[Pkg-sssd-devel] [Git][sssd-team/sssd][master] 62 commits: Tests: gssapi ssh login minor fix
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Tue Jan 10 17:57:10 GMT 2023
Timo Aaltonen pushed to branch master at Debian SSSD packaging / sssd
Commits:
de1d4636 by Shridhar Gadekar at 2022-11-09T10:00:54+01:00
Tests: gssapi ssh login minor fix
Trivial fix, the kinit command was missing '@' after usename. It was
causing obvious failure to fetch krb ticket.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
(cherry picked from commit 955192b12fafdb55daaa0b12381322031fd20816)
- - - - -
a3b30043 by aborah-sudo at 2022-11-09T18:37:37+01:00
Tests: Removing tests from gating pipe line
test_bz1368467 --- this one looks more perfomance than gatting
test_avoid_interlocking_among_threads --- feature not supported
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Steeve Goveas <sgoveas at redhat.com>
(cherry picked from commit dbf9198dc4d3516422a2256724c72317c1318211)
- - - - -
25deb9e0 by Shridhar Gadekar at 2022-11-09T20:25:56+01:00
Tests: Use negative cache better for lookup by SIDs
Minor change, adding import of re module
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 6077230633849afb8f682333682a3353244951a0)
- - - - -
10641ea1 by aborah-sudo at 2022-11-10T10:51:15+01:00
Tests: Removing tests from gating pipe line
test_bz1368467 --- this one looks more perfomance than gatting
(cherry picked from commit 7c907a7c9725f0a00dab2ea20656434a2e1ed61f)
- - - - -
9258f0be by Alexey Tikhonov at 2022-11-15T10:42:34+01:00
UTILS: socket connect: added missing new line and adjusted log level to more appropriate
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit 3e02de933d234e4039d096a9534cd282ce170548)
- - - - -
8e82f3d4 by Jakub Vavra at 2022-11-15T10:43:25+01:00
Tests: Add a test for bz1964121 override homedir to lowercase
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1964121
Verifies: #6210
Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit a21c666255c81a6da062d801a4c0d95c30bd2f66)
- - - - -
2f885989 by Alexey Tikhonov at 2022-11-18T14:48:43+01:00
UTILS: got rid of deprecated `inet_netof()` to please 'rpminspect'.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 93ed5e58e0bfa9d67fc83ee2643687ed24151fb0)
- - - - -
44717b82 by Jakub Vavra at 2022-11-18T15:59:57+01:00
Tests: Add the missing admisc pytest marker.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
(cherry picked from commit a7759ab30b12b92c1a21aec5549f8a05dcc98947)
- - - - -
564af88d by Jakub Vavra at 2022-11-18T15:59:57+01:00
Tests: Wait a bit before collection log in test_0015_ad_parameters_ad_hostname_machine.
This test is unstable on other architectures (ppc64le, aarch64) and it seems that
adding a 15s wait before collecting the log gives it enough time to wtrite it properly.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
(cherry picked from commit bce2b0c8037250ad2d8d817e747a78439bd6610c)
- - - - -
d2b5c789 by Jakub Vavra at 2022-11-18T15:59:57+01:00
Tests: Fix E126 in test_adparameters_ported.py
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
(cherry picked from commit d7e7efe93deabbbfff24664799e1fdb60c5a2fbc)
- - - - -
19fd96f1 by aborah-sudo at 2022-11-18T16:00:51+01:00
Tests: fix test_bz1368467
This test was failing due to login error.
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit 285f1703194fa260b4886133d9bcd79de70f24ff)
- - - - -
7d0c70cc by Justin Stephenson at 2022-11-18T16:02:03+01:00
Analyzer: Ensure parsed id contains digit
In analyzer list verbose output, we parse the last field of cache_req_search_send() lines.
Certain log messages need to be filtered out by ensuring the parsed field is
a digit, such as the last line below.
