On Thu, Mar 10, 2016 at 08:37:23PM +0100, Lukas Slebodnik wrote:
> On (10/03/16 20:02), Jakub Hrozek wrote:
> >On Thu, Mar 10, 2016 at 12:53:44PM +0100, Lukas Slebodnik wrote:
> >> diff --git a/Makefile.am b/Makefile.am
> >> index d6eb0fc..f8111d0 100644
> >> --- a/Makefile.am
> >> +++ b/Makefile.am
> >> @@ -946,6 +946,10 @@ libipa_hbac_la_DEPENDENCIES =
> >> src/providers/ipa/ipa_hbac.exports
> >> libipa_hbac_la_SOURCES = \
> >> src/providers/ipa/hbac_evaluator.c \
> >> src/util/sss_utf8.c
> >> +libipa_hbac_la_CFLAGS = \
> >> + $(AM_CFLAGS) \
> >> + -std=c90 \
> >> + $(NULL)
> >> libipa_hbac_la_LIBADD = \
> >> $(UNICODE_LIBS)
> >> libipa_hbac_la_LDFLAGS = \
> >> diff --git a/src/util/sss_utf8.c b/src/util/sss_utf8.c
> >> index 7ba11ca..722f28d 100644
> >> --- a/src/util/sss_utf8.c
> >> +++ b/src/util/sss_utf8.c
> >> @@ -22,6 +22,9 @@
> >>
> >> #include "config.h"
> >>
> >> +#include <string.h>
> >> +#include <errno.h>
> >> +
> >> #ifdef HAVE_LIBUNISTRING
> >> #include <unistr.h>
> >> #include <unicase.h>
> >> diff --git a/src/util/sss_utf8.h b/src/util/sss_utf8.h
> >> index 95b085f..bca9b2c 100644
> >> --- a/src/util/sss_utf8.h
> >> +++ b/src/util/sss_utf8.h
> >> @@ -23,12 +23,15 @@
> >> #ifndef SSS_UTF8_H_
> >> #define SSS_UTF8_H_
> >>
> >> -#include "util/util.h"
> >> -
> >> #ifndef ENOMATCH
> >> #define ENOMATCH -1
> >> #endif
> >>
> >> +#include <stdint.h>
> >> +#include <stdbool.h>
> >> +
> >> +#include "util/util_errors.h"
> >> +
> >> void sss_utf8_free(void *ptr);
> >>
> >> /* The result must be freed with sss_utf8_free() */
> >
> >According to make V=1 output, this seems to work:
> >
> >/bin/sh ./libtool --tag=CC --mode=compile /usr/bin/gcc -DHAVE_CONFIG_H
> >-I. -I/home/remote/jhrozek/devel/sssd -Wall -I..
> >-I/home/remote/jhrozek/devel/sssd/src/sss_client
> >-I/home/remote/jhrozek/devel/sssd/src -I. -I/usr/include/dbus-1.0
> >-I/usr/lib64/dbus-1.0/include -I/usr/include/libnl3
> >-I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include
> >-DLIBDIR=\"/usr/lib64\" -DVARDIR=\"/var\" -DSSS_STATEDIR=\"/var
> >/lib/sss\" -DSYSCONFDIR=\"/etc\" -DSHLIBEXT=\"\"
> >-DSSSD_LIBEXEC_PATH=\"/usr/libexec/sssd\" -DSSSD_CONF_DIR=\"/etc/sssd\"
> >-DSSS_NSS_MCACHE_DIR=\"/var/lib/sss/mc\"
> >-DSSS_NSS_SOCKET_NAME=\"/var/lib/sss/pipes/nss\"
> >-DSSS_PAM_SOCKET_NAME=\"/var/lib/sss/pipes/pam\"
> >-DSSS_PAC_SOCKET_NAME=\"/var/lib/sss/pipes/pac\"
> >-DSSS_PAM_PRIV_SOCKET_NAME=\"/var/lib/sss/pipes/private/pam\"
> >-DSSS_SUDO_SOCKET_NAME=\"/var/lib/sss/pipes/sudo\"
> >-DSSS_AUTOFS_SOCKET_NAME=\"/var/lib/sss/pipes/autofs\"
