[SSSD] [sssd PR#5303][comment] tests: run TIER-0 multihost tests in PRCI
URL: https://github.com/SSSD/sssd/pull/5303 Title: #5303: tests: run TIER-0 multihost tests in PRCI mrniranjan commented: """ @pbrezina i am looking in to this issue. will update as soon as possible. """ See the full comment at https://github.com/SSSD/sssd/pull/5303#issuecomment-693828714 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][comment] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Title: #5226: python/pysss_nss_idmap: check return from functions alexey-tikhonov commented: """ Thank you. ACK. """ See the full comment at https://github.com/SSSD/sssd/pull/5226#issuecomment-693559497 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][+Accepted] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Title: #5226: python/pysss_nss_idmap: check return from functions Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][-Waiting for review] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Title: #5226: python/pysss_nss_idmap: check return from functions Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5319][opened] Covscan cleanup
URL: https://github.com/SSSD/sssd/pull/5319
Author: alexey-tikhonov
Title: #5319: Covscan cleanup
Action: opened
PR body:
"""
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5319/head:pr5319
git checkout pr5319
From a07676cf85f4721bb5d7bb59fe5ffcd53788e6ea Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov
Date: Tue, 15 Sep 2020 20:00:26 +0200
Subject: [PATCH 1/6] PAM responder: fixed compliantion warning
Fixed following warning:
```
Error: CLANG_WARNING:
sssd-2.3.2/src/responder/pam/pamsrv_cmd.c:982:9: warning: Access to field 'cache_credentials' results in a dereference of a null pointer (loaded from field 'domain')
#preq->domain->cache_credentials &&
#^ ~~
```
---
src/responder/pam/pamsrv_cmd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index ba8a1b848a..1d02514979 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -979,6 +979,7 @@ static void pam_reply(struct pam_auth_req *preq)
/* If this was a successful login, save the lastLogin time */
if (pd->cmd == SSS_PAM_AUTHENTICATE &&
pd->pam_status == PAM_SUCCESS &&
+preq->domain &&
preq->domain->cache_credentials &&
!pd->offline_auth &&
!pd->last_auth_saved &&
From 0e01def7b7414b8f0947126ce761e405a9b4b4e0 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov
Date: Wed, 16 Sep 2020 11:20:01 +0200
Subject: [PATCH 2/6] KCM: supress false positive cppcheck warnings
Supress a bunch of warnings like this:
```
Error: CPPCHECK_WARNING (CWE-456):
sssd-2.3.2/src/responder/kcm/kcmsrv_ccache_json.c:154: error[uninitvar]: Uninitialized variable: key_uuid
# 152| uuid_t key_uuid;
# 153|
# 154|-> ret = sec_key_get_uuid(sec_key, key_uuid);
# 155| if (ret != EOK) {
# 156| DEBUG(SSSDBG_MINOR_FAILURE, "Cannot convert key to UUID\n");
```
Those are clearly false positives as in all those places `uuid` is output arg and
isn't read in following execution flow. "cppcheck" fails to detect this because
`uuid_t` and uuid_parse()/uuid_copy() are opaquie for analyzer.
There is no sane way to initialize uuid_t in a way that would please cppcheck.
Moreover, it doesn't make sense to do so from performance point of view.
Hence suppression.