[cache_req_search_send] (0x0400): [CID#1] CR #1: Looking up GID:1031401119 at testrealm.test
[cache_req_search_send] (0x0400): [CID#1] CR #1: Looking up GID:1031401119 at testrealm.test
[cache_req_search_send] (0x0400): [CID#1] CR #1: Looking up GID:1031401119 at domain-zflo.com
[cache_req_search_send] (0x0400): [CID#1] CR #1: Returning [GID:1031401119 at domain-zflo.com] from cache
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit bfa8d50c479cf8ef7b299eb5848309a3a9ea7f12)
- - - - -
541cd677 by Alexey Tikhonov at 2022-11-18T18:01:36+01:00
TOOLS: don't export internal helpers
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit 6ef3aade0394e32540242f902c9f21bb8d6c41f2)
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
bb97f89a by Alexey Tikhonov at 2022-11-18T18:01:36+01:00
TOOLS: fixed handling of init error
Before execution of `tool_cmd_init()` `init_err` wasn't set,
so `sss_tools_handles_init_error()` check was a no-op.
Consequently, a proper check after `tool_cmd_init()` was missing.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit 7af46ba0e925da61b7b4003c3fa6d51c05c1116e)
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
581617c0 by Alexey Tikhonov at 2022-11-18T18:01:37+01:00
SSSCTL: don't require 'root' for "analyze" cmd
:relnote: `sssctl analyze` tool doesn't require anymore to be run under root.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit 99791400bec1054cf0081884e013a3cbed75fe8a)
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
a34b4f5e by Steeve Goveas at 2022-11-18T18:08:55+01:00
Tests: Cannot SSH with AD user to ipa-client with invalid keytab
`krb5_validate` and `pac_check` settings conflict. Setting krb5_validate
to false skips the pac_check enabling the login
Verifies:
#6355
https://bugzilla.redhat.com/show_bug.cgi?id=2127822
https://bugzilla.redhat.com/show_bug.cgi?id=2128902
Reviewed-by: Anuj Borah <aborah at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 790e7a779f4385b8ad95878ee79a44fdaac46325)
- - - - -
e3be4597 by Jakub Vavra at 2022-11-22T18:36:39+01:00
Tests: Update fixture using adcli to handle password from stdin.
Adcli changed handling password dialog for bz2124030 so
the automation needs to be updated to work properly.
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 14748ff981ac5825a55c06350db05dce23732299)
- - - - -
49b10717 by Justin Stephenson at 2022-11-22T18:37:22+01:00
SSSCTL: Add debug option to help message
Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit 2f99cd31bc43406a9d400129260654ebd6bccc15)
- - - - -
dc71321f by Pavel Březina at 2022-11-25T13:25:17+01:00
ci: make /dev/shm writable
We build SSSD in /dev/shm which is mounted on read-only file system on
new podman version. We need to mount it as tmpfs to make it writable.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit f5c0e7b391879782b0e93fe02265c3bef7cb9edf)
- - - - -
8c4da493 by Pavel Březina at 2022-11-25T13:25:17+01:00
ci: install correct python development package
The package name has changed on new Ubuntu.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit ae614c17b3874862200b78e57c158554b62a8273)
- - - - -
77ef7b25 by Iker Pedrosa at 2022-11-25T13:25:45+01:00
ci: fix codeql
libsemanage1-dev renamed to libsemanage-dev in debian and its
derivatives.
Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit 336b1facdc043f21aab7e67e46c3c736fa64d303)
- - - - -
0253f7c3 by Justin Stephenson at 2022-11-25T13:26:11+01:00
CI: Update core github actions
Update dependent actions to address:
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 4a6eb258c33c8adeb78c053aa8401729f0f6bbec)
- - - - -
765fe3de by Jakub Vavra at 2022-11-28T06:32:59+01:00
Tests: Fix automount OU removal from AD.
