rad provider
by Ondra Hujňák
Hi guys,
In my repository:
https://github.com/hujon/sssd/
in branch rad is rc version of RADIUS provider.
There is one known flaw because of verto library. When I
convert tevent loop to verto I cannot free verto context,
because it would free tevent loop as well. This bug was
consulted with Nathaniel McCallum who promised
to fix this in verto.
If you want to see my thesis in which I describe
this provider it is available at:
http://ondra.hujnak.cz/doc/bc_thesis.pdf
Even if my school work is done I'd like to continue
improving this provider in my free time (commits won't
be so frequent any more)…
Thank you for your valuable comments and help
with my work.
Ondřej Hujňák
10 years, 11 months
[PATCH] Do not attempt to resolve localhost during tests
by Jakub Hrozek
Hi,
Timo Aaltonen discovered that one of our fail over unit tests require
the "localhost" host name to be resolvable, while there is no guarantee
that a buildsystem that runs the build can resolve "localhost".
Attached are three very small patches:
[PATCH 1/3] tests: Do not attempt to resolve localhost unless -n is
selected
This patch disables the test that was relying on "localhost".
[PATCH 2/3] tests: enable network tests based on environment variable
Currently the tests that require a network connection can be enabled by
selecting the -n command line parameter for the test. But in some cases,
like the buildsystems, it might be better to actually enable network
tests globally for all tests.
[PATCH 3/3] RPM: run network tests by default
Enables the unit tests that require a network connectin before calling
"make check".
I tried building a SRPM with these changes in Koji and the build
succeeded:
http://koji.fedoraproject.org/koji/taskinfo?taskID=5325056
10 years, 11 months
1.9.93 git fails using id_provider=ad
by steve
Hi
with id_provider=ad, sssd exits after e.g. issuing d <user>
It works fine with id_provider=ldap
here are te errors with the ad:
(Tue May 14 22:55:31 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making
reconnection attempt 3 to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Tue May 14 22:55:31 2013) [sssd[pam]] [sbus_reconnect] (0x0080):
Reconnected to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Tue May 14 22:55:31 2013) [sssd[pam]] [pam_dp_reconnect_init] (0x0020):
Reconnected to the Data Provider.
(Tue May 14 22:55:31 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making
reconnection attempt 3 to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Tue May 14 22:55:31 2013) [sssd[nss]] [sbus_reconnect] (0x0080):
Reconnected to
[unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default]
(Tue May 14 22:55:31 2013) [sssd[nss]] [nss_dp_reconnect_init] (0x0020):
Reconnected to the Data Provider.
(Tue May 14 22:55:31 2013) [sssd[nss]] [nss_cmd_getby_dp_callback]
(0x0040): Unable to get information from Data Provider
Error: 3, 5, (null)
Will try to return what we have in cache
(Tue May 14 22:55:31 2013) [sssd[be[default]]] [be_run_online_cb]
(0x0080): Going online. Running callbacks.
(Tue May 14 22:55:32 2013) [sssd] [sbus_dispatch] (0x0080): Connection
is not open for dispatching.
(Tue May 14 22:55:32 2013) [sssd[pam]] [sbus_dispatch] (0x0020):
Performing auto-reconnect
(Tue May 14 22:55:32 2013) [sssd[nss]] [sbus_dispatch] (0x0020):
Performing auto-reconnect
(Tue May 14 22:55:32 2013) [sssd] [mt_svc_exit_handler] (0x0040): Child
[default] terminated with signal [11]
(Tue May 14 22:55:32 2013) [sssd] [mt_svc_exit_handler] (0x0010):
Process [default], definitely stopped!
(Tue May 14 22:55:32 2013) [sssd] [monitor_quit] (0x0040): Returned with: 1
(Tue May 14 22:55:32 2013) [sssd] [monitor_quit] (0x0020): Terminating
[pam][11210]
(Tue May 14 22:55:32 2013) [sssd] [monitor_quit] (0x0020): Child [pam]
exited gracefully
(Tue May 14 22:55:32 2013) [sssd] [monitor_quit] (0x0020): Terminating
[nss][11209]
(Tue May 14 22:55:32 2013) [sssd] [monitor_quit] (0x0020): Child [nss]
terminated with a signal
10 years, 11 months
[PATCH] Fix segfault in AD Subdomains Module
by Lukas Slebodnik
ehlo,
In function ad_subdomains_get_netlogon_done:
If variable "reply_count" is zero then variable "reply" will not be
initialized. Therefore we should not continue.
I am not sure about return code.
Patch is attached.
LS
10 years, 11 months
Libtool fails to find dependent libraries
by Lukas Slebodnik
ehlo,
sorry for tl;dr
Two users hit the same compilation issue last week.
https://lists.fedorahosted.org/pipermail/sssd-devel/2013-May/014906.html
https://lists.fedorahosted.org/pipermail/sssd-devel/2013-May/014915.html
The first user uses Ubuntu and the second user uses Mint.
The main problem is in linking process. There are undefined references to
symbol. And linker writes hint, where the symbol is defined.
