Timeline


and

09/03/15:

22:17 Ticket #2780 (Please use POSIX extended regexes instead of basic) created by rharwood
In ini_aug_regex_prepare(), regcomp(7) is called without passing …
13:50 Contribute edited by pcech
(diff)
13:49 DevelTips edited by pcech
(diff)
13:47 Reporting_sssd_bugs edited by pcech
(diff)
13:08 Ticket #2690 (REGRESSION: Unable to retrieve data with wrong domain SID) closed by lslebodn
worksforme: I cannot reproduce anymore. Tested with two different AD servers. Closing
10:55 ReleaseProcess edited by mzidek
(diff)
10:51 Ticket #2779 (Review and update wiki pages for 1.13.2) created by mzidek
Review and update the SSSD's wiki pages. Focus on documentation links, …
10:50 Ticket #2778 (FAIL: test_ipa_subdom_server) closed by lslebodn
duplicate: It seems to be duplicate of #2694
10:41 Ticket #2778 (FAIL: test_ipa_subdom_server) created by lslebodn
[…] …
08:49 Ticket #2777 (Fix memory leak in GPO) created by preichl
ad_gpo_get_sids() leaks memory […]
08:21 Ticket #2770 (Depend on basicobjects in spec file) closed by jhrozek
fixed: * master: 04da7febfc1fa39af855c8fec3c764b0113e9be4
08:21 Ticket #2771 (Document order in which ini_config_augment reads files) closed by jhrozek
fixed: * master: 34e06f47a1ff54212721dd4f63a660a329fce6d3
08:01 Ticket #2676 (Group members are not turned into ghost entries when the user is purged ...) closed by jhrozek
fixed: master: * 60713f738cedb6e4239604baf6619a0ca986fa49 * …
07:56 Changeset [60713f7] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14intg: Fix some PEP 8 violations Reviewed-by: Pavel Reichl <preichl@redhat.com>
07:56 Changeset [95b2c51] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14CI: Add regression test for #2676 Ticket: https://fedorahosted.org/sssd/ticket/2676 Regression test for the above ticket. Reviewed-by: Pavel Reichl <preichl@redhat.com>
07:56 Changeset [4d8f0f9] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14cleanup task: Expire all memberof targets when removing user Ticket: https://fedorahosted.org/sssd/ticket/2676 When user is removed from cache during cleanup task, mark all his memberof targets as expired to refresh member/ghost attributes on next request. Reviewed-by: Pavel Reichl <preichl@redhat.com>
07:56 Changeset [b0d6d14] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14SYSDB: Add function to expire entry Ticket: https://fedorahosted.org/sssd/ticket/2676 Added function to expire entry in sysdb using its DN. Reviewed-by: Pavel Reichl <preichl@redhat.com>
07:56 Changeset [3b1aa47] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14Makefile.am: Add missing AM_CFLAGS Some targets were missing AM_CFLAGS so it was not possible to compile C99 features in their source code. Reviewed-by: Pavel Reichl <preichl@redhat.com>
07:43 Changeset [cbff3fc] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14TESTS: Add trailing whitespace test Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
07:42 Changeset [2b490bc] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14Remove trailing whitespace Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
07:36 Ticket #2688 (Default to config_file_version=2) closed by jhrozek
fixed: * master: 175613be0cfb0890174d12d941e634d833b63dd9
07:32 Changeset [175613b] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14CONFDB: Assume config file version 2 if missing Default to config file version 2 if the version is not specified explicitly. Ticket: https://fedorahosted.org/sssd/ticket/2688 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

09/02/15:

20:21 Ticket #2776 (ini_config_augment strange merge behavior) created by rharwood
When ini_config_augment() is asked to load snippets from an empty …
19:20 Ticket #2766 (RFE: support for hosts map) closed by jhrozek
duplicate
10:09 Ticket #2775 (sssd-proxy with vas4 library groups issue) created by mogthesprog
Hi All, I've scoured the internet and the man pages and can't seem to …
04:41 Ticket #2744 (cleanup_groups should sanitize dn of groups) reopened by lslebodn
Additional patches are available in upstream.

