date:20211202

[SSSD] [sssd PR#5867][+Changes requested] usertools: force local user for sssd process user

2021-12-02 Thread alexey-tikhonov

  URL: https://github.com/SSSD/sssd/pull/5867
Title: #5867: usertools: force local user for sssd process user

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5867][-Waiting for review] usertools: force local user for sssd process user

2021-12-02 Thread alexey-tikhonov

  URL: https://github.com/SSSD/sssd/pull/5867
Title: #5867: usertools: force local user for sssd process user

Label: -Waiting for review
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5867][comment] usertools: force local user for sssd process user

2021-12-02 Thread alexey-tikhonov

  URL: https://github.com/SSSD/sssd/pull/5867
Title: #5867: usertools: force local user for sssd process user

alexey-tikhonov commented:
"""
And a few more nitpicks.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5867#issuecomment-984936320
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5867][synchronized] usertools: force local user for sssd process user

2021-12-02 Thread ikerexxe

   URL: https://github.com/SSSD/sssd/pull/5867
Author: ikerexxe
 Title: #5867: usertools: force local user for sssd process user
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5867/head:pr5867
git checkout pr5867
From 64debe4f7983ca26a60f693e09d112b09d624d60 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa 
Date: Mon, 23 Aug 2021 12:04:42 +0200
Subject: [PATCH 1/2] usertools: force local user for sssd process user

System hardening by forcing the sssd user to be loaded from a local
database (/etc/passwd) instead of using any remote user. This could
happen in very special conditions and might change the owner of the sssd
databases and generate a denial of service.

Signed-off-by: Iker Pedrosa 
---
 Makefile.am   |  3 +
 src/tests/cwrap/Makefile.am   |  8 ++-
 src/tests/cwrap/common_mock_nss_dl_load.c | 72 +++
 src/tests/cwrap/common_mock_nss_dl_load.h | 30 ++
 src/tests/cwrap/test_responder_common.c   |  7 +++
 src/tests/cwrap/test_usertools.c  |  6 ++
 src/util/nss_dl_load.c| 11 +++-
 src/util/nss_dl_load.h|  3 +
 src/util/nss_dl_load_extra.c  | 51 
 src/util/usertools.c  | 32 +++---
 10 files changed, 212 insertions(+), 11 deletions(-)
 create mode 100644 src/tests/cwrap/common_mock_nss_dl_load.c
 create mode 100644 src/tests/cwrap/common_mock_nss_dl_load.h
 create mode 100644 src/util/nss_dl_load_extra.c

diff --git a/Makefile.am b/Makefile.am
index f6bc9414d0..ebd92afd55 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -884,6 +884,7 @@ dist_noinst_HEADERS = \
 src/tests/cmocka/test_expire_common.h \
 src/tests/cmocka/test_sdap_access.h \
 src/tests/cmocka/data_provider/mock_dp.h \
+src/tests/cwrap/common_mock_nss_dl_load.h \
 src/sss_client/pam_message.h \
 src/sss_client/ssh/sss_ssh_client.h \
 src/sss_client/sudo/sss_sudo.h \
@@ -1265,6 +1266,8 @@ libsss_util_la_SOURCES = \
 src/util/selinux.c \
 src/util/sss_regexp.c \
 src/util/sss_chain_id.c \
+src/util/nss_dl_load.c \
+src/util/nss_dl_load_extra.c \
 $(NULL)
 libsss_util_la_CFLAGS = \
 $(AM_CFLAGS) \
diff --git a/src/tests/cwrap/Makefile.am b/src/tests/cwrap/Makefile.am
index 6d3dc45e57..24e6c4a7c1 100644
--- a/src/tests/cwrap/Makefile.am
+++ b/src/tests/cwrap/Makefile.am
@@ -141,15 +141,18 @@ endif
 
 usertools_tests_SOURCES = \
 test_usertools.c \
+common_mock_nss_dl_load.c \
+../../../src/util/usertools.c \
+../../../src/util/nss_dl_load.c \
 $(NULL)
 usertools_tests_CFLAGS = \
 $(AM_CFLAGS) \
 $(NULL)
 usertools_tests_LDADD = \
+$(LIBADD_DL) \
 $(CMOCKA_LIBS) \
 $(POPT_LIBS) \
 $(TALLOC_LIBS) \
-$(abs_top_builddir)/libsss_util.la \
 $(abs_top_builddir)/libsss_debug.la \
 $(abs_top_builddir)/libsss_test_common.la \
 $(NULL)
@@ -159,9 +162,11 @@ endif
 
