[PATCH] Resend SIGINT as SIGTERM in services
by Jakub Hrozek
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
When SSSD is running in foreground and Ctrl+C is pressed, the shell
sends SIGINT to all processes in the foreground process group, that
means not only monitor receives it. At the same time, the cleanup
routines we use are SIGTERM handlers, so I think the solution is to
catch SIGINT in all our services and just raise is again as SIGTERM to
allow the cleanup callbacks to be run.
Fixes: #462
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkwg3BkACgkQHsardTLnvCWGAACfZi1xBpKlNWzwpCgP3zPy7zWq
7gAAoK5tV3AcpeBHW5WQ9rq42We5964B
=Vy+1
-----END PGP SIGNATURE-----
13 years, 10 months
[PATCH] Fix SASL authentication
by Sumit Bose
Hi,
Alexander Gordeev <lasaine(a)lvk.cs.msu.su> helped to find a bug in SASL
interactive callback which became visible with and OpenLDAP server. The
attached patch should fix it.
bye,
Sumit
13 years, 10 months
[PATCHES] Fixes for the collection
by Dmitri Pal
0001 - #547
0002 - memory leaks found in the unit test while testing 0001
Patches are independent.
Question: Should we run Coverity against the unit tests too?
I think we should because errors in the unit test most likely obscure
the errors in the code they test.
I was about to open a ticket on the matter but decided to ask first.
--
Thank you,
Dmitri Pal
Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
13 years, 10 months
[PATCH] NetworkManager integration
by Jakub Hrozek
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The attached two patches provide basic NM integration. We may also add
support for VPNs later, but that would require keeping track of active
connections.
[PATCH 1/2] DBus system bus integration
Provides a mean to connect to the system bus and sets up filters for
messages or signals passed in sbus_method arrary. The patch is based on
Stephen's earlier work on InfoPipe.
[PATCH 2/2] NetworkManager integration
Basic NM integration. When we receive a signal that NM went online, we
reset the offline flag of back ends to false and run online callbacks.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkwk+DMACgkQHsardTLnvCUDBQCgzCQjRC08vjWkLMrnv5c7YT+/
WgUAoIejlKCdmsDY10kCEP6l62CbVPgD
=BepJ
-----END PGP SIGNATURE-----
13 years, 10 months
strange request to my ldapserver.
by Eric Doutreleau
well i have configured my client with the following config
[domain/default]
ldap_id_use_start_tls = False
ldap_tls_reqcert = never
cache_credentials = True
ldap_search_base = dc=int-evry,dc=fr
ldap_user_search_base = ou=People,dc=int-evry,dc=fr
ldap_group_search_base = ou=Group,ou=System,dc=int-evry,dc=fr
#ldap_group_search_base = ou=Groups,dc=int-evry,dc=fr
chpass_provider = none
id_provider = ldap
auth_provider = ldap
debug_level = 3
min_id = 1
ldap_uri = ldap://ldap2.int-evry.fr/ , ldap://ldap1.int-evry.fr/ ,
ldap://ldap3.int-evry.fr/
ldap_schema = rfc2307
access_provider = ldap
ldap_access_filter = IntEPersInetServ=*unix-int*
ldap_default_bind_dn = cn=mcibind,ou=System,dc=int-evry,dc=fr
ldap_default_authtok_type = password
ldap_default_authtok = xxxxxx
enumerate = True
create_homedir = False
and i got tons of request like that on my server
Jun 22 17:46:47 ldapsync2 slapd[9126]: conn=3940 op=23279627 SRCH
attr=cn nisNet
groupTriple memberNisNetgroup
Jun 22 17:46:47 ldapsync2 slapd[9126]: conn=3940 op=23279627 SEARCH
RESULT tag=1
01 err=0 nentries=0 text=
Jun 22 17:46:47 ldapsync2 slapd[9126]: conn=3940 op=23279628 SRCH
base="dc=int-e
vry,dc=fr" scope=2 deref=0 filter="(&(objectClass=nisNetgroup)(cn=\29))"
Jun 22 17:46:47 ldapsync2 slapd[9126]: conn=3940 op=23279628 SRCH
attr=cn nisNet
groupTriple memberNisNetgroup
what are this request for?
there so much request that at the end i got a lot of message like that
on the sssd_default.log file
(Tue Jun 22 18:09:22 2010) [sssd[be[default]]] [sdap_process_result]
(2): ERROR: LDAP connection is not connected!
(Tue Jun 22 18:09:22 2010) [sssd[be[default]]] [sdap_process_result]
(2): ERROR: LDAP connection is not connected!
when i type id
i got the messages
$ id
uid=14517 gid=145 groupes=145,146,1000000,1000008
does someone how to solve that problem?
