diff --git a/.gitignore b/.gitignore index e69de29..40ea95a 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,91 @@ +sssd-1.2.91.tar.gz +/sssd-1.3.0.tar.gz +/sssd-1.4.0.tar.gz +/sssd-1.4.1.tar.gz +/sssd-1.5.0.tar.gz +/sssd-1.5.1.tar.gz +/sssd-1.5.2.tar.gz +/sssd-1.5.3.tar.gz +/sssd-1.5.4.tar.gz +/sssd-1.5.5.tar.gz +/sssd-1.5.6.tar.gz +/sssd-1.5.6.1.tar.gz +/sssd-1.5.7.tar.gz +/sssd-1.5.8.tar.gz +/sssd-1.5.9.tar.gz +/sssd-1.5.10.tar.gz +/sssd-1.5.11.tar.gz +/sssd-1.6.0.tar.gz +/sssd-1.6.1.tar.gz +/sssd-1.6.2.tar.gz +/sssd-1.6.3.tar.gz +/sssd-1.6.4.tar.gz +/sssd-1.7.0.tar.gz +/sssd-1.8.0beta1.tar.gz +/sssd-1.8.0beta2.tar.gz +/sssd-1.8.0beta3.tar.gz +/sssd-1.8.0.tar.gz +/sssd-1.8.1.tar.gz +/sssd-1.8.2.tar.gz +/sssd-1.8.3.tar.gz +/sssd-1.9.0beta1.tar.gz +/sssd-1.9.0beta2.tar.gz +/sssd-1.9.0beta3.tar.gz +/sssd-1.9.0beta4.tar.gz +/sssd-1.9.0beta5.tar.gz +/sssd-1.9.0beta6.tar.gz +/sssd-1.9.0beta7.tar.gz +/sssd-1.9.0rc1.tar.gz +/sssd-1.9.0.tar.gz +/sssd-1.9.1.tar.gz +/sssd-1.9.2.tar.gz +/sssd-1.9.3.tar.gz +/sssd-1.9.4.tar.gz +/sssd-1.10.0alpha1.tar.gz +/sssd-1.10.0beta1.tar.gz +/sssd-1.10.0beta2.tar.gz +/sssd-1.10.0.tar.gz +/sssd-1.10.1.tar.gz +/sssd-1.11.0beta2.tar.gz +/sssd-1.11.0.tar.gz +/sssd-1.11.1.tar.gz +/sssd-1.11.2.tar.gz +/sssd-1.11.3.tar.gz +/sssd-1.11.4.tar.gz +/sssd-1.11.5.tar.gz +/sssd-1.11.5.1.tar.gz +/sssd-1.12.0beta1.tar.gz +/sssd-1.12.0beta2.tar.gz +/sssd-1.12.0.tar.gz +/sssd-1.12.1.tar.gz +/sssd-1.12.2.tar.gz +/sssd-1.12.3.tar.gz +/sssd-1.12.4.tar.gz +/sssd-1.12.5.tar.gz +/sssd-1.13.0alpha.tar.gz +/sssd-1.13.0.tar.gz +/sssd-1.13.1.tar.gz +/sssd-1.13.2.tar.gz +/sssd-1.13.3.tar.gz +/sssd-1.13.4.tar.gz +/sssd-1.14.0alpha.tar.gz +/sssd-1.14.0beta1.tar.gz +/sssd-1.14.0.tar.gz +/sssd-1.14.1.tar.gz +/sssd-1.14.2.tar.gz +/sssd-1.15.0.tar.gz +/sssd-1.15.1.tar.gz +/sssd-1.15.2.tar.gz +/sssd-1.15.3.tar.gz +/sssd-1.16.0.tar.gz +/sssd-1.16.1.tar.gz +/sssd-1.16.2.tar.gz +/sssd-2.0.0.tar.gz +/sssd-2.1.0.tar.gz +/sssd-2.2.0.tar.gz +/sssd-2.2.1.tar.gz +/sssd-2.2.2.tar.gz +/sssd-2.2.3.tar.gz +/sssd-2.3.0.tar.gz +/sssd-2.3.1.tar.gz +/sssd-2.4.0.tar.gz diff --git a/0001-fix-compilation-with-check-0.15.1.patch b/0001-fix-compilation-with-check-0.15.1.patch new file mode 100644 index 0000000..5a2a880 --- /dev/null +++ b/0001-fix-compilation-with-check-0.15.1.patch @@ -0,0 +1,4005 @@ +From ae92ebec5ab0535d0a24c983b36026f615a60b5e Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:01 +0000 +Subject: [PATCH 01/19] =?UTF-8?q?DLOPEN-TESTS:=20Fix=20error=20too=20few?= + =?UTF-8?q?=20arguments=20to=20function=20=E2=80=98=5Fck=5Fassert=5Ffailed?= + =?UTF-8?q?=E2=80=99?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* add missing messages to fail_{if,unless} macros +--- + src/tests/dlopen-tests.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/tests/dlopen-tests.c b/src/tests/dlopen-tests.c +index 4727e7cd9..4acaba2a4 100644 +--- a/src/tests/dlopen-tests.c ++++ b/src/tests/dlopen-tests.c +@@ -194,13 +194,13 @@ static char **get_so_files(size_t *_list_size) + char **libraries; + + n = scandir(LIBPFX, &namelist, file_so_filter, alphasort); +- fail_unless(n > 0); ++ fail_unless(n > 0, "Failed to scan dirrectory: " LIBPFX); + + libraries = calloc(n + 1, sizeof(char *)); + + for (int i = 0; i < n; ++i) { + libraries[i] = strdup(namelist[i]->d_name); +- fail_if(libraries[i] == NULL); ++ fail_if(libraries[i] == NULL, "Failed to allocate memory"); + + free(namelist[i]); + } +@@ -250,7 +250,7 @@ START_TEST(test_dlopen_base) + } + free(found_libraries); + +- fail_if(unchecked_library); ++ fail_if(unchecked_library, "Unchecked library found"); + } + END_TEST + +-- +2.28.0.rc2 + + +From 23849dfb089c0cbd877feaa3fbb4df94f3d62ebb Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:02 +0000 +Subject: [PATCH 02/19] =?UTF-8?q?SYSDB-TESTS:=20Fix=20error=20too=20few=20?= + =?UTF-8?q?arguments=20to=20function=20=E2=80=98=5Fck=5Fassert=5Ffailed?= + =?UTF-8?q?=E2=80=99?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* add missing messages to fail_{if,unless} macros +* convert assertions to different macros + +e.g. +src/tests/sysdb-tests.c:6622:5: error: too few arguments to function ‘_ck_assert_failed’ + 6622 | fail_if(ret != EOK); +--- + src/tests/sysdb-tests.c | 454 +++++++++++++++++++++------------------- + 1 file changed, 236 insertions(+), 218 deletions(-) + +diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c +index 5381b9a17..b7e0e2389 100644 +--- a/src/tests/sysdb-tests.c ++++ b/src/tests/sysdb-tests.c +@@ -694,13 +694,13 @@ START_TEST (test_sysdb_user_new_id) + fqname = sss_create_internal_fqname(test_ctx, + username, + test_ctx->domain->name); +- fail_if(fqname == NULL); ++ fail_if(fqname == NULL, "Failed to allocate memory"); + + attrs = sysdb_new_attrs(test_ctx); +- fail_if(attrs == NULL); ++ fail_if(attrs == NULL, "Failed to allocate memory"); + + ret = sysdb_attrs_add_string(attrs, SYSDB_DESCRIPTION, desc_in); +- fail_if(ret != EOK); ++ fail_if(ret != EOK, "Failed to add attribute: " SYSDB_DESCRIPTION); + + ret = sysdb_add_user(test_ctx->domain, fqname, + 1234, 1234, fqname, "/", "/bin/bash", +@@ -713,7 +713,7 @@ START_TEST (test_sysdb_user_new_id) + fail_if(ret != EOK, "Could not retrieve user %s", fqname); + + desc = ldb_msg_find_attr_as_string(msg, SYSDB_DESCRIPTION, NULL); +- fail_unless(desc != NULL); ++ fail_unless(desc != NULL, "Failed to find attribute: " SYSDB_DESCRIPTION); + ck_assert_str_eq(desc, desc_in); + + ret = sysdb_delete_user(test_ctx->domain, fqname, 0); +@@ -738,7 +738,7 @@ START_TEST (test_sysdb_store_user) + } + + data = test_data_new_user(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = test_store_user(data); + +@@ -761,7 +761,7 @@ START_TEST (test_sysdb_store_user_existing) + } + + data = test_data_new_user(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->shell = "/bin/ksh"; + + ret = test_store_user(data); +@@ -831,7 +831,7 @@ START_TEST (test_sysdb_remove_local_user_by_uid) + } + + data = test_data_new(test_ctx); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->uid = _i; + + ret = test_remove_user_by_uid(data); +@@ -855,7 +855,7 @@ START_TEST (test_sysdb_remove_local_group) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = test_remove_group(data); + +@@ -878,7 +878,7 @@ START_TEST (test_sysdb_remove_local_group_by_gid) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + null_ctx_get_size(data->ctx); + ret = test_remove_group_by_gid(data); +@@ -903,7 +903,7 @@ START_TEST (test_sysdb_add_user) + } + + data = test_data_new_user(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = test_add_user(data); + +@@ -926,7 +926,7 @@ START_TEST (test_sysdb_add_group) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = test_add_group(data); + +@@ -951,7 +951,7 @@ START_TEST (test_sysdb_add_group_with_ghosts) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + for (j = MBO_GROUP_BASE; j < _i; j++) { + member_fqname = test_asprintf_fqname(data, data->ctx->domain, +@@ -983,7 +983,7 @@ START_TEST (test_sysdb_add_incomplete_group) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = test_add_incomplete_group(data); + +@@ -1053,7 +1053,7 @@ START_TEST (test_sysdb_getpwnam) + } + + data = test_data_new_user(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + res = test_getpwnam(data); + fail_if(res->count != 1, +@@ -1069,7 +1069,6 @@ START_TEST (test_sysdb_getpwnam) + data->username = test_asprintf_fqname(data, test_ctx->domain, + "TESTUSER%d", _i); + fail_if(data->username == NULL, "OOM"); +- fail_if(ret != EOK); + + res = test_getpwnam(data); + fail_if(res->count != 0, +@@ -1101,15 +1100,16 @@ START_TEST(test_user_group_by_name) + test_ctx->domain->mpg_mode = MPG_ENABLED; + + data = test_data_new_user(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = sysdb_search_group_by_name(data, + data->ctx->domain, + data->username, /* we're searching for the private group */ + NULL, + &msg); +- fail_if(ret != EOK); +- fail_if(msg == NULL); ++ fail_if(ret != EOK, ++ "sysdb_search_group_by_name failed with error: %d", ret); ++ fail_if(msg == NULL, "Failed to find group: %s", data->username); + + groupname = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); + ck_assert_str_eq(groupname, data->username); +@@ -1131,14 +1131,15 @@ START_TEST(test_user_group_by_name_local) + } + + data = test_data_new_user(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = sysdb_search_group_by_name(data, + data->ctx->domain, + data->username, /* we're searching for the private group */ + NULL, + &msg); +- fail_if(ret != ENOENT); ++ fail_if(ret != ENOENT, ++ "sysdb_search_group_by_name must return ENOENT got: %d", ret); + } + END_TEST + +@@ -1159,7 +1160,7 @@ START_TEST (test_sysdb_getgrnam) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + res = test_getgrnam(data); + fail_if(res->count != 1, +@@ -1176,7 +1177,6 @@ START_TEST (test_sysdb_getgrnam) + data->groupname = test_asprintf_fqname(data, test_ctx->domain, + "TESTGROUP%d", _i); + fail_if(data->groupname == NULL, "OOM"); +- fail_if(ret != EOK); + + res = test_getgrnam(data); + fail_if(res->count != 0, +@@ -1302,7 +1302,7 @@ START_TEST (test_sysdb_getpwuid) + } + + data = test_data_new_user(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = sysdb_getpwuid(test_ctx, + test_ctx->domain, +@@ -1397,7 +1397,7 @@ START_TEST (test_sysdb_set_user_attr) + } + + data = test_data_new_user(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->attrs = sysdb_new_attrs(test_ctx); + if (ret != EOK) { +@@ -1506,7 +1506,7 @@ START_TEST (test_sysdb_get_user_attr) + } + + data = test_data_new_user(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = sysdb_get_user_attr(test_ctx, test_ctx->domain, data->username, attrs, + &res); +@@ -1601,7 +1601,7 @@ START_TEST (test_sysdb_add_nonposix_user) + fail_if(fq_name == NULL, "Failed to create fq name."); + + user_attrs = sysdb_new_attrs(test_ctx); +- fail_if(user_attrs == NULL); ++ fail_if(user_attrs == NULL, "Failed to allocate memory"); + + ret = sysdb_attrs_add_bool(user_attrs, SYSDB_POSIX, false); + fail_if(ret != EOK, "Could not add attribute"); +@@ -1691,12 +1691,12 @@ START_TEST (test_sysdb_add_group_member) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->uid = _i - 1000; /* the UID of user to add */ + data->username = test_asprintf_fqname(data, test_ctx->domain, + "testuser%d", data->uid); +- fail_if(data->username == NULL); ++ fail_if(data->username == NULL, "Failed to allocate memory"); + + ret = test_add_group_member(data); + +@@ -1771,12 +1771,12 @@ START_TEST (test_sysdb_remove_group_member) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->uid = _i - 1000; /* the UID of user to remove */ + data->username = test_asprintf_fqname(data, test_ctx->domain, + "testuser%d", data->uid); +- fail_if(data->username == NULL); ++ fail_if(data->username == NULL, "Failed to allocate memory"); + + ret = test_remove_group_member(data); + fail_if(ret != EOK, "Remove group member failed: %d", ret); +@@ -1799,7 +1799,7 @@ START_TEST (test_sysdb_remove_nonexistent_user) + } + + data = test_data_new(test_ctx); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->uid = 12345; + + ret = test_remove_user_by_uid(data); +@@ -1823,7 +1823,7 @@ START_TEST (test_sysdb_remove_nonexistent_group) + } + + data = test_data_new(test_ctx); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->gid = 12345; + + ret = test_remove_group_by_gid(data); +@@ -1866,7 +1866,7 @@ START_TEST (test_sysdb_store_custom) + } + + data = test_data_new(test_ctx); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->uid = _i; + data->attrs = sysdb_new_attrs(test_ctx); +@@ -1905,7 +1905,7 @@ START_TEST (test_sysdb_search_custom_by_name) + } + + data = test_data_new(test_ctx); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->attrlist = talloc_array(test_ctx, const char *, 2); + fail_unless(data->attrlist != NULL, "talloc_array failed"); +@@ -1958,7 +1958,7 @@ START_TEST (test_sysdb_update_custom) + } + + data = test_data_new(test_ctx); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->uid = 29010; + data->attrs = sysdb_new_attrs(test_ctx); +@@ -2006,7 +2006,7 @@ START_TEST (test_sysdb_search_custom_update) + } + + data = test_data_new(test_ctx); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->attrlist = talloc_array(test_ctx, const char *, 3); + fail_unless(data->attrlist != NULL, "talloc_array failed"); +@@ -2074,7 +2074,7 @@ START_TEST (test_sysdb_search_custom) + } + + data = test_data_new(test_ctx); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->attrlist = talloc_array(test_ctx, const char *, 3); + fail_unless(data->attrlist != NULL, "talloc_array failed"); +@@ -2112,7 +2112,7 @@ START_TEST (test_sysdb_delete_custom) + } + + data = test_data_new(test_ctx); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = test_delete_custom(data); + +@@ -2209,7 +2209,7 @@ static void cached_authentication_without_expiration(uid_t uid, + fail_unless(ret == EOK, "Could not set up the test"); + + data = test_data_new_user(test_ctx, uid); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + val[0] = "0"; + ret = confdb_add_param(test_ctx->confdb, true, CONFDB_PAM_CONF_ENTRY, +@@ -2257,7 +2257,7 @@ static void cached_authentication_with_expiration(uid_t uid, + fail_unless(ret == EOK, "Could not set up the test"); + + data = test_data_new_user(test_ctx, uid); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + val[0] = "1"; + ret = confdb_add_param(test_ctx->confdb, true, CONFDB_PAM_CONF_ENTRY, +@@ -2336,12 +2336,12 @@ START_TEST (test_sysdb_prepare_asq_test_user) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->uid = ASQ_TEST_USER_UID; + data->username = test_asprintf_fqname(data, test_ctx->domain, + "testuser%u", data->uid); +- fail_if(data->username == NULL); ++ fail_if(data->username == NULL, "Failed to allocate memory"); + + ret = test_add_group_member(data); + +@@ -2369,7 +2369,7 @@ START_TEST (test_sysdb_asq_search) + } + + data = test_data_new_user(test_ctx, ASQ_TEST_USER_UID); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->attrlist = talloc_array(data, const char *, 2); + fail_unless(data->attrlist != NULL, "talloc_array failed"); +@@ -2428,7 +2428,7 @@ START_TEST (test_sysdb_search_all_users) + } + + data = test_data_new(test_ctx); +- fail_unless(data != NULL); ++ fail_unless(data != NULL, "Failed to allocate memory"); + + data->attrlist = talloc_array(data, const char *, 2); + fail_unless(data->attrlist != NULL, "talloc_array failed"); +@@ -2487,7 +2487,7 @@ START_TEST (test_sysdb_delete_recursive) + } + + data = test_data_new(test_ctx); +- fail_unless(data != NULL); ++ fail_unless(data != NULL, "Failed to allocate memory"); + + ret = test_delete_recursive(data); + +@@ -2553,7 +2553,7 @@ START_TEST (test_sysdb_memberof_store_group) + } + + data = test_data_new_group(test_ctx, MBO_GROUP_BASE + _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + if (_i == 0) { + data->attrlist = NULL; +@@ -2563,7 +2563,7 @@ START_TEST (test_sysdb_memberof_store_group) + data->attrlist[0] = test_asprintf_fqname(data, data->ctx->domain, + "testgroup%d", data->gid - 1); + data->attrlist[1] = NULL; +- fail_if(data->attrlist[0] == NULL); ++ fail_if(data->attrlist[0] == NULL, "Failed to allocate memory"); + } + + ret = test_memberof_store_group(data); +@@ -2587,7 +2587,7 @@ START_TEST (test_sysdb_memberof_store_group_with_ghosts) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + if (_i == 0 || _i == MBO_GROUP_BASE) { + data->attrlist = NULL; +@@ -2597,7 +2597,7 @@ START_TEST (test_sysdb_memberof_store_group_with_ghosts) + data->attrlist[0] = test_asprintf_fqname(data, data->ctx->domain, + "testgroup%d", data->gid - 1); + data->attrlist[1] = NULL; +- fail_if(data->attrlist[0] == NULL); ++ fail_if(data->attrlist[0] == NULL, "Failed to allocate memory"); + } + + data->ghostlist = talloc_array(data, char *, 2); +@@ -2605,7 +2605,7 @@ START_TEST (test_sysdb_memberof_store_group_with_ghosts) + data->ghostlist[0] = test_asprintf_fqname(data, data->ctx->domain, + "testuser%d", data->gid); + data->ghostlist[1] = NULL; +- fail_if(data->ghostlist[0] == NULL); ++ fail_if(data->ghostlist[0] == NULL, "Failed to allocate memory"); + + ret = test_memberof_store_group_with_ghosts(data); + +@@ -2628,7 +2628,7 @@ START_TEST (test_sysdb_memberof_store_group_with_double_ghosts) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + if (_i == 0) { + data->attrlist = NULL; +@@ -2673,7 +2673,7 @@ START_TEST (test_sysdb_memberof_mod_add) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ghostname = test_asprintf_fqname(data, test_ctx->domain, + "testghost%d", _i); +@@ -2755,7 +2755,7 @@ START_TEST (test_sysdb_memberof_mod_replace) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + /* The test replaces the testuser%i attribute with testghost%i */ + ghostname_del = test_asprintf_fqname(data, test_ctx->domain, +@@ -2842,7 +2842,7 @@ START_TEST (test_sysdb_memberof_mod_replace_keep) + } + + data = test_data_new_group(test_ctx, MBO_GROUP_BASE + 10 - _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + /* The test replaces the attributes (testusera$gid, testuserb$gid) with + * just testusera$gid. The result should be not only testusera, but also +@@ -3021,7 +3021,7 @@ START_TEST (test_sysdb_memberof_store_user) + } + + data = test_data_new_user(test_ctx, MBO_USER_BASE + _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = test_store_user(data); + fail_if(ret != EOK, "Could not store user %s", data->username); +@@ -3043,12 +3043,12 @@ START_TEST (test_sysdb_memberof_add_group_member) + } + + data = test_data_new_group(test_ctx, MBO_GROUP_BASE + _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->uid = MBO_USER_BASE + _i; + data->username = test_asprintf_fqname(data, test_ctx->domain, + "testuser%d", data->uid); +- fail_if(data->username == NULL); ++ fail_if(data->username == NULL, "Failed to allocate memory"); + + ret = test_add_group_member(data); + fail_if(ret != EOK, "Could not modify group %s", data->groupname); +@@ -3071,7 +3071,7 @@ START_TEST (test_sysdb_memberof_check_memberuid_without_group_5) + } + + data = test_data_new_group(test_ctx, MBO_GROUP_BASE + _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->attrlist = talloc_array(data, const char *, 2); + fail_unless(data->attrlist != NULL, "tallo_array failed."); +@@ -3120,7 +3120,7 @@ START_TEST (test_sysdb_memberof_check_memberuid) + } + + data = test_data_new_group(test_ctx, MBO_GROUP_BASE + _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->attrlist = talloc_array(data, const char *, 2); + fail_unless(data->attrlist != NULL, "talloc_array failed."); +@@ -3160,7 +3160,7 @@ START_TEST (test_sysdb_memberof_check_memberuid_loop) + } + + data = test_data_new_group(test_ctx, _i + MBO_GROUP_BASE); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->attrlist = talloc_array(data, const char *, 2); + fail_unless(data->attrlist != NULL, "talloc_array failed."); +@@ -3200,7 +3200,7 @@ START_TEST (test_sysdb_memberof_check_memberuid_loop_without_group_5) + } + + data = test_data_new_group(test_ctx, _i + MBO_GROUP_BASE); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->attrlist = talloc_array(data, const char *, 2); + fail_unless(data->attrlist != NULL, "tallo_array failed."); +@@ -3249,7 +3249,7 @@ START_TEST (test_sysdb_memberof_check_nested_ghosts) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->attrlist = talloc_array(data, const char *, 2); + fail_unless(data->attrlist != NULL, "talloc_array failed."); +@@ -3284,7 +3284,7 @@ START_TEST (test_sysdb_memberof_check_nested_double_ghosts) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->attrlist = talloc_array(data, const char *, 2); + fail_unless(data->attrlist != NULL, "talloc_array failed."); +@@ -3321,7 +3321,7 @@ START_TEST (test_sysdb_memberof_remove_child_group_and_check_ghost) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + delgid = data->gid - 1; + + data->attrlist = talloc_array(data, const char *, 2); +@@ -3383,7 +3383,7 @@ START_TEST (test_sysdb_memberof_mod_del) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ghostname = test_asprintf_fqname(data, test_ctx->domain, "testuser%d", _i); + fail_unless(ghostname != NULL, "Out of memory\n"); +@@ -3462,7 +3462,7 @@ START_TEST (test_sysdb_memberof_check_ghost) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->attrlist = talloc_array(data, const char *, 2); + fail_unless(data->attrlist != NULL, "talloc_array failed."); +@@ -3499,7 +3499,9 @@ START_TEST (test_sysdb_memberof_check_ghost) + expected = test_asprintf_fqname(data, test_ctx->domain, "testghost%d", j); + fail_if(expected == NULL, "OOM\n"); + fail_unless(strcmp(expected, +- (const char *) data->msg->elements[0].values[j-MBO_GROUP_BASE].data) == 0); ++ (const char *) data->msg->elements[0].values[j-MBO_GROUP_BASE].data) == 0, ++ "Expecting: %s dot: %s", expected, ++ (const char *) data->msg->elements[0].values[j-MBO_GROUP_BASE].data); + talloc_free(expected); + } + +@@ -3521,10 +3523,10 @@ START_TEST (test_sysdb_memberof_convert_to_real_users) + } + + data = test_data_new_user(test_ctx, _i * 2); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->username = test_asprintf_fqname(data, test_ctx->domain, + "testghost%d", _i); +- fail_if(data->username == NULL); ++ fail_if(data->username == NULL, "Failed to allocate memory"); + + ret = test_store_user(data); + fail_if(ret != EOK, "Cannot add user %s\n", data->username); +@@ -3550,7 +3552,7 @@ START_TEST (test_sysdb_memberof_check_convert) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->attrlist = talloc_array(data, const char *, 3); + fail_unless(data->attrlist != NULL, "talloc_array failed."); +@@ -3613,7 +3615,7 @@ START_TEST (test_sysdb_memberof_ghost_replace) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + /* The test replaces the testghost%i attribute with testuser%i */ + ghostname_del = test_asprintf_fqname(data, test_ctx->domain, +@@ -3687,7 +3689,7 @@ START_TEST (test_sysdb_memberof_ghost_replace_noop) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + /* The test replaces the testghost%i attribute with testuser%i */ + ghostname_del = test_asprintf_fqname(data, test_ctx->domain, +@@ -3757,7 +3759,7 @@ START_TEST (test_sysdb_memberof_user_cleanup) + } + + data = test_data_new_user(test_ctx, _i * 2); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = test_remove_user_by_uid(data); + +@@ -3782,7 +3784,7 @@ START_TEST (test_sysdb_set_get_bool) + } + + dn = sysdb_domain_dn(test_ctx, test_ctx->domain); +- fail_unless(dn != NULL); ++ fail_unless(dn != NULL, "Failed to allocate memory"); + + /* attribute is not created yet */ + ret = sysdb_get_bool(test_ctx->sysdb, dn, attr_val, +@@ -3794,19 +3796,19 @@ START_TEST (test_sysdb_set_get_bool) + /* add attribute */ + ret = sysdb_set_bool(test_ctx->sysdb, dn, test_ctx->domain->name, + attr_val, true); +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, "sysdb_set_bool failed with error: %d", ret); + + /* successfully obtain attribute */ + ret = sysdb_get_bool(test_ctx->sysdb, dn, attr_val, + &value); + fail_unless(ret == EOK, "sysdb_get_bool failed %d:[%s]", + ret, sss_strerror(ret)); +- fail_unless(value == true); ++ fail_unless(value == true, "sysdb_get_bool must return true"); + + /* use non-existing DN */ + ne_dn = ldb_dn_new_fmt(test_ctx, test_ctx->sysdb->ldb, SYSDB_DOM_BASE, + "non-existing domain"); +- fail_unless(ne_dn != NULL); ++ fail_unless(ne_dn != NULL, "Failed to allocate memory"); + ret = sysdb_get_bool(test_ctx->sysdb, ne_dn, attr_val, + &value); + fail_unless(ret == ENOENT, +@@ -3835,7 +3837,7 @@ START_TEST (test_sysdb_set_get_uint) + } + + dn = sysdb_domain_dn(test_ctx, test_ctx->domain); +- fail_unless(dn != NULL); ++ fail_unless(dn != NULL, "Failed to allocate memory"); + + /* attribute is not created yet */ + ret = sysdb_get_uint(test_ctx->sysdb, dn, attr_val, +@@ -3847,19 +3849,19 @@ START_TEST (test_sysdb_set_get_uint) + /* add attribute */ + ret = sysdb_set_uint(test_ctx->sysdb, dn, test_ctx->domain->name, + attr_val, 0xCAFEBABE); +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, "sysdb_set_uint failed with error: %d", ret); + + /* successfully obtain attribute */ + ret = sysdb_get_uint(test_ctx->sysdb, dn, attr_val, + &value); + fail_unless(ret == EOK, "sysdb_get_uint failed %d:[%s]", + ret, sss_strerror(ret)); +- fail_unless(value == 0xCAFEBABE); ++ ck_assert_int_eq(value, 0xCAFEBABE); + + /* use non-existing DN */ + ne_dn = ldb_dn_new_fmt(test_ctx, test_ctx->sysdb->ldb, SYSDB_DOM_BASE, + "non-existing domain"); +- fail_unless(ne_dn != NULL); ++ fail_unless(ne_dn != NULL, "Failed to allocate memory"); + ret = sysdb_get_uint(test_ctx->sysdb, ne_dn, attr_val, + &value); + fail_unless(ret == ENOENT, +@@ -4147,22 +4149,24 @@ START_TEST (test_sysdb_update_members) + fail_if(user_fqname == NULL, "user_fqname returned NULL"); + + ret = sysdb_initgroups(test_ctx, test_ctx->domain, user_fqname, &res); +- fail_if(ret != EOK); +- fail_unless(res->count == 1); /* only the user itself */ ++ fail_if(ret != EOK, "sysdb_initgroups failed with error: %d", ret); ++ ck_assert_int_eq(res->count, 1); /* only the user itself */ + + /* Add a user to two groups */ + add_groups = talloc_array(test_ctx, char *, 3); + add_groups[0] = sss_create_internal_fqname(add_groups, "testgroup28001", + test_ctx->domain->name); +- fail_if(add_groups[0] == NULL); ++ fail_if(add_groups[0] == NULL, "Failed to create internal fqname for: %s", ++ test_ctx->domain->name); + add_groups[1] = sss_create_internal_fqname(add_groups, "testgroup28002", + test_ctx->domain->name); +- fail_if(add_groups[1] == NULL); ++ fail_if(add_groups[1] == NULL, "Failed to create internal fqname for: %s" ++ test_ctx->domain->name); + add_groups[2] = NULL; + + /* For later check */ + group_fqname = talloc_strdup(test_ctx, add_groups[1]); +- fail_if(group_fqname == NULL); ++ fail_if(group_fqname == NULL, "Failed to allocate memory"); + + ret = sysdb_update_members(test_ctx->domain, user_fqname, + SYSDB_MEMBER_USER, +@@ -4170,8 +4174,8 @@ START_TEST (test_sysdb_update_members) + fail_unless(ret == EOK, "Could not add groups"); + + ret = sysdb_initgroups(test_ctx, test_ctx->domain, user_fqname, &res); +- fail_if(ret != EOK); +- fail_unless(res->count == 3); ++ fail_if(ret != EOK, "sysdb_initgroups failed with error: %d", ret); ++ ck_assert_int_eq(res->count, 3); + + check_fqname = ldb_msg_find_attr_as_string(res->msgs[1], SYSDB_NAME, NULL); + ck_assert_str_eq(check_fqname, add_groups[0]); +@@ -4196,8 +4200,8 @@ START_TEST (test_sysdb_update_members) + fail_unless(ret == EOK, "Group replace failed"); + + ret = sysdb_initgroups(test_ctx, test_ctx->domain, user_fqname, &res); +- fail_if(ret != EOK); +- fail_unless(res->count == 3); ++ fail_if(ret != EOK, "sysdb_initgroups failed with error: %d", ret); ++ ck_assert_int_eq(res->count, 3); + + check_fqname = ldb_msg_find_attr_as_string(res->msgs[1], SYSDB_NAME, NULL); + ck_assert_str_eq(check_fqname, group_fqname); +@@ -4208,8 +4212,8 @@ START_TEST (test_sysdb_update_members) + talloc_zfree(del_groups); + + ret = sysdb_initgroups(test_ctx, test_ctx->domain, user_fqname, &res); +- fail_if(ret != EOK); +- fail_unless(res->count == 3); ++ fail_if(ret != EOK, "sysdb_initgroups failed with error: %d", ret); ++ ck_assert_int_eq(res->count, 3); + + /* Remove a user from two groups */ + del_groups = talloc_array(test_ctx, char *, 3); +@@ -4224,8 +4228,8 @@ START_TEST (test_sysdb_update_members) + fail_unless(ret == EOK, "Could not remove groups"); + + ret = sysdb_initgroups(test_ctx, test_ctx->domain, user_fqname, &res); +- fail_if(ret != EOK); +- fail_unless(res->count == 1); /* only the user itself */ ++ fail_if(ret != EOK, "sysdb_initgroups failed with error: %d", ret); ++ ck_assert_int_eq(res->count, 1); /* only the user itself */ + + talloc_zfree(test_ctx); + } +@@ -4248,7 +4252,7 @@ START_TEST (test_sysdb_group_dn_name) + } + + data = test_data_new_group(test_ctx, _i); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + group_dn = sysdb_group_dn(test_ctx, test_ctx->domain, data->groupname); + fail_if(group_dn == NULL, "OOM"); +@@ -4277,7 +4281,7 @@ START_TEST (test_sysdb_add_basic_netgroup) + } + + data = test_data_new(test_ctx); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->uid = _i; /* This is kinda abuse of uid, though */ + data->netgrname = talloc_asprintf(data, "testnetgr%d", _i); + +@@ -4310,7 +4314,7 @@ START_TEST (test_sysdb_search_netgroup_by_name) + fail_if(ret != EOK, "Could not find netgroup with name %s", netgrname); + + netgroup_dn = sysdb_netgroup_dn(test_ctx, test_ctx->domain, netgrname); +- fail_if(netgroup_dn == NULL); ++ fail_if(netgroup_dn == NULL, "Failed to allocate memory"); + fail_if(ldb_dn_compare(msg->dn, netgroup_dn) != 0, "Found wrong netgroup!