Timeline


and

11/03/16:

11:24 Contribute edited by lslebodn
(diff)
11:19 Contribute edited by lslebodn
Fix copr URLs (diff)
10:29 Ticket #3218 ([RFE] ad_access_filter should ignore what happens after the first open ...) closed by jhrozek
fixed: * sssd-1-14: e1c2aead482cd4bf83a7fe5e68630a981389e82b
10:28 Changeset [e1c2aea] by Jakub Hrozek <jhrozek@…>
sssd-1-14ad_access_filter search for nested groups Includes instructions and example for AD nested group access Related to https://fedorahosted.org/sssd/ticket/3218 Signed-off-by: Mike Ely <github@taupehat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit cf5357ae83cc9fe2240038b8bdccec2cb98991fc)
10:26 Changeset [cf5357a] by Jakub Hrozek <jhrozek@…>
masterad_access_filter search for nested groups Includes instructions and example for AD nested group access Related to https://fedorahosted.org/sssd/ticket/3218 Signed-off-by: Mike Ely <github@taupehat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
10:23 Ticket #3199 (No supplementary groups are resolved for users in nested OUs when domain ...) closed by jhrozek
fixed: * master: * e5a984093ad7921c83da75272cede2b0e52ba2d6 * …
10:14 Changeset [3f3dc8c] by Jakub Hrozek <jhrozek@…>
sssd-1-14SYSDB: Split sysdb_try_to_find_expected_dn() into smaller functions The function sysdb_try_to_find_expected_dn was performing several matching algorithms and thus it was getting big and hard to extend. This patch doesn't contain any functional changes, only shuffles the code around and splits the monolithic sysdb_try_to_find_expected_dn function into smaller blocks. Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit e5a984093ad7921c83da75272cede2b0e52ba2d6)
10:14 Changeset [956fdd7] by Jakub Hrozek <jhrozek@…>
sssd-1-14SYSDB: Augment sysdb_try_to_find_expected_dn to match search base as well In cases where the domain name in sssd.conf does not match the AD domain, our previous matching process wouldn't match. This patch augments the matching as follows: - the search base is known to sysdb_try_to_find_expected_dn and is expected to be non-NULL - the existing matching is ran first - during the search base, matching, all the non-DC components are stripped from the search base to 'canonicalize' the search base - if only a single entry that matches with a non-DC DN component (matching with a DC component would mean the DN comes from a different domain) then this entry is a match and is returned Resolves: https://fedorahosted.org/sssd/ticket/3199 Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 24d8c85fae253f988165c112af208198cf48eef6)
10:02 Changeset [24d8c85] by Jakub Hrozek <jhrozek@…>
masterSYSDB: Augment sysdb_try_to_find_expected_dn to match search base as well In cases where the domain name in sssd.conf does not match the AD domain, our previous matching process wouldn't match. This patch augments the matching as follows: - the search base is known to sysdb_try_to_find_expected_dn and is expected to be non-NULL - the existing matching is ran first - during the search base, matching, all the non-DC components are stripped from the search base to 'canonicalize' the search base - if only a single entry that matches with a non-DC DN component (matching with a DC component would mean the DN comes from a different domain) then this entry is a match and is returned Resolves: https://fedorahosted.org/sssd/ticket/3199 Reviewed-by: Sumit Bose <sbose@redhat.com>
10:02 Changeset [e5a9840] by Jakub Hrozek <jhrozek@…>
masterSYSDB: Split sysdb_try_to_find_expected_dn() into smaller functions The function sysdb_try_to_find_expected_dn was performing several matching algorithms and thus it was getting big and hard to extend. This patch doesn't contain any functional changes, only shuffles the code around and splits the monolithic sysdb_try_to_find_expected_dn function into smaller blocks. Reviewed-by: Sumit Bose <sbose@redhat.com>

11/02/16:

