| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Moving the library to the lib directory will force maintainers to think
twice about changes, because it would be obvious this is a library.
Also don't use includes from sssd source tree paths, but add the util
path to Makefile's CFLAGS so that other projects can copy the
hbac_evaluator.c file verbatim.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/python/pyhbac.c: In function ‘HbacRuleElement_repr’:
src/python/pyhbac.c:506:59: error: comparison between
signed and unsigned integer expressions [-Werror=sign-compare]
if (strnames == NULL || strgroups == NULL || category == -1) {
^
src/python/pyhbac.c: In function ‘HbacRuleElement_to_native’:
src/python/pyhbac.c:614:51: error: comparison between
signed and unsigned integer expressions [-Werror=sign-compare]
if (!el->names || !el->groups || el->category == -1) {
^
The static function native_category had type of terurn value uint32_t
But it also could return -1 which indicated an error.
It's better to don't mix return code with returned value.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/python/pysss_murmur.c: In function ‘py_murmurhash3’:
src/python/pysss_murmur.c:47:17: error: comparison between
signed and unsigned integer expressions [-Werror=sign-compare]
key_len > strlen(key)) {
^
uint32_t murmurhash3(const char *key, int len, uint32_t seed)
The second argument of the function murmurhash3 has type int.
But the code expects to be unsigned integer.
There is code in python wrapper py_murmurhash3
which check boundaries of that argument.
It should be an unsigned "key_len > INT_MAX || key_len < 0".
An exception should be thrown for negative number.
Moreover, the length should be shorter then a length of input string.
The strlen returns size_t which is unsigned and key_len is signed long.
We already checked that value is unsigned so
we can safely cast key_len to size_t
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
The function PyUnicode_FromString is available in python >= 2.6
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
|
| |
The macro PySet_Check is defined in python >= 2.6
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
|
| |
The function PySet_Add is available in python >= 2.6
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
|
| |
The function PySet_New is available in python >= 2.6
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Example of warning:
src/sss_client/libwbclient/wbc_pwd_sssd.c:246:23:
error: equality comparison with extraneous parentheses
[-Werror,-Wparentheses-equality]
if (((wbc_status) == WBC_ERR_SUCCESS)) {
~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~
src/sss_client/libwbclient/wbc_pwd_sssd.c:246:23:
note: remove extraneous parentheses around the comparison
to silence this warning
if (((wbc_status) == WBC_ERR_SUCCESS)) {
~ ^ ~
src/sss_client/libwbclient/wbc_pwd_sssd.c:246:23:
note: use '=' to turn this equality comparison into an assignment
if (((wbc_status) == WBC_ERR_SUCCESS)) {
^~
=
The reason is definition of some macros which were used in if conditions.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The talloc context is removed in destructor.
==1695== Invalid read of size 4
==1695== at 0x1243D0CD: talloc_chunk_from_ptr (talloc.c:372)
==1695== by 0x1243D0CD: _talloc_free (talloc.c:1559)
==1695== by 0x117B18C3: PySssLocalObject_dealloc (pysss.c:836)
==1695== by 0x117B1AEE: PySssLocalObject_new (pysss.c:898)
==1695== by 0x4ED5522: type_call (typeobject.c:729)
==1695== by 0x4E7F902: PyObject_Call (abstract.c:2529)
==1695== by 0x4F15584: do_call (ceval.c:4328)
==1695== by 0x4F15584: call_function (ceval.c:4133)
==1695== by 0x4F15584: PyEval_EvalFrameEx (ceval.c:2753)
==1695== by 0x4F16BE5: fast_function (ceval.c:4196)
==1695== by 0x4F16BE5: call_function (ceval.c:4131)
==1695== by 0x4F16BE5: PyEval_EvalFrameEx (ceval.c:2753)
==1695== by 0x4F183FF: PyEval_EvalCodeEx (ceval.c:3342)
==1695== by 0x4EA46BC: function_call (funcobject.c:526)
==1695== by 0x4E7F902: PyObject_Call (abstract.c:2529)
==1695== by 0x4F1504F: ext_do_call (ceval.c:4423)
==1695== by 0x4F1504F: PyEval_EvalFrameEx (ceval.c:2792)
==1695== by 0x4F183FF: PyEval_EvalCodeEx (ceval.c:3342)
==1695== Address 0x112d4560 is 64 bytes inside a block of size 96 free'd
==1695== at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1695== by 0x1243D2F2: _talloc_free_internal (talloc.c:1057)
==1695== by 0x1243D2F2: _talloc_free (talloc.c:1581)
==1695== by 0x117B1ABF: PySssLocalObject_new (pysss.c:876)
==1695== by 0x4ED5522: type_call (typeobject.c:729)
==1695== by 0x4E7F902: PyObject_Call (abstract.c:2529)
==1695== by 0x4F15584: do_call (ceval.c:4328)
==1695== by 0x4F15584: call_function (ceval.c:4133)
==1695== by 0x4F15584: PyEval_EvalFrameEx (ceval.c:2753)
==1695== by 0x4F16BE5: fast_function (ceval.c:4196)
==1695== by 0x4F16BE5: call_function (ceval.c:4131)
==1695== by 0x4F16BE5: PyEval_EvalFrameEx (ceval.c:2753)
==1695== by 0x4F183FF: PyEval_EvalCodeEx (ceval.c:3342)
==1695== by 0x4EA46BC: function_call (funcobject.c:526)
==1695== by 0x4E7F902: PyObject_Call (abstract.c:2529)
==1695== by 0x4F1504F: ext_do_call (ceval.c:4423)
==1695== by 0x4F1504F: PyEval_EvalFrameEx (ceval.c:2792)
==1695== by 0x4F183FF: PyEval_EvalCodeEx (ceval.c:3342)
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2017
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1195
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
It is not very likely that realloc will return NULL, but it's better
to be defensive.
