[Pkg-sssd-devel] sssd: Changes to 'master'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Wed Dec 20 10:02:54 UTC 2017
Makefile.am | 129
configure.ac | 1
contrib/ci/README.md | 2
contrib/ci/distro.sh | 7
contrib/sssd.spec.in | 16
contrib/systemtap/dp_request.stp | 85
debian/changelog | 9
debian/control | 18
debian/patches/series | 2
debian/patches/sysdb-sanitize-search-filter-input.diff | 133
debian/sssd-common.install | 1
po/POTFILES.in | 1
po/bg.po | 737 +-
po/ca.po | 854 +-
po/cs.po | 2738 +++++++
po/de.po | 822 +-
po/es.po | 797 +-
po/eu.po | 723 +
po/fr.po | 846 +-
po/hu.po | 743 +-
po/id.po | 740 +-
po/it.po | 762 +-
po/ja.po | 812 +-
po/nb.po | 714 +
po/nl.po | 818 +-
po/pl.po | 1139 +--
po/pt.po | 766 +-
po/pt_BR.po | 704 -
po/ru.po | 772 +-
po/sssd.pot | 704 -
po/sv.po | 818 +-
po/tg.po | 712 +
po/tr.po | 704 -
po/uk.po | 1133 +--
po/zh_CN.po | 710 +
po/zh_TW.po | 735 +-
src/conf_macros.m4 | 20
src/confdb/confdb.c | 19
src/confdb/confdb.h | 11
src/config/SSSDConfig/__init__.py.in | 15
src/config/SSSDConfig/ipachangeconf.py | 2
src/config/SSSDConfig/sssd_upgrade_config.py | 1
src/config/SSSDConfigTest.py | 15
src/config/cfg_rules.ini | 30
src/config/etc/sssd.api.conf | 11
src/config/etc/sssd.api.d/sssd-ipa.conf | 3
src/config/etc/sssd.api.d/sssd-ldap.conf | 1
src/db/sysdb.h | 32
src/db/sysdb_init.c | 7
src/db/sysdb_ops.c | 109
src/db/sysdb_private.h | 9
src/db/sysdb_sudo.c | 89
src/db/sysdb_sudo.h | 6
src/db/sysdb_upgrade.c | 77
src/external/pac_responder.m4 | 3
src/krb5_plugin/sssd_krb5_localauth_plugin.c | 2
src/lib/certmap/sss_cert_content_common.c | 199
src/lib/certmap/sss_cert_content_crypto.c | 778 ++
src/lib/certmap/sss_cert_content_nss.c | 109
src/lib/certmap/sss_certmap.c | 93
src/lib/certmap/sss_certmap_attr_names.c | 83
src/lib/certmap/sss_certmap_int.h | 25
src/lib/certmap/sss_certmap_krb5_match.c | 21
src/lib/idmap/sss_idmap.c | 12
src/lib/sifp/sss_sifp_parser.c | 4
src/man/Makefile.am | 11
src/man/idmap_sss.8.xml | 2
src/man/include/failover.xml | 56
src/man/include/ipa_modified_defaults.xml | 5
src/man/include/seealso.xml | 10
src/man/po/br.po | 3271 +++++---
src/man/po/ca.po | 4342 ++++++-----
src/man/po/cs.po | 3185 +++++---
src/man/po/de.po | 4723 ++++++------
src/man/po/es.po | 4277 ++++++-----
src/man/po/eu.po | 3163 +++++---
src/man/po/fi.po | 3248 +++++---
src/man/po/fr.po | 4734 ++++++------
src/man/po/ja.po | 4356 ++++++-----
src/man/po/lv.po | 3273 +++++---
src/man/po/nl.po | 3324 +++++----
src/man/po/po4a.cfg | 2
src/man/po/pt.po | 3542 +++++----
src/man/po/pt_BR.po | 3167 +++++---
src/man/po/ru.po | 3205 +++++---
src/man/po/sssd-docs.pot | 3072 +++++---
src/man/po/tg.po | 3199 +++++---
src/man/po/uk.po | 6244 ++++++++++-------
src/man/po/zh_CN.po | 3205 +++++---
src/man/sss-certmap.5.xml | 24
src/man/sss_debuglevel.8.xml | 36
src/man/sssd-ad.5.xml | 6
src/man/sssd-ifp.5.xml | 2
src/man/sssd-ipa.5.xml | 44
src/man/sssd-kcm.8.xml | 2
src/man/sssd-ldap.5.xml | 44
src/man/sssd-secrets.5.xml | 89
src/man/sssd-session-recording.5.xml | 162
src/man/sssd-systemtap.5.xml | 386 +
src/man/sssd.conf.5.xml | 211
