[Pkg-sssd-devel] sssd: Changes to 'refs/tags/debian/1.12.4-1'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Thu Apr 9 21:09:16 UTC 2015
Tag 'debian/1.12.4-1' created by Timo Aaltonen <tjaalton at debian.org> at 2015-04-09 21:01 +0000
tagging package sssd version debian/1.12.4-1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVJuiRAAoJEMtwMWWoiYTc7q8P/jAyZf4u1uaNiqdPRNnn5BeT
9xdCK0cyek0Git2gfHODYYeMGZt2hF5S8xc43JjKre70uyLIJbWOO0HTq9fOUj81
fF/g8D9PdPVbIfkEIkez4eAMzLQ4/QTBByb3ASGrNHRB9yBnzYWrHUTtMxAg3Bq9
Y7f10sV+2uV//toO/sQG3sOg0tZhhvd9GRRDFbFxE1TsOI6tbAbGFI9mZNZWQRG5
uSmTwEWLWsaxTA9FDtDhFbsbDIL/lURuKx4iId9EINVpn2BgHuWJ0SfjcB32/p45
pGkkTaxbYc+TIQcYbPvaNF5qW3fuqBKfg+DeciyolUaQIAiDCDMNKWIlXdxTS+mb
l2vG1LgI5WyN9jPrv3DkgPJ8kKZGFD7hIBKwtm0wott1FyYas6X0wr0EHEzAvcn4
BauypvwQNWYuwPMazBpztAB4wc3bdTznw67xHi5kmfjdeUD5aqHEO+Vhe87P6vj2
GECzBURnRNLf9wAnEzFC37l+ivtpNw0dZZr/UT1xWbX3WuBR7x104YwzkJ+ScAkf
DSO4IpgV/yhFKLaYYW4lWJP3DV1lQwxTNDBeCusfykmuPR+puYGRPUEWKJA6ZGpX
LDx7bujYLjuP2UHKJWdM6cT8JdNaVp/QZm5DgxTPh/+rMYx7sFF/S1r8PKsHpqIU
UZIx1FcWUXCBNMhxhpHk
=TtvY
-----END PGP SIGNATURE-----
Changes since debian/1.11.7-3:
Alexander Bokovoy (3):
FAST: when parsing krb5_child response, make sure to not miss OTP message if it was last one
ipa subdomains provider: make sure search by SID works for homedir
well known sids: Windows Server 2012 new asserted identity SIDs
Alexey Shabalin (1):
Use KRB5_CFLAGS where appropriate
Aron Parsons (1):
do not use default_domain_suffix with autofs
Benjamin Franzke (4):
Add CIFS idmap plugin
dlopen-tests: Check the result of asprintf
BUILD: Use OPENLDAP_CFLAGS instead of LDAP_CFLAGS
BUILD: Link libsss_krb5_common.so to libkeyutils.so
Bohuslav Kabrda (1):
Python3 support in SSSD
Carlos A. Munoz (1):
Add zanata.xml file for integration with Zanata command line client
Chris Leick (1):
German translation update
Cove Schneider (1):
Add ldap_autofs_map_master_name option
Dan Lavu (3):
MAN PAGE: modified sssd-ldap.5.xml for sssd ticket #2451
MAN: page edit for ldap_use_tokengroups
MAN: Clarify ad_gpo_map* options
Daniel Gollub (2):
sysdb: Write additional attrs in sysdb_add_user
PAM: Add domains= option to pam_sss
Denis Kutin (1):
NSS: Possibility to use any shells in 'allowed_shells'
Ian Lee (1):
Add user lookup and session dependencies to systemd service file.
Jakub Hrozek (367):
Bump version to track 1.12 development
KRB5: Call umask before mkstemp in the krb5 child code
Add journald support
BE: Log domain name to journald if available
AD: async request to retrieve master domain info
LDAP: sdap_id_setup_tasks accepts a custom enum request
AD: Download master domain info when enumerating
MAN: Fix provider man page subtitle
LDAP: Deprecate ldap_{user,group}_search_filter
AD: Failure to get flat name is not fatal
Check return values of setenv and unsetenv
Convert IN_MULTICAST parameter to host order
NSS: Set UID and GID to negative cache after searching all domains
NSS: Failure to store entry negative cache should not be fatal
KRB5: Fix bad comparison
IPA: Ignore dns_discovery_domain in server mode
KRB5: Return ERR_NETWORK_IO when trusted AD server can't be resolved
KRB5: Use the correct domain when authenticating with cached password
LDAP: Require ID numbers when ID mapping is off
LDAP: Allow searching subdomain during RFC2307bis initgroups
AD: talk to GC first even for local domain objects
MAN: Document that POSIX attributes must be replicated to GC
krb5: Fix unit tests
INI: Disable line-wrapping functionality
MAN: Fix refsect-id
KRB5: Return PAM_ACCT_EXPIRED when logging in as expired AD user
PROXY: Fix memory hierarchy when enumerating services
Include external headers with #include <foo.h>
Remove unused constants
IPA: Do not enable IPA sites in server mode
Remove duplicate declaration
UTIL: Move sss_parse_name_for_domains declaration to util.h
Inherit ID limits of parent domains if set
SYSDB: Add sysdb_delete_by_sid
LDAP: Delete entry by SID if not found
LDAP: Amend sdap_access_check to allow any connection
LDAP: Parse FQDN into name/domain for subdomain users
AD: Add a new option ad_access_filter
AD: Use the ad_access_filter if it's set
AD: Search GC by default during access control, fall back to LDAP
AD: Add extended access filter
TEST: Test getgrnam with emphasis on members
NSS: Print FQDN for groups with mixed domain membership
KRB5: Handle ERR_CHPASS_FAILED
NSS: Fix service enumeration
NSS: Use new safealign macros in NSS responder
MAN: Document that krb5 directories can only be created as private
LDAP: Check all search bases during nested group processing
NSS: Fix parenthesis
AD: Fix ad_access_filter parsing with empty filter
UTIL: Free log message when using journald
Initialize sid_str to NULL to avoid freeing random data
Remove unused variable
PAC: Free config attribute when it's processed
Merge ipa_selinux_common.c and ipa_selinux.c
SYSDB: Drop the sysdb_ctx parameter from the autofs API
SYSDB: Drop the sysdb_ctx parameter from SELinux functions
SYSDB: Drop the sysdb_ctx parameter from the sysdb_idmap module
SYSDB: Drop the sysdb_ctx parameter from the sysdb_sudo.c module
LDAP: Initialize user count for AD matching rule
LDAP: Split out a request to search for a user w/o saving
LDAP: Search for original DN during auth if it's missing
AD: Fix a typo in the man page