 responder_common_tests_SOURCES =\
 test_responder_common.c \
+common_mock_nss_dl_load.c \
 $(SSSD_RESPONDER_IFACE_OBJ) \
 ../../../src/responder/common/negcache_files.c \
 ../../../src/util/nss_dl_load.c \
+../../../src/util/usertools.c \
 ../../../src/responder/common/negcache.c \
 ../../../src/responder/common/responder_common.c \
 ../../../src/responder/common/responder_packet.c \
@@ -179,7 +184,6 @@ responder_common_tests_LDADD = \
 $(SSSD_LIBS) \
 $(SELINUX_LIBS) \
 $(SYSTEMD_DAEMON_LIBS) \
-$(abs_top_builddir)/libsss_util.la \
 $(abs_top_builddir)/libsss_debug.la \
 $(abs_top_builddir)/libsss_test_common.la \
 $(abs_top_builddir)/libsss_iface.la \
diff --git a/src/tests/cwrap/common_mock_nss_dl_load.c b/src/tests/cwrap/common_mock_nss_dl_load.c
new file mode 100644
index 00..ce8e344403
--- /dev/null
+++ b/src/tests/cwrap/common_mock_nss_dl_load.c
@@ -0,0 +1,72 @@
+/*
+Authors:
+Iker Pedrosa 
+
+Copyright (C) 2021 Red Hat
+
+SSSD tests: Fake nss dl load
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see .
+*/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "common_mock_nss_dl_load.h"
+
+
+static enum nss_status
+mock_getpwnam_r(const char *name, struct passwd *result,
+char *buffer, size_t buflen, int *errnop)
+{
+

[SSSD] [sssd PR#5894][synchronized] contrib: sssd krb5 configuration snippet

2021-12-02 Thread ikerexxe

   URL: https://github.com/SSSD/sssd/pull/5894
Author: ikerexxe
 Title: #5894: contrib: sssd krb5 configuration snippet
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5894/head:pr5894
git checkout pr5894
From 3ad9d856b7cfb56c3db6e3fb72ab429229a5641a Mon Sep 17 00:00:00 2001
From: Iker Pedrosa 
Date: Mon, 29 Nov 2021 16:16:36 +0100
Subject: [PATCH] contrib: sssd krb5 configuration snippet

Add a configuration snippet for krb5 that points to the folder where the
sssd configuration for this service is located. This will enable
passwordless (GSSAPI) ssh to work without any sssd configuration change.

Resolves: https://github.com/SSSD/sssd/issues/5893

Signed-off-by: Iker Pedrosa 
---
 Makefile.am  | 3 +++
 contrib/enable_sssd_conf_dir | 5 +
 contrib/sssd.spec.in | 7 +++
 3 files changed, 15 insertions(+)
 create mode 100644 contrib/enable_sssd_conf_dir

diff --git a/Makefile.am b/Makefile.am
index f6bc9414d0..bb5c431e4b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -57,6 +57,7 @@ sssdconfdir = $(sysconfdir)/sssd
 sssddatadir = $(datadir)/sssd
 sssdapiplugindir = $(sssddatadir)/sssd.api.d
 sssdtapscriptdir = $(sssddatadir)/systemtap
+krb5snippetsdir = $(sssddatadir)/krb5-snippets
 dbuspolicydir = $(sysconfdir)/dbus-1/system.d
 dbusservicedir = $(datadir)/dbus-1/system-services
 sss_statedir = $(localstatedir)/lib/sss
@@ -4694,6 +4695,8 @@ sssd_krb5_localauth_plugin_la_LDFLAGS = \
 -module
 endif
 