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit fc3fad982e39d560a80c1a8b922455a190718cb7)
- - - - -
ece94348 by Cole Robinson at 2022-11-30T16:48:11+01:00
MAN: Fix option typo on sssd-kcm.8
The option is called krb5_renewable_lifetime, not krb5_renew_lifetime
Signed-off-by: Cole Robinson <crobinso at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit 340691fae95a2fc66c85d5da8db14f227b2c88a8)
- - - - -
b00c72d2 by Sumit Bose at 2022-11-30T16:50:57+01:00
PAC: allow to disable UPN check
Currently it was not possible to skip the UPN check which checks if the
UPN in the PAC and the one stored in SSSD's cache are different.
Additionally the related debug message will show both principals if they
differ.
Resolves: https://github.com/SSSD/sssd/issues/6451
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 91789449b7a8b20056e1edfedd8f8cf92f7a0a2a)
- - - - -
a3304cc6 by Sumit Bose at 2022-11-30T16:50:57+01:00
ipa: do not add guessed principal to the cache
Currently on IPA clients a calculated principal based on the user name
and the Kerberos realm is added to the cached user object. This code is
quite old and might have been necessary at times when sub-domain support
was added to SSSD. But since quite some time SSSD is capable of
generating the principal on the fly during authentication if nothing is
stored in the cache.
Removing the code makes the cache more consistent with other use-cases,
e.g. with the IPA server where this attribute is empty, and allows to
properly detect a missing UPN, e.g. during the PAC validation.
Resolves: https://github.com/SSSD/sssd/issues/6451
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit b3d7a4f6d4e1d4fa1bd33b296cd4301973f1860c)
- - - - -
35a28524 by Sumit Bose at 2022-11-30T16:50:57+01:00
pac: relax default check
To avoid issues with the UPN check during PAC validation when
'ldap_user_principal' is set to a not existing attribute to skip reading
user principals a new 'pac_check' option, 'check_upn_allow_missing' is
added to the default options. With this option only a log message is
shown but the check will not fail.
Resolves: https://github.com/SSSD/sssd/issues/6451
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 51b11db8b99a77ba5ccf6f850c2e81b5a6ee9f79)
- - - - -
65e944bd by aborah-sudo at 2022-11-30T16:53:35+01:00
Tests: fix test_sssctl_local.py::Testsssctl::test_0002_bz1599207
test_sssctl_local.py::Testsssctl::test_0002_bz1599207 is affcted by
disable "implicit files provider"
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit ad0a8c6a33ea5bbad8058112b95bef00bb76d5c9)
- - - - -
cd1a94e5 by Alexey Tikhonov at 2022-12-02T15:20:45+01:00
SYSDB: pre-existence of MPG group in the cache isn't an error
Addition to 71466a8dbdb1d755ace15680cc2b4b11b68a0573
Reviewed-by: Sumit Bose <sbose at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit e4dd11f2c2cd59031f904a1e30ed5b67edbdd54f)
- - - - -
cca0233e by Sumit Bose at 2022-12-02T17:10:38+01:00
certmap: add support for serial number
Read the serial number of the certificate and make it available.
Resolves: https://github.com/SSSD/sssd/issues/6403
(cherry picked from commit 3f8bc8720ff871490c6a6233b1a21bc1d2018cf1)
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
a2bca35c by Sumit Bose at 2022-12-02T17:10:38+01:00
certamp: add support for subject key id
Read the subject key id from the certificate and make it available.
Resolves: https://github.com/SSSD/sssd/issues/6403
(cherry picked from commit 10d977a3675a8145314edea0bebd7b9ac01eda89)
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
47f3408e by Sumit Bose at 2022-12-02T17:10:38+01:00
certmap: add support for SID extension
Check if the SID extension is available, read the SID and make it
available.
Resolves: https://github.com/SSSD/sssd/issues/6403
(cherry picked from commit 9e1b711b2611e7390bcbcd4a9682dd18e71c3d72)
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
8d8e3c7c by Sumit Bose at 2022-12-02T17:10:38+01:00
certmap: fix for SAN URI
The URI was not added to the list of subject alternative names.
