| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Allow option use_fully_qualified_names in subdomain section.
This option was recently added to subdomain_inherit.
Resolves:
https://pagure.io/SSSD/sssd/issue/3337
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a group/users are invalidated from sss_cache, the group/user
information in domain and timestamps cache are inconsistent with
regard to dataExpireTimestamp attribute.
This patch fixes the problem by explicitly invalidating the domain
cache's entry when the timestamp cache entry is invalidated
by sss_cache call. There is one new function:
* sysdb_invalidate_cache_entry()
provided for this purpose and used only in sss_cache utility.
Resolves:
https://fedorahosted.org/sssd/ticket/3164
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's ensure that in case a responder is explicitly configured in the
sssd.conf its socket won't even start.
The patchset introduces a new binary that will be distributed and will
be called before starting the responders' sockets, ensuring the sockets
will only start in case the responder is supposed to be socket-activated
and its been configured accordingly. Otherwise the responders' socket
startup will fail with a quite helpful debug message leading the admins
to choose between using systemd or not and what has to be done to achieve
their desire.
This suggestion came from Sumit Bose.
The reason for adding a new binary instead of a simple python script is
to avoid dragging unnecessary dependencies to sssd-common package.
Resolves:
https://pagure.io/SSSD/sssd/issue/3300
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc 7 probably does some new optimisations which might cause few
wariables to be uninitialized.
src/tools/sssctl/sssctl_cache.c: In function ‘sssctl_print_object’:
src/tools/sssctl/sssctl_cache.c:523:13: error: ‘dom’ may be used uninitialized
in this function [-Werror=maybe-uninitialized]
ret = info[i].attr_fn(tmp_ctx, entry, dom, info[i].attr, &value);
~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/tools/sssctl/sssctl_cache.c:472:15: error: ‘entry’ may be used
uninitialized in this function [-Werror=maybe-uninitialized]
*_entry = talloc_steal(mem_ctx, entry);
^~~~~~~~~~~~
src/tools/sssctl/sssctl_cache.c:437:25: note: ‘entry’ was declared here
struct sysdb_attrs *entry;
^~~~~
Another workaround would be to remove static modifier from function
sssctl_find_object which probably prevents some inlinig + optimisation.
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/tools/sss_groupshow.c: In function ‘print_group_info’:
src/tools/sss_groupshow.c:612:22: error: ‘%d’ directive output truncated
writing between 10 and 11 bytes into a region of size 7 [-Werror=format-truncation=]
snprintf(fmt, 8, "%%%ds", level*PADDING_SPACES);
^~~~~~~
src/tools/sss_groupshow.c:612:22: note: using the range
[-2147483648, 2147483647] for directive argument
src/tools/sss_groupshow.c:612:5: note: ‘snprintf’ output between 13 and 14
bytes into a destination of size 8
snprintf(fmt, 8, "%%%ds", level*PADDING_SPACES);
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Lowercase the filter in case insensitive domains.
Resolves:
https://fedorahosted.org/sssd/ticket/3235
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Also search by alias when using sssctl to query the cache.
Resolves:
https://fedorahosted.org/sssd/ticket/3235
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The WEXITSTATUS is defined in stdlib.h on linux.
There is a nice comment in stdlib.h:
/* Define the macros <sys/wait.h> also would define this way. */
It's better to not rely on this and use more platfom friendly
way with including "sys/wait.h". For example the libc on FreeBSD
does not provide WEXITSTATUS in stdlib.h.
I found this macro mentioned only in the manual page for wait(2)
and there is mentioned just the "sys/wait.h" and not "stdlib.h"
src/tools/sssctl/sssctl.c: In function 'sssctl_run_command':
src/tools/sssctl/sssctl.c:110: error: implicit declaration of function
'WEXITSTATUS'
gmake[2]: *** [Makefile:22383: src/tools/sssctl/sssctl-sssctl.o] Error 1
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Allow passing flags for command specific initialization. Currently
only one flag is available to skip the confdb initialization which is
required to improve config-check command.
Resolves:
https://fedorahosted.org/sssd/ticket/3209
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
If systemd is used we leverage it's D-Bus API instead of running systemctl.
Resolves:
https://fedorahosted.org/sssd/ticket/3056
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Print informational message and exit when multiple arguments are provided
for single-argument options with sss_cache
Resolves:
https://fedorahosted.org/sssd/ticket/3180
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The MPG search uses it's own search function
that used sysdb operation with shortname,
but it expects internal fqname.
Resolves:
https://fedorahosted.org/sssd/ticket/3184
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
sss_override failed to export user/group overrides
if user had no overrides for name.
Resolves:
https://fedorahosted.org/sssd/ticket/3179
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
We use shortname to refresh memory cache, but in case of nested groups,
we used internal_fqname to refresh parent groups.
