On Wed, Jul 20, 2016 at 12:24:11PM +0200, Jakub Hrozek wrote:
> On Fri, Jul 15, 2016 at 03:24:15PM +0200, Petr Cech wrote:
> >
> > On 07/12/2016 10:31 AM, Pavel Březina wrote:
> > > On 07/11/2016 05:12 PM, Petr Cech wrote:
> > > >
> > > > On 07/05/2016 08:44 AM, Jakub Hrozek wrote:
> > > > > On Mon, Jun 27, 2016 at 03:37:25PM +0200, Petr Cech wrote:
> > > >
> > > > ...
> > > >
> > > > > > +static errno_t ad_get_enabled_domains(TALLOC_CTX *mem_ctx,
> > > > > > + struct ad_id_ctx *ad_id_ctx,
> > > > > > + const char *ad_domain,
> > > > > > + const char
> > > > > > ***_ad_enabled_domains)
> > > > > > +{
> > > > > > + int ret;
> > > > > > + const char *str;
> > > > > > + const char *option_name;
> > > > > > + char **domains = NULL;
> > > > > > + const char **list = NULL;
> > > > > > + int count;
> > > > > > + bool is_ad_in_domains;
> > > > > > + TALLOC_CTX *tmp_ctx = NULL;
> > > > > > +
> > > > > > + tmp_ctx = talloc_new(NULL);
> > > > > > + if (tmp_ctx == NULL) {
> > > > > > + return ENOMEM;
> > > > > > + }
> > > > > > +
> > > > > > + str = dp_opt_get_cstring(ad_id_ctx->ad_options->basic,
> > > > > > AD_ENABLED_DOMAINS);
> > > > > > + if (str == NULL) {
> > > > > > + _ad_enabled_domains = NULL;
> > > > > > + ret = EOK;
> > > > > > + goto done;
> > > > > > + }
> > > > > > +
> > > > > > + count = 0;
> > > > > > + ret = split_on_separator(tmp_ctx, str, ',', true, true,
> > > > > > &domains, &count);
> > > > > > + if (ret != EOK) {
> > > > > > + option_name =
> > > > > > ad_id_ctx->ad_options->basic[AD_ENABLED_DOMAINS].opt_name;
> > > > > > + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse option [%s],
> > > > > > [%i] [%s]!\n",
> > > > > > + option_name, ret,
> > > > > > sss_strerror(ret));
> > > > > > + ret = EINVAL;
> > > > > > + goto done;
> > > > > > + }
> > > > > > +
> > > > > > + list = talloc_array_size(tmp_ctx, sizeof(char*), count);
> > > > > > + if (list == NULL) {
> > > > > > + ret = ENOMEM;
> > > > > > + goto done;
> > > > > > + }
> > > > > > +
> > > > > > + is_ad_in_domains = false;
> > > > > > + for (int i = 0; i < count; i++) {
> > > > > > + list[i] = talloc_strdup(list, domains[i]);
> > > > >
> > > > > Do we need to duplicate the string here, wouldn't it be enough to
> > > > > steal
> > > > > it?
> > > >
> > > > This is my attempt to satisfy the needs. I am trying to make:
> > > > # const char** from char**
> > > > I would like to return const char** because it is option. But the
> > > > function split_on_separator() expects char**.
> > > >
> > > > Does anybody know better solution?
> > >
> > > You can use discard_const for this case.
> > >
> >
> > Hi list,
> >
> > I pulled master again and it started to work :-)
> >
> > Regards...
>
> I finally tested the patches and they work fine in my setup of two
> domains (root and child domain).
>
> I'll also install and configure a third AD domain to do some more
> testing, but in the meantime, I tested that a user from disabled
> subdomain can't be lookup up and a user who is a member of a group from
> another domain reports correct group membership (the tokengroups code
> stores a range that corresponds to the trusted domain, but not the
> domain, subsequent lookup of that ID "fails" with idmap domain not
> found).
>
> So functional ACK for now, I just need to do more testing with a third
> domain.
OK, the patchset doesn't work with a third domain:
Program received signal SIGSEGV, Segmentation fault.
