sssd.git/src/responder/common/cache_req, branch sudo Unnamed repository; edit this file 'description' to name the repository. Fix warning declaration of 'index' shadows a global declaration 2017-09-25T19:35:39+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-09-06T11:48:34+00:00 39e300314cb43e534179a6950274e1e9c9a48465 src/responder/common/cache_req/cache_req.c: In function 'cache_req_add_result': src/responder/common/cache_req/cache_req.c:587: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_cmd.c:387: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_cmd.c: In function 'nss_getent_get_result': src/responder/nss/nss_cmd.c:433: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_cmd.c: In function 'nss_endent': src/responder/nss/nss_cmd.c:671: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_protocol_netgr.c: In function 'nss_protocol_fill_netgrent': src/responder/nss/nss_protocol_netgr.c:113: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
src/responder/common/cache_req/cache_req.c: In function 'cache_req_add_result':
src/responder/common/cache_req/cache_req.c:587: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here

src/responder/nss/nss_cmd.c:387: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here
src/responder/nss/nss_cmd.c: In function 'nss_getent_get_result':
src/responder/nss/nss_cmd.c:433: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here
src/responder/nss/nss_cmd.c: In function 'nss_endent':
src/responder/nss/nss_cmd.c:671: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here

src/responder/nss/nss_protocol_netgr.c: In function 'nss_protocol_fill_netgrent':
src/responder/nss/nss_protocol_netgr.c:113: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Print a warning when enumeration is requested but disabled 2017-09-25T12:33:06+00:00 AmitKumar amitkuma@redhat.com 2017-07-24T14:45:13+00:00 c33fa33065b1211dba5ea2909bac62843a72e8b5 Add an explanatory message to be logged once, at the start-up, mentioning that in case enumeration is not enabled, getent passwd won't return all users by design. The debug level chosen to show the message is SSS_LOG_NOTICE. Resolves: https://pagure.io/SSSD/sssd/issue/2301 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Add an explanatory message to be logged once, at the start-up,
mentioning that in case enumeration is not enabled, getent passwd won't
return all users by design.
The debug level chosen to show the message is SSS_LOG_NOTICE.

Resolves:
https://pagure.io/SSSD/sssd/issue/2301

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
cache_req: Look for name attribute also in nss_cmd_getsidbyid 2017-09-06T11:16:03+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-08-21T09:42:43+00:00 2e72ababbbadda4c4036f99528460c1d595e0941 We always check negcache after getting data from backend since commit 4c09cd008967c5c0ec358dc658ffc6fc1cef2697 because we usually do have a name in begging of requests "* by ID". We were not interested in name in request sid by id before. However, function cache_req_search_ncache_filter always expect name otherwise it returns ERR_INTERNAL. [sssd[nss]] [cache_req_set_plugin] (0x2000): CR #8: Setting "Object by ID" plugin [sssd[nss]] [cache_req_send] (0x0400): CR #8: New request 'Object by ID' [sssd[nss]] [cache_req_select_domains] (0x0400): CR #8: Performing a multi-domain search [sssd[nss]] [cache_req_search_domains] (0x0400): CR #8: Search will check the cache and check the data provider [sssd[nss]] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain sssdad2012r2.com type POSIX is valid [sssd[nss]] [cache_req_set_domain] (0x0400): CR #8: Using domain [sssdad2012r2.com] [sssd[nss]] [cache_req_search_send] (0x0400): CR #8: Looking up ID:233600513@sssdad2012r2.com [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #8: Checking negative cache for [ID:233600513@sssdad2012r2.com] [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/UID/sssdad2012r2.com/233600513] [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #8: [ID:233600513@sssdad2012r2.com] is not present in negative cache [sssd[nss]] [cache_req_search_cache] (0x0400): CR #8: Looking up [ID:233600513@sssdad2012r2.com] in cache [sssd[nss]] [cache_req_search_send] (0x0400): CR #8: Returning [ID:233600513@sssdad2012r2.com] from cache [sssd[nss]] [cache_req_search_ncache_filter] (0x0400): CR #8: Filtering out results by negative cache [sssd[nss]] [cache_req_search_ncache_filter] (0x0020): CR #8: sss_get_name_from_msg() returned NULL, which should never happen in this scenario! [sssd[nss]] [cache_req_process_result] (0x0400): CR #8: Finished: Error 1432158209: Internal Error [sssd[nss]] [nss_protocol_done] (0x4000): Sending reply: error [1432158209]: Internal Error [sssd[nss]] [client_recv] (0x0200): Client disconnected! Resolves: https://pagure.io/SSSD/sssd/issue/3485 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
We always check negcache after getting data from backend since commit
4c09cd008967c5c0ec358dc658ffc6fc1cef2697 because we usually do have a name
in begging of requests "* by ID".

