[SSSD] [sssd PR#5852][+Changes requested] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5852][-Waiting for review] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5862][+Ready to push] DEBUG: avoid backtrace dups.
URL: https://github.com/SSSD/sssd/pull/5862 Title: #5862: DEBUG: avoid backtrace dups. Label: +Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5855][+Ready to push] CKM_RSA_PKCS support.
URL: https://github.com/SSSD/sssd/pull/5855 Title: #5855: CKM_RSA_PKCS support. Label: +Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5862][comment] DEBUG: avoid backtrace dups.
URL: https://github.com/SSSD/sssd/pull/5862 Title: #5862: DEBUG: avoid backtrace dups. pbrezina commented: """ Pushed PR: https://github.com/SSSD/sssd/pull/5862 * `master` * bb8da4303851642318b626aad507ab7c39f6a80d - DEBUG: avoid backtrace dups. """ See the full comment at https://github.com/SSSD/sssd/pull/5862#issuecomment-963017447 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5862][+Pushed] DEBUG: avoid backtrace dups.
URL: https://github.com/SSSD/sssd/pull/5862 Title: #5862: DEBUG: avoid backtrace dups. Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5862][-Accepted] DEBUG: avoid backtrace dups.
URL: https://github.com/SSSD/sssd/pull/5862 Title: #5862: DEBUG: avoid backtrace dups. Label: -Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5862][-Ready to push] DEBUG: avoid backtrace dups.
URL: https://github.com/SSSD/sssd/pull/5862 Title: #5862: DEBUG: avoid backtrace dups. Label: -Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5862][closed] DEBUG: avoid backtrace dups.
URL: https://github.com/SSSD/sssd/pull/5862 Author: alexey-tikhonov Title: #5862: DEBUG: avoid backtrace dups. Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5862/head:pr5862 git checkout pr5862 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5855][comment] CKM_RSA_PKCS support.
URL: https://github.com/SSSD/sssd/pull/5855 Title: #5855: CKM_RSA_PKCS support. pbrezina commented: """ Pushed PR: https://github.com/SSSD/sssd/pull/5855 * `master` * b5073394d652cec7c99d85eb71958234dc29f585 - TESTS: added two tests to check cert auth with specific RSA mechanisms: CKM_RSA_PKCS and CKM_SHA384_RSA_PKCS. (CKM_SHA384_RSA_PKCS is arbitrary chosen as one of CKM_SHA*_RSA_PKCS family) * 71b6d548ce2788267f657f2c1a922b9ca86daaff - P11: add support of 'CKM_RSA_PKCS' mechanism * bd9038657e88ebc021f749833ed8be73c8e7dbda - P11: refactoring of get_preferred_rsa_mechanism() """ See the full comment at https://github.com/SSSD/sssd/pull/5855#issuecomment-963017666 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5855][-Accepted] CKM_RSA_PKCS support.
URL: https://github.com/SSSD/sssd/pull/5855 Title: #5855: CKM_RSA_PKCS support. Label: -Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5855][+Pushed] CKM_RSA_PKCS support.
URL: https://github.com/SSSD/sssd/pull/5855 Title: #5855: CKM_RSA_PKCS support. Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5855][-Ready to push] CKM_RSA_PKCS support.
URL: https://github.com/SSSD/sssd/pull/5855 Title: #5855: CKM_RSA_PKCS support. Label: -Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5855][closed] CKM_RSA_PKCS support.
