[Pkg-sssd-devel] [Git][sssd-team/sssd][master] 241 commits: CI: update flake8 action reference
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Thu Oct 27 11:03:30 BST 2022
Timo Aaltonen pushed to branch master at Debian SSSD packaging / sssd
Commits:
ecc8aa71 by Iker Pedrosa at 2022-04-28T13:02:49+02:00
CI: update flake8 action reference
flake8 action was pointing to my fork because there was an unresolved
problem in the main repository. Now that the fix has been merged we can
update the reference.
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
e83e1065 by Iker Pedrosa at 2022-04-28T13:03:20+02:00
p11_child: enable more than one CRL PEM file
Enable support for more than one CRL PEM file. p11_child parses the
crl_file list passed as argument, loads all the files and makes the
validation.
Finally, add a new test case in test_utils to check that the p11_child
crl_file argument has been parsed correctly. Add another five test
cases in test_oam_srv to check the validation process.
:config: multiple crl_file arguments can be used in the
certificate_verification option.
Resolves: https://github.com/SSSD/sssd/issues/6086
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
dff9ba78 by Pavel Březina at 2022-04-28T13:03:40+02:00
ci: switch to write-file-action
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
a2517ef8 by Alexey Tikhonov at 2022-05-02T11:22:45+02:00
SDAP: got rid of unused function argument
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
4b8d781f by Alexey Tikhonov at 2022-05-02T11:22:45+02:00
SDAP: got rid of unsused state member
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
cabc6cee by Alexey Tikhonov at 2022-05-02T11:22:45+02:00
SDAP: sdap_get_generic_send(): fix mem leak
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
460d02d1 by Pavel Březina at 2022-05-05T15:28:14+02:00
ci: disable Jenkins jobs
All jobs were replaced by Github Actions.
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
3f177aa3 by Steeve Goveas at 2022-05-06T12:28:24+02:00
TEST: Fix docstrings for successful polarion import
A blank line after the first line in the doc is important for betelgeuse
The steps and expectedresults should have proper indents for importer to
adde the steps in the table format in the test case in polarion
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
da1d8eb4 by Anuj Borah at 2022-05-06T12:28:45+02:00
Tests: Fix ns_account test with sleep time
Fix ns_account test with sleep time
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
8edb287a by Madhuri Upadhye at 2022-05-06T12:29:04+02:00
Tests: ipa: Add automation of BZ1859751
Add automation of Allow SSSD to use anonymous
pkinit for FAST
verify:
https://bugzilla.redhat.com/show_bug.cgi?id=1859751
https://github.com/SSSD/sssd/issues/5961
Signed-off-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
0c35ed53 by Shridhar Gadekar at 2022-05-06T12:29:22+02:00
Tests:port rfc2307 username begin with a space
Minor string-formatter change (added f-string)
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
ba5d4708 by Madhuri Upadhye at 2022-05-06T12:29:40+02:00
Tests: Document: Document to run the tests using multihost config.
Signed-off-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
a6566e1c by Madhuri Upadhye at 2022-05-06T12:29:58+02:00
Tests: Document: Setup python virtual environment to run pytest.
Signed-off-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
1eec0aae by Pavel Březina at 2022-05-06T12:30:59+02:00
ci: enable ci for sssd-2-7
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
950a77d5 by Pavel Březina at 2022-05-06T12:30:59+02:00
ci: fix syntax for flake8 job
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
2591f8d7 by Sumit Bose at 2022-05-09T10:17:06+02:00
spec: mention oidc_child in description
Since oidc_child is part of the sssd-idp sub-package it should be
mentioned in the summary and the description.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
0a8d8f9e by Pavel Březina at 2022-05-09T10:17:28+02:00
ci: enable copr builds for CentOS Stream 8
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
1859523d by Tomas Halman at 2022-05-09T10:17:50+02:00
SPEC: python egg info format change
In the new python egg-info changed from a file to a folder with
several files.
This patch fixes the SPEC file to handle it correctly in both cases.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
9d2d6c07 by Tomas Halman at 2022-05-09T10:17:50+02:00
make: clean python new files
New python produces more files during build. We have to
remove them during cleanup.
This patch fixes the `make distcheck` error in Fedora Rawhide.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
2b6349c3 by Pavel Březina at 2022-05-09T12:19:10+02:00
ci: fix syntax error in copr build
- - - - -
4b843859 by Pavel Březina at 2022-05-09T19:36:27+02:00
configure: fix libkrad detection
`main` is obviously not a symbold defined in the library
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
- - - - -
e4d75912 by Pavel Březina at 2022-05-09T19:36:27+02:00
cert: fix assignment discards _const_ qualifier from pointer target type
```
/shared/workspace/sssd/src/util/cert/libcrypto/cert.c:307:17: error: assignment discards _const_ qualifier from pointer target type [-Werror=discarded-qualifiers]
307 | rsa_pub_key = EVP_PKEY_get0_RSA(cert_pub_key);
```
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
- - - - -
ef014b8b by Pavel Březina at 2022-05-09T19:36:27+02:00
ci: allow deprecated functions during build
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
- - - - -
386c6d3e by Alexey Tikhonov at 2022-05-12T12:57:39+02:00
SPEC: drop sssd-ipa dependency on sssd-idp
:packaging: sssd-ipa doesn't require sssd-idp
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
f7c50980 by Madhuri Upadhye at 2022-05-12T12:57:58+02:00
Test: ipa: remove useless fixture call
remove setup_ipa_client from list as its a session scope
fixture with autouse is true.
Signed-off-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
72a403e9 by Anuj Borah at 2022-05-12T12:58:15+02:00
Tests: Fix sss_analyzer tests
Fix sss_analyzer tests
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
e254ba8f by Anuj Borah at 2022-05-12T12:58:34+02:00
Tests: Enabling ssctl_ldap test cases
copr build of nss-pam-ldapd package would be used
to execute these tests. We no longer need to skip it.
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
b9094ee6 by Steeve Goveas at 2022-05-12T12:58:51+02:00
TEST: Update default debug levels expected in logs
new debug level "SSSDBG_PERF_STAT" is added to show statistical and performance
data and included in "SSSDBG_IMPORTANT_INFO" making it 0x3f7c0
https://github.com/SSSD/sssd/commit/775150b5800611191da85b01c5113b446f997d1b
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
624ad523 by Steeve Goveas at 2022-05-12T12:59:21+02:00
TEST: Add missing markers in pytest.ini
Some markers from alltests were missing in pytest.ini causing warning
messages. Add those markers and sorted them alphabetically for
readability.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
- - - - -
7b1033d1 by Alexey Tikhonov at 2022-05-12T12:59:39+02:00
sssctl: fixed log message
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
a90ef949 by Alexey Tikhonov at 2022-05-12T12:59:39+02:00
SDAP: sdap_nested_group_deref_direct_process(): store 'state->members' in a hash table to reduce computational complexity during "new member" check.
Resolves: https://github.com/SSSD/sssd/issues/5134
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
bd085431 by Sumit Bose at 2022-05-12T13:00:07+02:00
sdap: move some functions from sysdb to sdap
Some functions which are currently provided by sysdb are only used in
the LDAP provider to process data received from LDAP. In this case it is
about functions which try to determine a suitable name for the object in
the cache. The goal is to be able to use some calls form libldap without
adding a dependency to libldap to the sysdb code.
Resolves: https://github.com/SSSD/sssd/issues/6122
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
3af930e5 by Sumit Bose at 2022-05-12T13:00:07+02:00
sdap: rename functions copied from sysdb
The functions copied from sysdb to the sdap code are renamed to remove
the 'sysdb' prefix.
Resolves: https://github.com/SSSD/sssd/issues/6122
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
e88559fa by Sumit Bose at 2022-05-12T13:00:07+02:00
sdap: replace sysdb_attrs_primary_name() with sdap_get_primary_name()
sdap_get_primary_name() is basically a wrapper for
sysdb_attrs_primary_name(). To remove the sysdb dependency to allow a
different implementation of sdap_get_primary_name() all calls to
sysdb_attrs_primary_name() are replaced by calls to
sdap_get_primary_name().
To be compatible with the parameter list the talloc memory context is
remove from the parameter list of sdap_get_primary_name() and the
function will return a reference to existing memory which should not be
modified.
Resolves: https://github.com/SSSD/sssd/issues/6122
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
e587572b by Sumit Bose at 2022-05-12T13:00:07+02:00
sdap: move sysdb_attrs_primary_name() into sdap_get_primary_name()
sysdb_attrs_primary_name() is not called directly anymore but only
through sdap_get_primary_name(). The implementation is removed from the
sysdb code and moved into sdap_get_primary_name().
Resolves: https://github.com/SSSD/sssd/issues/6122
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
bb4e9301 by Sumit Bose at 2022-05-12T13:00:07+02:00
sdap: make sdap_get_primary_name() aware of multi-valued RDNs
The RDN related functions of libldb are not aware of multi-valued RDNs
like e.g. "cn=host.example.net+ipHostNumber=198.168.1.1" as defined in
section 2.3.1 of RFC-4512. To be able to reliable derive a name for the
object in the cache in case the object stored in LDAP has multiple
values for e.g. the 'cn' attribute assigned SSSD must be able to handle
the multi-valued RDNs properly. Since OpenLDAP's libldap allows this the
current implementation is replace by a new one which is using the
decomposed LDAPDN structure returned by ldap_str2dn().