09/01/15:

17:42 Ticket #2769 (Incorrect comment in ini_augment_ut.c) closed by jhrozek
fixed
15:53 Ticket #2772 (sssd cannot resolve user names containing backslash with ldap provider) closed by jhrozek
fixed: * master: 90b8e2e47ecc0dd555cae401a0c9b082d12ab989
14:18 Ticket #2774 (Fix PEP 8 violations in the SSSD's Python code) created by mzidek
It would be nice if we minimized the number of PEP 8 violations in our …
11:01 Changeset [3954cd0] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14GPO: Use sss_unique_file and close fd on failure The GPO child didn't remove temporary file on failure and didn't close the fd on failure (the latter was not much of a problem for a short-lived child process). Reviewed-by: Pavel Březina <pbrezina@redhat.com>
10:21 Changeset [03a4bb0] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14intg_tests: Add regression test for 2163 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
09:28 Ticket #2561 (Too much logging) closed by jhrozek
fixed: * master: bfa5e3869bb68213f08169efe55c45cb625e8fd0
09:26 Changeset [bfa5e38] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14AD: send less logs to syslog Create new callback that handles logging messages in cyrus sasl library. Resolves: https://fedorahosted.org/sssd/ticket/2561 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
09:23 Changeset [9118a53] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14sbus: Add a special error code for messages sent by the bus itself Reviewed-by: Pavel Březina <pbrezina@redhat.com>
09:22 Changeset [6c2a29a] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14sbus: Initialize errno if constructing message fails and add debug messages Reviewed-by: Pavel Březina <pbrezina@redhat.com>
08:43 Ticket #2762 ([RFE] sssd: better feedback form constraint password change) closed by jhrozek
fixed
08:43 Ticket #2708 (Logging messages from user point of view) closed by jhrozek
fixed
07:46 Changeset [46e3628] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14UTIL: Fixing Makefile.am for util/sss_cli_cmd.h Last patch for ticket 2708 broke make distcheck. This is fix. Resolves: https://fedorahosted.org/sssd/ticket/2708 Reviewed-by: Pavel Reichl <preichl@redhat.com>
06:41 Changeset [90b8e2e] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14NSS: Don't ignore backslash in usernames with ldap provider The regression was caused by changing default domain regex for ldap provider in ticket #2717 Resolves: https://fedorahosted.org/sssd/ticket/2772 Reviewed-by: Sumit Bose <sbose@redhat.com>

08/31/15:

16:36 Changeset [f31a573] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14LDAP: end on ENOMEM Reviewed-by: Pavel Březina <pbrezina@redhat.com>
16:35 Ticket #1697 (sssd: incorrect checks on length values during packet decoding) closed by jhrozek
fixed: * master: 9f0bffebd070115ab47a92eadc6890a721c7b78d
16:34 Changeset [9f0bffe] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14sssd: incorrect checks on length values during packet decoding https://fedorahosted.org/sssd/ticket/1697 It is safer to isolate the checked (unknown/untrusted) value on the left hand side in the conditions to avoid overflows/underflows. Reviewed-by: Petr Cech <pcech@redhat.com>
16:30 Changeset [11e8f3e] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14UTIL: Function 2string for enum sss_cli_command Improvement of debug messages. Instead of:"(0x0400): Running command [17]..." We could see:"(0x0400): Running command [17][SSS_NSS_GETPWNAM]..." (It's not used in sss_client. There are only hex numbers of commands.) Resolves: https://fedorahosted.org/sssd/ticket/2708 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
16:19 Changeset [bdf422f] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14TESTS: Removing part of responder_cache_req-tests If you call cache_req_[user|group]_by_filter_send() it than later calls updated_[users|groups]_by_filter(), which adds filter that is called "recent". This filter causes that only [users|groups] added after the request started are returned. This patch removes tests which use cache_req_[user|group]_by_filter_send(), because the logic of those tests is corrupted. The tests create [users|groups] and after it, they call cache_req_[user|group]_by_filter_send(). So it is obvious that it is not in the right manner. Possible fix is rewrite the tests to create the entries in the callback. Works around: https://fedorahosted.org/sssd/ticket/2730 Reviewed-by: Michal Židek <mzidek@redhat.com>
16:18 Ticket #2768 (Test 'test_id_cleanup_exp_group' failed) closed by jhrozek
fixed: * master: e0f2a783439fb7d3b85469f34ad6d672abf7e1fa
15:50 Changeset [e0f2a78] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14TESTS: fix fail in test_id_cleanup_exp_group Test was named same as the folder containing its data. Resolves: https://fedorahosted.org/sssd/ticket/2768 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
15:44 Changeset [f02b621] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14TESTS: ldap_id_cleanup timeouts The one second timeout interval was sometimes too short when the tests where running under Valgrind in the CI and the entries expired too soon. Reviewed-by: Petr Cech <pcech@redhat.com>
15:44 Ticket #2758 (sss_override contains an extra parameter --debug but is not listed in the ...) closed by jhrozek
fixed: * master: 5e2ffb69dcdd157ea422c6aec256111653e4206b
15:37 Changeset [5e2ffb6] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14sss_override: document --debug options Resolves: https://fedorahosted.org/sssd/ticket/2758 Reviewed-by: Petr Cech <pcech@redhat.com>

