<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en" style='--code-editor-font: var(--default-mono-font, "GitLab Mono"), JetBrains Mono, Menlo, DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;'>
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style data-premailer="ignore" type="text/css">
a { color: #1068bf; }
</style>
<style>img {
max-width: 100%; height: auto;
}
body {
font-size: .875rem;
}
body {
-webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px;
}
body {
font-family: var(--default-regular-font, "GitLab Sans"),-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;
}
</style>
</head>
<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px; font-family: var(--default-regular-font, "GitLab Sans"),-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>
<div class="content">
<h3 style="margin-top: 20px; margin-bottom: 10px;">
Timo Aaltonen pushed to branch master at <a href="https://salsa.debian.org/sssd-team/sssd">Debian SSSD packaging / sssd</a>
</h3>
<h4 style="margin-top: 10px; margin-bottom: 10px;">
Commits:
</h4>
<ul>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b1e8c210c3eadedf8359d9650f4515e6565b5999">b1e8c210</a></strong>
<div>
<span> by shridhargadekar </span> <i> at 2024-01-16T08:20:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: Dropping the assertion of ssh from analyzer list
minor edit
Reviewed-by: Anuj Borah <aborah@redhat.com>
(cherry picked from commit 2b222dd30f442d98bd1d9b308bdb60bf37a0b319)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9490f2565e6ccdc5368adbf40e34e72d717e0f7a">9490f256</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-01-16T10:07:21+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add single retry for realm leave
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
(cherry picked from commit 684d18b4b6803e2e397d2c72f45cb860ef9c89bc)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bfcb2727552b0807e2a074d9bd2cc867c768639b">bfcb2727</a></strong>
<div>
<span> by dependabot[bot] </span> <i> at 2024-01-16T13:21:34+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build(deps): bump actions/download-artifact from 3 to 4
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v3...v4)
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit 3922f4d79b2b3ab0c77ec89989dece896df67274)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/32390d0bd0417fe76caafa6f4df22b4894501dc3">32390d0b</a></strong>
<div>
<span> by dependabot[bot] </span> <i> at 2024-01-16T13:22:02+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build(deps): bump github/codeql-action from 2 to 3
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit f5f5d83f78544785fbd11d39133ceedcb9f59f5d)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/aa63f77770ce7390f708eefd2f855f5ed6822cee">aa63f777</a></strong>
<div>
<span> by dependabot[bot] </span> <i> at 2024-01-16T13:22:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build(deps): bump actions/upload-artifact from 3 to 4
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit 35ef26b627c8ec8737689ab4044fb6b2836e460f)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/50077c3255177fe1b01837fbe31a7f8fd47dee74">50077c32</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-01-19T16:35:52+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam: fix SC auth with multiple certs and missing login name
While introducing the local_auth_policy option a quite specific use-case
was not covered correctly. If there are multiple matching certificates
on the Smartcard, 'local_auth_policy = only' is set and GDM's Smartcard
mode was used for login, i.e. there is no user name given and the user
has to be derived from the certificate used for login, authentication
failed. The main reason for the failure is that in this case the
Smartcard interaction and the user mapping has to be done first to
determine the user before local_auth_policy is evaluated. As a result
when checking if the authentication can be finished the request was in
an unexpected state because the indicator for local Smartcard
authentication was not enabled.
Resolves: https://github.com/SSSD/sssd/issues/7109
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
(cherry picked from commit 44ec3e4638b0c6f7f45a3390a28c2e8745d52bc3)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1815037472660174dea227077b109a1257da35f9">18150374</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-01-23T14:15:08+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5_child: fix order of calloc arguments
```
/shared/workspace/sssd/src/providers/krb5/krb5_child.c: In function _create_empty_cred_:
/shared/workspace/sssd/src/providers/krb5/krb5_child.c:1317:26: error: _calloc_ sizes specified with _sizeof_ in the earlier argument and not in the later argument [-Werror=calloc-transposed-args]
1317 | cred = calloc(sizeof(krb5_creds), 1);
| ^~~~~~~~~~
/shared/workspace/sssd/src/providers/krb5/krb5_child.c:1317:26: note: earlier argument should specify number of elements, later size of each element
```
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit 7076c5bb2a8a8346a1094993179085a098bf67b6)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/33bb96feeee5d3d93cacc237b86464a99f1b4950">33bb96fe</a></strong>
<div>
<span> by Andre Boscatto </span> <i> at 2024-01-23T14:16:14+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: improving documentation about username and email
Resolves: https://github.com/SSSD/sssd/issues/7136
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit b3124173d8b33b3cea275f1cc08e1a202d7ba72c)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/33cce2910dfea2aa2d7fb25efb502a2339c99bff">33cce291</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-01-24T11:34:02+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Set ciphers for kerberos
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 2fa6ec2cc6f33db28397859b1d901c41be3194fe)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ae2f5e91fa8169c3d0676eba576a2425b719171f">ae2f5e91</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-01-24T12:59:20+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add pytest.ini with marker converted to basic suite
Fix "PytestUnknownMarkWarning: Unknown pytest.mark.converted - is this a typo?"
Reviewed-by: Scott Poore <spoore@redhat.com>
(cherry picked from commit ef581c971e04c7e7698a2f402ba7b961ccee9892)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/28c41415acd21a617de808a340032ace8aa209cd">28c41415</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-01-24T13:44:14+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix OsError in test_kcm_debug_level_set
Resolve "OSError: File '/var/log/sssd/sssd_kcm.log' could not be read"
ba catching and handling this exception as well.
