[SSSD] [sssd PR#5303][comment] tests: run TIER-0 multihost tests in PRCI
URL: https://github.com/SSSD/sssd/pull/5303 Title: #5303: tests: run TIER-0 multihost tests in PRCI mrniranjan commented: """ @pbrezina i am looking in to this issue. will update as soon as possible. """ See the full comment at https://github.com/SSSD/sssd/pull/5303#issuecomment-693828714 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][comment] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Title: #5226: python/pysss_nss_idmap: check return from functions alexey-tikhonov commented: """ Thank you. ACK. """ See the full comment at https://github.com/SSSD/sssd/pull/5226#issuecomment-693559497 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][+Accepted] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Title: #5226: python/pysss_nss_idmap: check return from functions Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][-Waiting for review] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Title: #5226: python/pysss_nss_idmap: check return from functions Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5319][opened] Covscan cleanup
URL: https://github.com/SSSD/sssd/pull/5319 Author: alexey-tikhonov Title: #5319: Covscan cleanup Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5319/head:pr5319 git checkout pr5319 From a07676cf85f4721bb5d7bb59fe5ffcd53788e6ea Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Tue, 15 Sep 2020 20:00:26 +0200 Subject: [PATCH 1/6] PAM responder: fixed compliantion warning Fixed following warning: ``` Error: CLANG_WARNING: sssd-2.3.2/src/responder/pam/pamsrv_cmd.c:982:9: warning: Access to field 'cache_credentials' results in a dereference of a null pointer (loaded from field 'domain') #preq->domain->cache_credentials && #^ ~~ ``` --- src/responder/pam/pamsrv_cmd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index ba8a1b848a..1d02514979 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -979,6 +979,7 @@ static void pam_reply(struct pam_auth_req *preq) /* If this was a successful login, save the lastLogin time */ if (pd->cmd == SSS_PAM_AUTHENTICATE && pd->pam_status == PAM_SUCCESS && +preq->domain && preq->domain->cache_credentials && !pd->offline_auth && !pd->last_auth_saved && From 0e01def7b7414b8f0947126ce761e405a9b4b4e0 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Wed, 16 Sep 2020 11:20:01 +0200 Subject: [PATCH 2/6] KCM: supress false positive cppcheck warnings Supress a bunch of warnings like this: ``` Error: CPPCHECK_WARNING (CWE-456): sssd-2.3.2/src/responder/kcm/kcmsrv_ccache_json.c:154: error[uninitvar]: Uninitialized variable: key_uuid # 152| uuid_t key_uuid; # 153| # 154|-> ret = sec_key_get_uuid(sec_key, key_uuid); # 155| if (ret != EOK) { # 156| DEBUG(SSSDBG_MINOR_FAILURE, "Cannot convert key to UUID\n"); ``` Those are clearly false positives as in all those places `uuid` is output arg and isn't read in following execution flow. "cppcheck" fails to detect this because `uuid_t` and uuid_parse()/uuid_copy() are opaquie for analyzer. There is no sane way to initialize uuid_t in a way that would please cppcheck. Moreover, it doesn't make sense to do so from performance point of view. Hence suppression. --- src/responder/kcm/kcmsrv_ccache_json.c | 4 src/responder/kcm/kcmsrv_ops.c | 24 2 files changed, 28 insertions(+) diff --git a/src/responder/kcm/kcmsrv_ccache_json.c b/src/responder/kcm/kcmsrv_ccache_json.c index 72e24c4304..3e2303fe47 100644 --- a/src/responder/kcm/kcmsrv_ccache_json.c +++ b/src/responder/kcm/kcmsrv_ccache_json.c @@ -151,6 +151,10 @@ bool sec_key_match_uuid(const char *sec_key, errno_t ret; uuid_t key_uuid; +/* `key_uuid` is output arg and isn't read in sec_key_get_uuid() but + * since libuuid is opaquie for cppcheck it generates false positive here + */ +/* cppcheck-suppress