[SSSD] [sssd PR#851][comment] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Title: #851: Update __init__.py.in alexal commented: """ > When we are touching the code, I believe also `subdomains_provider` is > missing. Also most of the providers defaults to `id_provider`, few have other > defaults so I think it should be handled here as well. Please, see `man > sssd.conf` for `*_provider` options and add what is missing. I've added: - selinux_provider - hostid_provider - subdomains_provider """ See the full comment at https://github.com/SSSD/sssd/pull/851#issuecomment-523104773 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#851][comment] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Title: #851: Update __init__.py.in alexal commented: """ > @alexal Alex, can you please complete the patch by adding missing things per > [this](https://github.com/SSSD/sssd/pull/851#issuecomment-516750056) comment? > Thank you. @pbrezina done. I apologize for the delay, been busy. """ See the full comment at https://github.com/SSSD/sssd/pull/851#issuecomment-523104320 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#851][synchronized] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Author: alexal Title: #851: Update __init__.py.in Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/851/head:pr851 git checkout pr851 From 86f62a2e362259bd2e8a38d012a243bc91e4e6c5 Mon Sep 17 00:00:00 2001 From: Alex Rodin Date: Tue, 20 Aug 2019 12:57:10 -0400 Subject: [PATCH] Update __init__.py.in COMPONENT: SSSDConfig The default value for sudo_provider, auth_provider, selinux_provider, subdomains_provider, hostid_provider and autofs_provider will be the value of id_provider, if those options weren't set in the configuration file Resolves: https://pagure.io/SSSD/sssd/issue/3995 --- src/config/SSSDConfig/__init__.py.in | 69 src/config/SSSDConfigTest.py | 6 +++ 2 files changed, 75 insertions(+) diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 9642fe6baf..7f8c066c70 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -1915,6 +1915,75 @@ class SSSDConfig(SSSDChangeConf): providers = [ (x['name'],x['value']) for x in self.strip_comments_empty(self.options('domain/%s' % name)) if x['name'].rfind('_provider') > 0] +# The default value for sudo_provider, auth_provider, subdomains_provider, selinux_provider +# hostid_provider and autofs_provider will be the value of id_provider +# If those options weren't set in the configuration file + +id_provider = False +id_provider_value = "" +sudo_provider = False +auth_provider = False +subdomains_provider = False +selinux_provider = False +hostid_provider = False +autofs_provider = False + +for (option, value) in providers: +if option == "id_provider": +id_provider = True +id_provider_value = value +elif option == "sudo_provider": +sudo_provider = True +elif option == "auth_provider": +auth_provider = True +elif option == "subdomains_provider": +subdomains_provider = True +elif option == "selinux_provider": +selinux_provider = True +elif option == "hostid_provider": +hostid_provider = True +elif option == "autofs_provider": +autofs_provider = True + +if id_provider: +if not sudo_provider: +try: +domain.add_provider(id_provider_value, "sudo") +except NoSuchProviderSubtypeError: +pass + +if not auth_provider: +try: +domain.add_provider(id_provider_value, "auth") +except NoSuchProviderSubtypeError: +pass + +if not subdomains_provider: +try: +domain.add_provider(id_provider_value, "subdomains") +except NoSuchProviderSubtypeError: +pass + +if not selinux_provider: +try: +domain.add_provider(id_provider_value, "selinux") +except NoSuchProviderSubtypeError: +pass + +if not hostid_provider: +try: +domain.add_provider(id_provider_value, "hostid") +except