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
(cherry picked from commit 998503210b2644dda35091ce87531d3ee31a94b4)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/39ea88c2b135cb1631d4589b8a49591c68565858">39ea88c2</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-01-30T18:04:28+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: Add sssd testlib to pythonpath for prci multihost
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit 1358f417ab26b4a825e99cc8e5566d21d3f37ccf)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1c3664d3f3bee8718dc0760452d8a2241c950e1d">1c3664d3</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-01-30T18:54:05+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Python black formatting fixes
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit 1bacf49850c482de44269db86d25d3b0161e69a7)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/343ff2defb9e35498d058125e7bafacd0ddee649">343ff2de</a></strong>
<div>
<span> by Günther Deschner </span> <i> at 2024-02-01T19:36:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix the build with Samba 4.20
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 1bf51929a48b84d62ac54f2a42f17e7fbffe1612)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e3d0f0d7ef1b7a0456d27ce7295613bbc86dd4dc">e3d0f0d7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-02-09T15:10:26+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IFP: don't trigger backtrace in case of ACL check fail
Avoid
```
* (2024-02-03 17:39:37): [ifp] [ifp_access_check] (0x0080): User 1000 not in ACL
* (2024-02-03 17:39:37): [ifp] [sbus_check_access] (0x0400): org.freedesktop.sssd.infopipe.Users.FindByName: permission denied for sender :1.290 with uid 1000
* (2024-02-03 17:39:37): [ifp] [sbus_issue_request_done] (0x0040): org.freedesktop.sssd.infopipe.Users.FindByName: Error [13]: Permission denied
```
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 2ef0f838e189c4dfe666a3b1c61692e8e2c35e45)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a7621a5b464af7a3c8409dcbde038b35fee2c895">a7621a5b</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-02-09T15:11:05+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sdap: add search_bases option to groups_by_user_send()
AD handles users and computer objects very similar and so does SSSD's
GPO code when lookup up the host's group-memberships. But users and
computers might be stored in different sub-tree of the AD LDAP tree and
if a dedicated user search base is given with the ldap_user_search_base
option in sssd.conf the host object might be in a different sub-tree. To
make sure the host can still be found this patch uses the base DN of
the LDAP tree when searching for hosts in the GPO code.
Resolves: https://github.com/SSSD/sssd/issues/5708
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 29a77c6e79020d7e8cb474b4d3b394d390eba196)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6a8e60df84d5d2565bec36be19c2def25a6ece1f">6a8e60df</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-02-09T15:11:05+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sdap: add naming_context as new member of struct sdap_domain
The naming_context could be a more reliable source than basedn for the
actual base DN because basedn is set very early from the domain name
given in sssd.conf. Although it is recommended to use the fully
qualified DNS domain name here it is not required. As a result basedn
might not reflect the actual based DN of the LDAP server. Also pure LDAP
server (i.e. not AD or FreeIPA) might use different schemes to set the
base DN which will not be based on the DNS domain of the LDAP server.
Resolves: https://github.com/SSSD/sssd/issues/5708
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit a153f13f296401247a862df2b99048bb1bbb8e2e)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dd0f63246aa75d5f53b44cbc185e88833e79976e">dd0f6324</a></strong>
<div>
<span> by Andre Boscatto </span> <i> at 2024-02-09T19:10:48+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sssd: adding mail as case insensitive
Resolves: https://github.com/SSSD/sssd/issues/7173
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 945cebcf72ef53ea0368f19c09e710f7fff11b51)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a453f9625b40a0a1fbcf055ffa196121f2b248b5">a453f962</a></strong>
<div>
<span> by Sebastian Andrzej Siewior </span> <i> at 2024-02-12T09:40:16+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Drop -extensions from openssl command if there is no -x509
The 'openssl req' ignores the '-extensions' option without '-x509'.
OpenSSL versions prior 3.2 simply ignored it. Starting with version 3.2
an error is generated:
| /usr/bin/openssl req -batch -config
| ../../../../../src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA.config
| -new -nodes -key
| …/build/../src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_key.pem
-sha256 -extensions v3_ca -out SSSD_test_intermediate_CA_req.pem
| Error adding request extensions from section v3_ca
| 003163BAB27F0000:error:11000079:X509 V3 routines:v2i_AUTHORITY_KEYID:no issuer certificate:../crypto/x509/v3_akid.c:156:
| 003163BAB27F0000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:../crypto/x509/v3_conf.c:48:section=v3_ca, name=authorityKeyIdentifier, value=keyid:always,issuer:always
|
Remove the '-extensions' option.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 32b72c7c3303edb2bf55ae9a22e8db7855f3d7d1)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/631c599b56b36be511493e713d4183b8fe90e51c">631c599b</a></strong>
<div>
<span> by shridhargadekar </span> <i> at 2024-02-13T13:07:58+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: sssctl_analyze diff location
Corrected the log assertions for 'id' command
passed to the sssctl analyze <>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
(cherry picked from commit 2176b7d84aee0be58d018862cfa08c00cd6a1aac)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8bf31924265baf81372fe42580dee4064a642375">8bf31924</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-02-14T11:30:39+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sss-client: handle key value in destructor
When the pthread key destructor is called the key value is already set
to NULL by the caller. As a result the data stored in the value can only
be accessed by the first argument passed to the destructor and not by
pthread_getspecific() as the previous code did.
