRIT_FAILURE, "failed to get sssd user (" SSSD_USER ") uid/gid, using root\n"); +sssd_uid = 0; +sssd_gid = 0; +} + +if (uid != NULL) { +*uid = sssd_uid; +} + +if (gid != NULL) { +*gid = sssd_gid; +} +} + +void sss_set_sssd_user_eid(void) +{ +uid_t uid; +gid_t gid; + +if (geteuid() == 0) { +sss_sssd_user_uid_and_gid(, ); +seteuid(uid); +setegid(gid); +} +} + +void sss_restore_sssd_user_eid(void) +{ +if (getuid() == 0) { +seteuid(getuid()); +setegid(getgid()); +} +} diff --git a/src/util/util.h b/src/util/util.h index bcbb9ac72f..0a7d4d84c0 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -383,6 +383,9 @@ errno_t sss_canonicalize_ip_address(TALLOC_CTX *mem_ctx, const char * const * get_known_services(void); errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid); +void sss_sssd_user_uid_and_gid(uid_t *uid, gid_t *gid); +void sss_set_sssd_user_eid(void); +void sss_restore_sssd_user_eid(void); int split_on_separator(TALLOC_CTX *mem_ctx, const char *str, const char sep, bool trim, bool skip_empty, From dda16ec143debc56c9356ea59846b4eb89a03993 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Mon, 20 Sep 2021 13:05:14 + Subject: [PATCH 2/2] CONFDB: Change ownership before dropping privileges From previous SSSD version, config file can exist and can be owned by root. To allow smooth transition we can change the ownership. This commit can be reverted later. Resolves: https://github.com/SSSD/sssd/issues/5781 --- src/confdb/confdb.c | 5 + 1 file cha
[SSSD] [sssd PR#5782][synchronized] CONFDB: Change ownership of config.ldb
URL: https://github.com/SSSD/sssd/pull/5782 Author: thalman Title: #5782: CONFDB: Change ownership of config.ldb Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5782/head:pr5782 git checkout pr5782 From 1f3868e797b3d75e0154499ca45bfd6d09577576 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Wed, 8 Sep 2021 14:18:35 +0200 Subject: [PATCH 1/2] CONFDB: Change ownership of config.ldb Config database is owned by root. This prevents our socket activated services to start because they are started under the sssd user. Changing the ownership to sssd fixes the issue. Resolves: https://github.com/SSSD/sssd/issues/5781 --- src/confdb/confdb.c| 3 ++ src/monitor/monitor.c | 2 +- src/tests/cwrap/group | 1 + src/tests/cwrap/passwd | 1 + src/util/usertools.c | 63 ++ src/util/util.h| 4 +++ 6 files changed, 73 insertions(+), 1 deletion(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index b7a73d97b3..7a718cc628 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -673,8 +673,11 @@ int confdb_init(TALLOC_CTX *mem_ctx, } old_umask = umask(SSS_DFL_UMASK); +sss_set_sssd_user_eid(); ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL); + +sss_restore_sssd_user_eid(); umask(old_umask); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to open config database [%s]\n", diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 60a9658642..a213b2fb47 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1603,7 +1603,7 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx, /* Allow configuration database to be accessible * when SSSD runs as nonroot */ -ret = chown(cdb_file, ctx->uid, ctx->gid); +ret = chown(cdb_file, sss_sssd_user_uid(), sss_sssd_user_gid()); if (ret != 0) { ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, diff --git a/src/tests/cwrap/group b/src/tests/cwrap/group index d0cea659ea..1a3766e630 100644 --- a/src/tests/cwrap/group +++ b/src/tests/cwrap/group @@ -1,2 +1,3 @@ +root:x:0: sssd:x:123: foogroup:x:10001: diff --git a/src/tests/cwrap/passwd b/src/tests/cwrap/passwd index 862ccfe03e..0511a91bcb 100644 --- a/src/tests/cwrap/passwd +++ b/src/tests/cwrap/passwd @@ -1,2 +1,3 @@ +root:x:0:0:root:/root:/bin/bash sssd:x:123:456:sssd unprivileged user:/:/sbin/nologin foobar:x:10001:10001:User for SSSD testing:/home/foobar:/bin/bash diff --git a/src/util/usertools.c b/src/util/usertools.c index 8c2ed4e2de..8871ba7b51 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -835,3 +835,66 @@ int sss_output_fqname(TALLOC_CTX *mem_ctx, talloc_zfree(tmp_ctx); return ret; } + +static void sss_sssd_user_uid_and_gid(uid_t *uid, gid_t *gid) +{ +static uid_t sssd_uid; +static uid_t sssd_gid; +static bool resolved = false; + +errno_t ret; + +if (! resolved) { +ret = sss_user_by_name_or_uid(SSSD_USER, _uid, _gid); +if (ret != EOK) { +DEBUG(SSSDBG_CRIT_FAILURE, "failed to get sssd user (" SSSD_USER ") uid/gid, using root\n"); +if (uid != NULL) { +*uid = 0; +} +if (gid != NULL) { +*gid = 0; +} +return; +} else { +resolved = true; +} +} + +if (uid != NULL) { +*uid = sssd_uid; +} + +if (gid != NULL) { +*gid = sssd_gid; +} +} + +uid_t sss_sssd_user_uid(void) +{ +uid_t uid; +sss_sssd_user_uid_and_gid(, NULL); +return uid; +} + +gid_t sss_sssd_user_gid(void) +{ +gid_t gid; +sss_sssd_user_uid_and_gid(NULL, ); +return gid; +} + +void sss_set_sssd_user_eid(void) +{ +if (geteuid() == 0) { +seteuid(sss_sssd_user_uid()); +setegid(sss_sssd_user_gid()); +} +} + +void sss_restore_sssd_user_eid(void) +{ +if (getuid() == 0) { +seteuid(getuid()); +setegid(getgid()); +} +} diff --git a/src/util/util.h b/src/util/util.h index bcbb9ac72f..94df2a8b99 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -383,6 +383,10 @@ errno_t sss_canonicalize_ip_address(TALLOC_CTX *mem_ctx, const char * const * get_known_services(void); errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid); +uid_t sss_sssd_user_uid(void); +gid_t sss_sssd_user_gid(void); +void sss_set_sssd_user_eid(void); +void sss_restore_sssd_user_eid(void); int split_on_separator(TALLOC_CTX *mem_ctx, const char *str, const char sep, bool trim, bool skip_empty, From 52ffabf89ebcdc4be947798748d47eb7804635d7 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Mon, 20 Sep 2021 13:05:14 + Subject: [PATCH 2/2] CONFDB: Change ownership before dropping privileges From previous SSSD version, config file can exist and can be owned by root. T
[SSSD] [sssd PR#5801][+Accepted] util/inotify: fixed bug in inotify event processing - 1.16 backport
URL: https://github.com/SSSD/sssd/pull/5801 Title: #5801: util/inotify: fixed bug in inotify event processing - 1.16 backport Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5801][-Waiting for review] util/inotify: fixed bug in inotify event processing - 1.16 backport
URL: https://github.com/SSSD/sssd/pull/5801 Title: #5801: util/inotify: fixed bug in inotify event processing - 1.16 backport Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5801][comment] util/inotify: fixed bug in inotify event processing - 1.16 backport
URL: https://github.com/SSSD/sssd/pull/5801 Title: #5801: util/inotify: fixed bug in inotify event processing - 1.16 backport thalman commented: """ Thank you for the patch, LGTM, ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5801#issuecomment-935825772 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5782][synchronized] CONFDB: Change ownership of config.ldb
