[SSSD]Re: [PATCH] ldap_test.py: Modify enum cache timeouts
On (02/12/15 17:10), Michal Židek wrote: >Hi! > >I saw some integration tests failures recently, >and I think there is a race condition between the >enumeration refresh timeout and the sleeps >after some operations that wait for this timeout. >SSSD fails to populate changes from LDAP in time >and some asserts can fail because of this. > >So far I saw 4 tests to fail like this, which >is already quite a lot. > >The attached patch modifies the timeout values >and hopefully removes the issue. > >Michal >From b724db15ce0c1593cfdd7b4da8e0c39e97942e8c Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Michal=20=C5=BDidek?= >Date: Wed, 2 Dec 2015 16:44:48 +0100 >Subject: [PATCH] ldap_test.py: Modify enum cache timeouts > >There is a race condation between ldap >enumeration refresh timeout and the sleeps >that wait for the ldap changes to populate >to SSSD if the timeout and the sleeps have >the same value. >--- > src/tests/intg/ldap_test.py | 30 +- > 1 file changed, 17 insertions(+), 13 deletions(-) > >diff --git a/src/tests/intg/ldap_test.py b/src/tests/intg/ldap_test.py >index 757ee20..8ec8dbe 100644 >--- a/src/tests/intg/ldap_test.py >+++ b/src/tests/intg/ldap_test.py >@@ -33,7 +33,11 @@ import ldap_ent > from util import * > > LDAP_BASE_DN = "dc=example,dc=com" >-INTERACTIVE_TIMEOUT = 4 >+INTERACTIVE_TIMEOUT = 2 >+ >+ >+def wait_for_ldap_enum_refresh(): >+time.sleep(INTERACTIVE_TIMEOUT + 4) Why does it need to be INTERACTIVE_TIMEOUT + 4 Could it be INTERACTIVE_TIMEOUT + 3 or + 5 LS ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD][PATCH] ldap_test.py: Modify enum cache timeouts
Hi!
I saw some integration tests failures recently,
and I think there is a race condition between the
enumeration refresh timeout and the sleeps
after some operations that wait for this timeout.
SSSD fails to populate changes from LDAP in time
and some asserts can fail because of this.
So far I saw 4 tests to fail like this, which
is already quite a lot.
The attached patch modifies the timeout values
and hopefully removes the issue.
Michal
>From b724db15ce0c1593cfdd7b4da8e0c39e97942e8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?=
Date: Wed, 2 Dec 2015 16:44:48 +0100
Subject: [PATCH] ldap_test.py: Modify enum cache timeouts
There is a race condation between ldap
enumeration refresh timeout and the sleeps
that wait for the ldap changes to populate
to SSSD if the timeout and the sleeps have
the same value.
---
src/tests/intg/ldap_test.py | 30 +-
1 file changed, 17 insertions(+), 13 deletions(-)
diff --git a/src/tests/intg/ldap_test.py b/src/tests/intg/ldap_test.py
index 757ee20..8ec8dbe 100644
--- a/src/tests/intg/ldap_test.py
+++ b/src/tests/intg/ldap_test.py
@@ -33,7 +33,11 @@ import ldap_ent
from util import *
LDAP_BASE_DN = "dc=example,dc=com"
-INTERACTIVE_TIMEOUT = 4
+INTERACTIVE_TIMEOUT = 2
+
+
+def wait_for_ldap_enum_refresh():
+time.sleep(INTERACTIVE_TIMEOUT + 4)
@pytest.fixture(scope="module")
@@ -466,11 +470,11 @@ def test_add_remove_user(ldap_conn, blank_rfc2307):
# Add the user
ent.assert_passwd(ent.contains_only())
ldap_conn.add_s(*e)
-time.sleep(INTERACTIVE_TIMEOUT)
+wait_for_ldap_enum_refresh()
ent.assert_passwd(ent.contains_only(dict(name="user", uid=1001)))
# Remove the user
ldap_conn.delete_s(e[0])
-time.sleep(INTERACTIVE_TIMEOUT)
+wait_for_ldap_enum_refresh()
ent.assert_passwd(ent.contains_only())
@@ -481,11 +485,11 @@ def test_add_remove_group_rfc2307(ldap_conn, blank_rfc2307):
# Add the group
ent.assert_group(ent.contains_only())
ldap_conn.add_s(*e)
-time.sleep(INTERACTIVE_TIMEOUT)
+wait_for_ldap_enum_refresh()
ent.assert_group(ent.contains_only(dict(name="group", gid=2001)))
# Remove the group
ldap_conn.delete_s(e[0])
-time.sleep(INTERACTIVE_TIMEOUT)
+wait_for_ldap_enum_refresh()
ent.assert_group(ent.contains_only())