---
src/responder/kcm/kcmsrv_ccache_json.c | 4
src/responder/kcm/kcmsrv_ops.c | 24
2 files changed, 28 insertions(+)
diff --git a/src/responder/kcm/kcmsrv_ccache_json.c b/src/responder/kcm/kcmsrv_ccache_json.c
index 72e24c4304..3e2303fe47 100644
--- a/src/responder/kcm/kcmsrv_ccache_json.c
+++ b/src/responder/kcm/kcmsrv_ccache_json.c
@@ -151,6 +151,10 @@ bool sec_key_match_uuid(const char *sec_key,
errno_t ret;
uuid_t key_uuid;
+/* `key_uuid` is output arg and isn't read in sec_key_get_uuid() but
+ * since libuuid is opaquie for cppcheck it generates false positive here
+ */
+/* cppcheck-suppress uninitvar */
ret = sec_key_get_uuid(sec_key, key_uuid);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE, "Cannot convert key to UUID\n");
diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c
index 1fc21453eb..5d890e9f4a 100644
--- a/src/responder/kcm/kcmsrv_ops.c
+++ b/src/responder/kcm/kcmsrv_ops.c
@@ -468,6 +468,10 @@ static void kcm_op_initialize_got_byname(struct tevent_req *subreq)
return;
}
+/* `uuid` is output arg and isn't read in kcm_cc_get_uuid() but
+ * since libuuid is opaquie for cppcheck it generates false positive here
+ */
+/* cppcheck-suppress uninitvar */
ret = kcm_cc_get_uuid(state->new_cc, uuid);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
@@ -528,6 +532,10 @@ static void kcm_op_initialize_fill_princ_step(struct tevent_req *req)
}
mod_ctx->client = state->princ;
+/* `uuid` is output arg and isn't read in kcm_cc_get_uuid() but
+ * since libuuid is opaquie for cppcheck it generates false positive here
+ */
+/* cppcheck-suppress uninitvar */
ret = kcm_cc_get_uuid(state->new_cc, uuid);
if (ret != EOK) {
tevent_req_error(req, ret);
@@ -660,6 +668,10 @@ static void kcm_op_initialize_got_default(struct tevent_req *subreq)
/* If there was a previous default ccache, switch to the initialized
* one by default
*/
+/* `dfl_uuid` is output arg and isn't read in kcm_cc_get_uuid() but
+ * since libuuid is opaquie for cppcheck it generates false positive here
+ */
+/* cppcheck-suppress uninitvar */
ret = kcm_cc_get_uuid(state->new_cc, dfl_uuid);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
@@ -773,6 +785,10 @@ static void kcm_op_destroy_getbyname_done(struct tevent_req *subreq)
struct kcm_op_common_stat
[SSSD] [sssd PR#5318][comment] enable files domain in copr builds for testing
URL: https://github.com/SSSD/sssd/pull/5318 Title: #5318: enable files domain in copr builds for testing alexey-tikhonov commented: """ LGTM """ See the full comment at https://github.com/SSSD/sssd/pull/5318#issuecomment-693505930 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5318][opened] enable files domain in copr builds for testing
URL: https://github.com/SSSD/sssd/pull/5318
Author: sgoveas
Title: #5318: enable files domain in copr builds for testing
Action: opened
PR body:
"""
Tests against copr build fail without this option enabled
Signed-off-by: Steeve Goveas
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5318/head:pr5318
git checkout pr5318
From 6196f23f548fdc9dd600f1d38495350561bd7459 Mon Sep 17 00:00:00 2001
From: Steeve Goveas
Date: Wed, 16 Sep 2020 21:11:40 +0530
Subject: [PATCH] enable files domain in copr builds for testing
Tests against copr build fail without this option enabled
Signed-off-by: Steeve Goveas
---
contrib/sssd.spec.in | 7 +++
1 file changed, 7 insertions(+)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 545ee71d0e..13b04aac57 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -65,6 +65,10 @@
%global use_systemd 1
%endif
+%if (0%{?fedora} || 0%{?rhel} >= 8)
+%global enable_files_domain 1
+%endif
+
# on Fedora and RHEL7 p11_child needs a polkit config snippet to be allowed to
# talk to pcscd if SSSD runs as unprivileged user
%if (%{with sssd_user} && (0%{?fedora} || 0%{?rhel} >= 7))
@@ -788,6 +792,9 @@ autoreconf -ivf
--disable-rpath \
%if %{with sssd_user}
--with-sssd-user=sssd \
+%endif
+%if (0%{?enable_files_domain} == 1)
+--enable-files-domain \
%endif
%{with_initscript} \
%{?with_syslog} \
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][synchronized] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226
Author: ikerexxe
Title: #5226: python/pysss_nss_idmap: check return from functions
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5226/head:pr5226
git checkout pr5226
From fc7412f5dd0c1629a2090c8aa6f7d34189e10c66 Mon Sep 17 00:00:00 2001
From: ikerexxe
Date: Wed, 9 Sep 2020 09:59:32 +0200
Subject: [PATCH 1/4] util/sss_python: change MODINITERROR to dereference
module
Change MODINITERROR macro to dereference module when PyModule_*
interfaces report some type of failure.