/usr/bin/ld: note: '_talloc_zero_array@(a)TALLOC_2.0.2' is defined in DSO
/usr/lib/i386-linux-gnu/libtalloc.so.2 so try adding it to the linker command line
It was very strange, because configure script did not fail and all dependencies
were installed properly. I found out that problem is in libtool. Debian (and
all derivatives) has patched version of libtool.
http://patch-tracker.debian.org/patch/series/view/libtool/2.4.2-1.1/link_...
They set link_all_deplibs to "no". Fedora has default value "unknown", which is
treated like "yes". Simple solution for users was to build sssd 1.10-beta from
tarball and do not run autoreconf. Because all important files in tarball
was generated on fedora.
Example:
sss_userdel -> libsss_util.la -> libsss_child.la
-> libsss_crypt.la
-> libsss_debug.la
^^^^^^^^^
Those three dependencies are not propagated to the top (sss_userdel)
if link_all_deplibs is "no". Only direct dependencies from
libsss_util.la are used to link file sss_userdel.
This issue was introduced in commit 96453f402831275a39d5fb89c33c9776e148d03f
"BUILD: Build shared components as an internal shared library"
It was not problem with static libraries, because everything from libraries
libsss_{child,crypt,debug} was linked to libsss_util.a
I was able to reproduce this bug with debian and my first solution was to patch
generated ./libtool
sed -i -e 's/^link_all_deplibs=.*$/link_all_deplibs=yes/' ./libtool
But this was ugly hack, because you have to call configure and then patch
generated libtool. I realized, that:
libtool (is generated by)
-> config.status(with ltmain.sh)
(generated by)
-> configure (generated from)
->configure.ac
Macro AC_PROG_LIBTOOL is responsible for initialization of variable
link_all_deplibs (and also other things)
Macro AC_PROG_LIBTOOL expands to 7160 lines of shell script
(aproximately 30% size of "configure")
Possible solutions:
--revert patch with internal shared library (I don't like it)
--override value of variable link_all_deplibs in configure.ac
(after macro AC_PROG_LIBTOOL). I am not sure if it is portable
solution.
--update dependencies in Makefile.am, Every target which require
libsss_util.la will also directly require libsss_{child,crypt,debug}.
(lot of useless changes)
Any other possible solutions are welcomed.
LS
10 years, 11 months
build fails on git
by steve
Hi
git master from about 1/2 hour ago. Ubuntu 13.04 fails at:
/usr/bin/ld: src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_client.o:
undefined reference to symbol '_talloc_zero_array@(a)TALLOC_2.0.2'
/usr/bin/ld: note: '_talloc_zero_array@(a)TALLOC_2.0.2' is defined in DSO
/usr/lib/i386-linux-gnu/libtalloc.so.2 so try adding it to the linker
command line
/usr/lib/i386-linux-gnu/libtalloc.so.2: could not read symbols: Invalid
operation
collect2: error: ld returned 1 exit status
make[2]: *** [sss_ssh_authorizedkeys] Error 1
make[2]: se sale del directorio «/home/steve/sssd»
make[1]: *** [all-recursive] Error 1
make[1]: se sale del directorio «/home/steve/sssd»
make: *** [all] Error 2
here is the libtalloc stuff:
/usr/lib/i386-linux-gnu$ ls -l libtalloc*
-rw-r--r-- 1 root root 218918 ene 29 19:24 libtalloc.a
lrwxrwxrwx 1 root root 18 ene 29 19:24 libtalloc.so ->
libtalloc.so.2.0.7
lrwxrwxrwx 1 root root 18 may 8 11:25 libtalloc.so.2 ->
libtalloc.so.2.0.7
-rw-r--r-- 1 root root 42580 ene 29 19:24 libtalloc.so.2.0.7
The 1.10.0beta1 builds OK on the same box.
Any ideas?
Thanks,
Steve
10 years, 11 months
[PATCH] Rename SAFEALIGN macros
by Michal Židek
https://fedorahosted.org/sssd/ticket/1772
Changes done:
- definitions of safealign macros have been removed from
src/sss_client/sss_cli.h and src/util/util.h and put into new header
(the old headers include this new header). This change was done to avoid
code duplication.
- Macros that copy bytes from a variable to byte buffer have been
renamed from SAFEALIGN_SET_<type> to SAFEALIGN_VAR2BUF_<type>.
- Macros that copy bytes from a byte buffer to a variable have been
renamed from SAFEALIGN_COPY_<type> to SAFEALIGN_BUF2VAR_<type>
- Aliases have been added to allow the old names to be used in the code
(we can remove the aliases when the old names are replaced with the new
ones on all places in the code, but for now, it is good to allow both
alternatives, so that this patch can be smaller)
Thanks
Michal
10 years, 11 months
[PATCH] Minor AD dyndns fixes
by Jakub Hrozek
Hi,
the attached small patches fix smallish issues reported by users after
1.10beta1 was released. The biggest change is enabling the updates by
default in the AD provider. They were disabled by default (I guess to
have the same settings in both IPA and AD providers), but in AD it makes
sense to enable the update by default.
[PATCH 1/3] Fix a typo in sssd-ad man page
s/IPA/AD/
[PATCH 2/3] Enable the AD dynamic DNS updates by default
https://fedorahosted.org/sssd/ticket/1915
[PATCH 3/3] man: Clarify that AD dyndns updates are secured using GSS-TSIG
https://fedorahosted.org/sssd/ticket/1910
10 years, 11 months