[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set fidencio commented: """ Here's the CI results for the current version of this patch set: http://vm-031.${abc}/logs/job/87/73/summary.html """ See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-379805537 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set jhrozek commented: """ I would suggest sometimes this week because currently I do have the patch in my head :) """ See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-379794535 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set fidencio commented: """ I really failed to understand how to write a test without calling `sss_cache` to invalidate the cache as done in https://github.com/SSSD/sssd/pull/128/files#diff-cb96335bb2dbee3face9f5ba04f18ce0R1526 ... That was @lslebodn's suggestion. When I reworked the patches I didn't find an easy wai to have sdap_handle_id_collision_for_incomplete_groups() triggered (sorry, I can't give you more details from the top of my head) and the test was not passing when removing the `sss_cache` commands. So, seems that there are a lot of things to be understood in this part ... but that I'd really need someone's help to do so. If you have the time and the willing to do this, please, let me know. We can do this over IRC ... just gimme an "one day head's up" so I could try to remember the last state of the patch set and then we can talk. """ See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-379791988 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set jhrozek commented: """ Maybe I don't understand the problem. What is it you're trying to test, the memcache invalidation? """ See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-379789250 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set fidencio commented: """ > Have you considered changing the ldb expiration timestamps with pyldb or > shelling out to ldbmodify? I don't understand how it would help, Jakub. How doing changing the ldb expiration timestamps with pyldb would trigger sdap_handle_id_collision_for_incomplete_groups()? """ See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-379782555 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set jhrozek commented: """ Have you considered changing the ldb expiration timestamps with pyldb or shelling out to ldbmodify? """ See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-379779211 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#515][+Accepted] sssctl: Showing help even when sssd not configured
URL: https://github.com/SSSD/sssd/pull/515 Title: #515: sssctl: Showing help even when sssd not configured Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#515][comment] sssctl: Showing help even when sssd not configured
URL: https://github.com/SSSD/sssd/pull/515 Title: #515: sssctl: Showing help even when sssd not configured fidencio commented: """ CI: http://vm-031.${abc}/logs/job/87/72/summary.html """ See the full comment at https://github.com/SSSD/sssd/pull/515#issuecomment-37911 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#539][+Accepted] Make nss netgroup requests more robust
URL: https://github.com/SSSD/sssd/pull/539 Title: #539: Make nss netgroup requests more robust Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#128][synchronized] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Author: fidencio Title: #128: Fix group renaming issue when "id_provider = ldap" is set Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/128/head:pr128 git checkout pr128 From 7bc29db7b20724f1b63bdd2c225880db35e2df7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=Date: Fri, 16 Feb 2018 13:55:53 +0100 Subject: [PATCH 1/8] NSS: Add InvalidateGroupById handler MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There are some situations where, from the backend, the NSS responder will have to be notified to invalidate a group. In order to achieve this in a clean way, let's add the InvalidateGroupById handler and make use of it later in this very same series. Related: https://pagure.io/SSSD/sssd/issue/2653 Signed-off-by: Fabiano Fidêncio --- src/responder/nss/nss_iface.c | 16 ++ src/responder/nss/nss_iface.xml | 3 +++ src/responder/nss/nss_iface_generated.c | 38 + src/responder/nss/nss_iface_generated.h | 5 + 4 files changed, 62 insertions(+) diff --git a/src/responder/nss/nss_iface.c b/src/responder/nss/nss_iface.c index 415af9550..805e4fcdf 100644 --- a/src/responder/nss/nss_iface.c +++ b/src/responder/nss/nss_iface.c @@ -199,12 +199,28 @@ int nss_memorycache_update_initgroups(struct sbus_request *sbus_req, return iface_nss_memorycache_UpdateInitgroups_finish(sbus_req); } +int nss_memorycache_invalidate_group_by_id(struct sbus_request *sbus_req, + void *data, + gid_t gid) +{ +struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx); +struct nss_ctx *nctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx); + +DEBUG(SSSDBG_TRACE_LIBS, + "Invalidating group %"PRIu32" from memory cache\n", gid); + +sss_mmap_cache_gr_invalidate_gid(nctx->grp_mc_ctx, gid); + +return iface_nss_memorycache_InvalidateGroupById_finish(sbus_req); +} + struct iface_nss_memorycache iface_nss_memorycache = { { _nss_memorycache_meta, 0 }, .UpdateInitgroups = nss_memorycache_update_initgroups, .InvalidateAllUsers = nss_memorycache_invalidate_users, .InvalidateAllGroups = nss_memorycache_invalidate_groups, .InvalidateAllInitgroups = nss_memorycache_invalidate_initgroups, +.InvalidateGroupById = nss_memorycache_invalidate_group_by_id, }; static struct sbus_iface_map iface_map[] = { diff --git a/src/responder/nss/nss_iface.xml b/src/responder/nss/nss_iface.xml index 27aae0197..4d8cf14f9 100644 --- a/src/responder/nss/nss_iface.xml +++ b/src/responder/nss/nss_iface.xml @@ -14,5 +14,8 @@ + + + diff --git a/src/responder/nss/nss_iface_generated.c b/src/responder/nss/nss_iface_generated.c index 4a8b704da..8d5a4584b 100644 --- a/src/responder/nss/nss_iface_generated.c +++ b/src/responder/nss/nss_iface_generated.c @@ -12,6 +12,9 @@ /* invokes a handler with a 'ssau' DBus signature */ static int invoke_ssau_method(struct sbus_request *dbus_req, void *function_ptr); +/* invokes a handler with a 'u' DBus signature */ +static int invoke_u_method(struct sbus_request *dbus_req, void *function_ptr); + /* arguments for org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups */ const struct sbus_arg_meta iface_nss_memorycache_UpdateInitgroups__in[] = { { "user", "s" }, @@ -44,6 +47,18 @@ int iface_nss_memorycache_InvalidateAllInitgroups_finish(struct sbus_request *re DBUS_TYPE_INVALID); } +/* arguments for org.freedesktop.sssd.nss.MemoryCache.InvalidateGroupById */ +const struct sbus_arg_meta iface_nss_memorycache_InvalidateGroupById__in[] = { +{ "gid", "u" }, +{ NULL, } +}; + +int iface_nss_memorycache_InvalidateGroupById_finish(struct sbus_request *req) +{ + return sbus_request_return_and_finish(req, + DBUS_TYPE_INVALID); +} + /* methods for org.freedesktop.sssd.nss.MemoryCache */ const struct sbus_method_meta iface_nss_memorycache__methods[] = { { @@ -74,6 +89,13 @@ const struct sbus_method_meta iface_nss_memorycache__methods[] = { offsetof(struct iface_nss_memorycache, InvalidateAllInitgroups), NULL, /* no invoker */ }, +{ +"InvalidateGroupById", /* name */ +iface_nss_memorycache_InvalidateGroupById__in, +NULL, /* no out_args */ +offsetof(struct iface_nss_memorycache, InvalidateGroupById), +invoke_u_method, +}, { NULL, } }; @@ -86,6 +108,22 @@ const struct sbus_interface_meta iface_nss_memorycache_meta = { sbus_invoke_get_all, /* GetAll invoker */ }; +/* invokes a handler with a 'u' DBus signature */ +static int invoke_u_method(struct
[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set jhrozek commented: """ Hmm, I'm getting permission rejected from pushing to your repository, any chance you can just fetch my branch and push into yours? """ See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-379741663 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#515][comment] sssctl: Showing help even when sssd not configured
