FreeBSD CI: Switch to 15.0-RELEASE and enable testing

[arrowd]

No description provided.

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

[alexey-tikhonov]

Not sure if '-j' will be "stable" but let's see...

[arrowd]

Linux jobs seem to run tests with -j

sssd/.github/workflows/build.yml

Line 41 in 2b43681

make CFLAGS+="$SSS_WARNINGS -Werror" -j$PROCESSORS check

[alexey-tikhonov]

And I wonder if it was the reason of randomly failing
https://github.com/SSSD/sssd/actions/runs/19703082331/job/56443862911

[arrowd]

Why doesn't FreeBSD CI run automatically?

[alexey-tikhonov]

Why doesn't FreeBSD CI run automatically?

Some CI jobs require manual approval by a maintainer with write access.

[arrowd]

Can the FreeBSD build be restarted, please? It failed due to a temporary fluke on the FreeBSD pkg repository side.

[arrowd]

Thanks. I'll work on the last test failure, although I can't reproduce it locally.

[arrowd]

I finally managed to get make check pass, but unfortunately had to skip those failing pam-srv-tests. The test passes for me localy and I even tried running the same VM image that cross-platform-actions use - no luck, the test passes.

[alexey-tikhonov]

Is this statement - Can be removed with FreeBSD 15 - still correct?
FreeBSD version was changed to 15.

[arrowd]

Yes, but the BIND port hasn't catched up yet: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291780
So this hack should stay for a while more.

[alexey-tikhonov]

/gemini review

[gemini-code-assist]

Code Review

This pull request updates the FreeBSD CI to use 15.0-RELEASE and enables testing. The changes include updating shebangs in shell scripts for better portability, adjusting a test assertion to be compatible with FreeBSD, and temporarily disabling a few tests that are failing on the FreeBSD CI environment.

My main feedback is regarding a misleading comment for one of the disabled tests. It's important to have accurate comments, especially when disabling tests, to help future developers understand the context. It would also be beneficial to add comments to the other disabled tests for the same reason.

Overall, the changes look good and are aligned with the goal of improving FreeBSD CI support.

[alexey-tikhonov]

Logs of failing (disabled) pam-srv tests:

• test_pam_auth_upn_logon_name

[ RUN      ] test_pam_auth_upn_logon_name
[sssd] [confdb_init_domain_provider_and_enum] (0x0400): No enumeration for [pam_test]
[sssd] [confdb_init_domain_pwd_expire] (0x1000): pwd_expiration_warning is -1
[sssd] [sysdb_domain_init_internal] (0x0200): DB File for pam_test: tp_pam_srv_tests-test_pam_srv/cache_pam_test.ldb
[sssd] [sysdb_domain_init_internal] (0x0200): Timestamp file for pam_test: tp_pam_srv_tests-test_pam_srv/timestamps_pam_test.ldb
[sssd] [sysdb_ldb_connect] (0x4000): Setting ldb module path to [/home/runner/work/sssd/sssd/ldb_mod_test_dir].
[sssd] [sysdb_ldb_connect] (0x4000): Setting ldb module path to [/home/runner/work/sssd/sssd/ldb_mod_test_dir].
[sssd] [ldb] (0x0400): asq: Unable to register control with rootdse!
[sssd] [sysdb_ldb_connect] (0x4000): Setting ldb module path to [/home/runner/work/sssd/sssd/ldb_mod_test_dir].
[sssd] [sysdb_ldb_connect] (0x4000): Setting ldb module path to [/home/runner/work/sssd/sssd/ldb_mod_test_dir].
[sssd] [sss_names_init_from_args] (0x0100): Using re [^(((?P<domain>[^\\]+)\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<name>[^@\\]+)))$].
[sssd] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s].
[sssd] [sss_names_init_from_args] (0x0100): Using re [^((?P<name>.+)@(?P<domain>[^@]+)|(?P<name>[^@]+))$].
[sssd] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s].
[sssd] [cache_req_domain_new_list_from_domain_resolution_order] (0x0400): Domain resolution order list: not set
[sssd] [sysdb_search_user_by_uid] (0x0400): No such entry
[sssd] [sysdb_ldb_msg_difference] (0x2000): Added attr [lastUpdate] to entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb]
[sssd] [sysdb_set_entry_attr] (0x0200): Entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb] has set [cache, ts_cache] attrs.
[sssd] [sysdb_set_entry_attr] (0x0200): Entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb] has set [ts_cache] attrs.
[sssd] [pam_initgr_check_timeout] (0x4000): User [pamuser] not found in PAM cache.
[sssd] [pam_initgr_cache_set] (0x2000): [pamuser] added to PAM initgroup cache
[sssd] [sysdb_search_user_by_uid] (0x0400): No such entry
[sssd] [sysdb_ldb_msg_difference] (0x2000): Added attr [lastUpdate] to entry [name=wronguser@pam_test,cn=users,cn=pam_test,cn=sysdb]
[sssd] [sysdb_set_entry_attr] (0x0200): Entry [name=wronguser@pam_test,cn=users,cn=pam_test,cn=sysdb] has set [cache, ts_cache] attrs.
[sssd] [sysdb_set_entry_attr] (0x0200): Entry [name=wronguser@pam_test,cn=users,cn=pam_test,cn=sysdb] has set [ts_cache] attrs.
[sssd] [pam_initgr_check_timeout] (0x4000): User [wronguser] not found in PAM cache.
[sssd] [pam_initgr_cache_set] (0x2000): [wronguser] added to PAM initgroup cache
[sssd] [sysdb_ldb_msg_difference] (0x2000): Added attr [cachedPassword] to entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb]
[sssd] [sysdb_set_entry_attr] (0x0200): Entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb] has set [cache, ts_cache] attrs.
[sssd] [sysdb_ldb_msg_difference] (0x2000): Added attr [userPrincipalName] to entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb]
[sssd] [sysdb_set_entry_attr] (0x0200): Entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb] has set [cache, ts_cache] attrs.
[sssd] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate
[sssd] [sss_parse_name_for_domains] (0x0200): name 'upn@pam_test' matched expression for domain 'pam_test', user is upn
[sssd] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
[sssd] [pam_print_data] (0x0100): domain: pam_test
[sssd] [pam_print_data] (0x0100): user: upn
[sssd] [pam_print_data] (0x0100): service: pam_test_service
[sssd] [pam_print_data] (0x0100): tty: /dev/tty
[sssd] [pam_print_data] (0x0100): ruser: remuser
[sssd] [pam_print_data] (0x0100): rhost: remhost
[sssd] [pam_print_data] (0x0100): authtok type: 1 (Password)
[sssd] [pam_print_data] (0x0100): newauthtok type: 0 (No authentication token available)
[sssd] [pam_print_data] (0x0100): priv: 0
[sssd] [pam_print_data] (0x0100): cli_pid: 12345
[sssd] [pam_print_data] (0x0100): child_pid: 0
[sssd] [pam_print_data] (0x0100): logon name: upn@pam_test
[sssd] [pam_print_data] (0x0100): flags: 0
[sssd] [cache_req_set_plugin] (0x2000): CR #0: Setting "Initgroups by name" plugin
[sssd] [cache_req_send] (0x0400): CR #0: REQ_TRACE: New request [CID #0] 'Initgroups by name'
[sssd] [cache_req_process_input] (0x0400): CR #0: Parsing input name [upn@pam_test]
[sssd] [cache_req_set_name] (0x0400): CR #0: Setting name [upn]
