Commits on Source (99)
-
Steeve Goveas authored
To reduce test runtime to around 1 hour Reviewed-by: Jakub Vávra <jvavra@redhat.com>
a10172a9 -
Steeve Goveas authored
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
94bc8a35 -
Shridhar Gadekar authored
Verifies: #5832 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2013218 Reviewed-by: Anuj Borah <aborah@redhat.com>
c6207ead -
Shridhar Gadekar authored
Reviewed-by: Anuj Borah <aborah@redhat.com>
2b41ffd4 -
https://bugzilla.redhat.com/show_bug.cgi?id=2013218Shridhar Gadekar authored
Reviewed-by: Anuj Borah <aborah@redhat.com>
23afbce7 -
Tomas Halman authored
Covscan pointed out that return value of chown and sete[ug]id is not checked in some cases. There is not much we can do in case of failure so only minor failure is logged. Resolves: https://github.com/SSSD/sssd/issues/5876 Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
54dd529d -
Dhairya Parmar authored
Verifies Issue: https://github.com/SSSD/sssd/issues/5744 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2013294 Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
be687109 -
Steeve Goveas authored
Tests will run for 8.6 and rhel 9 and both need CRB to be enabled. Removing the check for rhel 9, to make it work for 8.6 as well Reviewed-by: Anuj Borah <aborah@redhat.com>
5615ffa6 -
Steeve Goveas authored
Some of the ipa tests would be executed as tier1 tests. Added markers for the ones that were not marked and would run as tier2 tests Reviewed-by: Anuj Borah <aborah@redhat.com>
1831c50d -
Steeve Goveas authored
Some tests were not linked to polarion requirements The subid tests added recently is linked to "IDM-IPA-REQ: ipa subid range" in this PR Reviewed-by: Anuj Borah <aborah@redhat.com>
34ee1b3e -
Shridhar Gadekar authored
Verifies: #5783 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1917970 Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
b2eb01e5 -
Alexey Tikhonov authored
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
6dae77c8 -
Iker Pedrosa authored
Fix covscan issues introduced in commit cf75d897 Resolves: https://github.com/SSSD/sssd/issues/5877 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
a34e3090 -
Vincent Vanlaer authored
This brings the behavior of SSSD with regards to account expiry based on shadow attributes in line with other projects. Resolves: https://github.com/SSSD/sssd/issues/5873 Reviewed-by: Sumit Bose <sbose@redhat.com>
66472035 -
David Ward authored
Reviewed-by: Sumit Bose <sbose@redhat.com>
886ba465 -
David Ward authored
Reviewed-by: Sumit Bose <sbose@redhat.com>
e3e27466 -
David Ward authored
Indicate whether the URI does not match the module info, slot info, slot ID or token info. Only print the URI once in the debug messages. Reviewed-by: Sumit Bose <sbose@redhat.com>
d1f0dbf1 -
David Ward authored
If the slot or token does not match the URI, continue waiting for another token instead of failing. Reviewed-by: Sumit Bose <sbose@redhat.com>
bd8b5260 -
David Ward authored
If the module does not support blocking calls to C_WaitForSlotEvent(), use non-blocking calls separated by a one-second delay. If these calls are not supported either, then return with failure. Before this change, if blocking calls were not supported, wait_for_card() passed an uninitialized slot ID to C_GetSlotInfo() after a 10-second wait. Reviewed-by: Sumit Bose <sbose@redhat.com>
2bd61f4b -
David Ward authored
After the slot list has been obtained with C_GetSlotList(), a module cannot expose any new or removed slots, until C_GetSlotList() is called again with NULL as the second argument. Do this instead of reloading all of the modules before resuming the search for a slot/token. Reviewed-by: Sumit Bose <sbose@redhat.com>
8a4c222b -
David Ward authored
When a slot is found that supports removable tokens, set "module". If the slot contains a usable token, set "slot_id", and use this condition to exit the loop immediately. With this change, the flags in the slot info can be checked earlier. Reviewed-by: Sumit Bose <sbose@redhat.com>
17ac1290 -
David Ward authored
These cannot be used for authentication, and attempting to open a session results in failure. With this change, obtain token_info unconditionally when looping over slots/tokens. Reviewed-by: Sumit Bose <sbose@redhat.com>
33fa634b -
David Ward authored
With this change, obtain module_info unconditionally when looping over slots/tokens. Reviewed-by: Sumit Bose <sbose@redhat.com>
1c24c3ee -
David Ward authored
A subset of the items in all_cert_list are copied in memory and added to cert_list. all_cert_list does not get used again, and its items are never freed directly. Instead, just populate cert_list and remove the unwanted items from it (freeing their memory after doing so). Reviewed-by: Sumit Bose <sbose@redhat.com>
4d877816 -
David Ward authored
Reviewed-by: Sumit Bose <sbose@redhat.com>
1cc7b802 -
Sumit Bose authored
To properly identify the forest root domain the name of this domain is needed. It is discovered with a cldap-ping requesting the netlogon attribute. If the name is missing it does not make sense to proceed further because there is currently no other way to determine the forest root domain. Resolves: https://github.com/SSSD/sssd/issues/5820 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
