sssd.git/src/responder, branch oneway sssd with jhrozek's patches UTIL: Convert domain->disabled into tri-state with domain states 2015-09-21T15:03:01+00:00 Jakub Hrozek jhrozek@redhat.com 2015-08-18T15:15:44+00:00 b5825c74b6bf7a99ae2172392dbecb51179013a6 Required for: https://fedorahosted.org/sssd/ticket/2637 This is a first step towards making it possible for domain to be around, but not contacted by Data Provider. Also explicitly create domains as active, previously we only relied on talloc_zero marking dom->disabled as false. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Required for:
https://fedorahosted.org/sssd/ticket/2637

This is a first step towards making it possible for domain to be around,
but not contacted by Data Provider.

Also explicitly create domains as active, previously we only relied on
talloc_zero marking dom->disabled as false.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
views: allow ghost members for LOCAL view 2015-09-18T11:22:03+00:00 Pavel Březina pbrezina@redhat.com 2015-09-17T12:46:34+00:00 87e0dcaff945f8b8f30030309e16ba26935fcb7b LOCAL view does not allow the case when both ghost member and user override is created so it is safe to allow ghost members for this view. Resolves: https://fedorahosted.org/sssd/ticket/2790 Reviewed-by: Sumit Bose <sbose@redhat.com> 
LOCAL view does not allow the case when both ghost member and
user override is created so it is safe to allow ghost members
for this view.

Resolves:
https://fedorahosted.org/sssd/ticket/2790

Reviewed-by: Sumit Bose <sbose@redhat.com>
DATA_PROVIDER: BE_REQ as string in log message 2015-09-14T14:00:49+00:00 Petr Cech pcech@redhat.com 2015-08-18T10:59:31+00:00 376eaf187c13c2a1eaea0ffbdd970b6b563ab74c Add be_req2str() for translation BE_REQ to string. So we will have || Got request for [0x1001][FAST BE_REQ_USER][1][name=celestian] instead of || Got request for [0x1001][1][name=celestian] Function be_req2str() is used in data provider and in responder too. So this patch create new header file data_provider_req.h which delivers function be_req2str() and definitions of BE_REQ_*. Resolves: https://fedorahosted.org/sssd/ticket/2708 Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Add be_req2str() for translation BE_REQ to string.
So we will have
|| Got request for [0x1001][FAST BE_REQ_USER][1][name=celestian]
instead of
|| Got request for [0x1001][1][name=celestian]

Function be_req2str() is used in data provider and in responder too.
So this patch create new header file data_provider_req.h which
delivers function be_req2str() and definitions of BE_REQ_*.

Resolves:
https://fedorahosted.org/sssd/ticket/2708

Reviewed-by: Pavel Reichl <preichl@redhat.com>
NSS: Don't ignore backslash in usernames with ldap provider 2015-09-01T06:41:51+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-08-28T05:07:40+00:00 90b8e2e47ecc0dd555cae401a0c9b082d12ab989 The regression was caused by changing default domain regex for ldap provider in ticket #2717 Resolves: https://fedorahosted.org/sssd/ticket/2772 Reviewed-by: Sumit Bose <sbose@redhat.com> 
The regression was caused by changing default domain regex
for ldap provider in ticket #2717

Resolves:
https://fedorahosted.org/sssd/ticket/2772

Reviewed-by: Sumit Bose <sbose@redhat.com>
UTIL: Function 2string for enum sss_cli_command 2015-08-31T16:30:19+00:00 Petr Cech pcech@redhat.com 2015-07-08T11:17:28+00:00 11e8f3ecdddf8edd8b1bbe9f41b49ce8b709b92a Improvement of debug messages. Instead of:"(0x0400): Running command [17]..." We could see:"(0x0400): Running command [17][SSS_NSS_GETPWNAM]..." (It's not used in sss_client. There are only hex numbers of commands.) Resolves: https://fedorahosted.org/sssd/ticket/2708 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Improvement of debug messages.
Instead of:"(0x0400): Running command [17]..."
We could see:"(0x0400): Running command [17][SSS_NSS_GETPWNAM]..."
(It's not used in sss_client. There are only hex numbers of commands.)

Resolves:
https://fedorahosted.org/sssd/ticket/2708

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
NSS: Fix use after free 2015-08-20T20:48:28+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-08-07T12:29:45+00:00 b9901fe3d6cfe05cd75a2440c0f9c7985aea36c6 It can happed if there are two domains and user is not found in the first one. ==29279== Invalid read of size 1 ==29279== at 0x4C2CBA2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==29279== by 0x89A7AC4: talloc_strdup (in /usr/lib64/libtalloc.so.2.1.2) ==29279== by 0x11668A: nss_cmd_initgroups_search (nsssrv_cmd.c:4191) ==29279== by 0x118B27: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1208) ==29279== by 0x10F2B4: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:759) ==29279== by 0x126AFB: sss_dp_internal_get_done (responder_dp.c:802) ==29279== by 0x56EA861: ??? (in /usr/lib64/libdbus-1.so.3.7.4) ==29279== by 0x56EDB50: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4) ==29279== by 0x50721E1: sbus_dispatch (sssd_dbus_connection.c:96) ==29279== by 0x879B22E: tevent_common_loop_timer_delay (tevent_timed.c:341) ==29279== by 0x879C239: epoll_event_loop_once (tevent_epoll.c:911) ==29279== by 0x879A936: std_event_loop_once (tevent_standard.c:114) ==29279== Address 0xbbad240 is 96 bytes inside a block of size 106 free'd ==29279== at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==29279== by 0x89A46E3: _talloc_free (in /usr/lib64/libtalloc.so.2.1.2) ==29279== by 0x116679: nss_cmd_initgroups_search (nsssrv_cmd.c:4190) ==29279== by 0x118B27: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1208) ==29279== by 0x10F2B4: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:759) ==29279== by 0x126AFB: sss_dp_internal_get_done (responder_dp.c:802) ==29279== by 0x56EA861: ??? (in /usr/lib64/libdbus-1.so.3.7.4) ==29279== by 0x56EDB50: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4) ==29279== by 0x50721E1: sbus_dispatch (sssd_dbus_connection.c:96) ==29279== by 0x879B22E: tevent_common_loop_timer_delay (tevent_timed.c:341) ==29279== by 0x879C239: epoll_event_loop_once (tevent_epoll.c:911) ==29279== by 0x879A936: std_event_loop_once (tevent_standard.c:114) Resolves: https://fedorahosted.org/sssd/ticket/2749 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
It can happed if there are two domains and user is not found
in the first one.

