rpms
/
sssd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
426 Commits 34 Branches 155 Tags 4.1 MiB
Commit Graph

426 Commits

Author SHA1 Message Date
Michal Židek 5bf25dd87d Resolves: rhbz#1561105 - sssd update prevented login using kerberos user 
(cherry picked from commit a5e12d6904)
 2018-08-21 19:57:01 +02:00
Michal Židek 1d4426f19f New upstream release 1.16.3 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_3.html
- Resolves: upstream#2926 - Make list of local PAM services allowed for
                            Smartcard authentication configurable
- Related: upstream#3542 - Get host key without proxying connection

(cherry picked from commit 6ea9bfe5bb)
 2018-08-14 12:20:28 +02:00
Fabiano Fidêncio b1aca931e9 Resolves: upstream#3766 - CVE-2018-10852: information leak from the sssd-sudo responder 
And also ...

- Related: upstream#941 - return multiple server addresses to the Kerberos
                          locator plugin
- Related: upstream#3652 - kdcinfo doesn't get populated for other domains
- Resolves: upstream#3747 - sss_ssh_authorizedkeys exits abruptly if SSHD
                            closes its end of the pipe before reading all the
                            SSH keys
- Resolves: upstream#3607 - Handle conflicting e-mail addresses more gracefully
- Resolves: upstream#3754 - SSSD AD uses LDAP filter to detect POSIX attributes
                            stored in AD GC also for regular AD DC queries
- Related: upstream#3219 - [RFE] Regular expression used in sssd.conf not being
                           able to consume an @-sign in the user/group name.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 68ef824a5f)
(cherry picked from commit f311832a06)
 2018-06-25 10:00:32 +02:00
Fabiano Fidêncio efa0c9fd07 Resolves: rhbz#1591804 - something keeps /lib/libnss_systemd.so.2 open on minimal appliance image, breaking composes 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 192e845618)
(cherry picked from commit 1dad4d1fac)
 2018-06-25 10:00:09 +02:00
Fabiano Fidêncio ff32b0f35f New upstream release 1.16.2 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_2.html

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit a36f5fea4b)
(cherry picked from commit f14161ac08)
 2018-06-11 16:11:38 +02:00
Fabiano Fidêncio b67161cd28 Related: upstream#3742 - Change of: User may not run sudo --> a password is required 
Patch 0017-sudo-ldap-do-not-store-rules-without-sudoHost-attrib.patch
has been commented out as it caused some regressions on IPA tests.

In order to unblock IPA folks, let's revert this patch from Fedora till
we have a proper fix.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 29d69716ad)
(cherry picked from commit e56517d602)
 2018-05-28 10:13:50 +02:00
Fabiano Fidêncio fb3a33a26b Revert "Add: "ExcludeArch: armv7hl"" 
This reverts commit bc3790f5a0.

(cherry picked from commit 4979898a6e)
(cherry picked from commit e428c4af45)
 2018-05-17 17:58:02 +02:00
Fabiano Fidêncio af12cc5788 Add: "ExcludeArch: armv7hl" 
For some reason still unclear we're *not* able to build SSSD on koji's
buildroot for armv7hl. Some tests have been done and SSSD was built
successfully using real armv7hl hardware, which indicates that we're
facing https://bugzilla.redhat.com/show_bug.cgi?id=1576593

