[SSSD] [sssd PR#5834][synchronized] Translations update from Weblate
URL: https://github.com/SSSD/sssd/pull/5834 Author: weblate Title: #5834: Translations update from Weblate Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5834/head:pr5834 git checkout pr5834 From b1de6650513fd7d1bf82e0969e7e3543ef8f858a Mon Sep 17 00:00:00 2001 From: Weblate Date: Wed, 20 Oct 2021 05:21:45 +0200 Subject: [PATCH] po: update translations (Korean) currently translated at 12.4% (326 of 2615 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/ po: update translations (Ukrainian) currently translated at 100.0% (2621 of 2621 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/ po: update translations (Ukrainian) currently translated at 100.0% (617 of 617 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/ po: update translations (Polish) currently translated at 100.0% (617 of 617 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/ Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ --- po/bg.po | 2 - po/ca.po | 16 po/cs.po | 16 po/de.po | 16 po/es.po | 16 po/eu.po | 2 - po/fr.po | 16 po/ja.po | 16 po/nl.po | 16 po/pl.po | 31 po/ru.po | 16 po/sv.po | 16 po/uk.po | 31 po/zh_CN.po | 16 src/man/po/ko.po | 34 + src/man/po/uk.po | 96 +++- 16 files changed, 61 insertions(+), 295 deletions(-) diff --git a/po/bg.po b/po/bg.po index a99683ff65..2c284a01ee 100644 --- a/po/bg.po +++ b/po/bg.po @@ -2810,11 +2810,9 @@ msgstr "" #~ msgid "The selected GID is outside the allowed range\n" #~ msgstr "Зададеният GID е извън позволения обхват\n" -#, c-format #~ msgid "Group %1$s is outside the defined ID range for domain\n" #~ msgstr "Група %1$s е извън дефинирания ID обхват за домейн\n" -#, c-format #~ msgid "User %1$s is outside the defined ID range for domain\n" #~ msgstr "Потребител %1$s е извън дефинирания ID обхват за домейн\n" diff --git a/po/ca.po b/po/ca.po index c37a0e1b97..cf8339a5b6 100644 --- a/po/ca.po +++ b/po/ca.po @@ -2898,7 +2898,6 @@ msgstr "" #~ msgid "Groups must be in the same domain as user\n" #~ msgstr "Els grups han d'estar al mateix domini que l'usuari\n" -#, c-format #~ msgid "Cannot find group %1$s in local domain\n" #~ msgstr "No es pot trobar el grup %1$s al domini local\n" @@ -2920,11 +2919,9 @@ msgstr "" #~ "El directori inicial de l'usuari ja existeix, no es copiaran les dades " #~ "del directori esquemàtic\n" -#, c-format #~ msgid "Cannot create user's home directory: %1$s\n" #~ msgstr "No es pot crear el directori inicial de l'usuari: %1$s\n" -#, c-format #~ msgid "Cannot create user's mail spool: %1$s\n" #~ msgstr "No es pot crear la gestió de cues del correu de l'usuari: %1$s\n" @@ -2960,11 +2957,9 @@ msgstr "" #~ msgid "Specify group to delete\n" #~ msgstr "Especifiqueu el grup a eliminar\n" -#, c-format #~ msgid "Group %1$s is outside the defined ID range for domain\n" #~ msgstr "El grup %1$s està fora de l'interval d'id. definit pel domini\n" -#, c-format #~ msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" #~ msgstr "" #~ "Ha fallat la sol·licitud NSS (%1$d). L'entrada podria romandre en la " @@ -3002,7 +2997,6 @@ msgstr "" #~ msgid "Member groups must be in the same domain as parent group\n" #~ msgstr "Els grups membres han d'estar al mateix domini com a grup primari\n" -#, c-format #~ msgid "" #~ "Cannot find group %1$s in local domain, only groups in local domain are " #~ "allowed\n" @@ -3027,19 +3021,15 @@ msgstr "" #~ msgid "Magic Private " #~ msgstr "Privat màgic " -#, c-format #~ msgid "%1$s%2$sGroup: %3$s\n" #~ msgstr "%1$s%2$sGrup: %3$s\n" -#, c-format #~ msgid "%1$sGID number: %2$d\n" #~ msgstr "%1$sNúmero GID: %2$d\n" -#, c-format #~ msgid "%1$sMember users: " #~ msgstr "%1$sUsuaris membre: " -#, c-format #~ msgid "" #~ "\n" #~ "%1$sIs a member of: " @@ -3047,7 +3037,6 @@ msgstr "" #~ "\n" #~ "%1$sÉs un membre de: " -#, c-format #~ msgid "" #~ "\n" #~ "%1$sMember groups: " @@ -3086,14 +3075,12 @@ msgstr "" #~ msgid "Specify user to delete\n" #~ msgstr "Especifica l'usuari a eliminar\n" -#, c-format #~ msgid "User %1$s is outside the defined ID range for domain\n" #~ msgstr "L'usuari %1$s està fora de l'interval d'id. pel domini\n" #~ msgid "Cannot res
[SSSD] [sssd PR#5829][comment] DP: Resolve intermediate groups prior to SR overlay
URL: https://github.com/SSSD/sssd/pull/5829 Title: #5829: DP: Resolve intermediate groups prior to SR overlay justin-stephenson commented: """ Ready for review, intg test issues fixed. """ See the full comment at https://github.com/SSSD/sssd/pull/5829#issuecomment-947205783 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5829][comment] DP: Resolve intermediate groups prior to SR overlay
URL: https://github.com/SSSD/sssd/pull/5829 Title: #5829: DP: Resolve intermediate groups prior to SR overlay justin-stephenson commented: """ Ready for review, intg issues fixed. """ See the full comment at https://github.com/SSSD/sssd/pull/5829#issuecomment-947205783 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5829][+Waiting for review] DP: Resolve intermediate groups prior to SR overlay
URL: https://github.com/SSSD/sssd/pull/5829 Title: #5829: DP: Resolve intermediate groups prior to SR overlay Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5784][+Changes requested] proxy: allow removing group members
URL: https://github.com/SSSD/sssd/pull/5784 Title: #5784: proxy: allow removing group members Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5784][-Waiting for review] proxy: allow removing group members
URL: https://github.com/SSSD/sssd/pull/5784 Title: #5784: proxy: allow removing group members Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5829][synchronized] DP: Resolve intermediate groups prior to SR overlay
URL: https://github.com/SSSD/sssd/pull/5829
Author: justin-stephenson
Title: #5829: DP: Resolve intermediate groups prior to SR overlay
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5829/head:pr5829
git checkout pr5829
From 0ba3e5f58102ade0d976f44bdab28b66d1aa60ae Mon Sep 17 00:00:00 2001
From: Justin Stephenson
Date: Thu, 7 Oct 2021 00:37:25 +
Subject: [PATCH] DP: Resolve intermediate groups prior to SR overlay
SSSD SR exclude_groups checking can fail when only intermediate
groups are fetched during the login process. Add a step to
resolve these groups during Initgroups processing to ensure
the exclude groups check matches against the group name correctly.
