Commit Graph

582 Commits

Author SHA1 Message Date
Michal Židek
44805f5ff8 Resolves: upstream#4118 sssd requires timed sudoers ldap entries to be specified up to the seconds 2020-02-27 04:34:24 +01:00
Michal Židek
8b47371b41 Add sssd-dbus package as a dependency of sssd-tools 2020-02-27 04:34:24 +01:00
Michal Židek
573cac525f Resolves: upstream#4142 - sssd_be frequent crash 2020-02-27 04:34:24 +01:00
Michal Židek
8073b6af50 Resolves: upstream#4131 Force LDAPS over 636 with AD Provider 2020-02-27 04:34:24 +01:00
Michal Židek
9aa10702d4 Resolves: upstream#3630 - Randomize ldap_connection_expire_timeout either by default or w/ a configure option 2020-02-27 04:34:24 +01:00
Michal Židek
d61d68d902 Resolves: upstream#4135 - util/sss_ptr_hash.c: potential double free in sss_ptr_hash_delete_cb() 2020-02-27 04:34:24 +01:00
Michal Židek
9781b52c91 Resolves: upstream#4088 - server/be: SIGTERM handling is incorrect 2020-02-27 04:34:24 +01:00
Michal Židek
6c1563e282 Resolves: upstream##4089 Watchdog implementation or usage is incorrect 2020-02-27 04:34:24 +01:00
Michal Židek
b81369e441 Resolves: upstream#4126 pcscd rejecting sssd ldap_child as unauthorized 2020-02-27 04:34:24 +01:00
Michal Židek
069e6c9dc8 Resolves: upstream#4127 - [Doc]Provide explanation on escape character for match rules sss-certmap 2020-02-27 04:34:24 +01:00
Michal Židek
ec08164de5 Resolves: upstream#4129 - sssctl config-check command does not give proper error messages with line numbers 2020-02-27 04:34:24 +01:00
Michal Židek
54f0db91d3 Update to latest released upstream version 2.2.3 2020-02-27 04:34:24 +01:00
Fedora Release Engineering
8078a58a14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-31 00:16:21 +00:00
Stephen Gallagher
2f22753551
Fix build against samba-4.12.0rc1
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2020-01-24 16:18:38 +01:00
Mohan Boddu
b3516604c1 Rebuild for samba-4.12.0rc1
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
2020-01-24 07:17:14 -05:00
Adam Williamson
4e675b1715 Backport PR #900 to fix RHBZ #1755643 2019-10-22 11:27:01 -07:00
Adam Williamson
460a59ec3d Backport PR #904 to fix RHBZ #1757224 2019-10-22 10:04:39 -07:00
Michal Židek
0aaf839d04 Update to latest released upstream version 2.2.2 2019-09-17 11:23:59 +02:00
Stephen Gallagher
e35ea7dfd4
Rebuilding for libldb 2.0.5
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2019-08-26 17:57:25 -04:00
Miro Hrončok
3e66e97711 Rebuilt for Python 3.8 2019-08-19 11:06:22 +02:00
Fedora Release Engineering
21a512736f - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-27 00:08:51 +00:00
Jakub Hrozek
7f0d43352a Resolves: rhbz#1721636 - sssd-kcm calls sssd-genconf which triggers nscd warning 2019-07-05 16:45:50 +02:00
Jakub Hrozek
d757370f98 Resolves: rhbz#1724717 - sssd-proxy crashes resolving groups with no members 2019-07-05 16:43:40 +02:00
Michal Židek
e1908a5bc4 Fix Python build failures on rawhide.
Thx. to Lukas Slebodnik for fixing this issue.
2019-06-19 10:53:12 +02:00
Michal Židek
76a13b3c78 Update to latest released upstream version 2.2.0 2019-06-17 14:51:15 +02:00
Michal Židek
1d0af0b97b Resolves: upstream#3867 - [RFE] Need an option in SSSD so that it will skip GPOs that have groupPolicyContainers unreadable by SSSD.
- CVE-2018-16838
2019-03-28 00:06:39 +01:00
Michal Židek
27d612fd39 Update to latest released upstream version 2.1.0 2019-03-27 18:22:06 +01:00
Sinny Kumari
80cc892c48 Resolves: rhbz#1667444 - sssd: make python3-sssdconfig as suggest
Signed-off-by: Sinny Kumari <sinny@redhat.com>
2019-02-14 17:29:11 +05:30
Adam Williamson
786d467c78 Backport fix for RHBZ #1676946 (see upstream #3924)
This backports three commits that are identified in upstream
issue #3924 as the fixes for RHBZ #1676946 (failure of sssd to
start in current Rawhide).
2019-02-13 17:55:26 -08:00
Fedora Release Engineering
5c6f906a0e - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-03 08:34:02 +00:00
Igor Gnatenko
fa80197b65 Remove obsolete Group tag
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:24:50 +01:00
Igor Gnatenko
a5b776ca3c
Remove obsolete ldconfig scriptlets
References: https://fedoraproject.org/wiki/Changes/RemoveObsoleteScriptlets
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2019-01-22 18:41:04 +01:00
Adam Williamson
cbdd57fe9d Backport other patches from master to fix build with recent krb5 2018-12-13 00:02:15 -08:00
Adam Williamson
64cb87e84a Resolves: rhbz#1654537 - sbus: use 120 second default timeout 2018-12-12 22:41:39 -08:00
Michal Židek
9732e7fd7b Resolves: rhbz#1629737 - sssd: Remove python2 (sub)packages from Fedora 30+ 2018-11-07 15:18:49 +01:00
Michal Židek
c0971b7e39 Backport a bunch of upstream fixes
- Resolves: upstream#3821 - crash related to sbus_router_destructor()
- Resolves: upstream#3810 - sbus2: fix memory leak in sbus_message_bound_ref
- Resolves: upstream#3819 - sssd only sets the SELinux login context if it
                            differs from the default
- Resolves: upstream#3807 - The sbus codegen script relies on "python" which
                            might not be available on all distributions
- Resolves: upstream#3820 - sudo: search with lower cased name for case
                            insensitive domains
- Resolves: upstream#3701 - [RFE] Allow changing default behavior of SSSD from
                            an allow-any default to a deny-any default when it
                            can't find any GPOs to apply to a user login.
- Resolves: upstream#3828 - Invalid domain provider causes SSSD to abort
                            startup
- Resolves: upstream#3500 - Make sure sssd is a replacement for pam_pkcs11
                            also for local account authentication
- Resolves: upstream#3812 - sssd 2.0.0 segfaults on startup
- Resolves: upstream#3826 - Remove references of sss_user/group/add/del
                            commands in man pages since local provider is
                            deprecated
- Resolves: upstream#3827 - SSSD should log to syslog if a domain is not
                            started due to a misconfiguration
- Resolves: upstream#3830 - Printing incorrect information about domain with
                            sssctl utility
- Resolves: upstream#3489 - p11_child should work wit openssl1.0+
- Resolves: upstream#3750 - [RFE] man 5 sssd-files should mention necessary
                            changes in nsswitch.conf
- Resovles: upstream#3650 - RFE: Require smartcard authentication
- Resolves: upstream#3334 - sssctl config-check does not check any special
                            characters in domain name of domain section
- Resolves: upstream#3849 - Files: The files provider always enumerates
                            which causes duplicate when running getent passwd
- Related: upstream#3855 - session not recording for local user when groups
                           defined
- Resolves: upstream#3802 - Reuse sysdb_error_to_errno() outside sysdb
- Related: upstream#3493 - Remove the pysss.local interface
2018-10-24 14:40:58 +02:00
Michal Židek
129efc7839 Resolves: rhbz#1622760 - Console login as FreeIPA domain user fails in current Fedora Rawhide / 29 2018-08-29 16:58:06 +02:00
Michal Židek
4e478641d1 Fix linking issues 2018-08-29 16:58:06 +02:00
Michal Židek
2ef66b266c New upstream release 2.0.0 2018-08-14 11:43:55 +02:00
Fedora Release Engineering
0a06c01711 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-14 06:42:21 +00:00
Jason Tibbitts
8a13e36b6a Remove needless use of %defattr 2018-07-10 01:27:54 -05:00
Miro Hrončok
633afe1b94 Rebuilt for Python 3.7 2018-07-02 18:24:19 +02:00
Fabiano Fidêncio
68ef824a5f Resolves: upstream#3766 - CVE-2018-10852: information leak from the sssd-sudo responder
And also ...