\n"); + talloc_free(test_ctx); + } +@@ -4330,7 +4334,7 @@ START_TEST (test_sysdb_remove_netgroup_entry) + } + + data = test_data_new(test_ctx); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->netgrname = talloc_asprintf(data, "testnetgr%d", _i); + + ret = test_remove_netgroup_entry(data); +@@ -4354,7 +4358,7 @@ START_TEST (test_sysdb_remove_netgroup_by_name) + } + + data = test_data_new(test_ctx); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->netgrname = talloc_asprintf(data, "testnetgr%d", _i); + + ret = test_remove_netgroup_by_name(data); +@@ -4378,7 +4382,7 @@ START_TEST (test_sysdb_set_netgroup_attr) + } + + data = test_data_new(test_ctx); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->uid = _i; /* This is kinda abuse of uid, though */ + data->netgrname = talloc_asprintf(data, "testnetgr%d", _i); + +@@ -4756,10 +4760,10 @@ START_TEST(test_SSS_LDB_SEARCH) + + groupname = test_asprintf_fqname(test_ctx, test_ctx->domain, + "test_group"); +- fail_if(groupname == NULL); ++ fail_if(groupname == NULL, "Failed to allocate memory"); + groupname_neg = test_asprintf_fqname(test_ctx, test_ctx->domain, + "non_existing_test_group"); +- fail_if(groupname_neg == NULL); ++ fail_if(groupname_neg == NULL, "Failed to allocate memory"); + + group_dn = sysdb_group_dn(test_ctx, test_ctx->domain, groupname); + fail_if(group_dn == NULL, "sysdb_group_dn failed"); +@@ -4857,16 +4861,18 @@ void services_check_match(struct sysdb_test_ctx *test_ctx, + strerror(ret)); + } + fail_if(res == NULL, "ENOMEM"); +- fail_if(res->count != 1); ++ ck_assert_int_eq(res->count, 1); + + /* Make sure the returned entry matches */ + msg = res->msgs[0]; + ret_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); +- fail_if(ret_name == NULL); +- fail_unless(strcmp(ret_name, primary_name) == 0); ++ fail_if(ret_name == NULL, "Cannot find attribute: " SYSDB_NAME); ++ fail_unless(strcmp(ret_name, primary_name) == 0, ++ "Wrong value returned for attribute: %s. got: %s expected: %s", ++ SYSDB_NAME, ret_name, primary_name); + + ret_port = ldb_msg_find_attr_as_int(msg, SYSDB_SVC_PORT, 0); +- fail_if (ret_port != port); ++ ck_assert_int_eq(ret_port, port); + + el = ldb_msg_find_element(msg, SYSDB_NAME_ALIAS); + for (i = 0; i < el->num_values; i++) { +@@ -4917,27 +4923,27 @@ START_TEST(test_sysdb_add_services) + fail_if(ret != EOK, "Could not set up the test"); + + primary_name = talloc_asprintf(test_ctx, "test_service"); +- fail_if(primary_name == NULL); ++ fail_if(primary_name == NULL, "Failed to allocate memory"); + + aliases = talloc_array(test_ctx, const char *, 3); +- fail_if(aliases == NULL); ++ fail_if(aliases == NULL, "Failed to allocate memory"); + + aliases[0] = talloc_asprintf(aliases, "test_service_alias1"); +- fail_if(aliases[0] == NULL); ++ fail_if(aliases[0] == NULL, "Failed to allocate memory"); + + aliases[1] = talloc_asprintf(aliases, "test_service_alias2"); +- fail_if(aliases[1] == NULL); ++ fail_if(aliases[1] == NULL, "Failed to allocate memory"); + + aliases[2] = NULL; + + protocols = talloc_array(test_ctx, const char *, 3); +- fail_if(protocols == NULL); ++ fail_if(protocols == NULL, "Failed to allocate memory"); + + protocols[0] = talloc_asprintf(protocols, "tcp"); +- fail_if(protocols[0] == NULL); ++ fail_if(protocols[0] == NULL, "Failed to allocate memory"); + + protocols[1] = talloc_asprintf(protocols, "udp"); +- fail_if(protocols[1] == NULL); ++ fail_if(protocols[1] == NULL, "Failed to allocate memory"); + + protocols[2] = NULL; + +@@ -4992,24 +4998,24 @@ START_TEST(test_sysdb_store_services) + fail_if(ret != EOK, "Could not set up the test"); + + aliases = talloc_array(test_ctx, const char *, 3); +- fail_if(aliases == NULL); ++ fail_if(aliases == NULL, "Failed to allocate memory"); + + aliases[0] = talloc_asprintf(aliases, "test_service_alias1"); +- fail_if(aliases[0] == NULL); ++ fail_if(aliases[0] == NULL, "Failed to allocate memory"); + + aliases[1] = talloc_asprintf(aliases, "test_service_alias2"); +- fail_if(aliases[1] == NULL); ++ fail_if(aliases[1] == NULL, "Failed to allocate memory"); + + aliases[2] = NULL; + + protocols = talloc_array(test_ctx, const char *, 3); +- fail_if(protocols == NULL); ++ fail_if(protocols == NULL, "Failed to allocate memory"); + + protocols[0] = talloc_asprintf(protocols, "tcp"); +- fail_if(protocols[0] == NULL); ++ fail_if(protocols[0] == NULL, "Failed to allocate memory"); + + protocols[1] = talloc_asprintf(protocols, "udp"); +- fail_if(protocols[1] == NULL); ++ fail_if(protocols[1] == NULL, "Failed to allocate memory"); + + protocols[2] = NULL; + +@@ -5112,24 +5118,24 @@ START_TEST(test_sysdb_svc_remove_alias) + fail_if(ret != EOK, "Could not set up the test"); + + aliases = talloc_array(test_ctx, const char *, 3); +- fail_if(aliases == NULL); ++ fail_if(aliases == NULL, "Failed to allocate memory"); + + aliases[0] = talloc_asprintf(aliases, "remove_alias_alias1"); +- fail_if(aliases[0] == NULL); ++ fail_if(aliases[0] == NULL, "Failed to allocate memory"); + + aliases[1] = talloc_asprintf(aliases, "remove_alias_alias2"); +- fail_if(aliases[1] == NULL); ++ fail_if(aliases[1] == NULL, "Failed to allocate memory"); + + aliases[2] = NULL; + + protocols = talloc_array(test_ctx, const char *, 3); +- fail_if(protocols == NULL); ++ fail_if(protocols == NULL, "Failed to allocate memory"); + + protocols[0] = talloc_asprintf(protocols, "tcp"); +- fail_if(protocols[0] == NULL); ++ fail_if(protocols[0] == NULL, "Failed to allocate memory"); + + protocols[1] = talloc_asprintf(protocols, "udp"); +- fail_if(protocols[1] == NULL); ++ fail_if(protocols[1] == NULL, "Failed to allocate memory"); + + protocols[2] = NULL; + +@@ -5154,16 +5160,16 @@ START_TEST(test_sysdb_svc_remove_alias) + + /* Now remove an alias */ + dn = sysdb_svc_dn(test_ctx->sysdb, test_ctx, test_ctx->domain->name, primary_name); +- fail_if (dn == NULL); ++ fail_if (dn == NULL, "Failed to allocate memory"); + + ret = sysdb_svc_remove_alias(test_ctx->sysdb, dn, aliases[1]); + fail_if (ret != EOK, "[%s]", strerror(ret)); + + ret = sysdb_transaction_commit(test_ctx->sysdb); +- fail_if(ret != EOK); ++ fail_if(ret != EOK, "sysdb_transaction_commit failed with error: %d", ret); + + ret = sysdb_transaction_start(test_ctx->sysdb); +- fail_if(ret != EOK); ++ fail_if(ret != EOK, "sysdb_transaction_start failed with error: %d", ret); + + /* Set aliases[1] to NULL to perform validation checks */ + aliases[1] = NULL; +@@ -5313,7 +5319,7 @@ START_TEST(test_sysdb_attrs_get_string_array) + fail_unless(ret == EOK, "sysdb_attrs_get_el_ext failed"); + + list = sss_ldb_el_to_string_list(tmp_ctx, el); +- fail_if(list == NULL, ("sss_ldb_el_to_string_list failed\n")); ++ fail_if(list == NULL, "sss_ldb_el_to_string_list failed"); + + ck_assert_str_eq(list[0], "val1"); + ck_assert_str_eq(list[1], "val2"); +@@ -5545,7 +5551,7 @@ START_TEST (test_sysdb_search_return_ENOENT) + talloc_zfree(res); + + data = test_data_new_user(test_ctx, 1234); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->sid_str = "S-5-4-3-2-1"; + + /* Search user */ +@@ -5610,7 +5616,7 @@ START_TEST (test_sysdb_search_return_ENOENT) + /* Search group */ + talloc_zfree(data); + data = test_data_new_group(test_ctx, 1234); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->sid_str = "S-5-4-3-2-1"; + + ret = sysdb_search_group_by_name(test_ctx, test_ctx->domain, +@@ -5748,15 +5754,15 @@ START_TEST(test_sysdb_original_dn_case_insensitive) + fail_if(ret != EOK, "Could not set up the test"); + + data = test_data_new(test_ctx); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->gid = 2900; + + data->groupname = test_asprintf_fqname(data, test_ctx->domain, + "case_sensitive_group1"); +- fail_if(data->groupname == NULL); ++ fail_if(data->groupname == NULL, "Failed to allocate memory"); + + data->orig_dn = talloc_asprintf(data, "cn=%s,cn=example,cn=com", data->groupname); +- fail_if(data->orig_dn == NULL); ++ fail_if(data->orig_dn == NULL, "Failed to allocate memory"); + + ret = test_add_incomplete_group(data); + fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", +@@ -5766,7 +5772,7 @@ START_TEST(test_sysdb_original_dn_case_insensitive) + data->gid = 2901; + data->groupname = test_asprintf_fqname(data, test_ctx->domain, + "case_sensitive_group2"); +- fail_if(data->groupname == NULL); ++ fail_if(data->groupname == NULL, "Failed to allocate memory"); + c = discard_const(data->orig_dn); + while(*c != '\0') { + *c = toupper(*c); +@@ -5809,10 +5815,10 @@ START_TEST(test_sysdb_search_groups_by_orig_dn) + fail_if(ret != EOK, "Could not set up the test"); + + data = test_data_new_group(test_ctx, 456789); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->orig_dn = talloc_asprintf(data, "cn=%s,cn=example,cn=com", data->groupname); +- fail_if(data->orig_dn == NULL); ++ fail_if(data->orig_dn == NULL, "Failed to allocate memory"); + + ret = test_add_incomplete_group(data); + fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", +@@ -5841,10 +5847,10 @@ START_TEST(test_sysdb_search_users_by_orig_dn) + fail_if(ret != EOK, "Could not set up the test"); + + data = test_data_new_user(test_ctx, 456789); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->orig_dn = talloc_asprintf(data, "cn=%s,cn=example,cn=com", data->username); +- fail_if(data->orig_dn == NULL); ++ fail_if(data->orig_dn == NULL, "Failed to allocate memory"); + + ret = sysdb_attrs_add_string(data->attrs, SYSDB_ORIG_DN, data->orig_dn); + fail_unless(ret == EOK, "sysdb_attrs_add_string failed with [%d][%s].", +@@ -5875,7 +5881,7 @@ START_TEST(test_sysdb_search_sid_str) + fail_if(ret != EOK, "Could not set up the test"); + + data = test_data_new_group(test_ctx, 2902); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->sid_str = "S-1-2-3-4"; + + ret = test_add_incomplete_group(data); +@@ -5905,9 +5911,8 @@ START_TEST(test_sysdb_search_sid_str) + talloc_zfree(data); + + data = test_data_new_user(test_ctx, 12345); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->sid_str = "S-1-2-3-4-5"; +- fail_if(data->sid_str == NULL); + + ret = sysdb_attrs_add_string(data->attrs, SYSDB_SID_STR, data->sid_str); + fail_unless(ret == EOK, "sysdb_attrs_add_string failed with [%d][%s].", +@@ -5947,7 +5952,7 @@ START_TEST(test_sysdb_search_object_by_id) + + /* test user search */ + data = test_data_new_user(test_ctx, id); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = test_add_user(data); + fail_unless(ret == EOK, "sysdb_add_user failed with [%d][%s].", +@@ -5973,7 +5978,7 @@ START_TEST(test_sysdb_search_object_by_id) + + /* test group search */ + data = test_data_new_group(test_ctx, id); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = test_add_group(data); + fail_unless(ret == EOK, "sysdb_add_group failed with [%d][%s].", +@@ -5999,7 +6004,7 @@ START_TEST(test_sysdb_search_object_by_id) + + /* test for bad search filter bug #3283 */ + data = test_data_new_group(test_ctx, id); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = test_add_group(data); + fail_unless(ret == EOK, "sysdb_add_group failed with [%d][%s].", +@@ -6034,14 +6039,16 @@ START_TEST(test_sysdb_search_object_by_id) + + data->uid = 4001; + ret = test_remove_user_by_uid(data); +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, ++ "test_remove_user_by_uid failed with error: %d", ret); + + data->uid = 4002; + ret = test_remove_user_by_uid(data); +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, ++ "test_remove_user_by_uid failed with error: %d", ret); + + ret = test_remove_group(data); +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, "test_remove_group failed with error: %d", ret); + + talloc_free(test_ctx); + } +@@ -6060,7 +6067,7 @@ START_TEST(test_sysdb_search_object_by_uuid) + fail_if(ret != EOK, "Could not set up the test"); + + data = test_data_new_user(test_ctx, 123456); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + uuid = "11111111-2222-3333-4444-555555555555"; + +@@ -6117,7 +6124,7 @@ START_TEST(test_sysdb_search_object_by_name) + + /* test user search */ + data = test_data_new_user(test_ctx, 23456); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->username = user_name; + +@@ -6145,7 +6152,7 @@ START_TEST(test_sysdb_search_object_by_name) + + /* test group search */ + data = test_data_new_group(test_ctx, 23456); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->groupname = group_name; + +@@ -6173,16 +6180,17 @@ START_TEST(test_sysdb_search_object_by_name) + + /* test case insensitive search */ + data = test_data_new_group(test_ctx, 23456); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->groupname = group_name; + test_ctx->domain->case_sensitive = false; + + data->attrs = sysdb_new_attrs(test_ctx); +- fail_if(data->attrs == NULL); ++ fail_if(data->attrs == NULL, "Failed to allocate memory"); + + ret = sysdb_attrs_add_lc_name_alias(data->attrs, group_name); +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, ++ "sysdb_attrs_add_lc_name_alias failed with error: %d", ret); + + ret = test_add_group(data); + fail_unless(ret == EOK, "sysdb_add_group failed with [%d][%s].", +@@ -6225,7 +6233,7 @@ START_TEST(test_sysdb_search_user_by_cert) + fail_if(ret != EOK, "Could not set up the test"); + + data = test_data_new_user(test_ctx, 234567); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + val.data = sss_base64_decode(test_ctx, TEST_USER_CERT_DERB64, &val.length); + fail_unless(val.data != NULL, "sss_base64_decode failed."); +@@ -6257,7 +6265,7 @@ START_TEST(test_sysdb_search_user_by_cert) + + /* Add a second user with the same certificate */ + data2 = test_data_new_user(test_ctx, 2345671); +- fail_if(data2 == NULL); ++ fail_if(data2 == NULL, "Failed to allocate memory"); + + ret = sysdb_attrs_add_val(data2->attrs, SYSDB_USER_MAPPED_CERT, &val); + fail_unless(ret == EOK, "sysdb_attrs_add_val failed with [%d][%s].", +@@ -6274,9 +6282,9 @@ START_TEST(test_sysdb_search_user_by_cert) + fail_unless(res->count == 2, "Unexpected number of results, " + "expected [%u], get [%u].", 2, res->count); + name = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, ""); +- fail_unless(name != NULL); ++ fail_unless(name != NULL, "Failed to find attribute: " SYSDB_NAME); + name2 = ldb_msg_find_attr_as_string(res->msgs[1], SYSDB_NAME, ""); +- fail_unless(name2 != NULL); ++ fail_unless(name2 != NULL, "Failed to find attribute: " SYSDB_NAME); + fail_unless(((strcmp(name, data->username) == 0 + && strcmp(name2, data2->username) == 0) + || (strcmp(name, data2->username) == 0 +@@ -6342,11 +6350,11 @@ START_TEST(test_sysdb_subdomain_store_user) + ret, strerror(ret)); + + data = test_data_new_user(test_ctx, 12345); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->username = test_asprintf_fqname(data, subdomain, "SubDomUser"); + + alias = test_asprintf_fqname(data, subdomain, "subdomuser"); +- fail_if(alias == NULL); ++ fail_if(alias == NULL, "Failed to allocate memory"); + + ret = sysdb_attrs_add_string(data->attrs, SYSDB_NAME_ALIAS, alias); + fail_unless(ret == EOK, "sysdb_store_user failed."); +@@ -6358,10 +6366,10 @@ START_TEST(test_sysdb_subdomain_store_user) + fail_unless(ret == EOK, "sysdb_store_user failed."); + + base_dn =ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, "cn=sysdb"); +- fail_unless(base_dn != NULL); ++ fail_unless(base_dn != NULL, "Failed to allocate memory"); + + check_dn = sysdb_user_dn(data, subdomain, data->username); +- fail_unless(check_dn != NULL); ++ fail_unless(check_dn != NULL, "Failed to allocate memory"); + + ret = ldb_search(test_ctx->sysdb->ldb, test_ctx, &results, base_dn, + LDB_SCOPE_SUBTREE, NULL, "name=%s", data->username); +@@ -6420,11 +6428,11 @@ START_TEST(test_sysdb_subdomain_content_delete) + ret, strerror(ret)); + + data = test_data_new_user(test_ctx, 12345); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->username = test_asprintf_fqname(data, subdomain, "SubDomUser"); + + alias = test_asprintf_fqname(data, subdomain, "subdomuser"); +- fail_if(alias == NULL); ++ fail_if(alias == NULL, "Failed to allocate memory"); + + ret = sysdb_attrs_add_string(data->attrs, SYSDB_NAME_ALIAS, alias); + fail_unless(ret == EOK, "sysdb_store_user failed."); +@@ -6436,10 +6444,10 @@ START_TEST(test_sysdb_subdomain_content_delete) + fail_unless(ret == EOK, "sysdb_store_user failed."); + + base_dn =ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, "cn=sysdb"); +- fail_unless(base_dn != NULL); ++ fail_unless(base_dn != NULL, "Failed to allocate memory"); + + check_dn = sysdb_user_dn(data, subdomain, data->username); +- fail_unless(check_dn != NULL); ++ fail_unless(check_dn != NULL, "Failed to allocate memory"); + + ret = ldb_search(test_ctx->sysdb->ldb, test_ctx, &results, base_dn, + LDB_SCOPE_SUBTREE, NULL, "name=%s", data->username); +@@ -6508,10 +6516,10 @@ START_TEST(test_sysdb_subdomain_user_ops) + ret, strerror(ret)); + + data = test_data_new_user(test_ctx, 12345); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + data->username = test_asprintf_fqname(data, subdomain, shortname); +- fail_if(data->username == NULL); ++ fail_if(data->username == NULL, "Failed to allocate memory"); + + ret = sysdb_store_user(subdomain, data->username, + NULL, data->uid, 0, "Sub Domain User", +@@ -6520,7 +6528,7 @@ START_TEST(test_sysdb_subdomain_user_ops) + fail_unless(ret == EOK, "sysdb_store_domuser failed."); + + check_dn = sysdb_user_dn(data, subdomain, data->username); +- fail_unless(check_dn != NULL); ++ fail_unless(check_dn != NULL, "Failed to allocate memory"); + + ret = sysdb_search_user_by_name(test_ctx, subdomain, + data->username, NULL, +@@ -6531,10 +6539,10 @@ START_TEST(test_sysdb_subdomain_user_ops) + "Unexpected DN returned"); + + name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); +- fail_if(name == NULL); ++ fail_if(name == NULL, "Failed to find attribute: " SYSDB_NAME); + + ret = sss_parse_internal_fqname(data, name, &short_check, &dom_check); +- fail_if(ret != EOK); ++ fail_if(ret != EOK, "sss_parse_internal_fqname failed with error: %d", ret); + ck_assert_str_eq(short_check, shortname); + ck_assert_str_eq(dom_check, subdomain->name); + +@@ -6581,11 +6589,11 @@ START_TEST(test_sysdb_subdomain_group_ops) + ret, strerror(ret)); + + data = test_data_new_group(test_ctx, 12345); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + data->groupname = test_asprintf_fqname(data, subdomain, shortname); + + alias = test_asprintf_fqname(data, subdomain, "subdomgroup"); +- fail_if(alias == NULL); ++ fail_if(alias == NULL, "Failed to allocate memory"); + + ret = sysdb_attrs_add_string(data->attrs, SYSDB_NAME_ALIAS, alias); + fail_unless(ret == EOK, "sysdb_attrs_add_string failed."); +@@ -6595,7 +6603,7 @@ START_TEST(test_sysdb_subdomain_group_ops) + fail_unless(ret == EOK, "sysdb_store_group failed."); + + check_dn = sysdb_group_dn(data, subdomain, data->groupname); +- fail_unless(check_dn != NULL); ++ fail_unless(check_dn != NULL, "Failed to allocate memory"); + + ret = sysdb_search_group_by_name(test_ctx, subdomain, data->groupname, NULL, + &msg); +@@ -6615,10 +6623,10 @@ START_TEST(test_sysdb_subdomain_group_ops) + "Unexpected DN returned"); + + name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); +- fail_if(name == NULL); ++ fail_if(name == NULL, "Failed to find attribute: " SYSDB_NAME); + + ret = sss_parse_internal_fqname(data, name, &short_check, &dom_check); +- fail_if(ret != EOK); ++ fail_if(ret != EOK, "sss_parse_internal_fqname failed with error: %d", ret); + ck_assert_str_eq(short_check, shortname); + ck_assert_str_eq(dom_check, subdomain->name); + +@@ -7190,15 +7198,15 @@ START_TEST(test_gpo_store_retrieve) + + ret = sysdb_gpo_get_gpos(test_ctx, test_ctx->domain, &result); + fail_if(ret != EOK, "GPOs not in cache after store op"); +- fail_if(result == NULL); +- fail_if(result->count != 1); ++ fail_if(result == NULL, "Could not get GPOs"); ++ ck_assert_int_eq(result->count, 1); + + result = NULL; + ret = sysdb_gpo_get_gpo_by_guid(test_ctx, test_ctx->domain, + test_guid, &result); + fail_if(ret != EOK, "GPO not in cache after store op"); +- fail_if(result == NULL); +- fail_if(result->count != 1); ++ fail_if(result == NULL, "Could not get GPOs by guid: %s", test_guid); ++ ck_assert_int_eq(result->count, 1); + + guid = ldb_msg_find_attr_as_string(result->msgs[0], + SYSDB_GPO_GUID_ATTR, NULL); +@@ -7226,8 +7234,8 @@ START_TEST(test_gpo_replace) + ret = sysdb_gpo_get_gpo_by_guid(test_ctx, test_ctx->domain, + test_guid, &result); + fail_if(ret != EOK, "GPO not in cache after store op"); +- fail_if(result == NULL); +- fail_if(result->count != 1); ++ fail_if(result == NULL, "Could not get GPOs by guid: %s", test_guid); ++ ck_assert_int_eq(result->count, 1); + + guid = ldb_msg_find_attr_as_string(result->msgs[0], + SYSDB_GPO_GUID_ATTR, NULL); +@@ -7245,8 +7253,8 @@ START_TEST(test_gpo_replace) + ret = sysdb_gpo_get_gpo_by_guid(test_ctx, test_ctx->domain, + test_guid, &result); + fail_if(ret != EOK, "GPO not in cache after modify op"); +- fail_if(result == NULL); +- fail_if(result->count != 1); ++ fail_if(result == NULL, "Could not get GPOs by guid: %s", test_guid); ++ ck_assert_int_eq(result->count, 1); + + guid = ldb_msg_find_attr_as_string(result->msgs[0], + SYSDB_GPO_GUID_ATTR, NULL); +@@ -7299,7 +7307,8 @@ START_TEST(test_gpo_result) + ret = sysdb_gpo_get_gpo_result_setting(test_ctx, test_ctx->domain, + deny_key, &value); + ck_assert_int_eq(ret, EOK); +- fail_unless(value == NULL); ++ fail_unless(value == NULL, "Unexpected value returned for deny key " ++ "from sysdb_gpo_get_gpo_result_setting"); + + /* Updating replaces the original value */ + ret = sysdb_gpo_store_gpo_result_setting(test_ctx->domain, +@@ -7319,7 +7328,8 @@ START_TEST(test_gpo_result) + ret = sysdb_gpo_get_gpo_result_setting(test_ctx, test_ctx->domain, + allow_key, &value); + ck_assert_int_eq(ret, EOK); +- fail_unless(value == NULL); ++ fail_unless(value == NULL, "Unexpected value returned for allow key" ++ "from sysdb_gpo_get_gpo_result_setting" ); + + /* Delete the result */ + ret = sysdb_gpo_delete_gpo_result_object(test_ctx, test_ctx->domain); +@@ -7400,7 +7410,7 @@ START_TEST(test_sysdb_mark_entry_as_expired_ldb_dn) + + /* Add something to database to test against */ + data = test_data_new_user(test_ctx, 2000); +- fail_if(data == NULL); ++ fail_if(data == NULL, "Failed to allocate memory"); + + ret = sysdb_transaction_start(test_ctx->sysdb); + ck_assert_int_eq(ret, EOK); +@@ -7414,7 +7424,7 @@ START_TEST(test_sysdb_mark_entry_as_expired_ldb_dn) + filter = talloc_asprintf(data, + "("SYSDB_UIDNUM"=%llu)", + (unsigned long long) data->uid); +- fail_if(filter == NULL); ++ fail_if(filter == NULL, "Failed to allocate memory"); + + ret = sysdb_search_users(test_ctx, test_ctx->domain, + filter, attrs, &count, &msgs); +@@ -7442,7 +7452,7 @@ START_TEST(test_sysdb_mark_entry_as_expired_ldb_dn) + filter = talloc_asprintf(data, + "("SYSDB_UIDNUM"=%llu)", + (unsigned long long) data->uid); +- fail_if(filter == NULL); ++ fail_if(filter == NULL, "Failed to allocate memory"); + + ret = sysdb_search_users(test_ctx, test_ctx->domain, + filter, attrs, &count, &msgs); +@@ -7493,16 +7503,18 @@ void hosts_check_match(struct sysdb_test_ctx *test_ctx, + strerror(ret)); + } + fail_if(res == NULL, "ENOMEM"); +- fail_if(res->count != 1); ++ ck_assert_int_eq(res->count, 1); + + /* Make sure the returned entry matches */ + msg = res->msgs[0]; + ret_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); +- fail_if(ret_name == NULL); +- fail_unless(strcmp(ret_name, primary_name) == 0); ++ fail_if(ret_name == NULL, "Failed to find attribute: " SYSDB_NAME); ++ fail_unless(strcmp(ret_name, primary_name) == 0, ++ "Wrong value returned for attribute: %s. got: %s expected: %s", ++ SYSDB_NAME, ret_name, primary_name); + + el = ldb_msg_find_element(msg, SYSDB_IP_HOST_ATTR_ADDRESS); +- fail_if(el == NULL); ++ fail_if(el == NULL, "Failed to find elemeny: " SYSDB_IP_HOST_ATTR_ADDRESS); + + len = talloc_array_length(addresses); + for (i = 0; i < el->num_values; i++) { +@@ -7511,7 +7523,8 @@ void hosts_check_match(struct sysdb_test_ctx *test_ctx, + char *canonical_address; + ret = sss_canonicalize_ip_address(test_ctx, addresses[j], + &canonical_address); +- fail_if(ret != EOK); ++ fail_if(ret != EOK, ++ "sss_canonicalize_ip_address failed: %d", ret); + + if (strcmp(canonical_address, + (const char *)el->values[i].data) == 0) { +@@ -7524,7 +7537,7 @@ void hosts_check_match(struct sysdb_test_ctx *test_ctx, + } + + el = ldb_msg_find_element(msg, SYSDB_NAME_ALIAS); +- fail_if(el == NULL); ++ fail_if(el == NULL, "Failed to find element: " SYSDB_NAME_ALIAS); + + len = talloc_array_length(aliases); + for (i = 0; i < el->num_values; i++) { +@@ -7563,36 +7576,36 @@ START_TEST(test_sysdb_add_hosts) + fail_if(ret != EOK, "Could not set up the test"); + + primary_name = talloc_asprintf(test_ctx, "test.example.org"); +- fail_if(primary_name == NULL); ++ fail_if(primary_name == NULL, "Failed to allocate memory"); + + aliases = talloc_array(test_ctx, const char *, 3); +- fail_if(aliases == NULL); ++ fail_if(aliases == NULL, "Failed to allocate memory"); + + aliases[0] = talloc_asprintf(aliases, "alias1.example.org"); +- fail_if(aliases[0] == NULL); ++ fail_if(aliases[0] == NULL, "Failed to allocate memory"); + + aliases[1] = talloc_asprintf(aliases, "alias2.example.org"); +- fail_if(aliases[1] == NULL); ++ fail_if(aliases[1] == NULL, "Failed to allocate memory"); + + aliases[2] = NULL; + + addresses = talloc_array(test_ctx, const char *, 6); +- fail_if(addresses == NULL); ++ fail_if(addresses == NULL, "Failed to allocate memory"); + + addresses[0] = talloc_asprintf(addresses, "1.1.2.3"); +- fail_if(addresses[0] == NULL); ++ fail_if(addresses[0] == NULL, "Failed to allocate memory"); + + addresses[1] = talloc_asprintf(addresses, "10.11.22.33"); +- fail_if(addresses[1] == NULL); ++ fail_if(addresses[1] == NULL, "Failed to allocate memory"); + + addresses[2] = talloc_asprintf(addresses, "100.123.123.123"); +- fail_if(addresses[2] == NULL); ++ fail_if(addresses[2] == NULL, "Failed to allocate memory"); + + addresses[3] = talloc_asprintf(addresses, "2001:0db8:85a3:0000:0000:8a2e:0370:7334"); +- fail_if(addresses[3] == NULL); ++ fail_if(addresses[3] == NULL, "Failed to allocate memory"); + + addresses[4] = talloc_asprintf(addresses, "2001:db8:85a3:0:1:8a2e:370:7334"); +- fail_if(addresses[4] == NULL); ++ fail_if(addresses[4] == NULL, "Failed to allocate memory"); + + addresses[5] = NULL; + +@@ -7651,19 +7664,24 @@ void ipnetwork_check_match(struct sysdb_test_ctx *test_ctx, + bool matched; + + ret = sss_canonicalize_ip_address(test_ctx, address, &c_addr); +- fail_if(ret != EOK); ++ fail_if(ret != EOK, "sss_canonicalize_ip_address failed: %d", ret); + + ret_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); +- fail_if(ret_name == NULL); +- fail_unless(strcmp(ret_name, primary_name) == 0); ++ fail_if(ret_name == NULL, "Failed to find attribue: " SYSDB_NAME); ++ fail_unless(strcmp(ret_name, primary_name) == 0, ++ "Wrong value returned for attribute: %s. got: %s expected: %s", ++ SYSDB_NAME, ret_name, primary_name); + + ret_addr = ldb_msg_find_attr_as_string(msg, SYSDB_IP_NETWORK_ATTR_NUMBER, + NULL); +- fail_if(ret_addr == NULL); +- fail_unless(strcmp(ret_addr, c_addr) == 0); ++ fail_if(ret_addr == NULL, ++ "Failed to find attribue: " SYSDB_IP_NETWORK_ATTR_NUMBER); ++ fail_unless(strcmp(ret_addr, c_addr) == 0, ++ "Wrong value returned for attribute: %s. got: %s expected: %s", ++ SYSDB_IP_NETWORK_ATTR_NUMBER, ret_addr, c_addr); + + el = ldb_msg_find_element(msg, SYSDB_NAME_ALIAS); +- fail_if(el == NULL); ++ fail_if(el == NULL, "Failed to find element: " SYSDB_NAME_ALIAS); + + len = talloc_array_length(aliases); + for (i = 0; i < el->num_values; i++) { +@@ -7692,7 +7710,7 @@ void ipnetwork_check_match_name(struct sysdb_test_ctx *test_ctx, + fail_if(ret != EOK, "sysdb_getipnetworkbyname error [%s]\n", + strerror(ret)); + fail_if(res == NULL, "ENOMEM"); +- fail_if(res->count != 1); ++ ck_assert_int_eq(res->count, 1); + + ipnetwork_check_match(test_ctx, res->msgs[0], primary_name, aliases, + address); +@@ -7712,7 +7730,7 @@ void ipnetwork_check_match_addr(struct sysdb_test_ctx *test_ctx, + fail_if(ret != EOK, "sysdb_getipnetworkbyaddr error [%s]\n", + strerror(ret)); + fail_if(res == NULL, "ENOMEM"); +- fail_if(res->count != 1); ++ ck_assert_int_eq(res->count, 1); + + ipnetwork_check_match(test_ctx, res->msgs[0], primary_name, aliases, + address); +@@ -7732,21 +7750,21 @@ START_TEST(test_sysdb_add_ipnetworks) + fail_if(ret != EOK, "Could not set up the test"); + + primary_name = talloc_asprintf(test_ctx, "network_1"); +- fail_if(primary_name == NULL); ++ fail_if(primary_name == NULL, "Failed to allocate memory"); + + aliases = talloc_array(test_ctx, const char *, 3); +- fail_if(aliases == NULL); ++ fail_if(aliases == NULL, "Failed to allocate memory"); + + aliases[0] = talloc_asprintf(aliases, "network_1_alias_1"); +- fail_if(aliases[0] == NULL); ++ fail_if(aliases[0] == NULL, "Failed to allocate memory"); + + aliases[1] = talloc_asprintf(aliases, "network_1_alias_2"); +- fail_if(aliases[1] == NULL); ++ fail_if(aliases[1] == NULL, "Failed to allocate memory"); + + aliases[2] = NULL; + + address = talloc_asprintf(test_ctx, "192.168.1.0"); +- fail_if(address == NULL); ++ fail_if(address == NULL, "Failed to allocate memory"); + + ret = sysdb_transaction_start(test_ctx->sysdb); + fail_if(ret != EOK, "[%s]", strerror(ret)); +-- +2.28.0.rc2 + + +From 41e169ed5103ccb9d83842e69a8cbb21a96f587c Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:03 +0000 +Subject: [PATCH 03/19] SYSDB-TESTS: Fix format string + +--- + src/tests/sysdb-tests.c | 42 ++++++++++++++++++++--------------------- + 1 file changed, 21 insertions(+), 21 deletions(-) + +diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c +index b7e0e2389..4df921c8d 100644 +--- a/src/tests/sysdb-tests.c ++++ b/src/tests/sysdb-tests.c +@@ -1031,8 +1031,8 @@ START_TEST (test_sysdb_incomplete_group_rename) + "S-1-5-21-123-456-789-111", + NULL, true, 0); + fail_unless(ret == ERR_GID_DUPLICATED, +- "Did not catch a legitimate rename", +- ret, strerror(ret)); ++ "Did not catch a legitimate rename. ret: %d [%s]", ++ ret, sss_strerror(ret)); + } + END_TEST + +@@ -1926,7 +1926,7 @@ START_TEST (test_sysdb_search_custom_by_name) + fail_if(ret != EOK, "Could not search custom object"); + + fail_unless(data->msgs_count == 1, +- "Wrong number of objects, expected [1] got [%d]", ++ "Wrong number of objects, expected [1] got [%zd]", + data->msgs_count); + fail_unless(data->msgs[0]->num_elements == 1, + "Wrong number of results, expected [1] got [%d]", +@@ -2028,7 +2028,7 @@ START_TEST (test_sysdb_search_custom_update) + fail_if(ret != EOK, "Could not search custom object"); + + fail_unless(data->msgs_count == 1, +- "Wrong number of objects, expected [1] got [%d]", ++ "Wrong number of objects, expected [1] got [%zd]", + data->msgs_count); + fail_unless(data->msgs[0]->num_elements == 2, + "Wrong number of results, expected [2] got [%d]", +@@ -2091,7 +2091,7 @@ START_TEST (test_sysdb_search_custom) + fail_if(ret != EOK, "Could not search custom object"); + + fail_unless(data->msgs_count == 10, +- "Wrong number of objects, expected [10] got [%d]", ++ "Wrong number of objects, expected [10] got [%zd]", + data->msgs_count); + + talloc_free(test_ctx); +@@ -2229,10 +2229,10 @@ static void cached_authentication_without_expiration(uid_t uid, + "return expected result [%d].", + expected_result); + +- fail_unless(expire_date == 0, "Wrong expire date, expected [%d], got [%d]", ++ fail_unless(expire_date == 0, "Wrong expire date, expected [%d], got [%ld]", + 0, expire_date); + +- fail_unless(delayed_until == -1, "Wrong delay, expected [%d], got [%d]", ++ fail_unless(delayed_until == -1, "Wrong delay, expected [%d], got [%ld]", + -1, delayed_until); + + talloc_free(test_ctx); +@@ -2292,10 +2292,10 @@ static void cached_authentication_with_expiration(uid_t uid, + "result [%d], got [%d].", expected_result, ret); + + fail_unless(expire_date == expected_expire_date, +- "Wrong expire date, expected [%d], got [%d]", ++ "Wrong expire date, expected [%ld], got [%ld]", + expected_expire_date, expire_date); + +- fail_unless(delayed_until == -1, "Wrong delay, expected [%d], got [%d]", ++ fail_unless(delayed_until == -1, "Wrong delay, expected [%d], got [%ld]", + -1, delayed_until); + + talloc_free(test_ctx); +@@ -2386,7 +2386,7 @@ START_TEST (test_sysdb_asq_search) + fail_if(ret != EOK, "Failed to send ASQ search request.\n"); + + fail_unless(msgs_count == 10, "wrong number of results, " +- "found [%d] expected [10]", msgs_count); ++ "found [%zd] expected [10]", msgs_count); + + for (i = 0; i < msgs_count; i++) { + fail_unless(msgs[i]->num_elements == 1, "wrong number of elements, " +@@ -2403,7 +2403,7 @@ START_TEST (test_sysdb_asq_search) + (const char *) msgs[i]->elements[0].values[0].data, + msgs[i]->elements[0].values[0].length) == 0, + "wrong value, found [%.*s] expected [%s]", +- msgs[i]->elements[0].values[0].length, ++ (int) msgs[i]->elements[0].values[0].length, + msgs[i]->elements[0].values[0].data, gid_str); + } + +@@ -2440,7 +2440,7 @@ START_TEST (test_sysdb_search_all_users) + fail_if(ret != EOK, "Search failed"); + + fail_unless(data->msgs_count == 10, +- "wrong number of results, found [%d] expected [10]", ++ "wrong number of results, found [%zd] expected [10]", + data->msgs_count); + + for (i = 0; i < data->msgs_count; i++) { +@@ -2465,7 +2465,7 @@ START_TEST (test_sysdb_search_all_users) + (char *) data->msgs[i]->elements[0].values[0].data, + data->msgs[i]->elements[0].values[0].length) == 0, + "wrong value, found [%.*s] expected [%s]", +- data->msgs[i]->elements[0].values[0].length, ++ (int) data->msgs[i]->elements[0].values[0].length, + data->msgs[i]->elements[0].values[0].data, uid_str); + } + +@@ -2532,8 +2532,8 @@ START_TEST (test_sysdb_attrs_replace_name) + "expected [1] got [%d].", el->num_values); + fail_unless(strncmp("bar", (char *) el->values[0].data, + el->values[0].length) == 0, +- "Wrong value, expected [bar] got [%.