[SSSD] [sssd PR#516][comment] DESKPROFILE: Document it doesn't work when run as unprivileged user
URL: https://github.com/SSSD/sssd/pull/516 Title: #516: DESKPROFILE: Document it doesn't work when run as unprivileged user fidencio commented: """ Changes done according to your suggestion. Thanks for the review and I'm removing the "Changes Requested" label. """ See the full comment at https://github.com/SSSD/sssd/pull/516#issuecomment-366889568 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#516][comment] DESKPROFILE: Document it doesn't work when run as unprivileged user
URL: https://github.com/SSSD/sssd/pull/516 Title: #516: DESKPROFILE: Document it doesn't work when run as unprivileged user fidencio commented: """ Changes done according to your suggestion. Thanks for the review and I'm removing the "Changes Requested" label.u """ See the full comment at https://github.com/SSSD/sssd/pull/516#issuecomment-366889568 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#516][-Changes requested] DESKPROFILE: Document it doesn't work when run as unprivileged user
URL: https://github.com/SSSD/sssd/pull/516 Title: #516: DESKPROFILE: Document it doesn't work when run as unprivileged user Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#516][synchronized] DESKPROFILE: Document it doesn't work when run as unprivileged user
URL: https://github.com/SSSD/sssd/pull/516 Author: fidencio Title: #516: DESKPROFILE: Document it doesn't work when run as unprivileged user Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/516/head:pr516 git checkout pr516 From aa179f6f62231dff4e5a108064cd1e91b7a9008d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Fri, 16 Feb 2018 13:12:32 +0100 Subject: [PATCH] DESKPROFILE: Document it doesn't work when run as unprivileged user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabiano Fidêncio --- src/man/sssd.conf.5.xml | 5 + 1 file changed, 5 insertions(+) diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 67856d2b3..1701d888a 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -2461,6 +2461,11 @@ pam_account_locked_message = Account locked, please contact help desk. Default: id_provider is used if it is set and can perform session related tasks. + +In order to have this feature working as expected, +SSSD must be running as "root" and not as the +unprivileged user. + ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#520][+Accepted] DESKPROFILE: Fix 'Improper use of negative value'
URL: https://github.com/SSSD/sssd/pull/520 Title: #520: DESKPROFILE: Fix 'Improper use of negative value' Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#520][comment] DESKPROFILE: Fix 'Improper use of negative value'
URL: https://github.com/SSSD/sssd/pull/520 Title: #520: DESKPROFILE: Fix 'Improper use of negative value' fidencio commented: """ Ouch, I've missed it in just one place. Thanks for the patch, @sumit-bose! ACK! """ See the full comment at https://github.com/SSSD/sssd/pull/520#issuecomment-366889213 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#394][+Rejected] TESTS: Add an integration test for renaming incomplete groups during initgroups
URL: https://github.com/SSSD/sssd/pull/394 Title: #394: TESTS: Add an integration test for renaming incomplete groups during initgroups Label: +Rejected ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#394][comment] TESTS: Add an integration test for renaming incomplete groups during initgroups
URL: https://github.com/SSSD/sssd/pull/394 Title: #394: TESTS: Add an integration test for renaming incomplete groups during initgroups fidencio commented: """ Closing the PR as the very same patch is part of #128 """ See the full comment at https://github.com/SSSD/sssd/pull/394#issuecomment-366779237 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#394][closed] TESTS: Add an integration test for renaming incomplete groups during initgroups
URL: https://github.com/SSSD/sssd/pull/394 Author: jhrozek Title: #394: TESTS: Add an integration test for renaming incomplete groups during initgroups Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/394/head:pr394 git checkout pr394 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#394][-Changes requested] TESTS: Add an integration test for renaming incomplete groups during initgroups
URL: https://github.com/SSSD/sssd/pull/394 Title: #394: TESTS: Add an integration test for renaming incomplete groups during initgroups Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set fidencio commented: """ Patch set has been updated. It already includes the tests provided on #394. """ See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-366779085 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#128][-Changes requested] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#128][synchronized] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128
Author: fidencio
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/128/head:pr128
git checkout pr128
From 36b52887d4b9028a7315790addf7a4432aa56c1d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Fri, 16 Feb 2018 13:55:53 +0100
Subject: [PATCH 01/15] NSS: Add InvalidateGroupById handler
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
There are some situations where, from the backend, the NSS responder
will have to be notified to invalidate a group.