Resolves: https://github.com/SSSD/sssd/issues/7189
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit b439847bc88ad7b89f0596af822c0ffbf2a579df)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/37025a19a82c772b29773904474b600ee3ba8364">37025a19</a></strong>
<div>
<span> by Tomasz Kłoczko </span> <i> at 2024-02-14T11:31:09+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Bump DocBook DTD version to latest stable 4.5
Signed-off-by: Tomasz Kłoczko <kloczek@github.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 4027930598457940e750ec08a27c44bb718e279b)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e1bc03b14144d26129118a28d6688fef9be85efa">e1bc03b1</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-02-16T13:21:56+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Tweak per-test log to de-duplicate output
Deduplicate output between phases so it is not repeated.
(Previous phase output was repeated in the log.)
Fix isseu with "/" in test name.
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
(cherry picked from commit 3caac5f7b0d1e21f9ae578f1da5324dc272aa441)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/566ebfbb0d12e57344ad46f1edf4dd4fc6329a4d">566ebfbb</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2024-02-21T13:43:26+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: multihost/basic/test_kcm converted
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit e235afee2d5948b268d958374114b60293b101fd)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dd921afa55919b31fb9e712d09ae5d99e7765fbe">dd921afa</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-02-21T14:31:28+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Per-test logging: Fix exception on missing call phase.
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
(cherry picked from commit e3af77c734242b00ee69e43f0ed6a62ee29bd02e)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2422af6cb5a1df4c76fbdc153d33b2be3aa0f02b">2422af6c</a></strong>
<div>
<span> by lisa </span> <i> at 2024-02-21T14:33:45+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Convert multihost/ad/test_idmap to test_identity
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
(cherry picked from commit 9506b7b30e6a39820503f6b778976e64d5e5871c)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/31ee5eccd45565126f72f8c84bb45fee338fa34c">31ee5ecc</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-02-22T16:32:10+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: lower log level in sss_krb5_get_init_creds_password()
sss_krb5_get_init_creds_password() is called only with AD to be able to
get more specific error details and does the basic steps also done by
krb5_get_init_creds_password() from libkrb5. In contrast to the libkrb5
function it will return debug output. Unfortunately the log level
is quite low, i.e. messages are shown with the default debug level, and
the messages are send to syslog, too. This can get annoying during
SSSD's pre-auth step to determine the available authentication types
since here, no credentials are provided and errors are somewhat expected
but will be ignored by the callers.
This patch increases the log level during SSSD's pre-auth and only sends
messages with the two lowest log levels to syslog.
Resolves: https://github.com/SSSD/sssd/issues/7197
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 409f175f0b38e46991419c67c0aac59284c67cee)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/923cb398d1dc7993f47584d4e4b0b2595623dc97">923cb398</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-02-22T16:32:10+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: increase log level in map_krb5_error()
The purpose of map_krb5_error() is to translate error codes.
Additionally it will log the errors in case the caller has forgotten to
do it. While this in general make sense the log level was set to the
second lowest and the message was send to the system's log as well. This
is a bit too strong and might give a wrong impression about the nature
and importance of the log message. This patch increases the log level
which avoids sending to the syslog as well.
Resolves: https://github.com/SSSD/sssd/issues/7197
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 4f38fd10c85e16dbca3887347499823143a29316)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ee06f2fe60c1327c5f3cd8afb6dfc71db506d196">ee06f2fe</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-02-23T23:24:10+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: fix isort, black and mypy errors
Introduced by https://github.com/SSSD/sssd/pull/7172.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit e9253e0a7008e4146178be4b4914bb1175318424)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f3d96061ecb1ee5a0d580b88c3dfe3c920f54525">f3d96061</a></strong>
<div>
<span> by Denis Zlobin </span> <i> at 2024-02-26T11:49:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sbus: Fix codegen template for async client
Double semicolon is generated, thus test src/tests/double_semicolon_test
fails for async client source code.
For example, we can generate code for IFP async client.
To do this, add new async interface to src/responder/ifp/ifp_iface/ifp_iface.xml file:
<interface name="org.freedesktop.sssd.infopipe.Tests.Test">
<annotation name="codegen.Test" value="ifp_test" />
<annotation name="codegen.AsyncCaller" value="true" />
<property name="name" type="s" access="read" />
</interface>
Then make check tests. Test fails with an error:
```
Double semicolon found:
../src/responder/ifp/ifp_iface/sbus_ifp_client_async.c:132: *_value = talloc_steal(mem_ctx, state->out->arg0);;
```
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 11a77e8b887691c4f6fad30b4512ba79bd668ba9)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fa7536d18d18ad9709d88dc285b7563c44144c87">fa7536d1</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-02-28T11:56:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add oddjob package to master for multihost/alltests
The package is not pulled automatically as part of deps/packageset
on fedora resulting in subprocess.CalledProcessError: Command
'systemctl restart oddjobd.service' returned non-zero exit status 5.
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
(cherry picked from commit 20175f4136c664777cefad03a6e62ed726191fea)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a61cc9c9981381adbd944c7a555a7fd010b4cf61">a61cc9c9</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-03-06T10:36:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix ipa/conftest.py for fedora.
The installation of shadow-utils fails on fedora as it tries to enable CRB repos.
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
(cherry picked from commit 0a397c28ddf34da2f7dd6800a4e22bcbe80b646d)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/70be3583cd1c7f656be22ca477a071ee38cb1af9">70be3583</a></strong>
<div>
<span> by Jakub Jelen </span> <i> at 2024-03-06T10:57:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>doc: Fix configuration option pam_p11_allowed_services type
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit b7da2450a856d25f8332ea0696520c2ddf7aed7f)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/23849f751315ea218e125f35cd419cce55d27355">23849f75</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-03-06T10:59:08+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: Allow fallback between responder questions
Add support to try the next Preauth type when answering
krb5 questions. Fixes an issue when an IPA user has
both authtype passkey and authtype password set at
the same time.
