Commits on Source (83)
-
Pavel Březina authored169ddae3
-
Thomas Reim authored
Wrong tevent request used for out-of memory check. Fixes https://github.com/SSSD/sssd/issues/5167 Signed-off-by: Thomas Reim <reimth@gmail.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
391b9c5e -
vinay mishra authored
Resolves: https://github.com/SSSD/sssd/issues/5164 Signed-off-by: vinay mishra <vmishra@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
02fbf47a -
Sumit Bose authored
glibc does not expect that errno is changed by some of the calls provided by nss modules. This caused at least issues when _nss_sss_endpwent() is called in compat mode. According to https://pubs.opengroup.org/onlinepubs/9699919799/functions/endpwent.html endpwent() should only set errno in the case of an error. Since there is no other way to report an error we will set errno in the case of an error but preserve it otherwise. This should cause no issues because glibc is taking precautions as well tracked by https://sourceware.org/bugzilla/show_bug.cgi?id=25976. To be on the safe side the other _nss_sss_end* calls will show the same behavior. Resolves: https://github.com/SSSD/sssd/issues/5153 Reviewed-by: Alexey Tikhonov <atikhonov@redhat.com>
aac4dbb1 -
Tomas Halman authored
The sssctl config-check now allows to specify alternative config file so it can be tested before rewriting system configuration. sssctl config-check -c ./sssd.conf Configuration snippets are looked up in the same place under conf.d directory. It would be in ./conf.d/ for the example above. Resolves: https://github.com/SSSD/sssd/issues/5142 Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
61f4aaa5 -
Pavel Březina authored
Reviewed-by: Alexey Tikhonov <atikhonov@redhat.com>
532b75c9 -
Tomas Halman authored
The default value of fallback_homedir expands into path, that is not expected by selinux. Generally not only selinux might be affected by this default value. This PR documents the issue and recommends further steps. Resolves: https://github.com/SSSD/sssd/issues/5155 Reviewed-by: Alexey Tikhonov <atikhonov@redhat.com>
d8d74387 -
Sumit Bose authored
libsmbclient is only used by gpo_child where libsmbclient is linked directly. So there is no neeed to link it to libsss_ad.so as well Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
3ea6e61c -
Niranjan M.R authored
Previously encryption types were mentioned so that these encryption types are added in kdc.conf, These encryption types contained des3 , which was removed in recent krb5-1.18 Signed-off-by: Niranjan M.R <mrniranjan@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
b52c4c95 -
Yuri Chornoivan authored
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
f47ad87a -
Sumit Bose authored
Resolves: https://github.com/SSSD/sssd/issues/5190 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
26c794da -
Sumit Bose authored
The gdm-smartcard service is special since it is triggered by the presence of a Smartcard and even in the case of an error it will immediately try again. To break this loop we should ask for an user input and asking for a PIN is most straight forward and would show the same behavior as pam_pkcs11. Additionally it does not make sense to fall back the a password prompt for gdm-smartcard so also here a PIN prompt should be shown. Resolves: https://github.com/SSSD/sssd/issues/5190 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
3ed25476 -
Pavel Březina authored
Documentation is now hosted through github pages on custom domain: sssd.io. The original domain sssd.github.io redirects to sssd.io. Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
c226703f -
Sumit Bose authored
This patch add another update to the ndr code which was previously updated by commit c031adde and 1fdd8fa2. As missing update in ndr_pull_security_ace() cased a failure in ad_gpo_parse_sd(). A unit-test for ad_gpo_parse_sd() was added to prevent similar issues in future. Resolves: https://github.com/SSSD/sssd/issues/5183 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
a7c75567 -