---
src/python/pyhbac.c | 64 +++-
src/python/pysss.c | 10 +++---
src/python/pysss_murmur.c| 5 +--
src/python/pysss_nss_idmap.c | 5 +--
src/util/sss_python.h| 27 +++
5 files changed, 80 insertions(+), 31 deletions(-)
diff --git a/src/python/pyhbac.c b/src/python/pyhbac.c
index 99d9bb0451..9ee016b402 100644
--- a/src/python/pyhbac.c
+++ b/src/python/pyhbac.c
@@ -1940,7 +1940,9 @@ initpyhbac(void)
m = Py_InitModule(sss_py_const_p(char, PYTHON_MODULE_NAME),
pyhbac_module_methods);
#endif
-if (m == NULL) MODINITERROR;
+if (m == NULL) {
+MODINITERROR(NULL);
+}
/* The HBAC module exception */
PyExc_HbacError = sss_exception_with_doc(
@@ -1948,43 +1950,73 @@ initpyhbac(void)
PyExc_EnvironmentError, NULL);
Py_INCREF(PyExc_HbacError);
ret = PyModule_AddObject(m, sss_py_const_p(char, "HbacError"), PyExc_HbacError);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
/* HBAC rule categories */
ret = PyModule_AddIntMacro(m, HBAC_CATEGORY_NULL);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_CATEGORY_ALL);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
/* HBAC rule elements */
ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_USERS);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_SERVICES);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_TARGETHOSTS);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_SOURCEHOSTS);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
/* enum hbac_eval_result */
ret = PyModule_AddIntMacro(m, HBAC_EVAL_ALLOW);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_EVAL_DENY);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_EVAL_ERROR);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
/* enum hbac_error_code */
ret = PyModule_AddIntMacro(m, HBAC_ERROR_UNKNOWN);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_SUCCESS);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_ERROR_NOT_IMPLEMENTED);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_ERROR_OUT_OF_MEMORY);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_ERROR_UNPARSEABLE_RULE);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
TYPE_READY(m, pyhbac_hbacrule_type, "HbacRule");
TYPE_READY(m, pyhbac_hbacrule_element_type, "HbacRuleElement");
diff --git a/src/python/pysss.c b/src/python/pysss.c
index 4a0aca0666..1e80975a6f 100644
--- a/src/python/pysss.c
+++ b/src/python/pysss.c
@@ -333,16 +333,18 @@ initpysss(void)
{
PyObject *m;
-if (PyType_Ready(&pysss_password_type) < 0)
-MODINITERROR;
+if (PyType_Ready(&pysss_password_type) < 0) {
+MODINITERROR(NULL);
+}
#ifdef IS_PY3K
m = PyModule_Create(&pysssdef);
#else
m = Py_InitModule(discard_const_p(char, "pysss"), module_methods);
#endif
-if (m == NULL)
-MODINITERROR;
+if (m == NULL){
+MODINITERROR(NULL);
+}
Py_INCREF(&pysss_password_type);
PyModule_AddObject(m, discard_const_p(char, "password"), (PyObject *)&pysss_password_type);
diff --git a/src/python/pysss_murmur.c b/src/python/pysss_murmur.c
index 4db773c84a..f20e5cf289 100644
--- a/src/python/pysss_murmur.c
+++ b/src/python/pysss_murmur.c
@@ -91,8 +91,9 @@ initpysss_murmur(void)
m = Py_InitModule3(sss_py_con
[SSSD] [sssd PR#5226][synchronized] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226
Author: ikerexxe
Title: #5226: python/pysss_nss_idmap: check return from functions
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5226/head:pr5226
git checkout pr5226
From fcd18fa046d3e5cc1269fd7e9fa2295665f0df96 Mon Sep 17 00:00:00 2001
From: ikerexxe
Date: Wed, 9 Sep 2020 09:59:32 +0200
Subject: [PATCH 1/4] util/sss_python: change MODINITERROR to dereference
module
Change MODINITERROR macro to dereference module when PyModule_*
interfaces report some type of failure.