uninitvar */ ret = sec_key_get_uuid(sec_key, key_uuid); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot convert key to UUID\n"); diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c index 1fc21453eb..5d890e9f4a 100644 --- a/src/responder/kcm/kcmsrv_ops.c +++ b/src/responder/kcm/kcmsrv_ops.c @@ -468,6 +468,10 @@ static void kcm_op_initialize_got_byname(struct tevent_req *subreq) return; } +/* `uuid` is output arg and isn't read in kcm_cc_get_uuid() but + * since libuuid is opaquie for cppcheck it generates false positive here + */ +/* cppcheck-suppress uninitvar */ ret = kcm_cc_get_uuid(state->new_cc, uuid); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, @@ -528,6 +532,10 @@ static void kcm_op_initialize_fill_princ_step(struct tevent_req *req) } mod_ctx->client = state->princ; +/* `uuid` is output arg and isn't read in kcm_cc_get_uuid() but + * since libuuid is opaquie for cppcheck it generates false positive here + */ +/* cppcheck-suppress uninitvar */ ret = kcm_cc_get_uuid(state->new_cc, uuid); if (ret != EOK) { tevent_req_error(req, ret); @@ -660,6 +668,10 @@ static void kcm_op_initialize_got_default(struct tevent_req *subreq) /* If there was a previous default ccache, switch to the initialized * one by default */ +/* `dfl_uuid` is output arg and isn't read in kcm_cc_get_uuid() but + * since libuuid is opaquie for cppcheck it generates false positive here + */ +/* cppcheck-suppress uninitvar */ ret = kcm_cc_get_uuid(state->new_cc, dfl_uuid); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, @@ -773,6 +785,10 @@ static void kcm_op_destroy_getbyname_done(struct tevent_req *subreq) struct kcm_op_common_stat
[SSSD] [sssd PR#5318][comment] enable files domain in copr builds for testing
URL: https://github.com/SSSD/sssd/pull/5318 Title: #5318: enable files domain in copr builds for testing alexey-tikhonov commented: """ LGTM """ See the full comment at https://github.com/SSSD/sssd/pull/5318#issuecomment-693505930 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5318][opened] enable files domain in copr builds for testing
URL: https://github.com/SSSD/sssd/pull/5318 Author: sgoveas Title: #5318: enable files domain in copr builds for testing Action: opened PR body: """ Tests against copr build fail without this option enabled Signed-off-by: Steeve Goveas """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5318/head:pr5318 git checkout pr5318 From 6196f23f548fdc9dd600f1d38495350561bd7459 Mon Sep 17 00:00:00 2001 From: Steeve Goveas Date: Wed, 16 Sep 2020 21:11:40 +0530 Subject: [PATCH] enable files domain in copr builds for testing Tests against copr build fail without this option enabled Signed-off-by: Steeve Goveas --- contrib/sssd.spec.in | 7 +++ 1 file changed, 7 insertions(+) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 545ee71d0e..13b04aac57 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -65,6 +65,10 @@ %global use_systemd 1 %endif +%if (0%{?fedora} || 0%{?rhel} >= 8) +%global enable_files_domain 1 +%endif + # on Fedora and RHEL7 p11_child needs a polkit config snippet to be allowed to # talk to pcscd if SSSD runs as unprivileged user %if (%{with sssd_user} && (0%{?fedora} || 0%{?rhel} >= 7)) @@ -788,6 +792,9 @@ autoreconf -ivf --disable-rpath \ %if %{with sssd_user} --with-sssd-user=sssd \ +%endif +%if (0%{?enable_files_domain} == 1) +--enable-files-domain \ %endif %{with_initscript} \ %{?with_syslog} \ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][synchronized] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Author: ikerexxe Title: #5226: python/pysss_nss_idmap: check return from functions Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5226/head:pr5226 git checkout pr5226 From fc7412f5dd0c1629a2090c8aa6f7d34189e10c66 Mon Sep 17 00:00:00 2001 From: ikerexxe Date: Wed, 9 Sep 2020 09:59:32 +0200 Subject: [PATCH 1/4] util/sss_python: change MODINITERROR to dereference module Change MODINITERROR macro to dereference module when PyModule_* interfaces report some type of failure. --- src/python/pyhbac.c | 64 +++- src/python/pysss.c | 10 +++--- src/python/pysss_murmur.c| 5 +-- src/python/pysss_nss_idmap.c | 5 +-- src/util/sss_python.h| 27 +++ 5 files changed, 80 insertions(+), 31 deletions(-) diff --git a/src/python/pyhbac.c b/src/python/pyhbac.c index 99d9bb0451..9ee016b402 100644 --- a/src/python/pyhbac.c +++ b/src/python/pyhbac.c @@ -1940,7 +1940,9 @@ initpyhbac(void) m = Py_InitModule(sss_py_const_p(char, PYTHON_MODULE_NAME), pyhbac_module_methods); #endif -if (m == NULL) MODINITERROR; +if (m == NULL) { +MODINITERROR(NULL); +} /* The HBAC module exception */ PyExc_HbacError = sss_exception_with_doc( @@ -1948,43 +1950,73 @@ initpyhbac(void) PyExc_EnvironmentError, NULL); Py_INCREF(PyExc_HbacError); ret = PyModule_AddObject(m, sss_py_const_p(char, "HbacError"), PyExc_HbacError); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} /* HBAC rule categories */ ret = PyModule_AddIntMacro(m, HBAC_CATEGORY_NULL); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_CATEGORY_ALL); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} /* HBAC rule elements */ ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_USERS); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_SERVICES); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_TARGETHOSTS); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_SOURCEHOSTS); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} /* enum hbac_eval_result */ ret = PyModule_AddIntMacro(m, HBAC_EVAL_ALLOW); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_EVAL_DENY); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_EVAL_ERROR); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} /* enum hbac_error_code */ ret = PyModule_AddIntMacro(m, HBAC_ERROR_UNKNOWN); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_SUCCESS); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_ERROR_NOT_IMPLEMENTED); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_ERROR_OUT_OF_MEMORY); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_ERROR_UNPARSEABLE_RULE); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} TYPE_READY(m, pyhbac_hbacrule_type, "HbacRule"); TYPE_READY(m, pyhbac_hbacrule_element_type, "HbacRuleElement"); diff --git a/src/python/pysss.c b/src/python/pysss.c index 4a0aca0666..1e80975a6f 100644 --- a/src/python/pysss.c +++ b/src/python/pysss.c @@ -333,16 +333,18 @@ initpysss(void) { PyObject *m; -if (PyType_Ready(&pysss_password_type) < 0) -MODINITERROR; +if (PyType_Ready(&pysss_password_type) < 0) { +MODINITERROR(NULL); +} #ifdef IS_PY3K m = PyModule_Create(&pysssdef); #else m = Py_InitModule(discard_const_p(char, "pysss"), module_methods); #endif -if (m == NULL) -MODINITERROR; +if (m == NULL){ +MODINITERROR(NULL); +} Py_INCREF(&pysss_password_type); PyModule_AddObject(m, discard_const_p(char, "password"), (PyObject *)&pysss_password_type); diff --git a/src/python/pysss_murmur.c b/src/python/pysss_murmur.c index 4db773c84a..f20e5cf289 100644 --- a/src/python/pysss_murmur.c +++ b/src/python/pysss_murmur.c @@ -91,8 +91,9 @@ initpysss_murmur(void) m = Py_InitModule3(sss_py_con