Alexey Tikhonov authored
There was no reason to keep child process log files open permanently. This patch: - helps to avoid issue when SIGHUP was ignored for child process logs; - somewhat reduces code duplication. Resolves: https://github.com/SSSD/sssd/issues/4667 Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
37588754 -
Sumit Bose authored
GPOs of the same OU were applied in the wrong order. Details about how GPOs should be processed can be found e.g. at https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn581922(v%3Dws.11) Resolves: https://github.com/SSSD/sssd/issues/5103 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
dce025b8 -
Sumit Bose authored
Some NULL checks are added basically to allow that missing values can be set later. Resolves: https://github.com/SSSD/sssd/issues/5151 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
8ca799ea -
Sumit Bose authored
The ad_master_domain_{send|recv} are not specific to the master domain so a more generic name seems to be suitable. Resolves: https://github.com/SSSD/sssd/issues/5151 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
d3089173 -
Sumit Bose authored
Resolves: https://github.com/SSSD/sssd/issues/5151 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
9aa26f65 -
Sumit Bose authored
Since the function can be used to get the id ctx of any domain the 'root' is removed from the name. Resolves: https://github.com/SSSD/sssd/issues/5151 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
2bad4d4b -
Sumit Bose authored
Resolves: https://github.com/SSSD/sssd/issues/5151 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
8c642a54 -
Sumit Bose authored
This new request tries to get the basic domain information like domain SID and NetBIOS domain name for a domain given by the name. To achieve this the needed data is added to general domain structure and the SDAP domain structure. If the domain data cannot be looked up the data is removed again. Resolves: https://github.com/SSSD/sssd/issues/5151 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
3ae3286d -
Sumit Bose authored
If the information about the forest root domain cannot be read from the local domain-controller it is tried to read it from a DC of the forest root directly. Resolves: https://github.com/SSSD/sssd/issues/5151 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
e25e1e92 -
Lukas Slebodnik authored
Running pycodestyle currently reports cases which is one of a set of three style checks to avoid ambiguous single letter names which look like numbers ./src/tests/python-test.py:54:35: E741 ambiguous variable name 'l' ./src/tests/python-test.py:102:38: E741 ambiguous variable name 'l' https://pycodestyle.pycqa.org/en/latest/intro.html#error-codes Reviewed-by: Pavel Březina <pbrezina@redhat.com>
79e01fc9 -
Lukas Slebodnik authored
Running pycodestyle currently reports cases which is one of a set of three style checks to avoid ambiguous single letter names which look like numbers ./src/tests/intg/krb5utils.py:101:27: E741 ambiguous variable name 'l' ./src/tests/intg/krb5utils.py:116:23: E741 ambiguous variable name 'l' ./src/tests/intg/krb5utils.py:140:28: E741 ambiguous variable name 'l' https://pycodestyle.pycqa.org/en/latest/intro.html#error-codes Reviewed-by: Pavel Březina <pbrezina@redhat.com>
4c4b62b4 -
Sumit Bose authored
Resolves: https://github.com/SSSD/sssd/issues/4667 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
e58853f9 -
David Ward authored
Commit e97ff0ad changed the default timeouts for the DNS resolver. While it also updated the man pages, this update did not correctly reflect the new defaults. Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
230a5068 -
Alexey Tikhonov authored
Fixed few ``` src/sss_client/nfs/sss_nfs_client.c:*: check_return: Calling "sss_strnlen" without checking return value ``` warnings. Reviewed-by: Tomáš Halman <thalman@redhat.com>
39480618 -
Alexey Tikhonov authored
