[SSSD] [sssd PR#372][closed] ldap: Change ldap_user_certificate to userCertificate; binary
URL: https://github.com/SSSD/sssd/pull/372 Author: amitkumar50 Title: #372: ldap: Change ldap_user_certificate to userCertificate;binary Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/372/head:pr372 git checkout pr372 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#372][+Pushed] ldap: Change ldap_user_certificate to userCertificate; binary
URL: https://github.com/SSSD/sssd/pull/372 Title: #372: ldap: Change ldap_user_certificate to userCertificate;binary Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#372][comment] ldap: Change ldap_user_certificate to userCertificate; binary
URL: https://github.com/SSSD/sssd/pull/372 Title: #372: ldap: Change ldap_user_certificate to userCertificate;binary lslebodn commented: """ master: * d1d6f3a7f08cd1dc5128105eb6ad7ec311f281b8 """ See the full comment at https://github.com/SSSD/sssd/pull/372#issuecomment-334065997 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] Re: kinit on IPA server does not exclusively talk to local KDC
On Tue, Oct 03, 2017 at 05:16:24PM -0400, Robbie Harwood wrote: > Sumit Bose writes: > > > On Thu, Sep 21, 2017 at 04:52:32PM +0200, Lukas Slebodnik wrote: > >> On (12/09/17 18:44), Sumit Bose wrote: > >>> On Tue, Sep 12, 2017 at 03:45:52PM +0200, Lukas Slebodnik wrote: > ehlo, > > I realized that it might be better to discuss it here rather then in > pull requests because it seems to be related to two different commits. > > I will describe a test case on master with already created replica on > another > host. > * kinit as admin > // create user with dummy password > * echo $dummypw | ipa user-add $login --first "$firstname" --last > "$lastname" \ > --password > > // adding sleep think that first kinit hits slave sometimes and the > user is > // not replicated yet. > * sleep 2 > * FirstKinitAs $login $dummypw $password > > FirstKinitAs is a bash function which change initial password > something like: echo -e "$password\n$newpassword\n$newpassword" | kinit > -V $username > > Such test works reliably with 1.15.3 and kinit always talk to local > master > (I didn't try to remove sleep 2) > > > But situation changed a little bit with git master due to following > commits > IPA: Only generate kdcinfo files on clients > https://pagure.io/SSSD/sssd/c/a309525cc47da726461aec1f238165c17aade2a6 > >>> > >>> Do you have the /etc/krb5.conf available from the host where the > >>> test failed. The above patch was written with the assumption that > >>> /etc/krb5.conf on the IPA server points to the server itself as > >>> ipa-server-install creates it: > >>> > >>>[realms] > >>> IPA.DEVEL = { > >>> kdc = ipa-devel.ipa.devel:88 > >>> master_kdc = ipa-devel.ipa.devel:88 > >>> admin_server = ipa-devel.ipa.devel:749 > >>> default_domain = ipa.devel > >>> pkinit_anchors = FILE:/etc/ipa/ca.crt > >>>} > >>> > >>>Currently I would assume that at least admin_server is missing. > >>> > >> Here you are. > >> local master: kvm-02-guest11.testrelm.test > >> replica: bkr-hv01-guest19.testrelm.test > >> > >> [root@kvm-02-guest11 ~]# cat /etc/krb5.conf > >> includedir /etc/krb5.conf.d/ > >> includedir /var/lib/sss/pubconf/krb5.include.d/ > >> > >> [logging] > >> default = FILE:/var/log/krb5libs.log > >> kdc = FILE:/var/log/krb5kdc.log > >> admin_server = FILE:/var/log/kadmind.log > >> > >> [libdefaults] > >> default_realm = TESTRELM.TEST > >> dns_lookup_realm = false > >> dns_lookup_kdc = true > >> rdns = false > >> ticket_lifetime = 24h > >> forwardable = true > >> udp_preference_limit = 0 > >> default_ccache_name = KEYRING:persistent:%{uid} > >> > >> [realms] > >> TESTRELM.TEST = { > >> kdc = kvm-02-guest11.testrelm.test:88 > >> master_kdc = kvm-02-guest11.testrelm.test:88 > >> admin_server = kvm-02-guest11.testrelm.test:749 > >> default_domain = testrelm.test > >> pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem > >> pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem > >> } > > > > Thank you, so the krb5.conf has the expected entries. I did some testing > > and found that libkrb5 does a DNS SRV lookup to