<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Timo Aaltonen pushed to branch master
at <a href="https://salsa.debian.org/sssd-team/sssd">Debian SSSD packaging / sssd</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bb48af24ed33324011bfe6e7bfbb19fd75fb47b8">bb48af24</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-07-27T11:21:58+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update version in version.m4 to track the next release
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bb7d80d217c7a57c43336d043ba44c23ccf06e21">bb7d80d2</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">DLOPEN-TESTS: Fix error too few arguments to function ‘_ck_assert_failed’
* add missing messages to fail_{if,unless} macros
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7e44cfd910d19fd0135caec31b8feb77ad0c421e">7e44cfd9</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB-TESTS: Fix error too few arguments to function ‘_ck_assert_failed’
* add missing messages to fail_{if,unless} macros
* convert assertions to different macros
e.g.
src/tests/sysdb-tests.c:6622:5: error: too few arguments to function ‘_ck_assert_failed’
6622 | fail_if(ret != EOK);
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a0945dca18b69970ea7402ff98fbfd26fd72d8cc">a0945dca</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB-TESTS: Fix format string
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bae2b416e7d71da11305689ecf2be1ce28983c9f">bae2b416</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">STRTONUM-TESTS: Fix format string issues
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4954da70bd8f2fa0aa6e797bf61546f98f17f4d6">4954da70</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">RESOLV-TESTS: Fix error too few arguments to function ‘_ck_assert_failed’
* add missing messages to fail_{if,unless} macros
* convert assertions to different macros
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dc598c53e666d357a0b18dc84731937f0c45ae0a">dc598c53</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">KRB5-UTILS-TESTS: Fix error too few arguments to function ‘_ck_assert_failed’
* add missing messages to fail_{if,unless} macros
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d46b44f34b335fc7a8c2807ea247037375efcbb8">d46b44f3</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">KRB5-UTILS-TESTS: Fix format string issues
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/692f6b7ed2c6350256b24c1f6ed2de2d0a1ba336">692f6b7e</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CHECK-AND-OPEN-TESTS: Fix format string issues
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0b89f51176f0f60aac7c1998e349a78cf4f1b405">0b89f511</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">REFCOUNT-TESTS: Fix error too few arguments to function ‘_ck_assert_failed’
* add missing messages to fail_{if,unless} macros
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1bb4238123baf547b79ac5e6df8f83408d53d72d">1bb42381</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">FAIL-OVER-TESTS: Fix error too few arguments to function ‘_ck_assert_failed’
* add missing messages to fail_{if,unless} macros
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a933f60edf2628404bbf9c6054fba5a85cd3c261">a933f60e</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">FAIL-OVER-TESTS: Fix format string issues
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6c5374f937df45b6143cbbdcbe94495b2de373c5">6c5374f9</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">AUTH-TESTS: Fix format string issues
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e2dc5c3b332df9f7e06a7ff95db717b6b852762e">e2dc5c3b</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">IPA-LDAP-OPT-TESTS: Fix error too few arguments to function ‘_ck_assert_failed’
* add missing messages to fail_{if,unless} macros
* convert assertions to different macros
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0c20b4bdd4ef510017fb08821f87c86647782ff8">0c20b4bd</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CRYPTO-TESTS: Fix error too few arguments to function ‘_ck_assert_failed’
* add missing messages to fail_{if,unless} macros
* convert assertions to different macros
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2e270367691491c70438f9f06330755e363015c3">2e270367</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UTIL-TESTS: Fix error too few arguments to function ‘_ck_assert_failed’
* add missing messages to fail_{if,unless} macros
* convert assertions to different macros
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2cb158559bce18452cb8a0b95a8b9a8e05adca2b">2cb15855</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UTIL-TESTS: Fix format string issues
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/da64aea718871a8f0eb4965569785e24d8fd545a">da64aea7</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">IPA-HBAC-TESTS: Fix error too few arguments to function ‘_ck_assert_failed’
* add missing messages to fail_{if,unless} macros
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cc8962105971fd7b572887acee109f6d4882249e">cc896210</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SSS-IDMAP-TESTS: Fix format string issues
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c445d1694db4de01152cc871330e5b17855968a3">c445d169</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">RESPONDER-SOCKET-ACCESS-TESTS: Fix format string issues
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d47e442dc3887de8c015ccbb84a413097dcfeed4">d47e442d</a></strong>
<div>
<span>by Lukas Slebodnik</span>
<i>at 2020-07-28T12:28:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">DEBUG-TESTS: Fix warnings format not a string literal and no format arguments
e.g.
src/tests/resolv-tests.c: In function ‘test_timeout’:
src/tests/resolv-tests.c:942:5: error: format not a string literal and no format arguments [-Werror=format-security]
942 | ck_leaks_pop(tmp_ctx);
|
src/tests/debug-tests.c:413:9: error: format not a string literal and no format arguments [-Werror=format-security]
413 | fail_if(result == DEBUG_TEST_NOK_TS, msg);
| ^~~~~~~
src/tests/debug-tests.c: In function ‘test_debug_is_notset_timestamp_microseconds_fn’:
src/tests/debug-tests.c:603:13: error: format not a string literal and no format arguments [-Werror=format-security]
603 | fail(error_msg);
|
src/tests/debug-tests.c: In function ‘test_debug_is_set_false_fn’:
src/tests/debug-tests.c:671:9: error: format not a string literal and no format arguments [-Werror=format-security]
671 | fail_unless(result == 0, msg);
|
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3bb910503bb7cbc20105f0a302db400f04436d2a">3bb91050</a></strong>
<div>
<span>by ikerexxe</span>
<i>at 2020-08-20T11:45:43+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">man: clarify AD certificate rule
Clarify AD specific certificate rule example by changing userPrincipal to
userPrincipalName. Moreover, match the subject principal name in the
example with the rule name.
Resolves:
https://github.com/SSSD/sssd/issues/5278
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4526858adb58736066a0b2cf2dc793ddfe671b2b">4526858a</a></strong>
<div>
<span>by ikerexxe</span>
<i>at 2020-08-20T11:46:32+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">config: allow prompting options in configuration
False warnings were logged after enabling prompting options in
configuration file. This change modifies the configuration rules to
allow prompting options.
Resolves:
https://github.com/SSSD/sssd/issues/5259
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4ad1dfa35b1bb782bde2136c4be5acb42823f4de">4ad1dfa3</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-08-20T11:53:07+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Got rid of unused Transifex settings (".tx")
Relates:
https://github.com/SSSD/sssd/issues/5097
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/70898d98a3c057c93c3223cd4c0835dbd0f871e8">70898d98</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-08-20T11:53:07+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Got rid of "zanata.xml" due to migration to Weblate.
