[SSSD] Re: sss_nfs_[ug]id_to_name not properly respecting the libnfsidmap interface
On Thu, Aug 22, 2019 at 01:25:14PM +0200, Sumit Bose wrote:
> On Wed, Aug 21, 2019 at 02:00:40PM -0700, Richard Sharpe wrote:
> > Hi folks,
> >
> > In the current code downloaded from github I see the following function:
> >
> > src/sss_client/nfs/sss_nfs_client.c:sss_nfs_uid_to_name:
> >
> > static int sss_nfs_uid_to_name(uid_t uid, char *domain, char *name, size_t
> > len)
> > {
> > int rc;
> >
> > if (name == NULL) {
> > IDMAP_LOG(0, ("%s: name is null", __func__));
> > return -EINVAL;
> > }
> >
> > rc = get_user_from_mc(name, len, uid);
> > if (rc != 0) {
> > rc = id_to_name(name, len, uid, SSS_NSS_GETPWUID);
> > }
> >
> > log_actual_rc(__func__, rc);
> > rc = normalise_rc(rc);
> >
> > return -rc;
> > }
> >
> > The code does nothing with the domain parameter, however, the
> > interface requirement is that if an unqualified name is to be
> > returned, perhaps from /etc/passwd, if domain is non null, it should
> > be appended to the name to be returned preceded by an '@'.
> >
> > Eg, administrators@localhost.
> >
> > The same goes for sss_nfs_gid_to_name.
> >
> > See, for example, nfs-utils:support/nfsidmap/nss.c:nss_uid_to_name
> > which calls write_name to handle appending the local domain name
> > passed in if one is not present.
> >
> > Have I missed something here?
>
> Hi Richard,
>
> thanks for the report I guess we simply assumed that SSSD is configured
> to always return fully-qualified names and forgot other other cases.
> Would you mind to open a ticket on https://bugzilla.redhat.com or
> https://pagure.io/SSSD/sssd/new_issue?
A quick search in pagure tells me we already have
https://pagure.io/SSSD/sssd/issue/3535 but I don't know if this is a
different issue or not.
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#851][comment] Update __init__.py.in
URL: https://github.com/SSSD/sssd/pull/851 Title: #851: Update __init__.py.in alexal commented: """ @pbrezina do you have any additional requests for changes or everything looks good? """ See the full comment at https://github.com/SSSD/sssd/pull/851#issuecomment-523909076 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#873][comment] pytest: Use idm:DL1 module to install 389-ds
URL: https://github.com/SSSD/sssd/pull/873 Title: #873: pytest: Use idm:DL1 module to install 389-ds pbrezina commented: """ ok to test """ See the full comment at https://github.com/SSSD/sssd/pull/873#issuecomment-523903176 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#821][comment] SERVER: Receving SIGSEGV process on shutdown
URL: https://github.com/SSSD/sssd/pull/821 Title: #821: SERVER: Receving SIGSEGV process on shutdown thalman commented: """ Thanks @pbrezina for this suggestion. It's much more elegant this way. """ See the full comment at https://github.com/SSSD/sssd/pull/821#issuecomment-523871414 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#821][synchronized] SERVER: Receving SIGSEGV process on shutdown
URL: https://github.com/SSSD/sssd/pull/821
Author: thalman
Title: #821: SERVER: Receving SIGSEGV process on shutdown
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/821/head:pr821
git checkout pr821
From 8ddf3c062903fe19b7d8e1f15571351c9040db08 Mon Sep 17 00:00:00 2001
From: Tomas Halman
Date: Thu, 22 Aug 2019 13:44:10 +0200
Subject: [PATCH] SERVER: Receving SIGSEGV process on shutdown
There is race condition when dynamic libraries are unloaded. Talloc
library calls our destructors but they still need openssl calls
which might be not available.
Solution is to free explicitely memory context and trigger
destructors before calling exit(). In this PR the SIGTERM
handler is moved from individual providers to generel
backend code.
Also generic server code is changed to explicitely free
memory context when signal is received.
Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=1672584
---
src/providers/data_provider_be.c | 30 ++
src/providers/krb5/krb5_common.c | 34
src/providers/krb5/krb5_common.h | 3 --
src/providers/krb5/krb5_init_shared.c | 6
src/providers/ldap/ldap_common.c | 45 ---
src/providers/ldap/ldap_common.h | 4 ---
src/util/server.c | 24 +++---
7 files changed, 43 insertions(+), 103 deletions(-)
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index ce00231ff5..e79a171042 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -445,6 +445,36 @@ be_register_monitor_iface(struct sbus_connection *conn, struct be_ctx *be_ctx)
return sbus_connection_add_path_map(be_ctx->mon_conn, paths);
}
+static void be_process_finalize(struct tevent_context *ev,
+struct tevent_signal *se,
+int signum,
+int count,
+void *siginfo,
+void *private_data)
+{
+struct be_ctx *be_ctx;
+
+be_ctx = talloc_get_type(private_data, struct be_ctx);
+talloc_free(be_ctx);
+orderly_shutdown(0);
+}
+
+static errno_t be_process_install_sigterm_handler(struct be_ctx *be_ctx)
+{
+struct tevent_signal *sige;
+
+BlockSignals(false, SIGTERM);
+
+sige = tevent_add_signal(be_ctx->ev, be_ctx, SIGTERM, SA_SIGINFO,
+ be_process_finalize, be_ctx);
+if (sige == NULL) {
+DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n");
+return ENOMEM;
+}
+
+return EOK;
+}
+
static void dp_initialized(struct tevent_req *req);
errno_t be_process_init(TALLOC_CTX *mem_ctx,
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index f188dc8415..bfda561c12 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -25,7 +25,6 @@
#include
#include
#include
-#include
#include
#include
@@ -1144,39 +1143,6 @@ void krb5_finalize(struct tevent_context *ev,
orderly_shutdown(0);
}
-errno_t krb5_install_sigterm_handler(struct tevent_context *ev,
- struct krb5_ctx *krb5_ctx)
-{
-const char *krb5_realm;
-char *sig_realm;
-struct tevent_signal *sige;
-
-BlockSignals(false, SIGTERM);
-
-krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
-if (krb5_realm == NULL) {
-DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
-return EINVAL;
-}
-
-sig_realm = talloc_strdup(krb5_ctx, krb5_realm);
-if (sig_realm == NULL) {
-DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
-return ENOMEM;
-}
-
-sige = tevent_add_signal(ev, krb5_ctx, SIGTERM, SA_SIGINFO, krb5_finalize,
- sig_realm);
-if (sige == NULL) {
-DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n");
-talloc_free(sig_realm);
-return ENOMEM;
-}
-talloc_steal(sige, sig_realm);
-
-return EOK;
-}
-
errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
struct sss_domain_info *dom, const char *username,
const char *user_dom, char **_upn)
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
index 31e452617a..cc93131153 100644
--- a/src/providers/krb5/krb5_common.h
+++ b/src/providers/krb5/krb5_common.h
@@ -203,9 +203,6 @@ void krb5_finalize(struct tevent_context *ev,
void *siginfo,
void *private_data);
-errno_t krb5_install_sigterm_handler(struct tevent_context *ev,
- struct krb5_ctx *krb5_ctx);
-
errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm);
errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
di
[SSSD] [sssd PR#821][synchronized] SERVER: Receving SIGSEGV process on shutdown
URL: https://github.com/SSSD/sssd/pull/821
Author: thalman
Title: #821: SERVER: Receving SIGSEGV process on shutdown
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/821/head:pr821
git checkout pr821
From 941aa936d773f465a26ab64738538d104e34f7a4 Mon Sep 17 00:00:00 2001
From: Tomas Halman
Date: Thu, 15 Aug 2019 15:19:03 +0200
Subject: [PATCH] SERVER: Receving SIGSEGV process on shutdown
There is race condition when dynamic libraries are unloaded. Talloc
library calls our destructors but they still need openssl calls
which might be not available.
Solution is to free explicitely memory context and trigger
destructors before calling exit(). In this PR the SIGTERM
handler is moved from individual providers to generel
backend code.
Also generic server code is changed to explicitely free
memory context when signal is received.
Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=1672584
Resolves:
https://pagure.io/SSSD/sssd/issue/
---
src/providers/data_provider_be.c | 37 ++
src/providers/krb5/krb5_common.c | 34
src/providers/krb5/krb5_common.h | 3 --
src/providers/krb5/krb5_init_shared.c | 6
src/providers/ldap/ldap_common.c | 45 ---
src/providers/ldap/ldap_common.h | 4 ---
src/util/server.c | 24 +++---
7 files changed, 50 insertions(+), 103 deletions(-)
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 147627b798..a4d99798fc 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -445,6 +445,36 @@ be_register_monitor_iface(struct sbus_connection *conn, struct be_ctx *be_ctx)
return sbus_connection_add_path_map(be_ctx->mon_conn, paths);
}
+static void be_process_finalize(struct tevent_context *ev,
+struct tevent_signal *se,
+int signum,
+int count,
+void *siginfo,
+void *private_data)
+{
+struct be_ctx *be_ctx;
+
+be_ctx = talloc_get_type(private_data, struct be_ctx);
+talloc_free(be_ctx);
+orderly_shutdown(0);
+}
+
+static errno_t be_process_install_sigterm_handler(struct be_ctx *be_ctx)
+{
+struct tevent_signal *sige;
+
+BlockSignals(false, SIGTERM);
+
+sige = tevent_add_signal(be_ctx->ev, be_ctx, SIGTERM, SA_SIGINFO,
+ be_process_finalize, be_ctx);
+if (sige == NULL) {
+DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n");
+return ENOMEM;
+}
+
+return EOK;
+}
+
static void dp_initialized(struct tevent_req *req);
errno_t be_process_init(TALLOC_CTX *mem_ctx,
@@ -545,6 +575,13 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx,
goto done;
}
+/* install signal handler */
+ret = be_process_install_sigterm_handler(be_ctx);
+if (ret != EOK) {
+DEBUG(SSSDBG_CRIT_FAILURE, "be_install_sigterm_handler failed.\n");
+goto done;
+}
+
refresh_interval = be_ctx->domain->refresh_expired_interval;
if (refresh_interval > 0) {
ret = be_ptask_create(be_ctx, be_ctx, refresh_interval, 30, 5, 0,
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index f188dc8415..bfda561c12 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -25,7 +25,6 @@
#include
#include
#include
-#include
#include
#include
@@ -1144,39 +1143,6 @@ void krb5_finalize(struct tevent_context *ev,
orderly_shutdown(0);
}
-errno_t krb5_install_sigterm_handler(struct tevent_context *ev,
- struct krb5_ctx *krb5_ctx)
-{
-const char *krb5_realm;
-char *sig_realm;
-struct tevent_signal *sige;
-
-BlockSignals(false, SIGTERM);
-
-krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
-if (krb5_realm == NULL) {
-DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
-return EINVAL;
-}
-
-sig_realm = talloc_strdup(krb5_ctx, krb5_realm);
-if (sig_realm == NULL) {
-DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
-return ENOMEM;
-}
-
-sige = tevent_add_signal(ev, krb5_ctx, SIGTERM, SA_SIGINFO, krb5_finalize,
- sig_realm);
-if (sige == NULL) {
-DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n");
-talloc_free(sig_realm);
-return ENOMEM;
-}
-talloc_steal(sige, sig_realm);
-
-return EOK;
-}
-
errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
struct sss_domain_info *dom, const char *username,
const char *user_dom, char **_upn)
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
inde
[SSSD] Re: sss_nfs_[ug]id_to_name not properly respecting the libnfsidmap interface
On Wed, Aug 21, 2019 at 02:00:40PM -0700, Richard Sharpe wrote:
> Hi folks,
>
> In the current code downloaded from github I see the following function:
>
> src/sss_client/nfs/sss_nfs_client.c:sss_nfs_uid_to_name:
>
> static int sss_nfs_uid_to_name(uid_t uid, char *domain, char *name, size_t
> len)
> {
> int rc;
>
> if (name == NULL) {
> IDMAP_LOG(0, ("%s: name is null", __func__));
> return -EINVAL;
> }
>
> rc = get_user_from_mc(name, len, uid);
> if (rc != 0) {
> rc = id_to_name(name, len, uid, SSS_NSS_GETPWUID);
> }
>
> log_actual_rc(__func__, rc);
> rc = normalise_rc(rc);
>
> return -rc;
> }
>
> The code does nothing with the domain parameter, however, the
> interface requirement is that if an unqualified name is to be
> returned, perhaps from /etc/passwd, if domain is non null, it should
> be appended to the name to be returned preceded by an '@'.
>
> Eg, administrators@localhost.
>
> The same goes for sss_nfs_gid_to_name.
>
> See, for example, nfs-utils:support/nfsidmap/nss.c:nss_uid_to_name
> which calls write_name to handle appending the local domain name
> passed in if one is not present.
>
> Have I missed something here?
Hi Richard,
thanks for the report I guess we simply assumed that SSSD is configured
to always return fully-qualified names and forgot other other cases.