*s]", el->values[0].length, +- el->values[0].data); ++ "Wrong value, expected [bar] got [%.*s]", ++ (int) el->values[0].length, el->values[0].data); + + talloc_free(attrs); + } +@@ -4160,8 +4160,8 @@ START_TEST (test_sysdb_update_members) + test_ctx->domain->name); + add_groups[1] = sss_create_internal_fqname(add_groups, "testgroup28002", + test_ctx->domain->name); +- fail_if(add_groups[1] == NULL, "Failed to create internal fqname for: %s" +- test_ctx->domain->name); ++ fail_if(add_groups[1] == NULL, "Failed to create internal fqname for: %s", ++ test_ctx->domain->name); + add_groups[2] = NULL; + + /* For later check */ +@@ -4546,7 +4546,7 @@ START_TEST (test_sysdb_netgr_to_entries) + ret = sysdb_netgr_to_entries(test_ctx, res, &entries, &netgroup_count); + fail_unless(ret == EOK, "sysdb_netgr_to_entries error [%d][%s]", + ret, strerror(ret)); +- fail_unless(netgroup_count == 1, "Received [%d] triples", netgroup_count); ++ fail_unless(netgroup_count == 1, "Received [%zd] triples", netgroup_count); + bret = sysdb_netgr_ctx_cmp(entries[0], &simple_netgroup); + fail_unless(bret == true, "Netgroup triples do not match"); + +@@ -4561,7 +4561,7 @@ START_TEST (test_sysdb_netgr_to_entries) + ret = sysdb_netgr_to_entries(test_ctx, res, &entries, &netgroup_count); + fail_unless(ret == EOK, "sysdb_netgr_to_entries error [%d][%s]", + ret, strerror(ret)); +- fail_unless(netgroup_count == 1, "Received [%d] triples", netgroup_count); ++ fail_unless(netgroup_count == 1, "Received [%zd] triples", netgroup_count); + bret = sysdb_netgr_ctx_cmp(entries[0], &simple_netgroup); + fail_unless(bret == true, "Netgroup triples do not match"); + } +@@ -6779,7 +6779,7 @@ START_TEST(test_autofs_retrieve_keys_by_map) + autofsmapname, &count, &entries); + fail_if(ret != EOK, "Cannot get autofs entries for map %s\n", + autofsmapname); +- fail_if(count != expected, "Expected to find %d entries, got %d\n", ++ fail_if(count != expected, "Expected to find %d entries, got %zd\n", + expected, count); + talloc_free(test_ctx); + } +@@ -6844,7 +6844,7 @@ START_TEST(test_autofs_get_duplicate_keys) + ret = sysdb_search_entry(test_ctx, test_ctx->sysdb, dn, LDB_SCOPE_SUBTREE, + filter, attrs, &count, &msgs); + fail_unless(ret == EOK, "sysdb_search_entry returned [%d]", ret); +- fail_if(count != expected, "Found %d entries with name %s, expected %d\n", ++ fail_if(count != expected, "Found %zd entries with name %s, expected %d\n", + count, autofskey, expected); + talloc_free(test_ctx); + } +-- +2.28.0.rc2 + + +From ef5ab80c1868ecd45ecf77602c915e5f08030400 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:04 +0000 +Subject: [PATCH 04/19] STRTONUM-TESTS: Fix format string issues + +--- + src/tests/strtonum-tests.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/tests/strtonum-tests.c b/src/tests/strtonum-tests.c +index eb7f1b58d..b726d2b20 100644 +--- a/src/tests/strtonum-tests.c ++++ b/src/tests/strtonum-tests.c +@@ -38,8 +38,8 @@ + + #define CHECK_RESULT(expected, actual) \ + do { \ +- fail_unless(actual == expected, "Expected %ld, got %ld", \ +- expected, actual); \ ++ fail_unless(actual == expected, "Expected %jd, got %jd", \ ++ (intmax_t)expected, (intmax_t)actual); \ + } while(0) + + #define CHECK_ERRNO(expected, actual) \ +-- +2.28.0.rc2 + + +From f1a5f93923595d8a3c30f62cfdefc71e96be4a4a Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:05 +0000 +Subject: [PATCH 05/19] =?UTF-8?q?RESOLV-TESTS:=20Fix=20error=20too=20few?= + =?UTF-8?q?=20arguments=20to=20function=20=E2=80=98=5Fck=5Fassert=5Ffailed?= + =?UTF-8?q?=E2=80=99?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* add missing messages to fail_{if,unless} macros +* convert assertions to different macros +--- + src/tests/resolv-tests.c | 128 +++++++++++++++++++++++---------------- + 1 file changed, 75 insertions(+), 53 deletions(-) + +diff --git a/src/tests/resolv-tests.c b/src/tests/resolv-tests.c +index bc4cd7cc1..59bda4373 100644 +--- a/src/tests/resolv-tests.c ++++ b/src/tests/resolv-tests.c +@@ -172,38 +172,58 @@ START_TEST(test_copy_hostent) + struct ares_addrttl attl[] = { { addr_1, ttl_1 }, { addr_2, ttl_2 } }; + + ctx = talloc_new(global_talloc_context); +- fail_if(ctx == NULL); ++ fail_if(ctx == NULL, "Failed to allocate memory"); + + ck_leaks_push(ctx); + + rhe = resolv_copy_hostent_ares(ctx, &he, AF_INET, &attl, 2); + +- fail_if(rhe == NULL); +- fail_if(strcmp(rhe->name, name)); +- fail_if(strcmp(rhe->aliases[0], alias_1)); +- fail_if(strcmp(rhe->aliases[1], alias_2)); +- fail_if(rhe->aliases[2] != NULL); +- fail_if(rhe->family != AF_INET); +- fail_if(memcmp(rhe->addr_list[0]->ipaddr, &addr_1, sizeof(addr_1))); +- fail_if(rhe->addr_list[0]->ttl != ttl_1); +- fail_if(memcmp(rhe->addr_list[1]->ipaddr, &addr_2, sizeof(addr_2))); +- fail_if(rhe->addr_list[1]->ttl != ttl_2); +- fail_if(rhe->addr_list[2] != NULL); ++ fail_if(rhe == NULL, "Failed to allocate memory"); ++ fail_if(strcmp(rhe->name, name), ++ "Unexpectag value for name. Got: %s expecting: %s", ++ rhe->name, name); ++ fail_if(strcmp(rhe->aliases[0], alias_1), ++ "Unexpectag value for 1st alias. Got: %s expecting: %s", ++ rhe->aliases[0], alias_1); ++ fail_if(strcmp(rhe->aliases[1], alias_2), ++ "Unexpectag value for 2nd alias. Got: %s expecting: %s", ++ rhe->aliases[1], alias_2); ++ fail_if(rhe->aliases[2] != NULL, ++ "Just 2 aliases are expected. Got: %s", rhe->aliases[2]); ++ ck_assert_int_eq(rhe->family, AF_INET); ++ fail_if(memcmp(rhe->addr_list[0]->ipaddr, &addr_1, sizeof(addr_1)), ++ "Unexpected binary value for addr_list[0]->ipaddr"); ++ ck_assert_int_eq(rhe->addr_list[0]->ttl, ttl_1); ++ fail_if(memcmp(rhe->addr_list[1]->ipaddr, &addr_2, sizeof(addr_2)), ++ "Unexpected binary value for rhe->addr_list[1]->ipaddr"); ++ ck_assert_int_eq(rhe->addr_list[1]->ttl, ttl_2); ++ fail_if(rhe->addr_list[2] != NULL, ++ "Just 2 ip addresses are expected. 3rd has to be NULL"); + + talloc_zfree(rhe); + + rhe = resolv_copy_hostent(ctx, &he); +- fail_if(rhe == NULL); +- fail_if(strcmp(rhe->name, name)); +- fail_if(strcmp(rhe->aliases[0], alias_1)); +- fail_if(strcmp(rhe->aliases[1], alias_2)); +- fail_if(rhe->aliases[2] != NULL); +- fail_if(rhe->family != AF_INET); +- fail_if(memcmp(rhe->addr_list[0]->ipaddr, &addr_2, sizeof(addr_1))); +- fail_if(rhe->addr_list[0]->ttl != RESOLV_DEFAULT_TTL); +- fail_if(memcmp(rhe->addr_list[1]->ipaddr, &addr_1, sizeof(addr_2))); +- fail_if(rhe->addr_list[1]->ttl != RESOLV_DEFAULT_TTL); +- fail_if(rhe->addr_list[2] != NULL); ++ fail_if(rhe == NULL, "Failed to allocate memory"); ++ fail_if(strcmp(rhe->name, name), ++ "Unexpectag value for name. Got: %s expecting: %s", ++ rhe->name, name); ++ fail_if(strcmp(rhe->aliases[0], alias_1), ++ "Unexpectag value for 1st alias. Got: %s expecting: %s", ++ rhe->aliases[0], alias_1); ++ fail_if(strcmp(rhe->aliases[1], alias_2), ++ "Unexpectag value for 2nd alias. Got: %s expecting: %s", ++ rhe->aliases[1], alias_2); ++ fail_if(rhe->aliases[2] != NULL, ++ "Just 2 aliases are expected. Got: %s", rhe->aliases[2]); ++ ck_assert_int_eq(rhe->family, AF_INET); ++ fail_if(memcmp(rhe->addr_list[0]->ipaddr, &addr_2, sizeof(addr_1)), ++ "Unexpected binary value for addr_list[0]->ipaddr"); ++ ck_assert_int_eq(rhe->addr_list[0]->ttl, RESOLV_DEFAULT_TTL); ++ fail_if(memcmp(rhe->addr_list[1]->ipaddr, &addr_1, sizeof(addr_2)), ++ "Unexpected binary value for addr_list[1]->ipaddr"); ++ ck_assert_int_eq(rhe->addr_list[1]->ttl, RESOLV_DEFAULT_TTL); ++ fail_if(rhe->addr_list[2] != NULL, ++ "Just 2 ip addresses are expected. 3rd has to be NULL"); + + talloc_free(rhe); + +@@ -219,36 +239,36 @@ START_TEST(test_address_to_string) + char *ptr_addr; + + ctx = talloc_new(global_talloc_context); +- fail_if(ctx == NULL); ++ fail_if(ctx == NULL, "Failed to allocate memory"); + ck_leaks_push(ctx); + + rhe = test_create_rhostent(ctx, "www.example.com", "1.2.3.4"); +- fail_if(rhe == NULL); ++ fail_if(rhe == NULL, "Failed to allocate memory"); + + str_addr = resolv_get_string_address_index(ctx, rhe, 0); +- fail_if(str_addr == NULL); ++ fail_if(str_addr == NULL, "Failed to allocate memory"); + fail_unless(strcmp(str_addr, "1.2.3.4") == 0, "Unexpected address\n"); + talloc_free(str_addr); + + ptr_addr = resolv_get_string_ptr_address(ctx, rhe->family, + rhe->addr_list[0]->ipaddr); +- fail_if(ptr_addr == NULL); ++ fail_if(ptr_addr == NULL, "Failed to allocate memory"); + fail_unless(strcmp(ptr_addr, "4.3.2.1.in-addr.arpa.") == 0, "Unexpected PTR address\n"); + talloc_free(ptr_addr); + + talloc_free(rhe); + + rhe = test_create_rhostent(ctx, "www6.example.com", "2607:f8b0:400c:c03::6a"); +- fail_if(rhe == NULL); ++ fail_if(rhe == NULL, "Failed to allocate memory"); + + str_addr = resolv_get_string_address_index(ctx, rhe, 0); +- fail_if(str_addr == NULL); ++ fail_if(str_addr == NULL, "resolv_get_string_address_index failed"); + fail_unless(strcmp(str_addr, "2607:f8b0:400c:c03::6a") == 0, "Unexpected address\n"); + talloc_free(str_addr); + + ptr_addr = resolv_get_string_ptr_address(ctx, rhe->family, + rhe->addr_list[0]->ipaddr); +- fail_if(ptr_addr == NULL); ++ fail_if(ptr_addr == NULL, "resolv_get_string_ptr_address failed"); + fail_unless(strcmp(ptr_addr, + "a.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.c.0.c.0.0.4.0.b.8.f.7.0.6.2.ip6.arpa.") == 0, "Unexpected PTR address\n"); + talloc_free(ptr_addr); +@@ -322,7 +342,7 @@ START_TEST(test_resolv_ip_addr) + } + + ck_leaks_pop(test_ctx); +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, "test_loop failed with error: %d", ret); + + talloc_zfree(test_ctx); + } +@@ -392,7 +412,7 @@ START_TEST(test_resolv_localhost) + } + + ck_leaks_pop(test_ctx); +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, "test_loop failed with error: %d", ret); + + talloc_zfree(test_ctx); + } +@@ -451,8 +471,8 @@ START_TEST(test_resolv_negative) + + ck_leaks_pop(test_ctx); + +- fail_unless(ret != EOK); +- fail_unless(test_ctx->error == ARES_ENOTFOUND); ++ fail_unless(ret != EOK, "test_loop must failed but got: EOK"); ++ ck_assert_int_eq(test_ctx->error, ARES_ENOTFOUND); + talloc_zfree(test_ctx); + } + END_TEST +@@ -556,7 +576,7 @@ START_TEST(test_resolv_internet) + ret = test_loop(test_ctx); + } + +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, "test_loop failed with error: %d", ret); + ck_leaks_pop(test_ctx); + talloc_zfree(test_ctx); + } +@@ -579,7 +599,7 @@ START_TEST(test_resolv_internet_txt) + + tevent_req_set_callback(req, test_internet, test_ctx); + ret = test_loop(test_ctx); +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, "test_loop failed with error: %d", ret); + + ck_leaks_pop(test_ctx); + +@@ -604,7 +624,7 @@ START_TEST(test_resolv_internet_srv) + + tevent_req_set_callback(req, test_internet, test_ctx); + ret = test_loop(test_ctx); +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, "test_loop failed with error: %d", ret); + + ck_leaks_pop(test_ctx); + +@@ -676,7 +696,7 @@ START_TEST(test_resolv_free_context) + } + + ret = test_loop(test_ctx); +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, "test_loop failed with error: %d", ret); + + done: + talloc_zfree(test_ctx); +@@ -713,7 +733,7 @@ START_TEST(test_resolv_sort_srv_reply) + /* prepare linked list with reversed values */ + for (i = 0; ipriority = num_replies-i; + r->weight = i; + +@@ -728,19 +748,19 @@ START_TEST(test_resolv_sort_srv_reply) + + /* do the sort */ + ret = resolv_sort_srv_reply(&replies); +- fail_if(ret != EOK); ++ fail_if(ret != EOK, "resolv_sort_srv_reply failed with error: %d", ret); + + /* check if the list is sorted */ + prev = NULL; + for (i = 1, r = replies; r; r=r->next, i++) { + talloc_zfree(prev); + prev = r; +- fail_unless(r->priority == i); ++ ck_assert_int_eq(r->priority, i); + } + talloc_zfree(prev); + + /* check if the list is complete */ +- fail_unless(i-1 == num_replies); ++ ck_assert_int_eq(i - 1, num_replies); + + /* test if the weighting algorithm runs..not much do + * deterministically test here since it is based on +@@ -748,7 +768,7 @@ START_TEST(test_resolv_sort_srv_reply) + replies = NULL; + for (i = 0; ipriority = i % 2 + 1; + r->weight = i; + +@@ -763,7 +783,7 @@ START_TEST(test_resolv_sort_srv_reply) + + /* do the sort */ + ret = resolv_sort_srv_reply(&replies); +- fail_if(ret != EOK); ++ fail_if(ret != EOK, "resolv_sort_srv_reply failed with error: %d", ret); + + /* clean up */ + prev = NULL; +@@ -800,7 +820,7 @@ START_TEST(test_resolv_sort_srv_reply_zero_weight) + /* prepare linked list */ + for (i = 0; i < num_replies; i++) { + r = talloc_zero(test_ctx, struct ares_srv_reply); +- fail_if(r == NULL); ++ fail_if(r == NULL, "Failed to allocate memory"); + + r->priority = 20; + r->priority = i <= 3 ? 10 : r->priority; +@@ -818,15 +838,17 @@ START_TEST(test_resolv_sort_srv_reply_zero_weight) + + /* do the sort */ + ret = resolv_sort_srv_reply(&replies); +- fail_if(ret != EOK); ++ fail_if(ret != EOK, "resolv_sort_srv_reply failed with error: %d", ret); + + /* check if the list contains all values and is sorted */ + for (i = 0, r = replies; r != NULL; r = r->next, i++) { + if (r->next != NULL) { +- fail_unless(r->priority <= r->next->priority); ++ fail_unless(r->priority <= r->next->priority, ++ "Got unsorted values. %d <= %d", ++ r->priority, r->next->priority); + } + } +- fail_unless(i == num_replies); ++ ck_assert_int_eq(i, num_replies); + + /* clean up */ + prev = NULL; +@@ -889,7 +911,7 @@ START_TEST(test_resolv_free_req) + + ret = test_loop(test_ctx); + ck_leaks_pop(test_ctx); +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, "test_loop failed with error: %d", ret); + + done: + talloc_zfree(test_ctx); +@@ -911,12 +933,12 @@ static void test_timeout(struct tevent_req *req) + tmp_ctx = talloc_new(test_ctx); + ck_leaks_push(tmp_ctx); + +- fail_unless(test_ctx->tested_function == TESTING_HOSTNAME); ++ ck_assert_int_eq(test_ctx->tested_function, TESTING_HOSTNAME); + recv_status = resolv_gethostbyname_recv(req, tmp_ctx, + &status, NULL, &rhostent); + talloc_zfree(req); +- fail_unless(recv_status == ETIMEDOUT); +- fail_unless(status == ARES_ETIMEOUT); ++ ck_assert_int_eq(recv_status, ETIMEDOUT); ++ ck_assert_int_eq(status, ARES_ETIMEOUT); + ck_leaks_pop(tmp_ctx); + talloc_free(tmp_ctx); + } +@@ -949,7 +971,7 @@ START_TEST(test_resolv_timeout) + ret = test_loop(test_ctx); + } + +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, "test_loop failed with error: %d", ret); + talloc_zfree(test_ctx); + } + END_TEST +-- +2.28.0.rc2 + + +From 372f34b46ef402f58c593c4bf01a6c5bd270b83f Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:06 +0000 +Subject: [PATCH 06/19] =?UTF-8?q?KRB5-UTILS-TESTS:=20Fix=20error=20too=20f?= + =?UTF-8?q?ew=20arguments=20to=20function=20=E2=80=98=5Fck=5Fassert=5Ffail?= + =?UTF-8?q?ed=E2=80=99?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* add missing messages to fail_{if,unless} macros +--- + src/tests/krb5_utils-tests.c | 97 +++++++++++++++++++++++++----------- + 1 file changed, 67 insertions(+), 30 deletions(-) + +diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c +index bff42f848..b4b7ae819 100644 +--- a/src/tests/krb5_utils-tests.c ++++ b/src/tests/krb5_utils-tests.c +@@ -298,7 +298,7 @@ void setup_talloc_context(void) + fail_unless(pd != NULL, "Cannot create krb5_ctx structure."); + + pd->user = sss_create_internal_fqname(pd, USERNAME, DOMAIN_NAME); +- fail_unless(pd->user != NULL); ++ fail_unless(pd->user != NULL, "Failed to allocate memory"); + kr->uid = atoi(UID); + kr->upn = discard_const(PRINCIPAL_NAME); + pd->cli_pid = atoi(PID); +@@ -372,7 +372,7 @@ START_TEST(test_case_sensitive) + const char *expected_ci = BASE"_testuser"; + + kr->pd->user = sss_create_internal_fqname(kr, USERNAME_CASE, DOMAIN_NAME); +- fail_unless(kr->pd->user != NULL); ++ fail_unless(kr->pd->user != NULL, "Failed to allocate memory"); + ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, CCACHE_DIR); + fail_unless(ret == EOK, "Failed to set Ccache dir"); + +@@ -586,7 +586,8 @@ compare_map_id_name_to_krb_primary(struct map_id_name_to_krb_primary *a, + errno_t ret; + + while (a[i].id_name != NULL && a[i].krb_primary != NULL) { +- fail_unless(i < len); ++ fail_unless(i < len, ++ "Index: %d mus =t be lowwer than: %zd", i, len); + ret = sss_utf8_case_eq((const uint8_t*)a[i].id_name, + (const uint8_t*)str[i*2]); + fail_unless(ret == EOK, +@@ -613,30 +614,52 @@ START_TEST(test_parse_krb5_map_user) + { + check_leaks_push(mem_ctx); + ret = parse_krb5_map_user(mem_ctx, NULL, DOMAIN_NAME, &name_to_primary); +- fail_unless(ret == EOK); +- fail_unless(name_to_primary[0].id_name == NULL && +- name_to_primary[0].krb_primary == NULL); ++ fail_unless(ret == EOK, ++ "parse_krb5_map_user failed with error: %d", ret); ++ fail_unless(name_to_primary[0].id_name == NULL, ++ "id_name must be NULL. Got: %s", ++ name_to_primary[0].id_name); ++ fail_unless(name_to_primary[0].krb_primary == NULL, ++ "krb_primary must be NULL. Got: %s", ++ name_to_primary[0].krb_primary); + talloc_free(name_to_primary); + + ret = parse_krb5_map_user(mem_ctx, "", DOMAIN_NAME, &name_to_primary); +- fail_unless(ret == EOK); +- fail_unless(name_to_primary[0].id_name == NULL && +- name_to_primary[0].krb_primary == NULL); ++ fail_unless(ret == EOK, ++ "parse_krb5_map_user failed with error: %d", ret); ++ fail_unless(name_to_primary[0].id_name == NULL, ++ "id_name must be NULL. Got: %s", ++ name_to_primary[0].id_name); ++ fail_unless(name_to_primary[0].krb_primary == NULL, ++ "krb_primary must be NULL. Got: %s", ++ name_to_primary[0].krb_primary); + talloc_free(name_to_primary); + + ret = parse_krb5_map_user(mem_ctx, ",", DOMAIN_NAME, &name_to_primary); +- fail_unless(ret == EOK); +- fail_unless(name_to_primary[0].id_name == NULL && +- name_to_primary[0].krb_primary == NULL); ++ fail_unless(ret == EOK, ++ "parse_krb5_map_user failed with error: %d", ret); ++ fail_unless(name_to_primary[0].id_name == NULL, ++ "id_name must be NULL. Got: %s", ++ name_to_primary[0].id_name); ++ fail_unless(name_to_primary[0].krb_primary == NULL, ++ "krb_primary must be NULL. Got: %s", ++ name_to_primary[0].krb_primary); + talloc_free(name_to_primary); + + ret = parse_krb5_map_user(mem_ctx, ",,", DOMAIN_NAME, &name_to_primary); +- fail_unless(ret == EOK); +- fail_unless(name_to_primary[0].id_name == NULL && +- name_to_primary[0].krb_primary == NULL); ++ fail_unless(ret == EOK, ++ "parse_krb5_map_user failed with error: %d", ret); ++ fail_unless(name_to_primary[0].id_name == NULL, ++ "id_name must be NULL. Got: %s", ++ name_to_primary[0].id_name); ++ fail_unless(name_to_primary[0].krb_primary == NULL, ++ "krb_primary must be NULL. Got: %s", ++ name_to_primary[0].krb_primary); ++ + talloc_free(name_to_primary); + +- fail_unless(check_leaks_pop(mem_ctx)); ++ fail_unless(check_leaks_pop(mem_ctx), ++ "check_leaks_pop failed"); + } + /* valid input */ + { +@@ -647,46 +670,56 @@ START_TEST(test_parse_krb5_map_user) + "joe@testdomain", "juser@testdomain", + "jdoe@testdomain", "ßlack@testdomain" }; + ret = parse_krb5_map_user(mem_ctx, p, DOMAIN_NAME, &name_to_primary); +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, ++ "parse_krb5_map_user failed with error: %d", ret); + compare_map_id_name_to_krb_primary(name_to_primary, expected, + sizeof(expected)/sizeof(const char*)/2); + talloc_free(name_to_primary); + + ret = parse_krb5_map_user(mem_ctx, p2, DOMAIN_NAME, &name_to_primary); +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, ++ "parse_krb5_map_user failed with error: %d", ret); + compare_map_id_name_to_krb_primary(name_to_primary, expected, + sizeof(expected)/sizeof(const char*)/2); + talloc_free(name_to_primary); +- fail_unless(check_leaks_pop(mem_ctx)); ++ fail_unless(check_leaks_pop(mem_ctx), ++ "check_leaks_pop failed"); + } + /* invalid input */ + { + check_leaks_push(mem_ctx); + + ret = parse_krb5_map_user(mem_ctx, ":", DOMAIN_NAME, &name_to_primary); +- fail_unless(ret == EINVAL); ++ fail_unless(ret == EINVAL, ++ "parse_krb5_map_user must fail with EINVAL got: %d", ret); + + ret = parse_krb5_map_user(mem_ctx, "joe:", DOMAIN_NAME, + &name_to_primary); +- fail_unless(ret == EINVAL); ++ fail_unless(ret == EINVAL, ++ "parse_krb5_map_user must fail with EINVAL got: %d", ret); + + ret = parse_krb5_map_user(mem_ctx, ":joe", DOMAIN_NAME, + &name_to_primary); +- fail_unless(ret == EINVAL); ++ fail_unless(ret == EINVAL, ++ "parse_krb5_map_user must fail with EINVAL got: %d", ret); + + ret = parse_krb5_map_user(mem_ctx, "joe:,", DOMAIN_NAME, + &name_to_primary); +- fail_unless(ret == EINVAL); ++ fail_unless(ret == EINVAL, ++ "parse_krb5_map_user must fail with EINVAL got: %d", ret); + + ret = parse_krb5_map_user(mem_ctx, ",joe", DOMAIN_NAME, + &name_to_primary); +- fail_unless(ret == EINVAL); ++ fail_unless(ret == EINVAL, ++ "parse_krb5_map_user must fail with EINVAL got: %d", ret); + + ret = parse_krb5_map_user(mem_ctx, "joe:j:user", DOMAIN_NAME, + &name_to_primary); +- fail_unless(ret == EINVAL); ++ fail_unless(ret == EINVAL, ++ "parse_krb5_map_user must fail with EINVAL got: %d", ret); + +- fail_unless(check_leaks_pop(mem_ctx)); ++ fail_unless(check_leaks_pop(mem_ctx), ++ "check_leaks_pop failed"); + } + + talloc_free(mem_ctx); +@@ -695,14 +728,18 @@ END_TEST + + START_TEST(test_sss_krb5_realm_has_proxy) + { +- fail_unless(sss_krb5_realm_has_proxy(NULL) == false); ++ fail_unless(sss_krb5_realm_has_proxy(NULL) == false, ++ "sss_krb5_realm_has_proxy did not return false"); + + setenv("KRB5_CONFIG", "/dev/null", 1); +- fail_unless(sss_krb5_realm_has_proxy("REALM") == false); ++ fail_unless(sss_krb5_realm_has_proxy("REALM") == false, ++ "sss_krb5_realm_has_proxy did not return false"); + + setenv("KRB5_CONFIG", ABS_SRC_DIR"/src/tests/krb5_proxy_check_test_data.conf", 1); +- fail_unless(sss_krb5_realm_has_proxy("REALM") == false); +- fail_unless(sss_krb5_realm_has_proxy("REALM_PROXY") == true); ++ fail_unless(sss_krb5_realm_has_proxy("REALM") == false, ++ "sss_krb5_realm_has_proxy did not return false"); ++ fail_unless(sss_krb5_realm_has_proxy("REALM_PROXY") == true, ++ "sss_krb5_realm_has_proxy did not return true"); + } + END_TEST + +-- +2.28.0.rc2 + + +From fabbf90c7de4e837b9b50a64569086171bad4479 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:07 +0000 +Subject: [PATCH 07/19] KRB5-UTILS-TESTS: Fix format string issues + +--- + src/tests/krb5_utils-tests.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c +index b4b7ae819..540fc8012 100644 +--- a/src/tests/krb5_utils-tests.c ++++ b/src/tests/krb5_utils-tests.c +@@ -487,8 +487,9 @@ START_TEST(test_NULL) + + result = expand_ccname_template(tmp_ctx, kr, test_template, NULL, true, true); + +- fail_unless(result == NULL, "Expected NULL as a result for an empty input.", +- test_template); ++ fail_unless(result == NULL, ++ "Expected NULL as a result for an empty input for " ++ "NULL template"); + } + END_TEST + +@@ -599,7 +600,7 @@ compare_map_id_name_to_krb_primary(struct map_id_name_to_krb_primary *a, + a[i].krb_primary, str[i*2+1]); + i++; + } +- fail_unless(len == i, "%u != %u", len, i); ++ fail_unless(len == i, "%zu != %u", len, i); + } + + START_TEST(test_parse_krb5_map_user) +-- +2.28.0.rc2 + + +From 7ad0af60d905167fe731c02825fc98e1dfa8497b Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:08 +0000 +Subject: [PATCH 08/19] CHECK-AND-OPEN-TESTS: Fix format string issues + +--- + src/tests/check_and_open-tests.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/tests/check_and_open-tests.c b/src/tests/check_and_open-tests.c +index 525e28aed..ddc4acd50 100644 +--- a/src/tests/check_and_open-tests.c ++++ b/src/tests/check_and_open-tests.c +@@ -99,7 +99,7 @@ START_TEST(test_symlink) + + ret = snprintf(newpath, newpath_length, "%s%s", filename, SUFFIX); + fail_unless(ret == newpath_length - 1, +- "snprintf failed: expected [%d] got [%d]", newpath_length -1, ++ "snprintf failed: expected [%zd] got [%d]", newpath_length - 1, + ret); + + ret = symlink(filename, newpath); +@@ -126,7 +126,7 @@ START_TEST(test_follow_symlink) + + ret = snprintf(newpath, newpath_length, "%s%s", filename, SUFFIX); + fail_unless(ret == newpath_length - 1, +- "snprintf failed: expected [%d] got [%d]", newpath_length -1, ++ "snprintf failed: expected [%zd] got [%d]", newpath_length - 1, + ret); + + ret = symlink(filename, newpath); +-- +2.28.0.rc2 + + +From 96dac929c1ff48729f60eb8aab8809dc925c1552 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:09 +0000 +Subject: [PATCH 09/19] =?UTF-8?q?REFCOUNT-TESTS:=20Fix=20error=20too=20few?= + =?UTF-8?q?=20arguments=20to=20function=20=E2=80=98=5Fck=5Fassert=5Ffailed?= + =?UTF-8?q?=E2=80=99?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* add missing messages to fail_{if,unless} macros +--- + src/tests/refcount-tests.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/src/tests/refcount-tests.c b/src/tests/refcount-tests.c +index 232302f38..4907ab5fb 100644 +--- a/src/tests/refcount-tests.c ++++ b/src/tests/refcount-tests.c +@@ -90,29 +90,29 @@ START_TEST(test_refcount_basic) + + /* First allocate our global storage place. */ + global = talloc(NULL, struct container); +- fail_if(global == NULL); ++ fail_if(global == NULL, "Failed to allocate memory"); + + /* Allocate foo. */ + global->foo = rc_alloc(global, struct foo); +- fail_if(global->foo == NULL); ++ fail_if(global->foo == NULL, "Failed to allocate memory"); + SET_FILLER(global->foo); + REF_ASSERT(global->foo, 1); + + /* Allocate bar. */ + global->bar = rc_alloc(global, struct bar); +- fail_if(global->bar == NULL); ++ fail_if(global->bar == NULL, "Failed to allocate memory"); + SET_FILLER(global->bar); + REF_ASSERT(global->bar, 1); + + /* Allocate baz. */ + global->baz = rc_alloc(global, struct baz); +- fail_if(global->baz == NULL); ++ fail_if(global->baz == NULL, "Failed to allocate memory"); + SET_FILLER(global->baz); + REF_ASSERT(global->baz, 1); + + /* Try multiple attaches. */ + containers = talloc_array(NULL, struct container, 100); +- fail_if(containers == NULL); ++ fail_if(containers == NULL, "Failed to allocate memory"); + for (i = 0; i < 100; i++) { + containers[i].foo = rc_reference(containers, struct foo, global->foo); + containers[i].bar = rc_reference(containers, struct bar, global->bar); +@@ -153,15 +153,17 @@ START_TEST(test_refcount_swap) + + /* Allocate. */ + container1->foo = rc_alloc(container1, struct foo); +- fail_if(container1->foo == NULL); ++ fail_if(container1->foo == NULL, "Failed to allocate memory"); + SET_FILLER(container1->foo); + + /* Reference. */ + container2->foo = rc_reference(container2, struct foo, container1->foo); +- fail_if(container2->foo == NULL); ++ fail_if(container2->foo == NULL, "Failed to allocate memory"); + + /* Make sure everything is as it should be. */ +- fail_unless(container1->foo == container2->foo); ++ fail_unless(container1->foo == container2->foo, ++ "Values have to be equal. %p == %p", ++ container1->foo, container2->foo); + REF_ASSERT(container1->foo, 2); + + /* Free in reverse order. */ +-- +2.28.0.rc2 + + +From 686d7c8f0432aeb7b36a807adaccf2173cfdf5cc Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:10 +0000 +Subject: [PATCH 10/19] =?UTF-8?q?FAIL-OVER-TESTS:=20Fix=20error=20too=20fe?= + =?UTF-8?q?w=20arguments=20to=20function=20=E2=80=98=5Fck=5Fassert=5Ffaile?= + =?UTF-8?q?d=E2=80=99?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* add missing messages to fail_{if,unless} macros +--- + src/tests/fail_over-tests.c | 63 ++++++++++++++++++++++++------------- + 1 file changed, 42 insertions(+), 21 deletions(-) + +diff --git a/src/tests/fail_over-tests.c b/src/tests/fail_over-tests.c +index b2269ef3b..4afbc7933 100644 +--- a/src/tests/fail_over-tests.c ++++ b/src/tests/fail_over-tests.c +@@ -116,24 +116,30 @@ START_TEST(test_fo_new_service) + + ck_leaks_push(ctx); + ret = fo_new_service(ctx->fo_ctx, buf, NULL, &services[i]); +- fail_if(ret != EOK); ++ fail_if(ret != EOK, ++ "fo_new_service failed with error: %d", ret); + } + + ret = fo_new_service(ctx->fo_ctx, "service_3", NULL, &service); +- fail_if(ret != EEXIST); ++ fail_if(ret != EEXIST, ++ "fo_new_service must return EEXIST. Got: %d", ret); + + for (i = 9; i >= 0; i--) { + char buf[16]; + sprintf(buf, "service_%d", i); + + ret = fo_get_service(ctx->fo_ctx, buf, &service); +- fail_if(ret != EOK); +- fail_if(service != services[i]); ++ fail_if(ret != EOK, ++ "fo_get_service failed with error: %d", ret); ++ fail_if(service != services[i], ++ "Unexpected service returned. %p != %p", ++ service, services[i]); + talloc_free(service); + ck_leaks_pop(ctx); + + ret = fo_get_service(ctx->fo_ctx, buf, &service); +- fail_if(ret != ENOENT); ++ fail_if(ret != ENOENT, ++ "fo_get_service must return ENOENT. Got: %d", ret); + } + + ck_leaks_pop(ctx); +@@ -162,7 +168,8 @@ test_resolve_service_callback(struct tevent_req *req) + task->location, task->recv, recv_status); + if (recv_status != EOK) + return; +- fail_if(server == NULL); ++ fail_if(server == NULL, ++ "fo_resolve_service_recv must not return NULL for server"); + port = fo_get_server_port(server); + fail_if(port != task->port, "%s: Expected port %d, got %d", task->location, + task->port, port); +@@ -179,7 +186,8 @@ test_resolve_service_callback(struct tevent_req *req) + char buf[256]; + + inet_ntop(he->family, he->addr_list[i]->ipaddr, buf, sizeof(buf)); +- fail_if(strcmp(buf, "127.0.0.1") != 0 && strcmp(buf, "::1") != 0); ++ fail_if(strcmp(buf, "127.0.0.1") != 0 && strcmp(buf, "::1") != 0, ++ "Expecting either '127.0.0.1' or '::1'. Got: %s", buf); + } + } + +@@ -204,7 +212,7 @@ _get_request(struct test_ctx *test_ctx, struct fo_service *service, + struct task *task; + + task = talloc(test_ctx, struct task); +- fail_if(task == NULL); ++ fail_if(task == NULL, "Failed to allocate memory"); + + task->test_ctx = test_ctx; + task->recv = expected_recv; +@@ -228,27 +236,40 @@ START_TEST(test_fo_resolve_service) + { + struct test_ctx *ctx; + struct fo_service *service[3]; ++ int ret; + + ctx = setup_test(); +- fail_if(ctx == NULL); ++ fail_if(ctx == NULL, "Failed to allocate memory"); + + /* Add service. */ +- fail_if(fo_new_service(ctx->fo_ctx, "http", NULL, &service[0]) != EOK); ++ ret = fo_new_service(ctx->fo_ctx, "http", NULL, &service[0]); ++ fail_if(ret != EOK, "fo_new_service failed with error: %d", ret); + +- fail_if(fo_new_service(ctx->fo_ctx, "ldap", NULL, &service[1]) != EOK); ++ ret = fo_new_service(ctx->fo_ctx, "ldap", NULL, &service[1]); ++ fail_if(ret != EOK, "fo_new_service failed with error: %d", ret); + +- fail_if(fo_new_service(ctx->fo_ctx, "ntp", NULL, &service[2]) != EOK); ++ ret = fo_new_service(ctx->fo_ctx, "ntp", NULL, &service[2]); ++ fail_if(ret != EOK, "fo_new_service failed with error: %d", ret); + + /* Add servers. */ +- fail_if(fo_add_server(service[0], "localhost", 20, NULL, true) != EOK); +- fail_if(fo_add_server(service[0], "127.0.0.1", 80, NULL, false) != EOK); +- +- fail_if(fo_add_server(service[1], "localhost", 30, NULL, false) != EOK); +- fail_if(fo_add_server(service[1], "127.0.0.1", 389, NULL, true) != EOK); +- fail_if(fo_add_server(service[1], "127.0.0.1", 389, NULL, true) != EEXIST); +- fail_if(fo_add_server(service[1], "127.0.0.1", 389, NULL, false) != EEXIST); +- +- fail_if(fo_add_server(service[2], NULL, 123, NULL, true) != EOK); ++ ret = fo_add_server(service[0], "localhost", 20, NULL, true); ++ fail_if(ret != EOK, "fo_add_server failed with error: %d", ret); ++ ret = fo_add_server(service[0], "127.0.0.1", 80, NULL, false); ++ fail_if(ret != EOK, "fo_add_server failed with error: %d", ret); ++ ++ ret = fo_add_server(service[1], "localhost", 30, NULL, false); ++ fail_if(ret != EOK, "fo_add_server failed with error: %d", ret); ++ ret = fo_add_server(service[1], "127.0.0.1", 389, NULL, true); ++ fail_if(ret != EOK, "fo_add_server failed with error: %d", ret); ++ ret = fo_add_server(service[1], "127.0.0.1", 389, NULL, true); ++ fail_if(ret != EEXIST, ++ "fo_add_server must fail with EEXIST. Got: %d", ret); ++ ret = fo_add_server(service[1], "127.0.0.1", 389, NULL, false); ++ fail_if(ret != EEXIST, ++ "fo_add_server must fail with EEXIST. Got: %d", ret); ++ ++ ret = fo_add_server(service[2], NULL, 123, NULL, true); ++ fail_if(ret != EOK, "fo_add_server failed with error: %d", ret); + + /* Make requests. */ + get_request(ctx, service[0], EOK, 20, PORT_WORKING, -1); +-- +2.28.0.rc2 + + +From 0261117370d3d504a0aa0c95a2dc11b10429430c Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:11 +0000 +Subject: [PATCH 11/19] FAIL-OVER-TESTS: Fix format string issues + +--- + src/tests/fail_over-tests.