KRB5: Go offline in case of clock skew
MAN: Add a link explaining different LDAP scopes
MAN: Remove unused experimental file
NSS: Compare bool with false, not 0
Fix a trivial typo
LDAP: Fix a debug message
SUBDOMAINS: Reuse cached results if DP is offline
AD: Don't mark domain as enumerated twice
AD: Refresh subdomain data structures on startup
IPA: Refresh subdomain data structures on startup
IPA: Call ipa_ad_subdom_refresh when server mode is initialized
AD: Add a utility function to create list of connections
AD: Add a new option to turn off GC lookups
AD: Enable fallback to LDAP of trusted domain
LDAP: Fix typo and use the right attribute map
LDAP: Add a new error code for malformed access control filter
tests: Remove tests that check creating public directories
UTIL: Inherit parent domain's default_shell
NSS: Use plain user name when expanding homedir
AD: Don't fail the request if ad_account_can_shortcut fails
MAN: Fix a typo
LDAP: Fix error check
LDAP: Don't abort request if no id mapping domain matches
AD: Store info on whether a subdomain is set to enumerate
LDAP: Pass a private context to enumeration ptask instead of hardcoded connection
LDAP: Add enum request with custom connection
AD: Enumerate users from GC, other entities from LDAP
LDAP: Don't clobber original_member during enumeration
DB: Add sss_ldb_el_to_string_list
AD: Establish cross-domain memberships after enumeration finishes
MAN: clarify which shell option takes precedence
NSS: Fix DEBUG formatting of cmdctx->id
SSS_CACHE: Reset the initgroups attribute when resetting users
LDAP: Detect the presence of POSIX attributes
AD: Only download domains that are set to enumerate
AD: Remove dead code
LDAP: Handle errors from sdap_id_op properly in enum code
IPA: Default to krb5_use_fast=try
MAN: Clarify the new krb5_use_fast IPA default
DEBUG: Fix build without journald
NSS: Continue if there is no port
IPA: Don't call tevent_req_post outside _send
IPA: Don't fail if apply_subdomain_homedir returns ENOENT
Fix DEBUG message formatting
OPTS: Allow using defaults for blobs
DP: Provide separate dp_copy_defaults function
MAN: Clarify the ldap_access_filter option further
MAN: Clarify that changing ID mapping options might require purging the cache
IPA: Do not save intermediate data to sysdb
AD: Only connect to GC for subdomain users
MAN: Clarify the GC support a bit
IPA: Use the correct domain when processing SELinux rules
IPA: Write SELinux usernames in the right case
KRB5: Do not attempt to get a TGT after a password change using OTP
AD: connect to forest root when downloading the list of subdomains
IPA: Fix SELinux mapping order memory hierarchy
IFP: Fix a typo in the Makefile
IFP: Re-add the InfoPipe server
IFP: Connect to the system bus
tests: Don't set the check fork mode explicitly
SBUS: Generate introspection from the interface meta structure
ConfigAPI: Add two missing AD options
Add a unit test for sss_parse_name_for_domains
Minor fixes for sss_parse_name_for_domains
SBUS: Create an sbus_method_meta instance for Introspection
RESPONDER: Fix a wrong DEBUG message
DP: Remove unused 'force' parameter from the subdomain handler
TESTS: Create a default sss_names_ctx in create_dom_test_ctx
TESTS: Split a separate common_mock_resp_dp module
RESPONDERS: Add a new request sss_parse_inp_send
KRB5: Print a verbose error message on failure reading the keytab
LDAP: Fix off-by-one bug in sdap_copy_opts
LDAP: Make it possible to extend an attribute map
IFP: Close memstream handle in introspect destructor
LDAP: Check the LDAP handle before using it
SBUS: several trivial style fixes
SBUS: Fix error handling condition
SBUS: Add a convenience function sbus_error_new
SBUS: Split out dbus_conn_send
SBUS: Add SBUS_CONN_TYPE_SYSBUS
SBUS: Add an async request to retrieve the caller ID
SBUS: Refactor sbus_message_handler to retrieve caller ID
IFP: Add utility functions
IFP: use a list of allowed_uids for authentication
IFP: Initialize negative cache timeout
IFP: Add GetUserAttrs call
AD: Do not remove non-root domains when looking up root domain
IFP: Per-attribute ACL for users
SBUS: Allow registering paths with fallback
SYSDB: return SYSDB_NAME from sysdb_initgroups
IFP: Add a GetGroupsList method
AD: Initialize user_map_cnt in server mode
IFP: Add utility functions to escape and unescape object paths
IFP: Add a unit test for ifp_reply_objpath
SBUS: Utility function sbus_request_return_as_variant
IFP: Allow Set, Get and GetAll from DBus.Properties
SBUS: Implement org.freedesktop.DBus.Properties.Get for primitive types
SBUS: Return / if an object path getter returns NULL
SBUS: Add several error constant definitions
SBUS: Add org.freedesktop.DBus.Properties.Get to Introspection
IFP: Support multiple interfaces on sysbus
SBUS: Add utility function sbus_add_variant_to_dict
SBUS: Consolidate VTABLE_FUNC definitions in sssd_dbus_meta.h
SBUS: Implement org.freedesktop.DBus.Properties.GetAll for primitive types
SBUS: Add org.freedesktop.DBus.Properties.GetAll to Introspection
TESTS: check allocation result
TESTS: check dbus mock result
IFP: Add ListDomains and FindDomainByName
tests: Add test for confdb_list_all_domain_names
tests: Add test for get_known_services
BUILD: Disable dbus tests when running distcheck
MAN: Add sssd-ifp to the list of translatable manual pages
