[SSSD] [sssd PR#197][comment] KCM responder

[jhrozek]

  URL: https://github.com/SSSD/sssd/pull/197
Title: #197: KCM responder

jhrozek commented:
"""
OK, hopefully final CI run: 
http://sssd-ci.duckdns.org/logs/job/65/48/summary.html
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/197#issuecomment-289083382
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#136][comment] Tlog integration WIP

[spbnick]

  URL: https://github.com/SSSD/sssd/pull/136
Title: #136: Tlog integration WIP

spbnick commented:
"""
Alright, this version loads override_space, and only does initgr request if 
there are groups to match. I think I'll maybe add checking for 
SYSDB_INITGR_EXPIRE to avoid firing initgr for entries which haven't expired 
yet.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/136#issuecomment-289055189
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#136][synchronized] Tlog integration WIP

[spbnick]

   URL: https://github.com/SSSD/sssd/pull/136
Author: spbnick
 Title: #136: Tlog integration WIP
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/136/head:pr136
git checkout pr136
From 32d6411ef99a1a2abd78314cc7131af8ddb69db7 Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov 
Date: Fri, 24 Mar 2017 16:24:22 +0200
Subject: [PATCH 01/14] CACHE_REQ: Propagate num_results to cache_req_state

The num_results field in struct cache_req_state was only set in case of
well-known objects, set it also for the regular results for uniformity,
and for later use by session recording code.
---
 src/responder/common/cache_req/cache_req.c | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c
index aca150d..077282e 100644
--- a/src/responder/common/cache_req/cache_req.c
+++ b/src/responder/common/cache_req/cache_req.c
@@ -536,7 +536,8 @@ static void cache_req_search_domains_done(struct tevent_req *subreq)
 static errno_t
 cache_req_search_domains_recv(TALLOC_CTX *mem_ctx,
   struct tevent_req *req,
-  struct cache_req_result ***_results)
+  struct cache_req_result ***_results,
+  size_t *_num_results)
 {
 struct cache_req_search_domains_state *state;
 
@@ -547,6 +548,9 @@ cache_req_search_domains_recv(TALLOC_CTX *mem_ctx,
 if (_results != NULL) {
 *_results = talloc_steal(mem_ctx, state->results);
 }
+if (_num_results != NULL) {
+*_num_results = state->num_results;
+}
 
 return EOK;
 }
@@ -851,7 +855,8 @@ static void cache_req_done(struct tevent_req *subreq)
 req = tevent_req_callback_data(subreq, struct tevent_req);
 state = tevent_req_data(req, struct cache_req_state);
 
-ret = cache_req_search_domains_recv(state, subreq, >results);
+ret = cache_req_search_domains_recv(state, subreq,
+>results, >num_results);
 talloc_zfree(subreq);
 
 if (ret == ENOENT && state->first_iteration) {

From 6519d96c520aca0bd30c20d9cc40ce4e74f5b7cd Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov 
Date: Wed, 22 Mar 2017 14:32:35 +0200
Subject: [PATCH 02/14] NSS: Move output name formatting to utils

Move NSS nss_get_name_from_msg and the core of sized_output_name to the
utils to make them available to provider and other responders.
---
 src/responder/nss/nss_protocol_grent.c |  3 +-
 src/responder/nss/nss_protocol_pwent.c |  2 +-
 src/responder/nss/nss_utils.c  | 55 +--
 src/util/sss_nss.c | 68 ++
 src/util/sss_nss.h | 10 +
 5 files changed, 90 insertions(+), 48 deletions(-)

diff --git a/src/responder/nss/nss_protocol_grent.c b/src/responder/nss/nss_protocol_grent.c
index 283ab9f..5f208e0 100644
--- a/src/responder/nss/nss_protocol_grent.c
+++ b/src/responder/nss/nss_protocol_grent.c
@@ -19,6 +19,7 @@
 */
 
 #include "responder/nss/nss_protocol.h"
+#include "util/sss_nss.h"
 
 static errno_t
 nss_get_grent(TALLOC_CTX *mem_ctx,
@@ -41,7 +42,7 @@ nss_get_grent(TALLOC_CTX *mem_ctx,
 }
 
