<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en" style='--code-editor-font: var(--default-mono-font, "GitLab Mono"), JetBrains Mono, Menlo, DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;'>
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>

<style data-premailer="ignore" type="text/css">
a { color: #1068bf; }
</style>


<style>img {
max-width: 100%; height: auto;
}
body {
font-size: .875rem;
}
body {
-webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px;
}
body {
font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;
}
</style>
</head>
<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px; font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>
<div class="content">

<h3 style="margin-top: 20px; margin-bottom: 10px;">
Timo Aaltonen pushed to branch master at <a href="https://salsa.debian.org/sssd-team/sssd">Debian SSSD packaging / sssd</a>
</h3>
<h4 style="margin-top: 10px; margin-bottom: 10px;">
Commits:
</h4>
<ul>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/650e8d0a4fd04834bf8caa23a953c86359413409">650e8d0a</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-05-05T13:29:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Update version in version.m4 to track the next release
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b2a4ff2aa67707c226c5835c1fcac042fce1cae3">b2a4ff2a</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-05-15T11:21:50+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>FILE WATCH: Callback not executed on link or relative path

When the watched file was a symbolic link or was a relative path,
the calback was not executed because the filename comparison
was wrongly considering the files to be different.

The solution is to normalize the filenames before comparing them.
This cannot be easily done at setup because the file could not
exist at that moment.

The test was adapted to check this situation.

Resolves: https://github.com/SSSD/sssd/issues/6718

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/90c5490723e82bdf633900f67a424b53cd50112f">90c54907</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-05-15T11:21:50+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: Fix doble slash comments

Use /* */ instead of //.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/01d02794e02f051ea9a78cd63b30384de3e7c9b0">01d02794</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-05-15T11:22:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sysdb: fix string comparison when checking for overrides

When checking if the input group-name is the original name from AD or an
overwritten one the comparison is currently done case sensitive. Since
AD handles names case-insensitive and hence SSSD should do this as well
this comparison might cause issues.

The patch replace the case sensitive comparison with a comparison with
respects the case_sensitive of the domain the object is coming from.

Resolves: https://github.com/SSSD/sssd/issues/6720

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/377ec31a8cab5ecf33c216583e552ea5684157dc">377ec31a</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2023-05-15T11:23:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: Test search filter specific user override or a specific group override

      Add automation of BZ2096183.

verifies:
  #6671

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/906a677c959f4a28dd95775b0d9399dd9e48f1e0">906a677c</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2023-05-15T11:25:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>passkey: write mapping data to file

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Andre Boscatto <aboscatt@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4dae6def1d81e65179295f68b44472084db408f8">4dae6def</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2023-05-17T14:37:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Adding testcase for bz2166627

add 'getsidbyusername()' and 'getsidbygroupname()' tests to ad_misc

Signed-off-by: Dan Lavu <dlavu@redhat.com>

Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/df8472ccb20e0b77573b5c3e8cc25803bc7b0022">df8472cc</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-05-19T13:22:48+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MAN: fix issue with multithread build

When 'make' runs using multiple threads it can build several man pages
in parallel, executing the same '.5.xml.5:' rule. This can result in
a race condition where multiple threads access the same 'sssd_user_name.include'
file.
To avoid this make 'sssd_user_name.include' file a rule dependency.
But "Suffix rules cannot have any prerequisites of their own", and suffix
rules are obsolete anyway, so change it to pattern rules.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2965db1cce2d9c79e58626834f96f0283d26cfff">2965db1c</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2023-05-19T16:16:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Gating fixes for RHEL8.9 and RHEL9.3

Following three minor changes are:

for test_config_validation.py,
1. 'sssctl config-check' returning retuncode as a 1 when
   we dont have sssd.conf file.
2. Change the 'sssctl' command which only check the
   non-default snippet directory with option -s.

for test_offline.py,
3. Add extra restart of sssd to get offline log message
   using journalctl command.

for test_ssh_
4. Replace pexpect_ssh to auth_from_client method to login
the user.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/535a8c6a749a96e23510a26eceb5953b99f41cde">535a8c6a</a></strong>
<div>
<span> by Shridhar Gadekar </span> <i> at 2023-05-22T09:23:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: move unstable default_debug to tier2

moved default debug level tests to tier2

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2096f45527d4513ae52547fafd383bd2542d7f79">2096f455</a></strong>
<div>
<span> by aborah </span> <i> at 2023-05-22T09:23:50+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix gating tests for 9.3

It fixes test from tire1_2 that is failling in gating

1. src/tests/multihost/alltests/test_automount.py   there is issue with autofs email thead: [CRASH] prep Package: autofs-1:5.1.7-36.el9
2. src/tests/multihost/alltests/test_automount_from_bash.py test did not rised error as last cd - command was successful, so i have remove cd - part(/folder1/folder2/projects does not exists)
3. src/tests/multihost/alltests/test_ldap_password_policy.py  password provied was wrong.
4. src/tests/multihost/alltests/test_backtrace.py ---  need to modify this test as per current log format

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/69f93bf817706acb7830428fd81d78dc207468c0">69f93bf8</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2023-05-23T12:54:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Updating ad_multihost test

* fixing raiseonerr=False to disjoin function
* cleaned up code since the line limit has increased
* added AD from forest1 to resolv.conf and /etc/hosts
* updating test case documentation to clarify the test

Signed-off-by: Dan Lavu <dlavu@redhat.com>

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/121b3bbfff8fdb99becdb412c18d456b14506d9a">121b3bbf</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-05-24T09:07:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Modify expiring/expired password test for RHEL 8.

Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fe751c316c631240311fba62409f2b6a38be0d50">fe751c31</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-05-25T10:20:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Passkey: Adjust IPA passkey config error log level

IPA passkey configuration may not be retrieved if IPA
does not contain passkey support. Lower the error level of log
messages associated with this failure.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fa326be9cb29d97d6000e783b02656f60f7f8fb2">fa326be9</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-05-25T10:20:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IPA: Log missing IPA config data on default level

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/39b6337f32b76842be65802b0b0aa86050c8aa95">39b6337f</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-05-25T10:21:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>AD: add missing AD_AT_DOMAIN_NAME for sub-domain search

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/455611952f90ed0cefaff1e840623ea14ac06be1">45561195</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-05-26T12:53:48+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: make sure sockets are closed on timeouts

If krb5_child runs into a timeout the backend currently does not close
the I/O sockets because handle_child_done() is not called when the
timeout handlers are acting. To make sure the signal handler can close
the sockets the 'in_use' member of struct child_io_fds is set to
'false'.

Resolves: https://github.com/SSSD/sssd/issues/6744

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/11eef225c452982877ff26b7984d0351de41da87">11eef225</a></strong>
<div>
<span> by Shridhar Gadekar </span> <i> at 2023-05-26T12:55:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: fix default debug level for typo

modified docstrings

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1d69fdb73e5cbaf9789fbb153fa2bc55644e5ec1">1d69fdb7</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-05-26T12:58:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: Make enum sysdb_obj_type public

Make enum sysdb_obj_type usable outside of sysdb_ops.c.

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/99d0ab82e98a8f1e3cab23d871f36b9d890e034c">99d0ab82</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-05-26T12:58:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IPA: Use a more specific filter when searching for BE_REQ_USER_AND_GROUP

The previous filter for overrides would sometimes find more than one entry
because it was looking for a uidNumber or gidNumber:
(&(objectClass=ipaOverrideAnchor)(|(uidNumber=XXXX)(gidNumber=XXXX)))

The new filter looks for a specific user override or a specific group
override:
(|(&(objectClass=ipaUserOverride)(uidNumber=XXXX))
  (&(objectClass=ipaGroupOverride)(gidNumber=XXXX)))

This filter could return two override entries (one for a group and one
for a user). That case must be taken into consideration and discard the
user override in favor of the group override.

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/469905bfabdda66555bd179eb7b6ac7b3cd875d1">469905bf</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-05-29T06:54:00+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add conditional skip for simple ifp test.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7f28816479c694ff95939e3becfbcd43423a5744">7f288164</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-06-05T11:27:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>PAM: Fix a possible segmentation fault

Calls to add_expired_warning(struct pam_data *pd, long exp_time) must
provide a non-NULL pd. In one of the cases this function is called
without checking that pd is not NULL. We here fix that.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8a8869994745429b3f5535a5d0b91f1d0b2fa723">8a886999</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-06-05T11:28:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>fail_over: protect against a segmentation fault

A missing server name in struct fo_server will cause a segmentation
fault. Currently it is unclear why the server name is missing at this
point. To avoid the segmentation fault it is checked before if the
server name is missing. Additionally the state of some internal
structures is added to the debug logs to help debugging why the server
name is missing.

Resolves: https://github.com/SSSD/sssd/issues/6659

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/75ae9e87a264b17dac45f798fb7b4ba7057fc494">75ae9e87</a></strong>
<div>
<span> by aborah </span> <i> at 2023-06-08T07:56:26+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Netgroups do not honor entry cache nowait percentage

https://gitlab.cee.redhat.com/sssd/sssd-qe/-/blob/RHEL8.8/client/ldap_provider/ldap_id_ldap_auth/bugzilla-automation.sh#L280

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/587cd8dc2004adfd6c6aab4ef928ef2d89ae3f94">587cd8dc</a></strong>
<div>
<span> by Shridhar Gadekar </span> <i> at 2023-06-08T07:58:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: move test_access_control.py to tier2

Tests moved to tier2, tests are failing to parse
the logs. gating is blocked. same testsuite is available
in bash

Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0588bd3b5902c50a9e0ff8e8fa1be56e7a0a070c">0588bd3b</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2023-06-08T13:48:14+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>passkey: fix two covscan issues

Fixes following covscan issues:
```
Error: CLANG_WARNING:
sssd-2.9.0/src/krb5_plugin/passkey/passkey_utils.c:562:5: warning[unix.Malloc]: Potential leak of memory pointed to by 'data'
 #  560|       }
 #  561|
 #  562|->     json_decref(jroot);
 #  563|       return message;
 #  564|   }

Error: UNREACHABLE (CWE-561):
sssd-2.9.0/src/responder/pam/pamsrv_passkey.c:1039: unreachable: This code cannot be reached: "if (!pctx->passkey_auth) {
...".
 # 1037|   #endif
 # 1038|
 # 1039|->     if (!pctx->passkey_auth) {
 # 1040|           return false;
 # 1041|       }
```

Resolves: https://github.com/SSSD/sssd/issues/6733

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/702f7c236e69f934d72dffbf6a980c6f38d8782a">702f7c23</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2023-06-08T13:48:14+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>passkey: rename function

Rename `sss_passkey_prefix_json_data()` to
`sss_passkey_message_from_reply_json()`.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/27dd3f508b23ae61c757cce6c5b9ca303d7aaf09">27dd3f50</a></strong>
<div>
<span> by Shridhar Gadekar </span> <i> at 2023-06-12T09:34:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Adding c-ares markers for related tests

removing flaky ones

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/076a1136ab8650d962c5a462cbed82bd96ba176a">076a1136</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-06-12T11:17:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESPONDER: avoid log backtrace in case access denined

Resolves: https://github.com/SSSD/sssd/issues/6442

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b033b0dda972e885f63234aa81dca317c8234c2c">b033b0dd</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-06-12T11:49:23+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ipa: correctly remove missing attributes on netgroup update

When a netgroup is updated, previously it did not remove the missing
attributes. This caused an issue especially when a member was removed.

Resolves: https://github.com/SSSD/sssd/issues/6652

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fd3ed8afdf5123d4429b540e88abe00ad8dfbaba">fd3ed8af</a></strong>
<div>
<span> by Shridhar Gadekar </span> <i> at 2023-06-12T20:43:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: drop c_ares tests from gating

These two tests need further investigation,
droppting them from gating

Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dc9466e7371b98bc972ae2b3521f163f31a59a84">dc9466e7</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-06-12T20:43:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>AD: The shortcut must be used equally on _send() and _done()

The conditions to use the shortcut in sdap_ad_tokengroups_initgroups_send()
were modified without also changing sdap_ad_tokengroups_initgroups_done().

To avoid future problems like this, and because the condition is becoming
more complex to evaluate, we evaluate the condition in the _send() function
and keep the result in the state, for the _done() function to use it.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9c50b8ec14f0e167c937446a64213ef59eaa96ef">9c50b8ec</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2023-06-13T12:13:57+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add package for tc command

Adding package iproute-tc to get tc command.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6efb2779b79b86121f50852416e3ae63feac31a0">6efb2779</a></strong>
<div>
<span> by Shridhar Gadekar </span> <i> at 2023-06-13T12:18:41+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: dropping unstable dyndns tests

Dropping unstable dyndns tests from c-ares gating
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5ebf98a86a75b27c70f6ca6a24fe2bc040f7da05">5ebf98a8</a></strong>
<div>
<span> by Shridhar Gadekar </span> <i> at 2023-06-14T19:35:23+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: drop dyndns testcase from gating

test is under investigation. This is minor test

Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d14be798bdebcc3587769c2406ee025340cf5162">d14be798</a></strong>
<div>
<span> by aborah </span> <i> at 2023-06-15T10:25:06+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Skip test_0001_bz2021196

The test is unstable on other architectures so it is skipped for now.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3e3d098646f7cae90857f9a92348aff14fd65429">3e3d0986</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-06-15T10:26:52+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Skip test_0016_ad_parameters_ad_hostname_valid on other architectures.

The test is unstable on other architectures so it is skipped for now.
Reordered the asserts so we can seed if the connection to AD works
as looking for log message has a lower priority.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/74d0f4538deb766592079b1abca0d949d6dea105">74d0f453</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-06-16T10:31:23+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BUILD: Accept krb5 1.21 for building the PAC plugin

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/54903c0e38f534bd48f890658b55c626431dd6d5">54903c0e</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-06-16T13:22:06+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Improve stability of test_0004_bz2110091

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/34dba5a3836a121a6485ec71ffc7234cd5ec24c0">34dba5a3</a></strong>
<div>
<span> by aborah </span> <i> at 2023-06-19T06:03:48+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add ssh module that is fast, reliable, accurate

Sssd tests seems to be failing with current ssh module without any reason.

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d99aa97dae7236fd056e21ea3d48997edf1b9823">d99aa97d</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-06-19T20:41:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ldap: return failure if there are no grace logins left

If a user's password is expired while changing the LDAP password SSSD
tries to change the password even if the initial bind of the user failed
due to exhausted grace logins.

With this patch the change password request will be aborted if the bind
fails indicating that there are no grace logins left.

Resolves: https://github.com/SSSD/sssd/issues/6768

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/67c11c2ebae843f7ddd6b857efa2e1f6449986f3">67c11c2e</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-06-19T20:45:42+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad: use sAMAccountName to lookup hosts

To determine which GPOs apply to the host running SSSD the full DN of
the host object in AD is needed. To fine this object we use the NetBIOS
name of the host which is stored in AD in the sAMAccountName attribute.
Using other attributes, e.g. if ldap_user_name is set to a different
attribute, will most probably cause a failure since those attributes are
not managed as expected for host object. As a result sAMAccountName
should be hardcoded here to avoid issues.

Resolves: https://github.com/SSSD/sssd/issues/6766

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8b014bf1592454520ef6d113be9a5f1fd02e1285">8b014bf1</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-06-19T20:47:58+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>cache_req: remove unused field cache_behavior from state

This field is not used anywhere. Instead, we use value from struct
cache_req.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/32f578229d38766b208f33130e28317ca69001d2">32f57822</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-06-19T20:47:58+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>cache_req: fix propagation of offline status with cache_first = true

During the first iteration where the provider was not yet contacted,
we set state->dp_success to false and if the record was not found we
returned ERR_OFFLINE instead of ENOENT which causes the cache_req to
continue and search the provider.

Resolves: https://github.com/SSSD/sssd/issues/6739

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2fd5374fdf78bc7330bd9e6f3b86bec86bdf592b">2fd5374f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-06-21T15:24:00+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: in case (ignore_group_members == true) group is actually complete

Example workflow:
 - SSSD client is enrolled into AD domain (Token-Groups are enabled)
 - `id $user` is executed
 - initgroups() is called for this user
 - during processing of initgroups() sssd_be obtains a list of group SIDs
   user is a member of, and then partially resolves those groups and adds
   it to the local cache as "incomplete" (i.e. 'expired')
 - as a next step `id` calls getgrnam() for every group in initgroups() list
 - since groups are saved into the cache as "incomplete" (technically - "expired")
   this again results in LDAP search of this group.
   But if `ignore_group_members = true` this search doesn't provide
   new information. "Incomplete" groups could be used instead.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ca7c9f6066d150c1a88bda6bda2843f244e5289d">ca7c9f60</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-06-23T14:47:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TEST: Fix pam-srv-tests to correctly treat the test name

Test suite pam-srv-tests accepts a test name as the last argument to
just run that test. However, this was failing because a pointer to the
name is retrieved but the poptContext is freed immediately after, making
pointer invalid.

The poptContext is now released after using the pointer.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dc508f032904f008714418509a13f79a17660659">dc508f03</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-06-23T14:47:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IPA: Do not try to add duplicate values to the LDAP attributes

When using extra attributes, an attribute could be listed twice and
SSSD will try to add it twice to the cache. To handle this situation,
each instance will be added to a single attribute with multiple values,
but duplicated values will be dropped. This is done by calling
`sysdb_attrs_add_val_safe()` instead of `sysdb_attrs_add_val()`.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1b45f29f459f13173af99e75b4bb43ed945680aa">1b45f29f</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-06-23T14:47:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTIL: New function string_in_list_size()

Similar to string_in_list() but instead of taking a NULL-terminated list
it take a list and its size.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2b8fed59140e32f7a8fa9bafe9e84b8db96d1ae5">2b8fed59</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-06-23T14:47:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTIL: add_strings_lists() becomes add_strings_lists_ex()

Old function add_strings_lists() copies any duplicate value.
New function add_strings_lists_ex() take an argument to decide
whether to discard duplicate values.

add_strings_lists() is now a wrapper on add_strings_lists_ex().

Both function now take a const char *** instead of char ** as
output parameter.

An existing test was adapted and an new one added.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/de258f011b9c6fc97e9157435cd2845be1c5d0e0">de258f01</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-06-23T14:47:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESPONDER: attr_in_list() is replaced by string_in_list_size()

Both functions do the same thing, so it is useless to have them both.
attr_in_list() has, however, a more descriptive name for its use in
this module, so we'll keep it as an inlined wrapper.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b50415978d2f0fad3291d86e0a5340be7ab90528">b5041597</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-06-23T14:47:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IPA: Do not duplicate the entry attributes.

The extra attributes are concatenated to other required attributes for
some operations. In some cases the attribute list ends up having duplicate
attributes, either because accidentally the user added it twice to the
ldap_user_extra_attrs list, or one or more of those attributes are also
in the required list.

Removing the duplicates each time the lists are concatenated increases
the concatenation time. And this is done every time. So we try to
concatenate the attribute lists at start up, filtering duplicates, and
use that list.

To do that, we consider the two cases where the list concatenation is
done. In one of the cases, the added attributes are a subset of the other
list. So we factorized this list to add the common attributes to the list
at start up. Only the non-common attributes are added while serving a
request. The complete list is now stored in the `full_attribute_list`
field.

An existing test suite was adapted to this new situation as it now needs
to initialize the new field.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/57499ff6571a8ca3d8bf2b7d19ec6b14100504c0">57499ff6</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2023-06-23T14:49:37+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: When adding attributes ldap_user_extra_attrs with mail value in sssd.conf the cross-forest query stop working

When adding attributes ldap_user_extra_attrs with mail value in sssd.conf the cross-forest query stop working

Automation of BZ2170720

Verifies:
  #6759

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/799e56d61ea6b293e7136d9f83cadc2154e03cca">799e56d6</a></strong>
<div>
<span> by Weblate </span> <i> at 2023-06-23T15:16:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>po: update translations

(Korean) currently translated at 65.3% (1693 of 2589 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/

po: update translations

(Japanese) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/

po: update translations

(French) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/

po: update translations

(Korean) currently translated at 65.2% (1690 of 2589 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Korean) currently translated at 64.8% (1680 of 2589 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Korean) currently translated at 64.8% (1678 of 2589 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Georgian) currently translated at 8.1% (58 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ka/

po: update translations

(Korean) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/

po: update translations

(Turkish) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/

po: update translations

(Turkish) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/

po: update translations

(Korean) currently translated at 64.6% (1673 of 2589 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Russian) currently translated at 100.0% (2752 of 2752 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/

po: update translations

(Russian) currently translated at 100.0% (2752 of 2752 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/

po: update translations

(Ukrainian) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/

po: update translations

(Russian) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/

po: update translations

(Korean) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/

po: update translations

(Korean) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/

po: update translations

(Ukrainian) currently translated at 100.0% (2752 of 2752 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/

po: update translations

(Ukrainian) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/

po: update translations

(Polish) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/

Update translation files

Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/

po: update translations

(Hungarian) currently translated at 6.2% (44 of 706 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/hu/
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/06d6e270201885e38168369dcc8854346283ce22">06d6e270</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-06-23T15:25:08+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pot: update pot files
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0171bcb0663093b4d66774bf18404b76eaab9a85">0171bcb0</a></strong>
<div>
<span> by Shridhar Gadekar </span> <i> at 2023-06-27T09:48:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: gating sssd after crash

Using new authentication module for ssh login
instead of existing one

Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/56741208742e54228570057eb0b85927f1f7edb8">56741208</a></strong>
<div>
<span> by aborah </span> <i> at 2023-06-27T09:49:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix alltest tier1_3 tests with new ssh module

Fix alltest tier1_3 tests with new ssh module

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7f94e5ca48a16270b0748d87719a807ab85c2ef0">7f94e5ca</a></strong>
<div>
<span> by aborah </span> <i> at 2023-06-27T09:50:36+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix IPA tire1_2 tests

Fix IPA tire1_2 tests

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f6bbd591d636e4309ec37659f825b0f9c53d4b6b">f6bbd591</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-06-28T12:40:48+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: avoid another attempt to free 'cc' in 'done:' section if first attempt failed.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ff5096bb766765e45aaad156285a603a21aa1bc8">ff5096bb</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-06-28T12:40:48+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: use proper function to deallocate mem

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7f308c6fe01408fa6beb48b9f7627068968da771">7f308c6f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-06-28T12:40:48+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: avoid FORWARD_NULL

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b69ff375a2b185219bae91c48aa7bfb3138b98f2">b69ff375</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-06-28T12:40:48+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: fix memory leak

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/75822701770179582c344960603cce8bd54a7890">75822701</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-06-28T12:40:48+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: fix memory leak

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a83be8fb51172d4e1a282a0a078d81ee93afdcb5">a83be8fb</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-06-28T12:40:48+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: avoid RESOURCE_LEAK

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/01f0d067f1e4ba8ec3710f515d21631a53c9c9ef">01f0d067</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-06-28T12:40:48+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: fixed RESOURCE_LEAK

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fd7da517ddd0e220f081ad9e7b5d7fcb0cae39b7">fd7da517</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-06-28T12:40:48+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LDAP: fixed RESOURCE_LEAK

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/eca00ef4719c44c4e68ead3346a16229b6471d13">eca00ef4</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-06-28T12:40:48+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LDAP: fixed leak of `kprinc`

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d02533caca667b51f29fa02ee9ed48c8b3896c69">d02533ca</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-06-28T12:40:49+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: fixed USE_AFTER_FREE

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/476ba561805286af0ac0fb8375e0f92af1ded3a3">476ba561</a></strong>
<div>
<span> by aborah </span> <i> at 2023-07-04T07:53:50+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Increase PAM_MISC_CONV_BUFSIZE to max at 4096 instead of 512 bytes

[RHEL8][RFE] Increase PAM_MISC_CONV_BUFSIZE to max at 4096 instead of 512 bytes

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9240bca7dcc28371ae5dce31c01e85d28409cd04">9240bca7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-07-04T15:32:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ENUMERATION: conditional build of enumeration support for providers other than LDAP

:relnote:Support of 'enumeration' feature (i.e. ability to list all
users/groups using 'getent passwd/group' without argument) for AD/IPA
providers is deprecated and might be removed in further releases.
Those who are interested to keep using it awhile should configure
its build explicitly using '--with-extended-enumeration-support'
./configure option.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/75f2b35ad3b9256de905d05c5108400d35688554">75f2b35a</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-07-04T15:36:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>watchdog: add arm_watchdog() and disarm_watchdog() calls

Those two new calls can be used if there are requests stuck by e.g.
waiting on replies where there is no other way to handle the timeout and
get the system back into a stable state. They should be only used as a
last resort.

Resolves: https://github.com/SSSD/sssd/issues/6803

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cca9361d92501e0be34d264d370fe897a0c970af">cca9361d</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-07-04T15:36:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sbus: arm watchdog for sbus_connect_init_send()

There seem to be conditions where the reply in the
sbus_call_DBus_Hello_send() request gets lost and the backend cannot
properly initialize its sbus/DBus server. Since the backend cannot be
connected by the frontends in this state the best way to recover would
be a restart. Since the event-loop is active in this state, e.g. waiting
for the reply, the watchdog will not consider the process as hung and
will not restart the process.

To make the watchdog handle this case arm_watchdog() and
disarm_watchdog() are called before and after the request, respectively.

Resolves: https://github.com/SSSD/sssd/issues/6803

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5e86af8a30d1270dccc194f64c6c61229b21abf6">5e86af8a</a></strong>
<div>
<span> by aborah </span> <i> at 2023-07-10T10:10:58+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Update test_ldap_password_policy.py::test_maxage as per the new sssd change

Update test_ldap_password_policy.py::test_maxage as per the new sssd change

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2487c99c8d56d01cfc3832360d94e7309694521c">2487c99c</a></strong>
<div>
<span> by aborah </span> <i> at 2023-07-11T15:38:25+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix test_0002_bz1928648 with new ssh module

Fix test_0002_bz1928648 with new ssh module

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fe99271ba947e5db92c87ecbe01adaba4bcd6169">fe99271b</a></strong>
<div>
<span> by aborah </span> <i> at 2023-07-11T15:39:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: sssd-be tends to run out of system resources, hitting the maximum number of open files

sssd-be tends to run out of system resources, hitting the maximum number of open files

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d8742c51fa86f43daea67d74042487fa475900f7">d8742c51</a></strong>
<div>
<span> by aborah </span> <i> at 2023-07-12T12:15:27+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Update tire1_2 test cases with new ssh module

Update tire1_2 test cases with new ssh module

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/66908221b51cb4c78a201db72e67ec1e341ef94e">66908221</a></strong>
<div>
<span> by aborah </span> <i> at 2023-07-12T12:17:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Update tier1 test cases with new ssh module

Update tier1 test cases with new ssh module

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3ff79e284fa0f0deea507a6817631906ccb3f61a">3ff79e28</a></strong>
<div>
<span> by aborah </span> <i> at 2023-07-13T09:45:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix test_0008_1636002

Fix test_0008_1636002

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e91a90cf052c382f9d3b0ac5ddee749c50ee6f36">e91a90cf</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-07-13T14:17:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: sync with Fedora spec file

Bringing https://src.fedoraproject.org/rpms/sssd/c/d3ba8fb11abeefd2f817d58507e5ea3bdada2222
upstream

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8466f0e4d0c6cd2b98d2789970847b9adc01d7d4">8466f0e4</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-07-13T14:19:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sssct: allow cert-show and cert-eval-rule as non-root

The cert-show and cert-eval-rule sub-commands do not need root access and
do not require SSSD to be configured on the host.

Resolves: https://github.com/SSSD/sssd/issues/6802

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0817ca3b366f51510705ab77d7900c0b65b7d2fc">0817ca3b</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-07-13T14:19:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>certmap: fix partial string comparison

If the formatting option of the certificate digest/hash function
contained and additional specifier separated with a '_' the comparison
of the provided digest name and the available ones was incomplete, the
last character was ignored and the comparison was successful if even if
there was only a partial match.

Resolves: https://github.com/SSSD/sssd/issues/6802

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2bc426fa731f02e7a2307287ad122ac532e3589e">2bc426fa</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-07-13T14:19:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>test: fix linking issue

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ac5480af39c68f711292c4a6b6f9e16c1273eea8">ac5480af</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2023-07-13T14:19:32+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Minor fix in test_adtrust

correct the variable name.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0f911c10d6ae16cba0b189bd16827f4b0fa674fa">0f911c10</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-07-13T14:19:57+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: converted multihost/test_config.py

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/34ef9c5f3e90d5c50c7ac5161c39daa2840c92f2">34ef9c5f</a></strong>
<div>
<span> by aborah </span> <i> at 2023-07-14T20:01:58+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix test_maxage

Fix test_maxage

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0368c368ad4d05a6e8e1b9b16fe78c8d3c24c978">0368c368</a></strong>
<div>
<span> by François Cami </span> <i> at 2023-07-18T12:36:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix typo: found => find

Fix typo in error message:
"waitpid did not found" => "waitpid did not find"

Signed-off-by: François Cami <fcami@redhat.com>

Reviewed-by: Andre Boscatto <aboscatt@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/40e0592df3939f0e231d77d50ec2d11eb373ed7c">40e0592d</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2023-07-18T12:36:32+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>test: basic tests for ldap_user_extra_attrs

Conversion of test_0001_bz1362023(), test_0002_givenmail() and
test_0037_ad_parameters_extra_attrs_mail() in a system test using the
new framework.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/08aa08e07d1de751f9cfa2ce59fb966769d0a174">08aa08e0</a></strong>
<div>
<span> by Shridhar Gadekar </span> <i> at 2023-07-19T09:00:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: moving duplicate backtrace from gating

duplicate backtrace is behaving differently on different
versions. Moving it out of gating.

Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ea34b805b346774462a18378b015c70b30c64199">ea34b805</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2023-07-19T09:25:41+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: Check case-insensitive while checking with group lookup for a overrideuser

      Added automation for following bugs:
        https://bugzilla.redhat.com/show_bug.cgi?id=2192708
        https://bugzilla.redhat.com/show_bug.cgi?id=2196838
        https://bugzilla.redhat.com/show_bug.cgi?id=2196816
        https://bugzilla.redhat.com/show_bug.cgi?id=2196839

verify:
  #6721

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b9bb35c1affb8b0178a844955623211e99bbd457">b9bb35c1</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-07-19T13:50:26+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: move to new centos8 buildroot repository url

CentOS8 buildroot repo location has changed.

https://lists.centos.org/pipermail/centos-devel/2023-March/142831.html

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5c72905ec97a30abe3e5568c56d010279cc25548">5c72905e</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-07-19T13:50:32+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: run workflows on sssd-2-9

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/755c2157e372d6dbbdc94ba94777eaa426f2d2c4">755c2157</a></strong>
<div>
<span> by aborah </span> <i> at 2023-07-21T07:04:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix KCM::test_client_timeout

Fix KCM::test_client_timeout

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/01853a10f5495b2d1ae77b60f714ed077a947940">01853a10</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-07-21T07:17:06+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: convert intg/test_memory_cache.py to system tests

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4b83a68e31aaac8a84462aec00250ea61aed14b1">4b83a68e</a></strong>
<div>
<span> by aborah </span> <i> at 2023-07-21T12:05:23+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Update sssh module for tier 1_3, 1_4 and 2

Update sssh module for tier 1_3, 1_4 and 2

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/763106ff582511d4f6f9c49ea84a2ac1e202303f">763106ff</a></strong>
<div>
<span> by aborah </span> <i> at 2023-07-24T07:21:57+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add sleep time to test_bz785908

Add sleep time to test_bz785908

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6bed4b7bc14835114e4b0823164ea70a8d69b252">6bed4b7b</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2023-07-24T09:56:26+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Package download

Add python3-libsss_nss_idmap package from utils.py

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/43dd400dc109e962e7621d4b4045d918d4d9dfb1">43dd400d</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-07-24T14:54:35+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: add pytest-importance plugin to system tests

This plugin adds @pytest.mark.importance("low|medium|high|critical")
and --importance=xyz cli option.

Default importance is medium.

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d3fd983be4358ddde0af58c96a38f561a56b2a25">d3fd983b</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-07-24T14:54:35+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: add pytest-output plugin to system tests

This plugin validates test metadata and generates Polarion import XMLs.

To generate the XMLs, call pytest with:

```
--polarion-config=./polarion.yaml --output-polarion-testcase=testcase.xml --output-polarion-testrun=testrun.xml
```

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/50df528cc9b8eddf24034d289e754e3fa3d7f5f5">50df528c</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-07-24T14:54:35+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: add requirements to system tests

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/03e39e1969a923889f8179ac34f94a0e0436c9e0">03e39e19</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-07-24T14:54:35+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: drop tier from system tests

It is replaced by importance marker, which defaults to medium.

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f8848028afef03f68e4893b48002b2c5c1579921">f8848028</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-07-24T14:54:35+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: fix doctring in test_config__add_remove_section

Number of steps did not match number of expected results.

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f3793fc7ca28fb8fdf2b6d8f21d00bdf7c5100a4">f3793fc7</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-07-24T14:54:35+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: generate polarion xmls from system tests

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1d268bc197eb142264a62c1221fcc3bd8a5ed212">1d268bc1</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-07-24T14:54:35+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: run system test in collect only mode first

This will quickly catch issues in Polarion metadata/docstring without
waiting for the test run to finish.

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bfab4907535742128d7140ba1ad858565f70fe3a">bfab4907</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2023-07-24T14:56:43+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: clarify passkey PIN prompt

If user_verification is enabled, then the PIN will always be requested.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit b87c5a6f11f8a584c10a3eb4b74b6084f259182e)

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f3f7a4ce11a91f723d4f729858ebb946fdd6c5e2">f3f7a4ce</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-07-24T14:56:43+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Change "non_kerberos" to "local" authentication

This is more clear, and aligns with smartcard authentication
verbiage.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d019132bd44e25b841e0917c034140be67de9a77">d019132b</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-07-24T14:56:43+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Add local auth policy

local authentication methods policy - Some backends (i.e. LDAP, proxy provider)
only support a password base authentication, while others can handle PKINIT
based Smartcard authentication (AD, IPA), two-factor authentication (IPA),
or other methods against a central instance. By default in such cases
authentication is only performed with the methods supported by the backend.

To allow more convenient or secure authentication methods which are supported
by SSSD, but not by the backend in cases where a central authentication is
not strictly required the `local_auth_policy` option is added.

Ignore local auth policy when id_provider = files.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/43d89dd2d9d9c86ecd487067a6bbdf1fbf1513bb">43d89dd2</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-07-24T14:56:43+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>PAM: Fail empty password in passkey fallback

We can assume in this fallback chain that an empty password
is not allowed.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7f3431a77fd45eab8bc001cc006027e484294ca3">7f3431a7</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-07-25T12:53:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: fix doctring in test_memory_cache__invalidate_group_after_stop
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e3dd7cf472f9766f76c2ac449e856061ac587cb8">e3dd7cf4</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2023-07-25T17:03:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add package for IPA tests

Add python3-libsss_nss_idmap package in common lib of ipa

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5ced015701038bf1d28b91be78ac6d0582871b7c">5ced0157</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-07-26T13:35:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: multihost/basic/sssctl_config_check.py converted

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/28aeb13a284dd4521452a2e18d040338147f265c">28aeb13a</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-07-26T13:35:38+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: converted intg/test_memory_cache to test_id

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ed3726c37fe07aab788404bfa2f9003db15f4210">ed3726c3</a></strong>
<div>
<span> by roy214 </span> <i> at 2023-07-26T13:38:53+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sssctl: add error analyzer

Also removing unused variable and import.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4d1711178dc5c7e5fcef62a49e8a6e861ed68b5b">4d171117</a></strong>
<div>
<span> by Andre Boscatto </span> <i> at 2023-07-31T13:24:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>mans: fix typo in ldap_idmap_autorid_compat

Resolves: https://github.com/SSSD/sssd/issues/5198

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fe61c459a9c91a46c013384831b777cd2c0b90b5">fe61c459</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-07-31T13:25:17+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: converted multihost/basic/test_ldap.py

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dd21de8433fa54f9cd5ca38227426986d9570e55">dd21de84</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-08-07T12:04:52+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>readme: remove github actions badges

These badges stopped working due to breaking changes in the badge
provider:
https://github.com/badges/shields/issues/8671

I don't think we really use them and we did not even update from
sssd-2-7 branch to a newer one or with latest ci changes. Also it
is simple to see the green tick or red cross in github web ui so
these badges are redundant.