> >-DSSS_SSH_SOCKET_NAME=\"/var/lib/sss/pipes/ssh\"
> >-DLOCALEDIR=\"/usr/share/locale\"
> >-DBASE_FILE_STEM=\"libipa_hbac_la-hbac_evaluator\" -Wall -Wshadow -Wst
> >rict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings
> >-Wundef -Werror-implicit-function-declaration -Winit-self
> >-Wmissing-include-dirs -fno-strict-aliasing -std=gnu99
> >-I/home/remote/jhrozek/devel/sssd/src/util -std=c90 -O0
> >-Wp,-U_FORTIFY_SOURCE -ggdb -pipe -Wall -Wextra -Wshadow -Wformat
> >-Wformat-security -Werror=unused-function -Wunused-variable
> >-Wno-missing-field-initializers -Wno-missing-field-in
> >itializers -Wno-unused-parameter -Wno-cast-align -Wno-sign-compare
> >-Werror=implicit-function-declaration -fexceptions -fstack-protector
> >--param=ssp-buffer-size=4 -m64 -mtune=generic -D_FILE_OFFSET_BITS=64 -D_LAR
> >GEFILE_SOURCE -D_LARGEFILE64_SOURCE -MT
> >src/lib/ipa_hbac/libipa_hbac_la-hbac_evaluator.lo -MD -MP -MF
> >src/lib/ipa_hbac/.deps/libipa_hbac_la-hbac_evaluator.Tpo -c -o
> >src/lib/ipa_hbac/libipa_hbac_la-hbac_evaluator
> >.lo `test -f 'src/lib/ipa_hbac/hbac_evaluator.c' || echo
> >'/home/remote/jhrozek/devel/sssd/'`src/lib/ipa_hbac/hbac_evaluator.c
> >
> >When I reverted the C99 removal patch, I also got an error message:
> >/home/remote/jhrozek/devel/sssd/src/lib/ipa_hbac/hbac_evaluator.c:166:5:
> >error: 'for' loop initial declarations are only allowed in C99 or C11 mode
> > for (uint32_t i = 0; rules[i]; i++) {
> >
> >But I had to change your diff a bit:
> >diff --git a/src/util/sss_tc_utf8.c b/src/util/sss_tc_utf8.c
> >index 4b2c493..44194ab 100644
> >--- a/src/util/sss_tc_utf8.c
> >+++ b/src/util/sss_tc_utf8.c
> >@@ -19,6 +19,7 @@
> > */
> >
> > #include <talloc.h>
> >+#include "util/util.h"
> > #include "util/sss_utf8.h"
> >
> It's possible. It was a POC to
> get warning for in for loop
> "for (uint32_t i = 0; rules[i]; i++)"
>
>
> >Otherwise sss_tc_utf8.c wouldn't compile..
> >
> >Can you resubmit the patch with a nicer commit message and some comment
> >in the Makefile.am?
> I'm lazy.
>
> just squash it you your 1st patch :-)
> and fix other compilation issues.
I would prefer to give you credit for the suggestion, see a new patch
atop mine.
CI: http://sssd-ci.duckdns.org/logs/job/39/02/summary.html
>From 680a92e258e8c64a76a778a7e12a7fd7d2548b4f Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Mon, 22 Feb 2016 09:44:19 +0100
Subject: [PATCH 1/5] libipa_hbac: Do not use C99
libipa_hbac can be used by external consumers like pam_hbac who run on
old platforms that do not support C99. Refrain from using C99 features
in that codebase.