URL: https://github.com/SSSD/sssd/pull/5782 Author: thalman Title: #5782: CONFDB: Change ownership of config.ldb Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5782/head:pr5782 git checkout pr5782 From 50fabe53dffb253c3f93af6cb5f3d423ea355738 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Wed, 8 Sep 2021 14:18:35 +0200 Subject: [PATCH 1/2] CONFDB: Change ownership of config.ldb Config database is owned by root. This prevents our socket activated services to start because they are started under the sssd user. Changing the ownership to sssd fixes the issue. Resolves: https://github.com/SSSD/sssd/issues/5781 --- src/confdb/confdb.c| 3 +++ src/monitor/monitor.c | 2 +- src/tests/cwrap/group | 1 + src/tests/cwrap/passwd | 1 + src/util/usertools.c | 59 ++ src/util/util.h| 4 +++ 6 files changed, 69 insertions(+), 1 deletion(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index b7a73d97b3..7a718cc628 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -673,8 +673,11 @@ int confdb_init(TALLOC_CTX *mem_ctx, } old_umask = umask(SSS_DFL_UMASK); +sss_set_sssd_user_eid(); ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL); + +sss_restore_sssd_user_eid(); umask(old_umask); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to open config database [%s]\n", diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 60a9658642..a213b2fb47 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1603,7 +1603,7 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx, /* Allow configuration database to be accessible * when SSSD runs as nonroot */ -ret = chown(cdb_file, ctx->uid, ctx->gid); +ret = chown(cdb_file, sss_sssd_user_uid(), sss_sssd_user_gid()); if (ret != 0) { ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, diff --git a/src/tests/cwrap/group b/src/tests/cwrap/group index d0cea659ea..1a3766e630 100644 --- a/src/tests/cwrap/group +++ b/src/tests/cwrap/group @@ -1,2 +1,3 @@ +root:x:0: sssd:x:123: foogroup:x:10001: diff --git a/src/tests/cwrap/passwd b/src/tests/cwrap/passwd index 862ccfe03e..0511a91bcb 100644 --- a/src/tests/cwrap/passwd +++ b/src/tests/cwrap/passwd @@ -1,2 +1,3 @@ +root:x:0:0:root:/root:/bin/bash sssd:x:123:456:sssd unprivileged user:/:/sbin/nologin foobar:x:10001:10001:User for SSSD testing:/home/foobar:/bin/bash diff --git a/src/util/usertools.c b/src/util/usertools.c index 8c2ed4e2de..78dc3706ed 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -835,3 +835,62 @@ int sss_output_fqname(TALLOC_CTX *mem_ctx, talloc_zfree(tmp_ctx); return ret; } + +static void sss_sssd_user_uid_and_gid(uid_t *uid, gid_t *gid) +{ +static uid_t sssd_uid; +static uid_t sssd_gid; +static bool resolved = false; + +errno_t ret; + +if (! resolved) { +ret = sss_user_by_name_or_uid(SSSD_USER, _uid, _gid); +if (ret != EOK) { +DEBUG(SSSDBG_CRIT_FAILURE, "failed to get sssd user (" SSSD_USER ") uid/gid, using root\n"); +*uid = 0; +*gid = 0; +return; +} else { +resolved = true; +} +} + +if (uid != NULL) { +*uid = sssd_uid; +} + +if (gid != NULL) { +*gid = sssd_gid; +} +} + +uid_t sss_sssd_user_uid(void) +{ +uid_t uid; +sss_sssd_user_uid_and_gid(, NULL); +return uid; +} + +gid_t sss_sssd_user_gid(void) +{ +gid_t gid; +sss_sssd_user_uid_and_gid(NULL, ); +return gid; +} + +void sss_set_sssd_user_eid(void) +{ +if (geteuid() == 0) { +seteuid(sss_sssd_user_uid()); +setegid(sss_sssd_user_gid()); +} +} + +void sss_restore_sssd_user_eid(void) +{ +if (getuid() == 0) { +seteuid(getuid()); +setegid(getgid()); +} +} diff --git a/src/util/util.h b/src/util/util.h index bcbb9ac72f..94df2a8b99 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -383,6 +383,10 @@ errno_t sss_canonicalize_ip_address(TALLOC_CTX *mem_ctx, const char * const * get_known_services(void); errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid); +uid_t sss_sssd_user_uid(void); +gid_t sss_sssd_user_gid(void); +void sss_set_sssd_user_eid(void); +void sss_restore_sssd_user_eid(void); int split_on_separator(TALLOC_CTX *mem_ctx, const char *str, const char sep, bool trim, bool skip_empty, From be3cfbd8fa6e72c86952f7d8141dd85a6fa97c1f Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Mon, 20 Sep 2021 13:05:14 + Subject: [PATCH 2/2] CONFDB: Change ownership before dropping privileges From previous SSSD version, config file can exist and can be owned by root. To allow smooth transition we can change the ownership. This commit can be reverted later. Resolves: h
[SSSD] [sssd PR#5782][synchronized] CONFDB: Change ownership of config.ldb
URL: https://github.com/SSSD/sssd/pull/5782 Author: thalman Title: #5782: CONFDB: Change ownership of config.ldb Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5782/head:pr5782 git checkout pr5782 From 624b36fc1ddd0b9c37357169575f57384fd36ab4 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Wed, 8 Sep 2021 14:18:35 +0200 Subject: [PATCH 1/2] CONFDB: Change ownership of config.ldb Config database is owned by root. This prevents our socket activated services to start because they are started under the sssd user. Changing the ownership to sssd fixes the issue. Resolves: https://github.com/SSSD/sssd/issues/5781 --- src/confdb/confdb.c | 3 +++ src/monitor/monitor.c | 2 +- src/util/usertools.c | 59 +++ src/util/util.h | 4 +++ 4 files changed, 67 insertions(+), 1 deletion(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index b7a73d97b3..7a718cc628 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -673,8 +673,11 @@ int confdb_init(TALLOC_CTX *mem_ctx, } old_umask = umask(SSS_DFL_UMASK); +sss_set_sssd_user_eid(); ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL); + +sss_restore_sssd_user_eid(); umask(old_umask); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to open config database [%s]\n", diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 60a9658642..a213b2fb47 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1603,7 +1603,7 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx, /* Allow configuration database to be accessible * when SSSD runs as nonroot */ -ret = chown(cdb_file, ctx->uid, ctx->gid); +ret = chown(cdb_file, sss_sssd_user_uid(), sss_sssd_user_gid()); if (ret != 0) { ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, diff --git a/src/util/usertools.c b/src/util/usertools.c index 8c2ed4e2de..78dc3706ed 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -835,3 +835,62 @@ int sss_output_fqname(TALLOC_CTX *mem_ctx, talloc_zfree(tmp_ctx); return ret; } + +static void sss_sssd_user_uid_and_gid(uid_t *uid, gid_t *gid) +{ +static uid_t sssd_uid; +static uid_t sssd_gid; +static bool resolved = false; + +errno_t ret; + +if (! resolved) { +ret = sss_user_by_name_or_uid(SSSD_USER, _uid, _gid); +if (ret != EOK) { +DEBUG(SSSDBG_CRIT_FAILURE, "failed to get sssd user (" SSSD_USER ") uid/gid, using root\n"); +*uid = 0; +*gid = 0; +return; +} else { +resolved = true; +} +} + +if (uid != NULL) { +*uid = sssd_uid; +} + +if (gid != NULL) { +*gid = sssd_gid; +} +} + +uid_t sss_sssd_user_uid(void) +{ +uid_t uid; +sss_sssd_user_uid_and_gid(, NULL); +return uid; +} + +gid_t sss_sssd_user_gid(void) +{ +gid_t gid; +sss_sssd_user_uid_and_gid(NULL, ); +return gid; +} + +void sss_set_sssd_user_eid(void) +{ +if (geteuid() == 0) { +seteuid(sss_sssd_user_uid()); +setegid(sss_sssd_user_gid()); +} +} + +void