This logic exists already similarly in the simple access provider.
---
src/providers/data_provider/dp_target_id.c | 257 -
1 file changed, 251 insertions(+), 6 deletions(-)
diff --git a/src/providers/data_provider/dp_target_id.c b/src/providers/data_provider/dp_target_id.c
index a71cdf65c6..ea660ae8ae 100644
--- a/src/providers/data_provider/dp_target_id.c
+++ b/src/providers/data_provider/dp_target_id.c
@@ -448,10 +448,229 @@ static void dp_req_initgr_pp_set_initgr_timestamp(struct dp_initgr_ctx *ctx,
}
}
+
+struct dp_sr_resolve_groups_state {
+struct data_provider *provider;
+struct dp_initgr_ctx *initgroups_ctx;
+struct dp_reply_std reply;
+
+uint32_t *resolve_gids; /* Groups needing resolution */
+int resolve_gnum;
+int num_iter;
+uint32_t gnum;
+};
+
+static errno_t dp_sr_resolve_groups_check(struct dp_sr_resolve_groups_state *state);
+static errno_t dp_sr_resolve_groups_next(struct tevent_req *req);
+static void dp_sr_resolve_groups_done(struct tevent_req *subreq);
+
+struct tevent_req *
+dp_sr_resolve_groups_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct dp_reply_std reply,
+ struct data_provider *provider,
+ struct dp_initgr_ctx *initgr_ctx)
+{
+
+struct dp_sr_resolve_groups_state *state;
+struct tevent_req *req;
+int ret;
+
+req = tevent_req_create(mem_ctx, &state, struct dp_sr_resolve_groups_state);
+if (req == NULL) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n");
+return NULL;
+}
+
+if (initgr_ctx->username == NULL) {
+ret = EOK;
+goto done;
+}
+
+ state->provider = provider;
+ state->initgroups_ctx = initgr_ctx;
+ state->reply = reply;
+ state->gnum = initgr_ctx->gnum;
+
+/* Check if group is intermediate(has gidNumber and isPosix == False) */
+state->resolve_gids = talloc_zero_array(state, uint32_t, initgr_ctx->gnum + 1);
+if (state->resolve_gids == NULL) {
+ret = ENOMEM;
+goto done;
+}
+
+ret = dp_sr_resolve_groups_check(state);
+if (ret != EOK) {
+DEBUG(SSSDBG_OP_FAILURE, "Failed checking groups to resolve\n");
+goto done;
+}
+
+ state->num_iter = 0;
+ ret = dp_sr_resolve_groups_next(req);
+ if (ret == EAGAIN) {
+/* async processing */
+return req;
+ }
+
+done:
+if (ret == EOK) {
+tevent_req_done(req);
+} else {
+tevent_req_error(req, ret);
+}
+tevent_req_post(req, ev);
+
+return req;
+}
+
+static errno_t dp_sr_resolve_groups_next(struct tevent_req *req)
+{
+struct dp_sr_resolve_groups_state *state;
+struct tevent_req *subreq;
+struct dp_id_data *ar;
+uint32_t gid;
+
+state = tevent_req_data(req, struct dp_sr_resolve_groups_state);
+
+if (state->num_iter >= state->resolve_gnum) {
+return EOK;
+}
+
+gid = state->resolve_gids[state->num_iter];
+
+ar = talloc(state, struct dp_id_data);
+if (!ar) {
+return ENOMEM;
+}
+
+ar->entry_type = BE_REQ_GROUP;
+ar->filter_type = BE_FILTER_IDNUM;
+ar->filter_value = talloc_asprintf(ar, "%llu", (unsigned long long) gid);
+ar->domain = talloc_strdup(ar, state->initgroups_ctx->domain_info->name);
+if (!ar->domain || !ar->filter_value) {
+return ENOMEM;
+}
+
+subreq = dp_req_send(state, state->provider, ar->domain,
+ "DP Resolve Group", 0, NULL,
+ DPT_ID, DPM_ACCOUNT_HANDLER, 0, ar, NULL);
+ if (!subreq) {
+return ENOMEM;
+ }
+
+tevent_req_set_callback(subreq, dp_sr_resolve_groups_done, req);
+
+state->num_iter++;
+return EAGAIN;
+}
+
+static void dp_sr_resolve_groups_done(struct tevent_req *subreq)
+{
+struct dp_sr_resolve_groups_state *state;
+struct tevent_req *req;
+struct dp_reply_std *reply;
+int ret;
+
+req = tevent_req_callback_data(subreq, struct tevent_req);
+state = tevent_req_data(req, struct dp_sr_resolve_groups_state);
+
+ret = dp_req_recv_ptr(state, subreq, struct dp_reply_std, &reply);
+talloc_free(subreq);
+if (ret != 0) {
+tevent_req_error(req, ret);
+return;
[SSSD] [sssd PR#5829][synchronized] DP: Resolve intermediate groups prior to SR overlay
URL: https://github.com/SSSD/sssd/pull/5829
Author: justin-stephenson
Title: #5829: DP: Resolve intermediate groups prior to SR overlay
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5829/head:pr5829
git checkout pr5829
From 1689ae4f64cdc2ba58042df9d0798f6a85543392 Mon Sep 17 00:00:00 2001
From: Justin Stephenson
Date: Thu, 7 Oct 2021 00:37:25 +
Subject: [PATCH] DP: Resolve intermediate groups prior to SR overlay
SSSD SR exclude_groups checking can fail when only intermediate
groups are fetched during the login process. Add a step to
resolve these groups during Initgroups processing to ensure
the exclude groups check matches against the group name correctly.