URL: https://github.com/SSSD/sssd/pull/5855 Author: alexey-tikhonov Title: #5855: CKM_RSA_PKCS support. Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5855/head:pr5855 git checkout pr5855 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5852][synchronized] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Author: ikerexxe Title: #5852: ifp: new interface to validate a certificate Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5852/head:pr5852 git checkout pr5852 From fb40a73687c9c7193b24e15c7a47a7976997cfc3 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Fri, 29 Oct 2021 10:56:58 +0200 Subject: [PATCH 1/2] ifp: new interface to validate a certificate New interface to validate a certificate. The input is the certificate to validate and the output the user path. Resolves: https://github.com/SSSD/sssd/issues/5224 Signed-off-by: Iker Pedrosa --- src/responder/ifp/ifp_iface/ifp_iface.c | 3 +- src/responder/ifp/ifp_iface/ifp_iface.xml | 4 + .../ifp/ifp_iface/sbus_ifp_client_sync.c | 14 + .../ifp/ifp_iface/sbus_ifp_client_sync.h | 9 + .../ifp/ifp_iface/sbus_ifp_interface.h| 22 ++ .../ifp/ifp_iface/sbus_ifp_symbols.c | 12 + .../ifp/ifp_iface/sbus_ifp_symbols.h | 3 + src/responder/ifp/ifp_users.c | 319 ++ src/responder/ifp/ifp_users.h | 12 + 9 files changed, 397 insertions(+), 1 deletion(-) diff --git a/src/responder/ifp/ifp_iface/ifp_iface.c b/src/responder/ifp/ifp_iface/ifp_iface.c index 833cf6843a..16035de57a 100644 --- a/src/responder/ifp/ifp_iface/ifp_iface.c +++ b/src/responder/ifp/ifp_iface/ifp_iface.c @@ -153,7 +153,8 @@ ifp_register_sbus_interface(struct sbus_connection *conn, SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, ListByCertificate, ifp_users_list_by_cert_send, ifp_users_list_by_cert_recv, ctx), SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, FindByNameAndCertificate, ifp_users_find_by_name_and_cert_send, ifp_users_find_by_name_and_cert_recv, ctx), SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, ListByName, ifp_users_list_by_name_send, ifp_users_list_by_name_recv, ctx), -SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, ListByDomainAndName, ifp_users_list_by_domain_and_name_send, ifp_users_list_by_domain_and_name_recv, ctx) +SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, ListByDomainAndName, ifp_users_list_by_domain_and_name_send, ifp_users_list_by_domain_and_name_recv, ctx), +SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, FindByValidCertificate, ifp_users_find_by_valid_cert_send, ifp_users_find_by_valid_cert_recv, ctx) ), SBUS_SIGNALS(SBUS_NO_SIGNALS), SBUS_PROPERTIES(SBUS_NO_PROPERTIES) diff --git a/src/responder/ifp/ifp_iface/ifp_iface.xml b/src/responder/ifp/ifp_iface/ifp_iface.xml index a4b2f861a8..13c0d8 100644 --- a/src/responder/ifp/ifp_iface/ifp_iface.xml +++ b/src/responder/ifp/ifp_iface/ifp_iface.xml @@ -182,6 +182,10 @@ + + + + diff --git a/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.c b/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.c index 1f0a8e3679..03b668e78a 100644 --- a/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.c +++ b/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.c @@ -1161,6 +1161,20 @@ sbus_call_ifp_users_FindByNameAndCertificate _arg_result); } +errno_t +sbus_call_ifp_users_FindByValidCertificate +(TALLOC_CTX *mem_ctx, + struct sbus_sync_connection *conn, + const char *busname, + const char *object_path, + const char * arg_pem_cert, + const char ** _arg_result) +{ + return sbus_method_in_s_out_o(mem_ctx, conn, + busname, object_path, "org.freedesktop.sssd.infopipe.Users", "FindByValidCertificate", arg_pem_cert, + _arg_result); +} + errno_t sbus_call_ifp_users_ListByCertificate (TALLOC_CTX *mem_ctx, diff --git a/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.h b/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.h index 41e329d0d6..e48a6ebd9f 100644 --- a/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.h +++ b/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.h @@ -275,6 +275,15 @@ sbus_call_ifp_users_FindByNameAndCertificate const char * arg_pem_cert, const char ** _arg_result); +errno_t +sbus_call_ifp_users_FindByValidCertificate +(TALLOC_CTX *mem_ctx, + struct sbus_sync_connection *conn, + const char *busname, + const char *object_path, + const char * arg_pem_cert, + const char ** _arg_result); + errno_t sbus_call_ifp_users_ListByCertificate (TALLOC_CTX *mem_ctx, diff --git a/src/responder/ifp/ifp_iface/sbus_ifp_interface.h b/src/responder/ifp/ifp_iface/sbus_ifp_interface.h index 214250e583..2e1fdb5d03 100644 --- a/src/responder/ifp/ifp_iface/sbus_ifp_interface.h +++ b/src/responder/ifp/ifp_iface/sbus_ifp_interface.h @@ -1557,6 +1557,28 @@ (handler_send), (handler_recv), (data)); \ }) +/* Method: org.freedesktop.sssd.infopipe.Users.FindByValidCerti
[SSSD] [sssd PR#5852][-Changes requested] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5852][+Waiting for review] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5852][comment] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate ikerexxe commented: """ The patches are ready for another round of review. """ See the full comment at https://github.com/SSSD/sssd/pull/5852#issuecomment-963060408 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5852][comment] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate pbrezina commented: """ Ack. Thank you. Can you just add a release note to the commit message? """ See the full comment at https://github.com/SSSD/sssd/pull/5852#issuecomment-963077426 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5852][synchronized] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Author: ikerexxe Title: #5852: ifp: new interface to validate a certificate Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5852/head:pr5852 git checkout pr5852 From 28526dfe60f204668c54ee797bc8d07bde007778 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Fri, 29 Oct 2021 10:56:58 +0200 Subject: [PATCH 1/2] ifp: new interface to validate a certificate New interface to validate a certificate. The input is the certificate to validate and the output the user path. :relnote: New infopipe interface to validate a user certificate Resolves: https://github.com/SSSD/sssd/issues/5224 Signed-off-by: Iker Pedrosa --- src/responder/ifp/ifp_iface/ifp_iface.c | 3 +- src/responder/ifp/ifp_iface/ifp_iface.xml | 4 + .../ifp/ifp_iface/sbus_ifp_client_sync.c | 14 + .../ifp/ifp_iface/sbus_ifp_client_sync.h | 9 + .../ifp/ifp_iface/sbus_ifp_interface.h| 22 ++ .../ifp/ifp_iface/sbus_ifp_symbols.c | 12 + .../ifp/ifp_iface/sbus_ifp_symbols.h | 3 + src/responder/ifp/ifp_users.c | 319 ++ src/responder/ifp/ifp_users.h | 12 + 9 files changed, 397 insertions(+), 1 deletion(-) diff --git a/src/responder/ifp/ifp_iface/ifp_iface.c b/src/responder/ifp/ifp_iface/ifp_iface.c index 833cf6843a..16035de57a 100644 --- a/src/responder/ifp/ifp_iface/ifp_iface.c +++ b/src/responder/ifp/ifp_iface/ifp_iface.c @@ -153,7 +153,8 @@ ifp_register_sbus_interface(struct sbus_connection *conn, SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, ListByCertificate, ifp_users_list_by_cert_send, ifp_users_list_by_cert_recv, ctx), SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, FindByNameAndCertificate, ifp_users_find_by_name_and_cert_send, ifp_users_find_by_name_and_cert_recv, ctx), SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, ListByName, ifp_users_list_by_name_send, ifp_users_list_by_name_recv, ctx), -SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, ListByDomainAndName, ifp_users_list_by_domain_and_name_send, ifp_users_list_by_domain_and_name_recv, ctx) +SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, ListByDomainAndName, ifp_users_list_by_domain_and_name_send, ifp_users_list_by_domain_and_name_recv, ctx), +SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, FindByValidCertificate, ifp_users_find_by_valid_cert_send, ifp_users_find_by_valid_cert_recv, ctx) ), SBUS_SIGNALS(SBUS_NO_SIGNALS), SBUS_PROPERTIES(SBUS_NO_PROPERTIES) diff --git a/src/responder/ifp/ifp_iface/ifp_iface.xml b/src/responder/ifp/ifp_iface/ifp_iface.xml index a4b2f861a8..13c0d8 100644 --- a/src/responder/ifp/ifp_iface/ifp_iface.xml +++ b/src/responder/ifp/ifp_iface/ifp_iface.xml @@ -182,6 +182,10 @@ + + + + diff --git a/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.c