Commits on Source (57)
-
Alejandro López authored
When the watched file was a symbolic link or was a relative path, the calback was not executed because the filename comparison was wrongly considering the files to be different. The solution is to normalize the filenames before comparing them. This cannot be easily done at setup because the file could not exist at that moment. The test was adapted to check this situation. Resolves: https://github.com/SSSD/sssd/issues/6718 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit b2a4ff2a)
eb43c240 -
Alejandro López authored
Use /* */ instead of //. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 90c54907)
0c6f4926 -
Sumit Bose authored
When checking if the input group-name is the original name from AD or an overwritten one the comparison is currently done case sensitive. Since AD handles names case-insensitive and hence SSSD should do this as well this comparison might cause issues. The patch replace the case sensitive comparison with a comparison with respects the case_sensitive of the domain the object is coming from. Resolves: https://github.com/SSSD/sssd/issues/6720 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit 01d02794)
d104c01f -
Iker Pedrosa authored
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Andre Boscatto <aboscatt@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 906a677c)
425d88fa -
Alexey Tikhonov authored
When 'make' runs using multiple threads it can build several man pages in parallel, executing the same '.5.xml.5:' rule. This can result in a race condition where multiple threads access the same 'sssd_user_name.include' file. To avoid this make 'sssd_user_name.include' file a rule dependency. But "Suffix rules cannot have any prerequisites of their own", and suffix rules are obsolete anyway, so change it to pattern rules. Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit df8472cc)
15dd3545 -
Madhuri Upadhye authored
Following three minor changes are: for test_config_validation.py, 1. 'sssctl config-check' returning retuncode as a 1 when we dont have sssd.conf file. 2. Change the 'sssctl' command which only check the non-default snippet directory with option -s. for test_offline.py, 3. Add extra restart of sssd to get offline log message using journalctl command. for test_ssh_ 4. Replace pexpect_ssh to auth_from_client method to login the user. Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit 2965db1c)
6d060818 -
Shridhar Gadekar authored
moved default debug level tests to tier2 Reviewed-by: Jakub Vávra <jvavra@redhat.com> (cherry picked from commit 535a8c6a)
60806f59 -
aborah authored
It fixes test from tire1_2 that is failling in gating 1. src/tests/multihost/alltests/test_automount.py there is issue with autofs email thead: [CRASH] prep Package: autofs-1:5.1.7-36.el9 2. src/tests/multihost/alltests/test_automount_from_bash.py test did not rised error as last cd - command was successful, so i have remove cd - part(/folder1/folder2/projects does not exists) 3. src/tests/multihost/alltests/test_ldap_password_policy.py password provied was wrong. 4. src/tests/multihost/alltests/test_backtrace.py --- need to modify this test as per current log format Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit 2096f455)
de75ff3c -
Dan Lavu authored
* fixing raiseonerr=False to disjoin function * cleaned up code since the line limit has increased * added AD from forest1 to resolv.conf and /etc/hosts * updating test case documentation to clarify the test Signed-off-by: Dan Lavu <dlavu@redhat.com> Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit 69f93bf8)
33f10c4a -
Justin Stephenson authored
IPA passkey configuration may not be retrieved if IPA does not contain passkey support. Lower the error level of log messages associated with this failure. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit fe751c31)
270f0ba0 -
Justin Stephenson authored
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit fa326be9)
16275d9b -
Sumit Bose authored
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 39b6337f)
e5dfa2a8 -
Jakub Vavra authored
Reviewed-by: Anuj Borah <aborah@redhat.com>
2466310e -
Sumit Bose authored
If krb5_child runs into a timeout the backend currently does not close the I/O sockets because handle_child_done() is not called when the timeout handlers are acting. To make sure the signal handler can close the sockets the 'in_use' member of struct child_io_fds is set to 'false'. Resolves: https://github.com/SSSD/sssd/issues/6744 Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> (cherry picked from commit 45561195)
4d2cf0b6 -
Shridhar Gadekar authored
modified docstrings Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit 11eef225)
a74d42df -
Alejandro López authored
Make enum sysdb_obj_type usable outside of sysdb_ops.c. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 1d69fdb7)
58855b71 -
Alejandro López authored
The previous filter for overrides would sometimes find more than one entry because it was looking for a uidNumber or gidNumber: (&(objectClass=ipaOverrideAnchor)(|(uidNumber=XXXX)(gidNumber=XXXX))) The new filter looks for a specific user override or a specific group override: (|(&(objectClass=ipaUserOverride)(uidNumber=XXXX)) (&(objectClass=ipaGroupOverride)(gidNumber=XXXX))) This filter could return two override entries (one for a group and one for a user). That case must be taken into consideration and discard the user override in favor of the group override. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 99d0ab82)
3eb4c4a7 -
Jakub Vavra authored
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit 469905bf)
0192c1c8 -
Alejandro López authored