This logic exists already similarly in the simple access provider.
---
src/providers/data_provider/dp_target_id.c | 257 -
1 file changed, 250 insertions(+), 7 deletions(-)
diff --git a/src/providers/data_provider/dp_target_id.c b/src/providers/data_provider/dp_target_id.c
index a71cdf65c6..f394e41838 100644
--- a/src/providers/data_provider/dp_target_id.c
+++ b/src/providers/data_provider/dp_target_id.c
@@ -448,10 +448,229 @@ static void dp_req_initgr_pp_set_initgr_timestamp(struct dp_initgr_ctx *ctx,
}
}
+
+struct dp_sr_resolve_groups_state {
+struct data_provider *provider;
+struct dp_initgr_ctx *initgroups_ctx;
+struct dp_reply_std reply;
+
+uint32_t *resolve_gids; /* Groups needing resolution */
+int resolve_gnum;
+int num_iter;
+uint32_t gnum;
+};
+
+static errno_t dp_sr_resolve_groups_check(struct dp_sr_resolve_groups_state *state);
+static errno_t dp_sr_resolve_groups_next(struct tevent_req *req);
+static void dp_sr_resolve_groups_done(struct tevent_req *subreq);
+
+struct tevent_req *
+dp_sr_resolve_groups_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct dp_reply_std reply,
+ struct data_provider *provider,
+ struct dp_initgr_ctx *initgr_ctx)
+{
+
+struct dp_sr_resolve_groups_state *state;
+struct tevent_req *req;
+int ret;
+
+req = tevent_req_create(mem_ctx, &state, struct dp_sr_resolve_groups_state);
+if (req == NULL) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n");
+return NULL;
+}
+
+if (initgr_ctx->username == NULL) {
+ret = EOK;
+goto done;
+}
+
+ state->provider = provider;
+ state->initgroups_ctx = initgr_ctx;
+ state->reply = reply;
+ state->gnum = initgr_ctx->gnum;
+
+/* Check if group is intermediate(has gidNumber and isPosix == False) */
+state->resolve_gids = talloc_zero_array(state, uint32_t, initgr_ctx->gnum + 1);
+if (state->resolve_gids == NULL) {
+ret = ENOMEM;
+goto done;
+}
+
+ret = dp_sr_resolve_groups_check(state);
+if (ret != EOK) {
+DEBUG(SSSDBG_OP_FAILURE, "Failed checking groups to resolve\n");
+goto done;
+}
+
+ state->num_iter = 0;
+ ret = dp_sr_resolve_groups_next(req);
+ if (ret == EAGAIN) {
+/* async processing */
+return req;
+ }
+
+done:
+if (ret == EOK) {
+tevent_req_done(req);
+} else {
+tevent_req_error(req, ret);
+}
+tevent_req_post(req, ev);
+
+return req;
+}
+
+static errno_t dp_sr_resolve_groups_next(struct tevent_req *req)
+{
+struct dp_sr_resolve_groups_state *state;
+struct tevent_req *subreq;
+struct dp_id_data *ar;
+uint32_t gid;
+
+state = tevent_req_data(req, struct dp_sr_resolve_groups_state);
+
+if (state->num_iter >= state->resolve_gnum) {
+return EOK;
+}
+
+gid = state->resolve_gids[state->num_iter];
+
+ar = talloc(state, struct dp_id_data);
+if (!ar) {
+return ENOMEM;
+}
+
+ar->entry_type = BE_REQ_GROUP;
+ar->filter_type = BE_FILTER_IDNUM;
+ar->filter_value = talloc_asprintf(ar, "%llu", (unsigned long long) gid);
+ar->domain = talloc_strdup(ar, state->initgroups_ctx->domain_info->name);
+if (!ar->domain || !ar->filter_value) {
+return ENOMEM;
+}
+
+subreq = dp_req_send(state, state->provider, ar->domain,
+ "DP Resolve Group", 0, NULL,
+ DPT_ID, DPM_ACCOUNT_HANDLER, 0, ar, NULL);
+ if (!subreq) {
+return ENOMEM;
+ }
+
+tevent_req_set_callback(subreq, dp_sr_resolve_groups_done, req);
+
+state->num_iter++;
+return EAGAIN;
+}
+
+static void dp_sr_resolve_groups_done(struct tevent_req *subreq)
+{
+struct dp_sr_resolve_groups_state *state;
+struct tevent_req *req;
+struct dp_reply_std *reply;
+int ret;
+
+req = tevent_req_callback_data(subreq, struct tevent_req);
+state = tevent_req_data(req, struct dp_sr_resolve_groups_state);
+
+ret = dp_req_recv_ptr(state, subreq, struct dp_reply_std, &reply);
+talloc_free(subreq);
+if (ret != 0) {
+tevent_req_error(req, ret);
+return;
[SSSD] [sssd PR#5829][synchronized] DP: Resolve intermediate groups prior to SR overlay
URL: https://github.com/SSSD/sssd/pull/5829
Author: justin-stephenson
Title: #5829: DP: Resolve intermediate groups prior to SR overlay
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5829/head:pr5829
git checkout pr5829
From 345d24a3fbc98b8f2a6ab6701a448208d3897872 Mon Sep 17 00:00:00 2001
From: Justin Stephenson
Date: Thu, 7 Oct 2021 00:37:25 +
Subject: [PATCH] DP: Resolve intermediate groups prior to SR overlay
SSSD SR exclude_groups checking can fail when only intermediate
groups are fetched during the login process. Add a step to
resolve these groups during Initgroups processing to ensure
the exclude groups check matches against the group name correctly.
This logic exists already similarly in the simple access provider.