08/28/15:

12:35 Ticket #2773 (Make p11_child timeout configurable) created by mzidek
p11_child timeout is currently hardcoded to 10 seconds. It would be better …
04:35 Ticket #2772 (sssd cannot resolve user names containing backslash with ldap provider) created by lslebodn
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …

08/27/15:

17:38 Ticket #2771 (Document order in which ini_config_augment reads files) created by rharwood
In this source code, ini_config_augment() explicitly sorts the file list …

08/26/15:

19:44 Ticket #2770 (Depend on basicobjects in spec file) created by rharwood
Downstream, Fedora has the line […] ; however, the spec file in git …
15:17 Releases/DingNotes-0.5.0 edited by sgallagh
Fix typo (diff)

08/24/15:

23:58 Ticket #2769 (Incorrect comment in ini_augment_ut.c) created by rharwood
Starting at line 217: […] This is probably a copy-paste error from …

08/21/15:

11:48 Ticket #2768 (Test 'test_id_cleanup_exp_group' failed) created by pcech
I can reproduce it on my machine. (Maybe I am the only one.) There is a …

08/20/15:

20:52 Ticket #2749 (Fix crash in nss responder) closed by jhrozek
fixed: * master: b9901fe3d6cfe05cd75a2440c0f9c7985aea36c6
20:48 Changeset [b9901fe] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14NSS: Fix use after free It can happed if there are two domains and user is not found in the first one. ==29279== Invalid read of size 1 ==29279== at 0x4C2CBA2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==29279== by 0x89A7AC4: talloc_strdup (in /usr/lib64/libtalloc.so.2.1.2) ==29279== by 0x11668A: nss_cmd_initgroups_search (nsssrv_cmd.c:4191) ==29279== by 0x118B27: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1208) ==29279== by 0x10F2B4: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:759) ==29279== by 0x126AFB: sss_dp_internal_get_done (responder_dp.c:802) ==29279== by 0x56EA861: ??? (in /usr/lib64/libdbus-1.so.3.7.4) ==29279== by 0x56EDB50: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4) ==29279== by 0x50721E1: sbus_dispatch (sssd_dbus_connection.c:96) ==29279== by 0x879B22E: tevent_common_loop_timer_delay (tevent_timed.c:341) ==29279== by 0x879C239: epoll_event_loop_once (tevent_epoll.c:911) ==29279== by 0x879A936: std_event_loop_once (tevent_standard.c:114) ==29279== Address 0xbbad240 is 96 bytes inside a block of size 106 free'd ==29279== at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==29279== by 0x89A46E3: _talloc_free (in /usr/lib64/libtalloc.so.2.1.2) ==29279== by 0x116679: nss_cmd_initgroups_search (nsssrv_cmd.c:4190) ==29279== by 0x118B27: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1208) ==29279== by 0x10F2B4: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:759) ==29279== by 0x126AFB: sss_dp_internal_get_done (responder_dp.c:802) ==29279== by 0x56EA861: ??? (in /usr/lib64/libdbus-1.so.3.7.4) ==29279== by 0x56EDB50: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4) ==29279== by 0x50721E1: sbus_dispatch (sssd_dbus_connection.c:96) ==29279== by 0x879B22E: tevent_common_loop_timer_delay (tevent_timed.c:341) ==29279== by 0x879C239: epoll_event_loop_once (tevent_epoll.c:911) ==29279== by 0x879A936: std_event_loop_once (tevent_standard.c:114) Resolves: https://fedorahosted.org/sssd/ticket/2749 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
20:42 Ticket #2737 (sss_override: add import and export commands) closed by jhrozek
fixed: * master: 23fb01bf67a6058fb508da6d81515e8b18634beb
20:41 Ticket #2757 (sss_override does not work correctly when 'use_fully_qualified_names = ...) closed by jhrozek
fixed: * master: 7eba58cfcf78e61af1c4ff98619aa97223eb7a5b
20:39 Changeset [23fb01b] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14sss_override: support import and export Resolves: https://fedorahosted.org/sssd/ticket/2737 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
20:39 Changeset [5df5a6b] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14sss_override: decompose code better Preparation for: https://fedorahosted.org/sssd/ticket/2737 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
20:39 Changeset [a76f635] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14TOOLS: add sss_colondb API To simplify import/export users and groups. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
20:39 Changeset [7eba58c] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14sss_override: support domains that require fqname Resolves: https://fedorahosted.org/sssd/ticket/2757 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
20:39 Changeset [4285cf1] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14sss_override: print input name if unable to parse it Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
20:16 Ticket #2767 (The sdap_op code always ends request with EAGAIN) created by jhrozek
I was working on code that would re-fetch the keytab on a particular error …
18:10 Ticket #2766 (RFE: support for hosts map) created by mstroeder
The hosts map is not implemented in sssd because in most deployments the …
16:21 Ticket #2744 (cleanup_groups should sanitize dn of groups) closed by jhrozek
fixed: * master: e2e334b2f51118cb14c7391c4e4e44ff247ef638
16:12 Ticket #2597 (Add index for 'objectSIDString' and maybe to other cache attributes) closed by jhrozek
fixed: * master: e61b0e41cb44004d2b260ad9d05802995f7bcb2e
15:02 Ticket #2761 (AD provider offline when trusted domain not reachable) closed by jhrozek
duplicate: OK, thanks for confirming, marking as a duplicate
12:31 Ticket #1926 ([RFE] Start the dynamic DNS update after the SSSD has been setup for the ...) closed by preichl
fixed
09:39 Ticket #2765 (ad_site parameter does not work) created by ondrejv2
When I specify ad_site in my config, and then run: netstat -alp | grep sss …