Fixed following warning: ``` sssd-2.3.1/src/responder/nss/nsssrv.c:304: assign_zero: Assigning: "supp_gids" = "NULL". sssd-2.3.1/src/responder/nss/nsssrv.c:351: var_deref_op: Dereferencing null pointer "supp_gids". # 349| # 350| for (int i = 0; i < size; i++) { # 351|-> if (supp_gids[i] == nss_ctx->mc_gid) { # 352| DEBUG(SSSDBG_TRACE_FUNC, # 353| "Already assigned to the SSSD supplementary group\n"); ``` Reviewed-by: Tomáš Halman <thalman@redhat.com>
014cbde8 -
Alexey Tikhonov authored
Fixed warning: ``` sssd-2.3.1/src/responder/kcm/kcmsrv_ops.c:1359: array_null: Comparing an array to null is not useful: "uuid_list[0] == NULL", since the test will always evaluate as true. sssd-2.3.1/src/responder/kcm/kcmsrv_ops.c:1359: remediation: Was "uuid_list[0]" formerly declared as a pointer? # 1357| } # 1358| # 1359|-> if (uuid_list == NULL || uuid_list[0] == NULL) { # 1360| DEBUG(SSSDBG_MINOR_FAILURE, "Nothing to list\n"); # 1361| state->op_ret = ERR_NO_MATCHING_CREDS; ``` Reviewed-by: Tomáš Halman <thalman@redhat.com>
ee16f392 -
Alexey Tikhonov authored
Suppressed false positive warning: ``` sssd-2.3.1/src/providers/proxy/proxy_child.c:520: error[uninitvar]: Uninitialized variable: id # 518| } # 519| # 520|-> if (id == 0) { # 521| fprintf(stderr, "\nMissing option, " # 522| "--id is a mandatory option.\n\n"); ``` Reviewed-by: Tomáš Halman <thalman@redhat.com>
8088b3e3 -
Alexey Tikhonov authored
Fixed few ``` error[comparePointers]: Subtracting pointers that point to different objects ``` warnings. Reviewed-by: Tomáš Halman <thalman@redhat.com>
b132fab8 -
Alexey Tikhonov authored
Fixed warning: ``` sssd-2.3.1/src/sss_client/nss_group.c:95: warning[nullPointer]: Possible null pointer dereference: name # 93| switch (type) { # 94| case GETGR_NAME: # 95|-> ret = strcmp(name, sss_nss_getgr_data.id.grname); # 96| if (ret != 0) { # 97| status = NSS_STATUS_NOTFOUND; ``` Reviewed-by: Tomáš Halman <thalman@redhat.com>
6701ad96 -
Alexey Tikhonov authored
Fixed following warning: ``` sssd-2.3.1/src/util/inotify.c:346:17: warning: Value stored to 'ret' is never read # ret = EOK; # ^ ~~~ ``` Reviewed-by: Tomáš Halman <thalman@redhat.com>
144e78df -
Alexey Tikhonov authored
Error was spotted with the help of the following warning: ``` Error: CLANG_WARNING: sssd-2.3.1/src/util/inotify.c:327:21: warning: Value stored to 'rewatch' is never read # rewatch = true; # ^ ~~~~ ``` First part of the issue was that EAGAIN returned by the process_dir_event() didn't trigger snotify_rewatch() (as suggested by the comments). Fixing this part is already enough to resolve issue #1031 (as it was reported). Another part of the issue was that process_file_event() return code wasn't checked against EAGAIN (again, as suggested by the DEBUG message). Strictly speaking, I'm not sure if this part is really required or if processing DIR events would cover all cases, but rebuilding watches on IN_IGNORED won't hurt. Resolves: https://github.com/SSSD/sssd/issues/1031 Reviewed-by: Tomáš Halman <thalman@redhat.com>
0c5711f9 -
Alexey Tikhonov authored
Fixed following warning: ``` Error: CLANG_WARNING: sssd-2.3.1/src/tools/tools_mc_util.c:255:5: warning: Value stored to 'cmd' is never read # cmd = SSS_CLI_NULL; # ^ ~~~~~~~~~~~~ ``` Reviewed-by: Tomáš Halman <thalman@redhat.com>
9c4d662d -
Alexey Tikhonov authored
Fixed following warnings (false positives): ``` Error: CLANG_WARNING: sssd-2.3.1/src/tools/sss_override.c:1609:15: warning: 3rd function call argument is an uninitialized value sssd-2.3.1/src/tools/sss_override.c:1860:15: warning: 3rd function call argument is an uninitialized value ``` Reviewed-by: Tomáš Halman <thalman@redhat.com>
e525ed6a -
Alexey Tikhonov authored
Fixed following warning: ``` Error: CLANG_WARNING: sssd-2.3.1/src/sss_client/libwbclient/wbc_sid_sssd.c:152:27: warning: Dereference of null pointer (loaded from variable 'pname') # wbcFreeMemory(*pname); # ^~~~~~ ``` Reviewed-by: Tomáš Halman <thalman@redhat.com>
14e5c31e -
Alexey Tikhonov authored
Fixed following warning (false positive): ``` Error: CLANG_WARNING: sssd-2.3.1/src/responder/sudo/sudosrv_get_sudorules.c:203:5: warning: Undefined or garbage value returned to caller # return ret; # ^ ``` Reviewed-by: Tomáš Halman <thalman@redhat.com>