---
src/python/pyhbac.c | 64 +++-
src/python/pysss.c | 10 +++---
src/python/pysss_murmur.c| 5 +--
src/python/pysss_nss_idmap.c | 5 +--
src/util/sss_python.h| 27 +++
5 files changed, 80 insertions(+), 31 deletions(-)
diff --git a/src/python/pyhbac.c b/src/python/pyhbac.c
index 99d9bb0451..9ee016b402 100644
--- a/src/python/pyhbac.c
+++ b/src/python/pyhbac.c
@@ -1940,7 +1940,9 @@ initpyhbac(void)
m = Py_InitModule(sss_py_const_p(char, PYTHON_MODULE_NAME),
pyhbac_module_methods);
#endif
-if (m == NULL) MODINITERROR;
+if (m == NULL) {
+MODINITERROR(NULL);
+}
/* The HBAC module exception */
PyExc_HbacError = sss_exception_with_doc(
@@ -1948,43 +1950,73 @@ initpyhbac(void)
PyExc_EnvironmentError, NULL);
Py_INCREF(PyExc_HbacError);
ret = PyModule_AddObject(m, sss_py_const_p(char, "HbacError"), PyExc_HbacError);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
/* HBAC rule categories */
ret = PyModule_AddIntMacro(m, HBAC_CATEGORY_NULL);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_CATEGORY_ALL);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
/* HBAC rule elements */
ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_USERS);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_SERVICES);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_TARGETHOSTS);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_SOURCEHOSTS);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
/* enum hbac_eval_result */
ret = PyModule_AddIntMacro(m, HBAC_EVAL_ALLOW);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_EVAL_DENY);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_EVAL_ERROR);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
/* enum hbac_error_code */
ret = PyModule_AddIntMacro(m, HBAC_ERROR_UNKNOWN);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_SUCCESS);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_ERROR_NOT_IMPLEMENTED);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_ERROR_OUT_OF_MEMORY);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_ERROR_UNPARSEABLE_RULE);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
TYPE_READY(m, pyhbac_hbacrule_type, "HbacRule");
TYPE_READY(m, pyhbac_hbacrule_element_type, "HbacRuleElement");
diff --git a/src/python/pysss.c b/src/python/pysss.c
index 4a0aca0666..1e80975a6f 100644
--- a/src/python/pysss.c
+++ b/src/python/pysss.c
@@ -333,16 +333,18 @@ initpysss(void)
{
PyObject *m;
-if (PyType_Ready(&pysss_password_type) < 0)
-MODINITERROR;
+if (PyType_Ready(&pysss_password_type) < 0) {
+MODINITERROR(NULL);
+}
#ifdef IS_PY3K
m = PyModule_Create(&pysssdef);
#else
m = Py_InitModule(discard_const_p(char, "pysss"), module_methods);
#endif
-if (m == NULL)
-MODINITERROR;
+if (m == NULL){
+MODINITERROR(NULL);
+}
Py_INCREF(&pysss_password_type);
PyModule_AddObject(m, discard_const_p(char, "password"), (PyObject *)&pysss_password_type);
diff --git a/src/python/pysss_murmur.c b/src/python/pysss_murmur.c
index 4db773c84a..f20e5cf289 100644
--- a/src/python/pysss_murmur.c
+++ b/src/python/pysss_murmur.c
@@ -91,8 +91,9 @@ initpysss_murmur(void)
m = Py_InitModule3(sss_py_con
[SSSD] [sssd PR#5226][reopened] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Author: ikerexxe Title: #5226: python/pysss_nss_idmap: check return from functions Action: reopened To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5226/head:pr5226 git checkout pr5226 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][closed] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Author: ikerexxe Title: #5226: python/pysss_nss_idmap: check return from functions Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5226/head:pr5226 git checkout pr5226 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][comment] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Title: #5226: python/pysss_nss_idmap: check return from