---
src/providers/data_provider/dp_target_id.c | 259 -
1 file changed, 252 insertions(+), 7 deletions(-)
diff --git a/src/providers/data_provider/dp_target_id.c b/src/providers/data_provider/dp_target_id.c
index a71cdf65c6..6a4bd34578 100644
--- a/src/providers/data_provider/dp_target_id.c
+++ b/src/providers/data_provider/dp_target_id.c
@@ -448,10 +448,231 @@ static void dp_req_initgr_pp_set_initgr_timestamp(struct dp_initgr_ctx *ctx,
}
}
+
+struct dp_sr_resolve_groups_state {
+struct data_provider *provider;
+struct dp_initgr_ctx *initgroups_ctx;
+struct dp_reply_std reply;
+
+uint32_t *resolve_gids; /* Groups needing resolution */
+int resolve_gnum;
+int num_iter;
+uint32_t gnum;
+};
+
+static errno_t dp_sr_resolve_groups_check(struct dp_sr_resolve_groups_state *state,
+ struct dp_initgr_ctx *initgr_ctx);
+static errno_t dp_sr_resolve_groups_next(struct tevent_req *req);
+static void dp_sr_resolve_groups_done(struct tevent_req *subreq);
+
+struct tevent_req *
+dp_sr_resolve_groups_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct dp_reply_std reply,
+ struct data_provider *provider,
+ struct dp_initgr_ctx *initgr_ctx)
+{
+
+struct dp_sr_resolve_groups_state *state;
+struct tevent_req *req;
+int ret;
+
+req = tevent_req_create(mem_ctx, &state, struct dp_sr_resolve_groups_state);
+if (req == NULL) {
+DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n");
+return NULL;
+}
+
+if (initgr_ctx->username == NULL) {
+ret = EOK;
+goto done;
+}
+
+ state->provider = provider;
+ state->initgroups_ctx = initgr_ctx;
+ state->reply = reply;
+ state->gnum = initgr_ctx->gnum;
+
+/* Check if group is intermediate(has gidNumber and isPosix == False) */
+state->resolve_gids = talloc_zero_array(state, uint32_t, initgr_ctx->gnum + 1);
+if (state->resolve_gids == NULL) {
+ret = ENOMEM;
+goto done;
+}
+
+ret = dp_sr_resolve_groups_check(state, initgr_ctx);
+if (ret != EOK) {
+DEBUG(SSSDBG_OP_FAILURE, "Failed checking groups to resolve\n");
+goto done;
+}
+
+ state->num_iter = 0;
+ ret = dp_sr_resolve_groups_next(req);
+ if (ret == EAGAIN) {
+/* async processing */
+return req;
+ }
+
+done:
+if (ret == EOK) {
+tevent_req_done(req);
+} else {
+tevent_req_error(req, ret);
+}
+tevent_req_post(req, ev);
+
+return req;
+}
+
+static errno_t dp_sr_resolve_groups_next(struct tevent_req *req)
+{
+struct dp_sr_resolve_groups_state *state;
+struct tevent_req *subreq;
+struct dp_id_data *ar;
+uint32_t gid;
+
+state = tevent_req_data(req, struct dp_sr_resolve_groups_state);
+
+if (state->num_iter >= state->resolve_gnum) {
+return EOK;
+}
+
+gid = state->resolve_gids[state->num_iter];
+
+ar = talloc(state, struct dp_id_data);
+if (!ar) {
+return ENOMEM;
+}
+
+ar->entry_type = BE_REQ_GROUP;
+ar->filter_type = BE_FILTER_IDNUM;
+ar->filter_value = talloc_asprintf(ar, "%llu", (unsigned long long) gid);
+ar->domain = talloc_strdup(ar, state->initgroups_ctx->domain_info->name);
+if (!ar->domain || !ar->filter_value) {
+return ENOMEM;
+}
+
+subreq = dp_req_send(state, state->provider, ar->domain,
+ "DP Resolve Group", 0, NULL,
+ DPT_ID, DPM_ACCOUNT_HANDLER, 0, ar, NULL);
+ if (!subreq) {
+return ENOMEM;
+ }
+
+tevent_req_set_callback(subreq, dp_sr_resolve_groups_done, req);
+
+state->num_iter++;
+return EAGAIN;
+}
+
+static void dp_sr_resolve_groups_done(struct tevent_req *subreq)
+{
+struct dp_sr_resolve_groups_state *state;
+struct tevent_req *req;
+struct dp_reply_std *reply;
+int ret;
+
+req = tevent_req_callback_data(subreq, struct tevent_req);
+state = tevent_req_data(req, struct dp_sr_resolve_groups_state);
+
+ret = dp_req_recv_ptr(state, subreq, struct dp_reply_std, &reply);
+ta
[SSSD] [sssd PR#5834][synchronized] Translations update from Weblate
URL: https://github.com/SSSD/sssd/pull/5834 Author: weblate Title: #5834: Translations update from Weblate Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5834/head:pr5834 git checkout pr5834 From 03cc60f50fd55c97a81d4a9f2cf521ac7d8ce9bc Mon Sep 17 00:00:00 2001 From: Weblate Date: Tue, 19 Oct 2021 16:46:15 +0200 Subject: [PATCH] po: update translations (Polish) currently translated at 100.0% (617 of 617 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/ Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ --- po/bg.po| 2 -- po/ca.po| 16 po/cs.po| 16 po/de.po| 16 po/es.po| 16 po/eu.po| 2 -- po/fr.po| 16 po/ja.po| 16 po/nl.po| 16 po/pl.po| 31 +++ po/ru.po| 16 po/sv.po| 16 po/uk.po| 16 po/zh_CN.po | 16 14 files changed, 7 insertions(+), 204 deletions(-) diff --git a/po/bg.po b/po/bg.po index a99683ff65..2c284a01ee 100644 --- a/po/bg.po +++ b/po/bg.po @@ -2810,11 +2810,9 @@ msgstr "" #~ msgid "The selected GID is outside the allowed range\n" #~ msgstr "Зададеният GID е извън позволения обхват\n" -#, c-format #~ msgid "Group %1$s is outside the defined ID range for domain\n" #~ msgstr "Група %1$s е извън дефинирания ID обхват за домейн\n" -#, c-format #~ msgid "User %1$s is outside the defined ID range for domain\n" #~ msgstr "Потребител %1$s е извън дефинирания ID обхват за домейн\n" diff --git a/po/ca.po b/po/ca.po index c37a0e1b97..cf8339a5b6 100644 --- a/po/ca.po +++ b/po/ca.po @@ -2898,7 +2898,6 @@ msgstr "" #~ msgid "Groups must be in the same domain as