Timeline


and

02/23/17:

14:44 SSSD-logo-readonly.png attached to WikiStart by jhrozek
temp logo while we migrate to pagure
09:57 Ticket #3270 ([RFE] Add PKINIT support to SSSD Kerberos proivder) closed by jhrozek
fixed: master: * 2d527aa * 52f4583 * ead25e3 * 82c5971 * dd17a3a * f70d946 …
09:17 Changeset [1b55ac9] by Jakub Hrozek <jhrozek@…>
masterTESTS: Remove unused import Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
09:15 Changeset [2d527aa] by Jakub Hrozek <jhrozek@…>
masterKRB5: allow pkinit pre-authentication Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
09:15 Changeset [52f4583] by Jakub Hrozek <jhrozek@…>
masterpam: enhance Smartcard authentication token Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
09:15 Changeset [ead25e3] by Jakub Hrozek <jhrozek@…>
masterp11: return name of PKCS#11 module and key id to pam_sss Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
09:15 Changeset [82c5971] by Jakub Hrozek <jhrozek@…>
masterPAM: forward Smartcard credentials to backends Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
09:15 Changeset [dd17a3a] by Jakub Hrozek <jhrozek@…>
masterauthtok: enhance support for Smartcard auth blobs The blobs contains beside the PIN the name of the PKCS#11 module and the token name where the certificate of the user was found and the key id. Those data will be used e.g. by the pkinit module to make sure them right certificate is used. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
09:15 Changeset [f70d946f] by Jakub Hrozek <jhrozek@…>
masterLDAP/proxy: tell frontend that Smartcard auth is not supported Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
09:14 Changeset [d475744] by Jakub Hrozek <jhrozek@…>
masterutils: new error codes ERR_SC_AUTH_NOT_SUPPORTED can be used by backends to indicate that Smartcard authentication is not supported. ERR_NO_AUTH_METHOD_AVAILABLE can be used by backends that no authentication method was found. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
09:14 Changeset [254f389] by Jakub Hrozek <jhrozek@…>
masterPAM: use sentinel error code in PAM tests Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
09:14 Changeset [327a166] by Jakub Hrozek <jhrozek@…>
masterPAM: fix memory leak in pam_sss Since there can be multiple rounds trips between the PAM client and SSSD it might be possible that the same data is send multiple times by SSSD. So before overriding the old data it should be freed. I've seen this with the domain name which is send both in the pre-auth and the auth responses. To be on the safe side I added free() for some other items as well. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
09:14 Changeset [f561c2b] by Jakub Hrozek <jhrozek@…>
masterPAM: store user object in the preq context Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

02/22/17:

14:52 Ticket #3315 (infopipe: org.freedesktop.sssd.infopipe.Groups.Group doesn't show users) created by pcech
[…]
13:14 Changeset [1f49be4] by Jakub Hrozek <jhrozek@…>
masterFILES: Remove unnecessary check "grp_iter->gr_mem" is an array of strings and not just a string. We tried to compare first string to NULL (acctually '\0') But after that we iterated over the array to find count of members and we check for NULL one more time. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
13:03 Changeset [86bcc81] by Jakub Hrozek <jhrozek@…>
masterMONITOR: Don't return an error in case we fail to register a service This behaviour was mistakenly changed by the {dbus,socket}-activation series and, as it's now, I've noticed the monitor may end up in some weird state due to this change, where it doesn't stop properly and leave some defuncts children processes. Let's change it back to what it was before and avoid possible regressions (even if no regression where hit yet). Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
12:58 Ticket #3296 (pam_sss crashes in do_pam_conversation if no conversation function is ...) closed by jhrozek
fixed: * master: 0965a77c4ff0b358d24582955cb7ae375ebaa0d2 * sssd-1-14: …
12:45 Changeset [cc8c28a] by Jakub Hrozek <jhrozek@…>
sssd-1-13pam_sss: check conversation callback With this patch pam_sss checks if a conversation callback is available before using it. Resolves https://fedorahosted.org/sssd/ticket/3296 Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 0965a77c4ff0b358d24582955cb7ae375ebaa0d2) (cherry picked from commit ba8e3f2850e5a328bc3e732b471280fc4fa49c53)
12:41 Changeset [ba8e3f2] by Jakub Hrozek <jhrozek@…>
sssd-1-14pam_sss: check conversation callback With this patch pam_sss checks if a conversation callback is available before using it. Resolves https://fedorahosted.org/sssd/ticket/3296 Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 0965a77c4ff0b358d24582955cb7ae375ebaa0d2)
12:30 Changeset [0965a77] by Jakub Hrozek <jhrozek@…>
masterpam_sss: check conversation callback With this patch pam_sss checks if a conversation callback is available before using it. Resolves https://fedorahosted.org/sssd/ticket/3296 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
12:12 Changeset [fc91d72] by Jakub Hrozek <jhrozek@…>
masterFILES: Fix reallocation logic There were two bugs in the files provider reallocation logic: 1) the reallocated array was not NULL-terminated properly 2) talloc_get_size was used in place of talloc_array_length This bug could have resulted in a crash when the passwd or groups file contained more than FILES_REALLOC_CHUNK entries. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
11:38 Ticket #3231 (Segfault while checking ldap_user_extra_attrs config options) closed by jhrozek
fixed: * master: * 454cf0c3808a9f6a0c9f79e9796e17c58907ee6c * …
11:34 Changeset [bb4b624] by Jakub Hrozek <jhrozek@…>
sssd-1-14sdap_extend_map: make sure memory can be freed If there is an error after calling talloc_realloc() the caller cannot free the memory properly because neither src_map nor _map were pointing to a valid memory location. With this patch _map will always point to the current valid location so that it can always be used with talloc_free(). Reviewed-by: Petr Cech <pcech@redhat.com> (cherry picked from commit 08bf6b4a281ef4308119dccbba4e86cf28b505d2)
11:34 Changeset [c14980e] by Jakub Hrozek <jhrozek@…>
sssd-1-14check_duplicate: check name member before using it Resolves https://fedorahosted.org/sssd/ticket/3231 Reviewed-by: Petr Cech <pcech@redhat.com> (cherry picked from commit 454cf0c3808a9f6a0c9f79e9796e17c58907ee6c)
11:30 Changeset [454cf0c] by Jakub Hrozek <jhrozek@…>
mastercheck_duplicate: check name member before using it Resolves https://fedorahosted.org/sssd/ticket/3231 Reviewed-by: Petr Cech <pcech@redhat.com>
11:30 Changeset [08bf6b4] by Jakub Hrozek <jhrozek@…>
mastersdap_extend_map: make sure memory can be freed If there is an error after calling talloc_realloc() the caller cannot free the memory properly because neither src_map nor _map were pointing to a valid memory location. With this patch _map will always point to the current valid location so that it can always be used with talloc_free(). Reviewed-by: Petr Cech <pcech@redhat.com>
11:27 Ticket #3227 (sssd doesn't update PTR records if A/PTR zones are configured as ...) closed by jhrozek
fixed: * master: fccd8f9ab7a0ac9868c43ea0e8c3af142b2809fa
11:26 Ticket #3220 (Improve successful Dynamic DNS update log messages) closed by jhrozek
fixed: * master: d694d4fdcc81f24c2f9e3bb5a0dbe0a52498f196
11:21 Changeset [d694d4f] by Jakub Hrozek <jhrozek@…>
masterDYNDNS: Correct debug log message of realm If the realm is not added to the nsupdate message, the SSSD Debug log message should inform about utilizing autodiscovered realm. Resolves: https://fedorahosted.org/sssd/ticket/3220 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
11:21 Changeset [fccd8f9] by Jakub Hrozek <jhrozek@…>
masterDYNDNS: Update PTR record after non-fatal error Continue to send PTR record update in situations where the nsupdate child forward zone updates are successful but nsupdate returns non-zero Resolves: https://fedorahosted.org/sssd/ticket/3227 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
09:46 Ticket #3280 (Unclear in sssd_krb5_locator_plugin how to deal with lowercase/uppercase ...) closed by sbose
invalid: I'll close the ticket because I think SSSD is working as expected here. …

02/21/17:

11:21 Ticket #3314 (sssd ignores entire groups from proxy provider if one member is listed ...) created by pcech
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …

02/20/17:

14:21 Ticket #3313 (cache_req should use an negative cache entry for UPN based lookups) created by sbose
In the old (non-cache_req) code a special name was used to add UPN lookups …
11:39 Ticket #3260 (handle default_domain_suffix for ssh requests with default_domain_suffix) closed by pbrezina
fixed: Fixed as part of cache_req refactoring.
10:32 Ticket #3312 (SSSD AD Failover Failure) created by chrismwheeler
I am attempting to understand the failure of our Red Hat Linux devices to …

02/18/17:

13:54 Ticket #3309 (Coverity warns about an unused value in IPA sudo code) closed by lslebodn
fixed: master: * 334029028e566fab3dce5ce4b1b53cc4809c21b8 sssd-1-14: * …
13:51 Changeset [6e8536d] by Lukas Slebodnik <lslebodn@…>
sssd-1-14IPA_SUDO: Unused value fix Unused value was immediately overwritten. Resolves: https://fedorahosted.org/sssd/ticket/3309 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> (cherry picked from commit 334029028e566fab3dce5ce4b1b53cc4809c21b8)

02/17/17:

15:41 Ticket #3311 (group filter isn't useful) created by hedrick
I'm trying to use a single IPA server to handle several different clusters …
15:37 DesignDocs/SubdomConf edited by mzidek
(diff)
13:46 DesignDocs/SubdomConf edited by mkosek
(diff)
12:29 Changeset [bac4458] by Lukas Slebodnik <lslebodn@…>
masterintg: Fix python3 issues NamedTemporaryFile use the default mode 'w+b' and we tried to write strings. It is not a problem on python2 but failed on pyhton3 Python module ctypes directly uses C functions from libraries. C functions usually expect/returns "char *" when string is expected. But python3 uses unicode for string. Decoding returned bytes ("char *") to unicode strings simplify tests in python3. Otherwise we would need to convert bytes to string in each assertion. Reviewed-by: Martin Basti <mbasti@redhat.com>
11:42 DesignDocs/SubdomConf edited by mzidek
(diff)

02/16/17:

19:43 Changeset [3340290] by Lukas Slebodnik <lslebodn@…>
masterIPA_SUDO: Unused value fix Unused value was immediately overwritten. Resolves: https://fedorahosted.org/sssd/ticket/3309 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

02/15/17:

13:57 Ticket #3262 (Implement a files provider to mirror the contents of /etc/passwd and ...) closed by jhrozek
fixed: * master: * 0e7047c1533e5e424b28959488e8ffa91613abd9 * …
13:53 Changeset [ee6c7e8] by Jakub Hrozek <jhrozek@…>
masterMONITOR: Use the common inotify code to watch resolv.conf The monitor code used its own inotify callbacks to watch for changes to resolv.conf. Instead of keeping this duplicated code around, let's use the shared inotify module that also powers the files provider. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:53 Changeset [da95ec5] by Jakub Hrozek <jhrozek@…>
masterMAN: Add documentation for the files provider The new provider needs a man page. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:53 Changeset [89e53f71] by Jakub Hrozek <jhrozek@…>
masterEXAMPLES: Do not point to id_provider=local It makes more sense to show id_provider=files Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:53 Changeset [0e7047c] by Jakub Hrozek <jhrozek@…>
masterSBUS: Document how to free the result of sbus_create_message It might not be apparent how to free the message constructed by sbus_create_message(). This patch just adds a comment that tells the developer to either free the parent context or unref the message with a dbus call directly. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:53 Changeset [f9f1310] by Jakub Hrozek <jhrozek@…>
masterMONITOR: Remove checks for sssd.conf changes This feature was if-ed out for many years and since it's quite unlikely we will re-enable the feature in the foreseeable future, let's just remove this code. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:53 Changeset [8bdb8c0] by Jakub Hrozek <jhrozek@…>
masterTESTS: Add files provider integration tests Implements integration tests for the files provider. In order to change entries in the nss-wrapped passwd and group files, this commit also implements a helper module that creates a new passwd and group file and moves it in place of the nss-wrapped files. We move the files instead of modifying them in-place in order to trigger similar inotify notifications as shadow-utils would. The unit test uses sleep on several places. This is suboptimal, but during testing especially on slow machines, it became apparent that sometimes the inotify message arrives later than the test would check for the changed entries. Therefore, the check would query the NSS responder even before the sss-files domain was invalidated. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
13:53 Changeset [3728db5] by Jakub Hrozek <jhrozek@…>
masterTESTS: Add a module to call nss_sss's getgr* from tests Implements a python module that allows to load the nss_sss module and call functions that act like getgr* Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
13:53 Changeset [8578fba] by Jakub Hrozek <jhrozek@…>
masterTESTS: Add a module to call nss_sss's getpw* from tests Implements a python module that allows to load the nss_sss module and simulate calling getpw* functions from tests. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
13:53 Changeset [1921d739] by Jakub Hrozek <jhrozek@…>
masterTESTS: add a helper module with shared NSS constants Every module that reads the sssd_nss module directly copied around the same definition of NSS constants. This commit moves them into a single file to avoid code duplication. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
13:53 Changeset [4e17c05] by Jakub Hrozek <jhrozek@…>
masterTESTS: move helper fixtures to back up and restore a file to a utility module The fixtures will be useful for tests that set up and restore a user and group database. While it would be possible to import them already, the functions were previously used in a test and importing from a test seems a bit like a hack. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
13:52 Changeset [26577ac] by Jakub Hrozek <jhrozek@…>
masterMAN: Document the pwfield configuration option The pwfield was not documented at all previously. In addition, document the different defaults for remote provider and the file provider. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:52 Changeset [ece2ac6] by Jakub Hrozek <jhrozek@…>
masterCONFDB: The files domain defaults to "x" as pwfield In order to make it possible for files provider users to authenticate with pam_unix, default to "x" as the pwfield of users from the files domain. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:51 Changeset [c778c36] by Jakub Hrozek <jhrozek@…>
masterCONFDB: Make pwfield configurable per-domain Previously, the pwfield option was only configurable at the NSS level. Because it's important for the files provider to report "x" as the pwfield instead of "*" which is the SSSD default, this commit makes the pwfield configurable at the domain level. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:51 Changeset [a60e6ec] by Jakub Hrozek <jhrozek@…>
masterCONFDB: The files provider always enumerates Since the files provider always mirrors the whole passwd and group contents, the files domain should always permit its contents to be enumerated. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
13:51 Changeset [c71e0a6] by Jakub Hrozek <jhrozek@…>
masterFILES: Add the files provider Adds a new provider type "files". The provider watches the UNIX password and group databases for changes using inotify and propagates its contents to the sysdb. The files provider is only built on platforms that support the inotify interface, polling or loading the entries on-deman is not supported. During initialization, the files are loaded from the environment variables SSS_FILES_PASSWD and SSS_FILES_GROUP, defaulting to /etc/passwd and /etc/group respectively. Loading the files from environment variables is mostly implemented for tests that need to load nss_wrapped files. The files provider is a bit different from other provider types in the sense that it always enumerates full contents of the database. Therefore, the requests from Data Provider are always just replied to with success. Enumerating the contents is done in full at the moment, all users and all groups are removed and added anew. Modifying the passwd and group databses should be rare enough for this to be justified and we can optimize the code later. Since with large databases, the cache update might take a bit of time, we signal the responders to disable the files domain once we receive the inotify notification and re-enable the files domain after the update is finished. The idea is that the NSS configuration would still contain "files" after "sss" so that if the domain is disabled, libc would fall back to a direct "files" lookup. Resolves: https://fedorahosted.org/sssd/ticket/3262 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:51 Changeset [90a103d] by Jakub Hrozek <jhrozek@…>
masterCONFDB: Re-enable the files provider The files provider was "blacklisted" for a long time, because very old (pre-1.0) versions of sssd had the capability to create users and groups by calling into the shadow-utils binaries directly which was later removed. Since nobody is (hopefully) running these ancient versions anymore and we are about to re-enable the files provider, we can remove this check. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:51 Changeset [8cfb42e] by Jakub Hrozek <jhrozek@…>
masterUTIL: Add a generic inotify module Adds a reusable module for watching files using the Linux-specific inotify(7) interface. Adds the possibility to watch the file's parent directory as well to make it possible to watch moves into the directory and allow watching file that doesn't exist at the time the watch is created. This interface is needed to implement the files provider, so this commit is related to: https://fedorahosted.org/sssd/ticket/2228 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:51 Changeset [50c740cb] by Jakub Hrozek <jhrozek@…>
masterRESPONDER: Contact inconsistent domains Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:51 Changeset [2686648] by Jakub Hrozek <jhrozek@…>
masterRESPONDER: Include the files provider in NEEDS_CHECK_PROVIDER It makes no sense to contact the Data Provider with the files provider except when the files provider is updating itself. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:51 Changeset [2c61b6e] by Jakub Hrozek <jhrozek@…>
masterRESPONDER: Use the NEED_CHECK_DOMAIN macro This is to avoid a needless round-trip between the responder and the back end for domains that do not have a traditional back end such as local or files. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:51 Changeset [5007103] by Jakub Hrozek <jhrozek@…>
masterDP: Add internal interface to invalidate memory cache from DP Adds an interfae to the Data Provider that allows the DP to notify the NSS responder to invalidate its memory cache records. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:51 Changeset [af28fa6] by Jakub Hrozek <jhrozek@…>
masterDP: Add internal interface to reset negative cache from DP Adds a an interface that allows the Data Provider to notify responders to drop their negative cache. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:51 Changeset [b3ee4be] by Jakub Hrozek <jhrozek@…>
masterDP: Add internal DP interface to set domain state Adds functions to the interface Data Provider publishes towards back ends that allows the back ends to notify responders that a domain has been enabled or disabled. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:51 Changeset [205a0b9] by Jakub Hrozek <jhrozek@…>
masterRESPONDER: A sbus interface to reset negatively cached users and groups Adds two new responder sbus interface functions: ResetNegcacheUsers and ResetNegcacheGroups. These functions can be called by a Data Provider to signal to a responder that it should drop its negative cache. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:51 Changeset [c109f06] by Jakub Hrozek <jhrozek@…>
masterRESPONDER: Add a responder sbus interface to set domain state Adds a generic responder s-bus interface that all responders implement. The interface currently contains methods that make it possible for a sssd domain to be marked as active or inconsistent by a back end. In the future, this commit will be superseded by sbus signals. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:50 Changeset [2d1a59f] by Jakub Hrozek <jhrozek@…>
masterUTIL: Add a new domain state called DOM_INCONSISTENT This is a new domain state that indicates to the responder that it should always send a DP request because the provider is rebuilding the cache. Currently it will be only used by the files provider when it is updating the cache to make sure sssd always returns current data and updating the cache from files is not as racy. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:50 Changeset [f2047f6] by Jakub Hrozek <jhrozek@…>
masterNSS: Rename the interface to invalidate memory cache initgroup records for consistency Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
13:50 Changeset [c3a225d4] by Jakub Hrozek <jhrozek@…>
masterNSS: Add sbus interface to clear memory cache Adds three new NSS interface sbus methods to disable memory caches of users, groups and initgroups. It's enough to add this interface to the NSS responder because the NSS responder is the only writer to the memory cache. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
13:50 Changeset [99a32e4] by Jakub Hrozek <jhrozek@…>
masterNEGCACHE: Add API to reset all users and groups Adds a negative cache API to reset negatively cached users and groups. This will be used when the files back end finishes enumeration to make sure all results are available. Reviewed-by: Pavel Březina <pbrezina@redhat.com>

02/13/17:

09:18 Ticket #3310 (Support delivering non-POSIX users and groups through the IFP and PAM ...) created by jhrozek
Many projects depend on SSSD now to support application integration …
09:09 Ticket #3309 (Coverity warns about an unused value in IPA sudo code) created by jhrozek
[…]

02/10/17:

16:01 Ticket #3301 (storing a sudo rule with sudoRule attribute values that only differ by ...) closed by jhrozek
fixed: * master: * a5ecc93abb01cece628fdef04ebad43bba267419 * sssd-1-14: * …
15:57 Changeset [d5ddca8] by Jakub Hrozek <jhrozek@…>
sssd-1-14SUDO: Only store lowercased attribute value once The current code doesn't handle the situation where lowercasing the sudoUser attribute would yield the same value again. For example: sudoUser: TUSER sudoUser tuser would break. This patch switches to using the utility function sysdb_attrs_add_lower_case_string() which already checks for duplicates. Resolves: https://fedorahosted.org/sssd/ticket/3301 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit a5ecc93abb01cece628fdef04ebad43bba267419)
15:55 Changeset [a5ecc93] by Jakub Hrozek <jhrozek@…>
masterSUDO: Only store lowercased attribute value once The current code doesn't handle the situation where lowercasing the sudoUser attribute would yield the same value again. For example: sudoUser: TUSER sudoUser tuser would break. This patch switches to using the utility function sysdb_attrs_add_lower_case_string() which already checks for duplicates. Resolves: https://fedorahosted.org/sssd/ticket/3301 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
15:49 Ticket #3299 (SSSD does not start if using only the local provider and services line is ...) closed by jhrozek
fixed: * master: * 00c0b7bc6969d31deab9e8e7541b4a6483b78b3e * …
15:47 Changeset [00c0b7b] by Jakub Hrozek <jhrozek@…>
masterMONITOR: Don't timeout if using local provider + socket-activated responders When using only the local provider with socket-activated services SSSD ends up never notifying systemd its startup has been done, as notifying systemd is done *only* when a service (provider or responder) is started up, leading SSSD's startup to fail due to a timeout. So, in order to avoid this situation, let's just notify the startup earlier in case we have *only* socket-activated services and the *only* provider set up is the LOCAL one. Resolves: https://fedorahosted.org/sssd/ticket/3299 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
15:47 Changeset [040ade7] by Jakub Hrozek <jhrozek@…>
masterMONITOR: Wrap up sending sd_notify "ready" into a new function This new function will be used later on in this series as we also will need to notify systemd that we're up in at least one more scenario (for now). Related: https://fedorahosted.org/sssd/ticket/3299 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>

02/08/17:

21:29 Ticket #3286 (man page sssd-ldap not clear on ldap_user_ssh_public_key) closed by jhrozek
duplicate: Since there were no complains, let's close this ticket as a duplicate of …
21:16 Ticket #3308 (SELinux: Use libselinux's getseuserbyname to get the correct seuser) created by jhrozek
This was suggested by Petr Lautrbach in a private discussion. Currently, …
21:07 Ticket #3307 (RFE: Log to syslog when sssd cannot contact servers, goes offline) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
20:25 Changeset [d9780d2] by Lukas Slebodnik <lslebodn@…>
mastercache_req: always go to dp first when looking up host We need to always lookup host in DP first to update host certificates so we are consinstent during ssh authentication. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
20:25 Changeset [2ffa245] by Lukas Slebodnik <lslebodn@…>
masterssh: fix typo Those macros are the same so there is no functional difference. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
20:19 Changeset [e5d8b0e1] by Lukas Slebodnik <lslebodn@…>
masterBUILD: Fix linking of test_sdap_initgr There was a linking fialure on debian: /usr/bin/ld: src/tests/cmocka/test_sdap_initgr-test_sdap_initgr.o: undefined reference to symbol 'hash_iterate@@DHASH_0.4.3' //usr/lib64/libdhash.so.1: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status This patch adds some missing libraries and remove unnecessary libraries. Bug was intoduced in commit 0b7ded15e53b3f31f1570c366f04bc41e5761929 Reviewed-by: Michal Židek <mzidek@redhat.com>
12:14 DesignDocs/SubdomConf edited by mkosek
(diff)
12:08 DesignDocs/SubdomConf edited by mkosek
(diff)
12:07 DesignDocs/SubdomConf edited by mkosek
(diff)
10:17 Changeset [e947a87] by Jakub Hrozek <jhrozek@…>
masterAD: Use ad_domain to match forest root domain, not the configured domain from sssd.conf If the sssd.conf domain name was different from the joined domain name, but sssd was joined to the forest root, the AD subdomains code considered sssd joined to a non-root domain and tried to discover the forest root. This could be reproduced by joining sssd to a domain, for example win.trust.test but calling the sssd.conf domain otherwise, for example: [domain/addomain] ad_domain = win.trust.test This is/was a frequent use-case in the RHEL world, where authconfig often names the sssd.conf domain 'default'. Without the patch, the trusted domains were not detected. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
10:05 Changeset [a8191ce] by Jakub Hrozek <jhrozek@…>
masterssh: rewrite ssh responder to use cache_req This is a bigger change since both supported commands could be rewritten for cache_req and the logic could be deleted. I decided to also split the file into more modules and follow similar pattern as with nss responder. Resolves: https://fedorahosted.org/sssd/ticket/1126 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
10:05 Changeset [53c31b8] by Jakub Hrozek <jhrozek@…>
mastercache_req: add host by name search Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
10:05 Changeset [4df7aec6] by Jakub Hrozek <jhrozek@…>
mastercache_req: move dp request to plugin This will allow to use cache req even for object that do not use account request such as hosts. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
10:05 Changeset [9492b3b] by Jakub Hrozek <jhrozek@…>
mastercache_req: add api to create ldb_result from message Some sysdb methods doesn't return ldb_result as output but return ldb_message instead. Changing sysdb to be consistent is too big so I added this helper function that will wrap resulting message into ldb_result. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
10:05 Changeset [7723e79] by Jakub Hrozek <jhrozek@…>
mastercache_req: search user by name with attrs Sometime is is desirable to aquire more attribute from user object than SYSDB_PW_ATTRS set. such as user's public key. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
10:05 Changeset [ddfd190] by Jakub Hrozek <jhrozek@…>
mastercache_req: add ability to not use default domain suffix This will be used in the next plugin "host by name" where it is not desirable to use default domain suffix if set. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
10:05 Changeset [2b5704c] by Jakub Hrozek <jhrozek@…>
mastersss_parse_inp_send: provide default_domain as parameter It is not always desirable to consider default_domain from configuration but expect none instead. For example when we search host certificates. This is currently not used in this patch since host lookups parse name directly with sss_parse_name but it will be used in the next patch. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
10:05 Changeset [e33744e] by Jakub Hrozek <jhrozek@…>
masterssh: do not create again fq name We store fully qualified name in sysdb so there is no need to append the domain part again which result in name@domain@domain string. This field is not actually used in ssh client so it doesn't cause any issue but we should stay correct here. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
10:05 Changeset [d8c459f] by Jakub Hrozek <jhrozek@…>
masterssh: fix number of output certificates SSH responder returned invalid number of certificates when original ad pubkey attribute was not empty. Since we always return all certificates to the client we should add number of results to the output not override it. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
09:56 Ticket #3230 (Use the same logic for matching GC results in initgroups and user lookups) closed by jhrozek
fixed: * master: * 0b7ded15e53b3f31f1570c366f04bc41e5761929 * …
09:53 Changeset [0b7ded1] by Jakub Hrozek <jhrozek@…>
masterTESTS: Tests for sdap_search_initgr_user_in_batch This patch provides tests for core logic of sdap_search_initgr_user_in_batch() function. This function replaces old approach with sysdb_try_to_find_expected_dn() function. Resolves: https://fedorahosted.org/sssd/ticket/3230 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
09:53 Changeset [f1e3364] by Jakub Hrozek <jhrozek@…>
masterTEST: create_multidom_test_ctx() extending Function create_multidom_test_ctx() prepares test environment for multidomains. This patch enables setting of different params for each domain. Resolves: https://fedorahosted.org/sssd/ticket/3230 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
09:53 Changeset [3ee4116] by Jakub Hrozek <jhrozek@…>
masterSYSDB: Removing of sysdb_try_to_find_expected_dn() Currently in order to match multiple LDAP search results we use two different functions - we have sysdb_try_to_find_expected_dn() but also sdap_object_in_domain(). This patch removes sysdb_try_to_find_expected_dn() and add new sdap_search_initgr_user_in_batch() based on sdap_object_in_domain(). This function covers necessary logic. Resolves: https://fedorahosted.org/sssd/ticket/3230 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
09:53 Changeset [c3593f06] by Jakub Hrozek <jhrozek@…>
masterLDAP: Better logging message Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

02/07/17:

16:33 Ticket #3288 (IPA - sudo does not handle associated conflict entries) closed by lslebodn
fixed: master: * 1404f3aa541849d880cce591584ba1580014cb50 * …
16:32 Changeset [db0c513] by Lukas Slebodnik <lslebodn@…>
sssd-1-14TESTS: Add to IPA DN test Add test to ensure conflict entries return ENOENT Resolves: https://fedorahosted.org/sssd/ticket/3288 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 1404f3aa541849d880cce591584ba1580014cb50)
16:32 Changeset [c4c47ca9] by Lukas Slebodnik <lslebodn@…>
sssd-1-14SUDO: Add skip_entry boolean to sudo conversions Add boolean to convert_attributes function and pass boolean as argument to sudo conversion functions to add logic for skipping unexpected entries like replication conflicts. Resolves: https://fedorahosted.org/sssd/ticket/3288 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit d0aae3c1e87e2e51ab178b7b343261443094a974)
16:27 Changeset [1404f3a] by Lukas Slebodnik <lslebodn@…>
masterTESTS: Add to IPA DN test Add test to ensure conflict entries return ENOENT Resolves: https://fedorahosted.org/sssd/ticket/3288 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
16:27 Changeset [d0aae3c] by Lukas Slebodnik <lslebodn@…>
masterSUDO: Add skip_entry boolean to sudo conversions Add boolean to convert_attributes function and pass boolean as argument to sudo conversion functions to add logic for skipping unexpected entries like replication conflicts. Resolves: https://fedorahosted.org/sssd/ticket/3288 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
15:03 Ticket #3306 (infopipe: List* with limit = 0 returns 0 results) created by dkupka
Design page states "limit: maximum number of entries returned, 0 means …
14:56 Ticket #3305 (infopipe: crash when filter doesn't contain '*') created by dkupka
Design page states "filter: possible asterisk as wildcard …
14:02 Changeset [21fad04] by Lukas Slebodnik <lslebodn@…>
sssd-1-14Partially revert "CONFIG: Use default config when none provided" This reverts part of commit 59744cff6edb106ae799b2321cb8731edadf409a. Removed is copying of default configuration into /etc/sssd/sssd.conf Sample configurations is still part of installation. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit c029f707d4847b01ff64bf3bb1fd46c0b5927cdb)
13:47 Changeset [c029f70] by Lukas Slebodnik <lslebodn@…>
masterPartially revert "CONFIG: Use default config when none provided" This reverts part of commit 59744cff6edb106ae799b2321cb8731edadf409a. Removed is copying of default configuration into /etc/sssd/sssd.conf Sample configurations is still part of installation. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
13:35 Changeset [5e8474c2] by Lukas Slebodnik <lslebodn@…>
sssd-1-13SYSTEMD: Update journald drop-in file We changed type forking into type notify as part of commit d4063e9a21a4e203bee7e0a0144fa8cabb14cc46. But we forgot to update template drop-in file for logging into journald. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> (cherry picked from commit 7b4704a10958bb7d3390db9eff863875d2b643f7) (cherry picked from commit 14fe5a922c07da4c95feb65d1455d7f89d9e0f86)
13:34 Changeset [14fe5a9] by Lukas Slebodnik <lslebodn@…>
sssd-1-14SYSTEMD: Update journald drop-in file We changed type forking into type notify as part of commit d4063e9a21a4e203bee7e0a0144fa8cabb14cc46. But we forgot to update template drop-in file for logging into journald. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> (cherry picked from commit 7b4704a10958bb7d3390db9eff863875d2b643f7)
13:30 Changeset [7b4704a] by Lukas Slebodnik <lslebodn@…>
masterSYSTEMD: Update journald drop-in file We changed type forking into type notify as part of commit d4063e9a21a4e203bee7e0a0144fa8cabb14cc46. But we forgot to update template drop-in file for logging into journald. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
12:02 Changeset [2ddcd57] by Lukas Slebodnik <lslebodn@…>
masterIFP: Update ifp_iface_generated.c These changes are leftovers from commit 78b4b7e. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
11:38 Ticket #3304 (Only build the local provider conditionally) created by pbrezina
We have refactored data provider API and almost finished conversion of …

02/06/17:

15:17 Changeset [1c7f9a67] by Jakub Hrozek <jhrozek@…>
masterFAILOVER: Improve port status log messages It should be more clear to administrators that when SSSD internal port status is set as PORT_NOT_WORKING, this does not directly relate to an assumed network port-related issue. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
12:40 Ticket #3303 (Review and update SSSD's wiki pages for 1.15.1 release) created by jhrozek
ssia
06:35 Ticket #3302 (KCM: Offer configurable session-scoped access control to credentials) created by jhrozek
In addition to UID-based system-wide access control we could also do …

02/05/17:

19:24 Ticket #3301 (storing a sudo rule with sudoRule attribute values that only differ by ...) created by jhrozek
Consider the following sudo rule where two values of the sudoUser …
15:42 Ticket #3300 (Avoid running two instances of the same service) created by fidencio
This situation can happen when a system is misconfigured in a way that has …

02/03/17:

23:08 Ticket #3299 (SSSD does not start if using only the local provider and services line is ...) created by fidencio
SSSD hits a timeout while being started in case the only configured domain …
12:41 Ticket #3298 (Socket activation of SSSD doesn't work and leads to chaos) created by stricumu
I tried installing sssd 1.15.0-2 in Debian Stretch (packages from sid), …
09:30 Ticket #3281 (case_sensitive incompatibility AD provider vs. cache) closed by jhrozek
duplicate: Since the testing proved that the patch fixed the issue, I'm closing the …
09:27 Ticket #3297 (selinux_provider fails in a container if libsemanage is not available) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
09:27 Ticket #3296 (pam_sss crashes in do_pam_conversation if no conversation function is ...) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …

02/02/17:

16:02 Ticket #3097 (Measure the difference between tmpfs database and NOSYNC database) closed by jhrozek
fixed
10:37 Ticket #3113 (Please move sudo_timed option to sssd-sudo man page) closed by jhrozek
wontfix: I agree, closing.