We were not interested in name in request sid by id before. However, function
cache_req_search_ncache_filter always expect name otherwise it returns
ERR_INTERNAL.

[sssd[nss]] [cache_req_set_plugin] (0x2000): CR #8: Setting "Object by ID" plugin
[sssd[nss]] [cache_req_send] (0x0400): CR #8: New request 'Object by ID'
[sssd[nss]] [cache_req_select_domains] (0x0400): CR #8: Performing a multi-domain search
[sssd[nss]] [cache_req_search_domains] (0x0400): CR #8: Search will check the cache and check the data provider
[sssd[nss]] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain sssdad2012r2.com type POSIX is valid
[sssd[nss]] [cache_req_set_domain] (0x0400): CR #8: Using domain [sssdad2012r2.com]
[sssd[nss]] [cache_req_search_send] (0x0400): CR #8: Looking up ID:233600513@sssdad2012r2.com
[sssd[nss]] [cache_req_search_ncache] (0x0400): CR #8: Checking negative cache for [ID:233600513@sssdad2012r2.com]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/UID/sssdad2012r2.com/233600513]
[sssd[nss]] [cache_req_search_ncache] (0x0400): CR #8: [ID:233600513@sssdad2012r2.com] is not present in negative cache
[sssd[nss]] [cache_req_search_cache] (0x0400): CR #8: Looking up [ID:233600513@sssdad2012r2.com] in cache
[sssd[nss]] [cache_req_search_send] (0x0400): CR #8: Returning [ID:233600513@sssdad2012r2.com] from cache
[sssd[nss]] [cache_req_search_ncache_filter] (0x0400): CR #8: Filtering out results by negative cache
[sssd[nss]] [cache_req_search_ncache_filter] (0x0020): CR #8: sss_get_name_from_msg() returned NULL, which should never happen in this scenario!
[sssd[nss]] [cache_req_process_result] (0x0400): CR #8: Finished: Error 1432158209: Internal Error
[sssd[nss]] [nss_protocol_done] (0x4000): Sending reply: error [1432158209]: Internal Error
[sssd[nss]] [client_recv] (0x0200): Client disconnected!

Resolves:
https://pagure.io/SSSD/sssd/issue/3485

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
CACHE_REQ: Don't error out when searching by id = 0 2017-08-28T18:55:07+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-08-14T11:35:20+00:00 8888d7a46371ddd2c2514c3e81b58bb1090902a2 This code path can be easily triggered by calling `id 0` and SSSD should not error out in this case. Previous patches in this series already add uid and gid 0 to the negative cache and we can properly handle this situation. Related: https://pagure.io/SSSD/sssd/issue/3460 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This code path can be easily triggered by calling `id 0` and SSSD should
not error out in this case.

Previous patches in this series already add uid and gid 0 to the
negative cache and we can properly handle this situation.