(cherry picked from commit f293507d9f6efda9908a3ec971ce7f4eac284ae1)
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
6ad29f99 by Sumit Bose at 2022-12-02T17:10:38+01:00
certmap: add bin_to_hex() helper function
This patch adds a helper function to format hexadecimal strings of
binary data.
Resolves: https://github.com/SSSD/sssd/issues/6403
(cherry picked from commit c4085c9a7d1ec54c1b830583128148a0c7b807d8)
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
9a45e616 by Sumit Bose at 2022-12-02T17:10:38+01:00
sssctl: add cert-eval-rule sub-command
The new 'cert-eval-rule' sub-command of sssctl show the results of given
matching and mapping rules on a given certificate. This should help to
find suitable mapping and matching rules and to understand why given
certificate is matched or not.
Resolves: https://github.com/SSSD/sssd/issues/6403
(cherry picked from commit 11483f1ec046f1062df68f1544e49fd59473084e)
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
3f336da4 by Sumit Bose at 2022-12-02T17:10:38+01:00
certmap: add get_digest_list() and get_hash()
Add support to calculate hash/digest values of binary data, e.g. of a
certificate.
Resolves: https://github.com/SSSD/sssd/issues/6404
(cherry picked from commit 3676a4fba473b93df2b32fb143ef0b261d04d9f6)
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
8a6a874b by Sumit Bose at 2022-12-02T17:10:38+01:00
certmap: dump new attributes in sss_cert_dump_content()
Add the newly discovered certificate values, i.e. serial number, subject
key id and SID to the output of sss_cert_dump_content() which is used
e.g. by 'sssctl cert-show'.
Resolves: https://github.com/SSSD/sssd/issues/6403
(cherry picked from commit 0a906107322fffc17757480f9e540796f9f181ce)
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
698d5688 by Sumit Bose at 2022-12-02T17:10:38+01:00
certmap: add LDAPU1 mapping rules
Add mapping rule templates for the new discovered attributes, templates
for certificate hashes and templates to select individual DN components.
To avoid issues with older versions of the library the new templates
must use the prefix LDAPU1.
:feature: New mapping template for serial number, subject key id, SID,
certificate hashes and DN components are added to
libsss_certmap.
Resolves: https://github.com/SSSD/sssd/issues/6403
(cherry picked from commit 1303c6241bb27ef902787dcd526aeaae3417063a)
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
17142068 by Sumit Bose at 2022-12-02T17:10:38+01:00
certmap: add tests for new attributes and LDAPU1 rules
Resolves: https://github.com/SSSD/sssd/issues/6403
(cherry picked from commit 4ac53fb5ef95cd2c94f076299aa4d3213c3c9be6)
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
925d8a9f by Sumit Bose at 2022-12-02T17:10:38+01:00
certmap: add LDAPU1 rules to man page
This patch adds the new LDAPU1 mapping rule templates to the sss-certmap
man page.