+dist_krb5snippets_DATA = contrib/enable_sssd_conf_dir
+
 sssd_pac_plugin_la_SOURCES = \
 src/sss_client/sssd_pac.c \
 src/sss_client/common.c \
diff --git a/contrib/enable_sssd_conf_dir b/contrib/enable_sssd_conf_dir
new file mode 100644
index 00..41536579cc
--- /dev/null
+++ b/contrib/enable_sssd_conf_dir
@@ -0,0 +1,5 @@
+# This file should normally be installed by your distribution into a
+# directory that is included from the Kerberos configuration file (/etc/krb5.conf)
+# On Fedora/RHEL/CentOS, this is /etc/krb5.conf.d/
+
+includedir /var/lib/sss/pubconf/krb5.include.d/
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 7f75b1b5a3..5f6f74caf5 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -566,6 +566,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
 cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
 
+# krb5 configuration snippet
+cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir \
+   $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
+
 # Create directory for cifs-idmap alternative
 # Otherwise this directory could not be owned by sssd-client
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils
@@ -792,6 +796,9 @@ done
 %license COPYING
 %{_libdir}/%{name}/libsss_krb5.so
 %{_mandir}/man5/sssd-krb5.5*
+%config(noreplace) %{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
+%dir %{_datadir}/sssd/krb5-snippets
+%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir
 
 %files common-pac
 %license COPYING
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5892][synchronized] Tests: Add a test for BZ2004406

2021-12-02 Thread jakub-vavra-cz

   URL: https://github.com/SSSD/sssd/pull/5892
Author: jakub-vavra-cz
 Title: #5892: Tests: Add a test for BZ2004406
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5892/head:pr5892
git checkout pr5892
From 1ae970b50259d5b0ec1294cf5af03329ee56c8c6 Mon Sep 17 00:00:00 2001
From: Jakub Vavra 
Date: Fri, 26 Nov 2021 07:24:15 +0100
Subject: [PATCH] Tests: Add a test for BZ2004406

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2004406
Verifies: MR#5791
---
 src/tests/multihost/ipa/test_adtrust.py | 79 -
 1 file changed, 78 insertions(+), 1 deletion(-)

diff --git a/src/tests/multihost/ipa/test_adtrust.py b/src/tests/multihost/ipa/test_adtrust.py
index 3f2fc66c1b..c0075a4924 100644
--- a/src/tests/multihost/ipa/test_adtrust.py
+++ b/src/tests/multihost/ipa/test_adtrust.py
@@ -6,13 +6,14 @@
 :upstream: yes
 """
 
+import random
 import re
 import time
 import pytest
 import paramiko
 from sssd.testlib.common.utils import sssdTools
 from sssd.testlib.common.utils import SSHClient
-
+from sssd.testlib.common.utils import ADOperations
 