b37e2713 -
Sumit Bose authored
Currently only during the DNS discovery steps the stored forest and site name are reused to avoid redundant lookups. Since those names are needed in other areas of the code as well it would be good to make them available in a more global context. Resolves: https://github.com/SSSD/sssd/issues/5820 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
4508ef5f -
Sumit Bose authored
If the cldap-ping on the current connection does not return a reply with the name of the forest root and the site of the client the stored values from the DNS discovery step are used. Resolves: https://github.com/SSSD/sssd/issues/5820 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
99c41619 -
Sumit Bose authored
If the name of the AD DCs are given explicitly with the ad_server option the forest and site lookups are not done in the discovery phase, which is skipped, but with a netlogon query on the current connection. This patch makes sure the results are stored in the same way as during the discovery step. Resolves: https://github.com/SSSD/sssd/issues/5820 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
918abaf3 -
Sumit Bose authored
Since we are using the name of the local domain in the search filter of the CLDAP ping only a DC from the local domain can send a proper reply. DCs from other domains will only return an error so we can skip the CLDAP ping for those domains. Resolves: https://github.com/SSSD/sssd/issues/5822 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
724293d0 -
Sumit Bose authored
Currently the cldap ping is using the ldap_search_timeout since it is basically a LDAP search operation. However, the default of ldap_search_timeout is 6s which is quite a long time for the discovery of the AD DCs where the cldap ping is a part of. The default even collides which the default of dns_resolver_timeout which might easily lead to failures during the discovery phase. To avoid the addition of a new option this patch is using dns_resolver_server_timeout, which has a default of 1000ms (1s), as new timeout for the clapd ping. Since the original purpose of the timeout is the waiting time for a reply from a DNS server and both DNS and cldap by default use UDP I think reusing the option here is justified. Resolves: https://github.com/SSSD/sssd/issues/5875 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
c0941810 -
Alexey Tikhonov authored
Fixes following covscan issues: ``` Error: TAINTED_SCALAR (CWE-20): sssd-2.6.1/src/sss_client/subid/sss_subid.c:75: tainted_argument: Calling function "sss_cli_make_request_with_checks" taints argument "*repbuf". sssd-2.6.1/src/sss_client/subid/sss_subid.c:94: identity_transfer: Passing "repbuf + 4UL" as argument 2 to function "safealign_memcpy", which sets "num_results" to the dereference of that argument. sssd-2.6.1/src/sss_client/subid/sss_subid.c:94: tainted_data_transitive: Call to function "safealign_memcpy" with tainted argument "*repbuf" transitively taints "num_results". sssd-2.6.1/src/sss_client/subid/sss_subid.c:116: tainted_data: Passing tainted expression "num_results * 16UL" to "malloc", which uses it as an allocation size. sssd-2.6.1/src/sss_client/subid/sss_subid.c:116: remediation: Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range. # 114| } # 115| # 116|-> *ranges = malloc(num_results * sizeof(struct subid_range)); # 117| if (!*ranges) { # 118| free(repbuf); Error: TAINTED_SCALAR (CWE-20): sssd-2.6.1/src/sss_client/subid/sss_subid.c:75: tainted_argument: Calling function "sss_cli_make_request_with_checks" taints argument "*repbuf". sssd-2.6.1/src/sss_client/subid/sss_subid.c:94: identity_transfer: Passing "repbuf + 4UL" as argument 2 to function "safealign_memcpy", which sets "num_results" to the dereference of that argument. sssd-2.6.1/src/sss_client/subid/sss_subid.c:94: tainted_data_transitive: Call to function "safealign_memcpy" with tainted argument "*repbuf" transitively taints "num_results". sssd-2.6.1/src/sss_client/subid/sss_subid.c:122: tainted_data: Using tainted variable "num_results" as a loop boundary. sssd-2.6.1/src/sss_client/subid/sss_subid.c:122: remediation: Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range. # 120| } # 121| # 122|-> for (uint32_t c = 0; c < num_results; ++c) { # 123| SAFEALIGN_COPY_UINT32(&val, repbuf + index, &index); # 124| (*ranges)[c].start = val; Error: TAINTED_SCALAR (CWE-20): sssd-2.6.1/src/sss_client/subid/sss_subid.c:176: tainted_argument: Calling function "shadow_subid_list_owner_ranges" taints argument "amount". sssd-2.6.1/src/sss_client/subid/sss_subid.c:183: tainted_data: Using tainted variable "amount" as a loop boundary. sssd-2.6.1/src/sss_client/subid/sss_subid.c:183: remediation: Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range. # 181| *result = false; # 182| # 183|-> for (int i = 0; i < amount; ++i) { # 184| if ((range[i].start <= start) && # 185| (range[i].start + range[i].count >= end)) { ``` Resolves: https://github.com/SSSD/sssd/issues/5878 Reviewed-by: Sumit Bose <sbose@redhat.com>
