[PATCHES] Sig handlers cleanups
by Simo Sorce
While checking if our custom signal handlers properly handle errno, I
stumbled on a few cleanups, they are attached.
turns out our few signal hanlders are errno safe, and tevent signal
handling function is also fine.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
8 years, 8 months
[PATCH] krb5: Check return value of sss_krb5_princ_realm
by Lukas Slebodnik
ehlo,
yet another warning from clang static analyser.
sss_krb5_princ_realm set output parameter realm to NULL and len to 0
in case of failure. Clang static analysers repoted warning
"Null pointer passed as an argument to a 'nonnull' parameter"
in function match_principal. It was possible, that realm_name with value NULL
could be used in strncmp.
Function sss_krb5_princ_realm is used on other places for printing(formatting)
realm_name and NULL can be safely used as a argument for printf-like
functions.
Patch is attached.
LS
8 years, 10 months
[PATCH] allowed_shells: using wildcard for any shell
by Denis Kutin
Dear friends,
Using sssd, for a long time, I have come across with a problem recently,
which I would like to solve with your help.
I provide centralized authentication and authorization service for a huge
heterogeneous network. And in my case it would be "nice and easy" if sssd
used only shells(5). I believe this mechanism is sufficient for
identification of an allowed shell.
I take a liberty to offer you this tiny patch, which will let use wildcard
(*) in param allowed_shells in sssd.conf
What do you think about it?
--
Denis Kutin
8 years, 11 months
[PATCH] Two minor patches for tokenGroups nested group processing
by Jakub Hrozek
Hi,
the attached two patches are not strictly related to tokenGroups
processing, but it's very easy to reproduce the problem that way. The
issue is only confusing DEBUG messages, but it has already cost me
several hours in processing logs from an SSSD user, so I think a fix is
due, at least for master.
See the patches and the commit messages for more details.
9 years, 1 month
[PATCHES] Enable sending DEBUG logs to journald
by Stephen Gallagher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All of these patches require Nikolai's "DEBUG Macro Refactoring v3"
patches to be applied first.
Patch 0001: Allow debug_fn to process __FILE__ and __LINE__
In preparation for enabling journald support for the DEBUG logs, we
will need to be able to pass in certain additional arguments that will
be required, specifically the code file and line number.
We will be able to optionally enable this in the file-based logs as well
if we so choose, but for right now we will avoid breaking the log
format on disk.
Patch 0002: Enable sending structured debug logs to journald
We are now able to send structured debug logs to journald, tagged with
the code file, line number and domain that the log pertains to. To
enable this functionality, SSSD must be configured at build-time with
- --with-syslog=journald and must be launched without -f/--debug-to-files
This behavior is nearly identical to how SSSD will function today on a
systemd-based system if --debug-to-files is disabled, since it will
redirect stdout and stderr into journald. This patch merely enhances
the situation to send structured logs instead of simple string messages.
Patch 0003: BUILD: Build with journald support by default on Fedora
The journal provided by systemd gives us structured logging
capabilities that we should be taking advantage of.
Note: this patch explicitly does not change the systemd unit file for
SSSD. Right now, an administrator will need to manually remove the
'-f' from ExecStart in the unit file to send debug logs to journald. I
suspect we'll want to discuss this before we make it the default. This
patch DOES change the default for sss_log messages to use
sd_journal_send() instead of straight log() for those messages that we
traditionally sent to the syslog (such as login events). This is code
that has been in place for some time now, but has not been the default
because we hadn't build with --with-syslog=journald.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlK0v0QACgkQeiVVYja6o6NwxgCfWnU4IbYyJPXxPe83zWjjsCHt
cG8AnitRgM9CAUjHM2ofYg3TgcUxCyCC
=Fara
-----END PGP SIGNATURE-----
9 years, 2 months
[PATCH] LDAP: Try all attributes when saving an entry
by Jakub Hrozek
Hi,
this bug was reported on #sssd by a user. He was running some flavor of
IBM Tivoli where the entries only had an "ID", not separate "UID" and
"GID". But due to a bug in sssd he couldn't use the same value for both,
this configuration:
ldap_user_uid_number = idAttribute
ldap_user_gid_number = idAttribute
only saved the ID into UID and left GID empty. It appears we have a long
standing bug in sdap_parse where we only consider first match. If this
patch is accepted, I would also like to refactor sdap_parse in master
because currently it is a 250-lines long function with multiple
branches..
9 years, 2 months
[PATCH v2 0/5] NFSv4 rpc.idmapd plugin
by Noam Meltzer
Hello sssd-devel & linux-nfs,
This is v2 of the patch set. It is now sent to linux-nfs as weel, following
Steve Dickson request.
The code in the next 5 patches implements the design document:
https://fedorahosted.org/sssd/wiki/DesignDocs/rpc.idmapd%20plugin
The changes in the code (compared to v1) are following the review done in
sssd-devel.
I believe that there are still two items in dispute (no final verdict was given
in the sssd mailing list) but this new patch set will give a chance to have a
cleaner look on things.
--
Noam Meltzer
Linux Software Engineer
PRIMARY DATA
P.O. Box 12650, Herzliya Pituach 4673300
9 Hamenofim St. Akerstein Towers, Tower A, 5th fl. Herzliya
Office: +972-77-8981888 | Fax: +972-3-7617140 | Mobile: +972-54-5873843
Email: noam(a)primarydata.com
--
Noam Meltzer (5):
NEW CLIENT: plugin for NFSv4 rpc.idmapd
NFSv4 client: (private) headers from libnfsidmap
NFSv4 client: add to build system
NFSv4 client: man page
NFSv4 client: add to RPM spec
Makefile.am | 19 ++
configure.ac | 10 +
contrib/sssd.spec.in | 8 +
src/conf_macros.m4 | 30 ++
src/external/libnfsidmap.m4 | 17 +
src/man/Makefile.am | 4 +-
src/man/include/seealso.xml | 4 +
src/man/sss_rpcidmapd.5.xml | 97 ++++++
src/sss_client/common.c | 5 +
src/sss_client/nfs/nfsidmap_internal.h | 78 +++++
src/sss_client/nfs/sss_nfs_client.c | 569 +++++++++++++++++++++++++++++++++
src/sss_client/sss_cli.h | 2 +
12 files changed, 842 insertions(+), 1 deletion(-)
create mode 100644 src/external/libnfsidmap.m4
create mode 100644 src/man/sss_rpcidmapd.5.xml
create mode 100644 src/sss_client/nfs/nfsidmap_internal.h
create mode 100644 src/sss_client/nfs/sss_nfs_client.c
--
1.8.5.3
9 years, 3 months