sss_restore_sssd_user_eid(void) +{ +if (getuid() == 0) { +seteuid(getuid()); +setegid(getgid()); +} +} diff --git a/src/util/util.h b/src/util/util.h index bcbb9ac72f..94df2a8b99 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -383,6 +383,10 @@ errno_t sss_canonicalize_ip_address(TALLOC_CTX *mem_ctx, const char * const * get_known_services(void); errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid); +uid_t sss_sssd_user_uid(void); +gid_t sss_sssd_user_gid(void); +void sss_set_sssd_user_eid(void); +void sss_restore_sssd_user_eid(void); int split_on_separator(TALLOC_CTX *mem_ctx, const char *str, const char sep, bool trim, bool skip_empty, From 2679aef6a5c38f453c5bdff7e87bcd3fcdbcbc83 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Mon, 20 Sep 2021 13:05:14 + Subject: [PATCH 2/2] CONFDB: Change ownership before dropping privileges From previous SSSD version, config file can exist and can be owned by root. To allow smooth transition we can change the ownership. This commit can be reverted later. Resolves: https://github.com/SSSD/sssd/issues/5781 --- src/confdb/confdb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 7a718cc628..76528bb4d9 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -673,6 +673,8 @@ int confdb_init(TALLOC_CTX *mem_ctx, } old_umask = umask(SSS_DFL_UMASK); +/* file may exists and could be owned by root from previous version */ +chown(confdb_location, sss_sssd_user_uid(), sss_sssd_user_gid()); sss_set_sssd_user_eid(); ret = ldb_con
[SSSD] [sssd PR#5782][comment] CONFDB: Change ownership of config.ldb
URL: https://github.com/SSSD/sssd/pull/5782 Title: #5782: CONFDB: Change ownership of config.ldb thalman commented: """ > Tests fails. I'm on it, I also found an issue in "upgrade" path. """ See the full comment at https://github.com/SSSD/sssd/pull/5782#issuecomment-922848191 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5782][opened] CONFDB: Change ownership of config.ldb
URL: https://github.com/SSSD/sssd/pull/5782 Author: thalman Title: #5782: CONFDB: Change ownership of config.ldb Action: opened PR body: """ Config database is owned by root. This prevents our socket activated services to start because they are started under the sssd user. Changing the ownership to sssd fixes the issue. Resolves: https://github.com/SSSD/sssd/issues/5781 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5782/head:pr5782 git checkout pr5782 From 624b36fc1ddd0b9c37357169575f57384fd36ab4 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Wed, 8 Sep 2021 14:18:35 +0200 Subject: [PATCH] CONFDB: Change ownership of config.ldb Config database is owned by root. This prevents our socket activated services to start because they are started under the sssd user. Changing the ownership to sssd fixes the issue. Resolves: https://github.com/SSSD/sssd/issues/5781 --- src/confdb/confdb.c | 3 +++ src/monitor/monitor.c | 2 +- src/util/usertools.c | 59 +++ src/util/util.h | 4 +++ 4 files changed, 67 insertions(+), 1 deletion(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index b7a73d97b3..7a718cc628 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -673,8 +673,11 @@ int confdb_init(TALLOC_CTX *mem_ctx, } old_umask = umask(SSS_DFL_UMASK); +sss_set_sssd_user_eid(); ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL); + +sss_restore_sssd_user_eid(); umask(old_umask); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to open config database [%s]\n", diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 60a9658642..a213b2fb47 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1603,7 +1603,7 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx, /* Allow configuration database to be accessible * when SSSD runs as nonroot */ -ret = chown(cdb_file, ctx->uid, ctx->gid); +ret = chown(cdb_file, sss_sssd_user_uid(), sss_sssd_user_gid()); if (ret != 0) { ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, diff --git a/src/util/usertools.c b/src/util/usertools.c index 8c2ed4e2de..78dc3706ed 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -835,3 +835,62 @@ int sss_output_fqname(TALLOC_CTX *mem_ctx, talloc_zfree(tmp_ctx); return ret; } + +static void sss_sssd_user_uid_and_gid(uid_t *uid, gid_t *gid) +{ +static uid_t sssd_uid; +static uid_t sssd_gid; +static bool resolved = false; + +errno_t ret; + +if (! resolved) { +ret = sss_user_by_name_or_uid(SSSD_USER, _uid, _gid); +if (ret != EOK) { +DEBUG(SSSDBG_CRIT_FAILURE, "failed to get sssd user (" SSSD_USER ") uid/gid, using root\n"); +*uid = 0; +*gid = 0; +return; +} else { +resolved = true; +} +} + +if (uid != NULL) { +*uid = sssd_uid; +} + +if (gid != NULL) { +*gid = sssd_gid; +} +} + +uid_t sss_sssd_user_uid(void) +{ +uid_t uid; +sss_sssd_user_uid_and_gid(, NULL); +return uid; +} + +gid_t sss_sssd_user_gid(void) +{ +gid_t gid; +sss_sssd_user_uid_and_gid(NULL, ); +return gid; +} + +void sss_set_sssd_user_eid(void) +{ +if (geteuid() == 0) { +seteuid(sss_sssd_user_uid()); +setegid(sss_sssd_user_gid()); +} +} + +void sss_restore_sssd_user_eid(void) +{ +if (getuid() == 0) { +seteuid(getuid()); +setegid(getgid()); +} +} diff --git a/src/util/util.h b/src/util/util.h index bcbb9ac72f..94df2a8b99 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -383,6 +383,10 @@ errno_t sss_canonicalize_ip_address(TALLOC_CTX *mem_ctx, const char * const * get_known_services(void); errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid); +uid_t sss_sssd_user_uid(void); +gid_t sss_sssd_user_gid(void); +void sss_set_sssd_user_eid(void); +void sss_restore_sssd_user_eid(void); int split_on_separator(TALLOC_CTX *mem_ctx, const char *str, const char sep, bool trim, bool skip_empty, ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5701][comment] SYSDB: Add missing sysdb attribute
URL: https://github.com/SSSD/sssd/pull/5701 Title: #5701: SYSDB: Add missing sysdb attribute thalman commented: """ ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5701#issuecomment-877158076 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5701][+Accepted] SYSDB: Add missing sysdb attribute
URL: https://github.com/SSSD/sssd/pull/5701 Title: #5701: SYSDB: Add missing sysdb attribute Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5661][+Accepted] pam: change default for pam_response_filter
URL: https://github.com/SSSD/sssd/pull/5661 Title: #5661: pam: change default for pam_response_filter Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5661][-Changes requested] pam: change default for pam_response_filter
URL: https://github.com/SSSD/sssd/pull/5661 Title: #5661: pam: change default for pam_response_filter Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5661][comment] pam: change default for pam_response_filter
URL: https://github.com/SSSD/sssd/pull/5661 Title: #5661: pam: change default for pam_response_filter thalman commented: """ Thank you, ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5661#issuecomment-854834748 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5661][comment] pam: change default for pam_response_filter
