| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Add sssctl cache-expire as a wrapper for the sss_cache utility to
invalidate cached objects.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sss_debuglevel binary is replaced by a shell wrapper calling
sssctl debug-level as part of merging sss_debuglevel into sssctl.
The wrapper will redirect sss_debuglevel to the sssctl debug-level
command performing the same task. The sss_debuglevel(8) man page is
updated to indicate that sss_debuglevel is deprecated and functionality
exists now in sssctl.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move code from sss_debuglevel to sssctl_logs.c and add new debug-logs
sssctl command to perform the same task of changing debug level
dynamically.
POPT_CONTEXT_KEEP_FIRST Flag added to poptGetContext call in
sssctl_debug_level() to fix argument parsing.
Resolves:
https://pagure.io/SSSD/sssd/issue/3057
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
| |
As done for the attr_name_fn to avoid "-Wshadow", let's be consistent
and do the same for all the other sssctl_attr_fn functions.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
This warning only happens when building SSSD on RHEL6.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
This warning only happens when building SSSD on RHEL6.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
This warning only happens when building SSSD on RHEL6.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
files.c has at least one function that will be re-used for the new
session provider that's about to be added. Also, a few other functions
may be added and files.c seems the right place for those.
selinux.c has been moved together with files.c as the latter takes
advantage of some functions from the former and we do not want to always
link agains the tools code.
The public functions from files.c got a "sss_" prefix and it has been
changed whenever they're used.
Last but not least, all the places that included "tools/tools_util.h"
due to the functions on files.c had this include removed (as they were
already including "util/util.h".
Related:
https://pagure.io/SSSD/sssd/issue/2995
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
Merges: https://pagure.io/SSSD/sssd/pull-request/3456
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add verbose option to sssctl domain-list, when this option is provided
SSSD will print the domain type(primary or trusted domain) retrieved
from infopipe API, in addition to the domain name.
Resolves:
https://pagure.io/SSSD/sssd/issue/3065
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
| |
signal.h is not used directly by util/util.h. The header file signal.h
must be included in 8 files and removing it from util.h it had to be
added only to 5 missing file. But util/util.h is include in 377 files
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Since there are cases where the user name is not entered directly but
determined by other means the user-checks should show the name of the
user used for authentication.
Related to https://pagure.io/SSSD/sssd/issue/3395
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
| |
Resolves:
https://pagure.io/SSSD/sssd/issue/3339
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
sssctl config-check should print a message for user
if no sssd.conf was found.
Resolves:
https://pagure.io/SSSD/sssd/issue/3330
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Allow option use_fully_qualified_names in subdomain section.
This option was recently added to subdomain_inherit.
Resolves:
https://pagure.io/SSSD/sssd/issue/3337
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a group/users are invalidated from sss_cache, the group/user
information in domain and timestamps cache are inconsistent with
regard to dataExpireTimestamp attribute.
This patch fixes the problem by explicitly invalidating the domain
cache's entry when the timestamp cache entry is invalidated
by sss_cache call. There is one new function:
* sysdb_invalidate_cache_entry()
provided for this purpose and used only in sss_cache utility.
Resolves:
https://fedorahosted.org/sssd/ticket/3164
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's ensure that in case a responder is explicitly configured in the
sssd.conf its socket won't even start.
The patchset introduces a new binary that will be distributed and will
be called before starting the responders' sockets, ensuring the sockets
will only start in case the responder is supposed to be socket-activated
and its been configured accordingly. Otherwise the responders' socket
startup will fail with a quite helpful debug message leading the admins
to choose between using systemd or not and what has to be done to achieve
their desire.
This suggestion came from Sumit Bose.
The reason for adding a new binary instead of a simple python script is
to avoid dragging unnecessary dependencies to sssd-common package.
Resolves:
https://pagure.io/SSSD/sssd/issue/3300
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc 7 probably does some new optimisations which might cause few
wariables to be uninitialized.
src/tools/sssctl/sssctl_cache.c: In function ‘sssctl_print_object’:
src/tools/sssctl/sssctl_cache.c:523:13: error: ‘dom’ may be used uninitialized
in this function [-Werror=maybe-uninitialized]
ret = info[i].attr_fn(tmp_ctx, entry, dom, info[i].attr, &value);
~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/tools/sssctl/sssctl_cache.c:472:15: error: ‘entry’ may be used
uninitialized in this function [-Werror=maybe-uninitialized]
*_entry = talloc_steal(mem_ctx, entry);
^~~~~~~~~~~~
src/tools/sssctl/sssctl_cache.c:437:25: note: ‘entry’ was declared here
struct sysdb_attrs *entry;
^~~~~
Another workaround would be to remove static modifier from function
sssctl_find_object which probably prevents some inlinig + optimisation.
