[Pkg-sssd-devel] [Git][sssd-team/sssd][upstream] 84 commits: Test: gating sssd after crash

Timo Aaltonen (@tjaalton) gitlab at salsa.debian.org
Fri Sep 8 07:59:33 BST 2023



Timo Aaltonen pushed to branch upstream at Debian SSSD packaging / sssd


Commits:
b8ff5f1c by Shridhar Gadekar at 2023-06-27T09:48:04+02:00
Test: gating sssd after crash

Using new authentication module for ssh login
instead of existing one

Reviewed-by: Anuj Borah <aborah at redhat.com>
(cherry picked from commit 0171bcb0663093b4d66774bf18404b76eaab9a85)

- - - - -
a8713989 by aborah at 2023-06-27T09:49:21+02:00
Tests: Fix alltest tier1_3 tests with new ssh module

Fix alltest tier1_3 tests with new ssh module

Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit 56741208742e54228570057eb0b85927f1f7edb8)

- - - - -
7eef9162 by aborah at 2023-06-27T09:50:37+02:00
Tests: Fix IPA tire1_2 tests

Fix IPA tire1_2 tests

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
(cherry picked from commit 7f94e5ca48a16270b0748d87719a807ab85c2ef0)

- - - - -
4e7cfe17 by Alexey Tikhonov at 2023-06-28T12:42:01+02:00
BUILD: Accept krb5 1.21 for building the PAC plugin

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 74d0f4538deb766592079b1abca0d949d6dea105)

Reviewed-by: Sumit Bose <sbose at redhat.com>

- - - - -
f16e5708 by Sumit Bose at 2023-07-04T15:36:40+02:00
watchdog: add arm_watchdog() and disarm_watchdog() calls

Those two new calls can be used if there are requests stuck by e.g.
waiting on replies where there is no other way to handle the timeout and
get the system back into a stable state. They should be only used as a
last resort.

Resolves: https://github.com/SSSD/sssd/issues/6803

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit 75f2b35ad3b9256de905d05c5108400d35688554)

- - - - -
27987c79 by Sumit Bose at 2023-07-04T15:36:40+02:00
sbus: arm watchdog for sbus_connect_init_send()

There seem to be conditions where the reply in the
sbus_call_DBus_Hello_send() request gets lost and the backend cannot
properly initialize its sbus/DBus server. Since the backend cannot be
connected by the frontends in this state the best way to recover would
be a restart. Since the event-loop is active in this state, e.g. waiting
for the reply, the watchdog will not consider the process as hung and
will not restart the process.

To make the watchdog handle this case arm_watchdog() and
disarm_watchdog() are called before and after the request, respectively.

Resolves: https://github.com/SSSD/sssd/issues/6803

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit cca9361d92501e0be34d264d370fe897a0c970af)

- - - - -
e5741447 by aborah at 2023-07-10T10:11:00+02:00
Tests: Update test_ldap_password_policy.py::test_maxage as per the new sssd change

Update test_ldap_password_policy.py::test_maxage as per the new sssd change

Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit 5e86af8a30d1270dccc194f64c6c61229b21abf6)

- - - - -
140692c1 by aborah at 2023-07-11T15:38:26+02:00
Tests: Fix test_0002_bz1928648 with new ssh module

Fix test_0002_bz1928648 with new ssh module

Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit 2487c99c8d56d01cfc3832360d94e7309694521c)

- - - - -
a1e773df by aborah at 2023-07-12T12:17:52+02:00
Tests: Update tier1 test cases with new ssh module

Update tier1 test cases with new ssh module

Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit 66908221b51cb4c78a201db72e67ec1e341ef94e)

- - - - -
ddfc5e52 by aborah at 2023-07-13T07:12:25+02:00
Tests: Backport of https://github.com/SSSD/sssd/pull/6818

Backport of https://github.com/SSSD/sssd/pull/6818

Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>

- - - - -
7a635829 by aborah at 2023-07-13T09:45:14+02:00
Tests: Fix test_0008_1636002

Fix test_0008_1636002

Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>

- - - - -
e6fbd1cb by Alexey Tikhonov at 2023-07-13T14:17:49+02:00
SPEC: sync with Fedora spec file

Bringing https://src.fedoraproject.org/rpms/sssd/c/d3ba8fb11abeefd2f817d58507e5ea3bdada2222
upstream

Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit e91a90cf052c382f9d3b0ac5ddee749c50ee6f36)

- - - - -
15d7d34b by Sumit Bose at 2023-07-13T14:19:07+02:00
sssct: allow cert-show and cert-eval-rule as non-root

The cert-show and cert-eval-rule sub-commands do not need root access and
do not require SSSD to be configured on the host.