[SSSD] [sssd PR#5226][synchronized] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Author: ikerexxe Title: #5226: python/pysss_nss_idmap: check return from functions Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5226/head:pr5226 git checkout pr5226 From fcd18fa046d3e5cc1269fd7e9fa2295665f0df96 Mon Sep 17 00:00:00 2001 From: ikerexxe Date: Wed, 9 Sep 2020 09:59:32 +0200 Subject: [PATCH 1/4] util/sss_python: change MODINITERROR to dereference module Change MODINITERROR macro to dereference module when PyModule_* interfaces report some type of failure. --- src/python/pyhbac.c | 64 +++- src/python/pysss.c | 10 +++--- src/python/pysss_murmur.c| 5 +-- src/python/pysss_nss_idmap.c | 5 +-- src/util/sss_python.h| 27 +++ 5 files changed, 80 insertions(+), 31 deletions(-) diff --git a/src/python/pyhbac.c b/src/python/pyhbac.c index 99d9bb0451..9ee016b402 100644 --- a/src/python/pyhbac.c +++ b/src/python/pyhbac.c @@ -1940,7 +1940,9 @@ initpyhbac(void) m = Py_InitModule(sss_py_const_p(char, PYTHON_MODULE_NAME), pyhbac_module_methods); #endif -if (m == NULL) MODINITERROR; +if (m == NULL) { +MODINITERROR(NULL); +} /* The HBAC module exception */ PyExc_HbacError = sss_exception_with_doc( @@ -1948,43 +1950,73 @@ initpyhbac(void) PyExc_EnvironmentError, NULL); Py_INCREF(PyExc_HbacError); ret = PyModule_AddObject(m, sss_py_const_p(char, "HbacError"), PyExc_HbacError); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} /* HBAC rule categories */ ret = PyModule_AddIntMacro(m, HBAC_CATEGORY_NULL); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_CATEGORY_ALL); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} /* HBAC rule elements */ ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_USERS); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_SERVICES); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_TARGETHOSTS); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_SOURCEHOSTS); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} /* enum hbac_eval_result */ ret = PyModule_AddIntMacro(m, HBAC_EVAL_ALLOW); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_EVAL_DENY); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_EVAL_ERROR); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} /* enum hbac_error_code */ ret = PyModule_AddIntMacro(m, HBAC_ERROR_UNKNOWN); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_SUCCESS); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_ERROR_NOT_IMPLEMENTED); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_ERROR_OUT_OF_MEMORY); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_ERROR_UNPARSEABLE_RULE); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} TYPE_READY(m, pyhbac_hbacrule_type, "HbacRule"); TYPE_READY(m, pyhbac_hbacrule_element_type, "HbacRuleElement"); diff --git a/src/python/pysss.c b/src/python/pysss.c index 4a0aca0666..1e80975a6f 100644 --- a/src/python/pysss.c +++ b/src/python/pysss.c @@ -333,16 +333,18 @@ initpysss(void) { PyObject *m; -if (PyType_Ready(&pysss_password_type) < 0) -MODINITERROR; +if (PyType_Ready(&pysss_password_type) < 0) { +MODINITERROR(NULL); +} #ifdef IS_PY3K m = PyModule_Create(&pysssdef); #else m = Py_InitModule(discard_const_p(char, "pysss"), module_methods); #endif -if (m == NULL) -MODINITERROR; +if (m == NULL){ +MODINITERROR(NULL); +} Py_INCREF(&pysss_password_type); PyModule_AddObject(m, discard_const_p(char, "password"), (PyObject *)&pysss_password_type); diff --git a/src/python/pysss_murmur.c b/src/python/pysss_murmur.c index 4db773c84a..f20e5cf289 100644 --- a/src/python/pysss_murmur.c +++ b/src/python/pysss_murmur.c @@ -91,8 +91,9 @@ initpysss_murmur(void) m = Py_InitModule3(sss_py_con
[SSSD] [sssd PR#5226][reopened] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Author: ikerexxe Title: #5226: python/pysss_nss_idmap: check return from functions Action: reopened To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5226/head:pr5226 git checkout pr5226 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][closed] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Author: ikerexxe Title: #5226: python/pysss_nss_idmap: check return from functions Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5226/head:pr5226 git checkout pr5226 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][comment] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Title: #5226: python/pysss_nss_idmap: check return from functions alexey-tikhonov commented: """ Thank you for the updated version. Please see a couple of comments inline. """ See the full comment at https://github.com/SSSD/sssd/pull/5226#issuecomment-693396748 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][+Waiting for review] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Title: #5226: python/pysss_nss_idmap: check return from functions Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][-Changes requested] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Title: #5226: python/pysss_nss_idmap: check return from functions Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5317][-Waiting for review] CLIENT:PAM: fixed missed return check
URL: https://github.com/SSSD/sssd/pull/5317 Title: #5317: CLIENT:PAM: fixed missed return check Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5317][+Accepted] CLIENT:PAM: fixed missed return check
URL: https://github.com/SSSD/sssd/pull/5317 Title: #5317: CLIENT:PAM: fixed missed return check Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5317][comment] CLIENT:PAM: fixed missed return check
URL: https://github.com/SSSD/sssd/pull/5317 Title: #5317: CLIENT:PAM: fixed missed return check ikerexxe commented: """ LGTM """ See the full comment at https://github.com/SSSD/sssd/pull/5317#issuecomment-693335763 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5317][+Waiting for review] CLIENT:PAM: fixed missed return check
URL: https://github.com/SSSD/sssd/pull/5317 Title: #5317: CLIENT:PAM: fixed missed return check Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][synchronized] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Author: ikerexxe Title: #5226: python/pysss_nss_idmap: check return from functions Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5226/head:pr5226 git checkout pr5226 From 4773a515b102fa371ff025ec42ee2ecbcc10df4a Mon Sep 17 00:00:00 2001 From: ikerexxe Date: Wed, 9 Sep 2020 09:59:32 +0200 Subject: [PATCH 1/4] util/sss_python: change MODINITERROR to dereference module Change MODINITERROR macro to dereference module when PyModule_* interfaces report some type of failure. --- src/python/pyhbac.c | 64 +++- src/python/pysss.c | 10 +++--- src/python/pysss_murmur.c| 5 +-- src/python/pysss_nss_idmap.c | 5 +-- src/util/sss_python.h| 25 ++ 5 files changed, 78 insertions(+), 31 deletions(-) diff --git a/src/python/pyhbac.c b/src/python/pyhbac.c index 99d9bb0451..9ee016b402 100644 --- a/src/python/pyhbac.c +++ b/src/python/pyhbac.c @@ -1940,7 +1940,9 @@ initpyhbac(void) m = Py_InitModule(sss_py_const_p(char, PYTHON_MODULE_NAME), pyhbac_module_methods); #endif -if (m == NULL) MODINITERROR; +if (m == NULL) { +MODINITERROR(NULL); +} /* The HBAC module exception */ PyExc_HbacError = sss_exception_with_doc( @@ -1948,43 +1950,73 @@ initpyhbac(void) PyExc_EnvironmentError, NULL); Py_INCREF(PyExc_HbacError); ret = PyModule_AddObject(m, sss_py_const_p(char, "HbacError"), PyExc_HbacError); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} /* HBAC rule categories */ ret = PyModule_AddIntMacro(m, HBAC_CATEGORY_NULL); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_CATEGORY_ALL); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} /* HBAC rule elements */ ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_USERS); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_SERVICES); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_TARGETHOSTS); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_SOURCEHOSTS); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} /* enum hbac_eval_result */ ret = PyModule_AddIntMacro(m, HBAC_EVAL_ALLOW); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_EVAL_DENY); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_EVAL_ERROR); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} /* enum