URL: https://github.com/SSSD/sssd/pull/241
Title: #241: FleetCommander Integration
fidencio commented:
"""
@pbrezina: So, here's the patch that solves the issue:
```
From ae60eae181c7a3214d76b3ff00d9e431f060bbc2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com>
Date: Fri, 18 Aug 2017 19:46:20 +0200
Subject: [PATCH] fixup! DESKPROFILE: Introduce the new IPA session provider
---
src/providers/ipa/ipa_init.c | 9 ---------
src/providers/ipa/ipa_session.c | 10 ++++++++++
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index b3daa4921..7cae43c06 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -950,20 +950,11 @@ errno_t sssm_ipa_session_init(TALLOC_CTX *mem_ctx,
struct ipa_session_ctx *session_ctx;
struct ipa_init_ctx *init_ctx;
struct ipa_id_ctx *id_ctx;
- bool enabled;
errno_t ret;
init_ctx = talloc_get_type(module_data, struct ipa_init_ctx);
id_ctx = init_ctx->id_ctx;
- enabled = dp_opt_get_bool(id_ctx->ipa_options->basic,
- IPA_ENABLE_DESKPROFILE);
- if (!enabled) {
- DEBUG(SSSDBG_TRACE_FUNC, "ipa_enable_deskprofile is set to FALSE\n");
-
- return EOK;
- }
-
session_ctx = talloc_zero(mem_ctx, struct ipa_session_ctx);
if (session_ctx == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero() failed.\n");
diff --git a/src/providers/ipa/ipa_session.c b/src/providers/ipa/ipa_session.c
index 8559284c9..800ea665a 100644
--- a/src/providers/ipa/ipa_session.c
+++ b/src/providers/ipa/ipa_session.c
@@ -485,6 +485,7 @@ ipa_pam_session_handler_send(TALLOC_CTX *mem_ctx,
struct tevent_req *req;
struct tevent_req *subreq;
struct ipa_pam_session_handler_state *state;
+ bool enabled;
errno_t ret;
DEBUG(SSSDBG_TRACE_FUNC, "Retrieving Desktop Profile rules\n");
@@ -500,6 +501,15 @@ ipa_pam_session_handler_send(TALLOC_CTX *mem_ctx,
state->be_ctx = params->be_ctx;
state->session_ctx = session_ctx;
+ enabled = dp_opt_get_bool(session_ctx->ipa_options,
+ IPA_ENABLE_DESKPROFILE);
+ if (!enabled) {
+ ret = EOK;
+ DEBUG(SSSDBG_TRACE_FUNC, "ipa_enable_deskprofile is set to FALSE\n");
+ state->pd->pam_status = PAM_SUCCESS;
+ goto done;
+ }
+
/* Get all the user info that will be needed in order the delete the
* user's deskprofile directory from the disk, create the user's directory,
* save the fetched rules to the disk and notify the deskprofile client
--
2.13.5
```
In case we returned EOK from `sssm_ipa_session_init`, having the handlers set
was something expected (and it was **not** happening).
So, I've decided to do the check about whether the config was enabled or not
later on in the code, in the `_send() ` handler. There it's done before any
call to ldap or sysdb is done (or, IOW, without messing with performance).
Here are the logs when:
- `ipa_deskprofile_enable = false`:
```
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [dp_pam_handler] (0x0100):
Got request with the following data
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
command: SSS_PAM_OPEN_SESSION
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
domain: ipa.example
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
user: admin@ipa.example
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
service: su-l
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
tty: pts/0
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
ruser: root
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
rhost:
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
authtok type: 0
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
newauthtok type: 0
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
priv: 1
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
cli_pid: 2083
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
logon name: not set
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [dp_attach_req] (0x0400):
DP Request [PAM Open Session #4]: New request. Flags [0000].
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [dp_attach_req] (0x0400):
Number of active DP request: 1
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [sss_domain_get_state]
(0x1000): Domain ipa.example is Active
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]]
[ipa_pam_session_handler_send] (0x0400): Retrieving Desktop Profile rules
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]]
[ipa_pam_session_handler_send] (0x0400): ipa_enable_deskprofile is set to FALSE
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [dp_req_done] (0x0400): DP
Request [PAM Open Session #4]: Request handler finished [0]: Success
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [_dp_req_recv] (0x0400):
DP Request [PAM Open Session #4]: Receiving request data.
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [dp_req_destructor]
(0x0400): DP Request [PAM Open Session #4]: Request removed.
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [dp_req_destructor]
(0x0400): Number of active DP request: 0
(Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [dp_pam_reply] (0x1000):
DP Request [PAM Open Session #4]: Sending result [0][ipa.example]
```
- `session_provider = none`:
```
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [dp_pam_handler] (0x0100):
Got request with the following data
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
command: SSS_PAM_OPEN_SESSION
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
domain: ipa.example
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
user: admin@ipa.example
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
service: su-l
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
tty: pts/0
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
ruser: root
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
rhost:
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
authtok type: 0
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
newauthtok type: 0
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
priv: 1
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
cli_pid: 2247
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100):
logon name: not set
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [dp_attach_req] (0x0400):
DP Request [PAM Open Session #2]: New request. Flags [0000].
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [dp_attach_req] (0x0400):
Number of active DP request: 1
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [sss_domain_get_state]
(0x1000): Domain ipa.example is Active
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [dp_find_method] (0x0100):
Target [session] is not initialized
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [_dp_req_recv] (0x0400):
DP Request [PAM Open Session #2]: Receiving request data.
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [dp_req_destructor]
(0x0400): DP Request [PAM Open Session #2]: Request removed.
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [dp_req_destructor]
(0x0400): Number of active DP request: 0
(Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [dp_req_reply_gen_error]
(0x0080): DP Request [PAM Open Session #2]: Finished. Target is not supported
with this configuration.
```
I'm updating the patch set with the mentioned patch squashed.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/241#issuecomment-323515639
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