src/providers/ad/ad_gpo.c | 7
src/providers/ad/ad_machine_pw_renewal.c | 2
src/providers/ad/ad_opts.c | 1
src/providers/ad/ad_subdomains.c | 2
src/providers/backend.h | 8
src/providers/data_provider/dp.h | 2
src/providers/data_provider/dp_request.c | 5
src/providers/data_provider/dp_target_auth.c | 8
src/providers/data_provider/dp_target_id.c | 265
src/providers/data_provider/dp_targets.c | 2
src/providers/data_provider_be.c | 56
src/providers/ipa/ipa_access.c | 272
src/providers/ipa/ipa_access.h | 6
src/providers/ipa/ipa_auth.c | 12
src/providers/ipa/ipa_common.c | 69
src/providers/ipa/ipa_common.h | 10
src/providers/ipa/ipa_deskprofile_config.c | 156
src/providers/ipa/ipa_deskprofile_config.h | 45
src/providers/ipa/ipa_deskprofile_private.h | 50
src/providers/ipa/ipa_deskprofile_rules.c | 367
src/providers/ipa/ipa_deskprofile_rules.h | 43
src/providers/ipa/ipa_deskprofile_rules_util.c | 932 ++
src/providers/ipa/ipa_deskprofile_rules_util.h | 57
src/providers/ipa/ipa_hbac_common.c | 171
src/providers/ipa/ipa_hbac_hosts.c | 110
src/providers/ipa/ipa_hbac_private.h | 26
src/providers/ipa/ipa_hbac_rules.c | 70
src/providers/ipa/ipa_hbac_rules.h | 4
src/providers/ipa/ipa_hbac_services.c | 1
src/providers/ipa/ipa_hbac_users.c | 29
src/providers/ipa/ipa_init.c | 74
src/providers/ipa/ipa_opts.c | 4
src/providers/ipa/ipa_rules_common.c | 455 +
src/providers/ipa/ipa_rules_common.h | 89
src/providers/ipa/ipa_selinux.c | 34
src/providers/ipa/ipa_session.c | 864 ++
src/providers/ipa/ipa_session.h | 54
src/providers/ipa/ipa_subdomains.c | 74
src/providers/ipa/ipa_subdomains_ext_groups.c | 12
src/providers/ipa/ipa_subdomains_server.c | 4
src/providers/ipa/ipa_sudo.c | 8
src/providers/ipa/ipa_sudo.h | 13
src/providers/ipa/ipa_sudo_async.c | 9
src/providers/ipa/ipa_sudo_conversion.c | 39
src/providers/ipa/ipa_views.c | 18
src/providers/ipa/selinux_child.c | 12
src/providers/ldap/ldap_child.c | 18
src/providers/ldap/ldap_common.h | 5
src/providers/ldap/ldap_id.c | 5
src/providers/ldap/ldap_init.c | 2
src/providers/ldap/ldap_opts.c | 9
src/providers/ldap/sdap.h | 5
src/providers/ldap/sdap_access.c | 88
src/providers/ldap/sdap_access.h | 2
src/providers/ldap/sdap_async_groups.c | 23
src/providers/ldap/sdap_async_nested_groups.c | 61
src/providers/ldap/sdap_certmap.c | 152
src/providers/ldap/sdap_id_op.c | 12
src/providers/ldap/sdap_idmap.c | 2
src/python/pysss_murmur.c | 2
src/python/pysss_nss_idmap.c | 40
src/resolv/async_resolv.c | 7
src/responder/common/cache_req/cache_req.c | 66
src/responder/common/cache_req/cache_req_data.c | 10
src/responder/common/cache_req/cache_req_private.h | 10
src/responder/common/cache_req/cache_req_result.c | 8
src/responder/common/cache_req/cache_req_sr_overlay.c | 328
src/responder/common/iface/responder_iface.c | 2
src/responder/common/negcache.c | 118
src/responder/common/responder.h | 16
src/responder/common/responder_common.c | 109
src/responder/common/responder_utils.c | 83
src/responder/ifp/ifp_components.c | 3
src/responder/ifp/ifp_groups.c | 47
src/responder/ifp/ifp_iface.xml | 4
src/responder/ifp/ifp_iface_generated.c | 25