Covscan result is kept since you would need to check it on different
page.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/160d7c4f4905331228b04b126b9614c0450ef668">160d7c4f</a></strong>
<div>
<span> by aborah </span> <i> at 2023-08-07T12:05:31+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Ldap referrals.

Ldap referrals.

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7902bd6e12368ddc68148ce751b3411159c8e57a">7902bd6e</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-07T12:05:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: make permissions of config folders consistent

It doesn't make sense to allow 'go+x' for sub-folders under
'/etc/sssd' since this folder itself doesn't have those permissions.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a540f914c8de598ef03e388389b613cc0d6e9cfc">a540f914</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-07T12:05:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: get rid of strings duplications

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/91d32fee16e37e46b7fc43d66f579ba088c45af3">91d32fee</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-07T12:05:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: make ownership of sssd.conf consistent with config folders.

:packaging: sssd.conf should be owned by user specified
with '--with-sssd-user=' at build time. If SSSD runs under
'root' then 'root' ownership of this file will be also
allowed in runtime.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fcfffb5cf14ddd2ff28873e2274bca226441b40b">fcfffb5c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-09T17:27:59+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: swap order of seteuid()/setegid()

Otherwise it fails with:
```
6906  16:40:32.455571 setresuid(-1, 996, -1) = 0
6906  16:40:32.455590 setresgid(-1, 993, -1) = -1 EPERM (Operation not permitted)
```

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2f08f87be5240ebaece9c6e671d6fbb0b8942d5c">2f08f87b</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-08-10T13:54:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>git: add commit template for tests

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9380c8eff6c4abccb4ac9484a2d0eb3d5427546c">9380c8ef</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-11T15:48:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SBUS: warn loudly if bus denies access

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d91c944c9f481ee1c78acab686d06452cbe9b81a">d91c944c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-11T15:48:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IFP: add a comment to 'org.freedesktop.sssd.infopipe.service' to avoid potential confusion

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/16d3308b4b938a782b43e50b8041e02b8c683e9a">16d3308b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-14T17:05:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MAN: only mention 'files' provider if its support is built

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/348c8f535b7b63cda07f45274fdfe4cdb033490b">348c8f53</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-08-17T17:26:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Passkey: Warning display for fallback

Warn the user before and after login that Kerberos ticket may not have been granted.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a20dadc7ec9b21687356d1b0b0218db89f438c67">a20dadc7</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-08-17T17:27:10+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Makefile: Respect `BUILD_PASSKEY` conditional

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/eadee9a2a8f0dfe4f22c460537d6c87c493fa622">eadee9a2</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-08-17T17:27:10+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam: Conditionalize passkey code

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7cf9a1ff0e876ea0970a3f0b3c389b87be834b4f">7cf9a1ff</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-08-17T17:27:10+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ipa: Add `BUILD_PASSKEY` conditional for passkey codepath

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/12762d629a9e001d159b14c84ae0bf8e5c5c5280">12762d62</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-08-17T17:27:10+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam: Remove unneeded passkey verification call

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bec58bf451a3b810100cf6bf4b477b40375e49d2">bec58bf4</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-08-21T16:26:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: Add Fedora 40+ to install CI scripts

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7f7cfc92c8106e08960c5afba63279147ece0a14">7f7cfc92</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-22T16:08:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>PROXY: missing `proxy_resolver_lib_name` isn't an error

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8079d93ffcd778daf7b381e4032a363e52126f79">8079d93f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-22T16:08:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix compilation warning ``` ../src/responder/pam/pamsrv_cmd.c: In function ‘pam_reply’: ../src/responder/pam/pamsrv_cmd.c:1188:10: warning: unused variable ‘pk_preauth_done’ [-Wunused-variable] 1188 | bool pk_preauth_done = false; ``` in case SSSD is built without 'passkey' support.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ae3bac934788f88a05b60b8e3d01ef7ea1b2bbf1">ae3bac93</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-22T16:10:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CONF: allow 'sssd:sssd' ownership for config snippets

Addition to 91d32fee16e37e46b7fc43d66f579ba088c45af3

Unfortunately, there is no easy way to implement "fallback" logic
for snippets, it should be either "root:root" or "sssd:sssd".

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9fe559402277515c1138fed0ef1f7d06a3deee0a">9fe55940</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-24T11:04:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>DP: ENOTSUP isn't a fatal failure for target c-tor

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/41427f95751ad087c6a877b86722f8021d01eb39">41427f95</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-24T16:51:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IFP: allow running under non-root user

:relnote: Infopipe responder (ifp) can now be run under non-privileged
'sssd' user if SSSD is configured and built `--with-sssd-user=sssd` option.
As with other components, for 'monitor' activated 'ifp' service feature is
enabled by setting `user=sssd` sssd.conf option.
For dbus-socket activated 'ifp' service it's a matter of User=/Group= in
'sssd-ifp.service' (configured to 'sssd' by default).

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/01131ba7cea3600dfb54dc163ba1df71eb815931">01131ba7</a></strong>
<div>
<span> by wangcheng </span> <i> at 2023-08-25T11:15:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IPA: Change sysdb_attrs_add_val to sysdb_attrs_add_val_safe in debug output

The pervious commit(dc508f032904f008714418509a13f79a17660659) modified the function `sysdb_attrs_add_val` to `sysdb_attrs_add_val_safe`, but did not modify the debug output information synchronously.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/15a22136e19f192c03758c21fa8e48697fa16857">15a22136</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-25T11:15:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: remove unused code (files manipulations)

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/641e5f73d3bd5b3d32cafd551013d3bfd2a52732">641e5f73</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-08-30T12:40:39+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>mc: recover from invalid memory cache size

If we access the mmap file outside its boundaries a SIGBUS is raised.
We can now safely recover if the file has unexpected size.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/eebb43def9e93c039203993c67148bfdc72c18ad">eebb43de</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-08-31T12:44:47+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Proxy: Avoid ldb_modify failed error

Resolves the sysdb errors returned in the proxy provider
logs when proxy_fast_alias is True.

This extraneous memset call would overwrite the previously
returned pwd buffer, therefore an attempt was made to update
the user's SYSDB_PWD with an empty value causing the error.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b516f1e4f2442a18fb4a873e6431ac7a28873dc7">b516f1e4</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-08-31T12:47:25+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Passkey: Add child timeout handler

If passkey auth times out, the SIGCHLD handler needs to be
destroyed otherwise the SIGCHLD handler tries to access the tevent_req
which was already freed from the timeout.

Resolves: https://github.com/SSSD/sssd/issues/6889

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e32f899a12a8e5c8ee9919a77c0fbe6a0e30b039">e32f899a</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-08-31T12:48:06+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: sssctl_config_check: test for incorrectly set value

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/12a2033e07fed9f4d1cce1c1f75038bf8237610c">12a2033e</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-31T12:48:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: restore proper ownership of `deskprofilepath` broken in d163a120b922a49b458dc9568d90c4066cee2d73

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/daf6096deab82cad8b6f8ee6f646de35405c99cd">daf6096d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-31T12:48:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: `gpocachepath` doesn't need public r-x access

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7d14e529c6ec4d059ae9b3bf9f0576d6d561ca18">7d14e529</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-08-31T15:56:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: include name of the file that failed perform_checks() in the debug log

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/24a08aca85cd5dd703edb2a6193b391bfad52cd9">24a08aca</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2023-09-01T13:33:57+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: Porting sss_override test suite

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/053b6e14cea245f59704bbdc7acd30596c6d76f1">053b6e14</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-09-04T14:48:39+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Passkey: Conditional fixes

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1e5dfc187c7659cca567d2f7d5592e72794ef13c">1e5dfc18</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-09-06T10:35:43+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sss_iface: do not add cli_id to chain key

Otherwise we only chain identical requests from the same client
which effectively renders chaining not functional.

Resolves: https://github.com/SSSD/sssd/issues/6911

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c4b5fda55c6774ab2d23157684c824f8c3cbc789">c4b5fda5</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-09-06T10:36:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Get rid of '--dbus-activated'.

Code makes no difference handling '--socket-activated' and
'--dbus-activated', it only makes things more obscure.
Moreover, on a systemd enabled system, dbus activation actually
starts systemd service anyway, so there is really no big difference.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/50e7891bc50178e08f14ea236e7224fceb969d1e">50e7891b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-09-06T10:36:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CONFDB: removed unneeded wrapper

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b639f335dfd8f5c9e15086492867da1272e26ba2">b639f335</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-09-06T10:36:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CONF: there is no use for CONFDB_FALLBACK_CONFIG

since implicit files provider can't be enabled by default anymore.

Resolves: https://github.com/SSSD/sssd/issues/5022

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e0903de485862d29a1c772f4fdedae253b8a90a8">e0903de4</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-09-06T10:36:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SBUS: additional details in debug messages

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/abd91303f85b7945d1161cb0b30367a86adaad1a">abd91303</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-09-06T10:36:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: debug messages updates

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/49f59cd43fde83841073b6e0e25246e2121a3109">49f59cd4</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-09-06T10:36:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD: removed unneeded capabilities

This patch removes capabilities that aren't needed at all.

Some (if not all) of remaining capabilities can be probably
avoided with proper code changes, but currently those are needed.

Examples (not limiting) of those caps usage:
 - CAP_DAC_OVERRIDE (@additional_caps@): access to /var/log/sssd,
   to /var/lib/sss/pipes/private/* (sssd:sssd owned sbus-monitor/dp
   sbus sockets)
 - CAP_CHOWN: `chown_debug_file()` in case of monitor activation
 - CAP_SETUID/CAP_SETGID: drop privs in case of monitor activation,
   switch_creds (in particular, sssd_kcm executing krb5_child
   for ticket renewal)
 - CAP_FOWNER: chmod(mem-cache)

It's not that clear about 'CAP_KILL'. When 'sssd_be' terminates
child process, it either still runs under root (so uid matches and
no caps needed) or it dropped privs already and have lost CAP_KILL
anyway. Another thing is 'monitor' signalling responders and
providers that could be running under 'sssd' while 'monitor'
itself runs under 'root'.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/19c741c48d49314aedf41f9d9beda253d1eeccac">19c741c4</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-09-06T10:36:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSV/NSS: avoid chmod() in sssd_nss

This allows to remove CAP_FOWNER.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9cb3972800137565a51d9e6db01c3344a1d49e1f">9cb39728</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-09-06T10:36:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD::IFP: don't restrict ExecStartPre=chown(log)

'PermissionsStartOnly' is deprecated but used for consistency
with other unit files.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8e1d2bb476cadd797bae8a6581045f939b4830aa">8e1d2bb4</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-09-06T10:36:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD: replace deprecated 'PermissionsStartOnly=true' with '+'

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9d7dd81c0e7c1f97b635ea8601c9cb466e61e134">9d7dd81c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-09-06T10:36:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD: several comments to service files

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0588981689b1b056e7dd7491e24ea6cf0a28483a">05889816</a></strong>
<div>
<span> by Weblate </span> <i> at 2023-09-07T11:39:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>po: update translations

(Swedish) currently translated at 100.0% (2752 of 2752 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/

po: update translations

(Swedish) currently translated at 99.2% (2732 of 2752 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/

po: update translations

(Swedish) currently translated at 98.5% (2712 of 2752 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/

po: update translations

(Swedish) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/

po: update translations

(Korean) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/

po: update translations

(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/

po: update translations

(Korean) currently translated at 65.4% (1695 of 2589 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Korean) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/

po: update translations

(Korean) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/

po: update translations

(Korean) currently translated at 65.3% (1693 of 2589 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Korean) currently translated at 100.0% (714 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fdc8329ef993c025acdd01edfca147083a9a354a">fdc8329e</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-09-07T11:42:49+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pot: update pot files
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/725c5541d4ee8b47b3877ede2599cf60d7de21d3">725c5541</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-09-07T12:20:22+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: include passkey test code only if passkey is built

Otherwise `make check` fails.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/376534022aebf11d23ee2b70ef13d17ca3842aea">37653402</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-09-08T14:41:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: convert multihost/basic/test_basic to test_kcm and test_authentication

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6540a67c9dac1c4b1c313797b169a32d94702819">6540a67c</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-09-11T10:31:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Print krb5.conf when joining realm.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8fc5aadb1fbdf3ae1fdacc9dc9855db87f521650">8fc5aadb</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-09-11T10:31:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Split package installation to different transactions.

When package is missing/broken the dnf does not install anything
on fedora this prevented automation working properly.
This way the "optional" packages are installed separately.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e73efe153dd2e9ee753cf416030e135700434a67">e73efe15</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-09-11T10:31:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Handle dns with systemd resolved.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/233a846e864fe2a364e05d08c3ae91475b5916d1">233a846e</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-09-15T10:49:56+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: add sssd_test_framework.markers plugin

This loads additional markers defined in the sssd_test_framework.

Currently, there is only `builtwith` to check if SSSD was built with
particular feature (files-provider only at this moment).

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f05d4ec1ecdaef90f3272504dbd9ac6c2e7aa8d8">f05d4ec1</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2023-09-25T13:41:50+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adding group and importance markers

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/39dde256e5e9d226e63898e910b8ffda4428f933">39dde256</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-09-26T08:16:27+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Add missing pytest marker config.

Reviewed-by: Patrik Rosecky <prosecky@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9474e0f4f42375b40e302da727401b9a5e28c2f5">9474e0f4</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-09-26T16:14:22+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: remove unused clang-analyzer from dependencies

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/57dac1e29f040a8c65ff815b15b1a8c9b70c276c">57dac1e2</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-09-26T16:15:41+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Passkey: Allow kerberos preauth for "false" UV

When IPA passkey configuration sets require-user-verification=false
then the user verification value will be 0. We need to allow this
configuration within the plugin.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2c05926ed1fa4deab74b80d9faf6e4c26f31f46f">2c05926e</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2023-09-26T16:15:41+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>passkey: omit user-verification

If user-verification is disabled and the key doesn't support it, then
omit it. Otherwise, the authentication will produce an error and the
user will be unable to authenticate.

I have also added a unit-test to check this condition.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit a8daf9790906b7321024fef8e636f9c1b14343ab)

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bcbc0b3190e01895ccdce48c60b4966d204bd2f0">bcbc0b31</a></strong>
<div>
<span> by aborah </span> <i> at 2023-09-26T16:18:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Enabling proxy_fast_alias shows "ldb_modify failed: [Invalid attribute syntax]" for id lookups.

Enabling proxy_fast_alias shows "ldb_modify failed: [Invalid attribute syntax]" for id lookups.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5f3c82d3c9e7ef999ebc2e754be64c81194d68a4">5f3c82d3</a></strong>
<div>
<span> by aborah </span> <i> at 2023-09-26T16:19:37+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Port rootdse test suit to new test framework.

Port rootdse test suit to new test framework.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/01bee47a1557c0d21c9f35384c53758c70cf97c5">01bee47a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-09-26T16:21:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SUDO service: ${DEBUG_LOGGER} was missed for 'sudo'

service in a7277fecf7a65ab6c83b36f009c558cdfbf997d2

Resolves: https://github.com/SSSD/sssd/issues/6920

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ae920b9ab3ddb107611f21b842bfddb6077290f1">ae920b9a</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-09-27T19:39:19+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Improve read write pipe child tests

Add test for multiple reads with a large message, and
add tests for child read/write safe calls.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1f4fffdb7f57d70151741ea7d844d020250fd309">1f4fffdb</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-09-27T19:39:19+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>util: Realloc buffer size for atomic safe read

Realloc and increase the buffer size when safe read returns more
than CHILD_MSG_CHUNK size bytes.

This handles multiple passkey mappings returned from the krb5 child
in kerberos pre-authentication.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b90021b820e19555854c97d912752145e81d80c4">b90021b8</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-09-27T19:39:58+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CONFDB: get rid of "lastUpdate"

Don't bother, just always re-create ldb. Service restart doesn't
happen often.

It's broken since cca497b4cbbbf05c4f9181b7d8113cde81754831 anyway.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e57093067665bb15c76cb88269fae93d44499bd5">e5709306</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-09-27T19:39:58+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CONFDB: get rid of 'config_file_version'.

'config_file_version' is expected to be '2' since 2009.
Having an option that can have only single hard defined value
is confusing.

Check of 'version' was performed in `confdb_test()`.
Practically it could only fail if 'version' was missing
(i.e. missing/empty file).

This patch replaces `confdb_test()` with `stat()` with
similar logic - execute confdb_create_base() if file is
missing/empty.

:config:Obsolete 'config_file_version' option was removed.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9efd79b010dbb46d9968c3d3ab073b8e585cb2ad">9efd79b0</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-09-27T19:41:26+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSSDConfig: use 'setuptools' instead of 'distutils'

The Python standard library distutils module will be removed from Python 3.12+

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/61bf109a754727c9f4f358d50a44f8a67ab35cb6">61bf109a</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-09-27T19:41:26+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSSDConfig: set PYTHONPATH to make setuptools work on centos8

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0a254e4341d886c68394019fa610a67492f14fce">0a254e43</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-10-02T09:50:59+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BUILD: get rid of `--with-semanage` ./configure switch

:relnote:Explicit `--with-semanage` ./configure switch was removed,
going forward `--with-selinux` includes this.

Resolves: https://github.com/SSSD/sssd/issues/6647

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/88d8afbb115f18007dcc11f7ebac1b238c3ebd98">88d8afbb</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-10-02T09:51:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MC: a couple of additions to 'recover from invalid memory cache size' patch

Additions to 641e5f73d3bd5b3d32cafd551013d3bfd2a52732 :

 - handle all invalidations consistently
 - supply a valid pointer to `sss_mmap_cache_validate_or_reinit()`,
   not a pointer to a local var

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/086e46f1f6c8606e15255275adf17e723fd77367">086e46f1</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-10-02T09:51:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Stop supporting libini older than 1.3

1.3 it out since 2016

:relnote: SSSD now requires libini not older than v1.3

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6f8f7c82b2b38220d99395d5d2732281b3cf1867">6f8f7c82</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-10-03T10:50:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Passkey: Increase conv message size for prompting

Size needs to handle the prompts for interactive, touch, pin prompt, and
kerberos pre-auth warning message which could all be displayed.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/64422699aed9a0024d39af00462c22dc47a8dfac">64422699</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-10-03T10:50:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: converted alltests/test_pasword_policy.py to tests/test_ldap.py

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9dccf7ff61c6dda89300cd36c62830dfff1687ad">9dccf7ff</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-10-03T10:50:56+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: install latest SSSD code on IPA server

This allows us to test changes to the server mode as well.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/620af3b3fe160199fa92f49bd03abc91a37a04d7">620af3b3</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-10-03T10:51:56+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: alltest/test_sssctl_local.py converted to system/tests/sssctl.py

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ea7273b3d4e93f7cdf5bb6f5defcf1bd38659f8d">ea7273b3</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-10-03T10:52:38+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: multihost/basic/test_files converted

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/66c0a2d00b872db77d59efb41bac66df0cf04c26">66c0a2d0</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2023-10-03T10:54:43+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: add passkey tests for sssctl and non-kerberos authentication

1. Register a key with sssctl
2. Register a key with IPA sssctl command
3. Check authentication of user with IPA, LDAP, AD and Samba

All tests cases automated with umockdev.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2c59fd211a6b35022fb2a4683918d77610f76660">2c59fd21</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-10-06T11:21:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>NSS: Replace notification message by a less scary one

Replace the message "Unable to find primary gid" by another one that
sounds less scary and is a little bit clearer for users.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8ecfe20efca6696e94f64fbd2a024f6bcd7bb26d">8ecfe20e</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-10-06T11:21:57+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests:alltests/test_rfc2307.py converted to test_ldap.py

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b07a7552aac1a1bb4985c31e6005771032d9cad6">b07a7552</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-10-06T11:22:35+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: alltests/test_sss_cache.py converted to multihost/test_sssctl.py

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a997ee7bd9d259e7faf654cb94145c0135df02f8">a997ee7b</a></strong>
<div>
<span> by licunlong </span> <i> at 2023-10-06T14:04:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>cli: caculate the wait_time in milliseconds

The timeout we pass in is 300000ms, and we sleep 1s every
time we get a EAGAIN error, so we need to multiply 1000
for sleep_time.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1082f2563f5cdc7d4f019c3a85bd0c717fc6fd16">1082f256</a></strong>
<div>
<span> by Scott Poore </span> <i> at 2023-10-10T15:52:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: add follow-symlinks to sed for nsswitch

The multihost/alltests/test_automount_from_bash.py test module runs a
sed against /etc/nsswitch.conf which convers it from a link to a file.
This causes issues with authselect in later tests resulting in test
errors.  This can be fixed by adding the --follow-symlinks option.

The restore() from the fixture should return the config to it's original
content.

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/22f8eee9c40c1bb8c3f92a91c396c2f2581b60e0">22f8eee9</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-10-10T18:47:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: Create a macro for the --config option

Other common options already have their macro. I'm
creating the macro SSS_CONFIG_OPTS for this one.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/049edefecd5bbb5098bae5a12e2462a8399078d9">049edefe</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-10-10T18:47:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: Add the db file name to server_setup()'s parameters

The db file was forced to CONFDB_FILE and there was no possibility of
changing it. Now it is passed as an argument.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7cc28f3278e987ff55dba971605483b094a43082">7cc28f32</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-10-10T18:47:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CONFDB: Allow loading an empty configuration

Function confdb_setup() returns an error if the configuration file(s)
is(are) missing. In some cases it can be acceptable to have an empty
configuration and use the default values.

We are adding a parameter to confdb_setup() to allow empty files.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e6c1d3abc4e8cf65a006d581016433784ec3f060">e6c1d3ab</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-10-10T18:47:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CONFDB: Fixed some missing dependencies in a header file

confdb_setup.h did not include all the header files it requires.
So far those files happened to be included before this file, so
no compilation error occurred, but the problem was hiding in the
shadows.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0485342f73ef839c2007e7118c222e02b9804369">0485342f</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-10-10T18:47:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: Handle its own configuration

KCM now uses the ${SSS_STATEDIR}/db/config_kcm.ldb database to store its
configuration. config.ldb is no longer used by KCM.

The configuration text file remains the same.

Resolves: https://github.com/SSSD/sssd/issues/6926

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/93ee0159a0f467ced3412d034ec706dd3508901e">93ee0159</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-10-11T13:43:16+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: Remove the oldest expired credential if no more space.

:feature: When adding a new credential to KCM and the user has
          already reached their limit, the oldest expired credential
          will be removed to free some space.
          If no expired credential is found to be removed, the operation
          will fail as it happened in the previous versions.

Resolves: https://github.com/SSSD/sssd/issues/6667

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/96d8b77ae6e7d1dd72b9add553935fc4aa6ab2c5">96d8b77a</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-10-11T13:43:16+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: Display in the log the limit as set by the user

max_uid_ccaches is unconditionally incremented by 2 in ccdb_secdb_init()
to create space for some internal entries. We cannot just show this
value as it is not what the user configured.

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ad9bf1bbc509314567d00478448aafd35af421d0">ad9bf1bb</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-10-11T13:44:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>use systemd-sysusers

Signed-off-by: Jonathan <jonathan@knownhost.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/88a386e12a11287771d5429b11b066bf6e75e42f">88a386e1</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-10-12T11:23:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Skip tests unstable on other archs and tweak realm join.

Unify realm join for AD params tests to use code with timeout
to prevent suite freezing in sasl authid tests.
Set the whole suite as flaky to retry when realm join freezes.

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8264cb573637c08b26c4ff8abcc44e09fd77fec0">8264cb57</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-10-16T10:23:08+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix AD param sasl tests.

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/421a818f8be269a72c1d78653885ee171ac7c5f5">421a818f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-10-16T10:23:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>configure: use 'LDB_CFLAGS'

Also add all common *_CFLAGS to cwrap tests.

Reviewed-by: Alejandro Lopez <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4a9f8ebb8032df4b2e8dffb2be80fbd6575b0e7b">4a9f8ebb</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-10-16T11:19:08+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: adjoin in test_00015_authselect_cannot_validate_its_own_files

Switch test_00015_authselect_cannot_validate_its_own_files to use adjoin
fixture instead of joining manually.

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7601918757910994894b9547647602b8c2ac806c">76019187</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-10-16T13:34:42+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>utils: enable talloc null tracking

With this patch talloc_enable_null_tracking() is called during
`server_setup()` to make talloc memory usage reports more useful.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c38699232594b8bdd79dbeed36b7afa5ba9b0512">c3869923</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-10-16T13:35:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>proxy: add support for certificate mapping rules

To be able to do local Smartcard authenticate the backend must be able
to map a certificate to a user based on the provided mapping rules.

With this patch the proxy provider is able to handle the certificate
mapping rules and users handled by the proxy provider can be configured
for Smartcard authentication. Besides the mapping rule local Smartcard
authentication should be enable with the 'local_auth_policy' option in
the backend and with 'pam_cert_auth' in the PAM responder.

:relnote: The proxy provider is now able to handle certificate mapping and
  matching rules and users handled by the proxy provider can be
  configured for local Smartcard authentication. Besides the mapping rule
  local Smartcard authentication should be enable with the 'local_auth_policy'
  option in the backend and with 'pam_cert_auth' in the PAM responder.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ffd467430310f0671ba78fa0ef0385426f37d51f">ffd46743</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-10-16T13:35:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>intg: add NSS module for nss-wrapper support

The main use case of this NSS module is to run proxy provider tests with
cwrap's nss-wrapper.  The proxy provider loads the NSS modules directly
with dlopen() and is not using glibc's NSS mechanism. Since nss-wrapper
just wraps the standard glibc calls and does not provide an NSS module
on its own we have to use this workaround to make proxy provider work
with nss-wrapper.

DO NOT USE THIS IN /etc/nsswitch.conf, it will cause an infinite loop.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/54f558966aa515370ee6218793a36d4148c80a73">54f55896</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-10-16T13:35:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>intg: replace files with proxy provider in PAM responder test

This patch replaces the deprecated files provider in the PAM responder
tests with the proxy provider. The straight-forward replacement would be
'proxy_lib_name = files' to use libnss_files.so.2 with the proxy
provider. But the tests are using nss-wrapper which wraps the plain
glibc calls. Because of this the test is using a dedicated NSS module to
work with nss-wrapper.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8952f6d8fea4a0e7e18eebf9e6a9f35d32de93bd">8952f6d8</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-10-16T13:35:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>confdb: add new option for confdb_certmap_to_sysdb()

With this new boolean options the backends calling
confdb_certmap_to_sysdb() can indicate if the certificate mapping rules
should be applied for local users or not, which currently means LDAP
based mapping with a search filter string.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f5f8030ad7bc469130ed69abec4c2563eca52e17">f5f8030a</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-10-16T13:35:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>intg: use file and proxy provider in PAM responder test

All Smartcard authentication related tests are run now with the proxy
provider and the deprecated files provider. If the files provider will
be removed the tests can be removed by reverting this patch.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4d475e41a5223f4bdabc1465bad4d4f87a911064">4d475e41</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-10-16T13:35:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>intg: add proxy auth with fallback test

SSSD currently assumed that PAM modules configured for the proxy auth
provider expect passwords as input. If a Smartcard is present during the
authentication, but local Smartcard authentication is not enabled, the
user should see a password prompt.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/45e06b770de4eb1e7bd36e01e580ecfe027b8866">45e06b77</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-10-18T15:29:41+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: Improve LDAP security wording

All communication, including the identity provided must be
encrypted to prevent attacks.

Resolves: #6681

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/847aa71217a33b3ed7a17fe9e19c0290ee99fe93">847aa712</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-10-18T15:29:41+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ldap: Switch ldap_id_use_start_tls default to True

:relnote: Default `ldap_id_use_start_tls` value changed from `false` to `true` for improved security.

Resolves: #6681

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f0bba9d5178d18e7b08aaa58375916d111dfeb59">f0bba9d5</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2023-10-18T15:31:27+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>dyndns: PTR record updates separately

DNS server does not allow updates for different zones in one
single step. Those updates must be sent separately.

It is complicated and in some cases impossible to detect that
PTR updates does not fit into one zone because it often depends
on DNS server configuration.

With this patch PTR record updates are always sent separately.

Resolves: https://github.com/SSSD/sssd/issues/6956

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bd839b85e25701116cb8453e142014973a9c6de9">bd839b85</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2023-10-18T15:35:16+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Updating ad_multihost test

* fixing raiseonerr=False to disjoin function
* cleaned up code since the line limit has increased
* added AD from forest1 to resolv.conf and /etc/hosts
* updating test case documentation to clarify the test

Signed-off-by: Dan Lavu <dlavu@redhat.com>

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cb72984e2d533306489c6161678443ce2fe48661">cb72984e</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2023-10-18T15:35:16+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Updating ad_multihost test

* fixing raiseonerr=False to disjoin function
* cleaned up code since the line limit has increased
* added AD from forest1 to resolv.conf and /etc/hosts
* updating test case documentation to clarify the test

Signed-off-by: Dan Lavu <dlavu@redhat.com>

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/95678ad7e4f18e47cd67aabe660e0c26c07a2ffa">95678ad7</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2023-10-18T15:35:16+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Adding test case for bz2167728

* Cleaned up lines since the character count has increased
* Added test ids to existing tests

Signed-off-by: Dan Lavu <dlavu@redhat.com>

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/38d334ea040e2f5b0da4a3a37618215658b2c3a8">38d334ea</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2023-10-23T13:27:50+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: clarify user credentials for `cache_credentials`

It only applies to passwords, not other authentication mechanisms like
smartcards or passkeys.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ce117ae0c25305a5109d0f663d677a9ccae3b68a">ce117ae0</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-10-23T13:30:50+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: topology set to KnownTopologyGroup.AnyProvider

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6814b278868c8acf80477a5d65b3953436674f1f">6814b278</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-10-23T13:31:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: Add dependabot to get updates of github actions

GitHub provides a bot called 'Dependabot' which can
be used to automate version updates to Github
actions. Adding this check monthly will trigger
dependabot to create PRs with updates to github
actions versions in use by SSSD.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7a3cc7a7be5eb8215709d5074d91567f7b7b60e1">7a3cc7a7</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-10-25T15:07:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix autofs cleanups

Autofs tests were not cleaning properly leaving behind stuck/unresponsive
mounts. This was failing other tests that were executed after these suites.
Tests were stuck when trying to create a new local users or listing dirs.

Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e01378ae7af802a3313319d9b346833289c80828">e01378ae</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-10-25T15:11:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: Corrected the path to the logs

Logs were not included in the artifacts because the path was incorrect.

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/58c7b6479be8f308bbd9185804dcdb71152ab7f3">58c7b647</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-10-25T15:11:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: Clean the pipe after the test has finished

Tests where sometimes failing because they were opening the pipe
while KCM was shutting down. This was happening because tests were
successfully opening the pipe because it was left over by the
previous instance of KCM. So to avoid this we immediately remove
the pipe during teardown. With this, tests will fail to open it
and keep trying until it is re-created by the new instance of KCM.

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/54744f29574badd8d60e56ada6e8d9cf688813e4">54744f29</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-10-25T15:11:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: Give KDC time to initialize

Some PAM tests sometimes fail because they starts before KDC has
finished its initialization. Adding a short delay to let it complete
its initialization before launching the actual tests.

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a7b19bcb47ddaaaa745a32571b444ee185e79b4c">a7b19bcb</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-10-25T15:15:23+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ipa: reduce log level of some HBAC log messages

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5a211ec941acde206d52092f5547fc46737f30e5">5a211ec9</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2023-10-25T15:59:23+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: build passkey for centos-9

Also include RHEL9+ to build passkey in the spec file.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0456ecad643428b2ac28c932cb7435c8b914529a">0456ecad</a></strong>
<div>
<span> by dependabot[bot] </span> <i> at 2023-10-26T11:34:08+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build(deps): bump DamianReeves/write-file-action

Bumps [DamianReeves/write-file-action](https://github.com/damianreeves/write-file-action) from 41569a7dac64c252caacca7bceefe28b70b38db1 to 0a7fcbe1960c53fc08fe789fa4850d24885f4d84.
- [Release notes](https://github.com/damianreeves/write-file-action/releases)
- [Commits](https://github.com/damianreeves/write-file-action/compare/41569a7dac64c252caacca7bceefe28b70b38db1...0a7fcbe1960c53fc08fe789fa4850d24885f4d84)

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2f5b299996ea8e4d0bdded3eb0b020ed311209f9">2f5b2999</a></strong>
<div>
<span> by dependabot[bot] </span> <i> at 2023-10-26T11:34:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build(deps): bump actions/checkout from 3 to 4

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ff42d88994a13c9f130741a13ee7fe4dac63a5df">ff42d889</a></strong>
<div>
<span> by dependabot[bot] </span> <i> at 2023-10-26T11:34:56+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build(deps): bump vapier/coverity-scan-action from 1.2.0 to 1.7.0

Bumps [vapier/coverity-scan-action](https://github.com/vapier/coverity-scan-action) from 1.2.0 to 1.7.0.
- [Release notes](https://github.com/vapier/coverity-scan-action/releases)
- [Commits](https://github.com/vapier/coverity-scan-action/compare/v1.2.0...v1.7.0)

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cbb107314100bf2be9f55aa2b967a60d149440ca">cbb10731</a></strong>
<div>
<span> by dependabot[bot] </span> <i> at 2023-10-26T11:36:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build(deps): bump linuxdeepin/action-cppcheck

Bumps [linuxdeepin/action-cppcheck](https://github.com/linuxdeepin/action-cppcheck) from 9ef62c4ec8cd5660952cd02c58b83fa57c16a42b to e63fb1d3f321e0467737aa9de7f691360fb1b8fb.
- [Release notes](https://github.com/linuxdeepin/action-cppcheck/releases)
- [Commits](https://github.com/linuxdeepin/action-cppcheck/compare/9ef62c4ec8cd5660952cd02c58b83fa57c16a42b...e63fb1d3f321e0467737aa9de7f691360fb1b8fb)

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4f5b1a25a0bd108cbba77a63dfe50f64f2249764">4f5b1a25</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-10-27T13:15:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>intg: return status code for calls requiring it in fake nss module

To avoid gcc warning that a function is not returning value.

```
/shared/workspace/sssd/src/tests/intg/nss_call.c: In function '_nss_call_setpwent':
/shared/workspace/sssd/src/tests/intg/nss_call.c:63:1: error: control reaches end of non-void function [-Werror=return-type]
   63 | }
      | ^
/shared/workspace/sssd/src/tests/intg/nss_call.c: In function '_nss_call_endpwent':
/shared/workspace/sssd/src/tests/intg/nss_call.c:77:1: error: control reaches end of non-void function [-Werror=return-type]
   77 | }
      | ^
/shared/workspace/sssd/src/tests/intg/nss_call.c: In function '_nss_call_setgrent':
/shared/workspace/sssd/src/tests/intg/nss_call.c:98:1: error: control reaches end of non-void function [-Werror=return-type]
   98 | }
      | ^
/shared/workspace/sssd/src/tests/intg/nss_call.c: In function '_nss_call_endgrent':
/shared/workspace/sssd/src/tests/intg/nss_call.c:111:1: error: control reaches end of non-void function [-Werror=return-type]
  111 | }
      | ^
```

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/83eec3639407be8e9606fb748aaed5730303009e">83eec363</a></strong>
<div>
<span> by Dusan Uradnik </span> <i> at 2023-11-01T10:43:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sbus: store dbus connection name in domain.conn_name

We're moving towards a single D-Bus server in monitor, therefore we
will be relying on connection names instead of connection addresses.

It makes sense to have the name easily available from the domain.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b9c1d7d667d49080c27641fb4a800bd4c2612d43">b9c1d7d6</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-11-01T10:43:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sbus: add destination to request key

We are moving to have a single dbus server, therefore we need to
consider the destination when chaining individual requests.

This actually revealed a bug in current implementation of provider
notifications from dp_resp_client.c. Since all requests were send
over single bus (the monitor), they were chained any only the first
request (to nss responder) reached the destination and other processes
were never notified.