b/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.c index 1f0a8e3679..03b668e78a 100644 --- a/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.c +++ b/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.c @@ -1161,6 +1161,20 @@ sbus_call_ifp_users_FindByNameAndCertificate _arg_result); } +errno_t +sbus_call_ifp_users_FindByValidCertificate +(TALLOC_CTX *mem_ctx, + struct sbus_sync_connection *conn, + const char *busname, + const char *object_path, + const char * arg_pem_cert, + const char ** _arg_result) +{ + return sbus_method_in_s_out_o(mem_ctx, conn, + busname, object_path, "org.freedesktop.sssd.infopipe.Users", "FindByValidCertificate", arg_pem_cert, + _arg_result); +} + errno_t sbus_call_ifp_users_ListByCertificate (TALLOC_CTX *mem_ctx, diff --git a/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.h b/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.h index 41e329d0d6..e48a6ebd9f 100644 --- a/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.h +++ b/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.h @@ -275,6 +275,15 @@ sbus_call_ifp_users_FindByNameAndCertificate const char * arg_pem_cert, const char ** _arg_result); +errno_t +sbus_call_ifp_users_FindByValidCertificate +(TALLOC_CTX *mem_ctx, + struct sbus_sync_connection *conn, + const char *busname, + const char *object_path, + const char * arg_pem_cert, + const char ** _arg_result); + errno_t sbus_call_ifp_users_ListByCertificate (TALLOC_CTX *mem_ctx, diff --git a/src/responder/ifp/ifp_iface/sbus_ifp_interface.h b/src/responder/ifp/ifp_iface/sbus_ifp_interface.h index 214250e583..2e1fdb5d03 100644 --- a/src/responder/ifp/ifp_iface/sbus_ifp_interface.h +++ b/src/responder/ifp/ifp_iface/sbus_ifp_interface.h @@ -1557,6 +1557,28 @@ (handler_send), (handler_recv), (data)); \ })
[SSSD] [sssd PR#5852][comment] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate ikerexxe commented: """ > Ack. Thank you. Can you just add a release note to the commit message? Done. Thanks for the review! """ See the full comment at https://github.com/SSSD/sssd/pull/5852#issuecomment-963083749 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5852][comment] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate pbrezina commented: """ Better make it `:feature:` and add more information. Imagine that you read it as our user - you want to now how the method is called and what you should use it for. """ See the full comment at https://github.com/SSSD/sssd/pull/5852#issuecomment-963095261 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5852][comment] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate pbrezina commented: """ Better make it `:feature:` and add more information. Imagine that you read it as our user - you want to now how the method is called and what you should use it for. One sentence that should catch the essence of the change. """ See the full comment at https://github.com/SSSD/sssd/pull/5852#issuecomment-963095261 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5863][comment] Responder and Child process tevent chain id improvements
URL: https://github.com/SSSD/sssd/pull/5863 Title: #5863: Responder and Child process tevent chain id improvements sumit-bose commented: """ > Now that the RID # is passed to the child log files, `sssctl analyze request > show #` will check these child logs and print those RID # matches also. > Should this be default behavior, or only when an argument like `--child` is > provided to the request show subcommand? Hi, I tend to the latter. The idea of the tool is to help to find issues. Adding the child logs by default might make this harder especially if the issue is not related to a child process. It might be even worth to be able to switch on only a single child, e.g. `--child=krb5_child`. Is there a reason you mostly send the id together with other data via stdin and not with a command line option? Personally I would prefer a comand line option because it makes the child process more easy to use manually. E.g. currently you can run `p11_child` manually even in auth mode by calling echo -n PIN | /usr/libexec/sssd/p11_child --auth . Now additional 8 bytes are