In order to achieve this in a clean way, let's add the
InvalidateGroupById handler and make use of it later in this very same
series.
Related:
https://pagure.io/SSSD/sssd/issue/2653
Signed-off-by: Fabiano Fidêncio
---
src/responder/nss/nss_iface.c | 16 ++
src/responder/nss/nss_iface.xml | 3 +++
src/responder/nss/nss_iface_generated.c | 38 +
src/responder/nss/nss_iface_generated.h | 5 +
4 files changed, 62 insertions(+)
diff --git a/src/responder/nss/nss_iface.c b/src/responder/nss/nss_iface.c
index 415af9550..805e4fcdf 100644
--- a/src/responder/nss/nss_iface.c
+++ b/src/responder/nss/nss_iface.c
@@ -199,12 +199,28 @@ int nss_memorycache_update_initgroups(struct sbus_request *sbus_req,
return iface_nss_memorycache_UpdateInitgroups_finish(sbus_req);
}
+int nss_memorycache_invalidate_group_by_id(struct sbus_request *sbus_req,
+ void *data,
+ gid_t gid)
+{
+struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
+struct nss_ctx *nctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx);
+
+DEBUG(SSSDBG_TRACE_LIBS,
+ "Invalidating group %"PRIu32" from memory cache\n", gid);
+
+sss_mmap_cache_gr_invalidate_gid(nctx->grp_mc_ctx, gid);
+
+return iface_nss_memorycache_InvalidateGroupById_finish(sbus_req);
+}
+
struct iface_nss_memorycache iface_nss_memorycache = {
{ &iface_nss_memorycache_meta, 0 },
.UpdateInitgroups = nss_memorycache_update_initgroups,
.InvalidateAllUsers = nss_memorycache_invalidate_users,
.InvalidateAllGroups = nss_memorycache_invalidate_groups,
.InvalidateAllInitgroups = nss_memorycache_invalidate_initgroups,
+.InvalidateGroupById = nss_memorycache_invalidate_group_by_id,
};
static struct sbus_iface_map iface_map[] = {
diff --git a/src/responder/nss/nss_iface.xml b/src/responder/nss/nss_iface.xml
index 27aae0197..4d8cf14f9 100644
--- a/src/responder/nss/nss_iface.xml
+++ b/src/responder/nss/nss_iface.xml
@@ -14,5 +14,8 @@
+
+
+
diff --git a/src/responder/nss/nss_iface_generated.c b/src/responder/nss/nss_iface_generated.c
index 4a8b704da..8d5a4584b 100644
--- a/src/responder/nss/nss_iface_generated.c
+++ b/src/responder/nss/nss_iface_generated.c
@@ -12,6 +12,9 @@
/* invokes a handler with a 'ssau' DBus signature */
static int invoke_ssau_method(struct sbus_request *dbus_req, void *function_ptr);
+/* invokes a handler with a 'u' DBus signature */
+static int invoke_u_method(struct sbus_request *dbus_req, void *function_ptr);
+
/* arguments for org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups */
const struct sbus_arg_meta iface_nss_memorycache_UpdateInitgroups__in[] = {
{ "user", "s" },
@@ -44,6 +47,18 @@ int iface_nss_memorycache_InvalidateAllInitgroups_finish(struct sbus_request *re
DBUS_TYPE_INVALID);
}
+/* arguments for org.freedesktop.sssd.nss.MemoryCache.InvalidateGroupById */
+const struct sbus_arg_meta iface_nss_memorycache_InvalidateGroupById__in[] = {
+{ "gid", "u" },
+{ NULL, }
+};
+
+int iface_nss_memorycache_InvalidateGroupById_finish(struct sbus_request *req)
+{
+ return sbus_request_return_and_finish(req,
+ DBUS_TYPE_INVALID);
+}
+
/* methods for org.freedesktop.sssd.nss.MemoryCache */
const struct sbus_method_meta iface_nss_memorycache__methods[] = {
{
@@ -74,6 +89,13 @@ const struct sbus_method_meta iface_nss_memorycache__methods[] = {
offsetof(struct iface_nss_memorycache, InvalidateAllInitgroups),
NULL, /* no invoker */
},
+{
+"InvalidateGroupById", /* name */
+iface_nss_memorycache_InvalidateGroupById__in,
+NULL, /* no out_args */
+offsetof(struct iface_nss_memorycache, InvalidateGroupById),
+invoke_u_method,
+},
{ NULL, }
};
@@ -86,6 +108,22 @@ const struct sbus_interface_meta iface_nss_memorycache_meta = {