---
src/providers/ipa/hbac_evaluator.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/providers/ipa/hbac_evaluator.c
b/src/providers/ipa/hbac_evaluator.c
index
f4b76d8e6ca3b63b092f65cdb4aac9e98e8c717e..36376abb4eb834681cf62030c2bc1ba11e1369ce
100644
--- a/src/providers/ipa/hbac_evaluator.c
+++ b/src/providers/ipa/hbac_evaluator.c
@@ -146,6 +146,8 @@ enum hbac_eval_result hbac_evaluate(struct hbac_rule
**rules,
struct hbac_eval_req *hbac_req,
struct hbac_info **info)
{
+ uint32_t i;
+
enum hbac_error_code ret;
enum hbac_eval_result result = HBAC_EVAL_DENY;
enum hbac_eval_result_int intermediate_result;
@@ -163,7 +165,7 @@ enum hbac_eval_result hbac_evaluate(struct hbac_rule
**rules,
(*info)->rule_name = NULL;
}
- for (uint32_t i = 0; rules[i]; i++) {
+ for (i = 0; rules[i]; i++) {
hbac_rule_debug_print(rules[i]);
intermediate_result = hbac_evaluate_rule(rules[i], hbac_req, &ret);
if (intermediate_result == HBAC_EVAL_UNMATCHED) {
@@ -381,6 +383,8 @@ const char *hbac_error_string(enum hbac_error_code code)
static void hbac_request_element_debug_print(struct hbac_request_element *el,
const char *label)
{
+ int i;
+
if (el) {
if (el->name) {
HBAC_DEBUG(HBAC_DBG_TRACE, "\t\t%s [%s]\n", label, el->name);
@@ -389,7 +393,7 @@ static void hbac_request_element_debug_print(struct
hbac_request_element *el,
if (el->groups) {
if (el->groups[0]) {
HBAC_DEBUG(HBAC_DBG_TRACE, "\t\t%s_group:\n", label);
- for (int i = 0; el->groups[i]; i++) {
+ for (i = 0; el->groups[i]; i++) {
HBAC_DEBUG(HBAC_DBG_TRACE, "\t\t\t[%s]\n", el->groups[i]);
}
} else {
@@ -434,6 +438,8 @@ static void hbac_req_debug_print(struct hbac_eval_req *req)
static void hbac_rule_element_debug_print(struct hbac_rule_element *el,
const char *label)
{
+ int i;
+
if (el) {
HBAC_DEBUG(HBAC_DBG_TRACE, "\t\tcategory [%#x] [%s]\n", el->category,
(el->category == HBAC_CATEGORY_ALL) ? "ALL" : "NONE");
@@ -441,7 +447,7 @@ static void hbac_rule_element_debug_print(struct
hbac_rule_element *el,
if (el->names) {
if (el->names[0]) {
HBAC_DEBUG(HBAC_DBG_TRACE, "\t\t%s_names:\n", label);
- for (int i = 0; el->names[i]; i++) {
+ for (i = 0; el->names[i]; i++) {
HBAC_DEBUG(HBAC_DBG_TRACE, "\t\t\t[%s]\n", el->names[i]);
}
} else {
@@ -452,7 +458,7 @@ static void hbac_rule_element_debug_print(struct
hbac_rule_element *el,
if (el->groups) {
if (el->groups[0]) {
HBAC_DEBUG(HBAC_DBG_TRACE, "\t\t%s_groups:\n", label);
- for (int i = 0; el->groups[i]; i++) {
+ for (i = 0; el->groups[i]; i++) {
HBAC_DEBUG(HBAC_DBG_TRACE, "\t\t\t[%s]\n", el->groups[i]);
}
} else {
--
2.4.3
>From a8c78e49d7c747ea2dfb44ecfdb2260c28102327 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Thu, 10 Mar 2016 07:38:06 +0100
Subject: [PATCH 2/5] libipa_hbac: Add more debug messages
Adding more debug messages proved to be useful during pam_hbac
development.