02/01/17:

20:31 Ticket #3295 (Need to periodically restart sssd to log in with gssapi) closed by jhrozek
worksforme: Please paste the sanitized logs, otherwise I'm not sure I can even help.. …
19:31 Ticket #3295 (Need to periodically restart sssd to log in with gssapi) created by mpiechotka
I have configured logging over ssh with gssapi. However I need to …
13:54 Changeset [55f6ad0] by Lukas Slebodnik <lslebodn@…>
sssd-1-13ldap_child: Fix use after free In case on any krb5 related error, we tried to send string interpretation of krb5 error to parrent in prepare_response. However, we cannot use global krb5 context (krb5_error_ctx) because the context is released every time in done section of ldap_child_get_tgt_sync. This patch rather return duplicated string to prevent use after free. Backtrace: #0 __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:100 100 ../sysdeps/x86_64/multiarch/strchr.S: No such file or directory. Thread 1 (Thread 0x7fc96cad5880 (LWP 11201)): #0 __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:100 No locals. #1 0x00007fc96be43725 in err_fmt_fmt (msg=0x7fc96d1cf8d0 "Cannot find KDC for requested realm", code=-1765328230, err_fmt=<optimized out>) at kerrs.c:152 buf = {buftype = K5BUF_DYNAMIC, data = 0x7fc96d1cdb10, space = 128, len = 0} p = <optimized out> s = 0xdededededededede <Address 0xdededededededede out of bounds> #2 krb5_get_error_message (ctx=<optimized out>, code=code@entry=-1765328230) at kerrs.c:184 std = 0x7fc96d1cf8d0 "Cannot find KDC for requested realm" #3 0x00007fc96cb224e5 in sss_krb5_get_error_message (ctx=<optimized out>, ec=ec@entry=-1765328230) at src/util/sss_krb5.c:424 No locals. #4 0x00007fc96cb1fbb0 in prepare_response (rsp=<synthetic pointer>, kerr=-1765328230, expire_time=0, ccname=0x0, mem_ctx=0x7fc96d1cb390) at src/providers/ldap/ldap_child.c:553 ret = <optimized out> r = 0x7fc96d1cd8b0 krb5_msg = 0x0 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> (cherry picked from commit cb831fbbcb0dac8b6202037d4cd1a0d82db54f54) (cherry picked from commit 7debfe2eb673d99667d9164bb2daef43ad33a200)
13:53 Changeset [7debfe2] by Lukas Slebodnik <lslebodn@…>
sssd-1-14ldap_child: Fix use after free In case on any krb5 related error, we tried to send string interpretation of krb5 error to parrent in prepare_response. However, we cannot use global krb5 context (krb5_error_ctx) because the context is released every time in done section of ldap_child_get_tgt_sync. This patch rather return duplicated string to prevent use after free. Backtrace: #0 __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:100 100 ../sysdeps/x86_64/multiarch/strchr.S: No such file or directory. Thread 1 (Thread 0x7fc96cad5880 (LWP 11201)): #0 __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:100 No locals. #1 0x00007fc96be43725 in err_fmt_fmt (msg=0x7fc96d1cf8d0 "Cannot find KDC for requested realm", code=-1765328230, err_fmt=<optimized out>) at kerrs.c:152 buf = {buftype = K5BUF_DYNAMIC, data = 0x7fc96d1cdb10, space = 128, len = 0} p = <optimized out> s = 0xdededededededede <Address 0xdededededededede out of bounds> #2 krb5_get_error_message (ctx=<optimized out>, code=code@entry=-1765328230) at kerrs.c:184 std = 0x7fc96d1cf8d0 "Cannot find KDC for requested realm" #3 0x00007fc96cb224e5 in sss_krb5_get_error_message (ctx=<optimized out>, ec=ec@entry=-1765328230) at src/util/sss_krb5.c:424 No locals. #4 0x00007fc96cb1fbb0 in prepare_response (rsp=<synthetic pointer>, kerr=-1765328230, expire_time=0, ccname=0x0, mem_ctx=0x7fc96d1cb390) at src/providers/ldap/ldap_child.c:553 ret = <optimized out> r = 0x7fc96d1cd8b0 krb5_msg = 0x0 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> (cherry picked from commit cb831fbbcb0dac8b6202037d4cd1a0d82db54f54)
13:42 Changeset [cb831fb] by Lukas Slebodnik <lslebodn@…>
masterldap_child: Fix use after free In case on any krb5 related error, we tried to send string interpretation of krb5 error tb parrent in prepare_response. However, we cannot use global krb5 context (krb5_error_ctx) because the context is every time released in done section of ldap_child_get_tgt_sync. This patch rather return duplicated string to prevent use after free. Backtrace: #0 __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:100 100 ../sysdeps/x86_64/multiarch/strchr.S: No such file or directory. Thread 1 (Thread 0x7fc96cad5880 (LWP 11201)): #0 __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:100 No locals. #1 0x00007fc96be43725 in err_fmt_fmt (msg=0x7fc96d1cf8d0 "Cannot find KDC for requested realm", code=-1765328230, err_fmt=<optimized out>) at kerrs.c:152 buf = {buftype = K5BUF_DYNAMIC, data = 0x7fc96d1cdb10, space = 128, len = 0} p = <optimized out> s = 0xdededededededede <Address 0xdededededededede out of bounds> #2 krb5_get_error_message (ctx=<optimized out>, code=code@entry=-1765328230) at kerrs.c:184 std = 0x7fc96d1cf8d0 "Cannot find KDC for requested realm" #3 0x00007fc96cb224e5 in sss_krb5_get_error_message (ctx=<optimized out>, ec=ec@entry=-1765328230) at src/util/sss_krb5.c:424 No locals. #4 0x00007fc96cb1fbb0 in prepare_response (rsp=<synthetic pointer>, kerr=-1765328230, expire_time=0, ccname=0x0, mem_ctx=0x7fc96d1cb390) at src/providers/ldap/ldap_child.c:553 ret = <optimized out> r = 0x7fc96d1cd8b0 krb5_msg = 0x0 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
13:22 Changeset [b1afef0] by Lukas Slebodnik <lslebodn@…>
masterSBUS: use sss_ptr_hash for signals table This patch reuses sss_ptr_hash module introduced in NSS patches in sbus code. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
13:22 Changeset [ea872f1] by Lukas Slebodnik <lslebodn@…>
masterSBUS: use sss_ptr_hash for nodes table This patch reuses sss_ptr_hash module introduced in NSS patches in sbus code. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
13:22 Changeset [a3b2bc3] by Lukas Slebodnik <lslebodn@…>
masterSBUS: use sss_ptr_hash for opath table This patch reuses sss_ptr_hash module introduced in NSS patches in sbus code. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
13:22 Changeset [bc898b3] by Lukas Slebodnik <lslebodn@…>
masterSBUS: remove unused symbols Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
13:11 Changeset [bf0b4eb] by Lukas Slebodnik <lslebodn@…>
mastersssctl: Fix warning may be used uninitialized gcc 7 probably does some new optimisations which might cause few wariables to be uninitialized. src/tools/sssctl/sssctl_cache.c: In function ‘sssctl_print_object’: src/tools/sssctl/sssctl_cache.c:523:13: error: ‘dom’ may be used uninitialized in this function [-Werror=maybe-uninitialized] ret = info[i].attr_fn(tmp_ctx, entry, dom, info[i].attr, &value); ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/tools/sssctl/sssctl_cache.c:472:15: error: ‘entry’ may be used uninitialized in this function [-Werror=maybe-uninitialized] *_entry = talloc_steal(mem_ctx, entry); ^~~~~~~~~~~~ src/tools/sssctl/sssctl_cache.c:437:25: note: ‘entry’ was declared here struct sysdb_attrs *entry; ^~~~~ Another workaround would be to remove static modifier from function sssctl_find_object which probably prevents some inlinig + optimisation. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
13:11 Changeset [c587e9a] by Lukas Slebodnik <lslebodn@…>
masterTOOLS: Fix warning format-truncation src/tools/sss_groupshow.c: In function ‘print_group_info’: src/tools/sss_groupshow.c:612:22: error: ‘%d’ directive output truncated writing between 10 and 11 bytes into a region of size 7 [-Werror=format-truncation=] snprintf(fmt, 8, "%%%ds", level*PADDING_SPACES); ^~~~~~~ src/tools/sss_groupshow.c:612:22: note: using the range [-2147483648, 2147483647] for directive argument src/tools/sss_groupshow.c:612:5: note: ‘snprintf’ output between 13 and 14 bytes into a destination of size 8 snprintf(fmt, 8, "%%%ds", level*PADDING_SPACES); Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
13:10 Changeset [cbb0e683] by Lukas Slebodnik <lslebodn@…>
masterpam_sss: Suppress warning format-truncation src/sss_client/pam_sss.c: In function ‘send_and_receive’: src/sss_client/pam_sss.c:742:39: error: ‘%.*s’ directive output between 0 and 18446744073709551615 bytes may cause result to exceed ‘INT_MAX’ [-Werror=format-truncation=] ret = snprintf(user_msg, bufsize, "%s%s%.*s", ^~~~~~~~~~ sssd/src/sss_client/pam_sss.c:742:39: note: assuming directive output of 4294967295 bytes Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
13:10 Changeset [2e50578] by Lukas Slebodnik <lslebodn@…>
masterSuppres implicit-fallthrough from gcc 7 Some kind of comments are recognized by gcc7 but they are ignored with -Wimplicit-fallthrough=5 and only attributes disable the warning. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
11:21 Ticket #3294 (Enumeration is not restarted later if the first run fails because sssd is ...) created by jhrozek
If sssd is set up with enumeration, but the first enumeration after sssd …
10:38 Ticket #3293 (SSSD authentication fails when two IPA accounts share an email address) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
10:27 Ticket #3292 (RFE: Create troubleshooting tool to check authentication, authorization ...) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …
10:24 Ticket #3291 (RFE: sssd in cross realm trust configuration should be able to find AD ...) created by jhrozek
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise …

01/30/17:

20:22 DesignDocs/SocketActivatableResponders edited by fidencio
(diff)
15:53 Ticket #3290 (HTML generated man pages contain two conflicting defaults) created by jhrozek
A user pointed me to an error in …

01/26/17:

13:36 Ticket #3269 (SSSD does not skip GPO if no gpcFunctionalityVersion present) closed by lslebodn
fixed: sssd-1-14: * 9bf6c4b5afb5054282f7b8c4c5f7bed26a259f5a * …
13:35 Changeset [627edf70] by Lukas Slebodnik <lslebodn@…>
sssd-1-13gpo: Improve debug messages Improve debug messages during security filtering. It was not possible to figure out why the GPO was filtered by reading the logs, because we use the same debug message in various cases. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 47680083e7e4bf5c433657171bf84cceacc83339) (cherry picked from commit 9bf6c4b5afb5054282f7b8c4c5f7bed26a259f5a)
13:35 Changeset [0ee20e9] by Lukas Slebodnik <lslebodn@…>
sssd-1-13GPO: Skip GPOs without gPCFunctionalityVersion We falsely stopped GPO processing when Group Policy Container in AD did not contain gPCFunctionalityVersion. Such GPOs should be ignored by SSSD according to MS-GPOL: https://msdn.microsoft.com/en-us/library/cc232538.aspx Resolves: https://fedorahosted.org/sssd/ticket/3269 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 6a490b312075d2588ad87bbb8a63466f1ac6a106) (cherry picked from commit 94903da8a3723094948b4b99b30f6449fed809da)
13:33 Changeset [9bf6c4b] by Lukas Slebodnik <lslebodn@…>
sssd-1-14gpo: Improve debug messages Improve debug messages during security filtering. It was not possible to figure out why the GPO was filtered by reading the logs, because we use the same debug message in various cases. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 47680083e7e4bf5c433657171bf84cceacc83339)
13:33 Changeset [94903da] by Lukas Slebodnik <lslebodn@…>
sssd-1-14GPO: Skip GPOs without gPCFunctionalityVersion We falsely stopped GPO processing when Group Policy Container in AD did not contain gPCFunctionalityVersion. Such GPOs should be ignored by SSSD according to MS-GPOL: https://msdn.microsoft.com/en-us/library/cc232538.aspx Resolves: https://fedorahosted.org/sssd/ticket/3269 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 6a490b312075d2588ad87bbb8a63466f1ac6a106)
13:15 Changeset [2c4cc58] by Lukas Slebodnik <lslebodn@…>
sssd-1-13BUILD: Fix linking of test_wbc_calls Client code does not anymore depend on libpthread in master. This is a reason why we didn't notice any linking failure in master. But the test should be linked with CLIENT_LIBS. CCLD test_wbc_calls /usr/bin/ld: src/sss_client/test_wbc_calls-common.o: undefined reference to symbol 'pthread_mutexattr_setrobust@@GLIBC_2.12' //lib/x86_64-linux-gnu/libpthread.so.0: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status Makefile:12460: recipe for target 'test_wbc_calls' failed Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> (cherry picked from commit c369b062182c746849196e495db467198039edf4) (cherry picked from commit 9e2190b898558ee51745da7e8aeef9ca6b049986)
13:14 Changeset [9e2190b] by Lukas Slebodnik <lslebodn@…>
sssd-1-14BUILD: Fix linking of test_wbc_calls Client code does not anymore depend on libpthread in master. This is a reason why we didn't notice any linking failure in master. But the test should be linked with CLIENT_LIBS. CCLD test_wbc_calls /usr/bin/ld: src/sss_client/test_wbc_calls-common.o: undefined reference to symbol 'pthread_mutexattr_setrobust@@GLIBC_2.12' //lib/x86_64-linux-gnu/libpthread.so.0: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status Makefile:12460: recipe for target 'test_wbc_calls' failed Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> (cherry picked from commit c369b062182c746849196e495db467198039edf4)
13:09 Changeset [c369b06] by Lukas Slebodnik <lslebodn@…>
masterBUILD: Fix linking of test_wbc_calls Client code does not anymore depend on libpthread in master. This is a reason why we didn't notice any linking failure in master. But the test should be linked with CLIENT_LIBS. CCLD test_wbc_calls /usr/bin/ld: src/sss_client/test_wbc_calls-common.o: undefined reference to symbol 'pthread_mutexattr_setrobust@@GLIBC_2.12' //lib/x86_64-linux-gnu/libpthread.so.0: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status Makefile:12460: recipe for target 'test_wbc_calls' failed Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
09:31 Ticket #3289 ([RFE] Support U2F authentication workflow) created by mkosek
=== Background === Many vendors including Microsoft or Google support U2F …

01/25/17:

22:24 Ticket #3288 (IPA - sudo does not handle associated conflict entries) created by jstephen
Sudo attempts will fail in IDM environments when LDAP entries exist …
15:57 WikiStart edited by jhrozek
(diff)
15:55 Releases edited by jhrozek
(diff)
15:50 Ticket #3215 (Review and update SSSD's wiki pages for 1.15 Alpha release) closed by jhrozek
fixed: doc links are correct, no security sensitive options were added. There is …
15:49 Milestone SSSD 1.15.0 completed
15:48 Documentation edited by jhrozek
(diff)
15:46 Changeset [33da7b1] by Jakub Hrozek <jhrozek@…>
masterUpdating the version to track the 1.15.1 release
15:39 Changeset [885a47d] by Jakub Hrozek <jhrozek@…>
masterUpdating the version for the 1.15.0 release
15:35 Changeset [36b5648] by Jakub Hrozek <jhrozek@…>
masterUpdating the translations for the 1.15.0 release
15:18 Releases/Notes-1.15.0 edited by jhrozek
(diff)
15:02 Releases/Notes-1.15.0 edited by jhrozek
(diff)
14:50 Changeset [6a490b3] by Lukas Slebodnik <lslebodn@…>
masterGPO: Skip GPOs without gPCFunctionalityVersion We falsely stopped GPO processing when Group Policy Container in AD did not contain gPCFunctionalityVersion. Such GPOs should be ignored by SSSD according to MS-GPOL: https://msdn.microsoft.com/en-us/library/cc232538.aspx Resolves: https://fedorahosted.org/sssd/ticket/3269 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
14:50 Changeset [4768008] by Lukas Slebodnik <lslebodn@…>
mastergpo: Improve debug messages Improve debug messages during security filtering. It was not possible to figure out why the GPO was filtered by reading the logs, because we use the same debug message in various cases. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
12:31 Changeset [ca367e0] by Lukas Slebodnik <lslebodn@…>
masterdp_request_table: remove unused #includes Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
11:50 Releases/Notes-1.15.0 edited by jhrozek
(diff)
11:46 Ticket #3189 (STARTTLS connections to OpenLDAP fail with 1.14.1) closed by lslebodn
fixed: master: * 31459a01486cfb2c04759bc998ff0c3ed19df81e sssd-1-14: * …
11:44 Changeset [09d9394] by Lukas Slebodnik <lslebodn@…>
sssd-1-14UTIL: Unset O_NONBLOCK for ldap connection Before the commit 75e66c388862a4ba05afe0791c5503226395bad0, the flag O_NONBLOCK was set only for the connect syscall in request sssd_async_connect_send -> sssd_async_connect_send. Such change was done for secrets provider. However, if ldap is compiled with gnutls it caused problems with start_tls and ldaps. There is not a problem with libldap 2.5 + gnutls because libldap is compiled with LDAP_USE_NON_BLOCKING_TLS OpenLDAP Server log: 5810cf2f connection_get(23): got connid=1042 5810cf2f connection_read(23): checking for input on id=1042 TLS: error: accept - force handshake failure: errno 11 - moznss error -12234 TLS: can't accept: TLS error -12234:SSL received an unexpected Application Data record.. 5810cf2f connection_read(23): TLS accept failure error=-1 id=1042, closing 5810cf2f connection_close: conn=1042 sd=23 sssd domain log: [simple_bind_send] (0x0100): Executing simple bind as: uid=user1,dc=example,dc=com [simple_bind_send] (0x2000): ldap simple bind sent, msgid = 2 [sdap_op_add] (0x2000): New operation 2 timeout 6 [sdap_process_result] (0x2000): Trace: sh[0x151c240], connected[1], ops[0x1515700], ldap[0x1511bd0] [sdap_process_result] (0x2000): Trace: end of ldap_result list [sdap_process_result] (0x2000): Trace: sh[0x151c240], connected[1], ops[0x1515700], ldap[0x1511bd0] [sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server] [sdap_handle_release] (0x2000): Trace: sh[0x151c240], connected[1], ops[0x1515700], ldap[0x1511bd0], destructor_lock[0], release_memory[0] [remove_connection_callback] (0x4000): Successfully removed connection callback. [sdap_op_destructor] (0x1000): Abandoning operation 2 [dp_req_done] (0x0400): DP Request [PAM Authenticate #3]: Request handler finished [0]: Success [_dp_req_recv] (0x0400): DP Request [PAM Authenticate #3]: Receiving request data. [dp_req_destructor] (0x0400): DP Request [PAM Authenticate #3]: Request removed. [dp_req_destructor] (0x0400): Number of active DP request: 0 [dp_method_enabled] (0x0400): Target selinux is not configured [dp_pam_reply] (0x1000): DP Request [PAM Authenticate #3]: Sending result [4][LDAP] Resolves: https://fedorahosted.org/sssd/ticket/3189 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 31459a01486cfb2c04759bc998ff0c3ed19df81e)
11:41 Changeset [31459a0] by Lukas Slebodnik <lslebodn@…>
masterUTIL: Unset O_NONBLOCK for ldap connection Before the commit 75e66c388862a4ba05afe0791c5503226395bad0, the flag O_NONBLOCK was set only for the connect syscall in request sssd_async_connect_send -> sssd_async_connect_send. Such change was done for secrets provider. However, if ldap is compiled with gnutls it caused problems with start_tls and ldaps. There is not a problem with libldap 2.5 + gnutls because libldap is compiled with LDAP_USE_NON_BLOCKING_TLS OpenLDAP Server log: 5810cf2f connection_get(23): got connid=1042 5810cf2f connection_read(23): checking for input on id=1042 TLS: error: accept - force handshake failure: errno 11 - moznss error -12234 TLS: can't accept: TLS error -12234:SSL received an unexpected Application Data record.. 5810cf2f connection_read(23): TLS accept failure error=-1 id=1042, closing 5810cf2f connection_close: conn=1042 sd=23 sssd domain log: [simple_bind_send] (0x0100): Executing simple bind as: uid=user1,dc=example,dc=com [simple_bind_send] (0x2000): ldap simple bind sent, msgid = 2 [sdap_op_add] (0x2000): New operation 2 timeout 6 [sdap_process_result] (0x2000): Trace: sh[0x151c240], connected[1], ops[0x1515700], ldap[0x1511bd0] [sdap_process_result] (0x2000): Trace: end of ldap_result list [sdap_process_result] (0x2000): Trace: sh[0x151c240], connected[1], ops[0x1515700], ldap[0x1511bd0] [sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server] [sdap_handle_release] (0x2000): Trace: sh[0x151c240], connected[1], ops[0x1515700], ldap[0x1511bd0], destructor_lock[0], release_memory[0] [remove_connection_callback] (0x4000): Successfully removed connection callback. [sdap_op_destructor] (0x1000): Abandoning operation 2 [dp_req_done] (0x0400): DP Request [PAM Authenticate #3]: Request handler finished [0]: Success [_dp_req_recv] (0x0400): DP Request [PAM Authenticate #3]: Receiving request data. [dp_req_destructor] (0x0400): DP Request [PAM Authenticate #3]: Request removed. [dp_req_destructor] (0x0400): Number of active DP request: 0 [dp_method_enabled] (0x0400): Target selinux is not configured [dp_pam_reply] (0x1000): DP Request [PAM Authenticate #3]: Sending result [4][LDAP] Resolves: https://fedorahosted.org/sssd/ticket/3189 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
11:36 Ticket #3266 (Deadlock in watchdog's signal handler) closed by lslebodn
fixed: master: * e6a5f8c58539fc31fd81fac89cfc85703b4250ea * …
11:35 Changeset [0606a71] by Lukas Slebodnik <lslebodn@…>
sssd-1-14WATCHDOG: Avoid non async-signal-safe from the signal_handler While debugging rhbz#1396912 a deadlock on sssd_be was noticed[0] and it's been caused by the use of non async-signal-safe functions from the signal_handler (please, see man 7 signal for more info about which are the async-signal-safe functions that can be used). In order to work this situation around a pipe has been added to the watchdog_ctx structure and, in case of clock screw, a single byte is written to this pipe (which is an async-signal-safe operation) and the logic currently done by the timer handler to reset the watchdog will be done inside the fd handler in a safe way. With this patch we ended up losing some debug messages as orderly_shutdown() has been replaced by kill(-getpgrp(), SIGTERM) (or _exit(1) considering the cases where setting up the process group during the server_setup() has failed). Personally I don't think is worth the trouble to try to log those messages properly in this specific case. It's really worth to mention that a proper fix the clock screw situation should be implemented on samba's side, by having tevent using monotonic (or boottime) clock. [0]: [root@dusan ~]# pstack 17922 #0 __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95 #1 0x00007fe707d04f93 in _L_lock_14932 () from /lib64/libc.so.6 #2 0x00007fe707d02013 in __GI___libc_malloc (bytes=140630248638304, bytes@entry=15) at malloc.c:2891 #3 0x00007fe707d0888a in __GI___strdup (s=0x7fe707dff4f7 "/etc/localtime") at strdup.c:42 #4 0x00007fe707d31b61 in tzset_internal (always=<optimized out>, explicit=explicit@entry=1) at tzset.c:438 #5 0x00007fe707d32523 in __tz_convert (timer=timer@entry=0x7ffcd5d2b090, use_localtime=use_localtime@entry=1, tp=tp@entry=0x7fe708041d40 <_tmbuf>) at tzset.c:621 #6 0x00007fe707d30521 in __GI_localtime (t=t@entry=0x7ffcd5d2b090) at localtime.c:42 #7 0x00007fe70886c7b0 in sss_vdebug_fn (file=<optimized out>, line=<optimized out>, function=0x7fe70bff27f0 <__FUNCTION__.9379> "watchdog_handler", level=16, flags=flags@entry=0, format=format@entry=0x7fe70bff2760 "Watchdog timer overflow, killing process!\n", ap=ap@entry=0x7ffcd5d2b130) at src/util/debug.c:248 #8 0x00007fe70886c995 in sss_debug_fn (file=file@entry=0x7fe70bff263b "src/util/util_watchdog.c", line=line@entry=82, function=function@entry=0x7fe70bff27f0 <__FUNCTION__.9379> "watchdog_handler", level=level@entry=16, format=format@entry=0x7fe70bff2760 "Watchdog timer overflow, killing process!