==29279== Invalid read of size 1
==29279==    at 0x4C2CBA2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29279==    by 0x89A7AC4: talloc_strdup (in /usr/lib64/libtalloc.so.2.1.2)
==29279==    by 0x11668A: nss_cmd_initgroups_search (nsssrv_cmd.c:4191)
==29279==    by 0x118B27: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1208)
==29279==    by 0x10F2B4: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:759)
==29279==    by 0x126AFB: sss_dp_internal_get_done (responder_dp.c:802)
==29279==    by 0x56EA861: ??? (in /usr/lib64/libdbus-1.so.3.7.4)
==29279==    by 0x56EDB50: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4)
==29279==    by 0x50721E1: sbus_dispatch (sssd_dbus_connection.c:96)
==29279==    by 0x879B22E: tevent_common_loop_timer_delay (tevent_timed.c:341)
==29279==    by 0x879C239: epoll_event_loop_once (tevent_epoll.c:911)
==29279==    by 0x879A936: std_event_loop_once (tevent_standard.c:114)
==29279==  Address 0xbbad240 is 96 bytes inside a block of size 106 free'd
==29279==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29279==    by 0x89A46E3: _talloc_free (in /usr/lib64/libtalloc.so.2.1.2)
==29279==    by 0x116679: nss_cmd_initgroups_search (nsssrv_cmd.c:4190)
==29279==    by 0x118B27: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1208)
==29279==    by 0x10F2B4: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:759)
==29279==    by 0x126AFB: sss_dp_internal_get_done (responder_dp.c:802)
==29279==    by 0x56EA861: ??? (in /usr/lib64/libdbus-1.so.3.7.4)
==29279==    by 0x56EDB50: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4)
==29279==    by 0x50721E1: sbus_dispatch (sssd_dbus_connection.c:96)
==29279==    by 0x879B22E: tevent_common_loop_timer_delay (tevent_timed.c:341)
==29279==    by 0x879C239: epoll_event_loop_once (tevent_epoll.c:911)
==29279==    by 0x879A936: std_event_loop_once (tevent_standard.c:114)

Resolves:
https://fedorahosted.org/sssd/ticket/2749

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SSH: Use sss_unique_file_ex to create the known hosts file 2015-08-17T13:22:15+00:00 Jakub Hrozek jhrozek@redhat.com 2015-08-12T11:05:32+00:00 84493af37d4b57294e94b7bb0596dec51e06b7b0 Simplifies the code. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Simplifies the code.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
pam: Incerease p11 child timeout 2015-08-17T13:10:03+00:00 Michal Židek mzidek@redhat.com 2015-08-13T12:03:24+00:00 9da121c08b785b56733a11fa46e14c708dda62e9 Ticket: https://fedorahosted.org/sssd/ticket/2746 It was timeouting often in CI machines. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Ticket:
https://fedorahosted.org/sssd/ticket/2746

It was timeouting often in CI machines.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
sudo: use "higher value wins" when ordering rules 2015-08-14T20:47:45+00:00 Pavel Březina pbrezina@redhat.com 2015-07-29T12:51:30+00:00 52e3ee5c5ff2c5a4341041826a803ad42d2b2de7 This commit changes the default ordering logic (lower value wins) to a correct one that is used by native ldap support. It also adds a new option sudo_inverse_order to switch to the original SSSD (incorrect) behaviour if needed. Resolves: https://fedorahosted.org/sssd/ticket/2682 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This commit changes the default ordering logic (lower value wins) to
a correct one that is used by native ldap support. It also adds a new
option sudo_inverse_order to switch to the original SSSD (incorrect)
behaviour if needed.

Resolves:
https://fedorahosted.org/sssd/ticket/2682

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
IFP: use default limit if provided is 0 2015-08-14T20:44:50+00:00 Pavel Březina pbrezina@redhat.com 2015-08-13T10:46:59+00:00 ef7de95fc4827a660254a942fa394f34ed9694a9 Returning zero values doesn't make any sense, so we may use it as "use sssd configuration instead". Reviewed-by: Petr Cech <pcech@redhat.com> 
Returning zero values doesn't make any sense, so we may use it as
"use sssd configuration instead".

Reviewed-by: Petr Cech <pcech@redhat.com>