Would you mind to open a ticket on https://bugzilla.redhat.com or
https://pagure.io/SSSD/sssd/new_issue?
bye,
Sumit
>
> --
> Regards,
> Richard Sharpe
> (何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)
> ___
> sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
> To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#871][-Changes requested] pam: set PAM_USER properly with allow_missing_name
URL: https://github.com/SSSD/sssd/pull/871 Title: #871: pam: set PAM_USER properly with allow_missing_name Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#871][comment] pam: set PAM_USER properly with allow_missing_name
URL: https://github.com/SSSD/sssd/pull/871 Title: #871: pam: set PAM_USER properly with allow_missing_name sumit-bose commented: """ Hi @pbrezina, thanks for the review, pep8 issue is fixed in the latest version. bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/871#issuecomment-523860902 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#871][synchronized] pam: set PAM_USER properly with allow_missing_name
URL: https://github.com/SSSD/sssd/pull/871
Author: sumit-bose
Title: #871: pam: set PAM_USER properly with allow_missing_name
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/871/head:pr871
git checkout pr871
From 53047f6f9f931f5d11ee65fa934622a1ab306625 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 15 Aug 2019 15:01:28 +0200
Subject: [PATCH 1/2] pam: set PAM_USER properly with allow_missing_name
Currently if the allow_missing_name pam_sss option is used PAM_USER is
set to the fully-qualified name only for the files provider it is set to
the short name. This might cause issue with other components expecting
that the value of PAM_USER corresponds to the name returned by the nss
calls getpwnam() and getpwuid().
With this patch PAM_USER is set to the same user name as returned by the
NSS responder. For the communication between pam_sss and SSSD's PAM
responder the fully-qualified name is kept.
Related to https://pagure.io/SSSD/sssd/issue/4069
---
src/responder/pam/pamsrv_p11.c | 35 --
src/sss_client/pam_sss.c | 42 +++
src/tests/cmocka/test_pam_srv.c | 39 ---
src/tests/intg/Makefile.am | 9 ++-
src/tests/intg/test_pam_responder.py | 101 ++-
5 files changed, 193 insertions(+), 33 deletions(-)
diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
index 67fbd89efb..f46e6bff87 100644
--- a/src/responder/pam/pamsrv_p11.c
+++ b/src/responder/pam/pamsrv_p11.c
@@ -1077,6 +1077,7 @@ static char *get_cert_prompt(TALLOC_CTX *mem_ctx,
static errno_t pack_cert_data(TALLOC_CTX *mem_ctx, const char *sysdb_username,
struct cert_auth_info *cert_info,
+ const char *nss_name,
uint8_t **_msg, size_t *_msg_len)
{
uint8_t *msg = NULL;
@@ -1090,12 +1091,18 @@ static errno_t pack_cert_data(TALLOC_CTX *mem_ctx, const char *sysdb_username,
size_t module_len;
size_t key_id_len;
size_t prompt_len;
+size_t nss_name_len;
const char *username = "";
+const char *nss_username = "";
if (sysdb_username != NULL) {
username = sysdb_username;
}
+if (nss_name != NULL) {
+nss_username = nss_name;
+}
+
prompt = get_cert_prompt(mem_ctx, cert_info);
if (prompt == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "get_cert_prompt failed.\n");
@@ -,7 +1118,10 @@ static errno_t pack_cert_data(TALLOC_CTX *mem_ctx, const char *sysdb_username,
module_len = strlen(module_name) + 1;
key_id_len = strlen(key_id) + 1;
prompt_len = strlen(prompt) + 1;
-msg_len = user_len + token_len + module_len + key_id_len + prompt_len;
+nss_name_len = strlen(nss_username) +1;
+
+msg_len = user_len + token_len + module_len + key_id_len + prompt_len
+ + nss_name_len;
msg = talloc_zero_size(mem_ctx, msg_len);
if (msg == NULL) {
@@ -1126,6 +1136,8 @@ static errno_t pack_cert_data(TALLOC_CTX *mem_ctx, const char *sysdb_username,
memcpy(msg + user_len + token_len + module_len, key_id, key_id_len);
memcpy(msg + user_len + token_len + module_len + key_id_len,
prompt, prompt_len);
+memcpy(msg + user_len + token_len + module_len + key_id_len + prompt_len,
+ nss_username, nss_name_len);
talloc_free(prompt);
if (_msg != NULL) {
@@ -1159,6 +1171,8 @@ errno_t add_pam_cert_response(struct pam_data *pd, struct sss_domain_info *dom,
char *short_name = NULL;
char *domain_name = NULL;
const char *cert_info_name = sysdb_username;
+struct sss_domain_info *user_dom;
+char *nss_name = NULL;
if (type != SSS_PAM_CERT_INFO && type != SSS_PAM_CERT_INFO_WITH_HINT) {
@@ -1194,15 +1208,24 @@ errno_t add_pam_cert_response(struct pam_data *pd, struct sss_domain_info *dom,
"using full name.\n",
sysdb_username, ret, sss_strerror(ret));
} else {
-if (domain_name != NULL
-&& is_files_provider(find_domain_by_name(dom, domain_name,
- false))) {
-cert_info_name = short_name;
+if (domain_name != NULL) {
+user_dom = find_domain_by_name(dom, domain_name, false);
+