Resolves: https://github.com/SSSD/sssd/issues/6802

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
(cherry picked from commit 8466f0e4d0c6cd2b98d2789970847b9adc01d7d4)

- - - - -
11afa7a6 by Sumit Bose at 2023-07-13T14:19:07+02:00
certmap: fix partial string comparison

If the formatting option of the certificate digest/hash function
contained and additional specifier separated with a '_' the comparison
of the provided digest name and the available ones was incomplete, the
last character was ignored and the comparison was successful if even if
there was only a partial match.

Resolves: https://github.com/SSSD/sssd/issues/6802

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
(cherry picked from commit 0817ca3b366f51510705ab77d7900c0b65b7d2fc)

- - - - -
aedef959 by Sumit Bose at 2023-07-13T14:19:08+02:00
test: fix linking issue

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
(cherry picked from commit 2bc426fa731f02e7a2307287ad122ac532e3589e)

- - - - -
89ff2549 by Madhuri Upadhye at 2023-07-13T14:19:37+02:00
Tests: Minor fix in test_adtrust

correct the variable name.

Signed-off-by: Madhuri Upadhye <mupadhye at redhat.com>

Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit ac5480af39c68f711292c4a6b6f9e16c1273eea8)

- - - - -
c26b6b5a by Patrik Rosecky at 2023-07-13T14:20:02+02:00
Tests: converted multihost/test_config.py

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit 0f911c10d6ae16cba0b189bd16827f4b0fa674fa)

- - - - -
d8c18e11 by aborah at 2023-07-14T20:01:59+02:00
Tests: Fix test_maxage

Fix test_maxage

Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit 34ef9c5f3e90d5c50c7ac5161c39daa2840c92f2)

- - - - -
5bd218b4 by Iker Pedrosa at 2023-07-18T12:36:38+02:00
test: basic tests for ldap_user_extra_attrs

Conversion of test_0001_bz1362023(), test_0002_givenmail() and
test_0037_ad_parameters_extra_attrs_mail() in a system test using the
new framework.

Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>

Reviewed-by: Dan Lavu <dlavu at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit 40e0592df3939f0e231d77d50ec2d11eb373ed7c)

- - - - -
752e0026 by Madhuri Upadhye at 2023-07-19T09:25:42+02:00
Test: Check case-insensitive while checking with group lookup for a overrideuser

      Added automation for following bugs:
        https://bugzilla.redhat.com/show_bug.cgi?id=2192708
        https://bugzilla.redhat.com/show_bug.cgi?id=2196838
        https://bugzilla.redhat.com/show_bug.cgi?id=2196816
        https://bugzilla.redhat.com/show_bug.cgi?id=2196839

verify:
  #6721

Signed-off-by: Madhuri Upadhye <mupadhye at redhat.com>

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit ea34b805b346774462a18378b015c70b30c64199)

- - - - -
84e0aac4 by Pavel Březina at 2023-07-19T13:51:11+02:00
ci: move to new centos8 buildroot repository url

CentOS8 buildroot repo location has changed.

https://lists.centos.org/pipermail/centos-devel/2023-March/142831.html

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit b9bb35c1affb8b0178a844955623211e99bbd457)

- - - - -
2f4a3fa8 by Pavel Březina at 2023-07-19T13:51:13+02:00
ci: run workflows on sssd-2-9

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit 5c72905ec97a30abe3e5568c56d010279cc25548)

- - - - -
65abf057 by aborah at 2023-07-21T07:04:12+02:00
Tests: Fix KCM::test_client_timeout

Fix KCM::test_client_timeout

Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit 755c2157e372d6dbbdc94ba94777eaa426f2d2c4)

- - - - -
0b9bc877 by aborah at 2023-07-21T12:05:26+02:00
Tests: Update sssh module for tier 1_3, 1_4 and 2