expected, which still would allow to call `p11_child` manually but it would be less obvious. The PIN has to be send via stdin, otherwise it would be visible on the command line and so visible for everyone calling `ps`. bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/5863#issuecomment-963103190 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5852][comment] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate ikerexxe commented: """ > Better make it `:feature:` and add more information. Imagine that you read it > as our user - you want to now how the method is called and what you should > use it for. One sentence that should catch the essence of the change. What do you think of `:feature: New infopipe interface to validate a user certificate, that accepts the certificate as an input and outputs the user path.`? """ See the full comment at https://github.com/SSSD/sssd/pull/5852#issuecomment-963155213 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5852][comment] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate martinpitt commented: """ How about something like this: > New infopipe method `FindByValidCertificate()` which accepts the certificate > as input, validates it against configured CAs, and outputs the user path on > success. This is similar to the existing `FindByCertificate()`, but that does > not do any trust validation. (Not sure how long your release notes are allowed to be) """ See the full comment at https://github.com/SSSD/sssd/pull/5852#issuecomment-963162874 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5852][comment] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate pbrezina commented: """ Martin's version is better. Especially because it contains the method name and the difference between current method. """ See the full comment at https://github.com/SSSD/sssd/pull/5852#issuecomment-963268735 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5852][synchronized] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Author: ikerexxe Title: #5852: ifp: new interface to validate a certificate Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5852/head:pr5852 git checkout pr5852 From e3c311764a3073a757a5cb2b58ed5a464e886d39 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Fri, 29 Oct 2021 10:56:58 +0200 Subject: [PATCH 1/2] ifp: new interface to validate a certificate New interface to validate a certificate. The input is the certificate to validate and the output the user path. :feature: New infopipe method FindByValidCertificate() which accepts the certificate as input, validates it against configured CAs, and outputs the user path on success. This is similar to the existing FindByCertificate(), but that does not do any trust validation. Resolves: https://github.com/SSSD/sssd/issues/5224 Signed-off-by: Iker Pedrosa --- src/responder/ifp/ifp_iface/ifp_iface.c | 3 +- src/responder/ifp/ifp_iface/ifp_iface.xml | 4 + .../ifp/ifp_iface/sbus_ifp_client_sync.c | 14 + .../ifp/ifp_iface/sbus_ifp_client_sync.h | 9 + .../ifp/ifp_iface/sbus_ifp_interface.h| 22 ++ .../ifp/ifp_iface/sbus_ifp_symbols.c | 12 + .../ifp/ifp_iface/sbus_ifp_symbols.h | 3 + src/responder/ifp/ifp_users.c | 319 ++ src/responder/ifp/ifp_users.h | 12 + 9 files changed, 397 insertions(+), 1 deletion(-) diff --git a/src/responder/ifp/ifp_iface/ifp_iface.c b/src/responder/ifp/ifp_iface/ifp_iface.c index 833cf6843a..16035de57a 100644 --- a/src/responder/ifp/ifp_iface/ifp_iface.c +++ b/src/responder/ifp/ifp_iface/ifp_iface.c @@ -153,7 +153,8 @@ ifp_register_sbus_interface(struct sbus_connection *conn, SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, ListByCertificate, ifp_users_list_by_cert_send, ifp_users_list_by_cert_recv, ctx), SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, FindByNameAndCertificate, ifp_users_find_by_name_and_cert_send, ifp_users_find_by_name_and_cert_recv, ctx), SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, ListByName, ifp_users_list_by_name_send, ifp_users_list_by_name_recv, ctx), -SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, ListByDomainAndName, ifp_users_list_by_domain_and_name_send, ifp_users_list_by_domain_and_name_recv, ctx) +SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, ListByDomainAndName, ifp_users_list_by_domain_and_name_send, ifp_users_list_by_domain_and_name_recv, ctx), +SBUS_ASYNC(METHOD, org_freedesktop_sssd_infopipe_Users, FindByValidCertificate, ifp_users_find_by_valid_cert_send, ifp_users_find_by_valid_cert_recv, ctx) ), SBUS_SIGNALS(SBUS_NO_SIGNALS), SBUS_PROPERTIES(SBUS_NO_PROPERTIES) diff --git a/src/responder/ifp/ifp_iface/ifp_iface.xml b/src/responder/ifp/ifp_iface/ifp_iface.xml index a4b2f861a8..13c0d8 100644 --- a/src/responder/ifp/ifp_iface/ifp_iface.xml +++ b/src/responder/ifp/ifp_iface/ifp_iface.xml @@ -182,6 +182,10 @@ + + + + diff --git a/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.c b/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.c index 1f0a8e3679..03b668e78a 100644 --- a/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.c +++ b/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.c @@ -1161,6 +1161,20 @@ sbus_call_ifp_users_FindByNameAndCertificate _arg_result); } +errno_t +sbus_call_ifp_users_FindByValidCertificate +(TALLOC_CTX *mem_ctx, + struct sbus_sync_connection *conn, + const char *busname, + const char *object_path, + const char * arg_pem_cert, + const char ** _arg_result) +{ + return sbus_method_in_s_out_o(mem_ctx, conn, + busname, object_path, "org.freedesktop.sssd.infopipe.Users", "FindByValidCertificate", arg_pem_cert, + _arg_result); +} + errno_t sbus_call_ifp_users_ListByCertificate (TALLOC_CTX *mem_ctx, diff --git a/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.h b/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.h index 41e329d0d6..e48a6ebd9f 100644 --- a/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.h +++ b/src/responder/ifp/ifp_iface/sbus_ifp_client_sync.h @@ -275,6 +275,15 @@ sbus_call_ifp_users_FindByNameAndCertificate const char * arg_pem_cert, const char ** _arg_result); +errno_t +sbus_call_ifp_users_FindByValidCertificate +(TALLOC_CTX *mem_ctx, + struct sbus_sync_connection *conn, + const char *busname, + const char *object_path, + const char * arg_pem_cert, + const char ** _arg_result); + errno_t sbus_call_ifp_users_ListByCertificate (TALLOC_CTX *mem_ctx, diff --git a/src/responder/ifp/ifp_iface/sbus_ifp_interface.h b/src/responder/ifp/ifp_iface/sbus_ifp_interface.h index 214250e583..2e1fdb
[SSSD] [sssd PR#5852][comment] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate ikerexxe commented: """ Thanks Martin! I've added that to the release notes. """ See the full comment at https://github.com/SSSD/sssd/pull/5852#issuecomment-963343546 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5852][-Waiting for review] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5852][+Ready to push] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate Label: +Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5852][+Accepted] ifp: new interface to validate a certificate
URL: https://github.com/SSSD/sssd/pull/5852 Title: #5852: ifp: new interface to validate a certificate Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5845][comment] sss-analyze: Fix self imports
URL: https://github.com/SSSD/sssd/pull/5845 Title: #5845: sss-analyze: Fix self imports pbrezina commented: """ Hi @stanislavlevin, we will do a release soon. What do you think about moving all to libexec given we don't plan to publish any Python interface for 3rd party? (At least not at the moment). If you think it is a good idea (I admit we don't have much experience with Python packaging), could you amend the patch? Thanks. """ See the full comment at https://github.com/SSSD/sssd/pull/5845#issuecomment-963355255 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5863][+Changes requested] Responder and Child process tevent chain id improvements
URL: https://github.com/SSSD/sssd/pull/5863 Title: #5863: Responder and Child process tevent chain id improvements Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5863][comment] Responder and Child process tevent chain id improvements
