URL: https://github.com/SSSD/sssd/pull/241 Title: #241: FleetCommander Integration
fidencio commented: """ @pbrezina: So, here's the patch that solves the issue: ``` From ae60eae181c7a3214d76b3ff00d9e431f060bbc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Fri, 18 Aug 2017 19:46:20 +0200 Subject: [PATCH] fixup! DESKPROFILE: Introduce the new IPA session provider --- src/providers/ipa/ipa_init.c | 9 --------- src/providers/ipa/ipa_session.c | 10 ++++++++++ 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index b3daa4921..7cae43c06 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -950,20 +950,11 @@ errno_t sssm_ipa_session_init(TALLOC_CTX *mem_ctx, struct ipa_session_ctx *session_ctx; struct ipa_init_ctx *init_ctx; struct ipa_id_ctx *id_ctx; - bool enabled; errno_t ret; init_ctx = talloc_get_type(module_data, struct ipa_init_ctx); id_ctx = init_ctx->id_ctx; - enabled = dp_opt_get_bool(id_ctx->ipa_options->basic, - IPA_ENABLE_DESKPROFILE); - if (!enabled) { - DEBUG(SSSDBG_TRACE_FUNC, "ipa_enable_deskprofile is set to FALSE\n"); - - return EOK; - } - session_ctx = talloc_zero(mem_ctx, struct ipa_session_ctx); if (session_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero() failed.\n"); diff --git a/src/providers/ipa/ipa_session.c b/src/providers/ipa/ipa_session.c index 8559284c9..800ea665a 100644 --- a/src/providers/ipa/ipa_session.c +++ b/src/providers/ipa/ipa_session.c @@ -485,6 +485,7 @@ ipa_pam_session_handler_send(TALLOC_CTX *mem_ctx, struct tevent_req *req; struct tevent_req *subreq; struct ipa_pam_session_handler_state *state; + bool enabled; errno_t ret; DEBUG(SSSDBG_TRACE_FUNC, "Retrieving Desktop Profile rules\n"); @@ -500,6 +501,15 @@ ipa_pam_session_handler_send(TALLOC_CTX *mem_ctx, state->be_ctx = params->be_ctx; state->session_ctx = session_ctx; + enabled = dp_opt_get_bool(session_ctx->ipa_options, + IPA_ENABLE_DESKPROFILE); + if (!enabled) { + ret = EOK; + DEBUG(SSSDBG_TRACE_FUNC, "ipa_enable_deskprofile is set to FALSE\n"); + state->pd->pam_status = PAM_SUCCESS; + goto done; + } + /* Get all the user info that will be needed in order the delete the * user's deskprofile directory from the disk, create the user's directory, * save the fetched rules to the disk and notify the deskprofile client -- 2.13.5 ``` In case we returned EOK from `sssm_ipa_session_init`, having the handlers set was something expected (and it was **not** happening). So, I've decided to do the check about whether the config was enabled or not later on in the code, in the `_send() ` handler. There it's done before any call to ldap or sysdb is done (or, IOW, without messing with performance). Here are the logs when: - `ipa_deskprofile_enable = false`: ``` (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [dp_pam_handler] (0x0100): Got request with the following data (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): domain: ipa.example (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): user: admin@ipa.example (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): service: su-l (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): tty: pts/0 (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): ruser: root (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): rhost: (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): authtok type: 0 (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): newauthtok type: 0 (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): priv: 1 (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): cli_pid: 2083 (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): logon name: not set (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [dp_attach_req] (0x0400): DP Request [PAM Open Session #4]: New request. Flags [0000]. (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [dp_attach_req] (0x0400): Number of active DP request: 1 (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [sss_domain_get_state] (0x1000): Domain ipa.example is Active (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [ipa_pam_session_handler_send] (0x0400): Retrieving Desktop Profile rules (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [ipa_pam_session_handler_send] (0x0400): ipa_enable_deskprofile is set to FALSE (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [dp_req_done] (0x0400): DP Request [PAM Open Session #4]: Request handler finished [0]: Success (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [_dp_req_recv] (0x0400): DP Request [PAM Open Session #4]: Receiving request data. (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [dp_req_destructor] (0x0400): DP Request [PAM Open Session #4]: Request removed. (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 (Sat Aug 19 10:27:02 2017) [sssd[be[ipa.example]]] [dp_pam_reply] (0x1000): DP Request [PAM Open Session #4]: Sending result [0][ipa.example] ``` - `session_provider = none`: ``` (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [dp_pam_handler] (0x0100): Got request with the following data (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): domain: ipa.example (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): user: admin@ipa.example (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): service: su-l (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): tty: pts/0 (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): ruser: root (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): rhost: (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): authtok type: 0 (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): newauthtok type: 0 (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): priv: 1 (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): cli_pid: 2247 (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [pam_print_data] (0x0100): logon name: not set (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [dp_attach_req] (0x0400): DP Request [PAM Open Session #2]: New request. Flags [0000]. (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [dp_attach_req] (0x0400): Number of active DP request: 1 (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [sss_domain_get_state] (0x1000): Domain ipa.example is Active (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [dp_find_method] (0x0100): Target [session] is not initialized (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [_dp_req_recv] (0x0400): DP Request [PAM Open Session #2]: Receiving request data. (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [dp_req_destructor] (0x0400): DP Request [PAM Open Session #2]: Request removed. (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 (Sat Aug 19 10:29:25 2017) [sssd[be[ipa.example]]] [dp_req_reply_gen_error] (0x0080): DP Request [PAM Open Session #2]: Finished. Target is not supported with this configuration. ``` I'm updating the patch set with the mentioned patch squashed. """ See the full comment at https://github.com/SSSD/sssd/pull/241#issuecomment-323515639
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org