[SSSD] [sssd PR#78][comment] ipa: Nested netgroups do not work
URL: https://github.com/SSSD/sssd/pull/78 Title: #78: ipa: Nested netgroups do not work celestian commented: """ Code LGTM. CI passed: http://sssd-ci.duckdns.org/logs/job/56/99/summary.html And I tested it manually: ``` Setup FreeIPA server and do the following: 1. create two netgroups - ng1, ng2 2. add user1 to ng1 3. add user2 to ng2 4. add ng2 to ng1 (make ng2 member of ng1) 5. run command: $ getent netgroup ng1 Wrong output: you do not see netgroup members Correct output: You shoudl see all members of ng1 and ng2 ``` @jhrozek , I give conitional ACK to this patch if downstream tests passed. """ See the full comment at https://github.com/SSSD/sssd/pull/78#issuecomment-259938864 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#69][-Changes requested] krb5: Use command line arguments instead env vars for krb5_child
URL: https://github.com/SSSD/sssd/pull/69 Title: #69: krb5: Use command line arguments instead env vars for krb5_child Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#69][comment] krb5: Use command line arguments instead env vars for krb5_child
URL: https://github.com/SSSD/sssd/pull/69 Title: #69: krb5: Use command line arguments instead env vars for krb5_child sumit-bose commented: """ Sorry, this issue was introduced by a assume simple last minute change which I didn't test properly. I couldn't decide if I want to keep the options in the global krb5_ctx since the currently do not change or if they will always be generated on the fly. I finally picked the latter to avoid issues in future with options changing per request but didn't do the change properly. """ See the full comment at https://github.com/SSSD/sssd/pull/69#issuecomment-259935931 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#69][synchronized] krb5: Use command line arguments instead env vars for krb5_child
URL: https://github.com/SSSD/sssd/pull/69 Author: sumit-bose Title: #69: krb5: Use command line arguments instead env vars for krb5_child Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/69/head:pr69 git checkout pr69 From c619985e484e18c728391923c832b853581a70b1 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 28 Oct 2016 21:29:45 +0200 Subject: [PATCH 1/3] krb5: Use command line arguments instead env vars for krb5_child Resolves https://fedorahosted.org/sssd/ticket/697 --- src/providers/krb5/krb5_child.c | 124 ++ src/providers/krb5/krb5_child_handler.c | 129 ++-- src/providers/krb5/krb5_common.c| 91 ++ src/providers/krb5/krb5_common.h| 25 --- src/providers/krb5/krb5_init_shared.c | 5 +- 5 files changed, 251 insertions(+), 123 deletions(-) diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index df94bc4..9fe3da9 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -48,6 +48,15 @@ enum k5c_fast_opt { K5C_FAST_DEMAND, }; +struct cli_opts { +char *realm; +char *lifetime; +char *rtime; +char *use_fast_str; +char *fast_principal; +bool canonicalize; +}; + struct krb5_req { krb5_context ctx; krb5_principal princ; @@ -81,73 +90,68 @@ struct krb5_req { uid_t fast_uid; gid_t fast_gid; + +struct cli_opts *cli_opts; }; static krb5_context krb5_error_ctx; #define KRB5_CHILD_DEBUG(level, error) KRB5_DEBUG(level, krb5_error_ctx, error) -static krb5_error_code set_lifetime_options(krb5_get_init_creds_opt *options) +static krb5_error_code set_lifetime_options(struct cli_opts *cli_opts, +krb5_get_init_creds_opt *options) { -char *lifetime_str; krb5_error_code kerr; krb5_deltat lifetime; -lifetime_str = getenv(SSSD_KRB5_RENEWABLE_LIFETIME); -if (lifetime_str == NULL) { -DEBUG(SSSDBG_CONF_SETTINGS, "Cannot read [%s] from environment.\n", - SSSD_KRB5_RENEWABLE_LIFETIME); +if (cli_opts->rtime == NULL) { +DEBUG(SSSDBG_CONF_SETTINGS, + "No specific renewable lifetime requested.\n"); /* Unset option flag to make sure defaults from krb5.conf are used. */ options->flags &= ~(KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE); } else { -kerr = krb5_string_to_deltat(lifetime_str, &lifetime); +kerr = krb5_string_to_deltat(cli_opts->rtime, &lifetime); if (kerr != 0) { DEBUG(SSSDBG_CRIT_FAILURE, - "krb5_string_to_deltat failed for [%s].\n", - lifetime_str); + "krb5_string_to_deltat failed for [%s].