@@ -496,11 +500,11 @@ def test_add_remove_group_rfc2307_bis(ldap_conn, blank_rfc2307_bis):
# Add the group
ent.assert_group(ent.contains_only())
ldap_conn.add_s(*e)
-time.sleep(INTERACTIVE_TIMEOUT)
+wait_for_ldap_enum_refresh()
ent.assert_group(ent.contains_only(dict(name="group", gid=2001)))
# Remove the group
ldap_conn.delete_s(e[0])
-time.sleep(INTERACTIVE_TIMEOUT)
+wait_for_ldap_enum_refresh()
ent.assert_group(ent.contains_only())
@@ -511,12 +515,12 @@ def test_add_remove_membership_rfc2307(ldap_conn, user_and_group_rfc2307):
ent.assert_group_by_name("group", dict(mem=ent.contains_only()))
ldap_conn.modify_s("cn=group,ou=Groups," + ldap_conn.ds_inst.base_dn,
[(ldap.MOD_REPLACE, "memberUid", "user")])
-time.sleep(INTERACTIVE_TIMEOUT)
+wait_for_ldap_enum_refresh()
ent.assert_group_by_name("group", dict(mem=ent.contains_only("user")))
# Remove user from group
ldap_conn.modify_s("cn=group,ou=Groups," + ldap_conn.ds_inst.base_dn,
[(ldap.MOD_DELETE, "memberUid", None)])
-time.sleep(INTERACTIVE_TIMEOUT)
+wait_for_ldap_enum_refresh()
ent.assert_group_by_name("group", dict(mem=ent.contains_only()))
@@ -532,26 +536,26 @@ def test_add_remove_membership_rfc2307_bis(ldap_conn,
ldap_conn.modify_s("cn=group1,ou=Groups," + ldap_conn.ds_inst.base_dn,
[(ldap.MOD_REPLACE, "member",
"uid=user,ou=Users," + ldap_conn.ds_inst.base_dn)])
-time.sleep(INTERACTIVE_TIMEOUT)
+wait_for_ldap_enum_refresh()
ent.assert_group_by_name("group1", dict(mem=ent.contains_only("user")))
# Add group1 to group2
ldap_conn.modify_s("cn=group2,ou=Groups," + ldap_conn.ds_inst.base_dn,
[(ldap.MOD_REPLACE, "member",
"cn=group1,ou=Groups," + ldap_conn.ds_inst.base_dn)])
-time.sleep(INTERACTIVE_TIMEOUT)
+wait_for_ldap_enum_refresh()
ent.assert_group_by_name("group2", dict(mem=ent.contains_only("user")))
# Remove group1 from group2
ldap_conn.modify_s("cn=group2,ou=Groups," + ldap_conn.ds_inst.base_dn,
[(ldap.MOD_DELETE, "member", None)])
-time.sleep(INTERACTIVE_TIMEOUT)
+wait_for_ldap_enum_refresh()
ent.assert_group_by_name("group2", dict(mem=ent.contains_only()))
# Remove user from group1
ldap_conn.modify_s("cn=group1,ou=Groups," + ldap_conn.ds_inst.base_dn,
[(ldap.MOD_DELETE, "member", None)])
-time.sleep(INTERACTIVE_TIMEOUT)
+wait_for_ldap_enum_refresh()
en
[SSSD]Re: [PATCH] CONTRIB: Add clang-format support
On 12/01/2015 10:16 AM, Petr Cech wrote:
On 12/01/2015 09:44 AM, Lukas Slebodnik wrote:
On (30/11/15 14:55), Petr Cech wrote:
Hi,
there is little patch which adds clang-format support. More info is
in header
of patch.
My previous patch set [PATCH SET] TEST_TOOLS_COLONDB: Add tests for
sss_colondb_* public API is formatted by clang-format.
Regards
Petr
From abfaecb52a65276591e438953f1a3886e166e285 Mon Sep 17 00:00:00 2001
From: Petr Cech
Date: Mon, 30 Nov 2015 08:46:35 -0500
Subject: [PATCH] CONTRIB: Add clang-format support
This patch add support for clang-format.
Sometimes we write new source file to codebase. It could be helpfull to
use clang-format for autoformating. Or you could use -lines and say
which lines should be affected. For more information see
clang-format -h
Note: If you would like to use clang-format, you need copy file
contrib/clang-format/.clang-format to root directory of sssd.
---
contrib/clang-format/.clang-format | 57
++
1 file changed, 57 insertions(+)
create mode 100644 contrib/clang-format/.clang-format
diff --git a/contrib/clang-format/.clang-format
b/contrib/clang-format/.clang-format
new file mode 100644
index
..f9204273a4321badeb229b280aef88041e738165
--- /dev/null
+++ b/contrib/clang-format/.clang-format
@@ -0,0 +1,57 @@
+---
+Language:Cpp
We do not use C++ but ANSI C :-)
Yes, I know that we use ANSI C, C99 respectively. And how I found in
documentation [1], the right option for C is:
# LK_Cpp (in configuration: Cpp) Should be used for C, C++, ObjectiveC,
ObjectiveC++.
