URL: https://github.com/SSSD/sssd/pull/334 Author: amitkumar50 Title: #334: Print a warning when enumeration is requested but disabled Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/334/head:pr334 git checkout pr334
From d7dcd72e8dba38eca8caf38233e91186dc2295be Mon Sep 17 00:00:00 2001 From: AmitKumar <amitk...@redhat.com> Date: Mon, 24 Jul 2017 20:15:13 +0530 Subject: [PATCH 1/3] CONFDB: Warn that getent passwd doesn't return all users by design Add an explanatory message to be logged once, at the start-up, mentioning that in case enumeration is not enabled, getent passwd won't return all users by design. The debug level chosen to show the message is SSSDBG_CONF_SETTINGS. Resolves: https://pagure.io/SSSD/sssd/issue/2301 --- src/confdb/confdb.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 286dbb243..b01306ab6 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1010,6 +1010,10 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, if (!domain->enumerate) { DEBUG(SSSDBG_TRACE_FUNC, "No enumeration for [%s]!\n", domain->name); + DEBUG(SSSDBG_CONF_SETTINGS, + "Please note that when enumeration is disabled `getent " + "passwd` does not return all users by design. See " + "sssd.conf man page for more detailed information\n"); } ret = confdb_get_string(cdb, tmp_ctx, CONFDB_MONITOR_CONF_ENTRY, From eed7ec8ab161984a3dfdc779066afc81056fa1b2 Mon Sep 17 00:00:00 2001 From: amitkuma <amitk...@redhat.com> Date: Sun, 10 Sep 2017 01:38:37 +0530 Subject: [PATCH 2/3] Print a warning when enumeration is requested but disabled Add an explanatory message to be logged once, at the start-up, mentioning that in case enumeration is not enabled, getent passwd won't return all users by design. The debug level chosen to show the message is SSS_LOG_NOTICE. Resolves: https://pagure.io/SSSD/sssd/issue/2301 --- src/confdb/confdb.c | 4 ---- src/responder/common/cache_req/cache_req.c | 5 +++++ src/responder/common/responder.h | 1 + 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index b01306ab6..286dbb243 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1010,10 +1010,6 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, if (!domain->enumerate) { DEBUG(SSSDBG_TRACE_FUNC, "No enumeration for [%s]!\n", domain->name); - DEBUG(SSSDBG_CONF_SETTINGS, - "Please note that when enumeration is disabled `getent " - "passwd` does not return all users by design. See " - "sssd.conf man page for more detailed information\n"); } ret = confdb_get_string(cdb, tmp_ctx, CONFDB_MONITOR_CONF_ENTRY, diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c index 2f2c3e97f..cb57b7be9 100644 --- a/src/responder/common/cache_req/cache_req.c +++ b/src/responder/common/cache_req/cache_req.c @@ -176,6 +176,11 @@ cache_req_validate_domain_enumeration(struct cache_req *cr, if (domain->enumerate == false) { CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr, "Domain %s does not support " "enumeration, skipping...\n", domain->name); + if(cr->rctx->enumeration_warn_logged == false) + { + sss_log(SSS_LOG_NOTICE, "Enumeration requested but not enabled\n"); + cr->rctx->enumeration_warn_logged = true; + } return false; } diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index a97476ca7..9a57df558 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -157,6 +157,7 @@ struct resp_ctx { bool socket_activated; bool dbus_activated; bool cache_first; + bool enumeration_warn_logged; }; struct cli_creds; From f99b63f93381c5e843ca5c27c116d16d1c1a51f1 Mon Sep 17 00:00:00 2001 From: amitkuma <amitk...@redhat.com> Date: Mon, 18 Sep 2017 22:09:10 +0530 Subject: [PATCH 3/3] Print a warning when enumeration is requested but disabled Add an explanatory message to be logged once, at the start-up, mentioning that in case enumeration is not enabled, getent passwd won't return all users by design. The debug level chosen to show the message is SSS_LOG_NOTICE. Resolves: https://pagure.io/SSSD/sssd/issue/2301 --- src/confdb/confdb.c | 4 ++++ src/responder/common/cache_req/cache_req.c | 9 +++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 286dbb243..4d55b38a1 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1010,6 +1010,10 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, if (!domain->enumerate) { DEBUG(SSSDBG_TRACE_FUNC, "No enumeration for [%s]!\n", domain->name); + DEBUG(SSSDBG_CONF_SETTINGS, + "Please note that when enumeration is disabled `getent " + "passwd` does not return all users by design. See " + "sssd.conf man page for more detailed information\n"); } ret = confdb_get_string(cdb, tmp_ctx, CONFDB_MONITOR_CONF_ENTRY, diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c index cb57b7be9..f65764fb9 100644 --- a/src/responder/common/cache_req/cache_req.c +++ b/src/responder/common/cache_req/cache_req.c @@ -176,10 +176,11 @@ cache_req_validate_domain_enumeration(struct cache_req *cr, if (domain->enumerate == false) { CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr, "Domain %s does not support " "enumeration, skipping...\n", domain->name); - if(cr->rctx->enumeration_warn_logged == false) - { - sss_log(SSS_LOG_NOTICE, "Enumeration requested but not enabled\n"); - cr->rctx->enumeration_warn_logged = true; + if(cr->rctx->enumeration_warn_logged == false) { + sss_log(SSS_LOG_NOTICE, "Enumeration requested but not enabled\n"); + CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr, + "Enumeration requested but not enabled\n"); + cr->rctx->enumeration_warn_logged = true; } return false; }
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