13:29 Ticket #3230 (Use the same logic for matching GC results in initgroups and user lookups) created by jhrozek
This came up in discussion of https://github.com/SSSD/sssd/pull/49
13:14 Ticket #2296 (pam_sss set KRB5CCNAME with sudo logins) closed by jhrozek
fixed: * sssd-1-13: * 5cbea81f6019d4c6acc94b8cec0b955d1767430b * …
13:02 Changeset [27e38ce] by Jakub Hrozek <jhrozek@…>
sssd-1-13PAM: add pam_response_filter option Currently the main use-case for this new option is to not set the KRB5CCNAME environment varible for services like 'sudo-i'. Resolves https://fedorahosted.org/sssd/ticket/2296 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
13:02 Changeset [5cbea81f] by Jakub Hrozek <jhrozek@…>
sssd-1-13PAM: add a test for filter_responses() Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
11:03 Ticket #3229 (sssd[nss]: Stored copy of corrupted mmap cache in file ...) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
10:37 Changeset [0157678] by Jakub Hrozek <jhrozek@…>
sssd-1-14PAM: add a test for filter_responses() Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit c8fe1d922b254aa92e74f428135ada3c8bde87a1)
10:37 Changeset [74711db] by Jakub Hrozek <jhrozek@…>
sssd-1-14PAM: add pam_response_filter option Currently the main use-case for this new option is to not set the KRB5CCNAME environment varible for services like 'sudo-i'. Resolves https://fedorahosted.org/sssd/ticket/2296 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit ce43f710c9638fbbeae077559cd7514370a10c0c)
10:30 Changeset [ce43f71] by Jakub Hrozek <jhrozek@…>
masterPAM: add pam_response_filter option Currently the main use-case for this new option is to not set the KRB5CCNAME environment varible for services like 'sudo-i'. Resolves https://fedorahosted.org/sssd/ticket/2296 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
10:30 Changeset [c8fe1d9] by Jakub Hrozek <jhrozek@…>
masterPAM: add a test for filter_responses() Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

11/01/16:

09:59 Ticket #3225 (Kerberos authentication failing since version 1.14.0 due to password ...) closed by jhrozek
invalid: Since the ticket was resolved, I'm closing this issue as not a bug.

10/31/16:

14:05 Ticket #3206 (AD provider: SSSD does not retrieve a domain-local group with the AD ...) closed by jhrozek
fixed: * master: * 2569984 * 49d3f0a * 3dd4c3e * sssd-1-14: * c1f3b29 …
11:48 Changeset [9a243dc] by Jakub Hrozek <jhrozek@…>
sssd-1-14sysdb: add parent_dom to sysdb_get_direct_parents() Currently sysdb_get_direct_parents() only return direct parents from the same domain as the child object. In setups with sub-domains this might not be sufficient. A new option parent_dom is added which allows to specify a domain the direct parents should be lookup up in. If it is NULL the whole cache is searched. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 3dd4c3eca80e9223a65f3318821bd0fb5b45aedd)
11:48 Changeset [f38c62ff] by Jakub Hrozek <jhrozek@…>
sssd-1-14sdap: make some nested group related calls public sdap_nested_groups_store() and rfc2307bis_nested_groups_send/recv() will be reused for domain local group lookups. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 49d3f0a487d55571b2bdc9d3f8280b304b964b9d)
11:48 Changeset [c1f3b29f] by Jakub Hrozek <jhrozek@…>
sssd-1-14LDAP/AD: resolve domain local groups for remote users If a user from a trusted domain in the same forest is a direct or indirect member of domain local groups from the local domain those memberships must be resolved as well. Since those domain local groups are not valid in the trusted domain a DC from the trusted domain which is used to lookup the user data is not aware of them. As a consequence those memberships must be resolved against a local DC in a second step. Resolves https://fedorahosted.org/sssd/ticket/3206 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 25699846bd1c9f8bb513b6271eb4366ab682fbd2)
11:38 Changeset [2569984] by Jakub Hrozek <jhrozek@…>
masterLDAP/AD: resolve domain local groups for remote users If a user from a trusted domain in the same forest is a direct or indirect member of domain local groups from the local domain those memberships must be resolved as well. Since those domain local groups are not valid in the trusted domain a DC from the trusted domain which is used to lookup the user data is not aware of them. As a consequence those memberships must be resolved against a local DC in a second step. Resolves https://fedorahosted.org/sssd/ticket/3206 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
11:38 Changeset [49d3f0a] by Jakub Hrozek <jhrozek@…>
mastersdap: make some nested group related calls public sdap_nested_groups_store() and rfc2307bis_nested_groups_send/recv() will be reused for domain local group lookups. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
11:38 Changeset [3dd4c3e] by Jakub Hrozek <jhrozek@…>
mastersysdb: add parent_dom to sysdb_get_direct_parents() Currently sysdb_get_direct_parents() only return direct parents from the same domain as the child object. In setups with sub-domains this might not be sufficient. A new option parent_dom is added which allows to specify a domain the direct parents should be lookup up in. If it is NULL the whole cache is searched. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

10/27/16:

12:33 Ticket #3228 (samba/sssd and accessing share through CNAME on Win8+ clients) created by marcoc
Hi, we configured samba to authenticate through sssd-ad but authentication …
10:15 Ticket #3209 (No sssctl commands can be run if the configuration has fatal errors) closed by lslebodn
fixed: master: * cbee11e912bb391ba254b0bac8c1159c1f634533 sssd-1-14: * …
10:14 Changeset [ec1829d] by Lukas Slebodnik <lslebodn@…>
sssd-1-14sssctl: Flags for command initialization Allow passing flags for command specific initialization. Currently only one flag is available to skip the confdb initialization which is required to improve config-check command. Resolves: https://fedorahosted.org/sssd/ticket/3209 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit cbee11e912bb391ba254b0bac8c1159c1f634533)
10:09 Changeset [cbee11e] by Lukas Slebodnik <lslebodn@…>
mastersssctl: Flags for command initialization Allow passing flags for command specific initialization. Currently only one flag is available to skip the confdb initialization which is required to improve config-check command. Resolves: https://fedorahosted.org/sssd/ticket/3209 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