:relnote: SSSD can now handle multi-valued RDNs if a unique name must be
determined with the help of the RDN.
Resolves: https://github.com/SSSD/sssd/issues/6122
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
dd1f4902 by Sumit Bose at 2022-05-12T13:00:07+02:00
sdap: removed unused dom parameter from sdap_get_primary_name()
For the new implementation the dom parameter is not needed anymore and
can be removed.
Resolves: https://github.com/SSSD/sssd/issues/6122
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
952b9bd7 by Sumit Bose at 2022-05-12T13:00:07+02:00
sdap: add tests for sdap_get_primary_name
Resolves: https://github.com/SSSD/sssd/issues/6122
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
97eabb7e by Sumit Bose at 2022-05-12T13:00:30+02:00
proxy: lower child count even if there is an error
If the proxy_child_send() request returns an error the number of running
child processes is not updated although most probably SIGKILL was
already send to the child.
Resolves: https://github.com/SSSD/sssd/issues/6114
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
67270a08 by Sumit Bose at 2022-05-12T13:00:30+02:00
proxy: finish request if proxy_child is terminated
If proxy_child is terminated by a signal, e.g. by the child's watchdog,
the backend is handling the signal but any related tevent request is not
finished. It will eventually finish if the SBus/DBus timeout is
reached.
This patch makes the signal handler aware of the request so that is can
be finished with an error.
Resolves: https://github.com/SSSD/sssd/issues/6114
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
4af071af by Sumit Bose at 2022-05-12T13:00:30+02:00
data_provider: add dp_client_cancel_timeout()
Add a call to remove a timeout handler from a sbus_connection.
Resolves: https://github.com/SSSD/sssd/issues/6114
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
4950bc00 by Sumit Bose at 2022-05-12T13:00:30+02:00
proxy: remove DP client timeout handler
Since the proxy_child is using a dedicated Register method for its SBus
connection to the backend it has to remove the generic timeout handler
added during the initial connection by dp_client_init() during its
registration.
Resolves: https://github.com/SSSD/sssd/issues/6114
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
45411d84 by Steeve Goveas at 2022-05-12T13:16:47+02:00
TEST: Implement time logging for the LDAP queries
Test time logging is enabled on setting debug level 9 or bitmask 0x20000
Test to trigger warning message for long query time
Verifies
Issue: https://github.com/SSSD/sssd/issues/5967
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925559
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
91969611 by Anuj Borah at 2022-05-16T12:39:19+02:00
Tests: Fix ns_account test with clear_sssd_cache
Fix ns_account test with clear_sssd_cache
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
a45d58c5 by Steeve Goveas at 2022-05-18T15:39:58+02:00
TEST: Add test for memcache SID
Verifies
Issue: #3768
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1245367
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Anuj Borah <aborah at redhat.com>
- - - - -
686b1c8c by Steeve Goveas at 2022-05-18T15:39:58+02:00
TEST: Update and sort ad pytest.ini
Some test markers were missing. Added them and sorted for readability.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Anuj Borah <aborah at redhat.com>
- - - - -
abce8dbe by Steeve Goveas at 2022-05-25T12:17:24+02:00
TEST: Install iproute-tc for tc
For tc we need iproute-tc package installed if it is not already
installed. In RHEL9.1 it was installed by default but in 8.7 it is not
present.
Reviewed-by: Anuj Borah <aborah at redhat.com>
- - - - -
886ff516 by Alejandro López at 2022-05-25T12:18:02+02:00
sssctl: free one malloc-allocated variable.
One variable is allocated by popt using malloc and has to be freed.
As it is a const char *, we need to bypass the const modifier.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
97cffab3 by Alejandro López at 2022-05-25T12:18:02+02:00
sss_tools: More flexible sss_tool_popt_ex()
Let sss_tool_popt_ex()'s caller decide whether the free option is mandatory.
This is done with a new argument called fopt_require.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
a809db92 by Alejandro López at 2022-05-25T12:18:02+02:00
sbus: Getter for the debug_level property
New debug_level property added to the sssd.service interface.
Getter implemented.
Resolves: https://github.com/SSSD/sssd/issues/6019
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
e82135eb by Alejandro López at 2022-05-25T12:18:02+02:00
sbus: Setter for the debug_level property.
The setter for the recently added property.
Resolves: https://github.com/SSSD/sssd/issues/6019
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
e7974472 by Alejandro López at 2022-05-25T12:18:02+02:00
sssctl: Get and set per-component debug-level
:feature: sssctl is now able to read and set each component's
debug level independently.
Use D-Bus to set/get the debug level.
Resolves: https://github.com/SSSD/sssd/issues/6019
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
d550b5f6 by Pavel Březina at 2022-05-30T12:12:17+02:00
man: add idp indicator
Resolves: https://github.com/SSSD/sssd/issues/6181
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
9aad3071 by Pavel Březina at 2022-05-30T12:12:38+02:00
pam_sss_gss: KRB5CCNAME may be NULL
Resolves: https://github.com/SSSD/sssd/issues/6180
:fixes: A regression in pam_sss_gss module causing a failure if
KRB5CCNAME environment variable was not set was fixed.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
71b14474 by Sumit Bose at 2022-05-30T12:12:58+02:00
ad: add fallback in ad_domain_info_send()
Commit 51e92297157562511baf8902777f02a4aa2e70e6 allowed
ad_domain_info_send() to handle multiple domains by searching for the
matching sdap_domain data. Unfortunately it assumed that the configured
name and the DNS domain name are always matching. This is true for all
sub-domains discovered at runtime by DNS lookups but might not be true
for the domain configured in sssd.conf. Since the configured domain is
the first in the list of sdap_domain data it will be used as a fallback
in case no data could be found by name.
Resolves: https://github.com/SSSD/sssd/issues/6170
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
8270d4c9 by Pavel Březina at 2022-05-30T12:14:55+02:00
readme: add status badges
Reviewed-by: Alejandro Lopez <allopez at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
- - - - -
1e142041 by Alexey Tikhonov at 2022-05-30T12:34:12+02:00
TESTS: new case to test ad_gpo_parse_ini_file()
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
dfadb7da by Iker Pedrosa at 2022-05-30T12:34:18+02:00
ad: prepend GPO_CACHE_PATH in caller function
Prepend the GPO_CACHE_PATH to the samba path in the
ad_gpo_parse_ini_file() caller instead of in this function. This way, we
make ad_gpo_parse_ini_file() completely agnostic to the exact samba path
and we fix the testing setup issues with valgrind.
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
37d2a184 by Alexey Tikhonov at 2022-05-30T12:34:24+02:00
GPO: make ad_gpo_parse_ini_file() to accept full path
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
67814634 by Iker Pedrosa at 2022-06-01T14:54:22+02:00
CI: flake8 move target to pull_request_target
Move flake8 target from pull_request to pull_request_target to be able
to write comments in the PR.
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
5c3d6090 by Iker Pedrosa at 2022-06-01T14:54:22+02:00
CI: update actions version
CodeQL Action v1 is being deprecated and v2 needs to be used instead.
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
2d52fffd by Sumit Bose at 2022-06-02T12:42:27+02:00
ad: make new PAC buffers available
Recently new PAC buffers, PAC_UPN_DNS_INFO_EX, PAC_ATTRIBUTES_INFO,
PAC_REQUESTER_SID were added. With this patch ad_get_data_from_pac() can
return those new buffers as well.
Additionally the information from the PAC_LOGON_INFO and
PAC_UPN_DNS_INFO buffers are checked for consistency and compared with
the user principal name stored in the user object.
Resolves: https://github.com/SSSD/sssd/issues/5868
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
e57ab1ea by Sumit Bose at 2022-06-02T12:42:27+02:00
tests: add PAC upn_dns_info test
Add basic unit tests for the PAC_UPN_DNS_INFO PAC buffer.
Resolves: https://github.com/SSSD/sssd/issues/5868
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
a28f8a33 by Sumit Bose at 2022-06-02T12:42:27+02:00
krb5: add krb5_check_pac option
A new option krb5_check_pac for the krb5 provider is added to control
how the PAC is validated. Currently only the option 'present' which
makes the PAC mandatory, is available.
:config: New option krb5_check_pac to control the PAC validation
behavior.
Resolves: https://github.com/SSSD/sssd/issues/5868
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
6970cb1b by Sumit Bose at 2022-06-02T12:42:27+02:00
pac: apply new pac check options
Resolves: https://github.com/SSSD/sssd/issues/5868
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
30dbecaa by Sumit Bose at 2022-06-02T12:42:28+02:00
ad: enable the PAC responder implicitly for AD provider
To be able to run the extra consistency checks on the PAC the PAC
responder must be running.
