Commits on Source (62)
-
Shridhar Gadekar authored
Trivial fix, the kinit command was missing '@' after usename. It was causing obvious failure to fetch krb ticket. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit 955192b1)
de1d4636 -
aborah-sudo authored
test_bz1368467 --- this one looks more perfomance than gatting test_avoid_interlocking_among_threads --- feature not supported Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Steeve Goveas <sgoveas@redhat.com> (cherry picked from commit dbf9198dc4d3516422a2256724c72317c1318211)
a3b30043 -
Shridhar Gadekar authored
Minor change, adding import of re module Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 60772306)
25deb9e0 -
aborah-sudo authored
test_bz1368467 --- this one looks more perfomance than gatting (cherry picked from commit 7c907a7c)
10641ea1 -
Alexey Tikhonov authored
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 3e02de93)
9258f0be -
Jakub Vavra authored
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1964121 Verifies: #6210 Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit a21c6662)
8e82f3d4 -
Alexey Tikhonov authored
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 93ed5e58)
2f885989 -
Jakub Vavra authored
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit a7759ab3)
44717b82 -
Jakub Vavra authored
This test is unstable on other architectures (ppc64le, aarch64) and it seems that adding a 15s wait before collecting the log gives it enough time to wtrite it properly. Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit bce2b0c8)
564af88d -
Jakub Vavra authored
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit d7e7efe9)
d2b5c789 -
aborah-sudo authored
This test was failing due to login error. Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit 285f1703)
19fd96f1 -
Justin Stephenson authored
In analyzer list verbose output, we parse the last field of cache_req_search_send() lines. Certain log messages need to be filtered out by ensuring the parsed field is a digit, such as the last line below. [cache_req_search_send] (0x0400): [CID#1] CR #1: Looking up GID:1031401119@testrealm.test [cache_req_search_send] (0x0400): [CID#1] CR #1: Looking up GID:1031401119@testrealm.test [cache_req_search_send] (0x0400): [CID#1] CR #1: Looking up GID:1031401119@domain-zflo.com [cache_req_search_send] (0x0400): [CID#1] CR #1: Returning [GID:1031401119@domain-zflo.com] from cache Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit bfa8d50c)
7d0c70cc -
Alexey Tikhonov authored
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 6ef3aade) Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
541cd677 -
Alexey Tikhonov authored
Before execution of `tool_cmd_init()` `init_err` wasn't set, so `sss_tools_handles_init_error()` check was a no-op. Consequently, a proper check after `tool_cmd_init()` was missing. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 7af46ba0) Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
bb97f89a -
Alexey Tikhonov authored
:relnote: `sssctl analyze` tool doesn't require anymore to be run under root. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 99791400) Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
581617c0 -
Steeve Goveas authored
`krb5_validate` and `pac_check` settings conflict. Setting krb5_validate to false skips the pac_check enabling the login Verifies: #6355 https://bugzilla.redhat.com/show_bug.cgi?id=2127822 https://bugzilla.redhat.com/show_bug.cgi?id=2128902 Reviewed-by: Anuj Borah <aborah@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 790e7a77)
a34b4f5e -
Jakub Vavra authored
Adcli changed handling password dialog for bz2124030 so the automation needs to be updated to work properly. Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 14748ff9)
e3be4597 -
Justin Stephenson authored
Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit 2f99cd31)
49b10717 -
Pavel Březina authored
We build SSSD in /dev/shm which is mounted on read-only file system on new podman version. We need to mount it as tmpfs to make it writable. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit f5c0e7b3)
dc71321f -
Pavel Březina authored
The package name has changed on new Ubuntu. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit ae614c17)
8c4da493 -
Iker Pedrosa authored
libsemanage1-dev renamed to libsemanage-dev in debian and its derivatives. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 336b1fac)
77ef7b25 -
Justin Stephenson authored
Update dependent actions to address: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 4a6eb258)
0253f7c3 -
Jakub Vavra authored
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit fc3fad98)
765fe3de -
Cole Robinson authored
The option is called krb5_renewable_lifetime, not krb5_renew_lifetime Signed-off-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 340691fa)
ece94348 -
Sumit Bose authored
Currently it was not possible to skip the UPN check which checks if the UPN in the PAC and the one stored in SSSD's cache are different. Additionally the related debug message will show both principals if they differ. Resolves: https://github.com/SSSD/sssd/issues/6451 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 91789449)
b00c72d2 -
Sumit Bose authored