Calls to add_expired_warning(struct pam_data *pd, long exp_time) must provide a non-NULL pd. In one of the cases this function is called without checking that pd is not NULL. We here fix that. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 7f288164)
6239f50f -
Sumit Bose authored
A missing server name in struct fo_server will cause a segmentation fault. Currently it is unclear why the server name is missing at this point. To avoid the segmentation fault it is checked before if the server name is missing. Additionally the state of some internal structures is added to the debug logs to help debugging why the server name is missing. Resolves: https://github.com/SSSD/sssd/issues/6659 Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> (cherry picked from commit 8a886999)
f63a54c3 -
aborah authored
https://gitlab.cee.redhat.com/sssd/sssd-qe/-/blob/RHEL8.8/client/ldap_provider/ldap_id_ldap_auth/bugzilla-automation.sh#L280 Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit 75ae9e87)
b9a0b424 -
Shridhar Gadekar authored
Tests moved to tier2, tests are failing to parse the logs. gating is blocked. same testsuite is available in bash Reviewed-by: Dan Lavu <dlavu@redhat.com> (cherry picked from commit 587cd8dc)
74c6fefe -
Shridhar Gadekar authored
removing flaky ones Reviewed-by: Jakub Vávra <jvavra@redhat.com> (cherry picked from commit 27dd3f50)
6125efe1 -
Alexey Tikhonov authored
Resolves: https://github.com/SSSD/sssd/issues/6442 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 076a1136)
d9749ba1 -
Pavel Březina authored
When a netgroup is updated, previously it did not remove the missing attributes. This caused an issue especially when a member was removed. Resolves: https://github.com/SSSD/sssd/issues/6652 Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit b033b0dd)
640f4158 -
Alejandro López authored
The conditions to use the shortcut in sdap_ad_tokengroups_initgroups_send() were modified without also changing sdap_ad_tokengroups_initgroups_done(). To avoid future problems like this, and because the condition is becoming more complex to evaluate, we evaluate the condition in the _send() function and keep the result in the state, for the _done() function to use it. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit dc9466e7)
4b0683bd -
Madhuri Upadhye authored
Adding package iproute-tc to get tc command. Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit 9c50b8ec)
e4e8e344 -
Shridhar Gadekar authored
Dropping unstable dyndns tests from c-ares gating (cherry picked from commit 6efb2779)
02b158ff -
aborah authored
The test is unstable on other architectures so it is skipped for now. Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit d14be798)
bb64f2cd -
Jakub Vavra authored
The test is unstable on other architectures so it is skipped for now. Reordered the asserts so we can seed if the connection to AD works as looking for log message has a lower priority. Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit 3e3d0986)
58a007de -
Jakub Vavra authored
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit 54903c0e)
19fecbf1 -
aborah authored
Sssd tests seems to be failing with current ssh module without any reason. Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit 34dba5a3)
05bc18ce -
Sumit Bose authored
If a user's password is expired while changing the LDAP password SSSD tries to change the password even if the initial bind of the user failed due to exhausted grace logins. With this patch the change password request will be aborted if the bind fails indicating that there are no grace logins left. Resolves: https://github.com/SSSD/sssd/issues/6768 Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit d99aa97d)
895d194f -
Sumit Bose authored
To determine which GPOs apply to the host running SSSD the full DN of the host object in AD is needed. To fine this object we use the NetBIOS name of the host which is stored in AD in the sAMAccountName attribute. Using other attributes, e.g. if ldap_user_name is set to a different attribute, will most probably cause a failure since those attributes are not managed as expected for host object. As a result sAMAccountName should be hardcoded here to avoid issues. Resolves: https://github.com/SSSD/sssd/issues/6766 Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 67c11c2e)
5008f0f9 -
Pavel Březina authored
This field is not used anywhere. Instead, we use value from struct cache_req. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 8b014bf1)
5711bb25 -
Pavel Březina authored
During the first iteration where the provider was not yet contacted, we set state->dp_success to false and if the record was not found we returned ERR_OFFLINE instead of ENOENT which causes the cache_req to continue and search the provider. Resolves: https://github.com/SSSD/sssd/issues/6739 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 32f57822)
bc5fe9eb -
Alexey Tikhonov authored
Example workflow: - SSSD client is enrolled into AD domain (Token-Groups are enabled) - `id $user` is executed - initgroups() is called for this user - during processing of initgroups() sssd_be obtains a list of group SIDs user is a member of, and then partially resolves those groups and adds it to the local cache as "incomplete" (i.e. 'expired') - as a next step `id` calls getgrnam() for every group in initgroups() list - since groups are saved into the cache as "incomplete" (technically - "expired") this again results in LDAP search of this group. But if `ignore_group_members = true` this search doesn't provide new information. "Incomplete" groups could be used instead. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 2fd5374f)
d3c3408e -
Alejandro López authored