10/26/16:

15:12 Ticket #3227 (sssd doesn't update PTR records if A/PTR zones are configured as ...) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
09:34 HOWTO_Troubleshoot_SUDO edited by pbrezina
(diff)

10/25/16:

10:29 DesignDocs/MatchingAndMappingCertificates edited by sbose
(diff)
08:35 Changeset [7251859] by Lukas Slebodnik <lslebodn@…>
sssd-1-14dlopen-test: Add check for untested libraries Reviewed-by: Petr Čech <pcech@redhat.com> (cherry picked from commit c7b3c43cf669e39f7ce5f4ef1a2e939b31a8b7b9)
08:35 Changeset [a52c7df] by Lukas Slebodnik <lslebodn@…>
sssd-1-14dlopen-test: Move libraries to the right "sections" The library winbind_idmap_sss.so is build only when building with samba. The library libdlopen_test_providers.so was moved to the group of libraries build for testing purposes. Reviewed-by: Petr Čech <pcech@redhat.com> (cherry picked from commit d708e53d0df0c1ed4cc0097bebfa2a84d7b20fad)
08:35 Changeset [9b97226] by Lukas Slebodnik <lslebodn@…>
sssd-1-14dlopen-test: Add missing libraries to the check list nfsidmap plugin(sss.so) and libsss_cert.so were not checked. Few libraries which are build for testing purposes were added to the list otherwise we would not be able to detect unchecked libraries. Reviewed-by: Petr Čech <pcech@redhat.com> (cherry picked from commit 558b8f3cd2439c01e139cf5f812aea9409fe776a)
08:34 Changeset [a64409a] by Lukas Slebodnik <lslebodn@…>
sssd-1-14dlopen-test: Use portable macro for location of .libs Reviewed-by: Petr Čech <pcech@redhat.com> (cherry picked from commit bacc66dc6f446d47be18b61d569721481d70386b)
08:33 Changeset [c7b3c43] by Lukas Slebodnik <lslebodn@…>
masterdlopen-test: Add check for untested libraries Reviewed-by: Petr Čech <pcech@redhat.com>
08:33 Changeset [d708e53] by Lukas Slebodnik <lslebodn@…>
masterdlopen-test: Move libraries to the right "sections" The library winbind_idmap_sss.so is build only when building with samba. The library libdlopen_test_providers.so was moved to the group of libraries build for testing purposes. Reviewed-by: Petr Čech <pcech@redhat.com>
08:33 Changeset [558b8f3] by Lukas Slebodnik <lslebodn@…>
masterdlopen-test: Add missing libraries to the check list nfsidmap plugin(sss.so) and libsss_cert.so were not checked. Few libraries which are build for testing purposes were added to the list otherwise we would not be able to detect unchecked libraries. Reviewed-by: Petr Čech <pcech@redhat.com>
08:33 Changeset [bacc66d] by Lukas Slebodnik <lslebodn@…>
masterdlopen-test: Use portable macro for location of .libs Reviewed-by: Petr Čech <pcech@redhat.com>
07:56 Changeset [6364120] by Lukas Slebodnik <lslebodn@…>
sssd-1-13BUILD: Accept krb5 1.15 for building the PAC plugin Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 11d2a1183d7017f3d453d0a7046004b6968fefb5) (cherry picked from commit 6a96323fb511565908a5a7ce7b1d6e0d40aa647d)
07:55 Changeset [6a96323] by Lukas Slebodnik <lslebodn@…>
sssd-1-14BUILD: Accept krb5 1.15 for building the PAC plugin Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 11d2a1183d7017f3d453d0a7046004b6968fefb5)
07:49 Changeset [11d2a11] by Lukas Slebodnik <lslebodn@…>
masterBUILD: Accept krb5 1.15 for building the PAC plugin Reviewed-by: Sumit Bose <sbose@redhat.com>

10/24/16:

08:06 Ticket #3226 (CI: Run builds using with all options provided by configure and make sure ...) created by fidencio
The way it is nowadays issues like the one solved by …

10/23/16:

14:07 Ticket #3225 (Kerberos authentication failing since version 1.14.0 due to password ...) created by bartbes
Attempting to log in would lead to an inevitable timeout of the …

10/22/16:

20:55 Changeset [1fb3ccc] by Lukas Slebodnik <lslebodn@…>
sssd-1-14BUILD: Fix installation without samba winbindplugindir is defined only when BUILD_SAMBA is on. Also the file doesn't exist when BUILD_SAMBA is off, so installation will fail. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 13adcd07000ba3ca1422c6ee863df17d70e2b14c)
20:54 Changeset [13adcd0] by Lukas Slebodnik <lslebodn@…>
masterBUILD: Fix installation without samba winbindplugindir is defined only when BUILD_SAMBA is on. Also the file doesn't exist when BUILD_SAMBA is off, so installation will fail. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

10/21/16:

20:05 DesignDocs/MatchingAndMappingCertificates edited by sbose
(diff)
16:07 Changeset [579daa9] by Lukas Slebodnik <lslebodn@…>
sssd-1-14crypto-tests: Rename encrypt decrypt test case libsss_crypto provide 2 pairs of encrypt + decrypt functions. sss_password_encrypt + sss_password_decrypt and more generic sss_encrypt + sss_decrypt. The name of one test case was a little bit confusing. It evokes that different pair of functions were tested. Reviewed-by: Christian Heimes <cheimes@redhat.com> (cherry picked from commit 96d239e83e671b82525cec760cf0bcaa5ee1c249)
16:07 Changeset [8cb4136] by Lukas Slebodnik <lslebodn@…>
sssd-1-14crypto-tests: Add unit test for sss_encrypt + sss_decrypt Reviewed-by: Christian Heimes <cheimes@redhat.com> (cherry picked from commit 65c85654d9b32a866caa01c28fe743eeb0bdef67)
16:07 Changeset [f4da46b] by Lukas Slebodnik <lslebodn@…>
sssd-1-14libcrypto: Check right value of CRYPTO_memcmp sss_decrypt failed even though should pass because we were checking wrong value of CRYPTO_memcmp. Nobody noticed that because there was not a unit test :-) Reviewed-by: Christian Heimes <cheimes@redhat.com> (cherry picked from commit 0c2be9700d3b54db33c1a3dd5d230b34bfaceb50)
16:04 Changeset [96d239e] by Lukas Slebodnik <lslebodn@…>
mastercrypto-tests: Rename encrypt decrypt test case libsss_crypto provide 2 pairs of encrypt + decrypt functions. sss_password_encrypt + sss_password_decrypt and more generic sss_encrypt + sss_decrypt. The name of one test case was a little bit confusing. It evokes that different pair of functions were tested. Reviewed-by: Christian Heimes <cheimes@redhat.com>
16:04 Changeset [65c8565] by Lukas Slebodnik <lslebodn@…>
mastercrypto-tests: Add unit test for sss_encrypt + sss_decrypt Reviewed-by: Christian Heimes <cheimes@redhat.com>
16:03 Changeset [0c2be97] by Lukas Slebodnik <lslebodn@…>
masterlibcrypto: Check right value of CRYPTO_memcmp sss_decrypt failed even though should pass because we were checking wrong value of CRYPTO_memcmp. Nobody noticed that because there was not a unit test :-) Reviewed-by: Christian Heimes <cheimes@redhat.com>
13:44 Changeset [4117ae3] by Lukas Slebodnik <lslebodn@…>
masterBUILD: Fix build without samba The test test_ad_subdom should be compiled only if samba build is enabled. In file included from src/tests/cmocka/test_ad_subdomains.c:39:0: ./src/providers/ad/ad_subdomains.c:35:17: fatal error: ndr.h: No such file or directory #include <ndr.h> ^ compilation terminated. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
11:01 DesignDocs/FleetCommanderIntegration edited by fidencio
(diff)
07:56 DesignDocs/FleetCommanderIntegration edited by fidencio
(diff)

10/20/16:

15:07 Ticket #3176 (Memory leak in SSSD) closed by lslebodn
cantfix: I am closing this ticket as cannot fix due to insufficient data. Feel free …
12:57 Changeset [e1917b6] by Lukas Slebodnik <lslebodn@…>
sssd-1-13crypto: Port libcrypto code to openssl-1.1 EVP_MD_CTX and EVP_CIPHER_CTX are opaque in openssl-1.1 Reviewed-by: Tomas Mraz <tmraz@redhat.com> (cherry picked from commit 8f1316a0c677f211eaaa1346e21a03446b8c4fb1) (cherry picked from commit 81ebd058ab8f6ab08b05a7e35e04881812404d43)
12:52 Changeset [81ebd05] by Lukas Slebodnik <lslebodn@…>
sssd-1-14crypto: Port libcrypto code to openssl-1.1 EVP_MD_CTX and EVP_CIPHER_CTX are opaque in openssl-1.1 Reviewed-by: Tomas Mraz <tmraz@redhat.com> (cherry picked from commit 8f1316a0c677f211eaaa1346e21a03446b8c4fb1)
12:51 Changeset [8f1316a] by Lukas Slebodnik <lslebodn@…>
mastercrypto: Port libcrypto code to openssl-1.1 EVP_MD_CTX and EVP_CIPHER_CTX are opaque in openssl-1.1 Reviewed-by: Tomas Mraz <tmraz@redhat.com>
08:24 Ticket #3144 (Review and update SSSD's wiki pages for 1.14.2 release) closed by jhrozek
fixed: the links are correct and I don't think we changed much in the internals, …
07:56 Changeset [e083a6b] by Jakub Hrozek <jhrozek@…>
mastercache_req: delete old code Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
07:56 Changeset [4169fb2] by Jakub Hrozek <jhrozek@…>
mastercache_req: switch to new code This patch switch the old switch-based cache req code to the new plugin-based. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
07:56 Changeset [0db2f34] by Jakub Hrozek <jhrozek@…>
mastercache_req: move from switch to plugins, add plugins This patch adds all existing functionality into plugins. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
07:56 Changeset [2749964] by Jakub Hrozek <jhrozek@…>
mastercache_req: move from switch to plugins; add logic cache_req grown quite big from the original code and it turned out that using switch statements to branch code for different cases makes the code quite hard to read and further extend and any modification to the logic itself is difficult. This patch changes the switch statements to plugins with small functions and separates logic into multiple modules. This gives us better control over the code and improves readability and maintainability while keeping code duplication to minimum. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Petr Cech <pcech@redhat.com>
07:54 Changeset [ef390162] by Jakub Hrozek <jhrozek@…>
masterUpdating the version to track sssd-1-15 development Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

10/19/16:

19:38 WikiStart edited by jhrozek
(diff)
19:36 Milestone SSSD 1.14.2 completed
19:35 Ticket #3224 (Review and update SSSD's wiki pages for 1.14.3 release) created by jhrozek
19:30 Documentation edited by jhrozek
(diff)
19:29 Releases/Notes-1.14.2 edited by jhrozek
(diff)
19:25 Releases edited by jhrozek
(diff)
19:21 Changeset [ae30cff] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14Updating the version for the 1.14.3 development
19:12 Changeset [0142e7e] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14Updating the translations for the 1.14.2 release
10:58 Ticket #3223 (sss_ssh_authorizedkeys: --debug N option is not documented in the man page) created by minfrin
The --debug option is undocumented in the man page. The significance of …
10:46 Releases/Notes-1.14.2 created by jhrozek
10:10 Changeset [bc85b852] by Lukas Slebodnik <lslebodn@…>
mastersssd-1-14CI: Remove dlopen-test from valgrind blacklist Dlopen test was added to blacklist due to following reason: > Disable running dlopen-tests under Valgrind as their use of dlclose > makes Valgrind drop symbols and produce meaningless backtraces, which > cannot be matched with specific suppressions. It's true that dlclose makes meaningless backtraces but backtraces should not be generated otherwise there is a bug in some library which need to be fixed and not suppressed. Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
07:20 Ticket #3222 (sssd still showing ipa user after removed from last group) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
05:15 Ticket #3221 (RFE: Make "sssd-libwbclient" to display real names in permission dialog) created by lslebodn
Ticket was cloned from Red Hat Bugzilla (product Fedora): …

10/17/16:

18:51 Changeset [977e53a] by Lukas Slebodnik <lslebodn@…>
sssd-1-13TESTS: Fix check for py bindings in dlopen tests The current code checks only for "HAVE_PYTHON_BINDINGS", which is not even a valid check. Let's do the proper check according to the python version (HAVE_PYTHON2_BINDINGS or HAVE_PYTHON3_BINDINGS). Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 8a681cc41672afd1532b4a0c7e9da3a4eb2014a7)
18:47 Changeset [8a681cc] by Lukas Slebodnik <lslebodn@…>
mastersssd-1-14TESTS: Fix check for py bindings in dlopen tests The current code checks only for "HAVE_PYTHON_BINDINGS", which is not even a valid check. Let's do the proper check according to the python version (HAVE_PYTHON2_BINDINGS or HAVE_PYTHON3_BINDINGS). Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
14:41 Changeset [0857468] by Lukas Slebodnik <lslebodn@…>
sssd-1-13pyhbac: Fix warning Wsign-compare src/python/pyhbac.c: In function ‘HbacRuleElement_repr’: src/python/pyhbac.c:506:59: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare] if (strnames == NULL || strgroups == NULL || category == -1) { ^ src/python/pyhbac.c: In function ‘HbacRuleElement_to_native’: src/python/pyhbac.c:614:51: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare] if (!el->names || !el->groups || el->category == -1) { ^ The static function native_category had type of terurn value uint32_t But it also could return -1 which indicated an error. It's better to don't mix return code with returned value. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit f47a339d7794cd5a24d368b3b3640452686e45a5)
14:41 Changeset [9341809] by Lukas Slebodnik <lslebodn@…>
sssd-1-13pysss_murmur: Fix warning Wsign-compare src/python/pysss_murmur.c: In function ‘py_murmurhash3’: src/python/pysss_murmur.c:47:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare] key_len > strlen(key)) { ^ uint32_t murmurhash3(const char *key, int len, uint32_t seed) The second argument of the function murmurhash3 has type int. But the code expects to be unsigned integer. There is code in python wrapper py_murmurhash3 which check boundaries of that argument. It should be an unsigned "key_len > INT_MAX || key_len < 0". An exception should be thrown for negative number. Moreover, the length should be shorter then a length of input string. The strlen returns size_t which is unsigned and key_len is signed long. We already checked that value is unsigned so we can safely cast key_len to size_t Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 2ff8131cf02decaf0dd0754e843732fe7774fc59)
14:40 Changeset [0257239c] by Lukas Slebodnik <lslebodn@…>
sssd-1-13TOOLS: Fix warning Wsign-compare src/tools/tools_util.c: In function ‘parse_groups’: src/tools/tools_util.c:116:19: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare] for (i = 0; i < tokens; i++) { ^ Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit d3f14ed93ef61268d0a68898ed9c44b4f773081c)

