Michal Židek
1d4426f19f
New upstream release 1.16.3
...
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_3.html
- Resolves: upstream#2926 - Make list of local PAM services allowed for
Smartcard authentication configurable
- Related: upstream#3542 - Get host key without proxying connection
(cherry picked from commit 6ea9bfe5bb
)
2018-08-14 12:20:28 +02:00
Fabiano Fidêncio
b1aca931e9
Resolves: upstream#3766 - CVE-2018-10852: information leak from the sssd-sudo responder
...
And also ...
- Related: upstream#941 - return multiple server addresses to the Kerberos
locator plugin
- Related: upstream#3652 - kdcinfo doesn't get populated for other domains
- Resolves: upstream#3747 - sss_ssh_authorizedkeys exits abruptly if SSHD
closes its end of the pipe before reading all the
SSH keys
- Resolves: upstream#3607 - Handle conflicting e-mail addresses more gracefully
- Resolves: upstream#3754 - SSSD AD uses LDAP filter to detect POSIX attributes
stored in AD GC also for regular AD DC queries
- Related: upstream#3219 - [RFE] Regular expression used in sssd.conf not being
able to consume an @-sign in the user/group name.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 68ef824a5f
)
(cherry picked from commit f311832a06
)
2018-06-25 10:00:32 +02:00
Fabiano Fidêncio
efa0c9fd07
Resolves: rhbz#1591804 - something keeps /lib/libnss_systemd.so.2 open on minimal appliance image, breaking composes
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 192e845618
)
(cherry picked from commit 1dad4d1fac
)
2018-06-25 10:00:09 +02:00
Fabiano Fidêncio
ff32b0f35f
New upstream release 1.16.2
...
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_2.html
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit a36f5fea4b
)
(cherry picked from commit f14161ac08
)
2018-06-11 16:11:38 +02:00
Fabiano Fidêncio
b67161cd28
Related: upstream#3742 - Change of: User may not run sudo --> a password is required
...
Patch 0017-sudo-ldap-do-not-store-rules-without-sudoHost-attrib.patch
has been commented out as it caused some regressions on IPA tests.
In order to unblock IPA folks, let's revert this patch from Fedora till
we have a proper fix.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 29d69716ad
)
(cherry picked from commit e56517d602
)
2018-05-28 10:13:50 +02:00
Fabiano Fidêncio
fb3a33a26b
Revert "Add: "ExcludeArch: armv7hl""
...
This reverts commit bc3790f5a0
.
(cherry picked from commit 4979898a6e
)
(cherry picked from commit e428c4af45
)
2018-05-17 17:58:02 +02:00
Fabiano Fidêncio
af12cc5788
Add: "ExcludeArch: armv7hl"
...
For some reason still unclear we're *not* able to build SSSD on koji's
buildroot for armv7hl. Some tests have been done and SSSD was built
successfully using real armv7hl hardware, which indicates that we're
facing https://bugzilla.redhat.com/show_bug.cgi?id=1576593
As soon as the bug is resolved, this patch could be safely reverted.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit bc3790f5a0
)
(cherry picked from commit 38221da669
)
2018-05-16 22:30:57 +02:00
Fabiano Fidêncio
8ad6fab779
Related: upstream#3436 - Certificates used in unit tests have limited lifetime
...
Fix a non harmful warning shown by recent versions of OpenSSL.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 0a2c83fbd0
)
(cherry picked from commit b6ae123d6b
)
2018-05-16 22:29:09 +02:00
Fabiano Fidêncio
b0a6617361
Related: upstream#3436 - Add openssl, openssh and nss-tools as BuildRequires
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit c4f0508af1
)
(cherry picked from commit 0302f3db88
)
2018-05-16 22:29:09 +02:00
Fabiano Fidêncio
acfa98c03a
Resolves: upstream#3595 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 5f75f7e4f2
)
(cherry picked from commit b2d97e727b
)
2018-05-16 22:29:09 +02:00
Fabiano Fidêncio
feb088d91c
Resolves: upstream#3731 - nss_clear_netgroup_hash_table(): only remove entries from the hash table, do not free them
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 1511bcd8b2
)
(cherry picked from commit 43d49c871d
)
2018-05-16 22:29:09 +02:00
Fabiano Fidêncio
a1fd1c66cf
Resolves: upstream#3728 - Request by ID outside the min_id/max_id limit of a first domain does not reach the second domain
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 3ad9e211eb
)
(cherry picked from commit b2bfd972c9
)
2018-05-16 22:29:09 +02:00
Fabiano Fidêncio
8e3e951bf6
Resolves: upstream#3719 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit ed238e28ff
)
(cherry picked from commit 8530c8b24d
)
2018-05-16 22:29:09 +02:00
Fabiano Fidêncio
c99cc5221a
Related: upstream#2653 - Group renaming issue when "id_provider = ldap" is set.