NoSuchProviderSubtypeError: +pass + +if not autofs_provider: +try: +domain.add_provider(id_provider_value, "autofs") +except NoSuchProviderSubtypeError: + pass + +providers = providers + domain.providers + for (option, value) in providers: try: domain.set_option(option, value) diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 727df71abf..df85c5717d 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -1401,6 +1401,12 @@ def testImportConfigNoVersion(self): 'id_provider', 'auth_provider', 'access_provider', +'autofs_provider', +'auth_provider', +'sudo_provider', +'subdomains_provider', +'selinux_provider', +'hostid_provider', 'session_provider', 'default_shell', 'fallback_homedir', ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedora
[SSSD] [sssd PR#867][synchronized] ci: use python2 version of pytest
URL: https://github.com/SSSD/sssd/pull/867 Author: pbrezina Title: #867: ci: use python2 version of pytest Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/867/head:pr867 git checkout pr867 From 59454a8012bbe31ff0f1993f3d6f23a4fb4ea099 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Mon, 19 Aug 2019 12:28:30 +0200 Subject: [PATCH 1/2] ci: use python2 version of pytest Fedora 31 changed symlink of /usr/bin/py.test from pytest2 to pytest3. We need to run the python2 version in order to run our tests with python2. --- src/external/intgcheck.m4 | 7 +-- src/tests/intg/Makefile.am | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/external/intgcheck.m4 b/src/external/intgcheck.m4 index c14f66978b..05b3616433 100644 --- a/src/external/intgcheck.m4 +++ b/src/external/intgcheck.m4 @@ -1,7 +1,10 @@ AC_CHECK_PROG([HAVE_FAKEROOT], [fakeroot], [yes], [no]) +dnl Check for pytest binary. When available, we will use py.test-2 for python2 +dnl version. If it is not available we will try to use py.test. AC_PATH_PROG([PYTEST], [py.test]) -AS_IF([test -n "$PYTEST"], [HAVE_PYTEST=yes], [HAVE_PYTEST=no]) +AC_PATH_PROG([PYTEST2], [py.test-2], [$PYTEST]) +AS_IF([test -n "$PYTEST2"], [HAVE_PYTEST2=yes], [HAVE_PYTEST2=no]) dnl Check for variable and fail unless value is "yes" dnl The second argument will be printed in error message in case of error @@ -27,7 +30,7 @@ AC_DEFUN([SSS_ENABLE_INTGCHECK_REQS], [ SSS_INTGCHECK_REQ([HAVE_LDAPMODIFY], [ldapmodify]) SSS_INTGCHECK_REQ([HAVE_FAKEROOT], [fakeroot]) SSS_INTGCHECK_REQ([HAVE_PYTHON2], [python2]) -SSS_INTGCHECK_REQ([HAVE_PYTEST], [pytest]) +SSS_INTGCHECK_REQ([HAVE_PYTEST2], [pytest2]) SSS_INTGCHECK_REQ([HAVE_PY2MOD_LDAP], [python-ldap]) SSS_INTGCHECK_REQ([HAVE_PY2MOD_LDAP], [pyldb]) fi diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am index 2aa1566e35..98ddd5f6e3 100644 --- a/src/tests/intg/Makefile.am +++ b/src/tests/intg/Makefile.am @@ -184,5 +184,5 @@ intgcheck-installed: config.py passwd group pam_sss_service pam_sss_alt_service DBUS_SESSION_BUS_ADDRESS="unix:path=$$DBUS_SOCK_DIR/fake_socket" \ DBUS_SYSTEM_BUS_ADDRESS="unix:path=$$DBUS_SOCK_DIR/system_bus_socket" \ DBUS_SYSTEM_BUS_DEFAULT_ADDRESS="$$DBUS_SYSTEM_BUS_ADDRESS" \ - fakeroot $(PYTHON2) $(PYTEST) -v -r a --tb=native $(INTGCHECK_PYTEST_ARGS) . + fakeroot $(PYTHON2) $(PYTEST2) -v -r a --tb=native $(INTGCHECK_PYTEST_ARGS) . rm -f $(DESTDIR)$(logpath)/* From f0145b70e0fe585c1361981f83b968b0b833c222 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 20 Aug 2019 12:00:26 +0200 Subject: [PATCH 2/2] ci: pep8 was renamed to pycodestyle in Fedora 31 --- contrib/ci/deps.sh | 3 ++- contrib/ci/run | 9 - 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh index 7570575268..36e84200be 100644 --- a/contrib/ci/deps.sh +++ b/contrib/ci/deps.sh @@ -56,7 +56,8 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then if [[ "$DISTRO_BRANCH" == -redhat-fedora-3[1-9]* ]]; then