functions alexey-tikhonov commented: """ Thank you for the updated version. Please see a couple of comments inline. """ See the full comment at https://github.com/SSSD/sssd/pull/5226#issuecomment-693396748 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][+Waiting for review] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Title: #5226: python/pysss_nss_idmap: check return from functions Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][-Changes requested] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226 Title: #5226: python/pysss_nss_idmap: check return from functions Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5317][-Waiting for review] CLIENT:PAM: fixed missed return check
URL: https://github.com/SSSD/sssd/pull/5317 Title: #5317: CLIENT:PAM: fixed missed return check Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5317][+Accepted] CLIENT:PAM: fixed missed return check
URL: https://github.com/SSSD/sssd/pull/5317 Title: #5317: CLIENT:PAM: fixed missed return check Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5317][comment] CLIENT:PAM: fixed missed return check
URL: https://github.com/SSSD/sssd/pull/5317 Title: #5317: CLIENT:PAM: fixed missed return check ikerexxe commented: """ LGTM """ See the full comment at https://github.com/SSSD/sssd/pull/5317#issuecomment-693335763 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5317][+Waiting for review] CLIENT:PAM: fixed missed return check
URL: https://github.com/SSSD/sssd/pull/5317 Title: #5317: CLIENT:PAM: fixed missed return check Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5226][synchronized] python/pysss_nss_idmap: check return from functions
URL: https://github.com/SSSD/sssd/pull/5226
Author: ikerexxe
Title: #5226: python/pysss_nss_idmap: check return from functions
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5226/head:pr5226
git checkout pr5226
From 4773a515b102fa371ff025ec42ee2ecbcc10df4a Mon Sep 17 00:00:00 2001
From: ikerexxe
Date: Wed, 9 Sep 2020 09:59:32 +0200
Subject: [PATCH 1/4] util/sss_python: change MODINITERROR to dereference
module
Change MODINITERROR macro to dereference module when PyModule_*
interfaces report some type of failure.
---
src/python/pyhbac.c | 64 +++-
src/python/pysss.c | 10 +++---
src/python/pysss_murmur.c| 5 +--
src/python/pysss_nss_idmap.c | 5 +--
src/util/sss_python.h| 25 ++
5 files changed, 78 insertions(+), 31 deletions(-)
diff --git a/src/python/pyhbac.c b/src/python/pyhbac.c
index 99d9bb0451..9ee016b402 100644
--- a/src/python/pyhbac.c
+++ b/src/python/pyhbac.c
@@ -1940,7 +1940,9 @@ initpyhbac(void)
m = Py_InitModule(sss_py_const_p(char, PYTHON_MODULE_NAME),
pyhbac_module_methods);
#endif
-if (m == NULL) MODINITERROR;
+if (m == NULL) {
+MODINITERROR(NULL);
+}
/* The HBAC module exception */
PyExc_HbacError = sss_exception_with_doc(
@@ -1948,43 +1950,73 @@ initpyhbac(void)
PyExc_EnvironmentError, NULL);
Py_INCREF(PyExc_HbacError);
ret = PyModule_AddObject(m, sss_py_const_p(char, "HbacError"), PyExc_HbacError);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
/* HBAC rule categories */
ret = PyModule_AddIntMacro(m, HBAC_CATEGORY_NULL);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_CATEGORY_ALL);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
/* HBAC rule elements */
ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_USERS);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_SERVICES);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_TARGETHOSTS);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_SOURCEHOSTS);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
/* enum hbac_eval_result */
ret = PyModule_AddIntMacro(m, HBAC_EVAL_ALLOW);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_EVAL_DENY);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_EVAL_ERROR);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