Relates:
https://github.com/SSSD/sssd/issues/5097
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/10366b4ee8c01ea20d908102e92d52fdeda168c3">10366b4e</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-08-21T10:49:43+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">p11_child: switch default ocsp_dgst to sha1
For details please see discussion at
https://github.com/SSSD/sssd/pull/837#issuecomment-672831519
:newdefault: sssd:certificate_verification:ocsp_dgst, sha256, sha1
Resolves:
https://github.com/SSSD/sssd/issues/5002
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/00ae18dc9fd05a0dd12043d50a7fc0f1123bbc85">00ae18dc</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2020-08-24T11:13:35+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">KCM: Increase client idle timeout to 5 minutes
Increase the default timeout to allow time for
user interaction on the command-line with kinit.
Resolves:
https://github.com/SSSD/sssd/issues/4829
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a4af77e08bfa967ba21b789270681e29cc2f370a">a4af77e0</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2020-08-24T11:15:33+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CONFIG: Add SR exclude_users exclude_groups options
Add options to allow explicitly excluding users and groups from
enforcing session recording. These options are recognized only
when the SR configuration defines 'scope=all'.
Resolves:
https://github.com/SSSD/sssd/issues/5089
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0049ec8554f489414069ffbfde693fc9577db602">0049ec85</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2020-08-24T11:15:43+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UTIL: Add support for SR exclude_users exclude_groups
Read the exclude_* option values to be applied elsewhere when
'scope=all'.
Resolves:
https://github.com/SSSD/sssd/issues/5089
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/38df7a3bbb872833c8f5278f055008a7c7fe95cd">38df7a3b</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2020-08-24T11:15:46+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">NSS: Rely on sessionRecording attribute
Don't force the tlog-rec-session shell when 'scope=all' is set,
instead read the sessionRecording attribute allowing
exclude_* options to work properly.
Resolves:
https://github.com/SSSD/sssd/issues/5089
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3a3be1cba1522fc43c2f174aff299b5901d9c4a7">3a3be1cb</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2020-08-24T11:15:49+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">PAM: Rely on sessionRecording attribute
Don't force the tlog-rec-session shell when 'scope=all' is set,
instead read the sessionRecording attribute allowing
exclude_* options to work properly.
Resolves:
https://github.com/SSSD/sssd/issues/5089
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c51a9f6be14aa1ac5b5b685b11394488bf7fb685">c51a9f6b</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2020-08-24T11:15:52+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">DP: Support SR excludes in initgroups postprocessing
When 'scope=all' is configured, set the user sessionRecording attribute
to false if a match is found with 'exclude_users' and 'exclude_groups'
values, and true otherwise, when no exclude match is found.
Resolves:
https://github.com/SSSD/sssd/issues/5089
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/19602d9a8e2e47e668e80d559f2a5a6af3cf97a6">19602d9a</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2020-08-24T11:15:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CACHE_REQ: Support SR exclude options
When 'scope=all' is configured, set the user sessionRecording
attribute to false if a match is found with 'exclude_users' and
'exclude_groups' values, and true otherwise, when no exclude match is found.
Resolves:
https://github.com/SSSD/sssd/issues/5089
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d947ac7aff2e56c87347d41744b51edee8e13393">d947ac7a</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2020-08-24T11:15:57+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">INTG: Add session recording exclude tests
Add basic tests for exclude_users and exclude_groups options.
Resolves:
https://github.com/SSSD/sssd/issues/5089
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/733cafd72ee61cee34980da5825b5c09225e1b0f">733cafd7</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2020-08-24T11:16:00+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">MAN: Add SR exclude_users and exclude_groups options
Resolves:
https://github.com/SSSD/sssd/issues/5089
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2b73285ef603389926ea578b901d3f9013c57fa9">2b73285e</a></strong>
<div>
<span>by Jonatan Pålsson</span>
<i>at 2020-08-27T14:03:31+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">build: Don't use AC_CHECK_FILE when building manpages
AC_CHECK_FILE does not support cross-compilation, and will only check
the host rootfs. Replace AC_CHECK_FILE with a 'test -f <FILE>' instead,
to allow building manpages when cross-compiling.
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/266ecc083d5fe9f576b7932a80ecb014d2d25311">266ecc08</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-08-27T14:05:09+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop support of libnss as a crypto backend
Resolves: https://github.com/SSSD/sssd/issues/1041
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a2911482a00dfad79e5f69d42d7e882fc0c717af">a2911482</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-08-27T14:05:09+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Get rid of "NSS DB" references.
Resolves: https://github.com/SSSD/sssd/issues/1041
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/20787da9dc7bc1361116e3a794678af5e1511003">20787da9</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2020-09-01T11:35:09+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">use prerealease option in make srpm script
With --prereleasae option enabled make_srpm.sh script can set different
version each time copr build is created. It adds date time and git
commit hash in the build version.
eg.
2.3.2-0.20200826.1356.gitdb1049057.fc31
Signed-off-by: Steeve Goveas <sgoveas@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2f4140fa663b74c5390e2c4f3647db0505ff5f85">2f4140fa</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2020-09-01T11:36:21+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">libdirsrv should be modified to be compatible with new DS
Directory Server 1.4.x
As DS is going to get rid of setup-ds.pl file completely. We need to change the same on our side too.
Reviewed-by: Niranjan Mallapadi <mrniranjan@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f4322cd9521672ab11c76acbbd522ce74abf8ca6">f4322cd9</a></strong>
<div>
<span>by Niranjan M.R</span>
<i>at 2020-09-03T13:07:36+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pytest/testlib: Execute pk12util command to create ca.p12
execute the pk12util command to create ca.p12 file
Minor fix: return variable should be out of the for loop scope
Signed-off-by: Niranjan M.R <mrniranjan@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/39c564beccd3dff5421ef082a15e62d8345aa58f">39c564be</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2020-09-03T13:07:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add seconds in copr version
Add seconds to distiguish builds that are triigerred in the same minute.
Shorten the year by using only the last 2 digits.
Signed-off-by: Steeve Goveas <sgoveas@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/69e1f5fe79806a530e90c8af09bedd3b9e6b4dac">69e1f5fe</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-09-03T13:08:12+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">GPO: respect ad_gpo_implicit_deny when evaluation rules
Currently if setting ad_gpo_implicit_deny to 'True' is rejected access
if no GPOs applied to the host since in this case there are obvious not
allow rules available.
But according to the man page we have to be more strict "When this
option is set to True users will be allowed access only when explicitly
allowed by a GPO rule". So if GPOs apply and no allow rules are present
we have to reject access as well.
