Commit Graph

459 Commits

Author SHA1 Message Date
Fabiano Fidêncio
ab53ba849a IPA: Qualify the externalUser sudo attribute
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
ef1d48a0c2 Tone down shutdown messages for socket activated responders
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
fcff118bbf Resolves: upstream#3558 - sudo: report error when two rules share cn
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
f3d06df50d Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:10 +02:00
Fabiano Fidêncio
32f2c81e59 A few KCM misc fixes
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-30 14:47:05 +02:00
Fabiano Fidêncio
99da72db23 Resolves: upstream#3666 - Fix usage of str.decode() in our test
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-30 14:45:42 +02:00
Fabiano Fidêncio
1c7376afc5 Resolves: upstream#3386 - KCM: Payload buffer is too small
Related to: rhbz#1494843 - KCM Does not work

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-30 14:43:19 +02:00
Fabiano Fidêncio
73735e9522 Resolves: usptream#3687 - KCM: Don't pass a non null terminated string to json_loads()
Related to: rhbz#1494843 - KCM Does not work

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-30 14:38:32 +02:00
Fabiano Fidêncio
563dd33f72 Resolves: upstream#3658 - Application domain is not interpreted correctly
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-30 14:35:59 +02:00
Fabiano Fidêncio
2c812f3cba Resolves: upstream#3660 - confdb_expand_app_domains() always fails
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-30 14:33:25 +02:00
Fabiano Fidêncio
40fe76feb8 Resolves: upstream#3573 - sssd won't show netgroups with blank domai
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-30 14:30:01 +02:00
Fabiano Fidêncio
62a3258629 New upstream release 1.16.1
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-03-09 15:42:19 +01:00
Lukas Slebodnik
5eba7a8f1f Resolves: upstream#3621 - backport bug found by static analyzers 2018-02-20 15:12:59 +01:00
Fabiano Fidêncio
4b1fe8a0ab Resolves: upstream#3621: FleetCommander integration must not require capability DAC_OVERRIDE
Together with the patches backported from upstream, we're changing
the deskprofilepath permissions from 755 to 751, reflecting the
upstream spec file changes.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-02-14 23:03:25 +01:00
Fabiano Fidêncio
199a72e62a Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-02-14 22:15:04 +01:00
Igor Gnatenko
11c6ee78b8 Remove BuildRoot definition
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 00:40:17 +01:00
Lukas Slebodnik
18ae44bc79 Resolves: upstream#3618 - selinux_child segfaults in a docker container 2018-02-07 22:04:27 +01:00
Lukas Slebodnik
f55e235d75 Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl 2018-02-06 13:11:55 +01:00
Lukas Slebodnik
e242e8ef93 Fix systemd executions/requirements
systemd was added to BuildRequires because it provides rpm macros
/usr/lib/rpm/macros.d/macros.systemd and it is unreliable to rely
on indirect dependency between systemd-devel and systemd

Related to: https://src.fedoraproject.org/rpms/sssd/pull-request/1
2018-02-06 13:04:26 +01:00
Lukas Slebodnik
6d370601d4 Revert "Workaround for BZ1537183"
This reverts commit 0a5a392684.

nsupdate is fixed on rawhide.i686
2018-02-06 12:57:05 +01:00
Igor Gnatenko
a3b937064c Fix systemd executions/requirements
Merges: https://src.fedoraproject.org/rpms/sssd/pull-request/1

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-01-25 20:42:01 +01:00
Lukas Slebodnik
ebdebbe467 Do not try to link with -Wl,-z,defs
https://bugzilla.redhat.com/show_bug.cgi?id=1535422
https://fedoraproject.org/wiki/Changes/BINUTILS2291
https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/buildflags.md#strict-symbol-checks-in-the-link-editor-ld

sssd cannot be linked with -Wl,-z,defs atm.
2018-01-25 20:23:09 +01:00
Lukas Slebodnik
27d7dcb5bb Revert "Override linker flags done in redhat-rpm-config-84-1.fc28"
This reverts commit 7cda4fbc6f.
2018-01-25 20:18:39 +01:00
Lukas Slebodnik
b4343b24b6 Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS 2018-01-25 11:39:00 +01:00
Lukas Slebodnik
0a5a392684 Workaround for BZ1537183
unit test will pass but sssd will not be able to use nsupdate with realm
on i686
2018-01-23 15:11:46 +01:00
Lukas Slebodnik
7cda4fbc6f Override linker flags done in redhat-rpm-config-84-1.fc28
https://bugzilla.redhat.com/show_bug.cgi?id=1535422
https://fedoraproject.org/wiki/Changes/BINUTILS2291

sssd cannot be linked with -Wl,-z,defs atm.
2018-01-23 14:37:32 +01:00
Lukas Slebodnik
b390855a98 Fix building of sssd-nfs-idmap with libnfsidmap.so.1 2018-01-11 16:53:36 +01:00
Björn Esser
f9e6094ac5
Rebuilt for libnfsidmap.so.1 2018-01-11 12:01:37 +01:00
Lukas Slebodnik
1dedfbb334 Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout
Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
                          or machine swaps
Resolves: failure in glibc tests
          https://sourceware.org/bugzilla/show_bug.cgi?id=22530
Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
                          auth_provider ldap, login fails if the LDAP server
                          is not allowing anonymous binds
Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
                          corrected with AD
Resolves: upstream#3586 - Give a more detailed debug and system-log message
                          if krb5_init_context() failed
Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
                         in /etc/systemd/system
Backport few upstream features from 1.16.1
2017-12-04 21:42:37 +01:00
Lukas Slebodnik
ce65f7d9ee Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next 2017-11-21 17:57:44 +01:00
Lukas Slebodnik
87763840cd Revert "Disable nfsplugin due to bug rhbz#1509063"
This reverts commit b5c435b10b.