10/14/16:

21:37 Ticket #3220 (Improve successful Dynamic DNS update log messages) created by jstephen
This issue is reproducible with sssd-1.14.1-3.fc24.x86_64 and a plain …
18:43 Ticket #2940 (The member link is not removed when the last group's nested member goes ...) closed by jhrozek
fixed: * master: * e0903f41922721edf292a9f7e6605a4519db53a1 * …
18:40 Changeset [eaf44bc] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14TESTS: Adding intg. tests on nested groups Resolves: https://fedorahosted.org/sssd/ticket/2940 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
18:40 Changeset [e0903f4] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14LDAP: Removing of member link from group Resolves: https://fedorahosted.org/sssd/ticket/2940 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
16:54 Ticket #3181 (libwbclient-sssd: update interface to version 0.13) closed by lslebodn
fixed: master: * f3347a0c72afc75b4d829e9981d1bac6b05a8306
16:42 Changeset [f3347a0] by Lukas Slebodnik <lslebodn@…>
mastersssd-1-14libwbclient-sssd: update interface to version 0.13 This patch adds wbcCtxUnixIdsToSids() and wbcUnixIdsToSids() to SSSD's libwbclient and implements the latter. Resolves: https://fedorahosted.org/sssd/ticket/3181 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
16:11 Changeset [a2485c5] by Lukas Slebodnik <lslebodn@…>
mastersssd-1-14sssctl: Fix a typo in preprocessor macro Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
16:09 Changeset [0d52311a] by Lukas Slebodnik <lslebodn@…>
mastersssd-1-14RPM: Require initscripts on non-systemd platforms In order for sssctl to work on platforms that do not use systemd, we need to require /sbin/service them for sssd-tools so that the binary can be invoked. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
16:08 Changeset [a3cf63e] by Lukas Slebodnik <lslebodn@…>
mastersssd-1-14BUILD: Not having /sbin/service is not fatal If the target platform does not have the service executable, we must not fail the build, but proceed, just disabling the functionality in sssctl. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
16:06 Changeset [b7b92ba] by Lukas Slebodnik <lslebodn@…>
mastersssd-1-14BUILD: Only search for service in /sbin and /usr/sbin The shell is executed for invocation of the service binary. Therefore it is better to search the binary only in safe paths. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
12:21 DesignDocs/FilesProvider edited by jhrozek
(diff)
10:00 Changeset [d4d97a8c] by Lukas Slebodnik <lslebodn@…>
sssd-1-13MAN: Typo in id mapping explanation It is probably result of modifying the code and not updating the man page properly. Resolves: https://fedorahosted.org/sssd/ticket/3205 Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 3955667b6e5071cc1264422cb9d702534cf9bc21)
08:57 Ticket #3219 ([RFE] Regular expression used in sssd.conf not being able to consume an ...) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
07:40 Troubleshooting edited by jhrozek
(diff)

10/13/16:

16:46 DesignDocs/MatchingAndMappingCertificates edited by sbose
(diff)
14:15 Ticket #873 (allow sssd to know about failover conditions or 'online' and 'offline' ...) closed by jhrozek
wontfix: We will split the failover per-domain (now it's per-back end), but not per …
14:13 Ticket #2014 ([RFE] SSSD should offer the contents of /etc/passwd and /etc/group in the ...) closed by jhrozek
duplicate: This is a duplicate of https://fedorahosted.org/sssd/ticket/2228
14:08 Ticket #1375 (Extend support for ghost users in memberof plugin) closed by jhrozek
wontfix: we need to remove features from memberof (and eventually remove memberof's …