[sssd] [cache_req_select_domains] (0x0400): CR #0: Performing a single domain search
[sssd] [sss_domain_get_state] (0x2000): Domain pam_test is Active
[sssd] [cache_req_search_domains] (0x0400): CR #0: Search will check the cache and bypass the data provider
[sssd] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain pam_test type POSIX is valid
[sssd] [cache_req_set_domain] (0x0400): CR #0: Using domain [pam_test]
[sssd] [cache_req_prepare_domain_data] (0x0400): CR #0: Preparing input data for domain [pam_test] rules
[sssd] [cache_req_search_send] (0x0400): CR #0: Looking up upn@pam_test
[sssd] [cache_req_search_ncache] (0x0400): CR #0: Checking negative cache for [upn@pam_test]
[sssd] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/pam_test/upn@pam_test]
[sssd] [cache_req_search_ncache] (0x0400): CR #0: [upn@pam_test] is not present in negative cache
[sssd] [cache_req_search_cache] (0x0400): CR #0: Looking up [upn@pam_test] in cache
[sssd] [cache_req_search_cache] (0x0400): CR #0: Object [upn@pam_test] was not found in cache
[sssd] [cache_req_set_plugin] (0x2000): CR #0: Setting "Initgroups by UPN" plugin
[sssd] [cache_req_set_name] (0x0400): CR #0: Setting name [upn@pam_test]
[sssd] [cache_req_assume_upn] (0x0400): CR #0: Assuming UPN [upn@pam_test]
[sssd] [cache_req_select_domains] (0x0400): CR #0: Performing a multi-domain search
[sssd] [cache_req_search_domains] (0x0400): CR #0: Search will check the cache and bypass the data provider
[sssd] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain pam_test type POSIX is valid
[sssd] [cache_req_set_domain] (0x0400): CR #0: Using domain [pam_test]
[sssd] [cache_req_prepare_domain_data] (0x0400): CR #0: Preparing input data for domain [pam_test] rules
[sssd] [cache_req_search_send] (0x0400): CR #0: Looking up upn@pam_test
[sssd] [cache_req_search_ncache] (0x0400): CR #0: Checking negative cache for [upn@pam_test]
[sssd] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/pam_test/@upn@pam_test]
[sssd] [cache_req_search_ncache] (0x0400): CR #0: [upn@pam_test] is not present in negative cache
[sssd] [cache_req_search_cache] (0x0400): CR #0: Looking up [upn@pam_test] in cache
[sssd] [cache_req_search_send] (0x0400): CR #0: Returning [upn@pam_test] from cache
[sssd] [cache_req_search_ncache_filter] (0x0400): CR #0: This request type does not support filtering result by negative cache
[sssd] [cache_req_create_and_add_result] (0x0400): CR #0: Found 1 entries in domain pam_test
[sssd] [cache_req_done] (0x0400): CR #0: Finished: Success
[sssd] [pam_check_user_search_next] (0x4000): PAM initgroups scheme [no_session].
[sssd] [pam_check_user_search_next] (0x4000): Found a session for uid 123.
[sssd] [pam_initgr_check_timeout] (0x4000): User [upn@pam_test] not found in PAM cache.
[sssd] [pam_check_user_search_next] (0x4000): No new initgroups needed because:
[sssd] [pam_check_user_search_next] (0x4000): there is a active session for user [upn@pam_test].
[sssd] [pd_set_primary_name] (0x0400): User's primary name is pamuser@pam_test
[sssd] [pam_initgr_check_timeout] (0x4000): User [upn@pam_test] not found in PAM cache.
[sssd] [pam_initgr_cache_set] (0x2000): [upn@pam_test] added to PAM initgroup cache
[sssd] [pam_reply] (0x4000): pam_reply initially called with result [0]: Success. this result might be changed during processing
[sssd] [pam_reply] (0x0400): Local auth policy allowed: smartcard [True], passkey [False]
[sssd] [sysdb_ldb_msg_difference] (0x2000): Added attr [lastOnlineAuth] to entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb]
[sssd] [sysdb_set_entry_attr] (0x0200): Entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb] has set [cache, ts_cache] attrs.
[sssd] [pam_reply] (0x4000): pam_reply initially called with result [0]: Success. this result might be changed during processing
[sssd] [pam_reply] (0x0400): Local auth policy allowed: smartcard [True], passkey [False]
[sssd] [filter_responses] (0x0100): PAM response filter: [ENV:KRB5CCNAME:sudo].
[sssd] [filter_responses] (0x0100): PAM response filter: [ENV:KRB5CCNAME:sudo-i].
[sssd] [pam_reply] (0x0200): blen: 25
[sssd] [pam_reply] (0x0200): Returning [0]: Success to the client
[sssd] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
[  ERROR   ] --- Has remaining non-returned values: sss_parse_inp_recv
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here
Has remaining non-returned values: sss_dp_get_account_recv
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here