[1]
http://llvm.org/releases/3.5.0/tools/clang/docs/ClangFormatStyleOptions.html
+# BasedOnStyle: LLVM
+AccessModifierOffset: -2
+ConstructorInitializerIndentWidth: 4
+AlignEscapedNewlinesLeft: false
+AlignTrailingComments: true
+AllowAllParametersOfDeclarationOnNextLine: true
+AllowShortBlocksOnASingleLine: false
+AllowShortIfStatementsOnASingleLine: false
+AllowShortLoopsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: All
+AlwaysBreakTemplateDeclarations: false
+AlwaysBreakBeforeMultilineStrings: false
+BreakBeforeBinaryOperators: false
+BreakBeforeTernaryOperators: true
+BreakConstructorInitializersBeforeComma: false
+BinPackParameters: true
+ColumnLimit: 80
+ConstructorInitializerAllOnOneLineOrOnePerLine: false
+DerivePointerAlignment: false
+ExperimentalAutoDetectBinPacking: false
+IndentCaseLabels: false
+IndentWrappedFunctionNames: false
+IndentFunctionDeclarationAfterType: false
+MaxEmptyLinesToKeep: 1
+KeepEmptyLinesAtTheStartOfBlocks: true
+NamespaceIndentation: None
+ObjCSpaceAfterProperty: false
+ObjCSpaceBeforeProtocolList: true
+PenaltyBreakBeforeFirstCallParameter: 19
+PenaltyBreakComment: 300
+PenaltyBreakString: 1000
+PenaltyBreakFirstLessLess: 120
+PenaltyExcessCharacter: 100
+PenaltyReturnTypeOnItsOwnLine: 60
+PointerAlignment: Right
+SpacesBeforeTrailingComments: 1
+Cpp11BracedListStyle: true
+Standard:Auto
+IndentWidth: 4
+TabWidth:4
+UseTab: Never
+BreakBeforeBraces: Linux
+SpacesInParentheses: false
+SpacesInAngles: false
+SpaceInEmptyParentheses: false
+SpacesInCStyleCastParentheses: false
+SpacesInContainerLiterals: true
+SpaceBeforeAssignmentOperators: true
+ContinuationIndentWidth: 4
+CommentPragmas: '^ IWYU pragma:'
+ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH ]
+SpaceBeforeParens: ControlStatements
+DisableFormat: false
+...
+
The fine need's nmore tuning.
It breaks wrapping of DEBUG macros with long debug message.
-DEBUG(SSSDBG_TRACE_LIBS,
- "Child request returned [%d]: %s\n", ret, strerror(ret));
+DEBUG(SSSDBG_TRACE_LIBS, "Child request returned [%d]: %s\n", ret,
+ strerror(ret));
There are two points:
1) I thought that we can wrap long lines by ourselves. My fault.
2) Clang-format has some penalties which weigh the situation. I am
afraid there could be deviations.
There are missing spaces after "{" and before "}"
-{ "dyndns_update", "true" },
-{ "dyndns_refresh_interval", "2" },
-{ NULL, NULL }, /* Sentinel */
+{"dyndns_update", "true"},
+{"dyndns_refresh_interval", "2"},
+{NULL, NULL}, /* Sentinel */
It breaks indentation of "struct poptOption"
-POPT_AUTOHELP
-SSSD_DEBUG_OPTS
-{"no-cleanup", 'n', POPT_ARG_NONE, &no_cleanup, 0,
- _("Do not delete the test database after a test run"), NULL },
-POPT_TABLEEND
-};
+POPT_AUTOHELP SSSD_DEBUG_OPTS{
+"no-cleanup", 'n', POPT_ARG_NONE, &no_cleanup, 0,
+_("Do not delete the test database after a test run"),
NULL},
+POPT_TABLEEND};
We allow to have returned type of function on separate line
-static errno_t
-sdap_get_members_with_primary_gid(TALLOC_CTX *mem_ctx,
- struct sss_domain_info *domain,
- gid_t gid, char ***_localdn, size_t
*_ndn)
+static e
[SSSD][DESIGN] ID mapping - Automatically assign new slices for any AD domain
Hello,
I decided to share this design document although it still a work in progress.
Attached patches are just prove of concept and are very much work in progress.
So far patches also defers from design in order in which secondary slices are
generated.
Thanks for feedback on this early state of effort.
Bye.
https://fedorahosted.org/sssd/wiki/IdmapAutoAssignNewSlices
>From caf11d143460c14a37a7f112f7e2240789d1b611 Mon Sep 17 00:00:00 2001
From: Pavel Reichl
Date: Thu, 26 Nov 2015 10:46:34 -0500
Subject: [PATCH 1/2] IDMAP: New structure for domain range params
Create new internal structure idmap_range_params by merging ID mapping
range relevant fields from idmap_domain_info and remove corrsponding
fields.