 /* Get fields. */
-name = nss_get_name_from_msg(domain, msg);
+name = sss_nss_get_name_from_msg(domain, msg);
 gid = sss_view_ldb_msg_find_attr_as_uint64(domain, msg, SYSDB_GIDNUM, 0);
 
 if (name == NULL || gid == 0) {
diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c
index edda9d3..c0b8e79 100644
--- a/src/responder/nss/nss_protocol_pwent.c
+++ b/src/responder/nss/nss_protocol_pwent.c
@@ -225,7 +225,7 @@ nss_get_pwent(TALLOC_CTX *mem_ctx,
 
 /* Get fields. */
 upn = ldb_msg_find_attr_as_string(msg, SYSDB_UPN, NULL);
-name = nss_get_name_from_msg(domain, msg);
+name = sss_nss_get_name_from_msg(domain, msg);
 gid = nss_get_gid(domain, msg);
 uid = sss_view_ldb_msg_find_attr_as_uint64(domain, msg, SYSDB_UIDNUM, 0);
 
diff --git a/src/responder/nss/nss_utils.c b/src/responder/nss/nss_utils.c
index f839930..42fe33e 100644
--- a/src/responder/nss/nss_utils.c
+++ b/src/responder/nss/nss_utils.c
@@ -22,37 +22,11 @@
 #include 
 
 #include "util/util.h"
+#include "util/sss_nss.h"
 #include "confdb/confdb.h"
 #include "responder/common/responder.h"
 #include "responder/nss/nss_private.h"
 
-const char *
-nss_get_name_from_msg(struct sss_domain_info *domain,
-  struct ldb_message *msg)
-{
-const char *name;
-
-/* If domain has a view associated we return overridden name
- * if possible. */
-if (DOM_HAS_VIEWS(domain)) {
-name = ldb_msg_find_attr_as_string(msg, OVERRIDE_PREFIX SYSDB_NAME,
-   NULL);
-if (name != NULL) {
-

[SSSD] [sssd PR#197][comment] KCM responder

[lslebodn]

  URL: https://github.com/SSSD/sssd/pull/197
Title: #197: KCM responder

lslebodn commented:
"""
retest this please
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/197#issuecomment-289045128
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#197][comment] KCM responder

[jhrozek]

  URL: https://github.com/SSSD/sssd/pull/197
Title: #197: KCM responder

jhrozek commented:
"""
I also squashed Lukas' patch to fix some python3 issues. I'm just waiting for 
our CI to finish.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/197#issuecomment-289036591
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#197][comment] KCM responder

[jhrozek]

  URL: https://github.com/SSSD/sssd/pull/197
Title: #197: KCM responder

jhrozek commented:
"""
@lslebodn I pushed a new patchset that should fix the warning in the kcm_queue 
test, can you verify if all warnings you saw are fixed?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/197#issuecomment-289021612
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#197][comment] KCM responder

[simo5]

  URL: https://github.com/SSSD/sssd/pull/197
Title: #197: KCM responder

simo5 commented:
"""
All looks good to go.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/197#issuecomment-289009240
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#197][+Accepted] KCM responder

[mzidek-rh]

  URL: https://github.com/SSSD/sssd/pull/197
Title: #197: KCM responder

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#197][comment] KCM responder

[mzidek-rh]

  URL: https://github.com/SSSD/sssd/pull/197
Title: #197: KCM responder

mzidek-rh commented:
"""
All my concerns have been addressed (and If I am not mistaken also Simo's). ACK 
from me.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/197#issuecomment-288987732
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#208][synchronized] IFP: Filter with * in Users.ListByName method

[celestian]

   URL: https://github.com/SSSD/sssd/pull/208
Author: celestian
 Title: #208: IFP: Filter with * in Users.ListByName method
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/208/head:pr208
git checkout pr208
From 799ee6a4fb9349e28bba1efeacb5a51ae8b4511c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= 
Date: Thu, 23 Mar 2017 09:17:55 +0100
Subject: [PATCH] IFP: Filter with * in infopipe methods

This patch fixes asterisk in filter of those methods:
* org.freedesktop.sssd.infopipe.Users.ListByName
* org.freedesktop.sssd.infopipe.Groups.ListByName
* org.freedesktop.sssd.infopipe.Users.ListByDomainAndName

In those cases, functions ifp_[users|groups]_list_copy()
were called with NULL pointer.

