[Pkg-sssd-devel] [Git][sssd-team/sssd][upstream] 62 commits: tests: convert multihost/basic/test_basic to test_kcm and test_authentication
Simon Josefsson (@jas)
gitlab at salsa.debian.org
Mon Dec 18 08:08:00 GMT 2023
Simon Josefsson pushed to branch upstream at Debian SSSD packaging / sssd
Commits:
0a429107 by Patrik Rosecky at 2023-09-08T14:41:29+02:00
tests: convert multihost/basic/test_basic to test_kcm and test_authentication
Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit 376534022aebf11d23ee2b70ef13d17ca3842aea)
- - - - -
f1a11708 by Jakub Vavra at 2023-09-11T10:31:26+02:00
Tests: Print krb5.conf when joining realm.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
(cherry picked from commit 6540a67c9dac1c4b1c313797b169a32d94702819)
- - - - -
cb1c59c7 by Jakub Vavra at 2023-09-11T10:31:26+02:00
Tests: Split package installation to different transactions.
When package is missing/broken the dnf does not install anything
on fedora this prevented automation working properly.
This way the "optional" packages are installed separately.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
(cherry picked from commit 8fc5aadb1fbdf3ae1fdacc9dc9855db87f521650)
- - - - -
f117da5a by Jakub Vavra at 2023-09-11T10:31:26+02:00
Tests: Handle dns with systemd resolved.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
(cherry picked from commit e73efe153dd2e9ee753cf416030e135700434a67)
- - - - -
71ca2053 by Pavel Březina at 2023-09-15T10:50:01+02:00
tests: add sssd_test_framework.markers plugin
This loads additional markers defined in the sssd_test_framework.
Currently, there is only `builtwith` to check if SSSD was built with
particular feature (files-provider only at this moment).
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit 233a846e864fe2a364e05d08c3ae91475b5916d1)
- - - - -
674ee267 by Dan Lavu at 2023-09-25T13:41:52+02:00
tests: adding group and importance markers
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit f05d4ec1ecdaef90f3272504dbd9ac6c2e7aa8d8)
- - - - -
ec8f0269 by Jakub Vavra at 2023-09-26T08:16:28+02:00
tests: Add missing pytest marker config.
Reviewed-by: Patrik Rosecky <prosecky at redhat.com>
(cherry picked from commit 39dde256e5e9d226e63898e910b8ffda4428f933)
- - - - -
a4de653f by Sumit Bose at 2023-09-26T16:14:26+02:00
ci: remove unused clang-analyzer from dependencies
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 9474e0f4f42375b40e302da727401b9a5e28c2f5)
- - - - -
02bd1d7e by Justin Stephenson at 2023-09-26T16:15:45+02:00
Passkey: Allow kerberos preauth for "false" UV
When IPA passkey configuration sets require-user-verification=false
then the user verification value will be 0. We need to allow this
configuration within the plugin.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 57dac1e29f040a8c65ff815b15b1a8c9b70c276c)
- - - - -
a3111338 by Iker Pedrosa at 2023-09-26T16:15:45+02:00
passkey: omit user-verification
If user-verification is disabled and the key doesn't support it, then
omit it. Otherwise, the authentication will produce an error and the
user will be unable to authenticate.
I have also added a unit-test to check this condition.
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit a8daf9790906b7321024fef8e636f9c1b14343ab)
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 2c05926ed1fa4deab74b80d9faf6e4c26f31f46f)
- - - - -
45fbcd93 by aborah at 2023-09-26T16:18:44+02:00
Tests: Enabling proxy_fast_alias shows "ldb_modify failed: [Invalid attribute syntax]" for id lookups.
Enabling proxy_fast_alias shows "ldb_modify failed: [Invalid attribute syntax]" for id lookups.
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit bcbc0b3190e01895ccdce48c60b4966d204bd2f0)
- - - - -
7e45b32a by aborah at 2023-09-26T16:19:42+02:00
Tests: Port rootdse test suit to new test framework.
