[SSSD] [sssd PR#851][comment] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Title: #851: Update __init__.py.in alexal commented: """ > When we are touching the code, I believe also `subdomains_provider` is > missing. Also most of the providers defaults to `id_provider`, few have other > defaults so I think it should be handled here as well. Please, see `man > sssd.conf` for `*_provider` options and add what is missing. I've added: - selinux_provider - hostid_provider - subdomains_provider """ See the full comment at https://github.com/SSSD/sssd/pull/851#issuecomment-523104773 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#851][comment] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Title: #851: Update __init__.py.in alexal commented: """ > @alexal Alex, can you please complete the patch by adding missing things per > [this](https://github.com/SSSD/sssd/pull/851#issuecomment-516750056) comment? > Thank you. @pbrezina done. I apologize for the delay, been busy. """ See the full comment at https://github.com/SSSD/sssd/pull/851#issuecomment-523104320 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#851][synchronized] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851
Author: alexal
Title: #851: Update __init__.py.in
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/851/head:pr851
git checkout pr851
From 86f62a2e362259bd2e8a38d012a243bc91e4e6c5 Mon Sep 17 00:00:00 2001
From: Alex Rodin
Date: Tue, 20 Aug 2019 12:57:10 -0400
Subject: [PATCH] Update __init__.py.in
COMPONENT: SSSDConfig
The default value for sudo_provider, auth_provider, selinux_provider, subdomains_provider, hostid_provider and autofs_provider will be the value of id_provider, if those options weren't set in the configuration file
Resolves:
https://pagure.io/SSSD/sssd/issue/3995
---
src/config/SSSDConfig/__init__.py.in | 69
src/config/SSSDConfigTest.py | 6 +++
2 files changed, 75 insertions(+)
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 9642fe6baf..7f8c066c70 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -1915,6 +1915,75 @@ class SSSDConfig(SSSDChangeConf):
providers = [ (x['name'],x['value']) for x in self.strip_comments_empty(self.options('domain/%s' % name))
if x['name'].rfind('_provider') > 0]
+# The default value for sudo_provider, auth_provider, subdomains_provider, selinux_provider
+# hostid_provider and autofs_provider will be the value of id_provider
+# If those options weren't set in the configuration file
+
+id_provider = False
+id_provider_value = ""
+sudo_provider = False
+auth_provider = False
+subdomains_provider = False
+selinux_provider = False
+hostid_provider = False
+autofs_provider = False
+
+for (option, value) in providers:
+if option == "id_provider":
+id_provider = True
+id_provider_value = value
+elif option == "sudo_provider":
+sudo_provider = True
+elif option == "auth_provider":
+auth_provider = True
+elif option == "subdomains_provider":
+subdomains_provider = True
+elif option == "selinux_provider":
+selinux_provider = True
+elif option == "hostid_provider":
+hostid_provider = True
+elif option == "autofs_provider":
+autofs_provider = True
+
+if id_provider:
+if not sudo_provider:
+try:
+domain.add_provider(id_provider_value, "sudo")
+except NoSuchProviderSubtypeError:
+pass
+
+if not auth_provider:
+try:
+domain.add_provider(id_provider_value, "auth")
+except NoSuchProviderSubtypeError:
+pass
+
+if not subdomains_provider:
+try:
+domain.add_provider(id_provider_value, "subdomains")
+except NoSuchProviderSubtypeError:
+pass
+
+if not selinux_provider:
+try:
+domain.add_provider(id_provider_value, "selinux")
+except NoSuchProviderSubtypeError:
+pass
+
+if not hostid_provider:
+try:
+domain.add_provider(id_provider_value, "hostid")
+except NoSuchProviderSubtypeError:
+pass
+
+if not autofs_provider:
+try:
+domain.add_provider(id_provider_value, "autofs")
+except NoSuchProviderSubtypeError:
+ pass
+
+providers = providers + domain.providers
+
for (option, value) in providers:
try:
domain.set_option(option, value)
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 727df71abf..df85c5717d 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -1401,6 +1401,12 @@ def testImportConfigNoVersion(self):
'id_provider',
'auth_provider',
'access_provider',
+'autofs_provider',
+'auth_provider',
+'sudo_provider',
+'subdomains_provider',
+'selinux_provider',
+'hostid_provider',
'session_provider',
'default_shell',
'fallback_homedir',
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedora
[SSSD] [sssd PR#867][synchronized] ci: use python2 version of pytest
URL: https://github.com/SSSD/sssd/pull/867
Author: pbrezina
Title: #867: ci: use python2 version of pytest
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/867/head:pr867
git checkout pr867
From 59454a8012bbe31ff0f1993f3d6f23a4fb4ea099 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
Date: Mon, 19 Aug 2019 12:28:30 +0200
Subject: [PATCH 1/2] ci: use python2 version of pytest
Fedora 31 changed symlink of /usr/bin/py.test from pytest2 to pytest3.