[  FAILED  ] test_pam_auth_upn_logon_name

[alexey-tikhonov]

• test_pam_preauth_cert_no_logon_name

[ RUN      ] test_pam_preauth_cert_no_logon_name
[sssd] [confdb_init_domain_provider_and_enum] (0x0400): No enumeration for [pam_test]
[sssd] [confdb_init_domain_pwd_expire] (0x1000): pwd_expiration_warning is -1
[sssd] [sysdb_domain_init_internal] (0x0200): DB File for pam_test: tp_pam_srv_tests-test_pam_srv/cache_pam_test.ldb
[sssd] [sysdb_domain_init_internal] (0x0200): Timestamp file for pam_test: tp_pam_srv_tests-test_pam_srv/timestamps_pam_test.ldb
[sssd] [sysdb_ldb_connect] (0x4000): Setting ldb module path to [/home/runner/work/sssd/sssd/ldb_mod_test_dir].
[sssd] [sysdb_ldb_connect] (0x4000): Setting ldb module path to [/home/runner/work/sssd/sssd/ldb_mod_test_dir].
[sssd] [ldb] (0x0400): asq: Unable to register control with rootdse!
[sssd] [sysdb_ldb_connect] (0x4000): Setting ldb module path to [/home/runner/work/sssd/sssd/ldb_mod_test_dir].
[sssd] [sysdb_ldb_connect] (0x4000): Setting ldb module path to [/home/runner/work/sssd/sssd/ldb_mod_test_dir].
[sssd] [sss_names_init_from_args] (0x0100): Using re [^(((?P<domain>[^\\]+)\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<name>[^@\\]+)))$].
[sssd] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s].
[sssd] [sss_names_init_from_args] (0x0100): Using re [^((?P<name>.+)@(?P<domain>[^@]+)|(?P<name>[^@]+))$].
[sssd] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s].
[sssd] [cache_req_domain_new_list_from_domain_resolution_order] (0x0400): Domain resolution order list: not set
[sssd] [sysdb_search_user_by_uid] (0x0400): No such entry
[sssd] [sysdb_ldb_msg_difference] (0x2000): Added attr [lastUpdate] to entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb]
[sssd] [sysdb_set_entry_attr] (0x0200): Entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb] has set [cache, ts_cache] attrs.
[sssd] [sysdb_set_entry_attr] (0x0200): Entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb] has set [ts_cache] attrs.
[sssd] [pam_initgr_check_timeout] (0x4000): User [pamuser] not found in PAM cache.
[sssd] [pam_initgr_cache_set] (0x2000): [pamuser] added to PAM initgroup cache
[sssd] [sysdb_search_user_by_uid] (0x0400): No such entry
[sssd] [sysdb_ldb_msg_difference] (0x2000): Added attr [lastUpdate] to entry [name=wronguser@pam_test,cn=users,cn=pam_test,cn=sysdb]
[sssd] [sysdb_set_entry_attr] (0x0200): Entry [name=wronguser@pam_test,cn=users,cn=pam_test,cn=sysdb] has set [cache, ts_cache] attrs.
[sssd] [sysdb_set_entry_attr] (0x0200): Entry [name=wronguser@pam_test,cn=users,cn=pam_test,cn=sysdb] has set [ts_cache] attrs.
[sssd] [pam_initgr_check_timeout] (0x4000): User [wronguser] not found in PAM cache.
[sssd] [pam_initgr_cache_set] (0x2000): [wronguser] added to PAM initgroup cache
[sssd] [pam_cmd_preauth] (0x0100): entering pam_cmd_preauth
[sssd] [pam_print_data] (0x0100): command: SSS_PAM_PREAUTH
[sssd] [pam_print_data] (0x0100): domain: not set
[sssd] [pam_print_data] (0x0100): user: not set
[sssd] [pam_print_data] (0x0100): service: login
[sssd] [pam_print_data] (0x0100): tty: /dev/tty
[sssd] [pam_print_data] (0x0100): ruser: remuser
[sssd] [pam_print_data] (0x0100): rhost: remhost
[sssd] [pam_print_data] (0x0100): authtok type: 0 (No authentication token available)
[sssd] [pam_print_data] (0x0100): newauthtok type: 0 (No authentication token available)
[sssd] [pam_print_data] (0x0100): priv: 0
[sssd] [pam_print_data] (0x0100): cli_pid: 12345
[sssd] [pam_print_data] (0x0100): child_pid: 0
[sssd] [pam_print_data] (0x0100): logon name: not set
[sssd] [pam_print_data] (0x0100): flags: 0
[sssd] [pam_check_cert_send] (0x4000): Adding PKCS#11 URI [pkcs11:manufacturer=SoftHSM%20project].
[sssd] [sss_child_handler_setup] (0x2000): Setting up signal handler up for pid [86351]
[sssd] [sss_child_handler_setup] (0x2000): Signal handler set up for pid [86351]
exec_child_ex command: [/home/runner/work/sssd/sssd/p11_child]  /home/runner/work/sssd/sssd/p11_child --dumpable=1 --debug-microseconds=-1 --debug-timestamps=-1 --logger=stderr --chain-id=0 --backtrace=1 --debug-level=0x2f7f0 --pre --verify no_ocsp --ca_db /home/runner/work/sssd/sssd/src/tests/test_CA/SSSD_test_CA.pem --uri pkcs11:manufacturer=SoftHSM%20project --timeout 30