Currently on IPA clients a calculated principal based on the user name and the Kerberos realm is added to the cached user object. This code is quite old and might have been necessary at times when sub-domain support was added to SSSD. But since quite some time SSSD is capable of generating the principal on the fly during authentication if nothing is stored in the cache. Removing the code makes the cache more consistent with other use-cases, e.g. with the IPA server where this attribute is empty, and allows to properly detect a missing UPN, e.g. during the PAC validation. Resolves: https://github.com/SSSD/sssd/issues/6451 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit b3d7a4f6)
a3304cc6 -
Sumit Bose authored
To avoid issues with the UPN check during PAC validation when 'ldap_user_principal' is set to a not existing attribute to skip reading user principals a new 'pac_check' option, 'check_upn_allow_missing' is added to the default options. With this option only a log message is shown but the check will not fail. Resolves: https://github.com/SSSD/sssd/issues/6451 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 51b11db8)
35a28524 -
aborah-sudo authored
test_sssctl_local.py::Testsssctl::test_0002_bz1599207 is affcted by disable "implicit files provider" Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit ad0a8c6a)
65e944bd -
Alexey Tikhonov authored
Addition to 71466a8d Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit e4dd11f2)
cd1a94e5 -
Sumit Bose authored
Read the serial number of the certificate and make it available. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 3f8bc872) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
cca0233e -
Sumit Bose authored
Read the subject key id from the certificate and make it available. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 10d977a3) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
a2bca35c -
Sumit Bose authored
Check if the SID extension is available, read the SID and make it available. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 9e1b711b) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
47f3408e -
Sumit Bose authored
The URI was not added to the list of subject alternative names. (cherry picked from commit f293507d) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
8d8e3c7c -
Sumit Bose authored
This patch adds a helper function to format hexadecimal strings of binary data. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit c4085c9a) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
6ad29f99 -
Sumit Bose authored
The new 'cert-eval-rule' sub-command of sssctl show the results of given matching and mapping rules on a given certificate. This should help to find suitable mapping and matching rules and to understand why given certificate is matched or not. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 11483f1e) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
9a45e616 -
Sumit Bose authored
Add support to calculate hash/digest values of binary data, e.g. of a certificate. Resolves: https://github.com/SSSD/sssd/issues/6404 (cherry picked from commit 3676a4fb) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
3f336da4 -
Sumit Bose authored
Add the newly discovered certificate values, i.e. serial number, subject key id and SID to the output of sss_cert_dump_content() which is used e.g. by 'sssctl cert-show'. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 0a906107) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
8a6a874b -
Sumit Bose authored
Add mapping rule templates for the new discovered attributes, templates for certificate hashes and templates to select individual DN components. To avoid issues with older versions of the library the new templates must use the prefix LDAPU1. :feature: New mapping template for serial number, subject key id, SID, certificate hashes and DN components are added to libsss_certmap. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 1303c624) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
698d5688 -
Sumit Bose authored
Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 4ac53fb5) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
17142068 -
Sumit Bose authored
This patch adds the new LDAPU1 mapping rule templates to the sss-certmap man page. Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit 882f560e) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
925d8a9f -
Sumit Bose authored
Resolves: https://github.com/SSSD/sssd/issues/6403 (cherry picked from commit b0bdf712) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com>
12e39a45 -
김인수 authored
(Korean) currently translated at 100.0% (663 of 663 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ko/
72eed034 -
Piotr Drąg authored
(Polish) currently translated at 100.0% (663 of 663 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/pl/
5bd2aa9b -
Elena Mishina authored
(Russian) currently translated at 100.0% (663 of 663 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ru/
8290b0e7 -
Yuri Chornoivan authored
(Ukrainian) currently translated at 100.0% (663 of 663 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/uk/
0909e8a1 -
Temuri Doghonadze authored
(Georgian) currently translated at 7.8% (52 of 663 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ka/
f1dc6cdd -
김인수 authored
(Korean) currently translated at 100.0% (663 of 663 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ko/