Resolves: https://github.com/SSSD/sssd/issues/5061
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d79f59338a42f8aec4d489a83a584fc187baffe2">d79f5933</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-09-03T13:08:45+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">gpo: remove unused variable domain_dn
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a0792b32fce7a029768be8e0fc78741218564cd8">a0792b32</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-09-03T13:08:45+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">gpo: use correct base dn
Domain name in SSSD configuration does not have to be the same
as the AD domain. GPO did not work in this case.
Steps to reproduce:
1. Join SSSD to an AD domain (ad.vm)
2. Create GPO that is applicable to the host/user
3. Name the SSSD domain differently ([domain/AD])
4. Try to authenticate as AD user
Resolves:
https://github.com/SSSD/sssd/issues/4840
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b50521e46263be79a1c847637daade0891c3eb6c">b50521e4</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-09-03T13:09:12+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">cache_req: allow to restrict the domains an object is search in
With the new call cache_req_data_set_requested_domains() a
NULL-terminated list of domain names can be added to cache_req so
that the object is only searched in the listed domains. If the list only
contains unknown domains the cache_req will return with an error.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6ec94790e790d43e1d6ffdd47d0537e92e64e05c">6ec94790</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-09-03T13:09:12+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">tests: add unit-test for cache_req_data_set_requested_domains
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3808c04fb2f091204acdd093041d7d35eb540fb1">3808c04f</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-09-03T13:09:12+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pam: use requested_domains to restrict cache_req searches
If the 'domains' is used with pam_sss.so it is expected that only users
from the given domains are allowed. Currently it is checked after the
user is searched if the result is from one of those domains.
To speed things up and to allow more flexible setups this patch
restricts the list of domains already in the cache_req. The check after
the search is kept as an additional safe-guard although the cache_req
should now only return users from the given domains or an error.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/db170d0a4793afebf69d9fa87d19dd6bbe1ceeca">db170d0a</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-09-03T13:09:12+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">intg: krb5 auth and pam_sss domains option test
New integration tests for Kerberos authentication and the handling of
the 'domains' option of pam_sss are added. The purpose of the latter
test is to make sure that the 'domains' option is properly evaluated
even if multiple domains with the same user base are configure in
sssd.conf.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/35ab0493a68e37f7107e02a19bd04e3c036ef9e3">35ab0493</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-09-03T13:09:12+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pam_sss: clarify man page entry of domains option
Resolves: https://github.com/SSSD/sssd/issues/3987
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bca413267f58395e22415edc662a7ba89fbe7b30">bca41326</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-09-04T11:23:33+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">krb5: only try pkinit with Smartcard credentials
Currently pkinit is tried if a Smartcard is present. But depending on
the used PAM service and other configurations it might happen that the
user didn't provide the Smartcard PIN but e.g. the password. Hence,
before trying pkinit we should check if the right credentials are
available.
Resolves:
https://github.com/SSSD/sssd/issues/5290
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/83ae34509c6587568cb5164ff04d2af04da94c01">83ae3450</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-04T11:24:26+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CONFDB: fixed compilation warning
Fixed following compilation warning:
```
../src/confdb/confdb.c: In function ‘confdb_get_domains’:
../src/confdb/confdb.c:2499:12: warning: ‘enabled’ may be used uninitialized in this function [-Wmaybe-uninitialized]
```
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fbc7082149ccc6ee4fe077480a5d692a86e75c79">fbc70821</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-04T11:24:26+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CONFDB: fixed bug in confdb_get_domain_enabled()
In case CONFDB_DOMAIN_ENABLED option was set to a value other than
"true"/"false", function would return EOK while leaving `_enabled`
uninitialized.
Resolves:
https://github.com/SSSD/sssd/issues/4743
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5fb22633d2d35867aef26028a240b86c9da1a524">5fb22633</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-09-14T11:37:44+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ldap: add new option ldap_library_debug_level
With the new option ldap_library_debug_level the debug level for
OpenLDAP's internal debugging can be set. If set the OpenLDAP debug
messages will be written to the logs independent of the general
debug_level.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/67b3f371757f19c124d30827130b482b886e8395">67b3f371</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-17T14:14:13+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CLIENT:PAM: fixed missed return check
Return code of `prompt_2fa()` wasn't checked and
thus its fail wasn't properly processed.
Spotted with a help of following warning:
```
Error: CLANG_WARNING:
sssd-2.3.2/src/sss_client/pam_sss.c:2355:21: warning: Value stored to 'ret' is never read
# ret = prompt_2fa(pamh, pi, _("First Factor (Current Password): "),
# ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/05c06cd66bd2aca88280e49507ba49e4135e44b9">05c06cd6</a></strong>
<div>
<span>by Luiz Angelo Daros de Luca</span>
<i>at 2020-09-17T14:15:10+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ldap: add ldap_sasl_realm to cfg_rules.ini
Resolves:
https://github.com/SSSD/sssd/issues/5314
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4a84f8e18ea5604ac7e69849dee492718fd96296">4a84f8e1</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-09-17T14:16:24+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">dp: fix potential race condition in provider's sbus server
We can hit a segfault if provider start is somehow delayed.
- dp_init_send
- sbus_server_create_and_connect_send
- sbus_server_create (*)
- dp_init_done (callback for sbus_server_create_and_connect_send)
- sbus_server_create_and_connect_recv
- sbus_server_set_on_connection (sets clients data and creates dp_cli)
At (*) sbus server is already created and accepts new connections once
we get into tevent loop. So it is possible that the client connects to
server before sbus_server_set_on_connection is called and thus the client
is not properly initialized. However it should not happen in normal start
because providers are started before responders and it can happen only if
data provider startup is somehow delay.
You can use this diff to reproduce the crash:
```diff
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/838baa837370bcc911adca446ed4709a2f1094ba">838baa83</a></strong>
<div>
<span>by ikerexxe</span>
<i>at 2020-09-17T14:17:52+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">util/sss_python: change MODINITERROR to dereference module
Change MODINITERROR macro to dereference module when PyModule_*
interfaces report some type of failure.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c008d899f001dac455b129d1df53c9da7c5858cd">c008d899</a></strong>
<div>
<span>by ikerexxe</span>
<i>at 2020-09-17T14:17:52+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">python/pysss_nss_idmap: check return from functions
Coverity warns that PyModule_AddIntConstant() returns operation success
or failure but this value is never checked.