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 97a62b83f1
)
(cherry picked from commit d212c95076
)
2018-05-16 22:29:09 +02:00
Fabiano Fidêncio
b23bb96b5d
Resolves: upstream#3726 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'.
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 163543f40b
)
(cherry picked from commit 681d87c2ae
)
2018-05-16 22:29:09 +02:00
Fabiano Fidêncio
b6d54af437
Resolves: upstream#3725 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 510134aa02
)
(cherry picked from commit e4e9316ad9
)
2018-05-16 22:29:09 +02:00
Fabiano Fidêncio
c6eb48feab
Related: upstream#3436 - Certificates used in unit tests have limited lifetime
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 5e1db8fc3e
)
(cherry picked from commit 7dc8777d56
)
2018-05-16 22:29:09 +02:00
Fabiano Fidêncio
35934cf3ef
Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa
...
Patch 0018-sysdb-custom-completely-replace-old-object-instead-o.patch
caused a regression, caught by lslebodn and reported by a few users.
Let's comment out this patch for now and uncomment it when we have a fix
that do not cause a regression.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 5254cdcca5
)
(cherry picked from commit c715b8d660
)
2018-05-05 22:00:12 +02:00
Fabiano Fidêncio
ec7c43bb5d
Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM
...
Also ...
Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data
Provider returned an error
[org.freedesktop.sssd.Error.DataProvider.Fatal]
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 90dd145c92
)
(cherry picked from commit 99a84c4b16
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
ce98ba4ba6
Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit a305fc11b7
)
(cherry picked from commit e45d803139
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
28ce4615a4
Document which principal does the AD provider use
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit b6696d97c4
)
(cherry picked from commit 15af9187cf
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
b103eab96c
Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set.
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 2dd8451396
)
(cherry picked from commit e9424464d1
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
32f84803eb
Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound?
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 209701ef7f
)
(cherry picked from commit bf6526be6c
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
0caad9889d
Improve docs/debug message about GC detection
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 3115154117
)
(cherry picked from commit 8ac548e27d
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
2c6ba2bf2b
Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit f47c82bc8d
)
(cherry picked from commit 94dacbcff1
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
54dfcbfa15
Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 64b69ec813
)
(cherry picked from commit d5953555e4
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
b242978f9f
Resolves: upstream#3679 - Make nss netgroup requests more robust
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 8d67726a47
)
(cherry picked from commit f585ce79e5
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
2d8d8d1c8b
Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 8565df471c
)
(cherry picked from commit d4cc9f09a9
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
eefe33aff1
Resolves: upstream#3402 - Support alternative sources for the files provider
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 9709b73a3f
)
(cherry picked from commit 69dd3e36eb
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
c114eb6b3f
Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit a7d4f0b3f4
)
(cherry picked from commit 1ec14767eb
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
bb5f960239
IPA: Qualify the externalUser sudo attribute
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit ab53ba849a
)
(cherry picked from commit ff80480d02
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
389295064e
Tone down shutdown messages for socket activated responders
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit ef1d48a0c2
)
(cherry picked from commit 11342ddfab
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
f338f8cb95
Resolves: upstream#3558 - sudo: report error when two rules share cn
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit fcff118bbf
)
(cherry picked from commit b1ddb6443b
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
b429a75bce
Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit f3d06df50d
)
(cherry picked from commit 7809e6eedd
)
2018-04-27 22:29:48 +02:00
Fabiano Fidêncio
89a1543353
A few KCM misc fixes
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 32f2c81e59
)
(cherry picked from commit 2540bf426d
)
2018-03-30 15:25:35 +02:00
Fabiano Fidêncio
4a56bc21d2
Resolves: upstream#3666 - Fix usage of str.decode() in our test
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 99da72db23
)
(cherry picked from commit 4d8a2ac870
)
2018-03-30 15:25:27 +02:00
Fabiano Fidêncio
97df14ee0f
Resolves: upstream#3386 - KCM: Payload buffer is too small
...