Resolves:
https://fedorahosted.org/sssd/ticket/2188
---
src/lib/idmap/sss_idmap.c | 110 +++---
1 file changed, 56 insertions(+), 54 deletions(-)
diff --git a/src/lib/idmap/sss_idmap.c b/src/lib/idmap/sss_idmap.c
index 4c453120539a549807e9b6bb4db2dc396c1b3152..7a91e419983d59bed6a8ae06f7cfd448e8e18f63 100644
--- a/src/lib/idmap/sss_idmap.c
+++ b/src/lib/idmap/sss_idmap.c
@@ -33,13 +33,21 @@
#define SID_FMT "%s-%d"
#define SID_STR_MAX_LEN 1024
+/* Hold all parameters for unix<->sid mapping relevant for
+ * given slice. */
+struct idmap_range_params {
+uint32_t min_id;
+uint32_t max_id;
+char *range_id;
+
+uint32_t first_rid;
+};
+
struct idmap_domain_info {
char *name;
char *sid;
-struct sss_idmap_range *range;
+struct idmap_range_params range_params;
struct idmap_domain_info *next;
-uint32_t first_rid;
-char *range_id;
bool external_mapping;
};
@@ -72,37 +80,17 @@ static char *idmap_strdup(struct sss_idmap_ctx *ctx, const char *str)
return new;
}
-static struct sss_idmap_range *idmap_range_dup(struct sss_idmap_ctx *ctx,
- struct sss_idmap_range *range)
-{
-struct sss_idmap_range *new = NULL;
-
-CHECK_IDMAP_CTX(ctx, NULL);
-
-
-new = ctx->alloc_func(sizeof(struct sss_idmap_range), ctx->alloc_pvt);
-if (new == NULL) {
-return NULL;
-}
-
-memset(new, 0, sizeof(struct sss_idmap_range));
-
-new->min = range->min;
-new->max = range->max;
-
-return new;
-}
-
-static bool id_is_in_range(uint32_t id, struct idmap_domain_info *dom,
+static bool id_is_in_range(uint32_t id,
+ struct idmap_range_params *rp,
uint32_t *rid)
{
-if (id == 0 || dom == NULL || dom->range == NULL) {
+if (id == 0 || rp == NULL) {
return false;
}
-if (id >= dom->range->min && id <= dom->range->max) {
+if (id >= rp->min_id && id <= rp->max_id) {
if (rid != NULL) {
-*rid = dom->first_rid + (id - dom->range->min);
+*rid = rp->first_rid + (id - rp->min_id);
}
return true;
@@ -220,8 +208,7 @@ static void sss_idmap_free_domain(struct sss_idmap_ctx *ctx,
return;
}
-ctx->free_func(dom->range_id, ctx->alloc_pvt);
-ctx->free_func(dom->range, ctx->alloc_pvt);
+ctx->free_func(dom->range_params.range_id, ctx->alloc_pvt);
ctx->free_func(dom->name, ctx->alloc_pvt);
ctx->free_func(dom->sid, ctx->alloc_pvt);
ctx->free_func(dom, ctx->alloc_pvt);
@@ -340,9 +327,12 @@ enum idmap_error_code sss_idmap_calculate_range(struct sss_idmap_ctx *ctx,
/* Verify that this slice is not already in use */
do {
for (dom = ctx->idmap_domain_info; dom != NULL; dom = dom->next) {
-if ((dom->range->min <= min && dom->range->max >= max) ||
-(dom->range->min >= min && dom->range->min <= max) ||
-(dom->range->max >= min && dom->range->max <= max)) {
+uint32_t dmin = dom->range_params.min_id;
+uint32_t dmax = dom->range_params.max_id;
+
+if ((dmin <= min && dmax >= max) ||
+(dmin >= min && dmin <= max) ||
+(dmax >= min && dmax <= max)) {
/* This range overlaps one already registered
* We'll try the next available slot
*/
@@ -447,8 +437,13 @@ enum idmap_error_code sss_idmap_check_collision(struct sss_idmap_ctx *ctx,
enum idmap_error_code err;
for (dom = ctx->idmap_domain_info; dom != NULL; dom = dom->next) {
-err = sss_idmap_check_collision_ex(dom->name, dom->sid, dom->range,
- dom->first_rid, dom->range_id,
+struct sss_idmap_range range = { dom->range_params.min_id,
+ dom->range_params.max_id };
+
+err = sss_idmap_check_collision_ex(dom->name, dom->sid,
+ &range,
+ dom->range_params.first_rid,
+ dom->range_params.range_id,
[SSSD]Re: [PATCHES] sudo provider improvements
On (02/12/15 14:06), Lukas Slebodnik wrote: >On (02/12/15 11:05), Pavel Březina wrote: >>On 12/01/2015 02:02 PM, Lukas Slebodnik wrote: >>>On (24/11/15 13:23), Pavel Březina wrote: Hi, I'm sending some sudo provider patches. I wanted to fix/improve things in the ldap sudo provider prior my work on ipa provider so I get familiar with it again and avoid making the same mistakes. It fixes tevent style, shuffles the code around a little bit, convert periodic task to use be_ptask module, renew hostinfo when needed, fix sdap_id_op logic, recude code duplication, remove dead code, simplify error handling, etc. Ticket fixed: https://fedorahosted.org/sssd/ticket/1943 https://fedorahosted.org/sssd/ticket/2672 I let Dan run downstream tests on those patches. We had to fix one test that was prone to a race condition which my patches revealed, but everything is green now. >>> >>>I got following valgrind errors with patches >>> >>>==17279== 1 errors in context 3 of 7: >>>==17279== Conditional jump or move depends on uninitialised value(s) >>>==17279==at 0x8BC76FE: _talloc_steal_loc (talloc.c:1162) >>>==17279==by 0x13DA3775: sdap_sudo_set_usn (sdap_async_sudo.c:318) >>>==17279==by 0x13DA3775: sdap_sudo_refresh_done (sdap_async_sudo.c:750) >>>==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) >>>==17279==by 0x13DA3321: sdap_sudo_load_sudoers_done >>>(sdap_async_sudo.c:170) >>>==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) >>>==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) >>>==17279==by 0x13D71ADB: generic_ext_search_handler.isra.3 >>>(sdap_async.c:1651) >>>==17279==by 0x89B3923: tevent_common_loop_immediate >>>(tevent_immediate.c:135) >>>==17279==by 0x89B822D: epoll_event_loop_once (tevent_epoll.c:907) >>>==17279==by 0x89B6936: std_event_loop_once (tevent_standard.c:114) >>>==17279==by 0x89B30FC: _tevent_loop_once (tevent.c:533) >>>==17279==by 0x89B329A: tevent_common_loop_wait (tevent.c:637) >>>==17279== >>>==17279== >>>==17279== 1 errors in context 4 of 7: >>>==17279== Conditional jump or move depends on uninitialised value(s) >>>==17279==at 0x13DA3738: sdap_sudo_set_usn (sdap_async_sudo.c:307) >>>==17279==by 0x13DA3738: sdap_sudo_refresh_done (sdap_async_sudo.c:750) >>>==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) >>>==17279==by 0x13DA3321: sdap_sudo_load_sudoers_done >>>(sdap_async_sudo.c:170) >>>==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) >>>==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) >>>==17279==by 0x13D71ADB: generic_ext_search_handler.isra.3 >>>(sdap_async.c:1651) >>>==17279==by 0x89B3923: tevent_common_loop_immediate >>>(tevent_immediate.c:135) >>>==17279==by 0x89B822D: epoll_event_loop_once (tevent_epoll.c:907) >>>==17279==by 0x89B6936: std_event_loop_once (tevent_standard.c:114) >>>==17279==by 0x89B30FC: _tevent_loop_once (tevent.c:533) >>>==17279==by 0x89B329A: tevent_common_loop_wait (tevent.c:637) >>>==17279==by 0x89B68D6: std_event_loop_wait (tevent_standard.c:140) >> >>I can't see a codepath where usn could be uninitialized, do you? >I didn't try but static analysers helped me, I cannot see such errors with current master. LS ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD]Re: [PATCHES] sudo provider improvements
On (02/12/15 11:05), Pavel Březina wrote:
>On 12/01/2015 02:02 PM, Lukas Slebodnik wrote:
>>On (24/11/15 13:23), Pavel Březina wrote:
>>>Hi,
>>>I'm sending some sudo provider patches. I wanted to fix/improve things in the
>>>ldap sudo provider prior my work on ipa provider so I get familiar with it
>>>again and avoid making the same mistakes.
>>>
>>>It fixes tevent style, shuffles the code around a little bit, convert
>>>periodic task to use be_ptask module, renew hostinfo when needed, fix
>>>sdap_id_op logic, recude code duplication, remove dead code, simplify error
>>>handling, etc.
>>>
>>>Ticket fixed:
>>>https://fedorahosted.org/sssd/ticket/1943
>>>https://fedorahosted.org/sssd/ticket/2672
>>>
>>>I let Dan run downstream tests on those patches. We had to fix one test that
>>>was prone to a race condition which my patches revealed, but everything is
>>>green now.
>>>
>>
>>I got following valgrind errors with patches
>>
>>==17279== 1 errors in context 3 of 7:
>>==17279== Conditional jump or move depends on uninitialised value(s)
>>==17279==at 0x8BC76FE: _talloc_steal_loc (talloc.c:1162)
>>==17279==by 0x13DA3775: sdap_sudo_set_usn (sdap_async_sudo.c:318)
>>==17279==by 0x13DA3775: sdap_sudo_refresh_done (sdap_async_sudo.c:750)
>>==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167)
>>==17279==by 0x13DA3321: sdap_sudo_load_sudoers_done
>>(sdap_async_sudo.c:170)
>>==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167)
>>==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167)
>>==17279==by 0x13D71ADB: generic_ext_search_handler.isra.3
>>(sdap_async.c:1651)
>>==17279==by 0x89B3923: tevent_common_loop_immediate
>>(tevent_immediate.c:135)
>>==17279==by 0x89B822D: epoll_event_loop_once (tevent_epoll.c:907)
>>==17279==by 0x89B6936: std_event_loop_once (tevent_standard.c:114)
>>==17279==by 0x89B30FC: _tevent_loop_once (tevent.c:533)
>>==17279==by 0x89B329A: tevent_common_loop_wait (tevent.c:637)
>>==17279==
>>==17279==
>>==17279== 1 errors in context 4 of 7:
>>==17279== Conditional jump or move depends on uninitialised value(s)
>>==17279==at 0x13DA3738: sdap_sudo_set_usn (sdap_async_sudo.c:307)
>>==17279==by 0x13DA3738: sdap_sudo_refresh_done (sdap_async_sudo.c:750)
>>==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167)
>>==17279==by 0x13DA3321: sdap_sudo_load_sudoers_done
>>(sdap_async_sudo.c:170)
>>==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167)
>>==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167)
>>==17279==by 0x13D71ADB: generic_ext_search_handler.isra.3
>>(sdap_async.c:1651)
>>==17279==by 0x89B3923: tevent_common_loop_immediate
>>(tevent_immediate.c:135)
>>==17279==by 0x89B822D: epoll_event_loop_once (tevent_epoll.c:907)
>>==17279==by 0x89B6936: std_event_loop_once (tevent_standard.c:114)
>>==17279==by 0x89B30FC: _tevent_loop_once (tevent.c:533)
>>==17279==by 0x89B329A: tevent_common_loop_wait (tevent.c:637)
>>==17279==by 0x89B68D6: std_event_loop_wait (tevent_standard.c:140)
>
>I can't see a codepath where usn could be uninitialized, do you?