Test suite pam-srv-tests accepts a test name as the last argument to just run that test. However, this was failing because a pointer to the name is retrieved but the poptContext is freed immediately after, making pointer invalid. The poptContext is now released after using the pointer. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit ca7c9f60)
50922242 -
Alejandro López authored
When using extra attributes, an attribute could be listed twice and SSSD will try to add it twice to the cache. To handle this situation, each instance will be added to a single attribute with multiple values, but duplicated values will be dropped. This is done by calling `sysdb_attrs_add_val_safe()` instead of `sysdb_attrs_add_val()`. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit dc508f03)
228183bf -
Alejandro López authored
Similar to string_in_list() but instead of taking a NULL-terminated list it take a list and its size. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 1b45f29f)
42cf3c41 -
Alejandro López authored
Old function add_strings_lists() copies any duplicate value. New function add_strings_lists_ex() take an argument to decide whether to discard duplicate values. add_strings_lists() is now a wrapper on add_strings_lists_ex(). Both function now take a const char *** instead of char ** as output parameter. An existing test was adapted and an new one added. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 2b8fed59)
010e61ff -
Alejandro López authored
Both functions do the same thing, so it is useless to have them both. attr_in_list() has, however, a more descriptive name for its use in this module, so we'll keep it as an inlined wrapper. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit de258f01)
bfc88dc3 -
Alejandro López authored
The extra attributes are concatenated to other required attributes for some operations. In some cases the attribute list ends up having duplicate attributes, either because accidentally the user added it twice to the ldap_user_extra_attrs list, or one or more of those attributes are also in the required list. Removing the duplicates each time the lists are concatenated increases the concatenation time. And this is done every time. So we try to concatenate the attribute lists at start up, filtering duplicates, and use that list. To do that, we consider the two cases where the list concatenation is done. In one of the cases, the added attributes are a subset of the other list. So we factorized this list to add the common attributes to the list at start up. Only the non-common attributes are added while serving a request. The complete list is now stored in the `full_attribute_list` field. An existing test suite was adapted to this new situation as it now needs to initialize the new field. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit b5041597)
355b0c2e -
김인수 authored
(Korean) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/
aa061594 -
Yuri Chornoivan authored
(Ukrainian) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/uk/
abce376c -
Temuri Doghonadze authored
(Georgian) currently translated at 8.1% (58 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ka/
a94f39f0 -
김인수 authored
(Korean) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/
8e80798d -
Kemal Oktay Aktoğan authored
(Turkish) currently translated at 98.7% (705 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/tr/
d37d72f0 -
Piotr Drąg authored
(Polish) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/pl/
f0d8f936 -
Elena Mishina authored
(Russian) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ru/
8d3acd3b -
Ludek Janda authored
(French) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/fr/
d95212b2 -
Ludek Janda authored
(Japanese) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ja/
4f469c0b -
Ludek Janda authored
(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/zh_CN/
c40d183c -
Pavel Březina authored7f6c10dc
-
Madhuri Upadhye authored
Add automation of BZ2096183. verifies: #6671 Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Jakub Vávra <jvavra@redhat.com> (cherry picked from commit 377ec31a)
256e013a -
Madhuri Upadhye authored
Tests: When adding attributes ldap_user_extra_attrs with mail value in sssd.conf the cross-forest query stop working When adding attributes ldap_user_extra_attrs with mail value in sssd.conf the cross-forest query stop working Automation of BZ2170720 Verifies: #6759 Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Jakub Vávra <jvavra@redhat.com> (cherry picked from commit 57499ff6)
301e5b38 -
Pavel Březina authoreddc8d649b
Showing
- po/fr.po 16 additions, 21 deletionspo/fr.po
- po/ja.po 19 additions, 25 deletionspo/ja.po
- po/ka.po 5 additions, 5 deletionspo/ka.po
- po/ko.po 15 additions, 21 deletionspo/ko.po
- po/pl.po 14 additions, 19 deletionspo/pl.po
- po/ru.po 14 additions, 20 deletionspo/ru.po
- po/tr.po 4 additions, 5 deletionspo/tr.po
- po/uk.po 14 additions, 20 deletionspo/uk.po
- po/zh_CN.po 14 additions, 20 deletionspo/zh_CN.po
- src/db/sysdb.c 9 additions, 0 deletionssrc/db/sysdb.c
- src/db/sysdb.h 8 additions, 0 deletionssrc/db/sysdb.h
- src/db/sysdb_ops.c 3 additions, 7 deletionssrc/db/sysdb_ops.c
- src/db/sysdb_search.c 3 additions, 1 deletionsrc/db/sysdb_search.c
- src/man/Makefile.am 10 additions, 8 deletionssrc/man/Makefile.am
- src/man/po/sssd-docs.pot 1 addition, 1 deletionsrc/man/po/sssd-docs.pot
- src/passkey_child/passkey_child.h 16 additions, 0 deletionssrc/passkey_child/passkey_child.h
- src/passkey_child/passkey_child_common.c 4 additions, 0 deletionssrc/passkey_child/passkey_child_common.c
- src/passkey_child/passkey_child_credentials.c 71 additions, 0 deletionssrc/passkey_child/passkey_child_credentials.c
- src/providers/ad/ad_gpo.c 2 additions, 1 deletionsrc/providers/ad/ad_gpo.c
- src/providers/ad/ad_subdomains.c 1 addition, 1 deletionsrc/providers/ad/ad_subdomains.c