src/responder/ifp/ifp_iface_generated.h | 5
src/responder/ifp/ifp_private.h | 9
src/responder/ifp/ifp_users.c | 21
src/responder/ifp/ifpsrv_cmd.c | 35
src/responder/ifp/ifpsrv_util.c | 31
src/responder/kcm/kcmsrv_ccache.c | 35
src/responder/kcm/kcmsrv_ccache_mem.c | 26
src/responder/nss/nss_cmd.c | 22
src/responder/nss/nss_get_object.c | 6
src/responder/nss/nss_iface.c | 2
src/responder/nss/nss_private.h | 6
src/responder/nss/nss_protocol_netgr.c | 12
src/responder/nss/nss_protocol_pwent.c | 117
src/responder/nss/nsssrv.c | 99
src/responder/pam/pamsrv_cmd.c | 98
src/responder/secrets/local.c | 192
src/responder/secrets/proxy.c | 2
src/responder/secrets/secsrv.c | 193
src/responder/secrets/secsrv.h | 19
src/responder/secrets/secsrv_cmd.c | 6
src/responder/secrets/secsrv_private.h | 2
src/responder/sudo/sudosrv.c | 11
src/responder/sudo/sudosrv_get_sudorules.c | 68
src/responder/sudo/sudosrv_private.h | 3
src/sbus/sbus_codegen | 4
src/shared/io.h | 33
src/shared/murmurhash3.h | 21
src/shared/safealign.h | 146
src/sss_client/common.c | 136
src/sss_client/libwbclient/wbc_pam_sssd.c | 2
src/sss_client/libwbclient/wbclient.exports | 3
src/sss_client/libwbclient/wbclient_sssd.h | 9
src/sss_client/nss_mc_common.c | 2
src/sss_client/nss_mc_group.c | 2
src/sss_client/nss_mc_initgr.c | 2
src/sss_client/sss_cli.h | 15
src/sss_client/sss_pac_responder_client.c | 137
src/sss_client/sssd_pac.c | 4
src/systemtap/sssd.stp.in | 18
src/systemtap/sssd_functions.stp | 68
src/systemtap/sssd_probes.d | 5
src/tests/cmocka/test_certmap.c | 120
src/tests/cmocka/test_inotify.c | 2
src/tests/cmocka/test_io.c | 2
src/tests/cmocka/test_negcache.c | 30
src/tests/cmocka/test_sdap_access.c | 192
src/tests/cmocka/test_sdap_access.h | 36
src/tests/cmocka/test_sdap_certmap.c | 244
src/tests/cmocka/test_sss_idmap.c | 32
src/tests/cmocka/test_sssd_krb5_localauth_plugin.c | 197
src/tests/cmocka/test_sysdb_sudo.c | 170
src/tests/cmocka/test_utils.c | 12
src/tests/cwrap/Makefile.am | 3
src/tests/files-tests.c | 50
src/tests/intg/Makefile.am | 12
src/tests/intg/__init__.py | 13
src/tests/intg/config.py.m4 | 33
src/tests/intg/data/ad_data.ldif | 815 ++
src/tests/intg/data/ad_schema.ldif | 42
src/tests/intg/ds.py | 2
src/tests/intg/ds_openldap.py | 128
src/tests/intg/sssd_group.py | 43
src/tests/intg/sssd_passwd.py | 43
src/tests/intg/test_enumeration.py | 10
src/tests/intg/test_files_provider.py | 97
src/tests/intg/test_kcm.py | 54
src/tests/intg/test_ldap.py | 21
src/tests/intg/test_pac_responder.py | 120
src/tests/intg/test_pysss_nss_idmap.py | 269
src/tests/intg/test_secrets.py | 244
src/tests/intg/test_session_recording.py | 961 ++
src/tests/krb5_child-test.c | 10
src/tests/sbus_codegen_tests.c | 12
src/tests/sysdb-tests.c | 81
src/tests/util-tests.c | 2
src/tools/common/sss_tools.c | 15
src/tools/common/sss_tools.h | 7
src/tools/files.c | 809 --
src/tools/selinux.c | 83
src/tools/sss_debuglevel.c | 323
src/tools/sssctl/sssctl.c | 2
src/tools/sssctl/sssctl.h | 8
src/tools/sssctl/sssctl_cache.c | 52
src/tools/sssctl/sssctl_data.c | 47
src/tools/sssctl/sssctl_logs.c | 267
src/tools/sssctl/sssctl_user_checks.c | 2
