sssd-devel September 2012

sssd-devel@lists.fedorahosted.org

16 participants
77 discussions

Start a nNew thread

[PATCH] DB: Cancel transaction in sysdb_store_user if sysdb_add_user fails
by Jakub Hrozek 20 Sep '12

20 Sep '12

I found this while working on #1440 with Michal.

2 2

[PATCH] SSH: Fix possible infinite loop when updating known_hosts
by Jan Cholasta 20 Sep '12

20 Sep '12

Hi, this patch fixes an infinite loop in ssh_host_pubkeys_update_known_hosts. Honza -- Jan Cholasta

2 2

[PATCH] 1371-Missing resolv.conf should be non-fatal
by Ariel Barria 20 Sep '12

20 Sep '12

Patch sent for review. https://fedorahosted.org/sssd/ticket/1371

3 13

[PATCH] LDB_ERR_INVALID_ATTRIBUTE_SYNTAX added to, sysdb_error_to_errno.
by Michal Židek 20 Sep '12

20 Sep '12

If the LDB_ERR_* code is not recognized by sysdb_error_to_errno function, it returns EFAULT by default. This caused confusion in the case when SSSD tried to store attribute with bad syntax to LDB (like in the ticket https://fedorahosted.org/sssd/ticket/1440 ). Error message said "Bad address", which was inappropriate. Patch is in attachment. Michal

2 2

KRB5 child: Don't return System Error on empty password
by Jakub Hrozek 20 Sep '12

20 Sep '12

https://fedorahosted.org/sssd/ticket/1310

2 2

[PATCH] KRB5 child: handle more error codes gracefully
by Jakub Hrozek 20 Sep '12

20 Sep '12

This patch changes handling of krb5 child error codes so that it's on par with the 1.8 branch after Joschi Brauchle reviewed the 1.8 backport.

2 2

[PATCH] Failover: use _srv_ when no primary server is defined
by Pavel Březina 17 Sep '12

17 Sep '12

https://fedorahosted.org/sssd/ticket/1521 The problem was in all providers, not just LDAP.

2 2

[PATCH] rpm: put localized sssd_krb5_locator_plugin manpages into client
by Pavel Březina 17 Sep '12

17 Sep '12

https://fedorahosted.org/sssd/ticket/1394

3 2

Announcing SSSD 1.9.0 RC1
by Jakub Hrozek 13 Sep '12

13 Sep '12

== Highlights == The SSSD team is proud to announce a Release Candidate of version 1.9 of the System Security Services Daemon. This is a bugfix release only, no new features were added in this version. We will be focusing on more stabilizing after that point until the final 1.9.0 release which is tentatively scheduled for September 21. We might be releasing another Release Candidate before the final release if needed. As always, you can download the latest sources at https://fedorahosted.org/sssd/ == Tickets Fixed == https://fedorahosted.org/sssd/ticket/1331 Off-by-one error in sss_hmac_sha1 https://fedorahosted.org/sssd/ticket/1364 [abrt] sssd-1.8.3-11.fc16: set_server_common_status: Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) https://fedorahosted.org/sssd/ticket/1438 SSSD crashes at boot time https://fedorahosted.org/sssd/ticket/1452 Authentication fails if kpasswd cannot be resolved https://fedorahosted.org/sssd/ticket/1454 if allocation fails, sss_mmap_cache_init may dereference NULL pointer https://fedorahosted.org/sssd/ticket/1458 Full sudo refresh is scheduled even if there is no sudo responder https://fedorahosted.org/sssd/ticket/1466 Proxy: Cannot retrieve an user after a group he is a member of was retrieved https://fedorahosted.org/sssd/ticket/1467 enumeration is broken in the proxy provider https://fedorahosted.org/sssd/ticket/1479 Hbac logs show wrong rule name granting access https://fedorahosted.org/sssd/ticket/1486 [abrt] sssd-1.8.4-14.fc17: sss_ldap_init_send: Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) https://fedorahosted.org/sssd/ticket/1496 [abrt] sssd-1.8.4-14.fc17: ldap_pvt_sasl_getmechs: Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) https://fedorahosted.org/sssd/ticket/1505 sudo with sss backend should use ipa_hostname https://fedorahosted.org/sssd/ticket/1509 libsss_sudo is not updated when yum update sssd is called https://fedorahosted.org/sssd/ticket/1513 Change the processing of the SELinux default map https://fedorahosted.org/sssd/ticket/1515 pam_sss report System Error on wrong password https://fedorahosted.org/sssd/ticket/1516 krb5_mod_ccname should cancel the transaction at one place only https://fedorahosted.org/sssd/ticket/1519 membership of IPA hostgroups is not evaluated when treating them as netgroups == Detailed Changelog == Jakub Hrozek (12): * Bumping version for the 1.9.0 beta 7 release * libsss_sudo should have a versioned dependency on SSSD * KRB5: cancel the sysdb transaction on one place only * KRB5: Return PAM_AUTH_ERR on incorrect password * RPM: BuildRequire? selinux-policy-targeted * SYSDB: NULL-terminate the output of sysdb_get_{ranges,subdomains} * KRB5: Add a missing string argument * NSS: Fix off-by-one error in parse_getservbyname * FO: Check server validity before setting status * DB: Always write the SELinux object to sysdb * SELinux: Always use the default if it exists on the server * Updating the translations for the 1.9.0 RC1 release Ondrej Kos (1): * Out-of-bounds read fix in hmac-sha-1 Pavel Březina (3): * netgroup: resolve hostgroup membership correctly * be_process_init(): free ctx on error * backend: initialize sudo only when it is enabled in services Simo Sorce (1): * Remove obsolete comment

1 0

[PATCH] SELinux: Always use the default if it exists on the server
by Jakub Hrozek 13 Sep '12

13 Sep '12

In order to test these patches properly, you need to be running the latest patches that are currently on review on freeipa-devel. Ping me off-line for access to such IPA client. [PATCH 1/2] DB: Always write the SELinux object to sysdb This is a fallout of the transaction processing refactoring. There's no point in checking if the object already exists because we always wipe the whole sysdb subtree. We were also immediatelly cancelling the transaction because we'd jump to goto, even though it was with EOK. [PATCH 2/2] SELinux: Always use the default if it exists on the server https://fedorahosted.org/sssd/ticket/1513 This is a counterpart of the FreeIPA ticket https://fedorahosted.org/freeipa/ticket/3045 During an e-mail discussion, it was decided that * if the default is set in the IPA config object, the SSSD would use that default no matter what * if the default is not set (aka empty or missing), the SSSD would just use the system default and skip creating the login file altogether

2 3

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel September 2012