URL: https://github.com/SSSD/sssd/pull/5661 Title: #5661: pam: change default for pam_response_filter thalman commented: """ The patch looks good, just one nitpicking comment. Once it is updated, I will ACK it. """ See the full comment at https://github.com/SSSD/sssd/pull/5661#issuecomment-854629933 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5661][-Waiting for review] pam: change default for pam_response_filter
URL: https://github.com/SSSD/sssd/pull/5661 Title: #5661: pam: change default for pam_response_filter Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5661][+Changes requested] pam: change default for pam_response_filter
URL: https://github.com/SSSD/sssd/pull/5661 Title: #5661: pam: change default for pam_response_filter Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5644][+Accepted] TOOLS: removed unneeded debug message
URL: https://github.com/SSSD/sssd/pull/5644 Title: #5644: TOOLS: removed unneeded debug message Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5644][-Waiting for review] TOOLS: removed unneeded debug message
URL: https://github.com/SSSD/sssd/pull/5644 Title: #5644: TOOLS: removed unneeded debug message Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5644][comment] TOOLS: removed unneeded debug message
URL: https://github.com/SSSD/sssd/pull/5644 Title: #5644: TOOLS: removed unneeded debug message thalman commented: """ Thank you for the patch, ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5644#issuecomment-844942794 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5610][-Waiting for review] sudo improvements
URL: https://github.com/SSSD/sssd/pull/5610 Title: #5610: sudo improvements Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5610][+Accepted] sudo improvements
URL: https://github.com/SSSD/sssd/pull/5610 Title: #5610: sudo improvements Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5610][comment] sudo improvements
URL: https://github.com/SSSD/sssd/pull/5610 Title: #5610: sudo improvements thalman commented: """ Thank you for the update, ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5610#issuecomment-834262363 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5610][comment] sudo improvements
URL: https://github.com/SSSD/sssd/pull/5610 Title: #5610: sudo improvements thalman commented: """ The code looks good, works for me. I have just one comment: You titled one commit "be: add be_ptask_reschedule" but the function added is called *_postpone. Could you make that consistent for future search/reference? Tom """ See the full comment at https://github.com/SSSD/sssd/pull/5610#issuecomment-834259651 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5585][comment] Poor man's backtrace.
URL: https://github.com/SSSD/sssd/pull/5585 Title: #5585: Poor man's backtrace. thalman commented: """ works for me. Thank you for the patch. ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5585#issuecomment-831813764 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5585][+Accepted] Poor man's backtrace.
URL: https://github.com/SSSD/sssd/pull/5585 Title: #5585: Poor man's backtrace. Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5585][-Waiting for review] Poor man's backtrace.
URL: https://github.com/SSSD/sssd/pull/5585 Title: #5585: Poor man's backtrace. Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5593][+Accepted] BUILD: prefer PCRE2 over PCRE
URL: https://github.com/SSSD/sssd/pull/5593 Title: #5593: BUILD: prefer PCRE2 over PCRE Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5593][-Waiting for review] BUILD: prefer PCRE2 over PCRE
URL: https://github.com/SSSD/sssd/pull/5593 Title: #5593: BUILD: prefer PCRE2 over PCRE Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5593][comment] BUILD: prefer PCRE2 over PCRE
URL: https://github.com/SSSD/sssd/pull/5593 Title: #5593: BUILD: prefer PCRE2 over PCRE thalman commented: """ I tested the patch, looks good to me. Works as expected. Thanks ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5593#issuecomment-825735412 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5535][-Waiting for review] A set of patches to sanitize logger code a little bit.
URL: https://github.com/SSSD/sssd/pull/5535 Title: #5535: A set of patches to sanitize logger code a little bit. Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5564][opened] DEBUG: Error is printed when everything is ok
URL: https://github.com/SSSD/sssd/pull/5564 Author: thalman Title: #5564: DEBUG: Error is printed when everything is ok Action: opened PR body: """ Due to invalid condition error message that config file does not exist is printed when there is actually no problem. This update fixes the condition. Thanks @alexey-tikhonov for pointing this out. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5564/head:pr5564 git checkout pr5564 From 32c384908229c3fb86ff5f24e57caee89a6f1f2e Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Wed, 31 Mar 2021 17:03:10 +0200 Subject: [PATCH] DEBUG: Error is printed when everything is ok Due to invalid condition error message that config file does not exist is printed when there is actually no problem. This update fixes the condition --- src/util/sss_ini.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/util/sss_ini.c b/src/util/sss_ini.c index 18f87ec415..5b44b759a3 100644 --- a/src/util/sss_ini.c +++ b/src/util/sss_ini.c @@ -856,11 +856,11 @@ int sss_ini_read_sssd_conf(struct sss_ini *self, DEBUG(SSSDBG_CRIT_FAILURE, "Permission check on config file failed.\n"); return ERR_INI_INVALID_PERMISSION; -} else { -DEBUG(SSSDBG_CONF_SETTINGS, - "File %1$s does not exist.\n", - (config_file ? config_file : "NULL")); } +} else { +DEBUG(SSSDBG_CONF_SETTINGS, + "File %1$s does not exist.\n", + (config_file ? config_file : "NULL")); } ret = sss_ini_parse(self); ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5535][comment] A set of patches to sanitize logger code a little bit.
URL: https://github.com/SSSD/sssd/pull/5535 Title: #5535: A set of patches to sanitize logger code a little bit. thalman commented: """ Thanks for the patch ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5535#issuecomment-811142086 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5535][+Accepted] A set of patches to sanitize logger code a little bit.
URL: https://github.com/SSSD/sssd/pull/5535 Title: #5535: A set of patches to sanitize logger code a little bit. Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5535][comment] A set of patches to sanitize logger code a little bit.
URL: https://github.com/SSSD/sssd/pull/5535 Title: #5535: A set of patches to sanitize logger code a little bit. thalman commented: """ Just for the record: Testing on my fedora shows that the patch as is prevents sssd to log into files in our current setup. We discussed it on IRC and @alexey-tikhonov will send an update later. Thanks Tom """ See the full comment at https://github.com/SSSD/sssd/pull/5535#issuecomment-810993255 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5535][comment] A set of patches to sanitize logger code a little bit.