 @pytest.mark.usefixtures('setup_ipa_client')
 @pytest.mark.tier2
@@ -379,3 +380,79 @@ def test_nss_get_by_name_with_private_group(self, multihost):
 assert cmd_adm.returncode == 0, 'Something wrong with setup!'
 assert cmd_usr.returncode == 0, \
 f"pysss_nss_idmap.getsidbyname for {username} failed"
+
+@staticmethod
+def test_idview_override_group(multihost, create_aduser_group):
+"""
+:title: IPA clients fail to resolve override group names
+:id: 7a0dc871-fdad-4c07-9d07-a092baa83178
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2004406
+:description: Overriding both user and group names and ids in
+  an idview for user and group from AD results in error in sssd
+  when running id command.
+:setup:
+ 1. Create user and group (group1) with posix attributes on AD.
+ 2. Make AD user member of group1.
+ 2. Create additional group (group2) on AD with posix attributes.
+:steps:
+ 1. ID views to override AD groupname and gid of group1.
+ 2. ID view to override AD username, uid and gid (to gid of group2).
+ 3. Run an "id" command for the override user on IPA.
+ client
+:expectedresults:
+  1. View with an override is created.
+  2. User override is added to the view.
+  3. Id command succeeds, group override is visible, all groups are
+  properly resolved.
+"""
+(aduser, adgroup) = create_aduser_group
+adgroup2 = f"group2_{random.randint(, 99)}"
+ado = ADOperations(multihost.ad[0])
+ado.create_ad_unix_group(adgroup2)
+domain = multihost.ad[0].domainname
+
+# Get posix group id from AD
+get_gid_cmd = f"powershell.exe -inputformat none -noprofile 'Get-" \
+  f"ADGroup -Identity {adgroup2} -Properties gidNumber'"
+cmd = multihost.ad[0].run_command(get_gid_cmd, raiseonerr=False)
+adgroup2_id = re.findall("gidNumber.*:[^0-9]+([0-9]+)",
+ cmd.stdout_text)[0]
+
+ipa_client = sssdTools(multihost.client[0])
+ipa_client.clear_sssd_cache()
+ad_user_fqdn = '%s@%s' % (aduser, domain)
+view = f'prygl_trust_view_{random.randint(, 99)}'
+create_view = f'ipa idview-add {view}'
+multihost.master[0].run_command(create_view, raiseonerr=False)
+
+create_grp_override = f'ipa idoverridegroup-add {view} ' \
+  f'{adgroup}@{domain} --group-name "borci" ' \
+  f'--gid=987654'
+multihost.master[0].run_command(create_grp_override, raiseonerr=False)
+
+create_user_override = f'ipa idoverrideuser-add {view} ' \
+   f'{ad_user_fqdn} --login ferko ' \
+   f'--uid=50001 --gidnumber={adgroup2_id}'
+multihost.master[0].run_command(create_user_override, raiseonerr=False)
+# Apply the view on client
+apply_view = f"ipa idview-apply {view} " \
+ f"--hosts={multihost.client[0].sys_hostname}"
+multihost.master[0].run_command(apply_view, raiseonerr=False)
+ipa_client.clear_sssd_cache()
+time.sleep(5)
+id_cmd = f'id ferko@{domain}'
+cmd = multihost.client[0].run_command(id_cmd, raiseonerr=False)
+# TEARDOWN
+ado.delete_ad_user_group(adgroup2)
+delete_id_view = f'ipa idview-del {view}'
+multihost.master[0].run_command(delete_id_view)
+ipa_client.clear_sssd_cache()
+# Test result Evaluation
+assert cmd.returncode == 0, f"User {aduser} was not found."
+assert f"borci@{domain}" in cmd.stdout_text,\
+f"Group 1 {adgroup} name was not over

[SSSD] [sssd PR#5895][closed] Only test no merge

2021-12-02 Thread aborah-sudo

   URL: https://github.com/SSSD/sssd/pull/5895
Author: aborah-sudo
 Title: #5895: Only test no merge
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5895/head:pr5895
git checkout pr5895
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5762][comment] krb5: add support for idp:oauth2 challenge

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5762
Title: #5762: krb5: add support for idp:oauth2 challenge

pbrezina commented:
"""
We got ourselves a number: [PA-REDHAT-IDP-OAUTH2: 
152](https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml)
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5762#issuecomment-984622868
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5869][synchronized] Translations update from Weblate

2021-12-02 Thread weblate

   URL: https://github.com/SSSD/sssd/pull/5869
Author: weblate
 Title: #5869: Translations update from Weblate
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5869/head:pr5869
git checkout pr5869
From dd79a1faa5476d186a673c8af8de42c4980adf5e Mon Sep 17 00:00:00 2001
From: Weblate 
Date: Thu, 2 Dec 2021 14:16:11 +0100
Subject: [PATCH] po: update translations

(Chinese (Simplified) (zh_CN)) currently translated at 99.3% (615 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/

po: update translations

(Spanish) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/

po: update translations

(Korean) currently translated at 13.8% (362 of 2615 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Spanish) currently translated at 96.9% (600 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/

po: update translations

(Korean) currently translated at 13.3% (349 of 2615 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Ukrainian) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/

po: update translations

(Polish) currently translated at 100.0% (619 of 619 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/

Update translation files

Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/

po: update translations

(Korean) currently translated at 13.0% (341 of 2615 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Korean) currently translated at 30.7% (190 of 617 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
---
 po/es.po | 138 ++-
 po/ko.po |   1 +
 po/pl.po |  10 ++--
 po/uk.po |  10 ++--
 po/zh_CN.po  |  16 +++---
 src/man/po/ko.po |  66 ---
 6 files changed, 137 insertions(+), 104 deletions(-)

diff --git a/po/es.po b/po/es.po
index 0e9a0547ee..110542d9a8 100644
--- a/po/es.po
+++ b/po/es.po
@@ -19,7 +19,7 @@ msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
 "POT-Creation-Date: 2021-11-09 16:03+0100\n"
-"PO-Revision-Date: 2021-10-27 15:05+\n"
+"PO-Revision-Date: 2021-12-02 13:16+\n"
 "Last-Translator: Emilio Herrera \n"
 "Language-Team: Spanish \n"
@@ -28,7 +28,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 4.8\n"
+"X-Generator: Weblate 4.9.1\n"
 