/* enum hbac_error_code */
ret = PyModule_AddIntMacro(m, HBAC_ERROR_UNKNOWN);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_SUCCESS);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_ERROR_NOT_IMPLEMENTED);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_ERROR_OUT_OF_MEMORY);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
ret = PyModule_AddIntMacro(m, HBAC_ERROR_UNPARSEABLE_RULE);
-if (ret == -1) MODINITERROR;
+if (ret == -1) {
+MODINITERROR(m);
+}
TYPE_READY(m, pyhbac_hbacrule_type, "HbacRule");
TYPE_READY(m, pyhbac_hbacrule_element_type, "HbacRuleElement");
diff --git a/src/python/pysss.c b/src/python/pysss.c
index 4a0aca0666..1e80975a6f 100644
--- a/src/python/pysss.c
+++ b/src/python/pysss.c
@@ -333,16 +333,18 @@ initpysss(void)
{
PyObject *m;
-if (PyType_Ready(&pysss_password_type) < 0)
-MODINITERROR;
+if (PyType_Ready(&pysss_password_type) < 0) {
+MODINITERROR(NULL);
+}
#ifdef IS_PY3K
m = PyModule_Create(&pysssdef);
#else
m = Py_InitModule(discard_const_p(char, "pysss"), module_methods);
#endif
-if (m == NULL)
-MODINITERROR;
+if (m == NULL){
+MODINITERROR(NULL);
+}
Py_INCREF(&pysss_password_type);
PyModule_AddObject(m, discard_const_p(char, "password"), (PyObject *)&pysss_password_type);
diff --git a/src/python/pysss_murmur.c b/src/python/pysss_murmur.c
index 4db773c84a..f20e5cf289 100644
--- a/src/python/pysss_murmur.c
+++ b/src/python/pysss_murmur.c
@@ -91,8 +91,9 @@ initpysss_murmur(void)
m = Py_InitModule3(sss_py_cons
[SSSD] [sssd PR#5252][-Changes requested] Add offline_timeout_max option to control offline interval backoff
URL: https://github.com/SSSD/sssd/pull/5252 Title: #5252: Add offline_timeout_max option to control offline interval backoff Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5252][+Waiting for review] Add offline_timeout_max option to control offline interval backoff
URL: https://github.com/SSSD/sssd/pull/5252 Title: #5252: Add offline_timeout_max option to control offline interval backoff Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#5317][opened] CLIENT:PAM: fixed missed return check
URL: https://github.com/SSSD/sssd/pull/5317
Author: alexey-tikhonov
Title: #5317: CLIENT:PAM: fixed missed return check
Action: opened
PR body:
"""
Return code of `prompt_2fa()` wasn't checked and
thus its fail wasn't properly processed.
Spotted with a help of following warning:
```
Error: CLANG_WARNING:
sssd-2.3.2/src/sss_client/pam_sss.c:2355:21: warning: Value stored to 'ret' is
never read
#ret = prompt_2fa(pamh, pi, _("First Factor (Current
Password): "),
#^
```
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5317/head:pr5317
git checkout pr5317
From e402bd9df32ce2711fe2dd1f13e30c372a5f9f2d Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov
Date: Wed, 16 Sep 2020 09:56:49 +0200
Subject: [PATCH] CLIENT:PAM: fixed missed return check
Return code of `prompt_2fa()` wasn't checked and
thus its fail wasn't properly processed.
Spotted with a help of following warning:
```
Error: CLANG_WARNING:
sssd-2.3.2/src/sss_client/pam_sss.c:2355:21: warning: Value stored to 'ret' is never read
#ret = prompt_2fa(pamh, pi, _("First Factor (Current Password): "),
#^
```
---
src/sss_client/pam_sss.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
index 6a3ba2f505..b844d257e1 100644
--- a/src/sss_client/pam_sss.c
+++ b/src/sss_client/pam_sss.c
@@ -2357,10 +2357,10 @@ static int get_authtok_for_password_change(pam_handle_t *pamh,
}
} else {
ret = prompt_password(pamh, pi, _("Current Password: "));
-if (ret != PAM_SUCCESS) {
-D(("failed to get password from user"));
-return ret;
-}
+}
+if (ret != PAM_SUCCESS) {
+D(("failed to get credentials from user"));
+return ret;
}
ret = pam_set_item(pamh, PAM_OLDAUTHTOK, pi->pam_authtok);
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