URL: https://github.com/SSSD/sssd/pull/5535 Title: #5535: A set of patches to sanitize logger code a little bit. thalman commented: """ I went trough the patches, looks good to me. I will run few tests before acking. Thanks Tom """ See the full comment at https://github.com/SSSD/sssd/pull/5535#issuecomment-805980947 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5245][closed] WIP: RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Author: thalman Title: #5245: WIP: RESOLV: Avoid DNS search to improve fail-over reaction Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5245/head:pr5245 git checkout pr5245 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5245][comment] WIP: RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Title: #5245: WIP: RESOLV: Avoid DNS search to improve fail-over reaction thalman commented: """ I decided to close the PR due to my capacity. I will reopen it once there is a progress. """ See the full comment at https://github.com/SSSD/sssd/pull/5245#issuecomment-800154853 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5525][-Waiting for review] Log performance improvements.
URL: https://github.com/SSSD/sssd/pull/5525 Title: #5525: Log performance improvements. Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5525][+Accepted] Log performance improvements.
URL: https://github.com/SSSD/sssd/pull/5525 Title: #5525: Log performance improvements. Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5525][comment] Log performance improvements.
URL: https://github.com/SSSD/sssd/pull/5525 Title: #5525: Log performance improvements. thalman commented: """ Thank you for the patch. ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5525#issuecomment-790670807 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5509][comment] spec file: don't enable implicit files domain on RHEL
URL: https://github.com/SSSD/sssd/pull/5509 Title: #5509: spec file: don't enable implicit files domain on RHEL thalman commented: """ I'm fine with this new version, Thanks """ See the full comment at https://github.com/SSSD/sssd/pull/5509#issuecomment-781336517 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5509][comment] spec file: don't enable implicit files domain on RHEL
URL: https://github.com/SSSD/sssd/pull/5509 Title: #5509: spec file: don't enable implicit files domain on RHEL thalman commented: """ Looks good to me, Thanks """ See the full comment at https://github.com/SSSD/sssd/pull/5509#issuecomment-780641217 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5470][-Waiting for review] pam: refresh certificate maps at the end of initial domains lookup
URL: https://github.com/SSSD/sssd/pull/5470 Title: #5470: pam: refresh certificate maps at the end of initial domains lookup Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5470][+Accepted] pam: refresh certificate maps at the end of initial domains lookup
URL: https://github.com/SSSD/sssd/pull/5470 Title: #5470: pam: refresh certificate maps at the end of initial domains lookup Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5470][comment] pam: refresh certificate maps at the end of initial domains lookup
URL: https://github.com/SSSD/sssd/pull/5470 Title: #5470: pam: refresh certificate maps at the end of initial domains lookup thalman commented: """ The patch looks good, thank you ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5470#issuecomment-765517903 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5458][+Accepted] UTIL: find_domain_by_object_name_ex() changed log level (1-16 backport)
URL: https://github.com/SSSD/sssd/pull/5458 Title: #5458: UTIL: find_domain_by_object_name_ex() changed log level (1-16 backport) Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5458][-Waiting for review] UTIL: find_domain_by_object_name_ex() changed log level (1-16 backport)
URL: https://github.com/SSSD/sssd/pull/5458 Title: #5458: UTIL: find_domain_by_object_name_ex() changed log level (1-16 backport) Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5458][comment] UTIL: find_domain_by_object_name_ex() changed log level (1-16 backport)
URL: https://github.com/SSSD/sssd/pull/5458 Title: #5458: UTIL: find_domain_by_object_name_ex() changed log level (1-16 backport) thalman commented: """ Thank you for the backport ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5458#issuecomment-760991443 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5409][+Waiting for review] CACHE: Create timestamp if missing
URL: https://github.com/SSSD/sssd/pull/5409 Title: #5409: CACHE: Create timestamp if missing Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5409][edited] CACHE: Create timestamp if missing
URL: https://github.com/SSSD/sssd/pull/5409 Author: thalman Title: #5409: CACHE: Create timestamp if missing Action: edited Changed field: body Original value: """ """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5409][edited] CACHE: Create timestamp if missing
URL: https://github.com/SSSD/sssd/pull/5409 Author: thalman Title: #5409: CACHE: Create timestamp if missing Action: edited Changed field: title Original value: """ Missing ts """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5409][opened] Missing ts
URL: https://github.com/SSSD/sssd/pull/5409 Author: thalman Title: #5409: Missing ts Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5409/head:pr5409 git checkout pr5409 From e2959642b92f1a3faa59befc1636160b1cd207a6 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Mon, 16 Nov 2020 17:28:19 +0100 Subject: [PATCH 1/2] CACHE: Create timestamp if missing In some cases, object is stored in cache but the corresponding record in timestamp cache is missing (for example when timestamp cache file is deleted). The timestamp is never created in such case. With this patch we create new timestamp object if update doesn't work for this particular reason (missing object). Resolves: https://github.com/SSSD/sssd/issues/5121 --- src/db/sysdb_ops.c | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index d71cd79482..3412b9cd12 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -1384,9 +1384,17 @@ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb, if (ret == EOK && is_ts_ldb_dn(entry_dn)) { tret = sysdb_set_ts_entry_attr(sysdb, entry_dn, attrs, mod_op); +if (tret == ENOENT && mod_op == SYSDB_MOD_REP) { +/* Update failed because TS does non exist. Create missing TS */ +tret = sysdb_set_ts_entry_attr(sysdb, entry_dn, attrs, + SYSDB_MOD_ADD); +DEBUG(SSSDBG_TRACE_FUNC, + "The TS value for %s does not exist, trying to create it\n", + ldb_dn_get_linearized(entry_dn)); +} if (tret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, -"Cannot set ts attrs for %s\n", ldb_dn_get_linearized(entry_dn)); +"Cannot set TS attrs for %s\n", ldb_dn_get_linearized(entry_dn)); /* Not fatal */ } else { state_mask |= SSS_SYSDB_TS_CACHE; From 9965e6b245a7e156cd6c2c49c7e4b2a77eb71e98 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Wed, 18 Nov 2020 13:32:28 +0100 Subject: [PATCH 2/2] TESTS: Add test for recreating cache timestamp --- src/tests/cmocka/test_sysdb_ts_cache.c | 107 + 1 file changed, 107 insertions(+) diff --git a/src/tests/cmocka/test_sysdb_ts_cache.c b/src/tests/cmocka/test_sysdb_ts_cache.c index ae8b1b16c3..24b26d9507 100644 --- a/src/tests/cmocka/test_sysdb_ts_cache.c +++ b/src/tests/cmocka/test_sysdb_ts_cache.c @@ -1606,6 +1606,107 @@ static void test_sysdb_search_with_ts(void **state) talloc_free(res); } +static void test_sysdb_user_missing_ts(void **state) +{ +int ret; +struct sysdb_ts_test_ctx *test_ctx = talloc_get_type_abort(*state, + struct sysdb_ts_test_ctx); +struct ldb_result *res = NULL; +struct sysdb_attrs *attrs = NULL; + +/* Nothing must be stored in either cache at the beginning of the test */ +res = sysdb_getpwnam_res(test_ctx, test_ctx->tctx->dom, TEST_USER_NAME); +assert_int_equal(res->count, 0); +talloc_free(res); + +/* add user to cache */ +attrs = create_modstamp_attrs(test_ctx, TEST_MODSTAMP_1); +assert_non_null(attrs); +ret = sysdb_store_user(test_ctx->tctx->dom, TEST_USER_NAME, NULL, + TEST_USER_UID, TEST_USER_GID, TEST_USER_NAME, + "/home/"TEST_USER_NAME, "/bin/bash", NULL, + attrs, NULL, TEST_CACHE_TIMEOUT, + TEST_NOW_1); +assert_int_equal(ret, EOK); +talloc_zfree(attrs); + +/* remove timestamp */ +struct ldb_dn *userdn = sysdb_user_dn(test_ctx, test_ctx->tctx->dom, TEST_USER_NAME); +ret = ldb_delete(test_ctx->tctx->dom->sysdb->ldb_ts, userdn); +assert_int_equal(ret, EOK); + +/* update user */ +attrs = create_modstamp_attrs(test_ctx, TEST_MODSTAMP_2); +assert_non_null(attrs); +ret = sysdb_store_user(test_ctx->tctx->dom, TEST_USER_NAME, NULL, + TEST_USER_UID, TEST_USER_GID, TEST_USER_NAME, + "/home/"TEST_USER_NAME, "/bin/bash", NULL, + attrs, NULL, TEST_CACHE_TIMEOUT, + TEST_NOW_2); +assert_int_equal(ret, EOK); +talloc_zfree(attrs); + +/* check that ts is back */ +SSS_LDB_SEARCH(ret, test_ctx->tctx->dom->sysdb->ldb_ts, test_ctx, , userdn, + LDB_SCOPE_BASE, NULL, NULL); +assert_int_equal(ret, EOK); +assert_int_equal(res->count, 1); +talloc_zfree(res); +talloc_zfree(userdn); +} + +static void test_sysdb_group_missing_ts(void **state) +{ +int ret; +struct sysdb_ts_test_ctx *test_ctx = talloc_get_type_abort(*
[SSSD] [sssd PR#5245][comment] WIP: RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Title: #5245: WIP: RESOLV: Avoid DNS search to improve fail-over reaction thalman commented: """ Patch works for ldap provider but it looks like DNS search is still performed in case of AD provider. I need to investigate it more """ See the full comment at https://github.com/SSSD/sssd/pull/5245#issuecomment-729574707 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][edited] WIP: RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Author: thalman Title: #5245: WIP: RESOLV: Avoid DNS search to improve fail-over reaction Action: edited Changed field: title Original value: """ RESOLV: Avoid DNS search to improve fail-over reaction """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][-Waiting for review] RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Title: #5245: RESOLV: Avoid DNS search to improve fail-over reaction Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][edited] RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Author: thalman Title: #5245: RESOLV: Avoid DNS search to improve fail-over reaction Action: edited Changed field: body Original value: """ In case of unreachable DNS server or invalid hostname sssd/c-ares tries to search in multiple domains based on the search directive in resolv.conf But the hostnames in config file are fully qualified and this just extends the time spent with DNS resolution. This patch set the c-ares library flags to avoid DNS search Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1608496 """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][synchronized] RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Author: thalman Title: #5245: RESOLV: Avoid DNS search to improve fail-over reaction Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5245/head:pr5245 git checkout pr5245 From 50d0bde2d594f37d22d48d78ab6eb92bfa88b1d5 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Tue, 14 Jul 2020 17:34:36 +0200 Subject: [PATCH 1/4] RESOLV: Avoid DNS search to improve fail-over reaction In case of unreachable DNS server or invalid hostname sssd/c-ares tries to search in multiple domains based on the search directive in resolv.conf But the hostnames in config file are fully qualified and this just extends the time spent with DNS resolution. This patch set the c-ares library flags to avoid DNS search Resolves: https://github.com/SSSD/sssd/issues/5390 --- src/config/SSSDConfig/sssdoptions.py | 1 + src/config/cfg_rules.ini | 1 + src/config/etc/sssd.api.conf | 2 +- src/providers/data_provider.h| 1 + src/providers/data_provider_fo.c | 3 +++ src/resolv/async_resolv.c| 17 +++-- src/resolv/async_resolv.h| 3 ++- 7 files changed, 24 insertions(+), 4 deletions(-) diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py index f57ad4b41a..23bc457b81 100644 --- a/src/config/SSSDConfig/sssdoptions.py +++ b/src/config/SSSDConfig/sssdoptions.py @@ -191,6 +191,7 @@ def __init__(self): 'miliseconds)'), 'dns_resolver_op_timeout': _('How long should keep trying to resolve single DNS query (seconds)'), 'dns_resolver_timeout': _('How long to wait for replies from DNS when resolving servers (seconds)'), +'dns_resolver_perform_dns_search': _('Should resolver perform DNS search'), 'dns_discovery_domain': _('The domain part of service discovery DNS query'), 'override_gid': _('Override GID value from the identity provider with this value'), 'case_sensitive': _('Treat usernames as case sensitive'), diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 2874ea048b..249cf4d9af 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -382,6 +382,7 @@ option = filter_groups option = dns_resolver_server_timeout option = dns_resolver_op_timeout option = dns_resolver_timeout +option = dns_resolver_perform_dns_search option = dns_discovery_domain option = override_gid option = case_sensitive diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 035c33cad8..1adb0e1409 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -179,6 +179,7 @@ filter_groups = list, str, false dns_resolver_server_timeout = int, None, false dns_resolver_op_timeout = int, None, false dns_resolver_timeout = int, None, false +dns_resolver_perform_dns_search = bool, None, true dns_discovery_domain = str, None, false override_gid = int, None, false case_sensitive = str, None, false @@ -226,4 +227,3 @@ dyndns_server = str, None, false [provider/deny] [provider/deny/access] - diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index 32215a0fa5..31eed0cafa 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -267,6 +267,7 @@ enum dp_res_opts { DP_RES_OPT_RESOLVER_TIMEOUT, DP_RES_OPT_RESOLVER_OP_TIMEOUT, DP_RES_OPT_RESOLVER_SERVER_TIMEOUT, +DP_RES_OPT_RESOLVER_PERFORM_DNS_SEARCH, DP_RES_OPT_DNS_DOMAIN, DP_RES_OPTS /* attrs counter */ diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c index afc6081afa..58a3681ad4 100644 --- a/src/providers/data_provider_fo.c +++ b/src/providers/data_provider_fo.c @@ -836,6 +836,7 @@ static struct dp_option dp_res_default_opts[] = { { "dns_resolver_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 3 }, NULL_NUMBER }, { "dns_resolver_server_timeout", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER }, +{ "dns_resolver_perform_dns_search", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "dns_discovery_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, DP_OPTION_TERMINATOR }; @@ -899,6 +900,8 @@ errno_t be_res_init(struct be_ctx *ctx) DP_RES_OPT_RESOLVER_OP_TIMEOUT), dp_opt_get_int(ctx->be_res->opts, DP_RES_OPT_RESOLVER_SERVER_TIMEOUT), + dp_opt_get_bool(ctx->be_res->opts, + DP_RES_OPT_RESOLVER_PERFORM_DNS_SEARCH), >be_res->resolv); if (ret != EOK) { talloc_zfree(ctx->be_res); diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c index 00b9531d49..ce61670ef7 100644 -
