[PATCH] sss_log: fix handling of variable argument lists
by Sumit Bose
Hi,
this patch fixes a issue with sss_log() which was introduced recently
and I think is only in master. So far I only tested it with syslog, if
would be nice if someone can test the journald code path as well.
bye,
Sumit
9 years, 3 months
[PATCHES] SDAP: Be able to configure sssd to honor openldap account lock to restrict access via ssh key
by Pavel Reichl
Hello,
please see attached patches. Every patch is documented in its commit
message.
Generally speaking the first 6 patches are preparation for patch #8.
Thanks,
Pavel Reichl
PS: I also attached output of my testing to make it more obvious how the
patches are supposed to work.
------------------------------------------------------------------------
# john, people, example.com
dn: uid=john,ou=people,dc=example,dc=com
pwdAccountLockedTime: 000001010000Z
# max, people, example.com
dn: uid=max,ou=people,dc=example,dc=com
# dick, people, example.com
dn: uid=dick,ou=people,dc=example,dc=com
pwdAccountLockedTime: 20140801115742Z
--------------------------------------------------------------------------
$ ssh -l john@openldap `hostname`
Connection closed by UNKNOWN
$ ssh -l max@openldap `hostname`
Last login: Fri Aug 1 15:16:21 2014 from sssd.dev.work
$ ssh -l dick@openldap `hostname`
Last login: Fri Aug 1 12:57:33 2014
9 years, 3 months
[PATCHES] check return value
by Pavel Reichl
Hello,
I noticed these two warnings in clang.
It would be great if the 2nd patch could be checked by Sumit to make
sure that the return value wasn't ignored on purpose.
Thanks,
Pavel Reichl
9 years, 3 months
[PATCH] LDAP: Do not shortcut on ret != EOK during password expiry check
by Jakub Hrozek
https://fedorahosted.org/sssd/ticket/2323
The functions that check for password expiration can return non-zero
return codes not only on internal failure, but also to indicate that the
password was expired. The code would in this case shortcut in the error
handler instead of making its way to the switch-case code below that
translates the SSSD error codes into PAM error codes.
We don't lose the error reporting, because any internal error would
translate into PAM_SYSTEM_ERROR anyway.
9 years, 3 months
[PATCHES] dyndns: Fix talloc hierarchy of "struct sss_iface_addr"
by Lukas Slebodnik
ehlo
0001-dyndns_test-Use-right-socket-length-of-for-IPv4-addr.patch
not very important patch.
0002-responder-get-domains-tests-fix-checking-of-leaks.patch
0003-test_dyndns-Use-different-talloc-context-in-wrapped-.patch
previous two patches are necessary for 4th patch
0004-TESTS-leak_check-functions-shouldn-t-be-called-with-.patch
Wit this patch it will be possible to cach mem leak in 6th patch
0005-dyndns-Fix-talloc-hierarchy-of-struct-sss_iface_addr.patch
this simpepatch fix use after free problem in ticket #2405
0006-test_dyndns-sss_iface_addr_list_get-can-return-more-.patch
test for previous patch. You can try to revert 5th patch
and you will see memory leak (not all data were moved to appropriate
talloc context)
Leak report for ../sssd/src/tests/cmocka/test_dyndns.c:247:
full talloc report on 'struct dyndns_test_ctx' (total 80 bytes in 3 blocks)
struct sss_iface_addr contains 40 bytes in 2 blocks (ref 0) 0x1469c20
../sssd/src/providers/dp_dyndns.c:210 contains 16 bytes in 1 blocks (ref 0) 0x1469990
check_leaks_pop(dyndns_test_ctx) == true
../sssd/src/tests/cmocka/test_dyndns.c:247: error: Failure!
[ FAILED ] dyndns_test_get_multi_ifaddr
0007-SDAP-free-subrequest-in-sdap_dyndns_update_addrs_don.patch
subrequest can be freed after fixing talloc hierarchy in 5th patch.
How to test.
two IP addresses shoudl be used in ptr update. You can use valgrind to see use
after free error.
The other option is to export env variable TALLOC_FREE_FILL=255 and sssd_be
will crash in function resolv_get_string_ptr_address
LS
9 years, 3 months
Re: [SSSD] [PATCH] Add systemd-user-sessions dependency to systemd service file.
by Jakub Hrozek
On Thu, Aug 21, 2014 at 03:02:54PM +0100, Ian Lee wrote:
> Hi,
>
> Yea, that's a nice target to use, I'd not noticed it before. Does this
> now make systemd-user-sessions.service a redundant dependency?
I'm not a systemd expert, but the systemd developers I pinged said it's
preferable to keep both, because the two targets don't depend on one
another directly (which seems a bit odd to me, I'd expect
systemd-user-sessions.service to depend on nss-user-lookup.target
instead of forcing consumers to depend on both..)
>
> The patch attached includes both, you can modify as you see fit.
I will run some basic tests and ask our systemd friends for another
opinion but from a casual look the patch seems fine to me.
Thank you very much for the contribution.
9 years, 3 months
