sssd-devel May 2017

sssd-devel@lists.fedorahosted.org

9 participants
73 discussions

[sssd PR#278][opened] CONFIG: Add subdomain_homedir to config locations
by justin-stephenson 26 May '17

26 May '17

URL: https://github.com/SSSD/sssd/pull/278 Author: justin-stephenson Title: #278: CONFIG: Add subdomain_homedir to config locations Action: opened PR body: """ Option **subdomain_homedir** was missing from Python config API an `cfg_rules.ini` leading to config file validation failures. Add this option into the necessary locations similar to other provider-generic domain options. Resolves: https://pagure.io/SSSD/sssd/issue/3389 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/278/head:pr278 git checkout pr278

4 9

[sssd PR#234][opened] HBAC: Use memberof ASQ search instead of originalMemberOf
by jhrozek 26 May '17

26 May '17

URL: https://github.com/SSSD/sssd/pull/234 Author: jhrozek Title: #234: HBAC: Use memberof ASQ search instead of originalMemberOf Action: opened PR body: """ This PR should fix the bug we were seeing in the HBAC evaluation of users from a trusted AD domain where the originalMemberOf didn't match the memberOf attributes. Because maintaining the originalMemberOf attributes is fragile, let's instead dereference the memberOf attribute and look at the names of the groups this way. There is one unresolved issue in the patch - how to filter the groups from a single domain. The most error-prone method would be to just do a search by name with a domain set, but that would mean N searches for N groups. Alternatively, if other developers don't think that is too much of a hack, we could just construct a base DN of the IPA domain sysdb group container and pop the RDN from the DN of the object examined and compare the two. That would be reasonably fast. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/234/head:pr234 git checkout pr234

3 25

[sssd PR#279][opened] BUILD: Fix build without ssh
by lslebodn 25 May '17

25 May '17

URL: https://github.com/SSSD/sssd/pull/279 Author: lslebodn Title: #279: BUILD: Fix build without ssh Action: opened PR body: """ Reported by gentoo user on IRC because SSH responder is optionally build there. cache_req_host_by_name_lookup should be used only by ssh responder. But we cannot rely on this fact and therefore we should return ERR_INTERNAL instead of EOK to catch mis-usage of the cache_req plugin autoreconf -if ./configure --without-ssh make check CCLD sssd_nss src/responder/common/cache_req/plugins/cache_req_host_by_name.o: In function `cache_req_host_by_name_lookup': src/responder/common/cache_req/plugins/cache_req_host_by_name.c:48: undefined reference to `sysdb_get_ssh_host' collect2: error: ld returned 1 exit status make: *** [Makefile:14285: sssd_nss] Error 1 src/tests/cmocka/test_utils-test_sss_ssh.o: In function `test_textual_public_key': src/tests/cmocka/test_sss_ssh.c:78: undefined reference to `sss_ssh_format_pubkey' src/tests/cmocka/test_sss_ssh.c:82: undefined reference to `sss_ssh_format_pubkey' src/tests/cmocka/test_sss_ssh.c:86: undefined reference to `sss_ssh_format_pubkey' src/tests/cmocka/test_sss_ssh.c:89: undefined reference to `sss_ssh_format_pubkey' src/tests/cmocka/test_sss_ssh.c:92: undefined reference to `sss_ssh_format_pubkey' src/tests/cmocka/test_utils-test_sss_ssh.o:src/tests/cmocka/test_sss_ssh.c:95: more undefined references to `sss_ssh_format_pubkey' follow collect2: error: ld returned 1 exit status """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/279/head:pr279 git checkout pr279

2 6

[sssd PR#286][opened] I found two Coverity warnings in the current master while looking for another issue.
by jhrozek 25 May '17

25 May '17

URL: https://github.com/SSSD/sssd/pull/286 Author: jhrozek Title: #286: I found two Coverity warnings in the current master while looking for another issue. Action: opened PR body: """ IPA: Return from function after marking a request as finished Fixes: Error: UNINIT (CWE-457): sssd-1.15.3/src/providers/ipa/ipa_s2n_exop.c:782: var_decl: Declaring variable "ret" without initializer. sssd-1.15.3/src/providers/ipa/ipa_s2n_exop.c:1001: uninit_use: Using uninitialized value "ret". # 999| name = NULL; # 1000| fq_name = NULL; # 1001|-> if (ret != EOK) { # 1002| DEBUG(SSSDBG_OP_FAILURE, "add_to_name_list failed.\n"); # 1003| goto done; IPA: Avoid using uninitialized ret value when skipping entries from the joined domain Fixes: Error: FORWARD_NULL (CWE-476): sssd-1.15.3/src/providers/ipa/ipa_s2n_exop.c:2659: var_compare_op: Comparing "state->attrs" to null implies that "state->attrs" might be null. sssd-1.15.3/src/providers/ipa/ipa_s2n_exop.c:2668: var_deref_op: Dereferencing null pointer "state->attrs". # 2666| } # 2667| # 2668|-> ret = sysdb_attrs_get_string(state->attrs->sysdb_attrs, SYSDB_SID_STR, # 2669| &sid_str); # 2670| if (ret == ENOENT) { """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/286/head:pr286 git checkout pr286

3 7

[sssd PR#284][opened] krb5: accept changed principal if krb5_canonicalize=True
by sumit-bose 25 May '17

25 May '17

URL: https://github.com/SSSD/sssd/pull/284 Author: sumit-bose Title: #284: krb5: accept changed principal if krb5_canonicalize=True Action: opened PR body: """ Currently SSSD accepts significant changes in the principal only if krb5_use_enterprise_principal=True. But canonicalization can lead to similar changes so they should be accepted in this case as well. Resolves https://pagure.io/SSSD/sssd/issue/3408 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/284/head:pr284 git checkout pr284

3 4

[sssd PR#283][opened] KCM: Fix the per-client serialization queue
by jhrozek 24 May '17

24 May '17

URL: https://github.com/SSSD/sssd/pull/283 Author: jhrozek Title: #283: KCM: Fix the per-client serialization queue Action: opened PR body: """ Resolves: https://pagure.io/SSSD/sssd/issue/3372 Fixes a race condition between one client request adding an operation to the hash table value, which was previously a linked list of operations, while another concurrent operation would remove the last remaining linked list element through its callback. Instead, the hash table value is now a separate 'queue head' structure which is only changed in a tevent request to make sure is is not processes concurrently with adding to the queue (which is also a tevent request). """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/283/head:pr283 git checkout pr283

2 10

[sssd PR#280][opened] BUILD: Link libwbclient with libdl
by lslebodn 24 May '17

24 May '17

URL: https://github.com/SSSD/sssd/pull/280 Author: lslebodn Title: #280: BUILD: Link libwbclient with libdl Action: opened PR body: """ https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.… dlopen-tests cannot catch it because it has to be linked with libdl sh$ grep dlopen src/sss_client/libwbclient/ src/sss_client/libwbclient/wbc_pwd_sssd.c: ctx->dl_handle = dlopen("libnss_sss.so.2", RTLD_NOW); sh$ nm --dynamic --undefined-only .libs/libwbclient.so | grep dlopen U dlopen """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/280/head:pr280 git checkout pr280

3 5

[sssd PR#282][opened] ipa: filter IPA users from extdom lookups by certificate
by sumit-bose 24 May '17

24 May '17

URL: https://github.com/SSSD/sssd/pull/282 Author: sumit-bose Title: #282: ipa: filter IPA users from extdom lookups by certificate Action: opened PR body: """ The extdom lookup by certificate will return the names of all matching users, both from the IPA and trusted domains. The IPA users from the list should not be looked up via the extdom plugin because they are already lookup up directly. Additionally the lookup might fail and cause an error which might prevent that the remaining users from the list are looked up. Resolves https://pagure.io/SSSD/sssd/issue/3407 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/282/head:pr282 git checkout pr282

3 6

[sssd PR#255][opened] Use default configuration with missing sssd.conf
by lslebodn 23 May '17

23 May '17

URL: https://github.com/SSSD/sssd/pull/255 Author: lslebodn Title: #255: Use default configuration with missing sssd.conf Action: opened PR body: """ https://pagure.io/SSSD/sssd/issue/3339 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/255/head:pr255 git checkout pr255

3 15

[sssd PR#271][opened] pam: properly support UPN logon names
by sumit-bose 23 May '17

23 May '17

URL: https://github.com/SSSD/sssd/pull/271 Author: sumit-bose Title: #271: pam: properly support UPN logon names Action: opened PR body: """ Many logon applications like /bin/login or sshd canonicalize the user name before they call pam_start() and hence the UPN is not seen by SSSD's pam responder. But some like e.g. gdm don't and authentication might fail if a UPN is used. The reason is that currently the already parsed short name of the user was used in the cache_req and hence the cache_req was not able to fall back to the UPN lookup code. This patch uses the name originally provided by the user as input to allow the fallback to the UPN lookup. Resolves https://pagure.io/SSSD/sssd/issue/3240 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/271/head:pr271 git checkout pr271

3 9

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel May 2017