\n", cli_opts->rtime); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } -DEBUG(SSSDBG_CONF_SETTINGS, "%s is set to [%s]\n", - SSSD_KRB5_RENEWABLE_LIFETIME, lifetime_str); +DEBUG(SSSDBG_CONF_SETTINGS, "Renewable lifetime is set to [%s]\n", +cli_opts->rtime); krb5_get_init_creds_opt_set_renew_life(options, lifetime); } -lifetime_str = getenv(SSSD_KRB5_LIFETIME); -if (lifetime_str == NULL) { -DEBUG(SSSDBG_CONF_SETTINGS, "Cannot read [%s] from environment.\n", - SSSD_KRB5_LIFETIME); +if (cli_opts->lifetime == NULL) { +DEBUG(SSSDBG_CONF_SETTINGS, "No specific lifetime requested.\n"); /* Unset option flag to make sure defaults from krb5.conf are used. */ options->flags &= ~(KRB5_GET_INIT_CREDS_OPT_TKT_LIFE); } else { -kerr = krb5_string_to_deltat(lifetime_str, &lifetime); +kerr = krb5_string_to_deltat(cli_opts->lifetime, &lifetime); if (kerr != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "krb5_string_to_deltat failed for [%s].\n", - lifetime_str); + cli_opts->lifetime); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } -DEBUG(SSSDBG_CONF_SETTINGS, - "%s is set to [%s]\n", SSSD_KRB5_LIFETIME, lifetime_str); +DEBUG(SSSDBG_CONF_SETTINGS, "Lifetime is set to [%s]\n", +cli_opts->lifetime); krb5_get_init_creds_opt_set_tkt_life(options, lifetime); } return 0; } -static void set_canonicalize_option(krb5_get_init_creds_opt *opts) +static void set_canonicalize_option(struct cli_opts *cli_opts, +krb5_get_init_creds_opt *opts) { int canonicalize = 0; -char *tmp_str; -tmp_str = getenv(SSSD_KRB5_CANONICALIZE); -if (tmp_str != NULL && strcasecmp(tmp_str, "true") == 0) { -canonicalize = 1; -} -DEBUG(SSSDBG_CONF_SETTINGS, "%s is set to [%s]\n", -
[SSSD] [sssd PR#79][comment] LIBSSS_CONFIG: Drop libsss_config
URL: https://github.com/SSSD/sssd/pull/79 Title: #79: LIBSSS_CONFIG: Drop libsss_config fidencio commented: """ Change done. Here is the fix up patch that in order to help the reviewer: ``` [ffidenci@cat sssd]$ git diff HEAD diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh index 9a7098c..387ad1f 100644 --- a/contrib/ci/deps.sh +++ b/contrib/ci/deps.sh @@ -69,7 +69,6 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then docbook-xsl gettext krb5-config -libaugeas-dev libc-ares-dev libcmocka-dev libcollection-dev diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 2917629..f0b61ec 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -583,7 +583,6 @@ be used by Python applications. Summary: The D-Bus responder of the SSSD Group: Applications/System License: GPLv3+ -BuildRequires: augeas-devel Requires: sssd-common = %{version}-%{release} %description dbus ``` """ See the full comment at https://github.com/SSSD/sssd/pull/79#issuecomment-259934118 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#79][synchronized] LIBSSS_CONFIG: Drop libsss_config
URL: https://github.com/SSSD/sssd/pull/79 Author: fidencio Title: #79: LIBSSS_CONFIG: Drop libsss_config Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/79/head:pr79 git checkout pr79 From 78b6c96d1766d136dc5f56d5a39fe4e35f7742dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 10 Nov 2016 18:31:02 +0100 Subject: [PATCH] LIBSSS_CONFIG: Drop libsss_config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit lib_config has been used only by OpenLMI and the project has been deprecated making, then, no sense to keep the support on SSSD. Distros that, for some reason, are still packing and distributing OpenLMI can stick to SSSD 1.14 branch. Signed-off-by: Fabiano FidĂȘncio --- Makefile.am| 47 -- configure.ac | 5 - contrib/ci/deps.sh | 1 - contrib/sssd.spec.in | 2 - src/external/configlib.m4 | 12 - src/external/libaugeas.m4 | 10 - src/responder/ifp/ifp_components.c | 228 -- src/responder/ifp/ifp_components.h | 8 - src/responder/ifp/ifp_iface.c | 3 - src/tests/dlopen-tests.c | 3 - src/tests/sss_config-tests.c | 884 - src/util/sss_config.c | 509 - src/util/sss_config.h | 71 --- 13 files changed, 1783 deletions(-) delete mode 100644 src/external/configlib.m4 delete mode 100644 src/external/libaugeas.m4 delete mode 100644 src/tests/sss_config-tests.c delete mode 100644 src/util/sss_config.c delete mode 100644 src/util/sss_config.h diff --git a/Makefile.am b/Makefile.am index e037930..0c7797b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -208,12 +208,6 @@ if BUILD_SSH non_interactive_check_based_tests += sysdb_ssh-tests endif -if BUILD_IFP -if BUILD_CONFIG_LIB -non_interactive_check_based_tests += sss_config-tests -endif # BUILD_CONFIG_LIB -endif # BUILD_IFP - if BUILD_DBUS_TESTS