I didn't try but static analysers helped me,
at least I hope it will help you :-)
Maybe, once you will learn how to use them :-) :-) :-)
Error: UNINIT (CWE-457): [#def1]
sssd-1.13.90/src/providers/ldap/sdap_async_sudo.c:690: var_decl: Declaring
variable "usn" without initializer.
sssd-1.13.90/src/providers/ldap/sdap_async_sudo.c:750: uninit_use_in_call:
Using uninitialized value "usn" when calling "sdap_sudo_set_usn".
# 748|
# 749| /* remember new usn */
# 750|-> sdap_sudo_set_usn(state->srv_opts, usn);
# 751|
# 752| ret = EOK;
Error: CLANG_WARNING: [#def2]
sssd-1.13.90/src/providers/ldap/sdap_async_sudo.c:750:5: warning: Function call
argument is an uninitialized value
#sdap_sudo_set_usn(state->srv_opts, usn);
#^ ~~~
sssd-1.13.90/src/providers/ldap/sdap_async_sudo.c:690:5: note: 'usn' declared
without an initial value
#char *usn;
#^
sssd-1.13.90/src/providers/ldap/sdap_async_sudo.c:704:9: note: Assuming
'dp_error' is not equal to 0
#if (dp_error == DP_ERR_OK && ret != EOK) {
#^
sssd-1.13.90/src/providers/ldap/sdap_async_sudo.c:704:31: note: Left side of
'&&' is false
#if (dp_error == DP_ERR_OK && ret != EOK) {
# ^
sssd-1.13.90/src/providers/ldap/sdap_async_sudo.c:717:9: note: Assuming 'ret'
is equal to 0
#if (ret != EOK) {
#^~
sssd-1.13.90/src/providers/ldap/sdap_async_sudo.c:717:5: note: Taking false
branch
#if (ret != EOK) {
#^
sssd-1.13.90/src/providers/ldap/sdap_async_sudo.c:726:9: note: Assuming 'ret'
is equal to 0
#if (ret != EOK) {
#^~
sssd-1.13.90/src/providers/ldap/sdap_async_sudo.c:726:5: note: Taking false
branch
#if (ret != EOK) {
#^
sssd-1.13.90/src/providers/ldap/sdap_async_sudo.c:732:11: note
[SSSD][PATCH] make globals in *_opts.h extern
This solves situation where you want to use those globals on other place
than in *_common.c.
I also created https://fedorahosted.org/sssd/ticket/2890 so we can avoid
order-dependency on header files such as sysdb_services.h which I had to
fix for AD patch.
From 1b0fcd570b206cac3d35fd048cba01d819374e7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
Date: Wed, 2 Dec 2015 11:21:52 +0100
Subject: [PATCH 01/18] SYSDB: Add missing include to sysdb_services.h
---
src/db/sysdb_services.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/db/sysdb_services.h b/src/db/sysdb_services.h
index ae058b0884bb6f817b21327de55902dda8864ec8..c74665546fd90c5295ab09f58f476cb0121c06a1 100644
--- a/src/db/sysdb_services.h
+++ b/src/db/sysdb_services.h
@@ -23,6 +23,8 @@
#ifndef SYSDB_SERVICES_H_
#define SYSDB_SERVICES_H_
+#include "db/sysdb.h"
+
#define SYSDB_SVC_CLASS "service"
#define SYSDB_SVC_CONTAINER "cn=services"
#define SYSDB_SC "objectclass="SYSDB_SVC_CLASS
--
2.1.0
From 66986d2f7af49005c1fa250aca9b764f9cb0a2c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
Date: Wed, 2 Dec 2015 11:14:06 +0100
Subject: [PATCH 02/18] IPA: Mark globals in ipa_opts.h as extern
To avoid collisions when we want to work with them elsewhere in the code.
