URL: https://github.com/SSSD/sssd/pull/556
Author: fidencio
Title: #556: COVERITY: Add coverity support
Action: opened
PR body:
"""
Using travis-ci we can start doing coverity scans on every pushed code.
This is not something new as so far we have been relying on sgallagh's
internal infra to do so, unfortunatelly the infra is about to be
retired ... thus, start to use public coverity's instance is a hard
requirement for us.
Signed-off-by: Fabiano Fidêncio <fidencio(a)redhat.com>
Signed-off-by: Edjunior Machado <emachado(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/556/head:pr556
git checkout pr556
Hi,
there are several PRs that were not touched for months. I would like to close them with a friendly message that the reporter can reopen them if they are inclined:
https://github.com/SSSD/sssd/pull/175 - Add module for starting services
- does not apply anymore. It’s a good effort in general, though and I would like to see someone revive it, there is too much code duplication in the integration tests
https://github.com/SSSD/sssd/pull/247 - Subdomain inherit
- we want this change to be done eventually, but there’s no reason to keep tracking this PR as long as we have a ticket upstream
https://github.com/SSSD/sssd/pull/387 - Setting ldap_sudo_include_regexp to false
- no updates from the submitter for several months
https://github.com/SSSD/sssd/pull/410 - IPA: sanitize name in override search filter - Backport to SSSD-1.13
- I don’t think anyone will respin this PR..
https://github.com/SSSD/sssd/pull/430 - tests: Remove the pysss.local interface
- no updates from the submitter for several months
https://github.com/SSSD/sssd/pull/431 - Remove ldap_groups_use_matching_rule_in_chain
- no updates from the submitter for several months
https://github.com/SSSD/sssd/pull/436 - subdomains: Remove code only used in tests
- no updates from the submitter for several months
Is anyone against closing these?
URL: https://github.com/SSSD/sssd/pull/531
Author: fidencio
Title: #531: Add the needed machinery to have automated builds for our COPR repos
Action: opened
PR body:
"""
As the title says, these patches are introducing the needed machinery to have automated builds for our COPR repos.
The next steps are:
- On Pagure, someone who has admin rights will have to:
- Go to the project's web page: https://pagure.io/SSSD/sssd
- Click in the "Settings" button
- Go down to the "Hook" section
- Click in the "Fedmsg" field
- Check the "Active" checkbox
- Click in the "Update" button
- On COPR:
- Go to the each project's webpage:
- https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-13/
- https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-14/
- To be created
- https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-16/
- https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-master/
- Go to the "Packages" tab
- Click in "sssd" package
- In "Default Build Source" section, click in the "Edit" button
- In the SCM tab do:
- Type: Git
- Clone url: https://pagure.io/SSSD/sssd.git
- Committish: <branch name> (eg, master, sssd-1-13, sssd-1-14, ...)
- In the "How to build SRPM from the source" section, select:
- make srpm
- Click in the "Submit" button
After those steps, a new push would trigger a new copr build to the project.
The OSes that we're targeting are:
- el (all version, all arches)
- fedora (all versions, all arches)
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/531/head:pr531
git checkout pr531
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
OK, I'm done with the code review. tl;dr the zero timeut is confusing and the commented out code needs to be removed. I'm struggling a bit with testing with Yubikey for some reason, but let me fight with it until tomorrow at least, if I can't figure out everything by myself, I'll ping you for help..
"""
See the full comment at https://github.com/SSSD/sssd/pull/570#issuecomment-388821204
URL: https://github.com/SSSD/sssd/pull/569
Author: sumit-bose
Title: #569: NSS: remove timed event if related object is removed
Action: opened
PR body:
"""
setnetgrent_result_timeout() is called as a timed event to free the
netgr data is the cache lifetime is exceeded. If the data is freed
earlier the timed event should be removed as well to avoid a double
free issue.
Since talloc is used here the most easy way to achieve this is to
allocate the timed event on the netgr object itself.
Related to https://pagure.io/SSSD/sssd/issue/3523
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/569/head:pr569
git checkout pr569
URL: https://github.com/SSSD/sssd/pull/464
Author: fidencio
Title: #464: SYSDB: Properly handle name/gid override when using domain resolution order
Action: opened
PR body:
"""
When using name/gid override together with domain resolution order the
mpg name/gid may be returned instead of the overridden one.
In order to avoid that, let's add a check in case the domain supports
mpg so we can ensure that the originalADname and originalADgidNumber
attributes are the very same as the ones searched and then normally
proceed with the current flow in the code. In case those are not the
same, we *must* follow the code path for the non-mpg domains and then
return the proper values.
Resolves: https://pagure.io/SSSD/sssd/issue/3595
Signed-off-by: Fabiano Fidêncio <fidencio(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/464/head:pr464
git checkout pr464
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
Let me review the whole lot and sorry PR #553 was taking too long, but downstream was..busy..lately..
first, I'll just add comments about the patches as I read them, testing will be next. So feel free to reply to comments, but let's respin the patches if needed only later..
"""
See the full comment at https://github.com/SSSD/sssd/pull/570#issuecomment-388336862
URL: https://github.com/SSSD/sssd/pull/566
Author: sumit-bose
Title: #566: NSS: nss_clear_netgroup_hash_table() do not free data
Action: opened
PR body:
"""
nss_clear_netgroup_hash_table() is called during the clearEnumCache SBUS
request, which is e.g. used during 'sss_cache -E', to remove netgroup
data cached in the memory of the NSS responder.
Currently nss_clear_netgroup_hash_table() calls
'sss_ptr_hash_delete_all(nss_ctx->netgrent, true);' which not only
removes all entries in the 'netgerent' hash table but frees them as
well.
The second step is not needed because nss_setnetgrent_set_timeout()
takes care that the data is freed after a timeout. Additionally freeing
the data in nss_clear_netgroup_hash_table() can even do harm when the
request is received by the NSS responder while waiting for the backend
to acquire the netgroup data. Because if the backend is done the NSS
responder tries do use enum_ctx which might have been freed in the
meantime.
Because of this nss_clear_netgroup_hash_table() should only remove the
data from the hash table but not free it.
Related to https://pagure.io/SSSD/sssd/issue/3731
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/566/head:pr566
git checkout pr566
Hi,
I have noticed that sssd does not trim whitespaces from strings while
parsing netgroup triples. Comment inside code explains that it follow
the nss_ldap implementation:
src/db/sysdb_search.c:
1687 /* This function splits a three-tuple into three strings
1688 * It assumes that any whitespace between the parentheses
1689 * and commas are intentional and does not attempt to
1690 * strip them out. Leading and trailing whitespace is
1691 * ignored.
1692 *
1693 * This behavior is compatible with nss_ldap's
1694 * implementation.
1695 */
1696 static errno_t sysdb_netgr_split_triple(TALLOC_CTX *mem_ctx,
Don't know which nss_ldap implementation is referenced, the one from
PADL trim the spaces (and glibc too):
https://github.com/PADL/nss_ldap/blob/154730b5a2b58a4212e419b498476fcb5
a60de7b/ldap-netgrp.c#L251
Is the difference intended?
I run into it when LDAP server returns some of the host strings with
spaces around which works with nss_ldap form PADL, but not with sssd.
Fix is easy, but I'm afraid that it could break some other corner cases
like netgroup rules for users with leading/trailing whitespaces in
username.
What's your opinion on it?
Thanks