Updating the translations for the 1.12 beta1 release
Updating the version to 1.12beta2
TOOLS: Allow adding and modifying custom attributes with sss_usermod
TESTS: fgetc returns int, not char
MAN: Fix a typo in the ldap_id_mapping page
LDAP: Fix DEBUG message
Updating the translations for the 1.12beta2 release
Updating the version for the 1.12.0 stabilization
LDAP: Fix retrieving a group with no members
TESTS: Add confdb domain base DN to sss_test_ctx
TESTS: Use the right confdb path
TESTS: Fix group search base
TESTS: Do not require replies from mocked sdap_get_generic_recv to be talloc contexts
TESTS: Change how mock_sysdb_user() is implemented
TESTS: Add more tests for nested groups processing
TESTS: Do not rely on order of hash items
PROVIDERS: Add ldap_common.h to opts.h of each provider
TESTS: Add a unit test for the sdap.c module
LDAP: Try all attributes when saving an entry
SDAP: Fix DEBUG message priorities in sdap_parse_entry
LDAP: Remove unused output parameter _dn from sdap_parse_entry
SDAP: Remove unused function sdap_get_msg_dn
SDAP: Free bervals on failure in sdap_parse_entry
BUILD: dbusintrospectdir is not used anymore
IFP: Fix DEBUG messages
IFP: Return a specific value on failure connecting to the system bus
IFP: Provide a SBUS method to reconnect to sysbus
MONITOR: Signal InfoPipe to reconnect on SIGUSR2
TOOLS: New helper tool sss_signal
BUILD: Add the DBus service activation
SSSD: Send debug to stderr when running on foreground
TOOLS: Always debug to stderr
Updating translations for the 1.12.0 release
Updating the version for the 1.12.0 release
Updating the version for the 1.12.1 development
MAN: local auth_provider is not documented in sssd.conf
MAN: Document that each provider type uses its own set of options
No point in searching for gid if we already know the group should be filtered
Only check GID if ID-mapping
AD: Check return value of ad_gpo_evaluate_dacl
AD: Increment som_index when advancing to the next GPO
LDAP: Print referrals for debugging purposes
LDAP: Dump LDAP server IP address with a high DEBUG level
LDAP: Avoid undefined ret value
UTIL: remove get_username_from_uid
PAC: krb5_pac_verify failures should not be fatal
IFP: Fix lookups with fully-qualified names
RPM: Restart service in %posttrans, not %post
TESTS: Check if option maps have the right number of members
NSS: Ignore default_domain for netgroups
Only replace space with the specified substitution
Make the space override responder-agnostic
PAM: Use the override_space option
IFP: Use the override_space option
SUDO: Use the override_space option
TESTS: Add unit tests for the replace-space functionality
BE: Handle SIGUSR2
IPA: handle searches by SID in apply_subdomain_homedir
SYSDB: Clarify sss_ldb_modify_permissive returns ldb error code
Revert "IPA: new attribute map for non-posix groups"
Revert "IPA: process non-posix nested groups"
Revert "IPA: try to resolve nested groups as poxix group"
LDAP: Do not shortcut on ret != EOK during password expiry check
LDAP: Split out linking primary group members into a separate function
LDAP: Don't add a user member twice when adding a primary group
LDAP: Use tmp_ctx in ldap_child for temporary data
LDAP: Use randomized ccname for storing credentials
LDAP: Add Windows Server 2012 R2 functional level
LDAP: Fall back to functional level of Windows Server 2003
LDAP: Enable tokenGroups with Windows Server 2003
TESTS: Add unit tests for the GPO interface
LDAP: Set umask before calling mkstemp
LDAP: Ignore returned referrals if referral support is disabled
LDAP: Don't reuse a single tevent callback for multiple requests
LDAP: Skip dereferenced entries that we are not permitted to read
TESTS: Add a unit test for dereference parsing
MAN: Add sss_rpcidmapd.5.xml to the list of translatable man pages
LDAP: Check return value
Updating translations for the 1.12.1 release
Updating version for the 1.12.2 release
LDAP: Always free talloc_req
LDAP: Do not clobber return value when multiple controls are returned
TESTS: Add a case-insensitive group search sysdb test
MAN: AD is allowed value of subdomains_provider
tests: Add a test for storing custom attrs with automatic ID
TESTS: Add a unit test for matching the secondary objectclass
IPA: Use GC for group lookups in server mode
AD: Add a missing break statement to the GPO code
LDAP: Do not require a dereference control to be retuned in a reply
MAN: Document the domains option of pam_sss
MONITOR: Make internal functions static
SYSDB: move sysdb_get_real_name() from sysdb.c to sysdb_search.c
BUILD: Use $(MKDIR_P) in Makefile.am
MAN: Build the sss_rpcidmapd man page conditionally
UTIL: Do not depend on monitor code
MONITOR: Remove useless memory contexts
UTIL: Move become_user outside krb5 tree
BUILD: Detect nss_wrapper and uid_wrapper during configure
TESTS: Add a test to change user IDs
UTIL: Always write capaths
Updating the translations for the 1.12.2 release
Updating the version for the 1.12.3 development
SSSD: Add the options to specify a UID and GID to run as
SSSD: Chown the log files
UTIL: Use a custom PID_PATH and DB_PATH when unit testing server.c
TESTS: Unit tests can use confdb without using sysdb
TESTS: Unit tests for server_setup
RPM: Package the libsss_semanage.so library
IPA: Handle NULL members in process_members()