sbus_invoke_get_all, /* GetAll invoker */
};
+/* invokes a handler with a 'u' DBus signature */
+static int invoke_u_method(struct sbus_request *dbus_req, void *function_ptr
[SSSD] [sssd PR#520][opened] DESKPROFILE: Fix 'Improper use of negative value'
URL: https://github.com/SSSD/sssd/pull/520
Author: sumit-bose
Title: #520: DESKPROFILE: Fix 'Improper use of negative value'
Action: opened
PR body:
"""
This issue was found by Coverity. Similar as in code block before ret
must be set to errno to allow proper log messages since initial ret will
always be -1.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/520/head:pr520
git checkout pr520
From e035417b0aac8bfef8361d01c26f328d53cb2da3 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Mon, 19 Feb 2018 17:56:32 +0100
Subject: [PATCH] DESKPROFILE: Fix 'Improper use of negative value'
This issue was found by Coverity. Similar as in code block before ret
must be set to errno to allow proper log messages since initial ret will
always be -1.
---
src/providers/ipa/ipa_deskprofile_rules_util.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/providers/ipa/ipa_deskprofile_rules_util.c b/src/providers/ipa/ipa_deskprofile_rules_util.c
index e52587378..8f4d4c90c 100644
--- a/src/providers/ipa/ipa_deskprofile_rules_util.c
+++ b/src/providers/ipa/ipa_deskprofile_rules_util.c
@@ -1065,6 +1065,7 @@ ipa_deskprofile_rules_remove_user_dir(const char *user_dir,
if (getegid() != orig_gid) {
ret = setegid(orig_gid);
if (ret == -1) {
+ret = errno;
DEBUG(SSSDBG_CRIT_FAILURE,
"Unable to set effective user id (%"PRIu32") of the "
"domain's process [%d]: %s\n",
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#517][comment] Fix two memory leaks in the AD provider
URL: https://github.com/SSSD/sssd/pull/517 Title: #517: Fix two memory leaks in the AD provider sumit-bose commented: """ Sorry, there were some unrelated changes in the last commit. """ See the full comment at https://github.com/SSSD/sssd/pull/517#issuecomment-366748803 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#517][synchronized] Fix two memory leaks in the AD provider
URL: https://github.com/SSSD/sssd/pull/517
Author: sumit-bose
Title: #517: Fix two memory leaks in the AD provider
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/517/head:pr517
git checkout pr517
From 3296630559b3dfd697700cb73f32422c327e6379 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Fri, 16 Feb 2018 12:07:28 +0100
Subject: [PATCH 1/2] AD: sdap_get_ad_tokengroups_done() allocate temporary
data on state
Related to https://pagure.io/SSSD/sssd/issue/3639
---
src/providers/ldap/sdap_async_initgroups_ad.c | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
index 9da671a99..30f1d3db2 100644
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -372,7 +372,6 @@ sdap_get_ad_tokengroups_send(TALLOC_CTX *mem_ctx,
static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq)
{
-TALLOC_CTX *tmp_ctx = NULL;
struct sdap_get_ad_tokengroups_state *state = NULL;
struct tevent_req *req = NULL;
struct sysdb_attrs **users = NULL;
@@ -386,7 +385,7 @@ static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq)
req = tevent_req_callback_data(subreq, struct tevent_req);
state = tevent_req_data(req, struct sdap_get_ad_tokengroups_state);
-ret = sdap_get_generic_recv(subreq, tmp_ctx, &num_users, &users);
+ret = sdap_get_generic_recv(subreq, state, &num_users, &users);
talloc_zfree(subreq);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
@@ -449,8 +448,6 @@ static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq)
ret = EOK;
done:
-talloc_free(tmp_ctx);
-
if (ret != EOK) {
tevent_req_error(req, ret);
return;