Resolves: https://github.com/SSSD/sssd/issues/5868
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
9c12e962 by Sumit Bose at 2022-06-02T12:42:28+02:00
monitor: add implicit_pac_responder option.
The PAC responder is started automatically if the IPA or AD providers
are configured. In case the PAC responder is causing issues the
implicit_pac_responder option is added to disable to automatic start.
:config: New option implicit_pac_responder to control if the PAC
responder is started for the IPA and AD providers, default is 'true'.
Resolves: https://github.com/SSSD/sssd/issues/5868
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
4c7f730b by Sumit Bose at 2022-06-02T12:42:28+02:00
localauth: improve localauth add man page
A man page is added for the Kerberos localauth plugin and the plugin is
using the system's getpwnam_r() to find the user by name instead of
directly talking to SSSD to have the same view as other applications
running on the system.
Resolves: https://github.com/SSSD/sssd/issues/4677
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
b24fd01b by Weblate at 2022-06-02T12:43:32+02:00
po: update translations
(Korean) currently translated at 31.8% (899 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Czech) currently translated at 5.9% (157 of 2632 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/cs/
po: update translations
(Czech) currently translated at 100.0% (625 of 625 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/
po: update translations
(Swedish) currently translated at 100.0% (2632 of 2632 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Swedish) currently translated at 100.0% (625 of 625 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/
po: update translations
(Swedish) currently translated at 99.8% (2627 of 2632 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Swedish) currently translated at 99.5% (622 of 625 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/
po: update translations
(Korean) currently translated at 100.0% (625 of 625 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Russian) currently translated at 100.0% (2632 of 2632 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Korean) currently translated at 100.0% (625 of 625 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Russian) currently translated at 100.0% (2632 of 2632 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Russian) currently translated at 100.0% (625 of 625 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
po: update translations
(Korean) currently translated at 31.6% (894 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Russian) currently translated at 100.0% (2632 of 2632 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Russian) currently translated at 100.0% (625 of 625 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
po: update translations
(Korean) currently translated at 31.6% (893 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 31.3% (885 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 31.3% (884 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 100.0% (625 of 625 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Polish) currently translated at 100.0% (625 of 625 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/
po: update translations
(Ukrainian) currently translated at 100.0% (2632 of 2632 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/
po: update translations
(Ukrainian) currently translated at 100.0% (625 of 625 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/
- - - - -
7126f664 by Pavel Březina at 2022-06-02T12:49:25+02:00
po: translate sssd_krb5_localauth_plugin.8.xml
- - - - -
1a7b53ac by Pavel Březina at 2022-06-02T12:52:38+02:00
pot: update pot files
- - - - -
686786c6 by Pavel Březina at 2022-06-03T13:07:29+02:00
sbus: ensure single new line at end of file
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
d1aa1ab6 by Pavel Březina at 2022-06-03T13:07:29+02:00
sbus: apply changes in codegen
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
242fb3f9 by Iker Pedrosa at 2022-06-06T13:35:57+02:00
Revert "CI: flake8 move target to pull_request_target"
This reverts commit 67814634868523c59dec98876bcf34fb97d3dee8.
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
bff0a4a6 by Steeve Goveas at 2022-06-06T13:36:25+02:00
TEST: Fix the indentation in doctrings
The indentation of multiple lines in the steps and expectedresults must
be properly aligned for the importer to pick correctly.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
e89d7e44 by Steeve Goveas at 2022-06-08T12:12:45+02:00
TEST: Update to search the start string for hostname
There was a recent dns fix in idm-ci due to which the username in the
known_hosts keys has the FQDN of the host. This caused the test to fail.
Reviewed-by: Anuj Borah <aborah at redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
- - - - -
55e93cf1 by Sumit Bose at 2022-06-09T10:29:58+02:00
pac: relax default for pac_check option
PAC might not be always present, especially in IPA environments. So the
default of pac_check should not contain 'pac_present'.
Resolves: https://github.com/SSSD/sssd/issues/5868
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
bb4e054c by Anuj Borah at 2022-06-10T14:43:24+02:00
Tests: port proxy_provider/misc
https://gitlab.cee.redhat.com/sssd/sssd-qe/-/tree/RHEL8.7/client/proxy_provider/misc
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
50a6f23d by Jakub Vavra at 2022-06-13T09:32:26+02:00
Tests: Set FIPS:AD-SUPPORT crypto-policy for AD integration
There is now a new crypto sub-policy for enabling AD interoperability
that needs to be set make AD krb5 work.
https://bugzilla.redhat.com/show_bug.cgi?id=2056676
Reviewed-by: Dan Lavu <dlavu at redhat.com>
- - - - -
9656516b by Sumit Bose at 2022-06-13T12:17:44+02:00
names: only check sub-domains for regex match
It is allowed to have different regular-expression to split the input
name for different domains. After the regex is evaluated and a domain
name was found in the input it has to be check if the domain name
corresponds to the domain the regex is coming from.
E.g. with the implicit files provider enabled the file provider might
use a simple default regex while and additional IPA or AD provider will
have a more complex one which e.g. properly handles @-characters in
names. When evaluation in input the simple regex will come first and
will split the name but will miss part of the user name part if the name
contains an @-character. Currently SSSD check if the found domain name
matches any of the know domains or sub-domains which is wrong because
the regex was coming from the files provider and hence it should only
handle its own objects.
With this patch not all domains are checked but only the current one and
its sub-domains, if any. This behavior is also mentioned in a comment
already in the code. As a result in the above example the check with
the results form the simple regex with fail and then the more complex
regex of the other domain will be used which can split the name
properly.
Resolves: https://github.com/SSSD/sssd/issues/6055
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
8c0c5949 by Weblate at 2022-06-14T22:38:14+03:00
po: update translations
(Ukrainian) currently translated at 100.0% (2658 of 2658 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/
po: update translations
(Russian) currently translated at 100.0% (2658 of 2658 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Ukrainian) currently translated at 100.0% (634 of 634 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/
po: update translations
(Russian) currently translated at 100.0% (634 of 634 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/
po: update translations
(Korean) currently translated at 32.3% (912 of 2821 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 100.0% (625 of 625 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
- - - - -
8ff6dee1 by Yuri Chornoivan at 2022-06-15T15:23:07+02:00
Fix minor typo
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
- - - - -
2156e378 by Iker Pedrosa at 2022-06-15T15:23:28+02:00
CI: update python dependencies to version 3
Update python dependencies in debian derivatives to version 3. Also
update the python style checker.
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
a8fc21c2 by Iker Pedrosa at 2022-06-15T15:23:28+02:00
CI: build debian without python 2 bindings
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
ab49bfd7 by Pavel Březina at 2022-06-15T15:23:28+02:00
tests: fix pep8 issues
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
24de04dd by Pavel Březina at 2022-06-15T15:23:28+02:00
ci: switch to debian-latest
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
34528ef2 by Alejandro López at 2022-06-15T15:23:53+02:00
NSS: Replace the nss_ prefix for SSSD internal functions
Replaced all nss_ prefixes by sss_nss_.
_nss_sss were not replaced as they are used through external libraries
and do not risk a conflict.
Resolves: https://github.com/SSSD/sssd/issues/5120
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
fc3797ab by Alejandro López at 2022-06-15T15:23:53+02:00
NSS: Removed the unused function sss_nss_setnetgrent_recv()
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
d415f354 by Alejandro López at 2022-06-15T15:23:53+02:00
NSS: Removed the unused function sss_nss_protocol_fill_name_list()
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
dc0eec59 by Pavel Březina at 2022-06-15T15:25:33+02:00
ci: upload test-suite.log as an artifact
Reviewed-by: Alejandro Lopez <allopez at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
fd90c0d6 by Jakub Vavra at 2022-06-17T06:57:07+02:00
Tests: Fix/finish Sasl authid tests, minor tweak to hostname test.
The ported sasl authid tests did not work because the realm join in the original
bash was slightly different than what was done in adjoin fixture.
Fixed that by joining the AD manually in those two tests. Removed unneeded code from sasl tests.
Test test_0015_ad_parameters_ad_hostname_machine is not quite stable,
hopefully changing the command order a bit can improve that.
Fixed violations found by flake8, pylint in the file (or added pylint ignore).
Removed stopping of sssd before configuration as it is done inside clear_sssd_cache anyway.
Reviewed-by: Dan Lavu <dlavu at redhat.com>
- - - - -
27f48118 by Shridhar Gadekar at 2022-06-17T11:44:39+02:00
Test: Minor trival testcase doc-string changes of rfc2307
Corrected the related bug for rfc207 related testcase.