UTIL: Add a function to convert id_t from a number or a name
BUILD: Add a config option for sssd user, own private directories as the user
RPM: Change file ownership to sssd.sssd
SSSD: Load a user to run a service as from configuration
SBUS: Chown the sbus socket if needed
SBUS: Allow connections from other UIDs
BE: Own the sbus socket as the SSSD user
NSS: Run as a user specified by monitor
TEST: Unit test for create_pipe_fd
AUTOFS: Run the autofs responder as the SSSD user
PAC: Run the pac responder as the SSSD user
SUDO: Run the sudo responder as the SSSD user
SSH: Run the ssh responder as the SSSD user
GPO: Terminate request on error
TESTS: Add tests for the views-related option maps
IPA: Don't fail the request when BE doesn't find the object
IPA: Rename user_dom into obj_dom
BUILD: Install ldap_child and as setuid if running under non-privileged user
LDAP: Move sss_krb5_verify_keytab_ex to ldap_child
LDAP: read the correct data type from ldap_child's input buffer
LDAP: Drop privileges after kinit in ldap_child
UTIL: Remove code duplication of struct io
UTIL: Remove more code duplication setting up child processes
IPA: Move setting the SELinux context to a child process
BE: Make struct bet_queue_item private to sssd_be
BUILD: Install krb5_child as suid if running under non-privileged user
KRB5: Drop privileges in the child, not the back end
KRB5: Move ccache-related functions to krb5_ccache.c
KRB5: Move checking for illegal RE to krb5_utils.c
KRB5: Move all ccache operations to krb5_child.c
KRB5: Do not switch_creds() if already the specified user
BUILD: Use separate chown to make changing ownership to the sssd user non-fatal
BUILD: Make chown of files to sssd user non-fatal
BUILD: Touch files in DESTDIR
BE: Become a regular user after initialization
BE: Fix a debug message
IPA: Handle IPA groups returned from extop plugin
Hint about removing sysdb if initializing ID map fails
PAM: Make pam_forwarder_parse_data static
SBUS: Initialize DBusError before using it
PAM: Check for trusted domain before sending the request to BE
PAM: Move is_uid_trusted from pam_ctx to preq
TESTS: Basic child tests
Add extra_args to exec_child()
KRB5: Create the fast ccache in a child process
LDAP: Remove useless include
sss_atomic_write_s() return value is signed
KRB5: Relax DEBUG message
TESTS: Build test_child even without cmocka
Rename test-child to dummy-child
CI: Suppress memory errors from poptGetNextOpt
tests: Free popt_context
IFP: Return group names with the right case
KRB5: Check FAST kinit errors using get_tgt_times()
Skip CHAUTHTOK_PRELIM when using OTPs
PAM: Domain names are case-insensitive
PAM: Missing argument to domains= should fail auth
MAN: Misspelled username in pam_trusted_users is not fatal
RESPONDER: Log failures to resolve user names in csv_string_to_uid_array
Updating translations for the 1.12.3 release
Updating the version to the 1.12.4 release
GPO: Ignore ENOENT result from sysdb_gpo_get_gpo_result_setting()
TESTS: Cover sysdb_gpo.c with unit tests
GPO: Set libsmb debugging to stderr
UTIL: Allow dup-ing child pipe to a different FD
GPO: Don't use stdout for output in gpo_child
GPO: Extract server hostname after connecting
krb5_child: Return ERR_NETWORK_IO on KRB5_KDCREP_SKEW
Open the PAC socket from krb5_child before dropping root
IPA: Use attr's dom for users, too
SELINUX: Call setuid(0)/setgid(0) to also set the real IDs to root
SELINUX: Set and reset umask when caling set_seuser from deamon code
LDAP: Add UUID when saving incomplete groups
IPA: Resolve IPA user groups' overrideDN in non-default view
LDAP: Rename the _res output parameter to avoid clashing with libresolv in tests
RESOLV: Add an internal function to read TTL from a DNS packet
resolv: Fix a typo
SELINUX: Check the return value of setuid and setgid
BUILD: Include python-test.py in the tarball
GPO: Better debugging for gpo_child's mkdir
LDAP: Add better DEBUG messages to the cleanup task
LDAP: Handle ENOENT better in the cleanup task
Updating translations for the 1.12.4 release
Jan Cholasta (2):
SSH: Allow newline at the end of public key values in LDAP
SDAP: Set default value of ldap_user_ssh_public_key to "sshPublicKey"
Jan Engelhardt (2):
build: fix ordering of linker flags
build: call AC_BUILD_AUX_DIR before anything else
Lukas Slebodnik (251):
Add missing new line in DEBUG message
LDAP: Use primary cn to search netgroup
RESPONDER: Use right function prototype
Revert "mmap_cache: Skip records which doesn't have same hash"
mmap_cache: Use two chains for hash collision.
Include right header file
Include header file in implementation module.
krb5: fix warning may be used uninitialized
LDAP: Set default value for dyndns update to false
krb5: Remove warning dereference of a null pointer
krb5: Use right function to free data.
IPA: Remove unused memory context.
AD: Prefer GC port from SRV record
AD: fall back to LDAP if GC is not available.
tests: Use right format string for type size_t
Makefile: Add missing libraries
Makefile: Remove unused variable TEST_MOCK_OBJ
LDAP: Return correct error code
NSS: Set packet length for initgroups
BUILD: Explicitly link libsss_ad.so with sasl libs
BUILD: Change error message if missing cifsimap.h
LDAP: Prevent from using uninitialized sdap_options
monitor: return right error code
SYSDB: Skip malformed netgroup attribute.
