[Pkg-sssd-devel] [Git][sssd-team/sssd][upstream] 99 commits: Test: Update marker to tier1_2 for some ad tier1 tests
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Thu Feb 10 17:45:04 GMT 2022
Timo Aaltonen pushed to branch upstream at Debian SSSD packaging / sssd
Commits:
a10172a9 by Steeve Goveas at 2021-11-24T09:07:17+01:00
Test: Update marker to tier1_2 for some ad tier1 tests
To reduce test runtime to around 1 hour
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
- - - - -
94bc8a35 by Steeve Goveas at 2021-11-24T09:07:18+01:00
Test: fix the restore of ldap.conf in test_0016_forceLDAPS
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
- - - - -
c6207ead by Shridhar Gadekar at 2021-11-25T13:11:55+01:00
Tests: autofs lookups for unknown mounts are delayed for 50s
Verifies: #5832
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2013218
Reviewed-by: Anuj Borah <aborah at redhat.com>
- - - - -
2b41ffd4 by Shridhar Gadekar at 2021-11-25T13:11:55+01:00
removed the testcase
Reviewed-by: Anuj Borah <aborah at redhat.com>
- - - - -
23afbce7 by Shridhar Gadekar at 2021-11-25T13:11:55+01:00
Verifies: #5832 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2013218
Reviewed-by: Anuj Borah <aborah at redhat.com>
- - - - -
54dd529d by Tomas Halman at 2021-11-25T13:12:13+01:00
CONFDB: check the return values
Covscan pointed out that return value of chown and sete[ug]id is
not checked in some cases. There is not much we can do
in case of failure so only minor failure is logged.
Resolves: https://github.com/SSSD/sssd/issues/5876
Reviewed-by: Pawel Polawski <ppolawsk at redhat.com>
- - - - -
be687109 by Dhairya Parmar at 2021-11-25T13:12:28+01:00
TEST: Lookup with fully-qualified name with 'cache_first = True'
Verifies
Issue: https://github.com/SSSD/sssd/issues/5744
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2013294
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
5615ffa6 by Steeve Goveas at 2021-11-25T13:12:41+01:00
TEST: Remove check for rhel 9 to enable CRB repo
Tests will run for 8.6 and rhel 9 and both need CRB to be enabled.
Removing the check for rhel 9, to make it work for 8.6 as well
Reviewed-by: Anuj Borah <aborah at redhat.com>
- - - - -
1831c50d by Steeve Goveas at 2021-11-25T13:51:41+01:00
TESTS: Add tier2 marker for ipa tests
Some of the ipa tests would be executed as tier1 tests. Added markers
for the ones that were not marked and would run as tier2 tests
Reviewed-by: Anuj Borah <aborah at redhat.com>
- - - - -
34ee1b3e by Steeve Goveas at 2021-11-26T12:16:50+01:00
TEST: Add missing polarion requirements to tests
Some tests were not linked to polarion requirements
The subid tests added recently is linked to
"IDM-IPA-REQ: ipa subid range" in this PR
Reviewed-by: Anuj Borah <aborah at redhat.com>
- - - - -
b2eb01e5 by Shridhar Gadekar at 2021-11-26T12:17:02+01:00
Tests: Removed secondary group shown in cache
Verifies: #5783
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1917970
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
6dae77c8 by Alexey Tikhonov at 2021-12-02T12:35:13+01:00
Monitor: reduce log severity and add error text in case of fail to read from netlink fd.
Reviewed-by: Pawel Polawski <ppolawsk at redhat.com>
- - - - -
a34e3090 by Iker Pedrosa at 2021-12-02T12:35:24+01:00
ifp: fix covscan issues
Fix covscan issues introduced in commit
cf75d897b8ef03fdc471059214e86824f19b1bd1
Resolves: https://github.com/SSSD/sssd/issues/5877
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
- - - - -
66472035 by Vincent Vanlaer at 2021-12-02T12:35:38+01:00
LDAP: expire accounts when today >= shadowExpire
This brings the behavior of SSSD with regards to account expiry based on
shadow attributes in line with other projects.
Resolves: https://github.com/SSSD/sssd/issues/5873
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
886ba465 by David Ward at 2021-12-02T12:35:52+01:00
p11_child: Fix printing of non-null-terminated strings in wait_for_card()
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
e3e27466 by David Ward at 2021-12-02T12:35:52+01:00
p11_child: Include return value of PKCS #11 API calls in debug messages
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
d1f0dbf1 by David Ward at 2021-12-02T12:35:52+01:00
p11_child: Make debug messages about URI matching more specific
Indicate whether the URI does not match the module info, slot info, slot ID
or token info. Only print the URI once in the debug messages.
