Commit Graph

34 Commits

Author SHA1 Message Date
Alexey Tikhonov
24837d953f Related: rhbz#1978119 - [Improvement] avoid interlocking among threads that use libsss_nss_idmap API (or other sss_client libs) 2022-08-26 18:36:13 +02:00
Alexey Tikhonov
d544103a96 Resolves: rhbz#2116389 - rpc.gssd crash when access a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-2.el9
Resolves: rhbz#2119373 - sssctl analyze --logdir option requires sssd to be configured
Resolves: rhbz#2120657 - Incorrect request ID tracking from responder to backend
2022-08-23 18:25:46 +02:00
Alexey Tikhonov
0bcf677ee4 Resolves: rhbz#2106660 - [regression] sssd goes offline with forced ldaps configuration
Resolves: rhbz#2109451 - virsh command will hang after the host run several auto test cases
Resolves: rhbz#2098654 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL
Resolves: rhbz#2106685 - [regression] sssctl analyze fails to parse PAM related sssd logs
2022-08-08 15:19:57 +02:00
Alexey Tikhonov
1b653c21ec Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1
Resolves: rhbz#1936551 - [Improvement] Provide user feedback when login fails due to blocked PIN
Resolves: rhbz#1978119 - [Improvement] avoid interlocking among threads that use `libsss_nss_idmap` API (or other sss_client libs)
Resolves: rhbz#2062665 - [sssd] RHEL 9.1 Tier 0 Localization
2022-07-05 11:07:29 +02:00
Alexey Tikhonov
4a2d3451f2 Resolves: rhbz#2073095 - Harden kerberos ticket validation (additional patch)
Resolves: rhbz#2061795 - Unable to lookup AD user if the AD group contains '@' symbol (additional patch)
2022-06-13 12:45:54 +02:00
Alexey Tikhonov
61baec62c2 Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1
Resolves: rhbz#1893192 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets
Resolves: rhbz#1927553 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file
Resolves: rhbz#2089216 - pam_sss_gss ceased to work after upgrade to 8.6
Resolves: rhbz#2090776 - Add idp authentication indicator in man page of sssd.conf
Resolves: rhbz#1927195 - sssd runs out of proxy child slots and doesn't clear the counter for Active requests
Resolves: rhbz#2073095 - Harden kerberos ticket validation
Resolves: rhbz#2082455 - 'getent hosts' not return hosts if they have more than one CN in LDAP
Resolves: rhbz#2087581 - Regression "Missing internal domain data." when setting ad_domain to incorrect
2022-06-04 12:28:43 +02:00
Alexey Tikhonov
ea39f4d1e1 Resolves: rhbz#2065693 - [RHEL9] Ship new sub-package called sssd-idp into sssd 2022-05-11 18:01:11 +02:00
Alexey Tikhonov
f90ae3e47e Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1
Test settings changes are required for gating.
2022-05-10 09:02:45 +02:00
Alexey Tikhonov
c745d2f717 Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1
Resolves: rhbz#2072640 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop
Resolves: rhbz#2070189 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file.
Resolves: rhbz#2070138 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options)
Resolves: rhbz#2065693 - [RHEL9] Ship new sub-package called sssd-idp into sssd
Resolves: rhbz#2065098 - Use right sdap_domain in ad_domain_info_send
Resolves: rhbz#2062716 - [Improvement] Add user and group version of sss_nss_getorigbyname()
Resolves: rhbz#2061795 - Unable to lookup AD user if the AD group contains '@' symbol
Resolves: rhbz#2056482 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2
Resolves: rhbz#1937895 - SSSD update prompts for smartcard pin twice - After update to 7.9
Resolves: rhbz#1925559 - [RFE] Implement time logging for the LDAP queries and warning of high queries time
Resolves: rhbz#1915564 - sssd does not enforce smartcard auth for kde screen locker
Resolves: rhbz#1859751 - [RFE] Allow SSSD to use anonymous pkinit for FAST
Resolves: rhbz#1749279 - 2FA prompting setting ineffective
Resolves: rhbz#1661055 - sssd fails GPO-based access if AD have setup with Japanese language
Resolves: rhbz#1245367 - [RFE] Implement memory cache for SID requests to improve performance
2022-05-09 13:02:32 +02:00
Alexey Tikhonov
4cdadec076 Resolves: rhbz#2035244 - AD Domain in the AD Forest Missing after sssd latest update
Resolves: rhbz#2041560 - sssd does not use kerberos port that is set.
2022-01-17 20:04:23 +01:00
Alexey Tikhonov
6a5a87a373 Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA
Resolves: rhbz#2017390 - [sssd] RHEL 9.0 GA Tier 0 Localization
Resolves: rhbz#2013263 - [RHEL9] Add ability to parse child log files
Resolves: rhbz#2013262 - [RHEL9] Add tevent chain ID logic into responders
Resolves: rhbz#1992432 - Add client certificate validation D-Bus API
Resolves: rhbz#1940517 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs
2022-01-05 18:12:21 +01:00
Alexey Tikhonov
5309d21cac Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA
Resolves: rhbz#1966201 - sssd: incorrect checks on length values during packet decoding in unpack_authtok()
Resolves: rhbz#977803 - incorrect checks of `strto*()` string to number convertion functions
Resolves: rhbz#1992432 - Add client certificate validation D-Bus API
Resolves: rhbz#1992973 - Lookup with fully-qualified name does not work with 'cache_first = True'
Resolves: rhbz#1996151 - Add support for CKM_RSA_PKCS in smart card authentication.
Resolves: rhbz#1998459 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest)
Resolves: rhbz#2000476 - disabled root ad domain causes subdomains to be marked offline
Resolves: rhbz#2014249 - Consistency in defaults between OpenSSH and SSSD
Resolves: rhbz#2029419 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected
2021-12-06 21:00:02 +01:00
Alexey Tikhonov
4fc9503558 Resolves: rhbz#1909755 - Suppress log message "[sssd] [service_signal_done] (0x0010): Unable to signal service [2]: No such file or directory" during logrote
Resolves: rhbz#1962123 - [sssd] RHEL 9.0 Beta Tier 0 Localization
2021-08-16 19:55:25 +02:00
Alexey Tikhonov
f017fabf25 Resolves: rhbz#1973411 - CVE-2021-3621 sssd: shell command injection in sssctl [rhel-9] 2021-08-16 17:38:42 +02:00
Mohan Boddu
7ac0b3ada9 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-10 00:58:10 +00:00
Alexey Tikhonov
76fe5d637c Resolves: rhbz#1803943 - [RFE] support subid ranges managed by FreeIPA 2021-08-02 15:41:48 +00:00
Steeve Goveas
7b6882ef34 Add epel 8 repo link for sshpass
Resolves: rhbz#1954686
epel 9 is not availabe yet. epel 8 was removed from the rhel9 compose,
so added task in playbook to add epel 8 repo.
Pacakge python3-virtualenv is removed from rhel9. Removed it from list
of packages to install
2021-07-30 17:49:02 +05:30
Alexey Tikhonov
adc6d02a6b Resolves: rhbz#1952922 - Rebase SSSD for RHEL 9-Beta
Resolves: rhbz#1975691 - covscan NULL pointer dereference cache_req_data_create()
2021-07-16 14:42:44 +02:00
Steeve Goveas
341c8ac4b6 Add script to prepare results.yml
Resolves: rhbz#1954686
This update is to conform to STI standards
2021-06-17 18:17:21 +05:30
Mohan Boddu
44e720a583 Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-06-16 03:39:14 +00:00
Alexey Tikhonov
832b09ac19 Resolves: rhbz#1952922 - Rebase SSSD for RHEL 9-Beta 2021-06-14 20:57:15 +02:00
Alexey Tikhonov
7f0c855c8f Resolves: rhbz#1952922 - Rebase SSSD for RHEL 9-Beta
Resolves: rhbz#1938876 - review of important potential issues detected by static analyzers in sssd-2.4.1-1.el9
Resolves: rhbz#1942277 - Wrong default debug level of sssd tools
2021-06-14 20:37:12 +02:00
Steeve Goveas
8420c052fa Use openssh transport 2021-06-09 21:43:19 +05:30
Steeve Goveas
a5f1b2a632 Add gating.yaml to enable gating for sssd
Resolves: rhbz#1954686
Recipient is set to sssd-team to include dev and qe
Add tier0 tests to execute for gating
bump release from 4 to 5
2021-06-01 19:58:59 +05:30
Mohan Boddu
b14fdeab20 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 05:44:37 +00:00
DistroBaker
dde63ae419 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/sssd.git#04d2a458e321f58aade008d44706bfdb38a22e80
2021-04-04 23:36:16 +00:00
DistroBaker
bff26bbb59 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/sssd.git#614d42d9f58eb2f3e71cf68381f40e6a9ff185f8
2021-02-19 18:11:37 +00:00
DistroBaker
1155a5a59b Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/sssd.git#3fb1cb9aa3f275dec5da1680aa7599efaef6be1b
2021-02-19 16:41:53 +00:00
DistroBaker
e9cffb7aa5 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/sssd.git#9e5dd4b66572aeb348f3cc854ce7fca9f7afd97b
2021-02-05 19:50:48 +00:00
DistroBaker
6601f5da29 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/sssd.git#968f95e90a4d63bd05e611cefa05e574507024fa
2020-12-15 17:48:41 +00:00
DistroBaker
29ea2f4631 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/sssd.git#e67274864c953d5a056d42439f843affbc147b30
2020-11-30 13:23:50 +00:00
DistroBaker
e04d970cf5 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/sssd.git#709264858fe958cfd06f90c976ad438a1852a651
2020-11-05 13:46:31 +00:00
Troy Dawson
72ec3e3585 RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/sssd#65e3d07e6456a10b607f4b72e040e8fab1d09fbd
2020-10-15 09:59:23 -07:00
Release Configuration Management
81cf0d00c7 New branch setup 2020-10-09 04:50:20 +00:00