[SSSD] [sssd PR#5245][+Waiting for review] RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Title: #5245: RESOLV: Avoid DNS search to improve fail-over reaction Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][edited] RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Author: thalman Title: #5245: RESOLV: Avoid DNS search to improve fail-over reaction Action: edited Changed field: title Original value: """ WIP: RESOLV: Avoid DNS search to improve fail-over reaction """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][synchronized] WIP: RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Author: thalman Title: #5245: WIP: RESOLV: Avoid DNS search to improve fail-over reaction Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5245/head:pr5245 git checkout pr5245 From 3b0c7b5ecbd50517df91c47218ed10ccf0eebd3a Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Tue, 14 Jul 2020 17:34:36 +0200 Subject: [PATCH 1/4] RESOLV: Avoid DNS search to improve fail-over reaction In case of unreachable DNS server or invalid hostname sssd/c-ares tries to search in multiple domains based on the search directive in resolv.conf But the hostnames in config file are fully qualified and this just extends the time spent with DNS resolution. This patch set the c-ares library flags to avoid DNS search Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1608496 --- src/config/SSSDConfig/sssdoptions.py | 1 + src/config/cfg_rules.ini | 1 + src/config/etc/sssd.api.conf | 2 +- src/providers/data_provider.h| 1 + src/providers/data_provider_fo.c | 3 +++ src/resolv/async_resolv.c| 17 +++-- src/resolv/async_resolv.h| 3 ++- 7 files changed, 24 insertions(+), 4 deletions(-) diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py index f57ad4b41a..23bc457b81 100644 --- a/src/config/SSSDConfig/sssdoptions.py +++ b/src/config/SSSDConfig/sssdoptions.py @@ -191,6 +191,7 @@ def __init__(self): 'miliseconds)'), 'dns_resolver_op_timeout': _('How long should keep trying to resolve single DNS query (seconds)'), 'dns_resolver_timeout': _('How long to wait for replies from DNS when resolving servers (seconds)'), +'dns_resolver_perform_dns_search': _('Should resolver perform DNS search'), 'dns_discovery_domain': _('The domain part of service discovery DNS query'), 'override_gid': _('Override GID value from the identity provider with this value'), 'case_sensitive': _('Treat usernames as case sensitive'), diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 2874ea048b..249cf4d9af 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -382,6 +382,7 @@ option = filter_groups option = dns_resolver_server_timeout option = dns_resolver_op_timeout option = dns_resolver_timeout +option = dns_resolver_perform_dns_search option = dns_discovery_domain option = override_gid option = case_sensitive diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 035c33cad8..1adb0e1409 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -179,6 +179,7 @@ filter_groups = list, str, false dns_resolver_server_timeout = int, None, false dns_resolver_op_timeout = int, None, false dns_resolver_timeout = int, None, false +dns_resolver_perform_dns_search = bool, None, true dns_discovery_domain = str, None, false override_gid = int, None, false case_sensitive = str, None, false @@ -226,4 +227,3 @@ dyndns_server = str, None, false [provider/deny] [provider/deny/access] - diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index 32215a0fa5..31eed0cafa 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -267,6 +267,7 @@ enum dp_res_opts { DP_RES_OPT_RESOLVER_TIMEOUT, DP_RES_OPT_RESOLVER_OP_TIMEOUT, DP_RES_OPT_RESOLVER_SERVER_TIMEOUT, +DP_RES_OPT_RESOLVER_PERFORM_DNS_SEARCH, DP_RES_OPT_DNS_DOMAIN, DP_RES_OPTS /* attrs counter */ diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c index afc6081afa..58a3681ad4 100644 --- a/src/providers/data_provider_fo.c +++ b/src/providers/data_provider_fo.c @@ -836,6 +836,7 @@ static struct dp_option dp_res_default_opts[] = { { "dns_resolver_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 3 }, NULL_NUMBER }, { "dns_resolver_server_timeout", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER }, +{ "dns_resolver_perform_dns_search", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "dns_discovery_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, DP_OPTION_TERMINATOR }; @@ -899,6 +900,8 @@ errno_t be_res_init(struct be_ctx *ctx) DP_RES_OPT_RESOLVER_OP_TIMEOUT), dp_opt_get_int(ctx->be_res->opts, DP_RES_OPT_RESOLVER_SERVER_TIMEOUT), + dp_opt_get_bool(ctx->be_res->opts, + DP_RES_OPT_RESOLVER_PERFORM_DNS_SEARCH), >be_res->resolv); if (ret != EOK) { talloc_zfree(ctx->be_res); diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c index 00b9531
[SSSD] [sssd PR#5373][-Waiting for review] DEBUG: fixes program identifier as seen in syslog
URL: https://github.com/SSSD/sssd/pull/5373 Title: #5373: DEBUG: fixes program identifier as seen in syslog Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5373][+Accepted] DEBUG: fixes program identifier as seen in syslog
URL: https://github.com/SSSD/sssd/pull/5373 Title: #5373: DEBUG: fixes program identifier as seen in syslog Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5373][comment] DEBUG: fixes program identifier as seen in syslog
URL: https://github.com/SSSD/sssd/pull/5373 Title: #5373: DEBUG: fixes program identifier as seen in syslog thalman commented: """ Thank you for the patch, LGTM ACK """ See the full comment at https://github.com/SSSD/sssd/pull/5373#issuecomment-720986238 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5245][synchronized] WIP: RESOLV: Avoid DNS search to improve fail-over reaction
URL: https://github.com/SSSD/sssd/pull/5245 Author: thalman Title: #5245: WIP: RESOLV: Avoid DNS search to improve fail-over reaction Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5245/head:pr5245 git checkout pr5245 From 3b0c7b5ecbd50517df91c47218ed10ccf0eebd3a Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Tue, 14 Jul 2020 17:34:36 +0200 Subject: [PATCH 1/3] RESOLV: Avoid DNS search to improve fail-over reaction In case of unreachable DNS server or invalid hostname sssd/c-ares tries to search in multiple domains based on the search directive in resolv.conf But the hostnames in config file are fully qualified and this just extends the time spent with DNS resolution. This patch set the c-ares library flags to avoid DNS search Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1608496 --- src/config/SSSDConfig/sssdoptions.py | 1 + src/config/cfg_rules.ini | 1 + src/config/etc/sssd.api.conf | 2 +- src/providers/data_provider.h| 1 + src/providers/data_provider_fo.c | 3 +++ src/resolv/async_resolv.c| 17 +++-- src/resolv/async_resolv.h| 3 ++- 7 files changed, 24 insertions(+), 4 deletions(-) diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py index f57ad4b41a..23bc457b81 100644 --- a/src/config/SSSDConfig/sssdoptions.py +++ b/src/config/SSSDConfig/sssdoptions.py @@ -191,6 +191,7 @@ def __init__(self): 'miliseconds)'), 'dns_resolver_op_timeout': _('How long should keep trying to