Skip to content

[autobackport: sssd-2-9] ipa trust bugfix and improvement of handling unknown trust type error#8274

Merged
alexey-tikhonov merged 2 commits intoSSSD:sssd-2-9from
sssd-bot:SSSD-sssd-backport-pr8258-to-sssd-2-9
Dec 12, 2025
Merged

[autobackport: sssd-2-9] ipa trust bugfix and improvement of handling unknown trust type error#8274
alexey-tikhonov merged 2 commits intoSSSD:sssd-2-9from
sssd-bot:SSSD-sssd-backport-pr8258-to-sssd-2-9

Conversation

@sssd-bot
Copy link
Contributor

@sssd-bot sssd-bot commented Dec 5, 2025

This is an automatic backport of PR#8258 ipa trust bugfix and improvement of handling unknown trust type error to branch sssd-2-9, created by @justin-stephenson.

Please make sure this backport is correct.

Note

The commits were cherry-picked without conflicts.

You can push changes to this pull request

git remote add sssd-bot git@github.com:sssd-bot/sssd.git
git fetch sssd-bot refs/heads/SSSD-sssd-backport-pr8258-to-sssd-2-9
git checkout SSSD-sssd-backport-pr8258-to-sssd-2-9
git push sssd-bot SSSD-sssd-backport-pr8258-to-sssd-2-9 --force

Original commits
f2e8e51 - ipa: Fix typo in trust type conditional
50527dc - ipa: improve unknown trust type error return

Backported commits

  • a51d2c4 - ipa: Fix typo in trust type conditional
  • b023162 - ipa: improve unknown trust type error return

Original Pull Request Body

gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 5, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request backports two important fixes for IPA trust handling. The first change corrects a copy-paste error in a conditional, ensuring that IPA_TRUST_IPA is handled correctly. This is a critical fix for the logic. The second change improves error handling for unknown trust types by returning a more appropriate error code (EINVAL) and enhancing the debug message, which improves robustness and debuggability. The changes are correct and well-implemented. I have no further recommendations.

@alexey-tikhonov alexey-tikhonov removed their request for review December 5, 2025 16:25
@alexey-tikhonov alexey-tikhonov removed their assignment Dec 5, 2025
@alexey-tikhonov alexey-tikhonov added the no-backport This should go to target branch only. label Dec 5, 2025
@alexey-tikhonov alexey-tikhonov removed the request for review from sumit-bose December 12, 2025 08:31
@alexey-tikhonov
Copy link
Member

alexey-tikhonov commented Dec 12, 2025

FAILED tests/test_access_control_simple.py::test_access_control_simple__permits_user_login_based_on_group (samba) is a known issue.

@justin-stephenson @sssd-bot
ipa: Fix typo in trust type conditional
5f5c9ad 
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit f2e8e51)
@justin-stephenson @sssd-bot
ipa: improve unknown trust type error return
09c103d 
If trust type is unknown for an IPA subdomain request, return
EINVAL instead of ENOMEM, and improve the logged error message.

Trust type should always be IPA_TRUST_IPA, or IPA_TRUST_AD, if
trust discovery and initialization fails early on we can reach this
codepath however.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 50527dc)
@sssd-bot
Copy link
Contributor Author

sssd-bot commented Dec 12, 2025

The pull request was accepted by @alexey-tikhonov with the following PR CI status:

🟢 CodeQL (success)
🟢 rpm-build:centos-stream-9-x86_64:upstream (success)
🟢 Analyze (target) / cppcheck (success)
🟢 Build / make-distcheck (success)
🟢 ci / prepare (success)
🔴 ci / system (centos-9) (failure)
🟢 Static code analysis / codeql (success)
🟢 Static code analysis / pre-commit (success)
🟢 Static code analysis / python-system-tests (success)

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.

@sssd-bot sssd-bot force-pushed the SSSD-sssd-backport-pr8258-to-sssd-2-9 branch from b023162 to 09c103d Compare December 12, 2025 08:32
@alexey-tikhonov alexey-tikhonov merged commit 9e7eb46 into SSSD:sssd-2-9 Dec 12, 2025
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexey-tikhonov alexey-tikhonov alexey-tikhonov approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@alexey-tikhonov alexey-tikhonov

Labels

Accepted no-backport This should go to target branch only.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sssd-bot @alexey-tikhonov @sumit-bose @justin-stephenson