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/tools/sss_groupshow.c: In function ‘print_group_info’:
src/tools/sss_groupshow.c:612:22: error: ‘%d’ directive output truncated
writing between 10 and 11 bytes into a region of size 7 [-Werror=format-truncation=]
snprintf(fmt, 8, "%%%ds", level*PADDING_SPACES);
^~~~~~~
src/tools/sss_groupshow.c:612:22: note: using the range
[-2147483648, 2147483647] for directive argument
src/tools/sss_groupshow.c:612:5: note: ‘snprintf’ output between 13 and 14
bytes into a destination of size 8
snprintf(fmt, 8, "%%%ds", level*PADDING_SPACES);
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Lowercase the filter in case insensitive domains.
Resolves:
https://fedorahosted.org/sssd/ticket/3235
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Also search by alias when using sssctl to query the cache.
Resolves:
https://fedorahosted.org/sssd/ticket/3235
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The WEXITSTATUS is defined in stdlib.h on linux.
There is a nice comment in stdlib.h:
/* Define the macros <sys/wait.h> also would define this way. */
It's better to not rely on this and use more platfom friendly
way with including "sys/wait.h". For example the libc on FreeBSD
does not provide WEXITSTATUS in stdlib.h.
I found this macro mentioned only in the manual page for wait(2)
and there is mentioned just the "sys/wait.h" and not "stdlib.h"
src/tools/sssctl/sssctl.c: In function 'sssctl_run_command':
src/tools/sssctl/sssctl.c:110: error: implicit declaration of function
'WEXITSTATUS'
gmake[2]: *** [Makefile:22383: src/tools/sssctl/sssctl-sssctl.o] Error 1
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Allow passing flags for command specific initialization. Currently
only one flag is available to skip the confdb initialization which is
required to improve config-check command.
Resolves:
https://fedorahosted.org/sssd/ticket/3209
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
If systemd is used we leverage it's D-Bus API instead of running systemctl.
Resolves:
https://fedorahosted.org/sssd/ticket/3056
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Print informational message and exit when multiple arguments are provided
for single-argument options with sss_cache
Resolves:
https://fedorahosted.org/sssd/ticket/3180
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The MPG search uses it's own search function
that used sysdb operation with shortname,
but it expects internal fqname.
Resolves:
https://fedorahosted.org/sssd/ticket/3184
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
sss_override failed to export user/group overrides
if user had no overrides for name.
Resolves:
https://fedorahosted.org/sssd/ticket/3179
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
We use shortname to refresh memory cache, but in case of nested groups,
we used internal_fqname to refresh parent groups.
We also wrongly used the shortname for sysdb_search operation.
Which caused error message to be printed when sss_usermod -a or
sss_groupmod -a where called.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Use internal fqdn when creating sysdb group dn.
Resolves:
https://fedorahosted.org/sssd/ticket/3178
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
sss_groupshow used shortname to search
in sysdb database. We have to u e sysdb_fqname
(aka internal_fqname) format for all sysdb
oprations.
Resolves:
https://fedorahosted.org/sssd/ticket/3175
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3173
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3130
Reviewed-by: Petr Čech <pcech@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3069
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
This way we completely move D-Bus memory management to talloc and
we reduce number of code lines needed to send and receive reply.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the ability to hook DBusMessage to a talloc context
to remove the need of calling dbus_message_unref(). It also provides
an automatical way to detect error in a reply so the caller does
not need to parse it manually and the whole code around DBusError
can be avoided.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
|
|
|
| |
Remove all entries in a directory but will
not remove the directory itself.
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2978
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
sssctl COMMAND --help should print at least
generic help, even if the command does not
accept any command specific options.
Resolves:
https://fedorahosted.org/sssd/ticket/3086
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
| |
The message in SSS_TOOL_DELIMITER should be translated.
Reviewed-by: Petr Čech <pcech@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Use TOPIC-ACTION pattern for sssctl command
names.
Resolves:
https://fedorahosted.org/sssd/ticket/3087
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
Some messages did not have errno or name of problematic file.
There was also improper use of negative value.
The function strerror was called with -1 instead of errno
Reviewed-by: Petr Čech <pcech@redhat.com>
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3096
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
|
|
|
|
| |
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
|
|
|
|
|
|
|
|
|
|
| |
VAR_CHECK is called with (var, EOK, ...)
EOK would be returned in case of "var != EOK"
and output argument _attrs would not be initialized.
Therefore there could be dereference of null pointer
after calling function usermod_build_attrs.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|