0x00007f9aac975716 in __strcmp_sse2_unaligned () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install
gssproxy-0.4.1-4.fc23.x86_64
(gdb) bt
#0 0x00007f9aac975716 in __strcmp_sse2_unaligned () from /lib64/libc.so.6
#1 0x00007f9ab0c5c24f in string_in_list (string=0xf22e50
"subdom.win.trust.test",
list=0x7fff84129408, case_sensitive=true) at /sssd/src/util/util.c:712
#2 0x00007f9aa844e5a2 in ad_subdomains_process (mem_ctx=0xf26150,
domain=0xe9c7f0,
enabled_domains_list=0xef76a0, nsd=2, sd=0xf14960, root=0x0,
_nsd_out=0x7fff841294e8,
_sd_out=0x7fff841294e0) at /sssd/src/providers/ad/ad_subdomains.c:538
#3 0x00007f9aa844f272 in ad_get_slave_domain_done (subreq=0x0)
at /sssd/src/providers/ad/ad_subdomains.c:809
#4 0x00007f9aa77142f0 in sdap_search_bases_ex_done (subreq=0x0)
at /sssd/src/providers/ldap/sdap_ops.c:222
#5 0x00007f9aa76d94b5 in sdap_get_generic_done (subreq=0xf22710)
at /sssd/src/providers/ldap/sdap_async.c:1871
#6 0x00007f9aa76d8eff in generic_ext_search_handler (subreq=0x0, opts=0xee9690)
at /sssd/src/providers/ldap/sdap_async.c:1688
#7 0x00007f9aa76d925d in sdap_get_and_parse_generic_done (subreq=0xf23cc0)
at /sssd/src/providers/ldap/sdap_async.c:1796
#8 0x00007f9aa76d89d2 in sdap_get_generic_op_finished (op=0xf24b00,
reply=0xf14960, error=0,
pvt=0xf23cc0) at /sssd/src/providers/ldap/sdap_async.c:1578
#9 0x00007f9aa76d4c34 in sdap_process_message (ev=0xe7bc60, sh=0xf11710,
msg=0xf25c10)
at /sssd/src/providers/ldap/sdap_async.c:353
#10 0x00007f9aa76d47b3 in sdap_process_result (ev=0xe7bc60, pvt=0xf11710)
at /sssd/src/providers/ldap/sdap_async.c:197
#11 0x00007f9aa76d4476 in sdap_ldap_next_result (ev=0xe7bc60, te=0xf24a40,
tv=..., pvt=0xf11710)
at /sssd/src/providers/ldap/sdap_async.c:145
#12 0x00007f9aad2bcb2d in tevent_common_loop_timer_delay () from
/lib64/libtevent.so.0
#13 0x00007f9aad2bdb5a in epoll_event_loop_once () from /lib64/libtevent.so.0
---Type <return> to continue, or q <return> to quit---
#14 0x00007f9aad2bc257 in std_event_loop_once () from /lib64/libtevent.so.0
#15 0x00007f9aad2b842d in _tevent_loop_once () from /lib64/libtevent.so.0
#16 0x00007f9aad2b85cb in tevent_common_loop_wait () from /lib64/libtevent.so.0
#17 0x00007f9aad2bc1f7 in std_event_loop_wait () from /lib64/libtevent.so.0
#18 0x00007f9ab0c605d2 in server_loop (main_ctx=0xe7d0b0) at
/sssd/src/util/server.c:702
#19 0x0000000000409372 in main (argc=8, argv=0x7fff84129ca8)
at /sssd/src/providers/data_provider_be.c:587
(gdb) frame 1
#1 0x00007f9ab0c5c24f in string_in_list (string=0xf22e50
"subdom.win.trust.test", list=0x7fff84129408, case_sensitive=true) at
/sssd/src/util/util.c:712
712 if (compare(string, list[c]) == 0) {
(gdb) p string
$1 = 0xf22e50 "subdom.win.trust.test"
(gdb) p list[c]
$2 = 0x100000000ea03b0 <error: Cannot access memory at address
0x100000000ea03b0>
(gdb)
In sssd.conf I had:
ad_enabled_domains = win.trust.test, siblingdom.win.trust.test
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