We need to run the python2 version in order to run our tests with python2.
---
src/external/intgcheck.m4 | 7 +--
src/tests/intg/Makefile.am | 2 +-
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/external/intgcheck.m4 b/src/external/intgcheck.m4
index c14f66978b..05b3616433 100644
--- a/src/external/intgcheck.m4
+++ b/src/external/intgcheck.m4
@@ -1,7 +1,10 @@
AC_CHECK_PROG([HAVE_FAKEROOT], [fakeroot], [yes], [no])
+dnl Check for pytest binary. When available, we will use py.test-2 for python2
+dnl version. If it is not available we will try to use py.test.
AC_PATH_PROG([PYTEST], [py.test])
-AS_IF([test -n "$PYTEST"], [HAVE_PYTEST=yes], [HAVE_PYTEST=no])
+AC_PATH_PROG([PYTEST2], [py.test-2], [$PYTEST])
+AS_IF([test -n "$PYTEST2"], [HAVE_PYTEST2=yes], [HAVE_PYTEST2=no])
dnl Check for variable and fail unless value is "yes"
dnl The second argument will be printed in error message in case of error
@@ -27,7 +30,7 @@ AC_DEFUN([SSS_ENABLE_INTGCHECK_REQS], [
SSS_INTGCHECK_REQ([HAVE_LDAPMODIFY], [ldapmodify])
SSS_INTGCHECK_REQ([HAVE_FAKEROOT], [fakeroot])
SSS_INTGCHECK_REQ([HAVE_PYTHON2], [python2])
-SSS_INTGCHECK_REQ([HAVE_PYTEST], [pytest])
+SSS_INTGCHECK_REQ([HAVE_PYTEST2], [pytest2])
SSS_INTGCHECK_REQ([HAVE_PY2MOD_LDAP], [python-ldap])
SSS_INTGCHECK_REQ([HAVE_PY2MOD_LDAP], [pyldb])
fi
diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am
index 2aa1566e35..98ddd5f6e3 100644
--- a/src/tests/intg/Makefile.am
+++ b/src/tests/intg/Makefile.am
@@ -184,5 +184,5 @@ intgcheck-installed: config.py passwd group pam_sss_service pam_sss_alt_service
DBUS_SESSION_BUS_ADDRESS="unix:path=$$DBUS_SOCK_DIR/fake_socket" \
DBUS_SYSTEM_BUS_ADDRESS="unix:path=$$DBUS_SOCK_DIR/system_bus_socket" \
DBUS_SYSTEM_BUS_DEFAULT_ADDRESS="$$DBUS_SYSTEM_BUS_ADDRESS" \
- fakeroot $(PYTHON2) $(PYTEST) -v -r a --tb=native $(INTGCHECK_PYTEST_ARGS) .
+ fakeroot $(PYTHON2) $(PYTEST2) -v -r a --tb=native $(INTGCHECK_PYTEST_ARGS) .
