On 07/08/2016 12:07 PM, Lukas Slebodnik wrote:
On (08/07/16 12:03), Michal Židek wrote:
Hi,
attached is patch for ticket
https://fedorahosted.org/sssd/ticket/3068
The ticket also talks about allowing options
for negative cache timeouts in all responders,
but I did not do that.
We do indeed initialize negative cache in all
responders, but we always read the timeouts
from NSS section. Also in the man pages, we only
document these options for NSS. So it is not
problem with the schema. I do agree that this is
not ideal, but should we fix it? I do not
think it is worth the time, but if someone thinks
otherwise, please open a ticket.
Michal
From 2c41d136c7d43ad089510cc9fb3ae5e870400791 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com>
Date: Fri, 8 Jul 2016 11:32:50 +0200
Subject: [PATCH] config: Some fixes to schema
Fixes:
https://fedorahosted.org/sssd/ticket/3068
Option "timeout" must be allowed for all
responders.
Option "user_attributes" is
also available in NSS responder.
Option override_space is read from monitor
section, not NSS.
---
src/config/cfg_rules.ini | 10 +++++++++-
This file was created from files in src/config/etc/
Therefore there are missing options in some sections.
Please update these files as well because we still cannot autogenerate them.
LS
Thanks for noticing this.
New patch attached.
Michal
>From 66419775a94768efe8c98ce6e8bbfa4743107eae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com>
Date: Fri, 8 Jul 2016 11:32:50 +0200
Subject: [PATCH] config: Some fixes to schema
Fixes:
https://fedorahosted.org/sssd/ticket/3068
Option "timeout" must be allowed for all
responders.
Option "user_attributes" is
also available in NSS responder.
Option override_space is read from monitor
section, not NSS.
---
src/config/cfg_rules.ini | 10 +++++++++-
src/config/etc/sssd.api.conf | 10 +++++++++-
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index d738ddf..6e8258e 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -38,6 +38,7 @@ option = krb5_rcache_dir
option = user
option = default_domain_suffix
option = certificate_verification
+option = override_space
[rule/allowed_nss_options]
validator = ini_allowed_options
@@ -57,6 +58,8 @@ option = description
option = diag_cmd
# Name service
+option = timeout
+option = user_attributes
option = enum_cache_timeout
option = entry_cache_nowait_percentage
option = entry_negative_timeout
@@ -75,7 +78,6 @@ option = shell_fallback
option = default_shell
option = get_domains_timeout
option = memcache_timeout
-option = override_space
[rule/allowed_pam_options]
validator = ini_allowed_options
@@ -95,6 +97,7 @@ option = description
option = diag_cmd
# Authentication service
+option = timeout
option = offline_credentials_expiration
option = offline_failed_login_attempts
option = offline_failed_login_delay
@@ -128,6 +131,7 @@ option = description
option = diag_cmd
# sudo service
+option = timeout
option = sudo_timed
option = sudo_inverse_order
@@ -149,6 +153,7 @@ option = description
option = diag_cmd
# autofs service
+option = timeout
option = autofs_negative_timeout
[rule/allowed_ssh_options]
@@ -169,6 +174,7 @@ option = description
option = diag_cmd
# ssh service
+option = timeout
option = ssh_hash_known_hosts
option = ssh_known_hosts_timeout
option = ca_db
@@ -191,6 +197,7 @@ option = description
option = diag_cmd
# PAC responder
+option = timeout
option = allowed_uids
option = user_attributes
option = pac_lifetime
@@ -213,6 +220,7 @@ option = description
option = diag_cmd
# InfoPipe responder
+option = timeout
option = allowed_uids
option = user_attributes
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 9114659..03e5a72 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -28,9 +28,12 @@ krb5_rcache_dir = str, None, false
user = str, None, false
default_domain_suffix = str, None, false
certificate_verification = str, None, false
+override_space = str, None, false
[nss]
# Name service
+timeout = int, None, false
+user_attributes = str, None, false
enum_cache_timeout = int, None, false
entry_cache_nowait_percentage = int, None, false
entry_negative_timeout = int, None, false
@@ -49,10 +52,10 @@ shell_fallback = str, None, false
default_shell = str, None, false
get_domains_timeout = int, None, false
memcache_timeout = int, None, false
-override_space = str, None, false
[pam]
# Authentication service
+timeout = int, None, false
offline_credentials_expiration = int, None, false
offline_failed_login_attempts = int, None, false
offline_failed_login_delay = int, None, false
@@ -70,27 +73,32 @@ p11_child_timeout = int, None, false
[sudo]
# sudo service
+timeout = int, None, false
sudo_timed = bool, None, false
sudo_inverse_order = bool, None, false
[autofs]
# autofs service
+timeout = int, None, false
autofs_negative_timeout = int, None, false
[ssh]
# ssh service
+timeout = int, None, false
ssh_hash_known_hosts = bool, None, false
ssh_known_hosts_timeout = int, None, false
ca_db = str, None, false
[pac]
# PAC responder
+timeout = int, None, false
allowed_uids = str, None, false
user_attributes = str, None, false
pac_lifetime = int, None, false
[ifp]
# InfoPipe responder
+timeout = int, None, false
allowed_uids = str, None, false
user_attributes = str, None, false
--
2.5.0
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