[p11_child[86351]] [main] (0x0400): p11_child started.
[p11_child[86351]] [main] (0x2000): Running in [pre-auth] mode.
[p11_child[86351]] [main] (0x2000): Running with effective IDs: [1001][1001].
[p11_child[86351]] [main] (0x2000): Running with real IDs [1001][1001].
[p11_child[86351]] [parse_cert_verify_opts] (0x4000): Found 'no_ocsp' option, disabling OCSP.
[p11_child[86351]] [do_card] (0x4000): URI: pkcs11:manufacturer=SoftHSM%20project
[p11_child[86351]] [do_card] (0x4000): Module List:
[p11_child[86351]] [do_card] (0x4000): common name: [p11-kit-trust].
[p11_child[86351]] [do_card] (0x4000): dll name: [/usr/local/lib/pkcs11/p11-kit-trust.so].
[p11_child[86351]] [do_card] (0x4000): Description [/usr/local/share/p11-kit/certs] Manufacturer [PKCS#11 Kit] flags [1] removable [false] token present [true].
[p11_child[86351]] [do_card] (0x4000): common name: [softhsm2].
[p11_child[86351]] [do_card] (0x4000): dll name: [/usr/local/lib/softhsm/libsofthsm2.so].
[p11_child[86351]] [do_card] (0x4000): Description [SoftHSM slot ID 0xc814ad5] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true].
[p11_child[86351]] [do_card] (0x4000): Token label [SSSD Test Token].
[p11_child[86351]] [do_slot] (0x4000): Found [SSSD Test Token] in slot [SoftHSM slot ID 0xc814ad5][209799893] of module [1][/usr/local/lib/softhsm/libsofthsm2.so].
[p11_child[86351]] [do_slot] (0x4000): Login NOT required.
[p11_child[86351]] [read_certs] (0x4000): found cert[SSSD test cert 0001][/O=SSSD/OU=SSSD test/CN=SSSD test cert 0001]
[p11_child[86351]] [do_slot] (0x4000): (null) /usr/local/lib/softhsm/libsofthsm2.so (null) SSSD Test Token (null) - no label given- C554C9F82C2A9D58B70921C143304153A8A42F17.
[p11_child[86351]] [do_slot] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xc814ad5;slot-manufacturer=SoftHSM%20project;slot-id=209799893;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8731822a0c814ad5;token=SSSD%20Test%20Token;id=%C5%54%C9%F8%2C%2A%9D%58%B7%09%21%C1%43%30%41%53%A8%A4%2F%17;object=SSSD%20test%20cert%200001;type=cert.
[p11_child[86351]] [do_slot] (0x4000): Found certificate has key id [C554C9F82C2A9D58B70921C143304153A8A42F17].
[p11_child[86351]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true].
[p11_child[86351]] [do_card] (0x4000): Token is not initialized; skipping.
[sssd] [_read_pipe_handler] (0x4000): Adding [1024] bytes of data.
[sssd] [_read_pipe_handler] (0x4000): Adding [802] bytes of data.
[sssd] [_read_pipe_handler] (0x0400): EOF received, client finished
[sssd] [parse_p11_child_response] (0x4000): Found token name [SSSD Test Token].
[sssd] [parse_p11_child_response] (0x4000): Found module name [/usr/local/lib/softhsm/libsofthsm2.so].
[sssd] [parse_p11_child_response] (0x4000): Found key id [C554C9F82C2A9D58B70921C143304153A8A42F17].
[sssd] [parse_p11_child_response] (0x4000): Found label [SSSD test cert 0001].
[sssd] [parse_p11_child_response] (0x4000): Found cert [MIIE/TCCAuWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA6MQ0wCwYDVQQKDARTU1NEMRIwEAYDVQQLDAlTU1NEIHRlc3QxFTATBgNVBAMMDFNTU0QgdGVzdCBDQTAeFw0yNjAxMDUxMDMxMzFaFw0yNjA3MjQxMDMxMzFaMEExDTALBgNVBAoMBFNTU0QxEjAQBgNVBAsMCVNTU0QgdGVzdDEcMBoGA1UEAwwTU1NTRCB0ZXN0IGNlcnQgMDAwMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANfzGCUs/4Pnh0ZX+Wd2ZDthGDUYO5pmKXOH+N8C9remxJgOefV/3CbKA3HQdSOWkbvakE5pi2F2nUNkZrJOWlJRj/fLv6m+iQWVjS/1eGDfKFTJEr3m5L8u5jgvy5qhnExc9baI/eTO/a8FBCUy4EKMv6OL+1fZmXwIdSV1jtA+1ItlySVeZG+7mMc8rlb96HwTrpQ15v9256pkDMsFlvmDwGW/10yN/95KUz9H/9q7jRkEFrcJGl11p/+A5r2w0ZV3pGbPB6NnjuSE/CTHq3bdlDttmSTQ0jcfz7+wqQzppZlrLCYu+fIKUiCOBmHnMomC/RkUBpD+dJNrqR7c560CAwEAAaOCAQUwggEBMB8GA1UdIwQYMBaAFBg3LrFmVu3491fKzSAkNuCZFletMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMCQGCWCGSAGG+EIBDQQXFhVTU1NEIHRlc3QgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFLqZmpTbOgVz8KSsrJXxwzW9+HGZMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwTAYDVR0RBEUwQ4Ehc3NzZC1kZXZlbEBsaXN0cy5mZWRvcmFob3N0ZWQub3Jnhh5odHRwczovL2dpdGh1Yi5jb20vU1NTRC9zc3NkLy8wDQYJKoZIhvcNAQELBQADggIBAE0Mas6cptHQ7jTBuV4ogYqN2Li7bBaZ8ewtk7etI2h