---
src/providers/ipa/hbac_evaluator.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/src/providers/ipa/hbac_evaluator.c
b/src/providers/ipa/hbac_evaluator.c
index
36376abb4eb834681cf62030c2bc1ba11e1369ce..271b170faba36fc531c312c24061e7250d5ebe93
100644
--- a/src/providers/ipa/hbac_evaluator.c
+++ b/src/providers/ipa/hbac_evaluator.c
@@ -189,8 +189,8 @@ enum hbac_eval_result hbac_evaluate(struct hbac_rule
**rules,
} else {
/* An error occurred processing this rule */
HBAC_DEBUG(HBAC_DBG_ERROR,
- "Error occurred during evaluating of rule [%s].\n",
- rules[i]->name);
+ "Error %d occurred during evaluating of rule [%s].\n",
+ ret, rules[i]->name);
result = HBAC_EVAL_ERROR;
if (info) {
(*info)->code = ret;
@@ -223,13 +223,19 @@ enum hbac_eval_result_int hbac_evaluate_rule(struct
hbac_rule *rule,
errno_t ret;
bool matched;
- if (!rule->enabled) return HBAC_EVAL_UNMATCHED;
+ if (!rule->enabled) {
+ HBAC_DEBUG(HBAC_DBG_INFO, "Rule [%s] is not enabled\n", rule->name);
+ return HBAC_EVAL_UNMATCHED;
+ }
/* Make sure we have all elements */
if (!rule->users
|| !rule->services
|| !rule->targethosts
|| !rule->srchosts) {
+ HBAC_DEBUG(HBAC_DBG_INFO,
+ "Rule [%s] cannot be parsed, some elements are empty\n",
+ rule->name);
*error = HBAC_ERROR_UNPARSEABLE_RULE;
return HBAC_EVAL_MATCH_ERROR;
}
@@ -239,6 +245,8 @@ enum hbac_eval_result_int hbac_evaluate_rule(struct
hbac_rule *rule,
hbac_req->user,
&matched);
if (ret != EOK) {
+ HBAC_DEBUG(HBAC_DBG_ERROR,
+ "Cannot parse user elements of rule [%s]\n", rule->name);
*error = HBAC_ERROR_UNPARSEABLE_RULE;
return HBAC_EVAL_MATCH_ERROR;
} else if (!matched) {
@@ -250,6 +258,8 @@ enum hbac_eval_result_int hbac_evaluate_rule(struct
hbac_rule *rule,
hbac_req->service,
&matched);
if (ret != EOK) {
+ HBAC_DEBUG(HBAC_DBG_ERROR,
+ "Cannot parse service elements of rule [%s]\n", rule->name);
*error = HBAC_ERROR_UNPARSEABLE_RULE;
return HBAC_EVAL_MATCH_ERROR;
} else if (!matched) {
@@ -261,6 +271,9 @@ enum hbac_eval_result_int hbac_evaluate_rule(struct
hbac_rule *rule,
hbac_req->targethost,
&matched);
if (ret != EOK) {
+ HBAC_DEBUG(HBAC_DBG_ERROR,
+ "Cannot parse targethost elements of rule [%s]\n",
+ rule->name);
*error = HBAC_ERROR_UNPARSEABLE_RULE;
return HBAC_EVAL_MATCH_ERROR;
} else if (!matched) {
@@ -272,6 +285,9 @@ enum hbac_eval_result_int hbac_evaluate_rule(struct
hbac_rule *rule,
hbac_req->srchost,
&matched);
if (ret != EOK) {
+ HBAC_DEBUG(HBAC_DBG_ERROR,
+ "Cannot parse srchost elements of rule [%s]\n",
+ rule->name);
*error = HBAC_ERROR_UNPARSEABLE_RULE;
return HBAC_EVAL_MATCH_ERROR;
} else if (!matched) {
--
2.4.3
>From 9f9fff59575372a5305c63a6c6cc905e19e608dc Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Thu, 10 Mar 2016 07:45:28 +0100
Subject: [PATCH 3/5] libipa_hbac: Fix typo in constant name
On platforms without the format attribute, libhbac could not be
compiled.