Port rootdse test suit to new test framework.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit 5f3c82d3c9e7ef999ebc2e754be64c81194d68a4)
- - - - -
b86d301c by Alexey Tikhonov at 2023-09-26T16:40:12+02:00
SUDO service: ${DEBUG_LOGGER} was missed for 'sudo'
service in a7277fecf7a65ab6c83b36f009c558cdfbf997d2
Resolves: https://github.com/SSSD/sssd/issues/6920
Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 01bee47a1557c0d21c9f35384c53758c70cf97c5)
Reviewed-by: Alejandro López <allopez at redhat.com>
- - - - -
5469de2f by Justin Stephenson at 2023-09-27T19:39:23+02:00
tests: Improve read write pipe child tests
Add test for multiple reads with a large message, and
add tests for child read/write safe calls.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit ae920b9ab3ddb107611f21b842bfddb6077290f1)
- - - - -
00479693 by Justin Stephenson at 2023-09-27T19:39:23+02:00
util: Realloc buffer size for atomic safe read
Realloc and increase the buffer size when safe read returns more
than CHILD_MSG_CHUNK size bytes.
This handles multiple passkey mappings returned from the krb5 child
in kerberos pre-authentication.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 1f4fffdb7f57d70151741ea7d844d020250fd309)
- - - - -
0705145c by Alexey Tikhonov at 2023-10-02T09:51:25+02:00
MC: a couple of additions to 'recover from invalid memory cache size' patch
Additions to 641e5f73d3bd5b3d32cafd551013d3bfd2a52732 :
- handle all invalidations consistently
- supply a valid pointer to `sss_mmap_cache_validate_or_reinit()`,
not a pointer to a local var
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 88d8afbb115f18007dcc11f7ebac1b238c3ebd98)
- - - - -
ede391c2 by Justin Stephenson at 2023-10-03T10:50:09+02:00
Passkey: Increase conv message size for prompting
Size needs to handle the prompts for interactive, touch, pin prompt, and
kerberos pre-auth warning message which could all be displayed.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 6f8f7c82b2b38220d99395d5d2732281b3cf1867)
- - - - -
583daff7 by Patrik Rosecky at 2023-10-03T10:50:35+02:00
Tests: converted alltests/test_pasword_policy.py to tests/test_ldap.py
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
(cherry picked from commit 64422699aed9a0024d39af00462c22dc47a8dfac)
- - - - -
6bba653c by Pavel Březina at 2023-10-03T10:51:01+02:00
ci: install latest SSSD code on IPA server
This allows us to test changes to the server mode as well.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit 9dccf7ff61c6dda89300cd36c62830dfff1687ad)
- - - - -
b8b2bfaf by Patrik Rosecky at 2023-10-03T10:52:02+02:00
Tests: alltest/test_sssctl_local.py converted to system/tests/sssctl.py
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 620af3b3fe160199fa92f49bd03abc91a37a04d7)
- - - - -
7a53c7ac by Patrik Rosecky at 2023-10-03T10:52:44+02:00
Tests: multihost/basic/test_files converted
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit ea7273b3d4e93f7cdf5bb6f5defcf1bd38659f8d)
- - - - -
df709da5 by Madhuri Upadhye at 2023-10-03T10:56:39+02:00
tests: add passkey tests for sssctl and non-kerberos authentication
1. Register a key with sssctl
2. Register a key with IPA sssctl command
3. Check authentication of user with IPA, LDAP, AD and Samba
All tests cases automated with umockdev.