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
bd8b5260 by David Ward at 2021-12-02T12:35:52+01:00
p11_child: Perform URI matching inside wait_for_card()
If the slot or token does not match the URI, continue waiting for another
token instead of failing.
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
2bd61f4b by David Ward at 2021-12-02T12:35:52+01:00
p11_child: Check if module supports C_WaitForSlotEvent()
If the module does not support blocking calls to C_WaitForSlotEvent(), use
non-blocking calls separated by a one-second delay. If these calls are not
supported either, then return with failure.
Before this change, if blocking calls were not supported, wait_for_card()
passed an uninitialized slot ID to C_GetSlotInfo() after a 10-second wait..
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
8a4c222b by David Ward at 2021-12-02T12:35:52+01:00
p11_child: Allow slot changes to take effect before resuming search
After the slot list has been obtained with C_GetSlotList(), a module cannot
expose any new or removed slots, until C_GetSlotList() is called again with
NULL as the second argument.
Do this instead of reloading all of the modules before resuming the search
for a slot/token.
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
17ac1290 by David Ward at 2021-12-02T12:35:52+01:00
p11_child: Adjust exit conditions when looping over modules/slots
When a slot is found that supports removable tokens, set "module". If the
slot contains a usable token, set "slot_id", and use this condition to exit
the loop immediately.
With this change, the flags in the slot info can be checked earlier.
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
33fa634b by David Ward at 2021-12-02T12:35:52+01:00
p11_child: Skip uninitialized tokens
These cannot be used for authentication, and attempting to open a session
results in failure.
With this change, obtain token_info unconditionally when looping over
slots/tokens.
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
1c24c3ee by David Ward at 2021-12-02T12:35:52+01:00
p11_child: Combine subsequent loops over certificate list
With this change, obtain module_info unconditionally when looping over
slots/tokens.
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
4d877816 by David Ward at 2021-12-02T12:35:52+01:00
p11_child: Filter certificate list in place
A subset of the items in all_cert_list are copied in memory and added to
cert_list. all_cert_list does not get used again, and its items are never
freed directly. Instead, just populate cert_list and remove the unwanted
items from it (freeing their memory after doing so).
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
1cc7b802 by David Ward at 2021-12-02T12:35:52+01:00
p11_child: Handle failure when obtaining module list or names
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
b37e2713 by Sumit Bose at 2021-12-03T14:00:25+01:00
ad: require name when looking up root domain
To properly identify the forest root domain the name of this domain is
needed. It is discovered with a cldap-ping requesting the netlogon
attribute. If the name is missing it does not make sense to proceed
further because there is currently no other way to determine the forest
root domain.
Resolves: https://github.com/SSSD/sssd/issues/5820
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
4508ef5f by Sumit Bose at 2021-12-03T14:00:25+01:00
ad: move current site and forest name to a more global context
Currently only during the DNS discovery steps the stored forest and site
name are reused to avoid redundant lookups. Since those names are needed
in other areas of the code as well it would be good to make them
available in a more global context.
Resolves: https://github.com/SSSD/sssd/issues/5820
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
99c41619 by Sumit Bose at 2021-12-03T14:00:25+01:00
ad: use already discovered forest name
If the cldap-ping on the current connection does not return a reply with
the name of the forest root and the site of the client the stored values
from the DNS discovery step are used.
Resolves: https://github.com/SSSD/sssd/issues/5820
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
918abaf3 by Sumit Bose at 2021-12-03T14:00:25+01:00
ad: make ad_srv_plugin_ctx_switch_site() public
If the name of the AD DCs are given explicitly with the ad_server option
the forest and site lookups are not done in the discovery phase, which
is skipped, but with a netlogon query on the current connection. This
patch makes sure the results are stored in the same way as during the
discovery step.
Resolves: https://github.com/SSSD/sssd/issues/5820
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
724293d0 by Sumit Bose at 2021-12-03T14:00:25+01:00
ad: only send cldap-ping to our local domain
Since we are using the name of the local domain in the search filter of
the CLDAP ping only a DC from the local domain can send a proper reply.
DCs from other domains will only return an error so we can skip the
CLDAP ping for those domains.
Resolves: https://github.com/SSSD/sssd/issues/5822
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
c0941810 by Sumit Bose at 2021-12-03T14:00:25+01:00
cldap: use dns_resolver_server_timeout timeout for cldap ping
Currently the cldap ping is using the ldap_search_timeout since it is
basically a LDAP search operation. However, the default of
ldap_search_timeout is 6s which is quite a long time for the discovery
of the AD DCs where the cldap ping is a part of. The default even
collides which the default of dns_resolver_timeout which might easily
lead to failures during the discovery phase.