With the destination added to the key, the requests are no longer
chained and all processes are notified, including PAM which suddenly
broke smartcards tests that were using the files provider. The files
domain were inconsistent and under refresh when the authentication
was attempted. We need to wait for the refresh to be finished so the
test can continue.

Resolves: https://github.com/SSSD/sssd/issues/6286

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9f8551a195cddc9ac898b90610be5fb30a16f4e4">9f8551a1</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-11-01T10:43:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sbus: centralize communication to a single dbus server

Now there is only one dbus server in the monitor process instead of
having a server in each running process. This will simplify the
communication and allow us to use signals effectively.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a25b16ed795553420c11d091413923435c267bd2">a25b16ed</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-11-01T10:43:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sbus: correctly handle reply on signal chaining

Signals do not support replies, however some of them can be chained.
If multiple parallel signals are chained into a single request, SSSD would
crash here because the code expected that a reply is already available.

In this case, we still need to finish all signals in the chain list, but
no reply is present.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ab486cbc7dee6d9debba261eb0c410e745b48ba6">ab486cbc</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-11-01T10:43:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sbus: convert calls in dp_resp_client.c into signals

We do not require any reply from the destination so signals are
much better format for these calls.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d9b2b8e58a8d47b938a38f8aa99c8ec2a352e53a">d9b2b8e5</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-11-01T10:43:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sbus: disable chaining for SetActive and SetInconsistent

Even in the unlikely case when multiple of these methods where
called in parallel, we must treat them as separate calls and
handle them individually to avoid situations like:

- SetInconsistent
- SetActive
- SetInconsistent

Here, if chained, it translates to SetInconsistent -> SetActive, which
is wrong. Therefore we can not chain these signals.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/529af409a571c9ac9d632c82ee3474304d08def1">529af409</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-11-01T10:43:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sss_iface: split connection to dbus server and service registration

This allows us to connect to the D-Bus server sooner and remove code
duplication in responders and backend.

Now we can connect to the bus when we are ready and register the process
in the monitor when the process is fully initialized.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8b47a9a3125b7f394d6228962b5e20e6fff5f5b7">8b47a9a3</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-11-01T10:43:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>backend: connect to private dbus in a blocking way

We used asynchronous connection because we were also creating
a dbus server. Now we do not create the server anymore so we
can switch back to a blocking call and simplify the code.

Blocking call is alright at this moment, since we can not serve
any requests anyway and the backend is not yet fully initialized.
Whole initialization was postponed until this call is finished
in non-blocking mode as well.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9a47e2b042f2a0c5d667a35f2b49dfa96dbdc13d">9a47e2b0</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-11-01T10:43:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>dp: remove client registration code

Switching to single dbus server allows us to remove this code since
all clients can now be contacted via their own unique dbus name.

This code is no longer used since the switch.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/174fb9e00ccd7f03f0234f84c2da2553ca4877ab">174fb9e0</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-11-01T10:43:14+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sbus: log sender of received message

So we are able to match the logged messages with particular sender.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/10c1942e4a6ad81ce36e7acc5104c14503998bea">10c1942e</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-11-01T10:43:14+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sbus: make sbus_connect_private_send static

Asynchronous connection to D-Bus is only needed when creating a server
and that is done by `sbus_server_create_and_connect_send`. Non-blocking
connection does not make sense on other places in SSSD because we use
D-Bus for IPC therefore if D-Bus connection is not functional, our
process can not function as well and therefore the blocking connection
actually makes more sense.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9ece4e133f87693f3492438e8b82228db463400b">9ece4e13</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-11-01T10:43:14+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>dp: build dp_sbus_domain_active/inconsistent only with files provider

These signals are only used by files provider, they are not completely
reliable because they are prone to race conditions and should not
really be used elsewhere.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fbff098920da2457121cd907c9ca1b254d262d3c">fbff0989</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-11-01T11:16:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>dependapot: add ci prefix to commit messages

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8804a2c68ee6e565650f32848c16ed3e981fe2e0">8804a2c6</a></strong>
<div>
<span> by Masahiro Matsuya </span> <i> at 2023-11-02T12:06:58+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: test_0017_filesldap is missing staticmethod

* @staticmethod is required for this method.
* setup_sssd_krb is added since krb configuration is required for this test.
* The first sssctl can make the pipe number increase (usually +2), so run
the first sssctl before collecting /tmp/before_count.

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/17cf4bbb7e7969d6cba4e1a61ef2bb7b6a879c50">17cf4bbb</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-11-02T13:59:29+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: get frozen Fedora releases in the matrix

A Fedora release may be in a frozen state (beta freeze, final freeze),
in such case, it is not temporarily visible under "pending"
but under "frozen".

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b0212b04f109875936612a52a7b30a80e5a85ee5">b0212b04</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-11-03T12:06:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSS_CLIENT: replace `__thread` with `pthread_*specific()`

in sss_client code to properly handle OOM condition (with `__thread`
glibc terminates process in this case).

Solution relies on the fact that `sss_cli_check_socket()` is always
executed first, before touching socket.
Nonetheless, there are sanity guards in setters/getters just in case.

It's possible to move context initialization code into a separate
function and call it in every getter/setter, but probably not worth it.

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Carlos O'Donell <codonell@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/26047f07c0f7aa61a44543de8674ec7d0904812e">26047f07</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-11-09T12:23:14+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ipa: do not go offline if group does not have SID

This happens during applying overrides on cached group
during initgroups of trusted user. If the group does not
have SID (it's GID is outside the sidgen range), SSSD goes
offline.

Only SSSD running in server_mode is affected.

This patch ignores error in single group and rather continues
processing the remaining groups.

Resolves: https://github.com/SSSD/sssd/issues/6942

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/962e9d0529c5ffd4e9b3c342b038daa5dbaa75e9">962e9d05</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-11-10T11:38:38+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>PAM: fix Smartcard offline authentication

Even if a Smartcard was inserted and proper certificates were found
offline authentication with the Smartcard was not possible because the
certificate information was accidentally removed from the reply send to
the PAM module.

Resolves: https://github.com/SSSD/sssd/issues/7009

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/96f568cbdcf46b49d1f2f85d8ce11a14e8ad5272">96f568cb</a></strong>
<div>
<span> by Weblate </span> <i> at 2023-11-13T11:47:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>po: update translations

(Georgian) currently translated at 13.3% (95 of 713 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ka/

po: update translations

(Korean) currently translated at 65.9% (1706 of 2585 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Korean) currently translated at 100.0% (713 of 713 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/

po: update translations

(Russian) currently translated at 100.0% (2761 of 2761 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/

po: update translations

(Russian) currently translated at 100.0% (713 of 713 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/

po: update translations

(Georgian) currently translated at 13.0% (93 of 713 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ka/

po: update translations

(Polish) currently translated at 100.0% (713 of 713 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/

po: update translations

(Georgian) currently translated at 8.2% (59 of 713 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ka/

po: update translations

(Ukrainian) currently translated at 100.0% (2761 of 2761 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/

po: update translations

(Ukrainian) currently translated at 100.0% (713 of 713 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/

po: update translations

(Korean) currently translated at 65.9% (1705 of 2585 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Finnish) currently translated at 10.2% (73 of 714 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fi/

po: update translations

(Korean) currently translated at 65.6% (1699 of 2589 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a3ea7587794d12aa7f59b6bc7cab02ce4e648c07">a3ea7587</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-11-13T11:50:40+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pot: update pot files
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ed4b1a5b1366eaf5ae675a4dba7204953d427149">ed4b1a5b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-11-14T12:44:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESPONDER: remove unused code

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/afabbb95e8a8b410e960fdec412688bee7d2fe01">afabbb95</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-11-14T12:44:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BUILD: make support of 'ucred' a hard requirement

:relnote:Building SSSD now requires availability of 'ucred'/
'SO_PEERCRED' to enforce certain security checks at runtime.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/246ae4497588c08556100b8379c81f29aafc800c">246ae449</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-11-14T12:44:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESPONDER: rely on SO_PEERCRED instead of socket path

to determine if connected client runs under root

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/62732b697944c7435273c8029a705c5f44513deb">62732b69</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-11-14T12:44:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>PAM: get rid of private socket as it's not used anymore

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/db1a919ff5760119df3083f535e66d0e4470cad8">db1a919f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-11-14T12:44:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESPONDER: get rid of "private pipes" completely.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8c8702803263d6dbf2c39f5bca8fb33036806f35">8c870280</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-11-14T12:44:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT:NSS: never resolve 'sssd' user/group

if built with non-root user support

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1451c6e034d20cd1d8947d53bd2da3aa75527ba8">1451c6e0</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-11-14T12:44:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT:PAM: trust peer if it runs under 0 or SSSD_USER uid

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b6f44f103608b6c91372cc4ab502bbbef612c164">b6f44f10</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-11-14T12:44:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>INTG-TESTS: fake SO_PEERCRED on responder side as well

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a3a376218064688085ed4a3a77bf64a7ad453182">a3a37621</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-11-14T12:44:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESPONDER: protection from (cctx->cmd_line == NULL)

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4b0c58be5dd75ec1c751d561d2b523d83f3920cc">4b0c58be</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-11-14T12:44:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESPONDER: protection from failed `snprintf()`

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3edc04d17fbfa520f5522293e861227f5119e15f">3edc04d1</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2023-11-14T12:44:40+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: clean configure.sh

Support for Fedora 36-, RHEL/CentOS 6 and 7 in master branch ended, so
let's remove them. In addition, Python2 support only exists in
RHEL/Centos 8, so make only those two dstributions use
`python2-bindings`. Finally, include RHEL/CentOS 10 for configurable
features.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/39a0de22daa8b95feb280427876732bcbbb22583">39a0de22</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2023-11-14T12:44:40+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: clean distro.sh

Support for Fedora 36- in master branch ended, so let's remove them.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/05ea3f1bec1b1b51e5248c6276ada7870cf03fdc">05ea3f1b</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2023-11-14T12:44:40+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: clean deps.sh

Support for Fedora 36- in master branch ended, so let's remove them.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/292ef326b4a181d061c59a15fc7819feb8118313">292ef326</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2023-11-14T12:44:40+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: upload cwrap logs

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0f1a6e350584924fd9f18aceae20d04c54bdd845">0f1a6e35</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-11-15T07:02:14+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add a test for bz1900973 kcm delete expired tickets

Reviewed-by: Alejandro Lopez <allopez@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3eae4cc5282e4b76454b358e986da0757bb81d7f">3eae4cc5</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-11-17T14:09:25+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: 'sssd-proxy' requires 'libsss_certmap.so'

Resolves following rpminspect warning:
```
Subpackage sssd-proxy carries 'Requires: libsss_certmap.so.0()(64bit)' which comes from
subpackage libsss_certmap but does not carry an explicit package version requirement.
Please add 'Requires: libsss_certmap = %{version}-%{release}' to the spec file to avoid
the need to test interoperability between various combinations of old and new subpackages.
```

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2617dcfd6376e0bb0a44cc15b11f0e6531c33960">2617dcfd</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-11-17T14:10:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTIL: use proper specifier for 'DEBUG_CHAIN_ID_FMT_*'

Resolves: https://github.com/SSSD/sssd/issues/6790

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/098bf64a03e5e7c054bd0e40717484d45c93d031">098bf64a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-11-17T14:10:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Don't provide 'uint64_t' as POPT_ARG_LONG.

Sizes might not match on some platforms.

Resolves: https://github.com/SSSD/sssd/issues/6790

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/92e85f1a135c89bca17cbd8c7efe8562d2c5beca">92e85f1a</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2023-11-28T12:35:05+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: consolidation, refactoring and organizing, renaming of some tests

- added markers to pytest.ini
- added markers to tests
- consolidated two sssctl test files into one, sssctl_config_check.py and sssctl.py
- renamed test_id.py, to test_identity.py, just to match the marker groups
- renamed the test cases in test_identity.py to be more readable
- renamed test_ldap_extra_attrs.py to test_schema.py , after looking at the tests, its testing the schema attributes
- appended test_shadow.py to test_ldap.py , tests shadowlastchange = 0 in LDAP

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/230e7757a7805c7c530d0914936f353882bd504e">230e7757</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-11-28T13:23:12+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LOGROTATE: logrotate should also signal sssd_kcm

sssd_kcm is not registered with SSSD's monitor, so it is not signaled
when it must restart the log. Adding this command will directly signal
sssd_kcm (in addition to the monitor).

If sssd_kcm is also running in one or more containers, they will also
receive the signal. Because only the log files in the host where rotated,
the instances in the containers will go on using the same log files.
Nothing will happen except for the "Received SIGHUP. Rotating logfiles."
message in the log files. If we want to avoid this, we should implement
a PID file.

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c73b7eb801ed14892e34cd8e810678220785edf5">c73b7eb8</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-11-28T13:23:46+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: Replace a hard-coded constant by a macro

The per-UID quota is internally increased by 2. This value is no
longer hard-coded but replaced by the KCM_MAX_UID_EXTRA_SECRETS macro.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3cba6d1153c102f9596335db28cc017e8338e868">3cba6d11</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-11-28T13:23:46+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: Fixed a wrong check

The pointer to the newly allocated iobuffer is stored into
state->op_ctx->reply but the check for NULL is done on state->reply,
which we already know is not NULL because it was checked before and
not modified after that.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/126920546e38f9df6c1c1bda95f0bcd6991cb722">12692054</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-11-28T13:23:46+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: Remove unused cc_be_type from struct kcm_ccdb

This field is never set and never used. Let's remove it.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2eb67afc014878108a555fd0ac41bef954a2a962">2eb67afc</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-11-28T13:23:46+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: When freeing the client, check that it is not NULL.

`cc-> client` could be NULL.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/edb63cde4fcfa1089e8f39c5d0b6f1e0c184ea0d">edb63cde</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-11-28T13:23:46+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: sss_iobuf_init_empty() shall not zero memory

sss_iobuf_init_empty() and related functions zero the allocated memory
even though it is not needed. Most of the time, all the fields in the
structures will be set to non-zero values. In these cases zeroing the
is useless and we stop doing it.

Only in two cases, some pointers were being left unmodified, so they
are now being manually set to NULL.

Resolves: https://github.com/SSSD/sssd/issues/7014

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fe6c35addee2cfd0c32021e4b079eec7575ca90c">fe6c35ad</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-11-28T13:23:46+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: Reduce the amount of memory allocated for the packages

Some packages are being allocated to their maximum size, even though all
that memory is not required. When the amount of memory needed is not know,
We reduce the amount of memory allocated to the initial size defined by
the KCM_PACKET_INITIAL_SIZE macro.

The existing KCM_REPLY_MAX was replaced by KCM_PACKET_MAX_SIZE.

Resolves: https://github.com/SSSD/sssd/issues/7014

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b4f9f63bd74722c543c7d2f3695f0d2351eba4c3">b4f9f63b</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-11-28T13:23:46+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: Do not zero memory when not need.

A few more cases where memory is allocated and zeroed when it is not
required.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ae6b9163be0a5a8846e8dbf2e0da2c29221781b9">ae6b9163</a></strong>
<div>
<span> by Petr Mikhalicin </span> <i> at 2023-11-28T14:08:58+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam_sss: fix passthrow of old authtok from another pam modules at PAM_PRELIM_CHECK

pam_sss ignored old authtoks passed from another pam modules

Resolves: https://github.com/SSSD/sssd/issues/7007
Resolves: https://github.com/SSSD/sssd/issues/5418

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e9189052a46d28e6397686c28d744d5e45f1f72d">e9189052</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-11-29T08:30:54+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: converted alltests/test_default_debug_level

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e9e6d80e20fbf82c8b48ca4edbe2996018f7f7cd">e9e6d80e</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-12-01T10:35:05+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: make valgrind suppression more relaxed for test_ipa_subdomains_server

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cffe6e09c6b4cd8afa049365bbd432ace5d2a9d9">cffe6e09</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-12-01T10:35:34+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>nssidmap: fix sss_nss_getgrouplist_timeout() with empty secondary group list

sss_nss_getgrouplist_timeout() is intended as a replacement for
getgrouplist() which only gets secondary groups from SSSD. Currently it
returns an ENOENT error if there are no secondary groups returned by
SSSD. However, as with getgrouplist(), there is the second parameter
which expects a single GID which will be added to the result. This means
that sss_nss_getgrouplist_timeout() will always return at least this GID
as a result and an ENOENT error does not make sense.

With this patch sss_nss_getgrouplist_timeout() will not return an error
anymore if there are no secondary groups but just a result with the
single GID from the second parameter.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5e7cd889d6b2554e822370d2c962791d00f26278">5e7cd889</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-12-04T11:25:43+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam: fix Smartcard auth with files provider

It is expected that the files provider ignores the local_auth_policy
option and supports Smartcard authentication by default.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f4c9d6efd6492ca32679aff1897b3d2593b9455d">f4c9d6ef</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2023-12-05T22:10:16+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: add passkey tests for authentication failures

Test cases are as follows:
4. Check auth deny for incorrect pin for LDAP, IPA, Ad and Samba.
5. Check auth deny for incorrect passkey mapping for LDAP, IPA, AD and Samba.
6. Check auth of user when server is not resolvable for IPA, LDAP, AD and Samba.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2a3e47af2d9a49d249a29e88072227f0697bcbbf">2a3e47af</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-06T14:36:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT: move all socket paths checks to a single function

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/41f8a6892e2f3052413da86a689fb8847a9b266c">41f8a689</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-06T14:36:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT: remove check for rw-rw-rw-

as it doesn't make much sense anyway.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4255a0fed34001b2f8f9872d2de5e49474bb00b9">4255a0fe</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-06T14:36:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: a comment to explain the need for explicit `sss_pac_check_and_open()`

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/079f433db08e7ec73587bbc078ebe078343e3e92">079f433d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-06T14:36:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT: reduce code duplication

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/57ed0de682b849629d0601728bff2f0c8e819139">57ed0de6</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-06T14:36:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT: add an optional check of server credentials

to `sss_cli_make_request_with_checks()`

This requires to make sure 'sss_sssd_*id' are initialized in
`check_server_cred()`

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1f8ec39c378150627415178f8c96f30690a1cccc">1f8ec39c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-06T14:36:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT: reduce code duplication

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4e1a794f888a16d6685fff75e3eebec84ce26179">4e1a794f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-06T14:36:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT: SUDO: force check of server credentials

as a general hardening

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/32b67e67c72afadc0327daf0bb67155613f226fe">32b67e67</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-06T14:36:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT: move sudo/autofs/ssh related code

out of common module

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8d0a88eee392bf225df3a6a4fb38f5c857d4d850">8d0a88ee</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-06T14:36:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SUDO: refuse to serve clients running under non-root

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ff2a7118ecad74c2ba54f72c425f4f669b1be3fb">ff2a7118</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-06T14:36:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SUDO: make 'sssd_sudo' socket sssd:sssd owned

The only intended client of 'sssd_sudo' is 'sudo' that is suid
binary and thus still can access socket.
But if for whatever reason it's undesirable to make 'sudo' use
its CAP_DAC_OVERRIDE capability then socket mode can be changed
to rw-rw-rw -- previous patch will restrict access to the socket
for root only.

The reason for this change is to avoid the need for CAP_CHOWN for
SSSD itself.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4a01583f09a2fd0e49de3a00ccdd664cbbac8fa0">4a01583f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-06T14:36:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>PAM: no need for root:root owned socket

since 1451c6e034d20cd1d8947d53bd2da3aa75527ba8

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4d6551e8b1359d83ae1548812b79fb9789bb35a7">4d6551e8</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-06T14:36:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESPONDER: remove support for custom pipe_fd

from `sss_process_init()` as it's not used anymore

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8f58e22ac56efaefc53a004f1e2ca2f039c8c5d6">8f58e22a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-06T14:36:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SUDO: don't overwrite major error code with minor one

The latter can be zero (example: socket closed during
`sss_cli_recv_rep()`)

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ad70f159f08c04a0e6cc38b444a55dc5cbe49efa">ad70f159</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-06T14:36:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT: fixed a mistype in `check_socket_cred()`

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8ff7fdc127dafb8d4d98231e0f7d43af89f8595b">8ff7fdc1</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2023-12-06T17:55:08+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sssctl: do not require root for user-checks

There is no requirement for root to run the test and if the user does
not has the needed privileges to access the related services this is
good as a test result as well. Additionally at least pam_chauthtok()
behaves differently when being called as root compared to an ordinary
user.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/38db355aa1b0b8f370e8eba2001bbdf58a9d7d77">38db355a</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-12-06T17:56:00+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add a test for kcm log rotation SSSD-5687

Ticket: https://issues.redhat.com/browse/SSSD-5687

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a5f636bb4c90dc6077ebe0bbc50ae166d39ecf24">a5f636bb</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-12-06T17:56:32+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: alltests/test_autoprivategroup.py converted to system/test_auto_private_groups.py

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/736430aa0ed0f9c9e36315ea97de65908c29f590">736430aa</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-12-06T18:50:04+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: use sysusers directly from sssd tarball

* sssd.sysusers does not have to be created by autoconf
* it is already present in the tarball so it does not have to be
  added as another rpm source

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/76d3b5a45bff7a473613504414e8f913f2929800">76d3b5a4</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-12-06T18:50:20+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad: do not print backtrace if SSSD domain name is not the same as DNS name

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3e976dc6a7a5785d5ea657dd050709eb04889748">3e976dc6</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-12-06T18:50:20+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad: do not print backtrace if SOM is missing in GPO

This is expected on empty GPOs and we just skip the element.
Therefore we should not print backtrace.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0f9611cdc6c0bef30d1762f9665a973c31b59fd3">0f9611cd</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-12-07T16:15:41+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adapt to new firewall API

The firewall API was redesigned in order to make it more flexible and
start supporting outbound rules as well. Blocking all communication
to given host using an outbound rules is less prone to errors since
it does not depend on specific ports.

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/60fdacfd88247ca4cd7f69e77c51749285c3e89b">60fdacfd</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-12-07T16:22:26+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>passkey: Add krb5 preauthentication prompt support

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/271bb6c7a8c07e05e0cb51efb81c83bbc074fe31">271bb6c7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-08T12:12:28+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT: fix covscan complain

that `sss_cli_sd_get()` can return negative value
but `check_server_cred()` can't handle it.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/39cd0baa06742b349ed763aa40ea4de366e80f1a">39cd0baa</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-08T12:14:11+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>DP: reduce log level in case a responder asks for unknown domain

Since 9358a74d3a56c738890353aaf6bc956bfe72df99 a domain might be
skipped by 'ad_enabled_domains' option

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c2360811d5a65e0438eb4a26e4f7e8148e631a8a">c2360811</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-12-08T13:22:33+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: alltests/test_ldap_extra_attrs.py converted to system/tests/test_schema.py

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5bbc14658b54b083aa0da485073cde47b40c3396">5bbc1465</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-11T18:25:51+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: don't run sssd-2.10+ on 'centos-8'

as it lacks required glibc functionality

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1980e2c415666650cdb57b73055603bfd4549474">1980e2c4</a></strong>
<div>
<span> by Stanisław Pitucha </span> <i> at 2023-12-11T18:26:35+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LDAP: Allow ignoring the ppolicy extension

Introduce `ldap_use_ppolicy` and allow disabling it to interact with
providers that send broken ppolicy responses.
This fixes interaction with the Okta LDAP gateway.

Resolves: https://github.com/SSSD/sssd/issues/6666

:config: Add a ldap_use_ppolicy option for backends with broken ppolicy
  extension handling.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/97c05c4e3cf5f6af6bf080ceb70bff772db556db">97c05c4e</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-12T11:34:00+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LOGS: added missing new line

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6ed1eff44f8cad2e1c1d07cd4d3731b3d143dd9b">6ed1eff4</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-12-12T11:36:09+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>passkey: Skip processing non-passkey mapping data

In the AD case, the user altSecurityIdentities attribute can
store passkey, smartcard, or ssh public key mapping data. Check
to ensure we are handling passkey data before continuing in
PAM passkey processing.

:relnote: Fixes a crash when PAM passkey processing incorrectly
handles non-passkey data.

Resolves: https://github.com/SSSD/sssd/issues/7061

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ff8f248b0a773d3d6ef1091543fa8c4342ddd410">ff8f248b</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-12-12T15:37:09+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix tokengroups tests.

Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/df1b74546f95ab4adb4c69a5d3e23daba1d961b3">df1b7454</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-12-15T07:49:43+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Retry realm join as it is flaky on multiarch setups

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a5270f898c6d22141033b9d9e735c09d65a0a83f">a5270f89</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-12-15T14:58:40+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Change path to keytabs to reflect whole domain in them

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5fb0a9ddcacd85525a1a96e0611198e239f8f895">5fb0a9dd</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-12-20T06:53:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add importance and ticket to multihost

Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b66035f3d60eea4289206d0b30c3058d18149cb4">b66035f3</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2023-12-20T13:17:32+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Revert change of retun type of realm_join

I looks like realm join return value was parsed in one place so I
am reverting the mishap change of the return type.

Reviewed-by: Anuj Borah <aborah@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9abcaf90580346ee15ea9f08ec40ce0f5a805cd4">9abcaf90</a></strong>
<div>
<span> by Andre Boscatto </span> <i> at 2023-12-20T16:50:42+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: fix wrong product name

Resolves: https://github.com/SSSD/sssd/issues/7094

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1d33bde42aa747e18c4ab8f202ec1053fd9ab6a0">1d33bde4</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-12-20T16:52:02+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Passkey: Fix coverity memory overrun error

Fix for:

  CID 336599:  Memory - corruptions  (OVERRUN)
  Overrunning dynamic array "result_creds" by passing it to a
  function that accesses it at byte "creds_len".

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a134074c2ecea50d6ccee80e969b436887c5ef68">a134074c</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-12-20T16:52:02+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Passkey: Fix coverity RESOURCE_LEAK

Fix for:

  CID 470374:  Resource leaks  (RESOURCE_LEAK)
  Variable "prompt_reply" going out of scope leaks the storage
  it points to.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/22d35690b6379a59b1bdfc5c20812b792e76af02">22d35690</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2023-12-20T16:52:02+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Passkey: Fix valgrind error and missing free

==367086== Conditional jump or move depends on uninitialised value(s)
==367086==    at 0x12BF1A31: string_get (load.c:894)
==367086==    by 0x12BF291D: stream_get.part.0 (load.c:158)
==367086==    by 0x12BF3182: UnknownInlinedFun (load.c:154)
==367086==    by 0x12BF3182: UnknownInlinedFun (load.c:227)
==367086==    by 0x12BF3182: lex_scan.isra.0 (load.c:573)
==367086==    by 0x12BF7F6A: parse_json (load.c:868)
==367086==    by 0x12BF80C8: json_loads (load.c:920)
==367086==    by 0x12BDDFD9: sss_passkey_message_from_reply_json (passkey_utils.c:544)
==367086==    by 0x12BDCA76: sss_passkeycl_process (passkey_clpreauth.c:321)
==367086==    by 0x4906215: UnknownInlinedFun (preauth2.c:352)
==367086==    by 0x4906215: UnknownInlinedFun (preauth2.c:679)
==367086==    by 0x4906215: k5_preauth (preauth2.c:1018)
==367086==    by 0x48F9489: UnknownInlinedFun (get_in_tkt.c:1351)
==367086==    by 0x48F9489: UnknownInlinedFun (get_in_tkt.c:1912)
==367086==    by 0x48F9489: krb5_init_creds_step (get_in_tkt.c:1868)
==367086==    by 0x48FA43A: k5_init_creds_get (get_in_tkt.c:564)
==367086==    by 0x48FB3EB: k5_get_init_creds (get_in_tkt.c:1978)
==367086==    by 0x48FB817: krb5_get_init_creds_password (gic_pwd.c:210)

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c4e80942fe071781ecda1b2ff24ab75af57af1a8">c4e80942</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-20T19:24:29+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEM TESTS: run core set of tests against SSSD

running in two modes: under 'root' and under 'sssd' user
(where supported)

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/958a5e25c447dc502e8f8fbecf3253e62f92b0b2">958a5e25</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-21T13:51:23+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSS_CLIENT: MC: in case mem-cache file validation fails,

don't return anything but EINVAL, because `_nss_sss_*()` functions
can have a special handling for other error codes (for ERANGE in
particular).

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0344c41aca0d6fcaa33e081ed77297607e48ced4">0344c41a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-21T13:51:23+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSS_CLIENT: check if mem-cache fd was hijacked

Real life example would be:
https://github.com/TigerVNC/tigervnc/blob/effd854bfd19654fa67ff3d39514a91a246b8ae6/unix/xserver/hw/vnc/xvnc.c#L369
 - TigerVNC unconditionally overwrites fd=3

Resolves: https://github.com/SSSD/sssd/issues/6986

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2bcfb7f9238c27025e99e6445e9ba799e0bde7b8">2bcfb7f9</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-21T13:51:23+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSS_CLIENT: check if reponder socket was hijacked

Real life example would be:
https://github.com/TigerVNC/tigervnc/blob/effd854bfd19654fa67ff3d39514a91a246b8ae6/unix/xserver/hw/vnc/xvnc.c#L369
 - TigerVNC unconditionally overwrites fd=3

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2e75d735e963dc1f5399648a804c9ccc89721261">2e75d735</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-12-21T13:51:49+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>scripts: sign tarball with sssd project key

... also switch to gpg2.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c7a6e62d1a8f0c3a9424ad01555b24c0f67b4251">c7a6e62d</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2023-12-21T13:51:49+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>scripts: create checksum file for release tarball

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f6f83c480118c86435ddd7c7d84eb0c516a22dcf">f6f83c48</a></strong>
<div>
<span> by Mathias Olsson </span> <i> at 2023-12-21T16:15:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>check for protected authentication path

Resolves: https://github.com/SSSD/sssd/issues/7011

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d6940c6f9ee1c137646bab988796b6a2a34acbb3">d6940c6f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2023-12-21T16:15:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>P11_CHILD: reduce code duplication

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ae2420afb284e1908412bef7ede2de5ed05a8f68">ae2420af</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-12-22T10:59:57+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: fix flake8 issues

Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cbae6855320b53f3f2bdc0e11c5a9c8eb84daf87">cbae6855</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2023-12-27T10:29:20+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: Fix a memory "leak"

When an operation is processed, a buffer is allocated for the reply
and its parent is the client context (struct cli_ctx). This buffer
is not explicitly freed but it is released when the client context is
freed. With each operation a new buffer is allocated and the
previous one gets "lost."

This is not an actual leak because the lost buffers are released by
talloc once the client context is freed, when the connection is closed.
But on long-lived connections this can consume a large amount of memory
before the connection is closed.

To solve this, the request context (struct kcm_req_ctx) is the new
parent of the buffer. The request is freed as soon as the operation is
completed and no buffer gets lost.

Resolves: https://github.com/SSSD/sssd/issues/7072

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/543eda1953652494c594ce1f4bf1ed0ca6ac1b42">543eda19</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2023-12-27T10:31:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: multihost/test_sssctl_analyzer.py converted to system/test_sssctl_analyze.py

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9d6caaed3a804978186338c896ce120aa258fffd">9d6caaed</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-01-05T14:27:26+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add a plugin for a per-test logging

Add a pytest plugin to remove / duplicate test log from console
and put it into a stand-alone per-test log files.

Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d3a2bd0870e2267ebaaf32dab03ab5707be6483c">d3a2bd08</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2024-01-05T14:43:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: alltests/test_config_validation converted

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ea7de588dcf1272dd7284925333b08829adae806">ea7de588</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2024-01-05T14:47:42+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: alltests/test_offline.py converted

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/54395cbe37afee0f2b6cb1561f8fd0836e662372">54395cbe</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-01-07T13:13:52+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: sss_iobuf_get_*() functions must take a const struct

The structure is not modified so it is logical to receive a
`const struct sss_iobuf`.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4c159b019c7940dba0dbbd2a7ab12343e963e9e5">4c159b01</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-01-07T13:13:52+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: Make the AS_STR() macro available in common.h

The macro was defined in a .c module and thus unavailable to
be used on any other modules.

It was moved to common.h so that it can be used in other tests.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/747c85f82dfd1fec81fe03bf454cafc6ff284d09">747c85f8</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-01-07T13:13:52+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: Securely erase memory used for secrets

Make sure all the memory blocks allocated dynamically or statically by
KCM to store credentials and messages (which might include credentials)
are erased by calling sss_erase_mem_securely() or
sss_erase_talloc_mem_securely() before being freed.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/173f31148c1d3d0493ad620521414ab076d0623c">173f3114</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-01-08T12:12:42+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add passkey test cases for following scenario

Test cases are as follows:
7.  Check offline authentication of a user with LDAP, IPA, AD and Samba
8.  Fetch user from cache for LDAP, IPA, AD and Samba server
9.  Check authentication of user when multiple keys added for same user with
    LDAP, IPA, AD and Samba server.
10. Check authentication of user when same key added for multiple user with
    LDAP, IPA, AD and Samba server.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/830a2e3d6abf337448f60541da66260d381fbe32">830a2e3d</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2024-01-08T14:20:23+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Handle child-domain group membership

In AD, a user from a domain can be a member of a group that is
from a child of the domain.

The old code did not account for this and created a cache object
with incorrect DNs when ldap_use_tokengoups is set to False.

This patch looks up the correct domain before saving
group and membership attributes.

Resolves: https://github.com/SSSD/sssd/issues/7084

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4cdb41751c95cd88b8398fe4f86e025c4c507970">4cdb4175</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-01-09T17:10:20+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>DEBUG: added missing new line

Reviewed-by: Andre Boscatto <aboscatt@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9b73614c49aeb3cfc3208dba5f472354086180b5">9b73614c</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-01-09T17:13:45+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LDAP: make groups_by_user_send/recv public

Resolves: https://github.com/SSSD/sssd/issues/5708

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c02e09afe9610d872121708893db8a21fb201b12">c02e09af</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-01-09T17:13:45+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad: gpo evalute host groups

With this patch the group-memberships of the client running SSSD are
included in the evaluation of the security filtering. Similar as in AD
the host object is more or less handled as a user object which allows
to skip some code dedicated to computers only.

Resolves: https://github.com/SSSD/sssd/issues/5708

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ff23e7e2879f94a907d05b615dbdb547aaa2e542">ff23e7e2</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-01-09T17:13:45+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sysdb: remove sysdb_computer.[ch]

The related calls are not needed anymore.

Resolves: https://github.com/SSSD/sssd/issues/5708

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5f63d9bfc71b271844db1ee122172630be1afed0">5f63d9bf</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-01-09T17:13:45+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sdap: add set_non_posix parameter

This patch adds a new parameter set_non_posix to the user and group
lookup calls. Currently the domain type is used to determine if the
search should be restricted to POSIX objects or not. The new option
allows to drop this restriction explicitly to look up non-POSIX objects.

Resolves: https://github.com/SSSD/sssd/issues/5708

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ecb0c6370dbab8fdcb3cdfa3495a38319c8e5266">ecb0c637</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2024-01-10T09:38:06+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>GPO evaluation of primary group

When we are evaluating GPO the SID of user's primary
group is not returned in the list. This patch converts
the value of origPrimaryGroupGidNumber attribute back to
SID and that SID is added to the list of SIDs before
evaluating the GPO rules.

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/90eca38eca804b89bf76fec443f9a2f2ac420695">90eca38e</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-01-12T07:07:05+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: updating poor assertion in dyndns

Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/23087669ef9826fbba9e3e6b379f2b0bb86c9820">23087669</a></strong>
<div>
<span> by aborah </span> <i> at 2024-01-12T12:07:48+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix ipa test for gating.