 #: src/config/SSSDConfig/sssdoptions.py:20
 #: src/config/SSSDConfig/sssdoptions.py:21
@@ -130,7 +130,7 @@ msgstr ""
 
 #: src/config/SSSDConfig/sssdoptions.py:44
 msgid "Domain to add to names without a domain component."
-msgstr "Dominio para añadir a los nombres sin componente de dominio"
+msgstr "Dominio para añadir a los nombres sin componente de dominio."
 
 #: src/config/SSSDConfig/sssdoptions.py:45
 msgid "The user to drop privileges to"
@@ -349,19 +349,19 @@ msgstr "Lista de uids o nombres de usuario de confianza"
 
 #: src/config/SSSDConfig/sssdoptions.py:95
 msgid "List of domains accessible even for untrusted users."
-msgstr "Lista de dominios accesibles aún para usuarios los que no se confie"
+msgstr "Lista de dominios accesibles aún para usuarios los que no se confíe."
 
 #: src/config/SSSDConfig/sssdoptions.py:96
 msgid "Message printed when user account is expired."
-msgstr "Mensaje impreso cuando una cuenta de usuario expira"
+msgstr "Mensaje impreso cuando una cuenta de usuario expira."
 
 #: src/config/SSSDConfig/sssdoptions.py:97
 msgid "Message printed when user account is locked."
-msgstr "Mensaje impreso cuando una cuenta de usuario es bloqueada"
+msgstr "Mensaje impreso cuando una cuenta de usuario es bloqueada."
 
 #: src/config/SSSDConfig/sssdoptions.py:98
 msgid "Allow certificate based/Smartcard authentication."
-msgstr "Permitir el certificado basado/en autenticación Smartcard"
+msgstr "Permitir el certificado basado/en autenticación Smartcard."
 
 #: src/config/SSSDConfig/sssdoptions.py:99
 msgid "Path to certificate da

[SSSD] [sssd PR#5845][comment] sss-analyze: Fix self imports

2021-12-02 Thread stanislavlevin

  URL: https://github.com/SSSD/sssd/pull/5845
Title: #5845: sss-analyze: Fix self imports

stanislavlevin commented:
"""
@pbrezina, hi, no problem.

The original patch( 1e4d2ebc4ad0d69afa00ab3d2bb481a8f5ddef80) moved 
`sss_analyze` into sbindir, is it ok?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5845#issuecomment-984562283
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5883][+Accepted] Various fixes related forest and site name discovery

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5883
Title: #5883: Various fixes related forest and site name discovery

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5883][-Waiting for review] Various fixes related forest and site name discovery

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5883
Title: #5883: Various fixes related forest and site name discovery

Label: -Waiting for review
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5883][comment] Various fixes related forest and site name discovery

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5883
Title: #5883: Various fixes related forest and site name discovery

pbrezina commented:
"""
Thank you. Ack.

I restarted CI.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5883#issuecomment-984556464
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5894][comment] contrib: sssd krb5 configuration snippet

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5894
Title: #5894: contrib: sssd krb5 configuration snippet

pbrezina commented:
"""
LGTM, just the name of the snippet file can be more descriptive. E.g. 
enable_sssd_conf_dir or something like that.

Since it is based on my code, someone else should review it. #5762 also adds a 
krb5 snippet and I chose to made it little bit more generic then what we do 
with the kcm snippet so it is easy to add more snippets in the future. I 
advised Iker to build up on this.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5894#issuecomment-984552040
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5845][comment] sss-analyze: Fix self imports

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5845
Title: #5845: sss-analyze: Fix self imports

pbrezina commented:
"""
Hi, our plan is to convert the whole sssctl command into Python in near future 
so we can extend the tool more quickly. Since it will be all Python, it should 
be placed in the Python directories. Given this plan, it will be better to keep 
the analyzer there as well so we don't move it again and again.