To avoid the addition of a new option this patch is using
dns_resolver_server_timeout, which has a default of 1000ms (1s), as new
timeout for the clapd ping. Since the original purpose of the timeout is
the waiting time for a reply from a DNS server and both DNS and cldap by
default use UDP I think reusing the option here is justified.
Resolves: https://github.com/SSSD/sssd/issues/5875
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
beb5dd52 by Alexey Tikhonov at 2021-12-07T13:19:15+01:00
SSS_CLIENT: fixed few covscan issues
Fixes following covscan issues:
```
Error: TAINTED_SCALAR (CWE-20):
sssd-2.6.1/src/sss_client/subid/sss_subid.c:75: tainted_argument: Calling function "sss_cli_make_request_with_checks" taints argument "*repbuf".
sssd-2.6.1/src/sss_client/subid/sss_subid.c:94: identity_transfer: Passing "repbuf + 4UL" as argument 2 to function "safealign_memcpy", which sets "num_results" to the dereference of that argument.
sssd-2.6.1/src/sss_client/subid/sss_subid.c:94: tainted_data_transitive: Call to function "safealign_memcpy" with tainted argument "*repbuf" transitively taints "num_results".
sssd-2.6.1/src/sss_client/subid/sss_subid.c:116: tainted_data: Passing tainted expression "num_results * 16UL" to "malloc", which uses it as an allocation size.
sssd-2.6.1/src/sss_client/subid/sss_subid.c:116: remediation: Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
# 114| }
# 115|
# 116|-> *ranges = malloc(num_results * sizeof(struct subid_range));
# 117| if (!*ranges) {
# 118| free(repbuf);
Error: TAINTED_SCALAR (CWE-20):
sssd-2.6.1/src/sss_client/subid/sss_subid.c:75: tainted_argument: Calling function "sss_cli_make_request_with_checks" taints argument "*repbuf".
sssd-2.6.1/src/sss_client/subid/sss_subid.c:94: identity_transfer: Passing "repbuf + 4UL" as argument 2 to function "safealign_memcpy", which sets "num_results" to the dereference of that argument.
sssd-2.6.1/src/sss_client/subid/sss_subid.c:94: tainted_data_transitive: Call to function "safealign_memcpy" with tainted argument "*repbuf" transitively taints "num_results".
sssd-2.6.1/src/sss_client/subid/sss_subid.c:122: tainted_data: Using tainted variable "num_results" as a loop boundary.
sssd-2.6.1/src/sss_client/subid/sss_subid.c:122: remediation: Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
# 120| }
# 121|
# 122|-> for (uint32_t c = 0; c < num_results; ++c) {
# 123| SAFEALIGN_COPY_UINT32(&val, repbuf + index, &index);
# 124| (*ranges)[c].start = val;
Error: TAINTED_SCALAR (CWE-20):
sssd-2.6.1/src/sss_client/subid/sss_subid.c:176: tainted_argument: Calling function "shadow_subid_list_owner_ranges" taints argument "amount".
sssd-2.6.1/src/sss_client/subid/sss_subid.c:183: tainted_data: Using tainted variable "amount" as a loop boundary.
sssd-2.6.1/src/sss_client/subid/sss_subid.c:183: remediation: Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
# 181| *result = false;
# 182|
# 183|-> for (int i = 0; i < amount; ++i) {
# 184| if ((range[i].start <= start) &&
# 185| (range[i].start + range[i].count >= end)) {
```
Resolves: https://github.com/SSSD/sssd/issues/5878
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
a56b8d1a by Pavel Březina at 2021-12-07T13:19:37+01:00
utils: ignore systemd and sd-pam process in get_active_uid_linux()
We iterate processes in /proc to get the list of active users (users
that has any process running). However, recent change in systemd makes
systemd and sd-pam process ligner for few more seconds when the user has
logged out which breaks the no-session functionality in pam responder.
If user is logged in, another process then systemd and sd-pam must be
running. Therefore we can just ignore these from the list.
```
admin 351997 0.4 0.0 22648 14636 ? Ss 13:25 0:00 /usr/lib/systemd/systemd --user
admin 351999 0.0 0.0 201464 7756 ? S 13:25 0:00 (sd-pam)
```
Resolves: https://github.com/SSSD/sssd/issues/5900
:fixes: Quick log out and log in did not correctly refresh
user's initgroups in `no_session` PAM schema due to lingering
systemd processes.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
29515ace by Anuj Borah at 2021-12-09T10:11:06+01:00
Tests: Podman supports subid ranges managed by FreeIPA
Podman supports subid ranges managed by FreeIPA
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
- - - - -
23b9c5e9 by Jakub Vavra at 2021-12-09T10:11:21+01:00
Tests: Add test for bz1636002.