beb5dd52 -
Pavel Březina authored
We iterate processes in /proc to get the list of active users (users that has any process running). However, recent change in systemd makes systemd and sd-pam process ligner for few more seconds when the user has logged out which breaks the no-session functionality in pam responder. If user is logged in, another process then systemd and sd-pam must be running. Therefore we can just ignore these from the list. ``` admin 351997 0.4 0.0 22648 14636 ? Ss 13:25 0:00 /usr/lib/systemd/systemd --user admin 351999 0.0 0.0 201464 7756 ? S 13:25 0:00 (sd-pam) ``` Resolves: https://github.com/SSSD/sssd/issues/5900 :fixes: Quick log out and log in did not correctly refresh user's initgroups in `no_session` PAM schema due to lingering systemd processes. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
a56b8d1a -
Anuj Borah authored
Podman supports subid ranges managed by FreeIPA Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
29515ace -
Jakub Vavra authored
Verifies: #5782 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1636002 Reviewed-by: Tomáš Halman <thalman@redhat.com>
23b9c5e9 -
Anuj Borah authored
https://bugzilla.redhat.com/show_bug.cgi?id=1914843 Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
cde56349 -
Pavel Březina authored
Use of this function was removed in: 10069b1d ``` sssd/build/../src/tests/intg/getsockopt_wrapper.c:31:13: error: ‘is_secrets_socket’ defined but not used [-Werror=unused-function] 31 | static bool is_secrets_socket(int fd) ``` Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
9acd1177 -
Alexey Tikhonov authored
Require packages if really needed, suggest otherwise. Reviewed-by: Sumit Bose <sbose@redhat.com>
5ee8657c -
Dan Lavu authored
Created multidomain pytest test suite - test cases to for bz2013297 and bz2018432 has been added - testsuite will provision a parent and tree domain and two childs - qeclass had to be modified to count AD servers outside of a single domain for allow pytest-multihost to work. Signed-off-by: Dan Lavu <dlavu@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com>
c6ad2827 -
Iker Pedrosa authored
System hardening by forcing the sssd user to be loaded from a local database (/etc/passwd) instead of using any remote user. This could happen in very special conditions and might change the owner of the sssd databases and generate a denial of service. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
9c447dc8 -
Iker Pedrosa authored
user and allowed_uids options should be accessible via the files service of nsswitch.conf. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
3d25724d -
Alexey Tikhonov authored
Spotted by David Ward at https://github.com/SSSD/sssd/pull/5855#discussion_r767161781 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
d4357235 -
Iker Pedrosa authored
Add a configuration snippet for krb5 that points to the folder where the sssd configuration for this service is located. This will enable passwordless (GSSAPI) ssh to work without any sssd configuration change. Resolves: https://github.com/SSSD/sssd/issues/5893 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com>
2a3035d3 -
Justin Stephenson authored
As python-click will not be in RHEL9, switch to using the builtin argparse python module. Reviewed-by: Tomáš Halman <thalman@redhat.com>
3ef7952e -
Iker Pedrosa authored
Fix pep8 complaint about over-indentation in test_multidomain.py file. I guess this is only happening in RHEL8 and Debian because the tool was forked to pycodestyle, only it is being updated and pycodestyle isn't available for those distributions from the package manager. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
46843d02 -
Iker Pedrosa authored
When writing the 'kdcinfo.*' file take into account all the information set in the 'krb5_server' option, including the port. This wasn't taken into account and that's why the kerberos child only used the address part, thus being unable to contact the service in the server. Resolves: https://github.com/SSSD/sssd/issues/5919 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com>
1e747fad -
Iker Pedrosa authored
Include a reference to ca_db, p11_child_timeout and certificate_verification in sssd-ifp man page. These options can used be to control how the certificates are validated with FindByValidCertificate() API. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
8d54b8c0 -
Iker Pedrosa authored
Improve the error handling for FindByValidCertificate() by returning a specific exception ID when the certificate authority file is missing. Moreover, the log lines have been changed to point to p11_child logs when an unknown error happens. Finally, a new test case has been created for the certificate authority file missing situation. Resolves: https://github.com/SSSD/sssd/issues/5911 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
fd0f087a -
Scott Poore authored
