sssd.git/src/responder/common, branch sudo Unnamed repository; edit this file 'description' to name the repository. Fix warning declaration of 'index' shadows a global declaration 2017-09-25T19:35:39+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-09-06T11:48:34+00:00 39e300314cb43e534179a6950274e1e9c9a48465 src/responder/common/cache_req/cache_req.c: In function 'cache_req_add_result': src/responder/common/cache_req/cache_req.c:587: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_cmd.c:387: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_cmd.c: In function 'nss_getent_get_result': src/responder/nss/nss_cmd.c:433: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_cmd.c: In function 'nss_endent': src/responder/nss/nss_cmd.c:671: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_protocol_netgr.c: In function 'nss_protocol_fill_netgrent': src/responder/nss/nss_protocol_netgr.c:113: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
src/responder/common/cache_req/cache_req.c: In function 'cache_req_add_result':
src/responder/common/cache_req/cache_req.c:587: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here

src/responder/nss/nss_cmd.c:387: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here
src/responder/nss/nss_cmd.c: In function 'nss_getent_get_result':
src/responder/nss/nss_cmd.c:433: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here
src/responder/nss/nss_cmd.c: In function 'nss_endent':
src/responder/nss/nss_cmd.c:671: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here

src/responder/nss/nss_protocol_netgr.c: In function 'nss_protocol_fill_netgrent':
src/responder/nss/nss_protocol_netgr.c:113: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
RESPONDER: Fix "-Wold-style-definition" caught by GCC 2017-09-25T19:35:22+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-09-09T12:57:01+00:00 d8d49ae91708a2360c5c8f7a01e531952e2f7771 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Print a warning when enumeration is requested but disabled 2017-09-25T12:33:06+00:00 AmitKumar amitkuma@redhat.com 2017-07-24T14:45:13+00:00 c33fa33065b1211dba5ea2909bac62843a72e8b5 Add an explanatory message to be logged once, at the start-up, mentioning that in case enumeration is not enabled, getent passwd won't return all users by design. The debug level chosen to show the message is SSS_LOG_NOTICE. Resolves: https://pagure.io/SSSD/sssd/issue/2301 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Add an explanatory message to be logged once, at the start-up,
mentioning that in case enumeration is not enabled, getent passwd won't
return all users by design.
The debug level chosen to show the message is SSS_LOG_NOTICE.

Resolves:
https://pagure.io/SSSD/sssd/issue/2301

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
cache_req: Look for name attribute also in nss_cmd_getsidbyid 2017-09-06T11:16:03+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-08-21T09:42:43+00:00 2e72ababbbadda4c4036f99528460c1d595e0941 We always check negcache after getting data from backend since commit 4c09cd008967c5c0ec358dc658ffc6fc1cef2697 because we usually do have a name in begging of requests "* by ID". We were not interested in name in request sid by id before. However, function cache_req_search_ncache_filter always expect name otherwise it returns ERR_INTERNAL. [sssd[nss]] [cache_req_set_plugin] (0x2000): CR #8: Setting "Object by ID" plugin [sssd[nss]] [cache_req_send] (0x0400): CR #8: New request 'Object by ID' [sssd[nss]] [cache_req_select_domains] (0x0400): CR #8: Performing a multi-domain search [sssd[nss]] [cache_req_search_domains] (0x0400): CR #8: Search will check the cache and check the data provider [sssd[nss]] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain sssdad2012r2.com type POSIX is valid [sssd[nss]] [cache_req_set_domain] (0x0400): CR #8: Using domain [sssdad2012r2.com] [sssd[nss]] [cache_req_search_send] (0x0400): CR #8: Looking up ID:233600513@sssdad2012r2.com [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #8: Checking negative cache for [ID:233600513@sssdad2012r2.com] [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/UID/sssdad2012r2.com/233600513] [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #8: [ID:233600513@sssdad2012r2.com] is not present in negative cache [sssd[nss]] [cache_req_search_cache] (0x0400): CR #8: Looking up [ID:233600513@sssdad2012r2.com] in cache [sssd[nss]] [cache_req_search_send] (0x0400): CR #8: Returning [ID:233600513@sssdad2012r2.com] from cache [sssd[nss]] [cache_req_search_ncache_filter] (0x0400): CR #8: Filtering out results by negative cache [sssd[nss]] [cache_req_search_ncache_filter] (0x0020): CR #8: sss_get_name_from_msg() returned NULL, which should never happen in this scenario! [sssd[nss]] [cache_req_process_result] (0x0400): CR #8: Finished: Error 1432158209: Internal Error [sssd[nss]] [nss_protocol_done] (0x4000): Sending reply: error [1432158209]: Internal Error [sssd[nss]] [client_recv] (0x0200): Client disconnected! Resolves: https://pagure.io/SSSD/sssd/issue/3485 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
We always check negcache after getting data from backend since commit
4c09cd008967c5c0ec358dc658ffc6fc1cef2697 because we usually do have a name
in begging of requests "* by ID".

We were not interested in name in request sid by id before. However, function
cache_req_search_ncache_filter always expect name otherwise it returns
ERR_INTERNAL.