Verifies: #5782
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1636002
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
cde56349 by Anuj Borah at 2021-12-10T13:05:18+01:00
Tests: Fix pytest-alltests-tier1
https://bugzilla.redhat.com/show_bug.cgi?id=1914843
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
9acd1177 by Pavel Březina at 2021-12-13T20:15:29+01:00
intg: remove unused is_secrets_socket()
Use of this function was removed in:
10069b1d39e671b7502c5211883c94ceaa91aebb
```
sssd/build/../src/tests/intg/getsockopt_wrapper.c:31:13: error: ‘is_secrets_socket’ defined but not used [-Werror=unused-function]
31 | static bool is_secrets_socket(int fd)
```
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
- - - - -
5ee8657c by Alexey Tikhonov at 2021-12-13T20:15:39+01:00
SPEC: avoid weak dependencies
Require packages if really needed, suggest otherwise.
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
c6ad2827 by Dan Lavu at 2021-12-13T20:17:03+01:00
Adding multidomain test cases for bz2013297 and bz2018432
Created multidomain pytest test suite
- test cases to for bz2013297 and bz2018432 has been added
- testsuite will provision a parent and tree domain and two childs
- qeclass had to be modified to count AD servers outside of a single
domain for allow pytest-multihost to work.
Signed-off-by: Dan Lavu <dlavu at redhat.com>
Reviewed-by: Scott Poore <spoore at redhat.com>
- - - - -
9c447dc8 by Iker Pedrosa at 2021-12-13T20:19:17+01:00
usertools: force local user for sssd process user
System hardening by forcing the sssd user to be loaded from a local
database (/etc/passwd) instead of using any remote user. This could
happen in very special conditions and might change the owner of the sssd
databases and generate a denial of service.
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
- - - - -
3d25724d by Iker Pedrosa at 2021-12-13T20:19:17+01:00
man: sssd.conf and sssd-ifp clarify user option
user and allowed_uids options should be accessible via the files service
of nsswitch.conf.
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
- - - - -
d4357235 by Alexey Tikhonov at 2021-12-13T20:19:37+01:00
P11_CHILD: fix mem leak in case get_preferred_rsa_mechanism() doesn't match anything.
Spotted by David Ward at https://github.com/SSSD/sssd/pull/5855#discussion_r767161781
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
2a3035d3 by Iker Pedrosa at 2021-12-15T12:51:39+01:00
contrib: sssd krb5 configuration snippet
Add a configuration snippet for krb5 that points to the folder where the
sssd configuration for this service is located. This will enable
passwordless (GSSAPI) ssh to work without any sssd configuration change.
Resolves: https://github.com/SSSD/sssd/issues/5893
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
3ef7952e by Justin Stephenson at 2021-12-16T13:43:06+01:00
Analyzer: Remove python-click dependency
As python-click will not be in RHEL9, switch to using the builtin
argparse python module.
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
46843d02 by Iker Pedrosa at 2021-12-16T17:06:32+01:00
test: fix pep8 complaint
Fix pep8 complaint about over-indentation in test_multidomain.py file. I
guess this is only happening in RHEL8 and Debian because the tool was
forked to pycodestyle, only it is being updated and pycodestyle isn't
available for those distributions from the package manager.
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
- - - - -
1e747fad by Iker Pedrosa at 2021-12-17T20:42:55+01:00
krb5: write kdcinfo.* file with port configuration
When writing the 'kdcinfo.*' file take into account all the information
set in the 'krb5_server' option, including the port. This wasn't taken
into account and that's why the kerberos child only used the address
part, thus being unable to contact the service in the server.
Resolves: https://github.com/SSSD/sssd/issues/5919
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
8d54b8c0 by Iker Pedrosa at 2021-12-17T22:45:48+01:00
man: update ifp options for FindByValidCertificate
Include a reference to ca_db, p11_child_timeout and
certificate_verification in sssd-ifp man page. These options can used be
to control how the certificates are validated with
FindByValidCertificate() API.
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
fd0f087a by Iker Pedrosa at 2021-12-17T22:45:48+01:00
ifp: improve FindByValidCertificate() error
Improve the error handling for FindByValidCertificate() by returning a
specific exception ID when the certificate authority file is missing.
Moreover, the log lines have been changed to point to p11_child logs
when an unknown error happens.
Finally, a new test case has been created for the certificate authority
file missing situation.