10/12/16:

18:09 Ticket #3218 ([RFE] ad_access_filter should ignore what happens after the first open ...) created by mikeely
In their documentation, Microsoft supports nested group query via LDAP …

10/11/16:

12:39 Ticket #3056 (The sssctl tool should restart the service with systemd's dbus API) closed by jhrozek
fixed: * master: f4f2edba5c555773d7c9adfa95562b96b0c0cdb2
12:31 Changeset [761515e] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14sssctl: call service with absolute path Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
12:31 Changeset [0c1b38d] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14BUILD: Detect the path of the "service" executable Reviewed-by: Pavel Březina <pbrezina@redhat.com>
12:31 Changeset [f4f2edb] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14sssctl: use systemd D-Bus API If systemd is used we leverage it's D-Bus API instead of running systemctl. Resolves: https://fedorahosted.org/sssd/ticket/3056 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
12:27 Changeset [03713a64] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14tests: Add tests for getorig by UPN NSS op Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
12:26 Changeset [eb9bc1c] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14tests: Add tests for sidbyname NSS operation Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
10:53 DesignDocs/MatchingAndMappingCertificates edited by sbose
(diff)
10:26 DesignDocs/MatchingAndMappingCertificates edited by sbose
(diff)
10:00 DesignDocs/MatchingAndMappingCertificates edited by sbose
(diff)

10/10/16:

19:36 Changeset [0d3a3ab] by Jakub Hrozek <jhrozek@…>
sssd-1-13PAM: add pam_sss option allow_missing_name With this option SSSD can be used with the gdm Smartcard feature. Resolves: https://fedorahosted.org/sssd/ticket/2941 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 325ed9f92f1ea1f348fd7913229faecf3dc1d40b)
19:36 Changeset [4717644] by Jakub Hrozek <jhrozek@…>
sssd-1-13p11: add PKCS11_LOGIN_TOKEN_NAME environment variable The PKCS11_LOGIN_TOKEN_NAME environment variable is e.g. used by the Gnome Settings Daemon to determine the name of the token used for login. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit d86224608ff60ec5cc7e7cbf9e53d8a04e083530)
19:29 Changeset [87313f1] by Jakub Hrozek <jhrozek@…>
sssd-1-13MAN: Wrong defaults for AD provider ldap_user_name and ldap_group_name have different defalts then what the man page states. Resolves: https://fedorahosted.org/sssd/ticket/3022 Reviewed-by: Sumit Bose <sbose@redhat.com>
10:36 Ticket #3194 ([RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and ...) closed by jhrozek
fixed: * master: dcdf292567d50e5cc527766c1944dcf6a8ecacc5
10:31 Changeset [dcdf292] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14nss: allow UPNs in SSS_NSS_GETSIDBYNAME and SSS_NSS_GETORIGBYNAME When adding support for UPNs, email addresses and aliases the SSS_NSS_GETSIDBYNAME and SSS_NSS_GETORIGBYNAME request were forgotten. This patch adds the missing support because it might be irritating if getpwnam() can resolve the name but the other requests fail. The same logic as for the plain user lookup is used, this add some code duplication which is expected to be removed when the nss responder will be switched to use the new cache_req code. Resolves https://fedorahosted.org/sssd/ticket/3194 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
10:30 Ticket #3180 (sss_cache -r option does not print error message if more than one argument ...) closed by jhrozek
fixed: * master: 1330390c698ca0802200725df43356557aa633a2
10:08 Changeset [1330390c] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14sss_cache: improve option argument handling Print informational message and exit when multiple arguments are provided for single-argument options with sss_cache Resolves: https://fedorahosted.org/sssd/ticket/3180 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

10/07/16:

15:09 Ticket #3217 (Conflicting default timeout values) created by gagrio
dns_resolver_timeout should not have the same default value with …
14:18 Ticket #3022 ([sssd-ldap] man page needs attention) closed by jhrozek
fixed: * master: a5b4f865aae08d978e7bbbe1ff5c4b93ac41aa85
14:04 Changeset [a5b4f86] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14MAN: Wrong defaults for AD provider ldap_user_name and ldap_group_name have different defalts then what the man page states. Resolves: https://fedorahosted.org/sssd/ticket/3022 Reviewed-by: Sumit Bose <sbose@redhat.com>
10:52 Ticket #3205 (Typo In SSSD-AD Man Page) closed by jhrozek
fixed: * master: 3955667b6e5071cc1264422cb9d702534cf9bc21
10:50 Changeset [3955667] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14MAN: Typo in id mapping explanation It is probably result of modifying the code and not updating the man page properly. Resolves: https://fedorahosted.org/sssd/ticket/3205 Reviewed-by: Sumit Bose <sbose@redhat.com>
10:45 Changeset [0102261] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14TESTS: Remove a leftover debug message The debug message was introduced when I was testing 65a38b8c9, but ended up not removed before submitting the patch. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Petr Cech <pcech@redhat.com>
08:49 Ticket #2709 (RFE: add a way to map realm to domain) closed by jhrozek
worksforme: As Sumit said, this should be possible already. Please reopen if not.
08:46 Ticket #3216 (Review and update SSSD's wiki pages for 1.15 Beta release) created by jhrozek
08:45 Ticket #3215 (Review and update SSSD's wiki pages for 1.15 Alpha release) created by jhrozek
08:22 DesignDocs/FleetCommanderIntegration edited by jhrozek
(diff)
08:20 DesignDocs/FleetCommanderIntegration edited by jhrozek
(diff)
06:58 Ticket #3213 (IPA: Uninitialized variable during subdomain check) closed by jhrozek
fixed