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
b207d1de by Jakub Vavra at 2022-06-17T11:44:59+02:00
Fix some flake 8 violations
W504 line break after binary operator
E226 missing whitespace around arithmetic operator
E241 multiple spaces after ','
E502 the backslash is redundant between brackets
F541 f-string is missing placeholders
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
- - - - -
c104e250 by Timotej Lazar at 2022-06-17T11:45:18+02:00
Analyzer: Only import sssd.source_* when needed
This allows sss_analyze to run without python-systemd when using the
Files backend.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
a7faea3e by Jakub Vavra at 2022-06-17T11:45:30+02:00
Tests: Add a test for bz2026799 bz2070138
SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message
causing sssd_be to go offline (cross inter_ference of different provider plugins options)
Verifies
Issue: https://github.com/SSSD/sssd/issues/5998
Bugzilla:
- https://bugzilla.redhat.com/show_bug.cgi?id=2026799
- https://bugzilla.redhat.com/show_bug.cgi?id=2070138
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
9a33cb82 by Pavel Březina at 2022-06-17T17:12:25+02:00
intgcheck: mark files provider tests as flaky
If python3-flaky is installed, it will re-run the test several times
to add it additional chance to pass to avoid ci failure.
These tests often fail in ci environment due to a race condition that
we were not able to identify so far.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
003b94fb by Pavel Březina at 2022-06-20T11:09:10+02:00
confdb: allow empty sssd/domains option
:fixes: `domains` option in `[sssd]` section can now be completely
omitted if domains are enabled via `domains/enabled` option
Reviewed-by: Alejandro Lopez <allopez at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
0ae94c16 by Pavel Březina at 2022-06-20T11:09:10+02:00
confdb: consider enabled option when expanding app domains
Reviewed-by: Alejandro Lopez <allopez at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
c5933066 by Pavel Březina at 2022-06-20T11:09:10+02:00
confdb: log to syslog when no domains are configured
Reviewed-by: Alejandro Lopez <allopez at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
fbdc213b by Pavel Březina at 2022-06-20T11:09:10+02:00
tests: add domains enabled tests
Reviewed-by: Alejandro Lopez <allopez at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
8096abc5 by Weblate at 2022-06-21T12:33:21+03:00
Added translation using Weblate (Georgian)
po: update translations
(Korean) currently translated at 34.9% (911 of 2610 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 34.0% (888 of 2610 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 100.0% (634 of 634 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Turkish) currently translated at 30.5% (194 of 634 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
po: update translations
(Polish) currently translated at 100.0% (634 of 634 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/
- - - - -
97b706ea by Weblate at 2022-06-21T14:10:22+03:00
po: update translations
(Turkish) currently translated at 30.9% (196 of 634 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
- - - - -
f25ab6d7 by Iker Pedrosa at 2022-06-21T13:16:09+02:00
Fix E226 reported by flake8
E226 missing whitespace around arithmetic operator
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
- - - - -
1ed59fb6 by Alexey Tikhonov at 2022-06-21T13:16:37+02:00
PAM P11: fixed mistype in a log message
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
f1195229 by Alexey Tikhonov at 2022-06-21T13:16:37+02:00
PAM P11: fixed minor mem-leak
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
5433961b by Alexey Tikhonov at 2022-06-21T13:16:37+02:00
PAM: user feedback when login fails due to blocked PIN
Resolves: https://github.com/SSSD/sssd/issues/6153
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
12d4b679 by Pavel Březina at 2022-06-21T13:27:45+02:00
pot: update translations
- - - - -
89191dd1 by Jakub Vavra at 2022-06-22T06:20:48+02:00
Tests: Extend test to cover bz2098615.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
- - - - -
9cddeb8b by Alejandro López at 2022-06-28T14:51:26+02:00
Config: Add the %h template for the 'override_homedir' option
:config: override_homedir now recognizes the %h template which
is replaced by the original home directory retrieved from the
identity provider, but in lower case.
Resolves: https://github.com/SSSD/sssd/issues/6210
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
7b34401b by Alejandro López at 2022-06-28T14:51:52+02:00
AD: Fixed a wrong index.
Wrong index used to check a result.
Reviewed-by: Sumit Bose <sbose at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
35c35de4 by Alejandro López at 2022-06-28T14:51:52+02:00
PTasks: Make sure periodical tasks use randomization
For several tasks the random offset was set to 0. Made then use a
configurable offset.
The default values are based on the associated period's default value..
Some changes:
1) ad_machine_account_password_renewal_opts becomes
period:initial_delay[:offset]
If offset is not specified, it is considered to be 0 for
compatibility (same behavior as before).
If the whole string is not specified, the default is 86400:750:300
2) refresh_expired_interval could not be greater than
entry_cache_timeout. In that situation, it was set to
0.75 * entry_cache_timeout.
Now, refresh_expired_interval + refresh_expired_interval_offset
cannot be greater than entry_cache_timeout. In that situation,
refresh_expired_interval is set to 0.70 * entry_cache_timeout,
and refresh_expired_interval_offset becomes
refresh_expired_interval * 0.1. This makes a 5% variation around
75% (70%~80%).
:config: New option 'ldap_enumeration_refresh_offset' to set the
maximum period deviation between enumeration updates.
Defaults to 30 seconds.
:config: New option 'subdomain_refresh_interval_offset' to set
the maximum period deviation when refreshing the subdomain list.
:config: New option 'dyndns_refresh_interval_offset' to set the
maximum period deviation when updating the client's DNS entry.
Defaults to 0.
:config: New option 'refresh_expired_interval_offset' to set
the maximum period deviation when refreshing expired entries
in background.
:config: New option 'ldap_purge_cache_offset' to set the maximum time
deviation between cache cleanups. Defaults to 0.
:config: Option 'ad_machine_account_password_renewal_opts' now accepts
an optional third part as the maximum deviation in the provided period
(first part) and initial delay (second part). If the period and initial
delay are provided but not the offset, the offset is assumed to be 0.
If no part is provided, the default is 86400:750:300.
Resolves: https://github.com/SSSD/sssd/issues/4646
Reviewed-by: Sumit Bose <sbose at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
b7c78b5c by Shridhar Gadekar at 2022-06-28T14:52:09+02:00
Tests: 2FA prompting setting
minor edit of user fuser to {usr}
from the sssd.conf
Verifies: #6081
Reviewed-by: Scott Poore <spoore at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
41cc0864 by Shridhar Gadekar at 2022-06-28T14:52:30+02:00
Test: better default for IPA/AD re_expression
AD-groups containing '@' sign in name, should be fetched
with default re_expression
Verify:
https://bugzilla.redhat.com/show_bug.cgi?id=2061795
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
- - - - -
fdc89c74 by Anuj Borah at 2022-06-28T14:52:51+02:00
Tests: Add automation for bz 2056035
'getent hosts' not return hosts if they have more than one CN in LDAP
Verifies
Issue:https://github.com/SSSD/sssd/issues/6122
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2056035
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
e40b9e92 by Alejandro López at 2022-06-28T14:53:14+02:00
Monitor: Set _SSS_LOOPS conditionally at monitor startup
_SSS_LOOPS is not longer systematically set to "NO" and unset when
not required, but set to "NO" only when needed.
Resolves: https://github.com/SSSD/sssd/issues/5696
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
c2ae062d by Alejandro López at 2022-06-28T14:53:14+02:00
Tests: make test_kcm_renewals immune to LC_TIME
The test expects the date to be in %m/%d/%y %H:%M:%S format but,
if the LC_TIME environment variable is set, the time can be
provided in a different format.
Remove the variable for the test and use the default format,
which is the one the test expects.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
73ba58a8 by Alejandro López at 2022-06-28T14:53:14+02:00
Responders: Remove unused argument
Removing the parameter prevent_sss_loops which is always 'false' when
calling the function csv_string_to_uid_array(). Only in tests it is
passed a 'true' value.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
ba628d18 by Iker Pedrosa at 2022-06-30T11:38:24+02:00
version.m4: update version to 2.8.0
This will generate nightly builds in COPR with a higher version number
than the current released version. This, in turn, will allow us to test
the FreeIPA tests.
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
5e032bbd by Alejandro López at 2022-07-01T11:03:57+02:00
sssctl: Fix malformed localizable string
po4a get confused with _("Target the " #NAME " service").
Strings are no longer generated at compile-time.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
- - - - -
f4f28ac0 by Alejandro López at 2022-07-01T11:03:57+02:00
sssctl: Add an argument's missing description
sssctl debug-level --domain misses the description of the
argument it receives.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
- - - - -
00e5f330 by Sumit Bose at 2022-07-01T11:06:47+02:00
conf: make libjose and libcurl required for oidc_child
With this patch configure will fail if oidc_child should be build but
either libcurl or libjose devel packages are not installed.
Resolves: https://github.com/SSSD/sssd/issues/6218
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
- - - - -
94352a9f by Alexey Tikhonov at 2022-07-01T11:14:44+02:00
New option for system hardening.
:config: New option 'core_dumpable' to manage 'PR_SET_DUMPABLE' flag of SSSD
processes. Enabled by default.
Resolves: https://github.com/SSSD/sssd/issues/4930
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
27f35f02 by Alexey Tikhonov at 2022-07-01T11:25:07+02:00
CLIENT: use thread local storage for socket to avoid the need for a lock.
:relnote:All SSSD client libraries (nss, pam, etc) won't
serialize requests anymore by default, i.e. requests from
multiple threads can be executed in parallel.
Old behavior (serialization) can be enabled by setting
environment variable "SSS__LOCKFREE" to "NO".