non_interactive_check_based_tests += \ sbus_tests \ @@ -604,7 +598,6 @@ dist_noinst_HEADERS = \ src/util/sss_ssh.h \ src/util/sss_ini.h \ src/util/sss_format.h \ -src/util/sss_config.h \ src/util/refcount.h \ src/util/find_uid.h \ src/util/user_info_msg.h \ @@ -1028,24 +1021,6 @@ SSSD_INTERNAL_LTLIBS = \ libsss_child.la \ $(NULL) -if BUILD_IFP -if BUILD_CONFIG_LIB -pkglib_LTLIBRARIES += libsss_config.la -libsss_config_la_SOURCES = \ -src/util/sss_config.c -libsss_config_la_CFLAGS = \ -$(AM_CFLAGS) \ -$(AUGEAS_CFLAGS) \ -$(TALLOC_CFLAGS) -libsss_config_la_LIBADD = \ -$(AUGEAS_LIBS) \ -$(TALLOC_LIBS) \ -$(SSSD_INTERNAL_LTLIBS) -libsss_config_la_LDFLAGS = \ --avoid-version -endif # BUILD_CONFIG_LIB -endif # BUILD_IFP - lib_LTLIBRARIES = libipa_hbac.la \ libsss_idmap.la \ libsss_nss_idmap.la \ @@ -1387,11 +1362,6 @@ dist_dbuspolicy_DATA = \ src/responder/ifp/org.freedesktop.sssd.infopipe.conf dist_dbusservice_DATA = \ src/responder/ifp/org.freedesktop.sssd.infopipe.service - -if BUILD_CONFIG_LIB -sssd_ifp_LDADD += libsss_config.la -endif - endif if BUILD_SECRETS @@ -2094,23 +2064,6 @@ sbus_codegen_tests_LDADD = \ endif # BUILD_DBUS_TESTS -if BUILD_IFP -if BUILD_CONFIG_LIB -sss_config_tests_SOURCES = \ -src/tests/sss_config-tests.c \ -src/tests/common.c -sss_config_tests_CFLAGS = \ -$(AM_CFLAGS) \ -$(CHECK_CFLAGS) -sss_config_tests_LDADD = \ -$(SSSD_LIBS) \ -$(CHECK_LIBS) \ -$(SSSD_INTERNAL_LTLIBS) \ -libsss_config.la \ -libsss_test_common.la -endif # BUILD_CONFIG_LIB -endif # BUILD_IFP - if HAVE_CMOCKA TEST_MOCK_RESP_OBJ = \ diff --git a/configure.ac b/configure.ac index d3ef1e1..d48f08c 100644 --- a/configure.ac +++ b/configure.ac @@ -195,7 +195,6 @@ m4_include([src/external/signal.m4]) m4_include([src/external/inotify.m4]) m4_include([src/external/samba.m4]) m4_include([src/external/sasl.m4]) -m4_include([src/external/configlib.m4]) m4_include([src/external/libnfsidmap.m4]) m4_include([src/external/cwrap.m4]) m4_include([src/external/libresolv.m4]) @@ -208,10 +207,6 @@ if test x$with_secrets = xyes; then m4_include([src/external/libjansson.m4]) fi -if test x$build_config_lib = xyes; then -m4_include([src/external/libaugeas.m4]) -fi - WITH_UNICODE_LIB if test x$unicode_lib = xlibunistring; then m4_include([src/external/libunistring.m4]) diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh index 9a7098c..387ad1f 100644 --- a/contrib/ci/deps.sh +++ b/contrib/ci/deps.sh @@ -69,7 +69,6 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then docbook-xsl gettext krb5-config -libaugeas-dev libc-ares-dev libcmocka-dev libcollection-dev diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in i
[SSSD] [sssd PR#53][comment] Fixes in the config API related to secrets responder
URL: https://github.com/SSSD/sssd/pull/53 Title: #53: Fixes in the config API related to secrets responder lslebodn commented: """ On (10/11/16 13:38), Jakub Hrozek wrote: >Since there is no ticket, I only pushed the patches to master: >682c9c3467055c2149af28826f7458b857b0f8c4 >da8801c363716533f60bc78e10f3a2100cebc3a1 > Such version should have been pushed as part of https://fedorahosted.org/sssd/ticket/3207. I noticed issues lately due to holidays. Therefore pushed to 1.14 as well sssd-1-14: * 9d4cc96f2951412f647223dfe59060fa1e2b7b14 * 2535993d81c7d0dbbd6c6fab6f45b338845535cf LS """ See the full comment at https://github.com/SSSD/sssd/pull/53#issuecomment-259918798 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#79][comment] LIBSSS_CONFIG: Drop libsss_config
URL: https://github.com/SSSD/sssd/pull/79 Title: #79: LIBSSS_CONFIG: Drop libsss_config lslebodn commented: """ You forgot to rebuve build dependencies from spec file and from ci.deps contrib/ci/deps.sh:libaugeas-dev contrib/sssd.spec.in:BuildRequires: augeas-devel LS """ See the full comment at https://github.com/SSSD/sssd/pull/79#issuecomment-259916977 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#78][comment] ipa: Nested netgroups do not work
URL: https://github.com/SSSD/sssd/pull/78 Title: #78: ipa: Nested netgroups do not work jhrozek commented: """ btw just to help with the review, I also fired up a test job using our downstream tests with a 7.3 package and this test. I'll let you know how the test went. """ See the full comment at https://github.com/SSSD/sssd/pull/78#issuecomment-259912952 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org