TESTS: Link libsss_test_common with tevent
TESTS: Remove test dir after successful tests
Remove unused parameter from sss_selinux_extract_user
Remove unused parameter from get_user_dn
Remove unused parameter from sdap_save_user
Remove unused parameter from sdap_get_members_with_primary_gid
Remove unused parameter from sdap_store_group_with_gid
Remove unused parameter from sdap_add_group_member_2307
Remove unused parameter from sdap_process_missing_member_2307
Remove unused parameter from sdap_save_netgroup
Remove unused parameter from krb5_auth_cache_creds
Remove unused parameter from krb5_auth_store_creds
Remove unused parameter from mod_groups_member
Remove unused parameter from usermod
Remove unused parameter from groupmod
Remove unused parameter from useradd
Remove unused parameter from groupadd
Remove unused parameter from invalidate_entry
Remove unused parameter from search_autofsmaps
Remove unused parameter from seed_domain_user_info
Remove unused parameter from sudosrv_get_sudorules_query_cache
Remove unused parameter from delete_user
Remove unused parameter from save_user
Remove unused parameter from save_netgroup
Remove unused memory context in proxy
Remove unused parameter from ipa_save_netgroup
Remove unused parameter from group_show_mpg
Remove unused parameter from group_show_trim_memberof
AUTOMAKE: Don't build libsss_test_common every time
SYSDB: Sanitize filter before sysdb_search_groups
SYSDB: Sanitize filter before removing ghost attrs
NSS: Fix memory leak in sss_setnetgrent
AUTOTOOLS: krb5 1.12 is also supported krb5 libs
TESTS: Fix build with older version of check framework
AD: Return right error code from netlogon_get_flat_name
LDAP: Don't fail if subdomain cannot be found by sid
LDAP: update id mapping detection for ldap provider
sdap_idamp: Fall back to another method if sid is wrong
TESTS: Fix authtok test for zero length string.
CLIENT: Remove unused macros
LDAP: store group if subdomain cannot be found by sid
LDAP: require attribute groupType for AD groups
AD: Remove unused memory contexts
memberof: Removed unused parameter from mbof_fill_vals_array.
Makefile: Remove unused libraries
DOC: Fix names of arguments in doxygen comments
test_dyndns: Test right variable after allocation.
IPA: explicitly link libsss_ipa with selinux library
Translation: Move german translation to right directory
SPEC: Fix packaging rpms on OSes without systemd
DEBUG: Fix crash after fallback from journal log
Fix warning unused variable ap_fallback
LDAP: Setup periodic task only once.
UTIL: Sanitize whitespaces.
KRB5: Fix condition for empty string
NSS: Fix warning access array with index then check
TEST: Fix warning invalid printf argument type
Remove unused structures.
TEST: Use unique directory for negcache test
PAM: Test return value of strdup
Makefile: Add missing library to the dp_opt_tests
AD: Continue if sssd failes to check extra members
TEST: Remove unused argument sysdb_path
TEST: Use right domain name in negcache test
TEST: Do not clean up if test fail.
hbac-test: Use defined macros instead of strings
TESTS: Remove unused macros
KRB: Prevent dereference of a null pointer
UTIL: Hide implementation details about unicode libraries.
Use pattern #elif defined(identifier)
BUILD: Enable additional compiler warnings
SYSV: Do not call functions success and fail itself
IPA: Use function sysdb_attrs_get_el in safe way
AUTOFS: terminate array after the last entry
Makefile: Use alternative method to replace *bindir
krb5_child: Remove unused krb5_context from set_changepw_options
Remove unused argument from resolv_gethostbyname_dns_parse
Fix warning zero-length gnu_printf format string
krb5_child: Fix use after free in debug message
AUTOMAKE: Do not include generated files into tarball
BUILD: Link libsss_ldap_common.so to libsss_idmap.so
BUILD: Move file find_uid.c into libsss_util.so
BUILD: Move file sss_krb5.c into libsss_krb5_common.so
BUILD: Move duplicated files from providers to libsss_ldap_common.so
TEST: Add untested libraries into dlopen test
TEST: Some macros aren't defined in older version of check.
CRYPTO: Fix access to uninitialized data
SPEC: Remove duplicate sssd_ifp.
TEST: Link ipa_ldap_opt test with openldap libs
UTIL: Use constant instead of value for stdin.
MONITOR: Fix start up with empty standard input
SPEC: Add libsss_ad_common.so to the package sssd-ad
TEST: Refactor test_io
BUILD: Make samba4 libraries optional
SBUS: Fix warning declaration shadows a global declaration
PAM: Fix problem with missing declaration.
PAM: macro PAM_DATA_REPLACE isn't available in openpam.
CRYPTO: Use unprefixed version of function stpncpy
CONFIGURE: Remove duplicate detection of pam
Remove unused parameter from ifp_user_get_attr_handle_reply
Remove unused parameter from ifp_user_get_groups_reply
resolv: Do not try to free addrinfo in case of error
AUTOCONF: Move detection of samba libraries to one file
SBUS: Define DBUS_ERROR_INIT for old version of dbus
SBUS: Include config.h for enabling function in stdio.h
UTIL: Fix order of header files.
LDAP: Don't use macro _XOPEN_SOURCE for extra features
UTIL: Include netinet/in.h for ip adress macros
TEST: Test empty results from functions sysdb_search_*
sss_autofs: Check return value of autofs make request
sss_autofs: Do not try to free empty autofs context
Don't use macro _XOPEN_SOURCE for function strptime
TEST: Add libsss_simpleifp.so to dlopen test
man: Substitute entity values for entity references
MAKE: Link libsss_ldap.so with ldap libraries
UTIL: Add function sss_parse_name_const
NSS: Refactor expand_homedir_template
NSS: Add option to expand homedir template format
TEST: Add test for expand homedir
PAM: Include header file security/pam_appl.h
MAKE: Remove PAM libraries from libsss_simple
CONFIGURE: Enhance detection of pam
PAM: Fix compilation of pam_test_client with openpam
PAM: Use fallback version of some pam macros
PAM: Define compatible macros for some functions.
PAM: add ignore_authinfo_unavail option
SDAP: Use portable constant as level in setsockopt
Unify usage of function gethostname
MAN: Add reference to manual page sssd-sudo
Use python2 in shebang for python scripts.
CONFIGURE: Prefer python2
SYSDB: Remove useless NULL test.