Resolves:
https://pagure.io/SSSD/sssd/issue/3305
---
 src/responder/ifp/ifp_groups.c | 26 +++---
 src/responder/ifp/ifp_users.c  | 14 --
 2 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/src/responder/ifp/ifp_groups.c b/src/responder/ifp/ifp_groups.c
index 94d1e84..fe3c641 100644
--- a/src/responder/ifp/ifp_groups.c
+++ b/src/responder/ifp/ifp_groups.c
@@ -302,12 +302,14 @@ static void ifp_groups_list_by_name_done(struct tevent_req *req)
 return;
 }
 
-ret = ifp_groups_list_copy(list_ctx, result->ldb_result);
-if (ret != EOK) {
-error = sbus_error_new(sbus_req, SBUS_ERROR_INTERNAL,
-   "Failed to copy domain result");
-sbus_request_fail_and_finish(sbus_req, error);
-return;
+if (ret == EOK) {
+ret = ifp_groups_list_copy(list_ctx, result->ldb_result);
+if (ret != EOK) {
+error = sbus_error_new(sbus_req, SBUS_ERROR_INTERNAL,
+   "Failed to copy domain result");
+sbus_request_fail_and_finish(sbus_req, error);
+return;
+}
 }
 
 list_ctx->dom = get_next_domain(list_ctx->dom, SSS_GND_DESCEND);
@@ -388,11 +390,13 @@ static void ifp_groups_list_by_domain_and_name_done(struct tevent_req *req)
 goto done;
 }
 
-ret = ifp_groups_list_copy(list_ctx, result->ldb_result);
-if (ret != EOK) {
-error = sbus_error_new(sbus_req, SBUS_ERROR_INTERNAL,
-   "Failed to copy domain result");
-goto done;
+if (ret == EOK) {
+ret = ifp_groups_list_copy(list_ctx, result->ldb_result);
+if (ret != EOK) {
+error = sbus_error_new(sbus_req, SBUS_ERROR_INTERNAL,
+   "Failed to copy domain result");
+goto done;
+}
 }
 
 done:
diff --git a/src/responder/ifp/ifp_users.c b/src/responder/ifp/ifp_users.c
index cc78300..961a8fa 100644
--- a/src/responder/ifp/ifp_users.c
+++ b/src/responder/ifp/ifp_users.c
@@ -805,12 +805,14 @@ static void ifp_users_list_by_name_done(struct tevent_req *req)
 return;
 }
 
-ret = ifp_users_list_copy(list_ctx, result->ldb_result);
-if (ret != EOK) {
-error = sbus_error_new(sbus_req, SBUS_ERROR_INTERNAL,
-   "Failed to copy domain result");
-sbus_request_fail_and_finish(sbus_req, error);
-return;
+if (ret == EOK) {
+ret = ifp_users_list_copy(list_ctx, result->ldb_result);
+if (ret != EOK) {
+error = sbus_error_new(sbus_req, SBUS_ERROR_INTERNAL,
+   "Failed to copy domain result");
+sbus_request_fail_and_finish(sbus_req, error);
+return;
+}
 }
 
 list_ctx->dom = get_next_domain(list_ctx->dom, SSS_GND_DESCEND);
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#206][comment] IFP: Fix of names in GetUserGroups method

[celestian]

  URL: https://github.com/SSSD/sssd/pull/206
Title: #206: IFP: Fix of names in GetUserGroups method

celestian commented:
"""
Updated -- I just added "resolves" link to the commit message.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/206#issuecomment-288980755
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#206][synchronized] IFP: Fix of names in GetUserGroups method

[celestian]

   URL: https://github.com/SSSD/sssd/pull/206
Author: celestian
 Title: #206: IFP: Fix of names in GetUserGroups method
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/206/head:pr206
git checkout pr206
From 09934cbda4fb740d33d37de75f4bb02d11d65057 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= 
Date: Wed, 22 Mar 2017 15:40:00 +0100
Subject: [PATCH] IFP: Fix of names in GetUserGroups method

This patch adds code which chooses the right domain for
creation of output group's name.