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
ffec9993 by Alexey Tikhonov at 2022-07-01T11:25:07+02:00
SSS_CLIENT: mem-cache: fixed missing error code
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
ef26371a by Alexey Tikhonov at 2022-07-01T11:25:07+02:00
SSS_CLIENT: got rid of code duplication
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
43c6bf31 by Alexey Tikhonov at 2022-07-01T11:25:07+02:00
TESTS: test_memory_cache: execute NSS functions in teardown to force sss_client libs to realize mem-cache files were deleted
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
98f2f9f5 by Alexey Tikhonov at 2022-07-01T11:25:07+02:00
confdb: supress false positive warning: src/confdb/confdb.c:260:10: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'secdn'
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
19e47452 by Anuj Borah at 2022-07-01T14:55:56+02:00
Tests: sssd runs out of proxy child slots and doesn't clear the counter for Active requests
When using authentication provider as proxy, User authentication suddenly
stops working and starts working again only after restarting the sssd service.
Verifies
Issue:https://github.com/SSSD/sssd/issues/6114
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1927195
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
ad7d1de9 by Alexey Tikhonov at 2022-07-01T17:26:08+02:00
NSS MC: deleted misleading comment
This comment is incorrect since dda0258705de7255e6ec54b7f9adbde83a220996
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
1690ae1c by Alexey Tikhonov at 2022-07-01T17:26:08+02:00
NSS MS: trivial simplification
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
7abc9cfa by Alexey Tikhonov at 2022-07-01T17:26:08+02:00
NSS: MC: no need to convert name to output format.
`memcache_delete_entry()` performs this conversion.
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
cceb136f by Alexey Tikhonov at 2022-07-01T17:26:08+02:00
NSS: fix initgroups store key (one of)
According to the https://sssd.io/contrib/mmap_cache.html#the-initgr-data
one of keys should be a canonical name.
Based on the proposal by Sumit Bose:
https://github.com/SSSD/sssd/pull/6128#issuecomment-1143738625
Resolves: https://github.com/SSSD/sssd/issues/4728
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
810d9220 by Alexey Tikhonov at 2022-07-01T17:26:08+02:00
NSS: mem-cache: don't update domains other than the one where an entry was found.
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
124cc3f1 by Weblate at 2022-07-04T11:57:25+02:00
po: update translations
(Turkish) currently translated at 49.1% (312 of 635 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
po: update translations
(Korean) currently translated at 100.0% (635 of 635 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Turkish) currently translated at 46.7% (297 of 635 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
po: update translations
(German) currently translated at 50.8% (323 of 635 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/de/
po: update translations
(Polish) currently translated at 100.0% (635 of 635 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/
po: update translations
(Korean) currently translated at 35.1% (917 of 2610 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
po: update translations
(Korean) currently translated at 100.0% (635 of 635 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Chinese (Simplified) (zh_CN)) currently translated at 99.0% (629 of 635 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
po: update translations
(Chinese (Simplified) (zh_CN)) currently translated at 99.0% (629 of 635 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
po: update translations
(Turkish) currently translated at 35.2% (224 of 635 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
po: update translations
(Japanese) currently translated at 99.0% (629 of 635 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/
po: update translations
(French) currently translated at 99.0% (629 of 635 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
po: update translations
(French) currently translated at 99.0% (629 of 635 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
po: update translations
(Ukrainian) currently translated at 100.0% (2658 of 2658 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/
po: update translations
(Russian) currently translated at 100.0% (2658 of 2658 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Ukrainian) currently translated at 100.0% (635 of 635 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/
po: update translations
(Russian) currently translated at 100.0% (635 of 635 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/
- - - - -
c5dab4bc by Pavel Březina at 2022-07-04T12:00:11+02:00
pot: update translations
- - - - -
db05816a by Madhuri Upadhye at 2022-07-08T12:17:50+02:00
common: Install krb5-pkinit package
Signed-off-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
556649de by Madhuri Upadhye at 2022-07-08T12:18:10+02:00
Tests: alltests/test_services.py: Port the failing test cases in pytest
Ported following test cases:
1. Enhance sssd init script so that it would source a configuration
https://bugzilla.redhat.com/show_bug.cgi?id=971435
2. Give a more detailed debug and system-log message if krb5_init_context() failed
https://bugzilla.redhat.com/show_bug.cgi?id=1516266
Signed-off-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
95295952 by Steeve Goveas at 2022-07-08T12:18:42+02:00
TEST: Modify test to compare backtrace for same error
test_0001_bz2021196 occasionally failed if the same error with backtrace
skipped is seen on startup. Truncating the logs helps to focus on one
error not repeating the backtrace.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
- - - - -
d0fad499 by Steeve Goveas at 2022-07-08T12:18:42+02:00
update the sequence number of tests
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
- - - - -
f03768e5 by Jakub Vavra at 2022-07-12T05:59:03+02:00
Tests: Add oddjob fixture to enable working homes in basic tests.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
5f31118e by Jakub Vavra at 2022-07-12T05:59:03+02:00
Tests: Update auth_from_client to allow both short and full user names.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
24d35a16 by Jakub Vavra at 2022-07-12T05:59:03+02:00
Tests: remove python paramiko library from tests.
Tests: Remove paramiko from test_0010_bz1527662
Tests: Remove paramiko from ad/test_sudo.py
Tests: Remove paramiko from test_services.py
Tests: Remove paramiko from test_basic.py
Tests: Remove paramiko from test_kcm.py
Tests: Remove paramiko from test_ldap.py
Tests: Remove paramiko from test_ns_account_lock.py
Tests: Remove paramiko from basic/test_sudo.py
Tests: Remove paramiko from test_proxy_provider_krb_auth.py
Tests: Remove paramiko from alltests/test_multidomain.py
Tests: Remove paramiko from alltests/test_sudo.py
Tests: Remove paramiko from alltests/test_krb_fips.py
Tests: Remove paramiko from alltests/test_password_policy.py
Tests: Remove paramiko from alltests/test_failover.py
Tests: Remove paramiko from requirements and documentation.
Tests: Remove paramiko from ipa/test_subid_ranges.py
Tests: Remove paramiko from ipa/test_misc.py
Tests: Remove paramiko from ipa/test_adtrust.py
Tests: Remove SSHClient/paramiko from alltests/test_misc_proxy.py
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
6c16b4bf by Jakub Vavra at 2022-07-12T05:59:03+02:00
Tests: Remove SSHClient from ipa/conftest.py
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
d38461b1 by Jakub Vavra at 2022-07-12T05:59:03+02:00
Tests: Remove paramiko/SSHClient from utils.py.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
a163a63e by Jakub Vavra at 2022-07-12T05:59:03+02:00
Tests: Code review fixes for paramiko removal.
Tests: Add missing eoln
Tests: Remove duplicate supbrocess import.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
f9d36586 by Jakub Vavra at 2022-07-12T05:59:03+02:00
Tests: Add pexpect to requirements.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
3d862203 by Justin Stephenson at 2022-07-18T11:32:58+02:00
Analyzer: Fix escaping raw fstring
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
- - - - -
f68d4e84 by roy214 at 2022-07-18T11:34:29+02:00
COMPONENT: /src/util/server.c
Explanation
Currently there is no new line character at the end of the “Shutting down” log message.
This log message is printed every time any SSSD process is being shut down.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
3618b295 by Alejandro López at 2022-07-18T11:34:42+02:00
Tests: Minor improvement to the Multihost RST files
Fixed the example which was outdated.
Fixed a broken link.
Fixed some typos.
Included some missing dependencies.
Minor changes to the document organization.
Reviewed-by: Pawel Polawski <ppolawsk at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
0acb80a7 by Paul Donohue at 2022-07-18T11:35:00+02:00
LDAP: Add an idle connection timeout
In addition to the current expire timeout that limits the total
duration of the connection.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
baab4dbc by Paul Donohue at 2022-07-18T11:35:00+02:00
Minor formatting and typo fixes (no functional changes)
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
5f05aa69 by Paul Donohue at 2022-07-18T11:35:00+02:00
LDAP: Reduce idle timer reschedule frequency
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
3cb87047 by Paul Donohue at 2022-07-18T11:35:00+02:00
Add ldap_connection_idle_timeout to subdomain_inherit
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
17c3a124 by roy214 at 2022-07-18T11:36:32+02:00
COMPONENT: sdap_handle_id_collision_for_incomplete_groups
sdap_handle_id_collision_for_incomplete_groups debug message missing a new line
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2096031
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com
- - - - -
06d007fc by Anuj Borah at 2022-07-18T11:39:08+02:00
Tests: avoid interlocking among threads that use `libsss_nss_idmap` API
[Improvement] avoid interlocking among threads that use `libsss_nss_idmap` API (or other sss_client libs)
Buzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1978119
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
fb712c62 by Jakub Vavra at 2022-07-20T12:55:40+02:00
Tests: Fix issue in the test test_0002_ad_parameters_junk_domain.
Updating test to extend its coverege for bz2098615 uncovered
issue in the test with user principal.