find the kpasswd server > > although the man page says: > > > > """ > >kpasswd_server > > Points to the server where all the password changes are > > performed. If there is no such entry, the port 464 on the admin_server > > host will be tried. > > """ > > > > To me it looks like the advertised fallback to admin_server if there is > > no kpasswd_server defined does not work. > > > > Robbie, is this expected or is it possible that there is an issue in > > libkrb5? > > It's possible there's an issue, but I'd need to look more. Could you > file a ticket so we can track it? Thank you, I opened https://bugzilla.redhat.com/show_bug.cgi?id=1498347. bye, Sumit > > Thanks, > --Robbie ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#398][+Pushed] intg: Fix execution with dbus-1.11.18
URL: https://github.com/SSSD/sssd/pull/398 Title: #398: intg: Fix execution with dbus-1.11.18 Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#398][closed] intg: Fix execution with dbus-1.11.18
URL: https://github.com/SSSD/sssd/pull/398 Author: lslebodn Title: #398: intg: Fix execution with dbus-1.11.18 Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/398/head:pr398 git checkout pr398 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#398][comment] intg: Fix execution with dbus-1.11.18
URL: https://github.com/SSSD/sssd/pull/398 Title: #398: intg: Fix execution with dbus-1.11.18 lslebodn commented: """ master: * 82c36227e36de155b13e6eb7cfa3e80a25774157 sssd-1-14: * ff2ff94a1cdb98a55a2d8a3c3bbe06e1fb948d5a sssd-1-13: * 26f2a1cbc317face478cbb444a2984692dbde9c3 """ See the full comment at https://github.com/SSSD/sssd/pull/398#issuecomment-334048378 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] Re: kinit on IPA server does not exclusively talk to local KDC
Sumit Bose writes: > On Thu, Sep 21, 2017 at 04:52:32PM +0200, Lukas Slebodnik wrote: >> On (12/09/17 18:44), Sumit Bose wrote: >>> On Tue, Sep 12, 2017 at 03:45:52PM +0200, Lukas Slebodnik wrote: ehlo, I realized that it might be better to discuss it here rather then in pull requests because it seems to be related to two different commits. I will describe a test case on master with already created replica on another host. * kinit as admin // create user with dummy password * echo $dummypw | ipa user-add $login --first "$firstname" --last "$lastname" \ --password // adding sleep think that first kinit hits slave sometimes and the user is // not replicated yet. * sleep 2 * FirstKinitAs $login $dummypw $password FirstKinitAs is a bash function which change initial password something like: echo -e "$password\n$newpassword\n$newpassword" | kinit -V $username Such test works reliably with 1.15.3 and kinit always talk to local master (I didn't try to remove sleep 2) But situation changed a little bit with git master due to following commits IPA: Only generate kdcinfo files on clients https://pagure.io/SSSD/sssd/c/a309525cc47da726461aec1f238165c17aade2a6 >>> >>> Do you have the /etc/krb5.conf available from the host where the >>> test failed. The above patch was written with the assumption that >>> /etc/krb5.conf on the IPA server points to the server itself as >>> ipa-server-install creates it: >>> >>>[realms] >>> IPA.DEVEL = { >>> kdc = ipa-devel.ipa.devel:88 >>> master_kdc = ipa-devel.ipa.devel:88 >>> admin_server = ipa-devel.ipa.devel:749 >>> default_domain = ipa.devel >>> pkinit_anchors = FILE:/etc/ipa/ca.crt >>>} >>> >>>Currently I would assume that at least admin_server is missing. >>> >> Here you are. >> local master: kvm-02-guest11.testrelm.test >> replica: bkr-hv01-guest19.testrelm.test >> >> [root@kvm-02-guest11 ~]# cat /etc/krb5.conf >> includedir /etc/krb5.conf.d/ >> includedir /var/lib/sss/pubconf/krb5.include.d/ >> >> [logging] >> default = FILE:/var/log/krb5libs.log >> kdc = FILE:/var/log/krb5kdc.log >> admin_server = FILE:/var/log/kadmind.log >> >> [libdefaults] >> default_realm = TESTRELM.TEST >> dns_lookup_realm = false >> dns_lookup_kdc = true >> rdns = false >> ticket_lifetime = 24h >> forwardable = true >> udp_preference_limit = 0 >> default_ccache_name = KEYRING:persistent:%{uid} >> >> [realms] >> TESTRELM.TEST = { >> kdc = kvm-02-guest11.testrelm.test:88 >> master_kdc = kvm-02-guest11.testrelm.test:88 >> admin_server = kvm-02-guest11.testrelm.test:749 >> default_domain = testrelm.test >> pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem >> pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem >> } > > Thank you, so the krb5.conf has the expected entries. I did some testing > and found that libkrb5 does a DNS SRV lookup to find the kpasswd server > although the man page says: > > """ >kpasswd_server > Points to the server where all the password changes are > performed. If there is no such entry, the port 464 on the admin_server > host will be tried. > """ > > To me it looks like the advertised fallback to admin_server if there is > no kpasswd_server defined does not work. > > Robbie, is this expected or is it possible that there is an issue in > libkrb5? It's possible there's an issue, but I'd need to look more. Could you file a ticket so we can track it? Thanks, --Robbie signature.asc Description: PGP signature ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#390][comment] NSS: Add option to disable memcache
URL: https://github.com/SSSD/sssd/pull/390 Title: #390: NSS: Add option to disable memcache fidencio commented: """ Also, thinking loud here ... IMO would make more sense if memcache_size would override the others and not the opposite (but I don't have a strong opinion on this). And, please, could you add more details to the commit message? """ See the full comment at https://github.com/SSSD/sssd/pull/390#issuecomment-333977183 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#398][+Accepted] intg: Fix execution with dbus-1.11.18
URL: https://github.com/SSSD/sssd/pull/398 Title: #398: intg: Fix execution with dbus-1.11.18 Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#398][comment] intg: Fix execution with dbus-1.11.18
URL: https://github.com/SSSD/sssd/pull/398 Title: #398: intg: Fix execution with dbus-1.11.18 fidencio commented: """ Hmm. @lslebodn probably already fired a CI build with the patch: http://vm-058-233.${abc}/logs/job/78/60/summary.html """ See the full comment at https://github.com/SSSD/sssd/pull/398#issuecomment-333956129 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#390][comment] NSS: Add option to disable memcache
URL: https://github.com/SSSD/sssd/pull/390 Title: #390: NSS: Add option to disable memcache fidencio commented: """ I've added an "in-line" comment about keeping the warning from the previous patch. Adding the "Changes Requested" label. """ See the full comment at https://github.com/SSSD/sssd/pull/390#issuecomment-333954657 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#390][+Changes requested] NSS: Add option to disable memcache
URL: https://github.com/SSSD/sssd/pull/390 Title: #390: NSS: Add option to disable memcache Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#398][comment] intg: Fix execution with dbus-1.11.18
URL: https://github.com/SSSD/sssd/pull/398 Title: #398: intg: Fix execution with dbus-1.11.18 fidencio commented: """ @lslebodn, thanks for the investigation and the patch! I've fired a CI build and I'll add the "Accepted" label as soon as it passes there. """ See the full comment at https://github.com/SSSD/sssd/pull/398#issuecomment-333953214 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#398][opened] intg: Fix execution with dbus-1.11.18
URL: https://github.com/SSSD/sssd/pull/398 Author: lslebodn Title: #398: intg: Fix execution with dbus-1.11.18 Action: opened PR body: """ Since dbus-1.11.18 DBUS_COOKIE_SHA1 respect $HOME variable and fallback to value returned from getpwnam only if env HOME does not exist. It caused problem for dbus communication between sssd processes because local user usually do not have directory $HOME/.dbus-keyrings/. And directory created in cwrap environment is problmatic [build@host ~]$ ls -ld ~/.dbus-keyrings/ drw---. 