SYSDB: Modify declaration of sysdb_search_entry
TESTS: Fix format string in check macros
BUILD: ad_gpo_tests should be built only with samba
SPEC: Add gpo_child to package sssd-ad
UTIL: Fix access out of bound in parse_args
BUILD: Add version symbol files for public libraries.
sdap-tests: Fix off by one.
BUILD: Link sdap-tests with openldap libraries
PAM: Test right variable after calling sss_atomic_read_s
CONTRIB: make_srpm.sh can prepare SRPM with patches
CONTRIB: Fix creation of tar.gz with old version of git
sss_client: thread safe initialisation of sss_cli_mc_ctx
sss_client: Fix memory leak in nss_mc_{group,passwd}
LDAP: Remove unused option ldap_netgroup_uuid
LDAP: Remove unused option ldap_group_uuid
LDAP: Remove unused option ldap_user_uuid
test_utils: Use common header file for libsss_util tests.
UTIL: Add functions for replacing whitespaces.
NSS: Replace spaces with specified string in names.
SDAP: Deref needn't be treated as critical
Revert "SDAP: Deref needn't be treated as critical"
dyndns_test: Use right socket length of for IPv4 address.
responder-get-domains-tests: fix checking of leaks
test_dyndns: Use different talloc context in wrapped functions.
TESTS: leak_check functions shouldn't be called with NULL context
dyndns: Fix talloc hierarchy of "struct sss_iface_addr"
test_dyndns: sss_iface_addr_list_get can return more values
SDAP: free subrequest in sdap_dyndns_update_addrs_done
SDAP: Immediately finish request for empty array
SDAP: Use different talloc_context for array of names
SDAP: Update groups for user just once.
SDAP: Fix using of uninitialized variable
strtonum-tests: Add unit test for strtouint16.
responder_socket_access-tests: Fix condition in loop
MAN: Fix a conversion of seconds to hours
AD: Ignore all errors if gpo is in permissive mode.
AUTOCONF: Update detection of libnfsidmap
SPEC: Use netlink library version 3 for rhel7
SPEC: Drop old OS conditions from spec file.
refcount-tests: Do not force to run test in CK_FORK mode
NSS: Use right domain for group members with fq names
pysss: test return value of realloc.
CI: Add missing debian dependency
CI: Use default config for mock build
GPO: Use argument ndg_flags instead of constant
GPO: remove unused talloc contexts
DP: Print a type as hexadecimal number in debug message.
SDAP: Suppress warning maybe-uninitialized
TOOLS: Fix warning Value stored to is never read
SDAP: Fix warning Value stored to is never read
SDAP: test return value of sysdb_search_services
PAC: Check return value of function hash_entries
IPA: Fix error handling after talloc_ber_flatten
GPO: fail if there is problem with storing gpo into sysdb
GPO: Fail if we cannot retrieve gpo from cache.
GPO: Do not use output argument if function failed
BUILD: Fix automake warning
test_server: Fix waiting for background process
SPEC: Print testsuite log for failed test
SBUS: Fix error handling after closing container
BUILD: Fix linking cwrap tests with -Wl,--as-needed
test_sysdb_views: Use unique directory for cache
IPA: Store right username to selinux child context
PAM: Remove authtok from PAM stack with OTP
NSS: Fix warning enumerated type mixed with another type
Revert "LDAP: Change defaults for ldap_user/group_objectsid"
AD: Change level of debug message
CI: Build sssd on debian with samba support
LDAP: Disable token groups by default
sss_client: Extract destroying of mmap cache to function
sss_client: Fix race condition in memory cache
krb5: Check return value of krb5_principal_get_realm
krb5: Check return value of sss_krb5_princ_realm
AD: Set dp_error if gc was not used
TOOLS: sss_debuglevel should worh with ifp responder
CI: Update valgrind suppresion database for libselinux
IPA: Do not append domain name to fq name
sss_client: Work around glibc bug
MAKE: Fix linking of test_child_common
UTIL: Fix dependencies of internal sss libraries
BUILD: Install libsss_crypt after its dependencies
MONITOR: Disable inlining of function load_configuration
krb5_child: Initialize REALM earlier
IPA: properly handle groups from different domains
logrotate: Fix warning file size changed while zipping
PROXY: Fix use after free
pysss: Fix double free
MONITOR: Fix double free
SSSDConfig: Remove unused exception name
SSSDConfig: Port missing parts to python3
Remove strict requirements of python2
sbus_codegen: Port to python3
Add missing new lines to debug messages
CONFIGURE: Do not use macro AC_PROG_MKDIR_P twice
RESPONDERS: Warn to syslog about colliding objects
Markos Chandras (2):
sysv/gentoo: Use xdm if possible
sysv/gentoo: Send debug output to a file instead of stderr
Michal Zidek (67):
Rename _SSS_MC_SPECIAL
man sssd: Add note about SSS_NSS_USE_MEMCACHE
nss: Wrong debug message.
util: Add functions to check if IP addresses is special
dyndns: Use check_ipvX_addr functions
sdap_async_sudo_hostinfo.c: Use check_ipvX_addr
tests: Silence alignment warning in tests.
responder: Access packet header using SAFEALIGN macros.
confdb: Make offline timeout configurable
SYSDB: Drop the sysdb_ctx parameter from the sysdb_search module
SYSDB: Drop the sysdb_ctx parameter from the sysdb_services module
SYSDB: Drop the sysdb_ctx parameter from the sysdb_ssh module
SYSDB: Drop the sysdb_ctx parameter - module sysdb_ops (part 1)
SYSDB: Drop the sysdb_ctx parameter - module sysdb_ops (part 2)
SYSDB: Drop redundant sysdb_ctx parameter from sysdb.c
sss_client: Use SAFEALIGN_SETMEM_<type> macros where appropriate.
krb5: Alignment warning reported by clang
monitor: Stop using unnecessary helper pointer.
Missing parameter name in declaration.
Fix parameter name.
sss_client: Use SAFEALIGN_COPY_<type> macros where appropriate.
responder: Use SAFEALIGN macro when checking pam data validity.