DEPS_LIST+=( -python3-pep8 +python2-pycodestyle +python3-pycodestyle ) else DEPS_LIST+=( diff --git a/contrib/ci/run b/contrib/ci/run index bf29f87531..deb30093b0 100755 --- a/contrib/ci/run +++ b/contrib/ci/run @@ -58,6 +58,13 @@ declare BASE_DIR=`pwd` declare MODERATE=false declare RIGOROUS=false +# pep8 was renamed to pycodestyle +declare PEP8_BIN="pep8" +which pycodestyle-2 &> /dev/null +if [ $? -eq 0 ]; then + PEP8_BIN="pycodestyle-2" +fi + # Output program usage information. function usage() { @@ -398,7 +405,7 @@ if [[ "$DISTRO_BRANCH" != redhat-* ]]; then PEP8_IGNORE+=",E722" fi stage pep8 find . -path ./src/config -prune -o \ - -name \*.py -exec pep8 $PEP8_IGNORE {} + + -name \*.py -exec $PEP8_BIN $PEP8_IGNORE {} + stage autoreconfautoreconf --install --force run_build debug build_debug if "$RIGOROUS"; then ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#867][synchronized] ci: use python2 version of pytest
URL: https://github.com/SSSD/sssd/pull/867 Author: pbrezina Title: #867: ci: use python2 version of pytest Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/867/head:pr867 git checkout pr867 From 59454a8012bbe31ff0f1993f3d6f23a4fb4ea099 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Mon, 19 Aug 2019 12:28:30 +0200 Subject: [PATCH 1/2] ci: use python2 version of pytest Fedora 31 changed symlink of /usr/bin/py.test from pytest2 to pytest3. We need to run the python2 version in order to run our tests with python2. --- src/external/intgcheck.m4 | 7 +-- src/tests/intg/Makefile.am | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/external/intgcheck.m4 b/src/external/intgcheck.m4 index c14f66978b..05b3616433 100644 --- a/src/external/intgcheck.m4 +++ b/src/external/intgcheck.m4 @@ -1,7 +1,10 @@ AC_CHECK_PROG([HAVE_FAKEROOT], [fakeroot], [yes], [no]) +dnl Check for pytest binary. When available, we will use py.test-2 for python2 +dnl version. If it is not available we will try to use py.test. AC_PATH_PROG([PYTEST], [py.test]) -AS_IF([test -n "$PYTEST"], [HAVE_PYTEST=yes], [HAVE_PYTEST=no]) +AC_PATH_PROG([PYTEST2], [py.test-2], [$PYTEST]) +AS_IF([test -n "$PYTEST2"], [HAVE_PYTEST2=yes], [HAVE_PYTEST2=no]) dnl Check for variable and fail unless value is "yes" dnl The second argument will be printed in error message in case of error @@ -27,7 +30,7 @@ AC_DEFUN([SSS_ENABLE_INTGCHECK_REQS], [ SSS_INTGCHECK_REQ([HAVE_LDAPMODIFY], [ldapmodify]) SSS_INTGCHECK_REQ([HAVE_FAKEROOT], [fakeroot]) SSS_INTGCHECK_REQ([HAVE_PYTHON2], [python2]) -SSS_INTGCHECK_REQ([HAVE_PYTEST], [pytest]) +SSS_INTGCHECK_REQ([HAVE_PYTEST2], [pytest2]) SSS_INTGCHECK_REQ([HAVE_PY2MOD_LDAP], [python-ldap]) SSS_INTGCHECK_REQ([HAVE_PY2MOD_LDAP], [pyldb]) fi diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am index 2aa1566e35..98ddd5f6e3 100644 --- a/src/tests/intg/Makefile.am +++ b/src/tests/intg/Makefile.am @@ -184,5 +184,5 @@ intgcheck-installed: config.py passwd group pam_sss_service pam_sss_alt_service DBUS_SESSION_BUS_ADDRESS="unix:path=$$DBUS_SOCK_DIR/fake_socket" \ DBUS_SYSTEM_BUS_ADDRESS="unix:path=$$DBUS_SOCK_DIR/system_bus_socket" \ DBUS_SYSTEM_BUS_DEFAULT_ADDRESS="$$DBUS_SYSTEM_BUS_ADDRESS" \ - fakeroot $(PYTHON2) $(PYTEST) -v -r a --tb=native $(INTGCHECK_PYTEST_ARGS) . + fakeroot $(PYTHON2) $(PYTEST2) -v -r a --tb=native $(INTGCHECK_PYTEST_ARGS) . rm -f $(DESTDIR)$(logpath)/* From 404b3f0267f3db5cfbdf5e8825a5f94329598110 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 20 Aug 2019 12:00:26 +0200 Subject: [PATCH 2/2] ci: pep8 was renamed to pycodestyle in Fedora 31 --- contrib/ci/deps.sh | 3 ++- contrib/ci/run | 7 +++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh index 7570575268..36e84200be 100644 --- a/contrib/ci/deps.sh +++ b/contrib/ci/deps.sh @@ -56,7 +56,8 