New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DESKPROFILE: Add checks for user and host category #495
Conversation
6117565
to
cd681e2
Compare
Steps to reproduce the issue:
With the patch, 8.3 won't happen and your profile will be downloaded to /var/lib/deskprofile/ipa.example/admin/ NOTE: If your way to test it is through a fedpkg build, be aware of: https://bugzilla.redhat.com/show_bug.cgi?id=1536854 |
This is just a workaround while we don't have PRs #495 and #497 merged and backported to Fedora. PR #495: SSSD/sssd#495 PR #497: SSSD/sssd#497 Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just change the string comparison, please.
"ipa_deskprofile_rule_check_memberhost() failed [%d]: %s\n", | ||
ret, sss_strerror(ret)); | ||
goto done; | ||
if (hostcat != NULL && strcmp(hostcat, "all") == 0) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have one nitpick here, the IPA HBAC code checks the category with strcasecmp, can we do the same here? Otherwise LGTM and the code was demonstrated to me (and a room full of people) to work
cd681e2
to
1fa5a0b
Compare
Patch has been updated, thanks for the review. |
I have no more requests, thank you, ack. |
Gah, no, sorry, I found another nitpick :-( |
ret, sss_strerror(ret)); | ||
goto done; | ||
if (usercat != NULL && strcasecmp(usercat, "all") == 0) { | ||
user_prio = talloc_strdup(tmp_ctx, rule_prio); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The allocations you added are not checked against ENOMEM. Which reminds me to also run Coverity..becuase Coverity might complain that we check talloc retval N times, but not here.
freeipa-deskprofile-plugin can have both user and host category set as "all" and when it happens, no users and groups or hosts or hostgroups are going to be set. Let's treat this expected (but so far missed) situation on SSSD side. Resolves: https://pagure.io/SSSD/sssd/issue/3449 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
1fa5a0b
to
cec56fc
Compare
Here are the changes introduced in the last patch:
|
OK, Coverity came clean, thank you. |
|
freeipa-deskprofile-plugin can have both user and host category set as
"all" and when it happens, no users and groups or hosts or hostgroups
are going to be set.
Let's treat this expected (but so far missed) situation on SSSD side.
Resolves:
https://pagure.io/SSSD/sssd/issue/3449
Signed-off-by: Fabiano Fidêncio fidencio@redhat.com