---
Makefile.am | 1 +
src/providers/ipa/{ipa_opts.h => ipa_opts.c} | 5 -
src/providers/ipa/ipa_opts.h | 313 ++-
3 files changed, 17 insertions(+), 302 deletions(-)
copy src/providers/ipa/{ipa_opts.h => ipa_opts.c} (99%)
diff --git a/Makefile.am b/Makefile.am
index 23d4ae38e78baf795f8bbecb3e50e5473ba0d709..4ba3676f2eae8138bb7447d33e42ad044d015829 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2934,6 +2934,7 @@ libsss_krb5_la_LDFLAGS = \
libsss_ipa_la_SOURCES = \
src/providers/ipa/ipa_init.c \
+src/providers/ipa/ipa_opts.c \
src/providers/ipa/ipa_common.c \
src/providers/ipa/ipa_config.c \
src/providers/ipa/ipa_id.c \
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.c
similarity index 99%
copy from src/providers/ipa/ipa_opts.h
copy to src/providers/ipa/ipa_opts.c
index 78949e3ddec95f7f4303eab905bbbf6ec14ed6ae..bc983ec32d63c37b6fdf06d6009df9084f82d4bf 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.c
@@ -20,9 +20,6 @@
along with this program. If not, see
[SSSD]Re: [PATCHES] sudo provider improvements
On 12/01/2015 02:19 PM, Lukas Slebodnik wrote: On (01/12/15 14:02), Lukas Slebodnik wrote: On (24/11/15 13:23), Pavel Březina wrote: Hi, I'm sending some sudo provider patches. I wanted to fix/improve things in the ldap sudo provider prior my work on ipa provider so I get familiar with it again and avoid making the same mistakes. It fixes tevent style, shuffles the code around a little bit, convert periodic task to use be_ptask module, renew hostinfo when needed, fix sdap_id_op logic, recude code duplication, remove dead code, simplify error handling, etc. Ticket fixed: https://fedorahosted.org/sssd/ticket/1943 https://fedorahosted.org/sssd/ticket/2672 I let Dan run downstream tests on those patches. We had to fix one test that was prone to a race condition which my patches revealed, but everything is green now. I got following valgrind errors with patches ==17279== 1 errors in context 3 of 7: ==17279== Conditional jump or move depends on uninitialised value(s) ==17279==at 0x8BC76FE: _talloc_steal_loc (talloc.c:1162) ==17279==by 0x13DA3775: sdap_sudo_set_usn (sdap_async_sudo.c:318) ==17279==by 0x13DA3775: sdap_sudo_refresh_done (sdap_async_sudo.c:750) ==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) ==17279==by 0x13DA3321: sdap_sudo_load_sudoers_done (sdap_async_sudo.c:170) ==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) ==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) ==17279==by 0x13D71ADB: generic_ext_search_handler.isra.3 (sdap_async.c:1651) ==17279==by 0x89B3923: tevent_common_loop_immediate (tevent_immediate.c:135) ==17279==by 0x89B822D: epoll_event_loop_once (tevent_epoll.c:907) ==17279==by 0x89B6936: std_event_loop_once (tevent_standard.c:114) ==17279==by 0x89B30FC: _tevent_loop_once (tevent.c:533) ==17279==by 0x89B329A: tevent_common_loop_wait (tevent.c:637) ==17279== ==17279== ==17279== 1 errors in context 4 of 7: ==17279== Conditional jump or move depends on uninitialised value(s) ==17279==at 0x13DA3738: sdap_sudo_set_usn (sdap_async_sudo.c:307) ==17279==by 0x13DA3738: sdap_sudo_refresh_done (sdap_async_sudo.c:750) ==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) ==17279==by 0x13DA3321: sdap_sudo_load_sudoers_done (sdap_async_sudo.c:170) ==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) ==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) ==17279==by 0x13D71ADB: generic_ext_search_handler.isra.3 (sdap_async.c:1651) ==17279==by 0x89B3923: tevent_common_loop_immediate (tevent_immediate.c:135) ==17279==by 0x89B822D: epoll_event_loop_once (tevent_epoll.c:907) ==17279==by 0x89B6936: std_event_loop_once (tevent_standard.c:114) ==17279==by 0x89B30FC: _tevent_loop_once (tevent.c:533) ==17279==by 0x89B329A: tevent_common_loop_wait (tevent.c:637) ==17279==by 0x89B68D6: std_event_loop_wait (tevent_standard.c:140) I can see error in sssd_sudo as well but it should not be caused by your patches. ==21931== Invalid read of size 8 ==21931==at 0x114F24: sss_dp_callback_destructor (responder_dp.c:60) ==21931==by 0x87A65C8: _talloc_free_internal (talloc.c:993) ==21931==by 0x87A0642: _talloc_free_children_internal (talloc.c:1472) ==21931==by 0x87A0642: _talloc_free_internal (talloc.c:1019) ==21931==by 0x87A0642: _talloc_free (talloc.c:1594) ==21931==by 0x859436F: tevent_req_received (tevent_req.c:247) ==21931==by 0x85943A8: tevent_req_destructor (tevent_req.c:99) ==21931==by 0x87A65C8: _talloc_free_internal (talloc.c:993) ==21931==by 0x87A61E2: _talloc_free_children_internal (talloc.c:1472) ==21931==by 0x87A61E2: _talloc_free_internal (talloc.c:1019) ==21931==by 0x87A61E2: _talloc_free_children_internal (talloc.c:1472) ==21931==by 0x87A61E2: _talloc_free_internal (talloc.c:1019) ==21931==by 0x87A61E2: _talloc_free_children_internal (talloc.c:1472) ==21931==by 0x87A61E2: _talloc_free_internal (talloc.c:1019) ==21931==by 0x87A61E2: _talloc_free_children_internal (talloc.c:1472) ==21931==by 0x87A61E2: _talloc_free_internal (talloc.c:1019) ==21931==by 0x87A61E2: _talloc_free_children_internal (talloc.c:1472) ==21931==by 0x87A61E2: _talloc_free_internal (talloc.c:1019) ==21931==by 0x87A0642: _talloc_free_children_internal (talloc.c:1472) ==21931==by 0x87A0642: _talloc_free_internal (talloc.c:1019) ==21931==by 0x87A0642: _talloc_free (talloc.c:1594) ==21931== Address 0xb906e70 is 688 bytes inside a block of size 797 free'd ==21931==at 0x4C28D17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==21931==by 0x87A6283: _talloc_free_internal (talloc.c:1063) ==21931==by 0x87A61E2: _talloc_free_children_internal (talloc.c:1472) ==21931==by 0x87A61E2: _talloc_free_internal (talloc.c:1019) ==21931==by 0x87A61E2: _talloc_free_children_internal (talloc.c:1472) ==21931==by 0x87A61E2: _talloc_free_internal (talloc.c:1019) ==21931=