2 build build 6 Oct 3 10:44 /home/build/.dbus-keyrings/ [buildhost ~]$ ls -lna ~/.dbus-keyrings/ ls: cannot access '/home/build/.dbus-keyrings/.': Permission denied ls: cannot access '/home/build/.dbus-keyrings/..': Permission denied total 0 d? ? ? ? ?? . d? ? ? ? ?? .. [build@host ~]$ touch ~/.dbus-keyrings/test touch: cannot touch '/home/build/.dbus-keyrings/test': Permission denied Other alternative would be to set env variable HOME to the same value as in fake passwd file: HOME=$(abs_builddir)/root Related dbus bug: https://bugs.freedesktop.org/show_bug.cgi?id=101960 Resolves: https://pagure.io/SSSD/sssd/issue/3531 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/398/head:pr398 git checkout pr398 From fe1cb39f76091efee6f90e9c70ad729513b13a78 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Tue, 3 Oct 2017 15:34:33 +0200 Subject: [PATCH] intg: Fix execution with dbus-1.11.18 Since dbus-1.11.18 DBUS_COOKIE_SHA1 respect $HOME variable and fallback to value returned from getpwnam only if env HOME does not exist. It caused problem for dbus communication between sssd processes because local user usually do not have directory $HOME/.dbus-keyrings/. And directory created in cwrap environment is problmatic [build@host ~]$ ls -ld ~/.dbus-keyrings/ drw---. 2 build build 6 Oct 3 10:44 /home/build/.dbus-keyrings/ [buildhost ~]$ ls -lna ~/.dbus-keyrings/ ls: cannot access '/home/build/.dbus-keyrings/.': Permission denied ls: cannot access '/home/build/.dbus-keyrings/..': Permission denied total 0 d? ? ? ? ?? . d? ? ? ? ?? .. [build@host ~]$ touch ~/.dbus-keyrings/test touch: cannot touch '/home/build/.dbus-keyrings/test': Permission denied Other alternative would be to set env variable HOME to the same value as in fake passwd file: HOME=$(abs_builddir)/root Related dbus bug: https://bugs.freedesktop.org/show_bug.cgi?id=101960 Resolves: https://pagure.io/SSSD/sssd/issue/3531 --- src/tests/intg/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am index 302825fc2..f30cc762c 100644 --- a/src/tests/intg/Makefile.am +++ b/src/tests/intg/Makefile.am @@ -74,6 +74,7 @@ intgcheck-installed: config.py passwd group cd "$(abs_srcdir)"; \ nss_wrapper=$$(pkg-config --libs nss_wrapper); \ uid_wrapper=$$(pkg-config --libs uid_wrapper); \ + unset HOME; \ PATH="$$(dirname -- $(SLAPD)):$$PATH" \ PATH="$(DESTDIR)$(sbindir):$(DESTDIR)$(bindir):$$PATH" \ PATH="$(abs_builddir):$(abs_srcdir):$$PATH" \ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#390][synchronized] NSS: Add option to disable memcache
URL: https://github.com/SSSD/sssd/pull/390 Author: mzidek-rh Title: #390: NSS: Add option to disable memcache Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/390/head:pr390 git checkout pr390 From 98233ed72bd7b6cde84f09757f06d82017e318f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= Date: Wed, 13 Sep 2017 12:53:08 +0200 Subject: [PATCH] NSS: Make memcache size configurable Added options: memcache_size memcache_size_passwd memcache_size_group memcache_size_initgroups Setting the size to 0 will disable memory cache. Resolves: https://pagure.io/SSSD/sssd/issue/3496 --- src/confdb/confdb.h | 4 ++ src/config/SSSDConfig/__init__.py.in | 4 ++ src/config/cfg_rules.ini | 4 ++ src/man/sssd.conf.5.xml | 87 ++ src/responder/nss/nsssrv.c| 89 --- src/responder/nss/nsssrv_mmap_cache.h | 3 ++ src/tests/intg/test_memory_cache.py | 53 + 7 files changed, 228 insertions(+), 16 deletions(-) diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index bcea99ae4..2e6978089 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -108,6 +108,10 @@ #define CONFDB_NSS_SHELL_FALLBACK "shell_fallback" #define CONFDB_NSS_DEFAULT_SHELL "default_shell" #define CONFDB_MEMCACHE_TIMEOUT "memcache_timeout" +#define CONFDB_NSS_MEMCACHE_SIZE "memcache_size" +#define CONFDB_NSS_MEMCACHE_SIZE_PASSWD "memcache_size_passwd" +#define CONFDB_NSS_MEMCACHE_SIZE_GROUP "memcache_size_group" +#define CONFDB_NSS_MEMCACHE_SIZE_INITGROUPS "memcache_size_initgroups" #define CONFDB_NSS_HOMEDIR_SUBSTRING "homedir_substring" #define CONFDB_DEFAULT_HOMEDIR_SUBSTRING "/home" diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 227f76180..922d3c8b8 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -85,6 +85,10 @@ option_strings = { 'shell_fallback' : _('If a shell stored in central directory is allowed but not available, use