Update sssh module for tier 1_3, 1_4 and 2

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit 4b83a68e31aaac8a84462aec00250ea61aed14b1)

- - - - -
473e2b4c by aborah at 2023-07-24T07:22:01+02:00
Tests: Add sleep time to test_bz785908

Add sleep time to test_bz785908

Reviewed-by: Shridhar Gadekar <sgadekar at redhat.com>
(cherry picked from commit 763106ff582511d4f6f9c49ea84a2ac1e202303f)

- - - - -
e26215d6 by Madhuri Upadhye at 2023-07-24T09:56:28+02:00
Tests: Package download

Add python3-libsss_nss_idmap package from utils.py

Signed-off-by: Madhuri Upadhye <mupadhye at redhat.com>

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
(cherry picked from commit 6bed4b7bc14835114e4b0823164ea70a8d69b252)

- - - - -
fd80b421 by Pavel Březina at 2023-07-24T14:54:42+02:00
tests: add pytest-importance plugin to system tests

This plugin adds @pytest.mark.importance("low|medium|high|critical")
and --importance=xyz cli option.

Default importance is medium.

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 43dd400dc109e962e7621d4b4045d918d4d9dfb1)

- - - - -
bb46f317 by Pavel Březina at 2023-07-24T14:54:42+02:00
tests: add pytest-output plugin to system tests

This plugin validates test metadata and generates Polarion import XMLs.

To generate the XMLs, call pytest with:

```
--polarion-config=./polarion.yaml --output-polarion-testcase=testcase.xml --output-polarion-testrun=testrun.xml
```

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit d3fd983be4358ddde0af58c96a38f561a56b2a25)

- - - - -
b9d3ad10 by Pavel Březina at 2023-07-24T14:54:42+02:00
tests: add requirements to system tests

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 50df528cc9b8eddf24034d289e754e3fa3d7f5f5)

- - - - -
cc99fdd8 by Pavel Březina at 2023-07-24T14:54:42+02:00
tests: drop tier from system tests

It is replaced by importance marker, which defaults to medium.

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 03e39e1969a923889f8179ac34f94a0e0436c9e0)

- - - - -
df727cbb by Pavel Březina at 2023-07-24T14:54:42+02:00
tests: fix doctring in test_config__add_remove_section

Number of steps did not match number of expected results.

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit f8848028afef03f68e4893b48002b2c5c1579921)

- - - - -
71876d6c by Pavel Březina at 2023-07-24T14:54:42+02:00
ci: generate polarion xmls from system tests

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit f3793fc7ca28fb8fdf2b6d8f21d00bdf7c5100a4)

- - - - -
13373ea3 by Pavel Březina at 2023-07-24T14:54:42+02:00
ci: run system test in collect only mode first

This will quickly catch issues in Polarion metadata/docstring without
waiting for the test run to finish.

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 1d268bc197eb142264a62c1221fcc3bd8a5ed212)

- - - - -
8c1b5c47 by Iker Pedrosa at 2023-07-24T14:56:50+02:00
man: clarify passkey PIN prompt

If user_verification is enabled, then the PIN will always be requested.

Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit b87c5a6f11f8a584c10a3eb4b74b6084f259182e)

Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit bfab4907535742128d7140ba1ad858565f70fe3a)

- - - - -
b8b75abe by Justin Stephenson at 2023-07-24T14:56:50+02:00
Change "non_kerberos" to "local" authentication

This is more clear, and aligns with smartcard authentication
verbiage.

Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit f3f7a4ce11a91f723d4f729858ebb946fdd6c5e2)

- - - - -
5b575fcb by Justin Stephenson at 2023-07-24T14:56:50+02:00
Add local auth policy

local authentication methods policy - Some backends (i.e. LDAP, proxy provider)
only support a password base authentication, while others can handle PKINIT
based Smartcard authentication (AD, IPA), two-factor authentication (IPA),
or other methods against a central instance. By default in such cases
authentication is only performed with the methods supported by the backend.

To allow more convenient or secure authentication methods which are supported
by SSSD, but not by the backend in cases where a central authentication is
not strictly required the `local_auth_policy` option is added.

Ignore local auth policy when id_provider = files.

Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit d019132bd44e25b841e0917c034140be67de9a77)

- - - - -
16f12efd by Justin Stephenson at 2023-07-24T14:56:50+02:00
PAM: Fail empty password in passkey fallback

We can assume in this fallback chain that an empty password
is not allowed.

Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 43d89dd2d9d9c86ecd487067a6bbdf1fbf1513bb)

- - - - -
9cecdc1b by Patrik Rosecky at 2023-07-25T12:51:31+02:00
Tests: convert intg/test_memory_cache.py to system tests

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit 01853a10f5495b2d1ae77b60f714ed077a947940)

- - - - -
3734714f by Pavel Březina at 2023-07-25T12:53:26+02:00
tests: fix doctring in test_memory_cache__invalidate_group_after_stop

(cherry picked from commit 7f3431a77fd45eab8bc001cc006027e484294ca3)

- - - - -
e8bd99ef by Madhuri Upadhye at 2023-07-25T17:03:17+02:00
Tests: Add package for IPA tests

Add python3-libsss_nss_idmap package in common lib of ipa

Signed-off-by: Madhuri Upadhye <mupadhye at redhat.com>

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
(cherry picked from commit e3dd7cf472f9766f76c2ac449e856061ac587cb8)

- - - - -
fe6be47d by Patrik Rosecky at 2023-07-26T13:35:17+02:00
tests: multihost/basic/sssctl_config_check.py converted

Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Jakub Vávra <jvavra at redhat.com>
(cherry picked from commit 5ced015701038bf1d28b91be78ac6d0582871b7c)

- - - - -
be42e37b by Patrik Rosecky at 2023-07-26T13:35:43+02:00
Tests: converted intg/test_memory_cache to test_id

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit 28aeb13a284dd4521452a2e18d040338147f265c)

- - - - -
7fbb9a0d by Andre Boscatto at 2023-07-31T13:24:33+02:00
mans: fix typo in ldap_idmap_autorid_compat

Resolves: https://github.com/SSSD/sssd/issues/5198

Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit 4d1711178dc5c7e5fcef62a49e8a6e861ed68b5b)

- - - - -
83352849 by Patrik Rosecky at 2023-07-31T13:25:22+02:00
tests: converted multihost/basic/test_ldap.py

Reviewed-by: Jakub Vávra <jvavra at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit fe61c459a9c91a46c013384831b777cd2c0b90b5)

- - - - -
0b5d3abd by Pavel Březina at 2023-08-07T12:05:05+02:00
readme: remove github actions badges

These badges stopped working due to breaking changes in the badge
provider:
https://github.com/badges/shields/issues/8671

I don't think we really use them and we did not even update from
sssd-2-7 branch to a newer one or with latest ci changes. Also it
is simple to see the green tick or red cross in github web ui so
these badges are redundant.

Covscan result is kept since you would need to check it on different
page.

Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit dd21de8433fa54f9cd5ca38227426986d9570e55)

- - - - -
f79ce534 by Iker Pedrosa at 2023-08-14T16:53:21+02:00
passkey: fix two covscan issues

Fixes following covscan issues:
```
Error: CLANG_WARNING:
sssd-2.9.0/src/krb5_plugin/passkey/passkey_utils.c:562:5: warning[unix.Malloc]: Potential leak of memory pointed to by 'data'
 #  560|       }
 #  561|
 #  562|->     json_decref(jroot);
 #  563|       return message;
 #  564|   }

Error: UNREACHABLE (CWE-561):
sssd-2.9.0/src/responder/pam/pamsrv_passkey.c:1039: unreachable: This code cannot be reached: "if (!pctx->passkey_auth) {
...".
 # 1037|   #endif
 # 1038|
 # 1039|->     if (!pctx->passkey_auth) {
 # 1040|           return false;
 # 1041|       }
```

Resolves: https://github.com/SSSD/sssd/issues/6733

Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>

Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>

- - - - -
aba98a49 by Iker Pedrosa at 2023-08-14T16:53:21+02:00
passkey: rename function

Rename `sss_passkey_prefix_json_data()` to
`sss_passkey_message_from_reply_json()`.