+if (user_dom != NULL) {
+ret = sss_output_fqname(short_name, user_dom,
+sysdb_username, false, &nss_name);
+if (ret != EOK) {
+nss_name = NULL;
+}
+}
}
+
}
}
-ret = pack_cert_data(pd, cert_info_name, cert_info, &msg, &msg_len);
+ret = pack_cert_data(pd, cert_info_name, cert_info,
+ nss_name != NULL ? nss_nam
[SSSD] [sssd PR#866][comment] autofs: do not enumerate when only single entry is requested
URL: https://github.com/SSSD/sssd/pull/866 Title: #866: autofs: do not enumerate when only single entry is requested pbrezina commented: """ There would be some conflict in cache_req conversion and then in data provider where we now use sbus2. But in general, I think it is possible. Given the amount of change required, I think we can leave it as 2.* feature only. """ See the full comment at https://github.com/SSSD/sssd/pull/866#issuecomment-523837002 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#873][comment] pytest: Use idm:DL1 module to install 389-ds
URL: https://github.com/SSSD/sssd/pull/873 Title: #873: pytest: Use idm:DL1 module to install 389-ds mrniranjan commented: """ @jhrozek @mzidek-rh please review. This change was already done in downstream and passed in osci pipeline. """ See the full comment at https://github.com/SSSD/sssd/pull/873#issuecomment-523821258 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#873][comment] pytest: Use idm:DL1 module to install 389-ds
URL: https://github.com/SSSD/sssd/pull/873 Title: #873: pytest: Use idm:DL1 module to install 389-ds centos-ci commented: """ Can one of the admins verify this patch? """ See the full comment at https://github.com/SSSD/sssd/pull/873#issuecomment-523821045 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#866][comment] autofs: do not enumerate when only single entry is requested
URL: https://github.com/SSSD/sssd/pull/866 Title: #866: autofs: do not enumerate when only single entry is requested jhrozek commented: """ @pbrezina do you think this patchset is backportable to sssd-1-16 at all? """ See the full comment at https://github.com/SSSD/sssd/pull/866#issuecomment-523820577 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#872][comment] BE: Invalid oprator used in condition
URL: https://github.com/SSSD/sssd/pull/872 Title: #872: BE: Invalid oprator used in condition pbrezina commented: """ Obvious ack. """ See the full comment at https://github.com/SSSD/sssd/pull/872#issuecomment-523816174 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#872][+Accepted] BE: Invalid oprator used in condition
URL: https://github.com/SSSD/sssd/pull/872 Title: #872: BE: Invalid oprator used in condition Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#871][+Changes requested] pam: set PAM_USER properly with allow_missing_name
URL: https://github.com/SSSD/sssd/pull/871 Title: #871: pam: set PAM_USER properly with allow_missing_name Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#871][comment] pam: set PAM_USER properly with allow_missing_name
URL: https://github.com/SSSD/sssd/pull/871 Title: #871: pam: set PAM_USER properly with allow_missing_name pbrezina commented: """ Otherwise the code looks good. """ See the full comment at https://github.com/SSSD/sssd/pull/871#issuecomment-523815185 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#871][comment] pam: set PAM_USER properly with allow_missing_name
URL: https://github.com/SSSD/sssd/pull/871 Title: #871: pam: set PAM_USER properly with allow_missing_name pbrezina commented: """ pep8 failure: ``` ./src/tests/intg/test_pam_responder.py:647:80: E501 line too long (81 > 79 characters) ``` """ See the full comment at https://github.com/SSSD/sssd/pull/871#issuecomment-523815065 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#870][+Accepted] pam: do not accept empty PIN
URL: https://github.com/SSSD/sssd/pull/870 Title: #870: pam: do not accept empty PIN Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#870][comment] pam: do not accept empty PIN
URL: https://github.com/SSSD/sssd/pull/870 Title: #870: pam: do not accept empty PIN pbrezina commented: """ Thank you. Ack, """ See the full comment at https://github.com/SSSD/sssd/pull/870#issuecomment-523813780 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#869][comment] pam: keep pin on the PAM stack for forward_pass
URL: https://github.com/SSSD/sssd/pull/869 Title: #869: pam: keep pin on the PAM stack for forward_pass pbrezina commented: """ Thank you. Ack. """ See the full comment at https://github.com/SSSD/sssd/pull/869#issuecomment-523813479 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#869][+Accepted] pam: keep pin on the PAM stack for forward_pass
URL: https://github.com/SSSD/sssd/pull/869 Title: #869: pam: keep pin on the PAM stack for forward_pass Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