From 9bc9a7ab953de94e299f2829223b9205ebdea349 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Fri, 16 Feb 2018 12:09:01 +0100
Subject: [PATCH 2/2] AD: do not allocate temporary data on long living context
Related to https://pagure.io/SSSD/sssd/issue/3639
---
src/providers/ad/ad_common.c | 5 +++--
src/providers/ad/ad_common.h | 3 ++-
src/providers/ad/ad_id.c | 2 +-
src/tests/cmocka/test_ad_common.c | 4 ++--
4 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
index 84845e285..2a1647173 100644
--- a/src/providers/ad/ad_common.c
+++ b/src/providers/ad/ad_common.c
@@ -1402,13 +1402,14 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx,
}
struct sdap_id_conn_ctx **
-ad_user_conn_list(struct ad_id_ctx *ad_ctx,
+ad_user_conn_list(TALLOC_CTX *mem_ctx,
+ struct ad_id_ctx *ad_ctx,
struct sss_domain_info *dom)
{
struct sdap_id_conn_ctx **clist;
int cindex = 0;
-clist = talloc_zero_array(ad_ctx, struct sdap_id_conn_ctx *, 3);
+clist = talloc_zero_array(mem_ctx, struct sdap_id_conn_ctx *, 3);
if (clist == NULL) {
return NULL;
}
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index ce33b37c7..931aafc6c 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -175,7 +175,8 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom);
struct sdap_id_conn_ctx **
-ad_user_conn_list(struct ad_id_ctx *ad_ctx,
+ad_user_conn_list(TALLOC_CTX *mem_ctx,
+ struct ad_id_ctx *ad_ctx,
struct sss_domain_info *dom);
struct sdap_id_conn_ctx *
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
index 0b8f49819..782d9bc40 100644
--- a/src/providers/ad/ad_id.c
+++ b/src/providers/ad/ad_id.c
@@ -367,7 +367,7 @@ get_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx,
switch (ar->entry_type & BE_REQ_TYPE_MASK) {
case BE_REQ_USER: /* user */
-clist = ad_user_conn_list(ad_ctx, dom);
+clist = ad_user_conn_list(mem_ctx, ad_ctx, dom);
break;
case BE_REQ_BY_SECID: /* by SID */
case BE_REQ_USER_AND_GROUP: /* get SID */
diff --git a/src/tests/cmocka/test_ad_common.c b/src/tests/cmocka/test_ad_common.c
index a92a15d90..94f351e19 100644
--- a/src/tests/cmocka/test_ad_common.c
+++ b/src/tests/cmocka/test_ad_common.c
@@ -771,7 +771,7 @@ void test_user_conn_list(void **state)
struct ad_common_test_ctx);
assert_non_null(test_ctx);
-conn_list = ad_user_conn_list(test_ctx->ad_ctx,
+conn_list = ad_user_conn_list(test_ctx, test_ctx->ad_ctx,
test_ctx->dom);
assert_non_null(conn_list);
@@ -780,7 +780,7 @@ void test_user_conn_list(void **state)
assert_null(conn_list[1]);
talloc_free(conn_list);
-conn_list = ad_user_conn_list(test_ctx->ad_ctx,
+conn_list = ad_user_conn_list(test_ctx, test_ctx->ad_ctx,
test_ct
[SSSD] [sssd PR#517][-Changes requested] Fix two memory leaks in the AD provider
URL: https://github.com/SSSD/sssd/pull/517 Title: #517: Fix two memory leaks in the AD provider Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#517][comment] Fix two memory leaks in the AD provider
URL: https://github.com/SSSD/sssd/pull/517 Title: #517: Fix two memory leaks in the AD provider sumit-bose commented: """ oopsy, fixed version pushed. """ See the full comment at https://github.com/SSSD/sssd/pull/517#issuecomment-366703772 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#517][synchronized] Fix two memory leaks in the AD provider
URL: https://github.com/SSSD/sssd/pull/517
Author: sumit-bose
Title: #517: Fix two memory leaks in the AD provider
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/517/head:pr517
git checkout pr517
From 3296630559b3dfd697700cb73f32422c327e6379 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Fri, 16 Feb 2018 12:07:28 +0100
Subject: [PATCH 1/2] AD: sdap_get_ad_tokengroups_done() allocate temporary