464f809e -
Alexey Tikhonov authored
Fixed following warnings: ``` Error: CLANG_WARNING: sssd-2.3.1/src/responder/nss/nsssrv_mmap_cache.c:910:5: warning: Value stored to 'pos' is never read sssd-2.3.1/src/responder/nss/nsssrv_mmap_cache.c:771:5: warning: Value stored to 'pos' is never read sssd-2.3.1/src/responder/nss/nss_protocol.c:191:5: warning: Value stored to 'p' is never read ``` Reviewed-by: Tomáš Halman <thalman@redhat.com>
83389697 -
Alexey Tikhonov authored
Fixed following warning: ``` Error: CLANG_WARNING: sssd-2.3.1/src/responder/common/cache_req/cache_req_data.c:49:5: warning: Value stored to 'i' is never read # i = 0; # ^ ~ ``` Reviewed-by: Tomáš Halman <thalman@redhat.com>
316c850e -
Alexey Tikhonov authored
Fixed following warning: ``` Error: CLANG_WARNING: sssd-2.3.1/src/providers/ldap/sdap_dyndns.c:679:22: warning: The left operand of '!=' is a garbage value # if (ss.ss_family != AF_INET && ss.ss_family != AF_INET6) { # ^ ``` Reviewed-by: Tomáš Halman <thalman@redhat.com>
64adcd41 -
Alexey Tikhonov authored
Fixed following warning (false positive): ``` Error: CLANG_WARNING: sssd-2.3.1/src/providers/ldap/sdap_async_autofs.c:916:15: warning: 5th function call argument is an uninitialized value # ret = save_autofs_entries(state->dom, state->opts, # ^ ``` Reviewed-by: Tomáš Halman <thalman@redhat.com>
ce069954 -
Alexey Tikhonov authored
Fixed following warnings: ``` Error: CLANG_WARNING: sssd-2.3.1/src/providers/ipa/ipa_selinux.c:1553:9: warning: Value stored to 'ret' is never read sssd-2.3.1/src/providers/ipa/ipa_selinux.c:1631:9: warning: Value stored to 'ret' is never read sssd-2.3.1/src/providers/ipa/ipa_deskprofile_rules_util.c:1041:9: warning: Value stored to 'ret' is never read ``` Reviewed-by: Tomáš Halman <thalman@redhat.com>
5611d242 -
Sumit Bose authored
In the ipa_subdomain_account request failover handling was missing. Related to https://github.com/SSSD/sssd/issues/5075 (was https://pagure.io/SSSD/sssd/issue/4114 ) Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
df632eec -
Pavel Březina authored
Fix the following error introduced by: 3ed25476 ``` /home/pbrezina/workspace/sssd/src/sss_client/pam_sss.c: In function ‘prompt_sc_pin’: /home/pbrezina/workspace/sssd/src/sss_client/pam_sss.c:1839:41: error: missing initializer for field ‘next’ of ‘struct cert_auth_info’ [-Werror=missing-field-initializers] NULL, NULL, NULL, NULL, NULL }; ^~~~ /home/pbrezina/workspace/sssd/src/sss_client/pam_sss.c:132:28: note: ‘next’ declared here struct cert_auth_info *next; ``` Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
a08d4741 -
Paweł Poławski authored
This fixes bug related to ad_gpo_implicit_deny option set to True. gpo_implict_denay was checked only for dacl_filtered_gpos, but not for cse_filtered_gpos. Resolves: https://github.com/SSSD/sssd/issues/5181 Reviewed-by: Sumit Bose <sbose@redhat.com>
a06bf788 -
Alexey Tikhonov authored
`rotate_debug_files()`: check `debug_file` is not NULL before attempt to close it. Resolves: https://github.com/SSSD/sssd/issues/5217 Reviewed-by: Sumit Bose <sbose@redhat.com>
f61f972b -
Alexey Tikhonov authored
Some translations were previously missed when some code moved to a new source file `src/config/SSSDConfig/sssdoptions.py` Reviewed-by: Pavel Březina <pbrezina@redhat.com>
4fd05180 -
Alexey Tikhonov authored
Files provider calling `sss_ncache_reset_[users/groups]()` during cache rebuilding was breaking neg-cache prepopulation. Resolves: https://github.com/SSSD/sssd/issues/1024 Reviewed-by: Tomáš Halman <thalman@redhat.com>
88e92967 -
Sumit Bose authored
To avoid that certificates will be shown in the certificate selection which are not available anymore they must be remove before a new request to look up the certificates is send to SSSD's PAM responder. Resolves: https://github.com/SSSD/sssd/issues/5190 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
31e57432 -
Alejandro Visiedo authored