user\n" #~ msgstr "Els grups han d'estar al mateix domini que l'usuari\n" -#, c-format #~ msgid "Cannot find group %1$s in local domain\n" #~ msgstr "No es pot trobar el grup %1$s al domini local\n" @@ -2920,11 +2919,9 @@ msgstr "" #~ "El directori inicial de l'usuari ja existeix, no es copiaran les dades " #~ "del directori esquemàtic\n" -#, c-format #~ msgid "Cannot create user's home directory: %1$s\n" #~ msgstr "No es pot crear el directori inicial de l'usuari: %1$s\n" -#, c-format #~ msgid "Cannot create user's mail spool: %1$s\n" #~ msgstr "No es pot crear la gestió de cues del correu de l'usuari: %1$s\n" @@ -2960,11 +2957,9 @@ msgstr "" #~ msgid "Specify group to delete\n" #~ msgstr "Especifiqueu el grup a eliminar\n" -#, c-format #~ msgid "Group %1$s is outside the defined ID range for domain\n" #~ msgstr "El grup %1$s està fora de l'interval d'id. definit pel domini\n" -#, c-format #~ msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" #~ msgstr "" #~ "Ha fallat la sol·licitud NSS (%1$d). L'entrada podria romandre en la " @@ -3002,7 +2997,6 @@ msgstr "" #~ msgid "Member groups must be in the same domain as parent group\n" #~ msgstr "Els grups membres han d'estar al mateix domini com a grup primari\n" -#, c-format #~ msgid "" #~ "Cannot find group %1$s in local domain, only groups in local domain are " #~ "allowed\n" @@ -3027,19 +3021,15 @@ msgstr "" #~ msgid "Magic Private " #~ msgstr "Privat màgic " -#, c-format #~ msgid "%1$s%2$sGroup: %3$s\n" #~ msgstr "%1$s%2$sGrup: %3$s\n" -#, c-format #~ msgid "%1$sGID number: %2$d\n" #~ msgstr "%1$sNúmero GID: %2$d\n" -#, c-format #~ msgid "%1$sMember users: " #~ msgstr "%1$sUsuaris membre: " -#, c-format #~ msgid "" #~ "\n" #~ "%1$sIs a member of: " @@ -3047,7 +3037,6 @@ msgstr "" #~ "\n" #~ "%1$sÉs un membre de: " -#, c-format #~ msgid "" #~ "\n" #~ "%1$sMember groups: " @@ -3086,14 +3075,12 @@ msgstr "" #~ msgid "Specify user to delete\n" #~ msgstr "Especifica l'usuari a eliminar\n" -#, c-format #~ msgid "User %1$s is outside the defined ID range for domain\n" #~ msgstr "L'usuari %1$s està fora de l'interval d'id. pel domini\n" #~ msgid "Cannot reset SELinux login context\n" #~ msgstr "No es pot reiniciar el context d'inici de sessió de SELinux\n" -#, c-format #~ msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" #~ msgstr "" #~ "ATENCIÓ: L'usuari (uid %1$lu) encara estava en la sessió quan es va " @@ -3108,7 +3095,6 @@ msgstr "" #~ msgstr "" #~ "S'ha produït un error en comprovar si l'usuari havia iniciat la sessió\n" -#, c-format #~ msgid "The post-delete command failed: %1$s\n" #~ msgstr "L'ordre post-delete ha fallat: %1$s\n" @@ -3116,7 +3102,6 @@ msgstr "" #~ msgstr "" #~ "No s'ha eliminat el directori inicial - no és propietat de l'usuari\n" -#, c-format #~ msgid "Cannot remove homedir:
[SSSD] [sssd PR#5831][+Waiting for review] Fixes a couple of compilations warnings
URL: https://github.com/SSSD/sssd/pull/5831 Title: #5831: Fixes a couple of compilations warnings Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5831][synchronized] Fixes a couple of compilations warnings
URL: https://github.com/SSSD/sssd/pull/5831
Author: alexey-tikhonov
Title: #5831: Fixes a couple of compilations warnings
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5831/head:pr5831
git checkout pr5831
From 48d4392fa3c55eed05cc864bf6e1cc870fa34fef Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov
Date: Mon, 18 Oct 2021 22:25:31 +0200
Subject: [PATCH 1/2] GPO: fixed compilation warning
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes following compilation warning:
```
../src/providers/ad/ad_gpo.c: In function ‘ad_gpo_access_send’:
../src/util/debug.h:138:5: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
138 | sss_debug_fn(__FILE__, __LINE__, __FUNCTION__, \
| ^~~~
139 | level, \
|
140 | format, ##__VA_ARGS__); \
| ~~
../src/providers/ad/ad_gpo.c:1847:5: note: in expansion of macro ‘DEBUG’
1847 | DEBUG(SSSDBG_TRACE_FUNC, "service %s maps to %s\n", service,
| ^
```
---
src/providers/ad/ad_gpo.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index 219f398491..f3452176af 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -250,7 +250,7 @@ struct gpo_map_option_entry gpo_map_option_entries[] = {
{GPO_MAP_DENY, AD_GPO_MAP_DENY, gpo_map_deny_defaults, NULL, NULL},
};
-const char* gpo_map_type_string(int gpo_map_type)
+static const char* gpo_map_type_string(int gpo_map_type)
{
switch(gpo_map_type) {
case GPO_MAP_INTERACTIVE:return "Interactive";
@@ -261,7 +261,7 @@ const char* gpo_map_type_string(int gpo_map_type)
case GPO_MAP_PERMIT: return "Permitted";
case GPO_MAP_DENY: return "Denied";
}
-return NULL;
+return "-unknown-"; /* this helper is only used in logs */
}
static inline bool
From cca54fd89a4759ad2438572262f9ea2c8cdd Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov
Date: Mon, 18 Oct 2021 22:35:13 +0200
Subject: [PATCH 2/2] KCM: fixed uninitialized value
Fixes following warnings:
```
Error: UNINIT (CWE-457):
sssd-2.6.0/src/responder/kcm/kcmsrv_ccache.c:285: var_decl: Declaring variable "ret" without initializer.
sssd-2.6.0/src/responder/kcm/kcmsrv_ccache.c:323: uninit_use: Using uninitialized value "ret".