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
d0b01cf2 by Jakub Vavra at 2022-07-20T12:56:04+02:00
Tests: Rewrite autofs_ad_schema from direct ldap access to powershell.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
e8004792 by Jakub Vavra at 2022-07-20T12:56:04+02:00
Tests: Modify sambaTools to lazy initialize ldap AD connection.
The AD has forbidden plain ldap connection, so test are failing on
ldap connection with ldap.STRONG_AUTH_REQUIRED. In sambaTools was
the connection initiated on creation of the class. It was failing
all tests that are using the class instead of affecting only tests
that use it.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
8a17029a by Jakub Vavra at 2022-07-20T12:56:04+02:00
Tests: Add a fixture add_etc_host_records for Testcifs to solve name resolution issue.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
6e8701a6 by Jakub Vavra at 2022-07-20T12:56:04+02:00
Tests: Re-implement reset_machine_password using powershell instead of direct ldap access.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
d6743c33 by Jakub Vavra at 2022-07-20T12:56:04+02:00
Tests: Update failure message for nismap manipulation.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
473752e2 by Alexey Tikhonov at 2022-07-25T17:57:09+02:00
RESPONDER: fixed condition in responder_idle_handler()
Man page says about `responder_idle_timeout` the following:
```
number of seconds that an SSSD responder process can be up without being used.
```
Idle timer fires every responder_idle_timeout/2 seconds and checks if
current_time > (last_request_time + timeout).
In a trivial case - no additional requests after initial one / startup -
condition will became 'true' only when timer fires for a 3rd time, i.e.
after 3*(timeout/2) seconds. This contradicts man page statement.
This patch changes condition to '>=' so that responder would be terminated
in 2*(timeout/2) seconds.
Reviewed-by: Alejandro Lopez <allopez at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
b5fbb283 by Pavel Březina at 2022-07-25T18:03:19+02:00
tests: fix missing new line at the eof: src/tests/multihost/requirements.txt
FAIL: src/tests/whitespace_test
===============================
Missing new line at the eof: src/tests/multihost/requirements.txt
FAIL src/tests/whitespace_test (exit status: 1)
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
0a9e0c11 by Anuj Borah at 2022-07-25T18:04:09+02:00
Tests: Fix test_avoid_interlocking_among_threads
Test is failing due to gcc error
Will be fixed adding lpthread after gcc
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
0f3a761e by Alexey Tikhonov at 2022-08-03T10:27:35+02:00
CLIENT:MC: store context mutex outside of context as it should survive context destruction / re-initialization
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
c6226c29 by Alexey Tikhonov at 2022-08-03T10:28:46+02:00
Makefile: remove unneeded dependency
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
7e286aff by Pavel Březina at 2022-08-05T11:20:49+02:00
ci: fix copr builds
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
b98bcf28 by Alexey Tikhonov at 2022-08-05T11:21:04+02:00
DB: upgrades aren't errors
Fix log level to SSSDBG_IMPORTANT_INFO
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
9aff9c53 by Alexey Tikhonov at 2022-08-05T11:21:04+02:00
CFG: domain ranges overlap requires attention
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
68042d72 by Alexey Tikhonov at 2022-08-05T11:21:17+02:00
RESPONDER: add missing \n
Reviewed-by: Alejandro Lopez <allopez at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
ce817478 by Sumit Bose at 2022-08-05T11:21:29+02:00
ldap: allow password changes with shadow pwd policy
Currently a password change is rejected if
"ldap_pwd_policy = shadow" is used because it was not clear if the
corresponding shadow LDAP attributes get updates as well. But with
commit c975031 SSSD can update the attribute on its own so there is no
need to reject the password change.
Since it is important for SSSD to know if the LDAP server can update the
shadow LDAP attribute automatically or not it is checked if the
ldap_chpass_update_last_change option is set explicitly in sssd.conf. If
not there will be a log message.
Resolves: https://github.com/SSSD/sssd/issues/6220
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
96a1dce8 by Justin Stephenson at 2022-08-08T12:17:28+02:00
CACHE_REQ: Fix hybrid lookup log spamming
Skip calling cache_req_data_set_hybrid_lookup() when hybrid data
is NULL for certain NSS request types (e.g. Service by Name).
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
ccc87860 by Jakub Vavra at 2022-08-10T12:40:41+02:00
Tests: Fix rid computation for windows 2012.
Reviewed-by: Dan Lavu <dlavu at redhat.com>
- - - - -
4360fb3d by Jakub Vavra at 2022-08-10T12:40:41+02:00
Tests: Extend info functions to handle line breaks.
Reviewed-by: Dan Lavu <dlavu at redhat.com>
- - - - -
b3150506 by Jakub Vavra at 2022-08-10T12:40:41+02:00
Tests: Modify ad schema tests for compatibility with windows 2012.
Reviewed-by: Dan Lavu <dlavu at redhat.com>
- - - - -
5e9d72f2 by Justin Stephenson at 2022-08-19T17:21:53+02:00
Fix new pycodestyle E275 requirement
Per the pycodestyle changelog https://pypi.org/project/pycodestyle/
2.9.0 (2022-07-30)
Changes:
E275: requires whitespace around keywords. PR #1063.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
579cc0b2 by Alexey Tikhonov at 2022-08-19T17:28:25+02:00
CLIENT:MC: -1 is more appropriate initial value for fd
Reviewed-by: Sumit Bose <sbose at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
4ac93d9c by Alexey Tikhonov at 2022-08-19T17:28:25+02:00
CLIENT:MC: pointer to the context mutex shouldn't be touched
Even brief window inside `sss_nss_mc_destroy_ctx()` when `mutex == NULL`
was creating a possibility for a race.
Reviewed-by: Sumit Bose <sbose at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
4e1ce1c1 by Justin Stephenson at 2022-08-19T17:44:05+02:00
SSSCTL: Allow analyzer to work without SSSD setup
Fixes an issue when the sssctl analyzer option is
used on systems where SSSD is not running or configured. This is
an expected use case when using --logdir option to analyze external
log files.
Resolves: https://github.com/SSSD/sssd/issues/6298
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
3c6bfc2d by roy214 at 2022-08-22T12:19:47+02:00
COMPONENT: domain_info_utils.c
Fixing the race condition krb5_child access file after rename() but before chmod()
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
cec7e8b7 by Anuj Borah at 2022-08-22T12:20:01+02:00
Tests: Fix test cases for signoff CI
Fix test cases for signoff CI
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
- - - - -
46b53b23 by Justin Stephenson at 2022-08-22T12:20:20+02:00
Tests: Add missing URI for device restriction
This fixes an issue when running unit tests on a system (f35) with
a yubikey inserted. This was done already for other pam-srv tests
but this covers newly added pam-srv tests.
Reviewed-by: Anuj Borah <aborah at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Scott Poore <spoore at redhat.com>
- - - - -
3f7ccfbd by Dan Lavu at 2022-08-22T12:20:47+02:00
TEST: Fixing multidomain testcase bz2077893
implicit files is no longer being listed in sssctl domain-list
it no longer has to be pruned from the output
Signed-off-by: Dan Lavu <dlavu at redhat.com>
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
- - - - -
e46295f8 by Paul Donohue at 2022-08-22T12:21:00+02:00
LDAP: Allow group rename with non-identical attributes
Previously, if a group was renamed and any other attributes were changed
at the same time then the original group would become permanently stuck
in the SSSD cache.
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
4ded61f8 by Paul Donohue at 2022-08-22T12:21:12+02:00
LDAP: Document interaction between ldap_connection_expire_timeout and ldap_opt_timeout
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
b4aa4f12 by Justin Stephenson at 2022-08-22T21:25:07+02:00
CI: pycodestyle fixes evident on centos8 stream
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
abd8966a by Sumit Bose at 2022-08-23T12:39:58+02:00
BUILD: Accept krb5 1.20 for building the PAC plugin
Additionally following MIT Kerberos the 'name' member of struct
krb5plugin_authdata_client_ftable_v0 is made 'const' and the related
code to set the name is simplified.
Resolves: https://github.com/SSSD/sssd/issues/6306
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
ad4b3aa9 by Justin Stephenson at 2022-08-23T15:49:13+02:00
RESPONDER: Fix client ID tracking
Client ID is not stored properly to match requests
when parallel requests are made to client SSSD
Resolves: https://github.com/SSSD/sssd/issues/6307
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
5ef7435f by Justin Stephenson at 2022-08-23T15:49:13+02:00
Analyzer: support parallel requests parsing
Analyzer code(primarily the list verbose command) needs
changes to handle parsing the necessary lines from
NSS/PAM log files when multiple intermixed/parallel
client requests are sent to SSSD.