data on state
Related to https://pagure.io/SSSD/sssd/issue/3639
---
src/providers/ldap/sdap_async_initgroups_ad.c | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
index 9da671a99..30f1d3db2 100644
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -372,7 +372,6 @@ sdap_get_ad_tokengroups_send(TALLOC_CTX *mem_ctx,
static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq)
{
-TALLOC_CTX *tmp_ctx = NULL;
struct sdap_get_ad_tokengroups_state *state = NULL;
struct tevent_req *req = NULL;
struct sysdb_attrs **users = NULL;
@@ -386,7 +385,7 @@ static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq)
req = tevent_req_callback_data(subreq, struct tevent_req);
state = tevent_req_data(req, struct sdap_get_ad_tokengroups_state);
-ret = sdap_get_generic_recv(subreq, tmp_ctx, &num_users, &users);
+ret = sdap_get_generic_recv(subreq, state, &num_users, &users);
talloc_zfree(subreq);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
@@ -449,8 +448,6 @@ static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq)
ret = EOK;
done:
-talloc_free(tmp_ctx);
-
if (ret != EOK) {
tevent_req_error(req, ret);
return;
From 95f2375a904ae489f51ce6acc4a5318d591b86f1 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Fri, 16 Feb 2018 12:09:01 +0100
Subject: [PATCH 2/2] AD: do not allocate temporary data on long living context
Related to https://pagure.io/SSSD/sssd/issue/3639
---
src/providers/ad/ad_common.c | 5 +++--
src/providers/ad/ad_common.h | 3 ++-
src/providers/ad/ad_id.c | 2 +-
src/providers/ipa/ipa_deskprofile_rules_util.c | 1 +
src/sss_client/common.c| 2 +-
src/tests/cmocka/test_ad_common.c | 4 ++--
6 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
index 84845e285..2a1647173 100644
--- a/src/providers/ad/ad_common.c
+++ b/src/providers/ad/ad_common.c
@@ -1402,13 +1402,14 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx,
}
struct sdap_id_conn_ctx **
-ad_user_conn_list(struct ad_id_ctx *ad_ctx,
+ad_user_conn_list(TALLOC_CTX *mem_ctx,
+ struct ad_id_ctx *ad_ctx,
struct sss_domain_info *dom)
{
struct sdap_id_conn_ctx **clist;
int cindex = 0;
-clist = talloc_zero_array(ad_ctx, struct sdap_id_conn_ctx *, 3);
+clist = talloc_zero_array(mem_ctx, struct sdap_id_conn_ctx *, 3);
if (clist == NULL) {
return NULL;
}
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index ce33b37c7..931aafc6c 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -175,7 +175,8 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom);
struct sdap_id_conn_ctx **
-ad_user_conn_list(struct ad_id_ctx *ad_ctx,
+ad_user_conn_list(TALLOC_CTX *mem_ctx,
+ struct ad_id_ctx *ad_ctx,
struct sss_domain_info *dom);
struct sdap_id_conn_ctx *
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
index 0b8f49819..782d9bc40 100644
--- a/src/providers/ad/ad_id.c
+++ b/src/providers/ad/ad_id.c
@@ -367,7 +367,7 @@ get_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx,
switch (ar->entry_type & BE_REQ_TYPE_MASK) {
case BE_REQ_USER: /* user */
-clist = ad_user_conn_list(ad_ctx, dom);
+clist = ad_user_conn_list(mem_ctx, ad_ctx, dom);
break;
case BE_REQ_BY_SECID: /* by SID */
case BE_REQ_USER_AND_GROUP: /* get SID */
diff --git a/src/providers/ipa/ipa_deskprofile_rules_util.c b/src/providers/ipa/ipa_deskprofile_rules_util.c
index e52587378..8f4d4c90c 100644
--- a/src/providers/ipa/ipa_deskprofile_rules_util.c
+++ b/src/providers/ipa/ipa_deskprofile_rules_util.c
@@ -1065,6 +1065,7 @@ ipa_deskprofile_rules_remove_user_dir(const char *user_dir,
if (getegid() != orig_gid) {
ret = setegid(orig_gid);
if (ret == -1) {
+ret = errno;
DEBUG(SSSDBG_CRIT_FAILURE,
"Unable to set effective user id (%"PRIu32") of the "