As soon as the bug is resolved, this patch could be safely reverted.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit bc3790f5a0)
(cherry picked from commit 38221da669)
 2018-05-16 22:30:57 +02:00
Fabiano Fidêncio 8ad6fab779 Related: upstream#3436 - Certificates used in unit tests have limited lifetime 
Fix a non harmful warning shown by recent versions of OpenSSL.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 0a2c83fbd0)
(cherry picked from commit b6ae123d6b)
 2018-05-16 22:29:09 +02:00
Fabiano Fidêncio b0a6617361 Related: upstream#3436 - Add openssl, openssh and nss-tools as BuildRequires 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit c4f0508af1)
(cherry picked from commit 0302f3db88)
 2018-05-16 22:29:09 +02:00
Fabiano Fidêncio acfa98c03a Resolves: upstream#3595 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 5f75f7e4f2)
(cherry picked from commit b2d97e727b)
 2018-05-16 22:29:09 +02:00
Fabiano Fidêncio feb088d91c Resolves: upstream#3731 - nss_clear_netgroup_hash_table(): only remove entries from the hash table, do not free them 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 1511bcd8b2)
(cherry picked from commit 43d49c871d)
 2018-05-16 22:29:09 +02:00
Fabiano Fidêncio a1fd1c66cf Resolves: upstream#3728 - Request by ID outside the min_id/max_id limit of a first domain does not reach the second domain 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 3ad9e211eb)
(cherry picked from commit b2bfd972c9)
 2018-05-16 22:29:09 +02:00
Fabiano Fidêncio 8e3e951bf6 Resolves: upstream#3719 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit ed238e28ff)
(cherry picked from commit 8530c8b24d)
 2018-05-16 22:29:09 +02:00
Fabiano Fidêncio c99cc5221a Related: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 97a62b83f1)
(cherry picked from commit d212c95076)
 2018-05-16 22:29:09 +02:00
Fabiano Fidêncio b23bb96b5d Resolves: upstream#3726 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'. 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 163543f40b)
(cherry picked from commit 681d87c2ae)
 2018-05-16 22:29:09 +02:00
Fabiano Fidêncio b6d54af437 Resolves: upstream#3725 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 510134aa02)
(cherry picked from commit e4e9316ad9)
 2018-05-16 22:29:09 +02:00
Fabiano Fidêncio c6eb48feab Related: upstream#3436 - Certificates used in unit tests have limited lifetime 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 5e1db8fc3e)
(cherry picked from commit 7dc8777d56)
 2018-05-16 22:29:09 +02:00
Fabiano Fidêncio 35934cf3ef Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa 
Patch 0018-sysdb-custom-completely-replace-old-object-instead-o.patch
caused a regression, caught by lslebodn and reported by a few users.

Let's comment out this patch for now and uncomment it when we have a fix
that do not cause a regression.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 5254cdcca5)
(cherry picked from commit c715b8d660)
 2018-05-05 22:00:12 +02:00
Fabiano Fidêncio ec7c43bb5d Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM 
Also ...
Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data
                         Provider returned an error
                         [org.freedesktop.sssd.Error.DataProvider.Fatal]

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 90dd145c92)
(cherry picked from commit 99a84c4b16)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio ce98ba4ba6 Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit a305fc11b7)
(cherry picked from commit e45d803139)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio 28ce4615a4 Document which principal does the AD provider use 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit b6696d97c4)
(cherry picked from commit 15af9187cf)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio b103eab96c Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 2dd8451396)
(cherry picked from commit e9424464d1)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio 32f84803eb Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 209701ef7f)
(cherry picked from commit bf6526be6c)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio 0caad9889d Improve docs/debug message about GC detection 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 3115154117)
(cherry picked from commit 8ac548e27d)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio 2c6ba2bf2b Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit f47c82bc8d)
(cherry picked from commit 94dacbcff1)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio 54dfcbfa15 Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 64b69ec813)
(cherry picked from commit d5953555e4)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio b242978f9f Resolves: upstream#3679 - Make nss netgroup requests more robust 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 8d67726a47)
(cherry picked from commit f585ce79e5)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio 2d8d8d1c8b Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 8565df471c)
(cherry picked from commit d4cc9f09a9)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio eefe33aff1 Resolves: upstream#3402 - Support alternative sources for the files provider 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 9709b73a3f)
(cherry picked from commit 69dd3e36eb)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio c114eb6b3f Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit a7d4f0b3f4)
(cherry picked from commit 1ec14767eb)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio bb5f960239 IPA: Qualify the externalUser sudo attribute 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit ab53ba849a)
(cherry picked from commit ff80480d02)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio 389295064e Tone down shutdown messages for socket activated responders 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit ef1d48a0c2)
(cherry picked from commit 11342ddfab)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio f338f8cb95 Resolves: upstream#3558 - sudo: report error when two rules share cn 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit fcff118bbf)
(cherry picked from commit b1ddb6443b)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio b429a75bce Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit f3d06df50d)
(cherry picked from commit 7809e6eedd)
 2018-04-27 22:29:48 +02:00
Fabiano Fidêncio 89a1543353 A few KCM misc fixes 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 32f2c81e59)
(cherry picked from commit 2540bf426d)
 2018-03-30 15:25:35 +02:00
Fabiano Fidêncio 4a56bc21d2 Resolves: upstream#3666 - Fix usage of str.decode() in our test 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 99da72db23)
(cherry picked from commit 4d8a2ac870)
 2018-03-30 15:25:27 +02:00
Fabiano Fidêncio 97df14ee0f Resolves: upstream#3386 - KCM: Payload buffer is too small 
Related to: rhbz#1494843 - KCM Does not work