Signed-off-by: Iker Pedrosa <ipedrosa at redhat.com>

Reviewed-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>

- - - - -
9c9a8dee by Alexey Tikhonov at 2023-08-14T17:05:09+02:00
MAN: only mention 'files' provider if its support is built

Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit 16d3308b4b938a782b43e50b8041e02b8c683e9a)

- - - - -
e19570ef by Alexey Tikhonov at 2023-08-17T17:24:02+02:00
KRB5: avoid another attempt to free 'cc' in 'done:' section if first attempt failed.

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit f6bbd591d636e4309ec37659f825b0f9c53d4b6b)

Reviewed-by: Tomáš Halman <thalman at redhat.com>

- - - - -
e124370f by Alexey Tikhonov at 2023-08-17T17:24:02+02:00
KRB5: use proper function to deallocate mem

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit ff5096bb766765e45aaad156285a603a21aa1bc8)

Reviewed-by: Tomáš Halman <thalman at redhat.com>

- - - - -
f745621e by Alexey Tikhonov at 2023-08-17T17:24:02+02:00
KRB5: avoid FORWARD_NULL

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 7f308c6fe01408fa6beb48b9f7627068968da771)

Reviewed-by: Tomáš Halman <thalman at redhat.com>

- - - - -
b9fa1af6 by Alexey Tikhonov at 2023-08-17T17:24:02+02:00
KRB5: fix memory leak

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit b69ff375a2b185219bae91c48aa7bfb3138b98f2)

Reviewed-by: Tomáš Halman <thalman at redhat.com>

- - - - -
2ed6aa8d by Alexey Tikhonov at 2023-08-17T17:24:02+02:00
KRB5: fix memory leak

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 75822701770179582c344960603cce8bd54a7890)

Reviewed-by: Tomáš Halman <thalman at redhat.com>

- - - - -
afbf087d by Alexey Tikhonov at 2023-08-17T17:24:02+02:00
KRB5: avoid RESOURCE_LEAK

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit a83be8fb51172d4e1a282a0a078d81ee93afdcb5)

Reviewed-by: Tomáš Halman <thalman at redhat.com>

- - - - -
996affcf by Alexey Tikhonov at 2023-08-17T17:24:02+02:00
KRB5: fixed RESOURCE_LEAK

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 01f0d067f1e4ba8ec3710f515d21631a53c9c9ef)

Reviewed-by: Tomáš Halman <thalman at redhat.com>

- - - - -
4d128367 by Alexey Tikhonov at 2023-08-17T17:24:02+02:00
LDAP: fixed RESOURCE_LEAK

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit fd7da517ddd0e220f081ad9e7b5d7fcb0cae39b7)

Reviewed-by: Tomáš Halman <thalman at redhat.com>

- - - - -
f7f9f6e5 by Alexey Tikhonov at 2023-08-17T17:24:02+02:00
LDAP: fixed leak of `kprinc`

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit eca00ef4719c44c4e68ead3346a16229b6471d13)

Reviewed-by: Tomáš Halman <thalman at redhat.com>

- - - - -
50e2fd24 by Alexey Tikhonov at 2023-08-17T17:24:02+02:00
UTILS: fixed USE_AFTER_FREE

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit d02533caca667b51f29fa02ee9ed48c8b3896c69)

Reviewed-by: Tomáš Halman <thalman at redhat.com>

- - - - -
4b2dbc2d by François Cami at 2023-08-17T17:24:24+02:00
Fix typo: found => find

Fix typo in error message:
"waitpid did not found" => "waitpid did not find"

Signed-off-by: François Cami <fcami at redhat.com>

Reviewed-by: Andre Boscatto <aboscatt at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit 0368c368ad4d05a6e8e1b9b16fe78c8d3c24c978)

Reviewed-by: Justin Stephenson <jstephen at redhat.com>

- - - - -
d479b28d by Alexey Tikhonov at 2023-08-17T17:24:38+02:00
UTILS: swap order of seteuid()/setegid()

Otherwise it fails with:
```
6906  16:40:32.455571 setresuid(-1, 996, -1) = 0
6906  16:40:32.455590 setresgid(-1, 993, -1) = -1 EPERM (Operation not permitted)
```

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit fcfffb5cf14ddd2ff28873e2274bca226441b40b)

Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>

- - - - -
358e6d18 by Alexey Tikhonov at 2023-08-17T17:24:51+02:00
SBUS: warn loudly if bus denies access

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit 9380c8eff6c4abccb4ac9484a2d0eb3d5427546c)

Reviewed-by: Justin Stephenson <jstephen at redhat.com>

- - - - -
1c417baf by Alexey Tikhonov at 2023-08-17T17:24:51+02:00
IFP: add a comment to 'org.freedesktop.sssd.infopipe.service' to avoid potential confusion

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit d91c944c9f481ee1c78acab686d06452cbe9b81a)

Reviewed-by: Justin Stephenson <jstephen at redhat.com>

- - - - -
e57b8e77 by Justin Stephenson at 2023-08-17T17:26:08+02:00
Passkey: Warning display for fallback

Warn the user before and after login that Kerberos ticket may not have been granted.

Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 348c8f535b7b63cda07f45274fdfe4cdb033490b)

- - - - -
ccbeb647 by Justin Stephenson at 2023-08-17T17:27:15+02:00
Makefile: Respect `BUILD_PASSKEY` conditional

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit a20dadc7ec9b21687356d1b0b0218db89f438c67)

- - - - -
1508225a by Justin Stephenson at 2023-08-17T17:27:15+02:00
pam: Conditionalize passkey code

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit eadee9a2a8f0dfe4f22c460537d6c87c493fa622)

- - - - -
f72763ab by Justin Stephenson at 2023-08-17T17:27:15+02:00
ipa: Add `BUILD_PASSKEY` conditional for passkey codepath

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit 7cf9a1ff0e876ea0970a3f0b3c389b87be834b4f)

- - - - -
d0359db1 by Justin Stephenson at 2023-08-17T17:27:15+02:00
pam: Remove unneeded passkey verification call

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit 12762d629a9e001d159b14c84ae0bf8e5c5c5280)

- - - - -
19b43cc0 by Justin Stephenson at 2023-08-21T16:26:15+02:00
CI: Add Fedora 40+ to install CI scripts

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit bec58bf451a3b810100cf6bf4b477b40375e49d2)

- - - - -
3d22dcad by Alexey Tikhonov at 2023-08-22T16:08:07+02:00
PROXY: missing `proxy_resolver_lib_name` isn't an error

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 7f7cfc92c8106e08960c5afba63279147ece0a14)

- - - - -
78fba725 by Alexey Tikhonov at 2023-08-22T16:08:37+02:00
Fix compilation warning ``` ../src/responder/pam/pamsrv_cmd.c: In function ‘pam_reply’: ../src/responder/pam/pamsrv_cmd.c:1188:10: warning: unused variable ‘pk_preauth_done’ [-Wunused-variable] 1188 | bool pk_preauth_done = false; ``` in case SSSD is built without 'passkey' support.

Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit 8079d93ffcd778daf7b381e4032a363e52126f79)

- - - - -
cb86a5ce by Alexey Tikhonov at 2023-08-24T11:04:15+02:00
DP: ENOTSUP isn't a fatal failure for target c-tor

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 9fe559402277515c1138fed0ef1f7d06a3deee0a)

- - - - -
d08af4bd by wangcheng at 2023-08-25T11:15:06+02:00
IPA: Change sysdb_attrs_add_val to sysdb_attrs_add_val_safe in debug output

The pervious commit(dc508f032904f008714418509a13f79a17660659) modified the function `sysdb_attrs_add_val` to `sysdb_attrs_add_val_safe`, but did not modify the debug output information synchronously.

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit 01131ba7cea3600dfb54dc163ba1df71eb815931)

- - - - -
9c4ac1bd by Pavel Březina at 2023-08-30T12:40:44+02:00
mc: recover from invalid memory cache size

If we access the mmap file outside its boundaries a SIGBUS is raised.
We can now safely recover if the file has unexpected size.

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit 641e5f73d3bd5b3d32cafd551013d3bfd2a52732)

- - - - -
0919c921 by Justin Stephenson at 2023-08-31T12:44:55+02:00
Proxy: Avoid ldb_modify failed error

Resolves the sysdb errors returned in the proxy provider
logs when proxy_fast_alias is True.

This extraneous memset call would overwrite the previously
returned pwd buffer, therefore an attempt was made to update
the user's SYSDB_PWD with an empty value causing the error.