```
Error: CHECKED_RETURN (CWE-252):
sssd-2.3.0/src/python/pysss_nss_idmap.c:587: check_return: Calling
"PyModule_AddIntConstant" without checking return value (as is done
elsewhere 4 out of 5 times).
sssd-2.3.0/src/python/pyhbac.c:1956: example_assign: Example 1:
Assigning: "ret" = return value from "PyModule_AddIntConstant(m,
"HBAC_CATEGORY_ALL", 1L)".
sssd-2.3.0/src/python/pyhbac.c:1957: example_checked: Example 1 (cont.):
"ret" has its value checked in "ret == -1".
sssd-2.3.0/src/python/pyhbac.c:1960: example_assign: Example 2:
Assigning: "ret" = return value from "PyModule_AddIntConstant(m,
"HBAC_RULE_ELEMENT_USERS", 1L)".
sssd-2.3.0/src/python/pyhbac.c:1961: example_checked: Example 2 (cont.):
"ret" has its value checked in "ret == -1".
sssd-2.3.0/src/python/pyhbac.c:1972: example_assign: Example 3:
Assigning: "ret" = return value from "PyModule_AddIntConstant(m,
"HBAC_EVAL_DENY", HBAC_EVAL_DENY)".
sssd-2.3.0/src/python/pyhbac.c:1973: example_checked: Example 3 (cont.):
"ret" has its value checked in "ret == -1".
sssd-2.3.0/src/python/pyhbac.c:1982: example_assign: Example 4:
Assigning: "ret" = return value from "PyModule_AddIntConstant(m,
"HBAC_ERROR_NOT_IMPLEMENTED", HBAC_ERROR_NOT_IMPLEMENTED)".
sssd-2.3.0/src/python/pyhbac.c:1983: example_checked: Example 4 (cont.):
"ret" has its value checked in "ret == -1".
# 585| PyModule_AddIntConstant(module, "ID_NOT_SPECIFIED",
# 586| SSS_ID_TYPE_NOT_SPECIFIED);
# 587|-> PyModule_AddIntConstant(module, "ID_USER", SSS_ID_TYPE_UID);
# 588| PyModule_AddIntConstant(module, "ID_GROUP", SSS_ID_TYPE_GID);
# 589| PyModule_AddIntConstant(module, "ID_BOTH", SSS_ID_TYPE_BOTH);
```
Moreover, even though coverity doesn't indicate it the same happens with
PyModule_AddStringConstant().
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8b1a8cf9379c09b3f352b5749f4e0125ac3212d8">8b1a8cf9</a></strong>
<div>
<span>by ikerexxe</span>
<i>at 2020-09-17T14:17:52+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">python/pyhbac: if PyModule* fails decrement references
If PyModule* actions fail, then references to objects have to be
decremented.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/03b00f72e4997f887a73b0ae7c5ca6715a453961">03b00f72</a></strong>
<div>
<span>by ikerexxe</span>
<i>at 2020-09-17T14:17:52+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">python/pysss: if PyModule* fails decrement references
If PyModule_AddObject fails, then references to objects have to be
decremented.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/245dea6eab7ae79ff744ac8aeda7a97d26a6bfe7">245dea6e</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-21T11:51:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">PAM responder: fixed compilation warning
Fixed following warning:
```
Error: CLANG_WARNING:
sssd-2.3.2/src/responder/pam/pamsrv_cmd.c:982:9: warning: Access to field 'cache_credentials' results in a dereference of a null pointer (loaded from field 'domain')
# preq->domain->cache_credentials &&
# ^ ~~~~~~
```
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/93bcfd159cd68b4aaab0625d8949d675b38eb7a5">93bcfd15</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-21T11:51:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">KCM: supress false positive cppcheck warnings
Supress a bunch of warnings like this:
```
Error: CPPCHECK_WARNING (CWE-456):
sssd-2.3.2/src/responder/kcm/kcmsrv_ccache_json.c:154: error[uninitvar]: Uninitialized variable: key_uuid
# 152| uuid_t key_uuid;
# 153|
# 154|-> ret = sec_key_get_uuid(sec_key, key_uuid);
# 155| if (ret != EOK) {
# 156| DEBUG(SSSDBG_MINOR_FAILURE, "Cannot convert key to UUID\n");
```
Those are clearly false positives as in all those places `uuid` is output arg and
isn't read in following execution flow. "cppcheck" fails to detect this because
`uuid_t` and uuid_parse()/uuid_copy() are opaque for analyzer.
There is no sane way to initialize uuid_t in a way that would please cppcheck.
Moreover, it doesn't make sense to do so from performance point of view.
Hence suppression.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c273a78c378eee570cb3fd774c2f455c292c200e">c273a78c</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-21T11:51:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">RESOLV: makes use of sss_rand() helper
Makes use of sss_rand() helper instead of plain srand()/rand()
Reduces amount of "Error: DC.WEAK_CRYPTO (CWE-327)" warnings.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/20b8b9555633fae075a20417039805803c710dc5">20b8b955</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-21T11:51:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UTIL: fortify IS_SSSD_ERROR() check
Fixes following warning:
```
Error: NEGATIVE_RETURNS (CWE-394):
sssd-2.3.2/src/providers/ldap/sdap_async.c:1516: var_tested_neg: Variable "lret" tests negative.
sssd-2.3.2/src/providers/ldap/sdap_async.c:1525: negative_returns: "lret" is passed to a parameter that cannot be negative.
# 1523| }
# 1524| else {
# 1525|-> sss_log(SSS_LOG_ERR, "LDAP connection error, %s",
# 1526| sss_ldap_err2string(lret));
# 1527| }
```
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4c218a55ff96b829fb3d7a5f90686cfdb26799e9">4c218a55</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-21T11:51:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">LDAP: sdap_parse_entry() optimization
It doesn't make sense to iterate over `map` if sdap_parse_range()
returned ECANCELED anyway.
Also fixes following warning:
```
Error: CLANG_WARNING:
sssd-2.3.2/src/providers/ldap/sdap.c:529:13: warning: Value stored to 'ret' is never read
# ret = EOK;
# ^ ~~~
```
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0c193e827def9d5ac2c43b9fff04d1d7d608117c">0c193e82</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-21T11:51:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">DP: fixes couple of covscan's complains
Fixes warnings like:
```
Error: MISSING_RESTORE (CWE-573):
sssd-2.3.2/src/providers/data_provider_fo.c:61: compare: Verifying that non-local "ctx->be_fo" is initially equal to sentinel value "NULL".
sssd-2.3.2/src/providers/data_provider_fo.c:65: modify: Modifying non-local "ctx->be_fo".
sssd-2.3.2/src/providers/data_provider_fo.c:67: end_of_path: Value of non-local "ctx->be_fo" that was verified to be "NULL" is not restored as it was along other paths.
sssd-2.3.2/src/providers/data_provider_fo.c:87: restore_example: The original value of non-local "ctx->be_fo" was restored here.