src/tools/tools_util.c | 12
src/tools/tools_util.h | 17
src/tools/wrappers/sss_debuglevel.in | 4
src/util/domain_info_utils.c | 54
src/util/files.c | 886 ++
src/util/io.c | 2
src/util/io.h | 33
src/util/mmap_cache.h | 2
src/util/murmurhash3.c | 2
src/util/murmurhash3.h | 20
src/util/selinux.c | 83
src/util/session_recording.c | 113
src/util/session_recording.h | 76
src/util/sss_semanage.c | 73
src/util/util.h | 33
src/util/util_safealign.h | 147
version.m4 | 2
279 files changed, 66819 insertions(+), 39712 deletions(-)
New commits:
commit 4255a261504dfff2c00f2ff3e7cdf1d4732fa573
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Wed Dec 20 12:02:06 2017 +0200
releasing package sssd version 1.16.0-1
diff --git a/debian/changelog b/debian/changelog
index dfec486..4671da4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,11 @@
-sssd (1.16.0-1) UNRELEASED; urgency=medium
+sssd (1.16.0-1) unstable; urgency=medium
* New upstream release.
* sysdb-sanitize-search-filter-input.diff: Dropped, upstream.
* sssd-common.install: Add sssd-session-recording.5.
* control: Depend on python3 pkgs by default. (Closes: #883178)
- -- Timo Aaltonen <tjaalton at debian.org> Tue, 21 Nov 2017 12:39:11 +0200
+ -- Timo Aaltonen <tjaalton at debian.org> Wed, 20 Dec 2017 11:58:50 +0200
sssd (1.15.3-3) unstable; urgency=medium
commit 997ea58559a438dc2a87a34e9a08bf84f0dbc743
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Wed Dec 20 11:09:04 2017 +0200
control: Depend on python3 pkgs by default. (Closes: #883178)
diff --git a/debian/changelog b/debian/changelog
index 614d09a..dfec486 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ sssd (1.16.0-1) UNRELEASED; urgency=medium
* New upstream release.
* sysdb-sanitize-search-filter-input.diff: Dropped, upstream.
* sssd-common.install: Add sssd-session-recording.5.
+ * control: Depend on python3 pkgs by default. (Closes: #883178)
-- Timo Aaltonen <tjaalton at debian.org> Tue, 21 Nov 2017 12:39:11 +0200
diff --git a/debian/control b/debian/control
index b0185f8..ca3e04e 100644
--- a/debian/control
+++ b/debian/control
@@ -76,7 +76,7 @@ Architecture: any
Multi-Arch: foreign
Pre-Depends: ${misc:Pre-Depends}
Depends:
- python-sss (= ${binary:Version}),
+ python3-sss (= ${binary:Version}),
sssd-ad (= ${binary:Version}),
sssd-common (= ${binary:Version}),
sssd-ipa (= ${binary:Version}),
@@ -96,10 +96,20 @@ Description: System Security Services Daemon -- metapackage
Package: sssd-common
Architecture: any
-Depends: python, python-sss, ${misc:Depends}, ${shlibs:Depends},
+Depends:
+ python3,
+ python3-sss,
+ ${misc:Depends},
+ ${shlibs:Depends},
adduser,
-Recommends: bind9-host, libnss-sss, libpam-sss, libsss-sudo
-Suggests: apparmor, sssd-tools
+Recommends:
+ bind9-host,
+ libnss-sss,
+ libpam-sss,
+ libsss-sudo
+Suggests:
+ apparmor,
+ sssd-tools
Breaks: sssd (<< 1.10.0~beta2-1),
sssd-krb5-common (<< 1.13.1-1),
Replaces: sssd (<< 1.10.0~beta2-1),
commit 870ee05f7057a4edf58b820a95e6c1eee3bb3134
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Nov 21 13:01:09 2017 +0200
sssd-common.install: Add sssd-session-recording.5.
