[PATCH] Don't use srcdir with tests
by Jakub Hrozek
Without this patch I can't build SSSD for rawhide as new autoconf
versions error out when $(srcdir) is used in TESTS:
Makefile.am:149: error: using '$(srcdir)' in TESTS is currently broken:
'$(srcdir)/src/config/SSSDConfigTest.py'
parallel-tests: installing 'build/test-driver'
Makefile.am:149: error: using '$(srcdir)' in TESTS is currently broken:
'$(srcdir)/src/tests/pyhbac-test.py'
Makefile.am:149: error: using '$(srcdir)' in TESTS is currently broken:
'$(srcdir)/src/tests/pysss_murmur-test.py'
Not using srcdir is OK as the GNU manual states:
"Automake ensures that each file listed in TESTS is built before it is
run; you can list both source and derived programs (or scripts) in
TESTS; the generated rule will look both in srcdir and .."
This is an excerpt from:
http://www.gnu.org/software/automake/manual/automake.html#Scripts_002dbas...
10 years, 3 months
[PATCH] Split the providers into separate subpackages
by Jakub Hrozek
Hi,
the attached patch splits the previously monolithic sssd package into
sssd-common that contains the deamon and the responders and per-provider
packages such as sssd-ldap or sssd-ipa.
This split would benefit two parties:
1) security auditors who are often trying to find the smallest package
set including dependencies needed for the package to function. They
would be able to i.e. install sssd-ldap and not bother about
sssd-ipa or sssd-ad pulling in more dependencies.
2) 3rd party programs such as realmd or authconfig that would only
be able to require or install on demand the needed packages.
The patch addresses https://fedorahosted.org/sssd/ticket/1510 and must b
applied on the two specfile patches I sent earlier (the thread subject
included libsss_sudo).
10 years, 3 months
Ticket #1376 -- Add support for suppressing group members
by Paul B. Henson
I'm attaching an initial draft of the implementation of
ignore_group_members per ticket #1376. I still need to update the
documentation (and some python code in SSSDConfig it looks like), but
functionality wise this prevents ldap from requesting the member
attribute and sssd from returning any cached members that might be left
in the local db. As this is my first attempt at working with sssd, I
wanted to get early feedback in case I'm doing something silly ;).
Also, regarding the comment on the ticket:
"The trickiest piece of this functionality would be ensuring that we
don't delete existing member/memberOf linkages from the cache during
group lookups that were put there by previous initgroups() requests.
Thus, when this option is in play, member/memberOf should only be
managed by initgroups() calls."
My understanding of this is that an initgroups call will set up some
state in the cache regarding members of groups, and a getgrnam or
getgrgid call that skips retrieving the member attribute will wipe these
out of the cache. However, it's also my understanding that *every*
initgroups call hits ldap directly to make sure stale data isn't used
for authorization purposes. If so, why do we care that the data in the
cache, which isn't going to be used, gets wiped out? When
ignore_group_members is enabled, the only thing that cares about group
members is initgroups, correct?
Thanks...
10 years, 3 months
[PATCH] Rename SAFEALIGN macros
by Michal Židek
https://fedorahosted.org/sssd/ticket/1772
Changes done:
- definitions of safealign macros have been removed from
src/sss_client/sss_cli.h and src/util/util.h and put into new header
(the old headers include this new header). This change was done to avoid
code duplication.
- Macros that copy bytes from a variable to byte buffer have been
renamed from SAFEALIGN_SET_<type> to SAFEALIGN_VAR2BUF_<type>.
- Macros that copy bytes from a byte buffer to a variable have been
renamed from SAFEALIGN_COPY_<type> to SAFEALIGN_BUF2VAR_<type>
- Aliases have been added to allow the old names to be used in the code
(we can remove the aliases when the old names are replaced with the new
ones on all places in the code, but for now, it is good to allow both
alternatives, so that this patch can be smaller)
Thanks
Michal
10 years, 4 months
[PATCHES] SUDO: IPA provider
by Lukas Slebodnik
ehlo,
I am attaching two patches.
First patch make retrieving host information more reusable. It is a preparation
for easily reusing existing ldap code in SUDO IPA provider in second patch.
I am attaching two patches.
First patch make retrieving host information much more reusable. It is
a preparation for easily reusing existing ldap code in SUDO IPA provider
in the second patch.
LS
10 years, 4 months