Error: remote username contains invalid characters

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9d1fccb5e9c83a734d2fd0b4d50e19684bb94ae3">9d1fccb5</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-01-12T13:36:21+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adding background refresh tests to the new framework

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2b222dd30f442d98bd1d9b308bdb60bf37a0b319">2b222dd3</a></strong>
<div>
<span> by shridhargadekar </span> <i> at 2024-01-16T08:20:20+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: Dropping the assertion of ssh from analyzer list

minor edit

Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/684d18b4b6803e2e397d2c72f45cb860ef9c89bc">684d18b4</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-01-16T10:07:19+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add single retry for realm leave

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3922f4d79b2b3ab0c77ec89989dece896df67274">3922f4d7</a></strong>
<div>
<span> by dependabot[bot] </span> <i> at 2024-01-16T13:21:29+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build(deps): bump actions/download-artifact from 3 to 4

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v3...v4)

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f5f5d83f78544785fbd11d39133ceedcb9f59f5d">f5f5d83f</a></strong>
<div>
<span> by dependabot[bot] </span> <i> at 2024-01-16T13:21:57+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build(deps): bump github/codeql-action from 2 to 3

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/35ef26b627c8ec8737689ab4044fb6b2836e460f">35ef26b6</a></strong>
<div>
<span> by dependabot[bot] </span> <i> at 2024-01-16T13:22:26+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build(deps): bump actions/upload-artifact from 3 to 4

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/44ec3e4638b0c6f7f45a3390a28c2e8745d52bc3">44ec3e46</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-01-19T16:35:48+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam: fix SC auth with multiple certs and missing login name

While introducing the local_auth_policy option a quite specific use-case
was not covered correctly. If there are multiple matching certificates
on the Smartcard, 'local_auth_policy = only' is set and GDM's Smartcard
mode was used for login, i.e. there is no user name given and the user
has to be derived from the certificate used for login, authentication
failed. The main reason for the failure is that in this case the
Smartcard interaction and the user mapping has to be done first to
determine the user before local_auth_policy is evaluated. As a result
when checking if the authentication can be finished the request was in
an unexpected state because the indicator for local Smartcard
authentication was not enabled.

Resolves: https://github.com/SSSD/sssd/issues/7109

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0c1d11bcbcbcf9a9d0f49e150815c4326781f99d">0c1d11bc</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-01-19T16:36:15+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SERVER: `setpgid()`:

 - don't set process group if FLAGS_DAEMON is set
( `become_daemon()` will later `setsid()` in this case anyway)
 - don't set process group if it already matches process pid

This helps to avoid:
```
[server_setup] (0x0080): Failed setting process group: Operation not permitted[1]. We might leak processes in case of failure
```
that currently happens for 'monitor', 'sssd_kcm' (and probably
for other socket activated services).

Take a note that message is logged before log level is set
in the current code, so isn't visible without backtrace dump.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dceb7df5989388d97ebe42c1c36b8d4fda2d2c68">dceb7df5</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2024-01-19T16:36:32+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>install udev rules to access security tokens by sssd-passkey

When SSSD runs unprivileged, passkey_child needs to be able to read and
write a hardware FIDO2 token. Add a udev rule that allows SSSD user
to do so in case SSSD runs under non-privileged account.

Both GROUP and OWNER variables in udev rules are singular and cannot be
used to extend permissions, thus use `setfacl` external utility to add
POSIX ACL for the SSSD user access.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/522b98c9b07a97e81bf37e50e41a8a6fc26c0695">522b98c9</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-01-19T16:36:48+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT:NSS: never resolve initgroups for 'sssd' user

if built with non-root user support

This is an addition to 8c8702803263d6dbf2c39f5bca8fb33036806f35
It allows to avoid systemd hang while starting socket activated
'sssd_nss' under 'sssd' user.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/059b58f763618ba4014def45abde86c8c273f9df">059b58f7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-01-19T16:36:48+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SERVICES: allow to run socket activated sssd_nss under SSSD_USER

Since 'libnss_sss.so' doesn't resolve SSSD_USER anymore, it should
be safe to use it as "User=" (no NSS loop).

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7076c5bb2a8a8346a1094993179085a098bf67b6">7076c5bb</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-01-23T14:15:03+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5_child: fix order of calloc arguments

```
/shared/workspace/sssd/src/providers/krb5/krb5_child.c: In function _create_empty_cred_:
/shared/workspace/sssd/src/providers/krb5/krb5_child.c:1317:26: error: _calloc_ sizes specified with _sizeof_ in the earlier argument and not in the later argument [-Werror=calloc-transposed-args]
 1317 |     cred = calloc(sizeof(krb5_creds), 1);
      |                          ^~~~~~~~~~
/shared/workspace/sssd/src/providers/krb5/krb5_child.c:1317:26: note: earlier argument should specify number of elements, later size of each element
```

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b3124173d8b33b3cea275f1cc08e1a202d7ba72c">b3124173</a></strong>
<div>
<span> by Andre Boscatto </span> <i> at 2024-01-23T14:16:09+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: improving documentation about username and email

Resolves: https://github.com/SSSD/sssd/issues/7136

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2fa6ec2cc6f33db28397859b1d901c41be3194fe">2fa6ec2c</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-01-24T11:33:58+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Set ciphers for kerberos

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ef581c971e04c7e7698a2f402ba7b961ccee9892">ef581c97</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-01-24T12:59:16+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add pytest.ini with marker converted to basic suite

Fix "PytestUnknownMarkWarning: Unknown pytest.mark.converted - is this a typo?"

Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/998503210b2644dda35091ce87531d3ee31a94b4">99850321</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-01-24T13:44:10+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix OsError in test_kcm_debug_level_set

Resolve "OSError: File '/var/log/sssd/sssd_kcm.log' could not be read"
ba catching and handling this exception as well.

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a7851156e3d8d780da7b6d30015aef9e78c7d7e8">a7851156</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-01-29T20:38:59+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>PROXY: strip SUID bit off 'proxy_child'

'proxy' provider can be used to load arbitrary modules that might
(or might not) require specific capabilities.

Granting all capabilities unconditionally feels unjustified. One of
the widely used options is proxy around 'libnss_files' that doesn't
require any capabilities. Let administrator to set file capability
manually if required in esoteric use cases.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b4b72aacc2af5fa08b03db6e8c72ec00b8dcd07d">b4b72aac</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-01-29T20:43:00+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LDAP: move `select_principal_from_keytab()` to 'ldap_child'

Keytab access requires privileges on most systems and 'sssd_be' should
be able to run unprivileged.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/28068cdb84cb1e49bbf871a96614a1a1ddad76cf">28068cdb</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-01-29T20:43:00+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: remove MONITOR_DEF_FORCE_TIME

Cleanup after fa93cd0f0fc75a6d635079e67788f8a9fe183c3c and
5b0735876aa66464b24cb7736a74fafd8ec82128

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dd7aaaf2fb41f283b20c3a1a86990367f6141360">dd7aaaf2</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-01-29T20:43:00+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: switch user to configured before exec(service)

--uid / --gid args won't be used going forward.

This patch also removes all `chown_debug_file()`: running
user change should be exceptionally rare event. There is no
reason to strive to handle such change in "regular" runtime
code. And eventually SSSD service should be started without
CAP_CHOWN anyway.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ec77ec4e8b2f7ce80848f8840d7b9fa8403e297a">ec77ec4e</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-01-30T14:23:52+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: clean up mem-cache files on uninstall

instead of tracking those files as a part of a package.

This will allow to get rid of `fchown()` in responder/nss/nsssrv_mmap_cache.c

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6dba6c4b48dd5441f690e67c4dc631eb1d13b421">6dba6c4b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-01-30T17:50:18+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: proper error check of failed `prctl()`

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1358f417ab26b4a825e99cc8e5566d21d3f37ccf">1358f417</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-01-30T18:04:19+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: Add sssd testlib to pythonpath for prci multihost

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1bacf49850c482de44269db86d25d3b0161e69a7">1bacf498</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-01-30T18:54:00+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Python black formatting fixes

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c11734eb6c11f1aa0391390a012d1d68aeb4b911">c11734eb</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-01-30T19:01:06+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fleet commander: store deskprofiles under user running SSSD

Integrated feature was never oficially released, but the latest
development status was:
```
org.freedesktop.FleetCommanderClient is run as root
```
and can read profiles doesn't matter files ownership
( https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org/message/IG3MIET5MILWJZRS3JQWMTVOPGNY6XWI/ )

Actual status is that 'FleetCommanderClient' isn't really maintained.

Storing profiles under user that runs SSSD doesn't break anything
but removes the need for CAP_SET_?ID and CAP_CHOWN (in this code).

Resolves: https://github.com/SSSD/sssd/issues/4659

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1bf51929a48b84d62ac54f2a42f17e7fbffe1612">1bf51929</a></strong>
<div>
<span> by Günther Deschner </span> <i> at 2024-02-01T19:36:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix the build with Samba 4.20

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2ef0f838e189c4dfe666a3b1c61692e8e2c35e45">2ef0f838</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-02-09T15:10:21+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IFP: don't trigger backtrace in case of ACL check fail

Avoid
```
   *  (2024-02-03 17:39:37): [ifp] [ifp_access_check] (0x0080): User 1000 not in ACL
   *  (2024-02-03 17:39:37): [ifp] [sbus_check_access] (0x0400): org.freedesktop.sssd.infopipe.Users.FindByName: permission denied for sender :1.290 with uid 1000
   *  (2024-02-03 17:39:37): [ifp] [sbus_issue_request_done] (0x0040): org.freedesktop.sssd.infopipe.Users.FindByName: Error [13]: Permission denied
```

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/29a77c6e79020d7e8cb474b4d3b394d390eba196">29a77c6e</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-02-09T15:10:54+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sdap: add search_bases option to groups_by_user_send()

AD handles users and computer objects very similar and so does SSSD's
GPO code when lookup up the host's group-memberships. But users and
computers might be stored in different sub-tree of the AD LDAP tree and
if a dedicated user search base is given with the ldap_user_search_base
option in sssd.conf the host object might be in a different sub-tree. To
make sure the host can still be found this patch uses the base DN of
the LDAP tree when searching for hosts in the GPO code.

Resolves: https://github.com/SSSD/sssd/issues/5708

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a153f13f296401247a862df2b99048bb1bbb8e2e">a153f13f</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-02-09T15:10:54+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sdap: add naming_context as new member of struct sdap_domain

The naming_context could be a more reliable source than basedn for the
actual base DN because basedn is set very early from the domain name
given in sssd.conf. Although it is recommended to use the fully
qualified DNS domain name here it is not required. As a result basedn
might not reflect the actual based DN of the LDAP server. Also pure LDAP
server (i.e. not AD or FreeIPA) might use different schemes to set the
base DN which will not be based on the DNS domain of the LDAP server.

Resolves: https://github.com/SSSD/sssd/issues/5708

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/945cebcf72ef53ea0368f19c09e710f7fff11b51">945cebcf</a></strong>
<div>
<span> by Andre Boscatto </span> <i> at 2024-02-09T19:10:43+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sssd: adding mail as case insensitive

Resolves: https://github.com/SSSD/sssd/issues/7173

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/32b72c7c3303edb2bf55ae9a22e8db7855f3d7d1">32b72c7c</a></strong>
<div>
<span> by Sebastian Andrzej Siewior </span> <i> at 2024-02-12T09:40:11+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Drop -extensions from openssl command if there is no -x509

The 'openssl req' ignores the '-extensions' option without '-x509'.
OpenSSL versions prior 3.2 simply ignored it. Starting with version 3.2
an error is generated:

| /usr/bin/openssl req -batch -config
| ../../../../../src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA.config
| -new -nodes -key
| …/build/../src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_key.pem
-sha256 -extensions v3_ca -out SSSD_test_intermediate_CA_req.pem
| Error adding request extensions from section v3_ca
| 003163BAB27F0000:error:11000079:X509 V3 routines:v2i_AUTHORITY_KEYID:no issuer certificate:../crypto/x509/v3_akid.c:156:
| 003163BAB27F0000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:../crypto/x509/v3_conf.c:48:section=v3_ca, name=authorityKeyIdentifier, value=keyid:always,issuer:always
|

Remove the '-extensions' option.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/859f581182e57c665abce23faf542b6941772b20">859f5811</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-02-12T15:02:38+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: multihost: chown sssd.conf to service user

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/895b462d73a60e9021d761ef6bfd2f6492c2a152">895b462d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-02-13T08:56:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: multihost: make get_property() with older 'systemctl'

On centos-8 systemctl doesn't support '-P'
'--value --property' should work with both older and modern versions.

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2176b7d84aee0be58d018862cfa08c00cd6a1aac">2176b7d8</a></strong>
<div>
<span> by shridhargadekar </span> <i> at 2024-02-13T13:07:56+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: sssctl_analyze diff location

Corrected the log assertions for 'id' command
passed to the sssctl analyze <>

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b439847bc88ad7b89f0596af822c0ffbf2a579df">b439847b</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-02-14T11:30:34+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sss-client: handle key value in destructor

When the pthread key destructor is called the key value is already set
to NULL by the caller. As a result the data stored in the value can only
be accessed by the first argument passed to the destructor and not by
pthread_getspecific() as the previous code did.

Resolves: https://github.com/SSSD/sssd/issues/7189

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4027930598457940e750ec08a27c44bb718e279b">40279305</a></strong>
<div>
<span> by Tomasz Kłoczko </span> <i> at 2024-02-14T11:31:04+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Bump DocBook DTD version to latest stable 4.5

Signed-off-by: Tomasz Kłoczko <kloczek@github.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8fd2df7329efb72373c3a9bc06a0320b48e707a3">8fd2df73</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-02-14T11:36:35+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add method to detet the files provider

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3caac5f7b0d1e21f9ae578f1da5324dc272aa441">3caac5f7</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-02-16T13:21:52+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Tweak per-test log to de-duplicate output

Deduplicate output between phases so it is not repeated.
(Previous phase output was repeated in the log.)
Fix isseu with "/" in test name.

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/43e3cf1e0ce03aa66cec710e87a91d09c06eb4ee">43e3cf1e</a></strong>
<div>
<span> by shridhargadekar </span> <i> at 2024-02-21T13:40:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: files_provider replaced with proxy

fixing sssd.conf domain-section update action

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e235afee2d5948b268d958374114b60293b101fd">e235afee</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2024-02-21T13:43:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: multihost/basic/test_kcm converted

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e3af77c734242b00ee69e43f0ed6a62ee29bd02e">e3af77c7</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-02-21T14:31:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Per-test logging: Fix exception on missing call phase.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9506b7b30e6a39820503f6b778976e64d5e5871c">9506b7b3</a></strong>
<div>
<span> by lisa </span> <i> at 2024-02-21T14:33:43+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Convert multihost/ad/test_idmap to test_identity

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/90e46836dd3a80c92b4ba7dc96fe602d333c644b">90e46836</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-02-21T14:36:58+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: tier1/test_service: Remove files provider

Tier1: for test_0002_1736796:

Replacing the files provider to proxy provider,
as here we are adding the local user and giving
sudo permission to user to switch to root without password.
Here, we are checking the authentication and also
checking the sudo access for local user.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c6c333def69279c17e554ddcfce66eecc4a1fe70">c6c333de</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-02-22T16:30:43+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: additional debug if `mkstemp()` fails

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/409f175f0b38e46991419c67c0aac59284c67cee">409f175f</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-02-22T16:32:05+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: lower log level in sss_krb5_get_init_creds_password()

sss_krb5_get_init_creds_password() is called only with AD to be able to
get more specific error details and does the basic steps also done by
krb5_get_init_creds_password() from libkrb5. In contrast to the libkrb5
function it will return debug output. Unfortunately the log level
is quite low, i.e. messages are shown with the default debug level, and
the messages are send to syslog, too. This can get annoying during
SSSD's pre-auth step to determine the available authentication types
since here, no credentials are provided and errors are somewhat expected
but will be ignored by the callers.

This patch increases the log level during SSSD's pre-auth and only sends
messages with the two lowest log levels to syslog.

Resolves: https://github.com/SSSD/sssd/issues/7197

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4f38fd10c85e16dbca3887347499823143a29316">4f38fd10</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-02-22T16:32:05+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: increase log level in map_krb5_error()

The purpose of map_krb5_error() is to translate error codes.
Additionally it will log the errors in case the caller has forgotten to
do it. While this in general make sense the log level was set to the
second lowest and the message was send to the system's log as well. This
is a bit too strong and might give a wrong impression about the nature
and importance of the log message. This patch increases the log level
which avoids sending to the syslog as well.

Resolves: https://github.com/SSSD/sssd/issues/7197

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e9253e0a7008e4146178be4b4914bb1175318424">e9253e0a</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-02-23T23:24:02+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: fix isort, black and mypy errors

Introduced by https://github.com/SSSD/sssd/pull/7172.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/953c6bee49123625e08e9ec35375d4f539a878da">953c6bee</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-02-26T11:37:20+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSH: Support ssh's KnownHostsCommand

This option is supported by delivering the tool sss_ssh_knownhosts.
This new tool displays the host public keys on STDOUT in the
knownhosts file format.

The corresponding man page was added and sss_ssh_knownhostsproxy's
man page displays a message stating that it is deprecated and
suggests using the new tool.

Resolves: https://github.com/SSSD/sssd/issues/5518

:relnote: sss_ssh_knownhostsproxy is deprecated. Consider using
the more reliable sss_ssh_knownhosts instead.

:feature: The new tool sss_ssh_knownhosts can be used with ssh's
KnownHostsCommand configuration option to retrieve the host's
public keys from a remote server (FreeIPA, LDAP, etc.). This new
tool, which is more reliable, replaces sss_ssh_knownhostsproxy.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9eea993b76e955695be0616166c0e2590b488d0c">9eea993b</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-02-26T11:37:20+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: add tests for sss_ssh_knownhosts

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/11a77e8b887691c4f6fad30b4512ba79bd668ba9">11a77e8b</a></strong>
<div>
<span> by Denis Zlobin </span> <i> at 2024-02-26T11:49:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sbus: Fix codegen template for async client

Double semicolon is generated, thus test src/tests/double_semicolon_test
fails for async client source code.

For example, we can generate code for IFP async client.
To do this, add new async interface to src/responder/ifp/ifp_iface/ifp_iface.xml file:

    <interface name="org.freedesktop.sssd.infopipe.Tests.Test">
        <annotation name="codegen.Test" value="ifp_test" />
        <annotation name="codegen.AsyncCaller" value="true" />
        <property name="name" type="s" access="read" />
    </interface>

Then make check tests. Test fails with an error:
```
Double semicolon found:
../src/responder/ifp/ifp_iface/sbus_ifp_client_async.c:132:    *_value = talloc_steal(mem_ctx, state->out->arg0);;
```

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/20175f4136c664777cefad03a6e62ed726191fea">20175f41</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-02-28T11:56:35+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add oddjob package to master for multihost/alltests

The package is not pulled automatically as part of deps/packageset
on fedora resulting in subprocess.CalledProcessError: Command
'systemctl restart oddjobd.service' returned non-zero exit status 5.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/759d261c16eb25970d235ef599e015740ffe53e1">759d261c</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-03-05T09:43:18+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Refactor AD tests from files provider to proxy one.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0a397c28ddf34da2f7dd6800a4e22bcbe80b646d">0a397c28</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-03-06T10:36:27+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix ipa/conftest.py for fedora.

The installation of shadow-utils fails on fedora as it tries to enable CRB repos.

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4729ec077be0c0c51f70f63a59a5fcb47fbd53d5">4729ec07</a></strong>
<div>
<span> by Thorsten Scherf </span> <i> at 2024-03-06T10:56:43+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSH: fix typo in sss_ssh_knownhosts man page

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b7da2450a856d25f8332ea0696520c2ddf7aed7f">b7da2450</a></strong>
<div>
<span> by Jakub Jelen </span> <i> at 2024-03-06T10:57:17+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>doc: Fix configuration option pam_p11_allowed_services type

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/459d0989e0bb5144c568abed6748718f450f05c5">459d0989</a></strong>
<div>
<span> by Jakub Jelen </span> <i> at 2024-03-06T10:57:57+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Allow smart card authentication in vlock

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c9a333c5215b9ee6080038881a249c329141d0cf">c9a333c5</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-03-06T10:59:03+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: Allow fallback between responder questions

Add support to try the next Preauth type when answering
krb5 questions. Fixes an issue when an IPA user has
both authtype passkey and authtype password set at
the same time.

Resolves: https://github.com/SSSD/sssd/issues/7152

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6c1272edf174eb4bdf236dc1ffd4287b71a43392">6c1272ed</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-03-06T10:59:03+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: Add fallback password change support

handle password changes for IPA users with multiple auth types set
(passkey, password)

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f860f10a5434b70b7506f5a931c251fd915d9452">f860f10a</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-03-06T11:00:10+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>PAM: Print PAM Data once on incoming requests

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a80e236b8319f1f0931717debcb093802ba5e2ae">a80e236b</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-03-06T11:00:40+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adding testcase for gh7174 email case insensitivity

Reviewed-by: Andre Boscatto <aboscatt@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0935ce945253a5888e5e2b0c5509b926786d7362">0935ce94</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-03-07T11:31:48+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix hostmap tests not to depend on user-nsswitch.conf

The user-nsswitch.conf was removed in F36+. Tests using it therefore
need fixing to use /etc/nssswitch.conf on Fedora instead.
Fixed indentation of install_nslcd.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/018de1c0d92e92dfe67189ad2c7c4b360ddb0a1b">018de1c0</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-03-12T10:00:10+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MAN: sss_ssh_knownhosts.1 must also be translated

Resolves: https://github.com/SSSD/sssd/issues/7232

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2bb00e25dc30f5dd6784cb3cd1a871fc4aa6c119">2bb00e25</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-03-12T10:00:35+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: Improvements to test_iobuf

The improvements were trigered by the test failing on certains
environments.

Normally, none of them is necessary, but without the first one the
test fails (under certains conditions) and the other two are more
of a "belt and suspenders" approach than anything else.

1) The memory buffer used to dump the heap to a file is cleaned
   systematically before reading data into it. Normally this is not
   needed because read data overwrites any prior data in the buffer,
   and then that same data is writen to disk. But this solved the
   problem. I cannot explain it.

2) When the file where the heap was dumped is mmapped for analysis,
   that memory is cleaned before unmmaping it, to make sure nothing
   remains in memory from the previous dump.

3) An extra dump is taken before doing anything with the memory.
   This is done to make sure that the strings we are looking for are
   not present in the heap before the test starts.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/43c5b944535c5ecd7065dbc8e790977aeef52d96">43c5b944</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-03-13T13:34:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: refactor sssd.conf backup and restore

SSSD configuration backup and restore code was duplicated in multiple
places moved in one place so we can easier change rights and owership
of the file.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/603399a43d7bd0b8b6de3b512388b08abb9521ed">603399a4</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-03-13T15:40:25+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam: fix invalid #if condition

ifdef should be used as anywhere else, otherwise we hit a build
error if sssd is being built without passkey.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/41cafd63e98e77f326d9bee256eae1b6be1333b0">41cafd63</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-03-13T15:44:32+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: fix isort issue

This issue was introduced in a80e236b8319f1f0931717debcb093802ba5e2ae.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3488b9e955057333a965b6d620144d7aaa2ec869">3488b9e9</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-03-15T13:03:42+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: use different home dir then /tmp for local user

If sssd startup fails for some reason, teardown would call userdel
which would try to delete /tmp.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5841348faad8937698bd697fb637ae5dfe9dc2b6">5841348f</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2024-03-15T13:04:11+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: fix default value for pam_passkey_auth

The default was changed to true in
c76ba343b783718468a3a108346d424f9a70eb76 ("PAM: Passkey kerberos preauth
support"), but the man page wasn't updated.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2e1c2f35427c02baf4f9cf521e29552c64dfb4ae">2e1c2f35</a></strong>
<div>
<span> by dependabot[bot] </span> <i> at 2024-03-15T13:04:40+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build(deps): bump DamianReeves/write-file-action from 1.2 to 1.3

Bumps [DamianReeves/write-file-action](https://github.com/damianreeves/write-file-action) from 1.2 to 1.3.
- [Release notes](https://github.com/damianreeves/write-file-action/releases)
- [Commits](https://github.com/damianreeves/write-file-action/compare/0a7fcbe1960c53fc08fe789fa4850d24885f4d84...6929a9a6d1807689191dcc8bbe62b54d70a32b42)

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c67e41d8dfe07ecf9aad9a91c68fcbc1d4196b34">c67e41d8</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-03-15T13:05:09+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSH: Make sss_ssh_knownhostsproxy build conditional

Because this tool will be removed, we start by building an alternative
version that just displays a warning.

To build the full working tool:
```
./configure --with-ssh-known-hosts-proxy
```

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e556bfd0d49d25301bf84efda72d27c6e0a5af68">e556bfd0</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-03-15T13:05:09+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: Fix the ssh configuration

Until ipa-client-install is fixed to recognize the new tool
/usr/bin/sss_ssh_knownhosts, ssh's configuration must be manually
fixed.

Once the fixed FreeIPA is included in the container, this workaround
can be removed.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fa503bcc56e661be4e7a922be85092e6528cda7f">fa503bcc</a></strong>
<div>
<span> by aborah </span> <i> at 2024-03-18T06:04:15+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Drop files provider from tests test_sssctl_local.py

1. Test id: 9315c119-8c69-4685-836d-0f71b5d0684c:  Does not work any more without files provider
2. Test id: b5ff4e8f-ce9f-4731-bbaa-bf2a8425dc15: Its purpose is currently unclear.
3. Test id: 8f2868d2-1ece-11ec-ac6d-845cf3eff344: shadow-utils' don't call 'sss_cache' starting F40/RHEL10

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/83f1ba7815d4229cc05685fbeff5fa97091e1db7">83f1ba78</a></strong>
<div>
<span> by aborah </span> <i> at 2024-03-18T06:04:44+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Drop files provider from tests test_sssctl_ldap.py

Review if any of "multihost tests" depend on "files provider".
Remove found dependencies.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/56280faad11f23ef631d79cd758849c9f119d34f">56280faa</a></strong>
<div>
<span> by aborah </span> <i> at 2024-03-18T06:05:03+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Drop files provider from tests test_multidomain.py

Review if any of "multihost tests" depend on "files provider" and remove those dependencies

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/40e5309a06e7adea81f9327a0989ee59ca9c4bcd">40e5309a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: remove useless trailing '\'

Most probably it was copy-paste from macro definition.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/40cea81b1f3ec98c2f1a71d5c0b5c69dd0797c80">40cea81b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: remove 'opt_netlinkoff' removal notice

It was given in 632fc5d8991d167eea20769c823163551c3f1d8c several years ago.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/419120f4a514ac7159a575c130b5feaa5a381d36">419120f4</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: replace fprintf() with ERROR()

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d79e0e74e45ae61cb94a26707af2a964ac06f263">d79e0e74</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MNITOR: cosmetics

Keep all checks of command line options together and slightly reorder
for a (hopefully) better readability.

Error exit codes updated to:
 - 1 - bad command line options or config
 - 2 - no mem
 - 5 - all kinds of other issues

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/102c30a57b27f5bad408412022821d5faa73771c">102c30a5</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: get rid of unsed FLAGS_GEN_CONF definition

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/47da0b6bcdadc40a13998d8c2a4660f771bd9cb7">47da0b6b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: make most folders group accessible

This will allow to avoid the need for CAP_DAC_OVERRIDE with single
addition of supplementary group.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/521f88ef87fa693f07ba48d99fdfb161891b9af6">521f88ef</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: make '%{pipepath}/private' sssd:sssd owned

Since db1a919ff5760119df3083f535e66d0e4470cad8 the only socket
in '/private' is an internal SBUS socket.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/52fa441b90c157d5b397a3e5e7a15aa73374d118">52fa441b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Make all SSSD processes a member of sssd supplementary group.

Previously it was done only for 'sssd_nss' to allow it to write to
sssd:sssd owned mem-cache file while running under 'root'.

Let's use this approach for all other files to avoid using
CAP_DAC_OVERRIDE in run time (in following patches).

Primarily rely on systemd to set group, but try to set it manually
if (required and) missing at runtime.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/60853c6fabecea628c8e411a310c24b8b2c1eb67">60853c6f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>NSS: don't `fchown()` mem-cache files

Since ec77ec4e8b2f7ce80848f8840d7b9fa8403e297a mem-cache files aren't
tracked as a part of a package anymore so there is no need to keep
SSSD_USER ownership of those files.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f4ad8c2abab79a4c9224e1813cbb35d982f608d7">f4ad8c2a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: add capabilities management helpers

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4a44cca401dbec16593b93b5c4333005cf6165f4">4a44cca4</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Get rid of `--genconf` and `--genconf-section` monitor options.

The only usage was 'sssd-kcm.service', but it was wrong since 'sssd_kcm'
should be usable without other SSSD packages being installed (see #6926)

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8d1b3ef7e3be6b90533ffd7b8d1167a490681364">8d1b3ef7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSS_INI: const correctness

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cff8e1f9914c3edb94f7e9eb7a89d8eba3a2fc06">cff8e1f9</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CONFDB: split confdb_setup() into 2 steps

It will be used by 'monitor' to first read 'sssd.conf' then
switch uid/gid before writing 'config.ldb'

This is required in case sssd.service::User and sssd.conf::user
do not match.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b1cbf5f59b33a819c9f64e11901ab633fc00a3fa">b1cbf5f5</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CONFDB: always delete old ldb-file

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/87b77a011d4d9cc95e70a328f18ee42329ce616c">87b77a01</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: no need to read domain list twice

It's already read in `get_monitor_config()`

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e306d93f9acc1769a889e7124967fbcb7bbd2a44">e306d93f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: remove unused mt_ctx::conf_path

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/34f7c2eac7def14ab7d700276c141366a0db15c6">34f7c2ea</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: move keyring setup code to a function

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fd23a94ffda6851138a74b4eaba150e353ee638b">fd23a94f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: move nscd check code to a function

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a05b025067b1168e7e4ba5f6e32bffb7cdf15619">a05b0250</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSS_INI: remove 'const' specifier from getter

`sss_ini_get_string_config_value()` is a wrapper around
`ini_get_string_config_value()`, whose docs says
```
Returned value needs to be freed after use.
```
But an attempt to free 'const char *' results in discarded-qualifiers
warning.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d7042fed2c0bbe74ceac8d4dab50ed75511d9c9e">d7042fed</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>DEBUG: a couple of message changes

Following changes were done:
 - perform_checks(): log actual owner
 - sss_confdb_create_ldif(): use SSSDBG_TRACE_LDB

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0d686b5d71848dce7757cadc4e67ad6b95b34355">0d686b5d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: remove the upgrade-cache command

552390afcc81af96ca201fa6c25ddefbbecbeb4e mentioned
```
might be useful e.g. in RPM %post scripts.
```
but it didn't happen.

SSSD performs cache upgrade at startup automatically, explicit
command doesn't have any use.

On the other hand, it can spoil cache files ownership if users used
to run 'sssctl' and SSSD do not match.

:relnote: sssct `cache-upgrade` command was removed. SSSD performs automatic
upgrade at startup when needed.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5bd52025ead1cb7321b4116012cc7f3661866e4d">5bd52025</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD: remove unused CAP_KILL

There are some known issues like #5536 but those have to be
solved differently. Having 'CAP_KILL' in sssd.service doesn't
help anyway (and currently isn't used anyhow).

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/304fe754119e333516c89839584839485b0ee5d4">304fe754</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD: responders do not need any capabilities

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1ea6965c9a1f045513ee39f8d9ef7b274551b800">1ea6965c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: startup logic was changed

Startup logic was changed as follows:
(1) read sssd.conf (should be readable by user that is used to start monitor)
(2) switch user to sssd.conf::user (if configured), drop all capabilities
(3) write config.ldb

This ensures all SSSD components can read config.ldb without capabilities
even if (deprecated) sssd.conf::user is used.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0e2ed444e6284c2bf6704dd3213044e36e9162bb">0e2ed444</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5_/LDAP_CHILD: print capabilities at startup

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2a59991bed2a77c2e4ee9cb6938e817c60629823">2a59991b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sssd.service: run under SSSD_USER by default

:relnote: *IMPORTANT note for downstream maintainers!*
This release features significant improvements of "running
with less privileges (under unprivileged service user)" feature.
There is still a ./configure option '--with-sssd-user=' available
that allows downstream package maintainers to choose if support of
non-root service user should be built.
In case such support is built, a preferred way to configure service
user is simply by starting SSSD under this user; for example, using
'User=/Group=' options of systemd sssd.service file.
Upstream defaults are to build "--with-sssd-user=sssd" and to install
systemd service with "User=/Group=sssd'. In this case, only several
helper processes - 'ldap_child', 'krb5_child' and 'selinux_child' -
are executed with elevated capabilities (that are now granted using
fine grained file capabilities instead of SUID bit). All other SSSD
components run without any capabilities.
In this scenario it's still possible to re-configure SSSD to run
under 'root' (if needed for some reason): besides changing "User/Group="
options, some other tweaks of systemd service files are required. Those
tweaks are described in the comments in service files.
If SSSD is built "--with-sssd-user=sssd" but configured to run under
"root", it's still possible to use a legacy sssd.conf::user option to
change a service user at runtime. This requires granting CAP_SET_UID/
CAP_SET_GID capabilities to sssd.service (again, read comments in the
service file). User will be changed and all capabilities dropped
immediately at startup. There should be no reason to prefer
sssd.conf::user option over sssd.service::User option, barring very
exotics setups where it's impossible to configure initial service user.
Take a note, that this release deprecates sssd.conf::user option and
its support might be removed in future releases.
Further, doesn't matter if SSSD is built "--with-sssd-user=sssd" or
"--with-sssd-user=root", when it's configured to run under "root" (in both
cases) it still runs without capabilities, the same way as when it's
configured to run under "sssd" user. The only difference is from DAC
perspective.
Important: owner of /etc/sssd/sssd.conf file (and snippets) should match
user configured to start SSSD service. Upstream spec file changes
ownership of existing sssd.conf to 'sssd' during package installation
for seamless upgrades.
Additionally, this release fixes a large number of issues with "socket
activation of responder" feature, making it operable out-of-the-box when
the package is built "--with-sssd-user=sssd". Please take a note,
that user configured to run main sssd.service and socket activated
responders (if used) should match (i.e. if sssd.service is re-configured
from upstream defaults to 'root' then responders services also should be
re-configured).
Downstream package maintainers are advised to carefully inspect changes
in contrib/sssd.spec.in, src/sysv/systemd/* and ./configure options that
this release brings!

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4c42ca7a9d69ad1bd09ded68de8ba0319d4a9ff7">4c42ca7a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: make sure cache files are accessible

Since now SSSD starts and runs under %{sssd_user} by default,
make sure cache files left from previous version are %{sssd_user}:%{sssd_user}
owned.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/aa7cddfa9452a12c9cf79adcad282c4cc30630ea">aa7cddfa</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: make sure config files are accesible

Since now SSSD starts and runs under %{sssd_user} by default,
make sure config files left from previous version are %{sssd_user}:%{sssd_user}
owned.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b88d56a39c957c71b3280b4b42b07882e35d6123">b88d56a3</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD: KCM capabilities

'sssd_kcm' doesn't need CAP CHOWN/SET-ID itself but needs to have it in
bounding set so that 'krb5_child' run by 'sssd_kcm' can get those capabilities.

CAP_DAC_OVERRIDE is used to access sssd.conf and log folder.

The latter can be dropped once (if) 'sssd_kcm' is changed to run under
'sssd' user by default.