diff --git a/debian/changelog b/debian/changelog
index d64feac..614d09a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ sssd (1.16.0-1) UNRELEASED; urgency=medium
* New upstream release.
* sysdb-sanitize-search-filter-input.diff: Dropped, upstream.
+ * sssd-common.install: Add sssd-session-recording.5.
-- Timo Aaltonen <tjaalton at debian.org> Tue, 21 Nov 2017 12:39:11 +0200
diff --git a/debian/sssd-common.install b/debian/sssd-common.install
index 03488db..40f2874 100644
--- a/debian/sssd-common.install
+++ b/debian/sssd-common.install
@@ -49,6 +49,7 @@ usr/share/man/man1/sss_ssh_knownhostsproxy.1*
usr/share/man/man5/sss_rpcidmapd.5*
usr/share/man/man5/sssd-files.5*
usr/share/man/man5/sssd-secrets.5*
+usr/share/man/man5/sssd-session-recording.5*
usr/share/man/man5/sssd-simple.5*
usr/share/man/man5/sssd-sudo.5*
usr/share/man/man5/sssd.conf.5*
commit 63edaa9edb51a0d56cf863cbea4abd25cde7b837
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Nov 21 12:50:12 2017 +0200
sysdb-sanitize-search-filter-input.diff: Dropped, upstream.
diff --git a/debian/changelog b/debian/changelog
index 648aa00..d64feac 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
sssd (1.16.0-1) UNRELEASED; urgency=medium
* New upstream release.
+ * sysdb-sanitize-search-filter-input.diff: Dropped, upstream.
-- Timo Aaltonen <tjaalton at debian.org> Tue, 21 Nov 2017 12:39:11 +0200
diff --git a/debian/patches/series b/debian/patches/series
index 8763183..a82d1b4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1 @@
-sysdb-sanitize-search-filter-input.diff
+#placeholder
diff --git a/debian/patches/sysdb-sanitize-search-filter-input.diff b/debian/patches/sysdb-sanitize-search-filter-input.diff
deleted file mode 100644
index a9e994e..0000000
--- a/debian/patches/sysdb-sanitize-search-filter-input.diff
+++ /dev/null
@@ -1,133 +0,0 @@
-From d71be41ed6c44602781b7174a760d5a55a7c53ec Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose at redhat.com>
-Date: Thu, 5 Oct 2017 11:07:38 +0200
-Subject: [PATCH] sysdb: sanitize search filter input
-
-This patch sanitizes the input for sysdb seaches by UPN/email, SID and
-UUID.
-
-This security issue was assigned CVE-2017-12173
----
- src/db/sysdb_ops.c | 43 +++++++++++++++++++++++++++++++++++--------
- src/tests/sysdb-tests.c | 7 +++++++
- 2 files changed, 42 insertions(+), 8 deletions(-)
-
-diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
-index 4cfef68239a5f145967c942b1fb6647c5542f019..0e39a629a5823ff49ed02ec4c08a21b66119f06f 100644
---- a/src/db/sysdb_ops.c
-+++ b/src/db/sysdb_ops.c
-@@ -601,6 +601,7 @@ int sysdb_search_user_by_upn_res(TALLOC_CTX *mem_ctx,
- int ret;
- const char *def_attrs[] = { SYSDB_NAME, SYSDB_UPN, SYSDB_CANONICAL_UPN,
- SYSDB_USER_EMAIL, NULL };
-+ char *sanitized;
-
- tmp_ctx = talloc_new(NULL);
- if (tmp_ctx == NULL) {
-@@ -608,6 +609,12 @@ int sysdb_search_user_by_upn_res(TALLOC_CTX *mem_ctx,
- goto done;
- }
-
-+ ret = sss_filter_sanitize(tmp_ctx, upn, &sanitized);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_OP_FAILURE, "sss_filter_sanitize failed.\n");
-+ goto done;
-+ }
-+
- if (domain_scope == true) {
- base_dn = sysdb_user_base_dn(tmp_ctx, domain);
- } else {
-@@ -620,7 +627,7 @@ int sysdb_search_user_by_upn_res(TALLOC_CTX *mem_ctx,
-
- ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res,
- base_dn, LDB_SCOPE_SUBTREE, attrs ? attrs : def_attrs,
-- SYSDB_PWUPN_FILTER, upn, upn, upn);
-+ SYSDB_PWUPN_FILTER, sanitized, sanitized, sanitized);
- if (ret != EOK) {
- ret = sysdb_error_to_errno(ret);
- goto done;
-@@ -4823,17 +4830,31 @@ static errno_t sysdb_search_object_by_str_attr(TALLOC_CTX *mem_ctx,
- bool expect_only_one_result,
- struct ldb_result **_res)
- {
-- char *filter;
-+ char *filter = NULL;
- errno_t ret;
-+ char *sanitized = NULL;
-
-- filter = talloc_asprintf(NULL, filter_tmpl, str);
-+ if (str == NULL) {
-+ return EINVAL;
-+ }
-+
-+ ret = sss_filter_sanitize(NULL, str, &sanitized);
-+ if (ret != EOK || sanitized == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, "sss_filter_sanitize failed.\n");
-+ goto done;
-+ }
-+
-+ filter = talloc_asprintf(NULL, filter_tmpl, sanitized);
- if (filter == NULL) {
-- return ENOMEM;
-+ ret = ENOMEM;
-+ goto done;
- }
-
- ret = sysdb_search_object_attr(mem_ctx, domain, filter, attrs,
- expect_only_one_result, _res);
-
-+done:
-+ talloc_free(sanitized);
- talloc_free(filter);
- return ret;
- }
-@@ -4922,7 +4943,8 @@ errno_t sysdb_search_object_by_cert(TALLOC_CTX *mem_ctx,
- struct ldb_result **res)
- {
- int ret;
-- char *user_filter;
-+ char *user_filter = NULL;
-+ char *filter = NULL;
-
- ret = sss_cert_derb64_to_ldap_filter(mem_ctx, cert, SYSDB_USER_MAPPED_CERT,
- NULL, NULL, &user_filter);
-@@ -4931,10 +4953,15 @@ errno_t sysdb_search_object_by_cert(TALLOC_CTX *mem_ctx,
- return ret;
- }
-
-- ret = sysdb_search_object_by_str_attr(mem_ctx, domain,
-- SYSDB_USER_CERT_FILTER,
-- user_filter, attrs, false, res);
-+ filter = talloc_asprintf(NULL, SYSDB_USER_CERT_FILTER, user_filter);
- talloc_free(user_filter);
-+ if (filter == NULL) {
-+ return ENOMEM;
-+ }
-+
-+ ret = sysdb_search_object_attr(mem_ctx, domain, filter, attrs, false, res);
-+
-+ talloc_free(filter);
-
- return ret;
- }
-diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
-index 63572e067b11a7149b872b3a3eae38776e2bcf21..4652661087238c18f7fabb398d054db99f77d6cf 100644
---- a/src/tests/sysdb-tests.c
-+++ b/src/tests/sysdb-tests.c
-@@ -6513,6 +6513,13 @@ START_TEST(test_upn_basic)
- fail_unless(strcmp(str, UPN_PRINC) == 0,
- "Expected [%s], got [%s].", UPN_PRINC, str);
-
-+ /* check if input is sanitized */
-+ ret = sysdb_search_user_by_upn(test_ctx, test_ctx->domain, false,
-+ "abc at def.ghi)(name="UPN_USER_NAME")(abc=xyz",
-+ NULL, &msg);
-+ fail_unless(ret == ENOENT,