this fallback'), 'default_shell': _('Shell to use if the provider does not list one'), 'memcache_timeout': _('How long will be in-memory cache records valid'), +'memcache_size': _('Number of slots in fast in-memory caches'), +'memcache_size_passwd': _('Number of slots in fast in-memory cache for passwd requests'), +'memcache_size_group': _('Number of slots in fast in-memory cache for group'), +'memcache_size_initgroups': _('Number of slots in fast in-memory cache for initgroups requests'), 'user_attributes': _('List of user attributes the NSS responder is allowed to publish'), # [pam] diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index f3d30b9b3..aa99a5b48 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -90,6 +90,10 @@ option = shell_fallback option = default_shell option = get_domains_timeout option = memcache_timeout +option = memcache_size +option = memcache_size_passwd +option = memcache_size_group +option = memcache_size_initgroups [rule/allowed_pam_options] validator = ini_allowed_options diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 11496341d..9db5137f7 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -988,6 +988,93 @@ fallback_homedir = /home/%u +memcache_size (integer) + + +Number of slots allocated inside fast in-memory +caches. Note that one entry in fast in-memory +cache can occupy more than one slot. Setting +the size to 0 will disable the in-memory caches. +This option can be overriden by +memcache_size_passwd, memcache_size_group and +memcache_size_initgroups options for passwd, group +and initgroups in-memory caches respectively. + + +Default: 5 + + +NOTE: If the environment variable +SSS_NSS_USE_MEMCACHE is set to "NO", client +applications will not use the fast in-memory +cache. + + + + +memcache_size_passwd (integer) + + +Number of slots allocated inside fast in-memory +cache for passwd requests. Note that one entry +in fast in-memory cache ca
[SSSD] [sssd PR#395][comment] KCM: Three trivial fixes
URL: https://github.com/SSSD/sssd/pull/395 Title: #395: KCM: Three trivial fixes fidencio commented: """ Codewise, ACK. When our internal CI issues are solved, I'll fire a build and add the "Accepted" label. """ See the full comment at https://github.com/SSSD/sssd/pull/395#issuecomment-333849264 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#394][comment] TESTS: Add an integration test for renaming incomplete groups during initgroups
URL: https://github.com/SSSD/sssd/pull/394 Title: #394: TESTS: Add an integration test for renaming incomplete groups during initgroups jhrozek commented: """ btw I won't update this PR until PR #128 is merged anyway.. """ See the full comment at https://github.com/SSSD/sssd/pull/394#issuecomment-333830102 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#394][+Changes requested] TESTS: Add an integration test for renaming incomplete groups during initgroups
URL: https://github.com/SSSD/sssd/pull/394 Title: #394: TESTS: Add an integration test for renaming incomplete groups during initgroups Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#397][-Changes requested] cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS
URL: https://github.com/SSSD/sssd/pull/397 Title: #397: cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#397][synchronized] cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS
URL: https://github.com/SSSD/sssd/pull/397 Author: amitkumar50 Title: #397: cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/397/head:pr397 git checkout pr397 From bca9d8c170d012c6d9eec4c0e3b6973bca904439 Mon Sep 17 00:00:00 2001 From: amitkuma Date: Tue, 3 Oct 2017 20:49:45 +0530 Subject: [PATCH 1/2] cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS Since CONFDB_DOMAIN_LEGACY_PASS is legacy parameter that is rooted in pre-1.0 SSSD. We should just nuke it as we remove other legacy code. Resolves: https://pagure.io/SSSD/sssd/issue/3530 --- src/confdb/confdb.c | 8 src/confdb/confdb.h | 1 - 2 files changed, 9 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index fefecc03d..7aaf8297b 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1103,14 +1103,6 