While checking if our custom signal handlers properly handle errno, I
stumbled on a few cleanups, they are attached.
turns out our few signal hanlders are errno safe, and tevent signal
handling function is also fine.
Simo Sorce * Red Hat, Inc * New York
I noticed that if using simple access provider and having non-existing
group or user in access/deny list then access will be denied and "su:
System error" will be printed.
I think it's OK to simply skip non-existing objects on allow_list.
I'm not so sure what to do in case of deny lists. Should we also just
skip them or should we deny the user and print more appropriate message
("su: Permission denied")?
yet another warning from clang static analyser.
sss_krb5_princ_realm set output parameter realm to NULL and len to 0
in case of failure. Clang static analysers repoted warning
"Null pointer passed as an argument to a 'nonnull' parameter"
in function match_principal. It was possible, that realm_name with value NULL
could be used in strncmp.
Function sss_krb5_princ_realm is used on other places for printing(formatting)
realm_name and NULL can be safely used as a argument for printf-like
Patch is attached.
Using sssd, for a long time, I have come across with a problem recently,
which I would like to solve with your help.
I provide centralized authentication and authorization service for a huge
heterogeneous network. And in my case it would be "nice and easy" if sssd
used only shells(5). I believe this mechanism is sufficient for
identification of an allowed shell.
I take a liberty to offer you this tiny patch, which will let use wildcard
(*) in param allowed_shells in sssd.conf
What do you think about it?
please see attached patches.
I have briefly discussed with Jakub how to handle saving users with uid
0 whether to resurrect sysdb_add_fake_user or modify existing fuctions
for storing users. I decided to add wrapper function around existing
ones to minimize changes in code which calls them.
I have been working on sssd being able to flush hosts from it's cache.
Here is an initial patch to add the options to the cli of sss_cache.
I have noticed that there are some methods already in src/db/sysdb_ssh.c
like sysdb_update_ssh_known_host_expire: Does that seem like the right
function to call to expire a host?
Advice is appreciated.
William Brown <william(a)firstyear.id.au>
attached patch is the first of many to solve
"The return codes of various sysdb operations differ. Some search
operations would return ENOENT if they don't find a matching object some
would return EOK but an empty result list."
I think it would be best if in case that no results were found both
ENOENT value and 'properly' empty list were returned.
Thank for opinions or/and review.
In theory, it could be possible to build current master without samba
on rhel5, but the spec file would be very complicated.
It is better to simplify spec file.
Patch is attached.
1 file changed, 43 deletions(-) :-)