Resolves: https://github.com/SSSD/sssd/issues/7152
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit c9a333c5215b9ee6080038881a249c329141d0cf)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8d9ae754b50dffafef719ad3fa44e5dd1dde47b3">8d9ae754</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-03-06T10:59:08+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: Add fallback password change support
handle password changes for IPA users with multiple auth types set
(passkey, password)
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit 6c1272edf174eb4bdf236dc1ffd4287b71a43392)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/55e641fbb443205fe330d9ed1b8ab3d564689d55">55e641fb</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-03-06T11:00:45+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adding testcase for gh7174 email case insensitivity
Reviewed-by: Andre Boscatto <aboscatt@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit a80e236b8319f1f0931717debcb093802ba5e2ae)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/afe7d8d86e4df3dcd6af53571e707f908ebc442f">afe7d8d8</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-03-07T11:31:50+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix hostmap tests not to depend on user-nsswitch.conf
The user-nsswitch.conf was removed in F36+. Tests using it therefore
need fixing to use /etc/nssswitch.conf on Fedora instead.
Fixed indentation of install_nslcd.
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
(cherry picked from commit 0935ce945253a5888e5e2b0c5509b926786d7362)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c6dda0ef51663e3d923117c03e6c260f33b259d6">c6dda0ef</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-03-13T14:30:39+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: refactor sssd.conf backup and restore
SSSD configuration backup and restore code was duplicated in multiple
places moved in one place so we can easier change rights and owership
of the file.
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bebb150720620aae97dcae5c11e0b9bea0119b5b">bebb1507</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-03-13T15:40:30+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam: fix invalid #if condition
ifdef should be used as anywhere else, otherwise we hit a build
error if sssd is being built without passkey.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit 603399a43d7bd0b8b6de3b512388b08abb9521ed)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/786a4ebf0738bdc3aa2cc10e5c541017b13aab75">786a4ebf</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-03-13T15:44:38+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: fix isort issue
This issue was introduced in a80e236b8319f1f0931717debcb093802ba5e2ae.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit 41cafd63e98e77f326d9bee256eae1b6be1333b0)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/16e4b5d444fe4bbaaf5ec7c0cdb4265e196ff99d">16e4b5d4</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-03-15T13:03:48+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: use different home dir then /tmp for local user
If sssd startup fails for some reason, teardown would call userdel
which would try to delete /tmp.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit 3488b9e955057333a965b6d620144d7aaa2ec869)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/10c49b1a56f50a136d30e6f00c3d2eb13c63c30b">10c49b1a</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2024-03-15T13:04:17+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: fix default value for pam_passkey_auth
The default was changed to true in
c76ba343b783718468a3a108346d424f9a70eb76 ("PAM: Passkey kerberos preauth
support"), but the man page wasn't updated.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 5841348faad8937698bd697fb637ae5dfe9dc2b6)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/87a46c32da3a206179dd1ad481b8f14a4b3730d8">87a46c32</a></strong>
<div>
<span> by dependabot[bot] </span> <i> at 2024-03-15T13:04:47+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build(deps): bump DamianReeves/write-file-action from 1.2 to 1.3
Bumps [DamianReeves/write-file-action](https://github.com/damianreeves/write-file-action) from 1.2 to 1.3.
- [Release notes](https://github.com/damianreeves/write-file-action/releases)
- [Commits](https://github.com/damianreeves/write-file-action/compare/0a7fcbe1960c53fc08fe789fa4850d24885f4d84...6929a9a6d1807689191dcc8bbe62b54d70a32b42)
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit 2e1c2f35427c02baf4f9cf521e29552c64dfb4ae)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c1ba9da77a8173bb103c517afc1924057539021b">c1ba9da7</a></strong>
<div>
<span> by Abhijit Roy </span> <i> at 2024-03-18T09:27:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sssctl: Adding options for nss
Fixing the false positive error reported by config-check
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit 3788f48008390194dcd562ba3203c39deb34056a)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/57a8fffa4d47b7c305a070b3fbe4873244b98d6d">57a8fffa</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-03-21T09:56:00+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: alltests/test_krb5: Replace files provider
Replace files provider with proxy provider.
This test case test authentication of local user using
kerberos and also update the authselect to select sssd only.
Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
(cherry picked from commit 0b26b6fd1272a825ff537bcb7848a9a687e994c9)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/182b6c62133507f2cdcb1fdbaa9ace80e28046b4">182b6c62</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-21T10:30:18+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: inotify: avoid potential NULL deref
Fixes following error:
```
Error: STRING_NULL (CWE-170):
sssd-2.9.1/src/util/inotify.c:298: string_null_source: Function ""read"" does not terminate string ""ev_buf"". [Note: The source code implementation of the function has been overridden by a builtin model.]
sssd-2.9.1/src/util/inotify.c:316: var_assign_var: Assigning: ""ptr"" = ""ev_buf"". Both now point to the same unterminated string.
sssd-2.9.1/src/util/inotify.c:320: var_assign_var: Assigning: ""in_event"" = ""ptr"". Both now point to the same unterminated string.
sssd-2.9.1/src/util/inotify.c:327: string_null: Passing unterminated string ""in_event->name"" to ""process_dir_event"", which expects a null-terminated string.