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } -ret = get_entry_as_bool(res->msgs[0], &domain->legacy_passwords, -CONFDB_DOMAIN_LEGACY_PASS, 0); -if(ret != EOK) { -DEBUG(SSSDBG_FATAL_FAILURE, - "Invalid value for %s\n", CONFDB_DOMAIN_LEGACY_PASS); -goto done; -} - /* Get the global entry cache timeout setting */ ret = get_entry_as_uint32(res->msgs[0], &entry_cache_timeout, CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 5400); diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index bcea99ae4..269b6ddbd 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -196,7 +196,6 @@ #define CONFDB_DOMAIN_CACHE_CREDS_MIN_FF_LENGTH \ "cache_credentials_minimal_first_factor_length" #define CONFDB_DEFAULT_CACHE_CREDS_MIN_FF_LENGTH 8 -#define CONFDB_DOMAIN_LEGACY_PASS "store_legacy_passwords" #define CONFDB_DOMAIN_MPG "magic_private_groups" #define CONFDB_DOMAIN_FQ "use_fully_qualified_names" #define CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT "entry_cache_timeout" From 9c73186a34da12f7cb7fa288971084702fd98985 Mon Sep 17 00:00:00 2001 From: amitkuma Date: Tue, 3 Oct 2017 21:24:11 +0530 Subject: [PATCH 2/2] cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS Since CONFDB_DOMAIN_LEGACY_PASS is legacy parameter that is rooted in pre-1.0 SSSD. We should just nuke it as we remove other legacy code. Resolves: https://pagure.io/SSSD/sssd/issue/3530 --- src/confdb/confdb.h | 1 - src/config/SSSDConfig/__init__.py.in | 1 - src/config/SSSDConfig/sssd_upgrade_config.py | 1 - src/config/SSSDConfigTest.py | 2 -- src/config/cfg_rules.ini | 1 - src/config/etc/sssd.api.conf | 1 - src/db/sysdb_ops.c | 5 - 7 files changed, 12 deletions(-) diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 269b6ddbd..09c191372 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -309,7 +309,6 @@ struct sss_domain_info { bool cache_credentials; uint32_t cache_credentials_min_ff_length; -bool legacy_passwords; bool case_sensitive; bool case_preserve; diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 227f76180..2a78f4e6a 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -163,7 +163,6 @@ option_strings = { 'max_id' : _('Maximum user ID'), 'enumerate' : _('Enable enumerating all users/groups'), 'cache_credentials' : _('Cache credentials for offline login'), -'store_legacy_passwords' : _('Store password hashes'), 'use_fully_qualified_names' : _('Display users/groups in fully-qualified form'), 'ignore_group_members' : _('Don\'t include group members in group lookups'), 'entry_cache_timeout' : _('Entry cache timeout length (seconds)'), diff --git a/src/config/SSSDConfig/sssd_upgrade_config.py b/src/config/SSSDConfig/sssd_upgrade_config.py index d2d94b21e..650853615 100644 --- a/src/config/SSSDConfig/sssd_upgrade_config.py +++ b/src/config/SSSDConfig/sssd_upgrade_config.py @@ -150,7 +150,6 @@ def _migrate_domain(self, domain): 'chpass_provider' : 'chpass-module', 'session_provider' : 'session-module', 'use_fully_qualified_names' : 'useFullyQualifiedNames', - 'store_legacy_passwords' : 'store-legacy-passwords', } # Proxy options proxy_kw = { 'proxy_pam_target' : 'pam-target', diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 4a583bdd3..b31067734 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -573,7 +573,6 @@ def testListOptions(self): 'enumerate', 'cache_credentials', 'cache_credentials_minimal_first_factor_length', -'store_legacy_passwords', 'u
[SSSD] [sssd PR#397][+Changes requested] cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS
URL: https://github.com/SSSD/sssd/pull/397 Title: #397: cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#397][comment] cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS
URL: https://github.com/SSSD/sssd/pull/397 Title: #397: cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS lslebodn commented: """ On (03/10/17 02:49), AmitKumar wrote: >Would be sending commit to remove 'domain->legacy_passwords' and related code. > I would prefer to remove it on all places in simple patch. (especially from sssd.config schema(s)) ``` src/confdb/confdb.c:ret = get_entry_as_bool(res->msgs[0], &domain->legacy_passwords, src/confdb/confdb.h:#define CONFDB_DOMAIN_LEGACY_PASS "store_legacy_passwords" src/confdb/confdb.h:bool legacy_passwords; src/config/SSSDConfig/__init__.py.in:'store_legacy_passwords' : _('Store password hashes'), src/config/SSSDConfig/sssd_upgrade_config.py: 'store_legacy_passwords' : 'store-legacy-passwords', src/config/SSSDConfigTest.py:'store_legacy_passwords', src/config/SSSDConfigTest.py:'store_legacy_passwords', src/config/cfg_rules.ini:option = store_legacy_passwords src/config/etc/sssd.api.conf:store_legacy_passwords = bool, None, false src/db/sysdb_ops.c:if (pwd && (domain->legacy_passwords || !*pwd)) { ``` """ See the full comment at https://github.com/SSSD/sssd/pull/397#issuecomment-333797543 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#397][comment] cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS
URL: https://github.com/SSSD/sssd/pull/397 Title: #397: cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS amitkumar50 commented: """ Would be sending commit to remove 'domain->legacy_passwords' and related code. """ See the full comment at https://github.com/SSSD/sssd/pull/397#issuecomment-333793716 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#397][comment] cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS
URL: https://github.com/SSSD/sssd/pull/397 Title: #397: cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS centos-ci commented: """ Can one of the admins verify this patch? """ See the full comment at https://github.com/SSSD/sssd/pull/397#issuecomment-333793489 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#397][opened] cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS
URL: https://github.com/SSSD/sssd/pull/397 Author: amitkumar50 Title: #397: cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS Action: opened PR body: """ Since CONFDB_DOMAIN_LEGACY_PASS is legacy parameter that is rooted in pre-1.0 SSSD. We should just nuke it as we remove other legacy code. Resolves: https://pagure.io/SSSD/sssd/issue/3530 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/397/head:pr397 git checkout pr397 From bca9d8c170d012c6d9eec4c0e3b6973bca904439 Mon Sep 17 00:00:00 2001 From: amitkuma Date: Tue, 3 Oct 2017 20:49:45 +0530 Subject: [PATCH] cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS Since CONFDB_DOMAIN_LEGACY_PASS is legacy parameter that is rooted in pre-1.0 SSSD. We should just nuke it as we remove other legacy code. Resolves: https://pagure.io/SSSD/sssd/issue/3530 --- src/confdb/confdb.c | 8 src/confdb/confdb.h | 1 - 2 files changed, 9 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index fefecc03d..7aaf8297b 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1103,14 +1103,6 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } -ret = get_entry_as_bool(res->msgs[0], &domain->legacy_passwords, -CONFDB_DOMAIN_LEGACY_PASS, 0); -if(ret != EOK) { -DEBUG(SSSDBG_FATAL_FAILURE, - "Invalid value for %s\n", CONFDB_DOMAIN_LEGACY_PASS); -goto done; -} - /* Get the global entry cache timeout setting */ ret = get_entry_as_uint32(res->msgs[0], &entry_cache_timeout, CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 5400); diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index bcea99ae4..269b6ddbd 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -196,7 +196,6 @@ #define CONFDB_DOMAIN_CACHE_CREDS_MIN_FF_LENGTH \ "cache_credentials_minimal_first_factor_length" #define CONFDB_DEFAULT_CACHE_CREDS_MIN_FF_LENGTH 8 -#define CONFDB_DOMAIN_LEGACY_PASS "store_legacy_passwords" #define CONFDB_DOMAIN_MPG "magic_private_groups" #define CONFDB_DOMAIN_FQ "use_fully_qualified_names" #define CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT "entry_cache_timeout" ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#397][comment] cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS
URL: https://github.com/SSSD/sssd/pull/397 Title: #397: cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS centos-ci commented: """ Can one of the admins verify this patch? """ See the full comment at https://github.com/SSSD/sssd/pull/397#issuecomment-333793488 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org