sssd_functions.stp was missing a comma. Thanks to William Cohen for reporting the issue and the patch to fix it. https://bugzilla.redhat.com/show_bug.cgi?id=1840194 Resolves: https://github.com/SSSD/sssd/issues/5201 Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
66029529 -
Alexander Bokovoy authored
SSSD normalizes externalUser attribute value the same way as a normal sudoUser attribute which supposed to be non-fully qualified. This, however, breaks for trusted AD users/groups because they are already qualified. Note that FreeIPA currently doesn't allow to specify AD users and groups in externalUser attribute but the work to add this is under way and is pending this fix. Fixes: https://github.com/SSSD/sssd/issues/5199 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
48f9b2cb -
Pavel Březina authored
There are two use cases that do not work with files provider: 1. User has primary GID 0: This is fine by itself since SSSD does not store this user in cache and it is handled only by `nss_files` so the user (`tuser`) is returned correctly. The problem is when you try to resolve group that the user is member of. In this case that the membership is missing the group (but only if the user was previously resolved and thus stored in negative cache). ``` tuser:x:1001:0::/home/tuser:/bin/bash tuser:x:1001:tuser // tuser@files is ghost member of the group so it is returned because it is not in negative cache $ getent group tuser tuser:x:1001:tuser // expire memcache // tuser@files is ghost member but not returned because it is in negative cache $ id tuser // returned from nss_files uid=1001(tuser) gid=0(root) groups=0(root),1001(tuser) [pbrezina /dev/shm/sssd]$ getent group tuser tuser:x:1001: ``` **2. root is member of other group** The root member is missing from the membership since it was filtered out by negative cache. ``` tuser:x:1001:root $ id root uid=0(root) gid=0(root) groups=0(root),1001(tuser) [pbrezina /dev/shm/sssd]$ getent group tuser tuser:x:1001: ``` In files provider, only the users that we do not want to managed are stored as ghost member, therefore we can let nss_files handle group that has ghost members. Tests are changed as well to work with this behavior. Users are added when required and ghost are expected to return ENOENT. Resolves: https://github.com/SSSD/sssd/issues/5170 Reviewed-by: Sumit Bose <sbose@redhat.com>
8969c43d -
Pavel Březina authored
To avoid regression for case where files is used for proxy but authentication is handled by other module then pam_unix. E.g. auth_provider = krb This provides different solution to the ticket and improves the documentation. Resolves: https://github.com/SSSD/sssd/issues/5129 Reviewed-by: Sumit Bose <sbose@redhat.com>
ffb9ad13 -
Sumit Bose authored
The original fatal error came from a time where at this place in the code the response form the backend was checked and an error was clearly fatal. Now we only check if the entry is in the cache and valid. An error would mean that the backend is called to lookup or refresh the entry. So the backend can change the state of the cache and make upcoming cache lookups successful. So it makes sense to not only call the backend if ENOENT is returned but for all kind of errors. Resolves https://pagure.io/SSSD/sssd/issue/4098 Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
100839b6 -
ikerexxe authored
The variable was set with a value that was never read afterwards: ``` Error: CLANG_WARNING: sssd-2.3.0/src/db/sysdb.c:2109:9: warning: Value stored to 'ret' is never read # ret = EIO; # ^ ~~~ sssd-2.3.0/src/db/sysdb.c:2109:9: note: Value stored to 'ret' is never read # ret = EIO; # ^ ~~~ # 2107| return true; # 2108| } else if (res->count != 1) { # 2109|-> ret = EIO; # 2110| goto done; # 2111| } ``` Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
ceebe02e -
Pavel Březina authored
Resolves: https://github.com/SSSD/sssd/issues/3728 Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
f28eedc1 -
Alexey Tikhonov authored