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tests/fail_over-tests.c b/src/tests/fail_over-tests.c +index 4afbc7933..d7bd173d6 100644 +--- a/src/tests/fail_over-tests.c ++++ b/src/tests/fail_over-tests.c +@@ -164,7 +164,7 @@ test_resolve_service_callback(struct tevent_req *req) + + recv_status = fo_resolve_service_recv(req, req, &server); + talloc_free(req); +- fail_if(recv_status != task->recv, "%s: Expected return of %d, got %d", ++ fail_if(recv_status != task->recv, "%s: Expected return of %d, got %"PRIu64, + task->location, task->recv, recv_status); + if (recv_status != EOK) + return; +-- +2.28.0.rc2 + + +From 45f1f0b2d0ac9fb98aff79a453b0228a81c35f7f Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:12 +0000 +Subject: [PATCH 12/19] AUTH-TESTS: Fix format string issues + +--- + src/tests/auth-tests.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tests/auth-tests.c b/src/tests/auth-tests.c +index 67c664882..69998706e 100644 +--- a/src/tests/auth-tests.c ++++ b/src/tests/auth-tests.c +@@ -203,7 +203,7 @@ static void do_failed_login_test(uint32_t failed_login_attempts, + + fail_unless(delayed_until == expected_delay, + "check_failed_login_attempts wrong delay, " +- "expected [%d], got [%d]", ++ "expected [%ld], got [%ld]", + expected_delay, delayed_until); + + talloc_free(test_ctx); +-- +2.28.0.rc2 + + +From fb4a22c39b16899edebdf90d71ed16e0700597c6 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:13 +0000 +Subject: [PATCH 13/19] =?UTF-8?q?IPA-LDAP-OPT-TESTS:=20Fix=20error=20too?= + =?UTF-8?q?=20few=20arguments=20to=20function=20=E2=80=98=5Fck=5Fassert=5F?= + =?UTF-8?q?failed=E2=80=99?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* add missing messages to fail_{if,unless} macros +* convert assertions to different macros +--- + src/tests/ipa_ldap_opt-tests.c | 87 ++++++++++++++++++++++------------ + 1 file changed, 57 insertions(+), 30 deletions(-) + +diff --git a/src/tests/ipa_ldap_opt-tests.c b/src/tests/ipa_ldap_opt-tests.c +index 8c7c81f7d..9c3bede9b 100644 +--- a/src/tests/ipa_ldap_opt-tests.c ++++ b/src/tests/ipa_ldap_opt-tests.c +@@ -171,18 +171,26 @@ END_TEST + + static void fail_unless_dp_opt_is_terminator(struct dp_option *o) + { +- fail_unless(o->opt_name == NULL); +- fail_unless(o->type == 0); +- fail_unless(o->def_val.string == NULL); +- fail_unless(o->val.string == NULL); ++ fail_unless(o->opt_name == NULL, ++ "Unexpected NULL for opt_name in dp_option"); ++ fail_unless(o->type == 0, ++ "Unexpected 0 for type in dp_option"); ++ fail_unless(o->def_val.string == NULL, ++ "Unexpected NULL for def_val.string in dp_option"); ++ fail_unless(o->val.string == NULL, ++ "Unexpected NULL for val.string in dp_option"); + } + + static void fail_unless_sdap_opt_is_terminator(struct sdap_attr_map *m) + { +- fail_unless(m->name == NULL); +- fail_unless(m->def_name == NULL); +- fail_unless(m->sys_name == NULL); +- fail_unless(m->opt_name == NULL); ++ fail_unless(m->name == NULL, ++ "Unexpected NULL for name in sdap_attr_map"); ++ fail_unless(m->def_name == NULL, ++ "Unexpected NULL for def_name in sdap_attr_map"); ++ fail_unless(m->sys_name == NULL, ++ "Unexpected NULL for sys_name in sdap_attr_map"); ++ fail_unless(m->opt_name == NULL, ++ "Unexpected NULL for opt_name in sdap_attr_map"); + } + + START_TEST(test_dp_opt_sentinel) +@@ -325,37 +333,53 @@ START_TEST(test_copy_sdap_map) + ret = sdap_copy_map(global_talloc_context, + rfc2307_user_map, SDAP_OPTS_USER, &out_map); + fail_unless(ret == EOK, "[%s]", strerror(ret)); +- fail_unless(out_map[SDAP_OPTS_USER].name == NULL); +- fail_unless(out_map[SDAP_OPTS_USER].def_name == NULL); +- fail_unless(out_map[SDAP_OPTS_USER].sys_name == NULL); +- fail_unless(out_map[SDAP_OPTS_USER].opt_name == NULL); ++ fail_unless(out_map[SDAP_OPTS_USER].name == NULL, ++ "Unexpected NULL for name with idx: %d", SDAP_OPTS_USER); ++ fail_unless(out_map[SDAP_OPTS_USER].def_name == NULL, ++ "Unexpected NULL for def_name with idx: %d", SDAP_OPTS_USER); ++ fail_unless(out_map[SDAP_OPTS_USER].sys_name == NULL, ++ "Unexpected NULL for sys_name with idx: %d", SDAP_OPTS_USER); ++ fail_unless(out_map[SDAP_OPTS_USER].opt_name == NULL, ++ "Unexpected NULL for opt_name with idx: %d", SDAP_OPTS_USER); + talloc_free(out_map); + + ret = sdap_copy_map(global_talloc_context, + rfc2307bis_user_map, SDAP_OPTS_USER, &out_map); + fail_unless(ret == EOK, "[%s]", strerror(ret)); +- fail_unless(out_map[SDAP_OPTS_USER].name == NULL); +- fail_unless(out_map[SDAP_OPTS_USER].def_name == NULL); +- fail_unless(out_map[SDAP_OPTS_USER].sys_name == NULL); +- fail_unless(out_map[SDAP_OPTS_USER].opt_name == NULL); ++ fail_unless(out_map[SDAP_OPTS_USER].name == NULL, ++ "Unexpected NULL for name with idx: %d", SDAP_OPTS_USER); ++ fail_unless(out_map[SDAP_OPTS_USER].def_name == NULL, ++ "Unexpected NULL for def_name with idx: %d", SDAP_OPTS_USER); ++ fail_unless(out_map[SDAP_OPTS_USER].sys_name == NULL, ++ "Unexpected NULL for sys_name with idx: %d", SDAP_OPTS_USER); ++ fail_unless(out_map[SDAP_OPTS_USER].opt_name == NULL, ++ "Unexpected NULL for opt_name with idx: %d", SDAP_OPTS_USER); + talloc_free(out_map); + + ret = sdap_copy_map(global_talloc_context, + ipa_user_map, SDAP_OPTS_USER, &out_map); + fail_unless(ret == EOK, "[%s]", strerror(ret)); +- fail_unless(out_map[SDAP_OPTS_USER].name == NULL); +- fail_unless(out_map[SDAP_OPTS_USER].def_name == NULL); +- fail_unless(out_map[SDAP_OPTS_USER].sys_name == NULL); +- fail_unless(out_map[SDAP_OPTS_USER].opt_name == NULL); ++ fail_unless(out_map[SDAP_OPTS_USER].name == NULL, ++ "Unexpected NULL for name with idx: %d", SDAP_OPTS_USER); ++ fail_unless(out_map[SDAP_OPTS_USER].def_name == NULL, ++ "Unexpected NULL for def_name with idx: %d", SDAP_OPTS_USER); ++ fail_unless(out_map[SDAP_OPTS_USER].sys_name == NULL, ++ "Unexpected NULL for sys_name with idx: %d", SDAP_OPTS_USER); ++ fail_unless(out_map[SDAP_OPTS_USER].opt_name == NULL, ++ "Unexpected NULL for opt_name with idx: %d", SDAP_OPTS_USER); + talloc_free(out_map); + + ret = sdap_copy_map(global_talloc_context, + gen_ad2008r2_user_map, SDAP_OPTS_USER, &out_map); + fail_unless(ret == EOK, "[%s]", strerror(ret)); +- fail_unless(out_map[SDAP_OPTS_USER].name == NULL); +- fail_unless(out_map[SDAP_OPTS_USER].def_name == NULL); +- fail_unless(out_map[SDAP_OPTS_USER].sys_name == NULL); +- fail_unless(out_map[SDAP_OPTS_USER].opt_name == NULL); ++ fail_unless(out_map[SDAP_OPTS_USER].name == NULL, ++ "Unexpected NULL for name with idx: %d", SDAP_OPTS_USER); ++ fail_unless(out_map[SDAP_OPTS_USER].def_name == NULL, ++ "Unexpected NULL for def_name with idx: %d", SDAP_OPTS_USER); ++ fail_unless(out_map[SDAP_OPTS_USER].sys_name == NULL, ++ "Unexpected NULL for sys_name with idx: %d", SDAP_OPTS_USER); ++ fail_unless(out_map[SDAP_OPTS_USER].opt_name == NULL, ++ "Unexpected NULL for opt_name with idx: %d", SDAP_OPTS_USER); + talloc_free(out_map); + } + END_TEST +@@ -382,14 +406,15 @@ START_TEST(test_extra_opts) + fail_unless(ret == EOK, "[%s]", sss_strerror(ret)); + + /* Two extra and sentinel */ +- fail_unless(new_size != SDAP_OPTS_USER + 3); ++ ck_assert_int_eq(new_size, SDAP_OPTS_USER + 3); + /* Foo would be saved to sysdb verbatim */ + ck_assert_str_eq(out_map[SDAP_OPTS_USER].name, "foo"); + ck_assert_str_eq(out_map[SDAP_OPTS_USER].sys_name, "foo"); + /* Bar would be saved to sysdb as baz */ + ck_assert_str_eq(out_map[SDAP_OPTS_USER+1].name, "bar"); + ck_assert_str_eq(out_map[SDAP_OPTS_USER+1].sys_name, "baz"); +- fail_unless(out_map[SDAP_OPTS_USER+2].name == NULL); ++ fail_unless(out_map[SDAP_OPTS_USER+2].name == NULL, ++ "Unexpected NULL for name with id: %d", SDAP_OPTS_USER + 2); + + talloc_free(out_map); + } +@@ -413,8 +438,9 @@ START_TEST(test_no_extra_opts) + &out_map, &new_size); + fail_unless(ret == EOK, "[%s]", sss_strerror(ret)); + /* Attributes and sentinel */ +- fail_unless(new_size != SDAP_OPTS_USER + 1); +- fail_unless(out_map[SDAP_OPTS_USER].name == NULL); ++ ck_assert_int_eq(new_size, SDAP_OPTS_USER + 1); ++ fail_unless(out_map[SDAP_OPTS_USER].name == NULL, ++ "Unexpected NULL for name with id: %d", SDAP_OPTS_USER); + + talloc_free(out_map); + } +@@ -441,8 +467,9 @@ START_TEST(test_extra_opts_neg) + &out_map, &new_size); + fail_unless(ret == EOK, "[%s]", strerror(ret)); + /* The faulty attributes would be just skipped */ +- fail_unless(new_size != SDAP_OPTS_USER + 1); +- fail_unless(out_map[SDAP_OPTS_USER].name == NULL); ++ ck_assert_int_eq(new_size, SDAP_OPTS_USER + 1); ++ fail_unless(out_map[SDAP_OPTS_USER].name == NULL, ++ "Unexpected NULL for name with id: %d", SDAP_OPTS_USER); + + talloc_free(out_map); + } +-- +2.28.0.rc2 + + +From 9731df5ac6c7f7a9ad5bd50ba25598c4ffa79e46 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:14 +0000 +Subject: [PATCH 14/19] =?UTF-8?q?CRYPTO-TESTS:=20Fix=20error=20too=20few?= + =?UTF-8?q?=20arguments=20to=20function=20=E2=80=98=5Fck=5Fassert=5Ffailed?= + =?UTF-8?q?=E2=80=99?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* add missing messages to fail_{if,unless} macros +* convert assertions to different macros +--- + src/tests/crypto-tests.c | 63 ++++++++++++++++++++++++---------------- + 1 file changed, 38 insertions(+), 25 deletions(-) + +diff --git a/src/tests/crypto-tests.c b/src/tests/crypto-tests.c +index 6f5e22a87..4af82b078 100644 +--- a/src/tests/crypto-tests.c ++++ b/src/tests/crypto-tests.c +@@ -40,10 +40,13 @@ START_TEST(test_nss_init) + int ret; + + ret = nspr_nss_init(); +- fail_if(ret != EOK); ++ fail_if(ret != EOK, ++ "nspr_nss_init failed with error: %d", ret); ++ + + ret = nspr_nss_cleanup(); +- fail_if(ret != EOK); ++ fail_if(ret != EOK, ++ "nspr_nss_cleanup failed with error: %d", ret); + } + END_TEST + #endif +@@ -67,18 +70,22 @@ START_TEST(test_sss_password_encrypt_decrypt) + #endif + + test_ctx = talloc_new(NULL); +- fail_if(test_ctx == NULL); ++ fail_if(test_ctx == NULL, "Failed to allocate memory"); + ck_leaks_push(test_ctx); + + for (i=0; password[i]; i++) { + ret = sss_password_encrypt(test_ctx, password[i], strlen(password[i])+1, + AES_256, &obfpwd); +- fail_if(ret != expected); ++ ck_assert_int_eq(ret, expected); + + ret = sss_password_decrypt(test_ctx, obfpwd, &ctpwd); +- fail_if(ret != expected); ++ ck_assert_int_eq(ret, expected); + +- fail_if(ctpwd && strcmp(password[i], ctpwd) != 0); ++ fail_if(ctpwd == NULL, ++ "sss_password_decrypt must not return NULL"); ++ fail_if(strcmp(password[i], ctpwd) != 0, ++ "Unexpected decrypted password. Expected: %s got: %s", ++ password[i], ctpwd); + + talloc_free(obfpwd); + talloc_free(ctpwd); +@@ -116,8 +123,10 @@ START_TEST(test_hmac_sha1) + ret = sss_hmac_sha1((const unsigned char *)keys[i], strlen(keys[i]), + (const unsigned char *)message, strlen(message), + out); +- fail_if(ret != expected); +- fail_if(ret == EOK && memcmp(out, results[i], SSS_SHA1_LENGTH) != 0); ++ ck_assert_int_eq(ret, expected); ++ ck_assert_int_eq(ret, EOK); ++ fail_if(memcmp(out, results[i], SSS_SHA1_LENGTH) != 0, ++ "Unexpected result for index: %d", i); + } + } + END_TEST +@@ -129,11 +138,13 @@ START_TEST(test_base64_encode) + char *obfpwd = NULL; + + test_ctx = talloc_new(NULL); +- fail_if(test_ctx == NULL); ++ fail_if(test_ctx == NULL, "Failed to allocate memory"); + /* Base64 encode the buffer */ + obfpwd = sss_base64_encode(test_ctx, obfbuf, strlen((const char*)obfbuf)); +- fail_if(obfpwd == NULL); +- fail_if(strcmp(obfpwd,expected) != 0); ++ fail_if(obfpwd == NULL, ++ "sss_base64_encode must not return NULL"); ++ fail_if(strcmp(obfpwd, expected) != 0, ++ "Got: %s expected value: %s", obfpwd, expected); + + talloc_free(test_ctx); + } +@@ -147,12 +158,14 @@ START_TEST(test_base64_decode) + const unsigned char expected[] = "test"; + + test_ctx = talloc_new(NULL); +- fail_if(test_ctx == NULL); ++ fail_if(test_ctx == NULL, "Failed to allocate memory"); + /* Base64 decode the buffer */ + obfbuf = sss_base64_decode(test_ctx, b64encoded, &obflen); +- fail_if(!obfbuf); +- fail_if(obflen != strlen((const char*)expected)); +- fail_if(memcmp(obfbuf, expected, obflen) != 0); ++ fail_if(obfbuf == NULL, ++ "sss_base64_decode must not return NULL"); ++ ck_assert_int_eq(obflen, strlen((const char*)expected)); ++ fail_if(memcmp(obfbuf, expected, obflen) != 0, ++ "Unexpected vale returned after sss_base64_decode"); + + talloc_free(test_ctx); + } +@@ -176,14 +189,14 @@ START_TEST(test_sss_encrypt_decrypt) + int ret; + + test_ctx = talloc_new(NULL); +- fail_if(test_ctx == NULL); ++ fail_if(test_ctx == NULL, "Failed to allocate memory"); + + ret = sss_encrypt(test_ctx, AES256CBC_HMAC_SHA256, key, key_len, + (const uint8_t *)input_text, input_text_len, + &cipher_text, &cipher_text_len); + +- fail_if(ret != 0); +- fail_if(cipher_text_len == 0); ++ fail_if(ret != 0, "sss_encrypt failed with error: %d", ret); ++ fail_if(cipher_text_len == 0, "cipher_text_len must not be zero"); + + ret = memcmp(input_text, cipher_text, input_text_len); + fail_if(ret == 0, "Input and encrypted text has common prefix"); +@@ -191,8 +204,8 @@ START_TEST(test_sss_encrypt_decrypt) + ret = sss_decrypt(test_ctx, AES256CBC_HMAC_SHA256, key, key_len, + cipher_text, cipher_text_len, + &plain_text, &plain_text_len); +- fail_if(ret != 0); +- fail_if(plain_text_len != input_text_len); ++ fail_if(ret != 0, "sss_decrypt failed with error: %d", ret); ++ ck_assert_int_eq(plain_text_len, input_text_len); + + ret = memcmp(plain_text, input_text, input_text_len); + fail_if(ret != 0, "input text is not the same as de-encrypted text"); +@@ -211,21 +224,21 @@ START_TEST(test_s3crypt_sha512) + const char *expected_hash = "$6$tU67Q/9h3tm5WJ.U$aL9gjCfiSZQewHTI6A4/MHCVWrMCiJZ.gNXEIw6HO39XGbg.s2nTyGlYXeoQyQtDll3XSbIZN41fJEC3v7ELy0"; + + test_ctx = talloc_new(NULL); +- fail_if(test_ctx == NULL); ++ fail_if(test_ctx == NULL, "Failed to allocate memory"); + + ret = s3crypt_gen_salt(test_ctx, &salt); +- fail_if(ret != 0); ++ fail_if(ret != 0, "s3crypt_gen_salt failed with error: %d", ret); + + ret = s3crypt_sha512(test_ctx, password, salt, &userhash); +- fail_if(ret != 0); ++ fail_if(ret != 0, "s3crypt_sha512 failed with error: %d", ret); + + ret = s3crypt_sha512(test_ctx, password, userhash, &comphash); +- fail_if(ret != 0); ++ fail_if(ret != 0, "s3crypt_sha512 failed with error: %d", ret); + ck_assert_str_eq(userhash, comphash); + talloc_free(comphash); + + ret = s3crypt_sha512(test_ctx, password, expected_hash, &comphash); +- fail_if(ret != 0); ++ fail_if(ret != 0, "s3crypt_sha512 failed with error: %d", ret); + ck_assert_str_eq(expected_hash, comphash); + + talloc_free(test_ctx); +-- +2.28.0.rc2 + + +From bcc95a78395f5ec982ba90485eb6251e85b8678c Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:15 +0000 +Subject: [PATCH 15/19] =?UTF-8?q?UTIL-TESTS:=20Fix=20error=20too=20few=20a?= + =?UTF-8?q?rguments=20to=20function=20=E2=80=98=5Fck=5Fassert=5Ffailed?= + =?UTF-8?q?=E2=80=99?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* add missing messages to fail_{if,unless} macros +* convert assertions to different macros +--- + src/tests/util-tests.c | 52 +++++++++++++++++++++++++++--------------- + 1 file changed, 34 insertions(+), 18 deletions(-) + +diff --git a/src/tests/util-tests.c b/src/tests/util-tests.c +index e331f8260..11642d9b6 100644 +--- a/src/tests/util-tests.c ++++ b/src/tests/util-tests.c +@@ -445,15 +445,18 @@ START_TEST(test_fd_nonblocking) + errno_t ret; + + fd = open("/dev/null", O_RDONLY); +- fail_unless(fd > 0); ++ fail_unless(fd > 0, ++ "open failed with errno: %d", errno); + + flags = fcntl(fd, F_GETFL, 0); +- fail_if(flags & O_NONBLOCK); ++ fail_if(flags & O_NONBLOCK, ++ "Unexpected flag O_NONBLOCK[%x] in [%x]", O_NONBLOCK, flags); + + ret = sss_fd_nonblocking(fd); +- fail_unless(ret == EOK); ++ fail_unless(ret == EOK, "sss_fd_nonblocking failed with error: %d", ret); + flags = fcntl(fd, F_GETFL, 0); +- fail_unless(flags & O_NONBLOCK); ++ fail_unless(flags & O_NONBLOCK, ++ "Flag O_NONBLOCK[%x] is missing in [%x]", O_NONBLOCK, flags); + close(fd); + } + END_TEST +@@ -482,8 +485,9 @@ START_TEST(test_utf8_lowercase) + lcase = sss_utf8_tolower(munchen_utf8_upcase, + strlen((const char *)munchen_utf8_upcase), + &nlen); +- fail_if(strlen((const char *) munchen_utf8_upcase) != nlen); /* This is not true for utf8 strings in general */ +- fail_if(memcmp(lcase, munchen_utf8_lowcase, nlen)); ++ ck_assert_int_eq(strlen((const char *) munchen_utf8_upcase), nlen); /* This is not true for utf8 strings in general */ ++ fail_if(memcmp(lcase, munchen_utf8_lowcase, nlen), ++ "Unexpected binary values"); + sss_utf8_free(lcase); + } + END_TEST +@@ -497,12 +501,13 @@ START_TEST(test_utf8_talloc_lowercase) + + TALLOC_CTX *test_ctx; + test_ctx = talloc_new(NULL); +- fail_if(test_ctx == NULL); ++ fail_if(test_ctx == NULL, "Failed to allocate memory"); + + lcase = sss_tc_utf8_tolower(test_ctx, munchen_utf8_upcase, + strlen((const char *) munchen_utf8_upcase), + &nsize); +- fail_if(memcmp(lcase, munchen_utf8_lowcase, nsize)); ++ fail_if(memcmp(lcase, munchen_utf8_lowcase, nsize), ++ "Unexpected binary values"); + talloc_free(test_ctx); + } + END_TEST +@@ -515,10 +520,11 @@ START_TEST(test_utf8_talloc_str_lowercase) + + TALLOC_CTX *test_ctx; + test_ctx = talloc_new(NULL); +- fail_if(test_ctx == NULL); ++ fail_if(test_ctx == NULL, "Failed to allocate memory"); + + lcase = sss_tc_utf8_str_tolower(test_ctx, (const char *) munchen_utf8_upcase); +- fail_if(memcmp(lcase, munchen_utf8_lowcase, strlen(lcase))); ++ fail_if(memcmp(lcase, munchen_utf8_lowcase, strlen(lcase)), ++ "Unexpected binary values"); + talloc_free(test_ctx); + } + END_TEST +@@ -569,7 +575,9 @@ START_TEST(test_murmurhash3_check) + strlen(tests[i]), + 0xdeadbeef); + for (j = 0; j < i; j++) { +- fail_if(results[i] == results[j]); ++ fail_if(results[i] == results[j], ++ "Values have to be different. '%"PRIu32"' == '%"PRIu32"'", ++ results[i], results[j]); + } + } + } +@@ -599,7 +607,7 @@ START_TEST(test_murmurhash3_random) + + result1 = murmurhash3(test, len + 1, init_seed); + result2 = murmurhash3(test, len + 1, init_seed); +- fail_if(result1 != result2); ++ ck_assert_int_eq(result1, result2); + } + END_TEST + +@@ -1064,7 +1072,8 @@ static void convert_time_tz(const char* tz) + + if (tz) { + ret = setenv("TZ", tz, 1); +- fail_if(ret == -1); ++ fail_if(ret == -1, ++ "setenv failed with errno: %d", errno); + } + + ret = sss_utc_to_time_t("20140801115742Z", "%Y%m%d%H%M%SZ", &unix_time); +@@ -1072,9 +1081,12 @@ static void convert_time_tz(const char* tz) + /* restore */ + if (orig_tz != NULL) { + ret2 = setenv("TZ", orig_tz, 1); +- fail_if(ret2 == -1); ++ fail_if(ret2 == -1, ++ "setenv failed with errno: %d", errno); + } +- fail_unless(ret == EOK && difftime(1406894262, unix_time) == 0); ++ fail_unless(ret == EOK && difftime(1406894262, unix_time) == 0, ++ "Expecting 1406894262 got: ret[%d] unix_time[%ld]", ++ ret, unix_time); + } + + START_TEST(test_convert_time) +@@ -1084,11 +1096,15 @@ START_TEST(test_convert_time) + errno_t ret; + + ret = sss_utc_to_time_t("20150127133540P", format, &unix_time); +- fail_unless(ret == ERR_TIMESPEC_NOT_SUPPORTED); ++ fail_unless(ret == ERR_TIMESPEC_NOT_SUPPORTED, ++ "sss_utc_to_time_t must fail with %d. got: %d", ++ ERR_TIMESPEC_NOT_SUPPORTED, ret); + ret = sss_utc_to_time_t("0Z", format, &unix_time); +- fail_unless(ret == EINVAL); ++ fail_unless(ret == EINVAL, ++ "sss_utc_to_time_t must fail with EINVAL. got: %d", ret); + ret = sss_utc_to_time_t("000001010000Z", format, &unix_time); +- fail_unless(ret == EINVAL); ++ fail_unless(ret == EINVAL, ++ "sss_utc_to_time_t must fail with EINVAL. got: %d", ret); + + /* test that results are still same no matter what timezone is set */ + convert_time_tz(NULL); +-- +2.28.0.rc2 + + +From deef3642e58ea3d2041732f59648b398c9a6838f Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:16 +0000 +Subject: [PATCH 16/19] UTIL-TESTS: Fix format string issues + +--- + src/tests/util-tests.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/src/tests/util-tests.c b/src/tests/util-tests.c +index 11642d9b6..bf9779a22 100644 +--- a/src/tests/util-tests.c ++++ b/src/tests/util-tests.c +@@ -659,7 +659,7 @@ START_TEST(test_atomicio_read_from_file) + + fail_unless(ret == 0, "Error %d while reading\n", ret); + fail_unless(numread == bufsize, +- "Read %d bytes expected %d\n", numread, bufsize); ++ "Read %zd bytes expected %zd\n", numread, bufsize); + close(fd); + } + END_TEST +@@ -681,7 +681,7 @@ START_TEST(test_atomicio_read_from_small_file) + + fail_unless(ret == 0, "Error %d while writing\n", ret); + fail_unless(numwritten == wsize, +- "Wrote %d bytes expected %d\n", numwritten, wsize); ++ "Wrote %zd bytes expected %zd\n", numwritten, wsize); + + fsync(atio_fd); + lseek(atio_fd, 0, SEEK_SET); +@@ -692,7 +692,7 @@ START_TEST(test_atomicio_read_from_small_file) + + fail_unless(ret == 0, "Error %d while reading\n", ret); + fail_unless(numread == numwritten, +- "Read %d bytes expected %d\n", numread, numwritten); ++ "Read %zd bytes expected %zd\n", numread, numwritten); + } + END_TEST + +@@ -714,7 +714,7 @@ START_TEST(test_atomicio_read_from_large_file) + + fail_unless(ret == 0, "Error %d while writing\n", ret); + fail_unless(numwritten == wsize, +- "Wrote %d bytes expected %d\n", numwritten, wsize); ++ "Wrote %zd bytes expected %zd\n", numwritten, wsize); + + fsync(atio_fd); + lseek(atio_fd, 0, SEEK_SET); +@@ -731,7 +731,7 @@ START_TEST(test_atomicio_read_from_large_file) + + fail_unless(ret == 0, "Error %d while reading\n", ret); + fail_unless(total == numwritten, +- "Read %d bytes expected %d\n", numread, numwritten); ++ "Read %zd bytes expected %zd\n", numread, numwritten); + } + END_TEST + +@@ -752,7 +752,7 @@ START_TEST(test_atomicio_read_exact_sized_file) + + fail_unless(ret == 0, "Error %d while writing\n", ret); + fail_unless(numwritten == wsize, +- "Wrote %d bytes expected %d\n", numwritten, wsize); ++ "Wrote %zd bytes expected %zd\n", numwritten, wsize); + + fsync(atio_fd); + lseek(atio_fd, 0, SEEK_SET); +@@ -763,7 +763,7 @@ START_TEST(test_atomicio_read_exact_sized_file) + + fail_unless(ret == 0, "Error %d while reading\n", ret); + fail_unless(numread == numwritten, +- "Read %d bytes expected %d\n", numread, numwritten); ++ "Read %zd bytes expected %zd\n", numread, numwritten); + + fail_unless(rbuf[8] == '\0', "String not NULL terminated?"); + fail_unless(strcmp(wbuf, rbuf) == 0, "Read something else than wrote?"); +@@ -794,7 +794,7 @@ START_TEST(test_atomicio_read_from_empty_file) + + fail_unless(ret == 0, "Error %d while reading\n", ret); + fail_unless(numread == 0, +- "Read %d bytes expected 0\n", numread); ++ "Read %zd bytes expected 0\n", numread); + close(fd); + } + END_TEST +-- +2.28.0.rc2 + + +From 1bb674dfe22027d26e91fa8fc27ab9d1588fefbf Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:17 +0000 +Subject: [PATCH 17/19] =?UTF-8?q?IPA-HBAC-TESTS:=20Fix=20error=20too=20few?= + =?UTF-8?q?=20arguments=20to=20function=20=E2=80=98=5Fck=5Fassert=5Ffailed?= + =?UTF-8?q?=E2=80=99?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* add missing messages to fail_{if,unless} macros +--- + src/tests/ipa_hbac-tests.c | 195 ++++++++++++++++++--------------- + src/tests/ipa_ldap_opt-tests.c | 12 +- + 2 files changed, 116 insertions(+), 91 deletions(-) + +diff --git a/src/tests/ipa_hbac-tests.c b/src/tests/ipa_hbac-tests.c +index c8ef7fe44..2d8f8a980 100644 +--- a/src/tests/ipa_hbac-tests.c ++++ b/src/tests/ipa_hbac-tests.c +@@ -75,30 +75,30 @@ static void get_allow_all_rule(TALLOC_CTX *mem_ctx, + * remote hosts. + */ + rule = talloc_zero(mem_ctx, struct hbac_rule); +- fail_if (rule == NULL); ++ fail_if (rule == NULL, "Failed to allocate memory"); + + rule->enabled = true; + + rule->services = talloc_zero(rule, struct hbac_rule_element); +- fail_if (rule->services == NULL); ++ fail_if (rule->services == NULL, "Failed to allocate memory"); + rule->services->category = HBAC_CATEGORY_ALL; + rule->services->names = NULL; + rule->services->groups = NULL; + + rule->users = talloc_zero(rule, struct hbac_rule_element); +- fail_if (rule->users == NULL); ++ fail_if (rule->users == NULL, "Failed to allocate memory"); + rule->users->category = HBAC_CATEGORY_ALL; + rule->users->names = NULL; + rule->users->groups = NULL; + + rule->targethosts = talloc_zero(rule, struct hbac_rule_element); +- fail_if (rule->targethosts == NULL); ++ fail_if (rule->targethosts == NULL, "Failed to allocate memory"); + rule->targethosts->category = HBAC_CATEGORY_ALL; + rule->targethosts->names = NULL; + rule->targethosts->groups = NULL; + + rule->srchosts = talloc_zero(rule, struct hbac_rule_element); +- fail_if (rule->srchosts == NULL); ++ fail_if (rule->srchosts == NULL, "Failed to allocate memory"); + rule->srchosts->category = HBAC_CATEGORY_ALL; + rule->srchosts->names = NULL; + rule->srchosts->groups = NULL; +@@ -112,19 +112,19 @@ static void get_test_user(TALLOC_CTX *mem_ctx, + struct hbac_request_element *new_user; + + new_user = talloc_zero(mem_ctx, struct hbac_request_element); +- fail_if (new_user == NULL); ++ fail_if (new_user == NULL, "Failed to allocate memory"); + + new_user->name = talloc_strdup(new_user, HBAC_TEST_USER); +- fail_if(new_user->name == NULL); ++ fail_if(new_user->name == NULL, "Failed to allocate memory"); + + new_user->groups = talloc_array(new_user, const char *, 3); +- fail_if(new_user->groups == NULL); ++ fail_if(new_user->groups == NULL, "Failed to allocate memory"); + + new_user->groups[0] = talloc_strdup(new_user->groups, HBAC_TEST_GROUP1); +- fail_if(new_user->groups[0] == NULL); ++ fail_if(new_user->groups[0] == NULL, "Failed to allocate memory"); + + new_user->groups[1] = talloc_strdup(new_user->groups, HBAC_TEST_GROUP2); +- fail_if(new_user->groups[1] == NULL); ++ fail_if(new_user->groups[1] == NULL, "Failed to allocate memory"); + + new_user->groups[2] = NULL; + +@@ -137,19 +137,19 @@ static void get_test_service(TALLOC_CTX *mem_ctx, + struct hbac_request_element *new_service; + + new_service = talloc_zero(mem_ctx, struct hbac_request_element); +- fail_if (new_service == NULL); ++ fail_if (new_service == NULL, "Failed to allocate memory"); + + new_service->name = talloc_strdup(new_service, HBAC_TEST_SERVICE); +- fail_if(new_service->name == NULL); ++ fail_if(new_service->name == NULL, "Failed to allocate memory"); + + new_service->groups = talloc_array(new_service, const char *, 3); +- fail_if(new_service->groups == NULL); ++ fail_if(new_service->groups == NULL, "Failed to allocate memory"); + + new_service->groups[0] = talloc_strdup(new_service->groups, HBAC_TEST_SERVICEGROUP1); +- fail_if(new_service->groups[0] == NULL); ++ fail_if(new_service->groups[0] == NULL, "Failed to allocate memory"); + + new_service->groups[1] = talloc_strdup(new_service->groups, HBAC_TEST_SERVICEGROUP2); +- fail_if(new_service->groups[1] == NULL); ++ fail_if(new_service->groups[1] == NULL, "Failed to allocate memory"); + + new_service->groups[2] = NULL; + +@@ -162,21 +162,21 @@ static void get_test_srchost(TALLOC_CTX *mem_ctx, + struct hbac_request_element *new_srchost; + + new_srchost = talloc_zero(mem_ctx, struct hbac_request_element); +- fail_if (new_srchost == NULL); ++ fail_if (new_srchost == NULL, "Failed to allocate memory"); + + new_srchost->name = talloc_strdup(new_srchost, HBAC_TEST_SRCHOST); +- fail_if(new_srchost->name == NULL); ++ fail_if(new_srchost->name == NULL, "Failed to allocate memory"); + + new_srchost->groups = talloc_array(new_srchost, const char *, 3); +- fail_if(new_srchost->groups == NULL); ++ fail_if(new_srchost->groups == NULL, "Failed to allocate memory"); + + new_srchost->groups[0] = talloc_strdup(new_srchost->groups, + HBAC_TEST_SRCHOSTGROUP1); +- fail_if(new_srchost->groups[0] == NULL); ++ fail_if(new_srchost->groups[0] == NULL, "Failed to allocate memory"); + + new_srchost->groups[1] = talloc_strdup(new_srchost->groups, + HBAC_TEST_SRCHOSTGROUP2); +- fail_if(new_srchost->groups[1] == NULL); ++ fail_if(new_srchost->groups[1] == NULL, "Failed to allocate memory"); + + new_srchost->groups[2] = NULL; + +@@ -197,7 +197,7 @@ START_TEST(ipa_hbac_test_allow_all) + + /* Create a request */ + eval_req = talloc_zero(test_ctx, struct hbac_eval_req); +- fail_if (eval_req == NULL); ++ fail_if (eval_req == NULL, "Failed to allocate memory"); + + get_test_user(eval_req, &eval_req->user); + get_test_service(eval_req, &eval_req->service); +@@ -205,17 +205,18 @@ START_TEST(ipa_hbac_test_allow_all) + + /* Create the rules to evaluate against */ + rules = talloc_array(test_ctx, struct hbac_rule *, 2); +- fail_if (rules == NULL); ++ fail_if (rules == NULL, "Failed to allocate memory"); + + get_allow_all_rule(rules, &rules[0]); + rules[0]->name = talloc_strdup(rules[0], "Allow All"); +- fail_if(rules[0]->name == NULL); ++ fail_if(rules[0]->name == NULL, "Failed to allocate memory"); + rules[1] = NULL; + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); +- fail_unless(is_valid); +- fail_unless(missing_attrs == 0); ++ fail_unless(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs == 0, ++ "Unexpected missing attributes. Got: %"PRIx32, missing_attrs); + + /* Evaluate the rules */ + result = hbac_evaluate(rules, eval_req, &info); +@@ -245,7 +246,7 @@ START_TEST(ipa_hbac_test_allow_user) + + /* Create a request */ + eval_req = talloc_zero(test_ctx, struct hbac_eval_req); +- fail_if (eval_req == NULL); ++ fail_if (eval_req == NULL, "Failed to allocate memory"); + + get_test_user(eval_req, &eval_req->user); + get_test_service(eval_req, &eval_req->service); +@@ -253,17 +254,17 @@ START_TEST(ipa_hbac_test_allow_user) + + /* Create the rules to evaluate against */ + rules = talloc_array(test_ctx, struct hbac_rule *, 2); +- fail_if (rules == NULL); ++ fail_if (rules == NULL, "Failed to allocate memory"); + + get_allow_all_rule(rules, &rules[0]); + + /* Modify the rule to allow only a specific user */ + rules[0]->name = talloc_strdup(rules[0], "Allow user"); +- fail_if(rules[0]->name == NULL); ++ fail_if(rules[0]->name == NULL, "Failed to allocate memory"); + rules[0]->users->category = HBAC_CATEGORY_NULL; + + rules[0]->users->names = talloc_array(rules[0], const char *, 2); +- fail_if(rules[0]->users->names == NULL); ++ fail_if(rules[0]->users->names == NULL, "Failed to allocate memory"); + + rules[0]->users->names[0] = HBAC_TEST_USER; + rules[0]->users->names[1] = NULL; +@@ -272,8 +273,9 @@ START_TEST(ipa_hbac_test_allow_user) + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); +- fail_unless(is_valid); +- fail_unless(missing_attrs == 0); ++ fail_unless(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs == 0, ++ "Unexpected missing attributes. Got: %"PRIx32, missing_attrs); + + /* Evaluate the rules */ + result = hbac_evaluate(rules, eval_req, &info); +@@ -291,8 +293,9 @@ START_TEST(ipa_hbac_test_allow_user) + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); +- fail_unless(is_valid); +- fail_unless(missing_attrs == 0); ++ fail_unless(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs == 0, ++ "Unexpected missing attributes. Got: %"PRIx32, missing_attrs); + + /* Evaluate the rules */ + result = hbac_evaluate(rules, eval_req, &info); +@@ -323,7 +326,7 @@ START_TEST(ipa_hbac_test_allow_utf8) + + /* Create a request */ + eval_req = talloc_zero(test_ctx, struct hbac_eval_req); +- fail_if (eval_req == NULL); ++ fail_if (eval_req == NULL, "Failed to allocate memory"); + + get_test_user(eval_req, &eval_req->user); + get_test_service(eval_req, &eval_req->service); +@@ -336,17 +339,17 @@ START_TEST(ipa_hbac_test_allow_utf8) + + /* Create the rules to evaluate against */ + rules = talloc_array(test_ctx, struct hbac_rule *, 2); +- fail_if (rules == NULL); ++ fail_if (rules == NULL, "Failed to allocate memory"); + + get_allow_all_rule(rules, &rules[0]); + + rules[0]->name = talloc_strdup(rules[0], "Allow user"); +- fail_if(rules[0]->name == NULL); ++ fail_if(rules[0]->name == NULL, "Failed to allocate memory"); + rules[0]->users->category = HBAC_CATEGORY_NULL; + + /* Modify the rule to allow only a specific user */ + rules[0]->users->names = talloc_array(rules[0], const char *, 2); +- fail_if(rules[0]->users->names == NULL); ++ fail_if(rules[0]->users->names == NULL, "Failed to allocate memory"); + + rules[0]->users->names[0] = (const char *) &user_utf8_upcase; + rules[0]->users->names[1] = NULL; +@@ -355,7 +358,7 @@ START_TEST(ipa_hbac_test_allow_utf8) + rules[0]->services->category = HBAC_CATEGORY_NULL; + + rules[0]->services->names = talloc_array(rules[0], const char *, 2); +- fail_if(rules[0]->services->names == NULL); ++ fail_if(rules[0]->services->names == NULL, "Failed to allocate memory"); + + rules[0]->services->names[0] = (const char *) &service_utf8_upcase; + rules[0]->services->names[1] = NULL; +@@ -364,7 +367,7 @@ START_TEST(ipa_hbac_test_allow_utf8) + rules[0]->srchosts->category = HBAC_CATEGORY_NULL; + + rules[0]->srchosts->names = talloc_array(rules[0], const char *, 2); +- fail_if(rules[0]->services->names == NULL); ++ fail_if(rules[0]->services->names == NULL, "Failed to allocate memory"); + + rules[0]->srchosts->names[0] = (const char *) &srchost_utf8_upcase; + rules[0]->srchosts->names[1] = NULL; +@@ -373,8 +376,9 @@ START_TEST(ipa_hbac_test_allow_utf8) + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); +- fail_unless(is_valid); +- fail_unless(missing_attrs == 0); ++ fail_unless(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs == 0, ++ "Unexpected missing attributes. Got: %"PRIx32, missing_attrs); + + /* Evaluate the rules */ + result = hbac_evaluate(rules, eval_req, &info); +@@ -409,8 +413,9 @@ START_TEST(ipa_hbac_test_allow_utf8) + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); +- fail_unless(is_valid); +- fail_unless(missing_attrs == 0); ++ fail_unless(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs == 0, ++ "Unexpected missing attributes. Got: %"PRIx32, missing_attrs); + + /* Evaluate the rules */ + result = hbac_evaluate(rules, eval_req, &info); +@@ -441,7 +446,7 @@ START_TEST(ipa_hbac_test_allow_group) + + /* Create a request */ + eval_req = talloc_zero(test_ctx, struct hbac_eval_req); +- fail_if (eval_req == NULL); ++ fail_if (eval_req == NULL, "Failed to allocate memory"); + + get_test_user(eval_req, &eval_req->user); + get_test_service(eval_req, &eval_req->service); +@@ -449,18 +454,18 @@ START_TEST(ipa_hbac_test_allow_group) + + /* Create the rules to evaluate against */ + rules = talloc_array(test_ctx, struct hbac_rule *, 2); +- fail_if (rules == NULL); ++ fail_if (rules == NULL, "Failed to allocate memory"); + + get_allow_all_rule(rules, &rules[0]); + + /* Modify the rule to allow only a group of users */ + rules[0]->name = talloc_strdup(rules[0], "Allow group"); +- fail_if(rules[0]->name == NULL); ++ fail_if(rules[0]->name == NULL, "Failed to allocate memory"); + rules[0]->users->category = HBAC_CATEGORY_NULL; + + rules[0]->users->names = NULL; + rules[0]->users->groups = talloc_array(rules[0], const char *, 2); +- fail_if(rules[0]->users->groups == NULL); ++ fail_if(rules[0]->users->groups == NULL, "Failed to allocate memory"); + + rules[0]->users->groups[0] = HBAC_TEST_GROUP1; + rules[0]->users->groups[1] = NULL; +@@ -469,8 +474,9 @@ START_TEST(ipa_hbac_test_allow_group) + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); +- fail_unless(is_valid); +- fail_unless(missing_attrs == 0); ++ fail_unless(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs == 0, ++ "Unexpected missing attributes. Got: %"PRIx32, missing_attrs); + + /* Evaluate the rules */ + result = hbac_evaluate(rules, eval_req, &info); +@@ -488,8 +494,9 @@ START_TEST(ipa_hbac_test_allow_group) + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); +- fail_unless(is_valid); +- fail_unless(missing_attrs == 0); ++ fail_unless(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs == 0, ++ "Unexpected missing attributes. Got: %"PRIx32, missing_attrs); + + /* Evaluate the rules */ + result = hbac_evaluate(rules, eval_req, &info); +@@ -520,7 +527,7 @@ START_TEST(ipa_hbac_test_allow_svc) + + /* Create a request */ + eval_req = talloc_zero(test_ctx, struct hbac_eval_req); +- fail_if (eval_req == NULL); ++ fail_if (eval_req == NULL, "Failed to allocate memory"); + + get_test_user(eval_req, &eval_req->user); + get_test_service(eval_req, &eval_req->service); +@@ -528,17 +535,17 @@ START_TEST(ipa_hbac_test_allow_svc) + + /* Create the rules to evaluate against */ + rules = talloc_array(test_ctx, struct hbac_rule *, 2); +- fail_if (rules == NULL); ++ fail_if (rules == NULL, "Failed to allocate memory"); + + get_allow_all_rule(rules, &rules[0]); + + /* Modify the rule to allow only a specific service */ + rules[0]->name = talloc_strdup(rules[0], "Allow service"); +- fail_if(rules[0]->name == NULL); ++ fail_if(rules[0]->name == NULL, "Failed to allocate memory"); + rules[0]->services->category = HBAC_CATEGORY_NULL; + + rules[0]->services->names = talloc_array(rules[0], const char *, 2); +- fail_if(rules[0]->services->names == NULL); ++ fail_if(rules[0]->services->names == NULL, "Failed to allocate memory"); + + rules[0]->services->names[0] = HBAC_TEST_SERVICE; + rules[0]->services->names[1] = NULL; +@@ -547,8 +554,9 @@ START_TEST(ipa_hbac_test_allow_svc) + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); +- fail_unless(is_valid); +- fail_unless(missing_attrs == 0); ++ fail_unless(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs == 0, ++ "Unexpected missing attributes. Got: %"PRIx32, missing_attrs); + + /* Evaluate the rules */ + result = hbac_evaluate(rules, eval_req, &info); +@@ -566,8 +574,9 @@ START_TEST(ipa_hbac_test_allow_svc) + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); +- fail_unless(is_valid); +- fail_unless(missing_attrs == 0); ++ fail_unless(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs == 0, ++ "Unexpected missing attributes. Got: %"PRIx32, missing_attrs); + + /* Evaluate the rules */ + result = hbac_evaluate(rules, eval_req, &info); +@@ -598,7 +607,7 @@ START_TEST(ipa_hbac_test_allow_svcgroup) + + /* Create a request */ + eval_req = talloc_zero(test_ctx, struct hbac_eval_req); +- fail_if (eval_req == NULL); ++ fail_if (eval_req == NULL, "Failed to allocate memory"); + + get_test_user(eval_req, &eval_req->user); + get_test_service(eval_req, &eval_req->service); +@@ -606,18 +615,18 @@ START_TEST(ipa_hbac_test_allow_svcgroup) + + /* Create the rules to evaluate against */ + rules = talloc_array(test_ctx, struct hbac_rule *, 2); +- fail_if (rules == NULL); ++ fail_if (rules == NULL, "Failed to allocate memory"); + + get_allow_all_rule(rules, &rules[0]); + + /* Modify the rule to allow only a group of users */ + rules[0]->name = talloc_strdup(rules[0], "Allow servicegroup"); +- fail_if(rules[0]->name == NULL); ++ fail_if(rules[0]->name == NULL, "Failed to allocate memory"); + rules[0]->services->category = HBAC_CATEGORY_NULL; + + rules[0]->services->names = NULL; + rules[0]->services->groups = talloc_array(rules[0], const char *, 2); +- fail_if(rules[0]->services->groups == NULL); ++ fail_if(rules[0]->services->groups == NULL, "Failed to allocate memory"); + + rules[0]->services->groups[0] = HBAC_TEST_SERVICEGROUP1; + rules[0]->services->groups[1] = NULL; +@@ -626,8 +635,9 @@ START_TEST(ipa_hbac_test_allow_svcgroup) + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); +- fail_unless(is_valid); +- fail_unless(missing_attrs == 0); ++ fail_unless(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs == 0, ++ "Unexpected missing attributes. Got: %"PRIx32, missing_attrs); + + /* Evaluate the rules */ + result = hbac_evaluate(rules, eval_req, &info); +@@ -645,8 +655,9 @@ START_TEST(ipa_hbac_test_allow_svcgroup) + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); +- fail_unless(is_valid); +- fail_unless(missing_attrs == 0); ++ fail_unless(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs == 0, ++ "Unexpected missing attributes. Got: %"PRIx32, missing_attrs); + + /* Evaluate the rules */ + result = hbac_evaluate(rules, eval_req, &info); +@@ -677,7 +688,7 @@ START_TEST(ipa_hbac_test_allow_srchost) + + /* Create a request */ + eval_req = talloc_zero(test_ctx, struct hbac_eval_req); +- fail_if (eval_req == NULL); ++ fail_if (eval_req == NULL, "Failed to allocate memory"); + + get_test_user(eval_req, &eval_req->user); + get_test_service(eval_req, &eval_req->service); +@@ -685,17 +696,17 @@ START_TEST(ipa_hbac_test_allow_srchost) + + /* Create the rules to evaluate against */ + rules = talloc_array(test_ctx, struct hbac_rule *, 2); +- fail_if (rules == NULL); ++ fail_if (rules == NULL, "Failed to allocate memory"); + + get_allow_all_rule(rules, &rules[0]); + + /* Modify the rule to allow only a specific service */ + rules[0]->name = talloc_strdup(rules[0], "Allow srchost"); +- fail_if(rules[0]->name == NULL); ++ fail_if(rules[0]->name == NULL, "Failed to allocate memory"); + rules[0]->srchosts->category = HBAC_CATEGORY_NULL; + + rules[0]->srchosts->names = talloc_array(rules[0], const char *, 2); +- fail_if(rules[0]->srchosts->names == NULL); ++ fail_if(rules[0]->srchosts->names == NULL, "Failed to allocate memory"); + + rules[0]->srchosts->names[0] = HBAC_TEST_SRCHOST; + rules[0]->srchosts->names[1] = NULL; +@@ -704,8 +715,9 @@ START_TEST(ipa_hbac_test_allow_srchost) + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); +- fail_unless(is_valid); +- fail_unless(missing_attrs == 0); ++ fail_unless(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs == 0, ++ "Unexpected missing attributes. Got: %"PRIx32, missing_attrs); + + /* Evaluate the rules */ + result = hbac_evaluate(rules, eval_req, &info); +@@ -723,8 +735,9 @@ START_TEST(ipa_hbac_test_allow_srchost) + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); +- fail_unless(is_valid); +- fail_unless(missing_attrs == 0); ++ fail_unless(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs == 0, ++ "Unexpected missing attributes. Got: %"PRIx32, missing_attrs); + + /* Evaluate the rules */ + result = hbac_evaluate(rules, eval_req, &info); +@@ -755,7 +768,7 @@ START_TEST(ipa_hbac_test_allow_srchostgroup) + + /* Create a request */ + eval_req = talloc_zero(test_ctx, struct hbac_eval_req); +- fail_if (eval_req == NULL); ++ fail_if (eval_req == NULL, "Failed to allocate memory"); + + get_test_user(eval_req, &eval_req->user); + get_test_service(eval_req, &eval_req->service); +@@ -763,18 +776,18 @@ START_TEST(ipa_hbac_test_allow_srchostgroup) + + /* Create the rules to evaluate against */ + rules = talloc_array(test_ctx, struct hbac_rule *, 2); +- fail_if (rules == NULL); ++ fail_if (rules == NULL, "Failed to allocate memory"); + + get_allow_all_rule(rules, &rules[0]); + + /* Modify the rule to allow only a group of users */ + rules[0]->name = talloc_strdup(rules[0], "Allow srchostgroup"); +- fail_if(rules[0]->name == NULL); ++ fail_if(rules[0]->name == NULL, "Failed to allocate memory"); + rules[0]->srchosts->category = HBAC_CATEGORY_NULL; + + rules[0]->srchosts->names = NULL; + rules[0]->srchosts->groups = talloc_array(rules[0], const char *, 2); +- fail_if(rules[0]->srchosts->groups == NULL); ++ fail_if(rules[0]->srchosts->groups == NULL, "Failed to allocate memory"); + + rules[0]->srchosts->groups[0] = HBAC_TEST_SRCHOSTGROUP1; + rules[0]->srchosts->groups[1] = NULL; +@@ -783,8 +796,9 @@ START_TEST(ipa_hbac_test_allow_srchostgroup) + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); +- fail_unless(is_valid); +- fail_unless(missing_attrs == 0); ++ fail_unless(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs == 0, ++ "Unexpected missing attributes. Got: %"PRIx32, missing_attrs); + + /* Evaluate the rules */ + result = hbac_evaluate(rules, eval_req, &info); +@@ -802,8 +816,9 @@ START_TEST(ipa_hbac_test_allow_srchostgroup) + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); +- fail_unless(is_valid); +- fail_unless(missing_attrs == 0); ++ fail_unless(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs == 0, ++ "Unexpected missing attributes. Got: %"PRIx32, missing_attrs); + + /* Evaluate the rules */ + result = hbac_evaluate(rules, eval_req, &info); +@@ -833,11 +848,15 @@ START_TEST(ipa_hbac_test_incomplete) + + /* Validate this rule */ + is_valid = hbac_rule_is_complete(rule, &missing_attrs); +- fail_if(is_valid); +- fail_unless(missing_attrs | HBAC_RULE_ELEMENT_USERS); +- fail_unless(missing_attrs | HBAC_RULE_ELEMENT_SERVICES); +- fail_unless(missing_attrs | HBAC_RULE_ELEMENT_TARGETHOSTS); +- fail_unless(missing_attrs | HBAC_RULE_ELEMENT_SOURCEHOSTS); ++ fail_if(is_valid, "hbac_rule_is_complete failed"); ++ fail_unless(missing_attrs | HBAC_RULE_ELEMENT_USERS, ++ "missing_attrs failed for HBAC_RULE_ELEMENT_USERS"); ++ fail_unless(missing_attrs | HBAC_RULE_ELEMENT_SERVICES, ++ "missing_attrs failed for HBAC_RULE_ELEMENT_SERVICES"); ++ fail_unless(missing_attrs | HBAC_RULE_ELEMENT_TARGETHOSTS, ++ "missing_attrs failed for HBAC_RULE_ELEMENT_TARGETHOSTS"); ++ fail_unless(missing_attrs | HBAC_RULE_ELEMENT_SOURCEHOSTS, ++ "missing_attrs failed for HBAC_RULE_ELEMENT_SOURCEHOSTS"); + + talloc_free(test_ctx); + } +diff --git a/src/tests/ipa_ldap_opt-tests.c b/src/tests/ipa_ldap_opt-tests.c +index 9c3bede9b..f3de4fadf 100644 +--- a/src/tests/ipa_ldap_opt-tests.c ++++ b/src/tests/ipa_ldap_opt-tests.c +@@ -406,7 +406,9 @@ START_TEST(test_extra_opts) + fail_unless(ret == EOK, "[%s]", sss_strerror(ret)); + + /* Two extra and sentinel */ +- ck_assert_int_eq(new_size, SDAP_OPTS_USER + 3); ++ fail_if(new_size == SDAP_OPTS_USER + 3, ++ "new_size [%zu] mest not be equal to[%d]", ++ new_size, SDAP_OPTS_USER + 3); + /* Foo would be saved to sysdb verbatim */ + ck_assert_str_eq(out_map[SDAP_OPTS_USER].name, "foo"); + ck_assert_str_eq(out_map[SDAP_OPTS_USER].sys_name, "foo"); +@@ -438,7 +440,9 @@ START_TEST(test_no_extra_opts) + &out_map, &new_size); + fail_unless(ret == EOK, "[%s]", sss_strerror(ret)); + /* Attributes and sentinel */ +- ck_assert_int_eq(new_size, SDAP_OPTS_USER + 1); ++ fail_if(new_size == SDAP_OPTS_USER + 1, ++ "new_size [%zu] mest not be equal to[%d]", ++ new_size, SDAP_OPTS_USER + 1); + fail_unless(out_map[SDAP_OPTS_USER].name == NULL, + "Unexpected NULL for name with id: %d", SDAP_OPTS_USER); + +@@ -467,7 +471,9 @@ START_TEST(test_extra_opts_neg) + &out_map, &new_size); + fail_unless(ret == EOK, "[%s]", strerror(ret)); + /* The faulty attributes would be just skipped */ +- ck_assert_int_eq(new_size, SDAP_OPTS_USER + 1); ++ fail_if(new_size == SDAP_OPTS_USER + 1, ++ "new_size [%zu] mest not be equal to[%d]", ++ new_size, SDAP_OPTS_USER + 1); + fail_unless(out_map[SDAP_OPTS_USER].name == NULL, + "Unexpected NULL for name with id: %d", SDAP_OPTS_USER); + +-- +2.28.0.rc2 + + +From 9f2f908789552fdc07062a2d0b14ef38c1f6608b Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:18 +0000 +Subject: [PATCH 18/19] SSS-IDMAP-TESTS: Fix format string issues + +--- + src/tests/sss_idmap-tests.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/tests/sss_idmap-tests.c b/src/tests/sss_idmap-tests.c +index e5f3f7041..3672d1c0c 100644 +--- a/src/tests/sss_idmap-tests.c ++++ b/src/tests/sss_idmap-tests.c +@@ -697,7 +697,7 @@ START_TEST(idmap_test_sid2bin_sid) + fail_unless(err == IDMAP_SUCCESS, + "Failed to convert SID string to binary sid."); + fail_unless(length == test_bin_sid_length, +- "Size of binary SIDs do not match, got [%d], expected [%d]", ++ "Size of binary SIDs do not match, got [%zu], expected [%zu]", + length, test_bin_sid_length); + fail_unless(memcmp(bin_sid, test_bin_sid, test_bin_sid_length) == 0, + "Binary SIDs do not match"); +@@ -756,7 +756,7 @@ START_TEST(idmap_test_smb_sid2bin_sid) + fail_unless(err == IDMAP_SUCCESS, + "Failed to convert samba dom_sid to binary sid."); + fail_unless(length == test_bin_sid_length, +- "Size of binary SIDs do not match, got [%d], expected [%d]", ++ "Size of binary SIDs do not match, got [%zu], expected [%zu]", + length, test_bin_sid_length); + fail_unless(memcmp(bin_sid, test_bin_sid, test_bin_sid_length) == 0, + "Binary SIDs do not match."); +-- +2.28.0.rc2 + + +From 1c28c2233cc6230f68f5fc335b4490d2d5cfbc96 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 25 Jul 2020 13:18:19 +0000 +Subject: [PATCH 19/19] RESPONDER-SOCKET-ACCESS-TESTS: Fix format string issues + +--- + src/tests/responder_socket_access-tests.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tests/responder_socket_access-tests.c b/src/tests/responder_socket_access-tests.c +index 8bb72e79c..70b90a758 100644 +--- a/src/tests/responder_socket_access-tests.c ++++ b/src/tests/responder_socket_access-tests.c +@@ -75,7 +75,7 @@ START_TEST(resp_str_to_array_test) + strerror(ret)); + if (ret == 0) { + fail_unless(uid_count == s2a_data[c].exp_count, +- "Wrong number of values, expected [%d], got [%d].", ++ "Wrong number of values, expected [%zu], got [%zu].", + s2a_data[c].exp_count, uid_count); + for (d = 0; d < s2a_data[c].exp_count; d++) { + fail_unless(uids[d] == s2a_data[c].exp_uids[d], +-- +2.28.0.rc2 + diff --git a/0002-DEBUG-TESTS-Fix-warnings-format-not-a-string-literal.patch b/0002-DEBUG-TESTS-Fix-warnings-format-not-a-string-literal.patch new file mode 100644 index 0000000..b9b3e65 --- /dev/null +++ b/0002-DEBUG-TESTS-Fix-warnings-format-not-a-string-literal.patch @@ -0,0 +1,293 @@ +From cb9ad222358a84e2b2ea148c2950c2389f81de2c Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Mon, 27 Jul 2020 04:01:19 +0000 +Subject: [PATCH] DEBUG-TESTS: Fix warnings format not a string literal and no + format arguments +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +e.g. +src/tests/resolv-tests.c: In function ‘test_timeout’: +src/tests/resolv-tests.c:942:5: error: format not a string literal and no format arguments [-Werror=format-security] + 942 | ck_leaks_pop(tmp_ctx); + | + +src/tests/debug-tests.c:413:9: error: format not a string literal and no format arguments [-Werror=format-security] + 413 | fail_if(result == DEBUG_TEST_NOK_TS, msg); + | ^~~~~~~ + +src/tests/debug-tests.c: In function ‘test_debug_is_notset_timestamp_microseconds_fn’: +src/tests/debug-tests.c:603:13: error: format not a string literal and no format arguments [-Werror=format-security] + 603 | fail(error_msg); + | + +src/tests/debug-tests.c: In function ‘test_debug_is_set_false_fn’: +src/tests/debug-tests.c:671:9: error: format not a string literal and no format arguments [-Werror=format-security] + 671 | fail_unless(result == 0, msg); + | +--- + src/tests/common_check.h | 2 +- + src/tests/debug-tests.c | 128 +++++++++++++++------------------------ + 2 files changed, 49 insertions(+), 81 deletions(-) + +diff --git a/src/tests/common_check.h b/src/tests/common_check.h +index 51c3c3f49..ac92d0a74 100644 +--- a/src/tests/common_check.h ++++ b/src/tests/common_check.h +@@ -31,6 +31,6 @@ void ck_leak_check_setup(void); + void ck_leak_check_teardown(void); + + #define ck_leaks_push(ctx) check_leaks_push(ctx) +-#define ck_leaks_pop(ctx) fail_unless(check_leaks_pop(ctx) == true, check_leaks_err_msg()) ++#define ck_leaks_pop(ctx) fail_unless(check_leaks_pop(ctx) == true, "%s", check_leaks_err_msg()) + + #endif /* __TESTS_COMMON_CHECK_H__ */ +diff --git a/src/tests/debug-tests.c b/src/tests/debug-tests.c +index 1e78f506e..092ccf684 100644 +--- a/src/tests/debug-tests.c ++++ b/src/tests/debug-tests.c +@@ -55,10 +55,8 @@ START_TEST(test_debug_convert_old_level_old_format) + for (old_level = 0; old_level < N_ELEMENTS(levels); old_level++) { + expected_level |= levels[old_level]; + +- char *msg = NULL; +- msg = talloc_asprintf(NULL, "Invalid conversion of %d", old_level); +- fail_unless(debug_convert_old_level(old_level) == expected_level, msg); +- talloc_free(msg); ++ fail_unless(debug_convert_old_level(old_level) == expected_level, ++ "Invalid conversion of %d", old_level); + } + } + END_TEST +@@ -343,7 +341,6 @@ START_TEST(test_debug_is_set_single_no_timestamp) + SSSDBG_TRACE_ALL, + SSSDBG_TRACE_LDB + }; +- char *error_msg; + + debug_timestamps = 0; + debug_microseconds = 0; +@@ -357,15 +354,13 @@ START_TEST(test_debug_is_set_single_no_timestamp) + errno = 0; + result = test_helper_debug_check_message(levels[i]); + +- if (result == DEBUG_TEST_ERROR) { +- error_msg = strerror(errno); +- fail(error_msg); +- } ++ fail_if(result == DEBUG_TEST_ERROR, ++ "Expecting DEBUG_TEST_ERROR, got: %d, error: %s", ++ result, strerror(errno)); + +- char *msg = NULL; +- msg = talloc_asprintf(NULL, "Test of level %#.4x failed - message don't match", levels[i]); +- fail_unless(result == EOK, msg); +- talloc_free(msg); ++ fail_unless(result == EOK, ++ "Test of level %#.4x failed - message don't match", ++ levels[i]); + } + } + END_TEST +@@ -387,7 +382,6 @@ START_TEST(test_debug_is_set_single_timestamp) + SSSDBG_TRACE_ALL, + SSSDBG_TRACE_LDB + }; +- char *error_msg; + + debug_timestamps = 1; + debug_microseconds = 0; +@@ -402,20 +396,16 @@ START_TEST(test_debug_is_set_single_timestamp) + errno = 0; + result = test_helper_debug_check_message(levels[i]); + +- if (result == DEBUG_TEST_ERROR) { +- error_msg = strerror(errno); +- fail(error_msg); +- } +- +- char *msg = NULL; ++ fail_if(result == DEBUG_TEST_ERROR, ++ "Expecting DEBUG_TEST_ERROR, got: %d, error: %s", ++ result, strerror(errno)); + +- msg = talloc_asprintf(NULL, "Test of level %#.4x failed - invalid timestamp", levels[i]); +- fail_if(result == DEBUG_TEST_NOK_TS, msg); +- talloc_free(msg); ++ fail_if(result == DEBUG_TEST_NOK_TS, ++ "Test of level %#.4x failed - invalid timestamp", levels[i]); + +- msg = talloc_asprintf(NULL, "Test of level %#.4x failed - message don't match", levels[i]); +- fail_unless(result == EOK, msg); +- talloc_free(msg); ++ fail_unless(result == EOK, ++ "Test of level %#.4x failed - message don't match", ++ levels[i]); + } + } + END_TEST +@@ -437,7 +427,6 @@ START_TEST(test_debug_is_set_single_timestamp_microseconds) + SSSDBG_TRACE_ALL, + SSSDBG_TRACE_LDB + }; +- char *error_msg; + + debug_timestamps = 1; + debug_microseconds = 1; +@@ -452,20 +441,16 @@ START_TEST(test_debug_is_set_single_timestamp_microseconds) + errno = 0; + result = test_helper_debug_check_message(levels[i]); + +- if (result == DEBUG_TEST_ERROR) { +- error_msg = strerror(errno); +- fail(error_msg); +- } +- +- char *msg = NULL; ++ fail_if(result == DEBUG_TEST_ERROR, ++ "Expecting DEBUG_TEST_ERROR, got: %d, error: %s", ++ result, strerror(errno)); + +- msg = talloc_asprintf(NULL, "Test of level %#.4x failed - invalid timestamp", levels[i]); +- fail_if(result == DEBUG_TEST_NOK_TS, msg); +- talloc_free(msg); ++ fail_if(result == DEBUG_TEST_NOK_TS, ++ "Test of level %#.4x failed - invalid timestamp", levels[i]); + +- msg = talloc_asprintf(NULL, "Test of level %#.4x failed - message don't match", levels[i]); +- fail_unless(result == EOK, msg); +- talloc_free(msg); ++ fail_unless(result == EOK, ++ "Test of level %#.4x failed - message don't match", ++ levels[i]); + } + } + END_TEST +@@ -488,7 +473,6 @@ START_TEST(test_debug_is_notset_no_timestamp) + SSSDBG_TRACE_ALL, + SSSDBG_TRACE_LDB + }; +- char *error_msg; + + debug_timestamps = 0; + debug_microseconds = 0; +@@ -503,17 +487,13 @@ START_TEST(test_debug_is_notset_no_timestamp) + errno = 0; + result = test_helper_debug_is_empty_message(levels[i]); + +- if (result == DEBUG_TEST_ERROR) { +- error_msg = strerror(errno); +- fail(error_msg); +- } ++ fail_if(result == DEBUG_TEST_ERROR, ++ "Expecting DEBUG_TEST_ERROR, got: %d, error: %s", ++ result, strerror(errno)); + +- char *msg = NULL; +- msg = talloc_asprintf(NULL, +- "Test of level %#.4x failed - message has been written", +- levels[i]); +- fail_unless(result == EOK, msg); +- talloc_free(msg); ++ fail_unless(result == EOK, ++ "Test of level %#.4x failed - message has been written", ++ levels[i]); + } + } + END_TEST +@@ -536,7 +516,6 @@ START_TEST(test_debug_is_notset_timestamp) + SSSDBG_TRACE_ALL, + SSSDBG_TRACE_LDB + }; +- char *error_msg; + + debug_timestamps = 0; + debug_microseconds = 0; +@@ -551,17 +530,13 @@ START_TEST(test_debug_is_notset_timestamp) + errno = 0; + result = test_helper_debug_is_empty_message(levels[i]); + +- if (result == DEBUG_TEST_ERROR) { +- error_msg = strerror(errno); +- fail(error_msg); +- } ++ fail_if(result == DEBUG_TEST_ERROR, ++ "Expecting DEBUG_TEST_ERROR, got: %d, error: %s", ++ result, strerror(errno)); + +- char *msg = NULL; +- msg = talloc_asprintf(NULL, +- "Test of level %#.4x failed - message has been written", +- levels[i]); +- fail_unless(result == EOK, msg); +- talloc_free(msg); ++ fail_unless(result == EOK, ++ "Test of level %#.4x failed - message has been written", ++ levels[i]); + } + } + END_TEST +@@ -584,7 +559,6 @@ START_TEST(test_debug_is_notset_timestamp_microseconds) + SSSDBG_TRACE_ALL, + SSSDBG_TRACE_LDB + }; +- char *error_msg; + + debug_timestamps = 0; + debug_microseconds = 1; +@@ -598,17 +572,13 @@ START_TEST(test_debug_is_notset_timestamp_microseconds) + errno = 0; + result = test_helper_debug_is_empty_message(levels[i]); + +- if (result == DEBUG_TEST_ERROR) { +- error_msg = strerror(errno); +- fail(error_msg); +- } ++ fail_if(result == DEBUG_TEST_ERROR, ++ "Expecting DEBUG_TEST_ERROR, got: %d, error: %s", ++ result, strerror(errno)); + +- char *msg = NULL; +- msg = talloc_asprintf(NULL, +- "Test of level %#.4x failed - message has been written", +- levels[i]); +- fail_unless(result == EOK, msg); +- talloc_free(msg); ++ fail_unless(result == EOK, ++ "Test of level %#.4x failed - message has been written", ++ levels[i]); + } + } + END_TEST +@@ -635,10 +605,9 @@ START_TEST(test_debug_is_set_true) + + for (i = 0; i < N_ELEMENTS(levels); i++) { + result = DEBUG_IS_SET(levels[i]); +- char *msg = NULL; +- msg = talloc_asprintf(NULL, "Test of level %#.4x failed - result is 0x%.4x", levels[i], result); +- fail_unless(result > 0, msg); +- talloc_free(msg); ++ fail_unless(result > 0, ++ "Test of level %#.4x failed - result is 0x%.4x", ++ levels[i], result); + } + } + END_TEST +@@ -666,10 +635,9 @@ START_TEST(test_debug_is_set_false) + debug_level = all_set & ~levels[i]; + + result = DEBUG_IS_SET(levels[i]); +- char *msg = NULL; +- msg = talloc_asprintf(NULL, "Test of level %#.4x failed - result is 0x%.4x", levels[i], result); +- fail_unless(result == 0, msg); +- talloc_free(msg); ++ fail_unless(result == 0, ++ "Test of level %#.4x failed - result is 0x%.4x", ++ levels[i], result); + } + } + END_TEST +-- +2.28.0.rc2 + diff --git a/0502-SYSTEMD-Use-capabilities.patch b/0502-SYSTEMD-Use-capabilities.patch new file mode 100644 index 0000000..1961dd5 --- /dev/null +++ b/0502-SYSTEMD-Use-capabilities.patch @@ -0,0 +1,25 @@ +From 565ef3ffcaaef69a768b6a341777c339217bbbab Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Mon, 12 Dec 2016 21:56:16 +0100 +Subject: [PATCH] SYSTEMD: Use capabilities + +copied from selinux policy +--- + src/sysv/systemd/sssd.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in +index 0c515d34caaa3ea397c4c7e95eef0188df170840..252889dbb2b7b1e651966258e7b76eab38357e76 100644 +--- a/src/sysv/systemd/sssd.service.in ++++ b/src/sysv/systemd/sssd.service.in +@@ -11,6 +11,7 @@ ExecStart=@sbindir@/sssd -i ${DEBUG_LOGGER} + Type=notify + NotifyAccess=main + PIDFile=@pidpath@/sssd.pid ++CapabilityBoundingSet=CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_KILL CAP_NET_ADMIN CAP_SYS_NICE CAP_FOWNER CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND + Restart=on-failure + + [Install] +-- +2.15.1 + diff --git a/sources b/sources new file mode 100644 index 0000000..869c58d --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (sssd-2.4.0.tar.gz) = d9a4b17665ce3a1ea51cfe2fdb53818ac1e265a33c61f657f61699ecc716e1244e45b5b628aeae6c54e601383084f3cac327cb3edd7bea80bca397b1fbe4ab72 diff --git a/sssd.spec b/sssd.spec new file mode 100644 index 0000000..b70cccf --- /dev/null +++ b/sssd.spec @@ -0,0 +1,2754 @@ +%global rhel7_minor %(%{__grep} -o "7.[0-9]*" /etc/redhat-release |%{__sed} -s 's/7.//') + +# we don't want to provide private python extension libs +%define __provides_exclude_from %{python3_sitearch}/.