sssd.git/src/sss_client, branch mdbtest sssd with jhrozek's patches CLIENT: Clear errno with enabled sss-default-nss-plugin 2015-04-07T12:44:51+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-04-07T08:53:12+00:00 d51bc5f43fffa516446ef62c2b860be9fa939c9d Although errno was cleared in function sss_nss_make_request some sss glic functions set errno with value of output argument errnop. Reproducer: * sssd compiled with enabled option sss-default-nss-plugin * sss is the last value in group (/etc/nsswitch.conf) * sssd-client is installed but sssd is stopped. C-program: #include <stdio.h> #include <stdlib.h> #include <errno.h> #include <grp.h> int main(int argc, char *argv[]) { struct group *p_group; setgrent(); while (1) { errno = 0; /* initialize for getgrent() */ p_group = getgrent(); if (p_group == NULL) { if (errno == 0) { break; /* end of groups */ } else { perror("getgrent"); printf("getgrent error %d \n", errno); endgrent(); exit(-2); } } printf("getgrent() OK group(%d) = %s \n", p_group->gr_gid, p_group->gr_name); } exit(0); } Resolves: https://fedorahosted.org/sssd/ticket/2619 Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Although errno was cleared in function sss_nss_make_request
some sss glic functions set errno with value of output argument errnop.

Reproducer:
* sssd compiled with enabled option sss-default-nss-plugin
* sss is the last value in group (/etc/nsswitch.conf)
* sssd-client is installed but sssd is stopped.

C-program:
  #include <stdio.h>
  #include <stdlib.h>
  #include <errno.h>
  #include <grp.h>

  int main(int argc, char *argv[])
  {
      struct group *p_group;

      setgrent();
      while (1) {
          errno = 0;  /* initialize for  getgrent() */
          p_group = getgrent();
          if (p_group == NULL) {
              if (errno == 0) {
                      break;   /* end of groups */
              } else {
                  perror("getgrent");
                  printf("getgrent error %d \n", errno);
                  endgrent();
                  exit(-2);
              }
          }
          printf("getgrent() OK group(%d) = %s \n",
                 p_group->gr_gid, p_group->gr_name);
      }

      exit(0);
  }

Resolves:
https://fedorahosted.org/sssd/ticket/2619

Reviewed-by: Pavel Reichl <preichl@redhat.com>
pam_client: fix casting to const pointer 2015-03-26T10:18:37+00:00 Lukas Slebodnik lslebodn@redhat.com 2014-02-19T13:20:57+00:00 50afd8b1dd782820fa31240e958df38c915ba5af src/sss_client/pam_sss.c:1461:73: error: cast from 'int **' to 'const void **' must have all intermediate pointers const qualified to be safe [-Werror,-Wcast-qual] pam_get_data(pamh, "pam_sss:password_expired_flag", (const void **) &exp_data); ^ Reviewed-by: Sumit Bose <sbose@redhat.com> 
src/sss_client/pam_sss.c:1461:73:
    error: cast from 'int **' to 'const void **' must have all
    intermediate pointers const qualified to be safe [-Werror,-Wcast-qual]

    pam_get_data(pamh, "pam_sss:password_expired_flag", (const void **) &exp_data);
                                                                        ^
Reviewed-by: Sumit Bose <sbose@redhat.com>
PAC: Fix memory leak 2015-03-09T12:40:39+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-03-06T18:27:38+00:00 76faa85577e4f715af3b61ec01f522587ca30304 Reported by clang static analyser. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Reported by clang static analyser.

Reviewed-by: Sumit Bose <sbose@redhat.com>
Remove useless assignment to function parameter 2015-03-02T14:29:17+00:00 Lukas Slebodnik lslebodn@redhat.com 2014-02-26T17:19:59+00:00 cac22be9e58abdcf6c3bf66190fba0f7cb6f490e Reported by: cppcheck void free_fun(struct info *info) free(info->name); free(info); info = NULL; ^^^^^^^^^^^ Assignment to function parameter has no effect outside the function. Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Reported by: cppcheck

void free_fun(struct info *info)
     free(info->name);
     free(info);
     info = NULL;
     ^^^^^^^^^^^
Assignment to function parameter has no effect outside the function.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
PAM: new option pam_account_expired_message 2015-02-23T12:47:53+00:00 Pavel Reichl preichl@redhat.com 2015-02-19T16:17:36+00:00 e039f1aefecc65a7b3c2d4a13a612bff1dd367c8 This option sets string to be printed when authenticating using SSH keys and account is expired. Resolves: https://fedorahosted.org/sssd/ticket/2050 Reviewed-by: Sumit Bose <sbose@redhat.com> 
This option sets string to be printed when authenticating using SSH
keys and account is expired.