# 325|
# 326| if (snctx->wctx->dir_wd == in_event->wd) {
# 327|-> ret = process_dir_event(snctx, in_event);
# 328| } else if (snctx->wctx->file_wd == in_event->wd) {
# 329| ret = process_file_event(snctx, in_event);
```
-- it might be unsafe to dereference `in_event->name`
if `in_event->len == 0`
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 4085ee07926303aa26e46dfcc6dec87776432c62)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5b9bc0a1a6116e6fb001c7dce7497854fcdd40c4">5b9bc0a1</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-03-21T13:45:48+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: add OTP to krb5 response selection
Originally where there was only password and OTP authentication we
checked for password authentication and used OTP as a fallback. This was
continued as other (pre)-authentication types were added. But so far
only one authentication type was returned.
This changed recently to allow the user a better selection and as a
result OTP cannot be handled as a fallback anymore but has to be added
to the selection. In case there are no types (questions) available now
password is used as a fallback.
Resolves: https://github.com/SSSD/sssd/issues/7152
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit bf6cb6dcdd94d9f47e4e74acd51e30f86b488943)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c3725a13ef694c2c34813953153f33ebfbaf1c27">c3725a13</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-03-21T13:45:48+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: make sure answer_pkinit() use matching debug messages
Resolves: https://github.com/SSSD/sssd/issues/7152
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit 7c33f9d57cebfff80778f930ff0cc3144a7cc261)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/87b54bd8448760241e7071a585f95b3e2604355a">87b54bd8</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-03-21T13:45:48+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: make prompter and pre-auth debug message less irritating
Resolves: https://github.com/SSSD/sssd/issues/7152
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit e26cc69341bcfd2bbc758eca30df296431c70a28)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d06b4a3eda612d1a54b6bdb3c3b779543bc23b0f">d06b4a3e</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-03-21T13:45:48+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam_sss: prefer Smartcard authentication
The current behavior is that Smartcard authentication is preferred if
possible, i.e. if a Smartcard is present. Since the Smartcard (or
equivalent) must be inserted manually the assumption is that if the user
has inserted it they most probably want to use it for authentication.
With the latest patches pam_sss might receive multiple available
authentication methods. With this patch the checks for available
authentication types start Smartcard authentication to mimic the
existing behavior.
Resolves: https://github.com/SSSD/sssd/issues/7152
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit 0d5e8f11714e8e6cc0ad28e03fecf0f5732528b3)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ea2d0aab36e033ef76e533af287e35059a754ec2">ea2d0aab</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-25T16:59:30+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>INTG-TESTS: backport `sync_files_provider()` from b9c1d7d667d49080c27641fb4a800bd4c2612d43
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/829e868f97893ca87d03a3a565a46be9d634e4d7">829e868f</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-04-02T16:14:52+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: fixing typo in test_authentication.py
The assertion checks for user_3 but the user added is user-3. The value
is different than the others because we are trying to try different
combinations.
Reviewed-by: Scott Poore <spoore@redhat.com>
(cherry picked from commit 795b13c1853a4c402ead5470de29d0f8f68b367a)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b6eae6f0595ec81ebd6e6e7893d869a33fb2a482">b6eae6f0</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-04-02T16:15:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam: fix storing auth types for offline auth
Before the recent patches which allow krb5_child to iterate over all
available authentication methods typically only one method was returned.
E.g. is Smartcard authentication (pkinit) was possible it was typically
the first method the in question list and the result of the
answer_pkinit() function was immediately returned. As a result only the
Smartcard authentication type was set and a missing password
authentication type while others were present might have been a
reasonable indicator for the online state.
With the recent patches, all available methods, including password
authentication if available, are return and a new indicator is needed.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
(cherry picked from commit 05df8167963f2e93c1c460b43264ad8050cd4461)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5a1e1526e04d9837dbe4adfffd6b5ff438d3e653">5a1e1526</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-04-02T16:15:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>test: set 'local_auth_policy = only' for all passkey test
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
(cherry picked from commit 79c384fb0c41a205b8119f86ef23860c223c853e)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9e62e660e4d2c51a2ad9c7aeb92fb5e8552a3104">9e62e660</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-04-04T15:08:39+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix test_kcm_ssh_login_creates_kerberos_ticket
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
(cherry picked from commit 1c2aa825062dcf2da2e886c3211be90c22db1750)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b87fe4fb5b2362ae43d1badccd002983897007ab">b87fe4fb</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-04-05T07:12:06+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Move polarion.yaml to src/tests/
The path src/tests is more generic and would make more sense for other
components that share the same idmci automation.
Reviewed-by: Dan Lavu <dlavu@redhat.com>
(cherry picked from commit 7c6bc58a10022c6cc0ed516bc0ac5422705cfc91)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c8f7839992d07520f8cf3891f882d09cca4a5937">c8f78399</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-04-08T08:21:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Update reference to polarion.yaml
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
(cherry picked from commit f30902faa0dcaa857422d48ed85a50abb3928a33)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ed4c9b00a301380e283ee4a46857a1586075c7d2">ed4c9b00</a></strong>
<div>
<span> by Andreas Hasenack </span> <i> at 2024-04-10T12:49:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix format string used for time values
When building for armhf with _TIME_BITS=64, the %lu format string used
to represent time_t values as strings is no longer correct. Switch to
SPRItime which takes into account the time_t size.
