| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Also adds support for the basic LOCAL provider that stores data
on the local machine.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Start implementing the Secrets Service Reponder core.
This commit implements stratup and basic conenction handling and HTTP
parsing (using the http-parser library).
Signed-off-by: Simo Sorce <simo@redhat.com>
Related:
https://fedorahosted.org/sssd/ticket/2913
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
This is an example of what sssd developers could use to silence the
SIGRTs from the newly created watchdog.
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2028
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2247
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
| |
With this plugin winbind can use the same id-mapping as SSSD which makes
it possible to run both together in a consistent way.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are still issues[1,2,3] with ipa and ad provider
which cause failures when sssd is running as non-privileged user.
It's easy to change default root to non-root
mock --resultdir . --rebuild ./sssd-1.13.90-0.fc24.src.rpm --with=sssd_user
or with plain rpmbuild
rpmbuild -ba SPECS/sssd.spec --with sssd_user
[1] https://fedorahosted.org/sssd/ticket/2963
[2] https://fedorahosted.org/sssd/ticket/2965
[3] https://fedorahosted.org/sssd/ticket/3014
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
| |
Exclude files from /tmp during coverage generation to avoid issues with
(presumably) files generated by dtrace that couldn't otherwise be opened
or parsed.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When all the dependencies are installed, run the script using systemtap:
You'll see an output such as:
# stap /usr/share/sssd/systemtap/nested_group_perf.stp
^CTime spent in group sssd_be searches: 600
Time spent in sdap_nested_group_send/recv: 65 ms (ratio: 10.83%)
Time spent in zero-level sysdb transactions: 6813 ms (ratio: 1135.50%)
Breakdown of sdap_nested_group req (total: 65 ms)
sdap_nested_group_process req: 64
sdap_nested_group_process_split req: 22
sdap_nested_group_check_cache: 21
sdap_nested_group_sysdb_search_users: 10
sdap_nested_group_sysdb_search_groups: 9
ldap request breakdown of total 60
sdap_nested_group_deref req: 24
sdap_deref_search_send req 24
processing deref results: 0
sdap_nested_group_lookup_user req: 18
sdap_nested_group_lookup_group req: 0
Time spent refreshing unknown members: 18
Breakdown of results processing (total 6813)
Time spent populating nested members: 10
Time spent searching ldb while populating nested members: 5
Time spent saving nested members: 110
Time spent writing to the ldb: 678 ms
Please note that since the script is supposed to be used in scenarios such as
tracing "id" performance, which typically involve multiple group requests.
Therefore, the variables are not zeroed out and you need to interrupt the
script manually with Ctrl+C.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Run this script using "stap" as root:
sudo stap /path/to/sssd/contrib/systemtap/id_perf.stp
It is not required to restart the script between successive id runs,
the variables are cleared when systemtap detects id had started or finished.
You should see output as this one:
Total run time of id was: 112 ms
Number of zero-level cache transactions: 9
Time spent in level-0 sysdb transactions: 84 ms
Time spent writing to LDB: 80 ms
Number of LDAP searches: 13
Time spent waiting for LDAP: 11 ms
LDAP searches breakdown:
Number of user requests: 1
Time spent in user requests: 15
Number of group requests: 6
Time spent in group requests: 71
Number of initgroups requests: 1
Time spent in initgroups requests: 20
Unaccounted time: 17 ms
sysdb transaction breakdown:
1 hits of transaction sysdb_transaction_commit+0x6b [libsss_util.so]
sdap_save_users+0x2d2 [libsss_ldap_common.so]
sdap_get_users_done+0x186 [libsss_ldap_common.so]
sdap_search_user_process+0x2d9 [libsss_ldap_common.so]
generic_ext_search_handler+0x22f [libsss_ldap_common.so]
sdap_get_and_parse_generic_done+0x6f [libsss_ldap_common.so]
sdap_get_generic_op_finished+0x806 [libsss_ldap_common.so]
sdap_process_message+0x3c4 [libsss_ldap_common.so]
sdap_process_result+0x33a [libsss_ldap_common.so]
sdap_ldap_next_result+0x2f [libsss_
avg:14 min: 14 max: 14 sum: 14
5 hits of transaction sysdb_transaction_commit+0x6b [libsss_util.so]
sdap_nested_done+0x2c8 [libsss_ldap_common.so]
sdap_nested_group_done+0x9b [libsss_ldap_common.so]
0x7f47a6320be4 [libtevent.so.0.9.26+0x4be4]
avg:9 min: 9 max: 11 sum: 49
1 hits of transaction sysdb_transaction_commit+0x6b [libsss_util.so]
sdap_nested_done+0x2c8 [libsss_ldap_common.so]
sdap_nested_group_done+0x9b [libsss_ldap_common.so]
sdap_nested_group_process_done+0x1dc [libsss_ldap_common.so]
sdap_nested_group_single_done+0x112 [libsss_ldap_common.so]
sdap_nested_group_recurse_done+0x95 [libsss_ldap_common.so]
0x7f47a6320be4 [libtevent.so.0.9.26+0x4be4]
avg:11 min: 11 max: 11 sum: 11
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch makes SSSD possibly useful "out of the box" by allowing
packagers to provide a default config file located in $LIBDIR/sssd/conf
that will be copied by the monitor to /etc/sssd if no file already
exists in that location. This will make it possible to have SSSD set up
to have distribution-specific default configuration, such as enabling
the proxy provider to cache /etc/passwd (such as in the provided
example in this patch).
