sssd.git/src/util, branch sudo1-13 Unnamed repository; edit this file 'description' to name the repository. Suppres implicit-fallthrough from gcc 7 2017-09-01T14:15:12+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-01-30T11:17:25+00:00 44a96543957234a5d450e140565a60c488e43d14 Some kind of comments are recognized by gcc7 but they are ignored with -Wimplicit-fallthrough=5 and only attributes disable the warning. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> (cherry picked from commit 2e505786d6d9d537f5b6631099862f6b93e2e687) (cherry picked from commit ff9d6533654d4529e681fbbfa6f118f975e5a333) 
Some kind of comments are recognized by gcc7 but they are ignored with
-Wimplicit-fallthrough=5 and only attributes disable the warning.

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 2e505786d6d9d537f5b6631099862f6b93e2e687)
(cherry picked from commit ff9d6533654d4529e681fbbfa6f118f975e5a333)
utils: add sss_domain_is_forest_root() 2017-04-28T06:49:58+00:00 Sumit Bose sbose@redhat.com 2017-04-04T12:35:47+00:00 31d22b8543366b545dc4b7273e9bcdbf65f8f381 Related to https://pagure.io/SSSD/sssd/issue/3361 Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 712e5b2e4465812c00a8667c75813322373bc657) (cherry picked from commit b5af4ce0bdfa05841c0a856868a7961269cd7bf4) 
Related to https://pagure.io/SSSD/sssd/issue/3361

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

(cherry picked from commit 712e5b2e4465812c00a8667c75813322373bc657)
(cherry picked from commit b5af4ce0bdfa05841c0a856868a7961269cd7bf4)
SSH: Do not print an error message if sss_ssh_authorizedkeys is asked for a local user 2017-04-25T09:49:13+00:00 Jakub Hrozek jhrozek@redhat.com 2016-04-28T08:31:45+00:00 1d84ed488f40ada4afd1dcd48f695863051852fb If an IPA client uses the SSH integration and a local user logs in with SSH, the sss_ssh_authorizedkeys looks up their keys in the SSH responder, which doesn't find the user and returns ENOENT. The sss_ssh_authorizedkeys reports a failure on any error, including ENOENT which produced a confusing error message in the logs. This patch adds a new error code that handles users that are not found by SSSD but exist on the system and also special cases root with the same error code. Therefore, logging in as a local user no longer prints an error message. Resolves: https://fedorahosted.org/sssd/ticket/3003 Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit fcbcfa69f9291936f01f24b5fcb5a7672dca46f3) 
If an IPA client uses the SSH integration and a local user logs in with
SSH, the sss_ssh_authorizedkeys looks up their keys in the SSH
responder, which doesn't find the user and returns ENOENT. The
sss_ssh_authorizedkeys reports a failure on any error, including ENOENT
which produced a confusing error message in the logs.

This patch adds a new error code that handles users that are not found
by SSSD but exist on the system and also special cases root with the
same error code. Therefore, logging in as a local user no longer prints
an error message.

Resolves:
https://fedorahosted.org/sssd/ticket/3003

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit fcbcfa69f9291936f01f24b5fcb5a7672dca46f3)
UTIL: Use max 15 characters for AD host UPN 2017-04-12T21:18:29+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-03-14T09:34:00+00:00 56ca9ad3d7ec7da2e82b51ffc55f6d1367d14f34 We do not want to use host principal with AD "host/name.domain.tld@DOMAIN.TLD" because it does not work. We need to use correct user principal for AD hosts. And we cannot rely all fallback "*$" because of other principals in keytab. The NetBIOS naming convention allows for 16 characters in a NetBIOS name. Microsoft, however, limits NetBIOS names to 15 characters and uses the 16th character as a NetBIOS suffix. https://support.microsoft.com/en-us/help/163409/netbios-suffixes-16th-character-of-the-netbios-name Resolves: https://pagure.io/SSSD/sssd/issue/3329 Reviewed-by: Michal Židek <mzidek@redhat.com> (cherry picked from commit c6f1bc32774a7cf2f8678499dfbced420be3a3a1) (cherry picked from commit fee7386e3af5e55eb3c66d8cf3533075b977a734) 
We do not want to use host principal with AD
"host/name.domain.tld@DOMAIN.TLD" because it does not work.
We need to use correct user principal for AD hosts. And we cannot
rely all fallback "*$" because of other principals in keytab.

The NetBIOS naming convention allows for 16 characters in a NetBIOS
name. Microsoft, however, limits NetBIOS names to 15 characters and
uses the 16th character as a NetBIOS suffix.
https://support.microsoft.com/en-us/help/163409/netbios-suffixes-16th-character-of-the-netbios-name

Resolves:
https://pagure.io/SSSD/sssd/issue/3329

Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit c6f1bc32774a7cf2f8678499dfbced420be3a3a1)
(cherry picked from commit fee7386e3af5e55eb3c66d8cf3533075b977a734)
selinux: Do not fail if SELinux is not managed 2017-04-06T12:01:19+00:00 Michal Židek mzidek@redhat.com 2017-02-08T11:01:37+00:00 963acdfb8b40aca449cf61f85949b4d7bc5ee133 Previously we failed if semanage_is_managed returned 0 or -1 (not managed or error). With this patch we only fail in case of error and continue normally if selinux is not managed by libsemanage at all. Resolves: https://fedorahosted.org/sssd/ticket/3297 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 78a08d30b5fbf6e1e3b589e0cf67022e0c1faa33) (cherry picked from commit 31e4bc07ea17e3e91df28260f6a517b9774b948e) 
Previously we failed if semanage_is_managed returned 0 or -1 (not
managed or error). With this patch we only fail in case of error and
continue normally if selinux is not managed by libsemanage at all.