-+ "sysdb_search_user_by_upn failed with un-sanitized input.");
-+
- talloc_free(test_ctx);
- }
- END_TEST
---
-2.9.3
-
commit 1582ad14987071793f51a56b1528f4030b6c1834
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Nov 21 12:41:55 2017 +0200
bump changelog
diff --git a/debian/changelog b/debian/changelog
index 0d2dce0..648aa00 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+sssd (1.16.0-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+
+ -- Timo Aaltonen <tjaalton at debian.org> Tue, 21 Nov 2017 12:39:11 +0200
+
sssd (1.15.3-3) unstable; urgency=medium
* Rebuild against new libldb. (Closes: #880013)
commit 2de0072db40ce90c9d376af38245cd1e0c9fa6ea
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Fri Oct 20 16:40:08 2017 +0200
Updating the version for the 1.16.0 release
diff --git a/version.m4 b/version.m4
index 1a627c1..6a6bc41 100644
--- a/version.m4
+++ b/version.m4
@@ -1,5 +1,5 @@
# Primary version number
-m4_define([VERSION_NUMBER], [1.15.4])
+m4_define([VERSION_NUMBER], [1.16.0])
# If the PRERELEASE_VERSION_NUMBER is set, we'll append
# it to the release tag when creating an RPM or SRPM
commit 9a839b29816c8906d4a6b074cf76df790cac9209
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Fri Oct 20 16:37:04 2017 +0200
Updating the translation for the 1.16.0 release
diff --git a/po/bg.po b/po/bg.po
index 8ec0021..6258aa2 100644
--- a/po/bg.po
+++ b/po/bg.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel at lists.fedorahosted.org\n"
-"POT-Creation-Date: 2017-07-25 11:53+0200\n"
+"POT-Creation-Date: 2017-10-20 16:16+0200\n"
"PO-Revision-Date: 2014-12-14 11:44-0500\n"
"Last-Translator: Copied by Zanata <copied-by-zanata at zanata.org>\n"
"Language-Team: Bulgarian (http://www.transifex.com/projects/p/sssd/language/"
@@ -38,9 +38,8 @@ msgid "Write debug messages to logfiles"
msgstr "Записва debug съобщенията в логфайлове"
#: src/config/SSSDConfig/__init__.py.in:48
-#, fuzzy
msgid "Watchdog timeout before restarting service"
-msgstr "Ping изчакване преди рестарт на услугата"
+msgstr ""
#: src/config/SSSDConfig/__init__.py.in:49
msgid "Command to start service"
@@ -79,12 +78,12 @@ msgid "Timeout for messages sent over the SBUS"
msgstr "Изчакване за съобщения, изпратени през SBUS"
#: src/config/SSSDConfig/__init__.py.in:60
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:197
msgid "Regex to parse username and domain"
msgstr "Regex за намиране на потребителско име и домейн"
#: src/config/SSSDConfig/__init__.py.in:61
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Printf-съвместим формат за изобразяване на пълно-квалифицирани имена"
@@ -103,9 +102,8 @@ msgid "The user to drop privileges to"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:65
-#, fuzzy
msgid "Tune certificate verification"
-msgstr "Изисква TLS проверка на сертификат"
+msgstr ""
#: src/config/SSSDConfig/__init__.py.in:66
msgid "All spaces in group or user names will be replaced with this character"
@@ -132,7 +130,7 @@ msgid "Entry cache background update timeout length (seconds)"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:74
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Negative cache timeout length (seconds)"
msgstr ""
@@ -217,7 +215,7 @@ msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:95
-msgid "Filter PAM responses send the pam_sss"
+msgid "Filter PAM responses sent to the pam_sss"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:96
@@ -249,7 +247,7 @@ msgid "Allow certificate based/Smartcard authentication."
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:103
-msgid "Path to certificate databse with PKCS#11 modules."