---
src/providers/ipa/ipa_hbac.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/providers/ipa/ipa_hbac.h b/src/providers/ipa/ipa_hbac.h
index
ee5f1919b0e216bd6dc09e26b1488fc4bf2d28ef..22dd8ffc401d2e6a2b6e4f83e99447b50192102b
100644
--- a/src/providers/ipa/ipa_hbac.h
+++ b/src/providers/ipa/ipa_hbac.h
@@ -53,7 +53,7 @@ enum hbac_debug_level {
#ifdef HAVE_FUNCTION_ATTRIBUTE_FORMAT
#define HBAC_ATTRIBUTE_PRINTF(a1, a2) __attribute__((format(printf, a1, a2)))
#else
-#define HABC_ATTRIBUTE_PRINTF(a1, a2)
+#define HBAC_ATTRIBUTE_PRINTF(a1, a2)
#endif
/**
--
2.4.3
>From 76eb7c221bd383a8d08433b0afca3ebb72628d11 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Thu, 10 Mar 2016 08:19:58 +0100
Subject: [PATCH 4/5] libipa_hbac: Move the library to src/lib/ipa_hbac
Moving the library to the lib directory will force maintainers to think
twice about changes, because it would be obvious this is a library.
Also don't use includes from sssd source tree paths, but add the util
path to Makefile's CFLAGS so that other projects can copy the
hbac_evaluator.c file verbatim.
---
Makefile.am | 18 +++++++++++-------
configure.ac | 2 +-
src/{providers/ipa => lib/ipa_hbac}/hbac_evaluator.c | 4 ++--
src/{providers/ipa => lib/ipa_hbac}/ipa_hbac.doxy.in | 0
src/{providers/ipa => lib/ipa_hbac}/ipa_hbac.exports | 0
src/{providers/ipa => lib/ipa_hbac}/ipa_hbac.h | 0
src/{providers/ipa => lib/ipa_hbac}/ipa_hbac.pc.in | 0
src/providers/ipa/ipa_access.c | 1 -
src/providers/ipa/ipa_hbac_common.c | 1 -
src/providers/ipa/ipa_hbac_private.h | 2 +-
src/python/pyhbac.c | 2 +-
src/tests/ipa_hbac-tests.c | 2 +-
12 files changed, 17 insertions(+), 15 deletions(-)
rename src/{providers/ipa => lib/ipa_hbac}/hbac_evaluator.c (99%)
rename src/{providers/ipa => lib/ipa_hbac}/ipa_hbac.doxy.in (100%)
rename src/{providers/ipa => lib/ipa_hbac}/ipa_hbac.exports (100%)
rename src/{providers/ipa => lib/ipa_hbac}/ipa_hbac.h (100%)
rename src/{providers/ipa => lib/ipa_hbac}/ipa_hbac.pc.in (100%)
diff --git a/Makefile.am b/Makefile.am
index
2b1410116388f117b59a20c659cff6f65df936e7..481c6ad6f6b6257bdb5a845ffbb3b63920575fc7
100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -939,18 +939,22 @@ lib_LTLIBRARIES = libipa_hbac.la \
libsss_nss_idmap.la \
$(NULL)
-pkgconfig_DATA += src/providers/ipa/ipa_hbac.pc
-libipa_hbac_la_DEPENDENCIES = src/providers/ipa/ipa_hbac.exports
+pkgconfig_DATA += src/lib/ipa_hbac/ipa_hbac.pc
+libipa_hbac_la_DEPENDENCIES = src/lib/ipa_hbac/ipa_hbac.exports
libipa_hbac_la_SOURCES = \
- src/providers/ipa/hbac_evaluator.c \
+ src/lib/ipa_hbac/hbac_evaluator.c \
src/util/sss_utf8.c
+libipa_hbac_la_CFLAGS = \
+ $(AM_CFLAGS) \
+ -I$(top_srcdir)/src/util \
+ $(NULL)
libipa_hbac_la_LIBADD = \
$(UNICODE_LIBS)
libipa_hbac_la_LDFLAGS = \