An approach to use 'SupplementaryGroups=' isn't practical here because
config files aren't readable by group and changing this in existing
setups might be cumbersome. It should be easier to make 'sssd_kcm'
to run under 'sssd' user.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9fbaf6d74bb916ab2db68da409dcd652f8acf1aa">9fbaf6d7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSS_INI: only check file ownership from 'sssd'

User used to run 'sssctl', 'sssd_kcm', etc (typically root) might
not match user configured to run SSSD service.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/583ea7f2dfac15b56ef36742faad8149fda92cf2">583ea7f2</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD: remove "PIDFile="

See https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html#PIDFile=
```
Note that PID files should be avoided in modern projects. Use Type=notify, Type=notify-reload
or Type=simple where possible, which does not require use of PID files to determine the main
process of a service and avoids needless forking.
```

SSSD uses "Type=notify"

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6ca4e47223fcb68b0680294f1463a8e044a2a96b">6ca4e472</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CONF: store pid file in /run/sssd

instead of /var/run. SSSD run under non-privileged user can't write
to /var/run directly.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/29b1e474ca42ede4ac3f0cbc55de9c1754a2e39e">29b1e474</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: make pidfile readable by everyone

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e2c26e810c3635124255e7619272591eab143553">e2c26e81</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: replace SUID bit with more fine-grained capabilities

This will also allow to use "SecureBits=noroot" in sssd.service

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/84c3034dc58e74dbd6c557df1373a3c0ae07a226">84c3034d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD: set "SecureBits=noroot noroot-locked"

in sssd.service to avoid processes gaining all capabilities
from bounding set during execv() with uid=0/gid=0 (so that, for
example, 'sssd_be' runs without capabilities even if "User=root")

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9eed3873a397713759aa0a1455323fe49c58a0b5">9eed3873</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: make conf folder g+rx

so that SSSD built --with-sssd-user=sssd but run under 'root' can get
to sssd.conf without capabilities (using "SupplementaryGroups=sssd")

sssd.conf still needs to be chown'ed to 'root:root' manually in this
case.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/07f00135f56a20e3642dfa904965d8c82df7b5dc">07f00135</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: system: skip 'passkey' tests if SSSD runs under non-root

For a real device this is handled by udev rule that makes device
readable by SSSD. This rule doesn't work with mocked device.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/869ee96526771133b1b18c4f228329d42f5e2e67">869ee965</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: build Fedora >= 41 package with sssd user support

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d45b85b7cf1f4f1401bc5d41682c2082861b6287">d45b85b7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSSDConfig: chown() sssd.conf to SSSD service user

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/128777896c26ba9c37d888209b65db4648b512ae">12877789</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: free 'tmp_ctx' in case of failure too

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e37a8c7893f7dee0402ab2439b644fb7b87a795c">e37a8c78</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MAN: 'monitor' exit codes description

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cb4dbea61980d7e7ca49d1a99e034944e0e3c0d9">cb4dbea6</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-18T09:02:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC/SYSTEMD: try harder making sure logs ownership matches service user

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3788f48008390194dcd562ba3203c39deb34056a">3788f480</a></strong>
<div>
<span> by Abhijit Roy </span> <i> at 2024-03-18T09:27:19+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sssctl: Adding options for nss

Fixing the false positive error reported by config-check

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0b26b6fd1272a825ff537bcb7848a9a687e994c9">0b26b6fd</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-03-21T09:55:58+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: alltests/test_krb5: Replace files provider

Replace files provider with proxy provider.
This test case test authentication of local user using
kerberos and also update the authselect to select sssd only.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4085ee07926303aa26e46dfcc6dec87776432c62">4085ee07</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-03-21T10:30:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: inotify: avoid potential NULL deref

Fixes following error:
```
Error: STRING_NULL (CWE-170):
sssd-2.9.1/src/util/inotify.c:298: string_null_source: Function ""read"" does not terminate string ""ev_buf"". [Note: The source code implementation of the function has been overridden by a builtin model.]
sssd-2.9.1/src/util/inotify.c:316: var_assign_var: Assigning: ""ptr"" = ""ev_buf"". Both now point to the same unterminated string.
sssd-2.9.1/src/util/inotify.c:320: var_assign_var: Assigning: ""in_event"" = ""ptr"". Both now point to the same unterminated string.
sssd-2.9.1/src/util/inotify.c:327: string_null: Passing unterminated string ""in_event->name"" to ""process_dir_event"", which expects a null-terminated string.
 #  325|
 #  326|               if (snctx->wctx->dir_wd == in_event->wd) {
 #  327|->                 ret = process_dir_event(snctx, in_event);
 #  328|               } else if (snctx->wctx->file_wd == in_event->wd) {
 #  329|                   ret = process_file_event(snctx, in_event);
```
  --  it might be unsafe to dereference `in_event->name`
if `in_event->len == 0`

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c858d577cd1fb81320e3244110e13e2160152c92">c858d577</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-03-21T10:30:34+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: Fix the ssh configuration - II

The previous patch fixed the environment for the multihost tests, but
system tests also need the fix.

This fix will become obsolete and should be removed when FreeIPA
adapts the ipa-client-install tool to use the sss_ssh_knownhosts tool.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bf6cb6dcdd94d9f47e4e74acd51e30f86b488943">bf6cb6dc</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-03-21T13:45:43+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: add OTP to krb5 response selection

Originally where there was only password and OTP authentication we
checked for password authentication and used OTP as a fallback. This was
continued as other (pre)-authentication types were added. But so far
only one authentication type was returned.

This changed recently to allow the user a better selection and as a
result OTP cannot be handled as a fallback anymore but has to be added
to the selection. In case there are no types (questions) available now
password is used as a fallback.

Resolves: https://github.com/SSSD/sssd/issues/7152

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7c33f9d57cebfff80778f930ff0cc3144a7cc261">7c33f9d5</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-03-21T13:45:43+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: make sure answer_pkinit() use matching debug messages

Resolves: https://github.com/SSSD/sssd/issues/7152

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e26cc69341bcfd2bbc758eca30df296431c70a28">e26cc693</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-03-21T13:45:43+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: make prompter and pre-auth debug message less irritating

Resolves: https://github.com/SSSD/sssd/issues/7152

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0d5e8f11714e8e6cc0ad28e03fecf0f5732528b3">0d5e8f11</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-03-21T13:45:43+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam_sss: prefer Smartcard authentication

The current behavior is that Smartcard authentication is preferred if
possible, i.e. if a Smartcard is present. Since the Smartcard (or
equivalent) must be inserted manually the assumption is that if the user
has inserted it they most probably want to use it for authentication.

With the latest patches pam_sss might receive multiple available
authentication methods. With this patch the checks for available
authentication types start Smartcard authentication to mimic the
existing behavior.

Resolves: https://github.com/SSSD/sssd/issues/7152

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/795b13c1853a4c402ead5470de29d0f8f68b367a">795b13c1</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-04-02T16:14:47+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: fixing typo in test_authentication.py

The assertion checks for user_3 but the user added is user-3. The value
is different than the others because we are trying to try different
combinations.

Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/05df8167963f2e93c1c460b43264ad8050cd4461">05df8167</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-04-02T16:15:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam: fix storing auth types for offline auth

Before the recent patches which allow krb5_child to iterate over all
available authentication methods typically only one method was returned.
E.g. is Smartcard authentication (pkinit) was possible it was typically
the first method the in question list and the result of the
answer_pkinit() function was immediately returned. As a result only the
Smartcard authentication type was set and a missing password
authentication type while others were present might have been a
reasonable indicator for the online state.

With the recent patches, all available methods, including password
authentication if available, are return and a new indicator is needed.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/79c384fb0c41a205b8119f86ef23860c223c853e">79c384fb</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-04-02T16:15:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>test: set 'local_auth_policy = only' for all passkey test

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1c2aa825062dcf2da2e886c3211be90c22db1750">1c2aa825</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-04-04T15:08:37+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix test_kcm_ssh_login_creates_kerberos_ticket

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7c6bc58a10022c6cc0ed516bc0ac5422705cfc91">7c6bc58a</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-04-05T07:12:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Move polarion.yaml to src/tests/

The path src/tests is more generic and would make more sense for other
components that share the same idmci automation.

Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6dec94468bb064a2835fcd680e926b98dfa4766f">6dec9446</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-05T19:43:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BUILD: only link SYSTEMD_DAEMON_LIBS if needed

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/de928a283b55206c0da2c586253b538d53bf9e02">de928a28</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-05T19:43:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BUILD: only search for SYSTEMD libs if needed

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c3578ad6fa3ef19046aedb496aba8a923205c7b9">c3578ad6</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-05T19:43:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BUILD: require initscript=systemd for syslog=journald

and don't build intg-tests with 'systemd'

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4d29b915a0c00e77707072acfd6af38af6dfa180">4d29b915</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-05T19:43:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BUILD: don't use '--disable-dbus-tests'

This ./configure option isn't available since 3d1b6458568f3df4d5c192f432e73d65e4a9d293

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ce9488d6bda54bcbe8e92c35011abbb312329c69">ce9488d6</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-05T19:43:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>INTG-TESTS: replace '--without-semanage' with '--without-selinux'

'--with[out]-semanage' was removed in 0a254e4341d886c68394019fa610a67492f14fce

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f30902faa0dcaa857422d48ed85a50abb3928a33">f30902fa</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-04-08T08:21:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Update reference to polarion.yaml

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/12e7432348689636c5d602b4bdb0f2997ca3ee60">12e74323</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-09T11:47:39+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BUILD: link 'krb5_child' against 'libsystemd' if needed

This is addition to #7268

If SSSD is configured with
```
  --with-initscript=systemd
  --with-syslog=syslog
```
then 'krb5_child' need to be linked against 'libsystemd' due to
`check_if_uid_is_active()` usage.

Resolves: https://github.com/SSSD/sssd/issues/7278

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2b5f1cc4777ba350e8160e970715d1f3d9cd75c2">2b5f1cc4</a></strong>
<div>
<span> by Andreas Hasenack </span> <i> at 2024-04-10T12:49:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix format string used for time values

When building for armhf with _TIME_BITS=64, the %lu format string used
to represent time_t values as strings is no longer correct. Switch to
SPRItime which takes into account the time_t size.

Fixes: #7276

Signed-off-by: Andreas Hasenack <andreas.hasenack@canonical.com>

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/01d09bb879e25cf26c78fa1b8d836cb16814eb47">01d09bb8</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-11T15:12:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: use sysusers as additional source

This partially reverts 736430aa0ed0f9c9e36315ea97de65908c29f590

The reason is that 'sysusers_create_compat' macro is evaluated after
the tar ball is extracted, after SSSD is built and after content of
the BUILD and BUILDROOT directories is removed, so otherwise there is
no extracted or built data available anymore.

See https://github.com/SSSD/sssd/pull/7267#discussion_r1549282574 for
details.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5045e4344d0d3c35a13518e9e9d9e809ed018f02">5045e434</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-11T15:12:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: enabled 'sysusers' for f-41+

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5b9a2f813e51675139e62cd534dd56a38fbc94a4">5b9a2f81</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-11T15:12:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: define a home dir for 'sssd' user

Set '/run/sssd/' as 'sssd' user home dir.
This is required to accomodate for needs of some Samba libraries that
create cache while fetching GPO files.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/03f68e81d0c7e4ff57f73fdf6e3739389991e446">03f68e81</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-04-11T15:19:19+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: test case audit and house keeping

- standardized all system test case names in the new framework
- test_ldap.py: moved tests from test_offline.py, and test_rootdse.py because they have one topology which only ldap. renamed test_rootdse.py test cases names
- test_authentication.py: updated non descripted docstrings.
- test_identity.py: moved tests from test_autoprivategroup.py, because it perfroms an identity lookup and is one test case.
- test_autofs.py: removed ldap from autofs requirement, because test cases are now generic.
- test_proxy.py: updated test case name to reflect what is being tested -- test case should be updated
- test_memory_cache.py: renamed test cases to make it more readable
- test_sssctl.py merged with test_sssctl_analyze.py
- test_default_debug_level.py renamed to logging.py

Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/23afc3bb7b0d99cb1c1a4925265007d7fbe610c5">23afc3bb</a></strong>
<div>
<span> by Patrik Rosecky </span> <i> at 2024-04-11T14:09:56-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: convert multihost/alltests/test_cache_testing to system/test_sss_cache
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b67a29ff521aa8fe9e454eeb3ab2ef2c95b35df3">b67a29ff</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-15T07:13:18+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: suppress `chown` errors

Files that package chown's during installation might not exist and
that's totally fine (clean install).

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fa9f6882bc5181edc404ebedf1ddaf5c92b917a5">fa9f6882</a></strong>
<div>
<span> by shridhargadekar </span> <i> at 2024-04-15T07:13:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: sudo defaults rule

Changed doc-strings and steps for more clarity

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b164766ac4dfbce1b3a2769b4d8cc5a1fd185341">b164766a</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-04-16T08:54:59-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: removing genconf, chown tests and updating passkey dirs
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c25568fceb9a3ad37334d395902427ad304dacfc">c25568fc</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-16T15:13:53+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: build RHEL9 `--with-libsifp`

'libsss_simpleifp' stays in RHEL9, let upstream copr match downstream
packaging.

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/57c4ccdcace87e7c94738f9277ec81d2650d9f76">57c4ccdc</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-16T19:05:18+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BUILD: get rid of `--with-semanage` leftovers

Reviewed-by: Andre Boscatto <aboscatt@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d7db7971682da2dbf7642ac94940d6b0577ec35a">d7db7971</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-04-18T11:53:37+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad-gpo: use hash to store intermediate results

Currently after the evaluation of a single GPO file the intermediate
results are stored in the cache and this cache entry is updated until
all applicable GPO files are evaluated. Finally the data in the cache is
used to make the decision of access is granted or rejected.

If there are two or more access-control request running in parallel one
request might overwrite the cache object with intermediate data while
another request reads the cached data for the access decision and as a
result will do this decision based on intermediate data.

To avoid this the intermediate results are not stored in the cache
anymore but in hash tables which are specific to the request. Only the
final result is written to the cache to have it available for offline
authentication.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ab2671c00866d917f3e737a007ae64753f8440aa">ab2671c0</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-18T11:54:31+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>DEBUG: reduce log level in case a responder asks for unknown domain

Addition to 718fed9c53807b8502d6547bc0253b979d35e677

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7293eeea53458d1596262ee0f6593e08c38af7db">7293eeea</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-04-18T20:07:52+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>scripts: add sssd.sysusers to srpm generated by make_srpm.sh

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/aacb789b7036946fe5b5c0a971af0122f7528d84">aacb789b</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-04-19T13:44:42+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Split package installation transactions and add error logging.

Issues in package installation were silently ignored resulting
debugging failures elsewhere. This also resulted in false PASSED
in case that sssd was not updated due to some dependecy problem.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bf99d6065fb58bd70a2964c01cb009a25dab36bf">bf99d606</a></strong>
<div>
<span> by dependabot[bot] </span> <i> at 2024-04-22T18:02:39+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build(deps): bump vapier/coverity-scan-action from 1.7.0 to 1.8.0

Bumps [vapier/coverity-scan-action](https://github.com/vapier/coverity-scan-action) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/vapier/coverity-scan-action/releases)
- [Commits](https://github.com/vapier/coverity-scan-action/compare/v1.7.0...v1.8.0)

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/be8913eb8dc774516beeaaa2306243fce4db14ef">be8913eb</a></strong>
<div>
<span> by Abhijit Roy </span> <i> at 2024-04-22T18:02:59+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sdap_idmap: Enabling further debugging for to understand the underlying reason for Could not convert objectSID.

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/55bcb883eb627a91b954d9ba643bac940bdca7dc">55bcb883</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-04-22T18:03:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: passkey: Add a ssh key as a passkey mapping

Here, added two test cases:
1. Check log message when we add ssh key as passkey
mapping.
2. Check log message when we add ssh key with
passkey token.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0de6c33047ac7a2b5316ec5ec936d6b675671c53">0de6c330</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-04-23T11:58:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad: refresh root domain when read directly

If the domain object of the forest root domain cannot be found in the
LDAP tree of the local AD domain SSSD tries to read the request data
from an LDAP server of the forest root domain directly. After reading
this data the information is stored in the cache but currently the
information about the domain store in memory is not updated with the
additional data. As a result e.g. the domain SID is missing in this data
and only becomes available after a restart where it is read from the
cache.

With this patch an unconditional refresh is triggered at the end of the
fallback code path.

Resolves: https://github.com/SSSD/sssd/issues/7250

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0515eac5650db126ba2fd4a49478c31fb0affe9c">0515eac5</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-23T14:45:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: 'config_file_version' option doesn't exist

since e57093067665bb15c76cb88269fae93d44499bd5

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/65ca6725f6326481b7bb98c2a762c462f12cc8a8">65ca6725</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-24T13:05:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: remove unused stuff (lcov, ...)

Reviewed-by: Andre Boscatto <aboscatt@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4b2553d42fe063c2130e6f972508104a710cc811">4b2553d4</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-04-25T11:59:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: updating makefile.am to include tests

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0f0aaa25ebdf1eea1824453a5aec4674585fd6e5">0f0aaa25</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-25T16:00:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: drop support of centos-stream-8

Addition to 5bbc14658b54b083aa0da485073cde47b40c3396

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/61e7372c8a59b2e1d79057353e26c66276cf1275">61e7372c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-25T16:00:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: enable centos-stream-10

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d8e831164640431a6f2260dcac0f82cf6f5c81b1">d8e83116</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-25T16:07:41+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>PAC: add 'sssd' user to the list of 'allowed_uids'

:config:SSSD service user was added to the default value of
PAC 'allowed_uids' in case corresponding support was built.

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/92c902abd02190b9fc349eee02760fab6cddbdb3">92c902ab</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-26T08:26:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BUILD: make support of 'sssd.conf::user' option configurable

:relnote:Support of 'sssd.conf::user' option was made build time
configurable ('--with-conf-service-user-support') and disabled by
default. Take a note that this ./configure option only makes sense
if used together with '--with-sssd-user=...'
Support of this option is deprecated and might be removed in future
releases. Recommended way to configure SSSD service user is to simply
start main SSSD process under required user (made available at build
time using '--with-sssd-user=...')

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7239dd679106748cabfd914df0344601ec5ce224">7239dd67</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-04-26T08:57:00+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>dist: set capabilities during make install

Resolves: https://github.com/SSSD/sssd/issues/7284

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1199bd10c3aadd67f37689b00ce1cc25cae85bf1">1199bd10</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-04-26T08:57:00+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>conf: update path permissions

Use the same permissions as in the spec file during 'make install'.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/738bb53307ee90fccb97be6d62c850abdc259c03">738bb533</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-04-26T12:47:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>GPO: Defer SMB server choice until id connection established when processing referrals

Fixes referral processing when the connection to the referred domain has
not yet been initialized. This may happen when sssd has just started as
state->conn->service->uri of referred subdomain may not have been resolved
yet.

Defer the decision on which SMB server to download the GPO files from until
the id connection has been established as the user might have forced
the DC to use (ad_server parameter).

Related to: https://github.com/SSSD/sssd/issues/3686

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/98efb5ec92ed28dc9e74821526dfc773c3ca8044">98efb5ec</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-04-26T12:47:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>GPO: Remove unused local variable

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9926067110e8fd26943dfe1efe1ed34b54735ae3">99260671</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-04-26T12:47:37+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: Add sysdb_gpos_base_dn()

Resolves: https://github.com/SSSD/sssd/issues/4523

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e1692772bf6bed9062a77518e9c0dc66dfc51942">e1692772</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-04-26T12:47:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>GPO: Fetch the GPO's displayName attribute

Resolves: https://github.com/SSSD/sssd/issues/4523

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/568ca5dee4efa15cace0e6ff3a7c04021c48f56e">568ca5de</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-04-26T12:47:43+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: Store GPO's displayName in sysdb

Resolves: https://github.com/SSSD/sssd/issues/4523

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/35801347e270fa515e5f54068b4b4de773001325">35801347</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-04-26T12:47:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: Store the GPO's filesystem path in sysdb entry

Resolves: https://github.com/SSSD/sssd/issues/4523

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/66fd8a04891be03f836256216e1fe7c221d7a0ee">66fd8a04</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-04-26T12:47:50+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: Always canonicalize GPO guid

Always store the guid uppercased and enclosed in curly brackets.

Resolves: https://github.com/SSSD/sssd/issues/4523

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cf59da1aa7f357b66cd4baaf6566c5c2d42ae3a7">cf59da1a</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-04-26T12:47:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: Add new index for gpoGUID and make searches on it case insensitive

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/095e31eb23dd1fb845fb928a345d4c204284b3f1">095e31eb</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-04-26T12:47:57+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSSCTL: Prepare for extended help in subcommands

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/18a17bcd506b70412b6f29ce7dc06828c4089f55">18a17bcd</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-04-26T12:48:00+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSSCTL: Add gpo-show command

Resolves: https://github.com/SSSD/sssd/issues/4523

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6dc9166c2c04bf5d71ddc7a08de49a3b022a1212">6dc9166c</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-04-26T12:48:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSSCTL: Add sssctl gpo-list command

Resolves: https://github.com/SSSD/sssd/issues/4523

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/be735999d221481302d8dd07192b3a6e2893d105">be735999</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-04-26T12:48:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: Add a function to delete GPO entry by GPO GUID

Resolves: https://github.com/SSSD/sssd/issues/4523

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/afee68b113b4cab7a145de83c798f1e0cd34841c">afee68b1</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-04-26T12:48:08+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSSCTL: Add sssctl gpo-remove command

Resolves: https://github.com/SSSD/sssd/issues/4523

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c5b16eec476614133f9a6643015d5f0094440e0b">c5b16eec</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-04-26T12:48:10+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSSCTL: Add gpo-purge command

Resolves: https://github.com/SSSD/sssd/issues/4523

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/54179a094f732eaadf925bd869d3097889f4a213">54179a09</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-04-26T12:49:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSSCTL: Add the new cached GPOs management commands to release notes

:relnote: The 'sssctl' command line tool has been extended to manage
the cached GPOs. It is now possible to list ('gpo-list') and show
('gpo-show') the cached GPOs, and the 'gpo-remove' and 'gpo-purge'
subcommands are particularly useful as they remove not only the entry
from the database but also the downloaded GPO files.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a226b245021b7b2bd7d0c33ed8b4bfa10f6fc4d1">a226b245</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-30T13:39:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: manage /run/sssd using tmpfiles.d

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b3a487a4d976b7f7f44b0bd70e19bcef8c605be4">b3a487a4</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-30T16:05:47+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LDAP_CHILD: replace `become_user()` with `sss_drop_all_caps()`

Since e2c26e810c3635124255e7619272591eab143553 'ldap_child' always runs
under SSSD_USER and uses file capabilities instead. For this reason
it doesn't make sense to call `become_user()` - `sss_drop_all_caps()`
is enough.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2891e7462cf9f6f3dc3e139c3c20a3ac36b359df">2891e746</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-04-30T16:05:47+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5_CHILD: keep 'set-user-ID' in `k5c_become_user()`

Keep saved set-user-ID in `k5c_become_user()` so that 'sssd_be'
running under SSSD_USER could signal it.

Resolves: https://github.com/SSSD/sssd/issues/5536

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c15bd3aeb3bdc0af23b69bf277c2177a69c92bc3">c15bd3ae</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-05-01T15:33:38+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: Move soft_terminate_krb5_child to static

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d42c5e7da57064486591e5f622821cbb7536c439">d42c5e7d</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-05-01T15:35:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Deleting coverted test cases

All of tests cases are coverted to new test
case framework, deleting them to avoid duplication
of work.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dc637c9730d0ba04a0d8aa2645ee537224cd4b19">dc637c97</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-05-02T15:11:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESPONDER: use proper context for getDomains()

Request was created on a long term responder context, but a callback
for this request tries to access memory that is allocated on a short
term client context. So if client disconnects before request is
completed, then callback dereferences already freed memory.

Resolves: https://github.com/SSSD/sssd/issues/7319

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9aaa713031ec3f413a46aba305ed0f6b2474bfd9">9aaa7130</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-05-07T10:13:49+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add the test case passkey for fips enable

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b32f59603e707e130135c6f29a7332aa2b337b41">b32f5960</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-05-07T14:20:31+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: Add local_auth_policy table

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/76ec4919fb6bfb96e9f761de57e7bc34232f1262">76ec4919</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T14:24:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add extra debug to test_0003_gssapi_ssh.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6319e42769eb162a603894762a585c05c55637cc">6319e427</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T14:24:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Switch test_0001_memcache_sid to reuse adjoin code.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/de5e22e2d847e8e21f83d5aadcf770762c87c311">de5e22e2</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T14:24:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add journalctl when systemctl sssd fails.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8aa72b1623168672f06870a9e6fd03e190869647">8aa72b16</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T14:24:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Update ad parameters ported for non-root.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/59d19d909d63ba088d5221067ef367e35bc6ee14">59d19d90</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T14:24:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add extra sssd restart on master for samba tests.

For non-root the sssd needs to be restarted after joining the AD
and fixing sssd.conf permissions, this was not done on master (smb).

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f160242d77ef1665bb1edd77aa3d0060a4d63355">f160242d</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T14:24:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add fixing sssd.conf ownership after realm join.

Add journalctl info when service_ctrl call fails.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bc1a8e9634b40abf1173407094225266407f3071">bc1a8e96</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T14:24:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix PEP8 on updated AD suites.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/31bd16f65a1add408d108767bdaa9fe86df2bc7f">31bd16f6</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-07T15:37:48+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Update expect as passwd password change message changed.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/be42ada11424579566c281222eab79beaf868061">be42ada1</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-05-09T15:27:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BACKENDS: Move the netlink watching to the backends

Network status changes were watched by the monitor and it would
signal through D-Bus the backends to check their online status.

This commit moves the network status change watching to the backends
themselves.

Configuration is still managed by the monitor's disable_netlink option.

The resetOffline d-bus method is still available although it is no
longer used by the monitor upon network status changes.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ce9924c3a606332f6b361dd87d309514131f1574">ce9924c3</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-05-09T15:27:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TEST: Exclude libnl-3 from valgrind tests

Because tests are now linked to libnl-3, valgrind tests are failing.
We suppress error for this external library.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b821c77f23d520ef90102ccb1378fd9b7abda314">b821c77f</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-05-09T15:27:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MAN: Make disable_netlink in `man sssd.conf` conditional

The presence of the disable_netlink option in the sssd.conf man page
is now conditional to HAVE_LIBNL, that is, to the present of the library
and to value of the --with-libnl ./configure wasi executed.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7f48c7c448124dea68f2835c7e10742f48f8bc6c">7f48c7c4</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-05-09T15:27:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adding gpo system tests

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ef66a27ab40fae12a43a3276f3ffaa38ab8037f2">ef66a27a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-05-10T11:06:34+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: run under SSSD_USER by default

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/18aecfd42a44443d53dd47fbe5c38c6507283284">18aecfd4</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-05-10T11:06:34+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>make install: catch up with the spec-file

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f58be95ce1d7f59b3b80b8466baa7b7de046109c">f58be95c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-05-10T11:06:34+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MAKE: only add 'AmbientCapabilities' template if

built '--with-conf-service-user-support'

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ca684cd156debbdf3d95776271e7020b883b1e81">ca684cd1</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-05-10T13:18:56+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: rename fips passkey test's recording files path

Rename fips testase passkey's recording file path.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7bab23612584bc5e7a6380f9eb0dfd18e63df8e5">7bab2361</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-05-13T10:29:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD: chown() sssd.conf in service file

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5531e1de5be2a5b0be1f016e36d5a4ee8a551845">5531e1de</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-05-13T10:29:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD: don't chown() logs

Reconfiguration of SSSD service user should be exceptionally rare event,
so it's reasonable to expect that administrator should also wipe artifacts
(logs, ldb-cache) manually in this case, so keeping chown()-s in service
file isn't justified.

:packaging: systemd service files for socket activated responders don't
chown() logs anymore. chown() happens once during package update. In case
of reconfiguration of SSSD service user after installation, logs files
and ldb-cache files should be deleted or chown()-ed manually.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f1c6218164bbcfba1698d416e248b7a9de4ddcf9">f1c62181</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-05-15T11:31:38+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>oidc_child: fix wrong usage of '%*s'

If it is not clear if a string is 0-terminated or not but the length is
known the '%.*s' template must be used to use only given numbers of
characters. '%*s' is a valid printf() template but only sets the minimal
width of the output.

This patch fixes an occurrence ion the sysdb code as well.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7077328f57b470b110f3b19bf9b290bbd0e45776">7077328f</a></strong>
<div>
<span> by Lizhou Sha </span> <i> at 2024-05-15T11:32:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: Add Requires: sssd-krb5-common for KCM ticket renewals

The KCM ticket-renewal feature relies on the /usr/libexec/ssd/krb5_child
binary for functionality. That binary is provided by the RPM package
sssd-krb5-common. This commit fixes the dependency of sssd-kcm in the
spec file.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/39f5b9ac21d167991591f6873b34f722d4bdd2bc">39f5b9ac</a></strong>
<div>
<span> by Andreas Schneider </span> <i> at 2024-05-16T10:11:17+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad_gpo_child: Improve libsmbclient code

We plan to get rid of smbc_setFunctionAuthData() in future, so already
move to the function using the context. Also tell libsmbclient we do not
want to fallback if Kerberos fails.

Signed-off-by: Andreas Schneider <asn@redhat.com>

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/914ce094735d759e162fa885087789dcfc8c89f8">914ce094</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-05-16T10:53:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>passkey: Return error during passkey processing

Avoid retrying SSS_PAM_PREAUTH loop if an unexpected error
is encountered during passkey processing.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d7d51126a35b375a5a11cd290cf3c011c713afe4">d7d51126</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-05-16T10:53:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>passkey: Improve passkey mapping handling

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f135102765c781f1f9e9e76d16d30a51c776d473">f1351027</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-05-16T10:53:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: Update tc when mapping and key are added

Update the passkey test case where we are now testing
su passkey auth of user when user is added with ssh-key
and passkey mapping for AD, Samba and LDAP server.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>
(cherry picked from commit b73994ff3ddf58b9363282b47ebe5ca2329462c2)

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e9738e36937e78f80bb2772c48cffbddf39bd5fe">e9738e36</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-05-16T11:13:25+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>failover: add failover_primary_timeout option

This was previously hardcoded to 31 seconds (hardcoded retry_timout +
1). This may be too short period under some circumstances.

When we retry primary server we drop connection to the backup server and
if the primary server is not yet available (and there are many
unavailable primary servers) we may go through a long timeout cycle
every half minute.

This patch makes the value configurable.

:config: Added `failover_primary_timout` configuration option. This
  can be used to configure how often SSSD tries to reconnect to a
  primary server after a successful connection to a backup server.
  This was previously hardcoded to 31 seconds which is kept as
  the default value.

Resolves: https://github.com/SSSD/sssd/issues/7375

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d13dc329b2620665d8cba49968e49067f888b524">d13dc329</a></strong>
<div>
<span> by Weblate </span> <i> at 2024-05-16T13:31:23+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>po: update translations

(Finnish) currently translated at 10.1% (72 of 712 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fi/

po: update translations

(Korean) currently translated at 66.3% (1711 of 2577 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Swedish) currently translated at 100.0% (2761 of 2761 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/

po: update translations

(Swedish) currently translated at 100.0% (712 of 712 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/

po: update translations

(Korean) currently translated at 66.2% (1708 of 2577 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Korean) currently translated at 66.2% (1707 of 2577 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Korean) currently translated at 100.0% (712 of 712 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/

po: update translations

(Korean) currently translated at 66.0% (1701 of 2577 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Korean) currently translated at 100.0% (712 of 712 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/

po: update translations

(Polish) currently translated at 4.9% (130 of 2625 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/pl/

po: update translations

(Korean) currently translated at 66.0% (1701 of 2577 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Russian) currently translated at 100.0% (2761 of 2761 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9a5a54cfb8685a6509b5c15920d45be0f27055e6">9a5a54cf</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-20T14:03:16+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Update password change expect to work

The message changed between RHEL 9 and RHEL 10.
From: "passwd: all authentication tokens updated successfully"
To: "passwd: password updated successfully"

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a008accecd6d0b35e8d57d738ee3d05863aa7d0f">a008acce</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-05-22T10:42:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: don't overwrite config.ldb

This partially reverts d2d8f342cd5e90bb9fd947c448492225f959aa86
There should be no reason for 'sssctl' to run if SSSD itself isn't
running (or wasn't run so 'config.ldb' is absent).

Enforced recreation of 'config.ldb', on the other hand, might spoil
file ownership, as 'sssct' is typically run under 'root', but SSSD
itself might running under 'sssd' user.

This also reverts f405a4a3694957b5a5cb45d0f7ea2854d876cbb6
` confdb_expand_app_domains()` in `sss_tool_domains_init()` isn't
needed anymore, because 'sssctl' now uses 'config.ldb' created by
'monitor' where this expansion was already done.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cbc4415119ca31db3975ba8dd804b38928467601">cbc44151</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-28T09:06:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add extra output in package_mgmt when operation fails.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d7d2b9673568767b1c5b2647f18807f236a0417f">d7d2b967</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-28T09:06:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Move logging settings change to test start

The custom log setting changes were done at the start of session
but we did not manage to grab session/class level fixtures
output a result. Moving the changes to tests start and restore to test end.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5999e0704e137069f56f545338ecd127c4e68a4c">5999e070</a></strong>
<div>
<span> by aborah </span> <i> at 2024-05-28T09:08:41+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix the test failures for tier-1-pytest-alltests-tier1-2 for non root configuration

Fix the test failures for tier-1-pytest-alltests-tier1-2 for non root configuration

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b026d625a71651f3dfd6cca52dc2e74b9bdda7e0">b026d625</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-05-28T14:49:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: explicitly set which topologies are already provisioned

PRCI uses containers that already have multiple topologies provisioned
out of the box. pytest-mh and sssd-test-framework recently got the
ability to provision topology directly from pytest so in order to skip
this step in PRCI we need to set it explicitly.

Note that the client container is currently not enrolled in AD, so we
use topology setup there. Therefore if you run the tests locally with
AD running, you don't have to do a thing - client will automatically
join and leave the AD domain when AD/IPA-TRUST-AD topology is run.

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bf436377b632a2f16eaf518ce02f9894e3b51d03">bf436377</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-05-29T11:08:38+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: use python 3.11 for system tests

pytest-mh and sssd-test-framework started to require python 3.11 which
is not available on ubuntu runners by default.
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/85a238c6bdd15a275988e535e70281534c44dedf">85a238c6</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-05-29T11:09:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: Extend sysdb-tests to check case-insensitive store operations

If the domain is case insensitive then users and groups must be
correctly stored regardless name capitalization.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d2b734b926e1f23370c9cabd8ba6f07bf6b29a86">d2b734b9</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-05-29T11:09:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: Use SYSDB_NAME from cached entry when updating users and groups

The sysdb_store_user() and sysdb_store_group() functinos search for the
entry by name to check if it is already cached. This search considers
SYSDB_ALIAS, added when the domain is case insensitive. If a matching
entry is found use its SYSDB_NAME instead of the passed name.

It may happen the group is stored in uppercase, but later some server
returns a memberOf attribute in lowercase. When updating the group to
add the memberships the first search will find the entry, but the modify
operation will fail as the group name in the built DN will differ in case.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/19df6a5d2ed220e6236aa1c921b7abdeba233dd1">19df6a5d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-05-29T14:32:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSH: sanity check to please coverity

Fixes:
```
Error: INTEGER_OVERFLOW (CWE-190):
sssd-2.10.0/src/util/sss_ssh.c:195:13: underflow: The decrement operator on the unsigned variable ""len"" might result in an underflow.
sssd-2.10.0/src/util/sss_ssh.c:204:9: overflow_sink: ""len"", which might have underflowed, is passed to ""memcpy(out, pubkey->data, len)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
 #  202|           }
 #  203|
 #  204|->         memcpy(out, pubkey->data, len);
 #  205|           out[len] = '\0';
 #  206|       }
```

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7c913edc84e0201020b5ab770dd0823911387781">7c913edc</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-05-29T14:32:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT:idmap: fix coverity warning

Fixes following issue:
```
"Error: INTEGER_OVERFLOW (CWE-190):
sssd-2.10.0/src/sss_client/idmap/sss_nss_idmap.c:306:5: tainted_data_argument: The value returned in ""replen"" is considered tainted.
sssd-2.10.0/src/sss_client/idmap/sss_nss_idmap.c:331:5: overflow: The expression ""replen - 12UL"" might be negative, but is used in a context that treats it as unsigned.
sssd-2.10.0/src/sss_client/idmap/sss_nss_idmap.c:331:5: assign: Assigning: ""data_len"" = ""replen - 12UL"".
sssd-2.10.0/src/sss_client/idmap/sss_nss_idmap.c:347:9: overflow: The expression ""1UL * data_len"" is deemed underflowed because at least one of its arguments has underflowed.
sssd-2.10.0/src/sss_client/idmap/sss_nss_idmap.c:347:9: overflow_sink: ""1UL * data_len"", which might have underflowed, is passed to ""malloc(1UL * data_len)"".
 #  345|           }
 #  346|
 #  347|->         str = malloc(sizeof(char) * data_len);
 #  348|           if (str == NULL) {
 #  349|               ret = ENOMEM;"
```

Reviewed-by: Alejandro López <allopez@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f32b021eb401fba10a8d978b835c9492bab53ae7">f32b021e</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-05-29T14:32:52+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: increase 'services_startup_timeout'

so that it is aligned with MONITOR_MAX_SVC_RESTARTS & MONITOR_MAX_RESTART_DELAY

Reviewed-by: Anuj Borah <aborah@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6de231d76fff0f3d3a0e991b6f5c8c300b9310e6">6de231d7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-05-29T14:32:52+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: quit if any of providers didn't start

This more or less cosmetic change in the sense that currently
this code / condition shouldn't be reachable (see comment in the
patch).