rm -f $(DESTDIR)$(logpath)/*
From f0145b70e0fe585c1361981f83b968b0b833c222 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
Date: Tue, 20 Aug 2019 12:00:26 +0200
Subject: [PATCH 2/2] ci: pep8 was renamed to pycodestyle in Fedora 31
---
contrib/ci/deps.sh | 3 ++-
contrib/ci/run | 9 -
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh
index 7570575268..36e84200be 100644
--- a/contrib/ci/deps.sh
+++ b/contrib/ci/deps.sh
@@ -56,7 +56,8 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then
if [[ "$DISTRO_BRANCH" == -redhat-fedora-3[1-9]* ]]; then
DEPS_LIST+=(
-python3-pep8
+python2-pycodestyle
+python3-pycodestyle
)
else
DEPS_LIST+=(
diff --git a/contrib/ci/run b/contrib/ci/run
index bf29f87531..deb30093b0 100755
--- a/contrib/ci/run
+++ b/contrib/ci/run
@@ -58,6 +58,13 @@ declare BASE_DIR=`pwd`
declare MODERATE=false
declare RIGOROUS=false
+# pep8 was renamed to pycodestyle
+declare PEP8_BIN="pep8"
+which pycodestyle-2 &> /dev/null
+if [ $? -eq 0 ]; then
+ PEP8_BIN="pycodestyle-2"
+fi
+
# Output program usage information.
function usage()
{
@@ -398,7 +405,7 @@ if [[ "$DISTRO_BRANCH" != redhat-* ]]; then
PEP8_IGNORE+=",E722"
fi
stage pep8 find . -path ./src/config -prune -o \
- -name \*.py -exec pep8 $PEP8_IGNORE {} +
+ -name \*.py -exec $PEP8_BIN $PEP8_IGNORE {} +
stage autoreconfautoreconf --install --force
run_build debug build_debug
if "$RIGOROUS"; then
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#867][synchronized] ci: use python2 version of pytest
URL: https://github.com/SSSD/sssd/pull/867
Author: pbrezina
Title: #867: ci: use python2 version of pytest
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/867/head:pr867
git checkout pr867
From 59454a8012bbe31ff0f1993f3d6f23a4fb4ea099 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
Date: Mon, 19 Aug 2019 12:28:30 +0200
Subject: [PATCH 1/2] ci: use python2 version of pytest
Fedora 31 changed symlink of /usr/bin/py.test from pytest2 to pytest3.
We need to run the python2 version in order to run our tests with python2.
---
src/external/intgcheck.m4 | 7 +--
src/tests/intg/Makefile.am | 2 +-
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/external/intgcheck.m4 b/src/external/intgcheck.m4
index c14f66978b..05b3616433 100644
--- a/src/external/intgcheck.m4
+++ b/src/external/intgcheck.m4
@@ -1,7 +1,10 @@
AC_CHECK_PROG([HAVE_FAKEROOT], [fakeroot], [yes], [no])
+dnl Check for pytest binary. When available, we will use py.test-2 for python2
+dnl version. If it is not available we will try to use py.test.
AC_PATH_PROG([PYTEST], [py.test])
-AS_IF([test -n "$PYTEST"], [HAVE_PYTEST=yes], [HAVE_PYTEST=no])
+AC_PATH_PROG([PYTEST2], [py.test-2], [$PYTEST])
+AS_IF([test -n "$PYTEST2"], [HAVE_PYTEST2=yes], [HAVE_PYTEST2=no])
dnl Check for variable and fail unless value is "yes"
dnl The second argument will be printed in error message in case of error
@@ -27,7 +30,7 @@ AC_DEFUN([SSS_ENABLE_INTGCHECK_REQS], [
SSS_INTGCHECK_REQ([HAVE_LDAPMODIFY], [ldapmodify])
SSS_INTGCHECK_REQ([HAVE_FAKEROOT], [fakeroot])
SSS_INTGCHECK_REQ([HAVE_PYTHON2], [python2])
-SSS_INTGCHECK_REQ([HAVE_PYTEST], [pytest])
+SSS_INTGCHECK_REQ([HAVE_PYTEST2], [pytest2])
SSS_INTGCHECK_REQ([HAVE_PY2MOD_LDAP], [python-ldap])
SSS_INTGCHECK_REQ([HAVE_PY2MOD_LDAP], [pyldb])
fi
diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am
index 2aa1566e35..98ddd5f6e3 100644
--- a/src/tests/intg/Makefile.am
+++ b/src/tests/intg/Makefile.am
@@ -184,5 +184,5 @@ intgcheck-installed: config.py passwd group pam_sss_service pam_sss_alt_service
DBUS_SESSION_BUS_ADDRESS="unix:path=$$DBUS_SOCK_DIR/fake_socket" \
DBUS_SYSTEM_BUS_ADDRESS="unix:path=$$DBUS_SOCK_DIR/system_bus_socket" \
DBUS_SYSTEM_BUS_DEFAULT_ADDRESS="$$DBUS_SYSTEM_BUS_ADDRESS" \
- fakeroot $(PYTHON2) $(PYTEST) -v -r a --tb=native $(INTGCHECK_PYTEST_ARGS) .