- Related: upstream#941 - return multiple server addresses to the Kerberos
                          locator plugin
- Related: upstream#3652 - kdcinfo doesn't get populated for other domains
- Resolves: upstream#3747 - sss_ssh_authorizedkeys exits abruptly if SSHD
                            closes its end of the pipe before reading all the
                            SSH keys
- Resolves: upstream#3607 - Handle conflicting e-mail addresses more gracefully
- Resolves: upstream#3754 - SSSD AD uses LDAP filter to detect POSIX attributes
                            stored in AD GC also for regular AD DC queries
- Related: upstream#3219 - [RFE] Regular expression used in sssd.conf not being
                           able to consume an @-sign in the user/group name.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-06-25 09:38:16 +02:00
Fabiano Fidêncio
192e845618 Resolves: rhbz#1591804 - something keeps /lib/libnss_systemd.so.2 open on minimal appliance image, breaking composes
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-06-21 21:38:33 +02:00
Miro Hrončok
d8abd616d9 Rebuilt for Python 3.7 2018-06-19 11:27:58 +02:00
Fabiano Fidêncio
a36f5fea4b New upstream release 1.16.2
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_2.html

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-06-11 13:32:07 +02:00
Fabiano Fidêncio
29d69716ad Related: upstream#3742 - Change of: User may not run sudo --> a password is required
Patch 0017-sudo-ldap-do-not-store-rules-without-sudoHost-attrib.patch
has been commented out as it caused some regressions on IPA tests.

In order to unblock IPA folks, let's revert this patch from Fedora till
we have a proper fix.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-28 10:01:23 +02:00
Fabiano Fidêncio
4979898a6e Revert "Add: "ExcludeArch: armv7hl""
This reverts commit bc3790f5a0.
2018-05-17 17:53:56 +02:00
Fabiano Fidêncio
bc3790f5a0 Add: "ExcludeArch: armv7hl"
For some reason still unclear we're *not* able to build SSSD on koji's
buildroot for armv7hl. Some tests have been done and SSSD was built
successfully using real armv7hl hardware, which indicates that we're
facing https://bugzilla.redhat.com/show_bug.cgi?id=1576593

As soon as the bug is resolved, this patch could be safely reverted.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-16 21:54:59 +02:00
Fabiano Fidêncio
0a2c83fbd0 Related: upstream#3436 - Certificates used in unit tests have limited lifetime
Fix a non harmful warning shown by recent versions of OpenSSL.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-05-16 21:53:46 +02:00