[sssd[nss]] [cache_req_set_plugin] (0x2000): CR #8: Setting "Object by ID" plugin
[sssd[nss]] [cache_req_send] (0x0400): CR #8: New request 'Object by ID'
[sssd[nss]] [cache_req_select_domains] (0x0400): CR #8: Performing a multi-domain search
[sssd[nss]] [cache_req_search_domains] (0x0400): CR #8: Search will check the cache and check the data provider
[sssd[nss]] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain sssdad2012r2.com type POSIX is valid
[sssd[nss]] [cache_req_set_domain] (0x0400): CR #8: Using domain [sssdad2012r2.com]
[sssd[nss]] [cache_req_search_send] (0x0400): CR #8: Looking up ID:233600513@sssdad2012r2.com
[sssd[nss]] [cache_req_search_ncache] (0x0400): CR #8: Checking negative cache for [ID:233600513@sssdad2012r2.com]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/UID/sssdad2012r2.com/233600513]
[sssd[nss]] [cache_req_search_ncache] (0x0400): CR #8: [ID:233600513@sssdad2012r2.com] is not present in negative cache
[sssd[nss]] [cache_req_search_cache] (0x0400): CR #8: Looking up [ID:233600513@sssdad2012r2.com] in cache
[sssd[nss]] [cache_req_search_send] (0x0400): CR #8: Returning [ID:233600513@sssdad2012r2.com] from cache
[sssd[nss]] [cache_req_search_ncache_filter] (0x0400): CR #8: Filtering out results by negative cache
[sssd[nss]] [cache_req_search_ncache_filter] (0x0020): CR #8: sss_get_name_from_msg() returned NULL, which should never happen in this scenario!
[sssd[nss]] [cache_req_process_result] (0x0400): CR #8: Finished: Error 1432158209: Internal Error
[sssd[nss]] [nss_protocol_done] (0x4000): Sending reply: error [1432158209]: Internal Error
[sssd[nss]] [client_recv] (0x0200): Client disconnected!

Resolves:
https://pagure.io/SSSD/sssd/issue/3485

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
NEGCACHE: Add root's uid/gid to ncache 2017-08-28T18:55:22+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-08-14T11:31:45+00:00 3ad33ca77044f9a9d18f7def271b0beb180e567b As "root" is not handled by SSSD, let's add its uid and gid to the negative cache as well. The reason it's added without specifying a domain is to follow how the negative cache is used by cache req's code when searching something by id. As the negative cache check for uid/gid, in the cache req code, is done after resolving the name, we can save one LDAP call to the data provider. Related: https://pagure.io/SSSD/sssd/issue/3460 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
As "root" is not handled by SSSD, let's add its uid and gid to the
negative cache as well. The reason it's added without specifying a
domain is to follow how the negative cache is used by cache req's code
when searching something by id.

As the negative cache check for uid/gid, in the cache req code, is done
after resolving the name, we can save one LDAP call to the data
provider.

Related: https://pagure.io/SSSD/sssd/issue/3460

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
CACHE_REQ: Don't error out when searching by id = 0 2017-08-28T18:55:07+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-08-14T11:35:20+00:00 8888d7a46371ddd2c2514c3e81b58bb1090902a2 This code path can be easily triggered by calling `id 0` and SSSD should not error out in this case. Previous patches in this series already add uid and gid 0 to the negative cache and we can properly handle this situation. Related: https://pagure.io/SSSD/sssd/issue/3460 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This code path can be easily triggered by calling `id 0` and SSSD should
not error out in this case.

Previous patches in this series already add uid and gid 0 to the
negative cache and we can properly handle this situation.

Related: https://pagure.io/SSSD/sssd/issue/3460

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
NEGCACHE: Descend to all subdomains when adding user/groups 2017-08-28T18:55:01+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-08-14T10:15:42+00:00 9908bdc9755e744c3e2c7c746a4edf95f9083ef5 When a user or group is added to the negative cache, we should descend to all subdomains as well. Related: https://pagure.io/SSSD/sssd/issue/3460 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
When a user or group is added to the negative cache, we should descend
to all subdomains as well.

Related: https://pagure.io/SSSD/sssd/issue/3460

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
NEGCACHE: Always add "root" to the negative cache 2017-08-28T18:54:47+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-08-14T13:46:10+00:00 1e7b7da3aa56060c26f8ba1c08318cdee77753ea The current code only adds "root" to the negative cache in case there's any other user or group set up in to be added. As SSSD doesn't handle "root", it should *always* be added to the negative cache. Related: https://pagure.io/SSSD/sssd/issue/3460 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
The current code only adds "root" to the negative cache in case there's
any other user or group set up in to be added.

As SSSD doesn't handle "root", it should *always* be added to the
negative cache.

Related: https://pagure.io/SSSD/sssd/issue/3460

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
NEGCACHE: Add some comments about each step of sss_ncache_prepopulate() 2017-08-28T18:54:29+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-08-14T13:28:41+00:00 b54d79cf3c8017e186b5ea7cdc383746233db39b The comments help to understand which part of the code is dealing with users or groups of specific or non-specific domain filters. Related: https://pagure.io/SSSD/sssd/issue/3460 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
The comments help to understand which part of the code is dealing with
users or groups of specific or non-specific domain filters.

Related: https://pagure.io/SSSD/sssd/issue/3460

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
CACHE_REQ: Fix warning may be used uninitialized 2017-07-31T10:17:06+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-07-31T07:21:31+00:00 9d90396775715de66e735dd55826e35f311450af Setting ret as EOK in case everything goes well. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> 
Setting ret as EOK in case everything goes well.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>