Resolves: https://github.com/SSSD/sssd/issues/6403
(cherry picked from commit 882f560e68a881a95d7f66745a3530176bdd0a66)
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
12e39a45 by Sumit Bose at 2022-12-02T17:10:38+01:00
certmap: Add documentation for some internal functions
Resolves: https://github.com/SSSD/sssd/issues/6403
(cherry picked from commit b0bdf712eb632f94e9925d32fb703bdfd574e11d)
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
- - - - -
72eed034 by 김인수 at 2022-12-02T17:35:32+01:00
po: update translations
(Korean) currently translated at 100.0% (663 of 663 strings)
Translation: SSSD/SSSD-2-8
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ko/
- - - - -
5bd2aa9b by Piotr Drąg at 2022-12-02T17:35:32+01:00
po: update translations
(Polish) currently translated at 100.0% (663 of 663 strings)
Translation: SSSD/SSSD-2-8
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/pl/
- - - - -
8290b0e7 by Elena Mishina at 2022-12-02T17:35:32+01:00
po: update translations
(Russian) currently translated at 100.0% (663 of 663 strings)
Translation: SSSD/SSSD-2-8
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ru/
- - - - -
0909e8a1 by Yuri Chornoivan at 2022-12-02T17:35:32+01:00
po: update translations
(Ukrainian) currently translated at 100.0% (663 of 663 strings)
Translation: SSSD/SSSD-2-8
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/uk/
- - - - -
f1dc6cdd by Temuri Doghonadze at 2022-12-02T17:35:32+01:00
po: update translations
(Georgian) currently translated at 7.8% (52 of 663 strings)
Translation: SSSD/SSSD-2-8
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ka/
- - - - -
0b467961 by 김인수 at 2022-12-02T17:35:32+01:00
po: update translations
(Korean) currently translated at 100.0% (663 of 663 strings)
Translation: SSSD/SSSD-2-8
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ko/
- - - - -
464c78be by Shridhar Gadekar at 2022-12-05T10:18:41+01:00
Test: gssapi test fix
minor flake8 fixes
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
(cherry picked from commit 664a436e9ce758554938183d1475e7353020e495)
- - - - -
64c99055 by Alexey Tikhonov at 2022-12-05T11:22:17+01:00
Translations: add missing `tools/sssctl/sssctl_cert.c` and macros
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 8b09c9387e55b177d6b1ec65afe65e354e19b96b)
- - - - -
be569b0c by Alexey Tikhonov at 2022-12-05T11:25:36+01:00
Updated .pot/.po files
- - - - -
f17bb003 by Alexey Tikhonov at 2022-12-06T16:08:04+01:00
BUILD: deprecate `--enable-files-domain` build option
:relnote:`--enable-files-domain` configure option is deprecated and
will be removed in one of the next versions of SSSD.
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 714ababe8c96cd3a43d3c114cf853ce4a259fd0f)
- - - - -
99d46b2f by Tomas Halman at 2022-12-06T16:08:52+01:00
RESOLV: Configuration option for DNS search
DNS search may increase the time of name resolution significantly.
Particularly when SSSD is misconfigured or the DNS server is
unreachable.
With this patch SSSD can avoid DNS search and the list
of domains from resolv.conf is ignored. To avoid DNS search in
kerberos library SSSD appends the dot to the server names before
they are written into KDC info file.
:relnote: SSSD can be configured not to perform a DNS search
during DNS name resolution. This behavior is governed by the
new dns_resolver_use_search_list. This parameter can
be used in the domain section. Default value is true - that
means that SSSD follows the system settings.
Resolves: https://github.com/SSSD/sssd/issues/5390
Reviewed-by: Alejandro Lopez <allopez at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 2fda8e7b7e71dd5ebdc7297449d3afc52ac9eb03)
- - - - -
a8b6be40 by Dan Lavu at 2022-12-07T15:46:08-05:00
Adding Ported DynDNS Testcases
This is merged branch of two following PRs, 6363 and 6344 which are now closed.
6344 Add the tests but are unreliable.
6363 contains the following changes, rewriting the suite.
* change_hostname fixture would revert back to the hostname in /etc/hostname, updated fixture
* disabled DNS recursion, lookups were being forwarded to authoritative servers resulting in false passing tests
* removed ipv6 address about part of the del_record, would result in passing but the wrong thing be searched
* created a DNSAD object to search for records directly on the DNS server, stabling results and skipping any cache
* cleaned up the functions and code for readability
Signed-off-by: Dan Lavu <dlavu at redhat.com>
- - - - -
20037ae5 by Sumit Bose at 2022-12-09T13:22:15+01:00
p11: fix size of argument array
Currently 19 options can be set for p11_child and the a NULL at the end
the array must have 20 elements.