Fixed following warning: ``` Error: UNINIT (CWE-457): sssd-2.3.1/src/responder/nss/nss_protocol_grent.c:130: var_decl: Declaring variable "num_members" without initializer. sssd-2.3.1/src/responder/nss/nss_protocol_grent.c:206: uninit_use: Using uninitialized value "num_members". # 204| # 205| done: # 206|-> *_num_members = num_members; # 207| talloc_free(tmp_ctx); # 208| ``` Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
39e50096 -
Pavel Březina authored
This made sssd.conf translation truncated in the middle. Resolves: https://github.com/SSSD/sssd/issues/5186 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
cea0db2d -
ikerexxe authored
The same variable was set twice to a value that was never read: ``` Error: CLANG_WARNING: sssd-2.3.0/src/providers/data_provider/dp_target_id.c:197:9: warning: Value stored to 'ret' is never read # ret = ENOMEM; # ^ ~~~~~~ sssd-2.3.0/src/providers/data_provider/dp_target_id.c:197:9: note: Value stored to 'ret' is never read # ret = ENOMEM; # ^ ~~~~~~ # 195| DEBUG(SSSDBG_CRIT_FAILURE, # 196| "Failed creating temporary talloc context\n"); # 197|-> ret = ENOMEM; # 198| goto done; # 199| } Error: CLANG_WARNING: sssd-2.3.0/src/providers/data_provider/dp_target_id.c:308:9: warning: Value stored to 'ret' is never read # ret = ENOMEM; # ^ ~~~~~~ sssd-2.3.0/src/providers/data_provider/dp_target_id.c:308:9: note: Value stored to 'ret' is never read # ret = ENOMEM; # ^ ~~~~~~ # 306| DEBUG(SSSDBG_CRIT_FAILURE, # 307| "Failed creating attributes\n"); # 308|-> ret = ENOMEM; # 309| goto done; # 310| } ``` Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
437778b5 -
ikerexxe authored
A new value was stored in a variable that was never read afterwards: ``` Error: CLANG_WARNING: sssd-2.3.0/src/p11_child/p11_child_common.c:348:9: warning: Value stored to 'ret' is never read # ret = EINVAL; # ^ ~~~~~~ sssd-2.3.0/src/p11_child/p11_child_common.c:348:9: note: Value stored to 'ret' is never read # ret = EINVAL; # ^ ~~~~~~ # 346| "--module_name, --token_name and --key_id must be given for " # 347| "authentication"); # 348|-> ret = EINVAL; # 349| goto fail; # 350| } ``` Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
54b1c19b -
ikerexxe authored
New values were stored in two variables that were never read afterwards: ``` Error: CLANG_WARNING: sssd-2.3.0/src/sss_client/autofs/autofs_test_client.c:59:13: warning: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret' # while ((ret = poptGetNextOpt(pc)) > 0) # ^ ~~~~~~~~~~~~~~~~~~ sssd-2.3.0/src/sss_client/autofs/autofs_test_client.c:59:13: note: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret' # while ((ret = poptGetNextOpt(pc)) > 0) # ^ ~~~~~~~~~~~~~~~~~~ # 57| poptSetOtherOptionHelp(pc, "MAPNAME"); # 58| # 59|-> while ((ret = poptGetNextOpt(pc)) > 0) # 60| ; # 61| Error: CLANG_WARNING: sssd-2.3.0/src/tools/common/sss_tools.c:73:13: warning: Although the value stored to 'opt' is used in the enclosing expression, the value is never actually read from 'opt' # while ((opt = poptGetNextOpt(pc)) != -1) { # ^ ~~~~~~~~~~~~~~~~~~ sssd-2.3.0/src/tools/common/sss_tools.c:73:13: note: Although the value stored to 'opt' is used in the enclosing expression, the value is never actually read from 'opt' # while ((opt = poptGetNextOpt(pc)) != -1) { # ^ ~~~~~~~~~~~~~~~~~~ # 71| # 72| pc = poptGetContext(argv[0], orig_argc, argv, options, 0); # 73|-> while ((opt = poptGetNextOpt(pc)) != -1) { # 74| /* do nothing */ # 75| } ``` Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
0cebd0f9 -
Alejandro Visiedo authored
A new attribute is appended to [domain/*] sections so that a domain ca be enabled/disabled by domain section and for extension by configuration file if each domain is divided in separate files. This attribute override the list of domains at [sssd] section, however the new **enabled** attribute override the values of the list. If no **enabled** attribute is found for a domain section, the domain list criteria is used to enable/disable a domain. Resolves: https://github.com/SSSD/sssd/issues/4743 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
ff8d7b8f -
Alexey Tikhonov authored