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then if [[ "$DISTRO_BRANCH" == -redhat-fedora-3[1-9]* ]]; then DEPS_LIST+=( -python3-pep8 +python2-pycodestyle +python3-pycodestyle ) else DEPS_LIST+=( diff --git a/contrib/ci/run b/contrib/ci/run index bf29f87531..e5193f80eb 100755 --- a/contrib/ci/run +++ b/contrib/ci/run @@ -58,6 +58,13 @@ declare BASE_DIR=`pwd` declare MODERATE=false declare RIGOROUS=false +# pep8 was renamed to pycodestyle +declare PEP8_BIN="pep8" +which pycodestyle-2 &> /dev/null +if [ $? -eq 0 ]; then + PEP8_BIN="pycodestyle-2" +fi + # Output program usage information. function usage() { ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#457][comment] ipa: Removal of umask(0) in selinux_child
URL: https://github.com/SSSD/sssd/pull/457 Title: #457: ipa: Removal of umask(0) in selinux_child pbrezina commented: """ @amitkumar50 Would you mind just changing the comment so we can merge this patch? """ See the full comment at https://github.com/SSSD/sssd/pull/457#issuecomment-522981230 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#807][comment] sudo: do not update last usn value on rules refresh
URL: https://github.com/SSSD/sssd/pull/807 Title: #807: sudo: do not update last usn value on rules refresh pbrezina commented: """ @alexey-tikhonov Could you review this please? """ See the full comment at https://github.com/SSSD/sssd/pull/807#issuecomment-522978505 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#832][comment] SPECFILE: Add 'make' as build dependency
URL: https://github.com/SSSD/sssd/pull/832 Title: #832: SPECFILE: Add 'make' as build dependency pbrezina commented: """ Well, we can perhaps put all missing dependencies there (I mean even patch and sed and perhaps other) to have the complete list. It may be helpful because e.g. fedora-cloud vagrant boxes does not have development packages installed (as Michal found out). """ See the full comment at https://github.com/SSSD/sssd/pull/832#issuecomment-522977527 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#851][comment] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Title: #851: Update __init__.py.in pbrezina commented: """ Sure it would be better, but I'd say it is out of scope of this pull request. Unless the author wants to do the extra job, of course. @alexal Alex, can you please complete the patch by adding missing things per [this](https://github.com/SSSD/sssd/pull/851#issuecomment-516750056) comment? Thank you. """ See the full comment at https://github.com/SSSD/sssd/pull/851#issuecomment-522973049 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#851][+Changes requested] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Title: #851: Update __init__.py.in Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#864][comment] Monitor resolv.conf symlink
URL: https://github.com/SSSD/sssd/pull/864 Title: #864: Monitor resolv.conf symlink pbrezina commented: """ ok to test """ See the full comment at https://github.com/SSSD/sssd/pull/864#issuecomment-522970593 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#865][+Accepted] KCM: Use int32_t type conversion in DEBUG message for int32_t variable
URL: https://github.com/SSSD/sssd/pull/865 Title: #865: KCM: Use int32_t type conversion in DEBUG message for int32_t variable Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#865][comment] KCM: Use int32_t type conversion in DEBUG message for int32_t variable
URL: https://github.com/SSSD/sssd/pull/865 Title: #865: KCM: Use int32_t type conversion in DEBUG message for int32_t variable pbrezina commented: """ Ack. """ See the full comment at https://github.com/SSSD/sssd/pull/865#issuecomment-522969891 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#869][+Changes requested] pam: keep pin on the PAM stack for forward_pass