Resolves: https://github.com/SSSD/sssd/issues/5911
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
21caecae by Scott Poore at 2021-12-20T15:12:50+01:00
Tests: add docstring in intg/test_infopipe.py
Adding docstring to test_find_by_valid_certificate to define some
metadata for tracking the test case.
Minimal content needed is:
- """<test_function_name_next_to_opening_docstring_quotes>
- <blank line after opening quotes>
- :id: <generated UUID>
- :title: SSSD-TC: <Feature or functional area>: <Title of test>
- :casecompoent: sssd
- :subsystemteam: sst_idm_sssd
The id and title will differ per tests going forward but, the last two
are defaults needed.
The opening quotes line needs to include the test function or method
name so that the UUID used for the id is associated with function name
within the docstring. The blank line is also needed after to indicate
the start of the parameters list.
Command used to generate UUID:
python3 -c 'import uuid; print(uuid.uuid4())'
Tests: #5224
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
- - - - -
662f9296 by Weblate at 2021-12-20T17:49:00+03:00
po: update translations
(Czech) currently translated at 5.7% (151 of 2621 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/cs/
po: update translations
(Czech) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/
po: update translations
(Chinese (Simplified) (zh_CN)) currently translated at 99.3% (615 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
po: update translations
(Spanish) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/
po: update translations
(Korean) currently translated at 13.8% (362 of 2615 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Spanish) currently translated at 96.9% (600 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/
po: update translations
(Korean) currently translated at 13.3% (349 of 2615 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Ukrainian) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/
po: update translations
(Polish) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/
po: update translations
(Korean) currently translated at 13.0% (341 of 2615 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 30.7% (190 of 617 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
- - - - -
33ab1110 by Alexey Tikhonov at 2021-12-20T16:42:16+01:00
pot: update pot files
- - - - -
d0079cd9 by Weblate at 2021-12-22T13:29:32+03:00
po: update translations
(Korean) currently translated at 13.8% (362 of 2615 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
po: update translations
(Japanese) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/
po: update translations
(French) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
- - - - -
1f75fbf8 by Alexey Tikhonov at 2021-12-22T11:38:00+01:00
pot: update pot files
- - - - -
e8e7e23a by Justin Stephenson at 2021-12-22T23:54:19+01:00
util: Split chain ID tevent functions
Commonly used chain ID functions sss_chain_id_get() and
sss_chain_id_set() will be isolated from requiring
tevent when building sources.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
6f217eac by Justin Stephenson at 2021-12-22T23:54:19+01:00
RESPONDER: Remove extraneous client ID logging
Prevent duplicate ID logging. ID will be logged in separate commit
with added tevent chain ID support in responders.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
9296eaf9 by Justin Stephenson at 2021-12-22T23:54:19+01:00
sbus: Remember outgoing request chain ID
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
2b6edf77 by Justin Stephenson at 2021-12-22T23:54:20+01:00
RESPONDER: Support chain ID logging
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
526f7314 by Justin Stephenson at 2021-12-22T23:54:20+01:00
chain_id: Add support for custom debug format
Inform the debug module when a responder process is sending debug
log messages, use the [CID #] tag in responder code and [RID #]
tag in backend/child process code.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
cb70739f by Justin Stephenson at 2021-12-22T23:54:20+01:00
krb5_child: Add chain ID logging support
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
60712f31 by Justin Stephenson at 2021-12-22T23:54:20+01:00
gpo: Add chain ID logging support
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
c92d39a3 by Justin Stephenson at 2021-12-22T23:54:20+01:00
ipa_selinux: Add chain ID logging support
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
be482ac3 by Justin Stephenson at 2021-12-22T23:54:20+01:00
p11_child: Add chain ID logging support
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
06d3e79c by Justin Stephenson at 2021-12-22T23:54:20+01:00
proxy_child: Add chain ID logging support
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
1959a2bb by Justin Stephenson at 2021-12-22T23:54:20+01:00
Analyzer: Parse the responder request ID
This is needed to parse out the responder request ID field properly. Due
to Responder tevent chain ID support, the Request ID is in a
different part of the log message.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
0ba456f9 by Justin Stephenson at 2021-12-22T23:54:20+01:00
Analyzer: Add --child argument to 'request show'
The analyzer tool will search for requests (RID# log messages)
in any existing child log files when --child is provided.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
7825e0d3 by Justin Stephenson at 2021-12-22T23:54:20+01:00
Analyzer: Search all responder log files
With the tevent chain ID logged into all responder debug messages,
the analyzer can search responders for [CID#X] in 'request show' output.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
ca1d7e29 by Stanislav Levin at 2021-12-22T23:54:20+01:00
sss-analyze: Fix self imports
- fixed self imports to allow any other Python stuff use `sssd`
Python package
- tranformed `sssd` Python package from namespace to regular one
- moved the executable out to libexec directory to split library and
actual executable (sss_analyze is not intended to be a standalone tool)
- fixed W0611(unused-import) found by Pylint
Resolves: https://github.com/SSSD/sssd/issues/5842
Signed-off-by: Stanislav Levin <slev at altlinux.org>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
9d627081 by Justin Stephenson at 2021-12-22T23:54:20+01:00
Analyzer: Avoid circular import
Addresses the following error:
Traceback (most recent call last):
File "/usr/libexec/sssd/sss_analyze", line 3, in <module>
from sssd import sss_analyze
File "/usr/lib/python3/site-packages/sssd/sss_analyze.py", line 3, in
<module>
from sssd.modules import request
File "/usr/lib/python3/site-packages/sssd/modules/request.py", line 6,
in <module>
from sssd.sss_analyze import SubparsersAction
ImportError: cannot import name 'SubparsersAction' from partially
initialized module 'sssd.sss_analyze' (most likely due to a circular
import) (/usr/lib/python3/site-packages/sssd/sss_analyze.py)
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
1110bd59 by Justin Stephenson at 2021-12-22T23:54:20+01:00
Analyzer: Fail if chain ID support is missing
Some distributions may install the SSSD log analyzer with
an older version of libtevent which does not support tevent chain ID.
