<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>



<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<h3>
Timo Aaltonen pushed to branch master
at <a href="https://salsa.debian.org/sssd-team/sssd">Debian SSSD packaging / sssd</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b913ddbd5aec9ea87ddbf10dd09299edd87854dd">b913ddbd</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-10-12T15:30:12+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update version in version.m4 to track the next release
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f7dba450c1d51098281aec5cc81490a1b8b4fecf">f7dba450</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-10-19T11:19:45+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SDAP: set common options for sockets open by libldap

In case of referral chasing libldap can open a new socket on its own.
This socket requires the same setup as socket created by SSSD itself.
Otherwise process can hang on blocked TCP operation.

Resolves: https://github.com/SSSD/sssd/issues/5359

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/81e757b7b1d69893b5725f9c148c55d89c779e7b">81e757b7</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-11-05T11:46:24+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ifp: fix use-after-free

The variable fqdn is pointing to some data from state->res->msgs[0]. But
before fqdn is used in the next search state->res and the memory
hierarchy below is freed. As a result the location where fqdn is pointing
to might hold the expected data or other data and the search will fail
intermittently.

Resolves: https://github.com/SSSD/sssd/issues/5382

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/833034f5332d2492d413a9c97fded1480b58bf14">833034f5</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-11-05T11:48:15+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">DEBUG: journal_send() was made static

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/18233532b72e62452eac6886652fa633ba055d8c">18233532</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-11-05T11:48:15+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">DEBUG: fixes program identifier as seen in syslog

Commit 225fe9950f2807d5fb226f6b3be1ff4cefd731f0 changed `debug_prg_name`
to accomodate needs of own SSSD logs, but this affected journal/syslog
as well.

This patch amends situation:
 - journal messages gets "umbrella" identifier "sssd[]"
 - syslog uses default which is program name

Resolves: https://github.com/SSSD/sssd/issues/5384

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5f3b9e1d45df77bca1b2665e67bbd73b26fafbc2">5f3b9e1d</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-11-05T11:50:59+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">AD: do not override LDAP data during GC lookups

The Global Catalog contains user and group information of the whole
forest and hence any Global Catalog server can be used. Currently when a
Global Catalog server is looked up the data of the LDAP server is
overwritten as well. I guess the original intention was to use a single
server for both services.

However since the Global Catalog server can come from any domain in the
forest this might overwrite the LDAP data of a DC from the local domain
with the data from a AD of a remote domain and as a result lookups for
users and groups from the local domain might fail since the remote DC
does not has this information available at the LDAP port. In most cases
this overwrite is hidden by a following lookup to find a KDC for
authentication which is searched only in the local domain again where
the LDAP data is overwritten again to make sure the same DC is used for
LDAP and Kerberos communication. But depending on the connection
timeouts and lifetime of Kerberos tickets the KDC lookup might be
skipped because new credentials are not needed and as a result the wrong
LDAP data is used.

To avoid this the LDAP data is now only set if the current lookup is not
a Global Catalog lookup.

Resolves: https://github.com/SSSD/sssd/issues/5351

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0e1bcf77bd73baa0fea64830eb1f4f65a63c7afe">0e1bcf77</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-11-12T11:22:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">negcache: make sure domain config does not leak into global

Resolves: https://github.com/SSSD/sssd/issues/5238

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/385af99ff4d5a75d0c1edc9ad830da3eb7478295">385af99f</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-11-12T11:22:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">utils: add SSS_GND_SUBDOMAINS flag for get_next_domain()

To allow to only iterate over a singel domain an its sub-domains a new
flag is added to get_next_domain().

Resolves: https://github.com/SSSD/sssd/issues/5238

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0dc81a52e2836010974e9f71b1f3e47c20fd498d">0dc81a52</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-11-12T11:22:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">negcache: make sure short names are added to sub-domains

If short names are used with filter_users or filter_groups in a
[domain/...] section they should be added to the sub-domains of this
domain as well.

Resolves: https://github.com/SSSD/sssd/issues/5238

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fa4b46e7de7297da3c0e37913eab8cba7f103629">fa4b46e7</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-11-12T11:22:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">negcache: do not use default_domain_suffix

When splitting the names from the filter_users and filter_groups options
do not use the default_domain_suffix because it will hide that the
original name is a short name and should be added everywhere.

Additionally this patch fixes a typo where sss_parse_name() was used
instead of sss_parse_name_for_domains().

Resolves: https://github.com/SSSD/sssd/issues/5238

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/804ae76d6beac5fae5265d23093bc3b91c04b5c5">804ae76d</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2020-11-13T11:19:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move conftest.py to basic dir

Following commits have 'ad' and 'alltests' code with thier respective
conftest.py files.

This change was tested successfully in downstrea CI

Signed-off-by: Steeve Goveas <sgoveas@redhat.com>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ef4c82bb9bdad00240dca4b9d4d7eb9a95b38e7b">ef4c82bb</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2020-11-13T11:19:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add alltests code

This directory has all tests for ldap and krb5, basically all non ad
tests for sssd

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/73f5699bc104d9d097f79feeaecae8b458961fd5">73f5699b</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2020-11-13T11:19:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add ad test code

This directory has all tests that need active directory to be available

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3c06709b9d4bcb456f84e919552fe4e58b3f70ad">3c06709b</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2020-11-13T11:19:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add ipa test code

Signed-off-by: Steeve Goveas <sgoveas@redhat.com>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6cc11a9a85e6f6b38eabceecc9611aca85237328">6cc11a9a</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2020-11-13T11:19:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update sssd testlibs

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4205accc2f2e5c3ac3a520ea66907be7834361b9">4205accc</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2020-11-13T11:19:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add empty conftest.py and update path to run basic tests

Signed-off-by: Steeve Goveas <sgoveas@redhat.com>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fe56d5c9ec020003df0bec4cc0cf143b08c01279">fe56d5c9</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2020-11-13T11:19:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix pep8 issues

Fixes have been tested

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d2d44e9a3c5d4d2b0312e688f521bdba04560b73">d2d44e9a</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2020-11-13T11:19:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Include data directory

It contains AD sudo schema, ldif files, c programs used by the tests

Signed-off-by: Steeve Goveas <sgoveas@redhat.com>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/94a9833b0e45e0da2c07f3ab3422c5018869320a">94a9833b</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2020-11-13T11:19:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix errors found during testing

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f404cd3e3b7dc8c1084ff47f8e7cc7569942ecf9">f404cd3e</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2020-11-13T11:19:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove trailing whitespaces

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ff24d1538af88f83d0a3cc2817952cf70e7ca580">ff24d153</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-11-23T11:49:47+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB: merge_res_sysdb_attrs() fixed to avoid NULL ptr in msgs[]

This helps to avoid sssd_be segfaults at be_refresh_get_values_ex() due to NULL
ptrs in results of sysdb_search_with_ts_attr()

Resolves: https://github.com/SSSD/sssd/issues/5412

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/37761b42f570e9019f9dd850912a29385e80a14c">37761b42</a></strong>
<div>
<span>by Tomas Halman</span>
<i>at 2020-11-23T11:51:15+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CACHE: Create timestamp if missing

In some cases, object is stored in cache but the corresponding
record in timestamp cache is missing (for example when timestamp
cache file is deleted). The timestamp is never created in such
case.

With this patch we create new timestamp object if update doesn't
work for this particular reason (missing object).

Resolves: https://github.com/SSSD/sssd/issues/5121

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/62b2b4972e41393cd43b58d9e6451a2c58942cb2">62b2b497</a></strong>
<div>
<span>by Tomas Halman</span>
<i>at 2020-11-23T11:51:15+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TESTS: Add test for recreating cache timestamp

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e25f879011efa4b6565b22a73786a0f76a67fb26">e25f8790</a></strong>
<div>
<span>by tobias-gruenewald</span>
<i>at 2020-11-23T11:52:19+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Change LDAP group type from int to string

https://github.com/SSSD/sssd/issues/5402

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/afa15cb73fcbcc12ea4111b81207f40b9ddcd158">afa15cb7</a></strong>
<div>
<span>by tobias-gruenewald</span>
<i>at 2020-11-23T11:52:19+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Change LDAP group type from int to string

https://github.com/SSSD/sssd/issues/5402

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2786071e4ce6454769a33f5df0c9eeb410e53abc">2786071e</a></strong>
<div>
<span>by tobias-gruenewald</span>
<i>at 2020-11-23T11:52:19+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Change LDAP group type from int to string

https://github.com/SSSD/sssd/issues/5402

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3fdfb42b552510ca692e8a0287abd7315ec8f283">3fdfb42b</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2020-11-23T11:52:59+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">krb5: Remove secrets text from drop-in KCM file

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3b158934cbb8f87cbfaf1650389b8dcd654b92ca">3b158934</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-11-23T11:55:05+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ifp: fix original fix use-after-free

The original fix stole the fqdn too earlier. Only for SSS_DP_USER
requests the steal is important. For other request where the first
result is returned to the caller the original version
might even cause issues since the name does not belong to the memory
hierarchy of the result anymore.

Resolves: https://github.com/SSSD/sssd/issues/5382

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4ab47a914a16af4984b1f7ae21e3a6f20dde9cd0">4ab47a91</a></strong>
<div>
<span>by Samuel Cabrero</span>
<i>at 2020-11-23T11:55:40+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Improve samba version check for ndr_pull_steal_switch_value signature

The current check will fail when samba 5.0 is released.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6617f3d7dc1326742cb8de1942ccbf8412acbdfd">6617f3d7</a></strong>
<div>
<span>by Samuel Cabrero</span>
<i>at 2020-11-23T11:55:40+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">winbind idmap plugin: Fix struct idmap_domain definition

The patch for samba bug 13052 was backported to samba >= 4.7.4 adding
the dom_sid field to the idmap_domain struct.

This missmatch in the struct definition causes the plugin to fail
all unixids_to_sids and sids_to_unixids calls with
NT_STATUS_INVALID_PARAMETER for samba versions between 4.7.4 and 4.8.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4b0bd8455b35d7c2922187129290912c48670485">4b0bd845</a></strong>
<div>
<span>by Duncan Eastoe</span>
<i>at 2020-11-25T11:36:16+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">nss: Use posix_fallocate() to alloc memcache file

If sssd_nss starts up while the filesystem where the memcache files
will reside (SSS_NSS_MCACHE_DIR) does not have sufficient space,
sssd_nss can be killed by SIGBUS while attempting to write to the
mmap()'d address space.

Replace the ftruncate() call with posix_fallocate(), which will fail
in this scenario, so we can detect the condition and continue startup
without the memcache functionality.

Fixes #5369

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/311e2272424f5a31f1bc8bf72b9956cf4e13d7a2">311e2272</a></strong>
<div>
<span>by Duncan Eastoe</span>
<i>at 2020-11-25T11:36:16+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">nss: remove clear_mc_flag file after clearing caches

This has the effect of delaying the exit of sss_cache after it has
requested a clearing of the cache.

This should prevent an issue observed in the integration tests where
sssd_nss was terminated while the cache clear was in progress.
Specifically the test_*_before_stop tests in test_memory_cache.py.

All this change is really doing is delaying sending SIGTERM, to try
and give sssd_nss a chance to complete the clear operation.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0e225ff79198e98503f53c0b725f82e33288b53f">0e225ff7</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-11-30T12:40:19+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">KCM: avoid NULL deref

Fixes following issue:
```
/src/responder/kcm/kcmsrv_op_queue.c:129: check_after_deref: Null-checking "entry" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
 #   127|       terminating = entry->queue->qctx->kctx->rctx->shutting_down;
 #   128|
 #   129|->     if (entry == NULL) {
 #   130|           return 1;
 #   131|       /* Prevent use-after-free of req when shutting down with non-empty queue */
```

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c87b2208b9a58c12eeceb5b8ccf9c34dcd835b8d">c87b2208</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-11-30T13:46:34+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">nss: check if groups are filtered during initgroups

If groups are filtered, i.e. SSSD should not handle them, they should
not appear in the group list returned by an initgroups request.

Resolves: https://github.com/SSSD/sssd/issues/5403

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/47a316c850107f12d406f27abb216e26383dfab7">47a316c8</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:30+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">kcm: fix typos in debug messages

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8edcea8c377e85d037e83065c1904fa4b92c4a39">8edcea8c</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:30+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">kcm: avoid name confusion in GET_CRED_UUID_LIST handlers

The function name did not follow best practices and it got easily confused
with `kcm_op_get_cred_by_uuid_getbyname_done`.

```
kcm_op_get_cred_uuid_getbyname_done
kcm_op_get_cred_by_uuid_getbyname_done
```

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b8f28d9aa9d862cf504691c9c3f92941a63fb0a4">b8f28d9a</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:30+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">kcm: disable encryption

Encryption was a huge bottleneck for the secdb backend. This is
backwards compatible and there is no need to destroy existing
ccache. It will be stored unencrypted at first write to the cache.

Note that the encryption did not provide any security as the cache
is accessible only by root and the master key is stored together
with the cache. So once someone gains access to the file it can
be easily decrypted. Additionaly, there was also no encryption at
the memory level.

Resolves: https://github.com/SSSD/sssd/issues/5349

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/74fdaa64b27e88a6e0f153f8cb59989c572d4294">74fdaa64</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">kcm: avoid multiple debug messages if sss_sec_put fails

sec_put() already logs a message if the underlaying function fails
so this debug message is really unnecessary.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/908c15af9a9f8f0556a588e368e4a0b2e24ace1b">908c15af</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">secrets: allow to specify secret's data format

Currently, both KCM and secrets responders store JSON formatted string
in the secrets database. One of the next commits makes KCM to store
binary format instead of JSON string to improve performance. We need
to be able to distinguish the formats to keep KCM update compatible
with existing ccache and also to keep secrets responder working.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ed08ba0023e63024bf1c52ae3f6596b9d804d0a5">ed08ba00</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">secrets: accept binary data instead of string

Currently, both KCM and secrets responders store JSON formatted string
in the secrets database. One of the next commits makes KCM to store
binary format instead of JSON string to improve performance. We need
to be able to distinguish the formats to keep KCM update compatible
with existing ccache and also to keep secrets responder working.

Secrets responder test had to be ammended to fit into a new maximum
payload which is now reduced by one byte for the secrets responder
to hold the ending zero of a secret string.

This is a corner case in a long deprecated responder that is not even
built by default and has no known consumers so it is fine to fast fix
the test.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b6cc661b9f4162e590137430e945aa321fc13121">b6cc661b</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">iobuf: add more iobuf functions

These will be used in later patches.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9b1631defdcaa3ea7e87889eb136e7fa935ab4ce">9b1631de</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">kcm: add json suffix to existing searialization functions

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e63a15038ac9c186626e4fdf681a6492031d1e40">e63a1503</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">kcm: move sec key parser to separate file so it can be shared

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/15069a647ed6c7f1ead42baa1d421d953c9bc557">15069a64</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">kcm: avoid suppression of cppcheck warning

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f17740d831e16449495fff4ec57cc4800aaac83d">f17740d8</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">kcm: add spaces around operators in kcmsrv_ccache_key.c

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/194447d35c11eb914f54719491dc5cfaab01b9a1">194447d3</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">kcm: use binary format to store ccache instead of json

JSON is computationally complex and the parser is a bottleneck which
consumes about 10% of time. It also create the ccache unnecessary
large because it requires lots of unneded character and base64
encoding.

Binary format is fast, simple and small.

This is backwards compatible and there is no need to destroy existing
ccache. It will be stored in binary format at first write to the cache.

Resolves: https://github.com/SSSD/sssd/issues/5349

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/241ee30da12f564803793ee2b14c1522aabd9235">241ee30d</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">kcm: add per-connection data to be shared between requests

Resolves: https://github.com/SSSD/sssd/issues/5349

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a370553c90c2ed6df3b94c169c4960a6f978031f">a370553c</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">sss_ptr_hash: fix double free for circular dependencies

If the hash table delete callback deletes the stored item,
we can end up in double free in case when we try to override
an existing item (hash_enter(key) where key already exists).

```c
static void delete_cb(hash_entry_t *item,
                      hash_destroy_enum deltype,
                      void *pvt)
{
    talloc_free(item->value.ptr);
}

hash_enter(key);
hash_enter(key);
```

The doble free it self is fine, since it is done via talloc destructor
and talloc can cope with that. However, the hash table fails to store
the new entry because hash_delete is called twice.

```
_sss_ptr_hash_add -> hash_enter -> hash_delete(old) -> delete_cb -> sss_ptr_hash_value_destructor -> hash_delete
```

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c3b314db57c34f64aaca7d74e76a9a955288bb51">c3b314db</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">kcm: store credentials list in hash table to avoid cache lookups

Iteration over ccache requires CRED_UUID_LIST and then calling
CRED_BY_UUID for each uuid in the obtained list. Each CRED_BY_UUID
operation invoked ldb_search and decryption. This was a substantional
bottle neck.

Resolves: https://github.com/SSSD/sssd/issues/5349

:fixes: KCM performance has improved dramatically for cases where
  large amount of credentials are stored in the ccache.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bf127d4f3f42e5b2afe25e512211439bc12a9904">bf127d4f</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">secrets: fix may_payload_size exceeded debug message

The unit is bytes (B) not bits (b) and the conversion of the input
payload size to KiB was wrong (multiplying bytes * 1024).

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9c1b51d057390fb5b26151f814a480911cda4cc9">9c1b51d0</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">secrets: default to "plaintext" if "enctype" attr is missing

This is a sane fallback behavior, however it should not happen since
the attribute should be always present.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/39277cdadd317b0ab86cdd37de0616bc3eecbe6a">39277cda</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">secrets: move attrs names to macros

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/325de5a5bb97ba026be6d22492bea8ab2605f1b5">325de5a5</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:43:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">secrets: remove base64 enctype

This was added as part of KCM performance improvements but never used.
Ldb is fully capable of holding binary data without the need for base64
encoding so this is not needed.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3f0ba4c2dcf9126b0f94bca4a056b516759d25c1">3f0ba4c2</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:51:52+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">cache_req: allow cache_req to return ERR_OFFLINE if all dp request failed

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e50258da70b67ff1b0f928e2e7875bc2fa32dfde">e50258da</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:51:52+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">autofs: return ERR_OFFLINE if we fail to get information from backend and cache is empty

Resolves:
https://github.com/SSSD/sssd/issues/3413

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9098108a7142513fa04afdf92a2c1b3ac002c56e">9098108a</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:51:52+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">autofs: translate ERR_OFFLINE to EHOSTDOWN

So we do not publish internal error code.

Resolves:
https://github.com/SSSD/sssd/issues/3413

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/34c519a4851194164befc150df8e768431e66405">34c519a4</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:51:52+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">autofs: disable fast reply

If the backend is offline when autofs starts and reads auto.master map
we don't want to wait 60 seconds before the offline flag is reset. We
need to allow autofs to retry the call much sooner.

Resolves:
https://github.com/SSSD/sssd/issues/3413

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8a22d4ad45f5fc8e888be693539495093c2b3c35">8a22d4ad</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:51:52+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">autofs: correlate errors for different protocol versions

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/075519bceca7a8f4fa28a0b7c538f2f50d552d13">075519bc</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-04T11:51:52+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">configure: check for stdatomic.h

Recent autofs patches adds dependency on automic_uint/_Atomic type from C11
standard. This is supported in both gcc and clang for a long time now.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/78ef0828dd745cbc55fc03cc42bd7ef26e70785e">78ef0828</a></strong>
<div>
<span>by Madhuri Upadhye</span>
<i>at 2020-12-04T12:03:24+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Test: AD: For sssd crash in ad_get_account_domain_search

Configures the AD domain and makes it unreachable by changing
ad_domain parameter. Checks the request flag 0x0001 in log after
sssd restart.

Verifies:
  Issue: #5295
  Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1734040

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/18b98836ef8e337992f0ecb239a32b9c3cedb750">18b98836</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-11T10:31:14+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">kcm: decode base64 encoded secret on upgrade path

Previous unefficient code encoded the secret multiple times:
  secret -> base64 -> masterkey -> base64

To allow smooth upgrade for already existant ccache we need to also decode
the secret if it is still in the old format (type == simple). Otherwise
users are not able to log in.

Resolves: https://github.com/SSSD/sssd/issues/5349

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/45f2eb57dc9068cba13099cab90f1be3f3455442">45f2eb57</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-16T15:48:29+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">sss_format.h: include config.h

config.h is required for the definitions to work correctly. Compilation
will fail if sss_format.h is included in a file that does not include
directly or indirectly config.h

Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3b0e48c33c6b43688ff46fed576266cfe6362595">3b0e48c3</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-16T15:48:29+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">packet: add sss_packet_set_body

Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6715b31f2e12c7f76cfb477551cee46e697c7d51">6715b31f</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-16T15:48:29+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">domain: store hostname and keytab path

Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a3e2677f919c6b1b1649ad80cc3435b4bb2efc0d">a3e2677f</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-16T15:48:29+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">cache_req: add helper to call user by upn search

Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dcc42015f7ada1c4e4daed17e2c8087e29cb7616">dcc42015</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-16T15:48:29+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pam: fix typo in debug message

Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d63172f1277c5ed166a22f04d144bf85ded4757c">d63172f1</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-16T15:48:29+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pam: add pam_gssapi_services option

:config: Added `pam_gssapi_services` to list PAM services
  that can authenticate using GSSAPI

Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fffe3169bb490c4b010b168c639aa6f9b2ec0c52">fffe3169</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-16T15:48:29+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pam: add pam_gssapi_check_upn option

:config: Added `pam_gssapi_check_upn` to enforce authentication
  only with principal that can be associated with target user.

Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d09aa174b04a825979f31c61b05239de088a732f">d09aa174</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2020-12-16T15:48:29+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pam: add pam_sss_gss module for gssapi authentication

:feature: New PAM module `pam_sss_gss` for authentication using GSSAPI
:packaging: Added `pam_sss_gss.so` PAM module and `pam_sss_gss.8` manual page

Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1b9b7f5a635ede8eee90d13bfe0e1f87e51191a9">1b9b7f5a</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-12-16T15:55:56+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pam_sss: use unique id for gdm choice list

Currently the key-id read from the Smartcard is used as key value for
the gdm choice list dialog. Since it might be possible that multiple
certificates use the same key and hence the same key-id this is not a
suitable value.

With this patch the string representation of a numerical counter is used.

Resolves: https://github.com/SSSD/sssd/issues/5400

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8b6be52e95e953ae0431676de0b8c8be7a3262bc">8b6be52e</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-12-16T15:55:56+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">authtok: add label to Smartcard token

The key-id might not be sufficient to identify a certificate on a
Smartcard since it is possible that multiple certificates will use the
same key.

This patch adds the certificate label to the Smartcard authtok item to
resolve the ambiguity if the key-id is used for multiple certificates.

Resolves: https://github.com/SSSD/sssd/issues/5400

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b8800d3e1b43f2eb28b2df7adb2bcb323bf2d1f1">b8800d3e</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-12-16T15:55:56+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pam_sss: add certificate label to reply to pam_sss

Add the certificate label to the data send back and forth to the pam
module to avoid the ambiguity if two certificates use the same key.

Resolves: https://github.com/SSSD/sssd/issues/5400

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f633f37e712cb0f7524a2ee257e15f34468149b4">f633f37e</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2020-12-16T15:55:56+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">add tests multiple certs same id

Add unit test for the case that two certificates use the same key.

Resolves: https://github.com/SSSD/sssd/issues/5400

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b5264396b1e18f06bf755528e5ab3efc297518f9">b5264396</a></strong>
<div>
<span>by Madhuri Upadhye</span>
<i>at 2020-12-16T16:05:00+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Test: alltests: "enabled" option to domain section

Configure multiple domain and check 'enabled' parameter.
It consists of 4 test cases:
1. Add 'enabled = true' in both ldap domains and check userlookups.
2. Check userlookup when 'domains = ldap1' and add 'enabled =
   true' in both ldap1, ldap2 section.
3. Check userlookup when enabled option in snippet file and
   'domains = ' in sssd section.
4. Check userlookup when enabled option is set true in snippet
   file

Verifies:
  Issue: #4743
  Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1884196

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2b00d507191d0750f9d3f56e91bd6043d9ae8161">2b00d507</a></strong>
<div>
<span>by Madhuri Upadhye</span>
<i>at 2020-12-16T16:05:00+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update remove command to delete the snippet files

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/014f416d07fc9689d2f27e23cc1c30dcdcf3995d">014f416d</a></strong>
<div>
<span>by Madhuri Upadhye</span>
<i>at 2020-12-16T16:05:00+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update the title of test case.

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1e9abd508ea5627465d528788645d4dbe53d7d31">1e9abd50</a></strong>
<div>
<span>by Paweł Poławski</span>
<i>at 2020-12-22T17:10:23+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">data_provider_be: Add random offset default

Replace hardcoded default value of 30 with more meaningful
OFFLINE_TIMEOUT_RANDOM_OFFSET define.

This value is used to calculate task timeout during offline
status checking by formula (from SSSD MAN page):

new_interval = (old_interval * 2) + random_offset

As it is explicite mentioned in documentation it should
be expressed in the code similar way.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/171b664ec4a7c94583b35597bd7e1e72bf89d217">171b664e</a></strong>
<div>
<span>by Paweł Poławski</span>
<i>at 2020-12-22T17:10:23+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">data_provider_be: MAN page update

Updated description of parameters:
* offline_timeout
* offline_timeout_max

MAN page now explains that in some circumstances
corelation of offline_timeout and offline_timeout_max values
may lead to offline checking interval not incrementing.
This is a false positive error as in fact the value
just saturates almost instantly.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e350d917e6d48c1d13502ab2849d3e2a0815215e">e350d917</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:47+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB:autofs: cosmetic updates

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/df723cb98b406b0262f04d0e43e8e5bf0030074f">df723cb9</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:47+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB: wrong debug message corrected

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d8af1db84b48193a546bbeec84a7dd7e2b132244">d8af1db8</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:47+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB:sudo: changed debug message to be consistent

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b4acf71d0a81aeeb2754645d2798ce1e927121f3">b4acf71d</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:47+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB:iphosts: severity level of few debug messages adjusted

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a73df70ee0bcc8f1b80a2e20132592724bd5f675">a73df70e</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:47+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB:ipnetworks: severity level of few debug messages adjusted

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/033c31a2a4994367edea1ded8303a0d2dbc59b1c">033c31a2</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:47+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB:ops: few debug messages were corrected

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/744582419abfd6e5665315748d44e732f1d56f13">74458241</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:47+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB:search: few debug messages were corrected

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f55c9599068c43037a8b666af92ba9b8a044f735">f55c9599</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB:selinux: debug message severity level was adjusted

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e731368ed9cea9b35d0ae654e1534084c6ef4642">e731368e</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB:service: severity level of few debug messages adjusted

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/82dc14b027f9115cabafce71d2b385d5c7d1dd4f">82dc14b0</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB:upgrade: debug message corrected

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/daa5454f870a5436a554091a1333cc8be0cbc566">daa5454f</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB:views: few debug message corrections

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fe0530ef96baa8fd39ce6b87c0c760e17c5eb6f8">fe0530ef</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">MONITOR: severity level of few debug messages adjusted

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/85d8adc4d24f09e47f2a9c0fa595d90c61036b18">85d8adc4</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">P11_CHILD: severity level of few debug messages adjusted

Severity level of few debug messages was adjusted and journal message
in case of disabled certificate verification was added.

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d6f6f053d7a97a220b52ce92fd653eef8cec5a74">d6f6f053</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">AD: few debug message corrections

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2f70695a874dcb84d4b86773138a5a6b6259958f">2f70695a</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">DP: few debug message corrections

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/667b983aaee380c50d50ef07542b004e60041581">667b983a</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">IPA: few debug message corrections

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9244820af59ba6b947cf9aa1269d03bb6f2e4f38">9244820a</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">KRB5: few debug message corrections

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ff8f44ce2d2eedb098d980793a949f7f7e55576a">ff8f44ce</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">LDAP: few debug message corrections

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d91409df456f9ad7aad39d0cad0ed053cf1f3653">d91409df</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">PROXY: few debug message corrections

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fb052a4c9843ce518a7202d842c43631f8bbfd2d">fb052a4c</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">RESOLV: debug message correction

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/018c08acbb3bbb836c9acefaf5c384eb9231a60a">018c08ac</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">AUTOFS: few debug message corrections

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/01ba32f250a0e51771471c52440c11f6f05f2a48">01ba32f2</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CACHE_REQ: debug message correction

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/058644f2ef6d1958db657d371158d2df7798dd49">058644f2</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">RESPONDER: few debug message corrections

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f457a1a69240381ad7637a09dc66c1aeb78e1d18">f457a1a6</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">IFP: few debug message corrections

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f028253ff87bf11ed034ad5acf1f67e8863bed60">f028253f</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">NSS: few debug message corrections

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3cbd0465b52f9bbb7e20b0b12e154f51bab0866e">3cbd0465</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">PAM: few debug message corrections

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5068655a67f88cb1730f28689c5effee264321ad">5068655a</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UTIL: few debug message corrections

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ac22859006b5658017b2720ca3e02d34c5beecdd">ac228590</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">PAM: reduce log level in may_do_cert_auth()

Reduce log level in may_do_cert_auth() as this is not a critical failure

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a7b6413d9fb870f51f09955bdceee01952442c63">a7b6413d</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UTIL: sss_ldb_error_to_errno() improved

LDB_ERR_NO_SUCH_ATTRIBUTE error code was added to mapping and log level
for unknown error code was reduced.

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/52dc85540e621b00f358fea94e2e390d580948d8">52dc8554</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:48+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB: reduce log level in sysdb_update_members_ex() in case failed attempt to DEL unexisting attribute

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/99e44d9db41f5bb56281ed65d815c32139195931">99e44d9d</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">LDAP: added missed \n in log message

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a419b7e673d2de571d873b79be31b1ae2fa89832">a419b7e6</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SSS_IFACE: corrected misleading return code

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1af89925e62cccacb2957f55b16988a5e71fe5e1">1af89925</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">IPA: corrected confusing message

Log message like:
```
sysdb_getpwnam() got more users than expected. Expected [1], got [0]
```
looks a bit confusing.

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/69aa3e8c4b82a06e45ba59eb1c17af252aa971ce">69aa3e8c</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">DP: do not log failure in case provider doesn't support check_online method

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/90dae38d7442757b8a51f91a6ba3fb83f99320a1">90dae38d</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">RESPONDER: reduce log level in sss_parse_inp_done() in case of "Unknown domain" since this might be search by UPN

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6e3b4d745fc8d2de14d69aa30bc21aa549a435f8">6e3b4d74</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SBUS: reduced log level in case of unexpected signal

Most probably module is not fully initialized yet.

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a7b145b99b9f71ad3d02251fff5b587041c9f1ab">a7b145b9</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">LDAP: reduced log level in hosts_get_done()

Absent host in LDAP server isn't SSSD failure.

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/26fdc3c8f0ae6493442ea291d9bf36ba148ef209">26fdc3c8</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CACHE_REQ: reduced log level in cache_req_object_by_name_well_known() Non fqdn input isn't necessarily an error here.

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ed6ec569780ad8203c4990faed5a9f0dc27dd12b">ed6ec569</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SDAP: reduced log level in case group without members

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/29f243fd5b256efe3c7f4e4f0940c7d0ae6b4fa1">29f243fd</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">AD: reduced log level in case check_if_pac_is_available() can't find user entry. This is typical situation when, for example, INITGROUPS lookup is executed for uncached user.

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4fe060abbe958c2f9b5aa44e489620063029aa0b">4fe060ab</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">FILES: reduced debug level in refresh_override_attrs() if case "No overrides, nothing to do"

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/644453f8d93540a91236683015f3418d29c6d95a">644453f8</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">LOGS: default log level changed to <= SSSDBG_OP_FAILURE

:config: New default value of `debug_level` is 0x0070

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0986cf6ced8c4e09b8031d19eddffca679aca30c">0986cf6c</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UTIL: fixed bug in server_setup() that prevented setting debug level to 0 explicitly

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9215cf4e2519d5f085bf97f26a74d499090e46e1">9215cf4e</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CERTMAP: removed stray debug message

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9390af3c2d1b33e2b5ded0ea0c6c436b9776cedc">9390af3c</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">IPA: reduce log level in apply_subdomain_homedir()

Missing UID for SYSDB_GROUP_CLASS is not an error
(see commit message of e66517dcf63f1d4aaf866c22371dac7740ce0a48 for
additional details)

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/60b17be9e4f4865fe1774076808a6c783a7ec906">60b17be9</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB: changed log level in sysdb_update_members_ex()

Fail to add already existing member isn't critical.

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bf873598a9d4ac8256b20859c0d92fb509861b6b">bf873598</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">IPA: ignore failed group search in certain cases

It's currently expected to see those messages with sudo or HBAC rules in play.

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e86599ba079611ed324ff1493a7173d11c1a7961">e86599ba</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">IPA: changed logging in ipa_get_subdom_acct_send()

Frontends do not know what kind of lookup the backends support
so it is expected that they might send unsupported requests.

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dba7de0db3cbaee43ef06a1b7c847fbcf48f3708">dba7de0d</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SYSDB: changed logging in sysdb_get_real_name()

Missing cache entry isn't an error.

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/00e3ac4a4f9b6c8da27daa3ed8c18664c99256bb">00e3ac4a</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">LDAP: reduce log level in case of fail to store members of missing group (it might be built-in skipped intentionally)

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0db68a1f95612fcbad18ca8107a4b170f446dd59">0db68a1f</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">LDAP: sdap_save_grpmem(): log level changed

There are legitimate reasons when sdap_save_grpmem() can be called
with `ignore_group_members = true`

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bd2f38abe95645b9b16b12d12dac6008b0d2a03b">bd2f38ab</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2020-12-22T19:34:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">UTIL: find_domain_by_object_name_ex() changed log level

It's up to user of this function to judge if fail to parse fqname is
a critical error.

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4ea1739d09bcf5d65ded8f7063c4b78b5195e6f2">4ea1739d</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-01-11T11:23:57+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pam_sss: fix missing initializer warning

src/sss_client/pam_sss.c: In function ‘prompt_sc_pin’:
src/sss_client/pam_sss.c:1865:41: error: missing initializer for field ‘prev’ of ‘struct cert_auth_info’ [-Werror=missing-field-initializers]
 1865 |                                         NULL, NULL, NULL, NULL, NULL, NULL };

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c0ae6d34ff7c170ca0e6d0faa8a2daf9a77becb7">c0ae6d34</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-01-11T11:23:57+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pamsrv_gssapi: fix implicit conversion warning

src/responder/pam/pamsrv_gssapi.c: In function ‘pam_cmd_gssapi_sec_ctx’:
src/responder/pam/pamsrv_gssapi.c:716:64: error: implicit conversion from ‘enum sss_domain_type’ to ‘enum cache_req_dom_type’ [-Werror=enum-conversion]
  716 |                                      cli_ctx->rctx->ncache, 0, DOM_TYPE_POSIX,

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a25256fe22dd0b976093d15a5c7c73e1dc64bbcc">a25256fe</a></strong>
<div>
<span>by Sergio Durigan Junior</span>
<i>at 2021-01-11T11:24:19+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Only start sssd.service if there's a configuration file present

This commit is the follow-up of the discussion that is happening here:

https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1900642

In a nutshell, SSSD is compile with --disable-files-domain and
installed without a configuration file by default, which means that
it's impossible to start it successfully unless the user has actively
created/copied a sssd.conf inside /etc/sssd.

There are two possible ways to have sssd.service successfully start:

1) If SSSD is configured with --enable-files-domain, then no
   configuration file is required, and the service can start normally.

2) If SSSD is configured with --disable-files-domain, then a
   configuration file is required.  This can be either
   /etc/sssd/sssd.conf, or a snippet under /etc/sssd/conf.d/.

For this reason, I'd like to suggest that we conditionally add the
following lines to sssd.service:

  ConditionPathExists=|/etc/sssd/sssd.conf
  ConditionDirectoryNotEmpty=|/etc/sssd/conf.d/

These lines will be added only if SSSD is not configured with
--enable-files-domain.

Signed-off-by: Sergio Durigan Junior <sergio.durigan@canonical.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1a616b590da29422d8c1cb94c14fa6cfa5442fda">1a616b59</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2021-01-11T11:26:26+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">tests: modify ipa client install for fedora

freeipa installs as a package in fedora

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f7ccc6799a7521e47bacc12222b6ec51c1e4cda6">f7ccc679</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2021-01-15T11:56:12+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TEST: Split tier1 tests with new pytest marker

Runtime for tier1 tests is currently 70 minutes. It will continue to
grow as we add new tests to it and the time for execution would increase
as well. To keep the job to run within 60 minutes, we are adding a new
marker "tier1_2" and a new job. This job will run in parallel on
separate resources to bring down the total time taken for execution.

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/19c2c641e669ee1c08d6706c132625dc30e64609">19c2c641</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-01-15T11:56:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">simple: fix memory leak while reloading lists

The simple access provider will reload the access and deny lists at
runtime to make sure that users and groups from domains which are
discovered at runtime are properly processed.

While reloading the lists the original lists are not freed and an
intermediate list wasn't removed as well.

Resolves: https://github.com/SSSD/sssd/issues/5456

:fixes: Memory leak in the simple access provider

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d207eaafc77b92ce43a5ea28cb857af9eedefaa5">d207eaaf</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-01-15T12:02:06+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">RESOLV: handle fail of ares_parse_*_reply() properly

With modern versions of c-ares ares_parse_*_reply() functions don't touch
`hostent **host` in case of fail.
This means it's unreliable to check for (hostent != NULL) without previous
initialization.
To be on a safe side it's better to check for return code as well.

Resolves: https://github.com/SSSD/sssd/issues/5451

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0f2d31e2ebdb73ca7a43a548552c8107353b233e">0f2d31e2</a></strong>
<div>
<span>by Steeve Goveas</span>
<i>at 2021-01-15T12:18:45+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">tests: netstat command not found for test

use ss instead of installing net-tools for netstat.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bdf461c7577c458d7b2a785b2007c0ccae73e3f7">bdf461c7</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-01-15T12:51:49+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SBUS: do not try to del non existing sender

Resolves: https://github.com/SSSD/sssd/issues/5425

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b5c5281c5ace472e95b425d4f67e194c29c9ca33">b5c5281c</a></strong>
<div>
<span>by aborah</span>
<i>at 2021-01-15T12:52:24+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TESTS:sssd-kcm does not store TGT with ssh login using GSSAPI

A RHEL 8.0 system set up for GSSAPI login for ssh allows to
log in but does not actually store the ticket. klist shows
no ticket after login. NFS4 with kerberos does not mount
a home directory as a result.

Verifies: https://github.com/SSSD/sssd/issues/5333

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1722842

Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/39c52817d3185876f166a8f260ee4e04e543cc16">39c52817</a></strong>
<div>
<span>by Anuj Borah</span>
<i>at 2021-01-15T12:52:41+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">TESTS:KCM: Increase client idle timeout to 5 minutes

By default, KCM has a 60-second idle client timeout.
This might not be enough, because the client is often kinit,
so there is some user interaction involved.

Verifies: https://github.com/SSSD/sssd/issues/4829

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1884205

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cc173629f30fbc885ee90e52a205554b118e0ee6">cc173629</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-01-15T14:29:18+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">gssapi: default pam_gssapi_services to NULL in domain section

We need to distinguish when the option is not set in domain section and when
it is is explicitly disabled. Now if it is not set, domain->gssapi_services
is NULL and we'll use value from the pam section.

Without this change, the value in the pam section is ignored.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/111b8b4d62a4fe192c075e6f6bfacb408e6074b3">111b8b4d</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-01-15T14:29:18+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pam_sss_gssapi: fix coverity issues

```
1. Defect type: RESOURCE_LEAK
7. sssd-2.4.0/src/sss_client/pam_sss_gss.c:556: leaked_storage: Variable "username" going out of scope leaks the storage it points to.
Expand
2. Defect type: RESOURCE_LEAK
3. sssd-2.4.0/src/sss_client/pam_sss_gss.c:321: leaked_storage: Variable "reply" going out of scope leaks the storage it points to.
Expand
3. Defect type: RESOURCE_LEAK
7. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260: leaked_storage: Variable "username" going out of scope leaks the storage it points to.
Expand
4. Defect type: RESOURCE_LEAK
6. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260: leaked_storage: Variable "upn" going out of scope leaks the storage it points to.
Expand
5. Defect type: RESOURCE_LEAK
7. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260: leaked_storage: Variable "target" going out of scope leaks the storage it points to.
Expand
6. Defect type: RESOURCE_LEAK
7. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260: leaked_storage: Variable "domain" going out of scope leaks the storage it points to.

1. Defect type: CLANG_WARNING
1. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260:16: warning[unix.Malloc]: Potential leak of memory pointed to by 'username'
Expand
2. Defect type: CLANG_WARNING
1. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260:16: warning[unix.Malloc]: Potential leak of memory pointed to by 'upn'
Expand
3. Defect type: CLANG_WARNING
1. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260:16: warning[unix.Malloc]: Potential leak of memory pointed to by 'target'
Expand
4. Defect type: CLANG_WARNING
1. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260:16: warning[unix.Malloc]: Potential leak of memory pointed to by 'domain'
```

Also fix compilation warning
```
../src/sss_client/pam_sss_gss.c:339:5: warning: ‘reply’ may be used uninitialized in this function [-Wmaybe-uninitialized]
  339 |     free(reply);
      |     ^~~~~~~~~~~
../src/sss_client/pam_sss_gss.c:328:14: note: ‘reply’ was declared here
  328 |     uint8_t *reply;
      |              ^~~~~
../src/sss_client/pam_sss_gss.c:270:11: warning: ‘reply_len’ may be used uninitialized in this function [-Wmaybe-uninitialized]
  270 |     upn = malloc(reply_len * sizeof(char));
      |           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/sss_client/pam_sss_gss.c:327:12: note: ‘reply_len’ was declared here
  327 |     size_t reply_len;
      |            ^~~~~~~~~
```

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2499bd145f566bfd73b8c7e284b910dd2b36c6d1">2499bd14</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-01-18T10:36:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">cache_req: ignore autofs not configured error

Otherwise we return ERR_OFFLINE for domains where autofs provider is not
set (such as implicit files domain) which is undesirable.

Steps to reproduce:
1. Enable implicit files domains and LDAP domain with autofs configured
2. Setup NFS server to export `/exports` with `/exports/home/test`
3. Add autofs mount points:
```
dn: ou=mount,dc=ldap,dc=vm
ou: mount
objectClass: organizationalUnit
objectClass: top

dn: nisMapName=auto.master,ou=mount,dc=ldap,dc=vm
objectClass: nisMap
objectClass: top
nisMapName: auto.master

dn: cn=/export/home,nisMapName=auto.master,ou=mount,dc=ldap,dc=vm
objectClass: nisObject
objectClass: top
cn: /export/home
nisMapEntry: auto.home
nisMapName: auto.master

dn: nisMapName=auto.home,ou=mount,dc=ldap,dc=vm
objectClass: nisMap
objectClass: top
nisMapName: auto.home

dn: cn=/,nisMapName=auto.home,ou=mount,dc=ldap,dc=vm
objectClass: nisObject
objectClass: top
cn: /
nisMapEntry: -fstype=nfs,rw master.ldap.vm:/export/home/&
nisMapName: auto.home
```
4. Run SSSD and autofs
5. cd to /exports/home/test

The directory will not be mounted with the new autofs protocol. It
will succeed with the old protocol. In both versions, you'll see
that SSSD returned ERR_OFFLINE:

```
(2021-01-15 11:44:48): [be[implicit_files]] [sbus_issue_request_done] (0x0040): sssd.DataProvider.Autofs.GetEntry: Error [1432158215]: DP target is not configured
...
(2021-01-15 11:44:49): [autofs] [cache_req_search_cache] (0x0400): CR #3: Looking up [auto.home:test] in cache
(2021-01-15 11:44:49): [autofs] [cache_req_search_cache] (0x0400): CR #3: Object [auto.home:test] was not found in cache
(2021-01-15 11:44:49): [autofs] [cache_req_search_ncache_add_to_domain] (0x2000): CR #3: This request type does not support negative cache
(2021-01-15 11:44:49): [autofs] [cache_req_process_result] (0x0400): CR #3: Finished: Error 1432158212: SSSD is offline
```

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c48a4e8047ab913e879a77243ac8e56cca8a3c57">c48a4e80</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-01-18T11:15:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed leftovers after PR #5246

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6ca29942ca479c20ededf64e640270e2e39c9b50">6ca29942</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-01-18T11:15:52+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">krb5_child: use proper umask for DIR type ccaches

The current umask only had files in mind and hence only allowed read and
write permissions for the user. If the new directory must be created
for DIR type credentials caches the 'execute' permission is needed as
well so that the user can change into the directory. This patch changes
the umask to allow this if a DIR type credential cache is requested.

Resolves: https://github.com/SSSD/sssd/issues/5436

:fixes: krb5_child uses proper umask for DIR type ccaches

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/66ef363b1c5ad0c660e848890717921c79934bc7">66ef363b</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-01-18T11:16:20+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">dhash tables are now created with count=0 whenever no useful size hint available

This improves performance. For justification see
https://github.com/SSSD/sssd/issues/5134#issuecomment-737443576
and next comment.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cdad9480242f4fecd59c8dc8582976217ee51ffd">cdad9480</a></strong>
<div>
<span>by Madhuri Upadhye</span>
<i>at 2021-01-21T10:49:05+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: alltests: "ldap_library_debug_level" option to domain section

Configure single domain and check "ldap_library_debug_level"
parameter.
It consists of three test cases:
  1. Check ldap_library_debug_level option with config-check
  2. Set ldap_library_debug_level to zero and check
     corresponding logs
  3. Set ldap_library_debug_level to two and check
     corresponding logs

Verifies:
Issue: #5178
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1884207

Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a06ce2107e0bad14e7313f218db514947d8cad2f">a06ce210</a></strong>
<div>
<span>by Marco Trevisan (Treviño)</span>
<i>at 2021-01-21T10:49:21+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">test_ca: Look for libsofthsm2 in libdir before falling back to hardcoded paths

Right now building SSSD in archs different from amd64 (at least in
debian and derivatives) won't ever get the test_CA built because
libsofthsm2 won't be found (leading also to #5397 at times).

As per this, until they won't provide a pkg-config file:
 - Prioritize looking for libsofthsm2 in configured libdir (will help
   the developer case when using custom prefixes with custom softhsm2)
 - Fallback to /usr prefixes, supporting any arch (not only x86_64)

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0c6924b8d474daf35ee30d74e5496957e503b206">0c6924b8</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-01-22T12:57:50+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">SBUS: set sbus_name before dp_init_send()

Some async task might access sbus_name before dp_initialized() was executed

Resolves: https://github.com/SSSD/sssd/issues/5466

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e7fb88fc6ffd1373a752ceada30d20eddc00a435">e7fb88fc</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-01-22T12:58:10+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">BUILD: Accept krb5 1.19 for building the PAC plugin

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fb6edec606861483f5b31e026a46d887112485d7">fb6edec6</a></strong>
<div>
<span>by Shridhar Gadekar</span>
<i>at 2021-01-22T12:58:38+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests:ad:sudo: support non-posix groups in sudo rules

Verifies #sudo: support non-posix groups in sudo rules
bz1826272

Signed-off-by: Shridhar Gadekar <sgadekar@sgadekar.pnq.csb>

Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6c9f929ada7b169e9015b031c93a5be7ce8b02af">6c9f929a</a></strong>
<div>
<span>by Deepak Das</span>
<i>at 2021-01-25T11:31:14+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">man: sss_override clarification

Clarify sss_override in man pages to indicate that the command is only
supported with LDAP and AD provider.

Resolves: https://github.com/SSSD/sssd/issues/5471

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e07eeea7df55ede36ac0978ac904c1bb11188265">e07eeea7</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-01-25T11:31:38+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">responders: add callback to schedule_get_domains_task()

To allow responders to run dedicated code at the end of the initial
getDomains request a callback is added.

Resolves: https://github.com/SSSD/sssd/issues/5469

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cb936e92041d63f79a74c30bae8140c74a18dbc0">cb936e92</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-01-25T11:31:38+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pam: refresh certificate maps at the end of initial domains lookup

During startup SSSD's responders send a getDomains request to all
backends to refresh some domain related needed by the responders.

The PAM responder specifically needs the certificate mapping and
matching rules when Smartcard authentication is enable. Currently the
rules are not refreshed at the end of the initial request but the code
assumed that the related structures are initialized after the request
finished.

To avoid a race condition this patch adds a callback to the end of the
request to make sure the rules are properly refreshed even if they are
already initialized before.

Resolves: https://github.com/SSSD/sssd/issues/5469

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cd48ef5071741443e3b84e100a4d4d28e3578e4f">cd48ef50</a></strong>
<div>
<span>by Alexander Bokovoy</span>
<i>at 2021-01-26T11:53:52+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">sudo runas: do not add '%' to external groups in IPA

When IPA allows to add AD users and groups directly to sudo rules
(FreeIPA 4.9.1 or later), external groups will already have '%' prefix.
Thus, we don't need to add additional '%'.

Resolves: https://github.com/SSSD/sssd/issues/5475
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0eb0281c9620086cda0e814532398e5a9a4b7092">0eb0281c</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-01-26T11:56:22+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">man: add auto_private_groups to subdomain_inherit

This option can be inherited since 41c497b8b9e6efb9f2aa8e4cc869d465c3b954b3

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/12eb04b2fd698245d653c9166af29949d337b3be">12eb04b2</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-01-26T11:56:22+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">subdomains: allow to inherit case_sensitive=Preserving

Resolves: https://github.com/SSSD/sssd/issues/5250

:feature: `case_sensitive` option can be now inherited by subdomains

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f2655950430a25abc6b74761b2872004e3258893">f2655950</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-01-26T11:56:22+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">subdomains: allow to set case_sensitive=Preserving in subdomain section

Resolves: https://github.com/SSSD/sssd/issues/5250

:feature: `case_sensitive` can be now set separately for each
  subdomain in `[domain/parent/subdomain]` section
:feature: `case_sensitive=Preserving` can now be set for trusted domains with AD provider

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f6bb31af5b5c6605f33377f0750c85d0ff722385">f6bb31af</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-01-26T11:56:22+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">subdomains: allow to inherit case_sensitive=Preserving for IPA

Resolves: https://github.com/SSSD/sssd/issues/5250

:feature: `case_sensitive=Preserving` can now be set for trusted domains
  with IPA provider. However, the option needs to be set to `Preserving`
  on both client and the server for it to take effect.

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/944c47e27c4e5a01816bb897efb33c1825a64078">944c47e2</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-01-26T11:56:22+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">man: update case_sensitive documentation to reflect changes for subdomains

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/568bb1a0ffd683882fc5ad7b7f3fca40357fed1a">568bb1a0</a></strong>
<div>
<span>by peptekmail</span>
<i>at 2021-01-26T11:59:10+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add rsassapss cert for future checks

3rd party smartcard providers sometimes use rsassapss for signing combined with a smaller nonstandard exponent.
Unexpected characters in the commonname field creates troubles.
Add more unexpected settings to this cert to easily create future checks.

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/92ed415cd3139f29446879ce114fc0c1767ad5fd">92ed415c</a></strong>
<div>
<span>by peptekmail</span>
<i>at 2021-01-26T11:59:10+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add rsassapss cert for future checks

3rd party smartcard providers sometimes use rsassapss for signing combined with a smaller nonstandard exponent.
Unexpected characters in the commonname field creates troubles.
Add more unexpected settings to this cert to easily create future checks.

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7f3576ea3e0b70199b0b9f66f4182ce0da9db052">7f3576ea</a></strong>
<div>
<span>by peptekmail</span>
<i>at 2021-01-26T11:59:10+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add rsassapss cert for future checks

Fix README typo

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b0edc83e3e70b4dc62d89e4ea1c53911b703250b">b0edc83e</a></strong>
<div>
<span>by Armin Kuster</span>
<i>at 2021-01-29T10:19:31+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Provide missing defines which otherwise are available on glibc system headers

Signed-off-by: Armin Kuster <akuster808@gmail.com>

--
V2]
remove space before define

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3986deade966353bc6ce0030156b3c3712724452">3986dead</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-01-29T10:19:50+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">PROXY: child process security hardening

Resolves: https://github.com/SSSD/sssd/issues/3730

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b6fc7c0e9a9856914d20578f64e0a2e8b482f90a">b6fc7c0e</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-01-29T10:19:50+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Sanitize --domain option to allow safe usage as a part of log file name

Resolves: https://github.com/SSSD/sssd/issues/3730

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2d26c95d78cf43798b54ac8c478b8a9ee41cab39">2d26c95d</a></strong>
<div>
<span>by Sumit Bose</span>
<i>at 2021-02-04T14:09:13+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ssh: restore default debug level

The recent change of the default debug level for the main SSSD
components affected the ssh helpers sss_ssh_authorizedkeys and
sss_ssh_knownhostsproxy as well.

To avoid any confusion about unexpected debug messages this patch
restores to original value for the two helpers.

Resolves: https://github.com/SSSD/sssd/issues/5488

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/536e8b83ae72eee89e2a19f3d66d0376a2daaaed">536e8b83</a></strong>
<div>
<span>by Madhuri Upadhye</span>
<i>at 2021-02-04T14:09:35+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">alltests: password_policy: Removing the log debug messages

Removing the debug messages since it's neither from PAM, SSSD,
nor passwd and test does not depend on this dubug messages.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5892c3676b4e3b57693504eef574dd3cd4af543f">5892c367</a></strong>
<div>
<span>by Evgeny Sinelnikov</span>
<i>at 2021-02-04T14:09:50+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">krb5: allow to use subdomain realm during authentication

Resolves: https://github.com/SSSD/sssd/issues/4759

:feature: `krb5_use_subdomain_realm=True` can now be used then subdomain user
  principal names with different upnSuffixes not found in parent domain as it
  requires to be supported on serverside, but not implemented in samba yet.

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/78af35c350fc871884b5f3b35e97210bf74dcf4f">78af35c3</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T11:56:52+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">po: add pam_sss_gss to translated man pages
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6add2ef311815a25598e1ec90d28119636976e21">6add2ef3</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T11:59:35+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pot: update pot files
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/01cc2674959ec249702465621f57259fc779650b">01cc2674</a></strong>
<div>
<span>by Valters Jansons</span>
<i>at 2021-02-05T13:06:43+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">DEBUG: Drop custom syslog identifier from journald

`SYSLOG_IDENTIFIER` field is removed from logging output to journald.
The default behavior will use the program name automatically.

This ensures that if there is rsyslog in place, producing BSD-format
syslog output (RFC 3164), then there are no unexpected `[` characters.
The resulting syslog output will also be aligned with the behavior
of `--with-syslog=syslog` which uses the program name by default.

`SSSD_PRG_NAME` field has been added to the journald log as well,
to be consistent with the `DEBUG()` output. This field holds the
value that `SYSLOG_IDENTIFIER` had previously and can be used for
filtering journal as a drop-in replacement.

Resolves: https://github.com/SSSD/sssd/issues/4590

:relnote: `SYSLOG_IDENTIFIER` was renamed to `SSSD_PRG_NAME` in journald
  output, to avoid issues with PID parsing in rsyslog (BSD-style
  forwarder) output.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d163a120b922a49b458dc9568d90c4066cee2d73">d163a120</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: synchronize with Fedora 34 spec file

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3e5ff111c809fce014f7218703da22b17b1a8b8d">3e5ff111</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: remove unneeded conditionals and unused variables

This patch removes unused variables and unneeded conditions that
reflect current state.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8b68aa28d7ad41b57eda5524241a50a9fa2b51e8">8b68aa28</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: keep _strict_symbol_defs_build

SSSD now builds fine with -Wl,-z,defs

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/eb6a3bacba1acbb16c7e233e0d83f287e74c4ee9">eb6a3bac</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: enable LTO

SSSD builds fine with LTO. The only problem was in tests but it is now fixed.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2b1c3c3ddb4e402e2ef584bea492e73ae2306eac">2b1c3c3d</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: remove support for NSS

We no longer built with NSS. --with-crypto option no longer exist and
we don't require these packages anymore.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fcbbf12444383c6de0a008511afc634777a4417c">fcbbf124</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: remove --without-python2-bindings

Python2 bindings are not built by default anymore.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2970cd6398f6a179ed0ab2ff3471a7b7d6a60e5c">2970cd63</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: re-import changes that were not merged in Fedora

There were several changes in upstream spec file that were not merged
in Fedora but fixed valid problems. These are:

- https://github.com/SSSD/sssd/pull/1008
- https://github.com/SSSD/sssd/pull/1039
- https://github.com/SSSD/sssd/pull/5137
- https://github.com/SSSD/sssd/commit/e698d53e0ddd3c2778e04fd8e405f8c0cee0a766
- https://github.com/SSSD/sssd/commit/7fbc7e3ffb7a5c0090bb2091011762dabf1f512f

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5eb4d5c8e02c4c2ed32bee7269cf681b68613ed9">5eb4d5c8</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: synchronize with RHEL spec file

Bring stuff from RHEL spec file that was not available in Fedora.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e56ddbeddc16a8539d67ddef8b0ade692b7e5894">e56ddbed</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: use sssd user on RHEL

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/38d7614664ed514028cfe64c158cc7fd0e1a0355">38d76146</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: remove conflicts that no longer make sense

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bf1482c2fc800caccf69e21678a2c3e5323ba966">bf1482c2</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: remove unused BuildRequires

- http-parser-devel, libcurl-devel - needed by secrets responder which is not built anymore
- dbus-libs, openssl, systemd - pulled in by -devel packages
- libcollection-devel, nspr-devel - not required

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6f47eaca41eab04c043c005e161556606962878d">6f47eaca</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: remove unused Requires

- simpleifp was required by sssctl but not anymore
- we don't call ldconfig in post for client

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5d02f1e8b15a89a4bf55c4d1a3929ee28a255d0c">5d02f1e8</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: sort Requires, BuildRequires and configure for better clarity

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/482ab2d8f83f11e0df6d3e46e1ff2e418a6d0a17">482ab2d8</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: comment some requirements

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ff0f76561a9794a8a7f53d95a9ebd754dec9a677">ff0f7656</a></strong>
<div>
<span>by Alexey Tikhonov</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Makefile: add missing '-fno-lto' to some tests

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ea55cd023420dd1aeb19be20c008b43222d07717">ea55cd02</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: fix spelling in package description

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3ee3c4c619709d7a68dc68d50f76a60207df483a">3ee3c4c6</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: use %autosetup instead of %setup

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/78323d44efc657cde1ec4bfaf2cbba9dd04f614c">78323d44</a></strong>
<div>
<span>by Pavel Březina</span>
<i>at 2021-02-05T13:09:33+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">configure: libcollection is not required

libcollection is required by other ding-libs libraries but it is not
directly required for sssd.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b38701b9ebdfe1291e0d9f7aa6ff814f9b42b51a">b38701b9</a></strong>
<div>
<span>by Weblate</span>
<i>at 2021-02-05T13:12:14+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update the translations for the 2.4.1 release
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/33ff9f781a3fc9f2f13b2fc53c9064b50a989597">33ff9f78</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-02-09T13:10:42+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'upstream'
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/325d22db45fb8c3894ebe5bb663c4605a9b818d3">325d22db</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-02-09T13:11:07+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">bump the version
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2d2b2465dcfb2624783cee74b65badd5d3e52741">2d2b2465</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-02-09T13:19:28+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">libpam-sss.install: Add pam_sss_gss.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fce8477a45c3434ebacdbc9c206b136d85ab6b43">fce8477a</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-02-10T11:32:41+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">releasing package sssd version 2.4.1-1
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/176219100f7f288bd8375cf5891056cb634efc6e">17621910</a></strong>
<div>
<span>by Marco Trevisan (Treviño)</span>
<i>at 2021-02-10T13:27:25+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">debian/control: Mark test packages as <!nocheck>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0f18dac83aa607ebb871eb06da6136ec6f63bcc8">0f18dac8</a></strong>
<div>
<span>by Marco Trevisan (Treviño)</span>
<i>at 2021-02-10T13:27:29+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">debian/rules: Don't run tests if nocheck is set
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/10090fd82a5d99ecce580ec5daaae6c7f79eea90">10090fd8</a></strong>
<div>
<span>by Marco Trevisan (Treviño)</span>
<i>at 2021-02-10T13:27:34+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">debian/control: Add missing test dependencies
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/88f59818156db0f846b16b4764a0757111998188">88f59818</a></strong>
<div>
<span>by Marco Trevisan (Treviño)</span>
<i>at 2021-02-10T13:27:38+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">debian/patches: Get libsofthsm2 from right path for each architecture
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d2817ef421e09a4bc63938a5125a41e4c4975ea2">d2817ef4</a></strong>
<div>
<span>by Marco Trevisan (Treviño)</span>
<i>at 2021-02-10T13:27:42+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">debian/rules: Enable tests again
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/69297dcfd1d95f5479110eb25807aa2657908a23">69297dcf</a></strong>
<div>
<span>by Marco Trevisan (Treviño)</span>
<i>at 2021-02-10T13:27:46+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">debian/control: Enable libcmocka (and so unit tests) all the archs
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a4812d2df2e8b169aa54831cd06141747b811dbb">a4812d2d</a></strong>
<div>
<span>by Marco Trevisan (Treviño)</span>
<i>at 2021-02-10T13:28:18+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">debian/changelog: Update
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8e54d15c2311dfd7a69574509d89f9eeb9aa5a24">8e54d15c</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-02-10T13:49:02+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">test_ca-Look-for-libsofthsm2-in-libdir-before-falling-bac.patch: Dropped, upstream.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a70c003a9cc2b861b7659f9cf9a092d9c102f870">a70c003a</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2021-02-10T13:49:10+02:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">releasing package sssd version 2.4.1-2
</pre>
</li>
</ul>
<h4>11 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#d5b4de16d947214ec306bd57bed1bd23a939b5f9">
Makefile.am
</a>
</li>
<li class="file-stats">
<a href="#87db583be5c13c1f7b3c958b10e03d67b6a2ca06">
configure.ac
</a>
</li>
<li class="file-stats">
<a href="#12040a924868607fee71666a866c257822849c14">
contrib/ci/run-multihost
</a>
</li>
<li class="file-stats">
<a href="#9b53d1abb789b8702072c8320950619feeeeee68">
contrib/kcm_default_ccache
</a>
</li>
<li class="file-stats">
<a href="#b8d57aa4a09effcbac8deeffe8aea9131499424f">
contrib/sssd.spec.in
</a>
</li>
<li class="file-stats">
<a href="#9c96da0e9f91d7d8937b69b524702c106258f0d1">
debian/changelog
</a>
</li>
<li class="file-stats">
<a href="#58ef006ab62b83b4bec5d81fe5b32c3b4c2d1cc2">
debian/control
</a>
</li>
<li class="file-stats">
<a href="#ae7a490b9cabfd8613151e42f6046a3274799c1a">
debian/libpam-sss.install
</a>
</li>
<li class="file-stats">
<a href="#8756c63497c8dc39f7773438edf53b220c773f67">
debian/rules
</a>
</li>
<li class="file-stats">
<a href="#54d6c31c823e250ebb67120d8dd489a69a02213c">
po/LINGUAS
</a>
</li>
<li class="file-stats">
<a href="#4e573a66c66b45b45a1e180cad791738ed22cdd2">
po/bg.po
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">

<br>
<a href="https://salsa.debian.org/sssd-team/sssd/-/compare/33e94cc5761b1448dcb027884dee03d65d29ea13...a70c003a9cc2b861b7659f9cf9a092d9c102f870">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.



</p>
</div>
</body>
</html>