hbac_error_code */ ret = PyModule_AddIntMacro(m, HBAC_ERROR_UNKNOWN); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_SUCCESS); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_ERROR_NOT_IMPLEMENTED); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_ERROR_OUT_OF_MEMORY); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} ret = PyModule_AddIntMacro(m, HBAC_ERROR_UNPARSEABLE_RULE); -if (ret == -1) MODINITERROR; +if (ret == -1) { +MODINITERROR(m); +} TYPE_READY(m, pyhbac_hbacrule_type, "HbacRule"); TYPE_READY(m, pyhbac_hbacrule_element_type, "HbacRuleElement"); diff --git a/src/python/pysss.c b/src/python/pysss.c index 4a0aca0666..1e80975a6f 100644 --- a/src/python/pysss.c +++ b/src/python/pysss.c @@ -333,16 +333,18 @@ initpysss(void) { PyObject *m; -if (PyType_Ready(&pysss_password_type) < 0) -MODINITERROR; +if (PyType_Ready(&pysss_password_type) < 0) { +MODINITERROR(NULL); +} #ifdef IS_PY3K m = PyModule_Create(&pysssdef); #else m = Py_InitModule(discard_const_p(char, "pysss"), module_methods); #endif -if (m == NULL) -MODINITERROR; +if (m == NULL){ +MODINITERROR(NULL); +} Py_INCREF(&pysss_password_type); PyModule_AddObject(m, discard_const_p(char, "password"), (PyObject *)&pysss_password_type); diff --git a/src/python/pysss_murmur.c b/src/python/pysss_murmur.c index 4db773c84a..f20e5cf289 100644 --- a/src/python/pysss_murmur.c +++ b/src/python/pysss_murmur.c @@ -91,8 +91,9 @@ initpysss_murmur(void) m = Py_InitModule3(sss_py_cons
[SSSD] [sssd PR#5252][-Changes requested] Add offline_timeout_max option to control offline interval backoff
URL: https://github.com/SSSD/sssd/pull/5252 Title: #5252: Add offline_timeout_max option to control offline interval backoff Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5252][+Waiting for review] Add offline_timeout_max option to control offline interval backoff
URL: https://github.com/SSSD/sssd/pull/5252 Title: #5252: Add offline_timeout_max option to control offline interval backoff Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5317][opened] CLIENT:PAM: fixed missed return check
URL: https://github.com/SSSD/sssd/pull/5317 Author: alexey-tikhonov Title: #5317: CLIENT:PAM: fixed missed return check Action: opened PR body: """ Return code of `prompt_2fa()` wasn't checked and thus its fail wasn't properly processed. Spotted with a help of following warning: ``` Error: CLANG_WARNING: sssd-2.3.2/src/sss_client/pam_sss.c:2355:21: warning: Value stored to 'ret' is never read #ret = prompt_2fa(pamh, pi, _("First Factor (Current Password): "), #^ ``` """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5317/head:pr5317 git checkout pr5317 From e402bd9df32ce2711fe2dd1f13e30c372a5f9f2d Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Wed, 16 Sep 2020 09:56:49 +0200 Subject: [PATCH] CLIENT:PAM: fixed missed return check Return code of `prompt_2fa()` wasn't checked and thus its fail wasn't properly processed. Spotted with a help of following warning: ``` Error: CLANG_WARNING: sssd-2.3.2/src/sss_client/pam_sss.c:2355:21: warning: Value stored to 'ret' is never read #ret = prompt_2fa(pamh, pi, _("First Factor (Current Password): "), #^ ``` --- src/sss_client/pam_sss.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index 6a3ba2f505..b844d257e1 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -2357,10 +2357,10 @@ static int get_authtok_for_password_change(pam_handle_t *pamh, } } else { ret = prompt_password(pamh, pi, _("Current Password: ")); -if (ret != PAM_SUCCESS) { -D(("failed to get password from user")); -return ret; -} +} +if (ret != PAM_SUCCESS) { +D(("failed to get credentials from user")); +return ret; } ret = pam_set_item(pamh, PAM_OLDAUTHTOK, pi->pam_authtok); ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org