08/19/15:

20:16 Ticket #2764 (the colondb intreface has no unit tests) created by jhrozek
the sss_override tool has a helper API to manage passwd-like and …
16:00 Changeset [e61b0e4] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14SYSDB: Index the objectSIDString attribute Reviewed-by: Michal Židek <mzidek@redhat.com>
15:58 Changeset [0698718] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14sdap_async: Use specific errmsg when available Ticket: https://fedorahosted.org/sssd/ticket/2762 Use specific errmsg when ldap returns LDAP_CONSTRAINT_VIOLATION code if that specific message is available. Reviewed-by: Pavel Reichl <preichl@redhat.com>
08:05 Ticket #2763 ([RFE] sssd: multilevel sub-domain support) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
08:04 Ticket #2762 ([RFE] sssd: better feedback form constraint password change) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …

08/18/15:

13:38 Ticket #2761 (AD provider offline when trusted domain not reachable) created by vokac
Our AD has trust with second AD, but posixAccount objects are only in our …
11:43 Ticket #2760 (sss_cache & negative cache - improve behaviour) created by ondrejv2
When using sss_cache against some item which is in negative cache (i.e. …
10:17 Ticket #2628 (dyndns update fails if DNS server is not DC for domain (sssd-1.11.7)) closed by jhrozek
duplicate: I would say this is a duplicate of #2495

08/17/15:

15:57 Ticket #2759 (sbus_codegen_tests leaves a process running) created by nkondras
When sbus_codegen_tests are invoked with "CK_FORK" environment variable …
13:22 Changeset [84493af] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14SSH: Use sss_unique_file_ex to create the known hosts file Simplifies the code. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:22 Changeset [51ae9cb] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14LDAP: Use sss_unique_filename in ldap_child Simplifies the code. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:22 Changeset [df07d54] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14KRB5: Use sss_unique_file when creating kdcinfo files Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:22 Changeset [f5db13d] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14KRB5: Use sss_unique file in krb5_child In krb5_child, we intentionally don' set the owner of the temporary file, because we're not renaming it to a 'stable' name, but rather directly using it as the ccache. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:18 Ticket #2746 (the PAM srv test often fails on RHEL-7) closed by jhrozek
fixed: * master: 9da121c08b785b56733a11fa46e14c708dda62e9
13:10 Changeset [4772d3f1] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14LDAP: minor improvements in ldap id cleanup Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:10 Changeset [e2e334b] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14LDAP: sanitize group name when used in filter cleanup_groups() uses DN of group in filter for ldbsearch. But the name might contain characters with special meaning for filtering like - "*()\/" Resolves: https://fedorahosted.org/sssd/ticket/2744 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:10 Changeset [9da121c0] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14pam: Incerease p11 child timeout Ticket: https://fedorahosted.org/sssd/ticket/2746 It was timeouting often in CI machines. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
12:40 Ticket #2758 (sss_override contains an extra parameter --debug but is not listed in the ...) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
12:39 Ticket #2757 (sss_override does not work correctly when 'use_fully_qualified_names = ...) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
12:12 Ticket #2754 (Clear environment and set restrictive umask in p11_child) closed by jhrozek
fixed: * master: 13f30f69eec02d0c0aaccc7b544dee1326a5e9d4
12:02 Changeset [13f30f6] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14p11child: set restrictive umask and clear environment https://fedorahosted.org/sssd/ticket/2754 Before doing any calls, set a very restrictive umask and clear environment variables to harden p11child execution. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