Resolves:
https://pagure.io/SSSD/sssd/issue/3268
---
 src/responder/ifp/ifpsrv_cmd.c | 16 +---
 src/util/usertools.c   | 42 ++
 src/util/util.h|  5 +
 3 files changed, 60 insertions(+), 3 deletions(-)

diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c
index 07edcdd..d0df8d0 100644
--- a/src/responder/ifp/ifpsrv_cmd.c
+++ b/src/responder/ifp/ifpsrv_cmd.c
@@ -373,6 +373,8 @@ ifp_user_get_groups_reply(struct sss_domain_info *domain,
 const char *name;
 const char **groupnames;
 char *out_name;
+struct sss_domain_info *recent_domain;
+errno_t ret;
 
 /* one less, the first one is the user entry */
 num = res->count - 1;
@@ -396,9 +398,17 @@ ifp_user_get_groups_reply(struct sss_domain_info *domain,
 continue;
 }
 
-if (domain->fqnames) {
-groupnames[i] = sss_tc_fqname(groupnames, domain->names,
-  domain, out_name);
+ret = sss_get_domain_by_name(groupnames, ireq->ifp_ctx->rctx->domains,
+ name, _domain);
+if (ret != EOK) {
+DEBUG(SSSDBG_MINOR_FAILURE, "sss_get_domain_by_name() failed "
+  "[%d]: %s\n", ret, sss_strerror(ret));
+continue;
+}
+
+if (recent_domain->fqnames) {
+groupnames[i] = sss_tc_fqname(groupnames, recent_domain->names,
+  recent_domain, out_name);
 if (out_name == NULL) {
 DEBUG(SSSDBG_CRIT_FAILURE, "sss_tc_fqname failed\n");
 continue;
diff --git a/src/util/usertools.c b/src/util/usertools.c
index 7b87c56..f818c95 100644
--- a/src/util/usertools.c
+++ b/src/util/usertools.c
@@ -377,6 +377,48 @@ static struct sss_domain_info * match_any_domain_or_subdomain_name(
 return find_domain_by_name(dom, dmatch, true);
 }
 
+int sss_get_domain_by_name(TALLOC_CTX *memctx,
+   struct sss_domain_info *domains,
+   const char *orig_fqname,
+   struct sss_domain_info **_domain)
+{
+struct sss_domain_info *dom, *match = NULL;
+char *dmatch, *nmatch;
+TALLOC_CTX *tmp_ctx;
+int ret;
+
+tmp_ctx = talloc_new(NULL);
+if (tmp_ctx == NULL) {
+return ENOMEM;
+}
+
+for (dom = domains; dom != NULL; dom = get_next_domain(dom, 0)) {
+ret = sss_parse_name(tmp_ctx, dom->names, orig_fqname, , );
+if (ret == EOK) {
+if (dmatch != NULL) {
+match = match_any_domain_or_subdomain_name (dom, dmatch);
+if (match != NULL) {
+DEBUG(SSSDBG_FUNC_DATA, "name '%s' matched expression for "
+"domain '%s'\n",
+orig_fqname, match->name);
+break;
+}
+}
+/* EINVAL is returned when name doesn't match */
+} else if (ret != EINVAL) {
+goto done;
+}
+}
+
+*_domain = match;
+
+ret = EOK;
+done:
+talloc_free(tmp_ctx);
+
+return ret;
+}
+
 int sss_parse_name_for_domains(TALLOC_CTX *memctx,
struct sss_domain_info *domains,
const char *default_domain,
diff --git a/src/util/util.h b/src/util/util.h
index a2dc89b..e61138d 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -239,6 +239,11 @@ int sss_parse_name(TALLOC_CTX *memctx,
struct sss_names_ctx *snctx,
const char *orig, char **_domain, char **_name);
 
+int sss_get_domain_by_name(TALLOC_CTX *memctx,
+   struct sss_domain_info *domains,
+   const char *orig_fqname,
+   struct sss_domain_info **_domain);
+
 int sss_parse_name_for_domains(TALLOC_CTX *memctx,
struct sss_domain_info *domains,
const char *default_domain,
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#197][comment] KCM responder

[jhrozek]

  URL: https://github.com/SSSD/sssd/pull/197
Title: #197: KCM responder

jhrozek commented:
"""
CI on the rebased patches: 
http://sssd-ci.duckdns.org/logs/job/65/45/summary.html
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/197#issuecomment-288949515
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org