Adding docstring to test_find_by_valid_certificate to define some metadata for tracking the test case. Minimal content needed is: - """<test_function_name_next_to_opening_docstring_quotes> - <blank line after opening quotes> -
<generated UUID> - :title: SSSD-TC: <Feature or functional area>: <Title of test> - :casecompoent: sssd - :subsystemteam: sst_idm_sssd The id and title will differ per tests going forward but, the last two are defaults needed. The opening quotes line needs to include the test function or method name so that the UUID used for the id is associated with function name within the docstring. The blank line is also needed after to indicate the start of the parameters list. Command used to generate UUID: python3 -c 'import uuid; print(uuid.uuid4())' Tests: #5224 Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> 21caecae -
Weblate authored
(Czech) currently translated at 5.7% (151 of 2621 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/cs/ po: update translations (Czech) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/ po: update translations (Chinese (Simplified) (zh_CN)) currently translated at 99.3% (615 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/ po: update translations (Spanish) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/ po: update translations (Korean) currently translated at 13.8% (362 of 2615 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/ po: update translations (Spanish) currently translated at 96.9% (600 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/ po: update translations (Korean) currently translated at 13.3% (349 of 2615 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/ po: update translations (Ukrainian) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/ po: update translations (Polish) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/ Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ po: update translations (Korean) currently translated at 13.0% (341 of 2615 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/ po: update translations (Korean) currently translated at 30.7% (190 of 617 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
662f9296 -
Alexey Tikhonov authored33ab1110
-
Weblate authored
(Korean) currently translated at 13.8% (362 of 2615 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/ po: update translations (Korean) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/ po: update translations (Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/ po: update translations (Japanese) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/ po: update translations (French) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
d0079cd9 -
Alexey Tikhonov authored1f75fbf8
-
Justin Stephenson authored
Commonly used chain ID functions sss_chain_id_get() and sss_chain_id_set() will be isolated from requiring tevent when building sources. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
e8e7e23a -
Justin Stephenson authored
Prevent duplicate ID logging. ID will be logged in separate commit with added tevent chain ID support in responders. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
6f217eac -
Justin Stephenson authored
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
9296eaf9 -
Justin Stephenson authored
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
2b6edf77 -
Justin Stephenson authored
Inform the debug module when a responder process is sending debug log messages, use the [CID #] tag in responder code and [RID #] tag in backend/child process code. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
526f7314 -
Justin Stephenson authored
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
cb70739f -
Justin Stephenson authored
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
60712f31 -
Justin Stephenson authored
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
c92d39a3 -
Justin Stephenson authored
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
be482ac3 -
Justin Stephenson authored
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
06d3e79c -
Justin Stephenson authored
This is needed to parse out the responder request ID field properly. Due to Responder tevent chain ID support, the Request ID is in a different part of the log message. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
1959a2bb -
Justin Stephenson authored
The analyzer tool will search for requests (RID# log messages) in any existing child log files when --child is provided. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
0ba456f9 -
Justin Stephenson authored
With the tevent chain ID logged into all responder debug messages, the analyzer can search responders for [CID#X] in 'request show' output. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
7825e0d3 -
Stanislav Levin authored
- fixed self imports to allow any other Python stuff use `sssd` Python package - tranformed `sssd` Python package from namespace to regular one - moved the executable out to libexec directory to split library and actual executable (sss_analyze is not intended to be a standalone tool) - fixed W0611(unused-import) found by Pylint Resolves: https://github.com/SSSD/sssd/issues/5842 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