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit eebb43def9e93c039203993c67148bfdc72c18ad)

- - - - -
e71a3539 by Justin Stephenson at 2023-08-31T12:47:31+02:00
Passkey: Add child timeout handler

If passkey auth times out, the SIGCHLD handler needs to be
destroyed otherwise the SIGCHLD handler tries to access the tevent_req
which was already freed from the timeout.

Resolves: https://github.com/SSSD/sssd/issues/6889

Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
Reviewed-by: Sumit Bose <sbose at redhat.com>
(cherry picked from commit b516f1e4f2442a18fb4a873e6431ac7a28873dc7)

- - - - -
e2cb4d55 by Patrik Rosecky at 2023-08-31T12:48:11+02:00
Tests: sssctl_config_check: test for incorrectly set value

Reviewed-by: Madhuri Upadhye <mupadhye at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit e32f899a12a8e5c8ee9919a77c0fbe6a0e30b039)

- - - - -
d935fa6b by Alexey Tikhonov at 2023-08-31T15:56:09+02:00
UTILS: include name of the file that failed perform_checks() in the debug log

Reviewed-by: Alejandro López <allopez at redhat.com>
Reviewed-by: Tomáš Halman <thalman at redhat.com>
(cherry picked from commit 7d14e529c6ec4d059ae9b3bf9f0576d6d561ca18)

- - - - -
ee8f50f2 by Dan Lavu at 2023-09-01T13:34:09+02:00
TESTS: Porting sss_override test suite

Reviewed-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Scott Poore <spoore at redhat.com>
(cherry picked from commit 24a08aca85cd5dd703edb2a6193b391bfad52cd9)

- - - - -
2a3a132c by Justin Stephenson at 2023-09-04T14:48:44+02:00
Passkey: Conditional fixes

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Pavel Březina <pbrezina at redhat.com>
(cherry picked from commit 053b6e14cea245f59704bbdc7acd30596c6d76f1)

- - - - -
45ed619e by Pavel Březina at 2023-09-06T10:35:47+02:00
sss_iface: do not add cli_id to chain key

Otherwise we only chain identical requests from the same client
which effectively renders chaining not functional.

Resolves: https://github.com/SSSD/sssd/issues/6911

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Justin Stephenson <jstephen at redhat.com>
(cherry picked from commit 1e5dfc187c7659cca567d2f7d5592e72794ef13c)

- - - - -
9d6ab77c by Weblate at 2023-09-07T11:39:59+02:00
po: update translations

(Swedish) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/sv/

po: update translations

(Korean) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/

po: update translations

(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/zh_CN/

po: update translations

(Korean) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/

po: update translations

(Korean) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/

po: update translations

(Korean) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/

- - - - -
c84689d7 by Pavel Březina at 2023-09-07T11:48:05+02:00
pot: update pot files

- - - - -
a62efb76 by Pavel Březina at 2023-09-07T12:20:59+02:00
tests: include passkey test code only if passkey is built

Otherwise `make check` fails.

Reviewed-by: Alexey Tikhonov <atikhono at redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa at redhat.com>
(cherry picked from commit 725c5541d4ee8b47b3877ede2599cf60d7de21d3)

- - - - -
644cd599 by Pavel Březina at 2023-09-07T12:23:33+02:00
Release sssd-2.9.2

- - - - -


12 changed files:

- .github/workflows/analyze-target.yml
- .github/workflows/ci.yml
- .github/workflows/copr_build.yml
- .github/workflows/copr_cleanup.yml
- .github/workflows/static-code-analysis.yml
- Makefile.am
- README.md
- contrib/ci/configure.sh
- contrib/ci/deps.sh
- contrib/sssd.spec.in
- po/bg.po
- po/ca.po


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/compare/dc8d649bc1a79886a22a059f2618d985ab8c7931...644cd599fd9a96ea5c445c830e09f53701d5900d

-- 
View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/compare/dc8d649bc1a79886a22a059f2618d985ab8c7931...644cd599fd9a96ea5c445c830e09f53701d5900d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-sssd-devel/attachments/20230908/c7b6cfeb/attachment-0001.htm>


More information about the Pkg-sssd-devel mailing list