Related: https://pagure.io/SSSD/sssd/issue/3460

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
CACHE_REQ: Fix warning may be used uninitialized 2017-07-31T10:17:06+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-07-31T07:21:31+00:00 9d90396775715de66e735dd55826e35f311450af Setting ret as EOK in case everything goes well. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> 
Setting ret as EOK in case everything goes well.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
CACHE_REQ: Pull sessionRecording attrs from initgr 2017-07-27T08:33:08+00:00 Nikolai Kondrashov Nikolai.Kondrashov@redhat.com 2017-03-21T09:30:20+00:00 382a972a80ac571cdbf70d88571f6de49fe1cd23 After entires are retrieved by cache_req for user info requests (except initgr), overlay them with sessionRecording attribute retrieved from an initgr request made additionally for each entry. Do not do additional initgr requests with selective session recording enabled, if we don't have any group names to match against in session recording configuration. Only do user name matches instead. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
After entires are retrieved by cache_req for user info requests (except
initgr), overlay them with sessionRecording attribute retrieved from an
initgr request made additionally for each entry.

Do not do additional initgr requests with selective session recording
enabled, if we don't have any group names to match against in session
recording configuration. Only do user name matches instead.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
CACHE_REQ: Propagate num_results to cache_req_state 2017-07-27T08:32:09+00:00 Nikolai Kondrashov Nikolai.Kondrashov@redhat.com 2017-03-24T14:24:22+00:00 cb89693cf5ccdedf69fa304c6d43d618a7bc18b2 The num_results field in struct cache_req_state was only set in case of well-known objects, set it also for the regular results for uniformity, and for later use by session recording code. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
The num_results field in struct cache_req_state was only set in case of
well-known objects, set it also for the regular results for uniformity,
and for later use by session recording code.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
DOMAIN: Add sss_domain_info_{get,set}_output_fqnames() 2017-06-21T09:28:15+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-06-20T12:22:48+00:00 fa2fc8a2908619031292eaf375eb1a510b8b2eba Let's avoid setting a domain's property directly from cr_domain code. In order to do so, let's introduce a setter, which may help us in the future whenever we decide to make sss_domain_info an opaque structure. For completeness, a getter has also been introduced and used in the usertools code. Related: https://pagure.io/SSSD/sssd/issue/3403 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Let's avoid setting a domain's property directly from cr_domain code.

In order to do so, let's introduce a setter, which may help us in the
future whenever we decide to make sss_domain_info an opaque structure.

For completeness, a getter has also been introduced and used in the
usertools code.

Related:
https://pagure.io/SSSD/sssd/issue/3403

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
RESPONDER: Use fqnames as output when needed 2017-06-21T09:28:08+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-06-19T07:05:00+00:00 86526891366c4bc3e1ee861143b736d2670a6ba8 As some regressions have been caused by not handling properly naming conflicts when using shortnames, last explicitly use fully qualified names as output in the following situations: - domain resolution order is set; - a trusted domain has been using `use_fully_qualified_name = false` In both cases we want to ensure that even handling shortnames as input, the output will always be fully qualified. As part of this patch, our tests ended up being modified to reflect the changes done. In other words, the tests related to shortnames now return expect as return a fully qualified name for trusted domains. Resolves: https://pagure.io/SSSD/sssd/issue/3403 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
As some regressions have been caused by not handling properly naming
conflicts when using shortnames, last explicitly use fully qualified
names as output in the following situations:
- domain resolution order is set;
- a trusted domain has been using `use_fully_qualified_name = false`

In both cases we want to ensure that even handling shortnames as input,
the output will always be fully qualified.

As part of this patch, our tests ended up being modified to reflect the
changes done. In other words, the tests related to shortnames now return
expect as return a fully qualified name for trusted domains.

Resolves:
https://pagure.io/SSSD/sssd/issue/3403

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
cache_req: Do not use default_domain_suffix with netgroups 2017-06-08T15:30:31+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-06-08T10:32:44+00:00 c83e265bbb5b2f2aa4f0067263753c8403c383f9 Resolves: https://pagure.io/SSSD/sssd/issue/3428 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Resolves:
https://pagure.io/SSSD/sssd/issue/3428

Reviewed-by: Pavel Březina <pbrezina@redhat.com>