sssd-devel September 2014

sssd-devel@lists.fedorahosted.org

23 participants
95 discussions

[PATCH] SUDO: Support the IPA schema
by Michal Šrubař 09 Oct '15

09 Oct '15

Hi guys, I spent some time working at this ticket https://fedorahosted.org/sssd/ticket/1108 and I think it's finally ready to be reviewed by others. Description of the problem and scope of the changes can be found in the commit message. I also wrote some unit tests but the patch is a quite long already so I think it would be better to send the tests as an another patch. Or should I create a patch for each modified file?

4 7

[PATCH] Workaround for dyndns_test_ok failiure on mips(el). Child part has finished before the child handler was created.
by Jurica Stanojkovic 14 Sep '15

14 Sep '15

Hello, Package sssd_1.11.5.1-1 on Debian FTBFS for mips and mipsel. https://buildd.debian.org/status/fetch.php?pkg=sssd&arch=mips&ver=1.11.5.1-… https://buildd.debian.org/status/fetch.php?pkg=sssd&arch=mipsel&ver=1.11.5.… dyndns_test_ok is failing with following log: [ RUN ] dyndns_test_ok(Tue Jul 8 15:53:55:004476 2014) [sssd] [be_nsupdate_args] (0x0200): (Tue Jul 8 15:53:55:004521 2014) [sssd] [child_handler_setup] (0x2000): nsupdate auth type: GSS-TSIGSetting up signal handler up for pid [21397](Tue Jul 8 15:53:55:004693 2014) [sssd] [__wrap_execv] (0x0200): nsupdate success test case(Tue Jul 8 15:53:55:004825 2014) [sssd] [__wrap_execv] (0x1000): Child exiting with status 0(Tue Jul 8 15:53:55:005275 2014) [sssd] [child_handler_setup] (0x2000): Signal handler set up for pid [21397](Tue Jul 8 15:54:55:837623 2014) [sssd] [write_pipe_handler] (0x0020): write failed [32][Broken pipe].(Tue Jul 8 15:54:55:837801 2014) [sssd] [nsupdate_child_stdin_done] (0x1000): Sending nsupdate data complete(Tue Jul 8 15:54:55:837869 2014) [sssd] [nsupdate_child_stdin_done] (0x0040): Sending nsupdate data failed [32]: Broken pipe(Tue Jul 8 15:54:55:837947 2014) [sssd] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158228]: Dynamic DNS update failed(Tue Jul 8 15:54:55:837985 2014) [sssd] [dyndns_test_ok] (0x1000): Child request returned [1432158228]: Unknown error 14321582280x555d0014 != 0../src/tests/cmocka/test_dyndns.c:222: error: Failure![ FAILED ] dyndns_test_okChild part has finished before the child handler was created. I have created and attached a patch which is workaround for this issue. Could someone please take a look and comment this? Thank you! Sincerely, Jurica

4 6

[PATCH] DYNDNS: Add a new option dyndns_server
by Jakub Hrozek 28 Jul '15

28 Jul '15

Hi, one of our users ran into an interesting problem -- her AD infrastructure was different from the DNS server. Because by default, we perform update against the server we're connected to, the DNS update didn't work. Per Simo's suggestion, I've implemented a new option that allows the administrator to override the DNS server used for DNS updates.

4 5

[PATCHES] AUDIT: Add audit support for SSSD
by Michal Židek 21 Jul '15

21 Jul '15

These two patches are initial patches for tickets https://fedorahosted.org/sssd/ticket/2373 https://fedorahosted.org/sssd/ticket/2372 I will add wrappers for more libaudit functions as needed in later patches. As for now, the audit support is not build by default so you need to run --with-libaudit. I would like to make it default when we have the above tickets solved. Thanks, Michal

2 5

[patch] Python 3 support for sssd
by Bohuslav Kabrda 13 Jan '15

13 Jan '15

Hey all, for past few days, I've been working on python3-compat patch for sssd. The patch [1] is attached to the issue that requests this feature [2]. Some comments: - The patch tries to maintain backward compatibility for Python 2.6 and 2.7 - I admit I only tested 2.7 so far, but it seemed to work ok. - I didn't yet solve the build part - for now, I just handedit configure.ac to set "PYTHON=python3" and src/external/python.m4 to set "AC_PATH_PROG(PYTHON, python3)" and compile with that. - I managed to run Python tests in src/tests except python-test.py itself (it says "OSError: [Errno 5] Could not initialize connection to the confdb" and I didn't yet investigate why that happens). - To run tests, one must modify the hashbangs to /usr/bin/python3 (I now see that I left one of these in the actual patch, so please disregard that). I'd like to ask you, sssd devels, to give me some comments on the patch (or ask questions) and if you have some time to spare, doing more extensive testing would also be very welcome. -- Regards, Bohuslav "Slavek" Kabrda. [1] https://fedorahosted.org/sssd/attachment/ticket/2017/sssd-python3-compat.pa… [2] https://fedorahosted.org/sssd/ticket/2017

2 11

[PATCHES] Sig handlers cleanups
by Simo Sorce 12 Jan '15

12 Jan '15

While checking if our custom signal handlers properly handle errno, I stumbled on a few cleanups, they are attached. turns out our few signal hanlders are errno safe, and tevent signal handling function is also fine. Simo. -- Simo Sorce * Red Hat, Inc * New York

5 17

[PATCH] LDAP: Do not clobber return value when multiple controls are returned
by Jakub Hrozek 09 Dec '14

09 Dec '14

Hi, please see the attached patch and its commit message. An alternative might be to use a different variable for the result (as we did in 1.9) before the new error codes.

2 3

[PATCH] simple access provider - don't fail on non-existing objects
by Pavel Reichl 08 Dec '14

08 Dec '14

Hello, I noticed that if using simple access provider and having non-existing group or user in access/deny list then access will be denied and "su: System error" will be printed. I think it's OK to simply skip non-existing objects on allow_list. I'm not so sure what to do in case of deny lists. Should we also just skip them or should we deny the user and print more appropriate message ("su: Permission denied")? Thanks, PR

6 15

[PATCHES] Merging INI snippets
by Dmitri Pal 03 Dec '14

03 Dec '14

Hello, Extensive travel in recent months allowed me to finish this code. Here is the updated design: https://fedorahosted.org/sssd/wiki/DesignDocs/ding-libs/INIConfigMerge Patches: 0001 - Fix in case the Ref array is empty and we need to print/debug it 0002 - Declaration of the new function to do access checks 0003 - Big patch with core functionality 0004 - Updated access check code to use new internal access control function 0005 - File with expected output for unit test validation 0006 - Makefile and related changes to start building new code No rush, take your time. :-) -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc.

3 13

[PATCH] krb5: Check return value of sss_krb5_princ_realm
by Lukas Slebodnik 28 Nov '14

28 Nov '14

ehlo, yet another warning from clang static analyser. sss_krb5_princ_realm set output parameter realm to NULL and len to 0 in case of failure. Clang static analysers repoted warning "Null pointer passed as an argument to a 'nonnull' parameter" in function match_principal. It was possible, that realm_name with value NULL could be used in strncmp. Function sss_krb5_princ_realm is used on other places for printing(formatting) realm_name and NULL can be safely used as a argument for printf-like functions. Patch is attached. LS

5 13

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel September 2014