ca1d7e29 -
Justin Stephenson authored
Addresses the following error: Traceback (most recent call last): File "/usr/libexec/sssd/sss_analyze", line 3, in <module> from sssd import sss_analyze File "/usr/lib/python3/site-packages/sssd/sss_analyze.py", line 3, in <module> from sssd.modules import request File "/usr/lib/python3/site-packages/sssd/modules/request.py", line 6, in <module> from sssd.sss_analyze import SubparsersAction ImportError: cannot import name 'SubparsersAction' from partially initialized module 'sssd.sss_analyze' (most likely due to a circular import) (/usr/lib/python3/site-packages/sssd/sss_analyze.py) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
9d627081 -
Justin Stephenson authored
Some distributions may install the SSSD log analyzer with an older version of libtevent which does not support tevent chain ID. Without chain ID support, the analyzer is effectively useless so we will just fail and return in this condition. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
1110bd59 -
Alexey Tikhonov authored977d450e
-
Alexey Tikhonov authored36ba613a
-
Dhairya Parmar authored
Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
14c5da6f -
Dhairya Parmar authored
Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
cf5270a9 -
Jakub Vavra authored
Reviewed-by: Dan Lavu <dlavu@redhat.com>
d5467ad7 -
Sumit Bose authored
Commit c92d39a3 accidentally switched the reply socket of selinux_child from stdout to stderr while switching from exec_child to exec_child_ex. This patch returns the original behavior. Resolves: https://github.com/SSSD/sssd/issues/5939 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
5a2e0ebe -
Alexey Tikhonov authored
IPA: get_object_from_cache(): don't touch output arg `_msg` in case object wasn't found (i.e. ENOENT returned) Reviewed-by: Sumit Bose <sbose@redhat.com>
104f513c -
Alexey Tikhonov authored
IPA: get_object_from_cache(): - reduce log level in case object wasn't found in cache - slightly reduce code duplication Reviewed-by: Sumit Bose <sbose@redhat.com>
e9a25bb0 -
Alexey Tikhonov authored
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
28af1752 -
Alexey Tikhonov authored
`ENOENT` return code of `sss_dp_account_files_params()` means "can't serve request, but 'falls back to NSS' is enabled". This (consciously configured) scenario doesn't justify `SSSDBG_OP_FAILURE` that triggers a backtrace with default logging settings. Reviewed-by: Pawel Polawski <ppolawsk@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
868f3874 -
Weblate authored
(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/ po: update translations (Japanese) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/ po: update translations (French) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/ po: update translations (Finnish) currently translated at 3.5% (93 of 2627 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/fi/ po: update translations (Swedish) currently translated at 100.0% (2627 of 2627 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/ po: update translations (Swedish) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/ po: update translations (Korean) currently translated at 14.4% (379 of 2615 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/ po: update translations (Korean) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/ po: update translations (Ukrainian) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/ po: update translations (Polish) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/ Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ po: update translations (Korean) currently translated at 14.4% (379 of 2615 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/ po: update translations (Korean) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/ po: update translations (Korean) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/ po: update translations (Korean) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/ po: update translations (Finnish) currently translated at 6.1% (38 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fi/ po: update translations (Finnish) currently translated at 6.1% (38 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fi/ po: update translations (Chinese (Traditional) (zh_TW)) currently translated at 7.9% (49 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_TW/ po: update translations (Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/ po: update translations (Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/ po: update translations (Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/ po: update translations (Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/ po: update translations (Ukrainian) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/ po: update translations (Ukrainian) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/ po: update translations (Turkish) currently translated at 15.1% (94 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/ po: update translations (Turkish) currently translated at 15.1% (94 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/ po: update translations (Tajik) currently translated at 0.9% (6 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tg/ po: update translations (Swedish) currently translated at 99.0% (613 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/ po: update translations (Swedish) currently translated at 99.0% (613 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/ po: update translations (Russian) currently translated at 99.0% (613 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/ po: update translations (Russian) currently translated at 99.0% (613 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/ po: update translations (Russian) currently translated at 99.0% (613 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/ po: update translations (Portuguese (Brazil)) currently translated at 0.8% (5 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pt_BR/ po: update translations (Portuguese) currently translated at 15.6% (97 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pt/ po: update translations (Polish) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/ po: update translations (Polish) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/ po: update translations (Dutch) currently translated at 47.6% (295 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/nl/ po: update translations (Norwegian Bokmål) currently translated at 2.2% (14 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/nb_NO/ po: update translations (Japanese) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/ po: update translations (Japanese) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/ po: update translations (Japanese) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/ po: update translations (Italian) currently translated at 19.0% (118 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/it/ po: update translations (Italian) currently translated at 19.0% (118 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/it/ po: update translations (Indonesian) currently translated at 8.7% (54 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/id/ po: update translations (Hungarian) currently translated at 7.1% (44 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/hu/ po: update translations (French) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/ po: update translations (French) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/ po: update translations (French) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/ po: update translations (French) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/ po: update translations (Basque) currently translated at 6.7% (42 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/eu/ po: update translations (Spanish) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/ po: update translations (Spanish) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/ po: update translations (German) currently translated at 51.5% (319 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/de/ po: update translations (German) currently translated at 51.5% (319 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/de/ po: update translations (Czech) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/ po: update translations (Czech) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/ po: update translations (Czech) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/ po: update translations (Catalan) currently translated at 55.7% (345 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ca/ po: update translations (Bulgarian) currently translated at 15.1% (94 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/bg/ po: update translations (Ukrainian) currently translated at 100.0% (2627 of 2627 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/ po: update translations (Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
e7069c53 -
Anuj Borah authored
only local users can be configured in `allowed_uids` This check is now enforced - see https://github.com/SSSD/sssd/pull/5867 Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
9ba593e9 -
Shridhar Gadekar authored
Verifies: #5712 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1294670 Reviewed-by: Anuj Borah <aborah@redhat.com>
58b3233f -
Jakub Vavra authored
Overriding both user and group names and ids in an idview for user and group from AD results in error in sssd when running id command. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2004406 https://bugzilla.redhat.com/show_bug.cgi?id=2031729 Verifies: #5790 Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
4897c287 -
Sumit Bose authored
If the forest root is not part of the return trusted domain objects from the local domain controller we generate an object for further processing. During this processing it is expected that the 'cn' attribute is set and contains the name of the forest root. So far this attribute was missing and it is now added by this patch. Resolves: https://github.com/SSSD/sssd/issues/5926 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
bf6059eb -
Iker Pedrosa authored
