=== SSSD 1.11.6 ===

The SSSD team is proud to announce the release of version 1.11.6 of
the System Security Services Daemon.

As always, the source is available from https://fedorahosted.org/sssd

RPM packages will be made available for Fedora 19 and 20 shortly.

== Feedback ==

Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
    https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
    https://lists.fedorahosted.org/mailman/listinfo/sssd-users

== Highlights ==

* This release focuses on delivering bug fixes and a subset of the DBus
  interface from 1.12.
* A new responder, called InfoPipe was added. This responder provides a
  public D-Bus interface accessible over the system bus. In this release,
  only methods for retrieving user attributes and list of groups were
  added. The full interface is being developed in the 1.12 series. The
  primary consumer if this interface subset are Apache modules such as
  mod_lookup_identity or mod_intercept_form_submit
* Fixed bug in the AD responder that caused crashes when authenticating
  as a user from a trusted domain to a system enrolled to a trusted
  domain other than the forest root
* A potential crash on timeout in the autofs client library was fixed.
* Several patches that improve portability of SSSD, especially with
  consideration of BSD systems have been included

== Packaging Changes ==

* The InfoPipe responder is packaged in its own subpackage 

== Documentation Changes ==

* The new InfoPipe responder has several configuration options. Refer to
  the sssd-ifp manual page for details.
* The LDAP provider has a new option ldap_user_extra_attrs that enables the
  administrator to extend the map of attributes downloaded when looking up
  a user. These custom attributes can then be retrieved with the new DBus API.
* A new pam_sss option ignore_authinfo_unavail was added. Setting this
  option makes pam_sss return PAM_IGNORE when SSSD is not running instead
  of PAM_AUTHINFO_UNAVAIL. This option is mostly useful for BSD systems.

== Tickets Fixed ==

https://fedorahosted.org/sssd/ticket/1853
    [RFE] Allow sssd to replace macro (ie. %H) with value specified in
    config file
https://fedorahosted.org/sssd/ticket/2114
    refresh_expired_interval man page doc is not clear
https://fedorahosted.org/sssd/ticket/2294
    In sssd.conf, setting "ldap_group_nesting_level = 0" does not appear
    to work
https://fedorahosted.org/sssd/ticket/2305
    SSSD Crashes when storage experiences high latency
https://fedorahosted.org/sssd/ticket/2312
    Fails to start in interactive mode when stdin isn't a pts device
https://fedorahosted.org/sssd/ticket/2322
    segfault in sssd_be when cross forest users are queried
https://fedorahosted.org/sssd/ticket/2333
    Expanding home directory fails when the request comes from the PAC
    responder
https://fedorahosted.org/sssd/ticket/2334
    Simple access fails to look up primary group when using sssd-ad until
    running the id command.

== Detailed Changelog ==

Alexander Bokovoy (1):
    * ipa subdomains provider: make sure search by SID works for homedir 

Benjamin Franzke (1):
    * BUILD: Link libsss_krb5_common.so to libkeyutils.so 

Jakub Hrozek (36):
    * Updating the version for the 1.11.6 development
    * LDAP: Check the LDAP handle before using it
    * AD: Do not remove non-root domains when looking up root domain
    * Remove duplicate declaration
    * UTIL: Move sss_parse_name_for_domains declaration to util.h
    * IFP: Fix a typo in the Makefile
    * IFP: Re-add the InfoPipe? server
    * IFP: Connect to the system bus
    * TESTS: Create a default sss_names_ctx in create_dom_test_ctx
    * TESTS: Split a separate common_mock_resp_dp module
    * RESPONDERS: Add a new request sss_parse_inp_send
    * LDAP: Fix off-by-one bug in sdap_copy_opts
    * LDAP: Make it possible to extend an attribute map
    * AD: Initialize user_map_cnt in server mode
    * Add a unit test for sss_parse_name_for_domains
    * SBUS: Generate introspection from the interface meta structure
    * SBUS: Create an sbus_method_meta instance for Introspection
    * IFP: Close memstream handle in introspect destructor
    * SBUS: several trivial style fixes
    * SBUS: Fix error handling condition
    * SBUS: Add a convenience function sbus_error_new
    * SBUS: Split out dbus_conn_send
    * SBUS: Add SBUS_CONN_TYPE_SYSBUS
    * SBUS: Add an async request to retrieve the caller ID
    * SBUS: Refactor sbus_message_handler to retrieve caller ID
    * IFP: Add utility functions
    * IFP: use a list of allowed_uids for authentication
    * IFP: Initialize negative cache timeout
    * IFP: Add GetUserAttrs? call
    * IFP: Per-attribute ACL for users
    * SYSDB: return SYSDB_NAME from sysdb_initgroups
    * IFP: Add a GetGroupsList? method
    * MAN: Add sssd-ifp to the list of translatable manual pages
    * BUILD: Disable dbus tests when running distcheck
    * Updating the translations for the 1.11.6 release
    * Updating the translations again for the 1.11.6 release 