0b467961 -
Shridhar Gadekar authored
minor flake8 fixes Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit 664a436e)
464c78be -
Alexey Tikhonov authored
Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 8b09c938)
64c99055 -
Alexey Tikhonov authoredbe569b0c
-
Alexey Tikhonov authored
:relnote:`--enable-files-domain` configure option is deprecated and will be removed in one of the next versions of SSSD. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 714ababe)
f17bb003 -
Tomas Halman authored
DNS search may increase the time of name resolution significantly. Particularly when SSSD is misconfigured or the DNS server is unreachable. With this patch SSSD can avoid DNS search and the list of domains from resolv.conf is ignored. To avoid DNS search in kerberos library SSSD appends the dot to the server names before they are written into KDC info file. :relnote: SSSD can be configured not to perform a DNS search during DNS name resolution. This behavior is governed by the new dns_resolver_use_search_list. This parameter can be used in the domain section. Default value is true - that means that SSSD follows the system settings. Resolves: https://github.com/SSSD/sssd/issues/5390 Reviewed-by: Alejandro Lopez <allopez@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 2fda8e7b)
99d46b2f -
Dan Lavu authored
This is merged branch of two following PRs, 6363 and 6344 which are now closed. 6344 Add the tests but are unreliable. 6363 contains the following changes, rewriting the suite. * change_hostname fixture would revert back to the hostname in /etc/hostname, updated fixture * disabled DNS recursion, lookups were being forwarded to authoritative servers resulting in false passing tests * removed ipv6 address about part of the del_record, would result in passing but the wrong thing be searched * created a DNSAD object to search for records directly on the DNS server, stabling results and skipping any cache * cleaned up the functions and code for readability Signed-off-by: Dan Lavu <dlavu@redhat.com>
a8b6be40 -
Sumit Bose authored
Currently 19 options can be set for p11_child and the a NULL at the end the array must have 20 elements. Resolves: https://github.com/SSSD/sssd/issues/6479 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit aac303e8)
20037ae5 -
Alejandro López authored
Once the backend initialization is finished, in particular after D-Bus is initialized, reload the resolv.conf file to retrieve any change signaled through D-Bus before its initialization. Resolves: https://github.com/SSSD/sssd/issues/6383 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 34d55884)
98412a4e -
Madhuri Upadhye authored
Enable files domain. Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Anuj Borah <aborah@redhat.com> (cherry picked from commit 81eb0606)
5b7a4b4f -
aborah-sudo authored
https://gitlab.cee.redhat.com/sssd/sssd-qe/-/tree/RHEL8.6/client/proxy_provider/rfc2307bis Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 4a658e6c)
16c814ad -
Weblate authored
(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (704 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/zh_CN/ po: update translations (Ukrainian) currently translated at 100.0% (704 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/uk/ po: update translations (Korean) currently translated at 100.0% (704 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ko/ po: update translations (Korean) currently translated at 100.0% (704 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ko/ po: update translations (Japanese) currently translated at 100.0% (704 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ja/ po: update translations (French) currently translated at 100.0% (704 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/fr/ po: update translations (Ukrainian) currently translated at 100.0% (704 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/uk/ po: update translations (Korean) currently translated at 96.4% (679 of 704 strings) Translation: SSSD/SSSD-2-8 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-8/ko/
5d4f9dfd -
Pavel Březina authored37f934f2
-
Pavel Březina authored796b6dae
-
Timo Aaltonen authoredffcadcd1
-
Timo Aaltonen authoredb6953e55
Showing
- .github/workflows/ci.yml 3 additions, 1 deletion.github/workflows/ci.yml
- .github/workflows/copr_build.yml 1 addition, 1 deletion.github/workflows/copr_build.yml
- Makefile.am 2 additions, 0 deletionsMakefile.am
- contrib/ci/deps.sh 2 additions, 1 deletioncontrib/ci/deps.sh
- contrib/sssd.spec.in 1 addition, 0 deletionscontrib/sssd.spec.in
- debian/changelog 6 additions, 0 deletionsdebian/changelog
- po/Makevars 3 additions, 1 deletionpo/Makevars
- po/POTFILES.in 1 addition, 0 deletionspo/POTFILES.in
- po/bg.po 187 additions, 14 deletionspo/bg.po
- po/ca.po 190 additions, 14 deletionspo/ca.po
- po/cs.po 204 additions, 13 deletionspo/cs.po
- po/de.po 190 additions, 14 deletionspo/de.po
- po/es.po 202 additions, 11 deletionspo/es.po
- po/eu.po 187 additions, 11 deletionspo/eu.po
- po/fi.po 187 additions, 11 deletionspo/fi.po
- po/fr.po 238 additions, 52 deletionspo/fr.po
- po/hu.po 187 additions, 14 deletionspo/hu.po
- po/id.po 187 additions, 14 deletionspo/id.po
- po/it.po 187 additions, 14 deletionspo/it.po
- po/ja.po 232 additions, 57 deletionspo/ja.po