Properly align buffer when storing pointers.
responder: Use SAFEALIGN macros where appropriate.
Possible null dereference in SELinux code
Remove dead code from ipa_get_selinux_recv
mmap: Get errno when unlink fails
ipa_selinux: Put SELinux map order related variables into structure
Add type parameter to DISCARD_ALIGN macro
Suppress safealign warnings with DISCARD_ALIGN.
Use DISCARD_ALIGN in VTABLE_FUNC macro
Add function confdb_set_string.
case_sensitivity = preserving
MAN: case_sensitivity man page update
Remove unused function confdb_set_bool
ptask: Allow adding random_offset to scheduled execution time
ptask: Add backoff feature to the ptask api.
Exit offline mode only if server is available.
MAN: offline_timeout
be_get_account_info change level of debug message
IFP: Suppress 'git diff' noise
Add alternative objectClass to group attribute maps
Use the alternative objectclass in group maps.
sssd.api.conf: Declare case_sensitive as string
nss: Preserve case of group members
LDAP: Change defaults for ldap_user/group_objectsid
util: Move semanage related functions to src/util
sss_semanage: Add mlsrange parameter to set_seuser
IPA: Use set_seuser instead of writing selinux login file
MONITOR: Allow confdb to be accessed by nonroot user
SYSDB: Allow calling chown on the sysdb file from monitor
responder_common: Create fd for pipe in helper
responders: Do not initialize pipe fd if already present
PAM: Create pipe file descriptors before privileges are dropped
PAM: Run pam responder as nonroot
nss: preserve service name in getsrv call
MONITOR: Fix warning may be used uninitialized
selinux_child: Do not ignore return values.
proxy: Do not try to store same alias twice
PROXY: Preserve service name in proxy provider
MAN: Update case_sensitive=Preserving in man pages.
Man: debug_timestamps and debug_microseconds
test: Wrong parameter type in sss_parse_name_check
util: Special-case PCRE_ERROR_NOMATCH in sss_parse_name
util: sss_get_domain_name regex mismatch not fatal
confdb: Make confdb_set_string accept const char pointer
AD: Never store case_sensitive as "true" to confdb
Michal Šrubař (1):
LDAP SUDO: sudo provider doesn't fetch 'EntryUSN'
Nalin Dahyabhai (2):
sss_client: Fix "struct sss_cli_mc_ctx" reinitialize-on-errors
Accept krb5 1.13 for building the PAC plugin
Nathaniel McCallum (1):
Fix krb5 changepw when FAST-only preauth methods are used (like OTP)
Nikolai Kondrashov (45):
dyndns: Update PTR records separately
Add cscope inverted index files to .gitignore
Update debug levels in sss_semanage_error_callback
Move DEBUG macro body to debug_fn
Remove extra flushing from debug message output
Cleanup debug_fn
Make DEBUG macro definition variadic
Make DEBUG macro invocations variadic
Fixup DEBUG macro invocations update
Update DEBUG* invocations to use new levels
Update debug level in sysdb_check_upgrade_02
Remove DEBUG macro support for old debug levels
Use HW instead of processor name as build arch
Use functions, not aliases in bashrc_sssd
Handle unbound variables in bashrc_sssd
Clarify CFLAGS handling in bashrc_sssd
Remove --with-distro-version
build: Don't assume systemd implies journald
build: List test extensions
build: Switch to AM_DISTCHECK_CONFIGURE_FLAGS
build: Switch back to DISTCHECK_CONFIGURE_FLAGS
build: Augment systemdconfdir at configure stage
build: Allow augmenting TESTS_ENVIRONMENT
build: Remove substitution of *_OBJ variables
build: Mention required libini_config version
build: Distinguish libini_config version checks
build: Distinguish libnl version checks
build: Reverse order of libini_config checks
build: Move libini_config 1.1.0 check to libini_config.m4
build: Don't install ad and ipa man pages unnecessarily
Add basic support for CI test execution
CI: Add libnfsidmap-dev Debian dependency
CI: Consider libcmocka-devel always present
TESTS: Free hbac_info
TESTS: Free compiled regexes in krb5_utils-tests
TESTS: Free link paths in symlink tests
TESTS: Free retrieved sid in test_getsidbyname
CI: Preserve mock config timestamps
CI: Don't run dlopen-tests under Valgrind
CI: Add Valgrind suppression support
CI: Suppress all detected Valgrind issues
CI: Enforce Valgrind check
CI: Remove disabling of Valgrind gdb invocation
CI: Don't say Valgrind is ignored in README.md
CI: Remove Clang analyzer
Noam Meltzer (5):
NEW CLIENT: plugin for NFSv4 rpc.idmapd
NFSv4 client: (private) headers from libnfsidmap
NFSv4 client: add to build system
NFSv4 client: add to RPM spec
NFSv4 client: man page
Ondrej Kos (2):
MAN: Remove IPA specific LDAP settings
IPA: Deprecate ipa_hbac_support_srchost option
Pallavi Jha (5):
added null checks to authtok module
permament is corrected to permanent
cmocka unit test for authtok module added
Unit-test-for-negcache-module-added
cmocka-unit-test-for-functions-getpwuid*-added
Pavel Březina (126):
util: add sss_idmap_talloc[_free]
simple access tests: fix typos
simple provider: support subdomain users
util: add find_subdomain_by_sid()
util: add find_subdomain_by_object_name()
simple provider: support subdomain groups
simple access test: initialize be_ctx for all tests
simple provider: obey case sensitivity for subdomain users and groups
man: improve sssd-sudo manual page
man: server side password policies always takes precedence
util: add get_domains_head()
sysdb: get_sysdb_grouplist() can return either names or dn
sysdb: sysdb_update_members can take either name or dn
ad: store group in correct tree on initgroups via tokenGroups
sudo: allow specifying only one time restriction
sudo: improve time restrictions debug messages
nss: wait for initial subdomains request to finish
subdomains: first destroy ptask then remove sdom
dp: make subdomains refresh interval configurable
dp: store list of ongoing requests