Resolves: https://github.com/SSSD/sssd/issues/6307
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
1a6f67c9 by Alexey Tikhonov at 2022-08-26T18:08:07+02:00
CLIENT: fix client fd leak
- close client socket at thread exit
- only build lock-free client support if libc has required
functionality for a proper cleanup
- use proper mechanisms to init lock_mode only once
:relnote:Lock-free client support will be only built if libc
provides `pthread_key_create()` and `pthread_once()`. For glibc
this means version 2.34+
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
a6ed0ad7 by Weblate at 2022-08-26T21:50:15+02:00
po: update translations
(Swedish) currently translated at 100.0% (2662 of 2662 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Swedish) currently translated at 99.2% (2642 of 2662 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Swedish) currently translated at 100.0% (650 of 650 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/
po: update translations
(Georgian) currently translated at 7.3% (48 of 650 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ka/
po: update translations
(Turkish) currently translated at 100.0% (650 of 650 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
po: update translations
(Korean) currently translated at 100.0% (650 of 650 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Turkish) currently translated at 100.0% (650 of 650 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
po: update translations
(Korean) currently translated at 100.0% (650 of 650 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Turkish) currently translated at 60.9% (396 of 650 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
po: update translations
(Russian) currently translated at 100.0% (2662 of 2662 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Russian) currently translated at 100.0% (650 of 650 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
po: update translations
(Turkish) currently translated at 60.0% (390 of 650 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
po: update translations
(Polish) currently translated at 100.0% (650 of 650 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/
po: update translations
(Korean) currently translated at 98.9% (643 of 650 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Ukrainian) currently translated at 100.0% (2662 of 2662 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/
po: update translations
(Ukrainian) currently translated at 100.0% (650 of 650 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/
- - - - -
c4a26ebe by Pavel Březina at 2022-08-26T21:53:21+02:00
pot: update translations
- - - - -
6fe83c77 by Jakub Vavra at 2022-08-30T06:56:14+02:00
Tests: Skip TestBugzillaAutomation::test_0016_forceLDAPS on Windows 2012
Skip the test as it is not valid on Windows 2012R2.
https://bugzilla.redhat.com/show_bug.cgi?id=1822087
Reviewed-by: Dan Lavu <dlavu at redhat.com>
- - - - -
77f22429 by Jakub Vavra at 2022-08-30T06:56:47+02:00
Tests: Port AD Login Attributes suite from bash.
Reviewed-by: Dan Lavu <dlavu at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
e100afc3 by Steeve Goveas at 2022-09-01T11:07:57+02:00
TEST: sssctl analyze --logdir does not need sssd running
Test that 'logdir' option does not need sssd configured and running
Verifies
Issue: #6298
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2119726
https://bugzilla.redhat.com/show_bug.cgi?id=2119373
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
2230107d by Steeve Goveas at 2022-09-01T11:07:57+02:00
TEST: Remove duplicate 'SSS_PAM_AUTHENTICATE'
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
a1f1398f by Steeve Goveas at 2022-09-01T11:07:57+02:00
TEST: Add new marker tier1_4
Runtime is exceeding 60 mins. This set and new tests can use this marker
moving forward.
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
2dc5bc1b by Anuj Borah at 2022-09-01T11:08:34+02:00
Tests: port proxy_provider/netgroup
https://gitlab.cee.redhat.com/sssd/sssd-qe/-/tree/RHEL8.6/client/proxy_provider/netgroup
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
72246c97 by Madhuri Upadhye at 2022-09-01T11:20:35+02:00
Tests: ipa: Add krb5-pkinit package to install
Signed-off-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
c533d090 by Steeve Goveas at 2022-09-02T09:46:21+02:00
TEST: Add status field in docstrings
Imported tests into the internal test case management system are set to
draft state. This has to be manually moved into approved state. Adding
this field set with 'approved' state would prevent us from missing to
updated the state and also avoid the extra manual step.
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
- - - - -
4937c08a by Pavel Březina at 2022-09-02T13:58:32+02:00
intg: fix test_rename_incomplete_group_rdn_changed
The behaviour has changed with e46295f8d1162eb69b5c01c3c154dd1f787cc3d7
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
830296c2 by Alejandro López at 2022-09-07T12:22:55+02:00
SIDs: Update the well-known SID tables
New RIDs were added to the existing tables. Two new tables were created.
One particular case was handled (S-1-1-5-5-x-y).
This was done based on https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab
Resolves: https://github.com/SSSD/sssd/issues/6285
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
6f7f7237 by Jakub Vavra at 2022-09-16T07:53:41+02:00
Tests: Refactor code to reduce number of called commands via ssh.
The clear_sssd_cache, remove_sss_cache was listing and deleting
all files one by one making the operation needesly slow
talkative in the log.
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
3c993544 by Jakub Vavra at 2022-09-16T07:55:39+02:00
Tests: Add ADOperation methods for sudorules, update fixture sudorules
Add add_sudo_ou, del_sudo_ou, add_sudo_rule, del_sudo_rule methods.
Modify sudorules fixture to use the new methods instead of the ldap ones.
Minor tweaking of the sudo tests.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
69fd828c by Alexey Tikhonov at 2022-09-16T14:59:55+02:00
CLIENT: fix thread unsafe acces to get*ent structs.
All get*ent structs were protected with socket mutex. In case SSSD
is built with lock-free client support, `sss_nss_lock()` is a no-op,
thus resulting in thread unsafe access.
This patch changes those structs to have thread local storage.
This conradicts following note in the man page:
```
The function getgrent_r() is not really reentrant since it shares
the reading position in the stream with all other threads.
```
I'm not sure if 3rd party apps can legally assume this behaviour
based on a note in a man page. And in some cases, non-sharing reading
position between threads might make more sense.
But that way or another, this is better than thread unsafe access.
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
12d5c634 by Sumit Bose at 2022-09-16T15:00:25+02:00
oidc_child: escape scopes
Before using the user provided scopes in the HTTP request they should be
properly escaped according to RFC-3986.
Resolves: https://github.com/SSSD/sssd/issues/6146
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
a4d4617e by Sumit Bose at 2022-09-16T15:00:25+02:00
oidc_child: use client secret if available to get device code
Some IdP have the concept of confidential client, i.e. clients where the
client's secret can be stored safely by the related application. For a
confidential client some IdPs expects that the client secret is used in
all requests together with the client ID although OAuth2 specs currently
only mention this explicitly for the token request. To make sure the
device code can be requested in this case the client secret is added to
the device code request if the secret is provided.
Resolves: https://github.com/SSSD/sssd/issues/6146
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
5ed76707 by Sumit Bose at 2022-09-16T15:00:25+02:00
oidc_child: increase wait interval by 5s if 'slow_down' is returned
While waiting for the user to authenticate with the IdP oidc_child
currently only handles the error code 'authorization_pending' and waits
for the given interval until a new request is send. But there is also
'slow_down' which should not be treated as fatal error but should just
increase the waiting time permanently for 5s.
Resolves: https://github.com/SSSD/sssd/issues/6146
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
1a475e0c by Sumit Bose at 2022-09-16T15:00:25+02:00
oidc_child: add --client-secret-stdin option
Since there is the use-case of confidential client which requires that
the client secret must be sent to the IdP we should handle it
confidentially by not putting it on the command line but sending it via
stdin.
Resolves: https://github.com/SSSD/sssd/issues/6146
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
794fd130 by Justin Stephenson at 2022-09-16T15:01:07+02:00
MAN: Add note about AD Group types
Linux admins/users may not know that the AD distribution group type
is intended only for email. Per microsoft: Distribution groups are
not security enabled, which means that they cannot be listed in
discretionary access control lists (DACLs).
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
6bf93c27 by Justin Stephenson at 2022-09-20T14:56:13+02:00
CI: Remove pep8 from contrib/ci/run
flake8 is being run in GitHub actions, which executes pycodestyle checks.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
a915531f by Justin Stephenson at 2022-09-20T14:56:13+02:00
CI: Remove make check from contrib/ci/run
make check is already run separately in GitHub actions
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
ad49db49 by Justin Stephenson at 2022-09-20T14:56:13+02:00
CI: Remove make distcheck from contrib/ci/run
make distcheck is already run separately in GitHub actions
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
b274f359 by Justin Stephenson at 2022-09-20T14:56:13+02:00
CI: Remove coverage builds from contrib/ci/run
SSSD Coverage builds are not being used or analyzed.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
f4dffaea by Sumit Bose at 2022-09-23T13:34:24+02:00
krb5: respect krb5_validate for PAC checks
The first step of checking the PAC is the same as during the Kerberos
ticket validation, requesting a service ticket for a service principal
from the local keytab. By default ticket validation is enable for the
IPA and AD provider where checking the PAC might become important. If
ticket validation is disabled manually it is most probably because there
are issues requesting the service ticket and fixing those is currently
not possible.
Currently when SSSD is configured to check the PAC it ignores the
krb5_validate setting and tries to request a service ticket which would
fail in the case ticket validation is disabled for a reason. To not
cause regressions with this patch SSSD will skip the PAC checks if
ticket validation is disabled.
Resolves: https://github.com/SSSD/sssd/issues/6355
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
8e23ec89 by Pavel Březina at 2022-09-23T13:36:13+02:00
ci: add final result to workflows
Given that we have many jobs running as part of the pull request CI it
is quite simple to miss that one of the job has failed.