\n") at src/util/debug.c:284 #9 0x00007fe70bfdb409 in watchdog_handler (sig=<optimized out>) at src/util/util_watchdog.c:81 #10 <signal handler called> #11 0x00007fe707cff664 in _int_malloc (av=av@entry=0x7fe70803c760 <main_arena>, bytes=bytes@entry=151) at malloc.c:3494 #12 0x00007fe707d01fbc in __GI___libc_malloc (bytes=bytes@entry=151) at malloc.c:2893 #13 0x00007fe708450749 in __talloc_with_prefix (prefix_len=0, size=55, context=0x7fe718373210) at ../talloc.c:668 #14 __talloc (size=55, context=0x7fe718373210) at ../talloc.c:708 #15 _talloc_named_const (name=0x7fe70bb7015d "../common/ldb_pack.c:425", size=55, context=0x7fe718373210) at ../talloc.c:865 #16 talloc_named_const (context=<optimized out>, size=size@entry=55, name=name@entry=0x7fe70bb7015d "../common/ldb_pack.c:425") at ../talloc.c:1606 #17 0x00007fe70bb61803 in ldb_unpack_data_only_attr_list (ldb=ldb@entry=0x7fe70e4d52c0, data=data@entry=0x7ffcd5d2b990, message=0x7fe7184aa1e0, list=list@entry=0x0, list_size=list_size@entry=0, nb_elements_in_db=nb_elements_in_db@entry=0x0) at ../common/ldb_pack.c:425 #18 0x00007fe70bb61a7d in ldb_unpack_data (ldb=ldb@entry=0x7fe70e4d52c0, data=data@entry=0x7ffcd5d2b990, message=<optimized out>) at ../common/ldb_pack.c:470 #19 0x00007fe6fdc29b46 in ltdb_parse_data_unpack (key=..., data=..., private_data=0x7ffcd5d2ba70) at ../ldb_tdb/ldb_search.c:249 #20 0x00007fe70a5e0a24 in tdb_parse_data (tdb=tdb@entry=0x7fe70e4eaa10, key=..., offset=15619748, len=414772, parser=parser@entry=0x7fe6fdc29b10 <ltdb_parse_data_unpack>, private_data=private_data@entry=0x7ffcd5d2ba70) at ../common/io.c:637 #21 0x00007fe70a5dc1fc in tdb_parse_record (tdb=0x7fe70e4eaa10, key=..., parser=parser@entry=0x7fe6fdc29b10 <ltdb_parse_data_unpack>, private_data=private_data@entry=0x7ffcd5d2ba70) at ../common/tdb.c:253 #22 0x00007fe6fdc29e7b in ltdb_search_dn1 (module=module@entry=0x7fe70e4eab50, dn=dn@entry=0x7fe7183c4940, msg=msg@entry=0x7fe7184aa1e0) at ../ldb_tdb/ldb_search.c:287 #23 0x00007fe6fdc2acbb in ltdb_dn_list_load (module=module@entry=0x7fe70e4eab50, dn=dn@entry=0x7fe7183c4940, list=list@entry=0x7fe7183c3a30) at ../ldb_tdb/ldb_index.c:181 #24 0x00007fe6fdc2bbbb in ltdb_index_add1 (module=module@entry=0x7fe70e4eab50, dn=dn@entry=0x7fe7183bf3e0 "name=testuser7045@domain.com,cn=users,cn=DOMAIN.COM,cn=sysdb", v_idx=v_idx@entry=0, el=<optimized out>, el=<optimized out>) at ../ldb_tdb/ldb_index.c:1134 #25 0x00007fe6fdc2c62c in ltdb_index_add_el (el=0x7fe7184aa3e0, dn=0x7fe7183bf3e0 "name=testuser7045@domain.com,cn=users,cn=DOMAIN.COM,cn=sysdb", module=0x7fe70e4eab50) at ../ldb_tdb/ldb_index.c:1180 #26 ltdb_index_add_element (module=module@entry=0x7fe70e4eab50, dn=<optimized out>, el=el@entry=0x7fe7184aa3e0) at ../ldb_tdb/ldb_index.c:1290 #27 0x00007fe6fdc290bb in ltdb_modify_internal (module=module@entry=0x7fe70e4eab50, msg=0x7fe7183bf0c0, req=req@entry=0x7fe7183bdc10) at ../ldb_tdb/ldb_tdb.c:903 #28 0x00007fe6fdc2958a in ltdb_modify (ctx=0x7fe7183c2950, ctx=0x7fe7183c2950) at ../ldb_tdb/ldb_tdb.c:998 #29 ltdb_callback (ev=<optimized out>, te=<optimized out>, t=..., private_data=<optimized out>) at ../ldb_tdb/ldb_tdb.c:1380 #30 0x00007fe708664b4f in tevent_common_loop_timer_delay (ev=ev@entry=0x7fe70e4d2890) at ../tevent_timed.c:341 #31 0x00007fe708665b5a in epoll_event_loop_once (ev=0x7fe70e4d2890, location=<optimized out>) at ../tevent_epoll.c:911 #32 0x00007fe708664257 in std_event_loop_once (ev=0x7fe70e4d2890, location=0x7fe70bb72ec5 "../common/ldb.c:631") at ../tevent_standard.c:114 #33 0x00007fe70866040d in _tevent_loop_once (ev=ev@entry=0x7fe70e4d2890, location=location@entry=0x7fe70bb72ec5 "../common/ldb.c:631") at ../tevent.c:533 #34 0x00007fe70bb6bc4f in ldb_wait (handle=0x7fe7183c4530, type=<optimized out>) at ../common/ldb.c:631 #35 0x00007fe70bb6c793 in ldb_autotransaction_request (ldb=0x7fe70e4d52c0, req=0x7fe7183bdc10) at ../common/ldb.c:573 #36 0x00007fe70bb6d263 in ldb_modify (ldb=ldb@entry=0x7fe70e4d52c0, message=<optimized out>) at ../common/ldb.c:1655 #37 0x00007fe70bfa2ab5 in sysdb_set_cache_entry_attr (ldb=0x7fe70e4d52c0, entry_dn=entry_dn@entry=0x7fe7183c4760, attrs=attrs@entry=0x7fe7183bf680, mod_op=mod_op@entry=2) at src/db/sysdb_ops.c:1159 #38 0x00007fe70bfa304d in sysdb_rep_ts_entry_attr (sysdb=0x7fe70e4eadd0, attrs=0x7fe7183bf680, entry_dn=0x7fe7183c4760) at src/db/sysdb_ops.c:1218 #39 sysdb_set_ts_entry_attr (sysdb=sysdb@entry=0x7fe70e4eadd0, entry_dn=entry_dn@entry=0x7fe7183c4760, attrs=attrs@entry=0x7fe7183bb840, mod_op=mod_op@entry=2) at src/db/sysdb_ops.c:1248 #40 0x00007fe70bfa4aa9 in sysdb_set_entry_attr (sysdb=0x7fe70e4eadd0, entry_dn=0x7fe7183c4760, attrs=attrs@entry=0x7fe7183bb840, mod_op=mod_op@entry=2) at src/db/sysdb_ops.c:1199 #41 0x00007fe70bfa4b5f in sysdb_set_user_attr (domain=domain@entry=0x7fe70e4d62f0, name=name@entry=0x7fe7183c01f0 "testuser7045@domain.com", attrs=attrs@entry=0x7fe7183bb840, mod_op=mod_op@entry=2) at src/db/sysdb_ops.c:1285 #42 0x00007fe70bfa58c3 in sysdb_add_user (domain=domain@entry=0x7fe70e4d62f0, name=name@entry=0x7fe7183c01f0 "testuser7045@domain.com", uid=uid@entry=1415408147, gid=<optimized out>, gid@entry=1415400513, gecos=gecos@entry=0x7fe710465d00 "Test User7045", homedir=homedir@entry=0x0, shell=shell@entry=0x0, orig_dn=orig_dn@entry=0x7fe710465940 "CN=Test User7045,OU=Sales,DC=DOMAIN,DC=COM", attrs=attrs@entry=0x7fe7183bb840, cache_timeout=cache_timeout@entry=5400, now=now@entry=1481105315) at src/db/sysdb_ops.c:1928 #43 0x00007fe70bfab271 in sysdb_store_new_user (now=1481105315, cache_timeout=5400, attrs=0x7fe7183bb840, orig_dn=0x7fe710465940 "CN=Test User7045,OU=Sales,DC=DOMAIN,DC=COM", shell=0x0, homedir=0x0, gecos=0x7fe710465d00 "Test User7045", gid=1415400513, uid=1415408147, name=0x7fe7183c01f0 "testuser7045@domain.com", domain=0x7fe70e4d62f0) at src/db/sysdb_ops.c:2549 #44 sysdb_store_user (domain=domain@entry=0x7fe70e4d62f0, name=0x7fe7183c01f0 "testuser7045@domain.com", pwd=pwd@entry=0x0, uid=1415408147, gid=1415400513, gecos=gecos@entry=0x7fe710465d00 "Test User7045", homedir=homedir@entry=0x0, shell=shell@entry=0x0, orig_dn=orig_dn@entry=0x7fe710465940 "CN=Test User7045,OU=Sales,DC=DOMAIN,DC=COM", attrs=attrs@entry=0x7fe7183bb840, remove_attrs=0x7fe7183c08a0, cache_timeout=cache_timeout@entry=5400, now=now@entry=1481105315) at src/db/sysdb_ops.c:2499 #45 0x00007fe6fba0d9f9 in sdap_save_user (memctx=memctx@entry=0x7fe70e544ee0, opts=opts@entry=0x7fe70e518400, dom=dom@entry=0x7fe70e4d62f0, attrs=<optimized out>, _usn_value=_usn_value@entry=0x7ffcd5d2c260, now=now@entry=1481105315) at src/providers/ldap/sdap_async_users.c:509 #46 0x00007fe6fba0df9a in sdap_save_users (memctx=memctx@entry=0x7fe70e544e40, sysdb=0x7fe70e4eadd0, dom=0x7fe70e4d62f0, opts=0x7fe70e518400, users=<optimized out>, num_users=10006, _usn_value=_usn_value@entry=0x7fe70e544e60) at src/providers/ldap/sdap_async_users.c:572 #47 0x00007fe6fba0e460 in sdap_get_users_done (subreq=<optimized out>) at src/providers/ldap/sdap_async_users.c:938 #48 0x00007fe6fba0c9d5 in sdap_search_user_process (subreq=0x0) at src/providers/ldap/sdap_async_users.c:814 #49 0x00007fe6fba07379 in generic_ext_search_handler (subreq=0x0, opts=<optimized out>) at src/providers/ldap/sdap_async.c:1689 #50 0x00007fe6fba0991b in sdap_get_generic_op_finished (op=<optimized out>, reply=<optimized out>, error=<optimized out>, pvt=<optimized out>) at src/providers/ldap/sdap_async.c:1621 #51 0x00007fe6fba083cd in sdap_process_message (ev=<optimized out>, sh=<optimized out>, msg=0x7fe70e5f9ce0) at src/providers/ldap/sdap_async.c:353 #52 sdap_process_result (ev=<optimized out>, pvt=<optimized out>) at src/providers/ldap/sdap_async.c:197 #53 0x00007fe708664b4f in tevent_common_loop_timer_delay (ev=ev@entry=0x7fe70e4cbc30) at ../tevent_timed.c:341 #54 0x00007fe708665b5a in epoll_event_loop_once (ev=0x7fe70e4cbc30, location=<optimized out>) at ../tevent_epoll.c:911 #55 0x00007fe708664257 in std_event_loop_once (ev=0x7fe70e4cbc30, location=0x7fe70bfee8e7 "src/util/server.c:702") at ../tevent_standard.c:114 #56 0x00007fe70866040d in _tevent_loop_once (ev=ev@entry=0x7fe70e4cbc30, location=location@entry=0x7fe70bfee8e7 "src/util/server.c:702") at ../tevent.c:533 #57 0x00007fe7086605ab in tevent_common_loop_wait (ev=0x7fe70e4cbc30, location=0x7fe70bfee8e7 "src/util/server.c:702") at ../tevent.c:637 #58 0x00007fe7086641f7 in std_event_loop_wait (ev=0x7fe70e4cbc30, location=0x7fe70bfee8e7 "src/util/server.c:702") at ../tevent_standard.c:140 #59 0x00007fe70bfd1993 in server_loop (main_ctx=0x7fe70e4cd080) at src/util/server.c:702 #60 0x00007fe70c84cb82 in main (argc=8, argv=<optimized out>) at src/providers/data_provider_be.c:587 Resolves: https://fedorahosted.org/sssd/ticket/3266 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> (cherry picked from commit e6a5f8c58539fc31fd81fac89cfc85703b4250ea)
11:34 Changeset [442985a] by Lukas Slebodnik <lslebodn@…>
sssd-1-14SERVER: Set the process group during server_setup() By calling setpgid() in server_setup() we are able to kill the process in the watchdog by simply doing kill(-getpid(), SIGTERM). However, in order to have it working properly the SELinux policy for SSSD has to be updated and unless SSSD is ran with SELinux on permissive mode, each of the responders and the monitor will trigger a similar message: Jan 09 14:31:50 client1.ipa.example audit[11630]: AVC avc: denied { setpgid } for pid=11630 comm="sssd_pac" scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:system_r:sssd_t:s0 tclass=process permissive=0 It's important to say that till SELinux policy is fixed, we might end up leaking some processes. Related: https://fedorahosted.org/sssd/ticket/3266 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 087162b85e191af51637904702813969b35eaadc)
11:33 Changeset [e6a5f8c] by Lukas Slebodnik <lslebodn@…>
masterWATCHDOG: Avoid non async-signal-safe from the signal_handler While debugging rhbz#1396912 a deadlock on sssd_be was noticed[0] and it's been caused by the use of non async-signal-safe functions from the signal_handler (please, see man 7 signal for more info about which are the async-signal-safe functions that can be used). In order to work this situation around a pipe has been added to the watchdog_ctx structure and, in case of clock screw, a single byte is written to this pipe (which is an async-signal-safe operation) and the logic currently done by the timer handler to reset the watchdog will be done inside the fd handler in a safe way. With this patch we ended up losing some debug messages as orderly_shutdown() has been replaced by kill(-getpgrp(), SIGTERM) (or _exit(1) considering the cases where setting up the process group during the server_setup() has failed). Personally I don't think is worth the trouble to try to log those messages properly in this specific case. It's really worth to mention that a proper fix the clock screw situation should be implemented on samba's side, by having tevent using monotonic (or boottime) clock. [0]: [root@dusan ~]# pstack 17922 #0 __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95 #1 0x00007fe707d04f93 in _L_lock_14932 () from /lib64/libc.so.6 #2 0x00007fe707d02013 in __GI___libc_malloc (bytes=140630248638304, bytes@entry=15) at malloc.c:2891 #3 0x00007fe707d0888a in __GI___strdup (s=0x7fe707dff4f7 "/etc/localtime") at strdup.c:42 #4 0x00007fe707d31b61 in tzset_internal (always=<optimized out>, explicit=explicit@entry=1) at tzset.c:438 #5 0x00007fe707d32523 in __tz_convert (timer=timer@entry=0x7ffcd5d2b090, use_localtime=use_localtime@entry=1, tp=tp@entry=0x7fe708041d40 <_tmbuf>) at tzset.c:621 #6 0x00007fe707d30521 in __GI_localtime (t=t@entry=0x7ffcd5d2b090) at localtime.c:42 #7 0x00007fe70886c7b0 in sss_vdebug_fn (file=<optimized out>, line=<optimized out>, function=0x7fe70bff27f0 <__FUNCTION__.9379> "watchdog_handler", level=16, flags=flags@entry=0, format=format@entry=0x7fe70bff2760 "Watchdog timer overflow, killing process!