08/16/15:

19:53 Ticket #2756 (The sssctl tool could offer an option to clean up the cache) created by jhrozek
Since we disabled the cache cleanup, we might want to offer an option in …

08/15/15:

16:56 Ticket #2495 ([RFE]Allow sssd to add a new option that would specify which server to ...) closed by jhrozek
fixed: * master: * 8145ab51b05aa86b2f1a21b49383f55e50b0a2e3 * …

08/14/15:

21:54 Changeset [6fd5306] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14TESTS: UT for sss_iface_addr_list_as_str_list() Resolves: https://fedorahosted.org/sssd/ticket/2495 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
21:54 Changeset [b42bf6c0] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14DYNDNS: remove code duplication Move copy pasted code for converting sockaddr_storage to string into function. Resolves: https://fedorahosted.org/sssd/ticket/2495 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
21:54 Changeset [76604931] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14DYNDNS: rename field of sdap_dyndns_update_state Rename 'use_server_with_nsupdate' to more general name 'fallback_mode'. Resolves: https://fedorahosted.org/sssd/ticket/2495 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
21:54 Changeset [4f2a07c] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14DYNDNS: remove zone command Remove zone command from message to nsupsate. This command is generally used to hint nsupdate. In correctly configured environment such information should be obtained via DNS. If DNS does not provide necessary information we give other hints. For more details see: https://fedorahosted.org/sssd/wiki/DesignDocs/DDNSMessagesUpdate Resolves: https://fedorahosted.org/sssd/ticket/2495 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
21:54 Changeset [e4d6e9c] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14DYNDNS: remove redundant talloc_steal() String 'update_msg' was already allocated on mem_ctx, so, there is no need to steal it. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
21:54 Changeset [7c3cc1e] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14DYNDNS: Don't use server cmd in nsupdate by default nsupdate command `server` should not be used for the first attempt to udpate DNS. It should be used only in subsequent attempts after the first attempt failed. Resolves: https://fedorahosted.org/sssd/ticket/2495 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
21:51 Changeset [8145ab5] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14DYNDNS: Add a new option dyndns_server Some environments use a different DNS server than identity server. For these environments, it would be useful to be able to override the DNS server used to perform DNS updates. This patch adds a new option dyndns_server that, if set, would be used to hardcode a DNS server address into the nsupdate message. Reviewed-by: Pavel Reichl <preichl@redhat.com>
21:44 Changeset [db5f9ab] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14IPA: Always re-fetch the keytab from the IPA server Even if a keytab for one-way trust exists, re-fetch the keytab again and try to use it. Fall back to the previous one if it exists. This is in order to allow the admin to re-establish the trust keytabs with a simple sssd restart. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
21:44 Changeset [d95bcfe] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14UTIL: Provide a common interface to safely create temporary files Reviewed-by: Pavel Březina <pbrezina@redhat.com>
21:38 Ticket #2742 (When certificate is added via user-add-cert, it cannot be looked up via ...) closed by jhrozek
fixed: * master: 619e21ed9c7a71e35e53f38867b53ed974f1d36a
21:24 Changeset [619e21e] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14IPA: Change the default of ldap_user_certificate to userCertificate;binary This is safe from ldb point of view, because ldb gurantees the data is NULL-terminated. We must be careful before we save the data, though. Resolves: https://fedorahosted.org/sssd/ticket/2742 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
21:24 Changeset [32445af] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14LDAP: use ldb_binary_encode when printing attribute values Reviewed-by: Pavel Březina <pbrezina@redhat.com>
20:57 Ticket #2682 (sudoOrder not honored as expected) closed by jhrozek
fixed: * master: 52e3ee5c5ff2c5a4341041826a803ad42d2b2de7
20:47 Changeset [52e3ee5] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14sudo: use "higher value wins" when ordering rules This commit changes the default ordering logic (lower value wins) to a correct one that is used by native ldap support. It also adds a new option sudo_inverse_order to switch to the original SSSD (incorrect) behaviour if needed. Resolves: https://fedorahosted.org/sssd/ticket/2682 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
20:44 Changeset [ef7de95] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14IFP: use default limit if provided is 0 Returning zero values doesn't make any sense, so we may use it as "use sssd configuration instead". Reviewed-by: Petr Cech <pcech@redhat.com>
20:37 Changeset [c4fb8f5] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14DEBUG: Add new debug category for fail over. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
11:25 DesignDocs/ConfigEnhancements created by jhrozek