This commit adds a placeholder job that holds the final result of each
workflow. These jobs are added as 'required to succeed' in GitHub repository
settings to make potential failures more visible.
If one of the job fails, the status check web ui is visible red so it is
simple to spot a failure.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
d4a1b71b by David Mulder at 2022-09-23T13:36:36+02:00
Fix sdap_access_host No matching host rule found
Canonicalize the hostname to ensure we have the
FQDN.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
d07dee78 by Alexey Tikhonov at 2022-09-23T13:39:27+02:00
UTILS: change of log level isn't an error
Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
a2417753 by Justin Stephenson at 2022-09-23T13:39:43+02:00
MAN: Remove duplicate dns options
dns_resolver_server_timeout and dns_resolver_op_timeout
are shown twice.
Reviewed-by: Dan Lavu <dlavu at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
1ed3baa2 by aborah-sudo at 2022-09-27T12:50:49+02:00
Tests: Fix multidomain tests
Multidomain tests are failing in RHEL9 due to config error.
This PR will fix them for RHEL9.
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
f418e940 by Alejandro López at 2022-09-27T12:51:23+02:00
D-Bus: Do not use timestamp optimization on "files" provider.
Avoid requesting only the latest updates when using the "files"
provider as it only updates the cache if /etc/files or /etc/group
is touched.
Added a test for this situation.
Resolves: https://github.com/SSSD/sssd/issues/6342
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
0198f64c by Anton Bobrov at 2022-09-27T12:54:53+02:00
SUDO: Fix timezone issues with sudoNotBefore and sudoNotAfter
The current code does not respect generalized time as specified in related before/after attributes.
The problem with the current implementation is that it essentially treats them as local time,
with no regard to TZ and DST.
This patch is using timegm(3) instead of mktime(3) to address said timezone issues and some bare
minimum static unit tests with known verified values to make sure the API is consitent with them.
Resolves:
https://github.com/SSSD/sssd/issues/6354
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
- - - - -
d91a814c by Sergio Durigan Junior at 2022-10-03T12:15:23+02:00
Initialize UID/GID when using popt in "main" functions
When using popt to parse the "--uid" and "--gid" parameters that can
be passed to providers/responders, we have to make sure to initialize
the corresponding UID and GID variables with zero otherwise they can
end up with garbage when no "--uid" nor "--gid" parameters are
provided.
Issue: #6347
Bugs: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001377
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1989356
Signed-off-by: Sergio Durigan Junior <sergiodj at sergiodj.net>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
74be536f by Paul Donohue at 2022-10-03T12:16:22+02:00
AD: Ignore option inherit failure
The previous code logged a message indicating that errors are ignored,
but it did not actually ignore errors, and did not properly free
subdom_conf_path if inheriting AD_USE_LDAP failed.
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
6e3d2d76 by Paul Donohue at 2022-10-03T12:16:22+02:00
Split dp_option_inherit() into two functions
dp_option_inherit() previously included both option matching logic and option
inheritance logic. Code that only needed the inheritance logic generated a
dummy option list to bypass the matching logic.
Eliminate the need for dummy option lists by moving the matching logic into a
separate dp_option_inherit_match() function.
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
068c9980 by Paul Donohue at 2022-10-03T12:16:22+02:00
Add LDAP timeout support to subdomain_inherit
And adjust the position of SDAP_KRB5_KEYTAB in the inherit_options list
so that the list order matches the order in which options are listed in
`man 5 sssd.conf`
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
b96077c5 by Iker Pedrosa at 2022-10-03T12:18:25+02:00
sssctl: fix memory management with new POPT
POPT library behaviour change due to a memory leak. With the new version
the value returned by poptGetArg() needs to be copied to avoid pointing
to an already freed value.
Resolves: https://github.com/SSSD/sssd/issues/6331
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
- - - - -
35a4ebf0 by aborah-sudo at 2022-10-03T12:20:39+02:00
Tests: Fix failure of SSSD pam module accepts usernames with leading spaces
Test was failling in nightly test run. Output of client.command changed.
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
- - - - -
c7f95991 by Steeve Goveas at 2022-10-03T12:21:08+02:00
TEST: Add README.rst as index.rst is not rendered
index.rst is not rendered in github. README.rst will help users to
navigate the contents.
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
- - - - -
14f1bcdb by Steeve Goveas at 2022-10-03T12:21:08+02:00
Tests: Add doc for docstrings for test files and cases
Adding a rst document that defines the various parameters used in the
doctrings of the test files and test cases with examples.
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
- - - - -
3e5251bf by Alejandro López at 2022-10-05T14:46:49+02:00
sssctl: Management of indexes on cache DBs.
A new command was added to sssctl in order to manage indexes on the
cache DBs.
sssctl cache-index create -a attr [-d domain]
sssctl cache-index delete -a attr [-d domain]
sssctl cache-index list [-a attr] [-d domain]
:feature: sssctl is now able to create, list and delete indexes on
the local caches. Indexes are useful for the new D-Bus
ListByAttr() function.
:relnote: The new D-Bus function ListByAttr() allows the caller to
look for users that have an attribute with a certain value.
For performance reasons, it is recommended that the
attribute is indexed both on the remote server and on the
local cache. The sssctl tool now provides the cache-index
command to help you manage indexes on the local cache.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
- - - - -
70d5460b by Tomas Halman at 2022-10-05T14:47:06+02:00
CACHE: implement ncache_add_fn for ncache SID
This patch implements function to add non existing SID to negative
cache for individual domains.
Resolves: https://github.com/SSSD/sssd/issues/6352
Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
5ea1ed27 by Tomas Halman at 2022-10-05T14:47:06+02:00
CACHE: implement *get_domain* for SID lookup
This patch adds handlers for the dp_get_domain_check_fn(),
dp_get_domain_send_fn() and dp_get_domain_recv_fn() functions
to requests that resolve objects by SID.
The patch also extends the AD provider so it can handle those
domain-by-sid lookups.
This patch also adds domain-local negcache set/check methods
for SID lookups.
Resolves: https://github.com/SSSD/sssd/issues/6352
Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
acfe3b29 by Alejandro López at 2022-10-07T12:41:31+02:00
DBUS: Add ListByAttr(attr, filter, limit)
Extended ListByName()'s mechanics to handle an attribute passed
as parameters instead of forcing "name." ListByName() will pass "name."
Created a dbus function ListByAttr() using ListByName()'s mechanics
but passing the attribute requested by the user.
Resolves: https://github.com/SSSD/sssd/issues/6020
:feature: Introduced the dbus function
org.freedesktop.sssd.infopipe.Users.ListByAttr(attr, value, limit)
listing upto limit users matching the filter attr=value.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
58adcbcf by Weblate at 2022-10-07T12:47:25+02:00
po: update translations
(Russian) currently translated at 100.0% (2668 of 2668 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Korean) currently translated at 100.0% (650 of 650 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
po: update translations
(Polish) currently translated at 0.4% (13 of 2662 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/pl/
po: update translations
(Spanish) currently translated at 95.5% (621 of 650 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/
po: update translations
(Polish) currently translated at 0.4% (13 of 2662 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/pl/
po: update translations
(Russian) currently translated at 100.0% (2668 of 2668 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Polish) currently translated at 0.2% (7 of 2662 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/pl/
po: update translations
(Ukrainian) currently translated at 100.0% (2668 of 2668 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/
po: update translations
(Polish) currently translated at 0.1% (4 of 2662 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/pl/
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/
Added translation using Weblate (Polish)
- - - - -
59cd1970 by Pavel Březina at 2022-10-07T12:50:04+02:00
pot: update translations
- - - - -
4328c135 by Timo Aaltonen at 2022-10-27T12:38:43+03:00
Merge tag '2.7.4' into m
2.7.4
- - - - -
65eb40a5 by Timo Aaltonen at 2022-10-27T12:38:49+03:00
Merge branch 'master' into m
- - - - -
7b448ad2 by Timo Aaltonen at 2022-10-27T12:39:26+03:00
version bump
- - - - -
f1beb051 by Timo Aaltonen at 2022-10-27T12:50:11+03:00
watch: Updated for current github behaviour.
- - - - -
82285406 by Timo Aaltonen at 2022-10-27T12:51:16+03:00
support-krb5-1.20.diff: Dropped, upstream.
- - - - -
15 changed files:
- .github/workflows/analyze-target.yml
- .github/workflows/ci.yml
- .github/workflows/copr_build.yml
- .github/workflows/static-code-analysis.yml
- Makefile.am
- README.md
- configure.ac
- contrib/ci/README.md
- contrib/ci/run
- debian/changelog
- debian/patches/series
- − debian/patches/support-krb5-1.20.diff
- debian/watch
- po/LINGUAS
- po/bg.po
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/compare/461131fa3301375d063da48fd15aa53c741adfd3...82285406c7d9908080277f51086a47925ce7359c
--
View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/compare/461131fa3301375d063da48fd15aa53c741adfd3...82285406c7d9908080277f51086a47925ce7359c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-sssd-devel/attachments/20221027/24ddfe58/attachment-0001.htm>
More information about the Pkg-sssd-devel
mailing list