# 65| ctx->be_fo = talloc_zero(ctx, struct be_failover_ctx);
# 66| if (!ctx->be_fo) {
# 67|-> return ENOMEM;
# 68| }
# 69|
```
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cf15e9eac653ee4a2d3eeed28e5fd25a299f85fb">cf15e9ea</a></strong>
<div>
<span>by Luiz Angelo Daros de Luca</span>
<i>at 2020-09-21T11:52:04+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SSSCTL: fix logs-remove when log directory is empty
"sssctl logs-remove" calls "truncate --size 0 *.log" and "*.log"
will expand to literal '*.log' when directory is empty. The result
is a new empty '*.log' file.
Add '--no-create' to truncate call.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f434fedf3de90474c496e80d2d982a9de993503a">f434fedf</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-23T14:03:43+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">cmocka based tests: explicitly turn LTO off
cmocka based tests use "-Wl,-wrap" to wrap calls at link time. This is
incompatible with LTO.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d34eb9633332462a7f1ba7a8a105bcbf93d4da4b">d34eb963</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-23T14:03:43+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Makefile.am: get rid of `libsss_nss_idmap_tests`
`libsss_nss_idmap_tests` isn't required since
https://github.com/SSSD/sssd/pull/632
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5f23f2373e55b69fec263b2ced5a8b5f233a238c">5f23f237</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-23T14:04:04+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">sss_nss_idmap-tests: fixed error in iteration over `test_data`
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b377253b7dfca1c1f87349d94d060424af615d45">b377253b</a></strong>
<div>
<span>by Thorsten Scherf</span>
<i>at 2020-09-23T14:04:21+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">MAN: fix 'pam_responsive_filter' option type
Resolves: https://github.com/SSSD/sssd/issues/5325
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b1ef82b6bbad1930b63aa7dacab1dd3c74574884">b1ef82b6</a></strong>
<div>
<span>by Duncan Eastoe</span>
<i>at 2020-09-23T14:05:02+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">data_provider_be: Configurable max offline time
The offline_timeout period determines the minimum time between
attempts of a data provider to go back online, if it is offline due
to eg. unreachable servers. Each time this check fails there is a
backoff factor applied meaning there can be up to 60 minutes between
these attempts.
Here we introduce the offline_timeout_max option which allows the
the maximum period between attempts to be defined in the configuration,
instead of the default 60 minutes; therefore providing more
flexibility.
Setting offline_timeout_max to 0 disables the backoff functionality.
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7807ffd7c3d25762ac760856d1f039742b7ff2b3">7807ffd7</a></strong>
<div>
<span>by Duncan Eastoe</span>
<i>at 2020-09-23T14:05:02+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">be_ptask: max_backoff may not be reached
If the incremented delay value was greater than max_backoff then
the previous delay was used, rather than using max_backoff as a
ceiling value.
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/904ff17cc20581d85faba3e4274d6712f4119a1b">904ff17c</a></strong>
<div>
<span>by Duncan Eastoe</span>
<i>at 2020-09-23T14:05:02+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">be_ptask: backoff not applied on first re-schedule
The task interval backoff is not applied on the first re-schedule
operation, since when scheduling the first run (BE_PTASK_FIRST_DELAY)
we do not calculate the backed off period for the next re-schedule.
Calculate the backed off period for the current scheduling operation,
rather than the next, to resolve this.
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/04ea422087d76b437904be8bfea0b507a7613fc0">04ea4220</a></strong>
<div>
<span>by Duncan Eastoe</span>
<i>at 2020-09-23T14:05:02+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">data_provider_be: Add OFFLINE_TIMEOUT_DEFAULT
Replace hardcoded default value of 60 in a couple of places.
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e5bdc0b72cfc0e3b9cc3197cf646e64db9833779">e5bdc0b7</a></strong>
<div>
<span>by Thorsten Scherf</span>
<i>at 2020-09-29T12:20:55+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">MAN: update 'ldap_referrals' config entry
Add explicit statement that 'ldap_referrals' should be turned off when Active Directory is used as a backend with the SSSD LDAP provider.
Resolves: https://github.com/SSSD/sssd/issues/5338
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dda652a21f73d9fca5d21e98f60e58d184d89cd1">dda652a2</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2020-09-29T12:21:30+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">enable files domain in copr builds for testing
Tests against copr build fail without this option enabled
Signed-off-by: Steeve Goveas <sgoveas@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/abd19122d4a31c8e90c8513a8a1861d29ac8fc9b">abd19122</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-09-29T12:22:20+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">conf: disable python2 bindings by default
Python2 is being fully replaced by Python3 on modern distros so
there is no need to build the bindings by default. We even don't
ship python2 packages in Fedora for quite some time now.
Keeping this on by default requires using --without-python2-bindings
on modern distributions where python2 is not installed by default.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f126afc98e1e7ae1df685980dd1773e81ae10668">f126afc9</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2020-09-29T14:24:10+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">KCM: Fix GSSAPI delegation for the memory back end
When GSSAPI credentials are delegated over SSH, the KCM set default ccache
operation looks for a ERR_NO_CREDS return code to continue handling the
SSH-created ccache correctly. The memory back end will now return this
error code in this situation, matching the default secdb back end.
Resolves: https://github.com/SSSD/sssd/issues/5333
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0b069085cc6cb472b6c8841a26107ee1d48222ee">0b069085</a></strong>
<div>
<span>by Joakim Tjernlund</span>
<i>at 2020-09-29T14:24:47+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add dyndns_auth_ptr support
Allows to specify auth method for DNS PTR updates.
Default to same as dyndns_auth.
Resolves: https://github.com/SSSD/sssd/issues/5274
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/62aceaf932fa5869532e7586d58998b18d5488f6">62aceaf9</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-30T14:31:32+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UTIL:utf8: code cleanup
This patch touches `sss_*_utf8_*_tolower()` helpers:
- gets rid of some of them
- simplifies / optimizes code (avoiding excessive realloc's / memcpy's)
- limits visibility of "internal" helper
It also fixes following covscan error:
```
Error: OVERRUN (CWE-119):
sssd-2.3.2/src/util/sss_utf8.c:75: strlen_assign: Setting variable "nlen" to the return value of strlen called with argument "glower".
sssd-2.3.2/src/util/sss_utf8.c:77: alloc_strlen: Allocating insufficient memory for the terminating null of the string.