/qx4FWePXL94cPcP2EMiHtNF6TWjWodpaiOCOH0Z0Z2LBzjmGVN8znWXL23BfxIMcL6joyI1zVpPCEXmVnTkk7vS7K+mkYSApRt79a92ZCoXC54/5lns4qoQiKRNOqeBNNxJ3gPUu+MAyvMk9F5YQ5xrj5gmiUGsxUfiVDyeC7ZHOTFbE42B5teq9VVdx0RbDRF8oqo0cZHlBT6oS5oTAi8qD58DJPX96fs16jXfOuj9GojVcVh4kfbVsSXYiv4qngz/ZH+54l6Kbhsaf/tM+CqDvhpkBv4XbTy9HaSYs6moxvCS6XiNZe05y+Lcm+larAGIiYw5pxEoCvznqg6ztw6BuJMvI0mwUS466j8b/UfeUdBYGuHknIY2oOJLYx2CzmTTA5s4klbMv5NlMOgQPfEr06sntciztb2Xp9des0ugTGJ5aYg+fpej9x5Qq8sXBZW94ZCohhn/kFubHkeYbrfYHlQsiipB9m8fEd+mqwxJBFhtFnezohGWfVQ79X0TWWbYm7Zhg7Ta7lp4ZKJoGgPe/q4fSndPKkUk1kvkYbAS/KGq2vCRxKae5TuBHMw4bYxhBGt7k66DkudX90Mm0/3kW63/BjzV/YcUUiJItoq0Ku/3lAbzFPjtz4/HgC9pf].
[sssd] [cache_req_set_plugin] (0x2000): CR #0: Setting "User by certificate" plugin
[sssd] [cache_req_send] (0x0400): CR #0: REQ_TRACE: New request [CID #0] 'User by certificate'
[sssd] [cache_req_domain_new_list_from_domain_resolution_order] (0x0400): Domain resolution order list: not set
[sssd] [child_sig_handler] (0x1000): Waiting for child [86351].
[sssd] [child_sig_handler] (0x0100): child [86351] finished successfully.
[sssd] [cache_req_select_domains] (0x0400): CR #0: Performing a multi-domain search
[sssd] [cache_req_search_domains] (0x0400): CR #0: Search will check the cache and check the data provider
[sssd] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain pam_test type POSIX is valid
[sssd] [cache_req_set_domain] (0x0400): CR #0: Using domain [pam_test]
[sssd] [cache_req_search_send] (0x0400): CR #0: Looking up CERT:tz4/HgC9pf@pam_test
[sssd] [cache_req_search_ncache] (0x0400): CR #0: Checking negative cache for [CERT:tz4/HgC9pf@pam_test]
[sssd] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/CERT/MIIE/TCCAuWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA6MQ0wCwYDVQQKDARTU1NEMRIwEAYDVQQLDAlTU1NEIHRlc3QxFTATBgNVBAMMDFNTU0QgdGVzdCBDQTAeFw0yNjAxMDUxMDMxMzFaFw0yNjA3MjQxMDMxMzFaMEExDTALBgNVBAoMBFNTU0QxEjAQBgNVBAsMCVNTU0QgdGVzdDEcMBoGA1UEAwwTU1NTRCB0ZXN0IGNlcnQgMDAwMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANfzGCUs/4Pnh0ZX+Wd2ZDthGDUYO5pmKXOH+N8C9remxJgOefV/3CbKA3HQdSOWkbvakE5pi2F2nUNkZrJOWlJRj/fLv6m+iQWVjS/1eGDfKFTJEr3m5L8u5jgvy5qhnExc9baI/eTO/a8FBCUy4EKMv6OL+1fZmXwIdSV1jtA+1ItlySVeZG+7mMc8rlb96HwTrpQ15v9256pkDMsFlvmDwGW/10yN/95KUz9H/9q7jRkEFrcJGl11p/+A5r2w0ZV3pGbPB6NnjuSE/CTHq3bdlDttmSTQ0jcfz7+wqQzppZlrLCYu+fIKUiCOBmHnMomC/RkUBpD+dJNrqR7c560CAwEAAaOCAQUwggEBMB8GA1UdIwQYMBaAFBg3LrFmVu3491fKzSAkNuCZFletMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMCQGCWCGSAGG+EIBDQQXFhVTU1NEIHRlc3QgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFLqZmpTbOgVz8KSsrJXxwzW9+HGZMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwTAYDVR0RBEUwQ4Ehc3NzZC1kZXZlbEBsaXN0cy5mZWRvcmFob3N0ZWQub3Jnhh5odHRwczovL2dpdGh1Yi5jb20vU1NTRC9zc3NkLy8wDQYJKoZIhvcNAQELBQADggIBAE0Mas6cptHQ7jTBuV4ogYqN2Li7bBaZ8ewtk7etI2h/qx4FWePXL94cPcP2EMiHtNF6TWjWodpaiOCOH0Z0Z2LBzjmGVN8znWXL23BfxIMcL6joyI1zVpPCEXmVnTkk7vS7K+mkYSApRt79a92ZCoXC54/5lns4qoQiKRNOqeBNNxJ3gPUu+MAyvMk9F5YQ5xrj5gmiUGsxUfiVDyeC7ZHOTFbE42B5teq9VVdx0RbDRF8oqo0cZHlBT6oS5oTAi8qD58DJPX96fs16jXfOuj9GojVcVh4kfbVsSXYiv4qngz/ZH+54l6Kbhsaf/tM+CqDvhpkBv4XbTy9HaSYs6moxvCS6XiNZe05y+Lcm+larAGIiYw5pxEoCvznqg6ztw6BuJMvI0mwUS466j8b/UfeUdBYGuHknIY2oOJLYx2CzmTTA5s4klbMv5NlMOgQPfEr06sntciztb2Xp9des0ugTGJ5aYg+fpej9x5Qq8sXBZW94ZCohhn/kFubHkeYbrfYHlQsiipB9m8fEd+mqwxJBFhtFnezohGWfVQ79X0TWWbYm7Zhg7Ta7lp4ZKJoGgPe/q4fSndPKkUk1kvkYbAS/KGq2vCRxKae5TuBHMw4bYxhBGt7k66DkudX90Mm0/3kW63/BjzV/YcUUiJItoq0Ku/3lAbzFPjtz4/HgC9pf]
[sssd] [cache_req_search_ncache] (0x0400): CR #0: [CERT:tz4/HgC9pf@pam_test] is not present in negative cache
[sssd] [cache_req_search_cache] (0x0400): CR #0: Looking up [CERT:tz4/HgC9pf@pam_test] in cache
[sssd] [sysdb_search_object_attr] (0x0400): No such entry.
[sssd] [sysdb_search_user_by_cert_with_views] (0x0040): sysdb_search_user_by_cert failed.
[sssd] [cache_req_search_cache] (0x0400): CR #0: Object [CERT:tz4/HgC9pf@pam_test] was not found in cache
[sssd] [cache_req_search_dp] (0x0400): CR #0: Looking up [CERT:tz4/HgC9pf@pam_test] in data provider
[sssd] [sysdb_ldb_msg_difference] (0x2000): Added attr [userMappedCertificate] to entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb]