Resolves:
https://fedorahosted.org/sssd/ticket/3297

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 78a08d30b5fbf6e1e3b589e0cf67022e0c1faa33)
(cherry picked from commit 31e4bc07ea17e3e91df28260f6a517b9774b948e)
UTIL: Sanitize newline and carriage return characters. 2017-03-07T20:11:52+00:00 Victor Tapia victor.tapia@canonical.com 2017-03-02T13:57:08+00:00 48876bb2db90489a115dc7aa87459ef7cfa5242c Introducing valid usernames with a trailing newline character triggers the removal of valid LDB cache entries. Resolves: https://pagure.io/SSSD/sssd/issue/3317 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit ee2906c1d50ab8001863b0a423fe957d4e0bcb37) (cherry picked from commit 59868a81d99b400b9ec6aa972ed5f7de4b462ccf) 
Introducing valid usernames with a trailing newline character triggers
the removal of valid LDB cache entries.

Resolves:
https://pagure.io/SSSD/sssd/issue/3317

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit ee2906c1d50ab8001863b0a423fe957d4e0bcb37)
(cherry picked from commit 59868a81d99b400b9ec6aa972ed5f7de4b462ccf)
UTILS: Fixing duplication of pid file declaration 2017-01-09T16:08:21+00:00 Petr Cech pcech@redhat.com 2016-08-05T12:39:39+00:00 1d897ffa2f6c675a98e27b4f8f336dcda6ea8c80 Resolves: https://fedorahosted.org/sssd/ticket/2978 Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 08cd034c8584b6f058cf565ce66f7f9f7120622f) 
Resolves:
https://fedorahosted.org/sssd/ticket/2978

Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 08cd034c8584b6f058cf565ce66f7f9f7120622f)
UTIL: Fix implicit declaration of function 'htobe32' 2016-11-25T11:27:51+00:00 Lukas Slebodnik lukas.slebodnik@intrak.sk 2016-11-18T16:29:44+00:00 1491279a333f9ecb682c87f7cf3a4c53b9b90ff3 Include internal wrapper header file for endian related functions. The "util/sss_endian.h" include available header file on different platform or it provides compatible macros in the worst case. Breakage noticed when building SSSD on FreeBSD CC src/util/cert/nss/libsss_cert_la-cert.lo src/util/cert/nss/cert.c: In function 'cert_to_ssh_key': src/util/cert/nss/cert.c:358: error: implicit declaration of function 'htobe32' gmake[2]: *** [Makefile:12421: src/util/cert/nss/libsss_cert_la-cert.lo] Error 1 gmake[2]: Leaving directory '/root/sssd_from_git' gmake[1]: *** [Makefile:20050: all-recursive] Error 1 gmake[1]: Leaving directory '/root/sssd_from_git' gmake: *** [Makefile:7116: all] Error 2 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> (cherry picked from commit 58aa8d645fa95641431a2828e985f80c7fc36465) (cherry picked from commit a70351fddb9c26763b2bf658f56ff043a7b3db6f) 
Include internal wrapper header file for endian related functions.
The "util/sss_endian.h" include available header file on different
platform or it provides compatible macros in the worst case.

Breakage noticed when building SSSD on FreeBSD

  CC       src/util/cert/nss/libsss_cert_la-cert.lo
src/util/cert/nss/cert.c: In function 'cert_to_ssh_key':
src/util/cert/nss/cert.c:358: error: implicit declaration of function 'htobe32'
gmake[2]: *** [Makefile:12421: src/util/cert/nss/libsss_cert_la-cert.lo] Error 1
gmake[2]: Leaving directory '/root/sssd_from_git'
gmake[1]: *** [Makefile:20050: all-recursive] Error 1
gmake[1]: Leaving directory '/root/sssd_from_git'
gmake: *** [Makefile:7116: all] Error 2

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 58aa8d645fa95641431a2828e985f80c7fc36465)
(cherry picked from commit a70351fddb9c26763b2bf658f56ff043a7b3db6f)
crypto: Port libcrypto code to openssl-1.1 2016-10-20T12:57:16+00:00 Lukas Slebodnik lslebodn@redhat.com 2016-10-17T13:44:20+00:00 e1917b665ee4a51706c5f3d311d255917c72f459 EVP_MD_CTX and EVP_CIPHER_CTX are opaque in openssl-1.1 Reviewed-by: Tomas Mraz <tmraz@redhat.com> (cherry picked from commit 8f1316a0c677f211eaaa1346e21a03446b8c4fb1) (cherry picked from commit 81ebd058ab8f6ab08b05a7e35e04881812404d43) 
EVP_MD_CTX and EVP_CIPHER_CTX are opaque in openssl-1.1

Reviewed-by: Tomas Mraz <tmraz@redhat.com>
(cherry picked from commit 8f1316a0c677f211eaaa1346e21a03446b8c4fb1)
(cherry picked from commit 81ebd058ab8f6ab08b05a7e35e04881812404d43)
p11: add OCSP default responder options 2016-09-19T09:16:00+00:00 Sumit Bose sbose@redhat.com 2016-04-12T16:14:08+00:00 40963b7d11bae39dfb94fb6d0233eb2e216de03e Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 53ef8f81b60929a6c866efdd133627e7d7d61705) 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 53ef8f81b60929a6c866efdd133627e7d7d61705)