Without chain ID support, the analyzer is effectively useless so we
will just fail and return in this condition.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
977d450e by Alexey Tikhonov at 2021-12-23T13:22:24+01:00
pot: update pot files
- - - - -
36ba613a by Alexey Tikhonov at 2021-12-23T13:23:57+01:00
Release sssd-2.6.2
- - - - -
14c5da6f by Dhairya Parmar at 2021-12-27T14:36:36+01:00
localuser changed to user on line 59
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
cf5270a9 by Dhairya Parmar at 2021-12-27T14:36:36+01:00
indentation of ssh.close() on line 66 corrected
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
d5467ad7 by Jakub Vavra at 2021-12-27T14:40:29+01:00
Tests: Update AD ssh password change test.
Reviewed-by: Dan Lavu <dlavu at redhat.com>
- - - - -
5a2e0ebe by Sumit Bose at 2022-01-04T13:03:37+01:00
ipa: fix reply socket of selinux_child
Commit c92d39a30fa0162d4efdfbe5883c8ea9911a2249 accidentally switched
the reply socket of selinux_child from stdout to stderr while switching
from exec_child to exec_child_ex. This patch returns the original
behavior.
Resolves: https://github.com/SSSD/sssd/issues/5939
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
- - - - -
104f513c by Alexey Tikhonov at 2022-01-05T16:48:39+01:00
IPA: get_object_from_cache(): don't touch output arg `_msg` in case object wasn't found (i.e. ENOENT returned)
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
e9a25bb0 by Alexey Tikhonov at 2022-01-05T16:48:39+01:00
IPA: get_object_from_cache(): - reduce log level in case object wasn't found in cache - slightly reduce code duplication
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
28af1752 by Alexey Tikhonov at 2022-01-05T16:49:36+01:00
Removed unused file.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pawel Polawski <ppolawsk at redhat.com>
- - - - -
868f3874 by Alexey Tikhonov at 2022-01-05T17:06:46+01:00
RESPONDER: reduce log level in case files provider in inconsistent state falls back to NSS.
`ENOENT` return code of `sss_dp_account_files_params()` means
"can't serve request, but 'falls back to NSS' is enabled".
This (consciously configured) scenario doesn't justify `SSSDBG_OP_FAILURE`
that triggers a backtrace with default logging settings.