- -Wl,--version-script,$(srcdir)/src/providers/ipa/ipa_hbac.exports \
+ -Wl,--version-script,$(srcdir)/src/lib/ipa_hbac/ipa_hbac.exports \
-version-info 1:0:1
-dist_noinst_DATA += src/providers/ipa/ipa_hbac.exports
+dist_noinst_DATA += src/lib/ipa_hbac/ipa_hbac.exports
pkgconfig_DATA += src/lib/idmap/sss_idmap.pc
libsss_idmap_la_DEPENDENCIES = src/lib/idmap/sss_idmap.exports
@@ -979,7 +983,7 @@ libsss_nss_idmap_la_LDFLAGS = \
dist_noinst_DATA += src/sss_client/idmap/sss_nss_idmap.exports
include_HEADERS = \
- src/providers/ipa/ipa_hbac.h \
+ src/lib/ipa_hbac/ipa_hbac.h \
src/lib/idmap/sss_idmap.h \
src/sss_client/idmap/sss_nss_idmap.h \
$(NULL)
@@ -3554,7 +3558,7 @@ endif
if HAVE_DOXYGEN
docs:
$(DOXYGEN) src/doxy.config
- $(DOXYGEN) src/providers/ipa/ipa_hbac.doxy
+ $(DOXYGEN) src/lib/ipa_hbac/ipa_hbac.doxy
$(DOXYGEN) src/lib/idmap/sss_idmap.doxy
$(DOXYGEN) src/sss_client/idmap/sss_nss_idmap.doxy
if BUILD_IFP
diff --git a/configure.ac b/configure.ac
index
9b674ba02b2348fe2e1d61ecfc3f5084098b0f23..2c36049ca04f57fe94f359c5dc19a506dd2b9388
100644
--- a/configure.ac
+++ b/configure.ac
@@ -443,7 +443,7 @@ AC_CONFIG_FILES([Makefile contrib/sssd.spec
src/examples/rwtab src/doxy.config
src/sysv/sssd src/sysv/gentoo/sssd src/sysv/SUSE/sssd
po/Makefile.in src/man/Makefile src/tests/cwrap/Makefile
src/tests/intg/Makefile
- src/providers/ipa/ipa_hbac.pc src/providers/ipa/ipa_hbac.doxy
+ src/lib/ipa_hbac/ipa_hbac.pc src/lib/ipa_hbac/ipa_hbac.doxy
src/lib/idmap/sss_idmap.pc src/lib/idmap/sss_idmap.doxy
src/sss_client/idmap/sss_nss_idmap.pc
src/sss_client/idmap/sss_nss_idmap.doxy
diff --git a/src/providers/ipa/hbac_evaluator.c
b/src/lib/ipa_hbac/hbac_evaluator.c
similarity index 99%
rename from src/providers/ipa/hbac_evaluator.c
rename to src/lib/ipa_hbac/hbac_evaluator.c
index
271b170faba36fc531c312c24061e7250d5ebe93..a71c453e3f07e9da407bb35e5e324cb27ba85e27
100644
--- a/src/providers/ipa/hbac_evaluator.c
+++ b/src/lib/ipa_hbac/hbac_evaluator.c
@@ -28,8 +28,8 @@
#include <stdlib.h>
#include <string.h>
#include <errno.h>
-#include "providers/ipa/ipa_hbac.h"
-#include "util/sss_utf8.h"
+#include "ipa_hbac.h"
+#include "sss_utf8.h"
#ifndef HAVE_ERRNO_T
#define HAVE_ERRNO_T
diff --git a/src/providers/ipa/ipa_hbac.doxy.in
b/src/lib/ipa_hbac/ipa_hbac.doxy.in
similarity index 100%
rename from src/providers/ipa/ipa_hbac.doxy.in
rename to src/lib/ipa_hbac/ipa_hbac.doxy.in
diff --git a/src/providers/ipa/ipa_hbac.exports
b/src/lib/ipa_hbac/ipa_hbac.exports
similarity index 100%
rename from src/providers/ipa/ipa_hbac.exports
rename to src/lib/ipa_hbac/ipa_hbac.exports
diff --git a/src/providers/ipa/ipa_hbac.h b/src/lib/ipa_hbac/ipa_hbac.h
similarity index 100%
rename from src/providers/ipa/ipa_hbac.h
rename to src/lib/ipa_hbac/ipa_hbac.h
diff --git a/src/providers/ipa/ipa_hbac.pc.in b/src/lib/ipa_hbac/ipa_hbac.pc.in