Since size of "free table" didn't account for SSS_AVG_*_PAYLOAD factor only small fraction of "data table" was actually used. SSS_AVG_*_PAYLOAD differentiation for different payload types only affected size of hash table and was removed as unjustified. Resolves: https://github.com/SSSD/sssd/issues/5115 Reviewed-by: Sumit Bose <sbose@redhat.com>
2d90e642 -
Michal Židek authored
Added options to configure memcache size: memcache_size_passwd memcache_size_group memcache_size_initgroups Related: https://github.com/SSSD/sssd/issues/4578 Reviewed-by: Sumit Bose <sbose@redhat.com>
80e7163b -
Alexey Tikhonov authored
- do not log error message if mem-cache was disabled explicitly - increase message severity in case of fail to store entry in mem-cache Reviewed-by: Sumit Bose <sbose@redhat.com>
e12340e7 -
Alexey Tikhonov authored
Reviewed-by: Sumit Bose <sbose@redhat.com>
be8052bb -
Alexey Tikhonov authored
Reviewed-by: Sumit Bose <sbose@redhat.com>
2ad4aa8f -
Alexey Tikhonov authored
Memcache size was made configurable in megabytes and not in slots to hide internal implementation from users. Relates: https://github.com/SSSD/sssd/issues/5115 Reviewed-by: Sumit Bose <sbose@redhat.com>
b7f31936 -
Alexey Tikhonov authored
Added comment explaining usage of `mcc->next_slot` Reviewed-by: Sumit Bose <sbose@redhat.com>
b96b05bc -
Alexey Tikhonov authored
(Try to) cleanup old files even if currently mem-cache is disabled. Reviewed-by: Sumit Bose <sbose@redhat.com>
484507bf -
Tomas Halman authored
The sssctl config-check now allows to specify not only alternative config file but also snippet dir. sssctl config-check -c ./sssd.conf -s /etc/sssd/conf.d Configuration snippets are still looked up in the same place under conf.d directory by default. It would be in ./conf.d/ for the example above. Resolves: https://github.com/SSSD/sssd/issues/5142 Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
72b8e02c -
Pavel Březina authored
This was partial fixed by: 9a7b0469 Now we print error also when we are unable to open the socket. How to test: ``` $ ssh -oProxyCommand="/usr/bin/sss_ssh_knownhostsproxy -p 22 nonexistenthost" -oGlobalKnownHostsFile=/var/lib/sss/pubconf/known_hosts nonexistenthost $ ssh -oProxyCommand="/usr/bin/sss_ssh_knownhostsproxy -p 22 localhost" -oGlobalKnownHostsFile=/var/lib/sss/pubconf/known_hosts localhost ``` (assuming `localhost` does not run ssh server) Resolves: https://github.com/SSSD/sssd/issues/5236 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
0609d0f7 -
Pavel Březina authored
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
3be349b9 -
ikerexxe authored
Packet length variable was read and then read again without using the previously read value. So, I have refactored the code a little bit to read the value once and use it everywhere else. Moreover, I have implemented some improvements in sss_packet_recv() function pointed by Alexey. Coverity errors: ``` Error: CLANG_WARNING: sssd-2.3.0/src/responder/common/responder_packet.c:217:21: warning: Although the value stored to 'new_len' is used in the enclosing expression, the value is never actually read from 'new_len' # && (new_len = sss_packet_get_len(packet)) # ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~ sssd-2.3.0/src/responder/common/responder_packet.c:217:21: note: Although the value stored to 'new_len' is used in the enclosing expression, the value is never actually read from 'new_len' # && (new_len = sss_packet_get_len(packet)) # ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~ # 215| || sss_packet_get_cmd(packet) == SSS_NSS_GETLISTBYCERT) # 216| && packet->memsize < SSS_CERT_PACKET_MAX_RECV_SIZE # 217|-> && (new_len = sss_packet_get_len(packet)) # 218| < SSS_CERT_PACKET_MAX_RECV_SIZE) { # 219| new_len = sss_packet_get_len(packet); ``` Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
5d9e2328 -
ikerexxe authored