Fixes: #7276
Signed-off-by: Andreas Hasenack <andreas.hasenack@canonical.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 2b5f1cc4777ba350e8160e970715d1f3d9cd75c2)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/925cb2a9de7aa948cd8f02ca86aca7208b1646cd">925cb2a9</a></strong>
<div>
<span> by shridhargadekar </span> <i> at 2024-04-15T07:13:42+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: sudo defaults rule
Changed doc-strings and steps for more clarity
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit fa9f6882bc5181edc404ebedf1ddaf5c92b917a5)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7c57e0f09ab71f33d89495e3b074ebc46b8036db">7c57e0f0</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-04-16T19:43:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: audit and rename test cases
manual rebase of 03f68e81d0c7e4ff57f73fdf6e3739389991e446
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e1bfbc2493c4194988acc3b2413df3dde0735ae3">e1bfbc24</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-04-18T11:53:47+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad-gpo: use hash to store intermediate results
Currently after the evaluation of a single GPO file the intermediate
results are stored in the cache and this cache entry is updated until
all applicable GPO files are evaluated. Finally the data in the cache is
used to make the decision of access is granted or rejected.
If there are two or more access-control request running in parallel one
request might overwrite the cache object with intermediate data while
another request reads the cached data for the access decision and as a
result will do this decision based on intermediate data.
To avoid this the intermediate results are not stored in the cache
anymore but in hash tables which are specific to the request. Only the
final result is written to the cache to have it available for offline
authentication.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit d7db7971682da2dbf7642ac94940d6b0577ec35a)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8dcf23f215fe2a7fadf13598ce7f04523caa5eb0">8dcf23f2</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-18T11:54:36+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>DEBUG: reduce log level in case a responder asks for unknown domain
Addition to 718fed9c53807b8502d6547bc0253b979d35e677
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit ab2671c00866d917f3e737a007ae64753f8440aa)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d55bc6f2415adf1830ad692d260446e87b197d65">d55bc6f2</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-04-19T13:44:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Split package installation transactions and add error logging.
Issues in package installation were silently ignored resulting
debugging failures elsewhere. This also resulted in false PASSED
in case that sssd was not updated due to some dependecy problem.
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
(cherry picked from commit aacb789b7036946fe5b5c0a971af0122f7528d84)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c0416576464224690e6c21e15dd190080a0b0479">c0416576</a></strong>
<div>
<span> by Abhijit Roy </span> <i> at 2024-04-22T18:03:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sdap_idmap: Enabling further debugging for to understand the underlying reason for Could not convert objectSID.
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit be8913eb8dc774516beeaaa2306243fce4db14ef)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c9977cafac6d8cc80df78394fe46bf178e457b11">c9977caf</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-04-22T18:03:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: passkey: Add a ssh key as a passkey mapping
Here, added two test cases:
1. Check log message when we add ssh key as passkey
mapping.
2. Check log message when we add ssh key with
passkey token.
Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
(cherry picked from commit 55bcb883eb627a91b954d9ba643bac940bdca7dc)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/db27a51f274640e1aa2f13476c80955a3ec9e91c">db27a51f</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-04-23T11:58:52+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad: refresh root domain when read directly
If the domain object of the forest root domain cannot be found in the
LDAP tree of the local AD domain SSSD tries to read the request data
from an LDAP server of the forest root domain directly. After reading
this data the information is stored in the cache but currently the
information about the domain store in memory is not updated with the
additional data. As a result e.g. the domain SID is missing in this data
and only becomes available after a restart where it is read from the
cache.
With this patch an unconditional refresh is triggered at the end of the
fallback code path.
Resolves: https://github.com/SSSD/sssd/issues/7250
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 0de6c33047ac7a2b5316ec5ec936d6b675671c53)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/06e10708d5d99064e7a35c1e048dfb492c843d0a">06e10708</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-24T13:05:12+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: remove unused stuff (lcov, ...)
Reviewed-by: Andre Boscatto <aboscatt@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit 65ca6725f6326481b7bb98c2a762c462f12cc8a8)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1602052c0bafe7fd8dcd2331c901ccbdccd0b94f">1602052c</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2024-04-25T15:40:58+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>patches: Fix build on armel, armhf. (Closes: #1068063)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6d6bc3c49ac5daaf9551ed02f00c2cc5aad4e77b">6d6bc3c4</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-05-01T15:33:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: Move soft_terminate_krb5_child to static
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit c15bd3aeb3bdc0af23b69bf277c2177a69c92bc3)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b0fda92e7e3c5bbcf30d8945411947e3fc6ae84b">b0fda92e</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-05-02T15:11:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESPONDER: use proper context for getDomains()
Request was created on a long term responder context, but a callback
for this request tries to access memory that is allocated on a short
term client context. So if client disconnects before request is
completed, then callback dereferences already freed memory.
Resolves: https://github.com/SSSD/sssd/issues/7319
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit dc637c9730d0ba04a0d8aa2645ee537224cd4b19)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f36ecd2c223ef09a119e5a398230cdd852d1e8c5">f36ecd2c</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-05-07T14:20:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: Add local_auth_policy table
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit b32f59603e707e130135c6f29a7332aa2b337b41)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/540bf3932eea1c196777355efc9e317a4ab00013">540bf393</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T15:37:50+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Update expect as passwd password change message changed.
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
(cherry picked from commit 31bd16f65a1add408d108767bdaa9fe86df2bc7f)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/80f87d17c48afb1496a898bd58f9649714bccabc">80f87d17</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T15:47:22+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add extra debug to test_0003_gssapi_ssh.
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cc52f6f3cda39717fc683a889bbe5cff046e2945">cc52f6f3</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T15:47:22+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Switch test_0001_memcache_sid to reuse adjoin code.
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d17f7ffd8f5fbc77bb3fe6767a3e57896456b9e4">d17f7ffd</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T15:47:22+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add journalctl when systemctl sssd fails.