[sssd] [sysdb_set_entry_attr] (0x0200): Entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb] has set [cache, ts_cache] attrs.
[sssd] [cache_req_search_cache] (0x0400): CR #0: Looking up [CERT:tz4/HgC9pf@pam_test] in cache
[sssd] [cache_req_search_ncache_filter] (0x0400): CR #0: This request type does not support filtering result by negative cache
[sssd] [cache_req_search_done] (0x0400): CR #0: Returning updated object [CERT:tz4/HgC9pf@pam_test]
[sssd] [cache_req_create_and_add_result] (0x0400): CR #0: Found 1 entries in domain pam_test
[sssd] [cache_req_done] (0x0400): CR #0: Finished: Success
[sssd] [pam_forwarder_lookup_by_cert_done] (0x4000): Found [1] certificates and [1] related users.
[sssd] [pam_forwarder_lookup_by_cert_done] (0x0200): Found certificate user [pamuser@pam_test].
[sssd] [sss_parse_name_for_domains] (0x0200): name 'pamuser@pam_test' matched expression for domain 'pam_test', user is pamuser
[sssd] [cache_req_set_plugin] (0x2000): CR #1: Setting "Initgroups by name" plugin
[sssd] [cache_req_send] (0x0400): CR #1: REQ_TRACE: New request [CID #0] 'Initgroups by name'
[sssd] [cache_req_process_input] (0x0400): CR #1: Parsing input name [pamuser@pam_test]
[sssd] [cache_req_set_name] (0x0400): CR #1: Setting name [pamuser]
[sssd] [cache_req_select_domains] (0x0400): CR #1: Performing a multi-domain search
[sssd] [cache_req_search_domains] (0x0400): CR #1: Search will check the cache and bypass the data provider
[sssd] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain pam_test type POSIX is valid
[sssd] [cache_req_set_domain] (0x0400): CR #1: Using domain [pam_test]
[sssd] [cache_req_prepare_domain_data] (0x0400): CR #1: Preparing input data for domain [pam_test] rules
[sssd] [cache_req_search_send] (0x0400): CR #1: Looking up pamuser@pam_test
[sssd] [cache_req_search_ncache] (0x0400): CR #1: Checking negative cache for [pamuser@pam_test]
[sssd] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/pam_test/pamuser@pam_test]
[sssd] [cache_req_search_ncache] (0x0400): CR #1: [pamuser@pam_test] is not present in negative cache
[sssd] [cache_req_search_cache] (0x0400): CR #1: Looking up [pamuser@pam_test] in cache
[sssd] [cache_req_search_send] (0x0400): CR #1: Returning [pamuser@pam_test] from cache
[sssd] [cache_req_search_ncache_filter] (0x0400): CR #1: This request type does not support filtering result by negative cache
[sssd] [cache_req_create_and_add_result] (0x0400): CR #1: Found 1 entries in domain pam_test
[sssd] [cache_req_done] (0x0400): CR #1: Finished: Success
[sssd] [pam_check_user_search_next] (0x4000): PAM initgroups scheme [no_session].
[sssd] [pam_check_user_search_next] (0x4000): Found a session for uid 123.
[sssd] [pam_initgr_check_timeout] (0x4000): User [pamuser@pam_test] not found in PAM cache.
[sssd] [pam_check_user_search_next] (0x4000): No new initgroups needed because:
[sssd] [pam_check_user_search_next] (0x4000): there is a active session for user [pamuser@pam_test].
[sssd] [pd_set_primary_name] (0x0400): User's primary name is pamuser@pam_test
[sssd] [pam_initgr_check_timeout] (0x4000): User [pamuser@pam_test] not found in PAM cache.
[sssd] [pam_initgr_cache_set] (0x2000): [pamuser@pam_test] added to PAM initgroup cache
[sssd] [sss_domain_get_state] (0x2000): Domain pam_test is Active
[sssd] [pam_reply] (0x4000): pam_reply initially called with result [0]: Success. this result might be changed during processing
[sssd] [pam_reply] (0x0400): Local auth policy allowed: smartcard [True], passkey [False]
[sssd] [filter_responses] (0x0100): PAM response filter: [ENV:KRB5CCNAME:sudo].
[sssd] [filter_responses] (0x0100): PAM response filter: [ENV:KRB5CCNAME:sudo-i].
[sssd] [pam_eval_prompting_config] (0x4000): No prompting configuration found.
[sssd] [pam_reply] (0x0200): blen: 236
[sssd] [pam_reply] (0x0200): Returning [0]: Success to the client
[sssd] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
[  ERROR   ] --- Has remaining non-returned values: sss_dp_get_account_recv
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here
Has remaining non-returned values: sss_parse_inp_recv
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here