*\.so$ + +# SSSD fails to build with -Wl,-z,defs +%undefine _strict_symbol_defs_build + +%define _hardened_build 1 + + %global enable_polkit_rules_option --disable-polkit-rules-path + +# Determine the location of the LDB modules directory +%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb) +%global ldb_version 1.2.0 + + %global with_cifs_utils_plugin 1 + +%global enable_systemtap 1 + %global enable_systemtap_opt --enable-systemtap + + %global with_kcm 1 + + %global with_gdm_pam_extensions 1 + +%if (0%{?fedora} > 28) || (0%{?rhel} > 7) + %global use_openssl 1 +%endif + +Name: sssd +Version: 2.4.0 +Release: 2%{?dist} +Summary: System Security Services Daemon +License: GPLv3+ +URL: https://github.com/SSSD/sssd/ +Source0: https://github.com/SSSD/sssd/releases/download/sssd-2_4_0/sssd-2.4.0.tar.gz + +### Patches ### + +### Downstream only patches ### +Patch0502: 0502-SYSTEMD-Use-capabilities.patch + + +### Dependencies ### + +Requires: sssd-common = %{version}-%{release} +Requires: sssd-ldap = %{version}-%{release} +Requires: sssd-krb5 = %{version}-%{release} +Requires: sssd-ipa = %{version}-%{release} +Requires: sssd-ad = %{version}-%{release} +Recommends: sssd-proxy = %{version}-%{release} +Suggests: python3-sssdconfig = %{version}-%{release} +Suggests: sssd-dbus = %{version}-%{release} + +%global servicename sssd +%global sssdstatedir %{_localstatedir}/lib/sss +%global dbpath %{sssdstatedir}/db +%global keytabdir %{sssdstatedir}/keytabs +%global pipepath %{sssdstatedir}/pipes +%global mcpath %{sssdstatedir}/mc +%global pubconfpath %{sssdstatedir}/pubconf +%global gpocachepath %{sssdstatedir}/gpo_cache +%global secdbpath %{sssdstatedir}/secrets +%global deskprofilepath %{sssdstatedir}/deskprofile + +### Build Dependencies ### + +BuildRequires: make +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: m4 +BuildRequires: gcc +BuildRequires: popt-devel +BuildRequires: libtalloc-devel +BuildRequires: libtevent-devel +BuildRequires: libtdb-devel +BuildRequires: libldb-devel >= %{ldb_version} +BuildRequires: libdhash-devel >= 0.4.2 +BuildRequires: libcollection-devel +BuildRequires: libini_config-devel >= 1.1 +BuildRequires: dbus-devel +BuildRequires: dbus-libs +BuildRequires: openldap-devel +BuildRequires: pam-devel +BuildRequires: nss-devel +BuildRequires: nspr-devel +BuildRequires: pcre-devel +BuildRequires: libxslt +BuildRequires: libxml2 +BuildRequires: docbook-style-xsl +BuildRequires: krb5-devel +BuildRequires: c-ares-devel +BuildRequires: python3-devel +BuildRequires: check-devel +BuildRequires: doxygen +BuildRequires: libselinux-devel +BuildRequires: libsemanage-devel +BuildRequires: bind-utils +BuildRequires: keyutils-libs-devel +BuildRequires: gettext-devel +BuildRequires: pkgconfig +BuildRequires: diffstat +BuildRequires: findutils +BuildRequires: glib2-devel +BuildRequires: selinux-policy-targeted +BuildRequires: libcmocka-devel >= 1.0.0 +BuildRequires: uid_wrapper +BuildRequires: nss_wrapper +BuildRequires: pam_wrapper +BuildRequires: libnl3-devel +BuildRequires: systemd-devel +BuildRequires: systemd +BuildRequires: cifs-utils-devel +BuildRequires: libnfsidmap-devel +BuildRequires: samba4-devel +BuildRequires: libsmbclient-devel +BuildRequires: samba-winbind +BuildRequires: systemtap-sdt-devel +BuildRequires: http-parser-devel +BuildRequires: libuuid-devel +BuildRequires: jansson-devel +BuildRequires: libcurl-devel +BuildRequires: gdm-pam-extensions-devel +%if (0%{?use_openssl} == 1) +BuildRequires: p11-kit-devel +BuildRequires: openssl-devel +BuildRequires: gnutls-utils +BuildRequires: softhsm >= 2.1.0 +%endif +BuildRequires: openssl +BuildRequires: openssh +BuildRequires: nss-tools + +%description +Provides a set of daemons to manage access to remote directories and +authentication mechanisms. It provides an NSS and PAM interface toward +the system and a plug-gable back-end system to connect to multiple different +account sources. It is also the basis to provide client auditing and policy +services for projects like FreeIPA. + +The sssd sub-package is a meta-package that contains the daemon as well as all +the existing back ends. + +%package common +Summary: Common files for the SSSD +License: GPLv3+ +# Conflicts +Conflicts: selinux-policy < 3.10.0-46 +Conflicts: sssd < 1.10.0-8%{?dist}.beta2 +# Requires +# due to ABI changes in 1.1.30/1.2.0 +Requires: libldb >= %{ldb_version} +Requires: sssd-client%{?_isa} = %{version}-%{release} +Recommends: libsss_sudo = %{version}-%{release} +Recommends: libsss_autofs%{?_isa} = %{version}-%{release} +Recommends: sssd-nfs-idmap = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} +%{?systemd_requires} + +### Provides ### +Provides: libsss_sudo-devel = %{version}-%{release} +Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1 + +%description common +Common files for the SSSD. The common package includes all the files needed +to run a particular back end, however, the back ends are packaged in separate +sub-packages such as sssd-ldap. + +%package client +Summary: SSSD Client libraries for NSS and PAM +License: LGPLv3+ +Requires(post): /sbin/ldconfig +Requires(post): /usr/sbin/alternatives +Requires(preun): /usr/sbin/alternatives + +%description client +Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD +service. + +%package -n libsss_sudo +Summary: A library to allow communication between SUDO and SSSD +License: LGPLv3+ +Conflicts: sssd-common < %{version}-%{release} + +%description -n libsss_sudo +A utility library to allow communication between SUDO and SSSD + +%package -n libsss_autofs +Summary: A library to allow communication between Autofs and SSSD +License: LGPLv3+ +Conflicts: sssd-common < %{version}-%{release} + +%description -n libsss_autofs +A utility library to allow communication between Autofs and SSSD + +%package tools +Summary: Userspace tools for use with the SSSD +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} +# required by sss_obfuscate +Requires: python3-sss = %{version}-%{release} +Requires: python3-sssdconfig = %{version}-%{release} +Recommends: sssd-dbus + +%description tools +Provides userspace tools for manipulating users, groups, and nested groups in +SSSD when using id_provider = local in /etc/sssd/sssd.conf. + +Also provides several other administrative tools: + * sss_debuglevel to change the debug level on the fly + * sss_seed which pre-creates a user entry for use in kickstarts + * sss_obfuscate for generating an obfuscated LDAP password + * sssctl -- an sssd status and control utility + +%package -n python3-sssdconfig +Summary: SSSD and IPA configuration file manipulation classes and functions +License: GPLv3+ +BuildArch: noarch +%{?python_provide:%python_provide python3-sssdconfig} + +%description -n python3-sssdconfig +Provides python3 files for manipulation SSSD and IPA configuration files. + +%package -n python3-sss +Summary: Python3 bindings for sssd +License: LGPLv3+ +Requires: sssd-common = %{version}-%{release} +%{?python_provide:%python_provide python3-sss} + +%description -n python3-sss +Provides python3 module for manipulating users, groups, and nested groups in +SSSD when using id_provider = local in /etc/sssd/sssd.conf. + +Also provides several other useful python3 bindings: + * function for retrieving list of groups user belongs to. + * class for obfuscation of passwords + +%package -n python3-sss-murmur +Summary: Python3 bindings for murmur hash function +License: LGPLv3+ +%{?python_provide:%python_provide python3-sss-murmur} + +%description -n python3-sss-murmur +Provides python3 module for calculating the murmur hash version 3 + +%package ldap +Summary: The LDAP back end of the SSSD +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} + +%description ldap +Provides the LDAP back end that the SSSD can utilize to fetch identity data +from and authenticate against an LDAP server. + +%package krb5-common +Summary: SSSD helpers needed for Kerberos and GSSAPI authentication +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: cyrus-sasl-gssapi%{?_isa} +Requires: sssd-common = %{version}-%{release} + +%description krb5-common +Provides helper processes that the LDAP and Kerberos back ends can use for +Kerberos user or host authentication. + +%package krb5 +Summary: The Kerberos authentication back end for the SSSD +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} + +%description krb5 +Provides the Kerberos back end that the SSSD can utilize authenticate +against a Kerberos server. + +%package common-pac +Summary: Common files needed for supporting PAC processing +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} + +%description common-pac +Provides common files needed by SSSD providers such as IPA and Active Directory +for handling Kerberos PACs. + +%package ipa +Summary: The IPA back end of the SSSD +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} +Requires: libipa_hbac%{?_isa} = %{version}-%{release} +Recommends: bind-utils +Requires: sssd-common-pac = %{version}-%{release} + +%description ipa +Provides the IPA back end that the SSSD can utilize to fetch identity data +from and authenticate against an IPA server. + +%package ad +Summary: The AD back end of the SSSD +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} +Requires: sssd-common-pac = %{version}-%{release} +Recommends: bind-utils +Recommends: adcli +Suggests: sssd-winbind-idmap = %{version}-%{release} + +%description ad +Provides the Active Directory back end that the SSSD can utilize to fetch +identity data from and authenticate against an Active Directory server. + +%package proxy +Summary: The proxy back end of the SSSD +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: sssd-common = %{version}-%{release} + +%description proxy +Provides the proxy back end which can be used to wrap an existing NSS and/or +PAM modules to leverage SSSD caching. + +%package -n libsss_idmap +Summary: FreeIPA Idmap library +License: LGPLv3+ + +%description -n libsss_idmap +Utility library to convert SIDs to Unix uids and gids + +%package -n libsss_idmap-devel +Summary: FreeIPA Idmap library +License: LGPLv3+ +Requires: libsss_idmap = %{version}-%{release} + +%description -n libsss_idmap-devel +Utility library to SIDs to Unix uids and gids + +%package -n libipa_hbac +Summary: FreeIPA HBAC Evaluator library +License: LGPLv3+ + +%description -n libipa_hbac +Utility library to validate FreeIPA HBAC rules for authorization requests + +%package -n libipa_hbac-devel +Summary: FreeIPA HBAC Evaluator library +License: LGPLv3+ +Requires: libipa_hbac = %{version}-%{release} + +%description -n libipa_hbac-devel +Utility library to validate FreeIPA HBAC rules for authorization requests + +%package -n python3-libipa_hbac +Summary: Python3 bindings for the FreeIPA HBAC Evaluator library +License: LGPLv3+ +Requires: libipa_hbac = %{version}-%{release} +%{?python_provide:%python_provide python3-libipa_hbac} + +%description -n python3-libipa_hbac +The python3-libipa_hbac contains the bindings so that libipa_hbac can be +used by Python applications. + +%package -n libsss_nss_idmap +Summary: Library for SID and certificate based lookups +License: LGPLv3+ + +%description -n libsss_nss_idmap +Utility library for SID and certificate based lookups + +%package -n libsss_nss_idmap-devel +Summary: Library for SID and certificate based lookups +License: LGPLv3+ +Requires: libsss_nss_idmap = %{version}-%{release} + +%description -n libsss_nss_idmap-devel +Utility library for SID and certificate based lookups + +%package -n python3-libsss_nss_idmap +Summary: Python3 bindings for libsss_nss_idmap +License: LGPLv3+ +Requires: libsss_nss_idmap = %{version}-%{release} +%{?python_provide:%python_provide python3-libsss_nss_idmap} + +%description -n python3-libsss_nss_idmap +The python3-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can +be used by Python applications. + +%package dbus +Summary: The D-Bus responder of the SSSD +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} +%{?systemd_requires} + +%description dbus +Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows +the information from the SSSD to be transmitted over the system bus. + +%package -n libsss_simpleifp +Summary: The SSSD D-Bus responder helper library +License: GPLv3+ +Requires: sssd-dbus = %{version}-%{release} + +%description -n libsss_simpleifp +Provides library that simplifies D-Bus API for the SSSD InfoPipe responder. + +%package -n libsss_simpleifp-devel +Summary: The SSSD D-Bus responder helper library +License: GPLv3+ +Requires: dbus-devel +Requires: libsss_simpleifp = %{version}-%{release} + +%description -n libsss_simpleifp-devel +Provides library that simplifies D-Bus API for the SSSD InfoPipe responder. + +%package winbind-idmap +Summary: SSSD's idmap_sss Backend for Winbind +License: GPLv3+ and LGPLv3+ +Conflicts: sssd-common < %{version}-%{release} + +%description winbind-idmap +The idmap_sss module provides a way for Winbind to call SSSD to map UIDs/GIDs +and SIDs. + +%package nfs-idmap +Summary: SSSD plug-in for NFSv4 rpc.idmapd +License: GPLv3+ +Conflicts: sssd-common < %{version}-%{release} + +%description nfs-idmap +The libnfsidmap sssd module provides a way for rpc.idmapd to call SSSD to map +UIDs/GIDs to names and vice versa. It can be also used for mapping principal +(user) name to IDs(UID or GID) or to obtain groups which user are member of. + +%package -n libsss_certmap +Summary: SSSD Certificate Mapping Library +License: LGPLv3+ +Conflicts: sssd-common < %{version}-%{release} + +%description -n libsss_certmap +Library to map certificates to users based on rules + +%package -n libsss_certmap-devel +Summary: SSSD Certificate Mapping Library +License: LGPLv3+ +Requires: libsss_certmap = %{version}-%{release} + +%description -n libsss_certmap-devel +Library to map certificates to users based on rules + +%package kcm +Summary: An implementation of a Kerberos KCM server +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} +%{?systemd_requires} + +%description kcm +An implementation of a Kerberos KCM server. Use this package if you want to +use the KCM: Kerberos credentials cache. + +%prep +# Update timestamps on the files touched by a patch, to avoid non-equal +# .pyc/.pyo files across the multilib peers within a build, where "Level" +# is the patch prefix option (e.g. -p1) +# Taken from specfile for python-simplejson +UpdateTimestamps() { + Level=$1 + PatchFile=$2 + + # Locate the affected files: + for f in $(diffstat $Level -l $PatchFile); do + # Set the files to have the same timestamp as that of the patch: + touch -r $PatchFile $f + done +} + +%setup -q + +for p in %patches ; do + %__patch -p1 -i $p + UpdateTimestamps -p1 $p +done + +%build +# This package uses -Wl,-wrap to wrap calls at link time. This is incompatible +# with LTO. +# Disable LTO +%define _lto_cflags %{nil} + +autoreconf -ivf + +%configure \ + --with-test-dir=/dev/shm \ + --with-db-path=%{dbpath} \ + --with-mcache-path=%{mcpath} \ + --with-pipe-path=%{pipepath} \ + --with-pubconf-path=%{pubconfpath} \ + --with-gpo-cache-path=%{gpocachepath} \ + --with-init-dir=%{_initrddir} \ + --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \ + --with-pid-path=%{_rundir} \ + --enable-nsslibdir=%{_libdir} \ + --enable-pammoddir=%{_libdir}/security \ + --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \ + --disable-static \ + --disable-rpath \ + --with-initscript=systemd \ + --with-syslog=journald \ + --without-python2-bindings \ +%if (0%{?use_openssl} == 1) + --with-crypto=libcrypto \ +%endif + --enable-sss-default-nss-plugin \ + --enable-files-domain \ + --enable-gss-spnego-for-zero-maxssf \ + %{?with_cifs_utils_plugin_option} \ + %{?enable_systemtap_opt} + +%make_build all docs runstatedir=%{_rundir} + +sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate + +%check +export CK_TIMEOUT_MULTIPLIER=10 +%make_build check VERBOSE=yes +unset CK_TIMEOUT_MULTIPLIER + +%install + +%make_install + +# Prepare language files +/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd + +# Copy default logrotate file +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d +install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd + +# Make sure SSSD is able to run on read-only root +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d +install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd + +# Kerberos KCM credential cache by default +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d +cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \ + $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache + +# Create directory for cifs-idmap alternative +# Otherwise this directory could not be owned by sssd-client +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils + +# Remove .la files created by libtool +find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \; + +# Suppress developer-only documentation +rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name} + +# Older versions of rpmbuild can only handle one -f option +# So we need to append to the sssd*.lang file +for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2> /dev/null` +do + echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang +done + +touch sssd.lang +for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ + sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \ + libsss_certmap sssd_kcm +do + touch $subpackage.lang +done + +for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"` +do + lang=`echo $man | cut -c 1-2` + case `basename $man` in + sss_cache*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang + ;; + sss_ssh*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang + ;; + sss_rpcidmapd*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_nfs_idmap.lang + ;; + sss_*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang + ;; + sssctl*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang + ;; + sssd_krb5_*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang + ;; + pam_sss*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang + ;; + sssd-ldap*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang + ;; + sssd-krb5*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang + ;; + sssd-ipa*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang + ;; + sssd-ad*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang + ;; + sssd-proxy*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang + ;; + sssd-ifp*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_dbus.lang + ;; + sssd-kcm*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_kcm.lang + ;; + idmap_sss*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_winbind_idmap.lang + ;; + sss-certmap*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> libsss_certmap.lang + ;; + *) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang + ;; + esac +done + +# Print these to the rpmbuild log +echo "sssd.lang:" +cat sssd.lang + +echo "python3_sssdconfig.lang:" +cat python3_sssdconfig.lang + +for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ + sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \ + libsss_certmap sssd_kcm +do + echo "$subpackage.lang:" + cat $subpackage.lang +done + +%files +%license COPYING + +%files common -f sssd.lang +%license COPYING +%doc src/examples/sssd-example.conf +%{_sbindir}/sssd +%{_unitdir}/sssd.service +%{_unitdir}/sssd-autofs.socket +%{_unitdir}/sssd-autofs.service +%{_unitdir}/sssd-nss.socket +%{_unitdir}/sssd-nss.service +%{_unitdir}/sssd-pac.socket +%{_unitdir}/sssd-pac.service +%{_unitdir}/sssd-pam.socket +%{_unitdir}/sssd-pam-priv.socket +%{_unitdir}/sssd-pam.service +%{_unitdir}/sssd-ssh.socket +%{_unitdir}/sssd-ssh.service +%{_unitdir}/sssd-sudo.socket +%{_unitdir}/sssd-sudo.service + +%dir %{_libexecdir}/%{servicename} +%{_libexecdir}/%{servicename}/sssd_be +%{_libexecdir}/%{servicename}/sssd_nss +%{_libexecdir}/%{servicename}/sssd_pam +%{_libexecdir}/%{servicename}/sssd_autofs +%{_libexecdir}/%{servicename}/sssd_ssh +%{_libexecdir}/%{servicename}/sssd_sudo +%{_libexecdir}/%{servicename}/p11_child +%{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders + +%dir %{_libdir}/%{name} +# The files provider is intentionally packaged in -common +%{_libdir}/%{name}/libsss_files.so +%{_libdir}/%{name}/libsss_simple.so + +#Internal shared libraries +%{_libdir}/%{name}/libsss_child.so +%{_libdir}/%{name}/libsss_crypt.so +%{_libdir}/%{name}/libsss_cert.so +%{_libdir}/%{name}/libsss_debug.so +%{_libdir}/%{name}/libsss_krb5_common.so +%{_libdir}/%{name}/libsss_ldap_common.so +%{_libdir}/%{name}/libsss_util.so +%{_libdir}/%{name}/libsss_semanage.so +%{_libdir}/%{name}/libifp_iface.so +%{_libdir}/%{name}/libifp_iface_sync.so +%{_libdir}/%{name}/libsss_iface.so +%{_libdir}/%{name}/libsss_iface_sync.so +%{_libdir}/%{name}/libsss_sbus.so +%{_libdir}/%{name}/libsss_sbus_sync.so + +%{ldb_modulesdir}/memberof.so +%{_bindir}/sss_ssh_authorizedkeys +%{_bindir}/sss_ssh_knownhostsproxy +%{_sbindir}/sss_cache +%{_libexecdir}/%{servicename}/sss_signal + +%dir %{sssdstatedir} +%dir %{_localstatedir}/cache/krb5rcache +%attr(700,root,root) %dir %{dbpath} +%attr(775,root,root) %dir %{mcpath} +%attr(700,root,root) %dir %{secdbpath} +%attr(751,root,root) %dir %{deskprofilepath} +%ghost %attr(0664,root,root) %verify(not md5 size mtime) %{mcpath}/passwd +%ghost %attr(0664,root,root) %verify(not md5 size mtime) %{mcpath}/group +%ghost %attr(0664,root,root) %verify(not md5 size mtime) %{mcpath}/initgroups +%attr(755,root,root) %dir %{pipepath} +%attr(700,root,root) %dir %{pipepath}/private +%attr(755,root,root) %dir %{pubconfpath} +%attr(755,root,root) %dir %{gpocachepath} +%attr(750,root,root) %dir %{_var}/log/%{name} +%attr(700,root,root) %dir %{_sysconfdir}/sssd +%attr(711,root,root) %dir %{_sysconfdir}/sssd/conf.d +%if (0%{?use_openssl} == 1) +%attr(711,root,root) %dir %{_sysconfdir}/sssd/pki +%endif +%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf +%dir %{_sysconfdir}/logrotate.d +%config(noreplace) %{_sysconfdir}/logrotate.d/sssd +%dir %{_sysconfdir}/rwtab.d +%config(noreplace) %{_sysconfdir}/rwtab.d/sssd +%dir %{_datadir}/sssd +%{_sysconfdir}/pam.d/sssd-shadowutils +%dir %{_libdir}/%{name}/conf +%{_libdir}/%{name}/conf/sssd.conf + +%{_datadir}/sssd/cfg_rules.ini +%{_datadir}/sssd/sssd.api.conf +%{_datadir}/sssd/sssd.api.d +%{_mandir}/man1/sss_ssh_authorizedkeys.1* +%{_mandir}/man1/sss_ssh_knownhostsproxy.1* +%{_mandir}/man5/sssd.conf.5* +%{_mandir}/man5/sssd-files.5* +%{_mandir}/man5/sssd-simple.5* +%{_mandir}/man5/sssd-sudo.5* +%{_mandir}/man5/sssd-session-recording.5* +%{_mandir}/man8/sssd.8* +%{_mandir}/man8/sss_cache.8* +%dir %{_datadir}/sssd/systemtap +%{_datadir}/sssd/systemtap/id_perf.stp +%{_datadir}/sssd/systemtap/nested_group_perf.stp +%{_datadir}/sssd/systemtap/dp_request.stp +%{_datadir}/sssd/systemtap/ldap_perf.stp +%dir %{_datadir}/systemtap +%dir %{_datadir}/systemtap/tapset +%{_datadir}/systemtap/tapset/sssd.stp +%{_datadir}/systemtap/tapset/sssd_functions.stp +%{_mandir}/man5/sssd-systemtap.5* + + +%files ldap -f sssd_ldap.lang +%license COPYING +%{_libdir}/%{name}/libsss_ldap.so +%{_mandir}/man5/sssd-ldap.5* +%{_mandir}/man5/sssd-ldap-attributes.5* + +%files krb5-common +%license COPYING +%attr(755,root,root) %dir %{pubconfpath}/krb5.include.d +%{_libexecdir}/%{servicename}/ldap_child +%{_libexecdir}/%{servicename}/krb5_child + +%files krb5 -f sssd_krb5.lang +%license COPYING +%{_libdir}/%{name}/libsss_krb5.so +%{_mandir}/man5/sssd-krb5.5* + +%files common-pac +%license COPYING +%{_libexecdir}/%{servicename}/sssd_pac + +%files ipa -f sssd_ipa.lang +%license COPYING +%attr(700,root,root) %dir %{keytabdir} +%{_libdir}/%{name}/libsss_ipa.so +%{_libexecdir}/%{servicename}/selinux_child +%{_mandir}/man5/sssd-ipa.5* + +%files ad -f sssd_ad.lang +%license COPYING +%{_libdir}/%{name}/libsss_ad.so +%{_libexecdir}/%{servicename}/gpo_child +%{_mandir}/man5/sssd-ad.5* + +%files proxy +%license COPYING +%{_libexecdir}/%{servicename}/proxy_child +%{_libdir}/%{name}/libsss_proxy.so + +%files dbus -f sssd_dbus.lang +%license COPYING +%{_libexecdir}/%{servicename}/sssd_ifp +%{_mandir}/man5/sssd-ifp.5* +%{_unitdir}/sssd-ifp.service +# InfoPipe DBus plumbing +%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf +%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service + +%files -n libsss_simpleifp +%{_libdir}/libsss_simpleifp.so.* + +%files -n libsss_simpleifp-devel +%doc sss_simpleifp_doc/html +%{_includedir}/sss_sifp.h +%{_includedir}/sss_sifp_dbus.h +%{_libdir}/libsss_simpleifp.so +%{_libdir}/pkgconfig/sss_simpleifp.pc + +%files client -f sssd_client.lang +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libnss_sss.so.2 +%{_libdir}/security/pam_sss.so +%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so +%{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so +%dir %{_libdir}/cifs-utils +%{_libdir}/cifs-utils/cifs_idmap_sss.so +%dir %{_sysconfdir}/cifs-utils +%ghost %{_sysconfdir}/cifs-utils/idmap-plugin +%dir %{_libdir}/%{name} +%dir %{_libdir}/%{name}/modules +%{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so +%{_mandir}/man8/pam_sss.8* +%{_mandir}/man8/sssd_krb5_locator_plugin.8* + +%files -n libsss_sudo +%license src/sss_client/COPYING +%{_libdir}/libsss_sudo.so* + +%files -n libsss_autofs +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%dir %{_libdir}/%{name}/modules +%{_libdir}/%{name}/modules/libsss_autofs.so + +%files tools -f sssd_tools.lang +%license COPYING +%{_sbindir}/sss_obfuscate +%{_sbindir}/sss_override +%{_sbindir}/sss_debuglevel +%{_sbindir}/sss_seed +%{_sbindir}/sssctl +%{_mandir}/man8/sss_obfuscate.8* +%{_mandir}/man8/sss_override.8* +%{_mandir}/man8/sss_debuglevel.8* +%{_mandir}/man8/sss_seed.8* +%{_mandir}/man8/sssctl.8* + +%files -n python3-sssdconfig -f python3_sssdconfig.lang +%dir %{python3_sitelib}/SSSDConfig +%{python3_sitelib}/SSSDConfig/*.py* +%dir %{python3_sitelib}/SSSDConfig/__pycache__ +%{python3_sitelib}/SSSDConfig/__pycache__/*.py* + +%files -n python3-sss +%{python3_sitearch}/pysss.so + +%files -n python3-sss-murmur +%{python3_sitearch}/pysss_murmur.so + +%files -n libsss_idmap +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_idmap.so.* + +%files -n libsss_idmap-devel +%doc idmap_doc/html +%{_includedir}/sss_idmap.h +%{_libdir}/libsss_idmap.so +%{_libdir}/pkgconfig/sss_idmap.pc + +%files -n libipa_hbac +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libipa_hbac.so.* + +%files -n libipa_hbac-devel +%doc hbac_doc/html +%{_includedir}/ipa_hbac.h +%{_libdir}/libipa_hbac.so +%{_libdir}/pkgconfig/ipa_hbac.pc + +%files -n libsss_nss_idmap +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_nss_idmap.so.* + +%files -n libsss_nss_idmap-devel +%doc nss_idmap_doc/html +%{_includedir}/sss_nss_idmap.h +%{_libdir}/libsss_nss_idmap.so +%{_libdir}/pkgconfig/sss_nss_idmap.pc + +%files -n python3-libsss_nss_idmap +%{python3_sitearch}/pysss_nss_idmap.so + +%files -n python3-libipa_hbac +%{python3_sitearch}/pyhbac.so + +%files winbind-idmap -f sssd_winbind_idmap.lang +%dir %{_libdir}/samba/idmap +%{_libdir}/samba/idmap/sss.so +%{_mandir}/man8/idmap_sss.8* + +%files nfs-idmap -f sssd_nfs_idmap.lang +%{_mandir}/man5/sss_rpcidmapd.5* +%{_libdir}/libnfsidmap/sss.so + +%files -n libsss_certmap -f libsss_certmap.lang +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_certmap.so.* +%{_mandir}/man5/sss-certmap.5* + +%files -n libsss_certmap-devel +%doc certmap_doc/html +%{_includedir}/sss_certmap.h +%{_libdir}/libsss_certmap.so +%{_libdir}/pkgconfig/sss_certmap.pc + +%files kcm -f sssd_kcm.lang +%{_libexecdir}/%{servicename}/sssd_kcm +%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache +%dir %{_datadir}/sssd-kcm +%{_datadir}/sssd-kcm/kcm_default_ccache +%{_unitdir}/sssd-kcm.socket +%{_unitdir}/sssd-kcm.service +%{_mandir}/man8/sssd-kcm.8* +%{_libdir}/%{name}/libsss_secrets.so + +%post common +%systemd_post sssd.service +%systemd_post sssd-autofs.socket +%systemd_post sssd-nss.socket +%systemd_post sssd-pac.socket +%systemd_post sssd-pam.socket +%systemd_post sssd-pam-priv.socket +%systemd_post sssd-ssh.socket +%systemd_post sssd-sudo.socket + +%preun common +%systemd_preun sssd.service +%systemd_preun sssd-autofs.socket +%systemd_preun sssd-nss.socket +%systemd_preun sssd-pac.socket +%systemd_preun sssd-pam.socket +%systemd_preun sssd-pam-priv.socket +%systemd_preun sssd-ssh.socket +%systemd_preun sssd-sudo.socket + +%postun common +%systemd_postun_with_restart sssd-autofs.socket +%systemd_postun_with_restart sssd-autofs.service +%systemd_postun_with_restart sssd-nss.socket +%systemd_postun_with_restart sssd-nss.service +%systemd_postun_with_restart sssd-pac.socket +%systemd_postun_with_restart sssd-pac.service +%systemd_postun_with_restart sssd-pam.socket +%systemd_postun_with_restart sssd-pam-priv.socket +%systemd_postun_with_restart sssd-pam.service +%systemd_postun_with_restart sssd-ssh.socket +%systemd_postun_with_restart sssd-ssh.service +%systemd_postun_with_restart sssd-sudo.socket +%systemd_postun_with_restart sssd-sudo.service + +%post dbus +%systemd_post sssd-ifp.service + +%preun dbus +%systemd_preun sssd-ifp.service + +%postun dbus +%systemd_postun_with_restart sssd-ifp.service + +%post kcm +%systemd_post sssd-kcm.socket + +%preun kcm +%systemd_preun sssd-kcm.socket + +%postun kcm +%systemd_postun_with_restart sssd-kcm.socket +%systemd_postun_with_restart sssd-kcm.service + +%post client +%{?ldconfig} +/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20 + +%preun client +if [ $1 -eq 0 ] ; then + /usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so +fi + +%ldconfig_postun client + +%ldconfig_scriptlets -n libsss_sudo + +%ldconfig_scriptlets -n libipa_hbac + +%ldconfig_scriptlets -n libsss_idmap + +%ldconfig_scriptlets -n libsss_nss_idmap + +%ldconfig_scriptlets -n libsss_simpleifp + +%ldconfig_scriptlets -n libsss_certmap + +%posttrans common +%systemd_postun_with_restart sssd.service + +%changelog +* Mon Oct 12 2020 Pavel Březina - 2.4.0-2 +- Remove old patches + +* Mon Oct 12 2020 Pavel Březina - 2.4.0-1 +- Rebase to SSSD 2.4.0 + +* Tue Jul 28 2020 Pavel Březina - 2.3.1-4 +- Actually include 2.3.1 source + +* Tue Jul 28 2020 Pavel Březina - 2.3.1-3 +- Fix test compilation with check-0.15 + +* Mon Jul 27 2020 Pavel Březina - 2.3.1-2 +- Use correct run dir (RHBZ#1557622) + +* Fri Jul 24 2020 Pavel Březina - 2.3.1-1 +- Rebase to SSSD 2.3.1 + +* Fri Jul 24 2020 Merlin Mathesius - 2.3.0-5 +- Minor ELN conditional fix + +* Tue Jul 14 2020 Tom Stellard - 2.3.0-4 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Wed Jul 1 2020 Jeff Law +- Disable LTO + +* Fri Jun 19 2020 Peter Jones +- Fix github url typo + +* Tue May 26 2020 Miro Hrončok - 2.3.0-2 +- Rebuilt for Python 3.9 + +* Wed May 20 2020 Pavel Březina - 2.3.0-1 +- Rebase to SSSD 2.3.0 + +* Fri Feb 28 2020 Michal Židek - 2.2.3-14 +- Resolves: rhbz#1800567 - sssd fail to build in Fedora rawhide + +* Wed Feb 26 2020 Michal Židek - 2.2.3-13 +- Resolves: upstream#4159 - p11_child should have an option to skip + C_WaitForSlotEvent if the PKCS#11 module does not + implement it properly + +* Wed Feb 26 2020 Michal Židek - 2.2.3-12 +- Resolves: upstream#4135 - util/sss_ptr_hash.c: potential double free in + `sss_ptr_hash_delete_cb()` + +* Wed Feb 26 2020 Michal Židek - 2.2.3-11 +- Resolves: upstream#4118 - sssd requires timed sudoers ldap entries to be + specified up to the seconds + +* Wed Feb 26 2020 Michal Židek - 2.2.3-11 +- Add sssd-dbus package as a dependency of sssd-tools + +* Wed Feb 26 2020 Michal Židek - 2.2.3-10 +- Resolves: upstream#4142 - sssd_be frequent crash + +* Wed Feb 26 2020 Michal Židek - 2.2.3-9 +- Resolves: upstream#4131 Force LDAPS over 636 with AD Provider + +* Wed Feb 26 2020 Michal Židek - 2.2.3-8 +- Resolves: upstream#3630 - Randomize ldap_connection_expire_timeout either + by default or w/ a configure option + +* Wed Feb 26 2020 Michal Židek - 2.2.3-7 +- Resolves: upstream#4135 - util/sss_ptr_hash.c: potential double free in + `sss_ptr_hash_delete_cb()` +* Wed Feb 26 2020 Michal Židek - 2.2.3-6 +- Resolves: upstream#4088 - server/be: SIGTERM handling is incorrect + +* Wed Feb 26 2020 Michal Židek - 2.2.3-5 +- Resolves: upstream##4089 Watchdog implementation or usage is incorrect + +* Wed Feb 26 2020 Michal Židek - 2.2.3-4 +- Resolves: upstream#4126 pcscd rejecting sssd ldap_child as unauthorized + +* Wed Feb 26 2020 Michal Židek - 2.2.3-3 +- Resolves: upstream#4127 - [Doc]Provide explanation on escape character for + match rules sss-certmap + +* Wed Feb 26 2020 Michal Židek - 2.2.3-2 +- Resolves: upstream#4129 - sssctl config-check command does not give proper + error messages with line numbers + +* Wed Feb 26 2020 Michal Židek - 2.2.3-1 +- Update to latest released upstream version +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_3.htm + +* Fri Jan 31 2020 Fedora Release Engineering - 2.2.