+ fakeroot $(PYTHON2) $(PYTEST2) -v -r a --tb=native $(INTGCHECK_PYTEST_ARGS) .
rm -f $(DESTDIR)$(logpath)/*
From 404b3f0267f3db5cfbdf5e8825a5f94329598110 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
Date: Tue, 20 Aug 2019 12:00:26 +0200
Subject: [PATCH 2/2] ci: pep8 was renamed to pycodestyle in Fedora 31
---
contrib/ci/deps.sh | 3 ++-
contrib/ci/run | 7 +++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh
index 7570575268..36e84200be 100644
--- a/contrib/ci/deps.sh
+++ b/contrib/ci/deps.sh
@@ -56,7 +56,8 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then
if [[ "$DISTRO_BRANCH" == -redhat-fedora-3[1-9]* ]]; then
DEPS_LIST+=(
-python3-pep8
+python2-pycodestyle
+python3-pycodestyle
)
else
DEPS_LIST+=(
diff --git a/contrib/ci/run b/contrib/ci/run
index bf29f87531..e5193f80eb 100755
--- a/contrib/ci/run
+++ b/contrib/ci/run
@@ -58,6 +58,13 @@ declare BASE_DIR=`pwd`
declare MODERATE=false
declare RIGOROUS=false
+# pep8 was renamed to pycodestyle
+declare PEP8_BIN="pep8"
+which pycodestyle-2 &> /dev/null
+if [ $? -eq 0 ]; then
+ PEP8_BIN="pycodestyle-2"
+fi
+
# Output program usage information.
function usage()
{
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#457][comment] ipa: Removal of umask(0) in selinux_child
URL: https://github.com/SSSD/sssd/pull/457 Title: #457: ipa: Removal of umask(0) in selinux_child pbrezina commented: """ @amitkumar50 Would you mind just changing the comment so we can merge this patch? """ See the full comment at https://github.com/SSSD/sssd/pull/457#issuecomment-522981230 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#807][comment] sudo: do not update last usn value on rules refresh
URL: https://github.com/SSSD/sssd/pull/807 Title: #807: sudo: do not update last usn value on rules refresh pbrezina commented: """ @alexey-tikhonov Could you review this please? """ See the full comment at https://github.com/SSSD/sssd/pull/807#issuecomment-522978505 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#832][comment] SPECFILE: Add 'make' as build dependency
URL: https://github.com/SSSD/sssd/pull/832 Title: #832: SPECFILE: Add 'make' as build dependency pbrezina commented: """ Well, we can perhaps put all missing dependencies there (I mean even patch and sed and perhaps other) to have the complete list. It may be helpful because e.g. fedora-cloud vagrant boxes does not have development packages installed (as Michal found out). """ See the full comment at https://github.com/SSSD/sssd/pull/832#issuecomment-522977527 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#851][comment] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Title: #851: Update __init__.py.in pbrezina commented: """ Sure it would be better, but I'd say it is out of scope of this pull request. Unless the author wants to do the extra job, of course. @alexal Alex, can you please complete the patch by adding missing things per [this](https://github.com/SSSD/sssd/pull/851#issuecomment-516750056) comment? Thank you. """ See the full comment at https://github.com/SSSD/sssd/pull/851#issuecomment-522973049 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#851][+Changes requested] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Title: #851: Update __init__.py.in Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#864][comment] Monitor resolv.conf symlink
URL: https://github.com/SSSD/sssd/pull/864 Title: #864: Monitor resolv.conf symlink pbrezina commented: """ ok to test """ See the full comment at https://github.com/SSSD/sssd/pull/864#issuecomment-522970593 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#865][+Accepted] KCM: Use int32_t type conversion in DEBUG message for int32_t variable
URL: https://github.com/SSSD/sssd/pull/865 Title: #865: KCM: Use int32_t type conversion in DEBUG message for int32_t variable Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#865][comment] KCM: Use int32_t type conversion in DEBUG message for int32_t variable