similarity index 100%
rename from src/providers/ipa/ipa_hbac.pc.in
rename to src/lib/ipa_hbac/ipa_hbac.pc.in
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index
ad12f21fc36e52a2e8d7affcfc7128f018c50e4c..3ec5a8df8b2cdc027860ab808b26433142c13e24
100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -30,7 +30,6 @@
#include "providers/ldap/sdap_access.h"
#include "providers/ipa/ipa_common.h"
#include "providers/ipa/ipa_access.h"
-#include "providers/ipa/ipa_hbac.h"
#include "providers/ipa/ipa_hosts.h"
#include "providers/ipa/ipa_hbac_private.h"
#include "providers/ipa/ipa_hbac_rules.h"
diff --git a/src/providers/ipa/ipa_hbac_common.c
b/src/providers/ipa/ipa_hbac_common.c
index
72a620ef0971a8bc657bd7bda3f61b4abdd614ee..82c531f15338a2ff609bd58ad449783d7a3a6af1
100644
--- a/src/providers/ipa/ipa_hbac_common.c
+++ b/src/providers/ipa/ipa_hbac_common.c
@@ -21,7 +21,6 @@
*/
#include "providers/ipa/ipa_hbac_private.h"
-#include "providers/ipa/ipa_hbac.h"
#include "providers/ipa/ipa_common.h"
static errno_t
diff --git a/src/providers/ipa/ipa_hbac_private.h
b/src/providers/ipa/ipa_hbac_private.h
index
c831cd5c6dd2ed1ff2bc0d649a25ae1212548dda..8fc5dc6d03cc2373e32641a399157c900ec18107
100644
--- a/src/providers/ipa/ipa_hbac_private.h
+++ b/src/providers/ipa/ipa_hbac_private.h
@@ -24,7 +24,7 @@
#define IPA_HBAC_PRIVATE_H_
#include "providers/ipa/ipa_access.h"
-#include "providers/ipa/ipa_hbac.h"
+#include "lib/ipa_hbac/ipa_hbac.h"
#define IPA_HBAC_RULE "ipaHBACRule"
diff --git a/src/python/pyhbac.c b/src/python/pyhbac.c
index
820ef11b57f1226725fd7acf97598a42e6bf0bc0..eb424c6ddb8f7b44437079f0f9c7d63a583b7198
100644
--- a/src/python/pyhbac.c
+++ b/src/python/pyhbac.c
@@ -23,7 +23,7 @@
#include "util/util.h"
#include "util/sss_python.h"
-#include "providers/ipa/ipa_hbac.h"
+#include "lib/ipa_hbac/ipa_hbac.h"
#define PYTHON_MODULE_NAME "pyhbac"
diff --git a/src/tests/ipa_hbac-tests.c b/src/tests/ipa_hbac-tests.c
index
f2192a6fbc5188a7a7f6b204e03ca5961bb53f75..c8ef7fe44d41770cfeca706e6d3396a8d0e7d6cf
100644
--- a/src/tests/ipa_hbac-tests.c
+++ b/src/tests/ipa_hbac-tests.c
@@ -27,7 +27,7 @@
#include <talloc.h>
#include "tests/common_check.h"
-#include "providers/ipa/ipa_hbac.h"
+#include "lib/ipa_hbac/ipa_hbac.h"
#define HBAC_TEST_USER "testuser"
#define HBAC_TEST_INVALID_USER "nosuchuser"
--
2.4.3
>From bbbdb69313bfe7611ae4430cd4c7c7e6657d0b43 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Fri, 11 Mar 2016 09:43:39 +0100
Subject: [PATCH 5/5] libipa_hbac: Ensure we always build with C90
libipa_hbac is also used by external projects such as pam_hbac:
https://github.com/jhrozek/pam_hbac
In order to make sure we don't use C99 features in the libipa_hbac code
in the future, this patch adds an explicit -std=c89 flag to CFLAGS.