08/13/15:

15:42 Ticket #2755 (Review p11_child hardening) created by jhrozek
There are some issues that might need clarifying in p11_child. This ticket …
15:41 Ticket #2754 (Clear environment and set restrictive umask in p11_child) created by jhrozek
When p11_child starts, we should set a restrictive umask and clear the …
11:29 Ticket #2748 (test_memory_cache failed in invalidation cache before stop) closed by jhrozek
fixed: * master: 32c6db689a0206e062b799dfd32c34ba878ff044
11:21 Changeset [137d5dd0] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14test_memory_cache: Fix few python issues W:438,17: Unused variable 'gids' (unused-variable) W:438,10: Unused variable 'errno' (unused-variable) E:618,31: Undefined variable 'user' (undefined-variable) W:443,17: Unused variable 'gids' (unused-variable) W:443,10: Unused variable 'errno' (unused-variable) Reviewed-by: Michal Židek <mzidek@redhat.com>
11:21 Changeset [32c6db6] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14sss_cache: Wait a while for invalidation of mc by nss responder The sss_cache cannot invalidate memory cache directly because the nss responder owns file locks to memory caches. Therefore sss_cache just "tell" nss responder to invalidate memory cache. However there might be short interval between calling the utility sss_cache and stopping sssd. So nss responder needn't be so fast and therefore memory cache needn't be invalidated. Resolves: https://fedorahosted.org/sssd/ticket/2748 Reviewed-by: Michal Židek <mzidek@redhat.com>
10:48 Ticket #2750 (Failed to read group policy from second domain in forest (Active ...) closed by jhrozek
worksforme: We should focus on the 1.13 bug..

08/11/15:

11:11 Ticket #2751 (SSSD can't process GPO from Active Directory when it contains lines with ...) reopened by lslebodn
10:11 Ticket #2751 (SSSD can't process GPO from Active Directory when it contains lines with ...) closed by lslebodn
worksforme: Thank you for confirmation.
08:11 Ticket #2753 (FAIL: test_be_ptask) created by lslebodn
@see …

08/10/15:

11:03 Changeset [6c676de] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14krb5_utils-tests: Remove unused variables Reviewed-by: Pavel Reichl <preichl@redhat.com>

08/08/15:

11:54 Ticket #2752 (Detect captive portals and make sure SSSD treats networks with them as ...) created by abbra
When demonstrating KDC proxy functionality at GUADEC I've found out that …

08/07/15:

11:34 Ticket #2751 (SSSD can't process GPO from Active Directory when it contains lines with ...) created by puthi
Updated description: The problem was that libini parser could …
11:26 Ticket #2750 (Failed to read group policy from second domain in forest (Active ...) created by puthi
Compute1_Linux join to Active Directory under domain A.DOMAIN.COM and …
09:17 Changeset [afa6ac75] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14IPA: Improve messages about failures Reviewed-by: Pavel Březina <pbrezina@redhat.com>
09:16 Ticket #2700 (krb5_child should always consider online state to allow use of MS-KKDC ...) closed by jhrozek
fixed: * master: 67c68b563e1afc409aeadbcc828f9bdf33c57c84
09:15 Ticket #2652 (KDC proxy not working with SSSD krb5_use_kdcinfo enabled) closed by jhrozek
fixed: * master: 05ed6a29cbd3cbec177364487a2afeade51d6546
04:38 Ticket #2749 (Fix crash in nss responder) created by lslebodn
Crash is part of test cases for …

08/06/15:

08:39 Ticket #2748 (test_memory_cache failed in invalidation cache before stop) created by lslebodn
http://sssd-ci.duckdns.org/logs/job/20/54/fedora_rawhide/ci-build-debug/ci- …

08/05/15:

13:33 Changeset [7dd51b4] by Jakub Hrozek <jhrozek@…>
sssd-1-12SPEC: Workaround for build with rpm 4.13 If the tarball is generated with minimal dependencies extracted from spec file then translated manual pages are not generated due to missing script po4a. This step is not necessary for regular nightly/developer builds. The tarball is created faster without such step. However rpm >= 4.13 will fail due to empty manifest file. Resolves: https://fedorahosted.org/sssd/ticket/2738 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
13:11 Ticket #2747 (get_object_from_cache() does not handle services) created by preichl
get_object_from_cache() does not seem to handle services at all although …
13:00 Changeset [4b5c6ec] by Jakub Hrozek <jhrozek@…>
sssd-1-12BUILD: Repair dependecies on deprecated libraries Modules libsystemd-journal and libsystemd-login are deprecated and "libsystemd" should be used instead of them. Resolves: https://fedorahosted.org/sssd/ticket/2733 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
12:10 Changeset [67c68b5] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14krb5: assume online state if KDC proxy is configured If a KDC proxy is configured a request in the KRB5 provider will assume online state even if the backend is offline without changing the state of the backend. Resolves https://fedorahosted.org/sssd/ticket/2700 Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
12:10 Changeset [05ed6a2] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14krb5: do not create kdcinfo file if proxy configuration exists Resolves https://fedorahosted.org/sssd/ticket/2652 Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
12:09 Changeset [7bb9ba8] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14krb5 utils: add sss_krb5_realm_has_proxy() Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
11:09 Ticket #2729 (Do not send SSS_OTP if both factors were entered separately) closed by jhrozek
fixed
11:09 Ticket #2717 (well-known SID check is broken for NetBIOS prefixes) closed by jhrozek
fixed
10:51 Changeset [089db89] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14test_memory_cache: Test invalidation with sss_cache Reviewed-by: Michal Židek <mzidek@redhat.com>
10:51 Changeset [c3baf4d] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14test_memory_cache: Test mmap cache after initgroups Reviewed-by: Michal Židek <mzidek@redhat.com>
09:47 Changeset [fa4a7fb2] by Jakub Hrozek <jhrozek@…>
sssd-1-12sss_client: Update integrity check of records in mmap cache The function sss_nss_mc_get_record return copy of record from memory cache in last argument. Because we should not access data directly to avoid problems with consistency of record. The function sss_nss_mc_get_record also check whether length of record is within data area (with macro MC_CHECK_RECORD_LENGTH) However we also tried to do the same check in functions sss_nss_mc_get{gr, pw}* Pointer to end of strings in record was compared to pointer to the end of data table. But these two pointers are not within the same allocated area and does not make sense to compare them. Sometimes record can be allocated before mmaped area and sometime after. Sometimes it will return cached data and other time will fall back to responder. Resolves: https://fedorahosted.org/sssd/ticket/2743 Reviewed-by: Michal Židek <mzidek@redhat.com>
09:44 Changeset [e693e9c] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14KRB5: Do not try to remove missing ccache There was a misleading debug message in krb5_child [[sssd[krb5_child[16629]]]] [get_and_save_tgt] (0x0080): Failed to remove old ccache file [(null)], please remove it manually. Reviewed-by: Pavel Reichl <preichl@redhat.com>
09:42 Ticket #2738 (Cannot build rpms from upstream spec file on rawhide) closed by jhrozek
fixed: * master: 85fe1601d3578eef9d244e860b9881347a112859
09:40 Changeset [85fe1601] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14SPEC: Workaround for build with rpm 4.13 If the tarball is generated with minimal dependencies extracted from spec file then translated manual pages are not generated due to missing script po4a. This step is not necessary for regular nightly/developer builds. The tarball is created faster without such step. However rpm >= 4.13 will fail due to empty manifest file. Resolves: https://fedorahosted.org/sssd/ticket/2738 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
09:37 Ticket #2716 (Initgroups mmap cache needs update after db changes) closed by jhrozek
fixed: * master: ea7839cec593b4a7c678fab52ab864518db6699b
09:37 Ticket #2743 (memory cache can work intermittently) closed by jhrozek
fixed: * master: ba847347cade817ee927397d82c952b51b0dcb2b