Resolves:
https://fedorahosted.org/sssd/ticket/2050

Reviewed-by: Sumit Bose <sbose@redhat.com>
PAM: do not reject abruptly 2015-02-23T12:47:47+00:00 Pavel Reichl preichl@redhat.com 2015-02-12T00:38:16+00:00 a61d6d01a4e89ec14175af135e84f1cac55af748 If account has expired then pass message. Resolves: https://fedorahosted.org/sssd/ticket/2050 Reviewed-by: Sumit Bose <sbose@redhat.com> 
If account has expired then pass message.

Resolves:
https://fedorahosted.org/sssd/ticket/2050

Reviewed-by: Sumit Bose <sbose@redhat.com>
Fix warning: equality comparison with extraneous parentheses 2015-02-11T19:38:42+00:00 Lukas Slebodnik lslebodn@redhat.com 2014-09-15T14:05:30+00:00 5085d263f2f084778b1314fc5e808668c3758d82 Example of warning: src/sss_client/libwbclient/wbc_pwd_sssd.c:246:23: error: equality comparison with extraneous parentheses [-Werror,-Wparentheses-equality] if (((wbc_status) == WBC_ERR_SUCCESS)) { ~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~ src/sss_client/libwbclient/wbc_pwd_sssd.c:246:23: note: remove extraneous parentheses around the comparison to silence this warning if (((wbc_status) == WBC_ERR_SUCCESS)) { ~ ^ ~ src/sss_client/libwbclient/wbc_pwd_sssd.c:246:23: note: use '=' to turn this equality comparison into an assignment if (((wbc_status) == WBC_ERR_SUCCESS)) { ^~ = The reason is definition of some macros which were used in if conditions. Reviewed-by: Michal Židek <mzidek@redhat.com> 
Example of warning:
src/sss_client/libwbclient/wbc_pwd_sssd.c:246:23:
  error: equality comparison with extraneous parentheses
  [-Werror,-Wparentheses-equality]
    if (((wbc_status) == WBC_ERR_SUCCESS)) {
         ~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~
src/sss_client/libwbclient/wbc_pwd_sssd.c:246:23:
  note: remove extraneous parentheses around the comparison
  to silence this warning
    if (((wbc_status) == WBC_ERR_SUCCESS)) {
        ~             ^                 ~
src/sss_client/libwbclient/wbc_pwd_sssd.c:246:23:
  note: use '=' to turn this equality comparison into an assignment
    if (((wbc_status) == WBC_ERR_SUCCESS)) {
                      ^~
                      =

The reason is definition of some macros which were used in if conditions.

Reviewed-by: Michal Židek <mzidek@redhat.com>
Open the PAC socket from krb5_child before dropping root 2015-01-21T10:25:49+00:00 Jakub Hrozek jhrozek@redhat.com 2015-01-20T17:06:49+00:00 858e750c3d4fe54e50616a1ed1e101469503c070 The PAC responder by default allows only connections from the root user. This patch opens the socket to the PAC responder before the krb5_child drops privileges so the connection seemingly comes from root. https://fedorahosted.org/sssd/ticket/2559 Reviewed-by: Sumit Bose <sbose@redhat.com> 
The PAC responder by default allows only connections from the root user.
This patch opens the socket to the PAC responder before the krb5_child
drops privileges so the connection seemingly comes from root.

https://fedorahosted.org/sssd/ticket/2559

Reviewed-by: Sumit Bose <sbose@redhat.com>
libwbclient: initialize some return values 2014-12-19T16:45:55+00:00 Sumit Bose sbose@redhat.com 2014-12-19T10:21:41+00:00 082e13dba488ebb2b948d6a362095153714b669f Some callers of libwbclient functions expects the return values are initialized even it the functions returns an error. This patch adds some initializations to meet this requirement. Resolves https://fedorahosted.org/sssd/ticket/2537 Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Some callers of libwbclient functions expects the return values are
initialized even it the functions returns an error. This patch adds some
initializations to meet this requirement.

Resolves https://fedorahosted.org/sssd/ticket/2537

Reviewed-by: Pavel Reichl <preichl@redhat.com>
PAM: Missing argument to domains= should fail auth 2014-12-13T22:00:15+00:00 Jakub Hrozek jhrozek@redhat.com 2014-12-10T11:02:47+00:00 134bff159119b0f62492133983ba637957e26fab When the administrator sets the domains= list, he usually wants to restrict the set of domains. An empty list is an undefined configuration and it's safer to fail then. https://fedorahosted.org/sssd/ticket/2516 Reviewed-by: Pavel Reichl <preichl@redhat.com> 
When the administrator sets the domains= list, he usually wants to
restrict the set of domains. An empty list is an undefined configuration
and it's safer to fail then.

https://fedorahosted.org/sssd/ticket/2516

Reviewed-by: Pavel Reichl <preichl@redhat.com>