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
libcmocka and cwrap is available in epel
which is used by mock.
This patch also remove superfluous for checking fedora.
Fedora < 20 is not suported for very long time.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
make-check-wrap had to be used due to missing LOG_COMPILER
on rhel6 which is enabled with parallel test harness
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
/usr/bin/yum is provided by the dnf-yum package and call /usr/bin/dnf
on new fedora distributions. We should directly use old style yum
which was renamed to /usr/bin/yum-deprecated and is still part of
the yum package.
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We do not need to requires specific version of libldb
or libtdb because it is automatically detected from
binary/library dependencies. We also need never version
of that libraries as it was specified in spec file.
e.g.
sh$ rpm -q --requires sssd-common | grep -E "TDB|LDB"
libldb.so.1(LDB_0.9.10)(64bit)
libtdb.so.1(TDB_1.2.1)(64bit)
There is also redundant dependency on sssd-common-pac
sssd -> sssd-ipa -> sssd-common-pac
-> sssd-ad -> sssd-common-pac
-> sssd-common-pac
sh$ rpm -q --whatrequires sssd-common-pac
sssd-ipa-1.13.3-1.fc23.x86_64
sssd-ad-1.13.3-1.fc23.x86_64
sssd-1.13.3-1.fc23.x86_64
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
| |
It will reduce dependency chain in container world.
libsss_autofs.so depends only on libc and requires
sssd unix sockets. And sssd-common has many requirements.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We recently added /usr/share/polkit-1/rules.d to the spec file
to fix issues with unowned directories. However there is conflict
with polkit package. The owner is not root.
Running transaction test
Error: Transaction check error:
file /usr/share/polkit-1/rules.d from install of sssd-common-1.13.90-0.20160125.1503.git1b8858b.master.f
+c23.x86_64 conflicts with file from package polkit-0.113-4.fc23.x86_64
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch removes unnecessary requires of dbus-libs
because it's already detected from library.
However we forgot to call ldconfig after (un)installation.
sh$ rpm -q -p --requires libsss_simpleifp-1.13.90-0.fc23.x86_64.rpm | grep dbus
libdbus-1.so.3()(64bit)
libdbus-1.so.3(LIBDBUS_1_3)(64bit)
sssd-dbus = 1.13.90-0.fc23
sh$ rpm -q --whatprovides "libdbus-1.so.3()(64bit)"
dbus-libs-1.10.6-1.fc23.x86_64
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
rhel5 required to clean buildroot in install section.
The %clean section is not required for F-13 and above, and EPEL 6 and
above. EPEL 5 MUST have a %clean section that cleans the buildroot:
https://fedoraproject.org/wiki/EPEL:Packaging#Prepping_BuildRoot_For_.25install
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
It's better to do not rely on custom scripts
and do not call systemctl directly.
This is exactly purpose of systemd-rpm macros.
All sections are equivalent excluding "%post common".
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
https://fedoraproject.org/wiki/Packaging:UnownedDirectories
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The module ${libdir}/libsss_sudo.so is used only by /usr/bin/sudo.
If libsss_sudo.so was part of sssd-client then 32 bit version would
never be used on 64 bit machine and files in sssd-client can be used
by multilib applications e.g. libnss_sss.so can be indirectly "dlopened"
by 64 bit applications and 32 bit application.