I'm sorry that we wasted your time. Can you please just submit the original PR 
which just fixes the self imports? Thank you.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5845#issuecomment-984548558
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5872][closed] p11_child: Fixes for authentication

2021-12-02 Thread pbrezina

   URL: https://github.com/SSSD/sssd/pull/5872
Author: dpward
 Title: #5872: p11_child: Fixes for authentication
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5872/head:pr5872
git checkout pr5872
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5872][-Ready to push] p11_child: Fixes for authentication

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5872
Title: #5872: p11_child: Fixes for authentication

Label: -Ready to push
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5872][-Accepted] p11_child: Fixes for authentication

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5872
Title: #5872: p11_child: Fixes for authentication

Label: -Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5872][+Pushed] p11_child: Fixes for authentication

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5872
Title: #5872: p11_child: Fixes for authentication

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5872][comment] p11_child: Fixes for authentication

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5872
Title: #5872: p11_child: Fixes for authentication

pbrezina commented:
"""
Pushed PR: https://github.com/SSSD/sssd/pull/5872

* `master`
* 1cc7b8021aa39931c4294c476ed89fac5c1bb159 - p11_child: Handle failure when 
obtaining module list or names
* 4d877816eeb2cd4e42249eabf7c1772775d864bf - p11_child: Filter certificate 
list in place
* 1c24c3eeea86fbd3f1155a0c54693fdafb4f6958 - p11_child: Combine subsequent 
loops over certificate list
* 33fa634b6d01a3bc894c66afd3ad8c8581779c5b - p11_child: Skip uninitialized 
tokens
* 17ac129082ef1682f9f94ed83f948f8c0dcd167a - p11_child: Adjust exit 
conditions when looping over modules/slots
* 8a4c222b5dd2a2a731d0ea46cf3ecf5d36b20246 - p11_child: Allow slot changes 
to take effect before resuming search
* 2bd61f4b93dada7d36edcf73c5782f7552a9aebc - p11_child: Check if module 
supports C_WaitForSlotEvent()
* bd8b5260f24047801ac28eda1d9f1ceacf9b7bcf - p11_child: Perform URI 
matching inside wait_for_card()
* d1f0dbf1d6f7bdb5dae41dc0e5d1d4e76faa973a - p11_child: Make debug messages 
about URI matching more specific
* e3e2746655d9beae051b06642c967a8ae2235264 - p11_child: Include return 
value of PKCS #11 API calls in debug messages
* 886ba4655b5dba7c08d1bb6ed6815920de5ca16c - p11_child: Fix printing of 
non-null-terminated strings in wait_for_card()

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5872#issuecomment-984546432
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5885][closed] LDAP: expire accounts when today >= shadowExpire

2021-12-02 Thread pbrezina

   URL: https://github.com/SSSD/sssd/pull/5885
Author: VincentVanlaer
 Title: #5885: LDAP: expire accounts when today >= shadowExpire
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5885/head:pr5885
git checkout pr5885
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5885][-Ready to push] LDAP: expire accounts when today >= shadowExpire

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5885
Title: #5885: LDAP: expire accounts when today >= shadowExpire

Label: -Ready to push
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5885][-Accepted] LDAP: expire accounts when today >= shadowExpire

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5885
Title: #5885: LDAP: expire accounts when today >= shadowExpire

Label: -Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5885][+Pushed] LDAP: expire accounts when today >= shadowExpire

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5885
Title: #5885: LDAP: expire accounts when today >= shadowExpire

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5885][comment] LDAP: expire accounts when today >= shadowExpire

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5885
Title: #5885: LDAP: expire accounts when today >= shadowExpire

pbrezina commented:
"""
Pushed PR: https://github.com/SSSD/sssd/pull/5885

* `master`
* 6647203552c646f79da6a1e94f4cb366ce3d1fe9 - LDAP: expire accounts when 
today >= shadowExpire

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5885#issuecomment-984546270
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5896][closed] ifp: fix covscan issues

2021-12-02 Thread pbrezina

   URL: https://github.com/SSSD/sssd/pull/5896
Author: ikerexxe
 Title: #5896: ifp: fix covscan issues
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5896/head:pr5896
git checkout pr5896
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5896][-Ready to push] ifp: fix covscan issues