Signed-off-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Scott Poore <spoore at redhat.com>
(cherry picked from commit 66c0a2d00b872db77d59efb41bac66df0cf04c26)
- - - - -
c6ea805e by Alejandro López at 2023-10-06T11:21:19+02:00
NSS: Replace notification message by a less scary one
Replace the message "Unable to find primary gid" by another one that
sounds less scary and is a little bit clearer for users.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 2c59fd211a6b35022fb2a4683918d77610f76660)
- - - - -
a9617cff by Patrik Rosecky at 2023-10-06T11:22:02+02:00
Tests:alltests/test_rfc2307.py converted to test_ldap.py
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
(cherry picked from commit 8ecfe20efca6696e94f64fbd2a024f6bcd7bb26d)
- - - - -
8d5752f4 by Patrik Rosecky at 2023-10-06T11:22:39+02:00
Tests: alltests/test_sss_cache.py converted to multihost/test_sssctl.py
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
(cherry picked from commit b07a7552aac1a1bb4985c31e6005771032d9cad6)
- - - - -
129ceaed by licunlong at 2023-10-06T14:04:07+02:00
cli: caculate the wait_time in milliseconds
The timeout we pass in is 300000ms, and we sleep 1s every
time we get a EAGAIN error, so we need to multiply 1000
for sleep_time.
Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
(cherry picked from commit a997ee7bd9d259e7faf654cb94145c0135df02f8)
- - - - -
3b939ce9 by Scott Poore at 2023-10-10T15:52:06+02:00
Tests: add follow-symlinks to sed for nsswitch
The multihost/alltests/test_automount_from_bash.py test module runs a
sed against /etc/nsswitch.conf which convers it from a link to a file.
This causes issues with authselect in later tests resulting in test
errors. This can be fixed by adding the --follow-symlinks option.
The restore() from the fixture should return the config to it's original
content.
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
(cherry picked from commit 1082f2563f5cdc7d4f019c3a85bd0c717fc6fd16)
- - - - -
1fa72109 by Alejandro López at 2023-10-11T13:43:21+02:00
KCM: Remove the oldest expired credential if no more space.
:feature: When adding a new credential to KCM and the user has
already reached their limit, the oldest expired credential
will be removed to free some space.
If no expired credential is found to be removed, the operation
will fail as it happened in the previous versions.
Resolves: https://github.com/SSSD/sssd/issues/6667
Reviewed-by: Sumit Bose <sbose at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 93ee0159a0f467ced3412d034ec706dd3508901e)
- - - - -
834b5369 by Alejandro López at 2023-10-11T13:43:21+02:00
KCM: Display in the log the limit as set by the user
max_uid_ccaches is unconditionally incremented by 2 in ccdb_secdb_init()
to create space for some internal entries. We cannot just show this
value as it is not what the user configured.
Reviewed-by: Sumit Bose <sbose at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 96d8b77ae6e7d1dd72b9add553935fc4aa6ab2c5)
- - - - -
6218b40f by Jakub Vavra at 2023-10-12T11:23:19+02:00
Tests: Skip tests unstable on other archs and tweak realm join.
Unify realm join for AD params tests to use code with timeout
to prevent suite freezing in sasl authid tests.
Set the whole suite as flaky to retry when realm join freezes.
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit 88a386e12a11287771d5429b11b066bf6e75e42f)
- - - - -
c799b75d by Jakub Vavra at 2023-10-16T10:23:12+02:00
Tests: Fix AD param sasl tests.
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit 8264cb573637c08b26c4ff8abcc44e09fd77fec0)
- - - - -
5e35a695 by Alexey Tikhonov at 2023-10-16T10:23:31+02:00
configure: use 'LDB_CFLAGS'
Also add all common *_CFLAGS to cwrap tests.
Reviewed-by: Alejandro Lopez <allopez at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 421a818f8be269a72c1d78653885ee171ac7c5f5)
- - - - -
c99f684c by Jakub Vavra at 2023-10-16T11:19:12+02:00
Tests: adjoin in test_00015_authselect_cannot_validate_its_own_files
Switch test_00015_authselect_cannot_validate_its_own_files to use adjoin
fixture instead of joining manually.
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit 4a9f8ebb8032df4b2e8dffb2be80fbd6575b0e7b)
- - - - -
7d73571e by Sumit Bose at 2023-10-16T13:34:48+02:00
utils: enable talloc null tracking
With this patch talloc_enable_null_tracking() is called during
`server_setup()` to make talloc memory usage reports more useful.
Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
(cherry picked from commit 7601918757910994894b9547647602b8c2ac806c)
- - - - -
42face74 by Sumit Bose at 2023-10-16T13:35:17+02:00
proxy: add support for certificate mapping rules
To be able to do local Smartcard authenticate the backend must be able
to map a certificate to a user based on the provided mapping rules.
With this patch the proxy provider is able to handle the certificate
mapping rules and users handled by the proxy provider can be configured
for Smartcard authentication. Besides the mapping rule local Smartcard
authentication should be enable with the 'local_auth_policy' option in
the backend and with 'pam_cert_auth' in the PAM responder.
:relnote: The proxy provider is now able to handle certificate mapping and
matching rules and users handled by the proxy provider can be
configured for local Smartcard authentication. Besides the mapping rule
local Smartcard authentication should be enable with the 'local_auth_policy'
option in the backend and with 'pam_cert_auth' in the PAM responder.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Scott Poore <spoore at redhat.com>
(cherry picked from commit c38699232594b8bdd79dbeed36b7afa5ba9b0512)
- - - - -
351aab97 by Sumit Bose at 2023-10-16T13:35:17+02:00
intg: add NSS module for nss-wrapper support
The main use case of this NSS module is to run proxy provider tests with
cwrap's nss-wrapper. The proxy provider loads the NSS modules directly
with dlopen() and is not using glibc's NSS mechanism. Since nss-wrapper
just wraps the standard glibc calls and does not provide an NSS module
on its own we have to use this workaround to make proxy provider work
with nss-wrapper.
DO NOT USE THIS IN /etc/nsswitch.conf, it will cause an infinite loop.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Scott Poore <spoore at redhat.com>
(cherry picked from commit ffd467430310f0671ba78fa0ef0385426f37d51f)
- - - - -
d3649143 by Sumit Bose at 2023-10-16T13:35:17+02:00
intg: replace files with proxy provider in PAM responder test
This patch replaces the deprecated files provider in the PAM responder
tests with the proxy provider. The straight-forward replacement would be
'proxy_lib_name = files' to use libnss_files.so.2 with the proxy
provider. But the tests are using nss-wrapper which wraps the plain
glibc calls. Because of this the test is using a dedicated NSS module to
work with nss-wrapper.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Scott Poore <spoore at redhat.com>
(cherry picked from commit 54f558966aa515370ee6218793a36d4148c80a73)
- - - - -
25a913ea by Sumit Bose at 2023-10-16T13:35:17+02:00
confdb: add new option for confdb_certmap_to_sysdb()
With this new boolean options the backends calling
confdb_certmap_to_sysdb() can indicate if the certificate mapping rules
should be applied for local users or not, which currently means LDAP
based mapping with a search filter string.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Scott Poore <spoore at redhat.com>
(cherry picked from commit 8952f6d8fea4a0e7e18eebf9e6a9f35d32de93bd)
- - - - -
7668ed6e by Sumit Bose at 2023-10-16T13:35:17+02:00
intg: use file and proxy provider in PAM responder test
All Smartcard authentication related tests are run now with the proxy
provider and the deprecated files provider. If the files provider will
be removed the tests can be removed by reverting this patch.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Scott Poore <spoore at redhat.com>
(cherry picked from commit f5f8030ad7bc469130ed69abec4c2563eca52e17)
- - - - -
04b6a22b by Sumit Bose at 2023-10-16T13:35:17+02:00
intg: add proxy auth with fallback test
SSSD currently assumed that PAM modules configured for the proxy auth
provider expect passwords as input. If a Smartcard is present during the
authentication, but local Smartcard authentication is not enabled, the
user should see a password prompt.
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Scott Poore <spoore at redhat.com>
(cherry picked from commit 4d475e41a5223f4bdabc1465bad4d4f87a911064)
- - - - -
793284ab by Justin Stephenson at 2023-10-18T15:29:20+02:00
man: Improve LDAP security wording
All communication, including the identity provided must be
encrypted to prevent attacks.
Resolves: https://github.com/SSSD/sssd/issues/6681
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
- - - - -
a48c7445 by Tomas Halman at 2023-10-18T15:31:33+02:00
dyndns: PTR record updates separately
DNS server does not allow updates for different zones in one
single step. Those updates must be sent separately.
It is complicated and in some cases impossible to detect that
PTR updates does not fit into one zone because it often depends
on DNS server configuration.
With this patch PTR record updates are always sent separately.
Resolves: https://github.com/SSSD/sssd/issues/6956
Reviewed-by: Dan Lavu <dlavu at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit f0bba9d5178d18e7b08aaa58375916d111dfeb59)
- - - - -
aa3616b3 by Dan Lavu at 2023-10-18T15:35:22+02:00
Updating ad_multihost test
* fixing raiseonerr=False to disjoin function
* cleaned up code since the line limit has increased
* added AD from forest1 to resolv.conf and /etc/hosts
* updating test case documentation to clarify the test
Signed-off-by: Dan Lavu <dlavu at redhat.com>
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
(cherry picked from commit bd839b85e25701116cb8453e142014973a9c6de9)
- - - - -
c866b531 by Dan Lavu at 2023-10-18T15:35:22+02:00
Updating ad_multihost test
* fixing raiseonerr=False to disjoin function
* cleaned up code since the line limit has increased
* added AD from forest1 to resolv.conf and /etc/hosts
* updating test case documentation to clarify the test
Signed-off-by: Dan Lavu <dlavu at redhat.com>
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
(cherry picked from commit cb72984e2d533306489c6161678443ce2fe48661)
- - - - -
3fd19c80 by Dan Lavu at 2023-10-18T15:35:22+02:00
Adding test case for bz2167728
* Cleaned up lines since the character count has increased
* Added test ids to existing tests
Signed-off-by: Dan Lavu <dlavu at redhat.com>
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
(cherry picked from commit 95678ad7e4f18e47cd67aabe660e0c26c07a2ffa)
- - - - -
9c4f7281 by Iker Pedrosa at 2023-10-23T13:27:56+02:00
man: clarify user credentials for `cache_credentials`
It only applies to passwords, not other authentication mechanisms like
smartcards or passkeys.
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 38d334ea040e2f5b0da4a3a37618215658b2c3a8)
- - - - -
9e7a08a8 by Patrik Rosecky at 2023-10-23T13:32:53+02:00
TESTS: topology set to KnownTopologyGroup.AnyProvider
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit ce117ae0c25305a5109d0f663d677a9ccae3b68a)
- - - - -
a9498b12 by Jakub Vavra at 2023-10-25T15:07:33+02:00
Tests: Fix autofs cleanups
Autofs tests were not cleaning properly leaving behind stuck/unresponsive
mounts. This was failing other tests that were executed after these suites.
Tests were stuck when trying to create a new local users or listing dirs.
Reviewed-by: Scott Poore <spoore at redhat.com>
(cherry picked from commit 7a3cc7a7be5eb8215709d5074d91567f7b7b60e1)
- - - - -
2bbc8754 by Sumit Bose at 2023-10-25T15:15:27+02:00
ipa: reduce log level of some HBAC log messages
Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
(cherry picked from commit a7b19bcb47ddaaaa745a32571b444ee185e79b4c)
- - - - -
fa33c997 by Iker Pedrosa at 2023-10-25T15:59:27+02:00
CI: build passkey for centos-9
Also include RHEL9+ to build passkey in the spec file.
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
(cherry picked from commit 5a211ec941acde206d52092f5547fc46737f30e5)
- - - - -
9ebaee77 by dependabot[bot] at 2023-10-26T11:34:13+02:00
build(deps): bump DamianReeves/write-file-action
Bumps [DamianReeves/write-file-action](https://github.com/damianreeves/write-file-action) from 41569a7dac64c252caacca7bceefe28b70b38db1 to 0a7fcbe1960c53fc08fe789fa4850d24885f4d84.
- [Release notes](https://github.com/damianreeves/write-file-action/releases)
- [Commits](https://github.com/damianreeves/write-file-action/compare/41569a7dac64c252caacca7bceefe28b70b38db1...0a7fcbe1960c53fc08fe789fa4850d24885f4d84)
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit 0456ecad643428b2ac28c932cb7435c8b914529a)
- - - - -
d154f72d by dependabot[bot] at 2023-10-26T11:34:38+02:00
build(deps): bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit 2f5b299996ea8e4d0bdded3eb0b020ed311209f9)
- - - - -
66d115cc by dependabot[bot] at 2023-10-26T11:35:01+02:00
build(deps): bump vapier/coverity-scan-action from 1.2.0 to 1.7.0
Bumps [vapier/coverity-scan-action](https://github.com/vapier/coverity-scan-action) from 1.2.0 to 1.7.0.
- [Release notes](https://github.com/vapier/coverity-scan-action/releases)
- [Commits](https://github.com/vapier/coverity-scan-action/compare/v1.2.0...v1.7.0)
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit ff42d88994a13c9f130741a13ee7fe4dac63a5df)
- - - - -
155584ee by dependabot[bot] at 2023-10-26T11:36:59+02:00
build(deps): bump linuxdeepin/action-cppcheck
Bumps [linuxdeepin/action-cppcheck](https://github.com/linuxdeepin/action-cppcheck) from 9ef62c4ec8cd5660952cd02c58b83fa57c16a42b to e63fb1d3f321e0467737aa9de7f691360fb1b8fb.
- [Release notes](https://github.com/linuxdeepin/action-cppcheck/releases)
- [Commits](https://github.com/linuxdeepin/action-cppcheck/compare/9ef62c4ec8cd5660952cd02c58b83fa57c16a42b...e63fb1d3f321e0467737aa9de7f691360fb1b8fb)
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit cbb107314100bf2be9f55aa2b967a60d149440ca)
- - - - -
380eafa5 by Pavel Březina at 2023-10-27T13:15:33+02:00
intg: return status code for calls requiring it in fake nss module
To avoid gcc warning that a function is not returning value.
```
/shared/workspace/sssd/src/tests/intg/nss_call.c: In function '_nss_call_setpwent':
/shared/workspace/sssd/src/tests/intg/nss_call.c:63:1: error: control reaches end of non-void function [-Werror=return-type]
63 | }
| ^
/shared/workspace/sssd/src/tests/intg/nss_call.c: In function '_nss_call_endpwent':
/shared/workspace/sssd/src/tests/intg/nss_call.c:77:1: error: control reaches end of non-void function [-Werror=return-type]
77 | }
| ^
/shared/workspace/sssd/src/tests/intg/nss_call.c: In function '_nss_call_setgrent':
/shared/workspace/sssd/src/tests/intg/nss_call.c:98:1: error: control reaches end of non-void function [-Werror=return-type]
98 | }
| ^
/shared/workspace/sssd/src/tests/intg/nss_call.c: In function '_nss_call_endgrent':
/shared/workspace/sssd/src/tests/intg/nss_call.c:111:1: error: control reaches end of non-void function [-Werror=return-type]
111 | }
| ^
```
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 4f5b1a25a0bd108cbba77a63dfe50f64f2249764)
- - - - -
e217fa82 by Pavel Březina at 2023-11-02T13:59:45+01:00
ci: get frozen Fedora releases in the matrix
A Fedora release may be in a frozen state (beta freeze, final freeze),
in such case, it is not temporarily visible under "pending"
but under "frozen".
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit 17cf4bbb7e7969d6cba4e1a61ef2bb7b6a879c50)
- - - - -
ef5370e9 by Alexey Tikhonov at 2023-11-03T12:07:18+01:00
SSS_CLIENT: replace `__thread` with `pthread_*specific()`
in sss_client code to properly handle OOM condition (with `__thread`
glibc terminates process in this case).
Solution relies on the fact that `sss_cli_check_socket()` is always
executed first, before touching socket.
Nonetheless, there are sanity guards in setters/getters just in case.
It's possible to move context initialization code into a separate
function and call it in every getter/setter, but probably not worth it.
Reviewed-by: Sumit Bose <sbose at redhat.com>
Reviewed-by: Carlos O'Donell <codonell at redhat.com>
(cherry picked from commit b0212b04f109875936612a52a7b30a80e5a85ee5)
- - - - -
5a546c84 by Pavel Březina at 2023-11-09T12:23:19+01:00
ipa: do not go offline if group does not have SID
This happens during applying overrides on cached group
during initgroups of trusted user. If the group does not
have SID (it's GID is outside the sidgen range), SSSD goes
offline.
Only SSSD running in server_mode is affected.
This patch ignores error in single group and rather continues
processing the remaining groups.
Resolves: https://github.com/SSSD/sssd/issues/6942
Reviewed-by: Sumit Bose <sbose at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 26047f07c0f7aa61a44543de8674ec7d0904812e)
- - - - -
3da54579 by Sumit Bose at 2023-11-10T11:38:43+01:00
PAM: fix Smartcard offline authentication
Even if a Smartcard was inserted and proper certificates were found
offline authentication with the Smartcard was not possible because the
certificate information was accidentally removed from the reply send to
the PAM module.
Resolves: https://github.com/SSSD/sssd/issues/7009
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Scott Poore <spoore at redhat.com>
(cherry picked from commit 962e9d0529c5ffd4e9b3c342b038daa5dbaa75e9)
- - - - -
2eae8ab4 by Weblate at 2023-11-13T11:47:40+01:00
po: update translations
(Russian) currently translated at 100.0% (717 of 717 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ru/
po: update translations
(Polish) currently translated at 100.0% (717 of 717 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/pl/
po: update translations
(Korean) currently translated at 100.0% (717 of 717 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/
po: update translations
(Georgian) currently translated at 13.2% (95 of 717 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ka/
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/
po: update translations
(Polish) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/pl/
po: update translations
(Georgian) currently translated at 13.0% (93 of 714 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ka/
po: update translations
(Finnish) currently translated at 10.2% (73 of 714 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/fi/
- - - - -
d380342b by Pavel Březina at 2023-11-13T11:54:22+01:00
pot: update pot files
- - - - -
ee2e0cd9 by Pavel Březina at 2023-11-13T11:55:21+01:00
Release sssd-2.9.3
- - - - -
30 changed files:
- .github/workflows/analyze-target.yml
- .github/workflows/ci.yml
- .github/workflows/copr_build.yml
- .github/workflows/coverity.yml
- .github/workflows/static-code-analysis.yml
- Makefile.am
- contrib/ci/configure.sh
- contrib/ci/deps.sh
- contrib/ci/get-matrix.py
- contrib/sssd.spec.in
- po/bg.po
- po/ca.po
- po/cs.po
- po/de.po
- po/es.po
- po/eu.po
- po/fi.po
- po/fr.po
- po/hu.po
- po/id.po
- po/it.po
- po/ja.po
- po/ka.po
- po/ko.po
- po/nb.po
- po/nl.po
- po/pl.po
- po/pt.po
- po/pt_BR.po
- po/ru.po
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/compare/644cd599fd9a96ea5c445c830e09f53701d5900d...ee2e0cd9bce728c1cd4d53dcd6ce0ed9f962847c
--
View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/compare/644cd599fd9a96ea5c445c830e09f53701d5900d...ee2e0cd9bce728c1cd4d53dcd6ce0ed9f962847c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-sssd-devel/attachments/20231218/a4e29718/attachment-0001.htm>
More information about the Pkg-sssd-devel
mailing list