# 321| krb5_free_context(kctx);
# 322|
# 323|-> return ret;
# 324| #else
# 325| return EOK;
Error: CLANG_WARNING:
sssd-2.6.0/src/responder/kcm/kcmsrv_ccache.c:323:5: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 321| krb5_free_context(kctx);
# 322|
# 323|-> return ret;
# 324| #else
# 325| return EOK;
```
---
src/responder/kcm/kcmsrv_ccache.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/responder/kcm/kcmsrv_ccache.c b/src/responder/kcm/kcmsrv_ccache.c
index ef174e0a09..b63fc70afa 100644
--- a/src/responder/kcm/kcmsrv_ccache.c
+++ b/src/responder/kcm/kcmsrv_ccache.c
@@ -294,6 +294,7 @@ kcm_cc_remove_duplicates(struct kcm_ccache *cc,
kcrd = kcm_cred_to_krb5(kctx, kcm_crd);
if (kcrd == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "Failed to convert kcm cred to krb5\n");
+ret = ERR_INTERNAL;
goto done;
}
@@ -301,6 +302,7 @@ kcm_cc_remove_duplicates(struct kcm_ccache *cc,
kcrd_cc = kcm_cred_to_krb5(kctx, p);
if (kcrd_cc == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "Failed to convert kcm cred to krb5\n");
+ret = ERR_INTERNAL;
goto done;
}
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5835][-Waiting for review] Tests: Add test for bz1636002.
URL: https://github.com/SSSD/sssd/pull/5835 Title: #5835: Tests: Add test for bz1636002. Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5835][+Waiting for review] Tests: Add test for bz1636002.
URL: https://github.com/SSSD/sssd/pull/5835 Title: #5835: Tests: Add test for bz1636002. Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5835][+Tests] Tests: Add test for bz1636002.
URL: https://github.com/SSSD/sssd/pull/5835 Title: #5835: Tests: Add test for bz1636002. Label: +Tests ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5835][opened] Tests: Add test for bz1636002.
URL: https://github.com/SSSD/sssd/pull/5835
Author: jakub-vavra-cz
Title: #5835: Tests: Add test for bz1636002.
Action: opened
PR body:
"""
Verifies: SSSD-3347
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1636002
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5835/head:pr5835
git checkout pr5835
From 0c001d0f5b7d8d074110736db0231cb5e190d8ab Mon Sep 17 00:00:00 2001
From: Jakub Vavra
Date: Tue, 19 Oct 2021 11:00:41 +0200
Subject: [PATCH] Tests: Add test for bz1636002.
---
src/tests/multihost/alltests/test_misc.py | 93 +++
1 file changed, 93 insertions(+)
diff --git a/src/tests/multihost/alltests/test_misc.py b/src/tests/multihost/alltests/test_misc.py
index 3575799dce..44cb92460d 100644
--- a/src/tests/multihost/alltests/test_misc.py
+++ b/src/tests/multihost/alltests/test_misc.py
@@ -353,3 +353,96 @@ def test_0006_getent_group(self, multihost,
assert "group-2@example1:*:20002:user-2@example1," \
"user-4@example1,user-6@example1," \
"user-8@example1" in cmd.stdout_text
+
+@staticmethod
+@pytest.mark.tier1
+def test_0007_1636002(multihost, backupsssdconf):
+"""
+:title: IDM-SSSD-TC: ldap_provider: socket-activated services start as
+ the sssd user and then are unable to read the confdb
+:id: 7a33729a-ab74-4d9e-9d75-e952deaa7bd2
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1636002
+:customerscenario: true
+:steps:
+1. Run ssh for a .
+2. Switch to socket activated services, restart sssd
+3. Check 'getent passwd output.
+4. Run ssh for a .
+5. Check log for error messages related to opening
+ /var/lib/sss/db/config.ldb
+:expectedresults:
+1. It should succeed.
+2. No issue switching and sssd has started.
+3. It should succeed.
+4. It should succeed.
+5. The error messages are not present.
+:teardown:
+1. Undo socket activation.
+2. Restore sssd.conf
+"""
+client = sssdTools(multihost.client[0])
+client.clear_sssd_cache()
+
+domain_name = client.get_domain_section_name()
+user = f'foo1@{domain_name}'
+
+# Try ssh before socket activation is configured
+ssh_client = pexpect_ssh(multihost.client[0].sys_hostname, user,
+ 'Secret123', debug=False)
+try:
+ssh_client.login(login_timeout=30,
+ sync_multiplier=5, auto_prompt_reset=False)
+except SSHLoginException:
+ssh1_result = False
+else:
+ssh1_result = True
+ssh_client.logout()
+
+# Configure socket activation
+sssd_params = {'services': ''}
+client.sssd_conf('sssd', sssd_params)
+client.clear_sssd_cache()
+enable_cmd = "systemctl enable sssd-nss.socket sssd-pam.socket" \
+ " sssd-pam-priv.socket"
+multihost.client[0].run_command(enable_cmd)
+multihost.client[0].service_sssd('restart')
+
+# Show the sssd config
+multihost.client[0].run_command(
+'cat /etc/sssd/sssd.conf', raiseonerr=False)
+
+# Run getent passwd
+usr_cmd = multihost.client[0].run_command(
+f'getent passwd {user}', raiseonerr=False)
+
+# Try ssh after socket activation is configured
+ssh_client = pexpect_ssh(multihost.client[0].sys_hostname, user,
+ 'Secret123', debug=False)
+try:
+ssh_client.login(login_timeout=30,
+ sync_multiplier=5, auto_prompt_reset=False)
+except SSHLoginException:
+ssh2_result = False
+else:
+ssh2_result = True
+ssh_client.logout()
+
+# Download sssd pam log
+log_str = multihost.client[0].get_file_contents(
+"/var/log/sssd/sssd_pam.log"). \
+decode('utf-8')
+
+# Disable socket activation
+multihost.client[0].run_command(
+"systemctl disable sssd-nss.socket sssd-pam.socket"
+" sssd-pam-priv.socket", raiseonerr=False)
+
+# Evaluate test results
+assert usr_cmd.returncode == 0, f"User {user} was not found."
+assert ssh1_result, "Ssh to {user} did not work before."
+assert ssh2_result, "Ssh to {user} did not work after."