Reviewed-by: Pawel Polawski <ppolawsk at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
e7069c53 by Weblate at 2022-01-05T19:23:14+03:00
po: update translations
(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
po: update translations
(Japanese) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/
po: update translations
(French) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
po: update translations
(Finnish) currently translated at 3.5% (93 of 2627 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/fi/
po: update translations
(Swedish) currently translated at 100.0% (2627 of 2627 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Swedish) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/
po: update translations
(Korean) currently translated at 14.4% (379 of 2615 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Ukrainian) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/
po: update translations
(Polish) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/
po: update translations
(Korean) currently translated at 14.4% (379 of 2615 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Korean) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Korean) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Finnish) currently translated at 6.1% (38 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fi/
po: update translations
(Finnish) currently translated at 6.1% (38 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fi/
po: update translations
(Chinese (Traditional) (zh_TW)) currently translated at 7.9% (49 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_TW/
po: update translations
(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
po: update translations
(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
po: update translations
(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
po: update translations
(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
po: update translations
(Ukrainian) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/
po: update translations
(Ukrainian) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/
po: update translations
(Turkish) currently translated at 15.1% (94 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
po: update translations
(Turkish) currently translated at 15.1% (94 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
po: update translations
(Tajik) currently translated at 0.9% (6 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tg/
po: update translations
(Swedish) currently translated at 99.0% (613 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/
po: update translations
(Swedish) currently translated at 99.0% (613 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/
po: update translations
(Russian) currently translated at 99.0% (613 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
po: update translations
(Russian) currently translated at 99.0% (613 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
po: update translations
(Russian) currently translated at 99.0% (613 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
po: update translations
(Portuguese (Brazil)) currently translated at 0.8% (5 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pt_BR/
po: update translations
(Portuguese) currently translated at 15.6% (97 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pt/
po: update translations
(Polish) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/
po: update translations
(Polish) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/
po: update translations
(Dutch) currently translated at 47.6% (295 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/nl/
po: update translations
(Norwegian Bokmål) currently translated at 2.2% (14 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/nb_NO/
po: update translations
(Japanese) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/
po: update translations
(Japanese) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/
po: update translations
(Japanese) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/
po: update translations
(Italian) currently translated at 19.0% (118 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/it/
po: update translations
(Italian) currently translated at 19.0% (118 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/it/
po: update translations
(Indonesian) currently translated at 8.7% (54 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/id/
po: update translations
(Hungarian) currently translated at 7.1% (44 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/hu/
po: update translations
(French) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
po: update translations
(French) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
po: update translations
(French) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
po: update translations
(French) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
po: update translations
(Basque) currently translated at 6.7% (42 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/eu/
po: update translations
(Spanish) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/
po: update translations
(Spanish) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/
po: update translations
(German) currently translated at 51.5% (319 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/de/
po: update translations
(German) currently translated at 51.5% (319 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/de/
po: update translations
(Czech) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/
po: update translations
(Czech) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/
po: update translations
(Czech) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/
po: update translations
(Catalan) currently translated at 55.7% (345 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ca/
po: update translations
(Bulgarian) currently translated at 15.1% (94 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/bg/
po: update translations
(Ukrainian) currently translated at 100.0% (2627 of 2627 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/
po: update translations
(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
- - - - -
9ba593e9 by Anuj Borah at 2022-01-06T12:38:18+01:00
Tests: Fix python-alltests-tier1-2
only local users can be configured in `allowed_uids`
This check is now enforced - see https://github.com/SSSD/sssd/pull/5867
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
58b3233f by Shridhar Gadekar at 2022-01-06T12:38:35+01:00
Tests: Health and Support Analyzer - Add request log parsing utility
Verifies: #5712
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1294670
Reviewed-by: Anuj Borah <aborah at redhat.com>
- - - - -
4897c287 by Jakub Vavra at 2022-01-06T12:39:12+01:00
Tests: Add a test for BZ2004406
Overriding both user and group names and ids in
an idview for user and group from AD results in error in sssd
when running id command.
Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=2004406
https://bugzilla.redhat.com/show_bug.cgi?id=2031729
Verifies: #5790
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
bf6059eb by Sumit Bose at 2022-01-17T12:27:35+01:00
ad: add required 'cn' attribute to subdomain object
If the forest root is not part of the return trusted domain objects
from the local domain controller we generate an object for further
processing. During this processing it is expected that the 'cn'
attribute is set and contains the name of the forest root. So far this
attribute was missing and it is now added by this patch.
Resolves: https://github.com/SSSD/sssd/issues/5926
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
ca8cef0f by Iker Pedrosa at 2022-01-17T16:28:26+01:00
krb5: AD and IPA don't change Kerberos port
AD and IPA providers use a common fo_server object for LDAP and
Kerberos, which is created with the LDAP data. This means that due to
the changes introduced in
https://github.com/SSSD/sssd/commit/1e747fad4539ffb402010e73f78469fe57af408f
the port in use for the Kerberos requests would be the one specified for
LDAP, usually the default one (389).
In order to avoid that, AD and IPA providers shouldn't change the
Kerberos port with the one provided for LDAP.
:fixes: A critical regression that prevented authentication of users via
AD and IPA providers was fixed. LDAP port was reused for Kerberos
communication and this provider would send incomprehensible information
to this port.
Resolves: https://github.com/SSSD/sssd/issues/5947
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
b6929c44 by Anuj Borah at 2022-01-17T16:28:40+01:00
Tests: Fix python-alltests-tier1-2 Add local users
only local users can be configured in `allowed_uids`
This check is now enforced - see https://github.com/SSSD/sssd/pull/5867
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
42a3f8fe by Sumit Bose at 2022-01-19T11:46:16+01:00
man: clarify ldap_idmap_range_max
ldap_idmap_range_max is the first ID which cannot be used for mapping
anymore.