resolve single DNS query (seconds)'), 'dns_resolver_timeout': _('How long to wait for replies from DNS when resolving servers (seconds)'), +'dns_resolver_perform_dns_search': _('Should resolver perform DNS search'), 'dns_discovery_domain': _('The domain part of service discovery DNS query'), 'override_gid': _('Override GID value from the identity provider with this value'), 'case_sensitive': _('Treat usernames as case sensitive'), diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 2874ea048b..249cf4d9af 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -382,6 +382,7 @@ option = filter_groups option = dns_resolver_server_timeout option = dns_resolver_op_timeout option = dns_resolver_timeout +option = dns_resolver_perform_dns_search option = dns_discovery_domain option = override_gid option = case_sensitive diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 035c33cad8..1adb0e1409 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -179,6 +179,7 @@ filter_groups = list, str, false dns_resolver_server_timeout = int, None, false dns_resolver_op_timeout = int, None, false dns_resolver_timeout = int, None, false +dns_resolver_perform_dns_search = bool, None, true dns_discovery_domain = str, None, false override_gid = int, None, false case_sensitive = str, None, false @@ -226,4 +227,3 @@ dyndns_server = str, None, false [provider/deny] [provider/deny/access] - diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index 32215a0fa5..31eed0cafa 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -267,6 +267,7 @@ enum dp_res_opts { DP_RES_OPT_RESOLVER_TIMEOUT, DP_RES_OPT_RESOLVER_OP_TIMEOUT, DP_RES_OPT_RESOLVER_SERVER_TIMEOUT, +DP_RES_OPT_RESOLVER_PERFORM_DNS_SEARCH, DP_RES_OPT_DNS_DOMAIN, DP_RES_OPTS /* attrs counter */ diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c index afc6081afa..58a3681ad4 100644 --- a/src/providers/data_provider_fo.c +++ b/src/providers/data_provider_fo.c @@ -836,6 +836,7 @@ static struct dp_option dp_res_default_opts[] = { { "dns_resolver_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 3 }, NULL_NUMBER }, { "dns_resolver_server_timeout", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER }, +{ "dns_resolver_perform_dns_search", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "dns_discovery_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, DP_OPTION_TERMINATOR }; @@ -899,6 +900,8 @@ errno_t be_res_init(struct be_ctx *ctx) DP_RES_OPT_RESOLVER_OP_TIMEOUT), dp_opt_get_int(ctx->be_res->opts, DP_RES_OPT_RESOLVER_SERVER_TIMEOUT), + dp_opt_get_bool(ctx->be_res->opts, + DP_RES_OPT_RESOLVER_PERFORM_DNS_SEARCH), >be_res->resolv); if (ret != EOK) { talloc_zfree(ctx->be_res); diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c index 00b9531
[SSSD] [sssd PR#5281][synchronized] Dn with spaces for 1.16
URL: https://github.com/SSSD/sssd/pull/5281 Author: thalman Title: #5281: Dn with spaces for 1.16 Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5281/head:pr5281 git checkout pr5281 From cd6baeace161fa67535be8feaafa73756dc92ad8 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Fri, 31 Jul 2020 11:12:02 +0200 Subject: [PATCH 1/5] UTIL: DN sanitization Some of the ldap servers returns DN in attributes such as isMemberOf with spaces like dc=example, dc=com. That should be fine and we should ignore them (cut them out) instead of escaping. Resolves: https://github.com/SSSD/sssd/issues/5261 Reviewed-by: Alexey Tikhonov (cherry picked from commit 093061f553ab0a2c316794221e79779fb1bd40d2) --- src/tests/cmocka/test_utils.c | 70 +++ src/util/util.c | 126 ++ src/util/util.h | 20 ++ 3 files changed, 216 insertions(+) diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c index bd2c9e65da..aa245f00b2 100644 --- a/src/tests/cmocka/test_utils.c +++ b/src/tests/cmocka/test_utils.c @@ -1935,6 +1935,73 @@ static void test_sss_get_domain_mappings_content(void **state) * capaths might not be as expected. */ } + +static void test_sss_filter_sanitize_dn(void **state) +{ +TALLOC_CTX *tmp_ctx; +char *trimmed; +int ret; +const char *DN = "cn=user,ou=people,dc=example,dc=com"; + +tmp_ctx = talloc_new(NULL); +assert_non_null(tmp_ctx); + +/* test that we remove spaces around '=' and ','*/ +ret = sss_filter_sanitize_dn(tmp_ctx, DN, ); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +ret = sss_filter_sanitize_dn(tmp_ctx, "cn=user,ou=people,dc=example,dc=com", ); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +ret = sss_filter_sanitize_dn(tmp_ctx, "cn= user,ou =people,dc = example,dc = com", ); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +ret = sss_filter_sanitize_dn(tmp_ctx, "cn=user, ou=people ,dc=example , dc=com", ); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +ret = sss_filter_sanitize_dn(tmp_ctx, "cn=user, ou=people ,dc=example , dc=com", ); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +ret = sss_filter_sanitize_dn(tmp_ctx, "cn= user, ou =people ,dc = example , dc = com", ); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +ret = sss_filter_sanitize_dn(tmp_ctx, " cn=user,ou=people,dc=example,dc=com ", ); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +ret = sss_filter_sanitize_dn(tmp_ctx, " cn=user, ou=people, dc=example, dc=com ", ); +assert_int_equal(ret, EOK); +assert_string_equal(DN, trimmed); +talloc_free(trimmed); + +/* test that we keep spaces inside a value */ +ret = sss_filter_sanitize_dn(tmp_ctx, "cn = user one, ou=people branch, dc=example, dc=com", ); +assert_int_equal(ret, EOK); +assert_string_equal("cn=user\\20one,ou=people\\20\\20branch,dc=example,dc=com", trimmed); +talloc_free(trimmed); + +/* test that we keep escape special chars like () */ +ret = sss_filter_sanitize_dn(tmp_ctx, "cn = user one, ou=p(e)ople, dc=example, dc=com", ); +assert_int_equal(ret, EOK); +assert_string_equal("cn=user\\20one,ou=p\\28e\\29ople,dc=example,dc=com", trimmed); +talloc_free(trimmed); + +talloc_free(tmp_ctx); +} + int main(int argc, const char *argv[]) { poptContext pc; @@ -2044,6 +2111,9 @@ int main(int argc, const char *argv[]) cmocka_unit_test_setup_teardown(test_sss_ptr_hash_without_cb, setup_leak_tests, teardown_leak_tests), +cmocka_unit_test_setup_teardown(test_sss_filter_sanitize_dn, +setup_leak_tests, +teardown_leak_tests), }; /* Set debug level to invalid value so we can decide if -d 0 was used. */ diff --git a/src/util/util.c b/src/util/util.c index e3efa7fefe..aaf3609c32 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -530,6 +530,132 @@ errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx, return sss_filter_sanitize_ex(mem_ctx, input, sanitized, NULL); } +/* There is similar function ldap_dn_normalize in openldap. + * To avoid dependecies across project we have this own func. + * Also ldb can do this but doesn't handle all the cases + */ +static errno_t sss_trim_dn(TALLOC_CTX *mem_ctx, +
[SSSD] [sssd PR#5281][comment] Dn with spaces for 1.16
URL: https://github.com/SSSD/sssd/pull/5281 Title: #5281: Dn with spaces for 1.16 thalman commented: """ Cherry-picked last/acked version from master. Please take a look. """ See the full comment at https://github.com/SSSD/sssd/pull/5281#issuecomment-703592477 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5281][-Changes requested] Dn with spaces for 1.16
URL: https://github.com/SSSD/sssd/pull/5281 Title: #5281: Dn with spaces for 1.16 Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org