+assert "Unable to open tdb '/var/lib/sss/db/config.ldb': " \
+ "Permission denied" not in log_str
+assert "Failed to connect to '/var/lib/sss/db/config.ldb'" \
+not in log_str
+assert "The confdb initialization failed" not in log_str
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an emai
[SSSD] [sssd PR#5782][comment] CONFDB: Change ownership of config.ldb
URL: https://github.com/SSSD/sssd/pull/5782 Title: #5782: CONFDB: Change ownership of config.ldb thalman commented: """ > Just one last improvement before I accept the changes. updated > By the way, I haven't found why `debian10` is failing. This was CI problem. On the second run it worked. """ See the full comment at https://github.com/SSSD/sssd/pull/5782#issuecomment-946675753 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5782][comment] CONFDB: Change ownership of config.ldb
URL: https://github.com/SSSD/sssd/pull/5782 Title: #5782: CONFDB: Change ownership of config.ldb thalman commented: """ > Just one last improvement before I accept the changes. updated > By the way, I haven't found why `debian10` is failing. This was CI problem. On the second run it worked. """ See the full comment at https://github.com/SSSD/sssd/pull/5782#issuecomment-946675753 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5834][opened] Translations update from Weblate
URL: https://github.com/SSSD/sssd/pull/5834 Author: weblate Title: #5834: Translations update from Weblate Action: opened PR body: """ Translations update from [Weblate](https://translate.fedoraproject.org/projects/sssd/sssd-master/) for SSSD/sssd. Current translation status:  """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5834/head:pr5834 git checkout pr5834 From 1c1771e950283a782b300ff0c78fd99a1a500900 Mon Sep 17 00:00:00 2001 From: Weblate Date: Tue, 19 Oct 2021 14:05:39 +0200 Subject: [PATCH] Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ --- po/bg.po| 2 -- po/ca.po| 16 po/cs.po| 16 po/de.po| 16 po/es.po| 16 po/eu.po| 2 -- po/fr.po| 16 po/ja.po| 16 po/nl.po| 16 po/pl.po| 16 po/ru.po| 16 po/sv.po| 16 po/uk.po| 16 po/zh_CN.po | 16 14 files changed, 196 deletions(-) diff --git a/po/bg.po b/po/bg.po index a99683ff65..2c284a01ee 100644 --- a/po/bg.po +++ b/po/bg.po @@ -2810,11 +2810,9 @@ msgstr "" #~ msgid "The selected GID is outside the allowed range\n" #~ msgstr "Зададеният GID е извън позволения обхват\n" -#, c-format #~ msgid "Group %1$s is outside the defined ID range for domain\n" #~ msgstr "Група %1$s е извън дефинирания ID обхват за домейн\n" -#, c-format #~ msgid "User %1$s is outside the defined ID range for domain\n" #~ msgstr "Потребител %1$s е извън дефинирания ID обхват за домейн\n" diff --git a/po/ca.po b/po/ca.po index c37a0e1b97..cf8339a5b6 100644 --- a/po/ca.po +++ b/po/ca.po @@ -2898,7 +2898,6 @@ msgstr "" #~ msgid "Groups must be in the same domain as user\n" #~ msgstr "Els grups han d'estar al mateix domini que l'usuari\n" -#, c-format #~ msgid "Cannot find group %1$s in local domain\n" #~ msgstr "No es pot trobar el grup %1$s al domini local\n" @@ -2920,11 +2919,9 @@ msgstr "" #~ "El directori inicial de l'usuari ja existeix, no es copiaran les dades " #~ "del directori esquemàtic\n" -#, c-format #~ msgid "Cannot create user's home directory: %1$s\n" #~ msgstr "No es pot crear el directori inicial de l'usuari: %1$s\n" -#, c-format #~ msgid "Cannot create user's mail spool: %1$s\n" #~ msgstr "No es pot crear la gestió de cues del correu de l'usuari: %1$s\n" @@ -2960,11 +2957,9 @@ msgstr "" #~ msgid "Specify group to delete\n" #~ msgstr "Especifiqueu el grup a eliminar\n" -#, c-format #~ msgid "Group %1$s is outside the defined ID range for domain\n" #~ msgstr "El grup %1$s està fora de l'interval d'id. definit pel domini\n" -#, c-format #~ msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" #~ msgstr "" #~ "Ha fallat la sol·licitud NSS (%1$d). L'entrada podria romandre en la " @@ -3002,7 +2997,6 @@ msgstr "" #~ msgid "Member groups must be in the same domain as parent group\n" #~ msgstr "Els grups membres han d'estar al mateix domini com a grup primari\n" -#, c-format #~ msgid "" #~ "Cannot find group %1$s in local domain, only groups in local domain are " #~ "allowed\n" @@ -3027,19 +3021,15 @@ msgstr "" #~ msgid "Magic Private " #~ msgstr "Privat màgic " -#, c-format #~ msgid "%1$s%2$sGroup: %3$s\n" #~ msgstr "%1$s%2$sGrup: %3$s\n" -#, c-format #~ msgid "%1$sGID number: %2$d\n" #~ msgstr "%1$sNúmero GID: %2$d\n" -#, c-format #~ msgid "%1$sMember users: " #~ msgstr "%1$sUsuaris membre: " -#, c-format #~ msgid "" #~ "\n" #~ "%1$sIs a member of: " @@ -3047,7 +3037,6 @@ msgstr "" #~ "\n" #~ "%1$sÉs un membre de: " -#, c-format #~ msgid "" #~ "\n" #~ "%1$sMember groups: " @@ -3086,14 +3075,12 @@ msgstr "" #~ msgid "Specify user to delete\n" #~ msgstr "Especifica l'usuari a eliminar\n" -#, c-format #~ msgid "User %1$s is outside the defined ID range for domain\n" #~ msgstr "L'usuari %1$s està fora de l'interval d'id. pel domini\n" #~ msgid "Cannot reset SELinux login context\n" #~ msgstr "No es pot reiniciar el context d'inici de sessió de SELinux\n" -#, c-format #~ msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" #~ msgstr "" #~ "ATENCIÓ: L'usuari (uid %1$lu) encara estava en la sessió quan es va " @@ -3108,7 +3095,6 @@ msgstr "" #~ msgstr "" #~ "S'ha produït un error en comprovar si l'usuari havia iniciat la sessió\n" -#, c-format #~ msgid "The post-delete command failed: %1$s\n" #~ msgstr "L'ordre post-delete ha fallat: %1$s\n" @@ -3116,7 +3102,6 @@ msgstr "" #~ msgstr "" #~ "No s'ha eliminat el directori inicial - no és propietat de l'usuari
[SSSD] [sssd PR#5833][+Bugzilla] cache_req: return success for autofs when ENOENT is returned from provider
URL: https://github.com/SSSD/sssd/pull/5833 Title: #5833: cache_req: return success for autofs when ENOENT is returned from provider Label: +Bugzilla ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5782][synchronized] CONFDB: Change ownership of config.ldb
URL: https://github.com/SSSD/sssd/pull/5782
Author: thalman
Title: #5782: CONFDB: Change ownership of config.ldb
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5782/head:pr5782
git checkout pr5782
From eb73035b35eade285c61d90c921ebef22e228ae3 Mon Sep 17 00:00:00 2001
From: Tomas Halman
Date: Fri, 15 Oct 2021 11:03:19 +0200
Subject: [PATCH 1/2] CONFDB: Change ownership of config.ldb
Config database is owned by root. This prevents our socket
activated services to start because they are started under
the sssd user. Changing the ownership to sssd fixes the issue.