AD and IPA providers use a common fo_server object for LDAP and Kerberos, which is created with the LDAP data. This means that due to the changes introduced in https://github.com/SSSD/sssd/commit/1e747fad4539ffb402010e73f78469fe57af408f the port in use for the Kerberos requests would be the one specified for LDAP, usually the default one (389). In order to avoid that, AD and IPA providers shouldn't change the Kerberos port with the one provided for LDAP. :fixes: A critical regression that prevented authentication of users via AD and IPA providers was fixed. LDAP port was reused for Kerberos communication and this provider would send incomprehensible information to this port. Resolves: https://github.com/SSSD/sssd/issues/5947 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
ca8cef0f -
Anuj Borah authored
only local users can be configured in `allowed_uids` This check is now enforced - see https://github.com/SSSD/sssd/pull/5867 Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
b6929c44 -
Sumit Bose authored
ldap_idmap_range_max is the first ID which cannot be used for mapping anymore. Resolves: https://github.com/SSSD/sssd/issues/5938 Reviewed-by: Justin Stephenson <jstephen@redhat.com>
42a3f8fe -
Justin Stephenson authored
Smartcard auth related tests can fail when tests are run on a machine(F34) with a yubikey inserted. Add a p11_uri option to filter only the softhsm2-used test cards. Reviewed-by: Sumit Bose <sbose@redhat.com>
b76436f8 -
Justin Stephenson authored
Setting the p11_uri for PAM smartcard auth tests leads to some tests (test_pam_cert_autH) requiring >18 elements as arg_c. Reviewed-by: Sumit Bose <sbose@redhat.com>
e03a2dea -
Anuj Borah authored
The reason for this patch is the change of sssd-tools's sssd-dbus dependency from Recommends to Requires included in https://github.com/SSSD/sssd/commit/5ee8657c38f4849694bcb3f2ce958012f072ace0 Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
7e926941 -
Anuj Borah authored
Fix setup_ipa_client fixture as it does not use mkhomedir option while configuring client with IPA server. Reviewed-by: Anuj Borah <aborah@redhat.com>
237b99b8 -
Tomas Halman authored
:fixes: When authenticating AD users, backtrace was triggered even though everything was working correctly. This was caused by a search in the global catalog. Servers from the global catalog are filtered out of the list before writing the KDC info file. With this fix, SSSD does not attempt to write to the KDC info file when performing a GC lookup. Resolves: https://github.com/SSSD/sssd/issues/5956 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
2b0bd0b3 -
Anuj Borah authored
Automation of sudo bug 1917379 in sssd tests Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
4e3385c9 -
Dan Lavu authored
- admultidomain requires a minimum of four servers but will be extended to five. - test_multiforest will test authentication from two different forests - updating test_multidomain with better test logic Signed-off-by: Dan Lavu <dlavu@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com>
244c9f66 -
Madhuri Upadhye authored
It consists of five test cases: 1. Check default debug level when sssd start successfully 2. Check default debug level by successful authentication of the user 3. Check default level as 0 and 1 4. Check default level as 2 5. Check SBUS code should not trigger failure message during modules startup Verifies: Issues: #5422 #5425 Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1893159 https://bugzilla.redhat.com/show_bug.cgi?id=1915319 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Anuj Borah <aborah@redhat.com>
a8c2e399 -
Steeve Goveas authored
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Anuj Borah <aborah@redhat.com>
d3424c02 -
Weblate authored
(Korean) currently translated at 24.5% (641 of 2615 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/ po: update translations (Korean) currently translated at 18.6% (488 of 2615 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
d8f558c2 -
Pavel Březina authorede58b14af
-
Pavel Březina authored2de07587
Showing
- Makefile.am 13 additions, 2 deletionsMakefile.am
- contrib/enable_sssd_conf_dir 5 additions, 0 deletionscontrib/enable_sssd_conf_dir
- contrib/sssd.spec.in 16 additions, 9 deletionscontrib/sssd.spec.in
- po/bg.po 20 additions, 23 deletionspo/bg.po
- po/ca.po 20 additions, 23 deletionspo/ca.po
- po/cs.po 193 additions, 94 deletionspo/cs.po
- po/de.po 20 additions, 23 deletionspo/de.po
- po/es.po 110 additions, 83 deletionspo/es.po
- po/eu.po 20 additions, 23 deletionspo/eu.po
- po/fi.po 20 additions, 23 deletionspo/fi.po
- po/fr.po 63 additions, 50 deletionspo/fr.po
- po/hu.po 20 additions, 23 deletionspo/hu.po
- po/id.po 20 additions, 23 deletionspo/id.po
- po/it.po 20 additions, 23 deletionspo/it.po
- po/ja.po 48 additions, 37 deletionspo/ja.po
- po/ko.po 495 additions, 430 deletionspo/ko.po
- po/nb.po 20 additions, 23 deletionspo/nb.po
- po/nl.po 20 additions, 23 deletionspo/nl.po
- po/pl.po 38 additions, 26 deletionspo/pl.po
- po/pt.po 20 additions, 23 deletionspo/pt.po
contrib/enable_sssd_conf_dir
0 → 100644
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.