URL: https://github.com/SSSD/sssd/pull/869 Title: #869: pam: keep pin on the PAM stack for forward_pass Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#868][comment] ifp: let cache_req parse input name so it can fallback to upn search
URL: https://github.com/SSSD/sssd/pull/868 Title: #868: ifp: let cache_req parse input name so it can fallback to upn search pbrezina commented: """ I am not entirely sure about this change: ```diff /* IFP serves both POSIX and application domains. Requests that need * to differentiate between the two must be qualified */ -subreq = cache_req_send(state, state->rctx->ev, state->rctx, -state->ncache, 0, -CACHE_REQ_ANY_DOM, -state->domname, data); +subreq = cache_req_send(state, state->rctx->ev, state->rctx, state->ncache, +0, CACHE_REQ_ANY_DOM, NULL, data); if (subreq == NULL) { -tevent_req_error(req, ENOMEM); -return; +ret = ENOMEM; +goto done; } ``` `cache_req` internally will parse the input name and if it is fully qualified it will search only in the right domain. @jhrozek Is there any specific reason why we would have to provide search domain already in this `cache_req` call? """ See the full comment at https://github.com/SSSD/sssd/pull/868#issuecomment-522561558 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#870][comment] pam: do not accept empty PIN
URL: https://github.com/SSSD/sssd/pull/870 Title: #870: pam: do not accept empty PIN pbrezina commented: """ Looking at the callers, we are mixing errno with pam return code: ```c static int prompt_by_config(pam_handle_t *pamh, struct pam_items *pi) ... case PC_TYPE_SC_PIN: ret = prompt_sc_pin(pamh, pi); /* Todo: add extra string option */ break; default: ret = EINVAL; } ``` `EINVAL` should be `PAM_SYSTEM_ERR` or something. Please change that as well. """ See the full comment at https://github.com/SSSD/sssd/pull/870#issuecomment-522965869 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#870][+Changes requested] pam: do not accept empty PIN
URL: https://github.com/SSSD/sssd/pull/870 Title: #870: pam: do not accept empty PIN Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#870][opened] pam: do not accept empty PIN
URL: https://github.com/SSSD/sssd/pull/870 Author: sumit-bose Title: #870: pam: do not accept empty PIN Action: opened PR body: """ The current check for an empty PIN was incomplete and if no PIN was given pam_sss should not send a request to SSSD's pam responder. This would match the behavior if a user name hint should be requested as well. Related to: https://pagure.io/SSSD/sssd/issue/4068 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/870/head:pr870 git checkout pr870 From 096ec67face02ccaf1cf5d648bfbb1360512a33a Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 20 Aug 2019 12:11:30 +0200 Subject: [PATCH] pam: do not accept empty PIN The current check for an empty PIN was incomplete and if no PIN was given pam_sss should not send a request to SSSD's pam responder. This would match the behavior if a user name hint should be requested as well. Related to: https://pagure.io/SSSD/sssd/issue/4068 --- src/sss_client/pam_sss.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index cfd3e3731d..435f72edc7 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -1905,10 +1905,10 @@ static int prompt_sc_pin(pam_handle_t *pamh, struct pam_items *pi) } } -if (answer == NULL) { -pi->pam_authtok = NULL; -pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; -pi->pam_authtok_size=0; +if (answer == NULL || *answer == '\0') { +D(("Missing PIN.")); +ret = PAM_CRED_INSUFFICIENT; +goto done; } else { ret = sss_auth_pack_sc_blob(answer, 0, cai->token_name, 0, ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org