We also wrongly used the shortname for sysdb_search operation.
Which caused error message to be printed when sss_usermod -a or
sss_groupmod -a where called.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Use internal fqdn when creating sysdb group dn.
Resolves:
https://fedorahosted.org/sssd/ticket/3178
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
sss_groupshow used shortname to search
in sysdb database. We have to u e sysdb_fqname
(aka internal_fqname) format for all sysdb
oprations.
Resolves:
https://fedorahosted.org/sssd/ticket/3175
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3173
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3130
Reviewed-by: Petr Čech <pcech@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3069
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
This way we completely move D-Bus memory management to talloc and
we reduce number of code lines needed to send and receive reply.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the ability to hook DBusMessage to a talloc context
to remove the need of calling dbus_message_unref(). It also provides
an automatical way to detect error in a reply so the caller does
not need to parse it manually and the whole code around DBusError
can be avoided.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
|
|
|
| |
Remove all entries in a directory but will
not remove the directory itself.
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2978
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
sssctl COMMAND --help should print at least
generic help, even if the command does not
accept any command specific options.
Resolves:
https://fedorahosted.org/sssd/ticket/3086
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
| |
The message in SSS_TOOL_DELIMITER should be translated.
Reviewed-by: Petr Čech <pcech@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Use TOPIC-ACTION pattern for sssctl command
names.
Resolves:
https://fedorahosted.org/sssd/ticket/3087
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
Some messages did not have errno or name of problematic file.
There was also improper use of negative value.
The function strerror was called with -1 instead of errno
Reviewed-by: Petr Čech <pcech@redhat.com>
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3096
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
|
|
|
|
| |
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
|
|
|
|
|
|
|
|
|
|
| |
VAR_CHECK is called with (var, EOK, ...)
EOK would be returned in case of "var != EOK"
and output argument _attrs would not be initialized.
Therefore there could be dereference of null pointer
after calling function usermod_build_attrs.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like some special gcc optimalisation and special case
may cause to have unitialized output argument _dom when return
code is EOK
src/tools/sssctl/sssctl_cache.c: In function ‘sssctl_print_object’:
src/tools/sssctl/sssctl_cache.c:491:8: error: ‘dom’ may be used
uninitialized in this function [-Werror=maybe-uninitialized]
if (dom == NULL) {
^
src/tools/sssctl/sssctl_cache.c:447:15: error: ‘entry’ may be used
uninitialized in this function [-Werror=maybe-uninitialized]
*_entry = talloc_steal(mem_ctx, entry);
^~~~~~~~~~~~
src/tools/sssctl/sssctl_cache.c:412:25: note: ‘entry’ was declared here
struct sysdb_attrs *entry;
^~~~~
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/tools/sssctl/sssctl_config.c: In function 'sssctl_config_check':
src/tools/sssctl/sssctl_config.c:93:14: warning: format '%lu' expects
argument of type 'long unsigned int', but argument 2 has type
'size_t {aka unsigned int}' [-Wformat=]
printf(_("Issues identified by validators: %lu\n"), num_errors);
^
src/tools/sssctl/sssctl_config.c:93:12: note: in expansion of macro '_'
printf(_("Issues identified by validators: %lu\n"), num_errors);
^
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Improve output when access check error
is detected by sssctl config-check command.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
https://fedorahosted.org/sssd/ticket/2269
sssctl sconfig-check command allows to
call SSSD config file validators on
demand.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
Allows to upgrade the cache using the sssctl tool, which might be useful
e.g. in RPM %post scripts.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we want to use the sssctl tool during upgrade, we need to amend
the tools initialization code to not error out if sysdb can't be
instantiated, but rather return errno and let the tool handle the error.
Each tool command now has a 'allowed errno' the command is able to
handle. In this patch iteration, only a single errno can be handled and
only the upgrade command is able to do so.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
The function sysdb_init() is never used to allow upgrade, so the
allow_upgrade parameter was pointless.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
For users and groups, convert the input name to the qualified format.
Resolves:
https://fedorahosted.org/sssd/ticket/3059
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Use sss_create_internal_fqname for internal cache lookups. Because the
object's existence is verified using getpw* and getgr*, we keep using
sss_tc_fqname there, just to feed the NSS interface the expected
qualified or unqualified name format.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
Same as all other tools.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
instead for users and groups
All users and groups are now stored in the cache using the same format,
so we can use that one instead of creating a domain-specific name.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
No need to export functions that are only used internally.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Normally we convert the names from short to internal format on input.
For the local domain tools, we can consider the sss_sync_ops an input
interface, to avoid having to convert the name in each tool and
interface separately.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|