URL: https://github.com/SSSD/sssd/pull/865 Title: #865: KCM: Use int32_t type conversion in DEBUG message for int32_t variable pbrezina commented: """ Ack. """ See the full comment at https://github.com/SSSD/sssd/pull/865#issuecomment-522969891 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#869][+Changes requested] pam: keep pin on the PAM stack for forward_pass
URL: https://github.com/SSSD/sssd/pull/869 Title: #869: pam: keep pin on the PAM stack for forward_pass Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#868][comment] ifp: let cache_req parse input name so it can fallback to upn search
URL: https://github.com/SSSD/sssd/pull/868
Title: #868: ifp: let cache_req parse input name so it can fallback to upn
search
pbrezina commented:
"""
I am not entirely sure about this change:
```diff
/* IFP serves both POSIX and application domains. Requests that need
* to differentiate between the two must be qualified
*/
-subreq = cache_req_send(state, state->rctx->ev, state->rctx,
-state->ncache, 0,
-CACHE_REQ_ANY_DOM,
-state->domname, data);
+subreq = cache_req_send(state, state->rctx->ev, state->rctx, state->ncache,
+0, CACHE_REQ_ANY_DOM, NULL, data);
if (subreq == NULL) {
-tevent_req_error(req, ENOMEM);
-return;
+ret = ENOMEM;
+goto done;
}
```
`cache_req` internally will parse the input name and if it is fully qualified
it will search only in the right domain. @jhrozek Is there any specific reason
why we would have to provide search domain already in this `cache_req` call?
"""
See the full comment at
https://github.com/SSSD/sssd/pull/868#issuecomment-522561558
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#870][comment] pam: do not accept empty PIN
URL: https://github.com/SSSD/sssd/pull/870 Title: #870: pam: do not accept empty PIN pbrezina commented: """ Looking at the callers, we are mixing errno with pam return code: ```c static int prompt_by_config(pam_handle_t *pamh, struct pam_items *pi) ... case PC_TYPE_SC_PIN: ret = prompt_sc_pin(pamh, pi); /* Todo: add extra string option */ break; default: ret = EINVAL; } ``` `EINVAL` should be `PAM_SYSTEM_ERR` or something. Please change that as well. """ See the full comment at https://github.com/SSSD/sssd/pull/870#issuecomment-522965869 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#870][+Changes requested] pam: do not accept empty PIN
URL: https://github.com/SSSD/sssd/pull/870 Title: #870: pam: do not accept empty PIN Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#870][opened] pam: do not accept empty PIN
URL: https://github.com/SSSD/sssd/pull/870
Author: sumit-bose
Title: #870: pam: do not accept empty PIN
Action: opened
PR body:
"""
The current check for an empty PIN was incomplete and if no PIN was
given pam_sss should not send a request to SSSD's pam responder. This
would match the behavior if a user name hint should be requested as
well.
Related to: https://pagure.io/SSSD/sssd/issue/4068
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/870/head:pr870
git checkout pr870
From 096ec67face02ccaf1cf5d648bfbb1360512a33a Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Tue, 20 Aug 2019 12:11:30 +0200
Subject: [PATCH] pam: do not accept empty PIN
The current check for an empty PIN was incomplete and if no PIN was
given pam_sss should not send a request to SSSD's pam responder. This
would match the behavior if a user name hint should be requested as
well.
Related to: https://pagure.io/SSSD/sssd/issue/4068
---
src/sss_client/pam_sss.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
index cfd3e3731d..435f72edc7 100644
--- a/src/sss_client/pam_sss.c
+++ b/src/sss_client/pam_sss.c
@@ -1905,10 +1905,10 @@ static int prompt_sc_pin(pam_handle_t *pamh, struct pam_items *pi)
}
}
-if (answer == NULL) {
-pi->pam_authtok = NULL;
-pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY;
-pi->pam_authtok_size=0;
+if (answer == NULL || *answer == '\0') {
+D(("Missing PIN."));
+ret = PAM_CRED_INSUFFICIENT;
+goto done;
} else {
ret = sss_auth_pack_sc_blob(answer, 0, cai->token_name, 0,
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