09:36 Ticket #2712 (Initgroups memory cache does not work with fq names) closed by jhrozek
fixed: * master: dda0258705de7255e6ec54b7f9adbde83a220996
09:28 Changeset [cb8c2470] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14test_memory_cache: Add test for initgroups mc with fq names Reviewed-by: Michal Židek <mzidek@redhat.com>
09:28 Changeset [dda0258] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14NSS: Initgr memory cache should work with fq names We need to stored two versions of name to the initgroups memory cache. Otherwise it could be stored many times if sssd is configured with case_sensitive = false. It would be impossible to invalidate all version of names after user login. As a result of this wrong user groups could be returned from initgroups memory cache. Therefore we store raw name provided by glibc function and internal sanitized fully qualified name, which is unique for particular user. This patch also increase average space for initgroups because there are also stored two quite long names in case of fq names. Resolves: https://fedorahosted.org/sssd/ticket/2712 Reviewed-by: Michal Židek <mzidek@redhat.com>
09:28 Changeset [a2c10cf3] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14intg_test: Add integration test for memory cache Reviewed-by: Michal Židek <mzidek@redhat.com>
09:28 Changeset [38b0701] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14intg_test: Add module for simulation of utility id Reviewed-by: Michal Židek <mzidek@redhat.com>
09:28 Changeset [ba84734] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14sss_client: Update integrity check of records in mmap cache The function sss_nss_mc_get_record return copy of record from memory cache in last argument. Because we should not access data directly to avoid problems with consistency of record. The function sss_nss_mc_get_record also check whether length of record is within data area (with macro MC_CHECK_RECORD_LENGTH) However we also tried to do the same check in functions sss_nss_mc_get{gr, pw}* Pointer to end of strings in record was compared to pointer to the end of data table. But these two pointers are not within the same allocated area and does not make sense to compare them. Sometimes record can be allocated before mmaped area and sometime after. Sometimes it will return cached data and other time will fall back to responder. Resolves: https://fedorahosted.org/sssd/ticket/2743 Reviewed-by: Michal Židek <mzidek@redhat.com>
09:28 Changeset [ea7839c] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14mmap: Invalidate initgroups memory cache after any change Initgroups memory cache was invalidated only in case on removed user. it should be invalidated also after changes in group membership. Resolves: https://fedorahosted.org/sssd/ticket/2716 Reviewed-by: Michal Židek <mzidek@redhat.com>
09:28 Changeset [225dc691] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14mmap_cache: "Override" functions for initgr mmap cache Functions sss_mc_get_strs_offset and sss_mc_get_strs_len provides data about strings for individual memory caches (passwd, ...) Their are used in generic responder mmap cache code to find a record in mmap cache (sss_mc_find_record). Data provided from functions sss_mc_get_* are used for checking the validity of record. So in case of corrupted record the whole mmap cache can be invalidated. Functions sss_mc_get_strs_offset and sss_mc_get_strs_len did not provide data for initgroups mmap cache and therefore particular record could not be invalidated. Resolves: https://fedorahosted.org/sssd/ticket/2716 Reviewed-by: Michal Židek <mzidek@redhat.com>
09:28 Changeset [39b3142] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14mmap_cache: Rename variables Reviewed-by: Michal Židek <mzidek@redhat.com>

08/04/15:

19:58 Ticket #2746 (the PAM srv test often fails on RHEL-7) created by jhrozek
In our CI, the pamsrv test fails quite often, but for some reason, the …
15:40 Ticket #2745 (SSSD intermittently fails to resolve external IPA group membership.) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
14:26 Ticket #2699 (SSSDConfig: wrong return type returned on python3) closed by jhrozek
fixed: * master: 2ab9822a792e26e9ddb47cbb6bc788a0727c8556
14:20 Changeset [872aa0d] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14intg: Modernize 'except' clauses The 'as' syntax works from Python 2 on, and Python 3 dropped the "comma" syntax. Reviewed-by: Christian Heimes <cheimes@redhat.com>
14:19 Changeset [2ab9822a] by Jakub Hrozek <jhrozek@…>
mastersssd-1-13sssd-1-14SSSDConfig: Return correct types in python3 In Python 3, dict.keys() returns a view rather than a list. Since dict keys aren't in any particular order, indexing them doesn't make sense. Resolves: https://fedorahosted.org/sssd/ticket/2699 Reviewed-by: Christian Heimes <cheimes@redhat.com>
Note: See TracTimeline for information about the timeline view.