Resolves: https://github.com/SSSD/sssd/issues/5781
---
src/confdb/confdb.c| 3 +++
src/monitor/monitor.c | 5 -
src/tests/cwrap/group | 1 +
src/tests/cwrap/passwd | 1 +
src/util/usertools.c | 42 ++
src/util/util.h| 3 +++
6 files changed, 54 insertions(+), 1 deletion(-)
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index b7a73d97b3..7a718cc628 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -673,8 +673,11 @@ int confdb_init(TALLOC_CTX *mem_ctx,
}
old_umask = umask(SSS_DFL_UMASK);
+sss_set_sssd_user_eid();
ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL);
+
+sss_restore_sssd_user_eid();
umask(old_umask);
if (ret != LDB_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE, "Unable to open config database [%s]\n",
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index b5fee7e7a7..c7610cb69b 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -1551,6 +1551,8 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx,
errno_t ret;
struct mt_ctx *ctx;
char *cdb_file = NULL;
+uid_t sssd_uid;
+gid_t sssd_gid;
ctx = talloc_zero(mem_ctx, struct mt_ctx);
if(!ctx) {
@@ -1591,7 +1593,8 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx,
/* Allow configuration database to be accessible
* when SSSD runs as nonroot */
-ret = chown(cdb_file, ctx->uid, ctx->gid);
+sss_sssd_user_uid_and_gid(&sssd_uid, &sssd_gid);
+ret = chown(cdb_file, sssd_uid, sssd_gid);
if (ret != 0) {
ret = errno;
DEBUG(SSSDBG_FATAL_FAILURE,
diff --git a/src/tests/cwrap/group b/src/tests/cwrap/group
index d0cea659ea..1a3766e630 100644
--- a/src/tests/cwrap/group
+++ b/src/tests/cwrap/group
@@ -1,2 +1,3 @@
+root:x:0:
sssd:x:123:
foogroup:x:10001:
diff --git a/src/tests/cwrap/passwd b/src/tests/cwrap/passwd
index 862ccfe03e..0511a91bcb 100644
--- a/src/tests/cwrap/passwd
+++ b/src/tests/cwrap/passwd
@@ -1,2 +1,3 @@
+root:x:0:0:root:/root:/bin/bash
sssd:x:123:456:sssd unprivileged user:/:/sbin/nologin
foobar:x:10001:10001:User for SSSD testing:/home/foobar:/bin/bash
diff --git a/src/util/usertools.c b/src/util/usertools.c
index 8c2ed4e2de..6f93a4cef2 100644
--- a/src/util/usertools.c
+++ b/src/util/usertools.c
@@ -835,3 +835,45 @@ int sss_output_fqname(TALLOC_CTX *mem_ctx,
talloc_zfree(tmp_ctx);
return ret;
}
+
+void sss_sssd_user_uid_and_gid(uid_t *_uid, gid_t *_gid)
+{
+uid_t sssd_uid;
+gid_t sssd_gid;
+errno_t ret;
+
+ret = sss_user_by_name_or_uid(SSSD_USER, &sssd_uid, &sssd_gid);
+if (ret != EOK) {
+DEBUG(SSSDBG_CRIT_FAILURE, "failed to get sssd user (" SSSD_USER ") uid/gid, using root\n");
+sssd_uid = 0;
+sssd_gid = 0;
+}
+
+if (_uid != NULL) {
+*_uid = sssd_uid;
+}
+
+if (_gid != NULL) {
+*_gid = sssd_gid;
+}
+}
+
+void sss_set_sssd_user_eid(void)
+{
+uid_t uid;
+gid_t gid;
+
+if (geteuid() == 0) {
+sss_sssd_user_uid_and_gid(&uid, &gid);
+seteuid(uid);
+setegid(gid);
+}
+}
+
+void sss_restore_sssd_user_eid(void)
+{
+if (getuid() == 0) {
+seteuid(getuid());
+setegid(getgid());
+}
+}
diff --git a/src/util/util.h b/src/util/util.h
index e85cd12022..6dfd2540cc 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -383,6 +383,9 @@ errno_t sss_canonicalize_ip_address(TALLOC_CTX *mem_ctx,
const char * const * get_known_services(void);
errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid);
+void sss_sssd_user_uid_and_gid(uid_t *_uid, gid_t *_gid);
+void sss_set_sssd_user_eid(void);
+void sss_restore_sssd_user_eid(void);
int split_on_separator(TALLOC_CTX *mem_ctx, const char *str,
const char sep, bool trim, bool skip_empty,
From 9d30b6e991e2d3aee1ba75e89252594096b2c798 Mon Sep 17 00:00:00 2001
From: Tomas Halman
Date: Fri, 15 Oct 2021 11:04:05 +0200
Subject: [PATCH 2/2] CONFDB: Change ownership before dropping privileges
From previous SSSD version, config file can exist and can be
owned by root. To allow smooth transition we can change
the ownership.
This commit can be reverted later.
Resolves: https://github.com/SSSD/sssd/issues/5781
---
src/confdb/confdb.c | 5 +
1 file changed,
[SSSD] [sssd PR#5830][+Tests] Tests: Port the old ns_account_lock.sh script to pytest
URL: https://github.com/SSSD/sssd/pull/5830 Title: #5830: Tests: Port the old ns_account_lock.sh script to pytest Label: +Tests ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