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5896
Title: #5896: ifp: fix covscan issues

Label: -Ready to push
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5896][-Accepted] ifp: fix covscan issues

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5896
Title: #5896: ifp: fix covscan issues

Label: -Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5896][+Pushed] ifp: fix covscan issues

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5896
Title: #5896: ifp: fix covscan issues

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5896][comment] ifp: fix covscan issues

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5896
Title: #5896: ifp: fix covscan issues

pbrezina commented:
"""
Pushed PR: https://github.com/SSSD/sssd/pull/5896

* `master`
* a34e309005db8ba5a815fc3fe6cb9e1652600452 - ifp: fix covscan issues

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5896#issuecomment-984546099
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5897][closed] Monitor: reduce log severity and add error

2021-12-02 Thread pbrezina

   URL: https://github.com/SSSD/sssd/pull/5897
Author: alexey-tikhonov
 Title: #5897: Monitor: reduce log severity and add error
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5897/head:pr5897
git checkout pr5897
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5897][-Ready to push] Monitor: reduce log severity and add error

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5897
Title: #5897: Monitor: reduce log severity and add error

Label: -Ready to push
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5897][-Accepted] Monitor: reduce log severity and add error

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5897
Title: #5897: Monitor: reduce log severity and add error

Label: -Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5897][+Pushed] Monitor: reduce log severity and add error

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5897
Title: #5897: Monitor: reduce log severity and add error

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5897][comment] Monitor: reduce log severity and add error

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5897
Title: #5897: Monitor: reduce log severity and add error

pbrezina commented:
"""
Pushed PR: https://github.com/SSSD/sssd/pull/5897

* `master`
* 6dae77c8ed74c0bb796074adb6dc68befbf631de - Monitor: reduce log severity 
and add error text in case of fail to read from netlink fd.

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5897#issuecomment-984545968
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5872][+Ready to push] p11_child: Fixes for authentication

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5872
Title: #5872: p11_child: Fixes for authentication

Label: +Ready to push
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5885][+Ready to push] LDAP: expire accounts when today >= shadowExpire

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5885
Title: #5885: LDAP: expire accounts when today >= shadowExpire

Label: +Ready to push
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5896][+Ready to push] ifp: fix covscan issues

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5896
Title: #5896: ifp: fix covscan issues

Label: +Ready to push
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5897][+Ready to push] Monitor: reduce log severity and add error

2021-12-02 Thread pbrezina

  URL: https://github.com/SSSD/sssd/pull/5897
Title: #5897: Monitor: reduce log severity and add error

Label: +Ready to push
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5867][+Waiting for review] usertools: force local user for sssd process user

2021-12-02 Thread ikerexxe

  URL: https://github.com/SSSD/sssd/pull/5867
Title: #5867: usertools: force local user for sssd process user

Label: +Waiting for review
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5867][-Changes requested] usertools: force local user for sssd process user

2021-12-02 Thread ikerexxe

  URL: https://github.com/SSSD/sssd/pull/5867
Title: #5867: usertools: force local user for sssd process user

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5867][synchronized] usertools: force local user for sssd process user

2021-12-02 Thread ikerexxe

   URL: https://github.com/SSSD/sssd/pull/5867
Author: ikerexxe
 Title: #5867: usertools: force local user for sssd process user
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5867/head:pr5867
git checkout pr5867
From 119fa3c2bb0f2e1a6f10fcb32e18512d9cf150b6 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa 
Date: Mon, 23 Aug 2021 12:04:42 +0200
Subject: [PATCH 1/2] usertools: force local user for sssd process user

System hardening by forcing the sssd user to be loaded from a local
database (/etc/passwd) instead of using any remote user. This could
happen in very special conditions and might change the owner of the sssd
databases and generate a denial of service.