[SSSD]Re: [PATCHES] sudo provider improvements
On 12/01/2015 02:02 PM, Lukas Slebodnik wrote: On (24/11/15 13:23), Pavel Březina wrote: Hi, I'm sending some sudo provider patches. I wanted to fix/improve things in the ldap sudo provider prior my work on ipa provider so I get familiar with it again and avoid making the same mistakes. It fixes tevent style, shuffles the code around a little bit, convert periodic task to use be_ptask module, renew hostinfo when needed, fix sdap_id_op logic, recude code duplication, remove dead code, simplify error handling, etc. Ticket fixed: https://fedorahosted.org/sssd/ticket/1943 https://fedorahosted.org/sssd/ticket/2672 I let Dan run downstream tests on those patches. We had to fix one test that was prone to a race condition which my patches revealed, but everything is green now. I got following valgrind errors with patches ==17279== 1 errors in context 3 of 7: ==17279== Conditional jump or move depends on uninitialised value(s) ==17279==at 0x8BC76FE: _talloc_steal_loc (talloc.c:1162) ==17279==by 0x13DA3775: sdap_sudo_set_usn (sdap_async_sudo.c:318) ==17279==by 0x13DA3775: sdap_sudo_refresh_done (sdap_async_sudo.c:750) ==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) ==17279==by 0x13DA3321: sdap_sudo_load_sudoers_done (sdap_async_sudo.c:170) ==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) ==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) ==17279==by 0x13D71ADB: generic_ext_search_handler.isra.3 (sdap_async.c:1651) ==17279==by 0x89B3923: tevent_common_loop_immediate (tevent_immediate.c:135) ==17279==by 0x89B822D: epoll_event_loop_once (tevent_epoll.c:907) ==17279==by 0x89B6936: std_event_loop_once (tevent_standard.c:114) ==17279==by 0x89B30FC: _tevent_loop_once (tevent.c:533) ==17279==by 0x89B329A: tevent_common_loop_wait (tevent.c:637) ==17279== ==17279== ==17279== 1 errors in context 4 of 7: ==17279== Conditional jump or move depends on uninitialised value(s) ==17279==at 0x13DA3738: sdap_sudo_set_usn (sdap_async_sudo.c:307) ==17279==by 0x13DA3738: sdap_sudo_refresh_done (sdap_async_sudo.c:750) ==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) ==17279==by 0x13DA3321: sdap_sudo_load_sudoers_done (sdap_async_sudo.c:170) ==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) ==17279==by 0x89B4201: _tevent_req_error (tevent_req.c:167) ==17279==by 0x13D71ADB: generic_ext_search_handler.isra.3 (sdap_async.c:1651) ==17279==by 0x89B3923: tevent_common_loop_immediate (tevent_immediate.c:135) ==17279==by 0x89B822D: epoll_event_loop_once (tevent_epoll.c:907) ==17279==by 0x89B6936: std_event_loop_once (tevent_standard.c:114) ==17279==by 0x89B30FC: _tevent_loop_once (tevent.c:533) ==17279==by 0x89B329A: tevent_common_loop_wait (tevent.c:637) ==17279==by 0x89B68D6: std_event_loop_wait (tevent_standard.c:140) I can't see a codepath where usn could be uninitialized, do you? ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD]Re: [PATCH] KRB5: Handle KRB5_REALM_UNKNOWN as ERR_NETWORK_IO
On Wed, Dec 02, 2015 at 10:57:55AM +0100, Pavel Březina wrote: > On 11/30/2015 05:44 PM, Jakub Hrozek wrote: > >Hi, > > > >in some cases when an IPA-AD trust client is offline, the libkrb5 > >functions in krb5_child would error out with KRB5_REALM_UNKNOWN, because > >the client is completely autoconfigured. > > Sounds reasonable, ack. > > >I think we should handle this error code as ERR_NETWORK_IO internally > >and I hope this change would fix bugs like > >https://fedorahosted.org/sssd/ticket/2866 but I haven't heard from the > >reporter yet. > > I wonder if it fix it. Thanks for the quick review, I will wait with pushing the patch until the reporter comes back. ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD]Re: [PATCH] KRB5: Handle preauth request timeout more gracefully
On 11/30/2015 05:46 PM, Jakub Hrozek wrote: Hi, this is more or less a cosmetic issue, but it can be irritating nonetheless. If the krb5_child process times out during preauth, we would print an EINVAL error message. I think the error should be more graceful (and I don't insist on PAM_CRED_UNAVAIL). I think PAM_CRED_UNAVAIL is fine. Ack. ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD]Re: [PATCH] KRB5: Handle KRB5_REALM_UNKNOWN as ERR_NETWORK_IO
On 11/30/2015 05:44 PM, Jakub Hrozek wrote: Hi, in some cases when an IPA-AD trust client is offline, the libkrb5 functions in krb5_child would error out with KRB5_REALM_UNKNOWN, because the client is completely autoconfigured. Sounds reasonable, ack. I think we should handle this error code as ERR_NETWORK_IO internally and I hope this change would fix bugs like https://fedorahosted.org/sssd/ticket/2866 but I haven't heard from the reporter yet. I wonder if it fix it. ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
