sssd-devel October 2017

sssd-devel@lists.fedorahosted.org

11 participants
66 discussions

[sssd PR#395][opened] KCM: Three trivial fixes
by jhrozek 04 Oct '17

04 Oct '17

URL: https://github.com/SSSD/sssd/pull/395 Author: jhrozek Title: #395: KCM: Three trivial fixes Action: opened PR body: """ I've been working on the KCM responder lately and found some minor issues that can be merged right away. 1) KCM: Add some forgotten NULL checks Several memory allocations across the KCM codebase did not check their result for NULL. This patch fixes that. 2) KCM: Use the right memory context Inside the tevent request, we should use 'state' as the intermediate memory context and steal the result up to 'mem_ctx' on success. 'mem_ctx' itself should only be used to create the tevent_req as the first thing during the request creation. However, this bug is not very severe as the mem_ctx was always the KCM operation memory context, so the memory was freed when the operation terminated. 3) KCM: Do not leak newly created ccache in case the name is malformed This is not a big deal as the mem_ctx parameter of the operation is typically just a short-lived operation context. Nonetheless, it is best practice to not rely on how the memory context is set up in utility functions. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/395/head:pr395 git checkout pr395

3 11

[sssd PR#386][opened] intg: prevent "TypeError: must be type, not classobj"
by amitkumar50 04 Oct '17

04 Oct '17

URL: https://github.com/SSSD/sssd/pull/386 Author: amitkumar50 Title: #386: intg: prevent "TypeError: must be type, not classobj" Action: opened PR body: """ Changes - src/config/SSSDConfig/ipachangeconf.py:class IPAChangeConf: - src/sbus/sbus_codegen:class Base: - src/sbus/sbus_codegen:class DBusXMLParser: Resolves: https://pagure.io/SSSD/sssd/issue/3517 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/386/head:pr386 git checkout pr386

5 17

[sssd PR#372][opened] ldap: Change ldap_user_certificate to userCertificate; binary
by amitkumar50 04 Oct '17

04 Oct '17

URL: https://github.com/SSSD/sssd/pull/372 Author: amitkumar50 Title: #372: ldap: Change ldap_user_certificate to userCertificate;binary Action: opened PR body: """ IPA and AD providers default to userCertificate;binary for the ldap_user_certificate option. It will be good to default that value also for the generic LDAP provider. Resolves: https://pagure.io/SSSD/sssd/issue/3499 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/372/head:pr372 git checkout pr372

6 26

kinit on IPA server does not exclusively talk to local KDC
by Lukas Slebodnik 04 Oct '17

04 Oct '17

ehlo, I realized that it might be better to discuss it here rather then in pull requests because it seems to be related to two different commits. I will describe a test case on master with already created replica on another host. * kinit as admin // create user with dummy password * echo $dummypw | ipa user-add $login --first "$firstname" --last "$lastname" \ --password // adding sleep think that first kinit hits slave sometimes and the user is // not replicated yet. * sleep 2 * FirstKinitAs $login $dummypw $password FirstKinitAs is a bash function which change initial password something like: echo -e "$password\n$newpassword\n$newpassword" | kinit -V $username Such test works reliably with 1.15.3 and kinit always talk to local master (I didn't try to remove sleep 2) But situation changed a little bit with git master due to following commits IPA: Only generate kdcinfo files on clients https://pagure.io/SSSD/sssd/c/a309525cc47da726461aec1f238165c17aade2a6 localauth plugin: change return code of sss_an2ln https://pagure.io/SSSD/sssd/c/3f94a979eebd1c9496b49b4e07b7823550dec97e It is enough to revert just one of these patches and situation is back stable BTW failure is not 100% reliable but it happens quite often 40-60% of cases. And I think kinit on IPA server should always talk to local KDC unless it is down. Attaching two logs with KRB5TRACE + SSSD_KRB5_LOCATOR_DEBUG LS

5 15

[sssd PR#398][opened] intg: Fix execution with dbus-1.11.18
by lslebodn 03 Oct '17

03 Oct '17

URL: https://github.com/SSSD/sssd/pull/398 Author: lslebodn Title: #398: intg: Fix execution with dbus-1.11.18 Action: opened PR body: """ Since dbus-1.11.18 DBUS_COOKIE_SHA1 respect $HOME variable and fallback to value returned from getpwnam only if env HOME does not exist. It caused problem for dbus communication between sssd processes because local user usually do not have directory $HOME/.dbus-keyrings/. And directory created in cwrap environment is problmatic [build@host ~]$ ls -ld ~/.dbus-keyrings/ drw-------. 2 build build 6 Oct 3 10:44 /home/build/.dbus-keyrings/ [buildhost ~]$ ls -lna ~/.dbus-keyrings/ ls: cannot access '/home/build/.dbus-keyrings/.': Permission denied ls: cannot access '/home/build/.dbus-keyrings/..': Permission denied total 0 d????????? ? ? ? ? ? . d????????? ? ? ? ? ? .. [build@host ~]$ touch ~/.dbus-keyrings/test touch: cannot touch '/home/build/.dbus-keyrings/test': Permission denied Other alternative would be to set env variable HOME to the same value as in fake passwd file: HOME=$(abs_builddir)/root Related dbus bug: https://bugs.freedesktop.org/show_bug.cgi?id=101960 Resolves: https://pagure.io/SSSD/sssd/issue/3531 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/398/head:pr398 git checkout pr398

2 6

[sssd PR#396][opened] CI: Add missing http-parser-devel dependency
by fidencio 02 Oct '17

02 Oct '17

URL: https://github.com/SSSD/sssd/pull/396 Author: fidencio Title: #396: CI: Add missing http-parser-devel dependency Action: opened PR body: """ As reported on #3526, running $ ./contrib/ci/run on CentOS 7 minimal installation ends up in failure on configure because ./contrib/ci/deps.sh does not attempt to install http-parser-devel. We don't have to worry about CentOS 6 as SSSD is built using --without-secrets there, thus http-parser-devel is not required. Resolves: https://pagure.io/SSSD/sssd/issue/3526 Signed-off-by: Fabiano Fidêncio <fidencio(a)redhat.com> """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/396/head:pr396 git checkout pr396

2 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel October 2017