Signed-off-by: Iker Pedrosa 
---
 Makefile.am   |  3 +
 src/tests/cwrap/Makefile.am   |  8 ++-
 src/tests/cwrap/common_mock_nss_dl_load.c | 71 +++
 src/tests/cwrap/common_mock_nss_dl_load.h | 30 ++
 src/tests/cwrap/test_responder_common.c   |  7 +++
 src/tests/cwrap/test_usertools.c  |  6 ++
 src/util/nss_dl_load.c| 11 +++-
 src/util/nss_dl_load.h|  3 +
 src/util/nss_dl_load_extra.c  | 51 
 src/util/usertools.c  | 32 +++---
 10 files changed, 211 insertions(+), 11 deletions(-)
 create mode 100644 src/tests/cwrap/common_mock_nss_dl_load.c
 create mode 100644 src/tests/cwrap/common_mock_nss_dl_load.h
 create mode 100644 src/util/nss_dl_load_extra.c

diff --git a/Makefile.am b/Makefile.am
index f6bc9414d0..ebd92afd55 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -884,6 +884,7 @@ dist_noinst_HEADERS = \
 src/tests/cmocka/test_expire_common.h \
 src/tests/cmocka/test_sdap_access.h \
 src/tests/cmocka/data_provider/mock_dp.h \
+src/tests/cwrap/common_mock_nss_dl_load.h \
 src/sss_client/pam_message.h \
 src/sss_client/ssh/sss_ssh_client.h \
 src/sss_client/sudo/sss_sudo.h \
@@ -1265,6 +1266,8 @@ libsss_util_la_SOURCES = \
 src/util/selinux.c \
 src/util/sss_regexp.c \
 src/util/sss_chain_id.c \
+src/util/nss_dl_load.c \
+src/util/nss_dl_load_extra.c \
 $(NULL)
 libsss_util_la_CFLAGS = \
 $(AM_CFLAGS) \
diff --git a/src/tests/cwrap/Makefile.am b/src/tests/cwrap/Makefile.am
index 6d3dc45e57..24e6c4a7c1 100644
--- a/src/tests/cwrap/Makefile.am
+++ b/src/tests/cwrap/Makefile.am
@@ -141,15 +141,18 @@ endif
 
 usertools_tests_SOURCES = \
 test_usertools.c \
+common_mock_nss_dl_load.c \
+../../../src/util/usertools.c \
+../../../src/util/nss_dl_load.c \
 $(NULL)
 usertools_tests_CFLAGS = \
 $(AM_CFLAGS) \
 $(NULL)
 usertools_tests_LDADD = \
+$(LIBADD_DL) \
 $(CMOCKA_LIBS) \
 $(POPT_LIBS) \
 $(TALLOC_LIBS) \
-$(abs_top_builddir)/libsss_util.la \
 $(abs_top_builddir)/libsss_debug.la \
 $(abs_top_builddir)/libsss_test_common.la \
 $(NULL)
@@ -159,9 +162,11 @@ endif
 
 responder_common_tests_SOURCES =\
 test_responder_common.c \
+common_mock_nss_dl_load.c \
 $(SSSD_RESPONDER_IFACE_OBJ) \
 ../../../src/responder/common/negcache_files.c \
 ../../../src/util/nss_dl_load.c \
+../../../src/util/usertools.c \
 ../../../src/responder/common/negcache.c \
 ../../../src/responder/common/responder_common.c \
 ../../../src/responder/common/responder_packet.c \
@@ -179,7 +184,6 @@ responder_common_tests_LDADD = \
 $(SSSD_LIBS) \
 $(SELINUX_LIBS) \
 $(SYSTEMD_DAEMON_LIBS) \
-$(abs_top_builddir)/libsss_util.la \
 $(abs_top_builddir)/libsss_debug.la \
 $(abs_top_builddir)/libsss_test_common.la \
 $(abs_top_builddir)/libsss_iface.la \
diff --git a/src/tests/cwrap/common_mock_nss_dl_load.c b/src/tests/cwrap/common_mock_nss_dl_load.c
new file mode 100644
index 00..f42c5be383
--- /dev/null
+++ b/src/tests/cwrap/common_mock_nss_dl_load.c
@@ -0,0 +1,71 @@
+/*
+Authors:
+Iker Pedrosa 
+
+Copyright (C) 2021 Red Hat
+
+SSSD tests: Fake nss dl load
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see .
+*/
+
+#include 
+#include 
+#include 
+#include 
+
+#include "common_mock_nss_dl_load.h"
+
+
+static enum nss_status
+mock_getpwnam_r(const char *name, struct passwd *result,
+char *buffer, size_t buflen, int *errnop)
+{
+void *pw

42 matches

Mail list logo