Reviewed-by: Anuj Borah <aborah@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/979c25f38dbdeb9a479884e276d19e34bf7815d6">979c25f3</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-05-29T14:48:18+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Update ad multiforest and multidomain suites.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ac6536d130d3600328aaa7c81e94e585a0e65434">ac6536d1</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-05-30T09:52:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: remove http-parser dependency

It's not used since 10069b1d39e671b7502c5211883c94ceaa91aebb

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d1428aac18a37383037d7631f2f600022f0d8641">d1428aac</a></strong>
<div>
<span> by Dominika Borges </span> <i> at 2024-06-03T11:56:35+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>doc: improve `failover_primary_timeout` option

Resolves: https://github.com/SSSD/sssd/issues/7375

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ecda21a44ab47d26d196d9485e341f8abb413302">ecda21a4</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-06-03T11:57:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BUILD: Fix os detection

SUSE and openSUSE no longer ships /etc/SuSE-release [1], fallback to
/etc/os-release if autodetection fails.

[1] https://en.opensuse.org/Etc_SuSE-release

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d75727e66393cd18d4143f98876fa7cec0ee497d">d75727e6</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-06-03T11:57:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: Adjust sssctl user-checks default PAM service for SUSE

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/46fbc499df6e11a13912add05c65f59d391f6981">46fbc499</a></strong>
<div>
<span> by Gaël PORTAY </span> <i> at 2024-06-03T20:56:00+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Add missing debian operation system in help string

The commit e6ae55d5423434d5dc6c236e8647b33610d30e2e has added the debian
operating system, but the help string does not reflect it yet.

This adds the missing debian entry in the help string.

See:

        gportay@archlinux ~/src/sssd $ ./configure --help | grep -A1 with-os
          --with-os=OS_TYPE       Type of your operation system
                                  (fedora|redhat|suse|debian|gentoo)

Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7b32dc0ab877a9061b52868b8efe6866c3144b63">7b32dc0a</a></strong>
<div>
<span> by Gaël PORTAY </span> <i> at 2024-06-03T20:56:00+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Allow unknown operation system build

There are various operating systems in the world, and there are even
more if considering the embedded world.

Trying to detect all of them is hardwork and unnecessary.

If the host operating system is uncaught, the configure succeeds with
the following incomplete output:

        ./configure
        (...)
        configure: Detected operating system type:
        configure: Build with  config
        ---------------------^^

This enables the operating system "unknown" to remove the error raised
and to allow setting a system that is the short list.

It allows the use for options --with-os=unknown or --with-os=arch that
are a often more representative if the operating system is not in the
short list.

It turns:

        ./configure --with-os=unknown
        (...)
        configure: error: Illegal value -unknown- for option --with-os

Into:

        ./configure --with-os=unknown
        configure: Detected operating system type: unknown
        configure: Build with unknown config

Also, it avoids the assumption the target operating system is the same
as host if cross-compiling, and leads to errors.

For example, the commit e6ae55d5423434d5dc6c236e8647b33610d30e2e passes
the downstream debian option --install-layout=deb to setup.py and raises
an error if targetting a non-debian world (such as openembedded).

Fixes:

        error: option --install-layout not recognized

Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3dc8f6926d0370dd2613670a0d93c069824cefd5">3dc8f692</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-06-04T14:27:18+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: make sure `get_tgt_times()` always set `tgtt`

if it doesn't return error code

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2e3f1ab7d564ad3f5853470791af1691324a844e">2e3f1ab7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-06-04T14:27:18+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: TGT RENEWAL: try renew old ccaches immediately

Unprivileged 'sssd_be' can't read ccache, so just ask 'krb5_child' to do
the work.

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/671a4de2e14c9732648d6466e638c7d1ec21dba3">671a4de2</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-06-04T14:27:18+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: TGT RENEWAL: avoid flooding KDC

There might be a large batch of tickets awaiting renew when SSSD
is started. Add a 100 msec delay between renewal requests.

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/eb334ccd7af3ffc4d6a11d1170fcdb149fd6cfd8">eb334ccd</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-06-04T14:27:18+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: make sure FILE: TGT is still renewable

before asking KDC.

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5fc9590e27f8692a24ee33f9e189ba7b59317164">5fc9590e</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-06-04T18:18:49+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT: a bit more accurate data type handling

Should resolve following coverity complain:
```
"Error: INTEGER_OVERFLOW (CWE-190):
sssd-2.10.0/src/sss_client/common.c:233:13: tainted_data_return: Called function ""send(sss_cli_sd_get(), (char *)header + datasent, 16UL - datasent, MSG_NOSIGNAL)"", and a possible return value may be less than zero.
sssd-2.10.0/src/sss_client/common.c:233:13: cast_overflow: An assign that casts to a different type, which might trigger an overflow.
sssd-2.10.0/src/sss_client/common.c:260:9: overflow: The expression ""datasent += res"" might be negative, but is used in a context that treats it as unsigned.
sssd-2.10.0/src/sss_client/common.c:233:13: overflow: The expression ""16UL - datasent"" is deemed underflowed because at least one of its arguments has underflowed.
sssd-2.10.0/src/sss_client/common.c:233:13: overflow_sink: ""16UL - datasent"", which might have underflowed, is passed to ""send(sss_cli_sd_get(), (char *)header + datasent, 16UL - datasent, MSG_NOSIGNAL)"".
 #  231|           errno = 0;
 #  232|           if (datasent < SSS_NSS_HEADER_SIZE) {
 #  233|->             res = send(sss_cli_sd_get(),
 #  234|                          (char *)header + datasent,
 #  235|                          SSS_NSS_HEADER_SIZE - datasent,"
```

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1a3554b2d9beafacc9294e2ab181e12daeb98a46">1a3554b2</a></strong>
<div>
<span> by dependabot[bot] </span> <i> at 2024-06-05T11:14:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build(deps): bump actions/setup-python from 4 to 5

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4...v5)

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4cf9625b8c144904e5d5d06c24958d4b4d82a4a1">4cf9625b</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-06-05T11:17:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sbus: retry Hello if ERR_SBUS_NO_REPLY was received

If the system is starting up it might happen that a time synchronisation
daemon changes the system time. If SSSD is starting at the same time and
one of the components is sending a D-Bus Hello message shortly before
the time change it might happen that libdbus will consider this request
as timed-out after the time change happened and returns
ERR_SBUS_NO_REPLY.

To avoid a complety startup failure under this condition this patch will
try to send the Hello message again.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/15ab9be578784e7788de7f0e8b9e895866d964fe">15ab9be5</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-06-05T11:31:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pot: update pot files
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7c443ab4b933449e6e79c0bbb9aa3f5ec4e0d9bf">7c443ab4</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-06-05T12:44:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>scripts: add support for beta and rc versions
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6db9030f8ffb55896e65a7c877d7ebdf003bfe7b">6db9030f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-06-06T13:14:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPDX migration
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5ae05315e1d1a39225f9559940536165fb7c8cd0">5ae05315</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-06-06T13:14:25+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>configure: use runstatedir for default pid path

make distcheck yields the following error because pidpath is currently hardcoded to
/run/sssd (with the run directory hardcoded) and prefix is not correctly applied.

```
autoreconf -if && ./configure && make distcheck/usr/bin/mkdir: cannot create directory '/run/sssd': Permission denied
make[5]: *** [Makefile:47801: installsssddirs] Error 1
```

```
2024-06-04T16:35:23.1627995Z /usr/bin/mkdir -p \
2024-06-04T16:35:23.1628921Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/include \
2024-06-04T16:35:23.1629987Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/lib \
2024-06-04T16:35:23.1631024Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/bin \
2024-06-04T16:35:23.1632011Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/sbin \
2024-06-04T16:35:23.1632919Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/share/man \
2024-06-04T16:35:23.1633620Z     /run/sssd \
2024-06-04T16:35:23.1634262Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/lib/sssd \
2024-06-04T16:35:23.1635121Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/lib/ldb \
2024-06-04T16:35:23.1635921Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/share/dbus-1/system.d \
2024-06-04T16:35:23.1636710Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/share/dbus-1/system-services \
2024-06-04T16:35:23.1637387Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/lib/sssd \
2024-06-04T16:35:23.1637936Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/lib/sssd \
2024-06-04T16:35:23.1638495Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/share/sssd \
2024-06-04T16:35:23.1639022Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/lib \
2024-06-04T16:35:23.1639592Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/lib/sssd/modules \
2024-06-04T16:35:23.1640407Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/var/lib/sss/pipes/private \
2024-06-04T16:35:23.1641288Z     /__w/sssd/sssd/x86_64/sssd-2.10.0/_inst/share/sssd/krb5-snippets \
```

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/aefc8cea8d6479232af9a2e378344bb7056aba18">aefc8cea</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-06-06T13:36:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Release sssd-2.10.0-beta1
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0d60e3dc0ca333ca35154c3a20bb96f19fb7776c">0d60e3dc</a></strong>
<div>
<span> by aborah </span> <i> at 2024-06-07T17:26:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix RHEL10 failures

sub_id_ranges needed to be fixed : This is because of ABI change in libsubid library.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/eadb872677e4bbf1bae09a6c2a18c90b5bf6fa56">eadb8726</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-06-07T18:06:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>version: replace dash with tilda

We released a new SSSD beta version as 2.10.0-beta1, unfortunately
this caused issues in the rpm build system as this value is set as
the Version field but dash is not allowed in this field therefore
`make rpms` was broken.

Fedora guidelines requires to use ~ as a prerelease separator so
two NVR versions compare correctly. For example:

* 2.10.0 < 2.10.0-beta1
* 2.10.0~beta1 < 2.10.0

We will follow this guideline to make `make rpms` work again and
to avoid any further rpm issues. Next GitHub release will also
follow this guideline.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fad092b0839316c55ce9e45bfd3842ca3698862d">fad092b0</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-06-07T18:06:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci deps: do not use -- to denote positional arguments anymore

This does not work on Fedora 41, it looks like it is not supported
by dnf5.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4e0b648d1b879f556eeefd160d75b1f4f41a7b00">4e0b648d</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-06-07T18:23:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: Check the TGT of user after auth for passkey

Add the test case of passkey where we are checking
TGT of user after successful auth with IPA server.

Also add the fixture to update the ipa-optd@.service
file from server to make sure umockdev-run authenticate
the user without showing data mis match error.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/60fa730534ae2f08cafc14b08d48893efe91adcb">60fa7305</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-06-11T06:57:16+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Update code handling journald.conf

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/815d89f863d92751ac0dd3bb0be8567e570af5b0">815d89f8</a></strong>
<div>
<span> by aborah </span> <i> at 2024-06-11T08:28:42+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix ipa tests for RHEL10

Sssd switched from sss_ssh_knownhostsproxy to sss_ssh_knownhosts

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9f7916129357176b7aa60520c4c203aee2e7cce0">9f791612</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-06-11T15:08:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Drop already ported tests from alltest

Drop duplicate tests that has fallen in disrepair on RHEL 10 instead
of maintaining them.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/15fe8a11df434ee3e8b25a45f56bb647c0ce3747">15fe8a11</a></strong>
<div>
<span> by aborah </span> <i> at 2024-06-11T15:09:27+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix RHEL9.5 issue

authselect was not selected for sssd

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1812aaf7b75f473f3c468411cd2f1dd99b7d3591">1812aaf7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-06-11T18:13:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: strip public rx bits from 'proxy_child'

as a safety measure for a case where administrator could be tempted
to set SUID bit to support some legacy/3rd party PAM module.

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f37aa46690c7158062476f058abdbf16723ca6d8">f37aa466</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-06-12T07:39:43+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Add loading kernel module sch_netem for tc tool

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f7c53d1ff30fdcc8cbda428c95bf8050691c8da4">f7c53d1f</a></strong>
<div>
<span> by aborah </span> <i> at 2024-06-12T09:59:17+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix tier1_2 tests for rhel10

No of file descriptors should be same or close to same as before and after modifying krb5_child

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/48e681215f4cb8070d9e19069c83998268deee6c">48e68121</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-06-12T12:01:25+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Drop test_bz1221992 that is invalid on RHEL 10

"sbus-dp_example1" was a unix socket of DBUS server maintained
in every backend. Now we moved to single SBUS server in "monitor"
so backends don't create own DBUS servers anymore.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5ed2e37c249f45bb5d11bff434a9469c4b6d8718">5ed2e37c</a></strong>
<div>
<span> by shridhargadekar </span> <i> at 2024-06-12T15:01:23+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: automount segfault fix

C++ code compilation error due to the return value from void function
. Adding 'return NULL'

Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/49904292d6eceb50db1172f269cfce5a775759b6">49904292</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-06-12T16:05:32+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>test: Do not overwrite /etc/nsswitch.conf by authselect

Should fix test_more_than_one_cn.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fc5c1a1af5d868a34a687550af1e31a17576ad25">fc5c1a1a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-06-13T11:16:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: reduce log level if `sss_krb5_touch_config()` fails

due to missing privileges: `sssd_be` runs unprivileged and can't
touch config in /etc
Ideally it should be moved to privileged helper process. For a time
being just reduce log level to avoid backtraces in logs.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9fe254f46fbe0ad386eaa973bb153422f7114fd8">9fe254f4</a></strong>
<div>
<span> by Daniel Bershatsky </span> <i> at 2024-06-13T21:58:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSS_CLIENT: Follow API changes in libsubid

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9f363f86b2345616b0c8f559dc26bd6ff6022049">9f363f86</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-06-13T21:58:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: do not collect pytest-mh logs in separate file

pytest-mh logs will be collected automatically per test on failure
so there is no reason to collect everything in single file. Having
logs per test will be easier to debug.

The test log is stored in:
artifacts/tests/$testname/test.log

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b7a47ffa58fa325dceb6e3bc9c7379727bddb62e">b7a47ffa</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-06-13T21:58:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: disable show-capture in system tests

In case of failure, show-capture=yes (default) also prints all caputured
pytest-mh logs. Showing these logs in pytest output just makes it more
difficult to locate the failed assertion. The logs are stored in file
for each failed test so we do not need to see them in pytest output
to debug the issue.

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/27995f5d685f2fb3174f9df012a94a52b729a52c">27995f5d</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-06-14T10:53:16+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Drop tests converted to system from basic to save resources in prci

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f9c0c6d8d793da332ff8438aad9fbd3c2b1a3245">f9c0c6d8</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-06-14T10:54:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adding proper requirement for sss_ssh_knownhosts

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b25e510ad60f6ce0b57063cce648c3aa48b21241">b25e510a</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-06-14T11:07:18+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad: use right memory context in GPO code

The original primary SID is allocated on a temporary context and must be
move to be longer living one to still be available when the SID is
evaluated later in the code.

Resolves: https://github.com/SSSD/sssd/issues/7411

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7e54777067a7f07244bf79af757629897d97d36a">7e547770</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-06-18T09:12:47+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Handle missing ldap_child.log in AD parameters

Handle possibly missing ldap_child log.

Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bb72b53d3a222f016d882853a619bd74c237edf9">bb72b53d</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2024-06-18T17:36:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: change passkey_child owner

passkey_child owner was incorrectly set to $sssd_user:$sssd_user, when
it should be root:root. Correcting it.

Fixes: 30daa0ccdae5 ("spec: update to include passkey")

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/58da100dff3eabbe621d74a04ec6b07c06ff1c09">58da100d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-06-20T13:28:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ENUMERATION: enable support for 'proxy' provider

even when built without '--with-extended-enumeration-support'

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4e345cc4c9eff96291eed1f501fa5f43d7342307">4e345cc4</a></strong>
<div>
<span> by Christopher Byrne </span> <i> at 2024-06-21T14:53:59+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>initscripts: Allow Gentoo initscripts to work with sssd user

Current the sssd initscripts always start as root. Non-systemd users
cannot use non-root mode. This allows the initscripts to run with
--with-sssd-user option

Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/48c0607b4012267e50cd49a521a9cacbe5d5d021">48c0607b</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-06-21T14:54:19+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>configure: use prefix for systemd paths if needed

'make distcheck' fails because those paths didn't respect the prefix. To
avoid issues with standard prefixes like e.g. /usr, the prefix is only
added if it does not match the start of the systemd path.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/12150fcbbe547633091d832d988fb8707216eed1">12150fcb</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-06-21T14:54:19+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>configure: user ${datadir} in polkitdir

Instead of using the absolute path name '/usr/share' ${datadir} is used
to respect configure options and to make 'make distcheck' pass.

'polkitdir' is only used if SSSD was configured to run as 'sssd' user.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4d5177404de8e58abe8d40bc9402438bdf5629e2">4d517740</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-06-21T15:04:58+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>configure: use RUNDIR macro for config_pidpath

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/986bb726202e69b05f861c14c3a220379baf9bd1">986bb726</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-06-21T17:46:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sysdb: do not fail to add non-posix user to MPG domain

SSSD does not handle the root user (UID==0) and treats all accounts with
UID 0 as non-Posix accounts. The primary GID of those accounts is 0 as
well and as a result for those accounts in MPG domains the check for a
collisions of the primary GID should be skipped. The current code might
e.g. cause issues during GPO evaluation when adding a host account into
the cache which does not have any UID or GID set in AD and SSSD is
configured to read UID and GID from AD.

Resolves: https://github.com/SSSD/sssd/issues/7451

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/77f22467493147bd4ab0f8ec35cce4c393c85e3b">77f22467</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-06-25T13:15:36+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MAN PAGES: Fix broken man pages

In Makefile.am:79 the CONDS variable is set in several lines for
readablity. These new line add a space that breaks the conditions
and thus some features do not match their conditions. For instance
"with_ssh" becomes "with_ssh ."

Solving this by reuniting them all in a single line as it was before
the line was splitted.

Resolves: https://github.com/SSSD/sssd/issues/7449

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3d1bf5d8945c88029092a877586241aeb1fd81eb">3d1bf5d8</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-06-25T13:15:36+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSH: Remove two unused configuration options

The 'ssh_hash_known_hosts' and 'ssh_hash_known_hosts' are not used
when sss_ssh_knownhostsproxy is not built. In that case, their
declarations and the code reading them from the configuration file
must be removed.

They are still kept on cfg_rules.ini, but a comment was added to their
declaration reminding the person that will removed them that that file
must also be updated.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4dc96622844a34e952ff54912128c145c131cfe0">4dc96622</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-06-25T13:16:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>p11_child: enhance 'soft_crl' option

Currently, if the 'soft_crl' verification option is set and the CRL is
"expired", there will be no CRL check at all. "Expired" is here used in
the sense that a new CRL should have already been issues by the CA
according to the 'nextupdate' information form the CRL file.

This means that a revoked certificate which was rejected when the CRL
was valid is allowed if the CRL is expired and 'soft_crl' is set. This
is inconsistent especially if the "expired" CRL is still available and
could at least be used to check for revoked certificates from the time
the CRL was issued.

With this patch, if 'soft_crl' is set and the CRL is expired the CRL
will still be used to check for revoked certificates and a message will
be send to the system log for every valid certificate indicating that
the CRL file is expired and should be renewed as soon as possible.

This patch introduces a change in behavior and a revoked certificate
will now be rejected if the CRL is expired even if 'soft_crl' is set but
given the inconsistency described above the new behavior would be nearer
to an expected behavior than the original one.

Resolves: https://github.com/SSSD/sssd/issues/7404

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0562646cc261c2746ec57b52ae2670eb6a0c7985">0562646c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-06-25T13:16:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>PAM: grant 'cap_dac_read_search=p' to sssd_pam

to allow `gss_acquire_cred_from()` and `gss_accept_sec_context()`
that need to read a keytab.

:packaging: 'sssd_pam' binary lost public rx bits and got
'cap_dac_read_search=p' file capability to be able to use GSS API

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3bac8c9cc5adfda8925570519f3e680ce7b218d2">3bac8c9c</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-06-25T13:18:41+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: Passkey test cases

Add following test cases:

1. Check the auth of user after destroying the TGT
and ipa service is not reachable.
2. Check the auth and TGT of user when 12 mapping are
added for a user.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7868447300e4075d1ce5ae4b2dbee46018afd072">78684473</a></strong>
<div>
<span> by Weblate </span> <i> at 2024-06-25T13:19:35+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>po: update translations

(Czech) currently translated at 93.4% (699 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/

po: update translations

(Russian) currently translated at 100.0% (2789 of 2789 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/

po: update translations

(Russian) currently translated at 100.0% (748 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/

po: update translations

(Czech) currently translated at 92.9% (695 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/

po: update translations

(Czech) currently translated at 91.9% (688 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/

po: update translations

(Georgian) currently translated at 14.0% (105 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ka/

po: update translations

(Georgian) currently translated at 13.7% (103 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ka/

po: update translations

(Georgian) currently translated at 13.7% (103 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ka/

po: update translations

(Czech) currently translated at 91.7% (686 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/

po: update translations

(Korean) currently translated at 94.7% (709 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/

po: update translations

(Ukrainian) currently translated at 100.0% (2789 of 2789 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/

po: update translations

(Korean) currently translated at 66.6% (1712 of 2569 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Ukrainian) currently translated at 99.8% (2784 of 2789 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/

po: update translations

(Korean) currently translated at 66.4% (1712 of 2577 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6de89309d28a45c0924198ec96aed6396fdf0b13">6de89309</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-06-25T13:28:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pot: update pot files
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fce2d97df3313076000d785a6ff64238e1d0aa29">fce2d97d</a></strong>
<div>
<span> by Christopher Byrne </span> <i> at 2024-06-26T11:10:53+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BUILD: Wire up sysusers, udev and tmpfiles config for optional install

Gentoo needs the generated tmpfiles, however, due to the way sssd is
built, it can't just be copied that easily. Gentoo doesn't currently
the udev rules, but they might be needed later if support is added.
On the other hand, Gentoo does not use the sysusers file as that's
handled by a different package, so those need to be excluded. The
default behavior is maintained if none of the option are specified.

Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/28239d6c9dd5d2edb93fdf5406173a8cbebebc10">28239d6c</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-06-26T11:11:39+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>scripts: switch back to dash for pre-releases

It turns out that git does not allow tilde in tag name
therefore we need to keep using dash for upstream releases
and tilde in downstream.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b44cb576638435eebe7b54128746f62d4d86b2d2">b44cb576</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-06-26T11:11:39+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Release sssd-2.10.0-beta2

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a3ecd25a32020c3cea1a785b28150c9fe5f77723">a3ecd25a</a></strong>
<div>
<span> by aborah </span> <i> at 2024-07-01T11:49:34+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix tier2 tests for RHEL10

Fix tier2 tests for RHEL10

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/252f36520f44c58c9464fa8b1d9b4221a929ad0c">252f3652</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-07-01T11:52:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: updating gpo auto private group test case

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4e95d6f6c1bdd90bd1ca666fa2989bcda443f0a4">4e95d6f6</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-07-03T15:14:26+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Skip tests dependend on ldap_use_ppolicy when not available.

Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/30a9f4f389f0a09057f9d7c424b96020c940c5e1">30a9f4f3</a></strong>
<div>
<span> by John Veitch </span> <i> at 2024-07-04T12:22:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Update sssd.in to remove -f option from sysv init script

fee3883 removed the -f option from the sssd but the init script was
not updated accordingly at that time.

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4e48601851ffc8e25ee2e92a0feeb9b87b7ef326">4e486018</a></strong>
<div>
<span> by John Veitch </span> <i> at 2024-07-04T12:22:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Add --logger=files option to sysv init script

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e299525ec95019696108001e7f487efc73eb312c">e299525e</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-07-04T12:22:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LDAP: New option to trigger password change in case of grace login with expired password

If LDAP server enforces password policies and the extended control is
returned in the bind response, trigger a password change in the case of
grace login when the remaining grace logins go below the configured
threshold.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6c1d2aac8d99030874d395b0293b3a206e512060">6c1d2aac</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-07-04T12:24:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: Add example tests for D-Bus

Based on the current integration test on src/tests/intg/test_infopipe.py

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/af799964e5fa1264467b49988021c054586eff27">af799964</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-07-04T12:25:25+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5_child: do not try passwords with OTP

During two-factor authentication (OTP) krb5_child should use use the
dedicated OTP auth types SSS_AUTHTOK_TYPE_2FA and
SSS_AUTHTOK_TYPE_2FA_SINGLE exclusively and should not try password or
other types.

The special handling needed of ssh under certain conditions are
documented in the code and the man page.

Resolves: https://github.com/SSSD/sssd/issues/7456

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/88ac37d98445938dc04f68607de6e335dfb708bb">88ac37d9</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-07-04T12:27:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: housekeeping - test_kcm.py

* added assert error messages
* fixed some typos and grammer

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c19cac20889815c04aac8e57f53ee056a566229e">c19cac20</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-07-08T15:22:58+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: fixing gpo test case

auto_private_groups require users with posix attributes enabled

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9a852565b29234425bb82cdb92a3142378fa9ebd">9a852565</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-07-11T09:44:56+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: housekeeping - test_gpo.py

* added assertion error messages

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
(cherry picked from commit 0319412201805049cca3a20248b57c7c5415bb1d)

Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9808b69873e04510c29c9efd458914da410eab41">9808b698</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-07-11T09:44:56+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: test_autofs.py - adding error messages

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit d336ad18ad049470685ff9d7c1b6ddfdc4e9db89)

Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b1ce55a91a42e708c1eb54d4f34f5c3e5eb36e88">b1ce55a9</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-07-18T16:41:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>DEBUG: added missing newline

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fc2a26c306e51b66680aef85aa0d2c41d8049a7f">fc2a26c3</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-07-18T16:41:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TS_CACHE: never try to upgrade timestamps cache

It's easier and more consistent to recreate it instead.

This is a natural extension of 3b67fc6488ac10ca13561d9032f59951f82203e6

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f0d45464cee1d2a6a2719dbffe5bbf6189d0554a">f0d45464</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-07-18T16:41:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: remove index on `dataExpireTimestamp`

This index was only used in cleanup tasks that don't run often.
On the other hand, this index is huge and degrades performance of libldb
in general.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/077d2993a1b306e7cfe61618cbd5d03c602572f8">077d2993</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-07-18T16:46:26+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam_sss: add missing optional 2nd factor handling

This is a follow up to pull-request #7462 and adds the proper handling of
an optional second factor in case the prompting is configured.

Resolves: https://github.com/SSSD/sssd/issues/7456

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f5f00f40b4d6c864774a3ed88e39a719cf728640">f5f00f40</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-07-23T16:05:41+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: fixing auto_private_group test cases

two issues seemed like one, but they were actually different. added
another test to check the evaluation of auto_private_groups with posix
attributes while the other existing test was about missing groups.

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5e77d3d44aaae64fa83f60a64132f967dfe9c2ba">5e77d3d4</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-07-23T16:11:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sssd.supp: remove outdated entries

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6283742c456c54d0a2afea26cfd2f0366dba40c3">6283742c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-07-23T16:11:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sssd.supp: suppress invalid read in dlopen

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/415fa416bc102d144057af87d3dc9919fa086ce0">415fa416</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-07-23T16:14:49+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>test: housekeeping - sudo

housekeeping, the following is looked at and may have been done:
* fixed typos and standardized formatting
* renamed test cases to improve the clarity of what the test does
* improved docstring language, setup, steps and expected results
* synced code with the docstring order
* removed necessary configuration relevant to the test
* added pytest.mark.importance to test cases
* added error messages to assertions

noteable changes:
* removed authorization pytest marker, it's no longer used

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8421f34de9a7e43103378be41481b04a25ec1534">8421f34d</a></strong>
<div>
<span> by Christopher Byrne </span> <i> at 2024-07-23T16:18:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>cfg_rules.ini: Add missing ldap_user_passkey entry.

This fixes the following message when using sssctl config-check and using
the ldap_user_passkey config option:

[rule/allowed_domain_options]: Attribute 'ldap_user_passkey' is not allowed
in section 'domain/EXAMPLE.COM'. Check for typos.

Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/30d394d61200b1143bb962251db34ddae9b5dc9d">30d394d6</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-07-23T16:20:06+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: housekeeping - test_cache.py

housekeeping, the following is looked at and may have been done:

* fixed typos and standardized formatting
* renamed test cases to improve the clarity of what the test does
* improved docstring language, setup, steps and expected results
* synced code with the docstring order
* removed necessary configuration relevant to the test
* added pytest.mark.importance to test cases

noteable changes:

* created test_tools.py to move sss_cache test to
* renamed test_sss_cache.py to test_cache.py
* renamed test_memory_cache.py to test_memcache.py

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0717974bf784f9b0170e0aa307030e722d61eeab">0717974b</a></strong>
<div>
<span> by spinningTops </span> <i> at 2024-07-23T16:21:17+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Expose flat_name for use in homedir path

Let the use of the domain flatname (%F palceholder) in homedir path also for AD subdomains.

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/55db5db15c2887632c6af8b58000192fef8c043f">55db5db1</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-07-23T16:27:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: housekeeping: Description in passkey tests

Added the detail description about passkey,
how to register the passkey and test with umockdev.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/447deb0300be5e8ff22d45178c107855cfc7aa7e">447deb03</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-07-23T16:29:27+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: housekeeping, test_proxy.py

* added test to authenticate using pam and nslcd
* updated setup code with sssd.common function
* fixed the language and added importance markers
* added description giving a quick overview of the bz in the docstring

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/71160e350999d0aa058bf98f05d7928f08f2b449">71160e35</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-07-23T16:39:34+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: add details for ad_access_filter

Mentioned explicitly that GPO based access control must be disabled if
ad_access_filter based access control should be the only access control.

Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f43dcc30a4534de1c8aaa141920db714bd503332">f43dcc30</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-07-24T16:40:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: housekeeping - test_trusts.py -> test_ipa_trusts.py

* renamed file to test_ipa_trusts.py
* added assertion error messages
* removed redundant assertion
* clarified steps and results

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f70411aac3a27acc87b6bfd02892bed76eb6e697">f70411aa</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-07-24T16:55:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: housekeeping, test_files.py

* fixed typos and standardized formatting
* renamed test cases to improve the clarity of what the test does
* improved docstring language, setup, steps and expected results
* added pytest.mark.importance to test cases
* the tests are simple, removed the error messages

* root lookup test updated with an additional assertion

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8c19d7b6f0cf392cb4fa266a5933d4eebbb17090">8c19d7b6</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-07-24T16:58:52+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: housekeeping, test_ldap.py

housekeeping, the following is looked at and may have been done:
* fixed typos and standardized formatting
* renamed test cases to improve the clarity of what the test does
* improved docstring language, setup, steps and expected results
* synced code with the docstring order
* removed necessary configuration relevant to the test
* added pytest.mark.importance to test cases

noteable changes:
* removed lookup_user_default_naming_context_and_no_search_base because it is already covered by another test scenario
added description to ppolicy tests, providing an explanation
* removed enumeration configuration from tests where enumeration is not being tested
* removed test case checking log messages for timeout

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Anuj Borah <aborah@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7716d13c2a2364c76803f1e1360178f3385ec38d">7716d13c</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-07-24T17:42:47+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: housekeeping, test_authenticaiton.py

housekeeping, the following is looked at and may have been done:
* fixed typos and standardized formatting
* renamed test cases to improve the clarity of what the test does
* improved docstring language, setup, steps and expected results
* synced code with the docstring order
* removed necessary configuration relevant to the test
* added pytest.mark.importance to test cases

noteable changes:
* big rename on the test case names, after discussing that some cases
  will have the positive and negative test, it no longers to be
  specified

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7c83a76008c07a3f062f2c66a70cd9089bd0c686">7c83a760</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-07-27T13:39:39+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: add new systemtap-sdt-dtrace to build deps

This is to upstream
https://src.fedoraproject.org/rpms/sssd/c/7e881a77172944535eb20a1f3ba1c5b4441d18d4

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fc000fa60e41be9e0e5941c87bdf8d66df558db6">fc000fa6</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-07-29T11:29:39+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Add fallback log directory for custom_log.py

Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4d1c4d7f3d988dee82f0c96a6a7b6a0bde5b2d26">4d1c4d7f</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-07-29T16:12:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: housekeeping - test_failover.py

* extended the test to the generic provider
* added assertion error messages
* improved some grammar and word choice

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e4ae4d6129e85fe99bbb82438ed90352400ecdf3">e4ae4d61</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-07-30T19:31:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BUILD: configure logrotate to work with non-root-group writable folder

Otherwise logrotate complains:
```
error: skipping "/var/log/sssd/sssd_kcm.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
```

See https://bugzilla.redhat.com/show_bug.cgi?id=2299733 for details

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a7d0bbeb5a8a41e80fec91d7d38b5dcb35eebe8f">a7d0bbeb</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-08-01T17:15:48+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: merge 'sssd-polkit-rules' into 'sssd-common'

'p11_child' runs under non-privileged user and thus requires
polkit-rules by default.

Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c3ce4bc1ac8427d95bf56599357f769bd0513da5">c3ce4bc1</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-08-02T11:55:59+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: remove multihost basic tests

* test_ifp.py test are now convered in system/test_infopipe.py
* test_kcm.py test are now covered in system/test_kdm.py and
  authselect/system/test_sssd.py , the functional credential delegation
** a functional test has been added to the test plan
* test_ldapapi.py tests are low priority with a larger effort to move.
** test configures ldap, using the 389 slapd file for it's URI, this
test can only be performed on a server and does not offer much value.
this test has been added to the test plan and will be re-implemented if
approved.

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d213e59cd9c458a6ab7f3db19db60478fd30a23e">d213e59c</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-08-02T14:55:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: update the tests to work with latest pytest-mh

Latest version added an option to replace SSH connections with podman
or docker, therefore a generic interface was created. Most notably,
`host.ssh` was replaced with `host.conn`.

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8e59f7700b83020308b8a7e203b2f437821b6f29">8e59f770</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-08-02T14:55:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: use podman instead of ssh to speed up in PR CI

We can now use podman instead of ssh run commands on the host. This
is quite faster so we can benefit from it in PR CI.

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/216231770e33f9ffd6875941b4cd26e5600c4f4f">21623177</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-08-02T15:42:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: housekeeping: test_sss_ssh_knownhosts.py => test_ipa.py

Update the docstring of each test.
Update the test case method name.
Added assertion error messages on failures.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ec7a80f9115e19d829aafa3ad41b0806f1fac00e">ec7a80f9</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-08-06T13:44:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: capture full 'config.log' from ./configure

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ccdee0042c256434f90d62885e0b7475ad8283d1">ccdee004</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-08-08T16:19:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: stabilize test_sudo__refresh_random_offset

This test was previously unstable, since it is possible that the
contents of the log file were not yet fully written to the disk.
We need to stop SSSD to ensure that all logs are flushed.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b9a279b4e0dc215853b77bc6233ca3365a772633">b9a279b4</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-08-08T16:19:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: switch back to ssh connections in system tests

We have switched to podman connection to run the tests faster.
However, even though podman is approximately twice as fast in
local run with recent podman version, it is quite slower in
PR CI.

Further, the podman and related components available in
Github Ubuntu runners are quite outdated and they still have some
issues. We were often hitting a bug where `podman exec` would yield
incomplete stdout.

See: https://github.com/containers/podman/issues/9096

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fcda45b05f1cc95c5735f770d1d860b34351a027">fcda45b0</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-08-08T20:38:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: housekeeping - schema

housekeeping, the following is looked at and may have been done:

* fixed typos and standardized formatting
* renamed test cases to improve the clarity of what the test does
* improved docstring language, setup, steps and expected results
* synced code with the docstring order
* removed necessary configuration relevant to the test
* added pytest.mark.importance to test cases
* added error messages to assertions

Notable changes:

* added integration marker
* moved schema tests to cache
* renamed schema test names

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/33fdf759bd30012b9aa316628c09432affca60af">33fdf759</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-08-19T07:42:00+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: change parameters for pytest.mark.flaky to max_runs

Old python automation was using pytest-rerunfailures plugin
providing pytest.mark.flaky with different parameters than flaky.
Now we got both in idmci and flaky takes precendence so we need
to use max_runs instead of reruns.

Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3bc526eb680e278f8b7c70c56bf7037899d78744">3bc526eb</a></strong>
<div>
<span> by Dominika Borges </span> <i> at 2024-08-19T09:31:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>doc: improve ad_access_filter option

Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/78cf0cf2551eb731e85795be8a0810cad36b34b5">78cf0cf2</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-08-19T15:17:14+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: don't use deprecated 'sssd.conf::user' option

Use 'sssd.service::User' option instead.

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0728b2fdc5ba4c6df848cab81196093b5f82c7b3">0728b2fd</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-08-19T15:17:14+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: passkey: force 'root' service user

Passkey tests still don't work when SSSD runs under 'sssd' user.
Configure SSSD to run under 'root' explicitly instead of skipping tests.

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4fc351ca8e551955893a1f09097d195e341a706a">4fc351ca</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-08-20T08:04:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: fixing test step language

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/edb35afcf4ead3d0d80a6aa7ff4d88e9a72081c9">edb35afc</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-08-20T12:51:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: housekeeping, test_identity.py

housekeeping, the following is looked at and may have been done:
* fixed typos and standardized formatting
* renamed test cases to improve the clarity of what the test does
* improved docstring language, setup, steps and expected results
* synced code with the docstring order
* removed necessary configuration relevant to the test
* added pytest.mark.importance to test cases

noteable changes:
* auto_private_group tests reworked, adding two more test cases

Reviewed-by: Alejandro Lopez <allopez@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/34cd828d5058fd0ef8660c3ee046ab7814b2425e">34cd828d</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-08-20T19:19:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: updating gpo test case to test all auto_private_group values

Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5339573f093a6325c5afdfcbe7197eaaea287be9">5339573f</a></strong>
<div>
<span> by Jakub Vavra </span> <i> at 2024-08-22T07:35:08+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add test for bz 1913284 keytab permission denied

sssd status shows error "krb5_kt_start_seq_get failed: Permission denied" when running as unprivileged user 'sssd'

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b26b32de416e581f1239ccf20699112a1425377f">b26b32de</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-08-22T12:06:59+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Unit tests: use ".invalid" domain name for OCSP responder

to make DNS lookup fail faster.

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/72232cc148777f61583f2db68d6c75873c0b6d96">72232cc1</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-08-26T10:48:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: add topology marker back to test_ldap__password_change_using_ppolicy

This was accidentally removed by
8c19d7b6f0cf392cb4fa266a5933d4eebbb17090

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c006b88d9385b53f199949b5f9015b5f4a8b9893">c006b88d</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-08-26T10:48:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: avoid skipif in the system tests for feature detection

@pytest.mark.skipif condition parameter only takes expressions that
evaluates to boolean or string that is eval'd by pytest. This happens
way before the role objects are instantiated and it does not work.

These lambda functions are not executed at all (and can not be
executed because pytest does not support that). The reference to a
function is just evaluated to True therefore the test is always skipped.

This was broken by
4e95d6f6c1bdd90bd1ca666fa2989bcda443f0a4

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0d07b4986756d535174239d9275f2c519a8f4fb9">0d07b498</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-08-27T10:22:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Update code handling systemd-resolved for F42.

Systemd-resolved changed configuration file location we need to handle both
file locations. We need to set AD as nameserver for client to join realm.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6f8bc2bec3f4701ea63ee8eaaf05511885e1754f">6f8bc2be</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-08-27T10:22:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Addd sssd.log when sssd does not start.

The sssd.log might come useful when debugging why sssd did not start.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6dec9f7c7bed1bc3f6d2e7bb1b9ff8da43614285">6dec9f7c</a></strong>
<div>
<span> by aborah </span> <i> at 2024-08-27T14:52:23+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Port ipa/test_authentication_indicators to new test framework

https://github.com/SSSD/sssd/blob/master/src/tests/multihost/ipa/test_misc.py#L258

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9e6ca53ad6ea145061fd89ed615178ec68c222c5">9e6ca53a</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-08-28T12:06:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Remove converted test cases

Delete the already converted test cases to new test case
framework.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f4bf66d08d4c33c9b7db17a86bc66e5272b5d69e">f4bf66d0</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-08-28T12:06:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Force delete to local user

Add -f to force delete the local user.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0f351c2bb3d2287d382a9f9f2724bd262c8a60e0">0f351c2b</a></strong>
<div>
<span> by Kaushik Banerjee </span> <i> at 2024-09-02T06:53:56+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Restart systemd-journald instead of stop/start

systemd-journald service by default is in running state.
The tests should restart the service after modifying configurations.

Signed-off-by: Kaushik Banerjee <kbanerje@redhat.com>

Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7067b579b9c8309e65af026df88cd720a50d7b83">7067b579</a></strong>
<div>
<span> by Kaushik Banerjee </span> <i> at 2024-09-02T11:47:42+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Disable journald rate limiting during alltests pytest session

Logging was paused as the journald rate limit was reached.
Disable rate limiting during the alltests pytest session.

Signed-off-by: Kaushik Banerjee <kbanerje@redhat.com>

Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/39ecf47a3387429bb59f675c62a9245975900566">39ecf47a</a></strong>
<div>
<span> by Kaushik Banerjee </span> <i> at 2024-09-03T09:03:36+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Move journald rate disable to common/fixtures.py

Disabling journald rate limit was limited to alltests/conftest.py
Moving it to common/fixtures.py will cover all the tests.

Signed-off-by: Kaushik Banerjee <kbanerje@redhat.com>

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e5140ab081a7316dc43b83686e9e25593c27b12e">e5140ab0</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-03T10:02:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BUILD: drop suppot of '--without-infopipe' ./configure option

:relnote: Support of '--without-infopipe' ./configure option was dropped.
Feature is long time out of experimental state. Since building it doesn't
require any additional dependencies, there is not much sense to keep
option available. Those who not interested in feature can skip installing
sssd-ifp sub-package.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c58f071b562e06fe50086289df4ebadf55ee261c">c58f071b</a></strong>
<div>
<span> by Kaushik Banerjee </span> <i> at 2024-09-04T10:47:36+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: Use c_rehash instead of deprecated cacertdir_rehash

cacertdir_rehash was deprecated when authconfig was migrated to
authselect. Use openssl rehash or c_rehash instead.

Signed-off-by: Kaushik Banerjee <kbanerje@redhat.com>

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f05bd34e8a07ccdc3f01895c3b31a3aeeac9b09e">f05bd34e</a></strong>
<div>
<span> by Ondrej Valousek </span> <i> at 2024-09-04T10:48:22+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>AD provider: Read sAMAccountName attribute unconditionally

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7a27e5391f2563ae8878d8f9b1829b759074131a">7a27e539</a></strong>
<div>
<span> by Ondrej Valousek </span> <i> at 2024-09-04T10:48:22+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>AD: Construct UPN from the sAMAccountName

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/14d7796a70bd709f690c0e714681039d0a6f72c0">14d7796a</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-09-04T10:48:56+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: housekeeping - sss_override

housekeeping, the following is looked at and may have been done:

* fixed typos and standardized formatting
* renamed test cases to improve the clarity of what the test does
* improved docstring language, setup, steps and expected results
* synced code with the docstring order
* removed necessary configuration relevant to the test
* added pytest.mark.importance to test cases

noteable changes:

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/77c913f7b2ec811a4ae4a34b04ddfe430604a121">77c913f7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T10:00:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS/LOGS: remove redundant check

Check for 'root' is performed in sss_tool_main() -> ... -> tool_cmd_init()

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/54a1e91738520a22c95eae23425d0332b9c5dfe1">54a1e917</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T10:00:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: mistype fix

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c65d99ca6587432425a35213fd566b1e072d9a49">c65d99ca</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T10:00:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sssctl: remove unneded include

Not needed since 5b93634c7f0e34f69b4cf8fb9b2e77b9179024a7

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dbbdd03966b73e6c0d4b8882c115e0d7eea8f25d">dbbdd039</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T10:00:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sssctl: mark internal function as static

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e6cf9e4b4799a48f38ed83fc7a5f7c4f6d5c543a">e6cf9e4b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T10:00:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: removed `sss_route_cmd::handles_init_err`

It's not used since 0d686b5d71848dce7757cadc4e67ad6b95b34355

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f825fecb5b4828aa5f33e6e7d0b79ee276270cd1">f825fecb</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T10:00:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: cache-expire: skip init and root-check

This is merely a wrapper around `sss_cache` that performs needed
operations / checks internally.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/61813cdf04ed4139b203be106a8c82c3f2a6adff">61813cdf</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T10:00:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: cache-remove: skip init

`sssctl_cache_remove()` doesn't use `sss_tool_ctx` so no need to
initialize it.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/620fed1603ceddbd94e834abcb4fb6369aaa670d">620fed16</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T10:00:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: client-data-backup: skip init and root-check

This is merely a wrapper around `sss_override` that performs needed
operations / checks internally.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0d099538b73000e06967ccb64203434417ea0807">0d099538</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T10:00:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: client-data-restore: skip init

`sssctl_client_data_restore()` doesn't use `sss_tool_ctx` so no need to
initialize it.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3621a587a32589e8404ed1f2356fcbfebc128efc">3621a587</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T10:00:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: mistype fix

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3dcc17bb20f187a7d97a94dcd6e27bba24602ef1">3dcc17bb</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T10:00:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: logs-fetch: skip init

`sssctl_logs_fetch()` doesn't use `sss_tool_ctx` so no need to
initialize it.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/59e5037db7c308c6639beb7c52c9f9180302ac04">59e5037d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T10:00:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: logs-remove: skip init

`sssctl_logs_remove()` doesn't use `sss_tool_ctx` so no need to
initialize it.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/09cf1a9a8220e584fba91e59e1d421f332e83780">09cf1a9a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T10:00:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: sssctl_wrap_command(): remove unneeded args

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a58979334b801653a5fde49e37ff12c4d4cc0c48">a5897933</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T10:00:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: get rid of unused `void *pvt`

in the chain `sss_tool_main()` -> ... -> end functions.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/97a8d9ff42f0c10a3e660a994dabcc4fe06b3486">97a8d9ff</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T10:00:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: cache-index: skip init

`sssctl_cache_index()` doesn't use `sss_tool_ctx` so no need to
initialize it.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f86fb707b4d4d10feb9c92d88cc415ae40968444">f86fb707</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T20:47:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sss_cache: remove a crutch

 - this thing is clumsy and just doesn't work (as reported by bootc project);
 - shadow-utils/SSSD integration goes away anyway on those rare platforms where
   it was enabled because 'files provider' went away;
 - finally, in general it's weird to condition sss_cache operability on a variable
   that sounds like "systemd doesn't run". There is no guarantee that this variable
   is only set by 'rpm-ostree' and won't break things in other situations.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/432f280ada5d7eb84bdebb7c3f6060c730bae536">432f280a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T20:48:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: skip confdb_init if no context ptr provided

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/14d4e01d8dd032a8251d3c0ea96a2db0bd876b82">14d4e01d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T20:48:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: get rid of code duplication

Take a note this also enforces check for existance of config.ldb in additional
code paths (this is intentional side effect, see a008accecd6d0b35e8d57d738ee3d05863aa7d0f)

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/50b4579413c1146a2fced5ced19977e13790731c">50b45794</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T20:48:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TOOLS: use `sss_tool_confdb_init()` everywhere

Take a note this also enforces check for existance of config.ldb in additional
code paths (this is intentional side effect, see a008accecd6d0b35e8d57d738ee3d05863aa7d0f)

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/604be8d1c2129f97ce1135ade60ba55f3014cd89">604be8d1</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-05T20:48:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CONFDB: move sanity check

closer to a place where argument is really used

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0be58a26ee7feffbe03e0a817e7c0a6f2534a5e5">0be58a26</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-09-11T11:32:14+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests - housekeeping - logging

housekeeping, the following is looked at and may have been done:

* fixed typos and standardized formatting
* renamed test cases to improve the clarity of what the test does
* improved docstring language, setup, steps and expected results
* synced code with the docstring order
* removed necessary configuration relevant to the test
* added pytest.mark.importance to test cases
* added error messages to assertions

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f22c966ffbb0f7b6042f8d5b50625b7e977ea8e5">f22c966f</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-09-13T14:01:58+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LDAP: read ldap_use_ppolicy as boolean

This patch fixes a typo where the ldap_use_ppolicy option is read as int
instead of boolean. This will avoid debug messages like e.g. "Requested
type 'Number' for option 'ldap_use_ppolicy' but value is of type
'Boolean'!"

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c0c46bf6a2012b2fac5632a91c578311c1a85457">c0c46bf6</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-13T14:03:12+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: don't fail uninstallation if 'alternatives' fails

This is seen on rpm-ostree based system during uninstall:
```
Running scriptlet: sssd-client-2.9.5-4.el9.x86_64 9/9
admindir /var/lib/alternatives invalid
error: %preun(sssd-client-2.9.5-4.el9.x86_64) scriptlet failed, exit status 2
```

This should be fixed by https://github.com/fedora-sysv/chkconfig/pull/135
but let's avoid hard failing here anyway.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2dae1f64d1478ffb96064004e1b67b65379b994f">2dae1f64</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-13T14:03:12+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD: chown all artifacts at startup

Main reason for this is compatibility with rpm-ostree based
systems where rpm post install scriplets aren't run on an
actual system.

In general this looks like an unneeded overhead since ownership
can be only wrong after upgrade from sssd-2.9- to sssd-2.10+

But this appears to be most simple solution atm and from practical
point of view the main issue is merely a clutter in service files.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a33114020827eb9f5a98482d4fbef521bf685ee8">a3311402</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-09-13T14:23:34+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>oidc_child: use CURLOPT_PROTOCOLS_STR if available

Since curl version 7.85.0 CURLOPT_PROTOCOLS is deprecated and should be
replaced by CURLOPT_PROTOCOLS_STR.

Resolves: https://github.com/SSSD/sssd/issues/6922

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fb8aa35f4ff3d0432d1883dd7f58c64d695d0634">fb8aa35f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-16T13:28:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: drop the code that upgrades from v < 15

It's reasonable to expect that nobody will attempt an upgrade
from DB version older than "0.16" (sssd-1.12) to "0.25"+

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/842dbbbbe27e28c26b0c9397fb526b0c7891f931">842dbbbb</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-16T13:28:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: only monitor (and tests) should create cache files

Everything else (providers, responders, tools) should only connect to.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0aab0b1844ec17a829e8ddb2becff054d8f3a6e5">0aab0b18</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-16T13:28:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: removed unused define

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/97571b16d8c73342e4bb78a37b9728839e7b8b78">97571b16</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-09-17T10:03:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: removing intg/test_confdb.py

These test are covered test_sssctl.py

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e442fdf717135f169ced3b7e1395157830480f53">e442fdf7</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-09-17T12:03:17+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: removing intg/test_files_ops.py

These tests the user/remove functions and can be dropped.

Reviewed-by: Anuj Borah <aborah@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f83ea91aa773050e992fd58753f670668f3549a8">f83ea91a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-17T17:03:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD: shell expansion of * doesn't work in ExecStartPre

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/43cfcfeedc558536e86dbc1e72a9c59f24a8a5bf">43cfcfee</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-18T16:33:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: build C9S '--with-files-provider'

to match downstream

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ff1d8b76431150cdc9a171ad9ef059977d6bbbb8">ff1d8b76</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-18T16:33:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: build C9S '--with-extended-enumeration-support'

to match downstream

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c62986827ac525ca7bf653b4d0e1e604384b35d9">c6298682</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-18T16:33:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: build C9S '--with-ssh-known-hosts-proxy'

to match downstream

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/41dfdccc84273aca3cbde9a8c8570c2fb3910545">41dfdccc</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-18T16:35:06+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESOLV: removed unused argument

`resolv_gethostbyname_dns_parse()` didn't use `status` and it was
always set to `ARES_SUCCESS` anyway.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8227599e053850a4873f5632e9667488e6c42a55">8227599e</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-18T16:35:06+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESOLV: supress deprecation warnings

In theory new API might be somewhat better.

But:

1) it's fairly new: `ares_search_dnsrec()` and `ares_query_dnsrec()`
were introduced in c-ares-1.28 while even CentOS Stream 10 has
c-ares-1.25, so SSSD would need to support (fallback) old API anyway.

2) SSSD doesn't make heavy use of DNS, so potential performance
improvements are really negligible.

On the other hand, old API/ABI will be available for a long time:
https://github.com/c-ares/c-ares/pull/732#issuecomment-2028454381

For those reasons it's not worth the effort to port code to new API
right now.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0e836edcffcfd5a859c541b0e0b12c1a846d7523">0e836edc</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-09-18T16:37:34+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>cert util: replace deprecated OpenSSL calls

In OpenSSL 3.0 some of the calls we currently use in the utility
functions to covert the public key from a X.509 certificate into an ssh
public key got deprecated. This patch replaces them if OpenSSL 3.0 or
newer is used.

In contrast to the older calls which just returned references the new
calls return the requested data in freshly allocated memory. To keep
it consistent the data referenced by the old calls are copied into
allocated memory as well.

Resolves: https://github.com/SSSD/sssd/issues/5861

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a86ee649ac7cd80cfb3c1b50ae728fbf12d1b92a">a86ee649</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-20T11:13:26+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Require OpenSSL >= 1.0.1

:packaging:Support of OpenSSL older than 1.0.1 was dropped

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/67ba42c48abb9270982836310488e35d9fc1d451">67ba42c4</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-09-20T11:15:57+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam: only set SYSDB_LOCAL_SMARTCARD_AUTH to 'true' but never to 'false'.

The krb5 backend will only returns that Smartcard authentication is
available if a Smartcard is present. That means if the user
authenticates with a different method and a Smartcard is not present at
this time 'sc_allow' will be 'false' and might overwrite a 'true' value
written during a previous authentication attempt where a Smartcard was
present. To avoid this we only write 'true' values. Since the default if
SYSDB_LOCAL_SMARTCARD_AUTH is missing is 'false' local Smartcard
authentication (offline) will still only be enabled if online Smartcard
authentication was detected.

Resolves: https://github.com/SSSD/sssd/issues/7532

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/69f63f1fa64bd9cc7c2ee1f8e8d736727b13b3be">69f63f1f</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-09-24T10:32:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sdap: allow to provide user_map when looking up group memberships

To allow to lookup group memberships of other objects similar to user
objects but with different attribute mappings, e.g. host objects in AD,
a new option to provide an alternative attribute map is added.

Resolves: https://github.com/SSSD/sssd/issues/7590

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5f5077ac1158deff6fbb51722d37b9c5f8b05cf7">5f5077ac</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-09-24T10:32:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad: use default user_map when looking of host groups for GPO

Use the default AD user attribute map to lookup the group membership of
the AD host object. This should help to avoid issues if user attributes
are overwritten in the user attribute map.

Resolves: https://github.com/SSSD/sssd/issues/7590

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f6ad1828cf0d59e48734a52b29549e53e33b65f3">f6ad1828</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-25T15:13:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD: chown gpo-cache as well

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/823d7870258c6090769816ae95ba3a0b1f1f1404">823d7870</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-09-25T15:15:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSH: sss_ssh_knownhosts must accept port numbers

sss_ssh_knownhosts was only accepting a hostname or IP address, but no
port number. Because token %H of ssh(1) could pass a port number, it
must be accepted.

The %H token can provide the hostname and port number in the
following format:

hostname
canonical.host.name
IP-address
[hostname]:port
[canonical.host.name]:port
[IP-address]:port

The port is specified only when a non-default port is used.

Identifiers without the brackets are also recognized in case a user
invokes the tool directly.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0330ebeba812d9be227d7505e13dc86fd710665c">0330ebeb</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-27T13:33:14+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT:PAM: replace deprecated `_pam_overwrite`

with `sss_erase_mem_securely()`

Resolves: https://github.com/SSSD/sssd/issues/7606

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/312e0ebac1cd17007bf47560b12cdae0fdce4295">312e0eba</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-27T13:33:14+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Revert "ci: allow deprecated functions during build"

This reverts commit ef014b8b293ca7859dc8c30db4cdcfa343c3c477.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/10bf7ab415a68bf89dd62f90f8d33bd83df0f750">10bf7ab4</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-09-27T17:38:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: use '/run/sssd' as a home dir for 'sssd' user

even if 'sssd.sysusers' aren't used.
Practically this is only important for C9S, since C10S and
modern Fedora versions do use 'sssd.sysusers'

Also use `usermod` to update home dir in case user already exists.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ef2a6185738e3f349182dc1632dbf567bd573305">ef2a6185</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-09-30T12:18:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: improving gpo tests to be run against ad and samba

Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/39856247e437a5ce3a65772c1337946b1c00ec8d">39856247</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-01T09:13:53+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT:PAM: avoid NULL deref

This is hardly possible in the wild but should fix Coverity
complain.

Reviewed-by: Alejandro López <allopez@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/60f282d2c9b336a1293503af3810414d9a83fc18">60f282d2</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-01T19:09:57+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: keep 'sssd-polkit-rules' on RHEL9

this partially reverts a7d0bbeb5a8a41e80fec91d7d38b5dcb35eebe8f

 - RHEL9 will keep default value of service user set to 'root',
   so polkit rules shouldn't be needed by default

 - it's undesirable to remove sub-package within a major release

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cb9319677e95bfec2396ada31dae4628b0418384">cb931967</a></strong>
<div>
<span> by xuraoqing </span> <i> at 2024-10-01T19:15:19+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>fixed memory leak due to use popt incorrectly

Signed-off-by: xuraoqing <xuraoqing@huawei.com>

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3a644161d5a82c84627002305894051c157879b4">3a644161</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-10-01T20:26:17+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sdap: Log hint for ignore unreadable references

Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b1bee78de84c21642c400780d57a2a9988c30613">b1bee78d</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-10-01T20:28:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: removing intg/test_sudo.py

These two tests are covered by system/tests/test_sudo.py

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4295e0032997af6f640d74d38a8e0842f9f9d42e">4295e003</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-10-01T20:30:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: removing intg/test_kcm.py

These tests are covered by system/test_kcm.py

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b4bca9822e6b375019d762ee2721b003cef923ed">b4bca982</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-10-04T13:55:42+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>make_srpm: fallback to tar if git archive fails

All copr builds are currently failing due to:
https://github.com/fedora-copr/copr/issues/3421

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8be21725aa0948371ab6ed8839877355930e6e77">8be21725</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-10-07T20:06:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>conf: remove unused reconnection_retries

This option is no longer used since 9f8551a195cddc9ac898b90610be5fb30a16f4e4

Resolves: https://github.com/SSSD/sssd/issues/7502

:config: Option `reconnection_retries` was removed since it is no longer
  used. SSSD switch to a new architecte of internal IPC between SSSD
  processes where responders do not connect to backend anymore and
  therefore this option is no longer used.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1c91ea05cec9882d671283099c1647595229487a">1c91ea05</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-10-09T10:04:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: Link DbusConnection and sbus_connection

Although related, the DbusConnection and its associated sbus_connection
had no link in the logs. We had this:

```
[sbus_server_new_connection] (0x0200): Adding connection 0x11fe700.
...
[sbus_server_bus_hello] (0x4000): Assigning unique name :1.3 to connection 0x11e4a90
```

Now we have:
```
[sbus_server_new_connection] (0x0200): New dbus connection 0x11fe700.
...
[sbus_server_new_connection] (0x0200): Adding sbus connection 0x11e4a90.
...
[sbus_server_bus_hello] (0x4000): Assigning unique name :1.3 to connection 0x11e4a90
```

Which allows to establish the relationship between them: the new
sbus connection is associated to the preceding dbus connection. Both
messages are logged by the same function.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e0ec488c13607808715172299666ad4176f03f8a">e0ec488c</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-10-09T10:04:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: Set destructor for the right connection

When the monitor receives a `sssd.monitor.RegisterService` D-Bus method,
it is received on the listening connection and not on the client's
connection. Because of this, the destructor is set for to the listening
connection (taken from the sbus_request) and instead of the client
connection.

The client connection can be retrieved searching it by the sender's
name in the `sbus_server` accessible from the `mt_ctx`, to set the
destructor to the correct connection in the function
`monitor_sbus_RegisterService()`.

Resolves: https://github.com/SSSD/sssd/issues/6897

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/263cb2e736ba2eea80b1ab2c62ecf6d945d8ea0e">263cb2e7</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-10-09T10:05:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sbus: terminate ongoing chained requests if backend is restarted

If there is an outgoing request already chained and backend is
restarted, a new outgoing request is chained but not processed,
it waits for a timeout.

This patch makes sure that all outgoing requests are gracefully
terminated if backend restarts.

Resolves: https://github.com/SSSD/sssd/issues/7503

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c1434c1aee47247097cacc2d0f11f9a8c4e6284e">c1434c1a</a></strong>
<div>
<span> by Pavel Raiskup </span> <i> at 2024-10-14T11:24:43+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>rpm: drop the --remote argument from git-archive call

It seems that current (autumn 2024) git releases somehow dislike
the use of `--remote=file://` when it applies the [safe] directory
checks.  The option doesn't seem to be useful though, so let's drop
it to fix the Copr builds.

Relates: https://github.com/fedora-copr/copr/issues/3421

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/17c37e44417d85fc6db3cd6ca093aa051047c1e7">17c37e44</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-10-14T11:25:47+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Update ldap test to use journal utility.

Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/36d8289250d3829a6b38c9b4ef9f89dfe151e41a">36d82892</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-10-14T11:26:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BE: Maintain the list of periodic tasks

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/423e5b93773b1552b0c60caad130fad2dda5ccdf">423e5b93</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-10-14T11:26:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>WATCHDOG: Use a constant instead of the signal name

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fae131ad41b714f1fca4247990ca40dc19f72c63">fae131ad</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-10-14T11:26:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>WATCHDOG: Send SIGRTMIN+1 signal when clock shift is detected

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/07ce89e14e3de75ef842cac22efd81fc42407f35">07ce89e1</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-10-14T11:26:24+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BE: Handle SIGRTMIN+1 signal to reschedule periodic tasks

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fdf7e75ce85bf2ca9202f6ce24cb2c939b97b600">fdf7e75c</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2024-10-14T11:26:25+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MAN: Document SIGRTMIN+1 signal usage

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c9026bf09afa0e917f3778a2ab9d068de449c483">c9026bf0</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-14T11:47:32+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Move 'nscd' helper functions out of 'utils'

as it's not used anywhere outside 'monitor'.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7f0f5a6ccbef843be3c246c84ad28f5c8ed06355">7f0f5a6c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-14T11:47:32+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CONFDB: introduce helper to read a full list of configured services,

including implicitly configured

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/28bb1467fe673fe7c09f75b29fe72dde836eb220">28bb1467</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-14T11:47:32+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IFP: use new helper to retrieve services list

This still won't handle socket activated services, but should
take care of implicitly configured services at least.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/59c48f7dfca6d1644fe35d0dbc474f8af3cdce19">59c48f7d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-14T11:47:32+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>socket_activated_responders: check confdb

(instead of sssd.conf) using new helper to take into
account implictly configured services.

Resolves: https://github.com/SSSD/sssd/issues/5013

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/32e7616e2cfa879345a49f1e3242cac08e3d0178">32e7616e</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-14T11:47:32+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>socket_activated_responders: log to syslog instead of stdout

Otherwise logs of 'ExecStartPre' command are lost.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/272ee81b7304da37095a9727b062d124bf0fbbc0">272ee81b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-14T11:47:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS:INTG: 'implicit files domain' not supported

since 501e05f46252ba6e097983a871c92b3896b596f2

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dbf47635513fb5ac7fc398c065506e740929ad19">dbf47635</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-14T11:47:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CONFDB: don't hard fail in add_implicit_services()

if no explicitly configured domains found.

There are might be 'enable_files_domain = true' or app domains that
are expanded later.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9bb7b920121a014bc4815e2b4d4a96bb628f0235">9bb7b920</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-14T11:47:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CONFDB: mistype fix

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c265745f44b21972fc9754e31d765c73d07da4a8">c265745f</a></strong>
<div>
<span> by Weblate </span> <i> at 2024-10-15T11:25:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>po: update translations

(Swedish) currently translated at 100.0% (2790 of 2790 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/

po: update translations

(Czech) currently translated at 6.3% (177 of 2790 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/cs/

po: update translations

(French) currently translated at 100.0% (748 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/

po: update translations

(Swedish) currently translated at 99.5% (2777 of 2790 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/

po: update translations

(Swedish) currently translated at 99.5% (2777 of 2790 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/

po: update translations

(Swedish) currently translated at 99.4% (2775 of 2790 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/

po: update translations

(Swedish) currently translated at 99.4% (2775 of 2790 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/

po: update translations

(Swedish) currently translated at 99.0% (2764 of 2790 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/

po: update translations

(Swedish) currently translated at 100.0% (748 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/

po: update translations

(Swedish) currently translated at 94.5% (707 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/

po: update translations

(Swedish) currently translated at 94.5% (707 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/

po: update translations

(French) currently translated at 93.7% (701 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/

po: update translations

(Russian) currently translated at 100.0% (2792 of 2792 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/

po: update translations

(Russian) currently translated at 100.0% (2792 of 2792 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/

po: update translations

(Spanish) currently translated at 82.3% (616 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/

po: update translations

(Ukrainian) currently translated at 100.0% (2792 of 2792 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/

po: update translations

(Ukrainian) currently translated at 100.0% (748 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/

po: update translations

(Russian) currently translated at 100.0% (748 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/

po: update translations

(French) currently translated at 93.1% (697 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/

Update translation files

Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/

po: update translations

(Turkish) currently translated at 100.0% (748 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/

po: update translations

(Czech) currently translated at 93.4% (699 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/

po: update translations

(Russian) currently translated at 100.0% (2789 of 2789 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/

po: update translations

(Russian) currently translated at 100.0% (748 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/

po: update translations

(Czech) currently translated at 92.9% (695 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/

po: update translations

(Czech) currently translated at 91.9% (688 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/

po: update translations

(Georgian) currently translated at 14.0% (105 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ka/

po: update translations

(Georgian) currently translated at 13.7% (103 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ka/

po: update translations

(Georgian) currently translated at 13.7% (103 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ka/

po: update translations

(Czech) currently translated at 91.7% (686 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/

po: update translations

(Korean) currently translated at 94.7% (709 of 748 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/

po: update translations

(Ukrainian) currently translated at 100.0% (2789 of 2789 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/

po: update translations

(Korean) currently translated at 66.6% (1712 of 2569 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/

po: update translations

(Ukrainian) currently translated at 99.8% (2784 of 2789 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/

po: update translations

(Korean) currently translated at 66.4% (1712 of 2577 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f09a66cacc4e82dc15557d1c7552f469a3a47629">f09a66ca</a></strong>
<div>
<span> by Elena Mishina </span> <i> at 2024-10-15T11:25:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>po: update translations

(Russian) currently translated at 100.0% (2792 of 2792 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2eef90a0c0d3409c24f986e1b5826eb30268ea5b">2eef90a0</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-10-15T11:46:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>po: fix sv language
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6ec5aa0da65371a2b20bc4ab96b8326364b61fdc">6ec5aa0d</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-10-15T11:46:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pot: update pot files
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/217b3fad3aa5b15879f7393ea1ac0ab137c2c4ef">217b3fad</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-10-15T11:46:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Release sssd-2.10.0
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f990b0ff7c97222a9ddead652dc4df0998e7ce6b">f990b0ff</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-10-15T15:22:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: rm intg/test_sss_cache.py

* this test is indirectly tested by several tests

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 934ae04e1387043fc0ac673ec6cf853724e15394)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d523261c312c1ccab0253ddf14b54daba44ed268">d523261c</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-10-15T15:24:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ldap: add 'exop_force' value for ldap_pwmodify_mode

In case the LDAP server allows to run the extended operation to change a
password even if an authenticated bind fails due to missing grace logins
the new option 'exop_force' can be used to run the extended operation to
change the password anyways.

:config: Added `exop_force` value for configuration option
  `ldap_pwmodify_mode`. This can be used to force a password change even
  if no grace logins are left. Depending on the configuration of the
  LDAP server it might be expected that the password change will fail.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 7184541976608d357a5da48d09a7fa08862477d8)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e609bb6d132dd5d74d04ba9bb155a50026d44634">e609bb6d</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-10-15T15:24:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: add 'expo_force' tests

The new value for the ldap_pwmodify_mode option 'exop_force' is added to
existing test. A new test to illustrate the different behavior of 'exop'
and 'exop_force' is added.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit deefe9ad82e8e0057aa77ea5be60a86d223900da)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2eec5ebbae15cfb024d53e6da227ad17ab13007c">2eec5ebb</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-10-15T15:29:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: Passkey test cases with diffferent auth_methods

Added following test cases
1. Check authentication of user with IPA server when
no pin set for the Passkey.
2. Check authentication of user with updated prompting
options
3. Check password authentication of user with IPA server
when sssd fall back to password authentication

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 94e47c5ce9b06b0ce8e527607c3e1e221e823841)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f3c985ca4090a1f9a3377c6b5082fb20324710b7">f3c985ca</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-10-17T11:16:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add missing returncode to test_0004_bz1638295

Reviewed-by: Anuj Borah <aborah@redhat.com>
(cherry picked from commit 4a7ab02d893a0e98b72bf711db126abfb4324ee9)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/78b1081e9c5542cb0e8a5d48ff1abb9ba1b9f585">78b1081e</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-17T17:36:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>When using SPDX expression the booleans must be in all caps.

Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit cbe3b03472a678b9a8470b3e3a0e08655808e06d)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d75d2fe97149a8d6a59dbd3d535be62bb8efcee0">d75d2fe9</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-17T17:41:00+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Get rid of on-house MIN/MAX definitions

This matches approach already taken in sss_client/idmap/sss_nss_ex.c

Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit b928dbe1fcb6cf4b7acbd97d3df9514d5c554953)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8a085c52dc45de628915e3601c33f6e5f9c50110">8a085c52</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-10-18T09:22:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Unify packages available on client for ipa suites

This is needed to detect sssd NVR for idmci.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit ed666e9fa8d5be66700d69186c2edb350df5816f)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1984036bb8472c00cde3497414fcf625b7875ff9">1984036b</a></strong>
<div>
<span> by Jan Engelhardt </span> <i> at 2024-10-21T18:40:57+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build: remove superfluous WITH_IFP leftover

```
$ autoreconf && configure
...
./configure: line 18674: WITH_IFP: command not found
```

Fixes: 2.10.0-beta2-63-ge5140ab08

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit a2e91d20fc876f7c976623ecd6f6fb282c2d406c)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0229f41956e505652a7b5394ebcd1a0922d429f3">0229f419</a></strong>
<div>
<span> by Scott Poore </span> <i> at 2024-10-21T18:41:47+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: sssd.conf update defaults for certmap maprule

The sssd.conf man page lists that the maprule RULE_NAME is used to match
a username.  However, this is conditional when built with the files
provider.  This change states that unconditionally in the maprule
defaults and states that it applies to both the files and proxy
providers.

Signed-off-by: Scott Poore <spoore@redhat.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 510130e844785b5ab7cb8415b1eb326d85360feb)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1a743a4123c104a10c694f7ee9d2f0a1e7182513">1a743a41</a></strong>
<div>
<span> by Jan Engelhardt </span> <i> at 2024-10-21T18:42:56+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sssd: always print path when config object is rejected

Observed:

```
Oct 16 09:44:04 a4 sssd[28717]: [sssd] [sss_ini_read_sssd_conf] (0x0020): Permission check on config file failed.
Oct 16 09:44:04 a4 sssd[28717]: Can't read config: 'File ownership and permissions check failed'
Oct 16 09:44:04 a4 sssd[28717]: Failed to read configuration: 'File ownership and permissions check failed'
```

Expected:

_Well yes, but **which one**_!?

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit 2b7915dd84a6b8c3ee26e45357283677fe22f2cb)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8adf0cc45d9d24038493578aea2665942fcae8fc">8adf0cc4</a></strong>
<div>
<span> by santeri3700 </span> <i> at 2024-10-21T18:44:35+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad: honor ad_use_ldaps setting with ad_machine_pw_renewal

The value of ad_use_ldaps was not passed as `--use-ldaps`
argument to the adcli update command which handles
the automatic renewal of AD machine account password.

Resolves: https://github.com/SSSD/sssd/issues/7642

Signed-off-by: santeri3700 <santeri.pikarinen@gmail.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit d004e7b4b977da3dd9f1d3de910c28c093a6fb26)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/05ceef32456fa3f54c8a047d61d116732667482b">05ceef32</a></strong>
<div>
<span> by Yaakov Selkowitz </span> <i> at 2024-10-23T14:34:57+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: require systemtap-sdt-dtrace on ELN

ELN (the future RHEL 11) tracks rawhide and therefore also includes a systemtap with a separate dtrace subpackage.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit 6b2219015f6b9ea547e7a2a4ff57d0c06a66f47d)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6b0f92b65dc6263b0c81dc089377294c050cf4f0">6b0f92b6</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2024-10-23T14:35:26+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Missing 'dns_update_per_family' option

This update fixes missing 'dns_update_per_family' option in python code
and config files.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit a822206c7859b5f39af2b2ea1b117850a0589e3c)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/62fac0be1f30e1da83cbf278df0f66745bca6025">62fac0be</a></strong>
<div>
<span> by Jan Engelhardt </span> <i> at 2024-10-23T14:36:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build: unbreak detection for x400Address

Observed:

```
./configure CFLAGS="-O0 -D_FORTIFY_SOURCE=3"

checking whether OpenSSL's x400Address is ASN1_STRING... no
configure: WARNING: OpenSSL's x400Address is not of ASN1_STRING type
```

Expected:

```
checking whether OpenSSL's x400Address is ASN1_STRING... yes
```

Relying on warnings alone is terrible; rewrite the C code to provoke compile
error in all cases. [N.B.: I just noticed that the use of the subtraction
operator is conveniently portable, and one need not use typeof(), which is
merely a language extension prior to C23.]

Fixes: 2.8.0-164-gced32c44e

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 42d1837a87cddfcbeb111cb7a0410e53e1b46cf7)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/74b0c4ee0e8340cee9ee8f161b1ec0e076a8e620">74b0c4ee</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-23T14:37:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>DEBUG: add 'debug_backtrace_enable' getter

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit b84ced06c14cd1226f830c6de28ef552f9118385)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8ddfe87dd7c04d54221fff621d86ae53150c974f">8ddfe87d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-23T14:37:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: simplify / comment a bit better

`prepare_child_argv()`

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 2300abbaa148293189ef037e13db37e3d40b3123)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3451786d02735c40b562b1450edd32ffd71f5a66">3451786d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-23T14:37:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>DEBUG: propagate debug_backtrace_enabled to child processes

Resolves: https://github.com/SSSD/sssd/issues/7510

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 88b55de2805bea63ed384800ff2681374b6d06b7)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/09f6d72b9d98a93666e576fe9867839299ed71fb">09f6d72b</a></strong>
<div>
<span> by Jan Engelhardt </span> <i> at 2024-10-25T10:57:27+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build: stop overriding CFLAGS

CFLAGS is reserved for the user. configure must finish in an
idempotent state and not touch it, pursuant to automake.info §3.6
"Variables reserved for the user".

Observed:

```
$ ./configure && make CFLAGS=-O1

libtool: compile:  gcc -DHAVE_CONFIG_H -I. -Wall -I..
-I./src/sss_client -I./src -I. -I/usr/include/samba-4.0
-I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include
-I/usr/include/libnl3 -DLIBDIR=\"/usr/local/lib\"
-DVARDIR=\"/usr/local/var\" -DRUNDIR=\"/usr/local/var/run\"
-DSSS_STATEDIR=\"/usr/local/var/lib/sss\"
-DSYSCONFDIR=\"/usr/local/etc\" -DSHLIBEXT=\"\"
-DSSSDDATADIR=\"/usr/local/share/sssd\"
-DSSSD_LIBEXEC_PATH=\"/usr/local/libexec/sssd\"
-DSSSD_CONF_DIR=\"/usr/local/etc/sssd\"
-DSSS_NSS_MCACHE_DIR=\"/usr/local/var/lib/sss/mc\"
-DSSS_NSS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/nss\"
-DSSS_PAM_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pam\"
-DSSS_PAC_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pac\"
-DSSS_SUDO_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/sudo\"
-DSSS_AUTOFS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/autofs\"
-DSSS_SSH_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/ssh\"
-DLOCALEDIR=\"/usr/local/share/locale\"
-DBASE_FILE_STEM=\"libsss_util_la-sysdb_ops\" -Wall -Wshadow
-Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align
-Wwrite-strings -Wundef -Werror-implicit-function-declaration
-Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99
-O1 -MT src/db/libsss_util_la-sysdb_ops.lo -MD -MP -MF
src/db/.deps/libsss_util_la-sysdb_ops.Tpo -c src/db/sysdb_ops.c -fPIC
-DPIC -o src/db/.libs/libsss_util_la-sysdb_ops.o
```

Expected:

```
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -Wall -I..
-I./src/sss_client -I./src -I. -I/usr/include/samba-4.0
-I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include
-I/usr/include/libnl3 -DLIBDIR=\"/usr/local/lib\"
-DVARDIR=\"/usr/local/var\" -DRUNDIR=\"/usr/local/var/run\"
-DSSS_STATEDIR=\"/usr/local/var/lib/sss\"
-DSYSCONFDIR=\"/usr/local/etc\" -DSHLIBEXT=\"\"
-DSSSDDATADIR=\"/usr/local/share/sssd\"
-DSSSD_LIBEXEC_PATH=\"/usr/local/libexec/sssd\"
-DSSSD_CONF_DIR=\"/usr/local/etc/sssd\"
-DSSS_NSS_MCACHE_DIR=\"/usr/local/var/lib/sss/mc\"
-DSSS_NSS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/nss\"
-DSSS_PAM_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pam\"
-DSSS_PAC_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pac\"
-DSSS_SUDO_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/sudo\"
-DSSS_AUTOFS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/autofs\"
-DSSS_SSH_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/ssh\"
-DLOCALEDIR=\"/usr/local/share/locale\"
-DBASE_FILE_STEM=\"libsss_util_la-sysdb_ops\" -Wall -Wshadow
-Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align
-Wwrite-strings -Wundef -Werror-implicit-function-declaration
-Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99
-O1 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
-MT src/db/libsss_util_la-sysdb_ops.lo -MD -MP -MF
src/db/.deps/libsss_util_la-sysdb_ops.Tpo -c
```

Fixes: sssd-1_3_0-3-g551aa6c36

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 8cdebfcfea58a0a4cb6d1a62b05ce843cde832a2)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/90c50928775a043aa4feff1711bbc237db9dd8ba">90c50928</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T17:40:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>INI: remove unused helpers

Btw, `sss_ini_get_mtime()` could access uninitialized 'self->cstat'

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 30a980384a59c2ddc8fc256502bb02b64775873c)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9007c859bf0f3e59f7a932bda16e020e662ff116">9007c859</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T17:40:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>INI: stop using 'libini_config' for access check

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 1d19b8ad9415e0a12ed3aaf039d4d0956ef4dbad)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/340671f16abb9c26ae97b11c4e2845337e67973e">340671f1</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T17:40:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>INI: relax config files checks

Only make sure:
 - user is root or sssd
 - group is root or sssd
 - other can't access it

Don't make any assumptions wrt user/group read/write-ability.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 8472777ec472607ea450ddb4c4666017bd0de704)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8db2df4fcbd09badafbc207bd4150b5f1cc2d5fb">8db2df4f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T17:40:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Configuration: make sure /etc/sssd and everything

beneath is owned by 'sssd' group and readable by group.

This should allow for reasonable rw-r----- root:sssd

At some points those chown/chmod can be removed.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 518db322fdd5a4de41813fbe5bc35fc20392ce67)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dfaf15b147ab9db3c3090f61ed483c54b5264802">dfaf15b1</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T17:40:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>INI: don't report used snippets in `sss_ini_add_snippets()`

This ends up in system journal because logger isn't initialized
yet at this point.

Snippets still can be verified via 'sssctl config-check'

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit d7c977092c7a0df60ec627da50c207b07b333228)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/65d6e03ea955bca38d6cd90ea3d29c656b465024">65d6e03e</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T17:40:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSSCTL: change error message to be more accurate

To avoid misleading reports like in this case:
```
 # sssctl config-check --debug 9
 [sssd] [access_check_file] (0x0020): Unexpected user owner of '/etc/sssd/conf.d/pam.conf': 65534
 Failed to read '/etc/sssd/sssd.conf': File ownership and permissions check failed
```

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 4cc62d457fd38a34bdfc986a620020c98e549cae)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/537ce34e08032664e661502eb119b3fcdfda14fd">537ce34e</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T17:40:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>INI: add verbose error messages

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 60d369c00528fd0cea257f7720d3d8da252116ce)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/42e800e14ee64c5c7289e3ca06ecde504a224512">42e800e1</a></strong>
<div>
<span> by Jan Engelhardt </span> <i> at 2024-11-01T17:41:05+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build: fix spellos in configure.ac

"safe" is the antonym to "unsafe", but it's not like CFLAGS is unsafe.
You really want "saved" here.

Fixes: sssd-1_13_1-169-g6b01dae73

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit 93eb0736ecffb77a077a2e9d0879e67d34173c15)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4acd8a3c8a32dc010a2ef763645a1565eaeaadae">4acd8a3c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T20:29:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>chown() gpo cache recursively.

If there is something in @gpocachepath@ it will be a directory with the
domain name and in this directory will be the GPO directory hierarchy

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 2d0f0480a18aacd35a51b1854736d984d378d84e)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fe72979318b171e2ab4fd95890c806401afb5296">fe729793</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-11-07T11:06:41+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSH: sss_ssh_knownhosts must ignore DNS errors

When the DNS cannot resolve the provided hostname, sss_ssh_knownhosts
must not fail.

Instead it should try its best to find it. It will now try to find
the host account in IPA using both the fqdn and serverHostName
attributes (the later contains the shortname); and using the name and
nameAlias when looking for the host in the cache.

However, the IP address is not (and must not be) stored in the cache
or IPA entries, so this case will not work if the DNS fails to associate
a hostname to the provided IP address. In such a situtation, not key
will be retrieved and provided to `ssh`.

Resolves: https://github.com/SSSD/sssd/issues/7664

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 76682050022cba204ec5450f274a6e10a3726943)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/be90cc62f4178ccff320b99c959e64888c6c8c19">be90cc62</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-11-07T11:09:05+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adding gpo customer test scenario to use the ldap attribute name

Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 3054970e441d4e3a8888922f7ccba30d985a9ce4)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a7196c7529ea4251b4d3f28829283856aa4eec86">a7196c75</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-11-09T10:45:04+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ipa: Check sudo command threshold correctly

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 7a8da2762897005d854cb91eaf5024986c31f8e7)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cb0a86885d419911e001dacd7a8e3cbf704e9bcc">cb0a8688</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-09T10:45:43+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MAN: mistypes fixes

Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 2d85f89f9505abdb79f2054586a8854672a832e4)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ee47dbca15c35894e0d775e3b97997fb9a6e34c2">ee47dbca</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-11-09T10:46:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam_sss: add some missing cleanup calls.

This patch should avoid Coverity warnings like:

./src/sss_client/pam_sss.c:3075:17: alloc_arg: "get_authtok_for_password_change" allocates memory that is stored into "pi.first_factor".
./src/sss_client/pam_sss.c:3090:25: leaked_storage: Variable "pi" going out of scope leaks the storage "pi.first_factor" points to.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 2d408edd97342b30761775e84108d605e423f2d3)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cac2e40ac164aa404ba30a05c974168402934064">cac2e40a</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-11-12T12:21:20+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>subdomains: check when going online

With this patch SSSD will run the sub-domains request, if any, when
switching from offline to online state. Currently only the AD and the
IPA provider provide a sub-domains request. Besides trying to discover
the sub-domains the request will also refresh other domain wide
configurations, e.g. certificate mapping rules in the IPA provider case.
Given that it might not be clear how long the client was offline,
refreshing this data when going online makes sense.

Resolves: https://github.com/SSSD/sssd/issues/7612

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit 8571d45b66622b152e1bf04517d573d125895d5a)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c6b9e2645a75bc88283c1d8bff58c879777fc45f">c6b9e264</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-11-12T12:23:52+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: removing intg/ts_cache.py

the following test cases are now covered in system/test_cache.py and
this can be removed.

* fixed assertion writes_to_both_databases tests
* added test detecting modification and deletion for groups
** test is a common user story and functional, changed priority to
critical
* added "integration" test invalidating user, group, netgroup objects

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
(cherry picked from commit be0c232be01b5fe2ffcaecae84980fb1b67ab916)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0ceefae810022e61f37b3a6dc6351018f46dd6db">0ceefae8</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-11-12T12:23:52+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: converting all the ldb cache tests to use one provider

There is minimal benefit to run these tests against all providers.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
(cherry picked from commit d5b648498a712db4287c0c1050a0bc415ff49948)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/65272cfdae9e4429fc27bacacc02b75f871e7bf4">65272cfd</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-14T17:31:10+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: require OpenSSL >= 1.0.1

This is required since a86ee649ac7cd80cfb3c1b50ae728fbf12d1b92a

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit 71430f77727fc2262f6c54a453aca587f9d76597)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/76ce51d463c1bf7f30dda47b68d1507df78d5e9c">76ce51d4</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-11-14T17:31:54+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ssh: do not use default_domain_suffix

The default_domain_suffix is already handled in the generic cache
request code and the additional enforcement in the ssh responder might
cause issue if fully-qualified names are used as input.

With this change the ssh responder handles request data similar to the
nss responder e.g. in sss_nss_protocol_parse_name().

Resolves: https://github.com/SSSD/sssd/issues/7671

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit ffec45bdbbf9d0e37077a37cba20dcf45b6d7749)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d89edf89d998bd86aca5274ef6dd6b8c0fe9c3a9">d89edf89</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-11-14T17:31:54+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>responders: deprecate default_domain_suffix option

:relnote: The option default_domain_suffix is deprecated. Consider using
the more flexible domain_resolution_order instead.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit fb91349cfeba653942b32141f890e3de78b3fb13)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ad5747ac1908006dfb89b6f0748ef10ada62e26f">ad5747ac</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-11-18T14:46:01+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>OPTS: Add the option for DP_OPT_DYNDNS_REFRESH_OFFSET

The label `DP_OPT_DYNDNS_REFRESH_OFFSET` was introduced in
https://github.com/SSSD/sssd/blob/fb91349cfeba653942b32141f890e3de78b3fb13/src/providers/be_dyndns.h#L55
but the corresponding option is missing in
https://github.com/SSSD/sssd/blob/fb91349cfeba653942b32141f890e3de78b3fb13/src/providers/be_dyndns.c#L1200

This error was introduced by
https://github.com/SSSD/sssd/commit/35c35de42012481a6bd2690d12d5d11a4ae23ea5

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 9ee10f98e0070774e0e7f0794bc296ef06a671e4)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6eb7683e9cb54022bb608b830e8b0d99e8bae648">6eb7683e</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-11-18T14:46:01+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: Also test default_dyndns_opts

Compare this structure to ipa_dyndns_opts, which is already compared
to ad_dyndns_opts.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 2c72834e657197012b3a32207ffe307e8ba5f9e2)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/afd7754fa913f3c6f61aa906b4b9481c5d9683fa">afd7754f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-18T17:14:01+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: untie capabilities of different binaries

as those do not have to be the same

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit b74fe65b65c02a1470b731b012ad5b4723ce03b3)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/53431f935b32719de3ecdc6594cd6c4950e9f846">53431f93</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-18T17:14:01+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LDAP_CHILD: replace 'cap_dac_override' with 'cap_dac_read_search'

'cap_dac_read_search' is needed to read a keytab but 'cap_dac_override'
(that allows to bypass file write permission checks) shouldn't be required.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 7ce14e7f73af9c531a1034fcb315b167f02e21e3)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b81a266b43910f46b3bfdc1a8acefb88351ce7c1">b81a266b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-18T17:14:01+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LDAP_CHILD: don't require any capabilities besides 'cap_dac_read_search'

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 942799d5e7d9f30ad8aa4bdf3cccac8e954a9d8e)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f344f3a4c9e43939fe00485ff24ee57e51bf47e3">f344f3a4</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-18T17:14:01+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LDAP_CHILD: require only 'cap_dac_read_search=permitted'

and raise to 'effective' when needed.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 5ef1efc52d6902ddfc1abe12a375655c2b8f90b2)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a9023c77749f7b0b8f2556a3b2c78d482f291de4">a9023c77</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-18T17:14:01+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Describe current capabilities usage.

Take a note that usage of cap_dac_override + chown to create cache path
components could be changed to use cap_dac_override + (granted anyway) setuid,
but not sure if it's worth the trouble.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 23d9c93b971c60b5535444e6782b5970f56ce24e)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/59ccf3e08f7953c0afa814bc0958c41dcd81481f">59ccf3e0</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-19T11:28:18+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT: don't try to lookup `getservbyport(0, ...)`

'sssd_nss' won't handle this request anyway.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 507d2daa86e15e8252e248ef522b6bcae958193c)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/35909fdf7e0af8aa0f84205943aaf8bb21be564d">35909fdf</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-19T11:29:56+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSSDConfig: chown file to root:sssd

This is an addition to https://github.com/SSSD/sssd/pull/7667

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 1f8040de29a4d7c73521134a9faeca4e6767178b)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c2d10011b127a9e6907efa295886f3a8d873409b">c2d10011</a></strong>
<div>
<span> by aborah-sudo </span> <i> at 2024-11-19T11:32:23+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Test transformation of bash-ldap-id-ldap-auth netgroup

Test transformation of bash-ldap-id-ldap-auth netgroup

Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
(cherry picked from commit 9c4a51fa1031b49a4d45c69a46719d2a398924ff)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/963e0c6d4fe3753929f6fe14ad029cd100a43de7">963e0c6d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-21T16:27:34+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>'dtrace' was moved to a separate package on C10S as well

Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 21c6280556f4c8e035d1e78e6a51e1068d3ec92c)

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f2f1ee8b660bd2dbd6a56fadea6bd3f3a009ec27">f2f1ee8b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-21T16:27:34+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Enable CI for 'sssd-2-10' branch

Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a7cc6cbf31bf4d77d3dbf257a24fb65d177398ee">a7cc6cbf</a></strong>
<div>
<span> by aborah-sudo </span> <i> at 2024-11-21T16:28:03+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Reverse the condition and fail

Currently, the test will blindly fail if someone carelessly adds IPA to the topologies.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit a926f43ac17e46dd37b3ecc545f09c903651b327)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5e02048592cc0722c04ff47fd7df592d97e2fc93">5e020485</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-11-22T12:19:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ldap_child: make sure invalid krb5 context is not used

Resolves: https://github.com/SSSD/sssd/issues/7715

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit fce94aec3f335cbe33c509b14e389b9df0748744)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ba2b247c2876845639ff3e1700bdc6e137f567c7">ba2b247c</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-11-26T10:01:30+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Update sst to rhel-sst-idm-sssd for polarion.

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
(cherry picked from commit 7514309bb361c8aea4f5ac8fef68f1a50f1a3fe1)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9e3fbbc67c2abdc7a6e5f2269cbacef0d735f899">9e3fbbc6</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-11-26T20:54:20+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>analyzer: fix two crashes

OSError from 'sss_analyze error list'

PermissionError from 'sss_analyze request list' run without sudo

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 0bb13645168864ca9eb7097cad063e1bfa4834cf)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d2d229d21a5632c7d3c696d2731d082bdaf61a62">d2d229d2</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-11-27T10:37:11+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>dyndns: collect nsupdate debug output

It looks like in current code the assumption is that the nsupdate
command can just send its debug output into the backend log by
duplicating the file descriptor. This won't work since the logs file is
opened with O_CLOEXEC so that it is closed when nsupdate is started.

Additionally it is questionable if this approach is a good idea because
it would lead to a random intermixing of debug information. This patch
collects the output on strderr of nsupdate separately and adds it into
the backend log similar to the input send to nsupdate.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit e4b26042a5696c10ee0616a34c39f3539ca5ae34)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/195c6a6619b2fc494504ce3674028054f04acb03">195c6a66</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-11-27T10:37:45+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adding system/tests/readme.rst as a quick primer

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
(cherry picked from commit 58a2fee59914eea5130fd995315149f1b15fd5a8)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0f9074e20d9f6b8ee40958c144ad07551a5619f3">0f9074e2</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-12-02T12:27:39+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add ssh to services for authentication with ssh tests.

This fixes mh critical tests that are failing.

Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
(cherry picked from commit 098105486cd014717cbb055195b9f879dbce63ee)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c228b79e005ee4e70d8ed4b7a060aa588d067399">c228b79e</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2024-12-04T12:03:56+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Add DoT support for DNS updates

DNS-over-TLS is a new standard for encrypting DNS traffic.

SSSD does not implement the DoT itself but relies on other
components of the system. This modification allows as to set
a DoT for dynamic DNS updates

:config: the `dyndns_server` option is extended so it can
  be in form of URI (dns+tls://1.2.3.4:853#servername).
  New set of options `dyndns_dot_cacert`,
  `dyndns_dot_cert` and `dyndns_dot_key` allows to configure
  DNS-over-TLS communication.

:relnote: The DoT for dynamic DNS updates is supported now.
  It requires new version of `nsupdate` from BIND 9.19+.

Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit fe26a930852b85b128ca8e3fbf9dfa72536969ea)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1e4bb2183a55e15d166f54b24eef2e36145223f1">1e4bb218</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: verbosity around ccname handling

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 1ef3cf525b5646329cf0b11ec14e20378f55c4c4)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ce85278b150a1d178a25b3dad7f7dbb111565433">ce85278b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: don't pre-create parent dir(s) of wanted DIR:/FILE:

to match 'kinit' behavior and avoid the need for cap_chown and
cap_dac_override.

:relnote:SSSD doesn't create anymore missing path components of DIR:/FILE:
ccache types while acquiring user's TGT. The parent directory of requested
ccache directory must exist and the user trying to log in must have 'rwx'
access to this directory. This matches behavior of 'kinit'.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 5e17bc22f6c0ad74ba3ddb198db94acc96cc90a4)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f0957bc017e4407d4cd89cc13aaa6afadfa1e891">f0957bc0</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: skip `switch_creds()` in PKINIT case

Since 'krb5_child' has lost set-id bit and is run under uid/gid of
the backend, it was a no-op.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 541c42ba73b782e696979e90a925a03816c376e8)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f21107a2288407b4bfb43b7bf82de51111058a95">f21107a2</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: 'fast-ccache-uid/gid' args aren't used anymore

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 947f791d8e3e07413b77d1b3782608af1645ca2b)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cfbb36e2f58bcdfb46eb0d45895eef282631c830">cfbb36e2</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: don't require effective CAP_DAC_READ_SEARCH

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 19dd64322857fba3eea2dd3855a79ba4f663d849)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d2892fe5b1ad079cc68e2a20c73a90b32c736801">d2892fe5</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: verbosity

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 89d61e66b8753935ca9b2b017575e93055350d5e)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/29a8a22dbef6b347e5444c12c3a759589c3fdb78">29a8a22d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: drop cap_set*id as soon as possible

Set user uid/gid as real IDs as a first step in `privileged_krb5_setup()`
and drop cap_set*id afterwards.

Having real_ids == user_ids and set_ids == service_ids should be
enough to switch thru and back.

:relnote:`krb5-child-test` was removed. Corresponding tests under
'src/tests/system/' are aimed to provide a comprehensive test coverage
of 'krb5_child' functionality.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 65538771154c49fd2541f3d17dbccf85f986e4e8)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/be5174d93cf5d4eaa2735c62ee41bdd0f147e12b">be5174d9</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: 'krb5_child' doesn't require effective capabilities

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 19a871a9e9f426c8be0c6760a8653a057d05b5fb)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0890828d9dcd2ded06122b06eac0e4d7d2b51a85">0890828d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>become_user() moved to src/monitor

Monitor is the only user of this function and only if built
with support of deprecated 'sssd.conf::user' option.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 988e5fa846e928508cbcda3dee9f21943ad4949d)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/01bc3708bdafb1ed7119d665078b85f80dcd09c4">01bc3708</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: cosmetics

Remove non existent / private functions from a header.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit a406c1b2890b37ac640eef681519087bb2aa27b8)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dcef16bb7d557dc8b14c4887224b7bdaadc0143e">dcef16bb</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-06T13:29:00+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Deprecate and make support of 'ad_allow_remote_domain_local_groups'

sssd.conf option conditional

:config: 'ad_allow_remote_domain_local_groups' option is deprecated
and will be removed in future releases.

:packaging: Support of deprecated 'ad_allow_remote_domain_local_groups'
sssd.conf option isn't built by default. It can be enabled using
'--with-allow-remote-domain-local-groups' ./configure option.

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 20d658bfbadb47b9393142a9eb607d99bfda92f4)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0ab5ce3267c5a62d4149c71ed90b5e46f811bf6f">0ab5ce32</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-06T15:24:48+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: mistype fix

Fixes:
```
 *** CID 515655:  Uninitialized variables  (UNINIT)
 /home/runner/work/sssd/sssd/src/providers/krb5/krb5_child.c: 2435 in
 get_and_save_tgt()
 2429             goto done;
 2430         }
 2431
 2432         /* Make sure ccache is created and written as the user */
 2433         kerr = switch_to_user();
 2434         if (kerr != EOK) {
  >>>     CID 515655:  Uninitialized variables  (UNINIT)
  >>>     Using uninitialized value "ret" when calling "sss_debug_fn".
 2435             DEBUG(SSSDBG_CRIT_FAILURE, "Failed to switch to user
 IDs: %d\n", ret);
 2436             goto done;
 2437         }
 2438
 2439         log_process_caps("Saving ccache");
 2440
```

Reviewed-by: Jakub Vávra <jvavra@redhat.com>
(cherry picked from commit 110c4aead0d6f1f147bd3dc741528ce2cba5bedc)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9c87e6e792d6a288383176ec506ce2f89ca035cd">9c87e6e7</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-12-10T09:40:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ldap: make sure realm is set

In general the canonical principal will be only set in the cache after a
successful authentication because in general it is not know what the
canonical principal might be.

For Active Directory it is known that the canonical principal is build
with the sAMAccountName attribute and the Kerberos realm which is used
in the patch "AD: Construct UPN from the sAMAccountName" (7a27e539). If
'id_provider = ldap' is used to access Active Directory the realm might
not be set in the internal domain data and as a result a wrong principal
might be created. This patch makes sure the realm is set before creating
the canonical principal.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
(cherry picked from commit 8c86abd6d6fb1456bb743e031e27802cd7aea490)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/46ec31c6e270f0854355cc03984ba4792c95c4ef">46ec31c6</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-12-10T09:40:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: Add the test when we replace id_provider

With AD/Samba check the authentication of user
by replacing id_provider = ldap

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
(cherry picked from commit ef535319cc90797464a99e99e7b9d86533b76db8)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8e5864d581b04ec6ea415b3825a0b8969603a6df">8e5864d5</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-10T11:10:57+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sss_semanage code is only used by 'selinux_child'

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit c357838d81f2d061f016a1797fc330d64ee6d1ae)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b853b20c49297b78ca43398f5992ba7480365275">b853b20c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-10T11:10:57+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sss_selinux code is only used by 'ipa_selinux'

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 75f1b2bae590d0978e1d645b59ff7011f37d5651)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/89627db1cd105ae4caea7c639ad6c1952152dfd4">89627db1</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-10T11:10:57+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: shared helper to print current process credentials

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 5f2769267dde9f8d00f478f886bb5e6980291a1f)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1614c5e5154bf33ed4d17029937dfd567ae52dc9">1614c5e5</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-10T11:10:57+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SELINUX_CHILD: only cap_set*id is required

:packaging:*Important note for downstream maintainers.*
A set of capabilities required by privileged binaries
was further reduced to:
```
krb5_child cap_dac_read_search,cap_setgid,cap_setuid=p
ldap_child cap_dac_read_search=p
selinux_child cap_setgid,cap_setuid=p
sssd_pam cap_dac_read_search=p
```
Keep in mind that even with limited set of fine graned capabilities,
usual precautions still should be taken while packaging binaries with
file capabilities: it's very important to make sure that those are
executable only by root/sssd service user. For this reason upstream
spec file packages it as:
```
-rwxr-x---. 1 root sssd
```
Failing to do so (i.e. allowing non-privileged users to execute those
binaries) can impose systems installing the package to a security risk.

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 84baae4b4ad02d486b5b2344f9202fb264da75f4)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3c0c33d5badf825623a29afe085610f089dd0205">3c0c33d5</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-10T14:07:09+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Ignore '--dumpable' argument in 'krb5_child' and 'ldap_child' to avoid leaking host keytab accidentially.

Take a note that this is rather a general precaution than a fix
of a real threat since normally those coredumps wouldn't be
accessible to non-privileged user anyway.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 548fdb317d4418b760041fe8ecbf4d7b03641ac9)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9bfa366a8f23124c6b2baf91deb662db62a0cdb2">9bfa366a</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-12-10T14:36:25+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>po: update pot files
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7de1c5f4df612d6ee9572905f6d4cb365bc38609">7de1c5f4</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-12-10T14:36:49+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Release sssd-2.10.1
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1ab02dcccc7efa7d81668bb77760514defe46fc1">1ab02dcc</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-01-03T11:15:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Merge tag '2.9.5' into m

2.9.5
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d7b2ed910cd7ff8b00460f4f41e7872e1240f1c4">d7b2ed91</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-01-03T11:15:25+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Merge branch 'master' into m
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a3f7173b71dff5aad379dafd5312d6b931c93d3a">a3f7173b</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-01-03T11:16:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>version bump
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7de5ca5786d48361dd413ec84b31a168cc90cc6d">7de5ca57</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-01-03T11:18:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>watch: Updated.
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/792e45179c297897adbcb4835a218090b7120f43">792e4517</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-01-03T11:19:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>patches: Refreshed.
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/86c8f2a56b712f73f1ad1fd474c95c367b920241">86c8f2a5</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-01-03T15:52:22+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>control: Add valgrind and libcap-dev to build-depends.
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/06349d90c2d967c8e4f1e8e2dcf20b7f5a7bd958">06349d90</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-01-05T11:59:35+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #28272d; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>install: Updated.
</pre>
</li>
</ul>
<h4 style="margin-top: 10px; margin-bottom: 10px;">
29 changed files:
</h4>
<ul>
<li class="file-stats">
<a href="#37a9b7b8f460c09f992a10b14e4237ce69781612">
<span class="new-file">
+
.git-commit-template-tests
</span>
</a>
</li>
<li class="file-stats">
<a href="#1685392355a2ca092645e3c824203231bdae0aca">
.github/actions/build-sssd-srpm/action.yml
</a>
</li>
<li class="file-stats">
<a href="#091aff741808a09242f252264b14f4a9adaa5305">
<span class="new-file">
+
.github/dependabot.yml
</span>
</a>
</li>
<li class="file-stats">
<a href="#71da4bef7d009bfa59d0f7ca85bf6a18169fb48d">
.github/workflows/analyze-target.yml
</a>
</li>
<li class="file-stats">
<a href="#899ce9c202bf7bb5480e72836c3edc773c9c4244">
.github/workflows/ci.yml
</a>
</li>
<li class="file-stats">
<a href="#205e49e7f8cbf1a4f02d387dd32850fa09a5ef81">
.github/workflows/copr_build.yml
</a>
</li>
<li class="file-stats">
<a href="#5439b3be16e91e7a13b1977539a10e7b3639a891">
.github/workflows/copr_cleanup.yml
</a>
</li>
<li class="file-stats">
<a href="#f34eaf19b34e4ae5135212c79909cfd8d3c70b6b">
.github/workflows/coverity.yml
</a>
</li>
<li class="file-stats">
<a href="#4d938f6c1c694e539e55e88076490273a04798ba">
.github/workflows/static-code-analysis.yml
</a>
</li>
<li class="file-stats">
<a href="#d5b4de16d947214ec306bd57bed1bd23a939b5f9">
Makefile.am
</a>
</li>
<li class="file-stats">
<a href="#87db583be5c13c1f7b3c958b10e03d67b6a2ca06">
configure.ac
</a>
</li>
<li class="file-stats">
<a href="#bc4515855eaf7c8ae2cffc38c425cc7e972fda37">
<span class="new-file">
+
contrib/90-sssd-token-access.rules.in
</span>
</a>
</li>
<li class="file-stats">
<a href="#4fd746b72d7a3976d4c1ae84db34f6173b62a1e8">
contrib/ci/configure.sh
</a>
</li>
<li class="file-stats">
<a href="#49d80aa598751b3e8c23a3bbb4e7e9c03aa770b6">
contrib/ci/deps.sh
</a>
</li>
<li class="file-stats">
<a href="#031969761fa6f19a30b8c7f03d888fec88b92193">
contrib/ci/distro.sh
</a>
</li>
<li class="file-stats">
<a href="#0aeb6d52776b667900291cb1c14a7dadddc5c3b2">
contrib/ci/get-matrix.py
</a>
</li>
<li class="file-stats">
<a href="#d348d65f630a357f2aeaa78fc64043f57caa4cb0">
contrib/ci/sssd.supp
</a>
</li>
<li class="file-stats">
<a href="#c3b4e77ecae6f5d5b141acb78d1a7d2302ac7764">
contrib/fedora/bashrc_sssd
</a>
</li>
<li class="file-stats">
<a href="#76218f39b53d6aef0e4075d5e29fd61d2d9efca3">
contrib/fedora/make_srpm.sh
</a>
</li>
<li class="file-stats">
<a href="#424ce55e427afb6b14cd7c610ea2289062be37b4">
<span class="new-file">
+
contrib/sssd-tmpfiles.conf.in
</span>
</a>
</li>
<li class="file-stats">
<a href="#b8d57aa4a09effcbac8deeffe8aea9131499424f">
contrib/sssd.spec.in
</a>
</li>
<li class="file-stats">
<a href="#2cd188fdaef048e8765e136b15833cdb49887125">
<span class="new-file">
+
contrib/sssd.sysusers
</span>
</a>
</li>
<li class="file-stats">
<a href="#9c96da0e9f91d7d8937b69b524702c106258f0d1">
debian/changelog
</a>
</li>
<li class="file-stats">
<a href="#58ef006ab62b83b4bec5d81fe5b32c3b4c2d1cc2">
debian/control
</a>
</li>
<li class="file-stats">
<a href="#cbdc1ff7216375ecd2a4ff498c8e581440b15d12">
debian/patches/default-to-socket-activated-services.diff
</a>
</li>
<li class="file-stats">
<a href="#37446a37258bb4488d855997a74e6cfa2f5b7c43">
<span class="deleted-file">

debian/patches/fix-shebang-on-sss_analyze.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#bc34014ab4b9a49dd7a27bdd8d352912607c3a96">
debian/patches/series
</a>
</li>
<li class="file-stats">
<a href="#888968d8696ab3370bf567424c1013cb2ad00c45">
debian/sssd-common.install
</a>
</li>
<li class="file-stats">
<a href="#68ef9f98c01c7eecd4c605cc26048a06f3304b79">
debian/watch
</a>
</li>
</ul>
<h5 style="margin-top: 10px; margin-bottom: 10px; font-size: .875rem;">
The diff was not included because it is too large.
</h5>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #737278;">

<br>
<a href="https://salsa.debian.org/sssd-team/sssd/-/compare/cc3422a7ae8d909d5c2ffb35cc42a93f35928ff6...06349d90c2d967c8e4f1e8e2dcf20b7f5a7bd958">View it on GitLab</a>.
<br>
You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://salsa.debian.org">salsa.debian.org</a>. <a href="https://salsa.debian.org/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://salsa.debian.org/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>



</p>
</div>
</body>
</html>