Resolves: https://github.com/SSSD/sssd/issues/5938
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
b76436f8 by Justin Stephenson at 2022-01-19T11:50:14+01:00
TESTS: Restrict smartcard in sc auth tests
Smartcard auth related tests can fail when tests are run on a
machine(F34) with a yubikey inserted. Add a p11_uri option to filter
only the softhsm2-used test cards.
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
e03a2dea by Justin Stephenson at 2022-01-19T11:50:14+01:00
P11: Increase array size of extra_args
Setting the p11_uri for PAM smartcard auth tests leads to some
tests (test_pam_cert_autH) requiring >18 elements as arg_c.
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
7e926941 by Anuj Borah at 2022-01-20T16:56:03+01:00
Tests: Fix yum repoquery --recommends sssd-tools test
The reason for this patch is the change of sssd-tools's sssd-dbus dependency
from Recommends to Requires included in
https://github.com/SSSD/sssd/commit/5ee8657c38f4849694bcb3f2ce958012f072ace0
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
237b99b8 by Anuj Borah at 2022-01-25T11:10:01+01:00
Tests: Fix setup_ipa_client fixture
Fix setup_ipa_client fixture as it does not use mkhomedir
option while configuring client with IPA server.
Reviewed-by: Anuj Borah <aborah at redhat.com>
- - - - -
2b0bd0b3 by Tomas Halman at 2022-01-25T11:10:14+01:00
ad: do not write kdc info file for GC lookup
:fixes: When authenticating AD users, backtrace was triggered even
though everything was working correctly. This was caused by a search
in the global catalog. Servers from the global catalog are filtered
out of the list before writing the KDC info file. With this fix,
SSSD does not attempt to write to the KDC info file when performing
a GC lookup.
Resolves: https://github.com/SSSD/sssd/issues/5956
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
4e3385c9 by Anuj Borah at 2022-01-25T11:10:27+01:00
Tests: RFE pass KRB5CCNAME to pam_authenticate environment if available
Automation of sudo bug 1917379 in sssd tests
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
244c9f66 by Dan Lavu at 2022-01-25T11:10:46+01:00
Adding pytest multiforest tests
- admultidomain requires a minimum of four servers but will be extended
to five.
- test_multiforest will test authentication from two different forests
- updating test_multidomain with better test logic
Signed-off-by: Dan Lavu <dlavu at redhat.com>
Reviewed-by: Scott Poore <spoore at redhat.com>
- - - - -
a8c2e399 by Madhuri Upadhye at 2022-01-25T11:11:03+01:00
Check default debug level of sssd and corresponding logs
It consists of five test cases:
1. Check default debug level when sssd start
successfully
2. Check default debug level by
successful authentication of the user
3. Check default level as 0 and 1
4. Check default level as 2
5. Check SBUS code should not trigger failure
message during modules startup
Verifies:
Issues: #5422
#5425
Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1893159
https://bugzilla.redhat.com/show_bug.cgi?id=1915319
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Anuj Borah <aborah at redhat.com>
- - - - -
d3424c02 by Steeve Goveas at 2022-01-25T11:11:03+01:00
prepend 'r' raw to avoid deprecation errors
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Anuj Borah <aborah at redhat.com>
- - - - -
d8f558c2 by Weblate at 2022-01-25T11:34:37+01:00
po: update translations
(Korean) currently translated at 24.5% (641 of 2615 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 18.6% (488 of 2615 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
- - - - -
e58b14af by Pavel Březina at 2022-01-25T11:44:04+01:00
pot: update pot files
- - - - -
2de07587 by Pavel Březina at 2022-01-25T11:44:31+01:00
Release sssd-2.6.3
- - - - -
15 changed files:
- Makefile.am
- + contrib/enable_sssd_conf_dir
- contrib/sssd.spec.in
- po/bg.po
- po/ca.po
- po/cs.po
- po/de.po
- po/es.po
- po/eu.po
- po/fi.po
- po/fr.po
- po/hu.po
- po/id.po
- po/it.po
- po/ja.po
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/compare/02183611c3c94744de31ca8817ab11d022a26062...2de0758795605ad2c71b445ea993ea7b80fd322b
--
View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/compare/02183611c3c94744de31ca8817ab11d022a26062...2de0758795605ad2c71b445ea993ea7b80fd322b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-sssd-devel/attachments/20220210/3904dfd0/attachment-0001.htm>
More information about the Pkg-sssd-devel
mailing list