On 10/20/2014 04:13 PM, Jakub Hrozek wrote:
Hi,
I'll send patches that help SSSD run as a non-root user to this thread.
I'm still chasing some bugs in the krb5_child changes, but the attached
patches are ready for review.
If other developers don't like the idea of a Python-based unit test that
spawns a KDC, I'm equally fine with keeping those patches in my tree --
they served their purpose, after all.
0001-BUILD-Install-ldap_child-and-krb5_child-as-setuid-if.patch
Ack.
0002-LDAP-Move-sss_krb5_verify_keytab_ex-to-ldap_child.patch
Ack.
0003-LDAP-read-the-correct-data-type-from-ldap_child-s-in.patch
/* ticket lifetime */
- SAFEALIGN_COPY_INT32_CHECK(&ibuf->lifetime, buf + p, size, &p);
+ SAFEALIGN_COPY_UINT32_CHECK(&ibuf->lifetime, buf + p, size, &p);
DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %d\n", ibuf->lifetime);
^^^
Should be %u. Otherwise Ack.
0004-LDAP-Drop-privileges-after-kinit-in-ldap_child.patch
Ack.
0005-TESTS-Fix-krb5_child-test.patch
0006-TESTS-Add-a-cwrap-enabled-test-for-krb5_child.patch
I can compile the tests only from your nonroot branch. Even if
I apply the patchsets from:
SSSD: Add the options to specify a UID and GID to run as
Monitor and sbus changes for running SSSD as a non-privileged user
the test compilation fails.
CCLD usertools-tests
../../../src/db/usertools_tests-sysdb_search.o: In function
`sysdb_getpwnam_with_views':
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:104:
undefined reference to `sysdb_search_user_override_by_name'
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:126:
undefined reference to `sysdb_add_overrides_to_object'
../../../src/db/usertools_tests-sysdb_search.o: In function
`sysdb_getpwuid_with_views':
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:209:
undefined reference to `sysdb_search_user_override_by_uid'
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:231:
undefined reference to `sysdb_add_overrides_to_object'
../../../src/db/usertools_tests-sysdb_search.o: In function
`sysdb_enumpwent_with_views':
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:317:
undefined reference to `sysdb_add_overrides_to_object'
../../../src/db/usertools_tests-sysdb_search.o: In function
`sysdb_getgrnam_with_views':
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:396:
undefined reference to `sysdb_search_group_override_by_name'
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:428:
undefined reference to `sysdb_add_overrides_to_object'
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:435:
undefined reference to `sysdb_add_group_member_overrides'
../../../src/db/usertools_tests-sysdb_search.o: In function
`sysdb_getgrgid_with_views':
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:548:
undefined reference to `sysdb_search_group_override_by_gid'
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:580:
undefined reference to `sysdb_add_overrides_to_object'
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:587:
undefined reference to `sysdb_add_group_member_overrides'
../../../src/db/usertools_tests-sysdb_search.o: In function
`sysdb_enumgrent_with_views':
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:745:
undefined reference to `sysdb_add_group_member_overrides'
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:737:
undefined reference to `sysdb_add_overrides_to_object'
../../../src/db/usertools_tests-sysdb_search.o: In function
`sysdb_initgroups_with_views':
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:959:
undefined reference to `sysdb_add_overrides_to_object'
../../../src/db/usertools_tests-sysdb_search.o: In function
`sysdb_get_user_attr_with_views':
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:1083:
undefined reference to `sysdb_search_user_override_attrs_by_name'
/home/user/gitrepo/sssd/src/tests/cwrap/../../../src/db/sysdb_search.c:1105:
undefined reference to `sysdb_add_overrides_to_object'
collect2: error: ld returned 1 exit status
make[3]: *** [usertools-tests] Error 1
make[3]: Leaving directory `/home/user/gitrepo/sssd/src/tests/cwrap'
make[2]: *** [check-am] Error 2
make[2]: Leaving directory `/home/user/gitrepo/sssd/src/tests/cwrap'
make[1]: *** [check-recursive] Error 1
make[1]: Leaving directory `/home/user/gitrepo/sssd'
make: *** [check] Error 2
So there is missing patch in the patchsets on which the test
suite depends.
But even if I run make check from the nonroot branch, It fails
(see attachment).
Michal