"domain's process [%d]: %s\n",
diff --git a/src/sss_client/common.c b/src/sss_client/common.c
index 67a460705
[SSSD] [sssd PR#517][comment] Fix two memory leaks in the AD provider
URL: https://github.com/SSSD/sssd/pull/517 Title: #517: Fix two memory leaks in the AD provider jhrozek commented: """ I think the patches look good in general, but the tests don't compile at the moment: ``` /home/remote/jhrozek/devel/sssd/src/tests/cmocka/test_ad_common.c: In function ‘test_user_conn_list’: /home/remote/jhrozek/devel/sssd/src/tests/cmocka/test_ad_common.c:775:35: warning: passing argument 2 of ‘ad_user_conn_list’ from incompatible pointer type [-Wincompatible-pointer-types] test_ctx->dom); ^~~~ In file included from /home/remote/jhrozek/devel/sssd/src/tests/cmocka/test_ad_common.c:40:0: /home/remote/jhrozek/devel/sssd/src/providers/ad/ad_common.c:1405:1: note: expected ‘struct ad_id_ctx *’ but argument is of type ‘struct sss_domain_info *’ ad_user_conn_list(TALLOC_CTX *mem_ctx, ^ /home/remote/jhrozek/devel/sssd/src/tests/cmocka/test_ad_common.c:774:17: error: too few arguments to function ‘ad_user_conn_list’ conn_list = ad_user_conn_list(test_ctx->ad_ctx, ^ In file included from /home/remote/jhrozek/devel/sssd/src/tests/cmocka/test_ad_common.c:40:0: /home/remote/jhrozek/devel/sssd/src/providers/ad/ad_common.c:1405:1: note: declared here ad_user_conn_list(TALLOC_CTX *mem_ctx, ^ /home/remote/jhrozek/devel/sssd/src/tests/cmocka/test_ad_common.c:784:35: warning: passing argument 2 of ‘ad_user_conn_list’ from incompatible pointer type [-Wincompatible-pointer-types] test_ctx->subdom); ^~~~ In file included from /home/remote/jhrozek/devel/sssd/src/tests/cmocka/test_ad_common.c:40:0: /home/remote/jhrozek/devel/sssd/src/providers/ad/ad_common.c:1405:1: note: expected ‘struct ad_id_ctx *’ but argument is of type ‘struct sss_domain_info *’ ad_user_conn_list(TALLOC_CTX *mem_ctx, ^
[SSSD] [sssd PR#517][+Changes requested] Fix two memory leaks in the AD provider
URL: https://github.com/SSSD/sssd/pull/517 Title: #517: Fix two memory leaks in the AD provider Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#519][comment] DEBUG: Print simple access provider allow and deny lists
URL: https://github.com/SSSD/sssd/pull/519 Title: #519: DEBUG: Print simple access provider allow and deny lists sumit-bose commented: """ ok to test """ See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-366623797 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set fidencio commented: """ Okay, I'll work on Sumit's suggestion. Please, just mind that while I (theoretically) do have access* to the struct data_provider from the sdap_ad_save_group_membership_with_idmapping() (which is one of the callers of sysdb_add_incomplete_group()), I don't from sdap_add_incomplete_group() (which is the other caller) and passing struct data_provider down there seems quite intrusive ... on the other hand, there's nothing else we can do differently here. *: I do have access from idmap_ctx->id_ctx->be_ctx->provider ... which is a quite ugly and indirect way to access it. Not related to this series, but we should start adding some new methods to give a clear idea about what we should or should not do from specific layers ... IOW ... "Does it have a method to get this structure? go for it!" ... "Do I have to be accessing stuff in a really indirect way? ... Then you most likely are doing something wrong" ... I'll re-updated the patches soon. @sumit-bose, @jhrozek, thanks for the input! """ See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-366616192 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