URL: https://github.com/SSSD/sssd/pull/515 Title: #515: sssctl: Showing help even when sssd not configured fidencio commented: """ @amitkumar50, I'll just run our internal CI in your patches (for the sake of the process) and then I'll add the Accepted label (in case everything passes) as the patches are matching Pavel's review. """ See the full comment at https://github.com/SSSD/sssd/pull/515#issuecomment-379730780 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#515][-Changes requested] sssctl: Showing help even when sssd not configured
URL: https://github.com/SSSD/sssd/pull/515 Title: #515: sssctl: Showing help even when sssd not configured Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#515][comment] sssctl: Showing help even when sssd not configured
URL: https://github.com/SSSD/sssd/pull/515 Title: #515: sssctl: Showing help even when sssd not configured amitkumar50 commented: """ Huge Thanks @fidencio for tmate session help. """ See the full comment at https://github.com/SSSD/sssd/pull/515#issuecomment-379730432 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#515][synchronized] sssctl: Showing help even when sssd not configured
URL: https://github.com/SSSD/sssd/pull/515 Author: amitkumar50 Title: #515: sssctl: Showing help even when sssd not configured Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/515/head:pr515 git checkout pr515 From 81901701e5230cf62e856ba7cec837e6d0f112b0 Mon Sep 17 00:00:00 2001 From: amitkumaDate: Thu, 15 Feb 2018 18:21:10 +0530 Subject: [PATCH 1/2] sssctl: Showing help even when sssd not configured On a clean and unconfigured system, it's not possible to use --help. 1) dnf install sssd-tools 2) sssctl cache-remove --help Shows: [confdb_get_domains] (0x0010): No domains configured, fatal error! Solution: Donot check for confdb initialization when sssctl 3rd command line argument passed is '--help'. Please note when we run 'sssctl --help' on unconfigured system confdb check is not done and proper o/p is seen. Resolves: https://pagure.io/SSSD/sssd/issue/3634 --- src/tools/common/sss_tools.c | 19 --- src/tools/common/sss_tools.h | 1 + 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/src/tools/common/sss_tools.c b/src/tools/common/sss_tools.c index 4832db5a0..d45584ce1 100644 --- a/src/tools/common/sss_tools.c +++ b/src/tools/common/sss_tools.c @@ -58,11 +58,14 @@ static void sss_tool_common_opts(struct sss_tool_ctx *tool_ctx, poptContext pc; int debug = SSSDBG_DEFAULT; int orig_argc = *argc; +int help = 0; int opt; struct poptOption options[] = { {"debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_STRIP, , 0, _("The debug level to run with"), NULL }, +{"help", '?', POPT_ARG_VAL | POPT_ARGFLAG_DOC_HIDDEN, , +1, NULL, NULL }, POPT_TABLEEND }; @@ -74,6 +77,7 @@ static void sss_tool_common_opts(struct sss_tool_ctx *tool_ctx, /* Strip common options from arguments. We will discard_const here, * since it is not worth the trouble to convert it back and forth. */ *argc = poptStrippedArgv(pc, orig_argc, discard_const_p(char *, argv)); +tool_ctx->print_help = help; DEBUG_CLI_INIT(debug); @@ -187,7 +191,6 @@ errno_t sss_tool_init(TALLOC_CTX *mem_ctx, } sss_tool_common_opts(tool_ctx, argc, argv); - *_tool_ctx = tool_ctx; return EOK; @@ -341,12 +344,14 @@ errno_t sss_tool_route(int argc, const char **argv, return tool_ctx->init_err; } -ret = tool_cmd_init(tool_ctx, [i]); -if (ret != EOK) { -DEBUG(SSSDBG_FATAL_FAILURE, - "Command initialization failed [%d] %s\n", - ret, sss_strerror(ret)); -return ret; +if (!tool_ctx->print_help) { +ret = tool_cmd_init(tool_ctx, [i]); +if (ret != EOK) { +DEBUG(SSSDBG_FATAL_FAILURE, + "Command initialization failed [%d] %s\n", + ret, sss_strerror(ret)); +return ret; +} } return commands[i].fn(, tool_ctx, pvt); diff --git a/src/tools/common/sss_tools.h b/src/tools/common/sss_tools.h index 848009365..0e4308ee6 100644 --- a/src/tools/common/sss_tools.h +++ b/src/tools/common/sss_tools.h @@ -29,6 +29,7 @@ struct sss_tool_ctx { struct confdb_ctx *confdb; +bool print_help; errno_t init_err; char *default_domain; struct