URL: https://github.com/SSSD/sssd/pull/5863 Title: #5863: Responder and Child process tevent chain id improvements alexey-tikhonov commented: """ Isn't it required to set `debug_from_responder` in `p11_child`? """ See the full comment at https://github.com/SSSD/sssd/pull/5863#issuecomment-963465303 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5834][synchronized] Translations update from Weblate
URL: https://github.com/SSSD/sssd/pull/5834 Author: weblate Title: #5834: Translations update from Weblate Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5834/head:pr5834 git checkout pr5834 From ee88c7dc3add2a8354610a1d14fc6c328bfd3b8c Mon Sep 17 00:00:00 2001 From: Weblate Date: Tue, 9 Nov 2021 06:05:22 +0100 Subject: [PATCH] po: update translations (Korean) currently translated at 12.6% (331 of 2615 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/ po: update translations (Korean) currently translated at 30.6% (189 of 617 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/ po: update translations (Korean) currently translated at 29.6% (183 of 617 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/ po: update translations (Spanish) currently translated at 68.8% (1804 of 2621 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/es/ po: update translations (Spanish) currently translated at 93.3% (576 of 617 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/ po: update translations (Finnish) currently translated at 6.1% (38 of 617 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fi/ po: update translations (Korean) currently translated at 12.4% (326 of 2615 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/ po: update translations (Ukrainian) currently translated at 100.0% (2621 of 2621 strings) Translation: SSSD/sssd-manpage Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/ po: update translations (Ukrainian) currently translated at 100.0% (617 of 617 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/ po: update translations (Polish) currently translated at 100.0% (617 of 617 strings) Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/ Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Translation: SSSD/sssd Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ --- po/bg.po | 2 - po/ca.po | 16 po/cs.po | 16 po/de.po | 16 po/es.po | 99 +--- po/eu.po | 2 - po/fi.po | 4 +- po/fr.po | 16 po/ja.po | 16 po/ko.po | 19 +- po/nl.po | 16 po/pl.po | 31 --- po/ru.po | 16 po/sv.po | 16 po/uk.po | 31 --- po/zh_CN.po | 16 src/man/po/es.po | 10 ++--- src/man/po/ko.po | 44 +++-- src/man/po/uk.po | 96 ++ 19 files changed, 143 insertions(+), 339 deletions(-) diff --git a/po/bg.po b/po/bg.po index a99683ff65..2c284a01ee 100644 --- a/po/bg.po +++ b/po/bg.po @@ -2810,11 +2810,9 @@ msgstr "" #~ msgid "The selected GID is outside the allowed range\n" #~ msgstr "Зададеният GID е извън позволения обхват\n" -#, c-format #~ msgid "Group %1$s is outside the defined ID range for domain\n" #~ msgstr "Група %1$s е извън дефинирания ID обхват за домейн\n" -#, c-format #~ msgid "User %1$s is outside the defined ID range for domain\n" #~ msgstr "Потребител %1$s е извън дефинирания ID обхват за домейн\n" diff --git a/po/ca.po b/po/ca.po index c37a0e1b97..cf8339a5b6 100644 --- a/po/ca.po +++ b/po/ca.po @@ -2898,7 +2898,6 @@ msgstr "" #~ msgid "Groups must be in the same domain as user\n" #~ msgstr "Els grups han d'estar al mateix domini que l'usuari\n" -#, c-format #~ msgid "Cannot find group %1$s in local domain\n" #~ msgstr "No es pot trobar el grup %1$s al domini local\n" @@ -2920,11 +2919,9 @@ msgstr "" #~ "El directori inicial de l'usuari ja existeix, no es copiaran les dades " #~ "del directori esquemàtic\n" -#, c-format #~ msgid "Cannot create user's home directory: %1$s\n" #~ msgstr "No es pot crear el directori inicial de l'usuari: %1$s\n" -#, c-format #~ msgid "Cannot create user's mail spool: %1$s\n" #~ msgstr "No es pot crear la gestió de cues del correu de l'usuari: %1$s\n" @@ -2960,11 +2957,9 @@ msgstr "" #~ msgid "Specify group to delete\n" #~ msgstr "Especifiqueu el grup a eliminar\n" -#, c-format #~ msgid "Group %1$s is outside the defined ID range for domain\n" #~ msgstr "El grup %1$s està fora de l'interval d'id. definit pel domini\n" -#, c-f
[SSSD] [sssd PR#5786][synchronized] Tests: [SSSD-3579]: Skip test test_0018_bz1734040.