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/87e3edf22cc408d2f2803e0123e11edc9f40751c">87e3edf2</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T15:47:22+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Update ad parameters ported for non-root.
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0911ffcd2b51672ba72bc8bff4f3ea0fa69bbffe">0911ffcd</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T15:47:22+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add extra sssd restart on master for samba tests.
For non-root the sssd needs to be restarted after joining the AD
and fixing sssd.conf permissions, this was not done on master (smb).
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0deb3f62c5e46526cc4589fb1b2d8cf1998ce70a">0deb3f62</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T15:47:22+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add fixing sssd.conf ownership after realm join.
Add journalctl info when service_ctrl call fails.
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6afc435ed36c07abe7f623ce381cbb5a0436f215">6afc435e</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T15:47:22+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix PEP8 on updated AD suites.
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7d260f7d95cdda64bf6f01212c69452694db4c6b">7d260f7d</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-05-09T15:28:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adding gpo system tests
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 7f48c7c448124dea68f2835c7e10742f48f8bc6c)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a2bd43441f2c241a9858ae0494de1bc0cccd1b72">a2bd4344</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-05-15T11:31:43+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>oidc_child: fix wrong usage of '%*s'
If it is not clear if a string is 0-terminated or not but the length is
known the '%.*s' template must be used to use only given numbers of
characters. '%*s' is a valid printf() template but only sets the minimal
width of the output.
This patch fixes an occurrence ion the sysdb code as well.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit f1c6218164bbcfba1698d416e248b7a9de4ddcf9)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bca6c4eff169dac94e29053a805021842a8bc96d">bca6c4ef</a></strong>
<div>
<span> by Andreas Schneider </span> <i> at 2024-05-16T10:11:22+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad_gpo_child: Improve libsmbclient code
We plan to get rid of smbc_setFunctionAuthData() in future, so already
move to the function using the context. Also tell libsmbclient we do not
want to fallback if Kerberos fails.
Signed-off-by: Andreas Schneider <asn@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 39f5b9ac21d167991591f6873b34f722d4bdd2bc)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b363fa860f82098946ff91f2743474834e27086c">b363fa86</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-05-16T10:53:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>passkey: Return error during passkey processing
Avoid retrying SSS_PAM_PREAUTH loop if an unexpected error
is encountered during passkey processing.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 914ce094735d759e162fa885087789dcfc8c89f8)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f0fba6cd27b8a2217c4192ea37291cbedbc23807">f0fba6cd</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-05-16T10:53:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>passkey: Improve passkey mapping handling
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit d7d51126a35b375a5a11cd290cf3c011c713afe4)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/83e2e6be3bf25af6e8bfd8ea8e4658346c22e9c8">83e2e6be</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-05-16T10:53:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: Update tc when mapping and key are added
Update the passkey test case where we are now testing
su passkey auth of user when user is added with ssh-key
and passkey mapping for AD, Samba and LDAP server.
Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>
(cherry picked from commit b73994ff3ddf58b9363282b47ebe5ca2329462c2)
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit f135102765c781f1f9e9e76d16d30a51c776d473)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/14f32f681a25aac185d72bc6d22a9e3b59dd265a">14f32f68</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-05-16T11:13:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>failover: add failover_primary_timeout option
This was previously hardcoded to 31 seconds (hardcoded retry_timout +
1). This may be too short period under some circumstances.
When we retry primary server we drop connection to the backup server and
if the primary server is not yet available (and there are many
unavailable primary servers) we may go through a long timeout cycle
every half minute.
This patch makes the value configurable.
:config: Added `failover_primary_timout` configuration option. This
can be used to configure how often SSSD tries to reconnect to a
primary server after a successful connection to a backup server.
This was previously hardcoded to 31 seconds which is kept as
the default value.
Resolves: https://github.com/SSSD/sssd/issues/7375
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit e9738e36937e78f80bb2772c48cffbddf39bd5fe)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a2fbe04495e5decef5666ff94196aad2687fe1a5">a2fbe044</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-05-16T13:14:57+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: remove passkey_requires_root from passkey tests
This is not available in sssd-2-9 branch and it was accidentally
pushed when cherry-picking f135102765c781f1f9e9e76d16d30a51c776d473.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/26c9dc6f38783e1e7b390bef70ac561ac9d9f740">26c9dc6f</a></strong>
<div>
<span> by Weblate </span> <i> at 2024-05-16T13:25:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>po: update translations
(Swedish) currently translated at 100.0% (717 of 717 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/sv/
po: update translations
(Korean) currently translated at 100.0% (717 of 717 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/
po: update translations
(Korean) currently translated at 100.0% (717 of 717 strings)
Translation: SSSD/SSSD-2-9
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/595c4c6d2bcee3f88818813585eccda80546e0ab">595c4c6d</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-05-16T13:35:27+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Release sssd-2.9.5
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b8ca3926dd59880751523c06f204f284df951a73">b8ca3926</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2024-05-20T14:40:35+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Merge branch 'upstream'
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/77c58af0094288510f9e05eb06d49fff6797ad09">77c58af0</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2024-05-20T16:20:58+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>bump version, drop patches
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/467ae4d6b1de69f983384e589b1f34457fb7ea31">467ae4d6</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2024-05-20T16:36:56+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>releasing package sssd version 2.9.5-1
</pre>
</li>
</ul>
<h4 style="margin-top: 10px; margin-bottom: 10px;">
30 changed files:
</h4>
<ul>
<li class="file-stats">
<a href="#71da4bef7d009bfa59d0f7ca85bf6a18169fb48d">
.github/workflows/analyze-target.yml
</a>
</li>
<li class="file-stats">
<a href="#899ce9c202bf7bb5480e72836c3edc773c9c4244">
.github/workflows/ci.yml
</a>
</li>
<li class="file-stats">
<a href="#205e49e7f8cbf1a4f02d387dd32850fa09a5ef81">
.github/workflows/copr_build.yml
</a>
</li>
<li class="file-stats">
<a href="#4d938f6c1c694e539e55e88076490273a04798ba">
.github/workflows/static-code-analysis.yml
</a>
</li>
<li class="file-stats">
<a href="#49d80aa598751b3e8c23a3bbb4e7e9c03aa770b6">
contrib/ci/deps.sh
</a>
</li>
<li class="file-stats">
<a href="#f6602c13352f7ebe0c34813d646b555ec9e704b6">
contrib/ci/misc.sh
</a>
</li>
<li class="file-stats">
<a href="#9c96da0e9f91d7d8937b69b524702c106258f0d1">
debian/changelog
</a>
</li>
<li class="file-stats">
<a href="#bc34014ab4b9a49dd7a27bdd8d352912607c3a96">
debian/patches/series
</a>
</li>
<li class="file-stats">
<a href="#462de2f88a6167ce90705f7096ce3afdcfa1d264">
po/ko.po
</a>
</li>
<li class="file-stats">
<a href="#4a5c1cf4e30bce97baf810ad306a537239e2c52e">
po/sv.po
</a>
</li>
<li class="file-stats">
<a href="#3a143ef9ccd76ba9850988da39e18c709ba194f2">
src/config/SSSDConfig/sssdoptions.py
</a>
</li>
<li class="file-stats">
<a href="#1d29c13360f2093ae9138bc2560306b5f889780e">
src/config/SSSDConfigTest.py
</a>
</li>
<li class="file-stats">
<a href="#e88f08bc547274216ac6b8b404de90b01e62a715">
src/config/cfg_rules.ini
</a>
</li>
<li class="file-stats">
<a href="#0bb5ac26196a4eea2483a67a54e2901eb1654636">
src/config/etc/sssd.api.conf
</a>
</li>
<li class="file-stats">
<a href="#d1ff00cf394b48551eb42d99e93d83155780d9dc">
src/db/sysdb_gpo.c
</a>
</li>
<li class="file-stats">
<a href="#1ea6ba812516e713c51d55c753e83152ef8d3ce1">
src/db/sysdb_init.c
</a>
</li>
<li class="file-stats">
<a href="#abeebb898a84e42faa346439dce7acf5863620e3">
src/db/sysdb_ops.c
</a>
</li>
<li class="file-stats">
<a href="#1dd9cebb46e3c30e605ff57276e9dbb391477ba4">
src/db/sysdb_private.h
</a>
</li>
<li class="file-stats">
<a href="#0d391f4ff5f17702e3752f69ba8eb6a97b419933">
src/db/sysdb_upgrade.c
</a>
</li>
<li class="file-stats">
<a href="#0649f442d65e8b3620cb1b47b8f6c80cf917e72b">
src/external/samba.m4
</a>
</li>
<li class="file-stats">
<a href="#a63bcdd2bcfb64a3a4b28a0a3f2a475595fef211">
src/krb5_plugin/passkey/passkey_clpreauth.c
</a>
</li>
<li class="file-stats">
<a href="#f9285d354fd16341b379b583668fc1edc6c6a1aa">
src/man/idmap_sss.8.xml
</a>
</li>
<li class="file-stats">
<a href="#0c681dd177a1a0b833a911ff24aac30061002acf">
src/man/pam_sss.8.xml
</a>
</li>
<li class="file-stats">
<a href="#975272247c359096df58f7a2a87872dbe8a2b48b">
src/man/pam_sss_gss.8.xml
</a>
</li>
<li class="file-stats">
<a href="#f7921cd40b2dcadf94ef0c2ba0dca860eed350ba">
src/man/sss-certmap.5.xml
</a>
</li>
<li class="file-stats">
<a href="#0916bd0134ad0aa02cc15495b3bb5271db5394fa">
src/man/sss_cache.8.xml
</a>
</li>
<li class="file-stats">
<a href="#1b220c30b93f7348ed0e2a132597bf6526a8111b">
src/man/sss_debuglevel.8.xml
</a>
</li>
<li class="file-stats">
<a href="#dd90c137f0d555183782054b147778a99edbfb2c">
src/man/sss_obfuscate.8.xml
</a>
</li>
<li class="file-stats">
<a href="#76ceef60421ed7687159fe00fde6232b4e9aa1bc">
src/man/sss_override.8.xml
</a>
</li>
<li class="file-stats">
<a href="#1d70a379af80a81c781dd9004eaa19d7795e064c">
src/man/sss_rpcidmapd.5.xml
</a>
</li>
</ul>
<h5 style="margin-top: 10px; margin-bottom: 10px; font-size: .875rem;">
The diff was not included because it is too large.
</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #737278;">
—
<br>
<a href="https://salsa.debian.org/sssd-team/sssd/-/compare/aebdd782782a3bc9bd809a948a987f474ca4c6b2...467ae4d6b1de69f983384e589b1f34457fb7ea31">View it on GitLab</a>.
<br>
You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://salsa.debian.org">salsa.debian.org</a>. <a href="https://salsa.debian.org/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://salsa.debian.org/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>
</p>
</div>
</body>
</html>