sss_domain_info *domains; From 2e1eaf298e0643fde6e1439c24137448e6813521 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 3 Apr 2018 10:20:29 +0200 Subject: [PATCH 2/2] sssctl: move check for version error to correct place MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This check was added here: 284937e6 (Pavel Březina 2015-07-22 10:02:02 +0200 490) int sss_tool_main(int argc, const char **argv, 284937e6 (Pavel Březina 2015-07-22 10:02:02 +0200 491) struct sss_route_cmd *commands, 284937e6 (Pavel Březina 2015-07-22 10:02:02 +0200 492) void *pvt) 284937e6 (Pavel Březina 2015-07-22 10:02:02 +0200 493) { 284937e6 (Pavel Březina 2015-07-22 10:02:02 +0200 494) struct sss_tool_ctx *tool_ctx; 284937e6 (Pavel Březina 2015-07-22 10:02:02 +0200 495) uid_t uid; e98ccef2 (Pavel Březina 2016-06-09 16:13:34 +0200 496) errno_t ret; 284937e6 (Pavel Březina 2015-07-22 10:02:02 +0200 497) 284937e6 (Pavel Březina 2015-07-22 10:02:02 +0200 498) uid = getuid(); 284937e6 (Pavel Březina 2015-07-22 10:02:02 +0200 499) if (uid != 0) { 284937e6 (Pavel Březina 2015-07-22 10:02:02 +0200 500) DEBUG(SSSDBG_CRIT_FAILURE, "Running under %d, must be root\n", uid); 284937e6 (Pavel Březina 2015-07-22 10:02:02 +0200 501) ERROR("%1$s must be run as root\n", argv[0]); 284937e6 (Pavel Březina 2015-07-22 10:02:02 +0200 502)
[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set jhrozek commented: """ ...viable until I actually sat down and coded the approach myself. """ See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-379721155 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set jhrozek commented: """ OK, I'll prettify the patches and force push. About just nacking the patch, I was both not sure if'd you'd appreciate 10th time someone tells you to rework the PR and at the same time, I wasn't sure if the approach is viable.. """ See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-379721083 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set fidencio commented: """ Your version seems okay, please, force-push it to my branch. Just a note: Although I do appreciate you took some time to come up with a better solution, for the next time, if it's possible, I'd strongly prefer if you could give me your suggestion and then I'd rework the patch ... that would help get a better understanding of the parts that I'm still lacking knowledge in the project. """ See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-379716865 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#128][comment] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set jhrozek commented: """ So I don't like passing the provider from everywhere. But because this PR was going on for so long, I actually prepared alternative version where the data provider is part of sdap_options and passed this way. Can you check my branch called "group_rename" ? This was we could get rid of all the "SDAP: Pass struct data_provider to XYZ" patches. """ See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-379712704 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#549][comment] Respect ad_site option in GPO resolution
URL: https://github.com/SSSD/sssd/pull/549 Title: #549: Respect ad_site option in GPO resolution jhrozek commented: """ 744e2b4d0710c1dc850bfadbd75ae1ae7faf1148 7a42831b208ed8d2fcb9d8beaa12bd2214bb7dce abf377672e0011da817b5105fe581b27f2f855b7 """ See the full comment at https://github.com/SSSD/sssd/pull/549#issuecomment-379670281 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#549][+Pushed] Respect ad_site option in GPO resolution
URL: https://github.com/SSSD/sssd/pull/549 Title: #549: Respect ad_site option in GPO resolution Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#549][closed] Respect ad_site option in GPO resolution
URL: https://github.com/SSSD/sssd/pull/549 Author: mzidek-rh Title: #549: Respect ad_site option in GPO resolution Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/549/head:pr549 git checkout pr549 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org