src/python/pysss.c:774: var_assigned: Assigning: "groups" = null return value from "realloc".
src/python/pysss.c:788: dereference: Dereferencing a null pointer "groups".
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Reported by: cppcheck
'struct py_sss_transaction', 'struct resolve_get_domain_stat',
'struct sync_op_res' were defined in implementation modules, but they were not
used anywhere.
Reviewed-by: Michal Žídek <mzidek@redhat.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2035
|
|
|
|
| |
Coverity: 11922
|
|
|
|
|
|
| |
In unlikely case that an NSS module returns a reference to a group
and we are unable to resolve it shortly after that, make sure these
groups are skipped.
|
|
|
|
|
|
|
|
|
|
| |
getgrouplist(3) call is missing from Python older than Python 3.3
Introduce supplementary binding to provide getgrouplist as part of pysss
interface. Since getgrouplist() can be run against any domain, place
it at top module rather than pysss.local namespace.
pysss.getgrouplist(username) -> tuple(group list as strings)
|
|
|
|
|
|
|
|
| |
The current PySequence_Check() also catches single strings with the
effect that the string is split into characters which are send as
arguments to SSSD individually.
With this patch only tuples and lists are treated as sequences.
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1905
https://fedorahosted.org/sssd/ticket/1914
This patch allows tuples as well as lists as input and adds support for
Unicode objects as input and always returns the results as Unicode
objects.
|
|
|
|
|
| |
If sss_nss_getsidbyid() fails free() will try to work on an
uninitialized value.
|
|
|
|
|
|
|
|
|
|
| |
To allow to use libsss_nss_idmap from python applications, e.g. the
FreeIPA server, the patch adds pythin bindings to libsss_nss_idmap. The
contributed spec file will place the python bindings in a new package
called libsss_nss_idmap-python.
Alexander Bokovoy <abokovoy@redhat.com> kindly provided the code to
check the type of the python objects and loop over the list entries.
|
|
|
|
|
| |
Bring it out of sysdb, which will slowly remove internal dependencies on
domains and instead will always require them to be passed by callers.
|
|
|
|
|
|
| |
Removing bad examples of usage of sysdb_transaction_start/commit/end
functions and making it more consistent (all files except of
src/db/sysdb_*.c).
|
|
|
|
|
|
| |
The compilation produced an error due to missing declaration of uint32_t
and a couple of warnings caused by different prototypes of argument
parsing functions in older Python releases.
|
| |
|
|
|
|
| |
The error handler would simply fall through instead of returning NULL.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is mostly a cosmetic patch.
The purpose of wrapping a multi-line macro in a do { } while(0) is to
make the macro usable as a regular statement, not a compound statement.
When the while(0) is terminated with a semicolon, the do { } while(0);
block becomes a compound statement again.
|
|
|
|
|
| |
The patch also updates code using modified functions. Tests have also
been adjusted.
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/943
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/934
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/935
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/930
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several parts of the HBAC python bindings did not work with old Python
versions, such as the one shipped in RHEL5.
The changes include:
* a compatibility wrapper around python set object
* PyModule_AddIntMacro compat macro
* Py_ssize_t compat definition
* Do not use PyUnicode_FromFormat
* several function prototypes and structures used to have "char
arguments where they have "const char *" in recent versions.
This caused compilation warnings this patch mitigates by using
the discard_const hack on python 2.4
|
|
|
|
|
|
|
|
|
| |
These changes were proposed during a review:
* Change the signature of str_concat_sequence() to const char *
* use a getsetter for HbacRule.enabled to allow string true/false and
integer 1/0 in addition to bool
* fix a minor memory leak (HbacRequest.rule_name)
* remove overzealous discard consts
|
| |
|
| |
|
|
|
|
|
| |
Since the sysdb is now synchronous and creates its own event context we
don't need an explicit event context anymore in the tools.
|
|
|
|
| |
This commit completes the migration to a synchronous sysdb
|
| |
|
| |
|