10/06/16:

19:05 Ticket #3214 (Update man pages for any AD provider config options that differ from ...) created by jstephen
Some AD provider option defaults are different from their default values …
12:38 Contribute edited by fidencio
sudo sssinstall cause "sudo: sssinstall: command not found". sssinstall … (diff)
09:19 DesignDocs/FleetCommanderIntegration created by jhrozek

10/05/16:

20:06 Ticket #3168 (secrets: Add a configurable depth limit for containers) closed by jhrozek
fixed
16:08 DesignDocs/MatchingAndMappingCertificates edited by sbose
(diff)
16:01 DesignDocs/MatchingAndMappingCertificates edited by sbose
(diff)
09:57 Changeset [65a38b8] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14SECRETS: Add a configurable limit of secrets that can be stored Related: https://fedorahosted.org/sssd/ticket/3169 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

10/04/16:

19:56 Changeset [7b07f50] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14IPA: Initialize a boolean control value without this patch, valgrind was reporting: ==30955== Conditional jump or move depends on uninitialised value(s) ==30955== at 0xDBBACC3: ipa_subdomains_slave_search_done (ipa_subdomains.c:1111) ==30955== by 0xE73B34D: sdap_search_bases_ex_done (sdap_ops.c:222) ==30955== by 0xE6FFA98: sdap_get_generic_done (sdap_async.c:1872) ==30955== by 0xE6FF4E2: generic_ext_search_handler (sdap_async.c:1689) ==30955== by 0xE6FF840: sdap_get_and_parse_generic_done (sdap_async.c:1797) ==30955== by 0xE6FEFB5: sdap_get_generic_op_finished (sdap_async.c:1579) ==30955== by 0xE6FB1D2: sdap_process_message (sdap_async.c:353) ==30955== by 0xE6FAD51: sdap_process_result (sdap_async.c:197) ==30955== by 0xE6FAA14: sdap_ldap_next_result (sdap_async.c:145) ==30955== by 0x8E157FF: tevent_common_loop_timer_delay (tevent_timed.c:341) ==30955== by 0x8E16809: epoll_event_loop_once (tevent_epoll.c:911) ==30955== by 0x8E14F09: std_event_loop_once (tevent_standard.c:114) ==30955== Resolves: https://fedorahosted.org/sssd/ticket/3213 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
19:56 Ticket #3212 (secrets: 500 internal server error when proxy is defined but not running) closed by jhrozek
fixed: Sorry, this one can be closed I guess, I was thinking about a different …
19:26 Changeset [41cd607] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14SECRETS: Use HTTP error code 504 when a proxy server cannot be reached Previously, a generic 500 error code was returned. This patch adds a new error message on a failure to contact the proxy server and returns 504, "Gateway timeout" instead. Resolves: https://fedorahosted.org/sssd/ticket/3212 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
19:26 Changeset [f931864] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14SECRETS: Fix a typo in function name s/filed/field/ Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
19:26 Changeset [8fe4f98] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14SECRETS: Use a better data type for ret Normally we use errno_t for return codes and size_t for counting objects. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
19:25 Changeset [7128fad] by Jakub Hrozek <jhrozek@…>
mastersssd-1-14SECRETS: Add DEBUG messages to the sssd-secrets provider Previously, it was not possible to follow the flow of the secrets responder or find out what went wrong on error. This patch adds DEBUG messages so that most failure cases have their own message. At the same time, running sssd-secrets with debug_level <= 3 does not emit any messages at all. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
18:57 Ticket #3213 (IPA: Uninitialized variable during subdomain check) created by jhrozek
Running sssd_be under valgrind reported this error: […]
17:01 DesignDocs/MatchingAndMappingCertificates edited by sbose
(diff)
13:54 DesignDocs/MatchingAndMappingCertificates edited by sbose
(diff)
11:06 DesignDocs/MatchingAndMappingCertificates edited by sbose
(diff)
Note: See TracTimeline for information about the timeline view.