utils: add ERR_DOMAIN_NOT_FOUND error code
dp: set request domain
dp: add function to terminate request of specific domain
dp: free sdap domain if subdomain is removed
be_ptask: add be_ptask_create_sync()
dp: convert cleanup task to be_ptask
ipa: destroy cleanup task when subdomain is removed
ad: destroy ptasks when subdomain is removed
sdap_save_user: try to determine domain by SID
sdap_save_group: try to determine domain by SID
free sid obtained from sss_idmap_unix_to_sid()
ad: shortcut if possible during get object by ID or SID
sdap: store base dn in sdap_domain
sdap: add sdap_domain_get_by_dn()
ghosts: pick correct domain for every member
sdap_fill_memberships: pick correct domain for every member
nested groups: pick correct domain for cache lookups
idmap: add API to free allocated SIDs
free idmapped SIDs correctly
free idmapped dom SIDs correctly
free idmapped smb SIDs correctly
free idmapped binary SIDs correctly
pac: fix double free
pac: fix potential memory leaks
failover: check dns_domain if primary servers lookup failed
ad: refactor tokengroups initgroups
ad: use tokengroups even when id mapping is disabled
Bump sss_idmap version to 3:0:3
sudo: memset tm when converting time attributes
resolv_gethostbyname_dns_parse(): remove tmp_ctx
IPA: default krb5_fast_principal to host/$client@$realm
sdap: move non async functions from sdap_async.c to sdap_utils.c
sdap: move non async functions from sdap_async_connection.c to sdap_utils.c
sdap: move sdap_get_id_specific_filter() to sdap_utils.c
ldap: move options related content from ldap_common.c to ldap_options.c
ldap: move domain related content from ldap_common.c to sdap_domain.c
make make_realm_upper_case() static
tests: add confdb_path to sss_test_ctx
tests: mock SDAP
tests: mock sysdb users and groups
tests: prepare makefile for provider related unit tests
tests: new macro sss_will_return_always
tests: nested groups unit test
tests: don't print debug message when test dir does not exist
ad_account_can_shortcut(): return bool instead of errno
IFP: do not create client socket
sbus_tests: fix missing invoker in initializer
sbus request: fix error initialization
SBUS: remove unused variables
sss_config: the code
sss_config: build
sss_config: unit tests
sss_config: build only when IFP is allowed
IFP: Add a utility function to reply with an object path
SBUS: Utility function sbus_request_return_array_as_variant
SBUS: Return empty string if a string getter returns NULL
SBUS: Add utility function sbus_add_array_as_variant_to_dict
IFP: Implement domain getters
confdb: add confdb_list_all_domain_names()
utils: add get_known_services()
IFP: Implement SSSD components
sss_sifp: introduce API
sss_sifp: implement API
sss_sifp: build
sss_sifp: unit tests
sss_sifp: add support for string dictionary
sss_sifp: add shortcuts for common use cases
man: clarify refresh_expired_interval
sbus_codegen_tests: free memory context
nested groups: do not fail if we get one entry twice
sbus_request: fix potential NULL dereference
sss_sifp: pkg-config requires is a comma separated list
sss_sifp: add prefix and exec_prefix to pkg-config
IFP: touch config when changing debug level temporarily
resolv tests: remove ununused variable from for cyclus
resolv tests: add test for multiple servers with zero weights
resolv: fix server sort by weight
sudo: fetch sudoRunAs attribute
sss_sifp test: fix object path array test
sss_sifp: set output parameters if attribute is NULL
ad_handle_acct_info_step: fix typo
ad: comment ENOENT when id mapping is disabled
ad: update membership after SIDs are resolved
sudo: use dbus array for rules refresh
sudo: replace asterisk with escape sequence in host filter
failover: set port status to not working if previous srv lookup failed
ad initgroups: continue if resolved SID is still missing
sudo: work with correct D-Bus iterator
sss_sifp: bump version to 0:1:0
sysdb_get_user_attr: use fqn for subdomain users
tests: add test for sysdb_get_user_attr with subdomain user
sss_get_domain_name: check for fq name first
tests: add test for sss_get_domain_name
Add sysdb_search_[user|group]_override_attrs_by_name
Add sysdb_get_user_attr_with_views
IFP: support views
sudo: support views
IPA: use ipaUserGroup object class for groups
be_ptask: create a private header file
be_ptask: handle OFFLINE_DISABLE mode before task execution
be_ptask: add next_execution time to struct be_ptask
be_ptask: do not store sync ctx to _task
tests: be_ptask
be_ptask: let backoff affect only period
be_ptask: use gettimeofday() instead of time()
spec: sifp requires sssd-dbus
Pavel Reichl (120):
Include ext headers with #include <foo.h> - cont
monitor: Specific error message for missing sssd.conf
SSSD: Improved domain detection
SSSD: Unit test - sss_ldap_dn_in_search_bases
monitor: use-after-free bugfix
monitor: monitor_kill_service - refactor
monitor: memory-leak bug
monitor: syslog when process killed by monitor
SYSDB: typos & debug macro constants
SYSDB: missing conversion of LDB error to errno
SYSDB: simplification of condition in if statement
responder: Set forest attribute in AD domains
simple access: match objects using flat name
simple access: refresh master domain info
NSS: add support for subdomain_homedir
krb5: hint to increase krb5_auth_timeout
utils: handling NULL params in sss_parse_name
Revert "NSS: add support for subdomain_homedir"
AD: support for subdomain_homedir
MAN: update of subdomain_homedir usage
CONFDB: fail if there are domains with same name
MONITOR: Incorrect permissions on sssd.conf
MAN: new general options section
MAN: Option name typo in sssd-krb5
refactor calls of sss_parse_name
KRB5: log message - wrong permissions on ccache dir
MAN: minimal value expected for ldap_idmap_range_size
More information about the Pkg-sssd-devel
mailing list