[  FAILED  ] test_pam_preauth_cert_no_logon_name

[alexey-tikhonov]

• test_pam_cert_auth_no_logon_name

[ RUN      ] test_pam_cert_auth_no_logon_name
[sssd] [confdb_init_domain_provider_and_enum] (0x0400): No enumeration for [pam_test]
[sssd] [confdb_init_domain_pwd_expire] (0x1000): pwd_expiration_warning is -1
[sssd] [sysdb_domain_init_internal] (0x0200): DB File for pam_test: tp_pam_srv_tests-test_pam_srv/cache_pam_test.ldb
[sssd] [sysdb_domain_init_internal] (0x0200): Timestamp file for pam_test: tp_pam_srv_tests-test_pam_srv/timestamps_pam_test.ldb
[sssd] [sysdb_ldb_connect] (0x4000): Setting ldb module path to [/home/runner/work/sssd/sssd/ldb_mod_test_dir].
[sssd] [sysdb_ldb_connect] (0x4000): Setting ldb module path to [/home/runner/work/sssd/sssd/ldb_mod_test_dir].
...
[sssd] [pam_forwarder_lookup_by_cert_done] (0x4000): Found [1] certificates and [1] related users.
[sssd] [pam_reply] (0x4000): pam_reply initially called with result [0]: Success. this result might be changed during processing
[sssd] [pam_reply] (0x0400): Local auth policy allowed: smartcard [True], passkey [False]
[sssd] [sysdb_ldb_msg_difference] (0x2000): Added attr [lastOnlineAuth] to entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb]
[sssd] [sysdb_set_entry_attr] (0x0200): Entry [name=pamuser@pam_test,cn=users,cn=pam_test,cn=sysdb] has set [cache, ts_cache] attrs.
[sssd] [pam_reply] (0x4000): pam_reply initially called with result [0]: Success. this result might be changed during processing
[sssd] [pam_reply] (0x0400): Local auth policy allowed: smartcard [True], passkey [False]
[sssd] [filter_responses] (0x0100): PAM response filter: [ENV:KRB5CCNAME:sudo].
[sssd] [filter_responses] (0x0100): PAM response filter: [ENV:KRB5CCNAME:sudo-i].
[sssd] [pam_reply] (0x0200): blen: 236
[sssd] [pam_reply] (0x0200): Returning [0]: Success to the client
[  ERROR   ] --- Has remaining non-returned values: sss_dp_get_account_recv
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here
Has remaining non-returned values: sss_parse_inp_recv
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here

[  FAILED  ] test_pam_cert_auth_no_logon_name

[alexey-tikhonov]

Logs of failing (disabled) pam-srv tests:

Common point of failure:

[sssd] [pam_reply] (0x0200): Returning [0]: Success to the client
[sssd] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
[  ERROR   ] --- Has remaining non-returned values: *
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here
(null):2166014: note: remaining item was declared here
Has remaining non-returned values: *

@sumit-bose, would you have an idea how to debug this further?