\n", ap=ap@entry=0x7ffcd5d2b130) at src/util/debug.c:248 #8 0x00007fe70886c995 in sss_debug_fn (file=file@entry=0x7fe70bff263b "src/util/util_watchdog.c", line=line@entry=82, function=function@entry=0x7fe70bff27f0 <__FUNCTION__.9379> "watchdog_handler", level=level@entry=16, format=format@entry=0x7fe70bff2760 "Watchdog timer overflow, killing process!\n") at src/util/debug.c:284 #9 0x00007fe70bfdb409 in watchdog_handler (sig=<optimized out>) at src/util/util_watchdog.c:81 #10 <signal handler called> #11 0x00007fe707cff664 in _int_malloc (av=av@entry=0x7fe70803c760 <main_arena>, bytes=bytes@entry=151) at malloc.c:3494 #12 0x00007fe707d01fbc in __GI___libc_malloc (bytes=bytes@entry=151) at malloc.c:2893 #13 0x00007fe708450749 in __talloc_with_prefix (prefix_len=0, size=55, context=0x7fe718373210) at ../talloc.c:668 #14 __talloc (size=55, context=0x7fe718373210) at ../talloc.c:708 #15 _talloc_named_const (name=0x7fe70bb7015d "../common/ldb_pack.c:425", size=55, context=0x7fe718373210) at ../talloc.c:865 #16 talloc_named_const (context=<optimized out>, size=size@entry=55, name=name@entry=0x7fe70bb7015d "../common/ldb_pack.c:425") at ../talloc.c:1606 #17 0x00007fe70bb61803 in ldb_unpack_data_only_attr_list (ldb=ldb@entry=0x7fe70e4d52c0, data=data@entry=0x7ffcd5d2b990, message=0x7fe7184aa1e0, list=list@entry=0x0, list_size=list_size@entry=0, nb_elements_in_db=nb_elements_in_db@entry=0x0) at ../common/ldb_pack.c:425 #18 0x00007fe70bb61a7d in ldb_unpack_data (ldb=ldb@entry=0x7fe70e4d52c0, data=data@entry=0x7ffcd5d2b990, message=<optimized out>) at ../common/ldb_pack.c:470 #19 0x00007fe6fdc29b46 in ltdb_parse_data_unpack (key=..., data=..., private_data=0x7ffcd5d2ba70) at ../ldb_tdb/ldb_search.c:249 #20 0x00007fe70a5e0a24 in tdb_parse_data (tdb=tdb@entry=0x7fe70e4eaa10, key=..., offset=15619748, len=414772, parser=parser@entry=0x7fe6fdc29b10 <ltdb_parse_data_unpack>, private_data=private_data@entry=0x7ffcd5d2ba70) at ../common/io.c:637 #21 0x00007fe70a5dc1fc in tdb_parse_record (tdb=0x7fe70e4eaa10, key=..., parser=parser@entry=0x7fe6fdc29b10 <ltdb_parse_data_unpack>, private_data=private_data@entry=0x7ffcd5d2ba70) at ../common/tdb.c:253 #22 0x00007fe6fdc29e7b in ltdb_search_dn1 (module=module@entry=0x7fe70e4eab50, dn=dn@entry=0x7fe7183c4940, msg=msg@entry=0x7fe7184aa1e0) at ../ldb_tdb/ldb_search.c:287 #23 0x00007fe6fdc2acbb in ltdb_dn_list_load (module=module@entry=0x7fe70e4eab50, dn=dn@entry=0x7fe7183c4940, list=list@entry=0x7fe7183c3a30) at ../ldb_tdb/ldb_index.c:181 #24 0x00007fe6fdc2bbbb in ltdb_index_add1 (module=module@entry=0x7fe70e4eab50, dn=dn@entry=0x7fe7183bf3e0 "name=testuser7045@domain.com,cn=users,cn=DOMAIN.COM,cn=sysdb", v_idx=v_idx@entry=0, el=<optimized out>, el=<optimized out>) at ../ldb_tdb/ldb_index.c:1134 #25 0x00007fe6fdc2c62c in ltdb_index_add_el (el=0x7fe7184aa3e0, dn=0x7fe7183bf3e0 "name=testuser7045@domain.com,cn=users,cn=DOMAIN.COM,cn=sysdb", module=0x7fe70e4eab50) at ../ldb_tdb/ldb_index.c:1180 #26 ltdb_index_add_element (module=module@entry=0x7fe70e4eab50, dn=<optimized out>, el=el@entry=0x7fe7184aa3e0) at ../ldb_tdb/ldb_index.c:1290 #27 0x00007fe6fdc290bb in ltdb_modify_internal (module=module@entry=0x7fe70e4eab50, msg=0x7fe7183bf0c0, req=req@entry=0x7fe7183bdc10) at ../ldb_tdb/ldb_tdb.c:903 #28 0x00007fe6fdc2958a in ltdb_modify (ctx=0x7fe7183c2950, ctx=0x7fe7183c2950) at ../ldb_tdb/ldb_tdb.c:998 #29 ltdb_callback (ev=<optimized out>, te=<optimized out>, t=..., private_data=<optimized out>) at ../ldb_tdb/ldb_tdb.c:1380 #30 0x00007fe708664b4f in tevent_common_loop_timer_delay (ev=ev@entry=0x7fe70e4d2890) at ../tevent_timed.c:341 #31 0x00007fe708665b5a in epoll_event_loop_once (ev=0x7fe70e4d2890, location=<optimized out>) at ../tevent_epoll.c:911 #32 0x00007fe708664257 in std_event_loop_once (ev=0x7fe70e4d2890, location=0x7fe70bb72ec5 "../common/ldb.c:631") at ../tevent_standard.c:114 #33 0x00007fe70866040d in _tevent_loop_once (ev=ev@entry=0x7fe70e4d2890, location=location@entry=0x7fe70bb72ec5 "../common/ldb.c:631") at ../tevent.c:533 #34 0x00007fe70bb6bc4f in ldb_wait (handle=0x7fe7183c4530, type=<optimized out>) at ../common/ldb.c:631 #35 0x00007fe70bb6c793 in ldb_autotransaction_request (ldb=0x7fe70e4d52c0, req=0x7fe7183bdc10) at ../common/ldb.c:573 #36 0x00007fe70bb6d263 in ldb_modify (ldb=ldb@entry=0x7fe70e4d52c0, message=<optimized out>) at ../common/ldb.c:1655 #37 0x00007fe70bfa2ab5 in sysdb_set_cache_entry_attr (ldb=0x7fe70e4d52c0, entry_dn=entry_dn@entry=0x7fe7183c4760, attrs=attrs@entry=0x7fe7183bf680, mod_op=mod_op@entry=2) at src/db/sysdb_ops.c:1159 #38 0x00007fe70bfa304d in sysdb_rep_ts_entry_attr (sysdb=0x7fe70e4eadd0, attrs=0x7fe7183bf680, entry_dn=0x7fe7183c4760) at src/db/sysdb_ops.c:1218 #39 sysdb_set_ts_entry_attr (sysdb=sysdb@entry=0x7fe70e4eadd0, entry_dn=entry_dn@entry=0x7fe7183c4760, attrs=attrs@entry=0x7fe7183bb840, mod_op=mod_op@entry=2) at src/db/sysdb_ops.c:1248 #40 0x00007fe70bfa4aa9 in sysdb_set_entry_attr (sysdb=0x7fe70e4eadd0, entry_dn=0x7fe7183c4760, attrs=attrs@entry=0x7fe7183bb840, mod_op=mod_op@entry=2) at src/db/sysdb_ops.c:1199 #41 0x00007fe70bfa4b5f in sysdb_set_user_attr (domain=domain@entry=0x7fe70e4d62f0, name=name@entry=0x7fe7183c01f0 "testuser7045@domain.com", attrs=attrs@entry=0x7fe7183bb840, mod_op=mod_op@entry=2) at src/db/sysdb_ops.c:1285 #42 0x00007fe70bfa58c3 in sysdb_add_user (domain=domain@entry=0x7fe70e4d62f0, name=name@entry=0x7fe7183c01f0 "testuser7045@domain.com", uid=uid@entry=1415408147, gid=<optimized out>, gid@entry=1415400513, gecos=gecos@entry=0x7fe710465d00 "Test User7045", homedir=homedir@entry=0x0, shell=shell@entry=0x0, orig_dn=orig_dn@entry=0x7fe710465940 "CN=Test User7045,OU=Sales,DC=DOMAIN,DC=COM", attrs=attrs@entry=0x7fe7183bb840, cache_timeout=cache_timeout@entry=5400, now=now@entry=1481105315) at src/db/sysdb_ops.c:1928 #43 0x00007fe70bfab271 in sysdb_store_new_user (now=1481105315, cache_timeout=5400, attrs=0x7fe7183bb840, orig_dn=0x7fe710465940 "CN=Test User7045,OU=Sales,DC=DOMAIN,DC=COM", shell=0x0, homedir=0x0, gecos=0x7fe710465d00 "Test User7045", gid=1415400513, uid=1415408147, name=0x7fe7183c01f0 "testuser7045@domain.com", domain=0x7fe70e4d62f0) at src/db/sysdb_ops.c:2549 #44 sysdb_store_user (domain=domain@entry=0x7fe70e4d62f0, name=0x7fe7183c01f0 "testuser7045@domain.com", pwd=pwd@entry=0x0, uid=1415408147, gid=1415400513, gecos=gecos@entry=0x7fe710465d00 "Test User7045", homedir=homedir@entry=0x0, shell=shell@entry=0x0, orig_dn=orig_dn@entry=0x7fe710465940 "CN=Test User7045,OU=Sales,DC=DOMAIN,DC=COM", attrs=attrs@entry=0x7fe7183bb840, remove_attrs=0x7fe7183c08a0, cache_timeout=cache_timeout@entry=5400, now=now@entry=1481105315) at src/db/sysdb_ops.c:2499 #45 0x00007fe6fba0d9f9 in sdap_save_user (memctx=memctx@entry=0x7fe70e544ee0, opts=opts@entry=0x7fe70e518400, dom=dom@entry=0x7fe70e4d62f0, attrs=<optimized out>, _usn_value=_usn_value@entry=0x7ffcd5d2c260, now=now@entry=1481105315) at src/providers/ldap/sdap_async_users.c:509 #46 0x00007fe6fba0df9a in sdap_save_users (memctx=memctx@entry=0x7fe70e544e40, sysdb=0x7fe70e4eadd0, dom=0x7fe70e4d62f0, opts=0x7fe70e518400, users=<optimized out>, num_users=10006, _usn_value=_usn_value@entry=0x7fe70e544e60) at src/providers/ldap/sdap_async_users.c:572 #47 0x00007fe6fba0e460 in sdap_get_users_done (subreq=<optimized out>) at src/providers/ldap/sdap_async_users.c:938 #48 0x00007fe6fba0c9d5 in sdap_search_user_process (subreq=0x0) at src/providers/ldap/sdap_async_users.c:814 #49 0x00007fe6fba07379 in generic_ext_search_handler (subreq=0x0, opts=<optimized out>) at src/providers/ldap/sdap_async.c:1689 #50 0x00007fe6fba0991b in sdap_get_generic_op_finished (op=<optimized out>, reply=<optimized out>, error=<optimized out>, pvt=<optimized out>) at src/providers/ldap/sdap_async.c:1621 #51 0x00007fe6fba083cd in sdap_process_message (ev=<optimized out>, sh=<optimized out>, msg=0x7fe70e5f9ce0) at src/providers/ldap/sdap_async.c:353 #52 sdap_process_result (ev=<optimized out>, pvt=<optimized out>) at src/providers/ldap/sdap_async.c:197 #53 0x00007fe708664b4f in tevent_common_loop_timer_delay (ev=ev@entry=0x7fe70e4cbc30) at ../tevent_timed.c:341 #54 0x00007fe708665b5a in epoll_event_loop_once (ev=0x7fe70e4cbc30, location=<optimized out>) at ../tevent_epoll.c:911 #55 0x00007fe708664257 in std_event_loop_once (ev=0x7fe70e4cbc30, location=0x7fe70bfee8e7 "src/util/server.c:702") at ../tevent_standard.c:114 #56 0x00007fe70866040d in _tevent_loop_once (ev=ev@entry=0x7fe70e4cbc30, location=location@entry=0x7fe70bfee8e7 "src/util/server.c:702") at ../tevent.c:533 #57 0x00007fe7086605ab in tevent_common_loop_wait (ev=0x7fe70e4cbc30, location=0x7fe70bfee8e7 "src/util/server.c:702") at ../tevent.c:637 #58 0x00007fe7086641f7 in std_event_loop_wait (ev=0x7fe70e4cbc30, location=0x7fe70bfee8e7 "src/util/server.c:702") at ../tevent_standard.c:140 #59 0x00007fe70bfd1993 in server_loop (main_ctx=0x7fe70e4cd080) at src/util/server.c:702 #60 0x00007fe70c84cb82 in main (argc=8, argv=<optimized out>) at src/providers/data_provider_be.c:587 Resolves: https://fedorahosted.org/sssd/ticket/3266 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
11:33 Changeset [087162b] by Lukas Slebodnik <lslebodn@…>
masterSERVER: Set the process group during server_setup() By calling setpgid() in server_setup() we are able to kill the process in the watchdog by simply doing kill(-getpid(), SIGTERM). However, in order to have it working properly the SELinux policy for SSSD has to be updated and unless SSSD is ran with SELinux on permissive mode, each of the responders and the monitor will trigger a similar message: Jan 09 14:31:50 client1.ipa.example audit[11630]: AVC avc: denied { setpgid } for pid=11630 comm="sssd_pac" scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:system_r:sssd_t:s0 tclass=process permissive=0 It's important to say that till SELinux policy is fixed, we might end up leaking some processes. Related: https://fedorahosted.org/sssd/ticket/3266 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
11:19 Releases/Notes-1.15.0 edited by jhrozek
(diff)
11:12 Releases/Notes-1.15.0 edited by jhrozek
(diff)

01/24/17:

22:39 Releases/Notes-1.15.0 created by jhrozek
21:44 Ticket #3287 (Lots of The Data Provider returned an error ...) created by orion
I'm starting to enable logging of critical failures for sssd (see also …
08:54 Changeset [9657c17] by Lukas Slebodnik <lslebodn@…>
masterMONITOR: Fix warning with undefined macro HAVE_SYSTEMD Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Note: See TracTimeline for information about the timeline view.