---
Makefile.am | 5 +++++
src/util/sss_tc_utf8.c | 1 +
src/util/sss_utf8.c | 3 +++
src/util/sss_utf8.h | 7 +++++--
4 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index
481c6ad6f6b6257bdb5a845ffbb3b63920575fc7..7a299e5747015a6cef5664526b97eb606ed52a78
100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -944,9 +944,14 @@ libipa_hbac_la_DEPENDENCIES =
src/lib/ipa_hbac/ipa_hbac.exports
libipa_hbac_la_SOURCES = \
src/lib/ipa_hbac/hbac_evaluator.c \
src/util/sss_utf8.c
+# libipa_hbac is also used by external projects such as pam_hbac which
+# support platforms that do not have a C99 compiler. We add -std=c89
+# explicitly here to make sure we don't accidentally add a C99 feature
+# to the libipa_hbac code
libipa_hbac_la_CFLAGS = \
$(AM_CFLAGS) \
-I$(top_srcdir)/src/util \
+ -std=c89 \
$(NULL)
libipa_hbac_la_LIBADD = \
$(UNICODE_LIBS)
diff --git a/src/util/sss_tc_utf8.c b/src/util/sss_tc_utf8.c
index
4b2c49316b43b79b37944cb517cf5bd4c32dddae..44194ab02f56bd7593055b2f1dad55e154fb1a1d
100644
--- a/src/util/sss_tc_utf8.c
+++ b/src/util/sss_tc_utf8.c
@@ -19,6 +19,7 @@
*/
#include <talloc.h>
+#include "util/util.h"
#include "util/sss_utf8.h"
char *
diff --git a/src/util/sss_utf8.c b/src/util/sss_utf8.c
index
7ba11ca759f3dddda6585dddb8add9a8395bba4b..722f28d08a7f884ef1e7947887becd672eb490af
100644
--- a/src/util/sss_utf8.c
+++ b/src/util/sss_utf8.c
@@ -22,6 +22,9 @@
#include "config.h"
+#include <string.h>
+#include <errno.h>
+
#ifdef HAVE_LIBUNISTRING
#include <unistr.h>
#include <unicase.h>
diff --git a/src/util/sss_utf8.h b/src/util/sss_utf8.h
index
95b085f56a9b17c711029246d1fd0dedcade867b..bca9b2c5193cb8a11339017639a5ec658f5068a5
100644
--- a/src/util/sss_utf8.h
+++ b/src/util/sss_utf8.h
@@ -23,12 +23,15 @@
#ifndef SSS_UTF8_H_
#define SSS_UTF8_H_
-#include "util/util.h"
-
#ifndef ENOMATCH
#define ENOMATCH -1
#endif
+#include <stdint.h>
+#include <stdbool.h>
+
+#include "util/util_errors.h"
+
void sss_utf8_free(void *ptr);
/* The result must be freed with sss_utf8_free() */
--
2.4.3
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