13 years, 10 months
[PATCHES] INI related enhancements
by Dmitri Pal
Hi,
Patches are interrelated. Most of patches depend on one of the previous
ones.
1 - Just simple trace statements - very simple patch
2 - We talked about this a month ago or so. It is the code packed from
ELAPI part. It implements a simple dynamically extensible buffer with
some convenience functions towards writing it to a FD in an async
manner. This patch does not include changes to the makefile and
configure to include object into the SSSD build
3 - Includes the buffer object into the build. Preferred to not squash
it with the previous one.
4 - Refarray minor simple fixes
5 - Extensions to the comment object
6 - Introduction of the value object - big patch
--
Thank you,
Dmitri Pal
Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
13 years, 10 months
Announcing the release of SSSD 1.2.1
by Stephen Gallagher
The SSSD team is proud to announce our latest stable release: SSSD
1.2.1. This release contains many bugfixes and is a recommended upgrade
for any deployment currently running 1.2.0.
SSSD 1.2.1 is available as always from https://fedorahosted.org/sssd
== Highlights ==
* Eliminated many potential bugs identified by Coverity's Integrity
manager
* Improvements and bugfixes to the negative cache and filter_users/groups
* Eliminated a serious tight-loop condition
* Changed default min_id value to 1 to avoid conflicts with many
real-world deployments
* Fix a bug with ldap_access_filter not being able to handle outer
parentheses
* Fix a bug in the SSSDConfig API that caused it to through unexpected
exceptions if there were unknown entries in the configuration file
* Properly handle the Kerberos credential cache when going offline
* Remove the krb5_changepw_principal option (there are no kerberos
implementations that use anything other than kadmin/changepw@REALM)
== Detailed Release Notes ==
Dmitri Pal (3):
* Memory leak in case of empty value
* Fixing NULL dereferencing in ini_config
* Addressing initialization issues.
Göran Uddeborg (2):
* Updating sv translation
* Update sv translation
Jakub Hrozek (15):
* Man page fixes
* Skip empty attributes with warning
* Fix realm_str dereference
* Fix potential NULL dereference in sss_groupshow
* Fix potential NULL dereference in fail_over.c
* Fix Incorrect NULL check in get_server_common()
* Add missing break to switch statement
* Undocument the krb5_changepw_principal option
* Remove the -g option from useradd
* get_uid_from_pid should use fstat rather than lstat
* Fix invalid talloc_move in groupshow
* Fix potential resource leak in copy_tree_ctx()
* Potential memory leak in _nss_sss_*_r()
* Check closedir call in find_uid
* Print correct return code
Stephen Gallagher (30):
* Fix typo in Makefile
* Fix broken build against older versions of OpenLDAP
* Fix typo in Makefile.am
* Disable connection callbacks when going online
* Change default min_id to 1
* Allow ldap_access_filter values wrapped in parentheses
* Properly handle read() and write() throughout the SSSD
* Fix misuse of errno in find_uid.c
* Avoid potential NULL dereference
* Properly handle missing originalMemberOf entry in initgroups
* Don't leak directory access resources on errors in directory_list()
* Check the correct variable for NULL after creating timer
* Properly check that the timeout event was created for cleanup/enum
* Check return code of hash_delete in proxy_child_destructor
* Eliminate unused variable from pc_init_timeout()
* Make sure to close varargs before returning from a function
* Properly null-terminate socket path
* Don't segfault if ldap_access_filter is unspecified
* Add ldap_force_upper_case_realm to example AD config
* Handle (ignore) unknown options in get_domain() and get_service()
* Remove references to the DP service from the SSSDConfig API tests
* Standardize on correct spelling of "principal" for krb5
* Initialize len before looping to read the pidfile
* Refactor the negative cache
* Move setup of filter_users and filter_groups to negcache.c
* Honor filter_users in PAM
* Fix potential resource leak in remove_tree_with_ctx()
* Fix return value from remove_connection_callback() destructor
* Protect against segfault in remove_ldap_connection_callbacks
* Releasing SSSD 1.2.1
Sumit Bose (10):
* Fix handling of ccache file when going offline
* Compare full service name
* Add sysdb_attrs_get_string_array()
* Use sysdb_attrs_get_string_array() instead of sysdb_attrs_get_el()
* Initialize pam_data in Kerberos child.
* Avoid a potential double-free
* Add a missing return value
* Add a missing initializer
* Add a missing break
* Add a missing free()
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
13 years, 10 months