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jan 24 2020 Stephen Gallagher - 2.2.2-5 +- Fix build against samba-4.12.0rc1 + +* Fri Jan 24 2020 Mohan Boddu - 2.2.2-4 +- Rebuild for samba-4.12.0rc1 + +* Tue Oct 22 2019 Adam Williamson - 2.2.2-3 +- Resolves: rhbz#1755643 - Upgrade to sssd 2.2.2-1.fc30 breaks setting + up FreeIPA replica in containers + +* Tue Oct 22 2019 Adam Williamson - 2.2.2-2 +- Resolves: rhbz#1757224 - Tickets act like they're expiring prematurely + when using KCM cache + +* Wed Sep 11 2019 Michal Židek - 2.2.2-1 +- Update to latest released upstream version +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_2.html +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_1.html + +* Mon Aug 26 2019 Stephen Gallagher - 2.2.0-6 +- Rebuilding for libldb 2.0.5 + +* Mon Aug 19 2019 Miro Hrončok - 2.2.0-5 +- Rebuilt for Python 3.8 + +* Sat Jul 27 2019 Fedora Release Engineering - 2.2.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Jul 5 2019 Jakub Hrozek - 2.2.0-3 +- Resolves: rhbz#1721636 - sssd-kcm calls sssd-genconf which triggers + nscd warning + +* Fri Jul 5 2019 Jakub Hrozek - 2.2.0-2 +- Resolves: rhbz#1724717 - sssd-proxy crashes resolving groups with + no members + +* Mon Jun 17 2019 Michal Židek - 2.2.0-1 +- Update to latest released upstream version +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_0.html + +* Wed Mar 27 2019 Michal Židek - 2.1.0-2 +- Resolves: upstream#3867 - [RFE] Need an option in SSSD so that it will skip + GPOs that have groupPolicyContainers unreadable + by SSSD. +- CVE-2018-16838 + +* Wed Mar 27 2019 Michal Židek - 2.1.0-1 +- Update to latest released upstream version +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_1_0.html + +* Wed Feb 13 2019 Sinny Kumari - 2.0.0-9 +- Resolves: rhbz#1667444 - sssd: make python3-sssdconfig as suggest + +* Wed Feb 13 2019 Adam Williamson - 2.0.0-8 +- Resolves: rhbz#1676946 - startup fail with status NOTIMPLEMENTED + +* Sun Feb 03 2019 Fedora Release Engineering - 2.0.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Wed Dec 12 2018 Adam Williamson - 2.0.0-6 +- Resolves: rhbz#1654537 - sbus: use 120 second default timeout +- Backport two other patches from master to fix build with recent krb5 + +* Wed Nov 07 2018 Michal Židek - 2.0.0-5 +- Resolves: rhbz#1629737 - sssd: Remove python2 (sub)packages from Fedora 30+ + +* Wed Aug 29 2018 Michal Židek - 2.0.0-4 +- Resolves: upstream#3821 - crash related to sbus_router_destructor() +- Resolves: upstream#3810 - sbus2: fix memory leak in sbus_message_bound_ref +- Resolves: upstream#3819 - sssd only sets the SELinux login context if it + differs from the default +- Resolves: upstream#3807 - The sbus codegen script relies on "python" which + might not be available on all distributions +- Resolves: upstream#3820 - sudo: search with lower cased name for case + insensitive domains +- Resolves: upstream#3701 - [RFE] Allow changing default behavior of SSSD from + an allow-any default to a deny-any default when it + can't find any GPOs to apply to a user login. +- Resolves: upstream#3828 - Invalid domain provider causes SSSD to abort + startup +- Resolves: upstream#3500 - Make sure sssd is a replacement for pam_pkcs11 + also for local account authentication +- Resolves: upstream#3812 - sssd 2.0.0 segfaults on startup +- Resolves: upstream#3826 - Remove references of sss_user/group/add/del + commands in man pages since local provider is + deprecated +- Resolves: upstream#3827 - SSSD should log to syslog if a domain is not + started due to a misconfiguration +- Resolves: upstream#3830 - Printing incorrect information about domain with + sssctl utility +- Resolves: upstream#3489 - p11_child should work wit openssl1.0+ +- Resolves: upstream#3750 - [RFE] man 5 sssd-files should mention necessary + changes in nsswitch.conf +- Resovles: upstream#3650 - RFE: Require smartcard authentication +- Resolves: upstream#3334 - sssctl config-check does not check any special + characters in domain name of domain section +- Resolves: upstream#3849 - Files: The files provider always enumerates + which causes duplicate when running getent passwd +- Related: upstream#3855 - session not recording for local user when groups + defined +- Resolves: upstream#3802 - Reuse sysdb_error_to_errno() outside sysdb +- Related: upstream#3493 - Remove the pysss.local interface + +* Wed Aug 29 2018 Michal Židek - 2.0.0-3 +- Resolves: rhbz#1622760 - Console login as FreeIPA domain user fails in + current Fedora Rawhide / 29 + +* Wed Aug 29 2018 Michal Židek - 2.0.0-2 +- Fix linking issues + +* Tue Aug 14 2018 Michal Židek - 2.0.0-1 +- New upstream release 2.0.0 + +* Sat Jul 14 2018 Fedora Release Engineering - 1.16.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Mon Jul 02 2018 Miro Hrončok - 1.16.2-5 +- Rebuilt for Python 3.7 + +* Mon Jun 25 2018 Fabiano Fidêncio - 1.16.2-4 +- Related: upstream#941 - return multiple server addresses to the Kerberos + locator plugin +- Related: upstream#3652 - kdcinfo doesn't get populated for other domains +- Resolves: upstream#3747 - sss_ssh_authorizedkeys exits abruptly if SSHD + closes its end of the pipe before reading all the + SSH keys +- Resolves: upstream#3607 - Handle conflicting e-mail addresses more gracefully +- Resolves: upstream#3754 - SSSD AD uses LDAP filter to detect POSIX attributes + stored in AD GC also for regular AD DC queries +- Related: upstream#3219 - [RFE] Regular expression used in sssd.conf not being + able to consume an @-sign in the user/group name. +- Resolves: upstream#3766 - CVE-2018-10852: information leak from the sssd-sudo + responder + +* Thu Jun 21 2018 Fabiano Fidêncio - 1.16.2-3 +- Resolves: rhbz#1591804 - something keeps /lib/libnss_systemd.so.2 open on + minimal appliance image, breaking composes + +* Tue Jun 19 2018 Miro Hrončok - 1.16.2-2 +- Rebuilt for Python 3.7 + +* Mon Jun 11 2018 Fabiano Fidêncio - 1.16.2-1 +- New upstream release 1.16.2 +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_2.html + +* Thu May 24 2018 Fabiano Fidêncio - 1.16.1-9 +- Related: upstream#3742 - Change of: User may not run sudo --> a password is + required + +* Thu May 17 2018 Fabiano Fidêncio - 1.16.1-8 +- Revert 589d1a48 as the builders are back to f27 + +* Wed May 16 2018 Fabiano Fidêncio - 1.16.1-7 +- Related: upstream#3436 - Certificates used in unit tests have limited + lifetime +- Add: "ExcludeArch: armv7hl" + +* Mon May 14 2018 Fabiano Fidêncio - 1.16.1-6 +- Related: upstream#3436 - Add openssl, openssh and nss-tools as BuildRequires + +* Mon May 14 2018 Fabiano Fidêncio - 1.16.1-5 +- Related: upstream#3436 - Certificates used in unit tests have limited + lifetime +- Resolves: upstream#3725 - sssd not honoring dyndns_server if the DNS update + process is terminated with a signal +- Resolves: upstream#3726 - SSSD with ID provider 'ad' should give a warning + in case the ldap schema is manually changed to + something different than 'ad'. +- Related: upstream#2653 - Group renaming issue when "id_provider = ldap" is + set. +- Resolves: upstream#3719 - The SSSD IPA provider allocates information about + external groups on a long lived memory context, + causing memory growth of the sssd_be process +- Resolves: upstream#3728 - Request by ID outside the min_id/max_id limit of a + first domain does not reach the second domain +- Resolves: upstream#3731 - nss_clear_netgroup_hash_table(): only remove + entries from the hash table, do not free them +- Resolves: upstream#3595 - ID override GID from Default Trust View is not + properly resolved in case domain resolution order + is set + +* Sat May 05 2018 Fabiano Fidêncio - 1.16.1-4 +- Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa + +* Fri Apr 27 2018 Fabiano Fidêncio - 1.16.1-3 +- Resolves: upstream#3684 - A group is not updated if its member is removed + with the cleanup task, but the group does not + change +- Resolves: upstream#3558 - sudo: report error when two rules share cn +- Tone down shutdown messages for socket activated responders +- IPA: Qualify the externalUser sudo attribute +- Resolves: upstream#3550 - refresh_expired_interval does not work with + netgrous in 1.15 +- Resolves: upstream#3402 - Support alternative sources for the files provider +- Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option +- Resolves: upstream#3679 - Make nss netgroup requests more robust +- Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not + configured +- Resolves: upstream#3469 - extend sss-certmap man page regarding priority + processing +- Improve docs/debug message about GC detection +- Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes + list out of bound? +- Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is + set. +- Document which principal does the AD provider use +- Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is + defined, but contains no SIDs +- Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM +- Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data + Provider returned an error + [org.freedesktop.sssd.Error.DataProvider.Fatal] +- Add gcc to build dependencies + +* Fri Mar 30 2018 Fabiano Fidêncio - 1.16.1-2 +- Resolves: upstream#3573 - sssd won't show netgroups with blank domain +- Resolves: upstream#3660 - confdb_expand_app_domains() always fails +- Resolves: upstream#3658 - Application domain is not interpreted correctly +- Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to + json_loads() +- Resolves: upstream#3386 - KCM: Payload buffer is too small +- Resolves: upstream#3666 - Fix usage of str.decode() in our tests +- A few KCM misc fixes + +* Fri Mar 9 2018 Fabiano Fidêncio - 1.16.1-1 +- New upstream release 1.16.1 +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html + +* Tue Feb 20 2018 Lukas Slebodnik - 1.16.0-13 +- Resolves: upstream#3621 - backport bug found by static analyzers + +* Wed Feb 14 2018 Fabiano Fidêncio - 1.16.0-12 +- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile + with no specific host/hostgroup set +- Resolves: upstream#3621 - FleetCommander integration must not require + capability DAC_OVERRIDE + +* Wed Feb 07 2018 Lukas Slebodnik - 1.16.0-11 +- Resolves: upstream#3618 - selinux_child segfaults in a docker container + +* Tue Feb 06 2018 Lukas Slebodnik - 1.16.0-10 +- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl + +* Thu Jan 25 2018 Igor Gnatenko - 1.16.0-9 +- Fix systemd executions/requirements + +* Thu Jan 25 2018 Lukas Slebodnik - 1.16.0-8 +- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS + +* Thu Jan 11 2018 Lukas Slebodnik - 1.16.0-7 +- Fix building of sssd-nfs-idmap with libnfsidmap.so.1 + +* Thu Jan 11 2018 Björn Esser - 1.16.0-6 +- Rebuilt for libnfsidmap.so.1 + +* Mon Dec 04 2017 Lukas Slebodnik - 1.16.0-5 +- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in + setnetgrent_result_timeout +- Resolves: upstream#3588 - sssd_nss consumes more memory until restarted + or machine swaps +- Resolves: failure in glibc tests + https://sourceware.org/bugzilla/show_bug.cgi?id=22530 +- Resolves: upstream#3451 - When sssd is configured with id_provider proxy and + auth_provider ldap, login fails if the LDAP server + is not allowing anonymous binds +- Resolves: upstream#3285 - SSSD needs restart after incorrect clock is + corrected with AD +- Resolves: upstream#3586 - Give a more detailed debug and system-log message + if krb5_init_context() failed +- Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet + in /etc/systemd/system +- Backport few upstream features from 1.16.1 + +* Tue Nov 21 2017 Lukas Slebodnik - 1.16.0-4 +- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next + +* Fri Nov 17 2017 Jakub Hrozek - 1.16.0-3 +- Backport extended NSS API from upstream master branch + +* Fri Nov 03 2017 Lukas Slebodnik - 1.16.0-2 +- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade + +* Fri Oct 20 2017 Lukas Slebodnik - 1.16.0-1 +- New upstream release 1.16.0 +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html + +* Wed Oct 11 2017 Lukas Slebodnik - 1.15.3-5 +- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when + searching in local cache database access on + the sock_file system_bus_socket + +* Mon Sep 11 2017 Lukas Slebodnik - 1.15.3-4 +- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write + access on the sock_file system_bus_socket +- Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and + fails to download desktop profile data +- Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 +- Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients + after applying ID Views for them in IPA server +- Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id + mapping is applied + +* Fri Sep 01 2017 Lukas Slebodnik - 1.15.3-3 +- Backport few upstream patches/fixes + +* Thu Jul 27 2017 Fedora Release Engineering - 1.15.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jul 25 2017 Lukas Slebodnik - 1.15.3-1 +- New upstream release 1.15.3 +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html + +* Tue Jun 27 2017 Lukas Slebodnik - 1.15.3-0.beta.5 +- Rebuild with libldb-1.2.0 + +* Tue Jun 27 2017 Lukas Slebodnik - 1.15.3-0.beta.4 +- Fix build issues: Update expided certificate in unit tests + +* Sat Apr 29 2017 Lukas Slebodnik - 1.15.3-0.beta.3 +- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication +- Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with + file from package sssd-common-1.15.1-1.fc25.x86_64 +- Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4 + +* Thu Apr 06 2017 Lukas Slebodnik - 1.15.3-0.beta.2 +- Fix issue with IPA + SELinux in containers +- Resolves: upstream https://fedorahosted.org/sssd/ticket/3297 + +* Tue Apr 04 2017 Lukas Slebodnik - 1.15.3-0.beta.1 +- Backport upstream patches for 1.15.3 pre-release +- required for building freeipa-4.5.x in rawhide + +* Thu Mar 16 2017 Lukas Slebodnik - 1.15.2-1 +- New upstream release 1.15.2 +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html + +* Mon Mar 06 2017 Lukas Slebodnik - 1.15.1-1 +- New upstream release 1.15.1 +- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html + +* Wed Feb 22 2017 Jakub Hrozek - 1.15.0-4 +- Cherry-pick patches from upstream that enable the files provider +- Enable the files domain +- Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch + which is superseded by the files domain autoconfiguration +- Related: rhbz#1357418 - SSSD fast cache for local users + +* Tue Feb 14 2017 Lukas Slebodnik - 1.15.0-3 +- Add missing %%license macro + +* Sat Feb 11 2017 Fedora Release Engineering - 1.15.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Jan 27 2017 Lukas Slebodnik - 1.15.0-1 +- New upstream release 1.15.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0 + +* Mon Dec 19 2016 Miro Hrončok - 1.14.2-3 +- Rebuild for Python 3.6 + +* Tue Dec 13 2016 Lukas Slebodnik - 1.14.2-2 +- Resolves: rhbz#1369130 - nss_sss should not link against libpthread +- Resolves: rhbz#1392916 - sssd failes to start after update +- Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses + on the directory /etc/sssd + +* Thu Oct 20 2016 Lukas Slebodnik - 1.14.2-1 +- New upstream release 1.14.2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2 + +* Fri Oct 14 2016 Lukas Slebodnik - 1.14.1-4 +- libwbclient-sssd: update interface to version 0.13 + +* Thu Sep 22 2016 Lukas Slebodnik - 1.14.1-3 +- Fix regression with krb5_map_user +- Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore +- Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: + default if nonexistent domain is mentioned + +* Thu Sep 01 2016 Lukas Slebodnik - 1.14.1-2 +- Backport important patches from upstream 1.14.2 prerelease +- Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after + boot +- Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14 + +* Fri Aug 19 2016 Lukas Slebodnik - 1.14.1-1 +- New upstream release 1.14.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1 + +* Mon Aug 15 2016 Stephen Gallagher - 1.14.0-5 +- Add workaround patch for RHBZ #1366403 + +* Tue Jul 19 2016 Fedora Release Engineering - 1.14.0-4 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Fri Jul 08 2016 Lukas Slebodnik - 1.14.0-3 +- New upstream release 1.14.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0 + +* Fri Jul 01 2016 Lukas Slebodnik - 1.14.0-2.beta +- New upstream release 1.14 beta +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta + +* Tue Jun 21 2016 Lukas Slebodnik - 1.14.0-1.alpha +- New upstream release 1.14 alpha +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha + +* Fri May 13 2016 Lukas Slebodnik - 1.13.4-3 +- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): + sssd_ifp killed by SIGSEGV + +* Fri Apr 22 2016 Lukas Slebodnik - 1.13.4-2 +- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6 + +* Thu Apr 14 2016 Lukas Slebodnik - 1.13.4-1 +- New upstream release 1.13.4 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4 + +* Tue Mar 22 2016 Lukas Slebodnik - 1.13.3-6 +- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password + prompts (e.g. Password + Token) +- Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed + by remote host" if locale not available + +* Thu Feb 25 2016 Lukas Slebodnik - 1.13.3-5 +- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA + groups during getgrnam and getgrgid +- Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses + in call to 'print' + +* Fri Feb 05 2016 Fedora Release Engineering - 1.13.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jan 20 2016 Lukas Slebodnik - 1.13.3-3 +- Additional upstream fixes + +* Tue Jan 19 2016 Lukas Slebodnik - 1.13.3-2 +- Resolves: rhbz#1256849 - SUDO: Support the IPA schema + +* Wed Dec 16 2015 Lukas Slebodnik - 1.13.3-1 +- New upstream release 1.13.3 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3 + +* Fri Nov 20 2015 Lukas Slebodnik - 1.13.2-1 +- New upstream release 1.13.2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2 + +* Fri Nov 06 2015 Robert Kuska - 1.13.1-5 +- Rebuilt for Python3.5 rebuild + +* Tue Oct 27 2015 Lukas Slebodnik - 1.13.1-4 +- Fix building pac responder with the krb5-1.14 + +* Mon Oct 19 2015 Lukas Slebodnik - 1.13.1-3 +- python-sssdconfig: Fix parssing sssd.conf without config_file_version +- Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed + +* Wed Oct 07 2015 Lukas Slebodnik - 1.13.1-2 +- Fix few segfaults +- Resolves: upstream #2811 - PAM responder crashed if user was not set +- Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step + +* Thu Oct 01 2015 Lukas Slebodnik - 1.13.1-1 +- New upstream release 1.13.1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1 + +* Thu Sep 10 2015 Lukas Slebodnik - 1.13.0-6 +- Fix OTP bug +- Resolves: upstream #2729 - Do not send SSS_OTP if both factors were + entered separately + +* Mon Sep 07 2015 Lukas Slebodnik - 1.13.0-5 +- Backport upstream patches required by FreeIPA 4.2.1 + +* Tue Jul 21 2015 Lukas Slebodnik - 1.13.0-4 +- Fix ipa-migration bug +- Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled + migration mode + +* Wed Jul 08 2015 Lukas Slebodnik - 1.13.0-3 +- New upstream release 1.13.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0 + +* Tue Jun 30 2015 Lukas Slebodnik - 1.13.0-2.alpha +- Unify return type of list_active_domains for python{2,3} + +* Mon Jun 22 2015 Lukas Slebodnik - 1.13.0-1.alpha +- New upstream release 1.13 alpha +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha + +* Fri Jun 19 2015 Fedora Release Engineering - 1.12.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Jun 12 2015 Lukas Slebodnik - 1.12.5-3 +- Fix libwbclient alternatives + +* Fri Jun 12 2015 Lukas Slebodnik - 1.12.5-2 +- Backport important patches from upstream 1.13 prerelease + +* Fri Jun 12 2015 Lukas Slebodnik - 1.12.5-1 +- New upstream release 1.12.5 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5 + +* Fri May 08 2015 Lukas Slebodnik - 1.12.4-8 +- Backport important patches from upstream 1.13 prerelease +- Resolves: rhbz#1060325 - Does sssd-ad use the most suitable + attribute for group name +- Resolves: upstream #2335 - Investigate using the krb5 responder + for driving the PAM conversation with OTPs +- Enable cmocka tests for secondary architectures + +* Fri May 08 2015 Lukas Slebodnik - 1.12.4-7 +- Backport patches from upstream 1.12.5 prerelease - contains many fixes + +* Wed Apr 15 2015 Lukas Slebodnik - 1.12.4-6 +- Fix slow login with ipa and SELinux +- Resolves: upstream #2624 - Only set the selinux context if the context + differs from the local one + +* Mon Mar 23 2015 Lukas Slebodnik - 1.12.4-5 +- Fix regressions with ipa and SELinux +- Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security + context on client is staff_u + +* Fri Mar 6 2015 Jakub Hrozek - 1.12.4-4 +- Also relax libldb Requires +- Remove --enable-ldb-version-check + +* Fri Mar 6 2015 Jakub Hrozek - 1.12.4-3 +- Relax libldb BuildRequires to be greater-or-equal + +* Wed Feb 25 2015 Lukas Slebodnik - 1.12.4-2 +- Add support for python3 bindings +- Add requirement to python3 or python3 bindings +- Resolves: rhbz#1014594 - sssd: Support Python 3 + +* Wed Feb 18 2015 Lukas Slebodnik - 1.12.4-1 +- New upstream release 1.12.4 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4 + +* Sat Feb 14 2015 Lukas Slebodnik - 1.12.3-7 +- Backport patches with Python3 support from upstream + +* Thu Feb 12 2015 Lukas Slebodnik - 1.12.3-6 +- Fix double free in monitor +- Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): + sssd killed by SIGABRT + +* Wed Jan 28 2015 Jakub Hrozek - 1.12.3-5 +- Rebuild for new libldb + +* Thu Jan 22 2015 Lukas Slebodnik - 1.12.3-4 +- Decrease priority of sssd-libwbclient 20 -> 5 +- It should be lower than priority of samba veriosn of libwbclient. +- https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18 + +* Mon Jan 19 2015 Lukas Slebodnik - 1.12.3-3 +- Apply a number of patches from upstream to fix issues found 1.12.3 +- Resolves: rhbz#1176373 - dyndns_iface does not accept multiple + interfaces, or isn't documented to be able to +- Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is + not running +- Resolves: upstream #2557 authentication failure with user from AD + +* Fri Jan 09 2015 Lukas Slebodnik - 1.12.3-2 +- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus +- Resolves: rhbz#1179379 - gzip: stdin: file size changed while + zipping when rotating logfile + +* Thu Jan 08 2015 Lukas Slebodnik - 1.12.3-1 +- New upstream release 1.12.3 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 +- Fix spelling errors in description (fedpkg lint) + +* Tue Jan 6 2015 Lukas Slebodnik - 1.12.2-8 +- Rebuild for libldb 1.1.19 + +* Fri Dec 19 2014 Sumit Bose - 1.12.2-7 +- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes + crash in wbinfo + - in addition to the patch libwbclient.so is + filtered out of the Provides list of the package + +* Wed Dec 17 2014 Lukas Slebodnik - 1.12.2-6 +- Fix regressions and bugs in sssd upstream 1.12.2 +- https://fedorahosted.org/sssd/ticket/{id} +- Regressions: #2471, #2475, #2483, #2487, #2529, #2535 +- Bugs: #2287, #2445 + +* Sun Dec 7 2014 Jakub Hrozek - 1.12.2-5 +- Rebuild for libldb 1.1.18 + +* Wed Nov 26 2014 Jakub Hrozek - 1.12.2-4 +- Fix typo in libwbclient-devel %%preun + +* Tue Nov 25 2014 Jakub Hrozek - 1.12.2-3 +- Use alternatives for libwbclient + +* Wed Oct 22 2014 Jakub Hrozek - 1.12.2-2 +- Backport several patches from upstream. +- Fix a potential crash against old (pre-4.0) IPA servers + +* Mon Oct 20 2014 Jakub Hrozek - 1.12.2-1 +- New upstream release 1.12.2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2 + +* Mon Sep 15 2014 Jakub Hrozek - 1.12.1-2 +- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user + private group from server + +* Mon Sep 8 2014 Jakub Hrozek - 1.12.1-1 +- New upstream release 1.12.1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1 + +* Fri Aug 22 2014 Jakub Hrozek - 1.12.0-7 +- Do not crash on resolving a group SID in IPA server mode + +* Mon Aug 18 2014 Fedora Release Engineering - 1.12.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Jul 10 2014 Stephen Gallagher 1.12.0-5 +- Fix release version for upgrades + +* Wed Jul 09 2014 Jakub Hrozek - 1.12.0-1 +- New upstream release 1.12.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0 + +* Sun Jun 08 2014 Fedora Release Engineering - 1.12.0-4.beta2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Jun 04 2014 Jakub Hrozek - 1.12.0-1.beta2 +- New upstream release 1.12 beta2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2 + +* Mon Jun 02 2014 Jakub Hrozek - 1.12.0-2.beta1 +- Fix tests on big-endian +- Fix previous changelog entry + +* Fri May 30 2014 Jakub Hrozek - 1.12.0-1.beta1 +- New upstream release 1.12 beta1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1 + +* Thu May 29 2014 Jakub Hrozek - 1.11.5.1-4 +- Rebuild against new ding-libs + +* Thu May 08 2014 Stephen Gallagher - 1.11.5.1-3 +- Make LDB dependency a strict equivalency + +* Thu May 08 2014 Stephen Gallagher - 1.11.5.1-2 +- Rebuild against new libldb + +* Fri Apr 11 2014 Jakub Hrozek - 1.11.5.1-1 +- New upstream release 1.11.5.1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1 + +* Thu Apr 10 2014 Stephen Gallagher 1.11.5-2 +- Fix bug in generation of systemd unit file + +* Tue Apr 08 2014 Jakub Hrozek - 1.11.5-1 +- New upstream release 1.11.5 +- Remove upstreamed patch +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5 + +* Thu Mar 13 2014 Sumit Bose - 1.11.4-3 +- Handle new error code for IPA password migration + +* Tue Mar 11 2014 Jakub Hrozek - 1.11.4-2 +- Include couple of patches from upstream 1.11 branch + +* Mon Feb 17 2014 Jakub Hrozek - 1.11.4-1 +- New upstream release 1.11.4 +- Remove upstreamed patch +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4 + +* Tue Feb 11 2014 Jakub Hrozek - 1.11.3-2 +- Handle OTP response from FreeIPA server gracefully + +* Wed Oct 30 2013 Jakub Hrozek - 1.11.3-1 +- New upstream release 1.11.3 +- Remove upstreamed patches +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3 + +* Wed Oct 30 2013 Jakub Hrozek - 1.11.2-1 +- New upstream release 1.11.2 +- Remove upstreamed patches +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 + +* Wed Oct 16 2013 Sumit Bose - 1.11.1-5 +- Fix potential crash with external groups in trusted IPA-AD setup + +* Mon Oct 14 2013 Sumit Bose - 1.11.1-4 +- Add plugin for cifs-utils +- Resolves: rhbz#998544 + +* Tue Oct 08 2013 Jakub Hrozek - 1.11.1-3 +- Fix failover from Global Catalog to LDAP in case GC is not available + +* Fri Oct 04 2013 Jakub Hrozek - 1.11.1-2 +- Remove the ability to create public ccachedir (#1015089) + +* Fri Sep 27 2013 Jakub Hrozek - 1.11.1-1 +- New upstream release 1.11.1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 + +* Thu Sep 26 2013 Jakub Hrozek - 1.11.0-3 +- Fix multicast checks in the SSSD +- Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source + code getting the host info + +* Wed Aug 28 2013 Jakub Hrozek - 1.11.0-2 +- Backport simplification of ccache management from 1.11.1 +- Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login + +* Wed Aug 28 2013 Jakub Hrozek - 1.11.0-1 +- New upstream release 1.11.