(32-bit web browser; ordinary 64bit applications ...)
Resolves:
https://fedorahosted.org/sssd/ticket/2855
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
krb5 domain mapping files are stored to the directory
%{pubconfpath}/krb5.include.d. It can be stored by ipa or ad provider.
However this directory was owned by sub-package sssd-ipa. And ad provider
can be installed without this package. Therefore %{pubconfpath}/krb5.include.d
should be owned by common dependency.
The owner of this directory was also fixed to sssd.
It's already done by make install. It was changed only in spec file.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Printing ldb structures and sysdb_attrs can be a pain. This patch adds a
gdb pretty-printer to help
SSSD and LDB debugging plugins
Activate them by putting:
source /path/to/this/file.py
to your .gdbinit file
To bypass the pretty printer and print the raw values, use the "/r" option:
print /r foobar
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Some extra functions were in stack trace on 32 bit architecture.
It might be caused by different optimisation on different platforms.
As a result of this mismatch, the suppression did not match
on 32 bit architecture and it was reported as new memory related error.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To only operation of p11_child which requires special privileges is the
communication to pcscd which handles the Smartcard access. pcscd uses
policy-kit for access control so access can easily be configured by
dropping config snippets into the right directory.
If SSSD is configured to run as un-privileged user this patch creates
the needed config snippet for policy-kit and installs it in a suitable
directory. As a result p11_child does not have to be installed with
SETUID or SETGID bits set.
Resolves https://fedorahosted.org/sssd/ticket/2755 by making it obsolete
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fail CI coverage build, if make-check stage fails. Previously make-check
stage failures were ignored for coverage build for the sake of
collecting coverage data in any case. However, catching extra test
failures seems more important than getting coverage data in all cases,
thus the change.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
It's fixed in upstream gcc >= 4.6.0
Resolves:
https://fedorahosted.org/sssd/ticket/2819
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Make valgrind-condense work on program names which start with a dash
character.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Make contrib/ci/valgrind-condense execute programs not matching the
supplied PATH_PATTERN without Valgrind, instead of simply exiting
successfully.
This makes the make-check-valgrind stage actually run the tests not
checked with Valgrind, instead of skipping them.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We need to use different names for python{2,3} modules if we want to build
them in the same time with automake (prefix _py2 and _py3). But resulting name
need to correspond with name of module because it is used in C import function.
We used symbolic links for that purpose but it breaks debian python tools
which rename the real modules making symbolic links to point nowhere
Resolves:
https://fedorahosted.org/sssd/ticket/2814
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
p.communicate() return bytes on python3
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Exclude whitespace_test from Valgrind checks in contrib/ci/run to
prevent it from failing the tests due to Bash bugs.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| | |
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
All test failed due to missing /usr/bin/libtool
e.g.
/home/build/sssd/build/test-driver: line 107: libtool: command not found
FAIL test-io (exit status: 127)
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2433
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2807
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
libsss_ad_common.la was a dynamic library and was linked just with unit tests.
It was a workaroud because module libsss_ad.so cannot be linked with tests
without portability issues. But it was addted to pkglib_LTLIBRARIES
and therefore it was installed with other libraries.
This patch changed it and libsss_ad_test.la (old name libsss_ad_common.la)
will be compiled only for unit tests (check_LTLIBRARIES) and will not
be installed with command "make install".
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If the tarball is generated with minimal dependencies extracted from spec file
then translated manual pages are not generated due to missing script po4a.
This step is not necessary for regular nightly/developer builds.
The tarball is created faster without such step. However rpm >= 4.13
will fail due to empty manifest file.
Resolves:
https://fedorahosted.org/sssd/ticket/2738
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
krb5_localauth_plugin could be build only with MIT kerberos >= 1.12.
However, this feature was backported in downstream to older version
of kerberos. So there were packaging failures
error: Installed (but unpackaged) file(s) found:
/usr/lib/sssd/modules/sssd_krb5_localauth_plugin.so
RPM build errors:
Installed (but unpackaged) file(s) found:
/usr/lib/sssd/modules/sssd_krb5_localauth_plugin.so
Child returncode was: 1
EXCEPTION: Command failed. See logs for output.
Reviewed-by: Petr Cech <pcech@redhat.com>
|