+msgid "Path to certificate database with PKCS#11 modules."
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:104
@@ -268,1170 +266,1201 @@ msgstr ""
msgid "If true, SSSD will switch back to lower-wins ordering logic"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-msgid "Whether to hash host names and addresses in the known_hosts file"
+#: src/config/SSSDConfig/__init__.py.in:110
+msgid ""
+"Maximum number of rules that can be refreshed at once. If this is exceeded, "
+"full refresh is performed."
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:116
+msgid "Whether to hash host names and addresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:117
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
-#, fuzzy
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Path to storage of trusted CA certificates"
-msgstr "Файл, съдържащ CA сертификати"
+msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:121
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long the PAC data is considered valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "List of UIDs or user names allowed to access the InfoPipe responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "List of user attributes the InfoPipe is allowed to publish"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
msgid "The provider where the secrets will be stored in"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
msgid "The maximum allowed number of nested containers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
msgid "The maximum number of secrets that can be stored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-msgid "The maximum payload size of a secret in kilobytes"
+#: src/config/SSSDConfig/__init__.py.in:132
+msgid "The maximum number of secrets that can be stored per UID"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:133
+msgid "The maximum payload size of a secret in kilobytes"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "The URL Custodia server is listening on"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "The method to use when authenticating to a Custodia server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:137
msgid ""
"The name of the headers that will be added into a HTTP request with the "
"value defined in auth_header_value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "The value sssd-secrets would use for auth_header_name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:139
msgid ""
"The list of the headers to forward to the Custodia server together with the "
"request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:138
+#: src/config/SSSDConfig/__init__.py.in:140
msgid ""
"The username to use when authenticating to a Custodia server using basic_auth"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:141
msgid ""
"The password to use when authenticating to a Custodia server using basic_auth"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "If true peer's certificate is verified if proxy_url uses https protocol"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:143
msgid ""
-"If false peer's certificate may contain different hostname then proxy_url "
+"If false peer's certificate may contain different hostname than proxy_url "
"when https protocol is used"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:144
msgid "Path to directory where certificate authority certificates are stored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:143
-#, fuzzy
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Path to file containing server's CA certificate"
-msgstr "Файл, съдържащ CA сертификати"
+msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:144
-#, fuzzy
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "Path to file containing client's certificate"
-msgstr "Файл, съдържащ CA сертификати"
+msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Path to file containing client's private key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "Identity provider"
msgstr "Доставчик на самоличност"
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Authentication provider"
msgstr "Доставчик на удостоверяване"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Access control provider"
msgstr "Доставчик на контрол на достъп"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:153
msgid "Password change provider"
msgstr "Доставчик на смяна на парола"
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:154
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
-#, fuzzy
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "SELinux provider"
-msgstr "Доставчик на самоличност"
+msgstr ""
#: src/config/SSSDConfig/__init__.py.in:158
+#, fuzzy
+msgid "Session management provider"
+msgstr "Доставчик на смяна на парола"
+
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Whether the domain is usable by the OS or by applications"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "Minimum user ID"
msgstr "Минимално ID на потребител"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Maximum user ID"
msgstr "Максимално ID на потребител"
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Cache credentials for offline login"
msgstr "Кеширай идентификационни данни за офлайн влизане"
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Store password hashes"
msgstr "Съхранявай хешове на пароли"
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Display users/groups in fully-qualified form"
msgstr "Показвай потребители/групи в пълно -валифицирана форма"
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:166
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:174
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:169
#: src/config/SSSDConfig/__init__.py.in:176
#: src/config/SSSDConfig/__init__.py.in:177
#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:170
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr "Ограничава или предпочита определена фамилия адреси при DNS търсения"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:171
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Колко дни да се пазят кешираните записи след последното успешно влизане"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Колко време да чакам за отговори от DNS при търсене на сървъри (секунди)"
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:173
msgid "The domain part of service discovery DNS query"
msgstr "Частта Домейн от DNS заявката за откриване на услуга"
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:181
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:182
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr "Интерфейсът, чийто IP да се ползва за динамични DNS обновявания"
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:185
More information about the Pkg-sssd-devel
mailing list