# 75| nlen = strlen(glower);
# 76|
# 77|-> lower = g_malloc(nlen);
# 78| if (!lower) {
# 79| g_free(glower);
```
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a0bf4b3d1da1a275907865d421bc8ac38d2b0950">a0bf4b3d</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-30T14:31:32+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UTIL:utf8: moved a couple of helper
`sss_utf8_free()` and `sss_utf8_tolower` were moved to sss_tc_utf8.c
and made static as those helpers are only used there.
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/430e695a0339bfc2b989dcd6662e6ac109f1ca12">430e695a</a></strong>
<div>
<span>by Samuel Cabrero</span>
<i>at 2020-09-30T14:32:00+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">PROXY: Fix iphost not found code path in get_host_by_name_internal
Return the correct error code ENOENT when the iphost is not found.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9d350e0403bceee6dbeb530b6ba2e3a1937a3664">9d350e04</a></strong>
<div>
<span>by Samuel Cabrero</span>
<i>at 2020-09-30T14:32:00+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">NSS: Fix get ip network by address when address type is AF_UNSPEC
If type is AF_UNSPEC try to parse to a IPv4 address.
Resolves:
https://github.com/SSSD/sssd/issues/5256
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2c456951a84eb5285c384ab1d5063e32d14b907e">2c456951</a></strong>
<div>
<span>by Samuel Cabrero</span>
<i>at 2020-09-30T14:32:00+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">NSS: Fix _nss_sss_getnetbyaddr_r address byte order
The address is received in host byte order, but the nss protocol
parser expects it in network byte order.
Resolves:
https://github.com/SSSD/sssd/issues/5256
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a590fd98ebff79652e8e651066cc9be853cbaf65">a590fd98</a></strong>
<div>
<span>by Samuel Cabrero</span>
<i>at 2020-09-30T14:32:00+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">PROXY: getnetbyaddr_r expects the net argument in host byte order
The inet_pton function returns the address in network byte order, but
getnetbyaddr_r expects it in host byte order.
Resolves:
https://github.com/SSSD/sssd/issues/5256
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9edc3c49c29a8cd2dbafbd4c089cf1056d20a399">9edc3c49</a></strong>
<div>
<span>by Samuel Cabrero</span>
<i>at 2020-09-30T14:32:00+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TESTS: getnetbyaddr_r expects network in host byte order
Resolves:
https://github.com/SSSD/sssd/issues/5256
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/69af6848f0fdb5dcfaa801da0b187b3ffd65ef70">69af6848</a></strong>
<div>
<span>by Samuel Cabrero</span>
<i>at 2020-09-30T14:32:00+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TESTS: Fix resolver test calling getnetbyname instead of getnetbyaddr
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/77734063fb390405257d2db432d496c347a4a80b">77734063</a></strong>
<div>
<span>by Samuel Cabrero</span>
<i>at 2020-09-30T14:32:00+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TESTS: Extend resolver tests to check getnetbyaddr with AF_UNSPEC
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8fa702321657e5e32102450687bce613f45a800f">8fa70232</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-30T14:32:20+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">AD: validate `search_bases` in DPM_ACCT_DOMAIN_HANDLER
In specific circumstances "sdom->*_search_bases" might be unset yet
when "ad_get_account_domain_send() -> ad_get_account_domain_prepare_search()"
is executed.
Resolves:
https://github.com/SSSD/sssd/issues/5295
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/edec0ee3100ecb22958572d073ec635a9135037a">edec0ee3</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-09-30T14:32:20+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">DP:getAccountDomain: add DP_FAST_REPLY support
Let `getAccountDomain()` fail immediately if offline.
Resolves: https://github.com/SSSD/sssd/issues/5295
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/49481da2fd269975066c4661ddad5e448085c469">49481da2</a></strong>
<div>
<span>by ikerexxe</span>
<i>at 2020-10-01T13:03:07+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">IFP: GetUserGroups() returns origPrimaryGroupGidNumber
There was a mismatch between the information provided by NSS and IFP
interfaces. nss_protocol_fill_initgr() returned
origPrimaryGroupGidNumber as one of the group members of a user, but
GetUserGroups() didn't. This commit makes GetUserGroups() also return
origPrimaryGroupGidNumber value.
Resolves:
https://github.com/SSSD/sssd/issues/4569
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5ddabede92500b7c7b64405bff632484be826aac">5ddabede</a></strong>
<div>
<span>by ikerexxe</span>
<i>at 2020-10-01T13:03:07+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">IFP-TESTS: GetUserGroups() returns origPrimaryGroupGidNumber
New infopipe test case to check:
Given auto_private_groups is enabled
When GetUserGroups is called
Then the origPrimaryGroupGidNumber is returned as part of the group
memberships
Resolves:
https://github.com/SSSD/sssd/issues/4569
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7fbcaa8feeb968711ff52f51705c45062fd81394">7fbcaa8f</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-01T16:01:22+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">be: remove accidental sleep
This sleep was used to test a crash in data provider and quite unfortunately
it was left in the patch.
dp: fix potential race condition in provider's sbus server
4a84f8e18ea5604ac7e69849dee492718fd96296.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/414593cca65ed09fe4659e2786370a4553664cd0">414593cc</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-02T12:18:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ldap: add support for cldap and udp connections
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8265674a055e5cdb57acebad72d935356408540a">8265674a</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-02T12:18:54+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ad: use cldap for site and forrest discover (perform CLDAP ping)
All Windows clients uses CLDAP (UDP) for LDAP ping. Even though AD
also supports LDAP ping over TCP IPA does not therefore it is crusial
for us to perform the ping over CLDAP protocol.
Resolves:
https://github.com/SSSD/sssd/issues/5215
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1889ca60a9c642f0cca60b20a5b94de7a66924f6">1889ca60</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-02T12:18:55+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ad: connect to the first available server for cldap ping
Resolves:
https://github.com/SSSD/sssd/issues/3743
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fcfd834c9d80d7690f938582335d81231a5f6e60">fcfd834c</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-02T12:18:55+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ad: if all in-site dc are unreachable try off-site controllers
Previous implementation would not fallback to the off-site domain
controllers. This would cause problems if the site actually changed.
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a62a13ae61d4e08b21e706df6ca266c38891f430">a62a13ae</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-02T12:18:55+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">man: fix typo in failover description
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9fdf5cfacd1a425691d44db53897096887bb3e6f">9fdf5cfa</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-02T12:18:55+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ad: renew site information only when SSSD was previously offline
Site and forest information is stable not dynamic. To avoid spamming
network with cldap pings all the time we will renew netlogon information
only when SSSD starts and when we are recovering from an offline state
to detect possible change (e.g. user moves to another location with laptop).
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f0d650799d4390f90890d17c56a4e395e931d8cb">f0d65079</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-02T12:18:55+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">tevent: correctly handle req timeout error
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/093061f553ab0a2c316794221e79779fb1bd40d2">093061f5</a></strong>
<div>
<span>by Tomas Halman</span>
<i>at 2020-10-02T12:19:51+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UTIL: DN sanitization
Some of the ldap servers returns DN in attributes such as isMemberOf
with spaces like dc=example, dc=com. That should be fine and we
should ignore them (cut them out) instead of escaping.
Resolves:
https://github.com/SSSD/sssd/issues/5261
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/21b9417e14ce35a2548c309642325ac43103d51e">21b9417e</a></strong>
<div>
<span>by Tomas Halman</span>
<i>at 2020-10-02T12:19:51+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UTIL: Use sss_sanitize_dn where we deal with DN
Resolves:
https://github.com/SSSD/sssd/issues/5261
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fe0f1e64e8a77dadde699495c7eb368ce61ac992">fe0f1e64</a></strong>
<div>
<span>by Tomas Halman</span>
<i>at 2020-10-02T12:19:51+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UTIL: Use sss_sanitize_dn where we deal with DN 2
Tests show that also ldb_dn_get_linearized can
return DN with extra spaces. We have to trim that too.
Resolves:
https://github.com/SSSD/sssd/issues/5261
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/50d0d154cedb6915ab321b47c40851c40e91cf41">50d0d154</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-10-02T12:19:51+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ldap: use member DN to create ghost user hash table
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/88631392e9172ae4fa3e411398516a2f39f0060e">88631392</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-10-02T12:19:51+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">intg: allow member DN to have a different case
Make sure that group members are added properly to the group even if the
user DN in the RFC2307bis member attribute differs in case from the
original DN of the user object.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a409ffae98d30a07ce4b3e3230f9bbeaad4cb31c">a409ffae</a></strong>
<div>
<span>by Timothée Ravier</span>
<i>at 2020-10-02T12:21:23+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">sss_cache: Do nothing if SYSTEMD_OFFLINE=1
Do not check for /var being RO as this will break cases where we
explicitely request sssd not to update the cache by setting
SYSTEMD_OFFLINE=1.
This will still complain if /var is RO and SYSTEMD_OFFLINE is not set.
See initial discussion at: https://pagure.io/SSSD/sssd/pull-request/3959
Fixes: sss_cache: Do nothing if /var is read-only
https://github.com/SSSD/sssd/commit/073b03a096a763170165fe3814fa987881713e75
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1b0167746c626ffee250c05a0466b987fece53be">1b016774</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-10-06T11:48:18+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Got rid of unused providers/data_provider/dp_pam_data.h
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d1ed68bda6c1ba825ab903d7c6dc15e0e2774544">d1ed68bd</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-10-06T11:53:22+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UTILS: adds helper to convert authtok type to str
This patch introduces helper to convert authtok type to string
and makes use of this helper in `pam_print_data()`
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/038385dd9f41a82d7b74ecfc3257dce75dc54e46">038385dd</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-10-06T11:53:22+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">krb5_child: fixed few mistypes in debug messages
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/445812769b65eba6c0c7b85a4ee5f653d8f4e700">44581276</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-10-06T11:53:22+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">parse_krb5_child_response: adds verbosity
This patch decodes krb5 child response status and message types in
the log messages.
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/68497dc1a0aa26ce9ad1e39400020f961d937227">68497dc1</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-10-06T11:53:22+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">krb5_child: adds verbosity
This patch decodes krb5 child command in the log messages.
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/37ba37a425453d8222584176ae5975a795422091">37ba37a4</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-10-06T11:54:43+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ad: fix handling of current site and forest in cldap ping
The current site and forest are stored in a long living context and we
have to make sure that they are not moved to a different talloc parent
with a shorter lifetime. To achieve this the values are copied at the
start of a new cldap ping although it is expected that the values won't
change.
Resolves: https://github.com/SSSD/sssd/issues/3743
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/93e35c760d06dfc1106379ca4d8e9f190c295b27">93e35c76</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-06T11:55:13+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">autofs: if more then one entry is found store all of them
There can be more entries with same cn (automountKey) attribute value
that differs only in casing if different attribute is chosen as rdn.
SSSD then searches for (cn=name)when name folder is being mounted but
this returns both lowercase and uppercase entry and we only store one
(which may not be the desired one based on the order in the result)
and fail to mount one of the directories.
Resolves:
https://github.com/SSSD/sssd/issues/5330
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d39b6580ad865a3e37d154ff5351527913d0aad7">d39b6580</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2020-10-07T13:57:23+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">KCM: Fix access after free on shutdown
Skip triggering the queue entry destructor on KCM shutdown
to prevent a crash when multiple requests are queued.
Resolves: https://github.com/SSSD/sssd/issues/4733
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4f65a8d15b8e5f3dd613e789d68f38e60e0addc5">4f65a8d1</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-10-07T14:00:17+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ad: add ad_allow_remote_domain_local_groups
As the option name says if set to true Domain Local groups from remote
domains won't be filtered out. This option is added to facilitate the
migration from other solution and should only be used for this purpose.
Resolves: https://github.com/SSSD/sssd/issues/5346
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b427e059519153482dacc5648d85abf6095ca644">b427e059</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-07T16:19:40+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pot: update pot files to allow updated translations
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bc1ce6f0c931fca53b2b4fad6c05f3a8ddf22728">bc1ce6f0</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-10-08T13:29:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">krb5_child: Harden credentials validation code
The krb5_verify_init_creds() call is used to validate the credentials
just obtained by trying to acquire a ticket from the KDC that we can
decrypti. This insures the KDC is indeed legitimate as it proves
possesion of the shared key.
However this function will *enforce* this behavior only if the
KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL options is set to the value
TRUE.
If this option is unset it defaults to FALSE which means verify will
silently return success if no key is available.
SSSD *does* ensure that a key is always available for validation, so
this is not a security bug with the current code. However we add belt
and suspenders here to futureproof this code in case of future
inadvertent changes that may lead to a code path where a key may be
missing.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/78f221edcbfc56a226ef63db8e76530d8f35e2e7">78f221ed</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-08T13:29:55+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">multihost: move sssd.testlib closer to tests
So it can be used directly without the need of installing the package.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/974b4e90b7488f313e9019df87ac60be0d728aa9">974b4e90</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-08T13:29:55+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">multihost: remove packaging files
The test library is not currently published in pypi nor Fedora and it is
not being reused by other projects so it makes no sense for us to keep
maintaining these files.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3379dac2e71ea6f367ae271faf46833cf4d7e31b">3379dac2</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-08T13:29:55+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: enable kcm by default
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d7d5314130dbc722ac9918718849e7b36ef130c7">d7d53141</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-08T13:29:55+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">tests: run TIER-0 multihost tests in PRCI
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d1e5d18822d96563ddca2900168a2eaf90550584">d1e5d188</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-10-12T12:01:05+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">krb5_child: reduce log severity in sss_krb5_prompter
krb5_child primarily uses krb5_get_init_creds_opt_set_responder() /
sss_krb5_responder() to do a work, old scheme sss_krb5_prompter()
is mostly used for debug purposes and password prompt request isn't
a real error here.
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5c309f52be52b4e3b18245724741e6d788d7ea7c">5c309f52</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-10-12T12:01:26+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">cert: move cert_to_ssh_key_send/recv() to ssh responder
The cert_to_ssh_key_send/recv() request is currently only used by the
SSD responder and adds an unneeded dependency to libsss_certmap to
lib_sss_cert.
Resolves: https://github.com/SSSD/sssd/issues/1030
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/deefae789307e830ab25a0609c60189870f78464">deefae78</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-10-12T12:01:26+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">sysdb: add sysdb_cert_derb64_to_ldap_filter()
sysdb_cert_derb64_to_ldap_filter() is a simplyfied version of
sss_cert_derb64_to_ldap_filter() for the case when no certificate
mapping context is available.
Resolves: https://github.com/SSSD/sssd/issues/1030
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7fcc8b0e31b49f75f8171f558c745813c9442f5c">7fcc8b0e</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-10-12T12:01:26+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">cert: move sss_cert_derb64_to_ldap_filter() out of libsss_cert.so
To avoid a dependency to libsss_certmap.so
sss_cert_derb64_to_ldap_filter() is removed from the internal
libsss_cert.so library.
Resolves: https://github.com/SSSD/sssd/issues/1030
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bb50ad83025a286165301af8d541ca24e941b3ef">bb50ad83</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-10-12T12:01:26+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">build: remove libsss_certmap from dependencies of libsss_cert
The internal library libsss_cert is used at various places and the
dependency to the public library libsss_certmap is not needed in most of
those places.
Resolves: https://github.com/SSSD/sssd/issues/1030
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ad6944118f5feddbc68bb2607c6beea6632e7387">ad694411</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-12T12:01:47+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">git-template: add tags to help with release notes automation
This commit add information on several tags that should be used
so we are able to generate release notes on each new release
automatically. This will make release notes more thorough and it
will also simplify the process a lot since it take lots of time
to do it manually.
Why I chose `:tag:` format:
1. Using @ notation creates user references in github so I wanted
to use something different. This notation is used in ReST
documentation language so it is commonly known.
2. Using a plain text like (Resolves) leads people to create their
own variations (Fixes, Resolves XYZ, ...) which adds additional
burden to maintainers. Using this format makes it less error
prone and easier to parse.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c94d91c46e54b535a8e2c06e01b417035281cc21">c94d91c4</a></strong>
<div>
<span>by Weblate</span>
<i>at 2020-10-12T12:04:43+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update the translations for the 2.4.0 release
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/51db6a23a595582aa8071c0675de3df45b608072">51db6a23</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-12T12:16:19+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Release sssd-2.4.0
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/159d58f6db50eb8a1aa4a012fe4a7ca7b359f961">159d58f6</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-10-20T16:17:47+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'upstream'
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8565f9c5dbddadcc9d60b2dfed751cbe245d736e">8565f9c5</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-10-20T16:18:12+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">bump the version
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ffc7cea9967609eac098d5712b5a0bb7fea4e6b0">ffc7cea9</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-12-08T22:16:17+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">source: Update diff-ignore.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/baa83e17187ddcfcb8691bb586e79fba419e0a87">baa83e17</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-12-08T22:37:06+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">releasing package sssd version 2.4.0-1
</pre>
</li>
</ul>
<h4>16 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#eae40b507f9c3502accc6d7f8a39c9a7d9936b6f">
.copr/Makefile
</a>
</li>
<li class="file-stats">
<a href="#fb74e0ab745627ca1d3a24827b12823666934e79">
.git-commit-template
</a>
</li>
<li class="file-stats">
<a href="#a5cc2925ca8258af241be7e5b0381edf30266302">
.gitignore
</a>
</li>
<li class="file-stats">
<a href="#edeac18b3223cd80f8c42d413f34744f4fe277bd">
<span class="deleted-file">
−
.tx/config
</span>
</a>
</li>
<li class="file-stats">
<a href="#d5b4de16d947214ec306bd57bed1bd23a939b5f9">
Makefile.am
</a>
</li>
<li class="file-stats">
<a href="#87db583be5c13c1f7b3c958b10e03d67b6a2ca06">
configure.ac
</a>
</li>
<li class="file-stats">
<a href="#4fd746b72d7a3976d4c1ae84db34f6173b62a1e8">
contrib/ci/configure.sh
</a>
</li>
<li class="file-stats">
<a href="#12040a924868607fee71666a866c257822849c14">
<span class="new-file">
+
contrib/ci/run-multihost
</span>
</a>
</li>
<li class="file-stats">
<a href="#76218f39b53d6aef0e4075d5e29fd61d2d9efca3">
contrib/fedora/make_srpm.sh
</a>
</li>
<li class="file-stats">
<a href="#b8d57aa4a09effcbac8deeffe8aea9131499424f">
contrib/sssd.spec.in
</a>
</li>
<li class="file-stats">
<a href="#944f00a9afc281fcd148fc61fdc2cf888f624877">
contrib/test-suite/test-suite.yml
</a>
</li>
<li class="file-stats">
<a href="#9c96da0e9f91d7d8937b69b524702c106258f0d1">
debian/changelog
</a>
</li>
<li class="file-stats">
<a href="#3caafdf94bbf5120d28741728a95e490ff6bbb9b">
debian/source/local-options
</a>
</li>
<li class="file-stats">
<a href="#54d6c31c823e250ebb67120d8dd489a69a02213c">
po/LINGUAS
</a>
</li>
<li class="file-stats">
<a href="#4e573a66c66b45b45a1e180cad791738ed22cdd2">
po/bg.po
</a>
</li>
<li class="file-stats">
<a href="#b91599a7e7dcdfc93152518865a9d894acfe41c9">
po/ca.po
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
<a href="https://salsa.debian.org/sssd-team/sssd/-/compare/971cbe24961962eae501e866c71573cd63228e38...baa83e17187ddcfcb8691bb586e79fba419e0a87">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
</p>
</div>
</body>
</html>