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 + +* Fri Aug 23 2013 Jakub Hrozek - 1.11.0-0.4.beta2 +- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: + Process /usr/libexec/sssd/sssd_nss was killed by + signal 11 (SIGSEGV) +- Resolves: #996214 - sssd proxy_child segfault + +* Sun Aug 04 2013 Fedora Release Engineering - 1.11.0-0.3.beta2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 31 2013 Jakub Hrozek - 1.11.0.2beta2 +- Resolves: #906427 - Do not use %%{_lib} in specfile for the nss and + pam libraries + +* Wed Jul 24 2013 Jakub Hrozek - 1.11.0.1beta2 +- New upstream release 1.11 beta 2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 + +* Thu Jul 18 2013 Jakub Hrozek - 1.10.1-1 +- New upstream release 1.10.1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1 + +* Mon Jul 08 2013 Jakub Hrozek - 1.10.0-17 +- sssd-tools should require sssd-common, not sssd + +* Tue Jul 02 2013 Stephen Gallagher - 1.10.0-16 +- Move sssd_pac to the sssd-ipa and sssd-ad subpackages +- Trim out RHEL5-specific macros since we don't build on RHEL 5 +- Trim out macros for Fedora older than F18 +- Update libldb requirement to 1.1.16 +- Trim RPM changelog down to the last year + +* Tue Jul 02 2013 Stephen Gallagher - 1.10.0-15 +- Move sssd_pac to the sssd-krb5 subpackage + +* Mon Jul 01 2013 Stephen Gallagher - 1.10.0-14 +- Fix Obsoletes: to account for dist tag +- Convert post and pre scripts to run on the sssd-common subpackage +- Remove old conversion from SYSV + +* Thu Jun 27 2013 Jakub Hrozek - 1.10.0-13 +- New upstream release 1.10 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0 + +* Mon Jun 17 2013 Dan Horák - 1.10.0-12.beta2 +- the cmocka toolkit exists only on selected arches + +* Sun Jun 16 2013 Jakub Hrozek - 1.10.0-11.beta2 +- Apply a number of patches from upstream to fix issues found post-beta, + in particular: + -- segfault with a high DEBUG level + -- Fix IPA password migration (upstream #1873) + -- Fix fail over when retrying SRV resolution (upstream #1886) + +* Thu Jun 13 2013 Jakub Hrozek - 1.10.0-10.beta2 +- Only BuildRequire libcmocka on Fedora + +* Thu Jun 13 2013 Jakub Hrozek - 1.10.0-9.beta2 +- Fix typo in Requires that prevented an upgrade (#973916) +- Use a hardcoded version in Conflicts, not less-than-current + +* Wed Jun 12 2013 Jakub Hrozek - 1.10.0-8.beta1 +- Enable hardened build for RHEL7 + +* Wed Jun 12 2013 Jakub Hrozek - 1.10.0-8.beta2 +- New upstream release 1.10 beta2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 +- BuildRequire libcmocka-devel in order to run all upstream tests during build +- BuildRequire libnl3 instead of libnl1 +- No longer BuildRequire initscripts, we no longer use /sbin/service +- Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any + older krb5-libs version + +* Fri May 24 2013 Jakub Hrozek - 1.10.0-7.beta1 +- Apply a couple of patches from upstream git that resolve crashes when + ID mapping object was not initialized properly but needed later + +* Tue May 14 2013 Jakub Hrozek - 1.10.0-6.beta1 +- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during + realm join +- Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by + default for AD Provider +- Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file + parent directory when logging in + +* Tue May 7 2013 Jakub Hrozek - 1.10.0-5.beta1 +- BuildRequire recent libini_config to ensure consistent behaviour + +* Tue May 7 2013 Jakub Hrozek - 1.10.0-4.beta1 +- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug + in ding-libs +- Fix SSH integration with fully-qualified domains +- Add the ability to dynamically discover the NetBIOS name + +* Fri May 3 2013 Jakub Hrozek - 1.10.0-3.beta1 +- New upstream release 1.10 beta1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1 + +* Wed Apr 17 2013 Jakub Hrozek - 1.10.0-2.alpha1 +- Add a patch to fix krb5 ccache creation issue with krb5 1.11 + +* Tue Apr 2 2013 Jakub Hrozek - 1.10.0-1.alpha1 +- New upstream release 1.10 alpha1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1 + +* Fri Mar 29 2013 Jakub Hrozek - 1.9.5-10 +- Add a patch to fix krb5 unit tests + +* Fri Mar 01 2013 Stephen Gallagher - 1.9.4-9 +- Split internal helper libraries into a shared object +- Significantly reduce disk-space usage + +* Thu Feb 14 2013 Jakub Hrozek - 1.9.4-8 +- Fix the Kerberos password expiration warning (#912223) + +* Thu Feb 14 2013 Jakub Hrozek - 1.9.4-7 +- Do not write out dots in the domain-realm mapping file (#905650) + +* Mon Feb 11 2013 Jakub Hrozek - 1.9.4-6 +- Include upstream patch to build with krb5-1.11 + +* Thu Feb 07 2013 Jakub Hrozek - 1.9.4-5 +- Rebuild against new libldb + +* Mon Feb 04 2013 Jakub Hrozek - 1.9.4-4 +- Fix build with new automake versions + +* Wed Jan 30 2013 Jakub Hrozek - 1.9.4-3 +- Recreate Kerberos ccache directory if it's missing +- Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache + directory /run/user/UID/ccdir does not exist + +* Tue Jan 29 2013 Jakub Hrozek - 1.9.4-2 +- Fix changelog dates to make F19 rpmbuild happy + +* Mon Jan 28 2013 Jakub Hrozek - 1.9.4-1 +- New upstream release 1.9.4 + +* Thu Dec 06 2012 Jakub Hrozek - 1.9.3-1 +- New upstream release 1.9.3 + +* Tue Oct 30 2012 Jakub Hrozek - 1.9.2-5 +- Resolve groups from AD correctly + +* Tue Oct 30 2012 Jakub Hrozek - 1.9.2-4 +- Check the validity of naming context + +* Thu Oct 18 2012 Jakub Hrozek - 1.9.2-3 +- Move the sss_cache tool to the main package + +* Sun Oct 14 2012 Jakub Hrozek - 1.9.2-2 +- Include the 1.9.2 tarball + +* Sun Oct 14 2012 Jakub Hrozek - 1.9.2-1 +- New upstream release 1.9.2 + +* Sun Oct 07 2012 Jakub Hrozek - 1.9.1-1 +- New upstream release 1.9.1 + +* Wed Oct 03 2012 Jakub Hrozek - 1.9.0-24 +- require the latest libldb + +* Tue Sep 25 2012 Jakub Hrozek - 1.9.0-24 +- Use mcpath insted of mcachepath macro to be consistent with + upsteam spec file + +* Tue Sep 25 2012 Jakub Hrozek - 1.9.0-23 +- New upstream release 1.9.0 + +* Fri Sep 14 2012 Jakub Hrozek - 1.9.0-22.rc1 +- New upstream release 1.9.0 rc1 + +* Thu Sep 06 2012 Jakub Hrozek - 1.9.0-21.beta7 +- New upstream release 1.9.0 beta7 +- obsoletes patches #1-#3 + +* Mon Sep 03 2012 Jakub Hrozek - 1.9.0-20.beta6 +- Rebuild against libldb 1.12 + +* Tue Aug 28 2012 Jakub Hrozek - 1.9.0-19.beta6 +- Rebuild against libldb 1.11 + +* Fri Aug 24 2012 Jakub Hrozek - 1.9.0-18.beta6 +- Change the default ccache location to DIR:/run/user/${UID}/krb5cc + and patch man page accordingly +- Resolves: rhbz#851304 + +* Mon Aug 20 2012 Jakub Hrozek - 1.9.0-17.beta6 +- Rebuild against libldb 1.10 + +* Fri Aug 17 2012 Jakub Hrozek - 1.9.0-16.beta6 +- Only create the SELinux login file if there are SELinux mappings on + the IPA server + +* Fri Aug 10 2012 Jakub Hrozek - 1.9.0-14.beta6 +- Don't discard HBAC rule processing result if SELinux is on + Resolves: rhbz#846792 (CVE-2012-3462) + +* Thu Aug 02 2012 Jakub Hrozek - 1.9.0-13.beta6 +- New upstream release 1.9.0 beta 6 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 +- A new option, override_shell was added. If this option is set, all users + managed by SSSD will have their shell set to its value. +- Fixes for the support for setting default SELinux user context from FreeIPA. +- Fixed a regression introduced in beta 5 that broke LDAP SASL binds +- The SSSD supports the concept of a Primary Server and a Back Up Server in + failover +- A new command-line tool sss_seed is available to help prime the cache with + a user record when deploying a new machine +- SSSD is now able to discover and save the domain-realm mappings + between an IPA server and a trusted Active Directory server. +- Packaging changes to fix ldconfig usage in subpackages (#843995) +- Rebuild against libldb 1.1.9 + +* Fri Jul 27 2012 Fedora Release Engineering - 1.9.0-13.beta5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jul 19 2012 Jakub Hrozek - 1.9.0-12.beta5 +- New upstream release 1.9.0 beta 5 +- Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 +- Many fixes for the support for setting default SELinux user context from + FreeIPA, most notably fixed the specificity evaluation +- Fixed an incorrect default in the krb5_canonicalize option of the AD + provider which was preventing password change operation +- The shadowLastChange attribute value is now correctly updated with the + number of days since the Epoch, not seconds + +* Mon Jul 16 2012 Stephen Gallagher - 1.9.0-11.beta4 +- Fix broken ARM build +- Add missing DP_OPTION_TERMINATOR in AD provider options + +* Wed Jul 11 2012 Jakub Hrozek - 1.9.0-10.beta4 +- Own several directories create during make install (#839782) + +* Wed Jul 11 2012 Jakub Hrozek - 1.9.0-9.beta4 +- New upstream release 1.9.0 beta 4 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 +- Add a new AD provider to improve integration with Active Directory 2008 R2 + or later servers +- SUDO integration was completely rewritten. The new implementation works + with multiple domains and uses an improved refresh mechanism to download + only the necessary rules +- The IPA authentication provider now supports subdomains +- Fixed regression for setups that were setting default_tkt_enctypes + manually by reverting a previous workaround. + +* Mon Jun 25 2012 Stephen Gallagher - 1.9.0-8.beta3 +- New upstream release 1.9.0 beta 3 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 +- Add a new PAC responder for dealing with cross-realm Kerberos trusts +- Terminate idle connections to the NSS and PAM responders + +* Wed Jun 20 2012 Stephen Gallagher - 1.9.0-7.beta2 +- Switch unicode library from libunistring to Glib +- Drop unnecessary explicit Requires on keyutils +- Guarantee that versioned Requires include the correct architecture + +* Mon Jun 18 2012 Stephen Gallagher - 1.9.0-6.beta2 +- Fix accidental disabling of the DIR cache support + +* Fri Jun 15 2012 Stephen Gallagher - 1.9.0-5.beta2 +- New upstream release 1.9.0 beta 2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 +- Add support for the Kerberos DIR cache for storing multiple TGTs + automatically +- Major performance enhancement when storing large groups in the cache +- Major performance enhancement when performing initgroups() against Active + Directory +- SSSDConfig data file default locations can now be set during configure for + easier packaging + +* Tue May 29 2012 Stephen Gallagher - 1.9.0-4.beta1 +- Fix regression in endianness patch + +* Tue May 29 2012 Stephen Gallagher - 1.9.0-3.beta1 +- Rebuild SSSD against ding-libs 0.3.0beta1 +- Fix endianness bug in service map protocol + +* Thu May 24 2012 Stephen Gallagher - 1.9.0-2.beta1 +- Fix several regressions since 1.5.x +- Ensure that the RPM creates the /var/lib/sss/mc directory +- Add support for Netscape password warning expiration control +- Rebuild against libldb 1.1.6 + +* Fri May 11 2012 Stephen Gallagher - 1.9.0-1.beta1 +- New upstream release 1.9.0 beta 1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 +- Add native support for autofs to the IPA provider +- Support for ID-mapping when connecting to Active Directory +- Support for handling very large (> 1500 users) groups in Active Directory +- Support for sub-domains (will be used for dealing with trust relationships) +- Add a new fast in-memory cache to speed up lookups of cached data on + repeated requests + +* Thu May 03 2012 Stephen Gallagher - 1.8.3-11 +- New upstream release 1.8.3 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 +- Numerous manpage and translation updates +- LDAP: Handle situations where the RootDSE isn't available anonymously +- LDAP: Fix regression for users using non-standard LDAP attributes for user + information + +* Mon Apr 09 2012 Stephen Gallagher - 1.8.2-10 +- New upstream release 1.8.2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 +- Several fixes to case-insensitive domain functions +- Fix for GSSAPI binds when the keytab contains unrelated principals +- Fixed several segfaults +- Workarounds added for LDAP servers with unreadable RootDSE +- SSH knownhostproxy will no longer enter an infinite loop preventing login +- The provided SYSV init script now starts SSSD earlier at startup and stops + it later during shutdown +- Assorted minor fixes for issues discovered by static analysis tools + +* Mon Mar 26 2012 Stephen Gallagher - 1.8.1-9 +- Don't duplicate libsss_autofs.so in two packages +- Set explicit package contents instead of globbing + +* Wed Mar 21 2012 Stephen Gallagher - 1.8.1-8 +- Fix uninitialized value bug causing crashes throughout the code +- Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup + +* Mon Mar 12 2012 Stephen Gallagher - 1.8.1-7 +- New upstream release 1.8.1 +- Resolve issue where we could enter an infinite loop trying to connect to an + auth server +- Fix serious issue with complex (3+ levels) nested groups +- Fix netgroup support for case-insensitivity and aliases +- Fix serious issue with lookup bundling resulting in requests never + completing +- IPA provider will now check the value of nsAccountLock during pam_acct_mgmt + in addition to pam_authenticate +- Fix several regressions in the proxy provider +- Resolves: rhbz#743133 - Performance regression with Kerberos authentication + against AD +- Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work + +* Tue Feb 28 2012 Stephen Gallagher - 1.8.0-6 +- New upstream release 1.8.0 +- Support for the service map in NSS +- Support for setting default SELinux user context from FreeIPA +- Support for retrieving SSH user and host keys from LDAP (Experimental) +- Support for caching autofs LDAP requests (Experimental) +- Support for caching SUDO rules (Experimental) +- Include the IPA AutoFS provider +- Fixed several memory-corruption bugs +- Fixed a regression in group enumeration since 1.7.0 +- Fixed a regression in the proxy provider +- Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD +- Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is + logged at each login +- Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process + /usr/sbin/sssd was killed by signal 11 (SIGSEGV) +- Resolves: rhbz#743133 - Performance regression with Kerberos authentication + against AD +- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for + new LDAP features +- Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc + +* Wed Feb 22 2012 Stephen Gallagher - 1.8.0-5.beta3 +- Change default kerberos credential cache location to /run/user/ + +* Wed Feb 15 2012 Stephen Gallagher - 1.8.0-4.beta3 +- New upstream release 1.8.0 beta 3 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 +- Fixed a regression in group enumeration since 1.7.0 +- Fixed several memory-corruption bugs +- Finalized the ABI for the autofs support +- Fixed a regression in the proxy provider + +* Fri Feb 10 2012 Petr Pisar - 1.8.0-3.beta2 +- Rebuild against PCRE 8.30 + +* Mon Feb 06 2012 Stephen Gallagher - 1.8.0-1.beta2 +- New upstream release +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 +- Fix two minor manpage bugs +- Include the IPA AutoFS provider + +* Mon Feb 06 2012 Stephen Gallagher - 1.8.0-1.beta1 +- New upstream release +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 +- Support for the service map in NSS +- Support for setting default SELinux user context from FreeIPA +- Support for retrieving SSH user and host keys from LDAP (Experimental) +- Support for caching autofs LDAP requests (Experimental) +- Support for caching SUDO rules (Experimental) + +* Wed Feb 01 2012 Stephen Gallagher - 1.7.0-5 +- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for + new LDAP features - fix netgroups and sudo as well + +* Wed Feb 01 2012 Stephen Gallagher - 1.7.0-4 +- Fixes a serious memory hierarchy bug causing unpredictable behavior in the + LDAP provider. + +* Wed Feb 01 2012 Stephen Gallagher - 1.7.0-3 +- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for + new LDAP features + +* Sat Jan 14 2012 Fedora Release Engineering - 1.7.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Dec 22 2011 Stephen Gallagher - 1.7.0-1 +- New upstream release 1.7.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 +- Support for case-insensitive domains +- Support for multiple search bases in the LDAP provider +- Support for the native FreeIPA netgroup implementation +- Reliability improvements to the process monitor +- New DEBUG facility with more consistent log levels +- New tool to change debug log levels without restarting SSSD +- SSSD will now disconnect from LDAP server when idle +- FreeIPA HBAC rules can choose to ignore srchost options for significant + performance gains +- Assorted performance improvements in the LDAP provider + +* Mon Dec 19 2011 Stephen Gallagher - 1.6.4-1 +- New upstream release 1.6.4 +- Rolls up previous patches applied to the 1.6.3 tarball +- Fixes a rare issue causing crashes in the failover logic +- Fixes an issue where SSSD would return the wrong PAM error code for users + that it does not recognize. + +* Wed Dec 07 2011 Stephen Gallagher - 1.6.3-5 +- Rebuild against libldb 1.1.4 + +* Tue Nov 29 2011 Stephen Gallagher - 1.6.3-4 +- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the + username in getpwnam() +- Resolves: rhbz#758425 - LDAP failover not working if server refuses + connections + +* Thu Nov 24 2011 Jakub Hrozek - 1.6.3-3 +- Rebuild for libldb 1.1.3 + +* Thu Nov 10 2011 Stephen Gallagher - 1.6.3-2 +- Resolves: rhbz#752495 - Crash when apply settings + +* Fri Nov 04 2011 Stephen Gallagher - 1.6.3-1 +- New upstream release 1.6.3 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 +- Fixes a major cache performance issue introduced in 1.6.2 +- Fixes a potential infinite-loop with certain LDAP layouts + +* Wed Oct 26 2011 Fedora Release Engineering - 1.6.2-5 +- Rebuilt for glibc bug#747377 + +* Sun Oct 23 2011 Stephen Gallagher - 1.6.2-4 +- Change selinux policy requirement to Conflicts: with the old version, + rather than Requires: the supported version. + +* Fri Oct 21 2011 Stephen Gallagher - 1.6.2-3 +- Add explicit requirement on selinux-policy version to address new SBUS + symlinks. + +* Wed Oct 19 2011 Stephen Gallagher - 1.6.2-2 +- Remove %%files reference to sss_debuglevel copied from wrong upstreeam + spec file. + +* Tue Oct 18 2011 Stephen Gallagher - 1.6.2-1 +- Improved handling of users and groups with multi-valued name attributes + (aliases) +- Performance enhancements + Initgroups on RFC2307bis/FreeIPA + HBAC rule processing +- Improved process-hang detection and restarting +- Enabled the midpoint cache refresh by default (fewer cache misses on + commonly-used entries) +- Cleaned up the example configuration +- New tool to change debug level on the fly + +* Mon Aug 29 2011 Stephen Gallagher - 1.6.1-1 +- New upstream release 1.6.1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 +- Fixes a serious issue with LDAP connections when the communication is + dropped (e.g. VPN disconnection, waking from sleep) +- SSSD is now less strict when dealing with users/groups with multiple names + when a definitive primary name cannot be determined +- The LDAP provider will no longer attempt to canonicalize by default when + using SASL. An option to re-enable this has been provided. +- Fixes for non-standard LDAP attribute names (e.g. those used by Active + Directory) +- Three HBAC regressions have been fixed. +- Fix for an infinite loop in the deref code + +* Wed Aug 03 2011 Stephen Gallagher - 1.6.0-2 +- Build with _hardened_build macro + +* Wed Aug 03 2011 Stephen Gallagher - 1.6.0-1 +- New upstream release 1.6.0 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 +- Add host access control support for LDAP (similar to pam_host_attr) +- Finer-grained control on principals used with Kerberos (such as for FAST or +- validation) +- Added a new tool sss_cache to allow selective expiring of cached entries +- Added support for LDAP DEREF and ASQ controls +- Added access control features for Novell Directory Server +- FreeIPA dynamic DNS update now checks first to see if an update is needed +- Complete rewrite of the HBAC library +- New libraries: libipa_hbac and libipa_hbac-python + +* Tue Jul 05 2011 Stephen Gallagher - 1.5.11-2 +- New upstream release 1.5.11 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 +- Fix a serious regression that prevented SSSD from working with ldaps:// URIs +- IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 +- address being saved to the AAAA record + +* Fri Jul 01 2011 Stephen Gallagher - 1.5.10-1 +- New upstream release 1.5.10 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 +- Fixed a regression introduced in 1.5.9 that could result in blocking calls +- to LDAP + +* Thu Jun 30 2011 Stephen Gallagher - 1.5.9-1 +- New upstream release 1.5.9 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 +- Support for overriding home directory, shell and primary GID locally +- Properly honor TTL values from SRV record lookups +- Support non-POSIX groups in nested group chains (for RFC2307bis LDAP +- servers) +- Properly escape IPv6 addresses in the failover code +- Do not crash if inotify fails (e.g. resource exhaustion) +- Don't add multiple TGT renewal callbacks (too many log messages) + +* Fri May 27 2011 Stephen Gallagher - 1.5.8-1 +- New upstream release 1.5.8 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 +- Support for the LDAP paging control +- Support for multiple DNS servers for name resolution +- Fixes for several group membership bugs +- Fixes for rare crash bugs + +* Mon May 23 2011 Stephen Gallagher - 1.5.7-3 +- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d +- Make sure to properly convert to systemd if upgrading from newer +- updates for Fedora 14 + +* Mon May 02 2011 Stephen Gallagher - 1.5.7-2 +- Fix segfault in TGT renewal + +* Fri Apr 29 2011 Stephen Gallagher - 1.5.7-1 +- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites +- cached password with predicatable filename + +* Wed Apr 20 2011 Stephen Gallagher - 1.5.6.1-1 +- Re-add manpage translations + +* Wed Apr 20 2011 Stephen Gallagher - 1.5.6-1 +- New upstream release 1.5.6 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 +- Fixed a serious memory leak in the memberOf plugin +- Fixed a regression with the negative cache that caused it to be essentially +- nonfunctional +- Fixed an issue where the user's full name would sometimes be removed from +- the cache +- Fixed an issue with password changes in the kerberos provider not working +- with kpasswd + +* Wed Apr 20 2011 Stephen Gallagher - 1.5.5-5 +- Resolves: rhbz#697057 - kpasswd fails when using sssd and +- kadmin server != kdc server +- Upgrades from SysV should now maintain enabled/disabled status + +* Mon Apr 18 2011 Stephen Gallagher - 1.5.5-4 +- Fix %%postun + +* Thu Apr 14 2011 Stephen Gallagher - 1.5.5-3 +- Fix systemd conversion. Upgrades from SysV to systemd weren't properly +- enabling the systemd service. +- Fix a serious memory leak in the memberOf plugin +- Fix an issue where the user's full name would sometimes be removed +- from the cache + +* Tue Apr 12 2011 Stephen Gallagher - 1.5.5-2 +- Install systemd unit file instead of sysv init script + +* Tue Apr 12 2011 Stephen Gallagher - 1.5.5-1 +- New upstream release 1.5.5 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 +- Fixes for several crash bugs +- LDAP group lookups will no longer abort if there is a zero-length member +- attribute +- Add automatic fallback to 'cn' if the 'gecos' attribute does not exist + +* Thu Mar 24 2011 Stephen Gallagher - 1.5.4-1 +- New upstream release 1.5.4 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 +- Fixes for Active Directory when not all users and groups have POSIX attributes +- Fixes for handling users and groups that have name aliases (aliases are ignored) +- Fix group memberships after initgroups in the IPA provider + +* Thu Mar 17 2011 Stephen Gallagher - 1.5.3-2 +- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication + +* Fri Mar 11 2011 Stephen Gallagher - 1.5.3-1 +- New upstream release 1.5.3 +- Support for libldb >= 1.0.0 + +* Thu Mar 10 2011 Stephen Gallagher - 1.5.2-1 +- New upstream release 1.5.2 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 +- Fixes for support of FreeIPA v2 +- Fixes for failover if DNS entries change +- Improved sss_obfuscate tool with better interactive mode +- Fix several crash bugs +- Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this +- Delete users from the local cache if initgroups calls return 'no such user' +- (previously only worked for getpwnam/getpwuid) +- Use new Transifex.net translations +- Better support for automatic TGT renewal (now survives restart) +- Netgroup fixes + +* Sun Feb 27 2011 Simo Sorce - 1.5.1-9 +- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. +- Related: rhbz#677425 + +* Mon Feb 21 2011 Stephen Gallagher - 1.5.1-8 +- Resolves: rhbz#677768 - name service caches names, so id command shows +- recently deleted users + +* Fri Feb 11 2011 Stephen Gallagher - 1.5.1-7 +- Ensure that SSSD builds against libldb-1.0.0 on F15 and later +- Remove .la for memberOf + +* Fri Feb 11 2011 Stephen Gallagher - 1.5.1-6 +- Fix memberOf install path + +* Fri Feb 11 2011 Stephen Gallagher - 1.5.1-5 +- Add support for libldb 1.0.0 + +* Wed Feb 09 2011 Fedora Release Engineering - 1.5.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Feb 01 2011 Stephen Gallagher - 1.5.1-3 +- Fix nested group member filter sanitization for RFC2307bis +- Put translated tool manpages into the sssd-tools subpackage + +* Thu Jan 27 2011 Stephen Gallagher - 1.5.1-2 +- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during +- rpmbuild + +* Thu Jan 27 2011 Stephen Gallagher - 1.5.1-1 +- New upstream release 1.5.1 +- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins +- Vast performance improvements when enumerate = true +- All PAM actions will now perform a forced initgroups lookup instead of just +- a user information lookup +- This guarantees that all group information is available to other +- providers, such as the simple provider. +- For backwards-compatibility, DNS lookups will also fall back to trying the +- SSSD domain name as a DNS discovery domain. +- Support for more password expiration policies in LDAP +- 389 Directory Server +- FreeIPA +- ActiveDirectory +- Support for ldap_tls_{cert,key,cipher_suite} config options +-Assorted bugfixes + +* Tue Jan 11 2011 Stephen Gallagher - 1.5.0-2 +- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins + +* Wed Dec 22 2010 Stephen Gallagher - 1.5.0-1 +- New upstream release 1.5.0 +- Fixed issues with LDAP search filters that needed to be escaped +- Add Kerberos FAST support on platforms that support it +- Reduced verbosity of PAM_TEXT_INFO messages for cached credentials +- Added a Kerberos access provider to honor .k5login +- Addressed several thread-safety issues in the sss_client code +- Improved support for delayed online Kerberos auth +- Significantly reduced time between connecting to the network/VPN and +- acquiring a TGT +- Added feature for automatic Kerberos ticket renewal +- Provides the kerberos ticket for long-lived processes or cron jobs +- even when the user logs out +- Added several new features to the LDAP access provider +- Support for 'shadow' access control +- Support for authorizedService access control +- Ability to mix-and-match LDAP access control features +- Added an option for a separate password-change LDAP server for those +- platforms where LDAP referrals are not supported +- Added support for manpage translations + + +* Thu Nov 18 2010 Stephen Gallagher - 1.4.1-3 +- Solve a shutdown race-condition that sometimes left processes running +- Resolves: rhbz#606887 - SSSD stops on upgrade + +* Tue Nov 16 2010 Stephen Gallagher - 1.4.1-2 +- Log startup errors to the syslog +- Allow cache cleanup to be disabled in sssd.conf + +* Mon Nov 01 2010 Stephen Gallagher - 1.4.1-1 +- New upstream release 1.4.1 +- Add support for netgroups to the proxy provider +- Fixes a minor bug with UIDs/GIDs >= 2^31 +- Fixes a segfault in the kerberos provider +- Fixes a segfault in the NSS responder if a data provider crashes +- Correctly use sdap_netgroup_search_base + +* Mon Oct 18 2010 Stephen Gallagher - 1.4.0-2 +- Fix incorrect tarball URL + +* Mon Oct 18 2010 Stephen Gallagher - 1.4.0-1 +- New upstream release 1.4.0 +- Added support for netgroups to the LDAP provider +- Performance improvements made to group processing of RFC2307 LDAP servers +- Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin +- Build-system improvements to support Gentoo +- Split out several libraries into the ding-libs tarball +- Manpage reviewed and updated + +* Mon Oct 04 2010 Stephen Gallagher - 1.3.0-35 +- Fix pre and post script requirements + +* Mon Oct 04 2010 Stephen Gallagher - 1.3.0-34 +- Resolves: rhbz#606887 - sssd stops on upgrade + +* Fri Oct 01 2010 Stephen Gallagher - 1.3.0-33 +- Resolves: rhbz#626205 - Unable to unlock screen + +* Tue Sep 28 2010 Stephen Gallagher - 1.3.0-32 +- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but +- doesn't require it + +* Thu Sep 16 2010 Stephen Gallagher - 1.3.0-31 +- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib + +* Tue Aug 24 2010 Stephen Gallagher - 1.3.0-30 +- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate +- against LDAP + +* Thu Jul 22 2010 David Malcolm - 1.2.91-21 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Fri Jul 09 2010 Stephen Gallagher - 1.2.91-20 +- New upstream version 1.2.91 (1.3.0rc1) +- Improved LDAP failover +- Synchronous sysdb API (provides performance enhancements) +- Better online reconnection detection + +* Mon Jun 21 2010 Stephen Gallagher - 1.2.1-15 +- New stable upstream version 1.2.1 +- Resolves: rhbz#595529 - spec file should eschew %%define in favor of +- %%global +- Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service +- to fail while restart. +- Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel +- keyring +- Resolves: rhbz#599724 - sssd is broken on Rawhide + +* Mon May 24 2010 Stephen Gallagher - 1.2.0-12 +- New stable upstream version 1.2.0 +- Support ServiceGroups for FreeIPA v2 HBAC rules +- Fix long-standing issue with auth_provider = proxy +- Better logging for TLS issues in LDAP + +* Tue May 18 2010 Stephen Gallagher - 1.1.92-11 +- New LDAP access provider allows for filtering user access by LDAP attribute +- Reduced default timeout for detecting offline status with LDAP +- GSSAPI ticket lifetime made configurable +- Better offline->online transition support in Kerberos + +* Fri May 07 2010 Stephen Gallagher - 1.1.91-10 +- Release new upstream version 1.1.91 +- Enhancements when using SSSD with FreeIPA v2 +- Support for deferred kinit +- Support for DNS SRV records for failover + +* Fri Apr 02 2010 Simo Sorce - 1.1.1-3 +- Bump up release number to avoid library sub-packages version issues with + previous releases. + +* Thu Apr 01 2010 Stephen Gallagher - 1.1.1-1 +- New upstream release 1.1.1 +- Fixed the IPA provider (which was segfaulting at start) +- Fixed a bug in the SSSDConfig API causing some options to revert to +- their defaults +- This impacted the Authconfig UI +- Ensure that SASL binds to LDAP auto-retry when interrupted by a signal + +* Tue Mar 23 2010 Stephen Gallagher - 1.1.0-2 +- Release SSSD 1.1.0 final +- Fix two potential segfaults +- Fix memory leak in monitor +- Better error message for unusable confdb + +* Wed Mar 17 2010 Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19 +- Release candidate for SSSD 1.1 +- Add simple access provider +- Create subpackages for libcollection, libini_config, libdhash and librefarray +- Support IPv6 +- Support LDAP referrals +- Fix cache issues +- Better feedback from PAM when offline + +* Wed Feb 24 2010 Stephen Gallagehr - 1.0.5-2 +- Rebuild against new libtevent + +* Fri Feb 19 2010 Stephen Gallagher - 1.0.5-1 +- Fix licenses in sources and on RPMs + +* Mon Jan 25 2010 Stephen Gallagher - 1.0.4-1 +- Fix regression on 64-bit platforms + +* Fri Jan 22 2010 Stephen Gallagher - 1.0.3-1 +- Fixes link error on platforms that do not do implicit linking +- Fixes double-free segfault in PAM +- Fixes double-free error in async resolver +- Fixes support for TCP-based DNS lookups in async resolver +- Fixes memory alignment issues on ARM processors +- Manpage fixes + +* Thu Jan 14 2010 Stephen Gallagher - 1.0.2-1 +- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online +- Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests +- Several segfault bugfixes + +* Mon Jan 11 2010 Stephen Gallagher - 1.0.1-1 +- Fix CVE-2010-0014 + +* Mon Dec 21 2009 Stephen Gallagher - 1.0.0-2 +- Patch SSSDConfig API to address +- https://bugzilla.redhat.com/show_bug.cgi?id=549482 + +* Fri Dec 18 2009 Stephen Gallagher - 1.0.0-1 +- New upstream stable release 1.0.0 + +* Fri Dec 11 2009 Stephen Gallagher - 0.99.1-1 +- New upstream bugfix release 0.99.1 + +* Mon Nov 30 2009 Stephen Gallagher - 0.99.0-1 +- New upstream release 0.99.0 + +* Tue Oct 27 2009 Stephen Gallagher - 0.7.1-1 +- Fix segfault in sssd_pam when cache_credentials was enabled +- Update the sample configuration +- Fix upgrade issues caused by data provider service removal + +* Mon Oct 26 2009 Stephen Gallagher - 0.7.0-2 +- Fix upgrade issues from old (pre-0.5.0) releases of SSSD + +* Fri Oct 23 2009 Stephen Gallagher - 0.7.0-1 +- New upstream release 0.7.0 + +* Thu Oct 15 2009 Stephen Gallagher - 0.6.1-2 +- Fix missing file permissions for sssd-clients + +* Tue Oct 13 2009 Stephen Gallagher - 0.6.1-1 +- Add SSSDConfig API +- Update polish translation for 0.6.0 +- Fix long timeout on ldap operation +- Make dp requests more robust + +* Tue Sep 29 2009 Stephen Gallagher - 0.6.0-1 +- Ensure that the configuration upgrade script always writes the config + file with 0600 permissions +- Eliminate an infinite loop in group enumerations + +* Mon Sep 28 2009 Sumit Bose - 0.6.0-0 +- New upstream release 0.6.0 + +* Mon Aug 24 2009 Simo Sorce - 0.5.0-0 +- New upstream release 0.5.0 + +* Wed Jul 29 2009 Jakub Hrozek - 0.4.1-4 +- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in + without a password. (Patch by Stephen Gallagher) + +* Sun Jul 26 2009 Fedora Release Engineering - 0.4.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Jun 22 2009 Simo Sorce - 0.4.1-2 +- Fix a couple of segfaults that may happen on reload + +* Thu Jun 11 2009 Simo Sorce - 0.4.1-1 +- add missing configure check that broke stopping the daemon +- also fix default config to add a missing required option + +* Mon Jun 8 2009 Simo Sorce - 0.4.1-0 +- latest upstream release. +- also add a patch that fixes debugging output (potential segfault) + +* Mon Apr 20 2009 Simo Sorce - 0.3.2-2 +- release out of the official 0.3.2 tarball + +* Mon Apr 20 2009 Jakub Hrozek - 0.3.2-1 +- bugfix release 0.3.2 +- includes previous release patches +- change permissions of the /etc/sssd/sssd.conf to 0600 + +* Tue Apr 14 2009 Simo Sorce - 0.3.1-2 +- Add last minute bug fixes, found in testing the package + +* Mon Apr 13 2009 Simo Sorce - 0.3.1-1 +- Version 0.3.1 +- includes previous release patches + +* Mon Apr 13 2009 Simo Sorce - 0.3.0-2 +- Try to fix build adding automake as an explicit BuildRequire +- Add also a couple of last minute patches from upstream + +* Mon Apr 13 2009 Simo Sorce - 0.3.0-1 +- Version 0.3.0 +- Provides file based configuration and lots of improvements + +* Tue Mar 10 2009 Simo Sorce - 0.2.1-1 +- Version 0.2.1 + +* Tue Mar 10 2009 Simo Sorce - 0.2.0-1 +- Version 0.2.0 + +* Sun Mar 08 2009 Jakub Hrozek - 0.1.0-5.20090309git691c9b3 +- package git snapshot + +* Fri Mar 06 2009 Jakub Hrozek - 0.1.0-4 +- fixed items found during review +- added initscript + +* Thu Mar 05 2009 Sumit Bose - 0.1.0-3 +- added sss_client + +* Mon Feb 23 2009 Jakub Hrozek - 0.1.0-2 +- Small cleanup and fixes in the spec file + +* Thu Feb 12 2009 Stephen Gallagher - 0.1.0-1 +- Initial release (based on version 0.1.0 upstream code)