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 1c7376afc5)
(cherry picked from commit 7d773ed035)
 2018-03-30 15:25:18 +02:00
Fabiano Fidêncio 26eab693bb Resolves: usptream#3687 - KCM: Don't pass a non null terminated string to json_loads() 
Related to: rhbz#1494843 - KCM Does not work

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 73735e9522)
(cherry picked from commit 0392642064)
 2018-03-30 15:25:10 +02:00
Fabiano Fidêncio 2a59fc635f Resolves: upstream#3658 - Application domain is not interpreted correctly 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 563dd33f72)
(cherry picked from commit 4d2103b723)
 2018-03-30 15:24:57 +02:00
Fabiano Fidêncio 44d6f59b93 Resolves: upstream#3660 - confdb_expand_app_domains() always fails 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 2c812f3cba)
(cherry picked from commit c126b3174c)
 2018-03-30 15:24:44 +02:00
Fabiano Fidêncio 46f52a9bd6 Resolves: upstream#3573 - sssd won't show netgroups with blank domai 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 40fe76feb8)
(cherry picked from commit 928c3e94ab)
 2018-03-30 15:24:32 +02:00
Fabiano Fidêncio bfc60044d5 New upstream release 1.16.1 
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 62a3258629)
(cherry picked from commit d11cfce2ff)
 2018-03-09 16:56:17 +01:00
Lukas Slebodnik 21443e5ebe Resolves: upstream#3621 - backport bug fix found by static analyzers 
(cherry picked from commit 5eba7a8f1f)
 2018-02-20 15:16:21 +01:00
Fabiano Fidêncio ca31e2be64 Resolves: upstream#3621: FleetCommander integration must not require capability DAC_OVERRIDE 
Together with the patches backported from upstream, we're changing
the deskprofilepath permissions from 755 to 751, reflecting the
upstream spec file changes.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 4b1fe8a0ab)
 2018-02-14 23:03:54 +01:00
Fabiano Fidêncio 47317c5649 Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 199a72e62a)
 2018-02-14 22:25:04 +01:00
Lukas Slebodnik c90915394e Resolves: upstream#3618 - selinux_child segfaults in a docker container 
(cherry picked from commit 18ae44bc79)
 2018-02-07 22:08:14 +01:00
Lukas Slebodnik 01409e3d48 Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout 
Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
                          or machine swaps
Resolves: failure in glibc tests
          https://sourceware.org/bugzilla/show_bug.cgi?id=22530
Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
                          auth_provider ldap, login fails if the LDAP server
                          is not allowing anonymous binds
Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
                          corrected with AD
Resolves: upstream#3586 - Give a more detailed debug and system-log message
                          if krb5_init_context() failed
Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
                         in /etc/systemd/system
Backport few upstream features from 1.16.1

(cherry picked from commit 1dedfbb334)
 2017-12-04 21:53:43 +01:00
Lukas Slebodnik 8f047f7ff4 Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next 
(cherry picked from commit ce65f7d9ee)
 2017-11-21 18:01:54 +01:00
Lukas Slebodnik e8791c3999 Revert "Disable nfsplugin due to bug rhbz#1509063" 
This reverts commit b5c435b10b.

nfs-utils are fixed

(cherry picked from commit 87763840cd)
 2017-11-21 18:01:44 +01:00