URL: https://github.com/SSSD/sssd/pull/5786 Author: jakub-vavra-cz Title: #5786: Tests: [SSSD-3579]: Skip test test_0018_bz1734040. Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5786/head:pr5786 git checkout pr5786 From 2cc7ab2d468ac2942cab30549bd5c09ad928afde Mon Sep 17 00:00:00 2001 From: Jakub Vavra Date: Wed, 15 Sep 2021 12:05:28 +0200 Subject: [PATCH 1/2] Tests: [SSSD-3579]: Skip test test_0018_bz1734040. The test does not work even with fixes for RHEL-9, skipping for now so it is not blocking RHEL-9 gating, until proper fix is found. --- src/tests/multihost/ad/test_adparameters.py | 29 + 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/src/tests/multihost/ad/test_adparameters.py b/src/tests/multihost/ad/test_adparameters.py index 2967709229..044ca58df0 100644 --- a/src/tests/multihost/ad/test_adparameters.py +++ b/src/tests/multihost/ad/test_adparameters.py @@ -692,8 +692,10 @@ def test_0017_gssspnego_adjoin(self, multihost): multihost.client[0].run_command(remove_pcap) assert status == 'PASS' +@staticmethod @pytest.mark.tier1 -def test_0018_bz1734040(self, multihost, adjoin): +@pytest.mark.skip(reason="Does not work on RHEL 9, skip until resolved.") +def test_0018_bz1734040(multihost, adjoin): """ :title: ad_parameters: sssd crash in ad_get_account_domain_search :id: dcca509e-b316-4010-a173-20f541dafd52 @@ -702,28 +704,23 @@ def test_0018_bz1734040(self, multihost, adjoin): """ adjoin(membersw='adcli') client = sssdTools(multihost.client[0]) -domain_name = client.get_domain_section_name() client.backup_sssd_conf() client.remove_sss_cache('/var/log/sssd') -sssdcfg = multihost.client[0].get_file_contents(SSSD_DEFAULT_CONF) -sssdcfg = re.sub(b'ad_domain = %s' % domain_name.encode('utf-8'), - b'ad_domain = example.com \ndebug_level = 9', sssdcfg) -multihost.client[0].put_file_contents(SSSD_DEFAULT_CONF, sssdcfg) +dom_section = 'domain/%s' % client.get_domain_section_name() +sssd_params = {'ad_domain': 'example.com', 'debug_level': '9'} +client.sssd_conf(dom_section, sssd_params) +sssd_params = {'enable_files_domain': 'True', + 'debug_level': '9'} +client.sssd_conf('sssd', sssd_params) client.clear_sssd_cache() cmd = multihost.client[0].run_command('getent passwd 0', raiseonerr=True) -if cmd.returncode != 0: -status = 'FAIL' -else: -status = 'PASS' time.sleep(10) domain_log = '/var/log/sssd/sssd_%s.log' % domain_name log = multihost.client[0].get_file_contents(domain_log).decode('utf-8') -msg = 'Flags\s.0x0001.' +msg = r'AccountDomain.*Flags\s.0x0001.' find = re.compile(r'%s' % msg) -if not find.search(log): -status = 'FAIL' -else: -status = 'PASS' + client.restore_sssd_conf() -assert status == 'PASS' +assert cmd.returncode == 0, "'getent passwd 0' failed!" +assert find.search(log), "Expected log record is missing." From d192dd006d631e36aa8346ec46b71e95bbccaf5a Mon Sep 17 00:00:00 2001 From: Jakub Vavra Date: Tue, 9 Nov 2021 08:47:15 +0100 Subject: [PATCH 2/2] test debug --- src/tests/multihost/ad/test_adparameters.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/tests/multihost/ad/test_adparameters.py b/src/tests/multihost/ad/test_adparameters.py index 044ca58df0..b80a6dd110 100644 --- a/src/tests/multihost/ad/test_adparameters.py +++ b/src/tests/multihost/ad/test_adparameters.py @@ -702,6 +702,8 @@ def test_0018_bz1734040(multihost, adjoin): :customerscenario: True :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1734040 """ +distro = multihost.client[0].distro +print(distro) adjoin(membersw='adcli') client = sssdTools(multihost.client[0]) client.backup_sssd_conf() ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure