sssd.git/src/responder/common, branch ad_domain_local_groups Unnamed repository; edit this file to name it for gitweb. DP: Remove old data provider interface 2016-08-16T12:54:50+00:00 Pavel Březina pbrezina@redhat.com 2016-07-19T12:24:16+00:00 04e870d99e72aa3160bdb6ab05d986fb4005c3ed Reverse data provider interface is moved to a better location in NSS responder. All responders now can have an sbus interface defined per data provider connection. The unused old data provider interface is removed. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reverse data provider interface is moved to a better location in
NSS responder. All responders now can have an sbus interface
defined per data provider connection. The unused old data provider
interface is removed.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
sbus: add utility function to simplify message and reply handling 2016-08-16T12:39:04+00:00 Pavel Březina pbrezina@redhat.com 2016-06-29T10:35:59+00:00 439e08cdc5c83b3e5835cb0435983f1da2ffbaf1 This patch adds the ability to hook DBusMessage to a talloc context to remove the need of calling dbus_message_unref(). It also provides an automatical way to detect error in a reply so the caller does not need to parse it manually and the whole code around DBusError can be avoided. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This patch adds the ability to hook DBusMessage to a talloc context
to remove the need of calling dbus_message_unref(). It also provides
an automatical way to detect error in a reply so the caller does
not need to parse it manually and the whole code around DBusError
can be avoided.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
rdp: add ability to forward reply to the client request 2016-08-16T12:38:52+00:00 Pavel Březina pbrezina@redhat.com 2016-06-28T09:40:16+00:00 a40d9cc11d17d9c3c22a0462cd8c419d1e79ffb8 In cases where the InfoPipe servers just as a middle-man between the DataProvider and a client we can simply forward the reply reducing amount of coded needed in the InfoPipe. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
In cases where the InfoPipe servers just as a middle-man between
the DataProvider and a client we can simply forward the reply
reducing amount of coded needed in the InfoPipe.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
NSS: Do not check local users with disabled local_negative_timeout 2016-08-09T09:30:35+00:00 Lukas Slebodnik lslebodn@redhat.com 2016-08-08T11:55:52+00:00 950716d2087446205c84f00b371f468d6ead1ec2 sssd_nss can set different negative timeout for local users and groups. However, checking whether user/group is local is quite expensive operation. We can avoid such operations if local_negative_timeout is not set. This fix improve performance(40%) of lookup non-existing entries in offline mode and with disabled local_negative_timeout. sh$ cat pok.sh for i in {1..10000}; do getent passwd -s sss temp$i getent group -s sss temp$i done #without patch sh $time /bin/bash pok.sh real 0m41.534s user 0m3.580s sys 0m14.202s #with patch sh $time /bin/bash pok.sh real 0m26.686s user 0m3.292s sys 0m13.165s Resolves: https://fedorahosted.org/sssd/ticket/3122 Reviewed-by: Petr Cech <pcech@redhat.com> 
sssd_nss can set different negative timeout for local users
and groups. However, checking whether user/group is local
is quite expensive operation. We can avoid such operations
if local_negative_timeout is not set.

This fix improve performance(40%) of lookup non-existing
entries in offline mode and with disabled local_negative_timeout.

  sh$ cat pok.sh
  for i in {1..10000}; do
    getent passwd -s sss temp$i
    getent group -s sss temp$i
  done

  #without patch
  sh $time /bin/bash pok.sh
  real    0m41.534s
  user    0m3.580s
  sys     0m14.202s

  #with patch
  sh $time /bin/bash pok.sh
  real    0m26.686s
  user    0m3.292s
  sys     0m13.165s

Resolves:
https://fedorahosted.org/sssd/ticket/3122

Reviewed-by: Petr Cech <pcech@redhat.com>
RESPONDERS: Pass errno to strerror() when SELINUX_getpeercon() fails 2016-08-04T10:17:33+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-08-02T13:12:45+00:00 ba3c902014ac0b04ec761296fdb1c3ede747a5f2 Currently ret, which is -1, is passed to strerror() instead of errno. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Related: https://fedorahosted.org/sssd/ticket/3094 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Currently ret, which is -1, is passed to strerror() instead of errno.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Related:
https://fedorahosted.org/sssd/ticket/3094

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
RESPONDERS: Show a bit more info in case of SELINUX_getpeercon() failure 2016-08-04T10:17:29+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-08-02T13:08:09+00:00 4b9ee02b1f5252b2a116adf0c0c6c7a4722bb2cf Be explicit that it may happen when SELinux is disabled and also suggest to enable SELinux. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Related: https://fedorahosted.org/sssd/ticket/3094 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Be explicit that it may happen when SELinux is disabled and also suggest
to enable SELinux.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Related:
https://fedorahosted.org/sssd/ticket/3094

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
RESPONDERS: Decrease debug level for failures in SELINUX_getpeercon() 2016-08-04T10:17:25+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-08-02T13:04:51+00:00 634b6f28ec7d94d0ac418f338d892b4a41da7e3b As this is not FATAL and may happen when SELinux is disabled, let's just decrease the debug level to MINOR_FAILURE Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Related: https://fedorahosted.org/sssd/ticket/3094 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
As this is not FATAL and may happen when SELinux is disabled, let's just
decrease the debug level to MINOR_FAILURE

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Related:
https://fedorahosted.org/sssd/ticket/3094

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Amend debug messages after failure of unlink 2016-07-25T13:49:20+00:00 Lukas Slebodnik lslebodn@redhat.com 2016-07-25T07:11:08+00:00 bc7991db97482eb2ac77f7105ee4bb3d329acff7 Some messages did not have errno or name of problematic file. There was also improper use of negative value. The function strerror was called with -1 instead of errno Reviewed-by: Petr Čech <pcech@redhat.com> 
Some messages did not have errno or name of problematic file.
There was also improper use of negative value.
The function strerror was called with -1 instead of errno

Reviewed-by: Petr Čech <pcech@redhat.com>
Fix packet size calculation in sss_packet_new 2016-07-07T10:52:01+00:00 Nikolai Kondrashov Nikolai.Kondrashov@redhat.com 2016-07-07T09:48:42+00:00 740bfe1a5bf519de8e13bdce5c4143b0f24d7433 Use division instead of modulo while rounding the created packet size up to a multiple of SSSSRV_PACKET_MEM_SIZE in sss_packet_new. This fixes potentially packet buffer overflows with certain body sizes. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Use division instead of modulo while rounding the created packet size up
to a multiple of SSSSRV_PACKET_MEM_SIZE in sss_packet_new. This fixes
potentially packet buffer overflows with certain body sizes.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
SYSDB: Remove useless parameter from sysdb_init() 2016-07-07T08:29:49+00:00 Jakub Hrozek jhrozek@redhat.com 2016-06-29T14:18:12+00:00 ebbeac5c6b8b87ab478ee5a04ec48fbbba0c9efc The function sysdb_init() is never used to allow upgrade, so the allow_upgrade parameter was pointless. Reviewed-by: Sumit Bose <sbose@redhat.com> 
The function sysdb_init() is never used to allow upgrade, so the
allow_upgrade parameter was pointless.

Reviewed-by: Sumit Bose <sbose@redhat.com>