Related to: rhbz#1494843 - KCM Does not work
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 1c7376afc5
)
(cherry picked from commit 7d773ed035
)
2018-03-30 15:25:18 +02:00
Fabiano Fidêncio
26eab693bb
Resolves: usptream#3687 - KCM: Don't pass a non null terminated string to json_loads()
...
Related to: rhbz#1494843 - KCM Does not work
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 73735e9522
)
(cherry picked from commit 0392642064
)
2018-03-30 15:25:10 +02:00
Fabiano Fidêncio
2a59fc635f
Resolves: upstream#3658 - Application domain is not interpreted correctly
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 563dd33f72
)
(cherry picked from commit 4d2103b723
)
2018-03-30 15:24:57 +02:00
Fabiano Fidêncio
44d6f59b93
Resolves: upstream#3660 - confdb_expand_app_domains() always fails
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 2c812f3cba
)
(cherry picked from commit c126b3174c
)
2018-03-30 15:24:44 +02:00
Fabiano Fidêncio
46f52a9bd6
Resolves: upstream#3573 - sssd won't show netgroups with blank domai
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 40fe76feb8
)
(cherry picked from commit 928c3e94ab
)
2018-03-30 15:24:32 +02:00
Fabiano Fidêncio
bfc60044d5
New upstream release 1.16.1
...
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 62a3258629
)
(cherry picked from commit d11cfce2ff
)
2018-03-09 16:56:17 +01:00
Lukas Slebodnik
21443e5ebe
Resolves: upstream#3621 - backport bug fix found by static analyzers
...
(cherry picked from commit 5eba7a8f1f
)
2018-02-20 15:16:21 +01:00
Fabiano Fidêncio
ca31e2be64
Resolves: upstream#3621: FleetCommander integration must not require capability DAC_OVERRIDE
...
Together with the patches backported from upstream, we're changing
the deskprofilepath permissions from 755 to 751, reflecting the
upstream spec file changes.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 4b1fe8a0ab
)
2018-02-14 23:03:54 +01:00
Fabiano Fidêncio
47317c5649
Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set
...
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 199a72e62a
)
2018-02-14 22:25:04 +01:00
Lukas Slebodnik
c90915394e
Resolves: upstream#3618 - selinux_child segfaults in a docker container
...
(cherry picked from commit 18ae44bc79
)
2018-02-07 22:08:14 +01:00
Lukas Slebodnik
01409e3d48
Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout
...
Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
or machine swaps
Resolves: failure in glibc tests
https://sourceware.org/bugzilla/show_bug.cgi?id=22530
Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
auth_provider ldap, login fails if the LDAP server
is not allowing anonymous binds
Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
corrected with AD
Resolves: upstream#3586 - Give a more detailed debug and system-log message
if krb5_init_context() failed
Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
in /etc/systemd/system
Backport few upstream features from 1.16.1
(cherry picked from commit 1dedfbb334
)
2017-12-04 21:53:43 +01:00
Lukas Slebodnik
8f047f7ff4
Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next
...
(cherry picked from commit ce65f7d9ee
)
2017-11-21 18:01:54 +01:00
Lukas Slebodnik
e8791c3999
Revert "Disable nfsplugin due to bug rhbz#1509063"
...
This reverts commit b5c435b10b
.
nfs-utils are fixed
(cherry picked from commit 87763840cd
)
2017-11-21 18:01:44 +01:00
Jakub Hrozek
bb0cc30393
Backport extended NSS API from upstream master branch
2017-11-17 19:41:03 +01:00