nfs-utils are fixed
2017-11-21 17:56:54 +01:00
Jakub Hrozek
7781c9e992 Backport extended NSS API from upstream master branch 2017-11-17 18:06:26 +01:00
Lukas Slebodnik
b5c435b10b Disable nfsplugin due to bug rhbz#1509063 2017-11-03 22:58:37 +01:00
Lukas Slebodnik
7ac8b3c4b5 Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade 2017-11-03 16:20:10 +01:00
Lukas Slebodnik
7667bd7429 Fix unit tests with libldb-1.3.0 2017-10-21 16:19:39 +02:00
Lukas Slebodnik
f2e72c8931 There are not empty lang files in 1.16.0 2017-10-20 23:18:12 +02:00
Lukas Slebodnik
4f58854911 New upstream release 1.16.0
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html
2017-10-20 18:02:02 +02:00
Lukas Slebodnik
1aff49b48c Fix build with krb5 1.16 2017-10-11 18:06:00 +02:00
Lukas Slebodnik
7069858231 Resolves: rhbz#1499354 - CVE-2017-12173
sssd: unsanitized input when searching in local cache database access on
the sock_file system_bus_socket
2017-10-11 17:48:41 +02:00
Lukas Slebodnik
8eda442b2e Fix few bugs/regressions
Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access
                         on the sock_file system_bus_socket
Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
                         fails to download desktop profile data
Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after
                          applying ID Views for them in IPA server
Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping
                          is applied
2017-09-12 09:22:07 +02:00
Lukas Slebodnik
fa4807ec45 Backport few upstream patches/fixes 2017-09-01 21:34:35 +02:00
Lukas Slebodnik
11cd64de1c Add krb5 conf snippet for default KCM
http://fedoraproject.org/wiki/Releases/27/ChangeSet#Kerberos_KCM_credential_cache_by_default
https://bugzilla.redhat.com/show_bug.cgi?id=1421604
2017-09-01 21:34:20 +02:00
Lukas Slebodnik
5ce8ae1166 Simplify spec file a little bit
The plugin for cifs-utils can be built on all supported versions of fedora.
Conditions are required only in upstream spec file for older
distributions. Definition of constant with_cifs_utils_plugin is still
in the beginning of spec file for simpler comparison of changes
between upstream and fedora.
2017-09-01 10:47:18 +02:00
Lukas Slebodnik
088151887a Remove unused if condition krb5 localauth plugin
The plugin can be built on all supported versions of fedora.
And it was removed also from upstream spec file.
2017-09-01 10:39:14 +02:00
Ville Skyttä
308a55f49d Own the %{_libdir}/%{name}/conf dir
https://bugzilla.redhat.com/show_bug.cgi?id=1483517
2017-08-21 12:42:13 +02:00
Fedora Release Engineering
df69f6e551 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 19:16:38 +00:00
Lukas Slebodnik
1f58bd8dc4 Make fedora automated tests happy
dist.python-versions failed
dist.python-versions.requires_naming_scheme failed

These RPMs use `python-` prefix without Python version in *Requires:

sssd-1.15.3-1.fc26 BuildRequires:
 * python-devel (python2-devel is available)

This is strongly discouraged and should be avoided. Please check
the required packages, and use names with either `python2-` or
`python3-` prefix.
2017-07-25 17:53:21 +02:00
Lukas Slebodnik
6302a22355 New upstream release 1.15.3
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html
2017-07-25 13:58:52 +02:00
Lukas Slebodnik
ca67484fda Rebuild with libldb-1.2.0
sssd buill with older version of libldb will crash

  (gdb) bt
  #0  0x0000000000000001 in ?? ()
  #1  0x00007fcb39ce28dc in ldb_db_lock_destructor () from /lib64/libldb.so.1
  #2  0x00007fcb3a103f31 in _tc_free_internal (location=0x7fcb39ce9303 "../common/ldb.c:1026", tc=<optimized out>) at ../talloc.c:1078
  #3  _talloc_free_internal (location=0x7fcb39ce9303 "../common/ldb.c:1026", ptr=0x55e267aebef0) at ../talloc.c:1174
  #4  _talloc_free (ptr=0x55e267aebef0, location=0x7fcb39ce9303 "../common/ldb.c:1026") at ../talloc.c:1716
  #5  0x00007fcb39ce02f2 in ldb_lock_backend_callback () from /lib64/libldb.so.1
  #6  0x00007fcb31b172ae in ltdb_callback () from /usr/lib64/ldb/modules/ldb/tdb.so
  #7  0x00007fcb3a31e8c1 in tevent_common_loop_timer_delay () from /lib64/libtevent.so.0
2017-07-07 12:44:33 +02:00
Lukas Slebodnik
538f424e10 Disable unit tests with expired certificates 2017-06-27 16:02:20 +02:00