Test users_by_filter_multiple_domains_valid was removed in [1] because it was failing. Apparently, the failure was related with a filter that caused that only users added after the request was started to be returned. When adding back the test I haven't found that problem, but another one related with memory handling in the test itself. The failure was related with a filter, added when calling cache_req_group_fy_filter_send(), that causes that only users added after the request started are returned. This commit adds back the test after fixing several problems related with memory handling in the test itself. Explanation of the test: Given two users are present When the users are searched by filtering domains Then the two users are returned correctly. Resolves: https://github.com/SSSD/sssd/issues/3920 Links: [1] https://github.com/SSSD/sssd/commit/bdf422fde0fd6b40b3412bad3b200f8fd7ea8693 Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
b9205026 -
ikerexxe authored
Test groups_by_filter_multiple_domains_valid was removed in [1] because it was failing. Apparently, the failure was related with a filter that caused that only groups added after the request was started to be returned. When adding back the test I haven't found that problem, but another one related with memory handling in the test itself. This commit adds back the test after fixing several problems related with memory handling in the test itself. Explanation of the test: Given two groups are present When the groups are searched by filtering domains Then the two groups are returned correctly. Resolves: https://github.com/SSSD/sssd/issues/3920 Links: [1] https://github.com/SSSD/sssd/commit/bdf422fde0fd6b40b3412bad3b200f8fd7ea8693 Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
0cd3f5c0 -
Sumit Bose authored
Recent version of Samba require that winbindd is running to handle the communication with AD. SSSD's implementation of libwbclient cannot be used anymore in this case and should be deprecated so that the related code can be removed in a later version. With this patch libwbclient will not be build by default anymore and the configure help messages indicates that libwbclient is deprecated. Resolves: https://github.com/SSSD/sssd/issues/5230 Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
41a60c62 -
Sumit Bose authored
The sss_certmap_get_search_filter() will now sanitize the values read from the certificates before adding them to a search filter. To be able to get the plain values as well sss_certmap_expand_mapping_rule() is added. Resolves: https://github.com/SSSD/sssd/issues/5135 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
a2b9a844 -
Alexey Tikhonov authored
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
3e7633bf -
Pavel Březina authoredd999cbf4
-
Pavel Březina authored
``` ../../src/tests/cmocka/confdb/test_confdb.c:247:51: error: passing argument 2 of ‘string_in_list’ from incompatible pointer type [-Werror=incompatible-pointer-types] 247 | assert_true(string_in_list(result[index], expected_enabled_domain_list, false)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | const char ** ```
7e004b7c
Showing
- BUILD.txt 1 addition, 1 deletionBUILD.txt
- Makefile.am 21 additions, 4 deletionsMakefile.am
- README.md 4 additions, 4 deletionsREADME.md
- contrib/sssd.spec.in 0 additions, 29 deletionscontrib/sssd.spec.in
- po/POTFILES.in 1 addition, 0 deletionspo/POTFILES.in
- po/bg.po 1882 additions, 285 deletionspo/bg.po
- po/ca.po 1992 additions, 1071 deletionspo/ca.po
- po/cs.po 861 additions, 508 deletionspo/cs.po
- po/de.po 1964 additions, 933 deletionspo/de.po
- po/es.po 2761 additions, 2075 deletionspo/es.po
- po/eu.po 1877 additions, 123 deletionspo/eu.po
- po/fr.po 2851 additions, 2093 deletionspo/fr.po
- po/hu.po 1877 additions, 132 deletionspo/hu.po
- po/id.po 1877 additions, 187 deletionspo/id.po
- po/it.po 1892 additions, 372 deletionspo/it.po
- po/ja.po 2661 additions, 1916 deletionspo/ja.po
- po/nb.po 1877 additions, 87 deletionspo/nb.po
- po/nl.po 1943 additions, 884 deletionspo/nl.po
- po/pl.po 2743 additions, 2002 deletionspo/pl.po
- po/pt.po 1889 additions, 310 deletionspo/pt.po
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.