Lukas Slebodnik (38):
    * AUTOMAKE: Do not include generated files into tarball
    * UTIL: Use constant instead of value for stdin.
    * MONITOR: Fix start up with empty standard input
    * BUILD: Make samba4 libraries optional
    * BUILD: Explicitly link libsss_ad.so with sasl libs
    * sss_autofs: Check return value of autofs make request
    * sss_autofs: Do not try to free empty autofs context
    * man: Substitute entity values for entity references
    * TEST: Some macros aren't defined in older version of check.
    * TEST: Link ipa_ldap_opt test with openldap libs
    * UTIL: Add function sss_parse_name_const
    * NSS: Refactor expand_homedir_template
    * NSS: Add option to expand homedir template format
    * TEST: Add test for expand homedir
    * SPEC: Remove duplicate sssd_ifp.
    * SBUS: Fix warning declaration shadows a global declaration
    * Remove unused parameter from ifp_user_get_attr_handle_reply
    * Remove unused parameter from ifp_user_get_groups_reply
    * resolv: Do not try to free addrinfo in case of error
    * CONFIGURE: Remove duplicate detection of pam
    * CRYPTO: Use unprefixed version of function stpncpy
    * PAM: macro PAM_DATA_REPLACE isn't available in openpam.
    * PAM: Fix problem with missing declaration.
    * UTIL: Fix order of header files.
    * LDAP: Don't use macro _XOPEN_SOURCE for extra features
    * PAM: add ignore_authinfo_unavail option
    * SDAP: Use portable constant as level in setsockopt
    * PAM: Include header file security/pam_appl.h
    * MAKE: Remove PAM libraries from libsss_simple
    * CONFIGURE: Enhance detection of pam
    * PAM: Fix compilation of pam_test_client with openpam
    * PAM: Use fallback version of some pam macros
    * PAM: Define compatible macros for some functions.
    * SBUS: Define DBUS_ERROR_INIT for old version of dbus
    * SBUS: Include config.h for enabling function in stdio.h
    * Unify usage of function gethostname
    * MAN: Add reference to manual page sssd-sudo
    * KRB: Prevent dereference of a null pointer 

Nikolai Kondrashov (12):
    * Add cscope inverted index files to .gitignore
    * Move DEBUG macro body to debug_fn
    * Remove extra flushing from debug message output
    * Cleanup debug_fn
    * Make DEBUG macro definition variadic
    * Make DEBUG macro invocations variadic
    * Fixup DEBUG macro invocations update
    * Update DEBUG* invocations to use new levels
    * Update debug levels in sss_semanage_error_callback
    * Update debug level in sysdb_check_upgrade_02
    * Remove DEBUG macro support for old debug levels
    * build: Switch to AM_DISTCHECK_CONFIGURE_FLAGS 

Pavel Březina (6):
    * man: clarify refresh_expired_interval
    * IFP: do not create client socket
    * tests: add confdb_path to sss_test_ctx
    * sbus_tests: fix missing invoker in initializer
    * sbus request: fix error initialization
    * SBUS: remove unused variables 

Pavel Reichl (10):
    * SDAP: augmented logging for group saving
    * AD Provider: bug-fix uninitialized variable
    * AD Provider: bugfix use-after-free
    * SYSDB: augmented logging when adding new group
    * LDAP: fix - find primary group by gid
    * MAN: Detailed ldap_group_nesting_level option
    * SDAP: Make nesting_level = 0 to ignore nested groups
    * SDAP: Add option to disable use of Token-Groups
    * refactor calls of sss_parse_name
    * TEST: Remove unused variable 

Stef Walter (13):
    * sbus: Add meta data structures and code generator
    * sbus: Add sbus_vtable and update codegen to support it
    * nss: Stop using one DBus interface with totally different methods
    * sbus: Rework sbus to use interface metadata and vtables
    * sbus: Generate constants from interface definitions
    * sbus: Use constants to make dbus calls
    * sbus: Add struct sbus_request to represent a DBus invocation
    * sbus: Refactor how we export DBus interfaces
    * sbus: Make sbus_new_server() work for non-priveleged processes
    * sbus_tests: Add some testing of dispatch and handler code
    * sbus: Add the sbus_request_parse_or_finish() method
    * sbus: Add type-safe DBus method handlers and finish functions
    * sbus_codegen_tests: Add test case type-safe handler args 

Sumit Bose (1):
    * Make LDAP extra attributes available to IPA and AD 

_______________________________________________
Freeipa-interest mailing list
Freeipa-interest@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-interest

Reply via email to