Resolves: https://github.com/SSSD/sssd/issues/6479
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit aac303e84b71325d3c45fa7a22f83f7f54d4b7a2)
- - - - -
98412a4e by Alejandro López at 2022-12-09T13:22:45+01:00
BACKEND: Reload resolv.conf after initialization
Once the backend initialization is finished, in particular after D-Bus
is initialized, reload the resolv.conf file to retrieve any change
signaled through D-Bus before its initialization.
Resolves: https://github.com/SSSD/sssd/issues/6383
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit 34d55884c6349d2c576a625bfbfcbfbc4f3c146f)
- - - - -
5b7a4b4f by Madhuri Upadhye at 2022-12-09T13:23:57+01:00
Tests: Minor fixes for alltests
Enable files domain.
Signed-off-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Anuj Borah <aborah at redhat.com>
(cherry picked from commit 81eb0606d5ea1ce79c0fdd1d71784bb01a682e03)
- - - - -
16c814ad by aborah-sudo at 2022-12-09T13:24:25+01:00
Tests: port proxy_provider/rfc2307bis
https://gitlab.cee.redhat.com/sssd/sssd-qe/-/tree/RHEL8.6/client/proxy_provider/rfc2307bis
Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 4a658e6ccf7a3b2cd5fb9d1827d0caec6b8dc961)
- - - - -
5d4f9dfd by Weblate at 2022-12-09T13:30:10+01:00
po: update translations
(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (704 of 704 strings)
Translation: SSSD/SSSD-2-8
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/zh_CN/
po: update translations
(Ukrainian) currently translated at 100.0% (704 of 704 strings)
Translation: SSSD/SSSD-2-8
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/uk/
po: update translations
(Korean) currently translated at 100.0% (704 of 704 strings)
Translation: SSSD/SSSD-2-8
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ko/
po: update translations
(Korean) currently translated at 100.0% (704 of 704 strings)
Translation: SSSD/SSSD-2-8
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ko/
po: update translations
(Japanese) currently translated at 100.0% (704 of 704 strings)
Translation: SSSD/SSSD-2-8
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ja/
po: update translations
(French) currently translated at 100.0% (704 of 704 strings)
Translation: SSSD/SSSD-2-8
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/fr/
po: update translations
(Ukrainian) currently translated at 100.0% (704 of 704 strings)
Translation: SSSD/SSSD-2-8
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/uk/
po: update translations
(Korean) currently translated at 96.4% (679 of 704 strings)
Translation: SSSD/SSSD-2-8
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ko/
- - - - -
37f934f2 by Pavel Březina at 2022-12-09T13:38:26+01:00
pot: update pot files
- - - - -
796b6dae by Pavel Březina at 2022-12-09T13:39:40+01:00
Release sssd-2.8.2
- - - - -
ffcadcd1 by Timo Aaltonen at 2023-01-10T16:43:04+02:00
Merge branch 'upstream'
- - - - -
b6953e55 by Timo Aaltonen at 2023-01-10T16:43:44+02:00
version bump
- - - - -
25 changed files:
- .github/workflows/ci.yml
- .github/workflows/copr_build.yml
- Makefile.am
- contrib/ci/deps.sh
- contrib/sssd.spec.in
- debian/changelog
- po/Makevars
- po/POTFILES.in
- po/bg.po
- po/ca.po
- po/cs.po
- po/de.po
- po/es.po
- po/eu.po
- po/fi.po
- po/fr.po
- po/hu.po
- po/id.po
- po/it.po
- po/ja.po
- po/ka.po
- po/ko.po
- po/nb.po
- po/nl.po
- po/pl.po
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/compare/edc62ebeab9c51d1b99d4f41d7f2c0ae8f52e3fc...b6953e55729ee21e8caaa6cbf45494815026c896
--
View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/compare/edc62ebeab9c51d1b99d4f41d7f2c0ae8f52e3fc...b6953e55729ee21e8caaa6cbf45494815026c896
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-sssd-devel/attachments/20230110/44fa9479/attachment-0001.htm>
More information about the Pkg-sssd-devel
mailing list